Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

December 20, 2024

AlloyDB for PostgreSQL

AlloyDB lets you monitor the following additional monitoring metrics through the Cloud Monitoring dashboard. These metrics are available in Preview.

  • The instance/postgres/ultrafastcache_hitrate and node/postgres/ultrafastcache_hitrate metrics help in identifying any performance issue due to caching on instances or individual nodes.
  • The node/postgres/backends_by_state, node/postgres/backends, node/postgres/wait_count, and node/postgres/wait_time metrics help in tracking node health.
Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Apigee Advanced API Security

On December 20, 2024 we released an updated version of Apigee.

Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.

Support for environment-level client IP address resolution

This release introduces the ability to specify, per environment, how to capture the client IP address on API requests from the X-Forwarded-For header. When configured for the environment, the specified client IP address is used to apply security actions, populate the ax_resolved_client_ip Analytics variable and the new client.resolved.ip flow variable. The new configuration option can be used to specify the request IP address used in Advanced API Security.

This functionality is not available in Apigee hybrid at this time.

For more information and usage instructions, see the Client IP resolution customer documentation, Analytics dimensions, and client flow variable.

Apigee X

On December 20, 2024 we released an updated version of Apigee.

Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.

Support for environment-level client IP address resolution

This release introduces the ability to specify, per environment, how to capture the client IP address on API requests from the X-Forwarded-For header. When configured for the environment, the specified client IP address is used to apply security actions, populate the ax_resolved_client_ip Analytics variable and the new client.resolved.ip flow variable. The new configuration option can be used to specify the request IP address used in Advanced API Security.

This functionality is not available in Apigee hybrid at this time.

For more information and usage instructions, see the Client IP resolution customer documentation, Analytics dimensions, and client flow variable.

Application Integration

Dynamic Backend Authentication support for Connectors

Application Integration now supports dynamic backend authentication for connectors. Enable Authentication Override in Integration Connectors to allow your connections to seamlessly switch between authentication methods during runtime.

For more information, see Configure authentication override.

Cloud Composer

Cloud Composer 3 is now available in Mexico (northamerica-south1).

Cloud SQL for MySQL

You can now enable query insights for Cloud SQL Enterprise Plus edition. When you enable query insights for Enterprise Plus, you can access additional features in query insights such as 30 days of metrics retention, granular query plan details, and a higher query length limit.

For more information, see Use query insights to improve query performance. Query insights for Cloud SQL Cloud SQL Enterprise Plus edition is in Preview.

Cloud SQL for PostgreSQL

You can now enable query insights for Cloud SQL Enterprise Plus edition. When you enable query insights for Enterprise Plus, you can access additional features in query insights such as 30 days of metrics retention, granular query plan details, and a higher query length limit.

For more information, see Use query insights to improve query performance. Query insights for Cloud SQL Cloud SQL Enterprise Plus edition is in Preview.

Cloud SQL for SQL Server

You can use the following observability dashboards in Cloud SQL for SQL Server to monitor, analyze, and diagnose issues with your instances, databases, and queries:

  • System insights
  • Query insights

Both of these dashboards are available to you in the Google Cloud Console. The System insights dashboard displays the metrics for the resources that your instance is using and can help you analyze the performance of your instance. For more information, see Use system insights to improve system performance. System insights is generally available (GA).

The Query insights dashboard helps you detect problems with queries in your Cloud SQL databases. The dashboard also provides you with the ability to monitor active queries and view index advisor recommendations. For more information, see Use query insights to improve query performance. Query insights for Cloud SQL for SQL Server is in Preview.

You can enable query insights for Cloud SQL Enterprise Plus edition. When you enable query insights for Enterprise Plus, you can access additional features in query insights such as 30 days of metrics retention, granular query plan details, and a higher query length limit. The query insights for Cloud SQL Enterprise Plus edition, index advisor, and active queries features are also in Preview.

Cloud Service Mesh

Advanced load balancing for managed Cloud Service Mesh (TD) is now available in preview.

Pub/Sub

Documentation is now available to help you troubleshoot Pub/Sub issues by using audit logs. You can use audit logs to troubleshoot issues related to identifying who created, deleted, or modified Pub/Sub resources, tracking configuration changes to topics or subscriptions, and verifying the existence and status of topics and subscriptions. For more information, see Troubleshoot Pub/Sub issues with audit logs and General troubleshooting.

Vertex AI

Vector Search hybrid search and sparse embeddings are generally available (GA)

Vector Search hybrid search and sparse embeddings are generally available (GA). Hybrid search uses both dense and sparse embeddings, which lets you search based on a combination of keyword search and semantic search. For more information about hybrid search, see About hybrid search.

December 19, 2024

Apigee X

On December 19, 2024, we released an updated version of Apigee (1-14-0-apigee-3) for trial organizations only.

Bug ID Description
N/A Updates to security infrastructure and libraries.
Application Integration

You can now build and publish custom connectors for Google Cloud Marketplace. This feature is in preview.

The following connectors built by partners are available in the Google Cloud Marketplace. You can use these connectors to create connections and use them in Application Integration.

  • Exact HR
  • Openlegacy IBMi/AS/400 API
  • Salesforce Commerce Cloud B2B
BigQuery

The Sovereign Controls for EU control package now supports BigQuery Data Transfer Service. For more information, see Supported products by control package. This feature is generally available (GA).

You can now manage data canvases, data preparations, notebooks, saved queries, and workflows in Dataplex. Metadata of data canvases, data preparations, notebooks, saved queries, and workflows is automatically available in Dataplex, without additional configuration. This feature is generally available (GA).

You can now search for and view the metadata of data canvases, data preparations, notebooks, saved queries, and workflows in the Dataplex console. This feature is in preview.

Capacity Planner

Preview: You can create future reservation requests for VMs of a single machine type using the Google Cloud console. Reserving capacity based on your predicted VM or GPU usage helps ensure that your projects have the capacity needed to support increases in usage. For more information, see Reserve capacity in Capacity Planner.

Cloud Data Fusion

The Cloud Data Fusion version 6.10.1.2 patch revision is generally available (GA). 6.10.1.2 includes the following changes:

  • You can generate audit logs that record data plane activities within your Cloud Data Fusion instance. Data plane audit logging is available in Preview for RBAC-enabled instances.

  • To improve the API response time, by default, all program activity records older than 30 days are cleaned up. Any activity older than 30 days isn't visible in the Cloud Data Fusion studio (CDAP-14950).

  • When using role-based access control, performing the List Pipelines operation requires datafusion.pipelines.list permission, in addition to datafusion.namespaces.get permission. For more information, see RBAC roles and permissions (CDAP-20931).

  • Fixed an issue causing the flow control metric, flowcontrol.launching.count, to overcount in cases where servers were restarted when a pipeline run was in progress (CDAP-21046).

  • Fixed an issue causing the flow control metric, flowcontrol.launching.count, to be stale after a restart when no pipelines were running (CDAP-21048).

  • Fixed an issue causing the default max concurrent runs limit for triggers not to appear in the web interface, making it difficult to tell if triggers were working as intended (CDAP-21072).

  • Fixed an issue causing the top panel of the Studio tab to disappear when you edited a pipeline draft that's based on a pipeline from an earlier Cloud Data Fusion version (CDAP-21073).

  • Improved performance by removing a call to the list apps API during pipeline deployment when checking if a pipeline already exists (CDAP-21074).

Cloud Vision

Safe Search model update

We will be updating the SAFE_SEARCH_DETECTION feature model to improve quality.

We'll support both the current model and the new model for the next 90 days. After 90 days, the new model will become the default. The current model can still be accessed by specifying "builtin/legacy" for an additional 90 days before it's deprecated.

To use the new model, specify "builtin/latest" in the model field of a Feature object.

Cortex Framework

Release 6.1

  • SAP Annotations: All SAP Reporting views and fields are now fully annotated with functional descriptions and business context. Deploy Data Mesh to take advantage of this feature.
  • Google Ads Campaign Daily Aggregates view has been redesigned:
    • The CampaignDailyAggByUserCountry view is now removed.
    • Relevant information is now integrated into the CampaignDailyAgg view.
  • SAP Financial Model Initial Load: The Financial Model's initial load has been separated into a dedicated DAG for better organization.
  • SAP Inventory Module: Removed "Preview" tag.
  • SAP Hierarchy Reader: As announced in the previous release notes, the hier_reader code has been fully deprecated. Relevant SAMPLE scripts have been updated to use the new hierarchy reader DAG output tables.
  • SAP Fiscal and Currency functions: As announced in the previous release notes, these functions have been removed. Please use the relevant tables (currency_conversion, currency_decimal, and fiscal_date_dim) instead.
  • SAP Currency Decimal Fix: Fixed a decimal precision issue for SAP currency data.
  • Minor JOIN Condition Issue: Fixed a JOIN condition in SAP Billings view comments.
  • 1-Click Deployer:
    • Fixed an issue with incorrect default Google Analytics 4 CDC dataset setting.
    • Updated to use different output bucket names for SFMC and CM360.
  • K9 Deployer: Fixed the issue where temporary files were copied to the tmp* directory in the target bucket and not removed.
  • Minor Fixes: Addressed other minor issues related to dependency, configuration handling, Python library requirements, and DAG steps.
  • Google Trends DAG: The Google Trends API calls issued by this DAG may intermittently fail. If this happens, try rerunning the DAG.
  • 1-click deployer: The 1-click deployer for OracleEBS currently requires manual naming. Autoname mode is not yet supported.
Dataform

You can now manage Dataform repositories in Dataplex. Metadata of Dataform repositories is automatically available in Dataplex, without additional configuration. For more information, see Manage Dataform assets with Dataplex. This feature is generally available (GA).

You can now search for and view the metadata of Dataform repositories in the Dataplex console. This feature is in preview.

Dialogflow

Dialogflow CX (Conversational Agents): You can now set either a partial match or a full match to banned phrases. This setting applies to playbooks, datastores, and generators. You can enable and test this feature in Agent Settings > Generative AI > Banned phrases > Match requirements.

Google Cloud Managed Service for Apache Kafka

Documentation is now available to help you choose between Pub/Sub and Google Cloud Managed Service for Apache Kafka. The comparison is based on factors such as operational ease, portability, existing Kafka setup, and integration with other Google Cloud products. A detailed feature comparison table is also included. For more information, see Choose Cloud Managed Service for Apache Kafka or Pub/Sub.

NetApp Volumes

Google Cloud NetApp Volumes now lets you test if an Active Directory policy is properly connected to the Active Directory service using the Google Cloud console. Performing the test helps you troubleshoot errors in your Active Directory policy configuration. For more information, see Test the Active Directory policy connection.

Google Cloud NetApp Volumes now supports Kerberos for large capacity volumes.

Network Connectivity Center

IPv6 route exchange is available in public preview.

You can use export filters to configure a VPC spoke to exchange IPv6 subnet ranges or both IPv4 and IPv6 subnet ranges. For more information, see VPC connectivity with export filters

Organization Policy

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Secure Source Manager resources. For more information, see Manage resources with custom constraints.

The Organization Policy recommender generates insights and organization policy recommendations to restrict the creation and upload of service account keys. This feature is available in Preview.

You can use the iam.managed.allowedPolicyMembers managed organization policy constraint to implement domain restricted sharing. For more information, see Domain restricted sharing.

Policy Intelligence

The Organization Policy recommender generates insights and organization policy recommendations to restrict the creation and upload of service account keys. This feature is available in Preview.

Pub/Sub

Documentation is now available to help you choose between Pub/Sub and Google Cloud Managed Service for Apache Kafka. The comparison is based on factors such as operational ease, portability, existing Kafka setup, and integration with other Google Cloud products. A detailed feature comparison table is also included. For more information, see Choose Pub/Sub or Cloud Managed Service for Apache Kafka.

Resource Manager

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Secure Source Manager resources. For more information, see Manage resources with custom constraints.

The Organization Policy recommender generates insights and organization policy recommendations to restrict the creation and upload of service account keys. This feature is available in Preview.

You can use the iam.managed.allowedPolicyMembers managed organization policy constraint to implement domain restricted sharing. For more information, see Domain restricted sharing.

Secure Source Manager

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Secure Source Manager resources. For more information, see Manage resources with custom constraints.

Storage Transfer Service

When providing a URL list to transfer files, you can now host the list itself in an access-controlled Cloud Storage bucket. See Transfer from public URLs for full details.

December 18, 2024

Agent Assist

Pub/Sub intermediate transcription is available in preview. With this feature you can accomplish the following:

  • Show intermediate transcripts in your Agent Assist UI module.
  • Populate additional information to support audio integration.
AlloyDB for PostgreSQL

You can use an API to export data from AlloyDB clusters. This feature is generally available (GA). You can also cancel the export of data. For more information, see Export a CSV file and Export a SQL file.

Bigtable

You can now enable 2x node scaling when you create a new Bigtable cluster. This cluster configuration lets Bigtable treat two standard nodes as a larger, single compute node, and the cluster is always scaled in increments of two nodes. This feature is generally available (GA).

The Preview of Bigtable automated backup has been expanded to let you configure the backup retention period in automated backup policies, and the default is now seven days. For more information, see Update an automated backup policy.

Cloud Billing

Simulate scenarios in FinOps hub to maximize your savings from resource-based CUDs

In the FinOps hub, we added support for resource-based CUD recommendations as a starting point to simulate various usage scenarios, and customize the recommendation to purchase a CUD that maximizes your savings.

Learn about simulating scenarios for resource-based CUDs.

Cloud Logging

Cloud Logging adds support for the northamerica-south1 region. For a complete list of supported regions, see Supported regions.

You can now create custom roles that let you create and manage Log Scopes. Log Scopes are in Public Preview. For more information, see Create and manage log scopes: Before you begin.

Cloud Service Mesh

1.23.4-asm.1 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-065. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.23.4-asm.1 uses Envoy v1.31.5.

1.22.7-asm.1 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-065. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.22.7-asm.1 uses Envoy v1.30.9.

1.21.5-asm.17 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-065. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.21.5-asm.17 uses Envoy v1.29.12.

Upgrading the gRPC client may cause excessive streams to Traffic Director. Be cautious and do a gradual upgrade when upgrading to the following versions:

  • gRPC Java 1.67.1
  • gPRC Go 1.66
  • gRPC C++ 1.63
Developer Connect

You can now manage Developer Connect resources by using custom organization policies. This feature is generally available. To learn more, see Create custom organization policies.

VPC Service Controls support for Developer Connect is now in Preview.

Generative AI on Vertex AI

Hex-LLM: High-Efficiency Large Language Model Serving is available in General Availability (GA).

This launch adds support for the following models:

  • Llama 3.1
  • Llama 3.2
  • Phi-3
  • Qwen2 and Qwen2.5

Additional supported features:

  • Multi-host serving.
  • Disaggregated serving (experimental).
  • Prefix caching.
  • AWQ quantization.
Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.31.0-gke.889 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.31.0-gke.889 runs on Kubernetes v1.31.3-gke.100.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Announcing an early look at two preview features:

  • A new architecture called advanced clusters. When advanced cluster is enabled, the underlying Google Distributed Cloud software deploys controllers that allow for a more extensible architecture. Enabling advanced clusters gives you access to new features and capabilities, such as topology domains.

