The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.
You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
December 20, 2024
AlloyDB for PostgreSQLAlloyDB lets you monitor the following additional monitoring metrics through the Cloud Monitoring dashboard. These metrics are available in Preview.
- The
instance/postgres/ultrafastcache_hitrate
andnode/postgres/ultrafastcache_hitrate
metrics help in identifying any performance issue due to caching on instances or individual nodes. - The
node/postgres/backends_by_state
,node/postgres/backends
,node/postgres/wait_count
, andnode/postgres/wait_time
metrics help in tracking node health.
This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
On December 20, 2024 we released an updated version of Apigee.
Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.
Support for environment-level client IP address resolution
This release introduces the ability to specify, per environment, how to capture the client IP address on API requests from the X-Forwarded-For header. When configured for the environment, the specified client IP address is used to apply security actions, populate the ax_resolved_client_ip
Analytics variable and the new client.resolved.ip
flow variable. The new configuration option can be used to specify the request IP address used in Advanced API Security.
This functionality is not available in Apigee hybrid at this time.
For more information and usage instructions, see the Client IP resolution customer documentation, Analytics dimensions, and client flow variable.
On December 20, 2024 we released an updated version of Apigee.
Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.
Support for environment-level client IP address resolution
This release introduces the ability to specify, per environment, how to capture the client IP address on API requests from the X-Forwarded-For header. When configured for the environment, the specified client IP address is used to apply security actions, populate the ax_resolved_client_ip
Analytics variable and the new client.resolved.ip
flow variable. The new configuration option can be used to specify the request IP address used in Advanced API Security.
This functionality is not available in Apigee hybrid at this time.
For more information and usage instructions, see the Client IP resolution customer documentation, Analytics dimensions, and client flow variable.
Dynamic Backend Authentication support for Connectors
Application Integration now supports dynamic backend authentication for connectors. Enable Authentication Override in Integration Connectors to allow your connections to seamlessly switch between authentication methods during runtime.
For more information, see Configure authentication override.
Cloud Composer 3 is now available in Mexico (northamerica-south1).
You can now enable query insights for Cloud SQL Enterprise Plus edition. When you enable query insights for Enterprise Plus, you can access additional features in query insights such as 30 days of metrics retention, granular query plan details, and a higher query length limit.
For more information, see Use query insights to improve query performance. Query insights for Cloud SQL Cloud SQL Enterprise Plus edition is in Preview.
You can now enable query insights for Cloud SQL Enterprise Plus edition. When you enable query insights for Enterprise Plus, you can access additional features in query insights such as 30 days of metrics retention, granular query plan details, and a higher query length limit.
For more information, see Use query insights to improve query performance. Query insights for Cloud SQL Cloud SQL Enterprise Plus edition is in Preview.
You can use the following observability dashboards in Cloud SQL for SQL Server to monitor, analyze, and diagnose issues with your instances, databases, and queries:
- System insights
- Query insights
Both of these dashboards are available to you in the Google Cloud Console. The System insights dashboard displays the metrics for the resources that your instance is using and can help you analyze the performance of your instance. For more information, see Use system insights to improve system performance. System insights is generally available (GA).
The Query insights dashboard helps you detect problems with queries in your Cloud SQL databases. The dashboard also provides you with the ability to monitor active queries and view index advisor recommendations. For more information, see Use query insights to improve query performance. Query insights for Cloud SQL for SQL Server is in Preview.
You can enable query insights for Cloud SQL Enterprise Plus edition. When you enable query insights for Enterprise Plus, you can access additional features in query insights such as 30 days of metrics retention, granular query plan details, and a higher query length limit. The query insights for Cloud SQL Enterprise Plus edition, index advisor, and active queries features are also in Preview.
Advanced load balancing for managed Cloud Service Mesh (TD) is now available in preview.
Documentation is now available to help you troubleshoot Pub/Sub issues by using audit logs. You can use audit logs to troubleshoot issues related to identifying who created, deleted, or modified Pub/Sub resources, tracking configuration changes to topics or subscriptions, and verifying the existence and status of topics and subscriptions. For more information, see Troubleshoot Pub/Sub issues with audit logs and General troubleshooting.
Vector Search hybrid search and sparse embeddings are generally available (GA)
Vector Search hybrid search and sparse embeddings are generally available (GA). Hybrid search uses both dense and sparse embeddings, which lets you search based on a combination of keyword search and semantic search. For more information about hybrid search, see About hybrid search.
December 19, 2024
Apigee XOn December 19, 2024, we released an updated version of Apigee (1-14-0-apigee-3) for trial organizations only.
Bug ID | Description |
---|---|
N/A | Updates to security infrastructure and libraries. |
You can now build and publish custom connectors for Google Cloud Marketplace. This feature is in preview.
The following connectors built by partners are available in the Google Cloud Marketplace. You can use these connectors to create connections and use them in Application Integration.
- Exact HR
- Openlegacy IBMi/AS/400 API
- Salesforce Commerce Cloud B2B
The Sovereign Controls for EU control package now supports BigQuery Data Transfer Service. For more information, see Supported products by control package. This feature is generally available (GA).
You can now manage data canvases, data preparations, notebooks, saved queries, and workflows in Dataplex. Metadata of data canvases, data preparations, notebooks, saved queries, and workflows is automatically available in Dataplex, without additional configuration. This feature is generally available (GA).
You can now search for and view the metadata of data canvases, data preparations, notebooks, saved queries, and workflows in the Dataplex console. This feature is in preview.
Preview: You can create future reservation requests for VMs of a single machine type using the Google Cloud console. Reserving capacity based on your predicted VM or GPU usage helps ensure that your projects have the capacity needed to support increases in usage. For more information, see Reserve capacity in Capacity Planner.
The Cloud Data Fusion version 6.10.1.2 patch revision is generally available (GA). 6.10.1.2 includes the following changes:
You can generate audit logs that record data plane activities within your Cloud Data Fusion instance. Data plane audit logging is available in Preview for RBAC-enabled instances.
To improve the API response time, by default, all program activity records older than 30 days are cleaned up. Any activity older than 30 days isn't visible in the Cloud Data Fusion studio (CDAP-14950).
When using role-based access control, performing the List Pipelines operation requires
datafusion.pipelines.list
permission, in addition todatafusion.namespaces.get
permission. For more information, see RBAC roles and permissions (CDAP-20931).Fixed an issue causing the flow control metric,
flowcontrol.launching.count
, to overcount in cases where servers were restarted when a pipeline run was in progress (CDAP-21046).Fixed an issue causing the flow control metric,
flowcontrol.launching.count
, to be stale after a restart when no pipelines were running (CDAP-21048).Fixed an issue causing the default max concurrent runs limit for triggers not to appear in the web interface, making it difficult to tell if triggers were working as intended (CDAP-21072).
Fixed an issue causing the top panel of the Studio tab to disappear when you edited a pipeline draft that's based on a pipeline from an earlier Cloud Data Fusion version (CDAP-21073).
Improved performance by removing a call to the list apps API during pipeline deployment when checking if a pipeline already exists (CDAP-21074).
Safe Search model update
We will be updating the SAFE_SEARCH_DETECTION
feature model to improve quality.
We'll support both the current model and the new model for the next 90 days. After 90 days, the new model will become the default. The current model can still be accessed by specifying "builtin/legacy"
for an additional 90 days before it's deprecated.
To use the new model, specify "builtin/latest"
in the model field of a Feature
object.
Release 6.1
- SAP Annotations: All SAP Reporting views and fields are now fully annotated with functional descriptions and business context. Deploy Data Mesh to take advantage of this feature.
- Google Ads Campaign Daily Aggregates view has been redesigned:
- The
CampaignDailyAggByUserCountry
view is now removed. - Relevant information is now integrated into the
CampaignDailyAgg
view.
- The
- SAP Financial Model Initial Load: The Financial Model's initial load has been separated into a dedicated DAG for better organization.
- SAP Inventory Module: Removed "Preview" tag.
- SAP Hierarchy Reader: As announced in the previous release notes, the
hier_reader
code has been fully deprecated. RelevantSAMPLE
scripts have been updated to use the new hierarchy reader DAG output tables. - SAP Fiscal and Currency functions: As announced in the previous release notes, these functions have been removed. Please use the relevant tables (
currency_conversion
,currency_decimal
, andfiscal_date_dim
) instead.
- SAP Currency Decimal Fix: Fixed a decimal precision issue for SAP currency data.
- Minor JOIN Condition Issue: Fixed a JOIN condition in SAP Billings view comments.
- 1-Click Deployer:
- Fixed an issue with incorrect default Google Analytics 4 CDC dataset setting.
- Updated to use different output bucket names for SFMC and CM360.
- K9 Deployer: Fixed the issue where temporary files were copied to the tmp* directory in the target bucket and not removed.
- Minor Fixes: Addressed other minor issues related to dependency, configuration handling, Python library requirements, and DAG steps.
- Google Trends DAG: The Google Trends API calls issued by this DAG may intermittently fail. If this happens, try rerunning the DAG.
- 1-click deployer: The 1-click deployer for OracleEBS currently requires manual naming. Autoname mode is not yet supported.
You can now manage Dataform repositories in Dataplex. Metadata of Dataform repositories is automatically available in Dataplex, without additional configuration. For more information, see Manage Dataform assets with Dataplex. This feature is generally available (GA).
You can now search for and view the metadata of Dataform repositories in the Dataplex console. This feature is in preview.
Dialogflow CX (Conversational Agents): You can now set either a partial match or a full match to banned phrases. This setting applies to playbooks, datastores, and generators. You can enable and test this feature in Agent Settings > Generative AI > Banned phrases > Match requirements.
Documentation is now available to help you choose between Pub/Sub and Google Cloud Managed Service for Apache Kafka. The comparison is based on factors such as operational ease, portability, existing Kafka setup, and integration with other Google Cloud products. A detailed feature comparison table is also included. For more information, see Choose Cloud Managed Service for Apache Kafka or Pub/Sub.
Google Cloud NetApp Volumes now lets you test if an Active Directory policy is properly connected to the Active Directory service using the Google Cloud console. Performing the test helps you troubleshoot errors in your Active Directory policy configuration. For more information, see Test the Active Directory policy connection.
Google Cloud NetApp Volumes now supports Kerberos for large capacity volumes.
IPv6 route exchange is available in public preview.
You can use export filters to configure a VPC spoke to exchange IPv6 subnet ranges or both IPv4 and IPv6 subnet ranges. For more information, see VPC connectivity with export filters
You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Secure Source Manager resources. For more information, see Manage resources with custom constraints.
The Organization Policy recommender generates insights and organization policy recommendations to restrict the creation and upload of service account keys. This feature is available in Preview.
You can use the iam.managed.allowedPolicyMembers
managed organization policy constraint to implement domain restricted sharing. For more information, see Domain restricted sharing.
The Organization Policy recommender generates insights and organization policy recommendations to restrict the creation and upload of service account keys. This feature is available in Preview.
Documentation is now available to help you choose between Pub/Sub and Google Cloud Managed Service for Apache Kafka. The comparison is based on factors such as operational ease, portability, existing Kafka setup, and integration with other Google Cloud products. A detailed feature comparison table is also included. For more information, see Choose Pub/Sub or Cloud Managed Service for Apache Kafka.
You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Secure Source Manager resources. For more information, see Manage resources with custom constraints.
The Organization Policy recommender generates insights and organization policy recommendations to restrict the creation and upload of service account keys. This feature is available in Preview.
You can use the iam.managed.allowedPolicyMembers
managed organization policy constraint to implement domain restricted sharing. For more information, see Domain restricted sharing.
You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Secure Source Manager resources. For more information, see Manage resources with custom constraints.
When providing a URL list to transfer files, you can now host the list itself in an access-controlled Cloud Storage bucket. See Transfer from public URLs for full details.
December 18, 2024
Agent AssistPub/Sub intermediate transcription is available in preview. With this feature you can accomplish the following:
- Show intermediate transcripts in your Agent Assist UI module.
- Populate additional information to support audio integration.
You can use an API to export data from AlloyDB clusters. This feature is generally available (GA). You can also cancel the export of data. For more information, see Export a CSV file and Export a SQL file.
You can now enable 2x node scaling when you create a new Bigtable cluster. This cluster configuration lets Bigtable treat two standard nodes as a larger, single compute node, and the cluster is always scaled in increments of two nodes. This feature is generally available (GA).
The Preview of Bigtable automated backup has been expanded to let you configure the backup retention period in automated backup policies, and the default is now seven days. For more information, see Update an automated backup policy.
Simulate scenarios in FinOps hub to maximize your savings from resource-based CUDs
In the FinOps hub, we added support for resource-based CUD recommendations as a starting point to simulate various usage scenarios, and customize the recommendation to purchase a CUD that maximizes your savings.
Cloud Logging adds support for the northamerica-south1 region. For a complete list of supported regions, see Supported regions.
You can now create custom roles that let you create and manage Log Scopes. Log Scopes are in Public Preview. For more information, see Create and manage log scopes: Before you begin.
1.23.4-asm.1 is now available for in-cluster Cloud Service Mesh.
This patch release contains fixes for the security vulnerabilities listed in GCP-2024-065. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.23.4-asm.1 uses Envoy v1.31.5.
1.22.7-asm.1 is now available for in-cluster Cloud Service Mesh.
This patch release contains fixes for the security vulnerabilities listed in GCP-2024-065. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.22.7-asm.1 uses Envoy v1.30.9.
1.21.5-asm.17 is now available for in-cluster Cloud Service Mesh.
This patch release contains fixes for the security vulnerabilities listed in GCP-2024-065. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.21.5-asm.17 uses Envoy v1.29.12.
Upgrading the gRPC client may cause excessive streams to Traffic Director. Be cautious and do a gradual upgrade when upgrading to the following versions:
- gRPC Java 1.67.1
- gPRC Go 1.66
- gRPC C++ 1.63
You can now manage Developer Connect resources by using custom organization policies. This feature is generally available. To learn more, see Create custom organization policies.
VPC Service Controls support for Developer Connect is now in Preview.
Hex-LLM: High-Efficiency Large Language Model Serving is available in General Availability (GA).
This launch adds support for the following models:
- Llama 3.1
- Llama 3.2
- Phi-3
- Qwen2 and Qwen2.5
Additional supported features:
- Multi-host serving.
- Disaggregated serving (experimental).
- Prefix caching.
- AWQ quantization.
Google Distributed Cloud (software only) for VMware 1.31.0-gke.889 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.31.0-gke.889 runs on Kubernetes v1.31.3-gke.100.
If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
Announcing an early look at two preview features:
A new architecture called advanced clusters. When advanced cluster is enabled, the underlying Google Distributed Cloud software deploys controllers that allow for a more extensible architecture. Enabling advanced clusters gives you access to new features and capabilities, such as topology domains.
A topology domain is a pool of cluster nodes that are considered to be part of the same logical or physical grouping. Topology domains correspond to some underlying hardware or software that has the possibility of correlated failure, like networking equipment in a rack. As part of setting up a topology domain, you create a topology label that is set on all the nodes in the topology domain during cluster creation. This label lets you set up Pod Topology Spread Constraints.
Note the following limitations of the preview:
- You can enable the features only on new 1.31 clusters.
- You won't be able to upgrade the clusters to 1.32, so only enable the features in a test environment.
- To test topology domains, we recommend that you configure the cluster-wide built-in default spread constraints because configuring your own cluster-wide spread constraints isn't available.
Upgrade changes:
Dataplane V2 is required for all user clusters. Before upgrading a user cluster to 1.31, follow the steps in Enable Dataplane V2.
To upgrade clusters to 1.31, you must upgrade your admin cluster first and then user clusters. For more information, see Version rules.
Version changes:
- COS was upgraded to milestone 113.
Other changes:
- Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.
- Removed TLS/SSL weak message authentication code cipher suites in the vSphere cloud controller manager.
The following issues are fixed in 1.31.0-gke.889:
- Fixed the issue that additional manual steps are needed after disabling
always-on secrets encryption with
gkectl update cluster
. - Fixed the known issue that caused migrating a user cluster to Controlplane V2 to fail if secrets encryption has ever been enabled on the user cluster, even if it's already disabled.
- Fixed the known
issue
where the
gkectl upgrade
command returned an incorrect error about the netapp storageclass. - Fixed the known issue where updating DataplaneV2 ForwardMode doesn't automatically trigger anetd DaemonSet restart.
The following high-severity container vulnerabilities are fixed in 1.31.0-gke.889:
- CVE-2023-47108
- CVE-2023-28642
- CVE-2021-39293
- CVE-2022-30580
- CVE-2022-30633
- CVE-2022-30631
- CVE-2022-2879
- CVE-2022-30632
- CVE-2022-28131
- CVE-2022-24675
- CVE-2022-2880
- CVE-2021-44716
- CVE-2022-30630
- CVE-2024-1975
- CVE-2022-24921
- CVE-2024-1737
- CVE-2021-29923
- CVE-2022-41715
- CVE-2021-41772
- CVE-2023-27561
- CVE-2022-23772
- CVE-2024-6345
- CVE-2022-32189
- CVE-2022-23773
- CVE-2021-41771
- CVE-2022-30635
- CVE-2022-28327
- CVE-2024-6232
- CVE-2024-0793
- CVE-2024-7348
- CVE-2023-3676
- CVE-2023-5528
- CVE-2023-3955
- GHSA-87m9-rv8p-rgmg
- CVE-2024-0567
- CVE-2020-22218
The following Container-Optimized OS vulnerabilities are fixed in 1.31.0-gke.889:
- CVE-2024-41073
- CVE-2024-36979
- CVE-2024-49889
- CVE-2024-38577
- CVE-2024-41087
- CVE-2024-49882
- CVE-2024-38538
- CVE-2024-44940
- CVE-2024-53057
- CVE-2024-39487
- CVE-2024-48958
- CVE-2024-41049
- CVE-2024-50035
- CVE-2024-49883
- CVE-2024-41058
- CVE-2024-47685
- CVE-2024-46743
- CVE-2024-38555
- CVE-2024-45490
- CVE-2024-46800
- CVE-2024-42285
- CVE-2024-44934
- CVE-2024-37407
- CVE-2024-47727
- CVE-2024-49936
- CVE-2024-38588
- CVE-2024-36978
- CVE-2024-41057
- CVE-2024-42136
- CVE-2024-50033
- CVE-2024-44983
- CVE-2024-37371
- CVE-2024-49967
- CVE-2024-41000
- CVE-2024-43873
- CVE-2024-37370
- CVE-2024-47742
- CVE-2024-39494
- CVE-2024-26256
- CVE-2024-39463
- CVE-2024-44985
- CVE-2024-6119
- CVE-2024-40994
- CVE-2024-44987
- CVE-2024-45491
- CVE-2024-46744
- CVE-2024-42302
- CVE-2024-50083
- CVE-2024-40906
- CVE-2024-46738
- CVE-2024-40954
- CVE-2024-6232
- CVE-2024-44986
- CVE-2024-49884
- CVE-2024-40958
- CVE-2024-49860
- CVE-2024-49983
- CVE-2024-45492
- CVE-2024-47701
- CVE-2024-43882
- CVE-2024-48957
- CVE-2024-47682
The following Ubuntu vulnerabilities: are fixed in 1.31.0-gke.889:
- CVE-2022-48666
- CVE-2023-52889
- CVE-2023-52918
- CVE-2024-25744
- CVE-2024-26607
- CVE-2024-26661
- CVE-2024-26669
- CVE-2024-26800
- CVE-2024-26893
- CVE-2024-36484
- CVE-2024-38577
- CVE-2024-38602
- CVE-2024-38611
- CVE-2024-39472
- CVE-2024-40915
- CVE-2024-41011
- CVE-2024-41012
- CVE-2024-41015
- CVE-2024-41017
- CVE-2024-41019
- CVE-2024-41020
- CVE-2024-41022
- CVE-2024-41042
- CVE-2024-41059
- CVE-2024-41060
- CVE-2024-41063
- CVE-2024-41064
- CVE-2024-41065
- CVE-2024-41068
- CVE-2024-41070
- CVE-2024-41071
- CVE-2024-41072
- CVE-2024-41073
- CVE-2024-41077
- CVE-2024-41078
- CVE-2024-41081
- CVE-2024-41090
- CVE-2024-41091
- CVE-2024-41098
- CVE-2024-42114
- CVE-2024-42126
- CVE-2024-42246
- CVE-2024-42259
- CVE-2024-42265
- CVE-2024-42267
- CVE-2024-42269
- CVE-2024-42270
- CVE-2024-42271
- CVE-2024-42272
- CVE-2024-42274
- CVE-2024-42276
- CVE-2024-42277
- CVE-2024-42280
- CVE-2024-42281
- CVE-2024-42283
- CVE-2024-42284
- CVE-2024-42285
- CVE-2024-42286
- CVE-2024-42287
- CVE-2024-42288
- CVE-2024-42289
- CVE-2024-42290
- CVE-2024-42292
- CVE-2024-42295
- CVE-2024-42296
- CVE-2024-42297
- CVE-2024-42299
- CVE-2024-42301
- CVE-2024-42302
- CVE-2024-42304
- CVE-2024-42305
- CVE-2024-42306
- CVE-2024-42309
- CVE-2024-42310
- CVE-2024-42311
- CVE-2024-42312
- CVE-2024-42313
- CVE-2024-42318
- CVE-2024-43817
- CVE-2024-43828
- CVE-2024-43829
- CVE-2024-43830
- CVE-2024-43834
- CVE-2024-43835
- CVE-2024-43839
- CVE-2024-43841
- CVE-2024-43846
- CVE-2024-43849
- CVE-2024-43853
- CVE-2024-43854
- CVE-2024-43856
- CVE-2024-43858
- CVE-2024-43860
- CVE-2024-43861
- CVE-2024-43863
- CVE-2024-43867
- CVE-2024-43869
- CVE-2024-43870
- CVE-2024-43871
- CVE-2024-43873
- CVE-2024-43875
- CVE-2024-43879
- CVE-2024-43880
- CVE-2024-43882
- CVE-2024-43883
- CVE-2024-43884
- CVE-2024-43889
- CVE-2024-43890
- CVE-2024-43892
- CVE-2024-43893
- CVE-2024-43894
- CVE-2024-43902
- CVE-2024-43905
- CVE-2024-43907
- CVE-2024-43908
- CVE-2024-43909
- CVE-2024-43914
- CVE-2024-44934
- CVE-2024-44935
- CVE-2024-44944
- CVE-2024-44946
- CVE-2024-44947
- CVE-2024-44948
- CVE-2024-44954
- CVE-2024-44958
- CVE-2024-44960
- CVE-2024-44965
- CVE-2024-44966
- CVE-2024-44969
- CVE-2024-44971
- CVE-2024-44974
- CVE-2024-44982
- CVE-2024-44983
- CVE-2024-44985
- CVE-2024-44986
- CVE-2024-44987
- CVE-2024-44988
- CVE-2024-44989
- CVE-2024-44990
- CVE-2024-44995
- CVE-2024-44998
- CVE-2024-44999
- CVE-2024-45003
- CVE-2024-45006
- CVE-2024-45007
- CVE-2024-45008
- CVE-2024-45009
- CVE-2024-45011
- CVE-2024-45018
- CVE-2024-45021
- CVE-2024-45025
- CVE-2024-45026
- CVE-2024-45028
- CVE-2024-46673
- CVE-2024-46675
- CVE-2024-46676
- CVE-2024-46677
- CVE-2024-46679
- CVE-2024-46685
- CVE-2024-46689
- CVE-2024-46702
- CVE-2024-46707
- CVE-2024-46713
- CVE-2024-46714
- CVE-2024-46719
- CVE-2024-46721
- CVE-2024-46722
- CVE-2024-46723
- CVE-2024-46724
- CVE-2024-46725
- CVE-2024-46731
- CVE-2024-46732
- CVE-2024-46737
- CVE-2024-46738
- CVE-2024-46739
- CVE-2024-46740
- CVE-2024-46743
- CVE-2024-46744
- CVE-2024-46745
- CVE-2024-46746
- CVE-2024-46747
- CVE-2024-46750
- CVE-2024-46752
- CVE-2024-46755
- CVE-2024-46756
- CVE-2024-46757
- CVE-2024-46758
- CVE-2024-46759
- CVE-2024-46761
- CVE-2024-46763
- CVE-2024-46771
- CVE-2024-46777
- CVE-2024-46780
- CVE-2024-46781
- CVE-2024-46782
- CVE-2024-46783
- CVE-2024-46791
- CVE-2024-46795
- CVE-2024-46798
- CVE-2024-46800
- CVE-2024-46804
- CVE-2024-46805
- CVE-2024-46807
- CVE-2024-46810
- CVE-2024-46814
- CVE-2024-46815
- CVE-2024-46817
- CVE-2024-46818
- CVE-2024-46819
- CVE-2024-46822
- CVE-2024-46828
- CVE-2024-46829
- CVE-2024-46832
- CVE-2024-46840
- CVE-2024-46844
- CVE-2024-47659
- CVE-2024-47660
- CVE-2024-47663
- CVE-2024-47665
- CVE-2024-47667
- CVE-2024-47668
- CVE-2024-47669
- CVE-2024-27397
- CVE-2024-38630
- CVE-2024-45016
- CVE-2022-48772
- CVE-2023-52884
- CVE-2023-52887
- CVE-2024-23848
- CVE-2024-25741
- CVE-2024-31076
- CVE-2024-33621
- CVE-2024-33847
- CVE-2024-34027
- CVE-2024-34777
- CVE-2024-35247
- CVE-2024-35927
- CVE-2024-36014
- CVE-2024-36015
- CVE-2024-36032
- CVE-2024-36270
- CVE-2024-36286
- CVE-2024-36489
- CVE-2024-36894
- CVE-2024-36971
- CVE-2024-36972
- CVE-2024-36974
- CVE-2024-36978
- CVE-2024-37078
- CVE-2024-37356
- CVE-2024-38381
- CVE-2024-38546
- CVE-2024-38547
- CVE-2024-38548
- CVE-2024-38549
- CVE-2024-38550
- CVE-2024-38552
- CVE-2024-38555
- CVE-2024-38558
- CVE-2024-38559
- CVE-2024-38560
- CVE-2024-38565
- CVE-2024-38567
- CVE-2024-38571
- CVE-2024-38573
- CVE-2024-38578
- CVE-2024-38579
- CVE-2024-38580
- CVE-2024-38582
- CVE-2024-38583
- CVE-2024-38586
- CVE-2024-38587
- CVE-2024-38588
- CVE-2024-38589
- CVE-2024-38590
- CVE-2024-38591
- CVE-2024-38596
- CVE-2024-38597
- CVE-2024-38598
- CVE-2024-38599
- CVE-2024-38601
- CVE-2024-38605
- CVE-2024-38607
- CVE-2024-38610
- CVE-2024-38612
- CVE-2024-38613
- CVE-2024-38615
- CVE-2024-38618
- CVE-2024-38619
- CVE-2024-38621
- CVE-2024-38623
- CVE-2024-38624
- CVE-2024-38627
- CVE-2024-38633
- CVE-2024-38634
- CVE-2024-38635
- CVE-2024-38637
- CVE-2024-38659
- CVE-2024-38661
- CVE-2024-38662
- CVE-2024-38780
- CVE-2024-39276
- CVE-2024-39277
- CVE-2024-39301
- CVE-2024-39466
- CVE-2024-39467
- CVE-2024-39468
- CVE-2024-39469
- CVE-2024-39471
- CVE-2024-39475
- CVE-2024-39480
- CVE-2024-39482
- CVE-2024-39487
- CVE-2024-39488
- CVE-2024-39489
- CVE-2024-39490
- CVE-2024-39493
- CVE-2024-39495
- CVE-2024-39499
- CVE-2024-39500
- CVE-2024-39501
- CVE-2024-39502
- CVE-2024-39503
- CVE-2024-39505
- CVE-2024-39506
- CVE-2024-39507
Additional Ubuntu vulnerabilities fixed in 1.31.0-gke.889:
- CVE-2024-39509
- CVE-2024-40901
- CVE-2024-40902
- CVE-2024-40904
- CVE-2024-40905
- CVE-2024-40908
- CVE-2024-40911
- CVE-2024-40912
- CVE-2024-40914
- CVE-2024-40916
- CVE-2024-40927
- CVE-2024-40929
- CVE-2024-40931
- CVE-2024-40932
- CVE-2024-40934
- CVE-2024-40937
- CVE-2024-40941
- CVE-2024-40942
- CVE-2024-40943
- CVE-2024-40945
- CVE-2024-40954
- CVE-2024-40956
- CVE-2024-40957
- CVE-2024-40958
- CVE-2024-40959
- CVE-2024-40960
- CVE-2024-40961
- CVE-2024-40963
- CVE-2024-40967
- CVE-2024-40968
- CVE-2024-40970
- CVE-2024-40971
- CVE-2024-40974
- CVE-2024-40976
- CVE-2024-40978
- CVE-2024-40980
- CVE-2024-40981
- CVE-2024-40983
- CVE-2024-40984
- CVE-2024-40987
- CVE-2024-40988
- CVE-2024-40990
- CVE-2024-40994
- CVE-2024-40995
- CVE-2024-41000
- CVE-2024-41002
- CVE-2024-41004
- CVE-2024-41005
- CVE-2024-41006
- CVE-2024-41007
- CVE-2024-41027
- CVE-2024-41034
- CVE-2024-41035
- CVE-2024-41040
- CVE-2024-41041
- CVE-2024-41044
- CVE-2024-41046
- CVE-2024-41047
- CVE-2024-41048
- CVE-2024-41049
- CVE-2024-41055
- CVE-2024-41087
- CVE-2024-41089
- CVE-2024-41092
- CVE-2024-41093
- CVE-2024-41095
- CVE-2024-41097
- CVE-2024-42068
- CVE-2024-42070
- CVE-2024-42076
- CVE-2024-42077
- CVE-2024-42080
- CVE-2024-42082
- CVE-2024-42084
- CVE-2024-42085
- CVE-2024-42086
- CVE-2024-42087
- CVE-2024-42089
- CVE-2024-42090
- CVE-2024-42092
- CVE-2024-42093
- CVE-2024-42094
- CVE-2024-42095
- CVE-2024-42096
- CVE-2024-42097
- CVE-2024-42098
- CVE-2024-42101
- CVE-2024-42102
- CVE-2024-42104
- CVE-2024-42105
- CVE-2024-42106
- CVE-2024-42109
- CVE-2024-42115
- CVE-2024-42119
- CVE-2024-42120
- CVE-2024-42121
- CVE-2024-42124
- CVE-2024-42127
- CVE-2024-42130
- CVE-2024-42131
- CVE-2024-42137
- CVE-2024-42140
- CVE-2024-42145
- CVE-2024-42148
- CVE-2024-42152
- CVE-2024-42153
- CVE-2024-42154
- CVE-2024-42157
- CVE-2024-42161
- CVE-2024-42223
- CVE-2024-42224
- CVE-2024-42225
- CVE-2024-42229
- CVE-2024-42232
- CVE-2024-42236
- CVE-2024-42240
- CVE-2024-42244
- CVE-2024-42247
- CVE-2023-52629
- CVE-2023-52760
- CVE-2024-26680
- CVE-2024-26830
- CVE-2024-26921
- CVE-2024-36901
- CVE-2024-39292
- CVE-2024-39484
- CVE-2023-52585
- CVE-2023-52882
- CVE-2024-26900
- CVE-2024-26936
- CVE-2024-26980
- CVE-2024-27398
- CVE-2024-27399
- CVE-2024-27401
- CVE-2024-35848
- CVE-2024-35947
- CVE-2024-36017
- CVE-2024-36031
- CVE-2024-36880
- CVE-2024-36883
- CVE-2024-36886
- CVE-2024-36889
- CVE-2024-36897
- CVE-2024-36902
- CVE-2024-36904
- CVE-2024-36905
- CVE-2024-36906
- CVE-2024-36916
- CVE-2024-36919
- CVE-2024-36928
- CVE-2024-36929
- CVE-2024-36931
- CVE-2024-36933
- CVE-2024-36934
- CVE-2024-36937
- CVE-2024-36938
- CVE-2024-36939
- CVE-2024-36940
- CVE-2024-36941
- CVE-2024-36944
- CVE-2024-36946
- CVE-2024-36947
- CVE-2024-36950
- CVE-2024-36952
- CVE-2024-36953
- CVE-2024-36954
- CVE-2024-36955
- CVE-2024-36957
- CVE-2024-36959
- CVE-2024-36960
- CVE-2024-36964
- CVE-2024-36965
- CVE-2024-36967
- CVE-2024-36969
- CVE-2024-36975
- CVE-2024-38600
- CVE-2023-52752
- CVE-2024-25742
- CVE-2024-26886
- CVE-2024-26952
- CVE-2024-27017
- CVE-2024-36016
- CVE-2022-38096
- CVE-2023-52488
- CVE-2023-52699
- CVE-2023-52880
- CVE-2024-23307
- CVE-2024-24857
- CVE-2024-24858
- CVE-2024-24859
- CVE-2024-24861
- CVE-2024-25739
- CVE-2024-26629
- CVE-2024-26642
- CVE-2024-26654
- CVE-2024-26687
- CVE-2024-26810
- CVE-2024-26811
- CVE-2024-26812
- CVE-2024-26813
- CVE-2024-26814
- CVE-2024-26817
- CVE-2024-26828
- CVE-2024-26922
- CVE-2024-26923
- CVE-2024-26925
- CVE-2024-26926
- CVE-2024-26929
- CVE-2024-26931
- CVE-2024-26934
- CVE-2024-26935
- CVE-2024-26937
- CVE-2024-26950
- CVE-2024-26951
- CVE-2024-26955
- CVE-2024-26956
- CVE-2024-26957
- CVE-2024-26958
- CVE-2024-26960
- CVE-2024-26961
- CVE-2024-26964
- CVE-2024-26965
- CVE-2024-26966
- CVE-2024-26969
- CVE-2024-26970
- CVE-2024-26973
- CVE-2024-26974
- CVE-2024-26976
- CVE-2024-26977
- CVE-2024-26981
- CVE-2024-26984
- CVE-2024-26988
- CVE-2024-26989
- CVE-2024-26993
- CVE-2024-26994
- CVE-2024-26996
- CVE-2024-26999
- CVE-2024-27000
- CVE-2024-27001
- CVE-2024-27004
- CVE-2024-27008
- CVE-2024-27009
- CVE-2024-27013
- CVE-2024-27015
- CVE-2024-27016
- CVE-2024-27018
- CVE-2024-27019
- CVE-2024-27020
- CVE-2024-27059
- CVE-2024-27393
- CVE-2024-27395
- CVE-2024-27396
- CVE-2024-27437
- CVE-2024-35785
- CVE-2024-35789
- CVE-2024-35791
- CVE-2024-35796
- CVE-2024-35804
- CVE-2024-35805
- CVE-2024-35806
- CVE-2024-35807
- CVE-2024-35809
- CVE-2024-35813
- CVE-2024-35815
- CVE-2024-35817
- CVE-2024-35819
- CVE-2024-35821
- CVE-2024-35822
- CVE-2024-35823
- CVE-2024-35825
- CVE-2024-35847
- CVE-2024-35849
- CVE-2024-35851
- CVE-2024-35852
- CVE-2024-35853
- CVE-2024-35854
- CVE-2024-35855
- CVE-2024-35857
- CVE-2024-35871
- CVE-2024-35872
- CVE-2024-35877
- CVE-2024-35879
- CVE-2024-35884
- CVE-2024-35885
- CVE-2024-35886
- CVE-2024-35888
- CVE-2024-35890
- CVE-2024-35893
- CVE-2024-35895
- CVE-2024-35896
- CVE-2024-35897
- CVE-2024-35898
- CVE-2024-35899
- CVE-2024-35900
- CVE-2024-35902
- CVE-2024-35905
- CVE-2024-35907
- CVE-2024-35910
- CVE-2024-35912
- CVE-2024-35915
- CVE-2024-35922
- CVE-2024-35925
- CVE-2024-35930
- CVE-2024-35933
- CVE-2024-35934
- CVE-2024-35935
- CVE-2024-35936
- CVE-2024-35938
- CVE-2024-35940
- CVE-2024-35944
- CVE-2024-35950
- CVE-2024-35955
- CVE-2024-35958
- CVE-2024-35960
- CVE-2024-35969
- CVE-2024-35970
- CVE-2024-35973
- CVE-2024-35976
- CVE-2024-35978
- CVE-2024-35982
- CVE-2024-35984
- CVE-2024-35988
- CVE-2024-35989
- CVE-2024-35990
- CVE-2024-35997
- CVE-2024-36004
- CVE-2024-36005
- CVE-2024-36006
- CVE-2024-36007
- CVE-2024-36008
- CVE-2024-36020
- CVE-2024-36025
- CVE-2024-36029
Release 1.31.0-gke.889
Google Distributed Cloud for bare metal 1.31.0-gke.889 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.31.0-gke.889 runs on Kubernetes 1.31.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Version 1.28 end of life: In accordance with the Version Support Policy, version 1.28 (all patch releases) of Google Distributed Cloud for bare metal has reached its end of life and is no longer supported.