  • A topology domain is a pool of cluster nodes that are considered to be part of the same logical or physical grouping. Topology domains correspond to some underlying hardware or software that has the possibility of correlated failure, like networking equipment in a rack. As part of setting up a topology domain, you create a topology label that is set on all the nodes in the topology domain during cluster creation. This label lets you set up Pod Topology Spread Constraints.

Note the following limitations of the preview:

Upgrade changes:

  • Dataplane V2 is required for all user clusters. Before upgrading a user cluster to 1.31, follow the steps in Enable Dataplane V2.

  • To upgrade clusters to 1.31, you must upgrade your admin cluster first and then user clusters. For more information, see Version rules.

Version changes:

Other changes:

  • Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.
  • Removed TLS/SSL weak message authentication code cipher suites in the vSphere cloud controller manager.

The following issues are fixed in 1.31.0-gke.889:

  • Fixed the issue that additional manual steps are needed after disabling always-on secrets encryption with gkectl update cluster.
  • Fixed the known issue that caused migrating a user cluster to Controlplane V2 to fail if secrets encryption has ever been enabled on the user cluster, even if it's already disabled.
  • Fixed the known issue where the gkectl upgrade command returned an incorrect error about the netapp storageclass.
  • Fixed the known issue where updating DataplaneV2 ForwardMode doesn't automatically trigger anetd DaemonSet restart.

The following Ubuntu vulnerabilities: are fixed in 1.31.0-gke.889:

Additional Ubuntu vulnerabilities fixed in 1.31.0-gke.889:

Google Distributed Cloud (software only) for bare metal

Release 1.31.0-gke.889

Google Distributed Cloud for bare metal 1.31.0-gke.889 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.31.0-gke.889 runs on Kubernetes 1.31.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Version 1.28 end of life: In accordance with the Version Support Policy, version 1.28 (all patch releases) of Google Distributed Cloud for bare metal has reached its end of life and is no longer supported.

Functionality changes:

  • Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.

  • Updated the bmctl push images command to check for the existence of an image digest to determine whether or not to push an image.

  • Increased priority for cert-manager pods to system-cluster-critical to prevent premature eviction under control plane node resource pressure.

  • Updated the logic for parsing the cluster configuration file for newer clusters to validate that the anthosBareMetalVersion value follows the full x.y.z-gke.n semantic versioning scheme, including the GKE patch version.

  • Updated the snapshot capability to collect the following information:

    • Details for all custom resources
    • Additional debugging information for clusters
  • Add a health check to check that the ifnode-problem-detector systemd service is running on the node.

  • Updated the bmctl update command to identify differences (if any) between the preview feature annotations in the cluster configuration file and the annotations in the deployed Cluster resource.

  • Added a --num-of-parallel-threads flag to the snapshot command (bmctl check cluster --snapshot) so that you can specify the number of threads to use to create a snapshot. The default number of threads for snapshot creation is 10.

Fixes:

  • Fixed an issue where the registry mirror reachability check fails for a single unreachable registry mirror. Now the reachability check applies to configured registry mirrors only, instead of all registry mirrors.

  • Fixed the issue where non-root users can't run bmctl restore to restore quorum.

  • Fixed the issue that caused the cplb-update healthcheck job to run every 7 days, instead when needed only.

  • Fixed an issue where CronJob specs for periodic health checks weren't updated to reflect cluster annotation changes.

  • Fixed an issue where the control plane VIP might become unavailable because Keepalived didn't check correctly that the VIP is on a node with a responsive HAProxy.

  • Fixed the issue where, due to a misconfigured client, bmctl update misjudges clusters about whether they're self-managed.

  • Fixed Cloud Audit Logging failure due to allowlisting issue with multiple project IDs.

The following container image security vulnerabilities have been fixed in 1.31.0-gke.889:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

There are no new releases in the Regular channel.

Stable channel

There are no new releases in the Stable channel.

Extended channel

No channel

(2024-R49) Version updates

(2024-R49) Version updates

There are no new releases in the Regular channel.

(2024-R49) Version updates

There are no new releases in the Stable channel.

(2024-R49) Version updates

(2024-R49) Version updates

Security Command Center

Install new version of the Security Command Center Enterprise use case

The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise. The new use case, identified by date December 18, 2024, introduces updates to security posture findings playbooks and other enhancements to support the management of toxic combination findings and cases in the Security Operations console.

For installation instructions, see Update Enterprise use case, December 2024.

Security Health Analytics now supports new resource types for creating custom modules. For a full list of supported resource types, see Supported resource types.

Vulnerability Assessment for AWS now supports scanning container images in Elastic Container Registry (ECR). It can detect operating system misconfigurations and issues with installed packages.

December 17, 2024

Apigee X

On December 17, 2024, we released a new version of Apigee.

With this release, the maximum number of apps per AppGroup is increased from 500 to 30,000.

For more information, see the Apigee Limits page.

Bigtable

You can use Organization Policy Service custom constraints to manage specific operations on Bigtable resources. For more information, see Use custom organization policies. This feature is generally available (GA).

Cloud Data Fusion

Cloud Data Fusion supports the CMEK organization policy.

Cloud Router

Standard best path selection mode is now generally available. For more information, see Best path selection modes.

Cloud Run

New finer-grained predefined IAM roles are available for Cloud Run: Cloud Run Service Invoker, Cloud Run Jobs Executor, Cloud Run Jobs Executor With Overrides. These roles make it easier to grant least privilege access to production accounts accessing Cloud Run resources.

Cloud Service Mesh

Single Cluster Gateway for Mesh is now generally available. For more information, see Prepare to setup the Gateway API for Cloud Service Mesh.

Routing traffic between Cloud Service Mesh workloads and Cloud Run Services is now available in preview. For more information, see the following pages:

Compute Engine

Preview: You can create instances that use only IPv6 IP addresses. For more information, see IP addresses.

Generative AI on Vertex AI

You can copy tuned Gemini 1.5 Pro 002 and Gemini 1.5 Flash 002 adapter models across projects. For details, see Copy a model in Vertex AI Model Registry.

Google Distributed Cloud (software only) for VMware

The following critical container vulnerabilities are fixed in 1.31.0-gke.889:

Google Kubernetes Engine

1.32 is now available in the Rapid channel

Kubernetes 1.32 is now available in the Rapid channel. For more information about the content of Kubernetes 1.32, read the Kubernetes 1.32 Release Notes.

New features

Deprecated in Kubernetes 1.32

  • The following Beta versions of graduated APIs were deprecated in 1.29 and removed in 1.32 in favor of newer versions:

    • flowcontrol.apiserver.k8s.io/v1beta3 FlowSchema, PriorityLevelConfiguration
      • deprecated since 1.29, will no longer be served in 1.32,
      • instead, use flowcontrol.apiserver.k8s.io/v1, available since 1.29.
  • The status.nodeInfo.kubeProxyVersion field in the Node API is deprecated and will not be populated starting in v1.33. The field is currently populated with the kubelet version, not the kube-proxy version, and might not accurately reflect the kube-proxy version in use. For more information, see KEP-4004.

1.32 is now available in the Rapid channel

Kubernetes 1.32 is now available in the Rapid channel. For more information about the content of Kubernetes 1.32, read the Kubernetes 1.32 Release Notes.

Google SecOps

Looker dashboard updates

The following changes have been made to the Looker dashboards in Google SecOps:

  • All dashboards have been moved to the ingestion_metrics_connector explore.

  • The ingestion_stats, ingestion_metric_with_ingestion_stats and ingestion_metrics explores are no longer supported.

  • The total_entry_number and total_size_bytes fields are defined in the new explore and used to query the log count and log volume for the Google SecOps Ingestion API. For more information, see the Ingestion metrics field reference for dashboards.

  • The default dashboards for Context aware detections risk and Cloud detection and response overview have been updated to use a different field for the risk score. It was rule_detections.outcomes['risk_score'] and is now rule_detections.risk_score. This change aligns the risk score in the Google SecOps dashboards to the risk score used in the Google SecOps user interface.

  • The severity field in the Rules and detections default Dashboard has been updated so that it would show the severity for both Curated Detections and custom rules.

Google SecOps SIEM

Looker dashboard updates

The following changes have been made to the Looker dashboards in Google SecOps:

  • All dashboards have been moved to the ingestion_metrics_connector explore.

  • The ingestion_stats, ingestion_metric_with_ingestion_stats and ingestion_metrics explores are no longer supported.

  • The total_entry_number and total_size_bytes fields are defined in the new explore and used to query the log count and log volume for the Google SecOps Ingestion API. For more information, see the Ingestion metrics field reference for dashboards.

  • The default dashboards for Context aware detections risk and Cloud detection and response overview have been updated to use a different field for the risk score. It was rule_detections.outcomes['risk_score'] and is now rule_detections.risk_score. This change aligns the risk score in the Google SecOps dashboards to the risk score used in the Google SecOps user interface.

  • The severity field in the Rules and detections default Dashboard has been updated so that it would show the severity for both Curated Detections and custom rules.

Looker Studio

Preview your data

The data source editor displays a preview of the data in your fields. This feature is available for the following data sources:

Gemini in Looker enhancements

When creating a calculated field with Gemini assistance, Looker Studio now suggests sample prompts to help you get started.

Warnings for external links

When users click an external link, Looker Studio displays a redirect notice.

Proportional heights for inverted triangle funnels

You can now use the Use proportional heights setting to display the value of categories in a funnel chart by varying the height of each bar when you select the inverted triangle funnel style option. Larger values have taller bars while smaller values have shorter bars.

Improved hide/remove data source fields

We've improved the functionality of hiding and removing fields from a data source:

  • You can remove any field from a data source. (Previously, you could only remove calculated fields.)
  • Hiding or removing a field from a data source prevents report viewers from accessing metadata about that field. Field metadata includes information such as the field name and type of connector that is used to access that field.

These improvements help you control access to your organization's sensitive information while still promoting data democratization.

Learn more about data governance in Looker Studio.

Dimensions in scorecard charts

You can now choose whether to display a dimension or a metric as the primary field in a scorecard chart. When a dimension is selected as the primary field, you can also select a different field for sorting the dimension values.

Partner connection launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Organization Policy

You can use Organization Policy Service custom constraints to manage specific operations on Bigtable resources. For more information, see Use custom organization policies. This feature is generally available (GA).

Resource Manager

You can use Organization Policy Service custom constraints to manage specific operations on Bigtable resources. For more information, see Use custom organization policies. This feature is generally available (GA).

Security Command Center

For Security Command Center Enterprise customers, the Sensitive Data Protection discovery service is now automatically enabled during the Enterprise activation process. For more information, see Enable sensitive data discovery in the Enterprise tier.

Vertex AI

You can copy tuned Gemini 1.5 Pro 002 and Gemini 1.5 Flash 002 adapter models across projects. For details, see Copy a model in Vertex AI Model Registry.

Virtual Private Cloud

IPv6-only subnets and instances are available in Preview. For more information, see the following:

For information about which services support IPv6-only configurations, see IPv6 support in Google Cloud.

December 16, 2024

Agent Assist

Agent Assist offers a native UI Connector with Genesys Cloud to integrate with voice conversations.

Apigee hybrid

hybrid v1.14.0

On December 16, 2024 we released an updated version of the Apigee hybrid software, v1.14.0.

Enhanced Proxy Limits in Hybrid environments

Starting in version v1.14, new Apigee hybrid organizations can be provisioned with the ability to deploy more than 50 proxies per environment enabled. This feature is already available for Apigee X.

Starting with Apigee hybrid version 1.14, the limits for Apigee hybrid organizations have increased:

  • The maximum number of deployed API proxies and shared flows per organization is 6000.
  • The maximum number of proxy deployment units per Apigee instance is 6000.
  • The maximum number of API base paths per Apigee organization is 3000.

When more than 50 proxies are deployed in an environment, Apigee will automatically partition the environment into several distinct replica sets, each containing a subset of proxies deployed in the environment. These replica subsets are equivalent in behavior to a single environment in the way it loads and runs a set of proxies and other environment resources. This will be transparent to the user, and you can continue to use the environment as you would a single environment.

Cassandra credential rotation

Starting in version v1.14, you can rotate Cassandra credentials in Kubernetes secrets. In addition, you can now roll back credential rotation before the cleanup job is initiated in both Vault and Kubernetes secrets. See:

Enable and disable metrics-based scaling with customAutoscaling.enabled

Starting in version v1.14, you can enable and disable metrics-based auto-scaling with the customAutoscaling.enabled configuration property. See:

New analytics and debug data pipeline for hybrid orgs

Starting with version 1.14, all newly created Apigee hybrid orgs created can use a new data pipeline to collect analytics and debug data and allow various runtime components to write data directly to our control plane. See:

Forward Proxy allowlist access

Starting in version v1.14, forward proxies pass through access to allowlisted URLs. Therefore you only need to configure allowlists to googleapis.com URLs on the server on which the forward proxy is configured. See:

Guardrails checks to ensure backups before upgrade

Starting in version 1.14 new guardrails checks have been added to ensure a backup is enabled and has been made before proceeding with an upgrade. See:

Bug ID Description
382323427 Added a guardrails check that requires backup to be enabled for Apigee Hybrid upgrades. Backups are required prior to upgrading to support restoring to the previous version, if necessary.
380346557 Added a guardrails check that requires the backup within the last 24 hours to be present if the CSI backup is enabled. This will minimize potential data loss if a restore to the previous version is needed.
377573589 Fix a bug where manually created rollbacks would interfere with existing rotations instead of cancelling them.
362305438 Users can now add additional env variables to the runtime component. See runtime.envVars
319152386 Fix AccessTokenGenerationFailure in runtime when using a forward proxy.
335357961 Fixed an issue where Apigee hybrid could claim uploads of backups with the Cloud provider when no bucket had been configured
290183372 The need to whitelist oauth2 and iamcredentials.googleapis.com directly from MP in fwd proxy setup is removed.
237656263 Resolved issue with ServiceCallout policy not working in async mode as expected.
373722434 Fixed support for backups to Google Cloud Storage buckets with retention policies. (Fixed in v1.13.2)
368646378 Fixed an issue affecting control Plane connectivity testing in Guardrails. (Fixed in v1.12.3)
364282883 Remove check for dc-expansion flag and add timeout to multi-region seed host connection test. (Fixed in v1.13.1)
362979563 Fix for Ingress Health Check failure /healthz/ingress - route_not_found. (Fixed in 1.13.0-hotfix.1)
362690729 Fix for aggressive scaling of runtime pods & cpu spike. (Fixed in 1.13.0-hotfix.1)
362305438 You can now add additional env variables to the runtime component. (Fixed in v1.13.1)
361044374 Fixes assign message not correctly highlighting the set payload action in the debug trace. (Fixed in v1.13.2)
355122464 This release contains a few error-handling fixes for CSI backup and restore. (Fixed in v1.13.2)
353527851 WebSocket connection drops when using VerifyJwt or OAuthV2 VerifyJWTAccessToken operations. (Fixed in v1.13.1)
351440306 An issue was fixed where trace could not be viewed in the UI for orgs with DRZ enabled. (Fixed in v1.13.1)
347798999 You can now configure forward proxy for opentelemetry pods in Apigee hybrid. (Fixed in v1.12.2)
338638343 An ID is now added at the end of apigee-env and virtualhost guardrails pods to make the pod names unique. (Fixed in v1.13.1)
237656263 Fix added to make use of asynchronous ServiceCallout execution when the ServiceCallout policy <Response> element is not present (Fixed in v1.13.2)
181569113 Fixed an issue in new debug session creation. (Fixed in v1.12.3)
Bug ID Description
N/A Security fixes for apigee-redis.
This addresses the following vulnerabilities:
N/A Security fixes for livenessprobe.
This addresses the following vulnerability:
376104926 Security fixes for apigee-kube-rbac-proxy. (Fixed in v1.12.3)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-redis. (Fixed in v1.13.2)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-open-telemetry-collector. (Fixed in v1.13.1)
This addresses the following vulnerability:
N/A Security fixes for apigee-open-telemetry-collector. (Fixed in v1.12.3)
This addresses the following vulnerability:
N/A Security fixes for apigee-cassandra-backup-utility and apigee-hybrid-cassandra. (Fixed in v1.12.2)
This addresses the following vulnerability:
App Hub

App Hub supports resources from Cloud Run services in Preview.

Audit Manager

Audit Manager provides an option to customize compliance frameworks and use them for audits. For more information, see Create a custom compliance framework. This feature is available in Preview.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.45.0 (2024-12-13)

Features
  • Enable Lossless Timestamps in BQ java client lib (#3589) (c0b874a)
  • Introduce java.time methods and variables (#3586) (31fb15f)
Bug Fixes
  • test: Update schema for broken ConnImplBenchmark test (#3574) (8cf4387)
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.56.0 (#3582) (616ee2a)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20241111-2.0.0 (#3591) (3eef3a9)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20241115-2.0.0 (#3601) (41f9adb)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.60.0 (#3583) (34dd8bc)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.41.0 (#3607) (11499d1)
  • Update github/codeql-action action to v2.27.5 (#3588) (3f94075)
  • Update github/codeql-action action to v2.27.6 (#3597) (bc1f3b9)
  • Update github/codeql-action action to v2.27.7 (#3603) (528426b)
Documentation
  • bigquery: Add javadoc description of timestamp() parameter. (#3604) (6ee0c10)

You can now use the Google Cloud Code extension for VS Code to work with BigQuery datasets and notebooks in your VS Code environment. This feature is in preview.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.50.0 (2024-12-06)

Features
  • Add support for Row Affinity app profiles (#2341) (cb4d60e)
Cloud Composer

Cloud Composer 3 is now generally available (GA):

  • All Airflow builds starting from airflow-2.9.3-build.11 and airflow-2.10.2-build.4 are supported at the GA level.
  • If your environment uses an earlier Airflow build, then upgrade it to airflow-2.9.3-build.11, airflow-2.10.2-build.4, or a later build to use Cloud Composer 3 on the GA level.
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.21.0 (2024-12-13)

Features
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.0 (04d8868)
Dependencies
  • Update dependency io.opentelemetry:opentelemetry-bom to v1.45.0 (#1638) (7e007d4)
  • Update sdk platform java dependencies (#1736) (88b4cdf)
Cloud Run

Service-level minimum instances are now set using the --min command line flag, --service-min-instances remains available as an alias to --min.

Cloud TPU

This Release Note announces General Availability of Trillium AKA v6e. Trillium is the 6th generation and latest Cloud TPU. It is fully integrated with our AI Hypercomputer architecture to deliver compelling value to our Google Cloud Platform AI customers.

We used Trillium TPUs to train the new Gemini 2.0, Google's most capable AI model yet, and now enterprises and startups alike can take advantage of the same powerful, efficient, and sustainable infrastructure. Today, Trillium is generally available for Google Cloud customers and this week we will be delivering our first large tranches of Trillium capacity to some of our biggest Google Cloud Platform customers.

Here are some of the key improvements that Trillium delivers over the prior generations, v5e and v5p:

  • Over 4x improvement in training performance.

  • Up to 3x increase in inference throughput.

  • A 67% increase in energy efficiency.

  • An impressive 4.7x increase in peak compute performance per chip.

  • Double the High Bandwidth Memory (HBM) capacity.

  • Double the Interchip Interconnect (ICI) bandwidth.

  • 100,000 Trillium chips per Jupiter network fabric with 13 Petabits/sec of bisection bandwidth, capable of scaling a single distributed training job to hundreds of thousands of accelerators.

  • Trillium provides up to 2.1x increase in performance per dollar over Cloud TPU v5e and up to 2.5x increase in performance per dollar over Cloud TPU v5p in training dense LLMs like Llama2-70b and Llama3.1-405b.

  • GKE integration enables seamless AI workload orchestration using Google Compute Engine MIGs including XPK for faster iterative development.

  • Multislice training with Trillium scales from one to hundreds of thousands of chips across pods using DCN.

  • Training and serving fungibility enables use of same Cloud TPU quota for both training and inference.

  • Support for collection scheduling with collection SLOs being defended.

  • Full-host VM support to enable inference support for larger models (70B+ parameters).

  • Official Libtpu releases that guarantees stability across all three frameworks (Jax/Pytorch-XLA/Tensorflow).

These enhancements enable Trillium to excel across a wide range of AI workloads, including:

  • Scaling AI training workloads like LLMs including dense and Mixture of Experts (MoE) models

  • Inference performance and collection scheduling

  • Embedding-intensive models acceleration

  • Delivering training and inference price-performance

Compute Engine

The A3 Edge accelerator-optimized machine type is no longer available in Turin, Italy: europe-west12-b. For a list of available regions and zones, see GPU regions and zones.

Container Optimized OS

cos-113-18244-236-77

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Updated app-admin/google-guest-configs to v20241205.00.

Upgraded sys-apps/hwdata to v0.390.

Upgraded sys-apps/file to v5.46.

Disabled CONFIG_DEBUG_PREEMPT in the Linux kernel. This should improve performance for some workloads.

Fixed CVE-2024-53136 in the Linux kernel.

Fixed CVE-2024-50191 in the Linux kernel.

Fixed CVE-2024-53135 in the Linux kernel.

Fixed CVE-2024-53121 in the Linux kernel.

Fixed CVE-2024-53113 in the Linux kernel.

Fixed CVE-2024-53119 in the Linux kernel.

Fixed CVE-2024-50186 in the Linux kernel.

cos-117-18613-75-72

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.24 See List

Updated app-admin/google-guest-configs to v20241205.00.

Upgraded sys-apps/file to v5.46.

Upgraded sys-apps/hwdata to v0.390.

Disabled CONFIG_DEBUG_PREEMPT in the Linux kernel. This should improve performance for some workloads.

Fixed CVE-2024-50186 in the Linux kernel.

cos-105-17412-495-73

Kernel Docker Containerd GPU Drivers
COS-5.15.167 v23.0.3 v1.7.23 See List

Fixed CVE-2024-50191 in the Linux kernel.

Fixed CVE-2024-50186 in the Linux kernel.

cos-109-17800-372-71

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Updated app-admin/google-guest-configs to v20241205.00.

Google Kubernetes Engine

Cloud DNS additive VPC scope is now generally available on GKE clusters running version 1.28.3-gke.1430000 or later. You can now configure your GKE clusters to add GKE headless service entries to your Cloud DNS private zone visible from your VPC networks, on top of using Cloud DNS (cluster scope) as your GKE DNS provider.

To learn more, read Cloud DNS scopes for GKE.

Trillium, our sixth-generation TPU, is now generally available. Support is available for GKE Standard clusters in version 1.31.1-gke.1846000 or later, and Autopilot clusters in version 1.31.2-gke.1384000 or later. You can use TPU Trillium in the us-east5-b, europe-west4-a, us-east1-d, asia-northeast1-b, and us-south1-a zones.

To learn more, see Benefits of using TPU Trillium.

Cloud DNS additive VPC scope is now generally available on GKE clusters running version 1.28.3-gke.1430000 or later. You can now configure your GKE clusters to add GKE headless service entries to your Cloud DNS private zone visible from your VPC networks, on top of using Cloud DNS (cluster scope) as your GKE DNS provider.

To learn more, read Cloud DNS scopes for GKE.

Trillium, our sixth-generation TPU, is now generally available. Support is available for GKE Standard clusters in version 1.31.1-gke.1846000 or later, and Autopilot clusters in version 1.31.2-gke.1384000 or later. You can use TPU Trillium in the us-east5-b, europe-west4-a, us-east1-d, asia-northeast1-b, and us-south1-a zones.

To learn more, see Benefits of using TPU Trillium.

Identity and Access Management

Principal access boundary policies are generally available. You can use principal access boundary policies to limit the resources that a principal is eligible to access.

Organization Policy

Cloud Load Balancing resources now let you use custom constraints to define your own restrictions on Google Cloud services. To learn about which load balancing resources support custom constraints, and some sample use cases, see Manage Cloud Load Balancing resources using custom constraints.

This feature is available in General Availability.

Policy Intelligence

You can use Policy Simulator for principal access boundary policies to simulate changes to principal access boundary policies before you apply them. This feature is available in Preview.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.135.0 (2024-12-12)

Features
  • Introduce java.time variables and methods (#2271) (7edfd9c)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.0 (0b0d52c)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.44.0 (#2270) (a5f70a9)
  • Update dependency com.google.cloud:google-cloud-core to v2.48.0 (#2263) (d7e5588)
  • Update dependency com.google.cloud:google-cloud-core to v2.49.0 (#2285) (cd94a19)
  • Update dependency com.google.cloud:google-cloud-storage to v2.45.0 (#2268) (80a09e6)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.41.0 (#2286) (0c0a1b9)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.29.0 (#2276) (54ef88d)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.29.1 (#2279) (de3c9e1)
  • Update googleapis/sdk-platform-java action to v2.51.0 (#2284) (0be820e)
Documentation
Resource Manager

Cloud Load Balancing resources now let you use custom constraints to define your own restrictions on Google Cloud services. To learn about which load balancing resources support custom constraints, and some sample use cases, see Manage Cloud Load Balancing resources using custom constraints.

This feature is available in General Availability.

Security Command Center

Security Command Center can now produce Cloud Infrastructure Entitlement Management (CIEM) misconfiguration findings for federated identities that are connected to your AWS environment through the AWS IAM Identity Center.

Detector for Container Threat Detection released to General Availability

Container Threat Detection, a built-in service available in Security Command Center Premium and Enterprise, has launched three new detectors to General Availability:

  • Execution: Container Escape: Detects when a process inside a container tries to break out of its isolation and interact with the host system or other containers.
  • Execution: Kubernetes Attack Tool Execution: Detects when a Kubernetes attack tool is run inside a container, indicating a potential attempt to exploit vulnerabilities in the Kubernetes environment.
  • Execution: Local Reconnaissance Tool Execution: Detects when a local reconnaissance tool is executed within a container, suggesting that an attacker is gathering information about the container environment, such as network configurations, active processes, or mounted file systems.

For more information, see Container Threat Detection detectors.

reCAPTCHA

Configuring allowlists for IP addresses is now available in GA. This feature lets you add the trusted IP addresses to an allowlist to exclude them from reCAPTCHA enforcement. For more information, see Configure an IP address allowlist.

December 15, 2024

Cloud Composer

When creating new environments in Google Cloud console, it's now required to explicitly select a service account for the environment. We recommend to create a user-managed service account and use it for Cloud Composer environments.

December 14, 2024

Google SecOps SOAR

Release 6.3.27 is still in Preview.

December 13, 2024

Agent Assist

Agent Assist infobot offers support for new languages in GA.

Application Integration

Integration templates (Preview)

Save time and effort building integrations with integration templates. These pre-defined blueprints provide a starting point for common integration flows, allowing you to quickly create and customize integrations without starting from scratch.

For more information, see Templates.

Generate and view OpenAPI Specification (Preview)

You can now generate and view the OpenAPI Specification for any published integration that uses API triggers. This allows for greater understanding and analysis of your integration's API interactions.

For more information, see View OpenAPI Specification for your integration.

API trigger input and output variables

You can now set request and response payloads for an API trigger using trigger specific input and output variables. For more information, see API trigger.

Assured Workloads

The following products are now supported by the following control packages. See supported products for more information:

  • Apigee, Cloud Vision API, GKE Identity Service, Traffic Director, Vertex AI Search:
    • Australia Regions
    • Australia Regions with Assured Support
    • Brazil Regions
    • Canada Regions
    • Canada Regions and Support
    • Chile Regions
    • EU Regions
    • EU Regions and Support
    • Hong Kong Regions
    • India Regions
    • Indonesia Regions
    • Israel Regions
    • Israel Regions and Support
    • Japan Regions
    • Qatar Regions
    • Singapore Regions
    • South Africa Regions
    • South Korea Regions
    • Switzerland Regions
    • Taiwan Regions
    • UK Regions
    • US Regions
    • US Regions and Support
  • Spanner:
    • Australia Regions with Assured Support
    • Canada Regions and Support
    • EU Regions and Support
    • Israel Regions and Support
    • Japan Regions
    • US Regions and Support

The CJIS control package now supports the following products. See Supported products by control package for more information:

  • AlloyDB for PostgreSQL
  • Cloud Data Fusion
  • Cloud Vision API
  • Speech-to-Text
  • Vertex AI Search
  • Vertex AI Workbench Notebooks
Cloud Logging

Reporting of the "pending" status of the Ops Agent on the Cloud Monitoring VM Instances dashboard has been refined to include additional states. For more information, see Use VM Instances dashboard.

Cloud Monitoring

Reporting of the "pending" status of the Ops Agent on the Cloud Monitoring VM Instances dashboard has been refined to include additional states. For more information, see Use VM Instances dashboard.

Cloud Run

The CPU allocation setting has been renamed to Billing in the Google Cloud console for Cloud Run services.

The two billing settings are:

  • Request-based billing (default), previously called CPU is only allocated during request processing, only charges your Cloud Run instances during request processing, container startup, and container shutdown.
  • Instance-based billing, previously called CPU always allocated, charges your Cloud Run instances for the entire lifecycle of instances, even when there are no incoming requests.

For more details, see the Billing settings guide.

Dialogflow

Dialogflow CX data stores: The following languages are now GA. See the language support page for details.

  • Arabic
  • Bengali
  • Bulgarian
  • Chinese Simplified
  • Chinese Traditional
  • Croatian
  • Czech
  • Estonian
  • Finnish
  • Hebrew
  • Hungarian
  • Japanese
  • Korean
  • Latvian
  • Lithuanian
  • Norwegian
  • Polish
  • Romanian
  • Russian
  • Serbian
  • Slovak
  • Slovenian
  • Swahili
  • Thai
  • Turkish
  • Ukrainian
  • Vietnamese
Google Cloud Managed Service for Apache Kafka

Google Cloud Managed Service for Apache Kafka now supports moving open source Kafka data to Google Cloud using various Dataflow templates. You can move Kafka data to Cloud Managed Service for Apache Kafka, BigQuery, and Cloud Storage. For more information about these data movement use cases, see Move Kafka data in Google Cloud.