Functionality changes:
Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.
Updated the
bmctl push images
command to check for the existence of an image digest to determine whether or not to push an image.Increased priority for
cert-manager
pods to system-cluster-critical to prevent premature eviction under control plane node resource pressure.Updated the logic for parsing the cluster configuration file for newer clusters to validate that the
anthosBareMetalVersion
value follows the fullx.y.z-gke.n
semantic versioning scheme, including the GKE patch version.Updated the snapshot capability to collect the following information:
- Details for all custom resources
- Additional debugging information for clusters
Add a health check to check that the
ifnode-problem-detector
systemd service is running on the node.Updated the
bmctl update
command to identify differences (if any) between the preview feature annotations in the cluster configuration file and the annotations in the deployed Cluster resource.Added a
--num-of-parallel-threads
flag to the snapshot command (bmctl check cluster --snapshot
) so that you can specify the number of threads to use to create a snapshot. The default number of threads for snapshot creation is 10.
Fixes:
Fixed an issue where the registry mirror reachability check fails for a single unreachable registry mirror. Now the reachability check applies to configured registry mirrors only, instead of all registry mirrors.
Fixed the issue where non-root users can't run
bmctl restore
to restore quorum.Fixed the issue that caused the
cplb-update
healthcheck job to run every 7 days, instead when needed only.Fixed an issue where CronJob specs for periodic health checks weren't updated to reflect cluster annotation changes.
Fixed an issue where the control plane VIP might become unavailable because Keepalived didn't check correctly that the VIP is on a node with a responsive HAProxy.
Fixed the issue where, due to a misconfigured client,
bmctl update
misjudges clusters about whether they're self-managed.Fixed Cloud Audit Logging failure due to allowlisting issue with multiple project IDs.
The following container image security vulnerabilities have been fixed in 1.31.0-gke.889:
Critical container vulnerabilities:
High-severity container vulnerabilities:
- CVE-2020-22218
- CVE-2021-3583
- CVE-2022-1304
- CVE-2022-3697
- CVE-2022-48733
- CVE-2023-3676
- CVE-2023-3955
- CVE-2023-4237
- CVE-2023-5528
- CVE-2023-5764
- CVE-2023-7104
- CVE-2023-39325
- CVE-2023-47038
- CVE-2023-47108
- CVE-2023-49083
- CVE-2023-52425
- CVE-2024-0553
- CVE-2024-0567
- CVE-2024-0743
- CVE-2024-0793
- CVE-2024-5321
- CVE-2024-6609
- CVE-2024-7348
- CVE-2024-10220
- CVE-2024-20696
- CVE-2024-37370
- CVE-2024-38577
- CVE-2024-39487
- CVE-2024-41011
- CVE-2024-41040
- CVE-2024-41046
- CVE-2024-41049
- CVE-2024-41059
- CVE-2024-41070
- CVE-2024-42104
- CVE-2024-42148
- CVE-2024-42228
- CVE-2024-42280
- CVE-2024-42284
- CVE-2024-42285
- CVE-2024-42301
- CVE-2024-42302
- CVE-2024-42313
- CVE-2024-43839
- CVE-2024-43858
- CVE-2024-43882
- CVE-2024-44974
- CVE-2024-44987
- CVE-2024-44998
- CVE-2024-44999
- CVE-2024-46673
- CVE-2024-46674
- CVE-2024-46722
- CVE-2024-46723
- CVE-2024-46724
- CVE-2024-46725
- CVE-2024-46731
- CVE-2024-46738
- CVE-2024-46740
- CVE-2024-46743
- CVE-2024-46744
- CVE-2024-46747
- CVE-2024-46756
- CVE-2024-46757
- CVE-2024-46758
- CVE-2024-46759
- CVE-2024-46782
- CVE-2024-46798
- CVE-2024-46800
- CVE-2024-46804
- CVE-2024-46814
- CVE-2024-46815
- CVE-2024-46818
- CVE-2024-46828
- CVE-2024-46844
- GHSA-87m9-rv8p-rgmg
- GHSA-m425-mq94-257g
Medium-severity container vulnerabilities:
- CVE-2016-3709
- CVE-2021-3620
- CVE-2021-3669
- CVE-2021-36976
- CVE-2022-26280
- CVE-2023-2431
- CVE-2023-2727
- CVE-2023-2728
- CVE-2023-3978
- CVE-2023-5981
- CVE-2023-23931
- CVE-2023-31083
- CVE-2023-44487
- CVE-2023-5115
- CVE-2023-52889
- CVE-2024-0690
- CVE-2024-6104
- CVE-2024-7264
- CVE-2024-8096
- CVE-2024-24557
- CVE-2024-29018
- CVE-2024-36901
- CVE-2024-36938
- CVE-2024-41009
- CVE-2024-41012
- CVE-2024-41055
- CVE-2024-41063
- CVE-2024-41064
- CVE-2024-41098
- CVE-2024-42101
- CVE-2024-42102
- CVE-2024-42114
- CVE-2024-42131
- CVE-2024-42137
- CVE-2024-42152
- CVE-2024-42153
- CVE-2024-42154
- CVE-2024-42157
- CVE-2024-42161
- CVE-2024-42223
- CVE-2024-42224
- CVE-2024-42229
- CVE-2024-42232
- CVE-2024-42236
- CVE-2024-42244
- CVE-2024-42246
- CVE-2024-42247
- CVE-2024-42259
- CVE-2024-42272
- CVE-2024-42283
- CVE-2024-42286
- CVE-2024-42287
- CVE-2024-42288
- CVE-2024-42289
- CVE-2024-42297
- CVE-2024-42309
- CVE-2024-42310
- CVE-2024-42311
- CVE-2024-43828
- CVE-2024-43829
- CVE-2024-43834
- CVE-2024-43835
- CVE-2024-43846
- CVE-2024-43849
- CVE-2024-43853
- CVE-2024-43854
- CVE-2024-43856
- CVE-2024-43860
- CVE-2024-43861
- CVE-2024-43871
- CVE-2024-43884
- CVE-2024-43889
- CVE-2024-43890
- CVE-2024-43892
- CVE-2024-43893
- CVE-2024-43894
- CVE-2024-43905
- CVE-2024-43907
- CVE-2024-43908
- CVE-2024-43914
- CVE-2024-44935
- CVE-2024-44944
- CVE-2024-44946
- CVE-2024-44947
- CVE-2024-44954
- CVE-2024-44960
- CVE-2024-44965
- CVE-2024-44968
- CVE-2024-44971
- CVE-2024-44988
- CVE-2024-44989
- CVE-2024-44990
- CVE-2024-44995
- CVE-2024-45003
- CVE-2024-45006
- CVE-2024-45016
- CVE-2024-45018
- CVE-2024-45021
- CVE-2024-45025
- CVE-2024-45028
- CVE-2024-46675
- CVE-2024-46676
- CVE-2024-46677
- CVE-2024-46679
- CVE-2024-46685
- CVE-2024-46689
- CVE-2024-46702
- CVE-2024-46707
- CVE-2024-46714
- CVE-2024-46719
- CVE-2024-46721
- CVE-2024-46737
- CVE-2024-46739
- CVE-2024-46750
- CVE-2024-46755
- CVE-2024-46763
- CVE-2024-46771
- CVE-2024-46777
- CVE-2024-46780
- CVE-2024-46781
- CVE-2024-46783
- CVE-2024-46791
- CVE-2024-46817
- CVE-2024-46819
- CVE-2024-46822
- CVE-2024-46829
- CVE-2024-46840
- CVE-2024-47663
- GHSA-jq35-85cj-fj4p
- GHSA-mh55-gqvf-xfwm
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.0-gke.1358000 with this release.
Regular channel
There are no new releases in the Regular channel.
Stable channel
There are no new releases in the Stable channel.
Extended channel
- Version 1.27.16-gke.2081000 is now available in the Extended channel.
No channel
- The following versions are now available:
- The following node versions are now available:
(2024-R49) Version updates
- The following versions are now available in the Rapid channel:
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.0-gke.1358000 with this release.
(2024-R49) Version updates
There are no new releases in the Regular channel.
(2024-R49) Version updates
There are no new releases in the Stable channel.
(2024-R49) Version updates
- Version 1.27.16-gke.2081000 is now available in the Extended channel.
(2024-R49) Version updates
- The following versions are now available:
- The following node versions are now available:
Install new version of the Security Command Center Enterprise use case
The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation
use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise. The new use case, identified by date December 18, 2024, introduces updates to security posture findings playbooks and other enhancements to support the management of toxic combination findings and cases in the Security Operations console.
For installation instructions, see Update Enterprise use case, December 2024.
Security Health Analytics now supports new resource types for creating custom modules. For a full list of supported resource types, see Supported resource types.
Vulnerability Assessment for AWS now supports scanning container images in Elastic Container Registry (ECR). It can detect operating system misconfigurations and issues with installed packages.
December 17, 2024
Apigee XOn December 17, 2024, we released a new version of Apigee.
With this release, the maximum number of apps per AppGroup is increased from 500 to 30,000.
For more information, see the Apigee Limits page.
You can use Organization Policy Service custom constraints to manage specific operations on Bigtable resources. For more information, see Use custom organization policies. This feature is generally available (GA).
Cloud Data Fusion supports the CMEK organization policy.
Standard best path selection mode is now generally available. For more information, see Best path selection modes.
New finer-grained predefined IAM roles are available for Cloud Run: Cloud Run Service Invoker, Cloud Run Jobs Executor, Cloud Run Jobs Executor With Overrides. These roles make it easier to grant least privilege access to production accounts accessing Cloud Run resources.
Single Cluster Gateway for Mesh is now generally available. For more information, see Prepare to setup the Gateway API for Cloud Service Mesh.
Routing traffic between Cloud Service Mesh workloads and Cloud Run Services is now available in preview. For more information, see the following pages:
Preview: You can create instances that use only IPv6 IP addresses. For more information, see IP addresses.
You can copy tuned Gemini 1.5 Pro 002 and Gemini 1.5 Flash 002 adapter models across projects. For details, see Copy a model in Vertex AI Model Registry.
The following critical container vulnerabilities are fixed in 1.31.0-gke.889:
1.32 is now available in the Rapid channel
Kubernetes 1.32 is now available in the Rapid channel. For more information about the content of Kubernetes 1.32, read the Kubernetes 1.32 Release Notes.
New features
- Dynamic Resource Allocation graduated to beta, and enables efficient scheduling of advanced device driver resources (because this is a beta API, using it in GKE clusters requires opt-in).
- Support for more efficient API streaming graduated to beta and is enabled by default in the API server. Clients can opt into use of this more efficient mechanism.
- Support for recovery from volume expansion failure graduated to beta and is enabled by default.
- Support in the Job API for management by external controllers graduated to beta and is enabled by default. This enables integrations with external controllers like MultiKueue.
Deprecated in Kubernetes 1.32
The following Beta versions of graduated APIs were deprecated in 1.29 and removed in 1.32 in favor of newer versions:
flowcontrol.apiserver.k8s.io/v1beta3 FlowSchema, PriorityLevelConfiguration
- deprecated since 1.29, will no longer be served in 1.32,
- instead, use
flowcontrol.apiserver.k8s.io/v1
, available since 1.29.
The
status.nodeInfo.kubeProxyVersion
field in the Node API is deprecated and will not be populated starting in v1.33. The field is currently populated with the kubelet version, not the kube-proxy version, and might not accurately reflect the kube-proxy version in use. For more information, see KEP-4004.
1.32 is now available in the Rapid channel
Kubernetes 1.32 is now available in the Rapid channel. For more information about the content of Kubernetes 1.32, read the Kubernetes 1.32 Release Notes.
Looker dashboard updates
The following changes have been made to the Looker dashboards in Google SecOps:
All dashboards have been moved to the
ingestion_metrics_connector
explore.The
ingestion_stats
,ingestion_metric_with_ingestion_stats
andingestion_metrics
explores are no longer supported.The
total_entry_number
andtotal_size_bytes
fields are defined in the new explore and used to query the log count and log volume for the Google SecOps Ingestion API. For more information, see the Ingestion metrics field reference for dashboards.The default dashboards for Context aware detections risk and Cloud detection and response overview have been updated to use a different field for the risk score. It was
rule_detections.outcomes['risk_score']
and is nowrule_detections.risk_score
. This change aligns the risk score in the Google SecOps dashboards to the risk score used in the Google SecOps user interface.The
severity
field in the Rules and detections default Dashboard has been updated so that it would show the severity for both Curated Detections and custom rules.
Looker dashboard updates
The following changes have been made to the Looker dashboards in Google SecOps:
All dashboards have been moved to the
ingestion_metrics_connector
explore.The
ingestion_stats
,ingestion_metric_with_ingestion_stats
andingestion_metrics
explores are no longer supported.The
total_entry_number
andtotal_size_bytes
fields are defined in the new explore and used to query the log count and log volume for the Google SecOps Ingestion API. For more information, see the Ingestion metrics field reference for dashboards.The default dashboards for Context aware detections risk and Cloud detection and response overview have been updated to use a different field for the risk score. It was
rule_detections.outcomes['risk_score']
and is nowrule_detections.risk_score
. This change aligns the risk score in the Google SecOps dashboards to the risk score used in the Google SecOps user interface.The
severity
field in the Rules and detections default Dashboard has been updated so that it would show the severity for both Curated Detections and custom rules.
Preview your data
The data source editor displays a preview of the data in your fields. This feature is available for the following data sources:
Gemini in Looker enhancements
When creating a calculated field with Gemini assistance, Looker Studio now suggests sample prompts to help you get started.
Warnings for external links
When users click an external link, Looker Studio displays a redirect notice.
Proportional heights for inverted triangle funnels
You can now use the Use proportional heights setting to display the value of categories in a funnel chart by varying the height of each bar when you select the inverted triangle funnel style option. Larger values have taller bars while smaller values have shorter bars.
Improved hide/remove data source fields
We've improved the functionality of hiding and removing fields from a data source:
- You can remove any field from a data source. (Previously, you could only remove calculated fields.)
- Hiding or removing a field from a data source prevents report viewers from accessing metadata about that field. Field metadata includes information such as the field name and type of connector that is used to access that field.
These improvements help you control access to your organization's sensitive information while still promoting data democratization.
Dimensions in scorecard charts
You can now choose whether to display a dimension or a metric as the primary field in a scorecard chart. When a dimension is selected as the primary field, you can also select a different field for sorting the dimension values.
Partner connection launch update
The following partner connectors have been added to the Looker Studio Connector Gallery:
- TikTok Organic by Chartica.co.uk
- Google Ads - Cratos.ai by Cratos.software
- Klaviyo by Adzviser
- Google Merchant Center by Adzviser
- Google My Business by Adzviser
- Mailchimp by Adzviser
- WooCommerce by Adzviser
- Shopify by Adzviser
- Microsoft Ads by Adzviser
- Awin by Catchr.io
- Strava by Windsor.ai
- Harvest by Windsor.ai
- CoinGecko Coins by Windsor.ai
- Whatagraph by Whatagraph.com
- Simpli.fi by Windsor.ai
- Line Ads by Windsor.ai
- BigCommerce by Supermetrics.com
- Zoho CRM (ZOHO) by Supermetrics.com
- Omnisend by Windsor.ai
- Prestashop by Catchr.io
You can use Organization Policy Service custom constraints to manage specific operations on Bigtable resources. For more information, see Use custom organization policies. This feature is generally available (GA).
You can use Organization Policy Service custom constraints to manage specific operations on Bigtable resources. For more information, see Use custom organization policies. This feature is generally available (GA).
For Security Command Center Enterprise customers, the Sensitive Data Protection discovery service is now automatically enabled during the Enterprise activation process. For more information, see Enable sensitive data discovery in the Enterprise tier.
You can copy tuned Gemini 1.5 Pro 002 and Gemini 1.5 Flash 002 adapter models across projects. For details, see Copy a model in Vertex AI Model Registry.
IPv6-only subnets and instances are available in Preview. For more information, see the following:
For information about which services support IPv6-only configurations, see IPv6 support in Google Cloud.
December 16, 2024
Agent AssistAgent Assist offers a native UI Connector with Genesys Cloud to integrate with voice conversations.
hybrid v1.14.0
On December 16, 2024 we released an updated version of the Apigee hybrid software, v1.14.0.
- For information on upgrading, see Upgrading Apigee hybrid to version v1.14.
- For information on new installations, see The big picture.
Enhanced Proxy Limits in Hybrid environments
Starting in version v1.14, new Apigee hybrid organizations can be provisioned with the ability to deploy more than 50 proxies per environment enabled. This feature is already available for Apigee X.
Starting with Apigee hybrid version 1.14, the limits for Apigee hybrid organizations have increased:
- The maximum number of deployed API proxies and shared flows per organization is 6000.
- The maximum number of proxy deployment units per Apigee instance is 6000.
- The maximum number of API base paths per Apigee organization is 3000.
When more than 50 proxies are deployed in an environment, Apigee will automatically partition the environment into several distinct replica sets, each containing a subset of proxies deployed in the environment. These replica subsets are equivalent in behavior to a single environment in the way it loads and runs a set of proxies and other environment resources. This will be transparent to the user, and you can continue to use the environment as you would a single environment.
Cassandra credential rotation
Starting in version v1.14, you can rotate Cassandra credentials in Kubernetes secrets. In addition, you can now roll back credential rotation before the cleanup job is initiated in both Vault and Kubernetes secrets. See:
Enable and disable metrics-based scaling with customAutoscaling.enabled
Starting in version v1.14, you can enable and disable metrics-based auto-scaling with the customAutoscaling.enabled
configuration property. See:
New analytics and debug data pipeline for hybrid orgs
Starting with version 1.14, all newly created Apigee hybrid orgs created can use a new data pipeline to collect analytics and debug data and allow various runtime components to write data directly to our control plane. See:
Forward Proxy allowlist access
Starting in version v1.14, forward proxies pass through access to allowlisted URLs. Therefore you only need to configure allowlists to googleapis.com URLs on the server on which the forward proxy is configured. See:
Guardrails checks to ensure backups before upgrade
Starting in version 1.14 new guardrails checks have been added to ensure a backup is enabled and has been made before proceeding with an upgrade. See:
Bug ID | Description |
---|---|
382323427 | Added a guardrails check that requires backup to be enabled for Apigee Hybrid upgrades. Backups are required prior to upgrading to support restoring to the previous version, if necessary. |
380346557 | Added a guardrails check that requires the backup within the last 24 hours to be present if the CSI backup is enabled. This will minimize potential data loss if a restore to the previous version is needed. |
377573589 | Fix a bug where manually created rollbacks would interfere with existing rotations instead of cancelling them. |
362305438 | Users can now add additional env variables to the runtime component. See runtime.envVars |
319152386 | Fix AccessTokenGenerationFailure in runtime when using a forward proxy. |
335357961 | Fixed an issue where Apigee hybrid could claim uploads of backups with the Cloud provider when no bucket had been configured |
290183372 | The need to whitelist oauth2 and iamcredentials.googleapis.com directly from MP in fwd proxy setup is removed. |
237656263 | Resolved issue with ServiceCallout policy not working in async mode as expected. |
373722434 | Fixed support for backups to Google Cloud Storage buckets with retention policies. (Fixed in v1.13.2) |
368646378 | Fixed an issue affecting control Plane connectivity testing in Guardrails. (Fixed in v1.12.3) |
364282883 | Remove check for dc-expansion flag and add timeout to multi-region seed host connection test. (Fixed in v1.13.1) |
362979563 | Fix for Ingress Health Check failure /healthz/ingress - route_not_found . (Fixed in 1.13.0-hotfix.1) |
362690729 | Fix for aggressive scaling of runtime pods & cpu spike. (Fixed in 1.13.0-hotfix.1) |
362305438 | You can now add additional env variables to the runtime component. (Fixed in v1.13.1) |
361044374 | Fixes assign message not correctly highlighting the set payload action in the debug trace. (Fixed in v1.13.2) |
355122464 | This release contains a few error-handling fixes for CSI backup and restore. (Fixed in v1.13.2) |
353527851 | WebSocket connection drops when using VerifyJwt or OAuthV2 VerifyJWTAccessToken operations. (Fixed in v1.13.1) |
351440306 | An issue was fixed where trace could not be viewed in the UI for orgs with DRZ enabled. (Fixed in v1.13.1) |
347798999 | You can now configure forward proxy for opentelemetry pods in Apigee hybrid. (Fixed in v1.12.2) |
338638343 | An ID is now added at the end of apigee-env and virtualhost guardrails pods to make the pod names unique. (Fixed in v1.13.1) |
237656263 | Fix added to make use of asynchronous ServiceCallout execution when the ServiceCallout policy <Response> element is not present (Fixed in v1.13.2) |
181569113 | Fixed an issue in new debug session creation. (Fixed in v1.12.3) |
Bug ID | Description |
---|---|
N/A | Security fixes for apigee-redis . This addresses the following vulnerabilities: |
N/A | Security fixes for livenessprobe . This addresses the following vulnerability: |
376104926 | Security fixes for apigee-kube-rbac-proxy . (Fixed in v1.12.3) This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-redis . (Fixed in v1.13.2) This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-open-telemetry-collector . (Fixed in v1.13.1) This addresses the following vulnerability: |
N/A | Security fixes for apigee-open-telemetry-collector . (Fixed in v1.12.3) This addresses the following vulnerability: |
N/A | Security fixes for apigee-cassandra-backup-utility and apigee-hybrid-cassandra . (Fixed in v1.12.2) This addresses the following vulnerability: |
App Hub supports resources from Cloud Run services in Preview.
Audit Manager provides an option to customize compliance frameworks and use them for audits. For more information, see Create a custom compliance framework. This feature is available in Preview.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigquery
2.45.0 (2024-12-13)
Features
- Enable Lossless Timestamps in BQ java client lib (#3589) (c0b874a)
- Introduce
java.time
methods and variables (#3586) (31fb15f)
Bug Fixes
Dependencies
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.56.0 (#3582) (616ee2a)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20241111-2.0.0 (#3591) (3eef3a9)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20241115-2.0.0 (#3601) (41f9adb)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.60.0 (#3583) (34dd8bc)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.41.0 (#3607) (11499d1)
- Update github/codeql-action action to v2.27.5 (#3588) (3f94075)
- Update github/codeql-action action to v2.27.6 (#3597) (bc1f3b9)
- Update github/codeql-action action to v2.27.7 (#3603) (528426b)
Documentation
You can now use the Google Cloud Code extension for VS Code to work with BigQuery datasets and notebooks in your VS Code environment. This feature is in preview.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.50.0 (2024-12-06)
Features
Cloud Composer 3 is now generally available (GA):
- All Airflow builds starting from airflow-2.9.3-build.11 and airflow-2.10.2-build.4 are supported at the GA level.
- If your environment uses an earlier Airflow build, then upgrade it to airflow-2.9.3-build.11, airflow-2.10.2-build.4, or a later build to use Cloud Composer 3 on the GA level.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.21.0 (2024-12-13)
Features
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.51.0 (04d8868)
Dependencies
Service-level minimum instances are now set using the --min
command line flag, --service-min-instances
remains available as an alias to --min
.
This Release Note announces General Availability of Trillium AKA v6e. Trillium is the 6th generation and latest Cloud TPU. It is fully integrated with our AI Hypercomputer architecture to deliver compelling value to our Google Cloud Platform AI customers.
We used Trillium TPUs to train the new Gemini 2.0, Google's most capable AI model yet, and now enterprises and startups alike can take advantage of the same powerful, efficient, and sustainable infrastructure. Today, Trillium is generally available for Google Cloud customers and this week we will be delivering our first large tranches of Trillium capacity to some of our biggest Google Cloud Platform customers.
Here are some of the key improvements that Trillium delivers over the prior generations, v5e and v5p:
Over 4x improvement in training performance.
Up to 3x increase in inference throughput.
A 67% increase in energy efficiency.
An impressive 4.7x increase in peak compute performance per chip.
Double the High Bandwidth Memory (HBM) capacity.
Double the Interchip Interconnect (ICI) bandwidth.
100,000 Trillium chips per Jupiter network fabric with 13 Petabits/sec of bisection bandwidth, capable of scaling a single distributed training job to hundreds of thousands of accelerators.
Trillium provides up to 2.1x increase in performance per dollar over Cloud TPU v5e and up to 2.5x increase in performance per dollar over Cloud TPU v5p in training dense LLMs like Llama2-70b and Llama3.1-405b.
GKE integration enables seamless AI workload orchestration using Google Compute Engine MIGs including XPK for faster iterative development.
Multislice training with Trillium scales from one to hundreds of thousands of chips across pods using DCN.
Training and serving fungibility enables use of same Cloud TPU quota for both training and inference.
Support for collection scheduling with collection SLOs being defended.
Full-host VM support to enable inference support for larger models (70B+ parameters).
Official Libtpu releases that guarantees stability across all three frameworks (Jax/Pytorch-XLA/Tensorflow).
These enhancements enable Trillium to excel across a wide range of AI workloads, including:
Scaling AI training workloads like LLMs including dense and Mixture of Experts (MoE) models
Inference performance and collection scheduling
Embedding-intensive models acceleration
Delivering training and inference price-performance
The A3 Edge accelerator-optimized machine type is no longer available in Turin, Italy: europe-west12-b
. For a list of available regions and zones, see GPU regions and zones.
cos-113-18244-236-77
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.24 | See List |
Updated app-admin/google-guest-configs to v20241205.00.
Upgraded sys-apps/hwdata to v0.390.
Upgraded sys-apps/file to v5.46.
Disabled CONFIG_DEBUG_PREEMPT in the Linux kernel. This should improve performance for some workloads.
Fixed CVE-2024-53136 in the Linux kernel.
Fixed CVE-2024-50191 in the Linux kernel.
Fixed CVE-2024-53135 in the Linux kernel.
Fixed CVE-2024-53121 in the Linux kernel.
Fixed CVE-2024-53113 in the Linux kernel.
Fixed CVE-2024-53119 in the Linux kernel.
Fixed CVE-2024-50186 in the Linux kernel.
cos-117-18613-75-72
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.56 | v24.0.9 | v1.7.24 | See List |
Updated app-admin/google-guest-configs to v20241205.00.
Upgraded sys-apps/file to v5.46.
Upgraded sys-apps/hwdata to v0.390.
Disabled CONFIG_DEBUG_PREEMPT in the Linux kernel. This should improve performance for some workloads.
Fixed CVE-2024-50186 in the Linux kernel.
cos-105-17412-495-73
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.167 | v23.0.3 | v1.7.23 | See List |
Fixed CVE-2024-50191 in the Linux kernel.
Fixed CVE-2024-50186 in the Linux kernel.
cos-109-17800-372-71
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.24 | See List |
Updated app-admin/google-guest-configs to v20241205.00.
Cloud DNS additive VPC scope is now generally available on GKE clusters running version 1.28.3-gke.1430000
or later. You can now configure your GKE clusters to add GKE headless service entries to your Cloud DNS private zone visible from your VPC networks, on top of using Cloud DNS (cluster scope) as your GKE DNS provider.
To learn more, read Cloud DNS scopes for GKE.
Trillium, our sixth-generation TPU, is now generally available. Support is available for GKE Standard clusters in version 1.31.1-gke.1846000
or later, and Autopilot clusters in version 1.31.2-gke.1384000
or later. You can use TPU Trillium in the us-east5-b
, europe-west4-a
, us-east1-d
, asia-northeast1-b
, and us-south1-a
zones.
To learn more, see Benefits of using TPU Trillium.
Cloud DNS additive VPC scope is now generally available on GKE clusters running version 1.28.3-gke.1430000
or later. You can now configure your GKE clusters to add GKE headless service entries to your Cloud DNS private zone visible from your VPC networks, on top of using Cloud DNS (cluster scope) as your GKE DNS provider.
To learn more, read Cloud DNS scopes for GKE.
Trillium, our sixth-generation TPU, is now generally available. Support is available for GKE Standard clusters in version 1.31.1-gke.1846000
or later, and Autopilot clusters in version 1.31.2-gke.1384000
or later. You can use TPU Trillium in the us-east5-b
, europe-west4-a
, us-east1-d
, asia-northeast1-b
, and us-south1-a
zones.
To learn more, see Benefits of using TPU Trillium.
Principal access boundary policies are generally available. You can use principal access boundary policies to limit the resources that a principal is eligible to access.
Cloud Load Balancing resources now let you use custom constraints to define your own restrictions on Google Cloud services. To learn about which load balancing resources support custom constraints, and some sample use cases, see Manage Cloud Load Balancing resources using custom constraints.
This feature is available in General Availability.
You can use Policy Simulator for principal access boundary policies to simulate changes to principal access boundary policies before you apply them. This feature is available in Preview.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.135.0 (2024-12-12)
Features
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.51.0 (0b0d52c)
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.44.0 (#2270) (a5f70a9)
- Update dependency com.google.cloud:google-cloud-core to v2.48.0 (#2263) (d7e5588)
- Update dependency com.google.cloud:google-cloud-core to v2.49.0 (#2285) (cd94a19)
- Update dependency com.google.cloud:google-cloud-storage to v2.45.0 (#2268) (80a09e6)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.41.0 (#2286) (0c0a1b9)
- Update dependency com.google.protobuf:protobuf-java-util to v4.29.0 (#2276) (54ef88d)
- Update dependency com.google.protobuf:protobuf-java-util to v4.29.1 (#2279) (de3c9e1)
- Update googleapis/sdk-platform-java action to v2.51.0 (#2284) (0be820e)
Documentation
Cloud Load Balancing resources now let you use custom constraints to define your own restrictions on Google Cloud services. To learn about which load balancing resources support custom constraints, and some sample use cases, see Manage Cloud Load Balancing resources using custom constraints.
This feature is available in General Availability.
Security Command Center can now produce Cloud Infrastructure Entitlement Management (CIEM) misconfiguration findings for federated identities that are connected to your AWS environment through the AWS IAM Identity Center.
Detector for Container Threat Detection released to General Availability
Container Threat Detection, a built-in service available in Security Command Center Premium and Enterprise, has launched three new detectors to General Availability:
- Execution: Container Escape: Detects when a process inside a container tries to break out of its isolation and interact with the host system or other containers.
- Execution: Kubernetes Attack Tool Execution: Detects when a Kubernetes attack tool is run inside a container, indicating a potential attempt to exploit vulnerabilities in the Kubernetes environment.
- Execution: Local Reconnaissance Tool Execution: Detects when a local reconnaissance tool is executed within a container, suggesting that an attacker is gathering information about the container environment, such as network configurations, active processes, or mounted file systems.
For more information, see Container Threat Detection detectors.
Configuring allowlists for IP addresses is now available in GA. This feature lets you add the trusted IP addresses to an allowlist to exclude them from reCAPTCHA enforcement. For more information, see Configure an IP address allowlist.
December 15, 2024
Cloud ComposerWhen creating new environments in Google Cloud console, it's now required to explicitly select a service account for the environment. We recommend to create a user-managed service account and use it for Cloud Composer environments.
December 14, 2024
Google SecOps SOARRelease 6.3.27 is still in Preview.
December 13, 2024
Agent AssistAgent Assist infobot offers support for new languages in GA.
Integration templates (Preview)
Save time and effort building integrations with integration templates. These pre-defined blueprints provide a starting point for common integration flows, allowing you to quickly create and customize integrations without starting from scratch.
For more information, see Templates.
Generate and view OpenAPI Specification (Preview)
You can now generate and view the OpenAPI Specification for any published integration that uses API triggers. This allows for greater understanding and analysis of your integration's API interactions.
For more information, see View OpenAPI Specification for your integration.
API trigger input and output variables
You can now set request and response payloads for an API trigger using trigger specific input and output variables. For more information, see API trigger.
The following products are now supported by the following control packages. See supported products for more information:
- Apigee, Cloud Vision API, GKE Identity Service, Traffic Director, Vertex AI Search:
- Australia Regions
- Australia Regions with Assured Support
- Brazil Regions
- Canada Regions
- Canada Regions and Support
- Chile Regions
- EU Regions
- EU Regions and Support
- Hong Kong Regions
- India Regions
- Indonesia Regions
- Israel Regions
- Israel Regions and Support
- Japan Regions
- Qatar Regions
- Singapore Regions
- South Africa Regions
- South Korea Regions
- Switzerland Regions
- Taiwan Regions
- UK Regions
- US Regions
- US Regions and Support
- Spanner:
- Australia Regions with Assured Support
- Canada Regions and Support
- EU Regions and Support
- Israel Regions and Support
- Japan Regions
- US Regions and Support
The CJIS control package now supports the following products. See Supported products by control package for more information:
- AlloyDB for PostgreSQL
- Cloud Data Fusion
- Cloud Vision API
- Speech-to-Text
- Vertex AI Search
- Vertex AI Workbench Notebooks
Reporting of the "pending" status of the Ops Agent on the Cloud Monitoring VM Instances dashboard has been refined to include additional states. For more information, see Use VM Instances dashboard.
Reporting of the "pending" status of the Ops Agent on the Cloud Monitoring VM Instances dashboard has been refined to include additional states. For more information, see Use VM Instances dashboard.
The CPU allocation setting has been renamed to Billing in the Google Cloud console for Cloud Run services.
The two billing settings are:
- Request-based billing (default), previously called CPU is only allocated during request processing, only charges your Cloud Run instances during request processing, container startup, and container shutdown.
- Instance-based billing, previously called CPU always allocated, charges your Cloud Run instances for the entire lifecycle of instances, even when there are no incoming requests.
For more details, see the Billing settings guide.
Dialogflow CX data stores: The following languages are now GA. See the language support page for details.
- Arabic
- Bengali
- Bulgarian
- Chinese Simplified
- Chinese Traditional
- Croatian
- Czech
- Estonian
- Finnish
- Hebrew
- Hungarian
- Japanese
- Korean
- Latvian
- Lithuanian
- Norwegian
- Polish
- Romanian
- Russian
- Serbian
- Slovak
- Slovenian
- Swahili
- Thai
- Turkish
- Ukrainian
- Vietnamese
Google Cloud Managed Service for Apache Kafka now supports moving open source Kafka data to Google Cloud using various Dataflow templates. You can move Kafka data to Cloud Managed Service for Apache Kafka, BigQuery, and Cloud Storage. For more information about these data movement use cases, see Move Kafka data in Google Cloud.
GKE now provides insights and recommendations that help you identify and amend clusters running a minor version that reached end of standard support, clusters with nodes in violation of version skew policy, and clusters without a maintenance window to achieve reliable operations, up-to-date security posture and supportability.
The C4A machine family is generally available in the following versions:
Standard clusters in version
1.28.13-gke.1024000
,1.29.8-gke.1057000
,1.30.4-gke.1213000
or later. To use this family in GKE Standard, you can use the--machine-type
flag when creating a cluster or node pool.Autopilot clusters in
1.28.15-gke.1344000
,1.29.11-gke.1012000
,1.30.7-gke.1136000
,1.31.3-gke.1056000
or later. To use this family in GKE Autopilot, schedule your workloads along with thekubernetes.io/machine-family: c4a
node selector. In versions1.31
or above, thekubernetes.io/arch: arm64
node selector would default to C4A machine family.
Cluster autoscaler and node auto-provisioning are supported in 1.28.15-gke.1344000
, 1.29.11-gke.1012000
, 1.30.7-gke.1136000
, 1.31.3-gke.1056000
or later.
Local SSD support is available for Public Preview from 1.31.1-gke.2008000
. Contact your Account Team to participate in the preview.
GKE now provides insights and recommendations that help you identify and amend clusters running a minor version that reached end of standard support, clusters with nodes in violation of version skew policy, and clusters without a maintenance window to achieve reliable operations, up-to-date security posture and supportability.