Google Kubernetes Engine

GKE now provides insights and recommendations that help you identify and amend clusters running a minor version that reached end of standard support, clusters with nodes in violation of version skew policy, and clusters without a maintenance window to achieve reliable operations, up-to-date security posture and supportability.

The C4A machine family is generally available in the following versions:

  • Standard clusters in version 1.28.13-gke.1024000, 1.29.8-gke.1057000, 1.30.4-gke.1213000 or later. To use this family in GKE Standard, you can use the --machine-type flag when creating a cluster or node pool.

  • Autopilot clusters in 1.28.15-gke.1344000, 1.29.11-gke.1012000, 1.30.7-gke.1136000, 1.31.3-gke.1056000 or later. To use this family in GKE Autopilot, schedule your workloads along with the kubernetes.io/machine-family: c4a node selector. In versions 1.31 or above, the kubernetes.io/arch: arm64 node selector would default to C4A machine family.

Cluster autoscaler and node auto-provisioning are supported in 1.28.15-gke.1344000, 1.29.11-gke.1012000, 1.30.7-gke.1136000, 1.31.3-gke.1056000 or later.

Local SSD support is available for Public Preview from 1.31.1-gke.2008000. Contact your Account Team to participate in the preview.

GKE now provides insights and recommendations that help you identify and amend clusters running a minor version that reached end of standard support, clusters with nodes in violation of version skew policy, and clusters without a maintenance window to achieve reliable operations, up-to-date security posture and supportability.

The C4A machine family is generally available in the following versions:

  • Standard clusters in version 1.28.13-gke.1024000, 1.29.8-gke.1057000, 1.30.4-gke.1213000 or later. To use this family in GKE Standard, you can use the --machine-type flag when creating a cluster or node pool.

  • Autopilot clusters in 1.28.15-gke.1344000, 1.29.11-gke.1012000, 1.30.7-gke.1136000, 1.31.3-gke.1056000 or later. To use this family in GKE Autopilot, schedule your workloads along with the kubernetes.io/machine-family: c4a node selector. In versions 1.31 or above, the kubernetes.io/arch: arm64 node selector would default to C4A machine family.

Cluster autoscaler and node auto-provisioning are supported in 1.28.15-gke.1344000, 1.29.11-gke.1012000, 1.30.7-gke.1136000, 1.31.3-gke.1056000 or later.

Local SSD support is available for Public Preview from 1.31.1-gke.2008000. Contact your Account Team to participate in the preview.

Memorystore for Redis Cluster

AOF and RDB persistence are Generally Available. For more details, see Persistence overview.

Virtual Private Cloud

Private Service Connect service connectivity automation lets you automate connectivity to supported Google service instances that are located in a different project, folder, or organization than the service consumer (custom scope). This feature is available in General Availability.

December 12, 2024

AlloyDB for PostgreSQL

AlloyDB System insights offers a unified, customizable database monitoring dashboard that includes predefined metrics and other Google Cloud metrics. This feature is generally available (GA). For more information, see Create a custom dashboard.

BigQuery

Regional endpoints, which help you run your workloads in compliance with data residency and data sovereignty requirements, are now generally available (GA). With regional endpoints, your request traffic is routed directly to the region specified in the endpoint. For more information, see BigQuery regional endpoints.

You can now discover, procure, and commercialize your Analytics Hub listings on Google Cloud Marketplace to share data offerings at scale. This feature is in preview.

Bigtable

Bigtable is now supported by Database Center, which is in Preview. Database Center is an AI-assisted dashboard that gives you one centralized view across your entire database fleet. With this release, Database Center displays health issues for Bigtable availability and data protection. For more information, see Database health issues.

Cloud Database Migration Service

Database Migration Service now supports MySQL minor version 8.0.40 for homogeneous MySQL migrations. For more information, see Supported source and destination databases in Cloud SQL for MySQL migrations.

Cloud Monitoring

You can now override the validation that checks for metric existence when you create a PromQL-based alerting policy. For more information, see Disable check for metric existence.

Text widgets can now link to sections of a dashboard and they can render variables. For more information, see the following documents:

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.126-debian10, 2.0.126-rocky8, 2.0.126-ubuntu18
  • 2.1.74-debian11, 2.1.74-rocky8, 2.1.74-ubuntu20, 2.1.74-ubuntu20-arm
  • 2.2.40-debian12, 2.2.40-rocky9, 2.2.40-ubuntu22

Dataproc on Compute Engine: Updated Dataproc Metastore (DPMS) gRPC proxy image version to v. 0.0.70

Dialogflow

Dialogflow CX: You can now configure an access token name in Dialogflow Messenger to store the end user's authentication when they sign in, and then use it as the bearer token for tool authentication. See the Dialogflow Messenger documentation for more information about enabling this feature.

Firestore

Firestore is supported by Database Center. Database Center is an AI-assisted dashboard that gives you one centralized view across your entire database fleet. Database Center displays the following health issue for Firestore:

  • No automated backup policy

For more information, see Database Center overview and database health issues.

Google Kubernetes Engine

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

  • Version 1.30.6-gke.1125000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1020000
    • 1.28.15-gke.1080000
    • 1.29.10-gke.1054000
    • 1.29.10-gke.1155000
    • 1.30.5-gke.1699000
    • 1.30.5-gke.1713000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1159000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.10-gke.1227000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.6-gke.1125000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1159000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.10-gke.1227000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.6-gke.1125000 with this release.

Stable channel

  • Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.28.14-gke.1340000
    • 1.29.9-gke.1496000
    • 1.30.5-gke.1443001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.

Extended channel

  • Version 1.30.6-gke.1125000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1784000
    • 1.28.15-gke.1020000
    • 1.28.15-gke.1080000
    • 1.29.10-gke.1054000
    • 1.29.10-gke.1155000
    • 1.30.5-gke.1699000
    • 1.30.5-gke.1713000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1836000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1159000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.10-gke.1227000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.6-gke.1125000 with this release.

No channel

Starting with GKE version 1.33, clusters running cgroupv1 will automatically be upgraded to cgroupv2 unless you opt out first. For more information, see Migrate nodes to cgroupv2.

(2024-R48) Version updates

(2024-R48) Version updates

  • Version 1.30.6-gke.1125000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1020000
    • 1.28.15-gke.1080000
    • 1.29.10-gke.1054000
    • 1.29.10-gke.1155000
    • 1.30.5-gke.1699000
    • 1.30.5-gke.1713000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1159000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.10-gke.1227000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.6-gke.1125000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1159000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.10-gke.1227000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.6-gke.1125000 with this release.

(2024-R48) Version updates

  • Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.28.14-gke.1340000
    • 1.29.9-gke.1496000
    • 1.30.5-gke.1443001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.

(2024-R48) Version updates

  • Version 1.30.6-gke.1125000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1784000
    • 1.28.15-gke.1020000
    • 1.28.15-gke.1080000
    • 1.29.10-gke.1054000
    • 1.29.10-gke.1155000
    • 1.30.5-gke.1699000
    • 1.30.5-gke.1713000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1836000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1159000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.10-gke.1227000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.6-gke.1125000 with this release.

(2024-R48) Version updates

Looker Studio

Updated Admin Console setting

The Let editors set owner's credentials for data source access setting has been renamed to Allow users in this org to be the credential owner for any data source. This setting now exhibits the following changes in behavior, which may be breaking for some users:

  • If a Looker Studio administrator turns off this setting, any existing data sources that have a data source owner within the organization and that were configured to use Owner's Credentials must use Viewer's Credentials. Users who don't have access to a data source's underlying data may lose access to any Looker Studio content that is based on that data source. Re-enabling this setting restores the original Owner's Credentials to those data sources.

Learn more about this setting.

New condition option for filters on date or time data type dimensions

Report editors can now specify a value and a unit of time for the following filter conditions with date or time data type dimensions:

  • Is in the Last
  • Is Before
  • Is On or After
  • Is Previous
  • Is This
  • Is Next
  • Is in the Month
  • Is in the Year

Learn more about filter conditions.

Looker connector filter enhancements

Looker data sources now support a Matches (advanced) filter option with date or time data type dimensions.

Learn more about the Looker connector.

Changes to New Search Ads 360 connector field names

These New Search Ads 360 connector fields were renamed to resolve a naming conflict:

  • The field previously named Conv. value is now named Client account conv. value.
  • The field previously named Conv. value / click is now named Client account conv. value / click.

The original Conv. value field remains unchanged and continues to be the correct field name.

Partner connection launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Memorystore for Redis

Memorystore for Redis is supported by Database Center. Database Center is an AI-assisted dashboard that gives you one centralized view across your entire database fleet. For more information, see Database Center overview and database health issues.

Memorystore for Redis Cluster

Cross-region replication is now Generally Available on Memorystore for Redis Cluster. This release includes Terraform support for cross-region replication on Memorystore for Redis Cluster.

Memorystore for Redis Cluster is supported by Database Center. Database Center is an AI-assisted dashboard that gives you one centralized view across your entire database fleet. For more information, see Database Center overview and database health issues.

Spanner

Spanner now supports IDENTITY columns. IDENTITY columns lets you automatically generate unique integer values for key and non-key columns, and aligns with the ANSI standard. For more information, see IDENTITY columns.

December 11, 2024

BigQuery

You can now replicate a dataset from the source region to one or more other regions with cross-region dataset replication. This feature is now generally available (GA).

BigQuery Managed Disaster Recovery provides managed failover and redundant compute capacity for business-critical workloads. It is intended for use in the case of a total region outage and is supported with the BigQuery Enterprise Plus edition only. This feature is now generally available (GA).

You can now create remote models in BigQuery ML based on the gemini-2.0-flash-exp model in Vertex AI. To create remote models, you can use either SQL or BigQuery DataFrames.

You can use the ML.GENERATE_TEXT function with these remote models to perform generative natural language tasks for text stored in BigQuery tables. You can also use the ML.GENERATE_TEXT function with these remote models to perform generative AI tasks, for example audio transcription or document classification, using image, video, audio, PDF, or text content stored in BigQuery object tables.

Try this feature by using either the Generate text by using the ML.GENERATE_TEXT function how-to topic, or the BigFrames Gemini 2.0 Text Generation Simple Example notebook.

This feature is in preview.

Bigtable

You can now enable row-affinity routing to let Bigtable automatically ensure that single-row requests for a given row are routed to the same cluster. This feature is generally available (GA).

You can now use the Google Cloud console to create and manage authorized views of your Bigtable tables.

You can now select a row in a Bigtable Studio query results table to view formatted row data. For more information, see Query your data with SQL in the query editor.

Cloud Asset Inventory

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

  • Live Stream API
    • livestream.googleapis.com/Asset
    • livestream.googleapis.com/Channel
    • livestream.googleapis.com/Input
    • livestream.googleapis.com/Pool
Cloud Composer

In January 2025, we plan to release Cloud Composer 2 versions that will always use the environment's service account for performing PyPI packages installations:

  • New Cloud Composer 2 environments created in versions 2.10.2 and later will have this change.
  • Currently, Cloud Composer 2 environments use the default Cloud Build service account if it exists (and the environment's service account if it doesn't). Depending on the way Cloud Build is configured in your project, this might mean that the default Cloud Compute service account or the legacy Cloud Build service account might be used by your environment. We recommend to configure Cloud Build to adhere to the principle of least privilege.
  • Make sure to check the Cloud Build default service account change page for information about changes to the default Cloud Build service account.
  • Cloud Composer 3 environments already use the environment's service account, and are not impacted by this change.

(Cloud Composer 3) It is now possible to upgrade an environment if the [sentry]sentry_on Airflow configuration option is set to true.

Cloud Composer no longer adds any missing IAM permissions to the Cloud Storage bucket when it is used to create an environment with a custom environment's bucket. Make sure that the environment's service account has permissions from the Composer Worker role on the bucket.

The COMPOSER_AGENT_BUILD_SERVICE_ACCOUNT environment variable is changed to reserved. This change improves the security of Cloud Composer environments.

Increased allowed timeouts when detecting tasks stuck in the "queued" state during the Airflow worker liveness check. This change makes it less likely that checks will incorrectly fail in specific scenarios. This change is gradually rolled out to all regions supported by Cloud Composer.

(Cloud Composer 2) Airflow worker liveness check configuration was changed to be consistent with the configuration used in Cloud Composer 3. In particular, this change increases the timeout, giving the liveness check more time to detect unhealthy Airflow workers. This change is gradually rolled out to all regions supported by Cloud Composer.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.10.2-build.4 (default)
  • composer-3-airflow-2.9.3-build.11

New images are available in Cloud Composer 2:

  • composer-2.10.1-airflow-2.10.2 (default)
  • composer-2.10.1-airflow-2.9.3

Cloud Composer version 2.5.3 has reached its end of support period.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Compute Engine

C3 bare metal instances are available in the following additional zones:

  • c3-highcpu-192-metal: asia-southeast1-a and c, europe-west4-c, us-east1-d, us-east4-c, us-east5-a, us-west1-a and b

  • c3-standard-192-metal: europe-west1-b and c, europe-west4-b and c, us-east1-d, us-east4-a, us-west1-a and b

  • c3-highmem-192-metal: europe-west4-c, us-east4-a and c, us-west1-a and b

Generative AI on Vertex AI

The Gemini 2.0 Flash (gemini-2.0-flash-exp) model is Generally available for grounded answer generation with RAG. This model is tuned to address context-based question and answering tasks. For more information, see Ground responses for Gemini models.

Google Cloud Architecture Center Google Distributed Cloud (software only) for bare metal

Release 1.28.1300-gke.59

Google Distributed Cloud for bare metal 1.28.1300-gke.59 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.1300-gke.59 runs on Kubernetes 1.28.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following container image security vulnerabilities have been fixed in 1.28.1300-gke.59:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Policy Intelligence

You can use Policy Simulator for deny policies to simulate changes to deny policies before you apply them. This feature is available in Preview.

VPC Service Controls

VPC Service Controls feature: Support for using identity groups in the ingress and egress rules to allow access to resources protected by a service perimeter is generally available.

For more information, see Configure identity groups and third-party identities in ingress and egress rules.

Virtual Private Cloud

Private Service Connect port mapping is available in General Availability. Port mapping lets consumer virtual machine (VM) instances privately communicate with specific service ports on specific producer VMs through a single Private Service Connect endpoint.

reCAPTCHA

reCAPTCHA Mobile SDK v18.7.0-beta01 is now available for iOS.

This version contains the following changes:

  • Mitigation for an issue that caused a crash after updating to v18.6.0.
  • Public API is moved to Swift along with support for Objective-C.
  • New integration architecture with RecaptchaInterop for Firebase clients.

December 10, 2024

Apigee Integrated Portal

On December 10, 2024, we released a new version of the Apigee integrated portal.

Bug ID Description
381086551 Fixed an issue that caused the page list view to fail for some portals with large numbers of pages.
Apigee X

On December 10, 2024, we released an updated version of Apigee (1-14-0-apigee-2).

Bug ID Description
357880539 Resolved issue with missing span in the Apigee UI for distributed trace.
237656263 Resolved issue with ServiceCallout policy not working in async mode as expected.
N/A Updates to security infrastructure and libraries.
Cloud SQL for PostgreSQL

Cloud SQL now offers notifications for maintenance that's either begun or completed. See the Overview of maintenance on Cloud SQL instances. To find out how to sign up for notifications and check your instances for upcoming maintenance, see Find and set maintenance windows.

Cloud SQL for SQL Server

Cloud SQL now offers notifications for maintenance that's either in-progress or completed. See the Overview of maintenance on Cloud SQL instances. To find out how to sign up for notifications and check your instances for upcoming maintenance, see Find and set maintenance windows.

Cloud Service Mesh

As part of the Per-cluster entitlement to GKE Enterprise, a GKE cluster needs to have its cluster_tier set to ENTERPRISE in order for that cluster to be considered GKE Enterprise.

Existing clusters and new clusters can follow Update an existing cluster's tier and Enroll a new cluster respectively to make a cluster enterprise.

Clusters created or registered before November 2024 that use GKE Enterprise as part of their fleet membership are automatically enterprise-tier clusters. This is a billing announcement only, Cloud Service Mesh features don't change.

Colab Enterprise

Gemini in Colab Enterprise, which is a product in the Gemini for Google Cloud portfolio, now includes error fixing in Preview. Gemini in Colab Enterprise can suggest fixes when your code produces errors. For more information, see Fix errors.

To enable and activate Gemini in Colab Enterprise features, see Set up Gemini in Colab Enterprise.

Compute Engine

Generally available: Instance flexibility in a managed instance group (MIG) lets you configure multiple machine types in the group. This can improve resource availability for applications that require large-scale capacity and high-demand hardware. Support for Terraform has also been added. For more information, see About instance flexibility in MIGs.

Config Connector

Config Connector version 1.126.0 is now available.

Config Connector system management CRDs ControllerReconciler and NamespacedControllerReconciler are promoted to Beta. See how to configure the Controller manager rate limit.

New Beta resources (direct reconciler)

Use BigQueryConnectionConnection to provide the IAM Service Account

  • IAMPolicyMember

    • Added spec.memberFrom.bigQueryConnectionConnectionRef
    • See an example on IAMPolicyMember use BigqueryConectionConnection "cloudSQL"
  • IAMPartialPolicy

    • Added spec.memberFrom.bigQueryConnectionConnectionRef.

New Alpha Resources

Config Controller

Config Controller now uses the following versions of its included products:

Generative AI on Vertex AI

Imagen 3 image generation models Generally Available to all users

Imagen 3 image generation models are now available to all users without requiring prior approval. These include the following image generation models:

  • imagen-3.0-generate-001
  • imagen-3.0-fast-generate-001 (low latency model)

Prior image generation models (imagegeneration@006, imagegeneration@005, imagegeneration@002) still require approval to use.

For more information, see Imagen on Vertex AI model versions and lifecycle and Generate images using text prompts.

Imagen 3 Customization model Generally Available to approved users

Imagen 3 Customization model is now available to approved users. This includes the following model:

  • imagen-3.0-capability

Imagen 3 Customization lets you guide image generation by providing reference images (few-shot learning). Imagen 3 Customization lets you customize generated images for the following feature categories:

Imagen 3 editing model Generally Available to approved users

The Imagen 3 Editing model is now available to approved users. This includes the following model:

  • imagen-3.0-capability

This model offers the following additional features:

  • Inpainting - Add or remove content from a masked area of an image
  • Outpainting - Expand a masked area of an image
  • Product image editing - Identify and maintain a primary product while changing the background or product position

For more information, see Model versions.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.30.400-gke.133 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.400-gke.133 runs on Kubernetes v1.30.6-gke.300.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.

The following vulnerabilities are fixed in 1.30.400-gke.133:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.30.400-gke.133

Google Distributed Cloud for bare metal 1.30.400-gke.133 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.400-gke.133 runs on Kubernetes 1.30.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

  • Updated snapshots to include new information, including: kubelet config, CPU manager state, and memory manager state.

  • Updated the bmctl push images command to check for the existence of an image digest to determine whether or not to push an image.

  • Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.

Fixes:

  • Fixed the issue where non-root users can't run bmctl restore to restore quorum.

  • Fixed an issue where CronJob specs for periodic health checks weren't updated to reflect cluster annotation changes.

  • Fixed an issue that blocked user cluster create and upgrade operations to patch versions 1.30.100, 1.30.200, or 1.30.300. This issue applies only when kubectl or a GKE On-Prem API client (console, gcloud CLI, or Terraform) is used for user cluster creation and upgrades.

The following container image security vulnerabilities have been fixed in 1.30.400-gke.133:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

(2024-R47) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.3-gke.1006000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1020000
    • 1.28.15-gke.1041000
    • 1.28.15-gke.1080000
    • 1.28.15-gke.1159000
    • 1.29.10-gke.1054000
    • 1.29.10-gke.1071000
    • 1.29.10-gke.1155000
    • 1.29.10-gke.1227000
    • 1.30.5-gke.1699000
    • 1.30.5-gke.1713000
    • 1.30.6-gke.1059000
    • 1.30.6-gke.1125000
    • 1.31.1-gke.2105000
    • 1.31.2-gke.1354000
    • 1.31.2-gke.1384000
    • 1.31.2-gke.1518000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.6-gke.1596000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.3-gke.1006000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.6-gke.1596000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.3-gke.1006000 with this release.

Regular channel

  • Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.14-gke.1340000
    • 1.28.14-gke.1376000
    • 1.29.9-gke.1496000
    • 1.29.9-gke.1541000
    • 1.30.5-gke.1443001
    • 1.31.1-gke.1846000
    • 1.31.1-gke.2008000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.

Stable channel

  • Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.14-gke.1099000
    • 1.28.14-gke.1217000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1014003
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.

Extended channel

  • Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1681000
    • 1.27.16-gke.1742000
    • 1.27.16-gke.2019000
    • 1.28.14-gke.1340000
    • 1.28.14-gke.1376000
    • 1.29.9-gke.1496000
    • 1.29.9-gke.1541000
    • 1.30.5-gke.1443001
    • 1.31.1-gke.1846000
    • 1.31.1-gke.2008000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1784000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.

No channel

(2024-R47) Version updates

  • Version 1.31.3-gke.1006000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1020000
    • 1.28.15-gke.1041000
    • 1.28.15-gke.1080000
    • 1.28.15-gke.1159000
    • 1.29.10-gke.1054000
    • 1.29.10-gke.1071000
    • 1.29.10-gke.1155000
    • 1.29.10-gke.1227000
    • 1.30.5-gke.1699000
    • 1.30.5-gke.1713000
    • 1.30.6-gke.1059000
    • 1.30.6-gke.1125000
    • 1.31.1-gke.2105000
    • 1.31.2-gke.1354000
    • 1.31.2-gke.1384000
    • 1.31.2-gke.1518000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.6-gke.1596000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.3-gke.1006000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.6-gke.1596000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.3-gke.1006000 with this release.

(2024-R47) Version updates

  • Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.14-gke.1340000
    • 1.28.14-gke.1376000
    • 1.29.9-gke.1496000
    • 1.29.9-gke.1541000
    • 1.30.5-gke.1443001
    • 1.31.1-gke.1846000
    • 1.31.1-gke.2008000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.

(2024-R47) Version updates

  • Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.14-gke.1099000
    • 1.28.14-gke.1217000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1014003
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.

(2024-R47) Version updates

  • Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1681000
    • 1.27.16-gke.1742000
    • 1.27.16-gke.2019000
    • 1.28.14-gke.1340000
    • 1.28.14-gke.1376000
    • 1.29.9-gke.1496000
    • 1.29.9-gke.1541000
    • 1.30.5-gke.1443001
    • 1.31.1-gke.1846000
    • 1.31.1-gke.2008000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1784000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.

(2024-R47) Version updates

Security Command Center

AI summaries of attack paths are disabled in Security Command Center

Effective December 13, 2024, the preview of Gemini AI-generated summaries of Security Command Center attack paths is discontinued. The summaries are no longer available in the Google Cloud console.

For more information, see Gemini features in Security Command Center.

December 09, 2024

AlloyDB for PostgreSQL

The Perform a vector search tutorial describes how to set up and perform a vector search in AlloyDB for PostgreSQL. You can learn how to perform K-nearest neighbor (KNN) and approximate nearest-neighbor (ANN) with a ScaNN vector index.

App Engine standard environment Go

Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.

App Engine standard environment Java

Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.

App Engine standard environment Node.js

Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.

App Engine standard environment PHP

Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.

App Engine standard environment Python

Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.

App Engine standard environment Ruby

Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.65.0 (2024-12-05)

Features
  • bigquery/reservation: Add a new field is_flat_rate to .google.cloud.bigquery.reservation.v1.CapacityCommitment to distinguish between flat rate and edition commitments (8dedb87)
  • bigquery/reservation: Add the managed disaster recovery API(https (8dedb87)
  • bigquery: Expose IsCaseInsensitive for dataset metadata (#11216) (364b639)
  • bigquery: Support IAM conditions in datasets (#11123) (d93c2d9)
Bug Fixes
Documentation
  • bigquery/reservation: Clarify that Autoscale.current_slots in message .google.cloud.bigquery.reservation.v1.Reservation can temporarily be larger than Autoscale.max_slots if users reduce Autoscale.max_slots (8dedb87)
  • bigquery/reservation: Update comment for slot_capacity in message .google.cloud.bigquery.reservation.v1.Reservation to provide more clarity about reservation baselines, committed slots and autoscaler SKU charges when the baseline exceeds committed slots (8dedb87)
  • bigquery/reservation: Update comments for commitment_start_time and commitment_end_time in message .google.cloud.bigquery.reservation.v1.CapacityCommitment to provide details on how these values are affected by commitment renewal (8dedb87)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.49.0 (2024-12-03)

Features
  • Add support for table deletion protection (#2430) (687b6df)
Bug Fixes
  • Allow factory to export to different projects (#2374) (06b912c)
  • Send priming requests on the channel directly (#2435) (b76698d)
Cloud Run

You can now create custom organization policies for Serverless VPC Access connectors and apply them to projects, folders, or organizations (GA).

Compute Engine

Fixed the issue causing incorrect detection of CPU load on T2D machine series VMs in managed instance groups (MIGs). This issue affected MIG autoscaling based on CPU utilization in projects that were created before June 18, 2023.

Container Optimized OS

cos-dev-121-18779-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.63 v24.0.9 v2.0.0 See List

Upgraded app-admin/fluent-bit to v3.2.1.

Upgraded sys-apps/makedumpfile to v1.7.6.

Upgraded app-containers/cni-plugins to v1.6.0.

Updated app-admin/google-guest-configs to 20241121.00. This enables intent based NIC naming scheme.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2464.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2955.

Upgraded chromeos-base/shill-client to v0.0.1-r4782.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2811.

Upgraded chromeos-base/debugd-client to v0.0.1-r2720.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r651.

Upgraded chromeos-base/minijail to v18-r158.

Upgraded dev-libs/nss to v3.107.

Upgraded sys-apps/gentoo-functions to v1.7.3.

Upgraded dev-libs/expat to v2.6.4.

Upgraded dev-db/sqlite to v3.47.0-r1.

Upgraded net-libs/libnetfilter_conntrack to v1.1.0.

Upgraded sys-apps/less to v668.

Upgraded sys-libs/libcap to v2.71.

Upgraded net-dns/c-ares to v1.34.3.

Upgraded sys-apps/pv to v1.9.0.

Upgraded sys-libs/libseccomp to v2.5.5-r2.

Upgraded net-misc/socat to v1.8.0.1.

Upgraded app-shells/dash to v0.5.12-r1.

Upgraded app-admin/sudo to v1.9.16_p1.

Upgraded sys-process/lsof to v4.99.4.

Updated the Linux kernel to v6.6.63.

Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer

Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.

Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681.

Runtime sysctl changes:

  • Changed: fs.file-max: 811752 -> 811802

cos-105-17412-495-69

Kernel Docker Containerd GPU Drivers
COS-5.15.167 v23.0.3 v1.7.23 See List

Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.

Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer.

Upgraded dev-libs/libgcrypt to v1.10.1-r3. Fixes CVE-2024-2236.

Fixed CVE-2024-50278 in the Linux kernel.

Fixed CVE-2024-53052 in the Linux kernel.

Fixed CVE-2024-53052 in the Linux kernel.

Fixed CVE-2024-53052 in the Linux kernel.

Fixed CVE-2024-53052 in the Linux kernel.

Fixed CVE-2024-50141 in the Linux kernel.

Fixed CVE-2024-50141 in the Linux kernel.

Fixed CVE-2024-50141 in the Linux kernel.

Fixed CVE-2024-50141 in the Linux kernel.

cos-117-18613-75-66

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.24 See List

Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer

Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.

Fixed CVE-2024-50278 in the Linux kernel.

Fixed CVE-2024-50140 in the Linux kernel.

Fixed CVE-2024-50140 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811804 -> 811763

cos-113-18244-236-70

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.

Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer

Fixed CVE-2024-50278 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812030 -> 812026

cos-109-17800-372-69

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer

Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.

Fixed CVE-2024-50278 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812253 -> 812265

Data Catalog

You can now transition your Data Catalog content and usage to Dataplex Catalog. For more information, see Transition from Data Catalog to Dataplex Catalog.

Dataplex

You can now transition your Data Catalog content and usage to Dataplex Catalog. For more information, see Transition from Data Catalog to Dataplex Catalog.

Datastream

Datastream now supports binary log reader as a CDC method for Oracle sources. The feature is in Preview.

For more information, see the Datastream documentation.

Google Cloud Architecture Center

(New guide) Stream logs from Google Cloud to Datadog: Provides an architecture to send log event data from across your Google Cloud ecosystem to Datadog Log Management. The architecture is accompanied by a deployment guide.