The C4A machine family is generally available in the following versions:
Standard clusters in version
1.28.13-gke.1024000
,1.29.8-gke.1057000
,1.30.4-gke.1213000
or later. To use this family in GKE Standard, you can use the--machine-type
flag when creating a cluster or node pool.Autopilot clusters in
1.28.15-gke.1344000
,1.29.11-gke.1012000
,1.30.7-gke.1136000
,1.31.3-gke.1056000
or later. To use this family in GKE Autopilot, schedule your workloads along with thekubernetes.io/machine-family: c4a
node selector. In versions1.31
or above, thekubernetes.io/arch: arm64
node selector would default to C4A machine family.
Cluster autoscaler and node auto-provisioning are supported in 1.28.15-gke.1344000
, 1.29.11-gke.1012000
, 1.30.7-gke.1136000
, 1.31.3-gke.1056000
or later.
Local SSD support is available for Public Preview from 1.31.1-gke.2008000
. Contact your Account Team to participate in the preview.
AOF and RDB persistence are Generally Available. For more details, see Persistence overview.
Private Service Connect service connectivity automation lets you automate connectivity to supported Google service instances that are located in a different project, folder, or organization than the service consumer (custom scope). This feature is available in General Availability.
December 12, 2024
AlloyDB for PostgreSQLAlloyDB System insights offers a unified, customizable database monitoring dashboard that includes predefined metrics and other Google Cloud metrics. This feature is generally available (GA). For more information, see Create a custom dashboard.
Regional endpoints, which help you run your workloads in compliance with data residency and data sovereignty requirements, are now generally available (GA). With regional endpoints, your request traffic is routed directly to the region specified in the endpoint. For more information, see BigQuery regional endpoints.
You can now discover, procure, and commercialize your Analytics Hub listings on Google Cloud Marketplace to share data offerings at scale. This feature is in preview.
Bigtable is now supported by Database Center, which is in Preview. Database Center is an AI-assisted dashboard that gives you one centralized view across your entire database fleet. With this release, Database Center displays health issues for Bigtable availability and data protection. For more information, see Database health issues.
Database Migration Service now supports MySQL minor version 8.0.40 for homogeneous MySQL migrations. For more information, see Supported source and destination databases in Cloud SQL for MySQL migrations.
You can now override the validation that checks for metric existence when you create a PromQL-based alerting policy. For more information, see Disable check for metric existence.
Text widgets can now link to sections of a dashboard and they can render variables. For more information, see the following documents:
New Dataproc on Compute Engine subminor image versions:
- 2.0.126-debian10, 2.0.126-rocky8, 2.0.126-ubuntu18
- 2.1.74-debian11, 2.1.74-rocky8, 2.1.74-ubuntu20, 2.1.74-ubuntu20-arm
- 2.2.40-debian12, 2.2.40-rocky9, 2.2.40-ubuntu22
Dataproc on Compute Engine: Updated Dataproc Metastore (DPMS) gRPC proxy image version to v. 0.0.70
Dialogflow CX: You can now configure an access token name in Dialogflow Messenger to store the end user's authentication when they sign in, and then use it as the bearer token for tool authentication. See the Dialogflow Messenger documentation for more information about enabling this feature.
Firestore is supported by Database Center. Database Center is an AI-assisted dashboard that gives you one centralized view across your entire database fleet. Database Center displays the following health issue for Firestore:
- No automated backup policy
For more information, see Database Center overview and database health issues.
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.15-gke.1344000
- 1.30.7-gke.1077000
- 1.31.3-gke.1023000
Regular channel
- Version 1.30.6-gke.1125000 is now the default version for cluster creation in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.28.15-gke.1020000
- 1.28.15-gke.1080000
- 1.29.10-gke.1054000
- 1.29.10-gke.1155000
- 1.30.5-gke.1699000
- 1.30.5-gke.1713000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1159000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.10-gke.1227000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.6-gke.1125000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1159000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.10-gke.1227000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.6-gke.1125000 with this release.
Stable channel
- Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.28.14-gke.1340000
- 1.29.9-gke.1496000
- 1.30.5-gke.1443001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
Extended channel
- Version 1.30.6-gke.1125000 is now the default version for cluster creation in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.1784000
- 1.28.15-gke.1020000
- 1.28.15-gke.1080000
- 1.29.10-gke.1054000
- 1.29.10-gke.1155000
- 1.30.5-gke.1699000
- 1.30.5-gke.1713000
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1836000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1159000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.10-gke.1227000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.6-gke.1125000 with this release.
No channel
- Version 1.30.6-gke.1125000 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.28.14-gke.1340000
- 1.28.15-gke.1080000
- 1.28.15-gke.1344000
- 1.29.9-gke.1496000
- 1.29.10-gke.1155000
- 1.30.5-gke.1014003
- 1.30.5-gke.1713000
- 1.30.7-gke.1077000
- 1.31.3-gke.1023000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.15-gke.1159000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.10-gke.1227000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.15-gke.1159000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.10-gke.1227000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
Starting with GKE version 1.33, clusters running cgroupv1
will automatically be upgraded to cgroupv2
unless you opt out first. For more information, see Migrate nodes to cgroupv2.
(2024-R48) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.15-gke.1344000
- 1.30.7-gke.1077000
- 1.31.3-gke.1023000
(2024-R48) Version updates
- Version 1.30.6-gke.1125000 is now the default version for cluster creation in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.28.15-gke.1020000
- 1.28.15-gke.1080000
- 1.29.10-gke.1054000
- 1.29.10-gke.1155000
- 1.30.5-gke.1699000
- 1.30.5-gke.1713000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1159000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.10-gke.1227000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.6-gke.1125000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1159000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.10-gke.1227000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.6-gke.1125000 with this release.
(2024-R48) Version updates
- Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.28.14-gke.1340000
- 1.29.9-gke.1496000
- 1.30.5-gke.1443001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
(2024-R48) Version updates
- Version 1.30.6-gke.1125000 is now the default version for cluster creation in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.1784000
- 1.28.15-gke.1020000
- 1.28.15-gke.1080000
- 1.29.10-gke.1054000
- 1.29.10-gke.1155000
- 1.30.5-gke.1699000
- 1.30.5-gke.1713000
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1836000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1159000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.10-gke.1227000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.6-gke.1125000 with this release.
(2024-R48) Version updates
- Version 1.30.6-gke.1125000 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.28.14-gke.1340000
- 1.28.15-gke.1080000
- 1.28.15-gke.1344000
- 1.29.9-gke.1496000
- 1.29.10-gke.1155000
- 1.30.5-gke.1014003
- 1.30.5-gke.1713000
- 1.30.7-gke.1077000
- 1.31.3-gke.1023000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.15-gke.1159000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.10-gke.1227000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.15-gke.1159000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.10-gke.1227000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
Updated Admin Console setting
The Let editors set owner's credentials for data source access setting has been renamed to Allow users in this org to be the credential owner for any data source. This setting now exhibits the following changes in behavior, which may be breaking for some users:
- If a Looker Studio administrator turns off this setting, any existing data sources that have a data source owner within the organization and that were configured to use Owner's Credentials must use Viewer's Credentials. Users who don't have access to a data source's underlying data may lose access to any Looker Studio content that is based on that data source. Re-enabling this setting restores the original Owner's Credentials to those data sources.
New condition option for filters on date or time data type dimensions
Report editors can now specify a value and a unit of time for the following filter conditions with date or time data type dimensions:
- Is in the Last
- Is Before
- Is On or After
- Is Previous
- Is This
- Is Next
- Is in the Month
- Is in the Year
Looker connector filter enhancements
Looker data sources now support a Matches (advanced) filter option with date or time data type dimensions.
Changes to New Search Ads 360 connector field names
These New Search Ads 360 connector fields were renamed to resolve a naming conflict:
- The field previously named Conv. value is now named Client account conv. value.
- The field previously named Conv. value / click is now named Client account conv. value / click.
The original Conv. value field remains unchanged and continues to be the correct field name.
Partner connection launch update
The following partner connectors have been added to the Looker Studio Connector Gallery:
- Heureka.cz náklady by METRIXANA
- Heureka.cz Sortiment report by METRIXANA
- Shoptet produkty by METRIXANA
- Shoptet objednávky by METRIXANA
- BigQuery by Windsor.ai
- LinkedIn Page Analytics by Doodlytics
- Vibe by Windsor.ai
- Partnerize by Windsor.ai
- Adtraction by Windsor.ai
- MNTN by Windsor.ai
- Income Access by Windsor.ai
- Square by Windsor.ai
- Calendly by The Data Students
- Cin7 Core by Jivrus Technologies
- Pipedrive by Supermetrics
- TrueClicks PPC Audit by TrueClicks
- J+Search - Analytics by Jellyfish
- Mixpanel by Windsor.ai
- ShareASale by Windsor.ai
- Branch.io by Windsor.ai
- Marcode by Marcode
- Search Ads 360 by Supermetrics
- WorkMeter by WorkMeter, S.L.
- Heureka.sk náklady by METRIXANA
- LinkedIn Ads Analytics by Doodlytics
- Pinterest Ads by Detrics
- Recharge by Windsor.ai
Memorystore for Redis is supported by Database Center. Database Center is an AI-assisted dashboard that gives you one centralized view across your entire database fleet. For more information, see Database Center overview and database health issues.
Cross-region replication is now Generally Available on Memorystore for Redis Cluster. This release includes Terraform support for cross-region replication on Memorystore for Redis Cluster.
Memorystore for Redis Cluster is supported by Database Center. Database Center is an AI-assisted dashboard that gives you one centralized view across your entire database fleet. For more information, see Database Center overview and database health issues.
Spanner now supports IDENTITY
columns. IDENTITY
columns lets you automatically generate unique integer values for key and non-key columns, and aligns with the ANSI standard. For more information, see IDENTITY
columns.
December 11, 2024
BigQueryYou can now replicate a dataset from the source region to one or more other regions with cross-region dataset replication. This feature is now generally available (GA).
BigQuery Managed Disaster Recovery provides managed failover and redundant compute capacity for business-critical workloads. It is intended for use in the case of a total region outage and is supported with the BigQuery Enterprise Plus edition only. This feature is now generally available (GA).
You can now create
remote models
in BigQuery ML based on the
gemini-2.0-flash-exp
model in Vertex AI. To create remote models, you can use either SQL or BigQuery
DataFrames.
You can use the
ML.GENERATE_TEXT
function
with these remote models to perform generative natural language tasks for text
stored in BigQuery tables. You can also
use the ML.GENERATE_TEXT
function with these remote models to perform
generative AI tasks, for example audio transcription or document classification,
using image, video, audio, PDF, or text content stored in BigQuery
object tables.
Try this feature by using either the
Generate text by using the ML.GENERATE_TEXT
function
how-to topic, or the
BigFrames Gemini 2.0 Text Generation Simple Example
notebook.
This feature is in preview.
You can now enable row-affinity routing to let Bigtable automatically ensure that single-row requests for a given row are routed to the same cluster. This feature is generally available (GA).
You can now use the Google Cloud console to create and manage authorized views of your Bigtable tables.
You can now select a row in a Bigtable Studio query results table to view formatted row data. For more information, see Query your data with SQL in the query editor.
The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).
- Live Stream API
livestream.googleapis.com/Asset
livestream.googleapis.com/Channel
livestream.googleapis.com/Input
livestream.googleapis.com/Pool
In January 2025, we plan to release Cloud Composer 2 versions that will always use the environment's service account for performing PyPI packages installations:
- New Cloud Composer 2 environments created in versions 2.10.2 and later will have this change.
- Currently, Cloud Composer 2 environments use the default Cloud Build service account if it exists (and the environment's service account if it doesn't). Depending on the way Cloud Build is configured in your project, this might mean that the default Cloud Compute service account or the legacy Cloud Build service account might be used by your environment. We recommend to configure Cloud Build to adhere to the principle of least privilege.
- Make sure to check the Cloud Build default service account change page for information about changes to the default Cloud Build service account.
- Cloud Composer 3 environments already use the environment's service account, and are not impacted by this change.
(Cloud Composer 3) It is now possible to upgrade an environment if the [sentry]sentry_on
Airflow configuration option is set to true
.
Cloud Composer no longer adds any missing IAM permissions to the Cloud Storage bucket when it is used to create an environment with a custom environment's bucket. Make sure that the environment's service account has permissions from the Composer Worker role on the bucket.
The COMPOSER_AGENT_BUILD_SERVICE_ACCOUNT
environment variable is changed to reserved. This change improves the security of Cloud Composer environments.
Increased allowed timeouts when detecting tasks stuck in the "queued" state during the Airflow worker liveness check. This change makes it less likely that checks will incorrectly fail in specific scenarios. This change is gradually rolled out to all regions supported by Cloud Composer.
(Cloud Composer 2) Airflow worker liveness check configuration was changed to be consistent with the configuration used in Cloud Composer 3. In particular, this change increases the timeout, giving the liveness check more time to detect unhealthy Airflow workers. This change is gradually rolled out to all regions supported by Cloud Composer.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.10.2-build.4 (default)
- composer-3-airflow-2.9.3-build.11
New images are available in Cloud Composer 2:
- composer-2.10.1-airflow-2.10.2 (default)
- composer-2.10.1-airflow-2.9.3
Cloud Composer version 2.5.3 has reached its end of support period.
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
C3 bare metal instances are available in the following additional zones:
c3-highcpu-192-metal: asia-southeast1-a and c, europe-west4-c, us-east1-d, us-east4-c, us-east5-a, us-west1-a and b
c3-standard-192-metal: europe-west1-b and c, europe-west4-b and c, us-east1-d, us-east4-a, us-west1-a and b
c3-highmem-192-metal: europe-west4-c, us-east4-a and c, us-west1-a and b
The Gemini 2.0 Flash (gemini-2.0-flash-exp
) model is Generally available for grounded answer generation with RAG. This model is tuned to address context-based question and answering tasks. For more information, see Ground responses for Gemini models.
Infrastructure for a RAG-capable generative AI application using Vertex AI and AlloyDB: Added more design alternatives.
Deploy automated malware scanning for files uploaded to Cloud Storage: Added the Deploy using the Terraform CLI section.
Release 1.28.1300-gke.59
Google Distributed Cloud for bare metal 1.28.1300-gke.59 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.1300-gke.59 runs on Kubernetes 1.28.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
The following container image security vulnerabilities have been fixed in 1.28.1300-gke.59:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
You can use Policy Simulator for deny policies to simulate changes to deny policies before you apply them. This feature is available in Preview.
VPC Service Controls feature: Support for using identity groups in the ingress and egress rules to allow access to resources protected by a service perimeter is generally available.
For more information, see Configure identity groups and third-party identities in ingress and egress rules.
Private Service Connect port mapping is available in General Availability. Port mapping lets consumer virtual machine (VM) instances privately communicate with specific service ports on specific producer VMs through a single Private Service Connect endpoint.
reCAPTCHA Mobile SDK v18.7.0-beta01 is now available for iOS.
This version contains the following changes:
- Mitigation for an issue that caused a crash after updating to v18.6.0.
- Public API is moved to Swift along with support for Objective-C.
- New integration architecture with
RecaptchaInterop
for Firebase clients.
December 10, 2024
Apigee Integrated PortalOn December 10, 2024, we released a new version of the Apigee integrated portal.
Bug ID | Description |
---|---|
381086551 | Fixed an issue that caused the page list view to fail for some portals with large numbers of pages. |
On December 10, 2024, we released an updated version of Apigee (1-14-0-apigee-2).
Bug ID | Description |
---|---|
357880539 | Resolved issue with missing span in the Apigee UI for distributed trace. |
237656263 | Resolved issue with ServiceCallout policy not working in async mode as expected. |
N/A | Updates to security infrastructure and libraries. |
Cloud SQL now offers notifications for maintenance that's either begun or completed. See the Overview of maintenance on Cloud SQL instances. To find out how to sign up for notifications and check your instances for upcoming maintenance, see Find and set maintenance windows.
Cloud SQL now offers notifications for maintenance that's either in-progress or completed. See the Overview of maintenance on Cloud SQL instances. To find out how to sign up for notifications and check your instances for upcoming maintenance, see Find and set maintenance windows.
As part of the Per-cluster entitlement to GKE Enterprise, a GKE cluster needs to have its cluster_tier
set to ENTERPRISE
in order for that cluster to be considered GKE Enterprise.
Existing clusters and new clusters can follow Update an existing cluster's tier and Enroll a new cluster respectively to make a cluster enterprise.
Clusters created or registered before November 2024 that use GKE Enterprise as part of their fleet membership are automatically enterprise-tier clusters. This is a billing announcement only, Cloud Service Mesh features don't change.
Gemini in Colab Enterprise, which is a product in the Gemini for Google Cloud portfolio, now includes error fixing in Preview. Gemini in Colab Enterprise can suggest fixes when your code produces errors. For more information, see Fix errors.
To enable and activate Gemini in Colab Enterprise features, see Set up Gemini in Colab Enterprise.
Generally available: Instance flexibility in a managed instance group (MIG) lets you configure multiple machine types in the group. This can improve resource availability for applications that require large-scale capacity and high-demand hardware. Support for Terraform has also been added. For more information, see About instance flexibility in MIGs.
Config Connector version 1.126.0 is now available.
Config Connector system management CRDs ControllerReconciler
and NamespacedControllerReconciler
are promoted to Beta. See how to configure the Controller manager rate limit.
New Beta resources (direct reconciler)
-
- Manage the metadata needed to perform a BigQuery data transfer.
-
- Manage the provisioning of a CryptoKey.
Use BigQueryConnectionConnection to provide the IAM Service Account
IAMPolicyMember
- Added
spec.memberFrom.bigQueryConnectionConnectionRef
- See an example on IAMPolicyMember use BigqueryConectionConnection "cloudSQL"
- Added
IAMPartialPolicy
- Added
spec.memberFrom.bigQueryConnectionConnectionRef
.
- Added
New Alpha Resources
- Add new resource
WorkstationConfig
Config Controller now uses the following versions of its included products:
- Config Connector v1.125.0, release notes
Imagen 3 image generation models Generally Available to all users
Imagen 3 image generation models are now available to all users without requiring prior approval. These include the following image generation models:
imagen-3.0-generate-001
imagen-3.0-fast-generate-001
(low latency model)
Prior image generation models (imagegeneration@006
, imagegeneration@005
, imagegeneration@002
) still require approval to use.
For more information, see Imagen on Vertex AI model versions and lifecycle and Generate images using text prompts.
Imagen 3 Customization model Generally Available to approved users
Imagen 3 Customization model is now available to approved users. This includes the following model:
imagen-3.0-capability
Imagen 3 Customization lets you guide image generation by providing reference images (few-shot learning). Imagen 3 Customization lets you customize generated images for the following feature categories:
- Subject Customization (product, person, and animal companion)
- Style Customization
- Controlled Customization (canny edge and scribble)
- Instruct Customization (Style transfer)
Imagen 3 editing model Generally Available to approved users
The Imagen 3 Editing model is now available to approved users. This includes the following model:
imagen-3.0-capability
This model offers the following additional features:
- Inpainting - Add or remove content from a masked area of an image
- Outpainting - Expand a masked area of an image
- Product image editing - Identify and maintain a primary product while changing the background or product position
For more information, see Model versions.
Google Distributed Cloud (software only) for VMware 1.30.400-gke.133 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.400-gke.133 runs on Kubernetes v1.30.6-gke.300.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.
The following vulnerabilities are fixed in 1.30.400-gke.133:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
- CVE-2024-47682
- CVE-2024-47685
- CVE-2024-47696
- CVE-2024-47701
- CVE-2024-47727
- CVE-2024-47742
- CVE-2024-48957
- CVE-2024-48958
- CVE-2024-49860
- CVE-2024-49882
- CVE-2024-49883
- CVE-2024-49884
- CVE-2024-49889
- CVE-2024-49936
- CVE-2024-49967
- CVE-2024-49983
- CVE-2024-50033
- CVE-2024-50035
- CVE-2024-50083
- CVE-2024-50115
- CVE-2024-50131
- CVE-2024-53057
Ubuntu vulnerabilities:
- CVE-2022-48666
- CVE-2023-52889
- CVE-2023-52918
- CVE-2024-25744
- CVE-2024-26607
- CVE-2024-26661
- CVE-2024-26669
- CVE-2024-26800
- CVE-2024-26893
- CVE-2024-27397
- CVE-2024-36484
- CVE-2024-38577
- CVE-2024-38602
- CVE-2024-38611
- CVE-2024-38630
- CVE-2024-39472
- CVE-2024-40915
- CVE-2024-41011
- CVE-2024-41012
- CVE-2024-41015
- CVE-2024-41017
- CVE-2024-41019
- CVE-2024-41020
- CVE-2024-41022
- CVE-2024-41042
- CVE-2024-41059
- CVE-2024-41060
- CVE-2024-41063
- CVE-2024-41064
- CVE-2024-41065
- CVE-2024-41068
- CVE-2024-41070
- CVE-2024-41071
- CVE-2024-41072
- CVE-2024-41073
- CVE-2024-41077
- CVE-2024-41078
- CVE-2024-41081
- CVE-2024-41090
- CVE-2024-41091
- CVE-2024-41098
- CVE-2024-42114
- CVE-2024-42126
- CVE-2024-42246
- CVE-2024-42259
- CVE-2024-42265
- CVE-2024-42267
- CVE-2024-42269
- CVE-2024-42270
- CVE-2024-42271
- CVE-2024-42272
- CVE-2024-42274
- CVE-2024-42276
- CVE-2024-42277
- CVE-2024-42280
- CVE-2024-42281
- CVE-2024-42283
- CVE-2024-42284
- CVE-2024-42285
- CVE-2024-42286
- CVE-2024-42287
- CVE-2024-42288
- CVE-2024-42289
- CVE-2024-42290
- CVE-2024-42292
- CVE-2024-42295
- CVE-2024-42296
- CVE-2024-42297
- CVE-2024-42299
- CVE-2024-42301
- CVE-2024-42302
- CVE-2024-42304
- CVE-2024-42305
- CVE-2024-42306
- CVE-2024-42309
- CVE-2024-42310
- CVE-2024-42311
- CVE-2024-42312
- CVE-2024-42313
- CVE-2024-42318
- CVE-2024-43817
- CVE-2024-43828
- CVE-2024-43829
- CVE-2024-43830
- CVE-2024-43834
- CVE-2024-43835
- CVE-2024-43839
- CVE-2024-43841
- CVE-2024-43846
- CVE-2024-43849
- CVE-2024-43853
- CVE-2024-43854
- CVE-2024-43856
- CVE-2024-43858
- CVE-2024-43860
- CVE-2024-43861
- CVE-2024-43863
- CVE-2024-43867
- CVE-2024-43869
- CVE-2024-43870
- CVE-2024-43871
- CVE-2024-43873
- CVE-2024-43875
- CVE-2024-43879
- CVE-2024-43880
- CVE-2024-43882
- CVE-2024-43883
- CVE-2024-43884
- CVE-2024-43889
- CVE-2024-43890
- CVE-2024-43892
- CVE-2024-43893
- CVE-2024-43894
- CVE-2024-43902
- CVE-2024-43905
- CVE-2024-43907
- CVE-2024-43908
- CVE-2024-43909
- CVE-2024-43914
- CVE-2024-44934
- CVE-2024-44935
- CVE-2024-44944
- CVE-2024-44946
- CVE-2024-44947
- CVE-2024-44948
- CVE-2024-44954
- CVE-2024-44958
- CVE-2024-44960
- CVE-2024-44965
- CVE-2024-44966
- CVE-2024-44969
- CVE-2024-44971
- CVE-2024-44974
- CVE-2024-44982
- CVE-2024-44983
- CVE-2024-44985
- CVE-2024-44986
- CVE-2024-44987
- CVE-2024-44988
- CVE-2024-44989
- CVE-2024-44990
- CVE-2024-44995
- CVE-2024-44998
- CVE-2024-44999
- CVE-2024-45003
- CVE-2024-45006
- CVE-2024-45007
- CVE-2024-45008
- CVE-2024-45009
- CVE-2024-45011
- CVE-2024-45016
- CVE-2024-45018
- CVE-2024-45021
- CVE-2024-45025
- CVE-2024-45026
- CVE-2024-45028
- CVE-2024-46673
- CVE-2024-46675
- CVE-2024-46676
- CVE-2024-46677
- CVE-2024-46679
- CVE-2024-46685
- CVE-2024-46689
- CVE-2024-46702
- CVE-2024-46707
- CVE-2024-46713
- CVE-2024-46714
- CVE-2024-46719
- CVE-2024-46721
- CVE-2024-46722
- CVE-2024-46723
- CVE-2024-46724
- CVE-2024-46725
- CVE-2024-46731
- CVE-2024-46732
- CVE-2024-46737
- CVE-2024-46738
- CVE-2024-46739
- CVE-2024-46740
- CVE-2024-46743
- CVE-2024-46744
- CVE-2024-46745
- CVE-2024-46746
- CVE-2024-46747
- CVE-2024-46750
- CVE-2024-46752
- CVE-2024-46755
- CVE-2024-46756
- CVE-2024-46757
- CVE-2024-46758
- CVE-2024-46759
- CVE-2024-46761
- CVE-2024-46763
- CVE-2024-46771
- CVE-2024-46777
- CVE-2024-46780
- CVE-2024-46781
- CVE-2024-46782
- CVE-2024-46783
- CVE-2024-46791
- CVE-2024-46795
- CVE-2024-46798
- CVE-2024-46800
- CVE-2024-46804
- CVE-2024-46805
- CVE-2024-46807
- CVE-2024-46810
- CVE-2024-46814
- CVE-2024-46815
- CVE-2024-46817
- CVE-2024-46818
- CVE-2024-46819
- CVE-2024-46822
- CVE-2024-46828
- CVE-2024-46829
- CVE-2024-46832
- CVE-2024-46840
- CVE-2024-46844
- CVE-2024-47659
- CVE-2024-47660
- CVE-2024-47663
- CVE-2024-47665
- CVE-2024-47667
- CVE-2024-47668
- CVE-2024-47669
Release 1.30.400-gke.133
Google Distributed Cloud for bare metal 1.30.400-gke.133 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.400-gke.133 runs on Kubernetes 1.30.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Functionality changes:
Updated snapshots to include new information, including: kubelet config, CPU manager state, and memory manager state.
Updated the
bmctl push images
command to check for the existence of an image digest to determine whether or not to push an image.Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.
Fixes:
Fixed the issue where non-root users can't run
bmctl restore
to restore quorum.Fixed an issue where CronJob specs for periodic health checks weren't updated to reflect cluster annotation changes.
Fixed an issue that blocked user cluster create and upgrade operations to patch versions 1.30.100, 1.30.200, or 1.30.300. This issue applies only when
kubectl
or a GKE On-Prem API client (console, gcloud CLI, or Terraform) is used for user cluster creation and upgrades.
The following container image security vulnerabilities have been fixed in 1.30.400-gke.133:
- Critical container vulnerabilities:
- High-severity container vulnerabilities:
- CVE-2020-16156
- CVE-2021-33194
- CVE-2022-1304
- CVE-2022-27664
- CVE-2022-41723
- CVE-2022-48733
- CVE-2023-3676
- CVE-2023-3955
- CVE-2023-5528
- CVE-2023-7104
- CVE-2023-39325
- CVE-2023-49083
- CVE-2023-52425
- CVE-2024-0743
- CVE-2024-0793
- CVE-2024-6609
- CVE-2024-20696
- CVE-2024-38577
- CVE-2024-41011
- CVE-2024-42228
- CVE-2024-42280
- CVE-2024-42284
- CVE-2024-42285
- CVE-2024-42301
- CVE-2024-42302
- CVE-2024-42313
- CVE-2024-43839
- CVE-2024-43858
- CVE-2024-43882
- CVE-2024-44974
- CVE-2024-44987
- CVE-2024-44998
- CVE-2024-44999
- CVE-2024-45490
- CVE-2024-46673
- CVE-2024-46674
- CVE-2024-46722
- CVE-2024-46723
- CVE-2024-46724
- CVE-2024-46725
- CVE-2024-46731
- CVE-2024-46738
- CVE-2024-46740
- CVE-2024-46743
- CVE-2024-46744
- CVE-2024-46747
- CVE-2024-46756
- CVE-2024-46757
- CVE-2024-46758
- CVE-2024-46759
- CVE-2024-46782
- CVE-2024-46798
- CVE-2024-46800
- CVE-2024-46804
- CVE-2024-46814
- CVE-2024-46815
- CVE-2024-46818
- CVE-2024-46828
- CVE-2024-46844
- GHSA-m425-mq94-257g
- Medium-severity container vulnerabilities:
- CVE-2021-31525
- CVE-2021-3669
- CVE-2021-36976
- CVE-2022-26280
- CVE-2022-41717
- CVE-2023-2431
- CVE-2023-2727
- CVE-2023-2728
- CVE-2023-3978
- CVE-2023-23931
- CVE-2023-31083
- CVE-2023-44487
- CVE-2023-52889
- CVE-2024-24557
- CVE-2024-29018
- CVE-2024-41098
- CVE-2024-42114
- CVE-2024-42246
- CVE-2024-42259
- CVE-2024-42272
- CVE-2024-42283
- CVE-2024-42286
- CVE-2024-42287
- CVE-2024-42288
- CVE-2024-42289
- CVE-2024-42297
- CVE-2024-42309
- CVE-2024-42310
- CVE-2024-42311
- CVE-2024-43828
- CVE-2024-43829
- CVE-2024-43834
- CVE-2024-43835
- CVE-2024-43846
- CVE-2024-43849
- CVE-2024-43853
- CVE-2024-43854
- CVE-2024-43856
- CVE-2024-43860
- CVE-2024-43861
- CVE-2024-43871
- CVE-2024-43884
- CVE-2024-43889
- CVE-2024-43890
- CVE-2024-43892
- CVE-2024-43893
- CVE-2024-43894
- CVE-2024-43905
- CVE-2024-43907
- CVE-2024-43908
- CVE-2024-43914
- CVE-2024-44935
- CVE-2024-44944
- CVE-2024-44946
- CVE-2024-44947
- CVE-2024-44954
- CVE-2024-44960
- CVE-2024-44965
- CVE-2024-44968
- CVE-2024-44971
- CVE-2024-44988
- CVE-2024-44989
- CVE-2024-44990
- CVE-2024-44995
- CVE-2024-45003
- CVE-2024-45006
- CVE-2024-45016
- CVE-2024-45018
- CVE-2024-45021
- CVE-2024-45025
- CVE-2024-45028
- CVE-2024-46675
- CVE-2024-46676
- CVE-2024-46677
- CVE-2024-46679
- CVE-2024-46685
- CVE-2024-46689
- CVE-2024-46702
- CVE-2024-46707
- CVE-2024-46714
- CVE-2024-46719
- CVE-2024-46721
- CVE-2024-46737
- CVE-2024-46739
- CVE-2024-46750
- CVE-2024-46755
- CVE-2024-46763
- CVE-2024-46771
- CVE-2024-46777
- CVE-2024-46780
- CVE-2024-46781
- CVE-2024-46783
- CVE-2024-46791
- CVE-2024-46817
- CVE-2024-46819
- CVE-2024-46822
- CVE-2024-46829
- CVE-2024-46840
- CVE-2024-47663
- GHSA-jq35-85cj-fj4p
- Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
(2024-R47) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- Version 1.31.3-gke.1006000 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.15-gke.1020000
- 1.28.15-gke.1041000
- 1.28.15-gke.1080000
- 1.28.15-gke.1159000
- 1.29.10-gke.1054000
- 1.29.10-gke.1071000
- 1.29.10-gke.1155000
- 1.29.10-gke.1227000
- 1.30.5-gke.1699000
- 1.30.5-gke.1713000
- 1.30.6-gke.1059000
- 1.30.6-gke.1125000
- 1.31.1-gke.2105000
- 1.31.2-gke.1354000
- 1.31.2-gke.1384000
- 1.31.2-gke.1518000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1342000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.10-gke.1280000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.6-gke.1596000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.3-gke.1006000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1342000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.10-gke.1280000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.6-gke.1596000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.3-gke.1006000 with this release.
Regular channel
- Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.28.14-gke.1340000
- 1.28.14-gke.1376000
- 1.29.9-gke.1496000
- 1.29.9-gke.1541000
- 1.30.5-gke.1443001
- 1.31.1-gke.1846000
- 1.31.1-gke.2008000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.
Stable channel
- Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.28.14-gke.1099000
- 1.28.14-gke.1217000
- 1.29.9-gke.1177000
- 1.30.5-gke.1014003
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
Extended channel
- Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.1681000
- 1.27.16-gke.1742000
- 1.27.16-gke.2019000
- 1.28.14-gke.1340000
- 1.28.14-gke.1376000
- 1.29.9-gke.1496000
- 1.29.9-gke.1541000
- 1.30.5-gke.1443001
- 1.31.1-gke.1846000
- 1.31.1-gke.2008000
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1784000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.
No channel
- Version 1.30.5-gke.1699000 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.28.14-gke.1099000
- 1.28.14-gke.1217000
- 1.28.14-gke.1376000
- 1.28.15-gke.1041000
- 1.29.9-gke.1177000
- 1.29.9-gke.1541000
- 1.29.10-gke.1071000
- 1.30.5-gke.1014001
- 1.30.5-gke.1355000
- 1.30.6-gke.1059000
- 1.31.1-gke.1846000
- 1.31.1-gke.2008000
- 1.31.2-gke.1354000
- 1.31.2-gke.1384000
- 1.31.2-gke.1518000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.
(2024-R47) Version updates
- Version 1.31.3-gke.1006000 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.15-gke.1020000
- 1.28.15-gke.1041000
- 1.28.15-gke.1080000
- 1.28.15-gke.1159000
- 1.29.10-gke.1054000
- 1.29.10-gke.1071000
- 1.29.10-gke.1155000
- 1.29.10-gke.1227000
- 1.30.5-gke.1699000
- 1.30.5-gke.1713000
- 1.30.6-gke.1059000
- 1.30.6-gke.1125000
- 1.31.1-gke.2105000
- 1.31.2-gke.1354000
- 1.31.2-gke.1384000
- 1.31.2-gke.1518000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1342000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.10-gke.1280000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.6-gke.1596000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.3-gke.1006000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1342000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.10-gke.1280000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.6-gke.1596000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.3-gke.1006000 with this release.
(2024-R47) Version updates
- Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.28.14-gke.1340000
- 1.28.14-gke.1376000
- 1.29.9-gke.1496000
- 1.29.9-gke.1541000
- 1.30.5-gke.1443001
- 1.31.1-gke.1846000
- 1.31.1-gke.2008000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.
(2024-R47) Version updates
- Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.28.14-gke.1099000
- 1.28.14-gke.1217000
- 1.29.9-gke.1177000
- 1.30.5-gke.1014003
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
(2024-R47) Version updates
- Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.1681000
- 1.27.16-gke.1742000
- 1.27.16-gke.2019000
- 1.28.14-gke.1340000
- 1.28.14-gke.1376000
- 1.29.9-gke.1496000
- 1.29.9-gke.1541000
- 1.30.5-gke.1443001
- 1.31.1-gke.1846000
- 1.31.1-gke.2008000
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1784000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.
(2024-R47) Version updates
- Version 1.30.5-gke.1699000 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.28.14-gke.1099000
- 1.28.14-gke.1217000
- 1.28.14-gke.1376000
- 1.28.15-gke.1041000
- 1.29.9-gke.1177000
- 1.29.9-gke.1541000
- 1.29.10-gke.1071000
- 1.30.5-gke.1014001
- 1.30.5-gke.1355000
- 1.30.6-gke.1059000
- 1.31.1-gke.1846000
- 1.31.1-gke.2008000
- 1.31.2-gke.1354000
- 1.31.2-gke.1384000
- 1.31.2-gke.1518000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.
AI summaries of attack paths are disabled in Security Command Center
Effective December 13, 2024, the preview of Gemini AI-generated summaries of Security Command Center attack paths is discontinued. The summaries are no longer available in the Google Cloud console.
For more information, see Gemini features in Security Command Center.
December 09, 2024
AlloyDB for PostgreSQLThe Perform a vector search tutorial describes how to set up and perform a vector search in AlloyDB for PostgreSQL. You can learn how to perform K-nearest neighbor (KNN) and approximate nearest-neighbor (ANN) with a ScaNN vector index.
Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.
Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.
Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.
Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.
Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.
Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for bigquery/storage/apiv1beta1
1.65.0 (2024-12-05)
Features
- bigquery/reservation: Add a new field
is_flat_rate
to.google.cloud.bigquery.reservation.v1.CapacityCommitment
to distinguish between flat rate and edition commitments (8dedb87) - bigquery/reservation: Add the managed disaster recovery API(https (8dedb87)
- bigquery: Expose IsCaseInsensitive for dataset metadata (#11216) (364b639)
- bigquery: Support IAM conditions in datasets (#11123) (d93c2d9)
Bug Fixes
Documentation
- bigquery/reservation: Clarify that
Autoscale.current_slots
in message.google.cloud.bigquery.reservation.v1.Reservation
can temporarily be larger thanAutoscale.max_slots
if users reduceAutoscale.max_slots
(8dedb87) - bigquery/reservation: Update comment for
slot_capacity
in message.google.cloud.bigquery.reservation.v1.Reservation
to provide more clarity about reservation baselines, committed slots and autoscaler SKU charges when the baseline exceeds committed slots (8dedb87) - bigquery/reservation: Update comments for
commitment_start_time
andcommitment_end_time
in message.google.cloud.bigquery.reservation.v1.CapacityCommitment
to provide details on how these values are affected by commitment renewal (8dedb87)
A weekly digest of client library updates from across the Cloud SDK.
You can now create custom organization policies for Serverless VPC Access connectors and apply them to projects, folders, or organizations (GA).
Fixed the issue causing incorrect detection of CPU load on T2D machine series VMs in managed instance groups (MIGs). This issue affected MIG autoscaling based on CPU utilization in projects that were created before June 18, 2023.
cos-dev-121-18779-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.63 | v24.0.9 | v2.0.0 | See List |
Upgraded app-admin/fluent-bit to v3.2.1.
Upgraded sys-apps/makedumpfile to v1.7.6.
Upgraded app-containers/cni-plugins to v1.6.0.
Updated app-admin/google-guest-configs to 20241121.00. This enables intent based NIC naming scheme.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2464.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2955.
Upgraded chromeos-base/shill-client to v0.0.1-r4782.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2811.
Upgraded chromeos-base/debugd-client to v0.0.1-r2720.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r651.
Upgraded chromeos-base/minijail to v18-r158.
Upgraded dev-libs/nss to v3.107.
Upgraded sys-apps/gentoo-functions to v1.7.3.
Upgraded dev-libs/expat to v2.6.4.
Upgraded dev-db/sqlite to v3.47.0-r1.
Upgraded net-libs/libnetfilter_conntrack to v1.1.0.
Upgraded sys-apps/less to v668.
Upgraded sys-libs/libcap to v2.71.
Upgraded net-dns/c-ares to v1.34.3.
Upgraded sys-apps/pv to v1.9.0.
Upgraded sys-libs/libseccomp to v2.5.5-r2.
Upgraded net-misc/socat to v1.8.0.1.
Upgraded app-shells/dash to v0.5.12-r1.
Upgraded app-admin/sudo to v1.9.16_p1.
Upgraded sys-process/lsof to v4.99.4.
Updated the Linux kernel to v6.6.63.
Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer
Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.
Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681.
Runtime sysctl changes:
- Changed: fs.file-max: 811752 -> 811802
cos-105-17412-495-69
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.167 | v23.0.3 | v1.7.23 | See List |
Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.
Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer.
Upgraded dev-libs/libgcrypt to v1.10.1-r3. Fixes CVE-2024-2236.
Fixed CVE-2024-50278 in the Linux kernel.
Fixed CVE-2024-53052 in the Linux kernel.
Fixed CVE-2024-53052 in the Linux kernel.
Fixed CVE-2024-53052 in the Linux kernel.
Fixed CVE-2024-53052 in the Linux kernel.
Fixed CVE-2024-50141 in the Linux kernel.
Fixed CVE-2024-50141 in the Linux kernel.
Fixed CVE-2024-50141 in the Linux kernel.
Fixed CVE-2024-50141 in the Linux kernel.
cos-117-18613-75-66
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.56 | v24.0.9 | v1.7.24 | See List |
Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer
Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.
Fixed CVE-2024-50278 in the Linux kernel.
Fixed CVE-2024-50140 in the Linux kernel.
Fixed CVE-2024-50140 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811804 -> 811763
cos-113-18244-236-70
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.24 | See List |
Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.
Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer
Fixed CVE-2024-50278 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812030 -> 812026
cos-109-17800-372-69
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.24 | See List |
Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer
Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.
Fixed CVE-2024-50278 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812253 -> 812265
You can now transition your Data Catalog content and usage to Dataplex Catalog. For more information, see Transition from Data Catalog to Dataplex Catalog.
You can now transition your Data Catalog content and usage to Dataplex Catalog. For more information, see Transition from Data Catalog to Dataplex Catalog.
Datastream now supports binary log reader as a CDC method for Oracle sources. The feature is in Preview.
For more information, see the Datastream documentation.
(New guide) Stream logs from Google Cloud to Datadog: Provides an architecture to send log event data from across your Google Cloud ecosystem to Datadog Log Management. The architecture is accompanied by a deployment guide.
Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.
The following supported default parsers have changed. Each parser is listed by product name and log_type
value, if applicable. This list now includes both released default parsers and pending parser updates.
- 1Password Audit Events (
Identity and Access Management
) - Advanced Intrusion Detection Environment (
Alert
) - Airlock Digital Application Allowlisting (
Application Whitelisting
) - Akamai DNS (
DNS
) - Amazon VPC Transit Gateway Flow Logs (
Network
) - Apache Tomcat (
Web server
) - Appian Cloud (
Collaboration log types
) - AppOmni (
SAAS Security Application
) - Aruba Switch (
Network Infrastructure
) - Auth0 (
Authentication log
) - AWS Cloudtrail (
Cloud Log Aggregator
) - AWS CloudWatch (
Cloud service monitoring
) - AWS Elastic Load Balancer (
AWS Specific
) - AWS GuardDuty (
IDS/IPS
) - AWS Network Firewall (
Firewall
) - AWS RDS (
Database
) - AWS Route 53 DNS (
AWS Specific
) - AWS S3 Server Access (
AWS Specific
) - AWS VPC Flow (
AWS Specific
) - Azure AD Directory Audit (
Audit
) - Azure AD Organizational Context (
LDAP
) - Azure API Management (
Schema
) - Azure App Service (
SAAS
) - Azure Application Gateway (
GATEWAY
) - Azure Firewall (
Azure Firewall Application Rule
) - Azure Key Vault logging (
Audit
) - Azure SQL (
Database
) - Barracuda WAF (
Firewall
) - Barracuda Web Filter (
Webfilter
) - BeyondTrust BeyondInsight (
Privileged Account Activity
) - BeyondTrust Endpoint Privilege Management (
Privileged Account Activity
) - BIND (
DNS
) - BloxOne Threat Defense (
DNS
) - Blue Coat Proxy (
Web Proxy
) - Cato Networks (
NDR
) - Check Point (
Firewall
) - Ciena Router logs (
Application server logs
) - Cisco ACS (
Authentication
) - Cisco APIC (
Software-defined Networking (SDN)
) - Cisco Call Manager (
NETWORKING
) - Cisco DNA Center Platform (
Network Management and Optimization
) - Cisco Email Security (
Email Server
) - Cisco EStreamer (
Network Monitoring
) - Cisco Firepower NGFW (
Firewall
) - Cisco FireSIGHT Management Center (
SaaS Application
) - Cisco Internetwork Operating System (
Network Infrastructure
) - Cisco ISE (
Identity and Access Management
) - Cisco Router (
Switches, Routers
) - Cisco Secure Workload (
AV and Endpoint
) - Cisco Stealthwatch (
Log Aggregator
) - Cisco Switch (
Switches, Routers
) - Cisco TACACS+ (
Authentication
) - Cisco VPN (
VPN
) - Citrix Netscaler (
Load Balancer, Traffic Shaper, ADC
) - Claroty Continuous Threat Detection (
IoT
) - Cloudflare (
SaaS Application
) - Colinet Trotta GAUS SEGUROS (
Alert
) - CrowdStrike Detection Monitoring (
EDR
) - CrowdStrike Falcon (
EDR
) - CrowdStrike Falcon Stream (
Alerts
) - CrowdStrike Filevantage (
IT infrastructure
) - Cyber 2.0 IDS (
IDS
) - Cyberark Privilege Cloud (
Identity & Access Management
) - CyberArk Privileged Access Manager (PAM) (
CyberArk Privileged Access Manager
) - Cybereason EDR (
EDR
) - Darktrace (
NDR
) - Dell CyberSense (
Data Security
) - Dell EMC PowerStore (
DATA STORAGE
) - Druva Backup (
Security
) - Duo Administrator Logs (
Authentication
) - Duo Auth (
Authentication
) - EfficientIP DDI (
Network
) - ExtraHop RevealX (
Firewall IDS/IPS
) - F5 Advanced Firewall Management (
Firewall
) - F5 ASM (
WAF
) - F5 BIGIP LTM (
Load Balancer, Traffic Shaper, ADC
) - F5 VPN (
VPN
) - FingerprintJS (
Vulnerability scanners
) - FireEye eMPS (
Email server log types.
) - FireEye HX (
EDR
) - Forcepoint DLP (
Forcepoint DLP
) - Forcepoint NGFW (
Network
) - Forcepoint Proxy (
Web Proxy
) - Forescout NAC (
NAC
) - ForgeRock OpenAM (
Identity and Access Management
) - Forgerock OpenIdM (
DATA SECURITY
) - FortiGate (
Firewall
) - Fortinet FortiAnalyzer (
Fortinet FortiAnalyzer
) - Fortinet Switch (
Switches and Routers
) - GitHub (
SaaS Application
) - Guardicore Centra (
Deception Software
) - Hashicorp Vault (
Privileged Account Activity
) - HCNET Account Adapter Plus (
DHCP
) - IBM MaaS360 (
Security
) - IBM Security Access Manager (
WAF
) - IBM z/OS (
OS
) - Illumio Core (
Policy Management
) - Imperva (
WAF
) - Imperva Advanced Bot Protection (
Bot Protection
) - Imperva Attack Analytics (
WAF
) - Ingrian Networks DataSecure Appliance (
System and Audit Logs
) - Intel 471 Malware Intelligence (``)
- ISC DHCP (
DHCP
) - Jenkins (
Automation and DevOps
) - Journald (
Log Aggregation and SIEM Systems
) - Juniper (
Firewall
) - Juniper Mist (
Network Management and Optimization software
) - Juniper MX Router (
Routers and Switches
) - Keeper Enterprise Security (
Security
) - Kubernetes Audit Azure (
Log Aggregator
) - Lacework Cloud Security (
Cloud Security
) - Lenel Onguard Badge Management (
Access Control System
) - Linux Auditing System (AuditD) (
OS
) - Linux Sysmon (
DNS
) - ManageEngine Log360 (
Alert Log
) - Maria Database (
Database
) - McAfee ePolicy Orchestrator (
Policy Management
) - McAfee Web Gateway (
Web Proxy
) - Microsoft AD (
LDAP
) - Microsoft AD FS (
LDAP
) - Microsoft Azure Activity (
Misc Windows Specific
) - Microsoft Azure NSG Flow (
Network Flow
) - Microsoft Azure Resource (
Log Aggregator
) - Microsoft Defender Endpoint for iOS Logs (``)
- Microsoft Defender for Endpoint (
EDR
) - Microsoft PowerShell (
Misc. Windows-specific
) - Microsoft SQL Server (
Database
) - Microsoft System Center Endpoint Protection (
Malware Detection
) - Mikrotik Router (
Router
) - Mimecast (
Email Server
) - MISP Threat Intelligence (
Cybersecurity
) - Mobile Endpoint Security (
Mobile Endpoint Security
) - Mobileiron (
ENDPOINT MANAGEMENT
) - NetApp BlueXP (
Security
) - Nozomi Networks Scada Guardian (
Network Monitoring
) - Office 365 (
SaaS Application
) - Okta (
Identity and Access Management
) - OpenVPN (
Network
) - Opnsense (
Firewall and Routing Platform
) - Opswat Metadefender (
Threat Protection
) - Oracle (
DATABASE
) - Oracle Cloud Infrastructure Audit Logs (
Oracle Cloud Infrastructure
) - Oracle Fusion (
SaaS Application
) - Oracle WebLogic Server (
Web server logs
) - Palo Alto Cortex XDR Alerts (
NDR
) - Palo Alto Prisma Cloud (
SECURITY PLATFORM
) - Palo Alto Prisma Cloud Alert payload (
Cloud Security
) - Ping Federate (
Authentication
) - Ping Identity (
Authentication
) - Ping One (
NA
) - PingIdentity Directory Server Logs (
Security
) - Precisely Ironstream IBM z/OS (
ZOS
) - ProFTPD (
Web Server
) - Proofpoint Observeit (
Email Server
) - Proofpoint On Demand (
Email Server
) - ProofPoint Secure Email Relay (
Email server
) - Proofpoint Tap Forensics (
Email Server
) - Quest Active Directory (
Authentication log
) - Red Hat Directory Server LDAP (
Identity and Access Management
) - Remediant SecureONE (
Privileged Account Activity
) - Salesforce (
SaaS Application
) - SAP Sybase Adaptive Server Enterprise Database (
Database
) - Security Command Center Posture Violation (
Google Cloud Specific
) - Security Command Center Threat (
Google Cloud Specific
) - Security Command Center Toxic Combination (
Google Cloud Specific
) - Sentinelone Alerts (
Endpoint Security
) - Shibboleth IDP (
Identity and Access Management
) - Snare System Diagnostic Logs (
Security
) - Snipe-IT (
SaaS Applications
) - Snort (
IDS/IPS
) - SonicWall (
Firewall
) - Squid Web Proxy (
Web Proxy
) - STIX Threat Intelligence (
Cybersecurity Threats
) - Suricata EVE (
IPS IDS
) - Symantec CloudSOC CASB (
CASB
) - Symantec DLP (
DLP
) - Symantec Endpoint Protection (
AV / Endpoint
) - Symantec Event export (
SEP
) - Symantec Web Security Service (
Web Proxy
) - Sysdig (
Security
) - Tailscale (
CASB
) - Tanium Threat Response (
Tanium Specific
) - TeamViewer (
Remote Support
) - Tenable CSPM (
Cloud Security
) - Tenable Security Center (
Vulnerability Scanner
) - Thales Luna Hardware Security Module (
THALES_LUNA_HSM specific
) - Trellix HX Event Streamer (
Cybersecurity
) - Trend Micro Deep Security (
AV / Endpoint
) - Trend Micro Vision One (
AV and endpoint logs
) - Trend Micro Vision One Workbench (
Schema
) - TrendMicro Deep Discovery Inspector (
Physical and virtual network
) - Tripwire (
DLP
) - TXOne Stellar (
AV and Endpoint logs
) - UberAgent (
Security
) - Unix system (
OS
) - UpGuard (
Vulnerability scanners
) - Upstream Vehicle SOC Alerts (
Schema
) - URLScan IO (
Vulnerability scanners
) - Veeam (
Backup software
) - VMware AirWatch (
Wireless
) - VMware Horizon (
VDI
) - VMware vCenter (
Server
) - VMWare VSphere (
virtualization
) - VPC Flow Logs (
Google Cloud Specific
) - Wallix Bastion (
Privileged Account Activity
) - WindChill (
Lifecycle Management Software
) - Windows Event (
Endpoint
) - Windows Event (XML) (
AV / Endpoint
) - Windows Sysmon (
DNS
) - Workday Audit Logs (
Audit And Compliance
) - Workspace Activities (
Google Cloud Specific
) - Workspace ChromeOS Devices (
Google Cloud Specific
) - Zimperium (
Mobile Device Management
) - Zoom Operation Logs (
Operation-Specific
) - Zscaler (
Web Proxy
) - Zscaler DLP (
Data Loss Prevention
) - ZScaler DNS (
DNS
) - ZScaler NGFW (
Firewall
) - Zscaler NSS Feeds for Alerts (
Alert log types
) - Zscaler Private Access (
Security Service Edge
)
The following log types were added without a default parser. Each parser is listed by product name and log_type
value, if applicable.
- Arize Cloud (
ARIZE_CLOUD
) - Aware Audit (
AWARE_AUDIT
) - Aware Signals (
AWARE_SIGNALS
) - Azure PostgreSQL (
AZURE_POSTGRESQL
) - Cisco Umbrella Firewall (
CISCO_UMBRELLA_FIREWALL
) - Cisco Umbrella IPS (
CISCO_UMBRELLA_IPS
) - Cisco Umbrella SWG DLP (
CISCO_UMBRELLA_SWG_DLP
) - CyberArk Secure Cloud Access (
CYBERARK_SCA
) - DBT Cloud (
DBT_CLOUD
) - Delinea Distributed Engine (
DELINEA_DISTRIBUTED_ENGINE
) - Delinea PBA (
DELINEA_PBA
) - Dtex Audit (
DTEX_AUDIT
) - Featurespace Aric (
FEATURESPACE_ARIC
) - Forcepoint One (
FORCEPOINT_ONE
) - Genesys Audit (
GENESYS_AUDIT
) - Hex (
HEX
) - Linkshadow NDR (
LINKSHADOW_NDR
) - Nightfall DLP (
NIGHTFALL
) - Palo Alto Cortex IIS (
PAN_CORTEX_XDR_IIS
) - Relativity (
RELATIVITY
) - Retool (
RETOOL
) - Saturn Cloud (
SATURN_CLOUD
) - SecurityBridge (
SECURITY_BRIDGE
) - TACACS Plus (
TACACS_PLUS
) - Transmit Security FlexID (
TRANSMIT_FLEXID
) - Unifi Router (
UNIFI_ROUTER
)
For a list of supported log types and details about default parser changes, see Supported log types and default parsers.
Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.
The following supported default parsers have changed. Each parser is listed by product name and log_type
value, if applicable. This list now includes both released default parsers and pending parser updates.
- 1Password Audit Events (
Identity and Access Management
) - Advanced Intrusion Detection Environment (
Alert
) - Airlock Digital Application Allowlisting (
Application Whitelisting
) - Akamai DNS (
DNS
) - Amazon VPC Transit Gateway Flow Logs (
Network
) - Apache Tomcat (
Web server
) - Appian Cloud (
Collaboration log types
) - AppOmni (
SAAS Security Application
) - Aruba Switch (
Network Infrastructure
) - Auth0 (
Authentication log
) - AWS Cloudtrail (
Cloud Log Aggregator
) - AWS CloudWatch (
Cloud service monitoring
) - AWS Elastic Load Balancer (
AWS Specific
) - AWS GuardDuty (
IDS/IPS
) - AWS Network Firewall (
Firewall
) - AWS RDS (
Database
) - AWS Route 53 DNS (
AWS Specific
) - AWS S3 Server Access (
AWS Specific
) - AWS VPC Flow (
AWS Specific
) - Azure AD Directory Audit (
Audit
) - Azure AD Organizational Context (
LDAP
) - Azure API Management (
Schema
) - Azure App Service (
SAAS
) - Azure Application Gateway (
GATEWAY
) - Azure Firewall (
Azure Firewall Application Rule
) - Azure Key Vault logging (
Audit
) - Azure SQL (
Database
) - Barracuda WAF (
Firewall
) - Barracuda Web Filter (
Webfilter
) - BeyondTrust BeyondInsight (
Privileged Account Activity
) - BeyondTrust Endpoint Privilege Management (
Privileged Account Activity
) - BIND (
DNS
) - BloxOne Threat Defense (
DNS
) - Blue Coat Proxy (
Web Proxy
) - Cato Networks (
NDR
) - Check Point (
Firewall
) - Ciena Router logs (
Application server logs
) - Cisco ACS (
Authentication
) - Cisco APIC (
Software-defined Networking (SDN)
) - Cisco Call Manager (
NETWORKING
) - Cisco DNA Center Platform (
Network Management and Optimization
) - Cisco Email Security (
Email Server
) - Cisco EStreamer (
Network Monitoring
) - Cisco Firepower NGFW (
Firewall
) - Cisco FireSIGHT Management Center (
SaaS Application
) - Cisco Internetwork Operating System (
Network Infrastructure
) - Cisco ISE (
Identity and Access Management
) - Cisco Router (
Switches, Routers
) - Cisco Secure Workload (
AV and Endpoint
) - Cisco Stealthwatch (
Log Aggregator
) - Cisco Switch (
Switches, Routers
) - Cisco TACACS+ (
Authentication
) - Cisco VPN (
VPN
) - Citrix Netscaler (
Load Balancer, Traffic Shaper, ADC
) - Claroty Continuous Threat Detection (
IoT
) - Cloudflare (
SaaS Application
) - Colinet Trotta GAUS SEGUROS (
Alert
) - CrowdStrike Detection Monitoring (
EDR
) - CrowdStrike Falcon (
EDR
) - CrowdStrike Falcon Stream (
Alerts
) - CrowdStrike Filevantage (
IT infrastructure
) - Cyber 2.0 IDS (
IDS
) - Cyberark Privilege Cloud (
Identity & Access Management
) - CyberArk Privileged Access Manager (PAM) (
CyberArk Privileged Access Manager
) - Cybereason EDR (
EDR
) - Darktrace (
NDR
) - Dell CyberSense (
Data Security
) - Dell EMC PowerStore (
DATA STORAGE
) - Druva Backup (
Security
) - Duo Administrator Logs (
Authentication
) - Duo Auth (
Authentication
) - EfficientIP DDI (
Network
) - ExtraHop RevealX (
Firewall IDS/IPS
) - F5 Advanced Firewall Management (
Firewall
) - F5 ASM (
WAF
) - F5 BIGIP LTM (
Load Balancer, Traffic Shaper, ADC
) - F5 VPN (
VPN
) - FingerprintJS (
Vulnerability scanners
) - FireEye eMPS (
Email server log types.
) - FireEye HX (
EDR
) - Forcepoint DLP (
Forcepoint DLP
) - Forcepoint NGFW (
Network
) - Forcepoint Proxy (
Web Proxy
) - Forescout NAC (
NAC
) - ForgeRock OpenAM (
Identity and Access Management
) - Forgerock OpenIdM (
DATA SECURITY
) - FortiGate (
Firewall
) - Fortinet FortiAnalyzer (
Fortinet FortiAnalyzer
) - Fortinet Switch (
Switches and Routers
) - GitHub (
SaaS Application
) - Guardicore Centra (
Deception Software
) - Hashicorp Vault (
Privileged Account Activity
) - HCNET Account Adapter Plus (
DHCP
) - IBM MaaS360 (
Security
) - IBM Security Access Manager (
WAF
) - IBM z/OS (
OS
) - Illumio Core (
Policy Management
) - Imperva (
WAF
) - Imperva Advanced Bot Protection (
Bot Protection
) - Imperva Attack Analytics (
WAF
) - Ingrian Networks DataSecure Appliance (
System and Audit Logs
) - Intel 471 Malware Intelligence (``)
- ISC DHCP (
DHCP
) - Jenkins (
Automation and DevOps
) - Journald (
Log Aggregation and SIEM Systems
) - Juniper (
Firewall
) - Juniper Mist (
Network Management and Optimization software
) - Juniper MX Router (
Routers and Switches
) - Keeper Enterprise Security (
Security
) - Kubernetes Audit Azure (
Log Aggregator
) - Lacework Cloud Security (
Cloud Security
) - Lenel Onguard Badge Management (
Access Control System
) - Linux Auditing System (AuditD) (
OS
) - Linux Sysmon (
DNS
) - ManageEngine Log360 (
Alert Log
) - Maria Database (
Database
) - McAfee ePolicy Orchestrator (
Policy Management
) - McAfee Web Gateway (
Web Proxy
) - Microsoft AD (
LDAP
) - Microsoft AD FS (
LDAP
) - Microsoft Azure Activity (
Misc Windows Specific
) - Microsoft Azure NSG Flow (
Network Flow
) - Microsoft Azure Resource (
Log Aggregator
) - Microsoft Defender Endpoint for iOS Logs (``)
- Microsoft Defender for Endpoint (
EDR
) - Microsoft PowerShell (
Misc. Windows-specific
) - Microsoft SQL Server (
Database
) - Microsoft System Center Endpoint Protection (
Malware Detection
) - Mikrotik Router (
Router
) - Mimecast (
Email Server
) - MISP Threat Intelligence (
Cybersecurity
) - Mobile Endpoint Security (
Mobile Endpoint Security
) - Mobileiron (
ENDPOINT MANAGEMENT
) - NetApp BlueXP (
Security
) - Nozomi Networks Scada Guardian (
Network Monitoring
) - Office 365 (
SaaS Application
) - Okta (
Identity and Access Management
) - OpenVPN (
Network
) - Opnsense (
Firewall and Routing Platform
) - Opswat Metadefender (
Threat Protection
) - Oracle (
DATABASE
) - Oracle Cloud Infrastructure Audit Logs (
Oracle Cloud Infrastructure
) - Oracle Fusion (
SaaS Application
) - Oracle WebLogic Server (
Web server logs
) - Palo Alto Cortex XDR Alerts (
NDR
) - Palo Alto Prisma Cloud (
SECURITY PLATFORM
) - Palo Alto Prisma Cloud Alert payload (
Cloud Security
) - Ping Federate (
Authentication
) - Ping Identity (
Authentication
) - Ping One (
NA
) - PingIdentity Directory Server Logs (
Security
) - Precisely Ironstream IBM z/OS (
ZOS
) - ProFTPD (
Web Server
) - Proofpoint Observeit (
Email Server
) - Proofpoint On Demand (
Email Server
) - ProofPoint Secure Email Relay (
Email server
) - Proofpoint Tap Forensics (
Email Server
) - Quest Active Directory (
Authentication log
) - Red Hat Directory Server LDAP (
Identity and Access Management
) - Remediant SecureONE (
Privileged Account Activity
) - Salesforce (
SaaS Application
) - SAP Sybase Adaptive Server Enterprise Database (
Database
) - Security Command Center Posture Violation (
Google Cloud Specific
) - Security Command Center Threat (
Google Cloud Specific
) - Security Command Center Toxic Combination (
Google Cloud Specific
) - Sentinelone Alerts (
Endpoint Security
) - Shibboleth IDP (
Identity and Access Management
) - Snare System Diagnostic Logs (
Security
) - Snipe-IT (
SaaS Applications
) - Snort (
IDS/IPS
) - SonicWall (
Firewall
) - Squid Web Proxy (
Web Proxy
) - STIX Threat Intelligence (
Cybersecurity Threats
) - Suricata EVE (
IPS IDS
) - Symantec CloudSOC CASB (
CASB
) - Symantec DLP (
DLP
) - Symantec Endpoint Protection (
AV / Endpoint
) - Symantec Event export (
SEP
) - Symantec Web Security Service (
Web Proxy
) - Sysdig (
Security
) - Tailscale (
CASB
) - Tanium Threat Response (
Tanium Specific
) - TeamViewer (
Remote Support
) - Tenable CSPM (
Cloud Security
) - Tenable Security Center (
Vulnerability Scanner
) - Thales Luna Hardware Security Module (
THALES_LUNA_HSM specific
) - Trellix HX Event Streamer (
Cybersecurity
) - Trend Micro Deep Security (
AV / Endpoint
) - Trend Micro Vision One (
AV and endpoint logs
) - Trend Micro Vision One Workbench (
Schema
) - TrendMicro Deep Discovery Inspector (
Physical and virtual network
) - Tripwire (
DLP
) - TXOne Stellar (
AV and Endpoint logs
) - UberAgent (
Security
) - Unix system (
OS
) - UpGuard (
Vulnerability scanners
) - Upstream Vehicle SOC Alerts (
Schema
) - URLScan IO (
Vulnerability scanners
) - Veeam (
Backup software
) - VMware AirWatch (
Wireless
) - VMware Horizon (
VDI
) - VMware vCenter (
Server
) - VMWare VSphere (
virtualization
) - VPC Flow Logs (
Google Cloud Specific
) - Wallix Bastion (
Privileged Account Activity
) - WindChill (
Lifecycle Management Software
) - Windows Event (
Endpoint
) - Windows Event (XML) (
AV / Endpoint
) - Windows Sysmon (
DNS
) - Workday Audit Logs (
Audit And Compliance
) - Workspace Activities (
Google Cloud Specific
) - Workspace ChromeOS Devices (
Google Cloud Specific
) - Zimperium (
Mobile Device Management
) - Zoom Operation Logs (
Operation-Specific
) - Zscaler (
Web Proxy
) - Zscaler DLP (
Data Loss Prevention
) - ZScaler DNS (
DNS
) - ZScaler NGFW (
Firewall
) - Zscaler NSS Feeds for Alerts (
Alert log types
) - Zscaler Private Access (
Security Service Edge
)
The following log types were added without a default parser. Each parser is listed by product name and log_type
value, if applicable.
- Arize Cloud (
ARIZE_CLOUD
) - Aware Audit (
AWARE_AUDIT
) - Aware Signals (
AWARE_SIGNALS
) - Azure PostgreSQL (
AZURE_POSTGRESQL
) - Cisco Umbrella Firewall (
CISCO_UMBRELLA_FIREWALL
) - Cisco Umbrella IPS (
CISCO_UMBRELLA_IPS
) - Cisco Umbrella SWG DLP (
CISCO_UMBRELLA_SWG_DLP
) - CyberArk Secure Cloud Access (
CYBERARK_SCA
) - DBT Cloud (
DBT_CLOUD
) - Delinea Distributed Engine (
DELINEA_DISTRIBUTED_ENGINE
) - Delinea PBA (
DELINEA_PBA
) - Dtex Audit (
DTEX_AUDIT
) - Featurespace Aric (
FEATURESPACE_ARIC
) - Forcepoint One (
FORCEPOINT_ONE
) - Genesys Audit (
GENESYS_AUDIT
) - Hex (
HEX
) - Linkshadow NDR (
LINKSHADOW_NDR
) - Nightfall DLP (
NIGHTFALL
) - Palo Alto Cortex IIS (
PAN_CORTEX_XDR_IIS
) - Relativity (
RELATIVITY
) - Retool (
RETOOL
) - Saturn Cloud (
SATURN_CLOUD
) - SecurityBridge (
SECURITY_BRIDGE
) - TACACS Plus (
TACACS_PLUS
) - Transmit Security FlexID (
TRANSMIT_FLEXID
) - Unifi Router (
UNIFI_ROUTER
)
For a list of supported log types and details about default parser changes, see Supported log types and default parsers.
Using IAM attributes in custom organization policies is generally available. For more information, see Use custom organization policies.
You can use the iam.managed.preventPrivilegedBasicRolesForDefaultServiceAccounts
managed organization policy constraint to prevent default service accounts from being granted the Editor (roles/editor
) or Owner (roles/owner
) roles. For more information, see Prevent the Owner and Editor role from being granted to default service accounts.
Using IAM attributes in custom organization policies is generally available. For more information, see Use custom organization policies.
You can use the iam.managed.preventPrivilegedBasicRolesForDefaultServiceAccounts
managed organization policy constraint to prevent default service accounts from being granted the Editor (roles/editor
) or Owner (roles/owner
) roles. For more information, see Prevent the Owner and Editor role from being granted to default service accounts.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for pubsub/apiv1
1.45.3 (2024-12-04)
Bug Fixes
1.45.2 (2024-12-03)
Bug Fixes
- pubsub/pstest: Make invalid filter return error instead of panic (#11087) (45e1ce7)
- pubsub: Only init batch span if trace enabled (#11193) (f843d50)
- pubsub: Use official semconv variable whenever possible (#10904) (1ce4b6d)
Documentation
Using IAM attributes in custom organization policies is generally available. For more information, see Use custom organization policies.
You can use the iam.managed.preventPrivilegedBasicRolesForDefaultServiceAccounts
managed organization policy constraint to prevent default service accounts from being granted the Editor (roles/editor
) or Owner (roles/owner
) roles. For more information, see Prevent the Owner and Editor role from being granted to default service accounts.
New SAP HANA certification: 24 TB and 32TB X4 bare metal machine types for OLAP workloads
SAP has certified the Compute Engine x4-megamem-1440-metal
and x4-megamem-1920-metal
machine types for use with SAP HANA OLAP workloads in scale-out configurations with up to 8 nodes.
For more information, see X4 memory-optimized bare metal machine types.
When activating the Security Command Center Enterprise tier, you now have the option to connect Security Command Center to an existing Google Security Operations instance or provision a new instance. For more information, see Activate the Security Command Center Enterprise tier.
Vertex AI Agent Builder: Grounding is available in more languages (GA with allowlist)
The grounded generation API supports more than 35 languages.
This feature is available to select Google Cloud customers (GA with allowlist). For general information about grounding, see Generate grounded answers with RAG. For available languages, see Languages.
Vertex AI Agent Builder: Additional inputs for generating grounded answers (GA with allowlist)
You can specify a language code and a latitude-longitude value when making calls to the grounded generation API.
If the language can't be determined from the query, then the language code is used to set the language for the answer. If the language code is not present, then the latitude-longitude value is used to set the language.
The latitude-longitude value is also used to answer location-related queries, such as "restaurants near me".
This feature is available to select Google Cloud customers (GA with allowlist). For more information, see Generate grounded answers with RAG.
December 08, 2024
Google SecOps SOARRelease Notes 6.3.27 is in Preview.
In order to align with our flagship Google SecOps platform, we are unifying our themes. The SOAR platform will now offer two themes: gray (default) and light.
Release 6.3.26 is now in General Availability.
December 06, 2024
Cloud LoggingEditing Log Analytics charts that are saved to a dashboard directly in the Dashboards page is now generally available (GA).
A vulnerability was discovered in the Vertex AI API serving Gemini multimodal requests, allowing bypass of VPC Service Controls. For details, see the Security bulletins page.
(New guide) Infrastructure for a RAG-capable generative AI application using Vertex AI and Vector Search: Describes how to design infrastructure for a generative AI application with retrieval-augmented generation (RAG) by using Vector Search.
Google Cloud Architecture Framework: Performance optimization: Major update to align the recommendations with core principles of performance optimization.
Starting on December 9, 2024, default permissions for OAuth authentication to BigQuery connections are limited to read-only for Looker instances on Looker 24.20+.
On March 1, 2025, Looker will sign out any users with read and write scopes from all corresponding BigQuery connections. This will cause any schedules dependent on these connections to fail. Each of these users will need to reauthorize their OAuth connection credentials in order to ensure uninterrupted schedule delivery. For more information, see the Restricting OAuth scope to read-only for Google BigQuery connections article.
Parameter Manager, an extension to the Secret Manager service, is available in Preview. You can use Parameter Manager to store, access, and manage the lifecycle of your workload parameters. For more information, see Parameter Manager overview.
The current default DATE_OF_BIRTH
infoType detection model, which is available when InfoType.version
is set to latest
or stable
, is now also used when InfoType.version
is set to legacy
.
The old detection model that was previously available by setting InfoType.version
to legacy
is no longer available.
December 05, 2024
AlloyDB for PostgreSQLThe AlloyDB database performance snapshot reports feature is generally available (GA).This feature lets you improve your database performance by using a report that compares snapshots of system metrics between two different points in time. For more information, see Optimize database performance by comparing performance snapshots.
Hierarchy Controller is no longer available to install. Config Sync upgrades are blocked if Hierarchy Controller is still configured. To continue using similar functionality, migrate from Hierarchy Controller to Hierarchical Namespace Controller before you upgrade Config Sync.
Improved the manual installation process for Config Sync. When you install Config Sync manually using kubectl (not recommended), Config Sync is now deployed directly without relying on the Config Management Operator. This change results in simplified architecture and reduced resource use on your cluster. If you manually installed Config Sync using kubectl, follow the guide to uninstall the Config Management Operator before you upgrade.
When you use Config Sync to manage configurations that are stored in OCI repositories (such as Artifact Registry), you can now enhance your security posture with custom signature verification. Config Sync integrates with your existing signature verification server deployed as a Kubernetes admission webhook, which helps ensure only trusted OCI images are used in your deployments. See the Sync OCI artifacts guide for setup instructions.
Introduced a new field for stopping and resuming syncing. This field is available on clusters with Config Sync auto-upgrades or with Config Sync version 1.20.0. The new field makes it easier to pause syncing by setting the spec.configSync.stopSyncing
field to true
.
To optimize resource use, Config Sync installations managed through Fleet no longer include the ConfigManagement Operator or the ConfigManagement
CRD. These components are automatically removed when you upgrade to version 1.20.0 or later. This change reduces Config Sync's resource consumption in your cluster. See Config Sync architecture for details.
Upgraded the git-sync
dependency from v4.2.4 to v4.3.0 to pick up a fix for lingering Git lock files and other vulnerability fixes.
Fixed a bug that prevented the applyset.kubernetes.io/part-of
label from being correctly removed from managed objects when they were no longer managed by Config Sync. This fix improves the accuracy of label information.