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • 1Password Audit Events (Identity and Access Management)
  • Advanced Intrusion Detection Environment (Alert)
  • Airlock Digital Application Allowlisting (Application Whitelisting)
  • Akamai DNS (DNS)
  • Amazon VPC Transit Gateway Flow Logs (Network)
  • Apache Tomcat (Web server)
  • Appian Cloud (Collaboration log types)
  • AppOmni (SAAS Security Application)
  • Aruba Switch (Network Infrastructure)
  • Auth0 (Authentication log)
  • AWS Cloudtrail (Cloud Log Aggregator)
  • AWS CloudWatch (Cloud service monitoring)
  • AWS Elastic Load Balancer (AWS Specific)
  • AWS GuardDuty (IDS/IPS)
  • AWS Network Firewall (Firewall)
  • AWS RDS (Database)
  • AWS Route 53 DNS (AWS Specific)
  • AWS S3 Server Access (AWS Specific)
  • AWS VPC Flow (AWS Specific)
  • Azure AD Directory Audit (Audit)
  • Azure AD Organizational Context (LDAP)
  • Azure API Management (Schema)
  • Azure App Service (SAAS)
  • Azure Application Gateway (GATEWAY)
  • Azure Firewall (Azure Firewall Application Rule)
  • Azure Key Vault logging (Audit)
  • Azure SQL (Database)
  • Barracuda WAF (Firewall)
  • Barracuda Web Filter (Webfilter)
  • BeyondTrust BeyondInsight (Privileged Account Activity)
  • BeyondTrust Endpoint Privilege Management (Privileged Account Activity)
  • BIND (DNS)
  • BloxOne Threat Defense (DNS)
  • Blue Coat Proxy (Web Proxy)
  • Cato Networks (NDR)
  • Check Point (Firewall)
  • Ciena Router logs (Application server logs)
  • Cisco ACS (Authentication)
  • Cisco APIC (Software-defined Networking (SDN))
  • Cisco Call Manager (NETWORKING)
  • Cisco DNA Center Platform (Network Management and Optimization)
  • Cisco Email Security (Email Server)
  • Cisco EStreamer (Network Monitoring)
  • Cisco Firepower NGFW (Firewall)
  • Cisco FireSIGHT Management Center (SaaS Application)
  • Cisco Internetwork Operating System (Network Infrastructure)
  • Cisco ISE (Identity and Access Management)
  • Cisco Router (Switches, Routers)
  • Cisco Secure Workload (AV and Endpoint)
  • Cisco Stealthwatch (Log Aggregator)
  • Cisco Switch (Switches, Routers)
  • Cisco TACACS+ (Authentication)
  • Cisco VPN (VPN)
  • Citrix Netscaler (Load Balancer, Traffic Shaper, ADC)
  • Claroty Continuous Threat Detection (IoT)
  • Cloudflare (SaaS Application)
  • Colinet Trotta GAUS SEGUROS (Alert)
  • CrowdStrike Detection Monitoring (EDR)
  • CrowdStrike Falcon (EDR)
  • CrowdStrike Falcon Stream (Alerts)
  • CrowdStrike Filevantage (IT infrastructure)
  • Cyber 2.0 IDS (IDS)
  • Cyberark Privilege Cloud (Identity & Access Management)
  • CyberArk Privileged Access Manager (PAM) (CyberArk Privileged Access Manager)
  • Cybereason EDR (EDR)
  • Darktrace (NDR)
  • Dell CyberSense (Data Security)
  • Dell EMC PowerStore (DATA STORAGE)
  • Druva Backup (Security)
  • Duo Administrator Logs (Authentication)
  • Duo Auth (Authentication)
  • EfficientIP DDI (Network)
  • ExtraHop RevealX (Firewall IDS/IPS)
  • F5 Advanced Firewall Management (Firewall)
  • F5 ASM (WAF)
  • F5 BIGIP LTM (Load Balancer, Traffic Shaper, ADC)
  • F5 VPN (VPN)
  • FingerprintJS (Vulnerability scanners)
  • FireEye eMPS (Email server log types.)
  • FireEye HX (EDR)
  • Forcepoint DLP (Forcepoint DLP)
  • Forcepoint NGFW (Network)
  • Forcepoint Proxy (Web Proxy)
  • Forescout NAC (NAC)
  • ForgeRock OpenAM (Identity and Access Management)
  • Forgerock OpenIdM (DATA SECURITY)
  • FortiGate (Firewall)
  • Fortinet FortiAnalyzer (Fortinet FortiAnalyzer)
  • Fortinet Switch (Switches and Routers)
  • GitHub (SaaS Application)
  • Guardicore Centra (Deception Software)
  • Hashicorp Vault (Privileged Account Activity)
  • HCNET Account Adapter Plus (DHCP)
  • IBM MaaS360 (Security)
  • IBM Security Access Manager (WAF)
  • IBM z/OS (OS)
  • Illumio Core (Policy Management)
  • Imperva (WAF)
  • Imperva Advanced Bot Protection (Bot Protection)
  • Imperva Attack Analytics (WAF)
  • Ingrian Networks DataSecure Appliance (System and Audit Logs)
  • Intel 471 Malware Intelligence (``)
  • ISC DHCP (DHCP)
  • Jenkins (Automation and DevOps)
  • Journald (Log Aggregation and SIEM Systems)
  • Juniper (Firewall)
  • Juniper Mist (Network Management and Optimization software)
  • Juniper MX Router (Routers and Switches)
  • Keeper Enterprise Security (Security)
  • Kubernetes Audit Azure (Log Aggregator)
  • Lacework Cloud Security (Cloud Security)
  • Lenel Onguard Badge Management (Access Control System)
  • Linux Auditing System (AuditD) (OS)
  • Linux Sysmon (DNS)
  • ManageEngine Log360 (Alert Log)
  • Maria Database (Database)
  • McAfee ePolicy Orchestrator (Policy Management)
  • McAfee Web Gateway (Web Proxy)
  • Microsoft AD (LDAP)
  • Microsoft AD FS (LDAP)
  • Microsoft Azure Activity (Misc Windows Specific)
  • Microsoft Azure NSG Flow (Network Flow)
  • Microsoft Azure Resource (Log Aggregator)
  • Microsoft Defender Endpoint for iOS Logs (``)
  • Microsoft Defender for Endpoint (EDR)
  • Microsoft PowerShell (Misc. Windows-specific)
  • Microsoft SQL Server (Database)
  • Microsoft System Center Endpoint Protection (Malware Detection)
  • Mikrotik Router (Router)
  • Mimecast (Email Server)
  • MISP Threat Intelligence (Cybersecurity)
  • Mobile Endpoint Security (Mobile Endpoint Security)
  • Mobileiron (ENDPOINT MANAGEMENT)
  • NetApp BlueXP (Security)
  • Nozomi Networks Scada Guardian (Network Monitoring)
  • Office 365 (SaaS Application)
  • Okta (Identity and Access Management)
  • OpenVPN (Network)
  • Opnsense (Firewall and Routing Platform)
  • Opswat Metadefender (Threat Protection)
  • Oracle (DATABASE)
  • Oracle Cloud Infrastructure Audit Logs (Oracle Cloud Infrastructure)
  • Oracle Fusion (SaaS Application)
  • Oracle WebLogic Server (Web server logs)
  • Palo Alto Cortex XDR Alerts (NDR)
  • Palo Alto Prisma Cloud (SECURITY PLATFORM)
  • Palo Alto Prisma Cloud Alert payload (Cloud Security)
  • Ping Federate (Authentication)
  • Ping Identity (Authentication)
  • Ping One (NA)
  • PingIdentity Directory Server Logs (Security)
  • Precisely Ironstream IBM z/OS (ZOS)
  • ProFTPD (Web Server)
  • Proofpoint Observeit (Email Server)
  • Proofpoint On Demand (Email Server)
  • ProofPoint Secure Email Relay (Email server)
  • Proofpoint Tap Forensics (Email Server)
  • Quest Active Directory (Authentication log)
  • Red Hat Directory Server LDAP (Identity and Access Management)
  • Remediant SecureONE (Privileged Account Activity)
  • Salesforce (SaaS Application)
  • SAP Sybase Adaptive Server Enterprise Database (Database)
  • Security Command Center Posture Violation (Google Cloud Specific)
  • Security Command Center Threat (Google Cloud Specific)
  • Security Command Center Toxic Combination (Google Cloud Specific)
  • Sentinelone Alerts (Endpoint Security)
  • Shibboleth IDP (Identity and Access Management)
  • Snare System Diagnostic Logs (Security)
  • Snipe-IT (SaaS Applications)
  • Snort (IDS/IPS)
  • SonicWall (Firewall)
  • Squid Web Proxy (Web Proxy)
  • STIX Threat Intelligence (Cybersecurity Threats)
  • Suricata EVE (IPS IDS)
  • Symantec CloudSOC CASB (CASB)
  • Symantec DLP (DLP)
  • Symantec Endpoint Protection (AV / Endpoint)
  • Symantec Event export (SEP)
  • Symantec Web Security Service (Web Proxy)
  • Sysdig (Security)
  • Tailscale (CASB)
  • Tanium Threat Response (Tanium Specific)
  • TeamViewer (Remote Support)
  • Tenable CSPM (Cloud Security)
  • Tenable Security Center (Vulnerability Scanner)
  • Thales Luna Hardware Security Module (THALES_LUNA_HSM specific)
  • Trellix HX Event Streamer (Cybersecurity)
  • Trend Micro Deep Security (AV / Endpoint)
  • Trend Micro Vision One (AV and endpoint logs)
  • Trend Micro Vision One Workbench (Schema)
  • TrendMicro Deep Discovery Inspector (Physical and virtual network)
  • Tripwire (DLP)
  • TXOne Stellar (AV and Endpoint logs)
  • UberAgent (Security)
  • Unix system (OS)
  • UpGuard (Vulnerability scanners)
  • Upstream Vehicle SOC Alerts (Schema)
  • URLScan IO (Vulnerability scanners)
  • Veeam (Backup software)
  • VMware AirWatch (Wireless)
  • VMware Horizon (VDI)
  • VMware vCenter (Server)
  • VMWare VSphere (virtualization)
  • VPC Flow Logs (Google Cloud Specific)
  • Wallix Bastion (Privileged Account Activity)
  • WindChill (Lifecycle Management Software)
  • Windows Event (Endpoint)
  • Windows Event (XML) (AV / Endpoint)
  • Windows Sysmon (DNS)
  • Workday Audit Logs (Audit And Compliance)
  • Workspace Activities (Google Cloud Specific)
  • Workspace ChromeOS Devices (Google Cloud Specific)
  • Zimperium (Mobile Device Management)
  • Zoom Operation Logs (Operation-Specific)
  • Zscaler (Web Proxy)
  • Zscaler DLP (Data Loss Prevention)
  • ZScaler DNS (DNS)
  • ZScaler NGFW (Firewall)
  • Zscaler NSS Feeds for Alerts (Alert log types)
  • Zscaler Private Access (Security Service Edge)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Arize Cloud (ARIZE_CLOUD)
  • Aware Audit (AWARE_AUDIT)
  • Aware Signals (AWARE_SIGNALS)
  • Azure PostgreSQL (AZURE_POSTGRESQL)
  • Cisco Umbrella Firewall (CISCO_UMBRELLA_FIREWALL)
  • Cisco Umbrella IPS (CISCO_UMBRELLA_IPS)
  • Cisco Umbrella SWG DLP (CISCO_UMBRELLA_SWG_DLP)
  • CyberArk Secure Cloud Access (CYBERARK_SCA)
  • DBT Cloud (DBT_CLOUD)
  • Delinea Distributed Engine (DELINEA_DISTRIBUTED_ENGINE)
  • Delinea PBA (DELINEA_PBA)
  • Dtex Audit (DTEX_AUDIT)
  • Featurespace Aric (FEATURESPACE_ARIC)
  • Forcepoint One (FORCEPOINT_ONE)
  • Genesys Audit (GENESYS_AUDIT)
  • Hex (HEX)
  • Linkshadow NDR (LINKSHADOW_NDR)
  • Nightfall DLP (NIGHTFALL)
  • Palo Alto Cortex IIS (PAN_CORTEX_XDR_IIS)
  • Relativity (RELATIVITY)
  • Retool (RETOOL)
  • Saturn Cloud (SATURN_CLOUD)
  • SecurityBridge (SECURITY_BRIDGE)
  • TACACS Plus (TACACS_PLUS)
  • Transmit Security FlexID (TRANSMIT_FLEXID)
  • Unifi Router (UNIFI_ROUTER)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • 1Password Audit Events (Identity and Access Management)
  • Advanced Intrusion Detection Environment (Alert)
  • Airlock Digital Application Allowlisting (Application Whitelisting)
  • Akamai DNS (DNS)
  • Amazon VPC Transit Gateway Flow Logs (Network)
  • Apache Tomcat (Web server)
  • Appian Cloud (Collaboration log types)
  • AppOmni (SAAS Security Application)
  • Aruba Switch (Network Infrastructure)
  • Auth0 (Authentication log)
  • AWS Cloudtrail (Cloud Log Aggregator)
  • AWS CloudWatch (Cloud service monitoring)
  • AWS Elastic Load Balancer (AWS Specific)
  • AWS GuardDuty (IDS/IPS)
  • AWS Network Firewall (Firewall)
  • AWS RDS (Database)
  • AWS Route 53 DNS (AWS Specific)
  • AWS S3 Server Access (AWS Specific)
  • AWS VPC Flow (AWS Specific)
  • Azure AD Directory Audit (Audit)
  • Azure AD Organizational Context (LDAP)
  • Azure API Management (Schema)
  • Azure App Service (SAAS)
  • Azure Application Gateway (GATEWAY)
  • Azure Firewall (Azure Firewall Application Rule)
  • Azure Key Vault logging (Audit)
  • Azure SQL (Database)
  • Barracuda WAF (Firewall)
  • Barracuda Web Filter (Webfilter)
  • BeyondTrust BeyondInsight (Privileged Account Activity)
  • BeyondTrust Endpoint Privilege Management (Privileged Account Activity)
  • BIND (DNS)
  • BloxOne Threat Defense (DNS)
  • Blue Coat Proxy (Web Proxy)
  • Cato Networks (NDR)
  • Check Point (Firewall)
  • Ciena Router logs (Application server logs)
  • Cisco ACS (Authentication)
  • Cisco APIC (Software-defined Networking (SDN))
  • Cisco Call Manager (NETWORKING)
  • Cisco DNA Center Platform (Network Management and Optimization)
  • Cisco Email Security (Email Server)
  • Cisco EStreamer (Network Monitoring)
  • Cisco Firepower NGFW (Firewall)
  • Cisco FireSIGHT Management Center (SaaS Application)
  • Cisco Internetwork Operating System (Network Infrastructure)
  • Cisco ISE (Identity and Access Management)
  • Cisco Router (Switches, Routers)
  • Cisco Secure Workload (AV and Endpoint)
  • Cisco Stealthwatch (Log Aggregator)
  • Cisco Switch (Switches, Routers)
  • Cisco TACACS+ (Authentication)
  • Cisco VPN (VPN)
  • Citrix Netscaler (Load Balancer, Traffic Shaper, ADC)
  • Claroty Continuous Threat Detection (IoT)
  • Cloudflare (SaaS Application)
  • Colinet Trotta GAUS SEGUROS (Alert)
  • CrowdStrike Detection Monitoring (EDR)
  • CrowdStrike Falcon (EDR)
  • CrowdStrike Falcon Stream (Alerts)
  • CrowdStrike Filevantage (IT infrastructure)
  • Cyber 2.0 IDS (IDS)
  • Cyberark Privilege Cloud (Identity & Access Management)
  • CyberArk Privileged Access Manager (PAM) (CyberArk Privileged Access Manager)
  • Cybereason EDR (EDR)
  • Darktrace (NDR)
  • Dell CyberSense (Data Security)
  • Dell EMC PowerStore (DATA STORAGE)
  • Druva Backup (Security)
  • Duo Administrator Logs (Authentication)
  • Duo Auth (Authentication)
  • EfficientIP DDI (Network)
  • ExtraHop RevealX (Firewall IDS/IPS)
  • F5 Advanced Firewall Management (Firewall)
  • F5 ASM (WAF)
  • F5 BIGIP LTM (Load Balancer, Traffic Shaper, ADC)
  • F5 VPN (VPN)
  • FingerprintJS (Vulnerability scanners)
  • FireEye eMPS (Email server log types.)
  • FireEye HX (EDR)
  • Forcepoint DLP (Forcepoint DLP)
  • Forcepoint NGFW (Network)
  • Forcepoint Proxy (Web Proxy)
  • Forescout NAC (NAC)
  • ForgeRock OpenAM (Identity and Access Management)
  • Forgerock OpenIdM (DATA SECURITY)
  • FortiGate (Firewall)
  • Fortinet FortiAnalyzer (Fortinet FortiAnalyzer)
  • Fortinet Switch (Switches and Routers)
  • GitHub (SaaS Application)
  • Guardicore Centra (Deception Software)
  • Hashicorp Vault (Privileged Account Activity)
  • HCNET Account Adapter Plus (DHCP)
  • IBM MaaS360 (Security)
  • IBM Security Access Manager (WAF)
  • IBM z/OS (OS)
  • Illumio Core (Policy Management)
  • Imperva (WAF)
  • Imperva Advanced Bot Protection (Bot Protection)
  • Imperva Attack Analytics (WAF)
  • Ingrian Networks DataSecure Appliance (System and Audit Logs)
  • Intel 471 Malware Intelligence (``)
  • ISC DHCP (DHCP)
  • Jenkins (Automation and DevOps)
  • Journald (Log Aggregation and SIEM Systems)
  • Juniper (Firewall)
  • Juniper Mist (Network Management and Optimization software)
  • Juniper MX Router (Routers and Switches)
  • Keeper Enterprise Security (Security)
  • Kubernetes Audit Azure (Log Aggregator)
  • Lacework Cloud Security (Cloud Security)
  • Lenel Onguard Badge Management (Access Control System)
  • Linux Auditing System (AuditD) (OS)
  • Linux Sysmon (DNS)
  • ManageEngine Log360 (Alert Log)
  • Maria Database (Database)
  • McAfee ePolicy Orchestrator (Policy Management)
  • McAfee Web Gateway (Web Proxy)
  • Microsoft AD (LDAP)
  • Microsoft AD FS (LDAP)
  • Microsoft Azure Activity (Misc Windows Specific)
  • Microsoft Azure NSG Flow (Network Flow)
  • Microsoft Azure Resource (Log Aggregator)
  • Microsoft Defender Endpoint for iOS Logs (``)
  • Microsoft Defender for Endpoint (EDR)
  • Microsoft PowerShell (Misc. Windows-specific)
  • Microsoft SQL Server (Database)
  • Microsoft System Center Endpoint Protection (Malware Detection)
  • Mikrotik Router (Router)
  • Mimecast (Email Server)
  • MISP Threat Intelligence (Cybersecurity)
  • Mobile Endpoint Security (Mobile Endpoint Security)
  • Mobileiron (ENDPOINT MANAGEMENT)
  • NetApp BlueXP (Security)
  • Nozomi Networks Scada Guardian (Network Monitoring)
  • Office 365 (SaaS Application)
  • Okta (Identity and Access Management)
  • OpenVPN (Network)
  • Opnsense (Firewall and Routing Platform)
  • Opswat Metadefender (Threat Protection)
  • Oracle (DATABASE)
  • Oracle Cloud Infrastructure Audit Logs (Oracle Cloud Infrastructure)
  • Oracle Fusion (SaaS Application)
  • Oracle WebLogic Server (Web server logs)
  • Palo Alto Cortex XDR Alerts (NDR)
  • Palo Alto Prisma Cloud (SECURITY PLATFORM)
  • Palo Alto Prisma Cloud Alert payload (Cloud Security)
  • Ping Federate (Authentication)
  • Ping Identity (Authentication)
  • Ping One (NA)
  • PingIdentity Directory Server Logs (Security)
  • Precisely Ironstream IBM z/OS (ZOS)
  • ProFTPD (Web Server)
  • Proofpoint Observeit (Email Server)
  • Proofpoint On Demand (Email Server)
  • ProofPoint Secure Email Relay (Email server)
  • Proofpoint Tap Forensics (Email Server)
  • Quest Active Directory (Authentication log)
  • Red Hat Directory Server LDAP (Identity and Access Management)
  • Remediant SecureONE (Privileged Account Activity)
  • Salesforce (SaaS Application)
  • SAP Sybase Adaptive Server Enterprise Database (Database)
  • Security Command Center Posture Violation (Google Cloud Specific)
  • Security Command Center Threat (Google Cloud Specific)
  • Security Command Center Toxic Combination (Google Cloud Specific)
  • Sentinelone Alerts (Endpoint Security)
  • Shibboleth IDP (Identity and Access Management)
  • Snare System Diagnostic Logs (Security)
  • Snipe-IT (SaaS Applications)
  • Snort (IDS/IPS)
  • SonicWall (Firewall)
  • Squid Web Proxy (Web Proxy)
  • STIX Threat Intelligence (Cybersecurity Threats)
  • Suricata EVE (IPS IDS)
  • Symantec CloudSOC CASB (CASB)
  • Symantec DLP (DLP)
  • Symantec Endpoint Protection (AV / Endpoint)
  • Symantec Event export (SEP)
  • Symantec Web Security Service (Web Proxy)
  • Sysdig (Security)
  • Tailscale (CASB)
  • Tanium Threat Response (Tanium Specific)
  • TeamViewer (Remote Support)
  • Tenable CSPM (Cloud Security)
  • Tenable Security Center (Vulnerability Scanner)
  • Thales Luna Hardware Security Module (THALES_LUNA_HSM specific)
  • Trellix HX Event Streamer (Cybersecurity)
  • Trend Micro Deep Security (AV / Endpoint)
  • Trend Micro Vision One (AV and endpoint logs)
  • Trend Micro Vision One Workbench (Schema)
  • TrendMicro Deep Discovery Inspector (Physical and virtual network)
  • Tripwire (DLP)
  • TXOne Stellar (AV and Endpoint logs)
  • UberAgent (Security)
  • Unix system (OS)
  • UpGuard (Vulnerability scanners)
  • Upstream Vehicle SOC Alerts (Schema)
  • URLScan IO (Vulnerability scanners)
  • Veeam (Backup software)
  • VMware AirWatch (Wireless)
  • VMware Horizon (VDI)
  • VMware vCenter (Server)
  • VMWare VSphere (virtualization)
  • VPC Flow Logs (Google Cloud Specific)
  • Wallix Bastion (Privileged Account Activity)
  • WindChill (Lifecycle Management Software)
  • Windows Event (Endpoint)
  • Windows Event (XML) (AV / Endpoint)
  • Windows Sysmon (DNS)
  • Workday Audit Logs (Audit And Compliance)
  • Workspace Activities (Google Cloud Specific)
  • Workspace ChromeOS Devices (Google Cloud Specific)
  • Zimperium (Mobile Device Management)
  • Zoom Operation Logs (Operation-Specific)
  • Zscaler (Web Proxy)
  • Zscaler DLP (Data Loss Prevention)
  • ZScaler DNS (DNS)
  • ZScaler NGFW (Firewall)
  • Zscaler NSS Feeds for Alerts (Alert log types)
  • Zscaler Private Access (Security Service Edge)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Arize Cloud (ARIZE_CLOUD)
  • Aware Audit (AWARE_AUDIT)
  • Aware Signals (AWARE_SIGNALS)
  • Azure PostgreSQL (AZURE_POSTGRESQL)
  • Cisco Umbrella Firewall (CISCO_UMBRELLA_FIREWALL)
  • Cisco Umbrella IPS (CISCO_UMBRELLA_IPS)
  • Cisco Umbrella SWG DLP (CISCO_UMBRELLA_SWG_DLP)
  • CyberArk Secure Cloud Access (CYBERARK_SCA)
  • DBT Cloud (DBT_CLOUD)
  • Delinea Distributed Engine (DELINEA_DISTRIBUTED_ENGINE)
  • Delinea PBA (DELINEA_PBA)
  • Dtex Audit (DTEX_AUDIT)
  • Featurespace Aric (FEATURESPACE_ARIC)
  • Forcepoint One (FORCEPOINT_ONE)
  • Genesys Audit (GENESYS_AUDIT)
  • Hex (HEX)
  • Linkshadow NDR (LINKSHADOW_NDR)
  • Nightfall DLP (NIGHTFALL)
  • Palo Alto Cortex IIS (PAN_CORTEX_XDR_IIS)
  • Relativity (RELATIVITY)
  • Retool (RETOOL)
  • Saturn Cloud (SATURN_CLOUD)
  • SecurityBridge (SECURITY_BRIDGE)
  • TACACS Plus (TACACS_PLUS)
  • Transmit Security FlexID (TRANSMIT_FLEXID)
  • Unifi Router (UNIFI_ROUTER)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Identity and Access Management