Fixed an issue that could cause sync delays due to retry backoff problems. This fix helps ensure more timely and consistent updates to your clusters.
Certificate Manager has passed HIPAA compliance validation and is listed as a covered product in HIPPA compliance on Google Cloud.
New Cloud Composer 3 environments can now be created in VPC SC. This feature is gradually rolled out to all regions supported by Cloud Composer.
Improved Airflow worker liveness checks to detect workers with unexpected idle task slots. This feature improves the stability of Airflow by better detection of unhealthy Airflow workers. This feature is gradually rolled out to all regions supported by Cloud Composer.
Long log entries now have proper task instance annotations.
(Cloud Composer 3) KubernetesPodOperator now works when the do_xcom_push
parameter is set to True
.
(Cloud Composer 2) If an upgrade operation fails, Cloud Composer 2 now restores the environment with the correct number of triggers.
The maximum limit on the database size during upgrades in Cloud Composer 3 is now the same as the limit for snapshots (20 GB).
(New Cloud Composer 3 environments) Increased the maximum number of internet connections that each Airflow worker can support at the same time.
(Cloud Composer 2 only) It is now possible to upgrade an environment if the [sentry]sentry_on
Airflow configuration option is set to true
.
Fixed the issue in the environment's component responsible for uploading the logs of Airflow components to Cloud Logging. This bug sometimes lead to a situation where Cloud Composer-level log might be missing for an Airflow component. The same log was still available on the Kubernetes-component level.
(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-google
package was upgraded to version 10.26.0 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.25.0 to version 10.26.0.
(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-cncf-kubernetes
package was upgraded to version 10.0.1 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 9.0.1 to version 10.0.1.
The aiohttp
package was downgraded from 3.11.0 to 3.10.11.
(Available without upgrading) Fixed an issue where Airflow workers sometimes generated incomplete or unreadable output.
The default version of Airflow is changed to 2.10.2.
Airflow 2.7.3 is no longer included in Cloud Composer images and builds.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.10.2-build.3 (default)
- composer-3-airflow-2.9.3-build.10
New images are available in Cloud Composer 2:
- composer-2.10.0-airflow-2.10.2 (default)
- composer-2.10.0-airflow-2.9.3
Cloud Composer version 2.5.2 has reached its end of support period.
Cloud SQL Enterprise Plus edition now supports the following regions:
africa-south1
(Johannesburg)asia-east2
(Hong Kong)europe-west10
(Berlin)
Cloud SQL Enterprise Plus edition now supports the following regions:
africa-south1
(Johannesburg)asia-east2
(Hong Kong)europe-west10
(Berlin)
Cloud SQL Enterprise Plus edition now supports the following regions:
africa-south1
(Johannesburg)asia-east2
(Hong Kong)europe-west10
(Berlin)
You can monitor performance using client-side traces in Java and Node.js. This feature is in Preview.
Looker Studio Labs
Learn the fundamentals of Looker Studio and Looker Studio Pro by using these Cloud Skills Boost Labs:
New Conversational Analytics guide
A new educational resource is available in Looker Studio to guide you through how to use Conversational Analytics, a Gemini in Looker feature.
Select Create > Conversation to get started.
Autogenerated titles for charts
When you enable the Show title option for a chart, Looker Studio automatically generates a chart title by default. The title is based on both the chart type and the fields that are used. You can add a custom title to a chart by entering it into the Title field.
More data from New Search Ads 360
You can visualize the following fields using the New Search Ads 360 connector:
- Conversions (by conv. time)
- All conv. rate
- Cost / client account conv.
- Google Ads Auction-time bidding
- Currency code
December 04, 2024
Cloud ComposerScheduled snapshots are available in Cloud Composer 3. This feature will be gradually rolled out to all regions supported by Cloud Composer 3.
Cloud Composer 2 is now available in Mexico (northamerica-south1).
Cloud SQL for MySQL now supports minor version 8.0.40. To upgrade your existing instance to the new version, see Upgrade the database minor version.
cos-117-18613-75-60
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.56 | v24.0.9 | v1.7.24 | See List |
Updated app-admin/google-guest-configs to 20241121.00. This enables intent based NIC naming scheme.
Upgraded sys-apps/makedumpfile to v1.7.6.
Upgraded containerd from 1.7.23 to 1.7.24.
Upgraded sys-process/lsof to v4.99.4.
Upgraded net-misc/socat to v1.8.0.1.
Upgraded sys-apps/less to v668.
Upgraded app-shells/dash to v0.5.12-r1.
Upgraded cos-gpu-installer to v2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.
Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681. Added duphandle-init-netrc.patch, netrc-large-file.patch, setopt-http_content_decoding.patch to fix regression issues in curl v8.11.0.
Fixed CVE-2024-50142 in the Linux kernel.
Fixed CVE-2024-50182 in the Linux kernel.
Fixed CVE-2024-50192 in the Linux kernel.
Fixed CVE-2024-53042 in the Linux kernel.
Fixed CVE-2024-50271 in the Linux kernel.
Fixed CVE-2024-50279 in the Linux kernel.
Fixed CVE-2024-50195 in the Linux kernel.
Fixed CVE-2024-50272 in the Linux kernel.
Fixed CVE-2024-50194 in the Linux kernel.
Fixed CVE-2024-50275 in the Linux kernel.
Fixed CVE-2024-53052 in the Linux kernel.
Fixed CVE-2024-50141 in the Linux kernel.
Fixed CVE-2024-53054 in the Linux kernel.
Fixed CVE-2024-50169 in the Linux kernel.
Fixed CVE-2024-50063 in the Linux kernel.
Fixed CVE-2024-53082 in the Linux kernel.
Fixed CVE-2024-50151 in the Linux kernel.
Fixed CVE-2024-50163 in the Linux kernel.
Fixed CVE-2024-50162 in the Linux kernel.
Fixed CVE-2024-53066 in the Linux kernel.
Fixed CVE-2024-50060 in the Linux kernel.
Fixed CVE-2024-50228 in the Linux kernel.
Fixed CVE-2024-50258 in the Linux kernel.
Fixed CVE-2024-50257 in the Linux kernel.
Fixed CVE-2024-50262 in the Linux kernel.
Fixed CVE-2024-50147 in the Linux kernel.
Fixed KCTF-6ca5753 in the Linux kernel.
Fixed CVE-2024-50251 in the Linux kernel.
Fixed CVE-2024-50249 in the Linux kernel.
Fixed CVE-2024-50226 in the Linux kernel.
Fixed CVE-2024-50143 in the Linux kernel.
Fixed CVE-2024-50153 in the Linux kernel.
Fixed CVE-2024-50223 in the Linux kernel.
Fixed CVE-2024-50222 in the Linux kernel.
Fixed CVE-2024-50099 in the Linux kernel.
Fixed CVE-2024-50215 in the Linux kernel.
Fixed CVE-2024-50152 in the Linux kernel.
Fixed CVE-2024-50154 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811800 -> 811804
cos-109-17800-372-64
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.24 | See List |
Upgraded sys-apps/makedumpfile to v1.7.6.
Updated app-admin/google-guest-configs to 20241121.00. This enables intent based NIC naming scheme.
Upgraded containerd from 1.7.23 to 1.7.24.
Upgraded app-shells/dash to v0.5.12-r1.
Upgraded sys-process/lsof to v4.99.4.
Upgraded sys-apps/less to v668.
Upgraded cos-gpu-installer to v2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.
Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681. Added duphandle-init-netrc.patch, netrc-large-file.patch, setopt-http_content_decoding.patch to fix regression issues in curl v8.11.0.
Fixed CVE-2024-53042 in the Linux kernel.
Fixed CVE-2024-50195 in the Linux kernel.
Fixed CVE-2024-50192 in the Linux kernel.
Fixed CVE-2024-50279 in the Linux kernel.
Fixed CVE-2024-50271 in the Linux kernel.
Fixed CVE-2024-50272 in the Linux kernel.
Fixed CVE-2024-50141 in the Linux kernel.
Fixed CVE-2024-53054 in the Linux kernel.
Fixed CVE-2024-53082 in the Linux kernel.
Fixed CVE-2024-50151 in the Linux kernel.
Fixed CVE-2024-50142 in the Linux kernel.
Fixed CVE-2024-50163 in the Linux kernel.
Fixed CVE-2024-53066 in the Linux kernel.
Fixed CVE-2024-50162 in the Linux kernel.
Fixed CVE-2024-50060 in the Linux kernel.
Fixed CVE-2024-50072 in the Linux kernel.
Fixed CVE-2024-50257 in the Linux kernel.
Fixed CVE-2024-50228 in the Linux kernel.
Fixed KCTF-6ca5753 in the Linux kernel.
Fixed CVE-2024-50147 in the Linux kernel.
Fixed CVE-2024-50251 in the Linux kernel.
Fixed CVE-2024-50036 in the Linux kernel.
Fixed CVE-2024-50143 in the Linux kernel.
Fixed CVE-2024-50099 in the Linux kernel.
Fixed CVE-2024-50101 in the Linux kernel.
Fixed CVE-2024-49948 in the Linux kernel.
Fixed CVE-2024-50095 in the Linux kernel.
Fixed CVE-2024-49952 in the Linux kernel.
Fixed CVE-2024-49949 in the Linux kernel.
Fixed CVE-2024-49946 in the Linux kernel.
Fixed CVE-2024-50153 in the Linux kernel.
Fixed CVE-2024-50262 in the Linux kernel.
Fixed CVE-2024-49927 in the Linux kernel.
Fixed CVE-2024-49878 in the Linux kernel.
Fixed CVE-2024-50154 in the Linux kernel.
Fixed CVE-2024-50046 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812261 -> 812253
cos-113-18244-236-64
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.24 | See List |
Updated app-admin/google-guest-configs to 20241121.00. This enables intent based NIC naming scheme.
Upgraded sys-apps/makedumpfile to v1.7.6.
Upgraded containerd from 1.7.23 to 1.7.24.
Upgraded sys-process/lsof to v4.99.4.
Upgraded sys-apps/less to v668.
Upgraded net-misc/socat to v1.8.0.1.
Upgraded app-shells/dash to v0.5.12-r1.
Upgraded cos-gpu-installer to v2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.
Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681. Added duphandle-init-netrc.patch, netrc-large-file.patch, setopt-http_content_decoding.patch to fix regression issues in curl v8.11.0.
Fixed CVE-2024-50036 in the Linux kernel.
Fixed CVE-2024-50272 in the Linux kernel.
Fixed CVE-2024-50279 in the Linux kernel.
Fixed CVE-2024-53042 in the Linux kernel.
Fixed CVE-2024-50271 in the Linux kernel.
Fixed CVE-2024-50195 in the Linux kernel.
Fixed CVE-2024-50192 in the Linux kernel.
Fixed CVE-2024-50141 in the Linux kernel.
Fixed CVE-2024-53054 in the Linux kernel.
Fixed CVE-2024-53082 in the Linux kernel.
Fixed CVE-2024-50151 in the Linux kernel.
Fixed CVE-2024-50142 in the Linux kernel.
Fixed CVE-2024-50163 in the Linux kernel.
Fixed CVE-2024-50162 in the Linux kernel.
Fixed CVE-2024-53066 in the Linux kernel.
Fixed CVE-2024-50060 in the Linux kernel.
Fixed CVE-2024-50072 in the Linux kernel.
Fixed CVE-2024-50251 in the Linux kernel.
Fixed CVE-2024-50262 in the Linux kernel.
Fixed CVE-2024-49927 in the Linux kernel.
Fixed CVE-2024-50257 in the Linux kernel.
Fixed CVE-2024-50153 in the Linux kernel.
Fixed KCTF-6ca5753 in the Linux kernel.
Fixed CVE-2024-50147 in the Linux kernel.
Fixed CVE-2024-50143 in the Linux kernel.
Fixed CVE-2024-50101 in the Linux kernel.
Fixed CVE-2024-50099 in the Linux kernel.
Fixed CVE-2024-50154 in the Linux kernel.
Fixed CVE-2024-50215 in the Linux kernel.
Fixed CVE-2024-49878 in the Linux kernel.
Fixed CVE-2024-50228 in the Linux kernel.
Fixed CVE-2024-49949 in the Linux kernel.
Fixed CVE-2024-49948 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811954 -> 812030.
cos-105-17412-495-62
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.167 | v23.0.3 | v1.7.23 | See List |
Upgraded sys-apps/makedumpfile to v1.7.6.
Upgraded sys-process/lsof to v4.99.4.
Upgraded app-shells/dash to v0.5.12-r1.
Upgraded cos-gpu-installer to v2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.
Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675.
Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681. Added duphandle-init-netrc.patch, netrc-large-file.patch, setopt-http_content_decoding.patch to fix regression issues in curl v8.11.0.
Fixed CVE-2024-50279 in the Linux kernel.
Fixed CVE-2024-50192 in the Linux kernel.
Fixed CVE-2024-50195 in the Linux kernel.
Fixed CVE-2024-50151 in the Linux kernel.
Fixed CVE-2024-50142 in the Linux kernel.
Fixed CVE-2024-50163 in the Linux kernel.
Fixed CVE-2024-50162 in the Linux kernel.
Fixed CVE-2024-53066 in the Linux kernel.
Fixed CVE-2024-50072 in the Linux kernel.
Fixed CVE-2024-50099 in the Linux kernel.
Fixed CVE-2024-50257 in the Linux kernel.
Fixed CVE-2024-50251 in the Linux kernel.
Fixed CVE-2024-50262 in the Linux kernel.
Fixed CVE-2024-49946 in the Linux kernel.
Fixed KCTF-6ca5753 in the Linux kernel.
Fixed CVE-2024-38538 in the Linux kernel.
Fixed CVE-2024-50036 in the Linux kernel.
Fixed CVE-2024-50143 in the Linux kernel.
Fixed CVE-2024-50153 in the Linux kernel.
Fixed CVE-2024-50154 in the Linux kernel.
Fixed CVE-2024-50228 in the Linux kernel.
Fixed CVE-2024-49878 in the Linux kernel.
Fixed CVE-2024-49927 in the Linux kernel.
Fixed CVE-2024-49949 in the Linux kernel.
Fixed CVE-2024-49948 in the Linux kernel.
Fixed CVE-2024-50095 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812699 -> 812685
Vertex AI Search: Boost controls for media recommendations (Public preview)
Boost controls are used to affect the order in which recommendations are listed. Boost controls use filters on string
and boolean
values in the schema data to determine what media content to boost or bury. The boost value (-1 to 1) determines whether the content should be placed lower (buried) or higher (boosted) in the list of recommendations returned.
Boost controls are attached to serving configs and applied to recommend
method calls.
The boost feature is in public preview and is available through the API. For more information about the feature, see Boost and bury media recommendations.
Vertex AI Search: gemini-1.5-flash-002-high-fidelity model (Public preview)
The gemini-1.5-flash-002-high-fidelity
model is available for grounded answer generation with RAG. This model is based on the gemini-1.5-flash-002
model and has been further tuned to address context-based question and answering tasks. This model is suitable for specialized industries, such as financial services, healthcare, and insurance.
This model is available in Public preview.
For more information, see High fidelity models.
December 03, 2024
Cloud ComposerAll Cloud Composer environment's GKE clusters are set up with maintenance exclusions from December 20, 2024 to January 2, 2025. For more information, see Maintenance exclusions.
You can now use the Network Connectivity Center hub to propagate Private Service Connect endpoints of Cloud SQL instances in a VPC network. All endpoints in this network become accessible transitively to other spoke VPC networks through the hub. This feature is available in Preview.
You can now use the Network Connectivity Center hub to propagate Private Service Connect endpoints of Cloud SQL instances in a VPC network. All endpoints in this network become accessible transitively to other spoke VPC networks through the hub. This feature is available in Preview.
You can now use the Network Connectivity Center hub to propagate Private Service Connect endpoints of Cloud SQL instances in a VPC network. All endpoints in this network become accessible transitively to other spoke VPC networks through the hub. This feature is available in Preview.
Generally available: Hyperdisk Balanced High Availability provides cross-zonal, synchronous replication for your disk data, offering the best set of options for RPO, RTO, and performance.
The Identity Platform integration with reCAPTCHA Enterprise API now supports bot protection and SMS toll fraud protection for SMS-based flows on iOS platforms.
Journey Voices now supports the Journey-O speaker for de-de, en-au, en-in, en-gb, es-es, es-us, fr-ca, fr-fr, and it-it.
Vertex AI Search: Index and refresh web pages using sitemap (Public preview)
If advanced website indexing is enabled in your data store, you can submit and use sitemaps and sitemap indexes to index and refresh the web pages in your data store. This feature supports only XML sitemaps and sitemap indexes.
This feature is in public preview and is available through the API. For more information about the feature, see Index and refresh web pages using sitemaps.
December 02, 2024
Backup and DRBackup and DR service added support for immutable and indelible backups with the new backup vault feature. This feature is now generally available.
Backup and DR service added centralized backup management within Google Cloud console, with support for Compute Engine VM backup to backup vaults. This feature is now generally available.
Backup and DR service added integration with the Compute Engine VM creation experience, enabling the application of Backup and DR backup policies when VMs are created. This feature is now generally available.
To create a Bigtable instance, a user or account must be a principal in a role with the permission bigtable.clusters.create
. For more information, see Bigtable access control with IAM.
In GKE version 1.31.1-gke.2105000 or later, you can now configure custom compute classes to consume Compute Engine reservations. Workloads that use those custom compute classes automatically trigger reservation consumption during node creation. This lets you manage reservation consumption more centrally. To learn more, see About custom compute classes.
Spanner Graph is Generally Available (GA). For more information, see Spanner Graph overview.
Spanner Graph supports defining path variables and using path functions. For more information, see Work with paths.
Information about how Spanner Graph supports the ISO international standard query language for graph databases is available. For more information, see Spanner Graph and ISO standards.
Spanner Graph supports vector similarity search to find K-nearest neighbors (KNN) and approximate nearest neighbors (ANN). For more information, see Perform vector similarity search in Spanner Graph.
Full-text search is available in Spanner Graph. For more information, see Use full-text search with Spanner Graph.
A predefined Identity and Access Management (IAM) role is available to enable Spanner permission to query a Spanner database using Data Boost. For more information, see details about the Spanner Database Reader with DataBoost IAM role and Run federated queries with Data Boost.
Preview: You can consume reservations of VMs that have GPUs attached with your custom training jobs or prediction jobs. Reservations of Compute Engine zonal resources help you gain a high level of assurance that your jobs have the necessary resources to run. For more information, see the following:
December 01, 2024
Google SecOps SOARThe official maintenance window is on Sundays between 11:00 to 15:00 UTC. Note that maintenance does not always necessitate a service outage.
November 29, 2024
SpannerA monthly digest of client library updates from across the Cloud SDK.
Go
Changes for spanner/admin/database/apiv1
1.71.0 (2024-11-01)
Features
- spanner/admin/instance: Add support for Cloud Spanner Default Backup Schedules (706ecb2)
- spanner: Client built in metrics (#10998) (d81a1a7)
Bug Fixes
- spanner/test/opentelemetry/test: Update google.golang.org/api to v0.203.0 (8bb87d5)
- spanner/test/opentelemetry/test: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (2b8ca4b)
- spanner: Attempt latency for streaming call should capture the total latency till decoding of protos (#11039) (255c6bf)
- spanner: Decode PROTO to custom type variant of base type (#11007) (5e363a3)
- spanner: Update google.golang.org/api to v0.203.0 (8bb87d5)
- spanner: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (2b8ca4b)
1.72.0 (2024-11-07)
Features
- spanner/spansql: Add support for protobuf column types & Proto bundles (#10945) (91c6f0f), refs #10944
Bug Fixes
1.73.0 (2024-11-14)
Features
Bug Fixes
Java
Changes for google-cloud-spanner
6.80.1 (2024-10-28)
Dependencies
- Update googleapis/sdk-platform-java action to v2.49.0 (#3430) (beb788c)
- Update sdk platform java dependencies (#3431) (eef03e9)
6.81.0 (2024-11-01)
Features
Dependencies
6.81.1 (2024-11-11)
Bug Fixes
- Client built in metrics. Skip export if instance id is null (#3447) (8b2e5ef)
- spanner: Avoid blocking thread in AsyncResultSet (#3446) (7c82f1c)
Dependencies
- Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.54.0 (#3437) (7e28326)
- Update dependency com.google.cloud:google-cloud-monitoring to v3.54.0 (#3438) (fa18894)
- Update dependency com.google.cloud:google-cloud-trace to v2.53.0 (#3440) (314eeb8)
- Update dependency io.opentelemetry:opentelemetry-bom to v1.44.1 (#3452) (6518eea)
- Update opentelemetry.version to v1.44.1 (#3451) (d9b0271)
Documentation
6.81.2 (2024-11-20)
Bug Fixes
Dependencies
- Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.55.0 (#3482) (bf350b0)
- Update dependency com.google.api.grpc:proto-google-cloud-trace-v1 to v2.53.0 (#3454) (8729b30)
- Update dependency com.google.cloud:google-cloud-trace to v2.53.0 (#3464) (a507e4c)
- Update dependency com.google.cloud:google-cloud-trace to v2.54.0 (#3488) (1d1fecf)
- Update googleapis/sdk-platform-java action to v2.50.0 (#3475) (e992f18)
- Update sdk platform java dependencies (#3476) (acb6446)
Node.js
Changes for @google-cloud/spanner
7.15.0 (2024-10-30)
Features
- (observability, samples): add tracing end-to-end sample (#2130) (66d99e8)
- (observability) add spans for BatchTransaction and Table (#2115) (d51aae9), closes #2114
- (observability) Add support for OpenTelemetry traces and allow observability options to be passed. (#2131) (5237e11), closes #2079
- (observability) propagate database name for every span generated to aid in quick debugging (#2155) (0342e74)
- (observability) trace Database.batchCreateSessions + SessionPool.createSessions (#2145) (f489c94)
- (observability): trace Database.runPartitionedUpdate (#2176) (701e226), closes #2079
- (observability): trace Database.runTransactionAsync (#2167) (d0fe178), closes #207
- Allow multiple KMS keys to create CMEK database/backup (#2099) (51bc8a7)
- observability: Fix bugs found from product review + negative cases (#2158) (cbc86fa)
- observability: Trace Database methods (#2119) (1f06871), closes #2114
- observability: Trace Database.batchWriteAtLeastOnce (#2157) (2a19ef1), closes #2079
- observability: Trace Transaction (#2122) (a464bdb), closes #2114
Bug Fixes
- Exact staleness timebound (#2143) (f01516e), closes #2129
- GetMetadata for Session (#2124) (2fd63ac), closes #2123
7.16.0 (2024-11-09)
Features
Bug Fixes
Python
Changes for google-cloud-spanner
3.50.0 (2024-11-11)
Features
- spanner: Add support for Cloud Spanner Default Backup Schedules (45d4517)
Bug Fixes
- Add PROTO in streaming chunks (#1213) (43c190b)
- Pass through route-to-leader option in dbapi (#1223) (ec6c204)
- Pin
nox
version inrequirements.in
for devcontainer. (#1215) (41604fe)
Documentation
- Allow multiple KMS keys to create CMEK database/backup (68551c2)
3.50.1 (2024-11-14)
Bug Fixes
November 28, 2024
Cloud Healthcare APIA new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
November 27, 2024
Cloud ComposerIn December 2024, Google will remove the following previously deprecated Airflow operators from the apache-airflow-providers-google
package.
The new version of this package will be included in one of the future releases of Cloud Composer and the change will be announced in the Release Notes. After this change, it will not be possible to use these operators in your DAGs.
Make sure that you use up-to-date alternatives of the removed operators instead. For more information about removed and deprecated Airflow operators and their up-to-date alternatives, see Deprecated and removed Airflow operators.
Operators that will be removed in December 2024: DataPipelineHook, CreateDataPipelineOperator, RunDataPipelineOperator, AutoMLDatasetLink, AutoMLDatasetListLink, AutoMLModelLink, AutoMLModelTrainLink, AutoMLModelPredictLink.
The Snowflake plugin version 1.1.4 is available in Cloud Data Fusion version 6.8.0 and later. This release includes the following changes (PLUGIN-1816):
- Fixed an issue in the Snowflake source causing pipelines to fail if fields contained decimals.
- Fixed an issue in the Snowflake source causing pipelines to fail if data contained a backslash (
\
). You can set a new escape character using thecdap.snowflake.source.escape
runtime argument.
The Cloud SQL MySQL plugins version 1.11.5 is available in Cloud Data Fusion versions 6.10.0 and later. This release fixes an issue in the Cloud SQL MySQL sink causing pipelines to fail when the schema contains a MySQL reserved word (PLUGIN-1017).
You can now create instances with both private services access and Private Service Connect enabled for them. You can also enable Private Service Connect for existing private services access instances. This feature is available in Preview. For more information, see Configure both private services access and Private Service Connect.
You can now create instances with both private services access and Private Service Connect enabled for them. You can also enable Private Service Connect for existing private services access instances. This feature is available in Preview. For more information, see Configure both private services access and Private Service Connect.
You can now create instances with both private services access and Private Service Connect enabled for them. You can also enable Private Service Connect for existing private services access instances. This feature is available in Preview. For more information, see Configure both private services access and Private Service Connect.
Cloud TPU Trillium (v6e) machine types are now in public preview for Autopilot clusters running version 1.31.2-gke.1384000 or later. These TPUs are available in the following zones: us-east5-b
, europe-west4-a
, us-east1-d
, asia-northeast1-b
, and us-south1-a
. To learn more, see Plan TPUs in GKE.
(2024-R46) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- The following versions are now available in the Rapid channel:
Regular channel
There are no new releases in the Regular channel.
Stable channel
There are no new releases in the Stable channel.
Extended channel
- Version 1.27.16-gke.2019000 is now available in the Extended channel.
No channel
- The following versions are now available:
- The following node versions are now available:
(2024-R46) Version updates
- The following versions are now available in the Rapid channel:
(2024-R46) Version updates
There are no new releases in the Regular channel.
(2024-R46) Version updates
There are no new releases in the Stable channel.
(2024-R46) Version updates
- Version 1.27.16-gke.2019000 is now available in the Extended channel.
(2024-R46) Version updates
- The following versions are now available:
- The following node versions are now available:
November 26, 2024
Compute EngineTo learn more, see Monitor disk health.
Cluster autoscaler and node auto-provisioning support the C4 machine family in GKE version 1.28.15-gke.1159000, 1.29.10-gke.1227000 or later.
Vertex AI Search: Check ingested data quality for media recommendations (GA)
You can check the quality of your ingested data for media recommendations through the Google Cloud console. These checks are not blocking but can suggest ways that your data can be improved. This feature is Generally available (GA).
Previously, this check was only available through API method calls.
For more information, see Check data quality for media recommendations.
November 25, 2024
Anti Money Laundering AIA new major engine version is available for Retail and Commercial lines of business, within the v4 tuning version. This includes technical improvements and simplifications for tuning and training.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigquery
2.44.0 (2024-11-17)
Features
Bug Fixes
- Update experimental methods documentation to @internalapi (#3552) (20826f1)
Dependencies
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.55.0 (#3559) (950ad0c)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20241027-2.0.0 (#3568) (b5ccfcc)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.59.0 (#3561) (1bd24a1)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.40.0 (#3576) (d5fa951)
- Update github/codeql-action action to v2.27.1 (#3567) (e154ee3)
- Update github/codeql-action action to v2.27.3 (#3569) (3707a40)
- Update github/codeql-action action to v2.27.4 (#3572) (2c7b4f7)
Documentation
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.48.0 (2024-11-19)
Features
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (6b35b47)
- Make client side metrics tag in sync with server (#2401) (bba4183)
Dependencies
The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).
- Conversational Insights
contactcenterinsights.googleapis.com/IssueModel
contactcenterinsights.googleapis.com/PhraseMatcher
contactcenterinsights.googleapis.com/View
- Google Kubernetes Engine
admissionregistration.k8s.io/MutatingWebhookConfiguration
apps.k8s.io/DaemonSet
apps.k8s.io/StatefulSet
batch.k8s.io/CronJob
k8s.io/PersistentVolume
k8s.io/PersistentVolumeClaim
k8s.io/PodTemplate
k8s.io/ReplicationController
k8s.io/ResourceQuota
policy.k8s.io/PodDisruptionBudget
storage.k8s.io/StorageClass
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.20.7 (2024-11-18)
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.49.0 (a1ec68d)
- deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (afcf63c)
- Fixed outdated link to X-Cloud-Trace-Context header description (#1713) (d474313)
Dependencies
You can now set a task timeout up to 168 hours (7 days) for Cloud Run jobs. (Preview)
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-storage
2.45.0 (2024-11-18)
Features
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.49.0 (aef367d)
- deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (281cccb)
- Set default values for monitored resource (#2809) (27829a4)
Dependencies
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-datastore
2.24.3 (2024-11-18)
Dependencies
Curated Detections has been enhanced with a new detection category, MacOS Threats. The category includes a Mandiant Intel Emerging Threats rulepack.
Curated Detections has been enhanced with a new detection category, MacOS Threats. The category includes a Mandiant Intel Emerging Threats rulepack.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.134.2 (2024-11-18)
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.49.0 (77546e0)
- deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (3f21af3)
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.43.3 (#2256) (f7fbc6c)
- Update dependency com.google.cloud:google-cloud-core to v2.47.0 (#2249) (3df5729)
- Update dependency com.google.cloud:google-cloud-storage to v2.44.1 (#2240) (f8dae4d)
- Update googleapis/sdk-platform-java action to v2.50.0 (#2261) (d0aab7d)
- Update sdk platform java dependencies (#2262) (b689fe2)
The PHONE_NUMBER
infoType functionality that was previously only available by setting InfoType.version
to latest
or stable
is now also used when InfoType.version
is set to legacy
. The new model includes US_TOLLFREE_PHONE_NUMBER
findings as type PHONE_NUMBER
in the scan results.
The old detection model that was previously available by setting InfoType.version
to legacy
is no longer available.
Default backup schedules are now available and automatically enabled for all new instances. You can enable or disable default backup schedules in an instance when creating the instance or by editing the instance later. You can also enable default backup schedules for new databases in existing instances. You can edit or delete the default backup schedule once it's created.
When enabled, Spanner creates a default backup schedule for every new database created in the instance. The default backup schedule creates a full backup every 24 hours. These backups have a retention period of 7 days.
For more information, see Default backup schedules.
November 24, 2024
Google SecOpsNew options for closing a case
New custom field options have been added to the admin settings close case page. Using these fields, you can ask the analyst to enter different types of information when closing a case.
For more information, refer to Customize the Close Case dialog.
Release 6.3.26 is currently in Preview.
New options for closing a case
New custom field options have been added to the admin settings close case page. Using these fields, you can ask the analyst to enter different types of information when closing a case.
For more information, refer to Customize the Close Case dialog
November 22, 2024
Anthos Attached ClustersGKE attached clusters now supports clusters in the us-central1
region. For more information, see:
On November 22, 2024, we released an updated version of the Apigee UI.
This release includes an improved Apps page for Apigee API Management in the Google Cloud console, making it easier to manage API products that are assigned to app credentials.
With this release:
- Products can be added to an app from a single multi-select list box.
- Products can be approved, revoked, and removed from a credential by selecting products in the credential product table and using one of the available action buttons.
- Clicking the Add Credential button adds an empty credential to the list.
- Credential approval and expiry configuration fields are located in the credential card.
- A warning appears to users if they attempt to leave the Apps page when un-saved changes are present.
Bug ID | Description |
---|---|
357165778 | Refactored app credential management experience Resolved issue causing the Apps page in the Apigee UI in Cloud console to crash when working with apps that have a large amount of products assigned to app credentials. |
The following regional control packages are now generally available:
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Infrastructure Manager
You can now use Active Assist to provide recommendations and insights that improve the reliability of your databases. This feature is generally available (GA).
For more information, see Reliability recommender.
You can now use Active Assist to provide recommendations and insights that improve the reliability of your databases. This feature is generally available (GA).
For more information, see Reliability recommender.
Google Distributed Cloud (software only) for VMware 1.30.300-gke.84 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.300-gke.84 runs on Kubernetes v1.30.5-gke.600.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
The following issues are fixed in 1.30.300-gke.84:
- Fixed the issue that additional manual steps are needed after disabling always-on secrets encryption with
gkectl update cluster
. - Fixed the known issue that caused
gkectl
to display false warnings on admin cluster version skew.
The following vulnerabilities are fixed in 1.30.300-gke.84:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
Release 1.30.300-gke.84
Google Distributed Cloud for bare metal 1.30.300-gke.84 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.300-gke.84 runs on Kubernetes 1.30.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Fixes:
Fixed an issue where the control plane VIP might become unavailable because Keepalived didn't check correctly that the VIP is on a node with a responsive HAProxy.
Fixed an issue where the registry mirror reachability check fails for a single unreachable registry mirror. Now the reachability check applies to configured registry mirrors only, instead of all registry mirrors.
The following container image security vulnerabilities have been fixed in 1.30.300-gke.84:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
Cloud TTS Journey voices have been updated to improve the accuracy of generated speech. This means you should notice fewer instances of dropped words.
November 21, 2024
Agent AssistSummarization with custom sections V3.1 is generally available. V3.1 provides the following improvements on V3.0:
- Higher quality summarizations
- Improved latency
You can set up AlloyDB clusters using a copy of your Cloud SQL for PostgreSQL backup. This feature is in Preview. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.
Model endpoint management is generally available (GA) for both AlloyDB and AlloyDB Omni. You can use sample templates to register model endpoints. For more information, see Register and call remote AI models in AlloyDB or Register and call remote AI models in AlloyDB Omni.
This release fixes an issue with OnVault pool jobs leaving behind inactive cloudbacker mountpoints. It does this by retrying the unmount process a set number of times, including forced unmounts. Due to the increased number of retries and the wait time between them, job durations may be slightly longer.
This release deprecates support for ssh-rsa as the ssh Host Key algorithm.
This release fixes the synchronization between database and log backup states. Log backups should not copy the logs to the database staging after the database staging disk is unmounted and the state DBBACKUP_DONE is set.
This release fixes an issue where SAP HANA database and log backup jobs using Persistent Disk snapshots would complete with a warning status due to metadata upload failures to Google Cloud Storage for disaster recovery.
This release removes the 700 thread hard limit and psrv restarts at 800 threads when the psrv is at high usage.
This release fixes the Tomcat vulnerability CVE-2024-38286.
This release fixes the following Kernel vulnerabilities:
CRITICAL Kernel issues: CVE-2023-25775 CVE-2019-15505
MEDIUM Kernel issues CVE-2019-13631 CVE-2020-25656 CVE-2020-26555 CVE-2020-36777 CVE-2021-3753 CVE-2021-46909 CVE-2021-46939 CVE-2021-47171 CVE-2022-38096 CVE-2022-48743 CVE-2023-1192 CVE-2023-4133 CVE-2023-5090 CVE-2023-6121 CVE-2023-6176 CVE-2023-6240 CVE-2023-6622 CVE-2023-6915 CVE-2023-24023 CVE-2023-31083 CVE-2023-37453 CVE-2023-38409 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-39198 CVE-2023-42754 CVE-2023-42755 CVE-2023-45863 CVE-2023-52448 CVE-2023-52463 CVE-2023-52471 CVE-2024-0340 CVE-2024-21140 CVE-2024-21145 CVE-2024-25739 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26586 CVE-2024-26602 CVE-2024-26603 CVE-2024-26901 CVE-2024-26908 CVE-2024-27014 CVE-2024-27019 CVE-2024-36270 CVE-2024-36489 CVE-2024-38598 CVE-2024-39472 CVE-2024-39476
HIGH Kernel issues: CVE-2019-25162 CVE-2021-4204 CVE-2021-33631 CVE-2021-47624 CVE-2022-0500 CVE-2022-3565 CVE-2022-23222 CVE-2022-45884 CVE-2022-45886 CVE-2022-45919 CVE-2022-45934 CVE-2023-2163 CVE-2023-3567 CVE-2023-3812 CVE-2023-4244 CVE-2023-5178 CVE-2023-6546 CVE-2023-6931 CVE-2023-6932 CVE-2023-28464 CVE-2023-51042 CVE-2023-51780 CVE-2023-52340 CVE-2023-52434 CVE-2023-52439 CVE-2023-52445 CVE-2023-52451 CVE-2023-52464 CVE-2023-52469 CVE-2024-0565 CVE-2024-0841 CVE-2024-1086 CVE-2024-21147 CVE-2024-23307 CVE-2024-25744 CVE-2024-26593 CVE-2024-26907 CVE-2024-26933 CVE-2024-26934 CVE-2024-27020 CVE-2024-36971 CVE-2024-36978 CVE-2024-36979 CVE-2024-38538 CVE-2024-38555 CVE-2024-38627 CVE-2024-39487
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, and Feed APIs.
- Apigee API Hub
The HTTP plugin version 1.4.3 is available in Cloud Data Fusion version 6.8.0 and later. This release includes the following changes (PLUGIN-1810):
- In the HTTP streaming source, batch source, and batch sink, a
PATCH
option was added to the HTTP Method field. - Fixed an issue in the HTTP sink causing data loss when a pipeline didn't fail by default when a non-2xx response code was received.
- Fixed an issue in the HTTP source causing a pipeline not to fail when the
get_schema
method was called and a non-2xx response code was received.
You can now set up AlloyDB clusters using a copy of your Cloud SQL for PostgreSQL backup. This feature is in Preview. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.
Mistral Large (24.11) is Generally Available on Vertex AI as a managed model. To learn more, view the Mistral Large (24.11) model card in Model Garden.
The Gen AI evaluation service can now help you evaluate your translation models using MetricX, COMET, and BLEU metrics. To learn more about evaluating your translation models, see Evaluate translation models.
VMware Engine ve1 nodes are now available in the following additional region:
- Dallas, Texas, North America (
us-south1-b
).
Release 1.29.800-gke.111
Google Distributed Cloud for bare metal 1.29.800-gke.111 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.800-gke.111 runs on Kubernetes 1.29.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Functionality changes:
- Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.
Fixes:
- Fixed the issue where non-root users can't run
bmctl restore
to restore quorum.
The following container image security vulnerabilities have been fixed in 1.29.800-gke.111:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
If your GKE cluster was created before version 1.26, you can now migrate it to cgroupv2. This migration enables the use of Pod bursting in Autopilot mode.
The Google SecOps team identified that a cloud threat detection rule pack (azure-defender-for-cloud-vm-extensions) was inadvertently made available to all customers. The licensing requirements restrict the availability of this rule pack to only Enterprise and Enterprise+ customers and this has been corrected.
This change should not remove any prior detections for customers who have enabled this rule pack and do not meet the licensing requirements but the rules themselves will now be unavailable and no new detections will generate.
Let report viewers see all filters
Report editors can let report viewers see all of the filters applied to a report, including filters that viewers can't edit.
Filter value suggestions
When defining filters on charts, pages, or reports that use Equal to (=) or In conditions, report editors can select from a list of possible filter values that are provided from the underlying data. Filter suggestions are supported for all data connectors and can be disabled during filter creation.
Looker connector filter enhancements
The following features are now available for use with the Looker connector:
- Filter-only fields can be set as a report control and a quick filter.
- Looker Studio displays suggestions for filter values based on the data source's LookML
suggest_dimension
andsuggest_explore
definitions when Equal to (=) and In conditions are used.
Secure Source Manager supports email notifications. For more information, see Notifications overview. To configure notifications, follow the instructions in Set up notifications.
The Sensitive Data Protection discovery service is now included in Security Command Center Enterprise. To enable discovery, see Enable sensitive data discovery in the Enterprise tier.
The Sensitive Data Protection discovery service remains available to Security Command Center Premium and Standard customers as a separately priced feature.
As of November 13, 2024, Security Command Center can produce Cloud Entitlement Infrastructure Management (CIEM) findings for the following identity and access issues in AWS environments:
- Users, groups, or assumed IAM roles that are inactive and have one or more permissions.
- Overly permissive trust policies that are enforced on an AWS IAM role.
- Identities that can move laterally through impersonation.
November 20, 2024
Artifact RegistryArtifact Registry is available in the northamerica-south1
region (Querétaro, Mexico, North America). For more information, see Global locations.
Regional external Application Load Balancers, cross-region internal Application Load Balancers, regional internal Application Load Balancers, regional internal proxy Network Load Balancers, cross-region internal proxy Network Load Balancers, and regional external proxy Network Load Balancers now support IPv4 and IPv6 (dual-stack) backends.
The following backends have dual-stack support:
- VM instance groups
- Zonal NEGs (
GCE_VM_IP_PORT
endpoints)
You can also convert your existing single-stack load balancers from IPv4-only to dual stack (IPv4 and IPv6) deployments.
For details, see the following pages:
- IPv6 overview
- Convert your existing Application Load Balancer to IPv6
- Convert your existing proxy Network Load Balancer to IPv6
This feature is available in General Availability.
You can now authenticate to Cloud SQL Studio by using IAM database authentication.
For more information about authentication in Cloud SQL Studio, see Manage your data using Cloud SQL Studio.
You can now authenticate to Cloud SQL Studio by using IAM database authentication.
For more information about authentication in Cloud SQL Studio, see Manage your data using Cloud SQL Studio.
Dataproc Serverless for Spark: Spark Lineage is available for all supported Dataproc Serverless for Spark runtime versions.
M126 release
- Base CUDA 12.3 container images are now available.
- Base CUDA 12.4 container images are now available.
- PyTorch 2.4.0 with CUDA 12.4 and Python 3.10 container images are now available.
- Upgraded R from 4.4.1 to 4.4.2 for R container images.
M126 release
- CUDA 12.4 VM images are now available.
- PyTorch 2.4.0 with CUDA 12.4 and Python 3.10 VM images are now available.
- Upgraded R from 4.4.1 to 4.4.2 for R VM images.
- One or more framework versions have reached their end of patch and support dates. To view end of patch and support dates, see Supported framework versions. To create a VM instance using an image family that has reached its end of patch and support date, you must specify an image from the image family when you create the VM instance. To list images from an image family name after its end of patch and support date, include the
--show-deprecated
flag in yourgcloud compute images list
command, or select Show deprecated images when creating an instance in the Google Cloud console.
You can now automatically promote releases across targets at scheduled times, in preview.
VMware Engine ve2 nodes are now available in the following regions:
- São Paulo, Brazil (
southamerica-east1
) - Santiago, Chile (
southamerica-west1
)
You can now specify a custom resource policy as a compact placement policy with node auto-provisioning in clusters running GKE version 1.31.1-gke.2010000 or later. To learn more, see Use compact placement for node auto-provisioning.
VPC Service Controls feature: VPC Service Controls extends support for etags in the service perimeter resources. For example, you can use the --etag
flag with the gcloud CLI commands such as gcloud access-context-manager perimeters update
and gcloud access-context-manager perimeters describe
. This feature is generally available.
M126 release
The M126 release of Vertex AI Workbench user-managed notebooks includes the following:
- Upgraded JupyterLab to 3.6.8.
- One or more framework versions have reached their end of patch and support dates. To view end of patch and support dates, see Supported framework versions. To create an instance using an image family that has reached its end of patch and support date, see Create an instance after end of patch and support date.
The M126 release of Vertex AI Workbench managed notebooks includes the following:
- Upgraded JupyterLab to 3.6.8.
M126 release
The M126 release of Vertex AI Workbench instances includes the following:
- Preview: JupyterLab 4+ is available on new Vertex AI Workbench instances. To try it, select JupyterLab 4 when you create your instance.
- Upgraded JupyterLab to 3.6.8.
November 19, 2024
App Engine flexible environment GoGo 1.23 is now available in preview.
Node.js 22 is now generally available.
Go 1.23 is now available in preview.
Node.js 22 is now generally available.
Artifact Registry now provides the option to enable or disable vulnerability scanning on individual repositories. By giving you more granular control over the number of images scanned, this feature can help you manage scanning costs and reduce noise in vulnerability scanning results.
This feature is Generally Available.
For more information, see Enable or disable automatic scanning.
You can create a search index on columns containing INT64
or TIMESTAMP
data and BigQuery can optimize predicates that use those columns. This feature is generally available (GA).
Percentage-based request mirroring is now supported for the cross-region and regional internal Application Load Balancers. By default, the mirrored backend service receives all requests, even if the
original traffic is being split between multiple weighted backend services. You
can now configure the mirrored backend service to receive only a percentage of the
requests by using the mirrorPercent
flag to specify the percentage of
requests to be mirrored expressed as a value between 0 and 100.0.
For an example, see Set up traffic management for regional internal Application Load Balancers.
This capability is available in Preview.
Support for the Go 1.23 runtime is now in Preview.
Cloud Run functions now supports the Go 1.23 runtime at the Preview release level.
For Cloud SQL Enterprise Plus edition instances, advanced disaster recovery (DR) is now generally available (GA). For more information, see Advanced disaster recovery (DR) and Use advanced disaster recovery (DR).
The write endpoint feature is now available in Preview. This endpoint is a global domain name service (DNS) name. This name resolves to the IP address of the current primary Cloud SQL instance that's enabled with private services access.
By using a write endpoint, you can avoid having to make application connection changes after performing a switchover or replica failover operation to test or mitigate a regional failure. For more information, see Configure private IP.
For Cloud SQL Enterprise Plus edition instances, you can now use advanced disaster recovery (DR) to simplify recovery and fallback processes after you perform a cross-regional failover. With advanced DR, you can:
- Designate a cross-region disaster recovery (DR) replica
- Perform a cross-region replica failover for disaster recovery
- Restore your original deployment by using zero-data loss switchover
You can also use switchover to simulate disaster recovery without data loss. You can use advanced DR on Cloud SQL for PostgreSQL version 12, 13, 14, 15, or 16.
For more information, see Advanced disaster recovery (DR) and Use advanced disaster recovery (DR). This feature is generally available (GA).
The write endpoint feature is now available in Preview. This endpoint is a global domain name service (DNS) name. This name resolves to the IP address of the current primary Cloud SQL instance that's enabled with private services access.
By using a write endpoint, you can avoid having to make application connection changes after performing a switchover or replica failover operation to test or mitigate a regional failure. For more information, see Configure private IP.
The rollout of managed Cloud Service Mesh version 1.19 to all channels has completed.
The documentation has been updated to clarify that future reservation requests don't support E2 machine types. To reserve VMs that use E2 machine types, use on-demand reservations instead.
For more information, see Restrictions on creation.
(New guide) Cross-Cloud Network inter-VPC connectivity using VPC Network Peering: Describes how to configure hub-and-spoke Cross-Cloud Network using VPC Network Peering.
(New guide) Deploy and operate generative AI applications: Describes how you can adapt DevOps and MLOps processes to develop, deploy, and operate generative AI applications on existing foundation models.
(2024-R45) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- The following versions are now available in the Rapid channel:
Regular channel
There are no new releases in the Regular channel.
Stable channel
There are no new releases in the Stable channel.
Extended channel
- Version 1.27.16-gke.1836000 is now available in the Extended channel.
No channel
- The following versions are now available:
- The following node versions are now available:
(2024-R45) Version updates
- The following versions are now available in the Rapid channel:
(2024-R45) Version updates
There are no new releases in the Regular channel.
(2024-R45) Version updates
There are no new releases in the Stable channel.
(2024-R45) Version updates
- Version 1.27.16-gke.1836000 is now available in the Extended channel.
(2024-R45) Version updates
- The following versions are now available:
- The following node versions are now available:
GKE version 1.31 introduces increased scalability, allowing users to create clusters with up to 65,000 nodes. For clusters exceeding 5,000 nodes, a quota increase is required. Contact Google Cloud support to request this increase.
Upgraded server-side dependencies - Tekton Pipelines, ASM
Updated Go version used to build images and CLI tools
Changed version of php-buildpack to address build issue.
Creating custom organization policies with Secret Manager resources is now in General Availability (GA). You can use custom organization policies to enhance secret security by enforcing rotation schedules, annotations, and expirations for secrets. You can also use custom organization policies to restrict secret types to manage costs. To learn more about using custom organization policies in Secret Manager, see Use custom organization policies.
The November 4 release note announcing the release of sample discovery findings was published in error. This feature is not available.
Spanner supports the ALL_DIFFERENT
graph predicate in GoogleSQL-dialect databases. You can use this predicate to see if the graph elements in a list are mutually distinct.
November 18, 2024
Access ApprovalAccess Approval now supports Cloud Healthcare API in the Preview stage.
AlloyDB for PostgreSQL is now available in the following region: northamerica-south1
(Mexico). For more information, see AlloyDB Locations.
Two major engine versions within the v4 tuning version are no longer used by customers and are deprecated as of today. We recommend customers use the most recent engine versions instead. Deprecation overrides the support timeline for all minor versions within these major engine versions.
App Hub supports regional infrastructure resources with global applications in Preview.
JavaScript task using Gemini
If your integration flow requires any complex data mapping logic, Gemini can now recommend a JavaScript task. For more information, see Create an integration using Gemini.
You can add a JavaScript task, edit an existing task, or use Gemini to help understand the JavaScript code. For more information, see Configure JavaScript tasks.
The Sovereign Controls for Kingdom of Saudi Arabia control package now supports the following products. See Supported products by control package for more information:
- Sensitive Data Protection
- Google Cloud Armor
- Secret Manager
The Sovereign Controls for EU control package now supports the following products. See Supported products by control package for more information:
- BigQuery Data Transfer Service
- Sensitive Data Protection
- GKE Identity Service
- Google Cloud Armor
- Resource Manager
- Secret Manager
You can now create a Data Boost app profile and view Data Boost metrics in the Google Cloud console. Data Boost for Bigtable is in Preview. For more information, see Create and configure app profiles.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.47.0 (2024-11-13)
Features
- Add an experimental feature to skip waiting for trailers for unary ops (#2404) (cf58f26)
- Add internal "deadline remaining" client side metric #2341 (#2370) (75d4105)
Bug Fixes
Python
Changes for google-cloud-bigtable
2.27.0 (2024-11-12)
Features
- Add support for Cloud Bigtable Node Scaling Factor for CBT Clusters (#1023) (0809c6a)
- Surface
retry
param toTable.read_row
api (#982) (a8286d2)
Bug Fixes
Bigtable is now available in the northamerica-south1
(Mexico) region. For more information, see Bigtable locations.
The Cloud SQL MySQL plugins version 1.11.5 is available in Cloud Data Fusion versions 6.8.0 and later. This release fixes an issue in the Cloud SQL MySQL sink causing pipelines to fail when the schema contains a MySQL reserved word (PLUGIN-1017). This note is incorrect; see entry for November 27, 2024.
The SAP table batch source plugin version 0.11.5 is available in Cloud Data Fusion version 6.8.0 and later. This release fixes an issue causing the following error: Error encountered while configuring the stage: Unable to access Cloud Storage or download JCo libraries from Cloud Storage
.
Database Migration Service now lets you select if a connection profile is for a source or a destination database, based on your migration scenario. Database Migration Service shows configuration options applicable to your choice.
Dedicated Cloud Interconnect support is available in the following colocation facilities:
- Queretaro, Mexico, North America
For more information, see the Locations table and Global Locations.
Cloud KMS is available in the following region:
northamerica-south1
For more information, see Cloud KMS locations.
Support for the Node.js 22 runtime is now in general availability (GA).
Cloud Run functions now supports the Node.js 22 runtime at the General Availability release level.
Support for the northamerica-south1
(Mexico) region.
Cloud SQL now supports near-zero downtime when you enable or disable data cache for Cloud SQL Enterprise Plus edition primary instances. For more information, see Availability in Cloud SQL.
Cloud SQL now supports near-zero downtime for infrequent scale downs (once every three hours) of the compute size (vCPU, memory) of your Cloud SQL Enterprise Plus edition primary instance.
For more information, see Availability in Cloud SQL.
The pgvector
extension is now upgraded from version 0.7.4 to version 0.8.0. Use this extension to store and search for vector embeddings in PostgreSQL databases. For more information, see Configure PostgreSQL extensions.
To use this version of the extension, update your instance to one of the following:
POSTGRES_17_0.R20241011.00_03
(for PostgreSQL instances, version 17)[PostgreSQL version].R20240910.01_17
(for PostgreSQL instances, versions 13 to 16)
For more information, see Self-service maintenance.
Support for the northamerica-south1 (Mexico) region.
Cloud SQL now supports near-zero downtime when you enable or disable data cache for Cloud SQL Enterprise Plus edition primary instances. For more information, see Availability in Cloud SQL.
Cloud SQL now supports near-zero downtime for infrequent scale downs (once every three hours) of the compute size (vCPU, memory) of your Cloud SQL Enterprise Plus edition primary instance.
For more information, see Availability in Cloud SQL.
Support for the northamerica-south1
(Mexico) region.
A weekly digest of client library updates from across the Cloud SDK.
Cloud Storage is now available in Querétaro, Mexico (northamerica-south1
region). For more information, see Cloud Storage regions.
Cloud VPN is now available in region northamerica-south1
(Queretaro, Mexico, North America).
For more information, see Global locations.
Pricing is available on the Cloud VPN pricing page.
The Cloud Workstations base editor (Code OSS) has been upgraded to 1.94.2. The last image that offers the previous version is tagged code-oss-1.89.1
.
Generally available: Queretaro, Mexico, North America (northamerica-south1-a,b,c
) has launched with E2, N4, C4, and C3D VMs available in all three zones. For more information, see Global Locations and VM instance pricing.
cos-117-18613-75-37
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.56 | v24.0.9 | v1.7.23 | See List |
Fixed CVE-2024-50101 in the Linux kernel.
Fixed CVE-2024-50095 in the Linux kernel.
Fixed CVE-2024-50066 in the Linux kernel.
Fixed CVE-2024-50010 in the Linux kernel.
Fixed CVE-2024-50110 in the Linux kernel.
Fixed CVE-2024-50120 in the Linux kernel.
Fixed CVE-2024-50121 in the Linux kernel.
Fixed CVE-2024-50115 in the Linux kernel.
Fixed CVE-2024-50130 in the Linux kernel.
Fixed CVE-2024-50131 in the Linux kernel.
cos-113-18244-236-44
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.23 | See List |
Fixed CVE-2024-49952 in the Linux kernel.
Fixed CVE-2024-50095 in the Linux kernel.
Fixed CVE-2024-49946 in the Linux kernel.
Fixed CVE-2024-50010 in the Linux kernel.
Fixed CVE-2024-50138 in the Linux kernel.
Fixed CVE-2024-49959 in the Linux kernel.
Fixed CVE-2024-49954 in the Linux kernel.
Fixed CVE-2024-50110 in the Linux kernel.
Fixed CVE-2024-50115 in the Linux kernel.
Fixed CVE-2024-50131 in the Linux kernel.
cos-109-17800-372-45
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.23 | See List |
Fixed CVE-2024-45310 in app-containers/runc.
Fixed CVE-2024-50010 in the Linux kernel.
Fixed CVE-2024-49959 in the Linux kernel.
Fixed CVE-2024-49954 in the Linux kernel.
Fixed CVE-2024-50110 in the Linux kernel.
Fixed CVE-2024-50138 in the Linux kernel.
Fixed CVE-2024-50115 in the Linux kernel.
Fixed CVE-2024-50131 in the Linux kernel.
cos-105-17412-495-45
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.167 | v23.0.3 | v1.7.23 | See List |
Fixed CVE-2024-49952 in the Linux kernel.
Fixed CVE-2024-50110 in the Linux kernel.
Fixed CVE-2024-49959 in the Linux kernel.
Fixed CVE-2024-49954 in the Linux kernel.
Fixed CVE-2024-50010 in the Linux kernel.
Fixed CVE-2024-50131 in the Linux kernel.
Fixed CVE-2024-46855 in the Linux kernel.
cos-dev-121-18759-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.61 | v24.0.9 | v2.0.0 | See List |
Updated app-admin/google-guest-configs to v20241112.00.
Updated app-containers/containerd to v2.0.0.
Updated the Linux kernel to v6.6.61.
Upgraded cos-gpu-installer to v2.4.4: Relax precise GPU driver version check to allow version with two numeric segments pass.
Data Catalog is now available in the Mexico (northamerica-south1
) region. For more information, see Global locations and pricing.
Dataflow is available in Queretaro, Mexico (northamerica-south1). Learn more about Google Cloud locations.
Dataproc is now available in the northamerica-south1
region (Queretaro, Mexico).
Filestore is now available in Mexico (northamerica-south1
region).
Firestore now supports the northamerica-south1
Queretaro region.
For a full list of supported locations, see Locations.
Firestore in Datastore mode now supports the northamerica-south1
Queretaro region.
For a full list of supported locations, see Locations.
A weekly digest of client library updates from across the Cloud SDK.
The northamerica-south1
region in Querétaro, Mexico location is now available. For more information, see Global Locations.
Performance horizontal Pod autoscaling (HPA) profile is now available in Preview for new and existing GKE clusters running version 1.31.2-gke.1138000 or later. This feature speeds up HPA reaction time and enables quick recalculation of up to 1,000 HPA objects. To learn more, see Configuring Performance HPA profile.
You can now create a DVR session for a past, current, or future live stream.
Added new Memorystore for Memcached region: Querétaro (northamerica-south1
).
Pub/Sub is now available in the northamerica-south1
region (Querétaro, Mexico, North America). For more information, see Cloud locations.
A weekly digest of client library updates from across the Cloud SDK.
The Sovereign Controls Foundation by CNTXT and Sovereign Controls Advanced by CNTXT control packages now support the following products. See Supported products by control package for more information:
- Google Cloud Armor
- Secret Manager
- Sensitive Data Protection
The following control packages now support the following products. See Supported products by control package for more information:
Control packages:
- Local Controls by S3NS
- Sovereign Controls by PSN
- Sovereign Controls by SIA/Minsait
- Sovereign Controls by T-Systems
New supported products:
- BigQuery Data Transfer Service
- GKE Identity Service
- Google Cloud Armor
- Secret Manager
- Sensitive Data Protection
You can create Spanner regional instance configurations in Querétaro, Mexico (northamerica-south1
). For more information, see Google Cloud locations and Spanner pricing.
For auto mode VPC networks, added a new subnet 10.224.0.0/20
for the Mexico northamerica-south1
region. For more information, see Global Locations and Auto mode IP ranges.
November 17, 2024
Google SecOps SOARRelease 6.3.25 is now in General Availability.
From now on, only new features and changes will be written up for the Release Notes. Please use the customer portal to track progress of your support tickets or reach out to Customer Support for more information.
Secret Manager is now available in the following region:
- northamerica-south1
For more information, see Secret Manager locations.
November 15, 2024
AlloyDB for PostgreSQLAlloyDB free trial clusters are now available in all regions. For more information, see the AlloyDB free trial clusters overview.
The extension vector
, which includes pgvector
functions and operators, is updated to version 0.7.4.
On November 15, 2024, we released an updated version of the Apigee UI.
Bug ID | Description |
---|---|
376257906 | Fixed issue with custom report editing Resolved issue where customer reports without properties that were created using the API could not be rendered with the Edit option. |
The CJIS control package now supports the following products. See Supported products by control package for more information:
- Access Context Manager
- Apigee
- Cloud Build
- Cloud EKM
- Cloud Interconnect
- Cloud NAT
- Cloud Router
- Cloud Service Mesh
- Cloud VPN
- Resource Manager
- Firestore
- Identity-Aware Proxy (IAP)
- Memorystore for Redis
- Sensitive Data Protection
Backup for GKE now supports backing up and restoring Hyperdisk throughput, extreme, and balanced types volumes.
Preview: You can view and export historical utilization of on-demand and future reservations in your project, folder, or organization. This data helps you analyze usage trends for your VMs or GPUs, as well as plan for future capacity needs. For more information, see the following:
asia-south1
(Mumbai, India) is now subject to Tier 1 pricing.
Cloud Run is now in scope for International Traffic in Arms Regulations (ITAR).
You can now register an AI model endpoint, generate vector embeddings, and invoke predictions by using model endpoint management in Cloud SQL. For more information, see Register and call remote AI models in Cloud SQL overview.
You can now use the x-amz-decoded-content-length
header to allow an XML API upload that uses chunked transfer encoding to include a signature in its Authorization
header.
Manage security postures using the Google Cloud console is generally available.
You can now create, deploy, update, and delete security postures using the Google Cloud console. For more information, see Manage a security posture.
Sensitive data discovery is now included in Security Command Center Enterprise. To enable discovery in the Security Command Center Enterprise tier, see Enable sensitive data discovery in the Enterprise tier in the Security Command Center documentation.
The Sensitive Data Protection discovery service remains available to Security Command Center Premium and Standard customers as a separately priced feature. For more information, see Publish data profiles to Security Command Center.
VPC Service Controls feature (Status: Preview): VPC Service Controls adds support for using groups of third-party identities in ingress and egress rules to allow access to resources protected by service perimeters. This feature is available in Preview.
For more information, see Configure identity groups and third-party identities in ingress and egress rules.
November 14, 2024
Apigee Advanced API SecurityOn November 14, 2024 we released a new version of Advanced API Security
IP address drill down details are now available in the preview release of Advanced API Security Abuse Detection Incidents.
This new functionality allows viewing details of detected abuse by source IP.
For usage information, see the Abuse Detection customer documentation.
Dependent jobs are available in Preview. Dependent jobs let you schedule an automated chain of jobs, which can help you optimize resource consumption—for example, separate the types of VMs used for data preparation and compute-intensive data processing.
The following BigQuery ML features are now available:
- Creating remote models based on the Vertex AI gemini-1.5-flash and gemini-1.5-pro models.
- Using the
ML.GENERATE_TEXT
function with these remote models to perform generative natural language tasks for text stored in BigQuery tables. - Using the
ML.GENERATE_TEXT
function with these remote models to perform generative AI tasks, for example audio transcription or document classification, using image, video, audio, PDF, or text content stored in BigQuery object tables.
Try these features with the
Generate text by using the ML.GENERATE_TEXT
function
how-to topic.
These features are now generally available (GA).
You can try Gemini in BigQuery at no charge until January 27, 2025. After that date, to continue to use Gemini in BigQuery you must do one of the following:
- Purchase and assign BigQuery Enterprise Plus edition reservations to projects that use Gemini in BigQuery.
- Purchase Gemini Code Assist Enterprise.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, and Feed APIs.
- Cloud Build
cloudbuild.googleapis.com/Build
You can now create custom organization policies for the BackupRun
resource in Cloud SQL instances. In addition, more fields in the Instances
resource are available to create custom organization policies. For more information, see Add custom organization policies.
You can now create custom organization policies for the BackupRun
resource in Cloud SQL instances. In addition, more fields in the Instances
resource are available to create custom organization policies. For more information, see Add custom organization policies.
You can now create custom organization policies for the BackupRun
resource in Cloud SQL instances. In addition, more fields in the Instances
resource are available to create custom organization policies. For more information, see Add custom organization policies.
Bucket IP filtering for Cloud Storage is now available in Preview. With bucket IP filtering, you can restrict access to a bucket based on the source IP address of the request and secure your data from unauthorized access.
Conversational Insights offers Rule-based analysis as a preview feature to customize your conversation analyses. Rule-based analysis provides the following customizations for your conversation analyses:
- Filter conversations.
- Select a percentage of your dataset.
- Designate different types of analysis.
Data store tools: You can now optimize the RAG performance of data store tools used by Playbooks. See the documentation for details.
Dialogflow CX: New feature Context token limits has been added to Agent Settings > Generative AI. You can use this feature to set a percentage of the token budget to be reserved for conversation history, as a maximum. See the Agent Settings documentation for details.
Generators and data store handlers: The model gemini-1.5-flash-002
is now GA.
Data store handlers: The default generative model has been changed to gemini-1.5-flash-001
.
Google Distributed Cloud (software only) for VMware 1.29.800-gke.108 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.800-gke.108 runs on Kubernetes 1.29.10-gke.100.
If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.
The following issue is fixed in 1.29.800-gke.108:
Fixed the issue that additional manual steps are needed after disabling always-on secrets encryption with gkectl update cluster
.
The following vulnerabilities are fixed in 1.29.800-gke.108:
Container-optimized OS vulnerabilities:
Ubuntu vulnerabilities:
You can now use the Google Cloud console to create a Looker (Google Cloud core) Private Service Connect instance. The console also includes additional options to edit Looker (Google Cloud core) Private Service Connect instance settings.
Preview: Migrate to Virtual Machines lets you migrate Elastic Block Store (EBS) volumes not attached to a VM from AWS to Google Cloud, as part of a preview program. Use this feature when you have detached the disks associated with a VM to archive data and need to migrate these disks to Google cloud.
To participate in the preview, contact us at m2vm-independent-disks-migration@google.com.
Secure Source Manager supports Workforce Identity Federation.
To create an instance with Workforce Identity Federation enabled, follow the instructions in Create a Secure Source Manager instance to use with federated identities.
You can now view the configurations that determine the resource values of your high-value resource set. For more information, see View the configurations that match a high-value resource.
The Defense Evasion: Rootkit
detector of Virtual Machine Threat Detection is in General Availability. For more information, see Virtual Machine Threat Detection overview.
The application steps to activate the Security Command Center Enterprise tier have been streamlined. For information, see Activate the Security Command Center Enterprise tier.
The current default STREET_ADDRESS
infoType detection model, which is available when InfoType.version
is set to latest
or stable
, is now also used when InfoType.version
is set to legacy
.
The old detection model that was previously available by setting InfoType.version
to legacy
is no longer available.
November 13, 2024
Agent AssistAgent Assist offers a UI Connector with Salesforce to integrate with chat conversations.
Airflow 2.10.2 is available in Cloud Composer.
(Airflow 2.7.3) Backported #35887 to fix an issue that occurred during the DST transition. The issue affected DAGs with timezone-aware cron schedule and caused infinite loops in the Airflow scheduler.
Improved the error message generated when a Cloud Composer 3 environment creation fails because of missing permissions.
(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-google
package was upgraded to version 10.25.0 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.24.0 to version 10.25.0.
(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-cncf-kubernetes
package was upgraded to version 9.0.1 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 9.0.0 to version 9.0.1.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.10.2-build.0
- composer-3-airflow-2.9.3-build.7 (default)
- composer-3-airflow-2.7.3-build.23
New images are available in Cloud Composer 2:
- composer-2.9.11-airflow-2.10.2
- composer-2.9.11-airflow-2.9.3 (default)
- composer-2.9.11-airflow-2.7.3
Support dates for previous Cloud Composer 3 builds are available. All Cloud Composer 3 builds with Airflow 2.9.3 are supported until November 13, 2025.
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Preview: The OS policy orchestrator feature in VM Manager lets you manage OS policy assignments across projects and zones at scale in large organizations. OS policy assignment was previously available only for zonal resources in a project. For more information, see About OS Policy Orchestrator.
Config Connector version 1.125.0 is now available.
New Beta resources (direct reconciler)
-
- Manage connections to connect to Google services and external data sources
BigQueryAnalyticsHubDataExchange
- Manage data exchange to enable self-service data sharing
PrivilegedAccessManagerEntitlement
- Manage entitlements to grant for projects, folders, and organizations
-
- Manage workstation cluster to define a group of workstations in a particular region and the VPC network they're attached to.
Added cluster mode to manage the rate-limit for the Config Connector requests
- You can set the rate-limit for the reconciling requests to the kube-apiserver in Cluster and Namespace mode.
- Configure
NamespacedControllerReconciler
(Alpha) for namespace mode. This is added since 1.119 - Configure
ControllerReconciler
(Alpha) for cluster mode. The ControllerReconciler shows an example.
SQLInstance
Reconciliation Improvements
- You can use the
alpha.cnrm.cloud.google.com/reconciler: direct
annotation on the SQLInstance CR object to opt-in the direct controller. - The direct reconciler contains 2 fix and improvement:
- Fix the upgrade and downgrade issue between ENTERPRISE and ENTERPRISE_PLUS.
- Supports creating from clone functionality via
spec. cloneSource
- Migrated the
SQLInstance
from the Terraform-based or DCL-based controller to the new Direct Controller to enhance the reliability and performance. The CRD is unchanged.
ComputeFirewallPolicyRule
Reconciliation Improvements
- You can use the
alpha.cnrm.cloud.google.com/reconciler: direct
annotation on theComputeFirewallPolicyRule
CR object to opt-in the direct controller, which fixes the targetResources error "required value priority could not be found". - Migrated this resource from the Terraform-based controller to the new Direct Controller to enhance the reliability and performance. The resource CRD is unchanged.
AlloyDBInstance
- Added
spec.networkConfig.enableOutboundPublicIp
field. - Added
status.outboundPublicIpAddresses
field.
Issue 3007 ComputeBackendService
cannot refer clientTLSPolicy due to invalid format
Issue 2973 kubelet_config has insecure_kubelet_readonly_port_enabled: true
set even if not configured in the ContainerNodePool
object.
Flutter for the Mobile SDKs
You can now use Flutter to help you integrate the Mobile SDKs (the Android SDK and the iOS SDK) into your Android or iOS app. For more information, see Integrate using Flutter.
(2024-R44) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- Version 1.31.1-gke.2105000 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.14-gke.1376000
- 1.29.9-gke.1541000
- 1.30.5-gke.1628000
- 1.31.1-gke.1846000
- 1.31.2-gke.1115000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.2105000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.
Regular channel
- The following versions are now available in the Regular channel:
Stable channel
- The following versions are now available in the Stable channel:
Extended channel
- The following versions are now available in the Extended channel:
- Version 1.27.16-gke.1373000 is no longer available in the Extended channel.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1681000 with this release.
No channel
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.30.5-gke.1628000
- 1.31.1-gke.1678000
- 1.31.2-gke.1115000
(2024-R44) Version updates
GKE cluster versions have been updated.
- Version 1.31.1-gke.2105000 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.14-gke.1376000
- 1.29.9-gke.1541000
- 1.30.5-gke.1628000
- 1.31.1-gke.1846000
- 1.31.2-gke.1115000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.2105000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.
(2024-R44) Version updates
GKE cluster versions have been updated.
- The following versions are now available in the Regular channel:
(2024-R44) Version updates
GKE cluster versions have been updated.
- The following versions are now available in the Stable channel:
(2024-R44) Version updates
GKE cluster versions have been updated.
- The following versions are now available in the Extended channel:
- Version 1.27.16-gke.1373000 is no longer available in the Extended channel.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1681000 with this release.
(2024-R44) Version updates
GKE cluster versions have been updated.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.30.5-gke.1628000
- 1.31.1-gke.1678000
- 1.31.2-gke.1115000
November 12, 2024
AlloyDB for PostgreSQLAlloyDB now supports up to 128 TiB storage per cluster in all regions where AlloyDB is available.
If you are dropping an AlloyDB database that is larger than 64 TiB, then any write operations on other AlloyDB databases are paused until the drop operation is completed.
hybrid v1.13.2
On November 12, 2024 we released an updated version of the Apigee hybrid software, 1.13.2.
- For information on upgrading, see Upgrading Apigee hybrid to version 1.13.2.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
373722434 | Fixed support for backups to GCS buckets with retention policies. |
361044374 | Fixes assign message not correctly highlighting the set payload action in the debug trace. |
355122464 | This release contains a few error-handling fixes for CSI backup and restore. |
237656263 | Fix added to make use of asynchronous ServiceCallout execution when the ServiceCallout policy <Response> element is not present.
Procedure:
|
Bug ID | Description |
---|---|
N/A | Security fixes for apigee-redis . This addresses the following vulnerabilities: |
.NET 6 has reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of .NET.
Cloud Load Balancing resources now let you use custom constraints to define your own restrictions on Google Cloud services. To learn about which load balancing resources support custom constraints, and some sample use cases, see Manage Cloud Load Balancing resources using custom constraints.
For more information about custom constraints, see the following:
This feature is available in General Availability.
You can now have Cloud SQL create a Private Service Connect endpoint automatically instead of creating the endpoint manually after the instance is created. You use this endpoint to access a Cloud SQL instance through a VPC network. For more information, see Connect to an instance using Private Service Connect. This feature is available in Preview.
You can now have Cloud SQL create a Private Service Connect endpoint automatically instead of creating the endpoint manually after the instance is created. You use this endpoint to access a Cloud SQL instance through a VPC network. For more information, see Connect to an instance using Private Service Connect. This feature is available in Preview.
You can now have Cloud SQL create a Private Service Connect endpoint automatically instead of creating the endpoint manually after the instance is created. You use this endpoint to access a Cloud SQL instance through a VPC network. For more information, see Connect to an instance using Private Service Connect. This feature is available in Preview.
In-cluster Cloud Service Mesh 1.20 is no longer supported. For more information, see Supported versions.
1.20.8-asm.10 is now available for in-cluster Cloud Service Mesh.
1.20 is no longer supported. While the fix for the bug in the distroless proxy container has been backported to 1.20, you should upgrade to 1.21 or later.