Using IAM attributes in custom organization policies is generally available. For more information, see Use custom organization policies.

You can use the iam.managed.preventPrivilegedBasicRolesForDefaultServiceAccounts managed organization policy constraint to prevent default service accounts from being granted the Editor (roles/editor) or Owner (roles/owner) roles. For more information, see Prevent the Owner and Editor role from being granted to default service accounts.

Organization Policy

Using IAM attributes in custom organization policies is generally available. For more information, see Use custom organization policies.

You can use the iam.managed.preventPrivilegedBasicRolesForDefaultServiceAccounts managed organization policy constraint to prevent default service accounts from being granted the Editor (roles/editor) or Owner (roles/owner) roles. For more information, see Prevent the Owner and Editor role from being granted to default service accounts.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

1.45.3 (2024-12-04)

Bug Fixes
  • pubsub: Convert stream ack deadline seconds from duration (#11214) (b2b05e4)

1.45.2 (2024-12-03)

Bug Fixes
  • pubsub/pstest: Make invalid filter return error instead of panic (#11087) (45e1ce7)
  • pubsub: Only init batch span if trace enabled (#11193) (f843d50)
  • pubsub: Use official semconv variable whenever possible (#10904) (1ce4b6d)
Documentation
  • pubsub: MinExtensionPeriod defaults to 60 seconds (#10791) (cc88fe1)
Resource Manager

Using IAM attributes in custom organization policies is generally available. For more information, see Use custom organization policies.

You can use the iam.managed.preventPrivilegedBasicRolesForDefaultServiceAccounts managed organization policy constraint to prevent default service accounts from being granted the Editor (roles/editor) or Owner (roles/owner) roles. For more information, see Prevent the Owner and Editor role from being granted to default service accounts.

SAP on Google Cloud

New SAP HANA certification: 24 TB and 32TB X4 bare metal machine types for OLAP workloads

SAP has certified the Compute Engine x4-megamem-1440-metal and x4-megamem-1920-metal machine types for use with SAP HANA OLAP workloads in scale-out configurations with up to 8 nodes.

For more information, see X4 memory-optimized bare metal machine types.

Security Command Center

When activating the Security Command Center Enterprise tier, you now have the option to connect Security Command Center to an existing Google Security Operations instance or provision a new instance. For more information, see Activate the Security Command Center Enterprise tier.

Vertex AI Agent Builder

Vertex AI Agent Builder: Grounding is available in more languages (GA with allowlist)

The grounded generation API supports more than 35 languages.

This feature is available to select Google Cloud customers (GA with allowlist). For general information about grounding, see Generate grounded answers with RAG. For available languages, see Languages.

Vertex AI Agent Builder: Additional inputs for generating grounded answers (GA with allowlist)

You can specify a language code and a latitude-longitude value when making calls to the grounded generation API.

If the language can't be determined from the query, then the language code is used to set the language for the answer. If the language code is not present, then the latitude-longitude value is used to set the language.

The latitude-longitude value is also used to answer location-related queries, such as "restaurants near me".

This feature is available to select Google Cloud customers (GA with allowlist). For more information, see Generate grounded answers with RAG.

December 08, 2024

Google SecOps SOAR

Release Notes 6.3.27 is in Preview.

In order to align with our flagship Google SecOps platform, we are unifying our themes. The SOAR platform will now offer two themes: gray (default) and light.

Release 6.3.26 is now in General Availability.

December 06, 2024

Cloud Logging

Editing Log Analytics charts that are saved to a dashboard directly in the Dashboards page is now generally available (GA).

Firestore Generative AI on Vertex AI

A vulnerability was discovered in the Vertex AI API serving Gemini multimodal requests, allowing bypass of VPC Service Controls. For details, see the Security bulletins page.

Google Cloud Architecture Center

(New guide) Infrastructure for a RAG-capable generative AI application using Vertex AI and Vector Search: Describes how to design infrastructure for a generative AI application with retrieval-augmented generation (RAG) by using Vector Search.

Google Cloud Architecture Framework: Performance optimization: Major update to align the recommendations with core principles of performance optimization.

Looker

Starting on December 9, 2024, default permissions for OAuth authentication to BigQuery connections are limited to read-only for Looker instances on Looker 24.20+.

On March 1, 2025, Looker will sign out any users with read and write scopes from all corresponding BigQuery connections. This will cause any schedules dependent on these connections to fail. Each of these users will need to reauthorize their OAuth connection credentials in order to ensure uninterrupted schedule delivery. For more information, see the Restricting OAuth scope to read-only for Google BigQuery connections article.

Organization Policy Resource Manager Secret Manager

Parameter Manager, an extension to the Secret Manager service, is available in Preview. You can use Parameter Manager to store, access, and manage the lifecycle of your workload parameters. For more information, see Parameter Manager overview.

Sensitive Data Protection

The current default DATE_OF_BIRTH infoType detection model, which is available when InfoType.version is set to latest or stable, is now also used when InfoType.version is set to legacy.

The old detection model that was previously available by setting InfoType.version to legacy is no longer available.

December 05, 2024

AlloyDB for PostgreSQL

The AlloyDB database performance snapshot reports feature is generally available (GA).This feature lets you improve your database performance by using a report that compares snapshots of system metrics between two different points in time. For more information, see Optimize database performance by comparing performance snapshots.

Anthos Config Management

Hierarchy Controller is no longer available to install. Config Sync upgrades are blocked if Hierarchy Controller is still configured. To continue using similar functionality, migrate from Hierarchy Controller to Hierarchical Namespace Controller before you upgrade Config Sync.

Improved the manual installation process for Config Sync. When you install Config Sync manually using kubectl (not recommended), Config Sync is now deployed directly without relying on the Config Management Operator. This change results in simplified architecture and reduced resource use on your cluster. If you manually installed Config Sync using kubectl, follow the guide to uninstall the Config Management Operator before you upgrade.

When you use Config Sync to manage configurations that are stored in OCI repositories (such as Artifact Registry), you can now enhance your security posture with custom signature verification. Config Sync integrates with your existing signature verification server deployed as a Kubernetes admission webhook, which helps ensure only trusted OCI images are used in your deployments. See the Sync OCI artifacts guide for setup instructions.

Introduced a new field for stopping and resuming syncing. This field is available on clusters with Config Sync auto-upgrades or with Config Sync version 1.20.0. The new field makes it easier to pause syncing by setting the spec.configSync.stopSyncing field to true.

To optimize resource use, Config Sync installations managed through Fleet no longer include the ConfigManagement Operator or the ConfigManagement CRD. These components are automatically removed when you upgrade to version 1.20.0 or later. This change reduces Config Sync's resource consumption in your cluster. See Config Sync architecture for details.