You can now download 1.20.8-asm.10 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.20.8 subject to the list of supported features. Cloud Service Mesh version 1.20.8-asm.10 uses envoy v1.28.6.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
1.23.3-asm.2 is now available for in-cluster Cloud Service Mesh.
You can now download 1.23.3-asm.2 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.23.3 subject to the list of supported features. Cloud Service Mesh version 1.23.3-asm.2 uses envoy v1.31.2.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
1.22.6-asm.2 is now available for in-cluster Cloud Service Mesh.
You can now download 1.22.6-asm.2 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.22.6 subject to the list of supported features. Cloud Service Mesh version 1.22.6-asm.2 uses envoy v1.30.6.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
1.21.5-asm.12 is now available for in-cluster Cloud Service Mesh.
You can now download 1.21.5-asm.12 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.21.5 subject to the list of supported features. Cloud Service Mesh version 1.21.5-asm.12 uses envoy v1.29.8.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
This release fixes a bug in the distroless proxy container. Before this fix, the distroless proxy produced errors similar to the following when deployed in a Kubernetes cluster with in-cluster control plane that did not have Container Network Interface (CNI) installed.
xtables resource problem: can't open lock file /run/xtables.lock: No such file or directory
This fix applies to the following new versions:
- 1.20.8-asm.10
- 1.21.5-asm.12
- 1.22.6-asm.2
- 1.23.3-asm.2
Config Controller now uses the following versions of its included products:
- Config Connector v1.124.0, release notes
Datastream now supports global transaction identifier (GTID)-based replication for MySQL sources. The feature is in Preview.
GTID-based replication supports failovers and managed database clusters, such as Cloud SQL Enterprise Plus edition. For more information, see the Datastream documentation.
Mobile SDK 2.10 is released
Mobile SDK 2.10 includes the following updates:
- iOS SDK:
- Text resizing. End-users can increase text size up to 200%. Text is resized using the device settings.
- Android SDK:
- Fixed the sticky button behavior so that it matches iOS.
- Android SDK and iOS SDK:
- Fixed an issue where content card text was misaligned.
Google Cloud Managed Service for Apache Kafka is now in General Availability (GA).
November 11, 2024
Artifact RegistryThe Container Registry -> Artifact Registry Migration Admin role simplifies the IAM roles required for the transition from Container Registry to Artifact Registry. For instructions on how to use the role, see Automatically migrate from Container Registry to Artifact Registry.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-bigquery
3.27.0 (2024-11-01)
Features
The following BigQuery ML features are now available:
- You can perform supervised tuning on a remote model based on a Vertex AI Gemini 1.5 flash or Gemini 1.5 pro model.
- You can evaluate a Vertex AI LLM using the
ML.EVALUATE
function. Pre-trained PaLM and Gemini models and tuned Gemini models are supported for evaluation.
Try tuning and evaluating an LLM with the Customize an LLM by using supervised fine tuning how-to topic or the Use tuning and evaluation to improve model performance tutorial.
These BigQuery ML features are generally available (GA).
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Dataplex
dataplex.googleapis.com/AspectType
dataplex.googleapis.com/EntryGroup
dataplex.googleapis.com/EntryType
Dashboard variables and dashboard-level filtering is now GA. Pinned filters and variables can have multiple default values and they support selection of multiple values. For more information, see the following documents:
cos-105-17412-495-37
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.167 | v23.0.3 | v1.7.23 | See List |
Fixed CVE-2024-50602 in dev-libs/expat.
Fixed KCTF-2e95c43 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50082 in the Linux kernel.
Fixed CVE-2024-50083 in the Linux kernel.
Fixed CVE-2024-50024 in the Linux kernel.
Fixed CVE-2024-50002 in the Linux kernel.
Fixed CVE-2024-49967 in the Linux kernel.
Fixed CVE-2024-50006 in the Linux kernel.
Fixed CVE-2024-49881 in the Linux kernel.
Fixed CVE-2024-49881 in the Linux kernel.
Fixed CVE-2024-50015 in the Linux kernel.
Fixed CVE-2024-50015 in the Linux kernel.
Fixed CVE-2024-50001 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812681 -> 812709
cos-117-18613-75-26
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.56 | v24.0.9 | v1.7.23 | See List |
Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675
Fixed CVE-2024-50602 in dev-libs/expat.
Fixed CVE-2024-50067 in the Linux kernel.
Fixed CVE-2024-50036 in the Linux kernel.
Fixed KCTF-2e95c43 in the Linux kernel.
Fixed CVE-2024-50076 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50082 in the Linux kernel.
Fixed CVE-2024-50024 in the Linux kernel.
Fixed KCTF-8ea6073 in the Linux kernel.
Fixed CVE-2024-50072 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811757 -> 811721
cos-113-18244-236-35
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.23 | See List |
Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675.
Fixed CVE-2024-50602 in dev-libs/expat.
Fixed KCTF-2e95c43 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50082 in the Linux kernel.
Fixed CVE-2024-50083 in the Linux kernel.
Fixed CVE-2024-50024 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812026 -> 812011
cos-109-17800-372-38
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.23 | See List |
Fixed CVE-2024-50602 in dev-libs/expat.
Fixed KCTF-2e95c43 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50082 in the Linux kernel.
Fixed CVE-2024-50083 in the Linux kernel.
Fixed CVE-2024-50024 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812248 -> 812209
cos-dev-121-18747-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.59 | v24.0.9 | v1.7.23 | See List |
Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675.
Fixed CVE-2024-9143 in dev-libs/openssl.
Fixed KCTF-2e95c43 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811822 -> 811804
Announcing the General Availability (GA) of Flexible shapes for Dataproc secondary workers which allows you to provide a ranked selection of machine types to use for the creation of VMs.
Announcing the General Availability (GA) of Spot and non-preemptible VM mixing for Dataproc secondary workers which allows you to mix spot and non-preemptible secondary workers when you create a Dataproc cluster.
A weekly digest of client library updates from across the Cloud SDK.
Clusters now have unified and flexible configuration, allowing you to modify control plane access and cluster node settings at any time, without the need to recreate the cluster. This eliminates the previous distinction between private and public clusters. All clusters support this flexibility and utilize DNS-based endpoints for secure and direct control plane access from any network, removing the need for bastion hosts or proxies. You can still enhance security with measures like VPC Service Controls.
To learn more, see About network isolation in GKE.
DNS-based access for GKE clusters control plane is now generally available. This capability provides each cluster with a unique domain name system (DNS) name or fully-qualified domain name (FQDN). Access to clusters is controlled through IAM policies, eliminating the need for bastion hosts or proxy nodes. Authorized users can connect to the control plane from different cloud networks, on-prem deployments, or from remote locations, without relying on proxies.
To learn more, see About network isolation in GKE.
Instances that use 1, 2, or 4 shards are now Generally Available. For more information about the minimum and maximum supported shard count, see Cluster and node specification.
Added support for Node-level monitoring metrics (Generally Available).
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-pubsub
2.27.1 (2024-11-08)
Bug Fixes
As of December 9, 2024, if you activate Security Command Center within an organization for the first time, then you must use only version 2 of the Security Command Center API in that organization. Earlier versions are not supported.
If you activated Security Command Center at the project level prior to December 9, 2024, then any projects you activate in the same organization will support all available versions of the Security Command Center API.
To migrate to the v2 API from an earlier version, see Migrate to v2 of the Security Command Center API.
The Vulnerability management dashboard was enhanced to include information about containers with exploitable vulnerabilities. This feature is in Preview.
Starting October 24, 2024, the IAM Recommender service is enabled by default when activating Security Command Center. You manage the IAM Recommender service under the Security Command Center Settings page > Integrated services tab. For more information, see Add integrated Google Cloud services to Security Command Center.
The current default ORGANIZATION_NAME
infoType detection model, which is available when InfoType.version
is set to latest
or stable
, is now also used when InfoType.version
is set to legacy
.
The old detection model that was previously available by setting InfoType.version
to legacy
is no longer available.
The region restriction on the ORGANIZATION_NAME
infoType has been lifted. It is now available in all regions.
Journey Voices now supports the de-de, en-gb, en-in, es-us, fr-ca, fr-fr, and it-it locales.
November 10, 2024
Google SecOps SOARRelease 6.3.25 is in Preview.
November 09, 2024
Google SecOpsThe following parser documentation is now available.
Collect Microsoft Azure AD logs
Collect Cisco Secure Email Gateway logs
Collect Amazon CloudFront logs
Collect the General Dynamics Fidelis XPS logs
Collect Imperva Incapsula Web Application Firewall logs
Collect Microsoft Graph security API alert logs
Collect Kemp Load Balancer logs
Collect Mimecast Secure Email Gateway logs
Collect Proofpoint TAP alerts logs
Collect RSA Authentication Manager logs
Collect Symantec Event Export logs
Collect Palo Alto Prisma Cloud logs
The following parser documentation is now available.
Collect Microsoft Azure AD logs
Collect Cisco Secure Email Gateway logs
Collect Amazon CloudFront logs
Collect the General Dynamics Fidelis XPS logs
Collect Imperva Incapsula Web Application Firewall logs
Collect Microsoft Graph security API alert logs
Collect Kemp Load Balancer logs
Collect Mimecast Secure Email Gateway logs
Collect Proofpoint TAP alerts logs
Collect RSA Authentication Manager logs
Collect Symantec Event Export logs
Collect Palo Alto Prisma Cloud logs
Release 6.3.24 is now in General Availability.
November 08, 2024
AlloyDB for PostgreSQLAlloyDB Omni version 15.7.0 is generally available (GA). Version 15.7.0 includes the following features and changes:
AlloyDB Omni supports PostgreSQL version 15.7.
The
alloydb_scann
extension—previously namedpostgres_scann
—is generally available (GA). For more information about storing vector embeddings, creating indexes, and tuning indexes to achieve faster query performance and better recall, see Work with vectors.Support for Red Hat Enterprise Linux (RHEL) 8 is generally available (GA).
The AlloyDB Omni columnar engine is available in Preview on ARM.
Disk cache and columnar storage cache are available to improve AlloyDB Omni performance by accelerating data access for AlloyDB Omni in a container and on a Kubernetes cluster.
Security fixes for CVE-2023-50387 and CVE-2024-7348 have been implemented.
The AlloyDB Omni Reference documentation is available. This includes metrics, database flags, model endpoint management reference, and extensions documentation for AlloyDB Omni 15.7.0.
AlloyDB Omni supports the
pg_ivm
extension, which provides incremental view maintenance for materialized views.Various bug fixes and performance improvements.
The AlloyDB Omni Kubernetes operator version 1.2.0 is generally available (GA). Version 1.2.0 includes the following new features:
The
healthcheckPeriodSeconds
parameter lets you specify the number of seconds to wait between health checks. For more information, see Adjust automatic failover trigger settings.The following metrics help you monitor the performance of your database container. Each of these metrics is of type
gauge
. For more information, see Database container-level metrics.alloydb_omni_memory_limit_byte
shows the memory limit of a database container.alloydb_omni_instance_postgresql_replication_state
shows the state of each replica that's connected to the AlloyDB Omni primary node.alloydb_omni_memory_used_byte
shows the memory used by the database container in bytes.
An issue that caused a brief interruption to all database clusters when the following is true is fixed:
You're upgrading the AlloyDB Omni Kubernetes operator version 1.1.1 to a newer version.
You're using the AlloyDB Omni database version 15.5.5 or later.
AlloyDB AI is not enabled.
High availability is supported on a secondary database cluster after it's promoted. For more information, see Promote a secondary database cluster and Manage high availability in Kubernetes.
You can enable or disable model endpoint management through Kubernetes manifests. For more information, see Install AlloyDB Omni with AlloyDB AI.
You can configure when logs rotate using thresholds that are based on the size of the log files, the time since the log file last rotated, or both. For more information, see Configure AlloyDB Omni log rotation.
You can create a snapshot of the memory heap of AlloyDB Omni Kubernetes operator to help you analyze and debug its memory performance. For more information, see Analyze AlloyDB Omni Kubernetes operator memory heap usage.
In AlloyDB Omni versions 15.5.5 and earlier, parameterized view features were available in the alloydb_ai_nl
extension. Starting in version 15.7.0, parameterized view features are available in the parameterized_views
extension, which you must create before you use parameterized views. Also starting in version 15.7.0, the related function, google_exec_param_query
, has been renamed to execute_parameterized_query
and is available in the parameterized_views
extension. For more information, see Query your database using natural language.
The extension pg_ivm
version 1.9 has been added to extensions supported by AlloyDB Omni.
The following extensions are updated:
google_ml_integration
from 1.3 to 1.4.2pg_partman
from 4.7.4 to 5.0.1pglogical
from 2.4.4 to 2.4.5pgtt
from 3.0.0 to 4.0.0vector
is updated from 0.7.0 to 0.7.4
The Multiple table plugin version 1.4.1 is available in Cloud Data Fusion versions 6.10.1 and later. This release fixes an issue causing pipelines to fail if a Multiple database tables batch source's Reference Name field contains spaces. The field no longer accepts spaces (PLUGIN-1752).
Audit Logging now populates the status.details
field in the audit log with the google.rpc.ErrorInfo
and google.rpc.Help
proto payload types in cases where an API returns an error status and that status includes one of those types in the details field.
Cloud Workstations supports granting access to individual ports. For details, see the Grant access to individual Cloud Workstations ports page.
Eventarc Standard is available in the northamerica-south1
(Mexico, North America) region.
Batch predictions for Llama models on Vertex AI (MaaS) is available in Preview.
Batch prediction support for Gemini
Batch prediction is available for Gemini in General Availability (GA). Available Gemini models include Gemini 1.0 Pro, Gemini 1.5 Pro, and Gemini 1.5 Flash. To get started with batch prediction, see Get batch predictions for Gemini.
The machine family of N1 custom machine types (like custom-1-1024
) is now accurately labeled as "N1" for all node versions later than 1.31.2-gke.1115000.
The Live Stream API is now available in asia-south1
and europe-north1
. For more information, see Live Stream API locations.
To help you detect potentially malicious anomalies in your network, Event Threat Detection now supports the ability to analyze foundational log sources, which produce Bad IP findings without enabling VPC Flow Logs. This feature is in Preview.
- If you activated Security Command Center Premium or Enterprise in a project or organization before October 18, 2024, then you have access to this feature in that project or organization.
- If you activated Security Command Center Premium or Enterprise at the project level before October 18, 2024, and you activate additional projects in the same organization, then the additional projects will have access to this feature.
- If you activated Security Command Center Premium or Enterprise in a project or organization on or after October 18, 2024, and you want to enable this feature, then contact Google Cloud Customer Care.
The EMPLOYMENT_STATUS
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
November 07, 2024
AlloyDB for PostgreSQLSince the google_ml_integration.enable_model_support
flag is enabled by default, if you are using the google_ml_integration
extension version 1.3, your ability to query Vertex AI models using the embedding()
function might be impacted. Querying registered models using the google_ml.embedding()
function remains unaffected.
To resolve the issue with using the embedding()
function , upgrade the google_ml_integration
extension version 1.3 to the latest version, 1.4.2. For more information, see how to upgrade the extension.
This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
Audit Manager is now generally available (GA).
Audit Manager is a compliance audit solution that helps you to simplify your compliance audit process on Google Cloud.
Database Migration Service now supports MySQL minor version 8.0.39 for homogeneous MySQL migrations. For more information, see Supported source and destination databases in Cloud SQL for MySQL migrations.
You can now specify mount options when you configure Cloud Storage volume mounts for both Cloud Run services and jobs. (In Preview)
The following images are now rolling out for managed Cloud Service Mesh:
- 1.19.10-asm.21 is rolling out to the rapid release channel.
- 1.19.10-asm.21 is rolling out to the regular release channel.
- 1.19.10-asm.21 is rolling out to the stable release channel.
You can now restore soft-deleted buckets. If you delete a bucket with an active soft delete policy, Cloud Storage retains the bucket for the specified soft delete retention duration, during which the bucket can be restored to a live state. To learn more about the bucket restore feature, see Use soft-deleted buckets.
Dialogflow CX: As of August 2024, us-dialogflow.*
has been re-introduced as the canonical endpoint for the US multi-region. The usa-dialogflow.*
endpoint is still supported as an alias. See the regionalization documentation for details.
Version 3.29 is released
All release notes published on this date are part of version 3.29.
The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.
Skip CRM account and record creation (Zendesk and ServiceNow)
You can now skip CRM account and record creation for Zendesk and ServiceNow. For more information, see Skip CRM account and record creation.
Agent status translation
You can translate the default, system, and custom agent statuses for the languages supported by Google Cloud Contact Center as a Service (CCaaS). Google Cloud CCaaS provides automatic translation of default and system statuses. It also lets you do translations manually. For more information, see Agent status translation.
Generative session summarization using Agent Assist
Agent Assist now supports generative session summarization for chat and voice sessions. Agents can view information about a customer's previous support interactions in the agent adapter, including generative session summaries, agent notes, and transcripts. This helps give agents the context they need for a customer and can improve overall handling times. Supervisors can view generative session summarizations for ongoing and completed sessions in the session monitoring pages.
Generative session summarizations are generated for an entire session and for segments of a session. Session segments are generated when a session is handled by multiple human or virtual agents.
Generative session summarization requires you to enable Agent Assist and configure external storage.
Generative knowledge assist using Agent Assist
Agents can now view knowledge articles while on a call or chat. These knowledge articles appear as clickable tiles in the agent adapter and are generated based on the ongoing conversation between the agent and end-user. Agents can click a tile to open the article in a browser tab. Agents can also search for knowledge articles using a search field in the agent adapter.
Queue transfer restrictions
You can control which queues or teams that agents can transfer sessions to. This provides more granular control over call flows and helps prevent improper transfers. For more information, see Restrict queue transfers.
Support for direct SIP REFER in virtual agent call transfers
Virtual assistant call transfers now support the direct SIP REFER method. This means you can pass useful information in the call transfer, such as caller intent and account information. Call transfer data is recorded as Planned Transfers in virtual assistant metrics. For more information, see Transfer a call to a SIP endpoint using the SIP REFER method.
Alvaria WFM for chat
Customers with Alvaria integrations can now receive chat session data. For more information, see Alvaria Workforce integration.
Clear the voicemails in a queue
You can now clear the voicemails in any queue from the Call settings page. For more information, see Clear voicemails from queues.
Queue operation statuses endpoint
We added a new API endpoint that lets you check whether a queue is in After Hours (AH) or Overcapacity (OC) status. For more information, see Queue operation statuses endpoint.
SDK parameters in the custom CRM lookup flow
You can now use SDK data parameters in the CRM lookup flow. For more information, see CRM lookup URLs.
Use the admin user for CRM API calls with Salesforce
Using Salesforce, you can now use the admin user for all CRM API calls for record creation and updating, while still allowing agents to retain ownership of CRM-specific actions. For more information, see Salesforce configuration.
New Agent_Assist_Started event
A new Agent_Assist_Added
event is now available. This event contains the conversation ID for a specific agent assist session. For more information, see Agent Assist started.
Chat transcripts download
This capability is currently not available.
Display email session ID in the email adapter and email subject
You can now display the session ID in the email adapter and in the subject line of an email thread. For more information, see Append the session ID to email subject lines and Agent email adapter.
Clickable authentication icon
The authentication icon in the agent adapter can now be clicked by the agent to mark the customer as either authenticated or unauthenticated. For more information, see User profile flags for calls and User profile tags for chat.
Interaction history
In the agent adapter, agents can view an end-user's interactions from previous call and chat sessions. This provides context to help agents provide a better support experience and improve handle time. Supervisors can also see interaction history when viewing connected call or chat sessions. For more information, see Interaction history.
Fixed an issue where the session summary wouldn't automatically scale with the height of the chat adapter.
Fixed an issue where wrap-up and disposition settings were not following destination queue settings when calls and chats were transferred.
Fixed an issue where transferring calls to a parent queue sometimes caused calls to drop.
Fixed an issue that sometimes prevented agents from going into Available status after wrapping up a call while still in a chat session.
Fixed an issue where the wait time for transferred sessions sometimes displayed incorrectly on the "Queued Calls" and "Queued Chats" dashboards.
Improved the user interface for the email transcript capability.
Google Distributed Cloud (software only) for VMware 1.28.1200-gke.83 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.1200-gke.83 runs on Kubernetes v1.28.14-gke.700.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
The following issue is fixed in 1.28.1200-gke.83:
- Fixed the issue that additional manual steps are needed after disabling always-on secrets encryption with
gkectl update cluster
.
The following vulnerabilities are fixed in 1.28.1200-gke.83:
Container-optimized OS vulnerabilities:
Release 1.28.1200-gke.83
Google Distributed Cloud for bare metal 1.28.1200-gke.83 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.1200-gke.83 runs on Kubernetes 1.28.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Fixes:
Fixed an issue where the registry mirror reachability check fails for a single unreachable registry mirror. Now the reachability check applies to configured registry mirrors only, instead of all registry mirrors.
Fixed the issue where non-root users can't run
bmctl restore
to restore quorum.
The following container image security vulnerabilities have been fixed in 1.28.1200-gke.83:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
GKE clusters running version 1.28 or later now support automatic application monitoring in public preview. Enabling this feature automatically deploys PodMonitoring
configurations to capture key metrics for supported workloads like Apache Airflow, Istio, and RabbitMQ. These metrics are integrated with Cloud Monitoring dashboards for observability. To learn more, see Configure automatic application monitoring for workloads.
Looker 24.20 includes the following changes, features, and fixes:
Expected Looker (original) deployment start: Monday, November 11, 2024
Expected Looker (original) final deployment and download available: Thursday, November 21, 2024
Expected Looker (Google Cloud core) deployment start: Thursday, November 7, 2024
Expected Looker (Google Cloud core) final deployment: Thursday, November 14, 2024
In the Looker application API, for methods that include a query_id
field, or, in the case of Query APIs, an id
field, the query_id
and id
fields no longer accept a numeric value and now require a query slug value. This change will be released in phases:
Looker 24.20: December 4, 2024 for Americas Early (Note: This information was updated on November 12, 2024.)
Looker 25.0: Americas Mid
Looker 25.2: General Availability (GA) (Note: This information was updated on November 15, 2024.)
Users no longer need the download_without_limit
permission to select the All Results option when they schedule Looks and dashboards.
The Chart Config Editor now supports creating a Dependency Wheel visualization.
The Chart Config Editor now supports creating an Item visualization.
The New Project page in Looker has been replaced with the Create a Model page. However, you can still access the New Project page if you are using a Looker (original) instance and your Looker admin has enabled the Use Legacy Project Creation Page legacy feature or through the informational banner at the top of the Create a Model page.
Looker has released version 1.4.0 of the Looker–Power BI Connector. See the Looker–Power BI Connector change log for details about the version 1.4.0. Note: This item was added on November 11, 2024.
With Connected Sheets for Looker, pivot tables can now pull up to 100,000 rows from a Looker Explore (increased from the previous limit of 30,000). See the Looker & Looker Studio Community for the announcement. Note: This information was added on December 11, 2024.
An issue has been fixed where renaming a project using a bare repository could prevent deploying to production for that project. This feature now performs as expected.
An issue has been fixed where editing a model set could take a long time to load. This feature now performs as expected.
An issue has been fixed where the Actions page could fail to reflect recently saved settings. This feature now performs as expected.
An issue has been fixed where Sankey charts could ignore series values if they matched other series values.
An issue has been fixed where conditional formatting could fail to apply to total rows if the value was zero. This feature now performs as expected.
An issue has been fixed where Looker could generate datagroup names with dashes even though dashes aren't allowed in datagroup names. This feature now performs as expected.
An issue has been fixed where certain System Activity queries could time out. This feature now performs as expected.
The PDF and PNG rendering software has been upgraded to the latest stable version.
An issue has been fixed where visualizations that were created with the Chart Config Editor could fail to be displayed in an embedded context. This feature now performs as expected.
An issue has been fixed where the LookML Validator would not display an error message if the convert_tz
parameter was used in an invalid context. This feature now performs as expected.
An issue has been fixed where selecting the word cloud visualization could cause Looker to display a blank page. This feature now performs as expected.
Tooltips have been added for truncated progress values in single value visualizations.
An issue has been fixed where progress values in single value visualizations were unnecessarily truncated. This feature now performs as expected.
An issue has been fixed where modifying dashboard filters after deleting a tile could cause Looker to display an error. This feature now performs as expected.
An issue has been fixed where progress bars in single value visualizations could disappear when the visualization was resized. This feature now performs as expected.
An issue has been fixed where relative date filters could misinterpret numbers with more than three digits (such as "in the last 1000 minutes") as dates. This feature now performs as expected.
An issue has been fixed where killing queries on BigQuery Standard SQL could be unnecessarily expensive. This feature now performs as expected.
An issue has been fixed where special characters (such as <
and >
) in pivoted dimension values could cause Looker to incorrectly truncate legend labels. This feature now performs as expected.
An issue has been fixed where downloading a dashboard tile with an invalid hex color code as an Excel spreadsheet could cause the download to fail. Looker now applies a default font color instead.
An issue has been fixed where location type fields could not be used in custom filter expressions. This feature now performs as expected.
An issue has been fixed where invalid "set" or "when" LookML fields could cause the LookML Validator to fail with a 500 error. The LookML Validator now displays a more informative error message.
An issue has been fixed where a locale value of fr
would fall back to fr-CA
instead of fr-FR
, which was causing text to be translated incorrectly. This feature now performs as expected.
An issue has been fixed where the LookML IDE did not persist line wrap settings. This feature now performs as expected.
Upon upgrade to Looker 24.20, support access will be disabled on Looker (original) instances. To enable it, set a duration and a support access role on the Support Access page of the Admin panel.
Looker (original) deployments can now use the Redshift 2.1.0.30 driver.
A new Labs feature is available, New Database Connection Setup. When enabled, this feature updates the Add/Edit Connection page with a modernized UI, enhanced validation and connection testing capabilities, and a comprehensive configuration summary.
Google Cloud Technical Support access has updated duration settings of 0 to 48 hours. Admins may choose to grant all Support users either a Support Basic Editor role or a Support Advanced Editor role.
A new Labs feature is available, Tiered Support Access, which defaults to enabled. When this feature is disabled, Looker uses the legacy version of support access.
A new legacy feature is available, Use Legacy Project Creation Page. When this feature is enabled, it hides the Create a Model page and displays the deprecated New Project page.
A new Labs feature is available, Complex Filters UI Configuration for Explores. When this feature is enabled, matches (advanced) filters no longer update to simpler filter types when a comma is entered into the filter expression until the page is reloaded. This feature resolves a few stability issues with matches (advanced) filters.
Google Cloud Technical Support access is now available for Looker (Google Cloud core) instances. Update: This feature will become available to customers in January 2025. This item was updated on December 3, 2024.
An issue has been fixed where logging in to an instance using IP Allowlist could take a long time. This feature now performs as expected.
Added support for multiple VPC networks (Preview). For more details, see About multiple VPC networking.
The v2 Security Command Center API is generally available (GA).
To migrate from an earlier version, see Migrate to v2 of the Security Command Center API.
November 06, 2024
BigQueryBigQuery now offers the following Gemini-enhanced SQL translation features:
In interactive translation mode, you can use Gemini-enhanced SQL translations to customize translated GoogleSQL queries. This feature is generally available (GA).
You can generate AI suggestions for batch translations using the Gemini model. The suggestions are based on a Gemini-based configuration YAML file. This feature is in Preview.
After running an interactive SQL translation, you can request a Gemini-generated text explanation that includes a summary of the translated SQL query. This feature is in Preview.
(Cloud Composer 3) Fixed an issue that affected the speed of PyPI package installation. PyPI packages are now installed slightly faster.
(Airflow 2.9.3 and 2.7.3) The docutils
package was removed from preinstalled packages.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.9.3-build.6 (default)
- composer-3-airflow-2.7.3-build.22
New images are available in Cloud Composer 2:
- composer-2.9.10-airflow-2.9.3 (default)
- composer-2.9.10-airflow-2.7.3
Cloud Composer version 2.5.1 has reached its end of support period.
Cloud Composer 2.9.7 is a version with an extended upgrade timeline.
1.23.3-asm.1 is now available for in-cluster Cloud Service Mesh.
You can now download 1.23.3-asm.1 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.23.3 subject to the list of supported features. Cloud Service Mesh version 1.23.3-asm.1 uses envoy v1.31.2.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
1.22.6-asm.1 is now available for in-cluster Cloud Service Mesh.
You can now download 1.22.6-asm.1 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.22.6 subject to the list of supported features. Cloud Service Mesh version 1.22.6-asm.1 uses envoy v1.30.6.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
1.21.5-asm.10 is now available for in-cluster Cloud Service Mesh.
You can now download 1.21.5-asm.10 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.21.5 subject to the list of supported features. Cloud Service Mesh version 1.21.5-asm.10 uses envoy v1.29.8.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
1.20.8-asm.9 is now available for in-cluster Cloud Service Mesh.
You can now download 1.20.8-asm.9 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.20.8 subject to the list of supported features. Cloud Service Mesh version 1.20.8-asm.9 uses envoy v1.28.6.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
This release fixes a bug in the following versions where the default user for distroless proxy was changed to root; As a result of this fix, the default user is now back to non-root
- 1.20.8-asm.6
- 1.20.8-asm.7
- 1.21.5-asm.5
- 1.21.5-asm.7
- 1.22.3-asm.1
- 1.22.4-asm.0
- 1.22.5-asm.1
This change may affect some gateway deployments which rely on the root user to expose a privileged port for ingress or egress. To ensure your gateways continue to work correctly, you may need to apply additional security contexts to your deployments. For details, see the troubleshooting guide.
Patches fixing a bug where the default user for distroless proxy was changed to root will be rolling out to all release channels. As a result of this fix, the default user is changing back to non-root. When you see the release note notifying that this rollout is complete, you must restart each affected workload to make the change effective.
cos-113-18244-236-26
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.23 | See List |
Updated NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.
Fixed CVE-2024-50002 in the Linux kernel.
Fixed CVE-2024-49967 in the Linux kernel.
Fixed CVE-2024-50006 in the Linux kernel.
Fixed CVE-2024-49881 in the Linux kernel.
Fixed CVE-2024-49881 in the Linux kernel.
Fixed CVE-2024-47678 in the Linux kernel.
Fixed CVE-2024-47678 in the Linux kernel.
Fixed CVE-2024-47705 in the Linux kernel.
Fixed CVE-2024-47705 in the Linux kernel.
Fixed CVE-2024-50001 in the Linux kernel.
Fixed CVE-2024-50019 in the Linux kernel.
Fixed CVE-2024-49983 in the Linux kernel.
Fixed CVE-2024-49978 in the Linux kernel.
Fixed CVE-2024-49993 in the Linux kernel.
Fixed CVE-2024-49889 in the Linux kernel.
Fixed CVE-2024-47707 in the Linux kernel.
Fixed CVE-2024-49884 in the Linux kernel.
Fixed CVE-2024-49936 in the Linux kernel.
Fixed CVE-2024-50045 in the Linux kernel.
Fixed CVE-2024-47710 in the Linux kernel.
Fixed CVE-2024-49870 in the Linux kernel.
Fixed CVE-2024-50039 in the Linux kernel.
Fixed CVE-2024-50015 in the Linux kernel.
Fixed CVE-2024-49975 in the Linux kernel.
Fixed CVE-2024-49875 in the Linux kernel.
Fixed CVE-2024-50000 in the Linux kernel.
Fixed CVE-2024-50046 in the Linux kernel.
Fixed CVE-2024-49883 in the Linux kernel.
Fixed CVE-2024-47696 in the Linux kernel.
Fixed CVE-2024-47728 in the Linux kernel.
Fixed CVE-2024-47679 in the Linux kernel.
Fixed CVE-2024-50035 in the Linux kernel.
Fixed CVE-2024-49851 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-50033 in the Linux kernel.
Fixed CVE-2024-49860 in the Linux kernel.
Fixed CVE-2024-47737 in the Linux kernel.
Fixed CVE-2024-47742 in the Linux kernel.
Fixed CVE-2024-47739 in the Linux kernel.
Fixed CVE-2024-47706 in the Linux kernel.
Fixed CVE-2024-49858 in the Linux kernel.
Fixed CVE-2024-47682 in the Linux kernel.
Fixed CVE-2024-47692 in the Linux kernel.
Fixed CVE-2024-47727 in the Linux kernel.
Fixed CVE-2024-47693 in the Linux kernel.
Fixed CVE-2024-47734 in the Linux kernel.
Fixed CVE-2024-47743 in the Linux kernel.
Fixed CVE-2024-47684 in the Linux kernel.
Fixed CVE-2024-49850 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812035 -> 812026
cos-109-17800-372-31
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.23 | See List |
Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.
Updated NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.
Fixed CVE-2024-50002 in the Linux kernel.
Fixed CVE-2024-49967 in the Linux kernel.
Fixed CVE-2024-50006 in the Linux kernel.
Fixed CVE-2024-49881 in the Linux kernel.
Fixed CVE-2024-49881 in the Linux kernel.
Fixed CVE-2024-47705 in the Linux kernel.
Fixed CVE-2024-47705 in the Linux kernel.
Fixed CVE-2024-50001 in the Linux kernel.
Fixed CVE-2024-47678 in the Linux kernel.
Fixed CVE-2024-47678 in the Linux kernel.
Fixed CVE-2024-49870 in the Linux kernel.
Fixed CVE-2024-50045 in the Linux kernel.
Fixed CVE-2024-49983 in the Linux kernel.
Fixed CVE-2024-49978 in the Linux kernel.
Fixed CVE-2024-50015 in the Linux kernel.
Fixed CVE-2024-50039 in the Linux kernel.
Fixed CVE-2024-50000 in the Linux kernel.
Fixed CVE-2024-49975 in the Linux kernel.
Fixed CVE-2024-49993 in the Linux kernel.
Fixed CVE-2024-50019 in the Linux kernel.
Fixed CVE-2024-49875 in the Linux kernel.
Fixed CVE-2024-47710 in the Linux kernel.
Fixed CVE-2024-47707 in the Linux kernel.
Fixed CVE-2024-49850 in the Linux kernel.
Fixed CVE-2024-49936 in the Linux kernel.
Fixed CVE-2024-49889 in the Linux kernel.
Fixed CVE-2024-47696 in the Linux kernel.
Fixed CVE-2024-49851 in the Linux kernel.
Fixed CVE-2024-49883 in the Linux kernel.
Fixed CVE-2024-47728 in the Linux kernel.
Fixed CVE-2024-49884 in the Linux kernel.
Fixed CVE-2024-47679 in the Linux kernel.
Fixed CVE-2024-50035 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-47727 in the Linux kernel.
Fixed CVE-2024-47682 in the Linux kernel.
Fixed CVE-2024-49858 in the Linux kernel.
Fixed CVE-2024-50033 in the Linux kernel.
Fixed CVE-2024-49860 in the Linux kernel.
Fixed CVE-2024-47737 in the Linux kernel.
Fixed CVE-2024-47742 in the Linux kernel.
Fixed CVE-2024-47739 in the Linux kernel.
Fixed CVE-2024-47706 in the Linux kernel.
Fixed CVE-2024-47692 in the Linux kernel.
Fixed CVE-2024-47693 in the Linux kernel.
Fixed CVE-2024-47734 in the Linux kernel.
Fixed CVE-2024-47743 in the Linux kernel.
Fixed CVE-2024-47684 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812253 -> 812248
cos-105-17412-495-28
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.167 | v23.0.3 | v1.7.23 | See List |
Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.
Updated NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.
Fixed CVE-2024-47705 in the Linux kernel.
Fixed CVE-2024-47705 in the Linux kernel.
Fixed CVE-2024-49975 in the Linux kernel.
Fixed CVE-2024-49993 in the Linux kernel.
Fixed CVE-2024-50019 in the Linux kernel.
Fixed CVE-2024-50045 in the Linux kernel.
Fixed CVE-2024-47710 in the Linux kernel.
Fixed CVE-2024-47706 in the Linux kernel.
Fixed CVE-2024-49983 in the Linux kernel.
Fixed CVE-2024-50000 in the Linux kernel.
Fixed CVE-2024-50039 in the Linux kernel.
Fixed CVE-2024-49875 in the Linux kernel.
Fixed CVE-2024-49936 in the Linux kernel.
Fixed CVE-2024-47696 in the Linux kernel.
Fixed CVE-2024-47679 in the Linux kernel.
Fixed CVE-2024-50035 in the Linux kernel.
Fixed CVE-2024-49883 in the Linux kernel.
Fixed CVE-2024-49884 in the Linux kernel.
Fixed CVE-2024-49889 in the Linux kernel.
Fixed CVE-2024-49851 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-50033 in the Linux kernel.
Fixed CVE-2024-49860 in the Linux kernel.
Fixed CVE-2024-47737 in the Linux kernel.
Fixed CVE-2024-47742 in the Linux kernel.
Fixed CVE-2024-47739 in the Linux kernel.
Fixed CVE-2024-49858 in the Linux kernel.
Fixed CVE-2024-50046 in the Linux kernel.
Fixed CVE-2024-47692 in the Linux kernel.
Fixed CVE-2024-47693 in the Linux kernel.
Fixed CVE-2024-47684 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812685 -> 812681
cos-dev-121-18736-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.59 | v24.0.9 | v1.7.23 | See List |
Updated the Linux kernel to v6.6.59.
Update NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.
Fixed CVE-2024-50602 in dev-libs/expat.
Runtime sysctl changes:
- Changed: fs.file-max: 811799 -> 811822
cos-117-18613-75-7
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.56 | v24.0.9 | v1.7.23 | See List |
Upgraded sys-apps/xemu to v0.0.6
Runtime sysctl changes:
- Changed: fs.file-max: 811796 -> 811757
You can now use the Firestore managed bulk delete service to delete documents in bulk. This feature is in Preview.
For more information, see Bulk delete data.
You can now use the managed bulk delete service to delete entities in bulk. This feature is in Preview.
For more information, see Bulk delete data.
The GKE Volume Populator is generally available on GKE clusters running version 1.31.1-gke.1729000 or later. This feature provides a way to automate data transfer from a Google Cloud Storage bucket source storage to a destination PersistentVolumeClaim backed by a Parallelstore instance. To learn more, see Transfer data from Cloud Storage during dynamic provisioning using GKE Volume Populator.
(2024-R43) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.14-gke.1340000
- 1.28.15-gke.1015000
- 1.29.9-gke.1496000
- 1.29.10-gke.1043000
- 1.30.5-gke.1443001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1376000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1541000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1628000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1376000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1541000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1628000 with this release.
Regular channel
- Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Regular channel.
- The following versions are no longer available in the Regular channel:
- 1.28.14-gke.1217000
- 1.29.9-gke.1341000
- 1.30.5-gke.1355000
- 1.31.1-gke.1678000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.
Stable channel
There are no new releases in the Stable channel.
Extended channel
- Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Extended channel.
- The following versions are no longer available in the Extended channel:
- 1.28.14-gke.1217000
- 1.29.9-gke.1341000
- 1.30.5-gke.1355000
- 1.31.1-gke.1678000
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.
No channel
- Version 1.30.5-gke.1443001 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.28.14-gke.1217000
- 1.28.15-gke.1015000
- 1.29.9-gke.1341000
- 1.29.10-gke.1043000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.
(2024-R43) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.14-gke.1340000
- 1.28.15-gke.1015000
- 1.29.9-gke.1496000
- 1.29.10-gke.1043000
- 1.30.5-gke.1443001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1376000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1541000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1628000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1376000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1541000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1628000 with this release.
(2024-R43) Version updates
- Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Regular channel.
- The following versions are no longer available in the Regular channel:
- 1.28.14-gke.1217000
- 1.29.9-gke.1341000
- 1.30.5-gke.1355000
- 1.31.1-gke.1678000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.
(2024-R43) Version updates
There are no new releases in the Stable channel.
(2024-R43) Version updates
- Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Extended channel.
- The following versions are no longer available in the Extended channel:
- 1.28.14-gke.1217000
- 1.29.9-gke.1341000
- 1.30.5-gke.1355000
- 1.31.1-gke.1678000
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.
(2024-R43) Version updates
- Version 1.30.5-gke.1443001 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.28.14-gke.1217000
- 1.28.15-gke.1015000
- 1.29.9-gke.1341000
- 1.29.10-gke.1043000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.
General availability: You can now create Cloud Storage import topics in Pub/Sub that lets you ingest data from Cloud Storage into Pub/Sub. The change is being rolled out in a phased manner over the rest of the week. For more information about Cloud Storage import topics, see Create a Cloud Storage import topic .
General availability: You can now enable Google Cloud platform logs to help you troubleshoot issues when you are using Cloud Storage import topics to ingest data. For more information, see Use platform logs to troubleshoot Cloud Storage import topics.
November 05, 2024
BigQueryDataplex automatic discovery lets you scan data in Cloud Storage buckets to extract and catalog metadata. Automatic discovery creates BigLake or external tables and object tables you can use for analytics and AI, and catalogs that data in Dataplex Catalog. This feature is available in public preview.
The BigQuery Data Transfer Service data source change log provides details about upcoming changes to data source schemas and schema mappings.
For Java jobs, you can use Artifact Registry to store and manage the JAR files for your BigQuery Engine for Apache Flink jobs. For more information, see Use Artifact Registry.
Generally available: An updated version of the gVNIC driver for Windows offers improved network performance and support for Jumbo frames. For more information, see Update to the latest gVNIC driver for Windows.
Dataplex automatic discovery is available in public preview. Automatic discovery is a feature in BigQuery that lets you scan data in Cloud Storage buckets to extract and catalog metadata. Automatic discovery creates BigLake or external tables and object tables you can use for analytics and AI, and catalogs that data in Dataplex Catalog. For more information, see Discover and catalog Cloud storage data.
We are extending the availability of Gemini 1.0 Pro 001 and Gemini 1.0 Pro Vision 001 from February 15, 2025 to April 9, 2025. For details, see the Deprecations.
Generally available: In GKE version 1.26 and later, Hyperdisk Balanced volumes can be created in Confidential mode for custom boot disks and persistent volumes and attached to Confidential GKE Nodes.
Cloud TPU v6e machine types are now in public preview for GKE clusters running version 1.30.4-gke.1167000 or later. These TPU VMs (ct6e-standard
) are available in the following zones: us-east5-b
, europe-west4-a
, us-east1-d
, asia-northeast1-b
, and us-south1-a
. To learn more, see Plan TPUs in GKE.
Spanner now supports client-side metrics for Java and Go applications. These metrics can be used with server-side metrics to enable faster troubleshooting of performance and latency issues.
These metrics are included in the latest Spanner client libraries for the following languages:
- Java in version 6.81.0 and later
- Go in version 1.71.0 and later
For more information, see View and manage client-side metrics.
November 04, 2024
BigQueryA weekly digest of client library updates from across the Cloud SDK.
Go
Changes for bigquery/storage/apiv1beta1
1.64.0 (2024-10-30)
Features
- bigquery/datatransfer: Add scheduleOptionsV2 and Error fields for TransferConfig (78d8513)
- bigquery/storage: Add experimental ArrowData type and arrow_data field within AppendRowsRequest (f0b05e2)
Bug Fixes
- bigquery: Handle null RANGE (#11058) (9979e72), refs #11047
- bigquery: Parse negative NUMERIC from arrow (#11052) (83352c4)
- bigquery: Update google.golang.org/api to v0.203.0 (8bb87d5)
- bigquery: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (8bb87d5)
Documentation
Java
Changes for google-cloud-bigquery
2.43.3 (2024-10-29)
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.10.2 (19fc184)
2.43.2 (2024-10-27)
Dependencies
- Update actions/checkout action to v4.2.2 (#3541) (c36c123)
- Update actions/upload-artifact action to v4.4.2 (#3524) (776a554)
- Update actions/upload-artifact action to v4.4.3 (#3530) (2f87fd9)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.54.0 (#3532) (25be311)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20241013-2.0.0 (#3544) (0c42092)
- Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.10.0 (0bd3c86)
- Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.10.1 (c03a63a)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.58.0 (#3533) (cad2643)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.38.0 (#3542) (16448ee)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.39.0 (#3548) (616b2f6)
- Update github/codeql-action action to v2.26.13 (#3536) (844744f)
- Update github/codeql-action action to v2.27.0 (#3540) (1616a0f)
Documentation
A weekly digest of client library updates from across the Cloud SDK.
Percentage-based request mirroring is now supported for the global and regional external Application Load Balancers (classic is not supported). By default, the mirrored backend service receives all requests, even if the
original traffic is being split between multiple weighted backend services. You
can now configure the mirrored backend service to receive only a percentage of the
requests by using the mirrorPercent
flag to specify the percentage of
requests to be mirrored expressed as a value between 0 and 100.0.
For an example, see Set up traffic management for regional external Application Load Balancers.
This capability is available in Preview.
You can now view the size of a backup for a Cloud SQL instance.
You can now view the size of a backup for a Cloud SQL instance.
You can now view the size of a backup for a Cloud SQL instance.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/storage
7.14.0 (2024-10-29)
Features
Go
Changes for storage/internal/apiv2
1.46.0 (2024-10-31)
Features
Bug Fixes
- storage: Skip only specific transport tests. (#11016) (d40fbff)
- storage: Update google.golang.org/api to v0.203.0 (8bb87d5)
- storage: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (2b8ca4b)
Miscellaneous Chores
The translation LLM now supports Polish, Turkish, Indonesian, Dutch, Vietnamese, Thai and Czech. For the full list of supported languages, see the Translate text page.
Preview: You can create GPU VMs all at once in a regional managed instance group (MIG) by using resize requests. This feature was previously available only for zonal MIGs. For more information, see About resize requests in a MIG.
Project-based semantic search offered by Dataplex Search is available in Preview. Semantic search, powered by Gemini, simplifies the search process without the need for complex search syntax. It supports natural language queries. For more information, see Discover data using semantic search.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/datastore
9.2.0 (2024-10-30)
Features
- Add FindNearest API to the stable branch (#1333) (1d56433)
- Update Go Datastore import path (#1261) (bf3dafd)
Bug Fixes
Go
Changes for datastore/admin/apiv1
1.20.0 (2024-10-29)
Features
- datastore: Add FindNearest API to the stable branch (#10980) (f0b05e2)
- datastore: Support for field update operators in the Datastore API and resolution strategies when there is a conflict at write time (78d8513)
Bug Fixes
- datastore: Bump dependencies (2ddeb15)
- datastore: Do not delay on final transaction attempt (#10824) (0d732cc)
- datastore: Remove namespace from Key.String() (40229e6)
- datastore: Remove namespace from Key.String() (#10684) (#10823) (40229e6)
- datastore: Update google.golang.org/api to v0.203.0 (8bb87d5)
- datastore: Use local retryer in transactions (#11050) (3ef61a2)
- datastore: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (8bb87d5)
Java
Changes for google-cloud-datastore
2.24.1 (2024-10-28)
Dependencies
The translation LLM now supports Polish, Turkish, Indonesian, Dutch, Vietnamese, Thai and Czech. For the full list of supported languages, see the Translate text page.
The Anthropic Claude Haiku 3.5 is Generally Available on Vertex AI. To learn more, view the Claude Haiku 3.5 model card in Model Garden.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.134.1 (2024-10-26)
Dependencies
Python
Changes for google-cloud-pubsub
2.27.0 (2024-11-02)
Features
Bug Fixes
You can configure discovery to save sample findings to a BigQuery table. This feature is useful if you want to evaluate whether your inspection configuration is correctly matching the type of information that you want to flag as sensitive. To enable this feature, create or edit the scan configuration for the data resource that you want to profile.
November 02, 2024
Google SecOps SOARRelease 6.3.24 is currently in Preview.
You can now use custom integrations in prompts when creating a playbook with Gemini.
Release 6.3.23 is now in General Availability.
From now on, only new features and changes will be written up for the Release Notes. Please use the customer portal to track progress of your support tickets or reach out to Customer Support for more information.
November 01, 2024
Apigee hybridhybrid v1.12.3
On November 1, 2024 we released an updated version of the Apigee hybrid software, 1.12.3.
- For information on upgrading, see Upgrading Apigee hybrid to version 1.12.3.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
368646378 | Fixed an issue affecting control Plane connectivity testing in Guardrails. |
361044374 | Fixes assign message not correctly highlighting the set payload action in the debug trace. |
335357961 | Fixed an issue where Apigee hybrid could claim uploads of backups with the Cloud provider when no bucket had been configured |
181569113 | Fixed an issue in new debug session creation. |
Bug ID | Description |
---|---|
376104926 | Security fixes for apigee-kube-rbac-proxy . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-open-telemetry-collector . This addresses the following vulnerability: |
Creating a Multislice TPU environment is now available in the Google Cloud Console. You can use Multislice to run training jobs using multiple TPU slices within a single Pod or on slices in multiple Pods. You must use a queued resource request to create a Multislice environment. For more information, see Cloud TPU Multislice overview.
You can now request Cloud TPUs as queued resources in the Google Cloud Console. Queuing your request for TPU resources can help alleviate stockout issues. If the resources you request are not immediately available, your request is added to a queue until the request succeeds or you delete it. You can also specify a time range in which you want to fulfill the resource request. For more information, see Manage queued resources.
(New guide) Migrate from AWS Lambda to Cloud Run: Describes how to design, implement, and validate a plan to migrate from AWS Lambda to Cloud Run.
October 31, 2024
Anti Money Laundering AIA new major engine version is available for Retail and Commercial lines of business, within the v4 tuning version. These engine versions:
Introduce a new feature area within the unusual-counterparty-activity feature family focused on surfacing suspicious parties through their inbound and outbound transactions with exited parties.
Apply a new data validation to ensure there are no periods in the required time range without any valid entries in the Party, Transaction, or AccountPartyLink table.
The retail engine version also has more reliable tuning performance, in particular for small datasets. This improvement was already present in commercial engine versions.
Java 11 has reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Java.
Java 11 has reached end of support. Your existing Java 11 applications using will continue to run and receive traffic. However, App Engine might block re-deployments of applications that use runtimes after their end of support date. We recommend that you upgrade to the latest supported version of Java.
You can also use the Google Cloud Console to enable private origin authentication for Amazon Simple Storage Service (Amazon S3) and compatible object stores.
Support for IPv6 static routes with a next hop internal passthrough Network Load Balancer (next-hop-ilb
) is available in Preview.
cos-117-18613-75-4
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.56 | v24.0.9 | v1.7.23 | See List |
This is an LTS Refresh release.
Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.
Update R550, latest driver to v550.90.12.
Update NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.
Fixed CVE-2024-50039 in the Linux kernel.
Fixed CVE-2024-50023 in the Linux kernel.
Fixed CVE-2024-50019 in the Linux kernel.
Fixed CVE-2024-50045 in the Linux kernel.
Fixed CVE-2024-50000 in the Linux kernel.
Fixed CVE-2024-49975 in the Linux kernel.
Fixed CVE-2024-50015 in the Linux kernel.
Fixed CVE-2024-49889 in the Linux kernel.
Fixed CVE-2024-49936 in the Linux kernel.
Fixed CVE-2024-47696 in the Linux kernel.
Fixed CVE-2024-47728 in the Linux kernel.
Fixed CVE-2024-47679 in the Linux kernel.
Fixed CVE-2024-49851 in the Linux kernel.
Fixed CVE-2024-50035 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-47706 in the Linux kernel.
Fixed CVE-2024-47737 in the Linux kernel.
Fixed CVE-2024-50064 in the Linux kernel.
Fixed CVE-2024-49858 in the Linux kernel.
Fixed CVE-2024-50033 in the Linux kernel.
Fixed CVE-2024-47688 in the Linux kernel.
Fixed CVE-2024-47675 in the Linux kernel.
Fixed CVE-2024-47745 in the Linux kernel.
Fixed CVE-2024-47700 in the Linux kernel.
Fixed CVE-2024-50055 in the Linux kernel.
Fixed CVE-2024-47660 in the Linux kernel.
Fixed CVE-2024-50047 in the Linux kernel.
Fixed CVE-2024-47678 in the Linux kernel.
Fixed CVE-2024-49860 in the Linux kernel.
Fixed CVE-2024-47742 in the Linux kernel.
Fixed CVE-2024-50046 in the Linux kernel.
Fixed CVE-2024-47739 in the Linux kernel.
Fixed CVE-2024-47668 in the Linux kernel.
Fixed CVE-2024-47682 in the Linux kernel.
Fixed CVE-2024-47692 in the Linux kernel.
Fixed CVE-2024-47727 in the Linux kernel.
Fixed CVE-2024-47693 in the Linux kernel.
Fixed CVE-2024-47734 in the Linux kernel.
Fixed CVE-2024-47744 in the Linux kernel.
Fixed CVE-2024-47743 in the Linux kernel.
Fixed CVE-2024-47684 in the Linux kernel.
Fixed CVE-2024-50058 in the Linux kernel.
Fixed CVE-2024-49850 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811706 -> 811796
New Dataproc Serverless for Spark runtime versions:
- 1.1.86
- 1.2.30
- 2.2.30
New Dataproc on Compute Engine subminor image versions:
- 2.0.125-debian10, 2.0.125-rocky8, 2.0.125-ubuntu18
- 2.1.73-debian11, 2.1.73-rocky8, 2.1.73-ubuntu20, 2.1.73-ubuntu20-arm
- 2.2.39-debian12, 2.2.39-rocky9, 2.2.39-ubuntu22
Note: When using Dataproc version 2.0.125 with the ranger-gcs-plugin, please create a customer support request for your project to use the enhanced version of the plugin prior to its GA release. This note does not apply Dataproc on Compute Engine image versions 2.1 and 2.2.
Disabled HiveServer2 Ranger policy synchronization in non-HA clusters for latest image version 2.1 and later. Policy synchronization is causing instability of the HiveServer2 process while trying to connect to ZooKeeper, which is not active by default in non-HA clusters.
Eventarc is available in Preview in a new edition: Eventarc Advanced lets you receive, filter, transform, route, and deliver messages between different services, apps, and systems.
Eventarc Standard continues to deliver events from provider to destination by letting you define triggers that filter events.
The Google Cloud console now includes a monitoring dashboard for each database. For more information, see Use the Cloud Monitoring dashboard.
Google Cloud Architecture Framework: Operational excellence: Major update to align the recommendations with core principles of operational excellence.
For GKE clusters running version 1.31.1-gke.1146000 or later, Cloud Tensor Processing Unit (TPU) v3 machine types are generally available. These TPU VMs (ct3-hightpu-4t
and ct3p-hightpu-4t
) are currently available in us-east1-d, europe-west4-a, us-central1-a, us-central1-b, and us-central1-f. To learn more, see TPUs in GKE.
GKE control plane authority is now generally available with version 1.31.1-gke.1846000 or later. GKE control plane authority provides enhanced visibility, security controls, and customization of the GKE control plane. For more information, see the About GKE control plane authority.
Clusters that are experiencing stale endpoint resources and stale kube-dns entries are likely affected by Kubernetes issue #126578. Your cluster is most likely affected if endpoint resources consistently have incorrect Pod IPs. This issue has been fixed in the following GKE versions or later:
- 1.28.14-gke.1115000
- 1.29.9-gke.1207000
- 1.30.5-gke.1171000
- 1.31.1-gke.1414000
Support for SMS-based authentication flows in the Identity Platform integration with reCAPTCHA Enterprise API is now in Preview. In addition, the integration now supports reCAPTCHA's SMS toll fraud protection and the ability to bring your own reCAPTCHA keys.
For more information, see the following pages:
Partner connection launch update
The following partner connectors have been added to the Looker Studio Connector Gallery:
- Oktopost by Oktopost
- Jepto - GMB/GBP Free by Jepto
- Instagram Insights by Detrics
- Bing Ads by Detrics
- LinkedIn Ads by Detrics
- X Ads (Twitter) by Detrcs
- Insites by Insites
- LinkedIn Ads by Pro Plugg
- TikTok Organic by Power My Analytics
- Nightwatch SEO Tracker by Nightwatch
- MongoDB AppiWorks by Jivrus Technologies
- Google Merchant Center by Adformatic
Text wrapping for pivot table row headers
You can now choose to wrap row header text in pivot table charts by enabling the Wrap text option in the Style tab.
A monthly digest of client library updates from across the Cloud SDK.
Go
Changes for spanner/admin/database/apiv1
1.69.0 (2024-10-03)
Features
Bug Fixes
Performance Improvements
1.70.0 (2024-10-14)
Features
- spanner/admin/instance: Define ReplicaComputeCapacity and AsymmetricAutoscalingOption (78d8513)
- spanner: Add INTERVAL API (78d8513)
- spanner: Add new QueryMode enum values (WITH_STATS, WITH_PLAN_AND_STATS) (78d8513)
Documentation
- spanner/admin/instance: A comment for field
node_count
in messagespanner.admin.instance.v1.Instance
is changed (78d8513) - spanner/admin/instance: A comment for field
processing_units
in messagespanner.admin.instance.v1.Instance
is changed (78d8513) - spanner: Update comment for PROFILE QueryMode (78d8513)
Java
Changes for google-cloud-spanner
6.77.0 (2024-10-02)
Features
- Add INTERVAL API (c078ac3)
Dependencies
- Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.52.0 (#3291) (9241063)
- Update dependency com.google.cloud:google-cloud-monitoring to v3.52.0 (#3292) (da27a19)
- Update dependency com.google.cloud:google-cloud-monitoring to v3.52.0 (#3293) (c6dbdb2)
- Update dependency com.google.cloud:google-cloud-trace to v2.51.0 (#3294) (a269747)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#3355) (5191e71)
- Update dependency com.google.cloud.opentelemetry:exporter-metrics to v0.32.0 (#3371) (d5b5ca0)
- Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.32.0 (#3372) (aa9a71d)
- Update dependency commons-io:commons-io to v2.17.0 (#3349) (7c21164)
- Update dependency io.opentelemetry:opentelemetry-bom to v1.42.1 (#3323) (95dfc02)
- Update dependency ubuntu to v24 (#3356) (042c294)
- Update googleapis/sdk-platform-java action to v2.46.1 (#3354) (378f5cf)
- Update junixsocket.version to v2.10.1 (#3367) (5f94915)
- Update opentelemetry.version to v1.42.1 (#3330) (7b05e43)
Documentation
- Update comment for PROFILE QueryMode (c078ac3)
6.78.0 (2024-10-11)
Features
- Define ReplicaComputeCapacity and AsymmetricAutoscalingOption (f46a6b3)
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.47.0 (139a715)
Dependencies
6.79.0 (2024-10-11)
Features
Dependencies
- Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.53.0 (#3390) (a060e92)
- Update dependency com.google.cloud:google-cloud-monitoring to v3.53.0 (#3391) (7f0927d)
- Update dependency com.google.cloud:google-cloud-monitoring to v3.53.0 (#3392) (fd3e92d)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.37.0 (#3395) (8ecb1a9)
- Update dependency com.google.cloud.opentelemetry:exporter-metrics to v0.33.0 (#3388) (26aa51d)
- Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.33.0 (#3389) (6e34c5a)
- Update googleapis/sdk-platform-java action to v2.47.0 (#3383) (4f0d693)
6.80.0 (2024-10-25)
Features
Dependencies
- Update dependency com.google.cloud:sdk-platform-java-config to v3.38.0 (#3424) (b727453)
- Update dependency io.opentelemetry:opentelemetry-bom to v1.43.0 (#3399) (a755c6c)
- Update dependency io.opentelemetry:opentelemetry-sdk-testing to v1.43.0 (#3398) (693243a)
- Update googleapis/sdk-platform-java action to v2.48.0 (#3422) (d5d1f55)
Documentation
PSC-I Egress is supported for Ray clusters Vertex AI. PSC-I is recommended for private connectivity since it reduces the chance of IP exhaustion, and allows for transitive peering. Check out Private Service Connect interface for Ray on Vertex AI. This feature is available in Preview.
Private Service Connect interface (PSC-I) is now supported for ML pipeline runs in Vertex AI Pipelines. PSC-I is recommended for private connectivity, since it reduces the chance of IP exhaustion, and allows for transitive peering.
For more information, see Configure Private Service Connect interface for a pipeline. This feature is available in Preview.
Vertex AI Search: Stream answers (GA with allowlist)
The answer streaming method can return generated answers in sequential parts. This reduces the perception of latency. As the end users read the first part of the answer, the subsequent parts of the answer are being generated.
The answer streaming method also includes many of the features of the original answer method.
This feature is Generally available to select Google customers (GA with allowlist). For more information, see Stream answers.
Support for IPv6 static routes with a next hop internal passthrough Network Load Balancer (next-hop-ilb
) is available in Preview.
October 30, 2024
Cloud Composer(Cloud Composer 3) Airflow workers now generate a proper OpenID Connect (OIDC) token.
(Airflow 2.9.3 and 2.7.3) The dbt-common
package was downgraded from 1.11.0 to 1.10.0.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.9.3-build.5 (default)
- composer-3-airflow-2.7.3-build.21
Cloud Composer 2.9.9 images are available:
- composer-2.9.9-airflow-2.9.3 (default)
- composer-2.9.9-airflow-2.7.3
Cloud Composer version 2.5.0 has reached its end of support period.
Dedicated Interconnect and Cross-Cloud Interconnect now support network traffic differentiation through application awareness on Cloud Interconnect in Preview. For more information, see "Configure traffic differentiation" for Dedicated Interconnect and Cross-Cloud Interconnect.
Service Extensions plugins are available for Google Cloud Application Load Balancers, excluding Classic, in Preview.
Service Extensions plugins help you insert WebAssembly (Wasm) plugins in a fully managed serverless environment directly into the data path of Application Load Balancers.
For details, see Plugins for Cloud Load Balancing.
Generally available: General purpose C4A Arm VMs on Google's custom-built Axiom processors. C4A VMs are available as predefined configurations in sizes ranging from 1 vCPU to 72 vCPUs and up to 576 GB of DDR5 memory. C4A uses Google Cloud's latest generation storage options including Hyperdisk Balanced and Hyperdisk Extreme.
C4A VMs are available in the following regions and zones:
- Singapore - asia-southeast1-a,b,c
- Belgium - europe-west1-b,c,d
- Frankfurt - europe-west3-a,b,c
- Netherlands - europe-west4-a,b,c
- Iowa - us-central1-a,b,c
- South Carolina - us-east1-b,c,d
- Virginia - us-east4-a,b,c
Generally available: You can autoscale a regional MIG with a BALANCED target distribution shape. With the BALANCED shape, the autoscaler is aware of the capacity in each zone and creates VMs in zones that have resource availability. For more information, see Autoscaling a regional MIG.
Weighted load balancing for GKE External LoadBalancer Services is now available in Preview. Weighted load balancing is a more efficient way to distribute traffic to nodes based on the number of serving Pods they have backing the Service. To learn more, see About LoadBalancer Services.
(2024-R42) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- Version 1.31.1-gke.1846000 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.14-gke.1217000
- 1.29.9-gke.1341000
- 1.30.5-gke.1355000
- 1.31.1-gke.1678000
- 1.31.1-gke.2008000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1846000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.
Regular channel
- Version 1.30.5-gke.1355000 is now the default version for cluster creation in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.28.14-gke.1099000
- 1.29.9-gke.1177000
- 1.30.5-gke.1014001
- 1.30.5-gke.1014003
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1355000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.
Stable channel
- Version 1.30.5-gke.1014003 is now the default version for cluster creation in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.28.14-gke.1004000
- 1.29.8-gke.1278000
- 1.30.5-gke.1014001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1014003 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1014003 with this release.
Extended channel
- Version 1.30.5-gke.1355000 is now the default version for cluster creation in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.1712000
- 1.28.14-gke.1099000
- 1.29.9-gke.1177000
- 1.30.5-gke.1014001
- 1.30.5-gke.1014003
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.
No channel
- Version 1.30.5-gke.1355000 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.28.14-gke.1004000
- 1.29.8-gke.1278000
- 1.30.4-gke.1348000
- 1.30.4-gke.1348001
- 1.31.1-gke.1146000
- 1.31.1-gke.2008000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.5-gke.1014003 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.5-gke.1014003 with this release.
(2024-R42) Version updates
- Version 1.31.1-gke.1846000 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.14-gke.1217000
- 1.29.9-gke.1341000
- 1.30.5-gke.1355000
- 1.31.1-gke.1678000
- 1.31.1-gke.2008000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1846000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.
(2024-R42) Version updates
- Version 1.30.5-gke.1355000 is now the default version for cluster creation in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.28.14-gke.1099000
- 1.29.9-gke.1177000
- 1.30.5-gke.1014001
- 1.30.5-gke.1014003
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1355000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.
(2024-R42) Version updates
- Version 1.30.5-gke.1014003 is now the default version for cluster creation in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.28.14-gke.1004000
- 1.29.8-gke.1278000
- 1.30.5-gke.1014001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1014003 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1014003 with this release.
(2024-R42) Version updates
- Version 1.30.5-gke.1355000 is now the default version for cluster creation in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.1712000
- 1.28.14-gke.1099000
- 1.29.9-gke.1177000
- 1.30.5-gke.1014001
- 1.30.5-gke.1014003
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.
(2024-R42) Version updates
- Version 1.30.5-gke.1355000 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.28.14-gke.1004000
- 1.29.8-gke.1278000
- 1.30.4-gke.1348000
- 1.30.4-gke.1348001
- 1.31.1-gke.1146000
- 1.31.1-gke.2008000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.5-gke.1014003 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.5-gke.1014003 with this release.
You can use Packet Mirroring, an "out-of-band" Network Security Integration, to analyze your workloads' network traffic at scale. This feature is available in Preview. For more information, see Network Security Integration overview.
For Preview, Network Security Integration resources are available free of charge. For other Google Cloud resources, see the product-specific pricing documentation.
Service Extensions plugins help you insert WebAssembly (Wasm) plugins in a fully managed serverless environment directly into the data path of most Cloud Load Balancing Application Load Balancers. This feature is in Preview.
For details, see Plugins for Cloud Load Balancing.
Studio Voices now support synthesis with multiple speakers to generate audios for interviews, interactive storytelling, video games, e-learning platforms, and accessibility solutions.
October 29, 2024
Cloud Load BalancingAll the Application Load Balancers, except the classic Application Load Balancer, now support stateful cookie-based session affinity. When you use stateful cookie-based affinity, the load balancer includes an HTTP cookie in the Set-Cookie
header in response to the initial HTTP request. With stateful session affinity, customers can preserve stickiness to the selected backend.
For details, see Stateful cookie-based session affinity.
This capability is in General Availability.
You can now create and manage log scopes by using the Google Cloud CLI, in addition to using the Cloud Console and Terraform. Log scopes are in Public Preview. For more information, see
Data Access logs are now compatible with all authenticated browser downloads.
- When an authenticated browser download occurs outside of the Google Cloud console, a resulting Data Access log has its
principalEmail
andcallerIp
fields redacted.
Three new metrics are added for measuring node and workload startup latency:
kubernetes.io/node/latencies/startup
: The total startup latency of a node, from the GCE instance'sCreationTimestamp
toKubernetes Node Ready
for the first time.kubernetes.io/pod/latencies/pod_first_ready
: The Pod end-to-end startup latency (from PodCreated
toReady
), including image pulls. This metric is available for clusters with GKE version 1.31.1-gke.1678000 or later.kubernetes.io/autoscaler/latencies/per_hpa_recommendation_scale_latency_seconds
: Horizontal Pod Autoscaling (HPA) scaling recommendation latency (the time between metrics being created and the corresponding scaling recommendation being applied to the API server) for the HPA target. This metric is available for clusters running the following versions or later:- 1.30.4-gke.1348001
- 1.31.0-gke.1324000
Instance Group Managers for node pools created with version 1.30.5-gke.1523000 or later and 1.31.1-gke.1869000 or later will now have update on repair enabled by default. This will allow labels to persist upon Spot VM preemption.
Added support for the databases
configuration. For more details, see the entry for databases
in Supported Redis configurations.
Organization Policy managed constraints are a set of constraints built on the custom organization policy platform. You can use managed constraints in place of certain predefined constraints to perform dry-run tests and simulate changes to your policies using Policy Intelligence tools. This feature is now in General Availability.
BigQuery Connector for SAP version 2.8
Version 2.8 of the BigQuery Connector for SAP is generally available (GA). This version offers several enhancements and bug fixes, including the record compression option at field level, a transaction to view the version of BigQuery Connector for SAP, and an enhancement spot for HTTP error handling.
For more information, see What's new with BigQuery Connector for SAP.
October 28, 2024
AlloyDB for PostgreSQLAlloyDB for PostgreSQL now supports in-place major version upgrade in Preview. You can upgrade your cluster that is compatible with PostgreSQL version 14 to 15. For more information, see Upgrade a database in-place major version.
Add failure policy (Generally available (GA))
You can now configure more complicated retry strategies for tasks, such as retries based on the error codes or the variable values during the execution:
- Configure multiple ordered conditional failure policies for each task.
- Configure a default failure policy that will be applied if no conditional failure policies matches.
- Use system auto-generated variables in the failure policies. For example,
ExecutionMode
andErrorInfo
.
For more information, see Example for error handling.
Dynamic Workload Scheduler for Batch is available in Preview. We recommend using Dynamic Workload Scheduler to improve resource availability for jobs that run on A3 GPU VMs when you don't intend to use a reservation. For more information, see Create and run a job that uses GPUs.
The Oracle plugin version 1.11.4 is available in Cloud Data Fusion versions 6.10.1 and later. This release includes the following change:
- Fixed an issue causing pipelines with an Oracle sink that has date columns in the input schema to fail (PLUGIN-1812).
To take advantage of the new features of the global external Application Load Balancer, you can now migrate your classic Application Load Balancer resources to the global external Application Load Balancer infrastructure.
To migrate to the global external Application Load Balancer, you change the load balancing scheme of your load balancing resources—specifically, the backend services and forwarding rules—from EXTERNAL
to EXTERNAL_MANAGED
. You can also rollback resources to the classic Application Load Balancer infrastructure, as long as you do so within 90 days of changing the load balancing scheme.
For more details on the migration process, see the following pages:
- Migration overview
- Migrate resources from classic to global external Application Load Balancer
- Roll back migrated resources to classic Application Load Balancer
This capability is available in Preview.
You can now use tags to annotate your log buckets and use the tags to manage access to the log buckets. For more information, see Manage log buckets by using tags.
A weekly digest of client library updates from across the Cloud SDK.
The capabilities for dashboard-level filtering has been enhanced. You can now configure pinned filters and variables to have multiple default values and support selection of multiple values. You can also create value-only variables and generate the list of possible values for a variable by running a SQL query. These features are in Public Preview. For more information, see the following documents:
Additional functionality is now available for the Object Retention Lock and Bucket Lock features:
You can now enable Object Retention Lock on existing buckets using the Console.
Enabling Object Retention Lock on a bucket will cause a lien to be placed, at best effort, on the project containing the bucket.
Buckets can now have Bucket Lock and Object Versioning enabled at the same time.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-storage
2.44.1 (2024-10-25)
Dependencies
2.44.0 (2024-10-23)
Features
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.47.0 (c517798)
- Fix createFrom resumable upload retry offset calculation (#2771) (1126cdc), closes #2770
- Update gRPC ReadObject retry to avoid double retry (#2765) (1fc57b9)
Dependencies
- Update dependency com.google.apis:google-api-services-storage to v1-rev20241008-2.0.0 (#2776) (0545b5e)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.38.0 (#2787) (a470e88)
- Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.48.0 (#2781) (8fa013e)
- Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.49.0 (#2782) (a7baffb)
- Update googleapis/sdk-platform-java action to v2.48.0 (#2786) (2893e61)
You can now use the Google Cloud console to get soft delete recommendations for buckets. Soft delete recommendations help you determine when it's best to enable or disable the soft delete feature on a bucket based on impact to cost and security.
cos-105-17412-495-13
Date | Kernel | Docker | Containerd | GPU Drivers |
Oct 28, 2024 | COS-5.15.167 | v23.0.3 | v1.7.23 | See List |
Upgraded app-admin/google-guest-configs to v20240725.00.
Upgraded app-containers/cni-plugins to v1.5.1.
Updated R550, latest driver to v550.90.12.
Fixed CVE-2024-8096 and CVE-2024-7264 in net-misc/curl.
Fixed CVE-2024-47685 in the Linux kernel.
Fixed CVE-2024-27017 in the Linux kernel.
Fixed CVE-2024-38632 in the Linux kernel.
Fixed CVE-2024-39463 in the Linux kernel.
Fixed CVE-2024-47674 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812700 -> 812685
cos-117-18613-0-99
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.44 | v24.0.9 | v1.7.23 | See List |
Fixed CVE-2024-47685 in the Linux kernel.
Fixed CVE-2024-44991 in the Linux kernel.
Fixed CVE-2024-47674 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811768 -> 811706