Upgraded the git-sync dependency from v4.2.4 to v4.3.0 to pick up a fix for lingering Git lock files and other vulnerability fixes.

Fixed a bug that prevented the applyset.kubernetes.io/part-of label from being correctly removed from managed objects when they were no longer managed by Config Sync. This fix improves the accuracy of label information.

Fixed an issue that could cause sync delays due to retry backoff problems. This fix helps ensure more timely and consistent updates to your clusters.

Certificate Manager

Certificate Manager has passed HIPAA compliance validation and is listed as a covered product in HIPPA compliance on Google Cloud.

Cloud Composer

New Cloud Composer 3 environments can now be created in VPC SC. This feature is gradually rolled out to all regions supported by Cloud Composer.

Improved Airflow worker liveness checks to detect workers with unexpected idle task slots. This feature improves the stability of Airflow by better detection of unhealthy Airflow workers. This feature is gradually rolled out to all regions supported by Cloud Composer.

Long log entries now have proper task instance annotations.

(Cloud Composer 3) KubernetesPodOperator now works when the do_xcom_push parameter is set to True.

(Cloud Composer 2) If an upgrade operation fails, Cloud Composer 2 now restores the environment with the correct number of triggers.

The maximum limit on the database size during upgrades in Cloud Composer 3 is now the same as the limit for snapshots (20 GB).

(New Cloud Composer 3 environments) Increased the maximum number of internet connections that each Airflow worker can support at the same time.

(Cloud Composer 2 only) It is now possible to upgrade an environment if the [sentry]sentry_on Airflow configuration option is set to true.

Fixed the issue in the environment's component responsible for uploading the logs of Airflow components to Cloud Logging. This bug sometimes lead to a situation where Cloud Composer-level log might be missing for an Airflow component. The same log was still available on the Kubernetes-component level.

(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-google package was upgraded to version 10.26.0 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.25.0 to version 10.26.0.

(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 10.0.1 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 9.0.1 to version 10.0.1.

The aiohttp package was downgraded from 3.11.0 to 3.10.11.

(Available without upgrading) Fixed an issue where Airflow workers sometimes generated incomplete or unreadable output.

The default version of Airflow is changed to 2.10.2.

Airflow 2.7.3 is no longer included in Cloud Composer images and builds.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.10.2-build.3 (default)
  • composer-3-airflow-2.9.3-build.10

New images are available in Cloud Composer 2:

  • composer-2.10.0-airflow-2.10.2 (default)
  • composer-2.10.0-airflow-2.9.3

Cloud Composer version 2.5.2 has reached its end of support period.

Cloud SQL for MySQL

Cloud SQL Enterprise Plus edition now supports the following regions:

  • africa-south1 (Johannesburg)
  • asia-east2 (Hong Kong)
  • europe-west10 (Berlin)
Cloud SQL for PostgreSQL

Cloud SQL Enterprise Plus edition now supports the following regions:

  • africa-south1 (Johannesburg)
  • asia-east2 (Hong Kong)
  • europe-west10 (Berlin)
Cloud SQL for SQL Server

Cloud SQL Enterprise Plus edition now supports the following regions:

  • africa-south1 (Johannesburg)
  • asia-east2 (Hong Kong)
  • europe-west10 (Berlin)
Firestore

You can monitor performance using client-side traces in Java and Node.js. This feature is in Preview.

Looker Studio

Looker Studio Labs

Learn the fundamentals of Looker Studio and Looker Studio Pro by using these Cloud Skills Boost Labs:

New Conversational Analytics guide

A new educational resource is available in Looker Studio to guide you through how to use Conversational Analytics, a Gemini in Looker feature.

Select Create > Conversation to get started.

Autogenerated titles for charts

When you enable the Show title option for a chart, Looker Studio automatically generates a chart title by default. The title is based on both the chart type and the fields that are used. You can add a custom title to a chart by entering it into the Title field.

More data from New Search Ads 360

You can visualize the following fields using the New Search Ads 360 connector:

  • Conversions (by conv. time)
  • All conv. rate
  • Cost / client account conv.
  • Google Ads Auction-time bidding
  • Currency code

December 04, 2024

Cloud Composer

Scheduled snapshots are available in Cloud Composer 3. This feature will be gradually rolled out to all regions supported by Cloud Composer 3.

Cloud Composer 2 is now available in Mexico (northamerica-south1).

Cloud SQL for MySQL

Cloud SQL for MySQL now supports minor version 8.0.40. To upgrade your existing instance to the new version, see Upgrade the database minor version.

Container Optimized OS

cos-117-18613-75-60

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.24 See List

Updated app-admin/google-guest-configs to 20241121.00. This enables intent based NIC naming scheme.

Upgraded sys-apps/makedumpfile to v1.7.6.

Upgraded containerd from 1.7.23 to 1.7.24.

Upgraded sys-process/lsof to v4.99.4.

Upgraded net-misc/socat to v1.8.0.1.

Upgraded sys-apps/less to v668.

Upgraded app-shells/dash to v0.5.12-r1.

Upgraded cos-gpu-installer to v2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.

Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681. Added duphandle-init-netrc.patch, netrc-large-file.patch, setopt-http_content_decoding.patch to fix regression issues in curl v8.11.0.

Fixed CVE-2024-50142 in the Linux kernel.

Fixed CVE-2024-50182 in the Linux kernel.

Fixed CVE-2024-50192 in the Linux kernel.

Fixed CVE-2024-53042 in the Linux kernel.

Fixed CVE-2024-50271 in the Linux kernel.

Fixed CVE-2024-50279 in the Linux kernel.

Fixed CVE-2024-50195 in the Linux kernel.

Fixed CVE-2024-50272 in the Linux kernel.

Fixed CVE-2024-50194 in the Linux kernel.

Fixed CVE-2024-50275 in the Linux kernel.

Fixed CVE-2024-53052 in the Linux kernel.

Fixed CVE-2024-50141 in the Linux kernel.

Fixed CVE-2024-53054 in the Linux kernel.

Fixed CVE-2024-50169 in the Linux kernel.

Fixed CVE-2024-50063 in the Linux kernel.

Fixed CVE-2024-53082 in the Linux kernel.

Fixed CVE-2024-50151 in the Linux kernel.

Fixed CVE-2024-50163 in the Linux kernel.

Fixed CVE-2024-50162 in the Linux kernel.

Fixed CVE-2024-53066 in the Linux kernel.

Fixed CVE-2024-50060 in the Linux kernel.

Fixed CVE-2024-50228 in the Linux kernel.

Fixed CVE-2024-50258 in the Linux kernel.

Fixed CVE-2024-50257 in the Linux kernel.

Fixed CVE-2024-50262 in the Linux kernel.

Fixed CVE-2024-50147 in the Linux kernel.

Fixed KCTF-6ca5753 in the Linux kernel.

Fixed CVE-2024-50251 in the Linux kernel.

Fixed CVE-2024-50249 in the Linux kernel.

Fixed CVE-2024-50226 in the Linux kernel.

Fixed CVE-2024-50143 in the Linux kernel.

Fixed CVE-2024-50153 in the Linux kernel.

Fixed CVE-2024-50223 in the Linux kernel.

Fixed CVE-2024-50222 in the Linux kernel.

Fixed CVE-2024-50099 in the Linux kernel.

Fixed CVE-2024-50215 in the Linux kernel.

Fixed CVE-2024-50152 in the Linux kernel.

Fixed CVE-2024-50154 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811800 -> 811804

cos-109-17800-372-64

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Upgraded sys-apps/makedumpfile to v1.7.6.

Updated app-admin/google-guest-configs to 20241121.00. This enables intent based NIC naming scheme.

Upgraded containerd from 1.7.23 to 1.7.24.

Upgraded app-shells/dash to v0.5.12-r1.

Upgraded sys-process/lsof to v4.99.4.

Upgraded sys-apps/less to v668.

Upgraded cos-gpu-installer to v2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.

Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681. Added duphandle-init-netrc.patch, netrc-large-file.patch, setopt-http_content_decoding.patch to fix regression issues in curl v8.11.0.

Fixed CVE-2024-53042 in the Linux kernel.

Fixed CVE-2024-50195 in the Linux kernel.

Fixed CVE-2024-50192 in the Linux kernel.

Fixed CVE-2024-50279 in the Linux kernel.

Fixed CVE-2024-50271 in the Linux kernel.

Fixed CVE-2024-50272 in the Linux kernel.

Fixed CVE-2024-50141 in the Linux kernel.

Fixed CVE-2024-53054 in the Linux kernel.

Fixed CVE-2024-53082 in the Linux kernel.

Fixed CVE-2024-50151 in the Linux kernel.

Fixed CVE-2024-50142 in the Linux kernel.

Fixed CVE-2024-50163 in the Linux kernel.

Fixed CVE-2024-53066 in the Linux kernel.

Fixed CVE-2024-50162 in the Linux kernel.

Fixed CVE-2024-50060 in the Linux kernel.

Fixed CVE-2024-50072 in the Linux kernel.

Fixed CVE-2024-50257 in the Linux kernel.

Fixed CVE-2024-50228 in the Linux kernel.

Fixed KCTF-6ca5753 in the Linux kernel.

Fixed CVE-2024-50147 in the Linux kernel.

Fixed CVE-2024-50251 in the Linux kernel.

Fixed CVE-2024-50036 in the Linux kernel.

Fixed CVE-2024-50143 in the Linux kernel.

Fixed CVE-2024-50099 in the Linux kernel.

Fixed CVE-2024-50101 in the Linux kernel.

Fixed CVE-2024-49948 in the Linux kernel.

Fixed CVE-2024-50095 in the Linux kernel.

Fixed CVE-2024-49952 in the Linux kernel.

Fixed CVE-2024-49949 in the Linux kernel.

Fixed CVE-2024-49946 in the Linux kernel.

Fixed CVE-2024-50153 in the Linux kernel.

Fixed CVE-2024-50262 in the Linux kernel.

Fixed CVE-2024-49927 in the Linux kernel.

Fixed CVE-2024-49878 in the Linux kernel.

Fixed CVE-2024-50154 in the Linux kernel.

Fixed CVE-2024-50046 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812261 -> 812253

cos-113-18244-236-64

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Updated app-admin/google-guest-configs to 20241121.00. This enables intent based NIC naming scheme.

Upgraded sys-apps/makedumpfile to v1.7.6.

Upgraded containerd from 1.7.23 to 1.7.24.

Upgraded sys-process/lsof to v4.99.4.

Upgraded sys-apps/less to v668.

Upgraded net-misc/socat to v1.8.0.1.

Upgraded app-shells/dash to v0.5.12-r1.

Upgraded cos-gpu-installer to v2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.

Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681. Added duphandle-init-netrc.patch, netrc-large-file.patch, setopt-http_content_decoding.patch to fix regression issues in curl v8.11.0.

Fixed CVE-2024-50036 in the Linux kernel.

Fixed CVE-2024-50272 in the Linux kernel.

Fixed CVE-2024-50279 in the Linux kernel.

Fixed CVE-2024-53042 in the Linux kernel.

Fixed CVE-2024-50271 in the Linux kernel.

Fixed CVE-2024-50195 in the Linux kernel.

Fixed CVE-2024-50192 in the Linux kernel.

Fixed CVE-2024-50141 in the Linux kernel.

Fixed CVE-2024-53054 in the Linux kernel.

Fixed CVE-2024-53082 in the Linux kernel.

Fixed CVE-2024-50151 in the Linux kernel.

Fixed CVE-2024-50142 in the Linux kernel.

Fixed CVE-2024-50163 in the Linux kernel.

Fixed CVE-2024-50162 in the Linux kernel.

Fixed CVE-2024-53066 in the Linux kernel.

Fixed CVE-2024-50060 in the Linux kernel.

Fixed CVE-2024-50072 in the Linux kernel.

Fixed CVE-2024-50251 in the Linux kernel.

Fixed CVE-2024-50262 in the Linux kernel.

Fixed CVE-2024-49927 in the Linux kernel.

Fixed CVE-2024-50257 in the Linux kernel.

Fixed CVE-2024-50153 in the Linux kernel.

Fixed KCTF-6ca5753 in the Linux kernel.

Fixed CVE-2024-50147 in the Linux kernel.

Fixed CVE-2024-50143 in the Linux kernel.

Fixed CVE-2024-50101 in the Linux kernel.

Fixed CVE-2024-50099 in the Linux kernel.

Fixed CVE-2024-50154 in the Linux kernel.

Fixed CVE-2024-50215 in the Linux kernel.

Fixed CVE-2024-49878 in the Linux kernel.

Fixed CVE-2024-50228 in the Linux kernel.

Fixed CVE-2024-49949 in the Linux kernel.

Fixed CVE-2024-49948 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811954 -> 812030.

cos-105-17412-495-62

Kernel Docker Containerd GPU Drivers
COS-5.15.167 v23.0.3 v1.7.23 See List

Upgraded sys-apps/makedumpfile to v1.7.6.

Upgraded sys-process/lsof to v4.99.4.

Upgraded app-shells/dash to v0.5.12-r1.

Upgraded cos-gpu-installer to v2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.

Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675.

Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681. Added duphandle-init-netrc.patch, netrc-large-file.patch, setopt-http_content_decoding.patch to fix regression issues in curl v8.11.0.

Fixed CVE-2024-50279 in the Linux kernel.

Fixed CVE-2024-50192 in the Linux kernel.

Fixed CVE-2024-50195 in the Linux kernel.

Fixed CVE-2024-50151 in the Linux kernel.

Fixed CVE-2024-50142 in the Linux kernel.

Fixed CVE-2024-50163 in the Linux kernel.

Fixed CVE-2024-50162 in the Linux kernel.

Fixed CVE-2024-53066 in the Linux kernel.

Fixed CVE-2024-50072 in the Linux kernel.

Fixed CVE-2024-50099 in the Linux kernel.

Fixed CVE-2024-50257 in the Linux kernel.

Fixed CVE-2024-50251 in the Linux kernel.

Fixed CVE-2024-50262 in the Linux kernel.

Fixed CVE-2024-49946 in the Linux kernel.

Fixed KCTF-6ca5753 in the Linux kernel.

Fixed CVE-2024-38538 in the Linux kernel.

Fixed CVE-2024-50036 in the Linux kernel.

Fixed CVE-2024-50143 in the Linux kernel.

Fixed CVE-2024-50153 in the Linux kernel.

Fixed CVE-2024-50154 in the Linux kernel.

Fixed CVE-2024-50228 in the Linux kernel.

Fixed CVE-2024-49878 in the Linux kernel.

Fixed CVE-2024-49927 in the Linux kernel.

Fixed CVE-2024-49949 in the Linux kernel.

Fixed CVE-2024-49948 in the Linux kernel.

Fixed CVE-2024-50095 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812699 -> 812685

Vertex AI Agent Builder

Vertex AI Search: Boost controls for media recommendations (Public preview)

Boost controls are used to affect the order in which recommendations are listed. Boost controls use filters on string and boolean values in the schema data to determine what media content to boost or bury. The boost value (-1 to 1) determines whether the content should be placed lower (buried) or higher (boosted) in the list of recommendations returned.

Boost controls are attached to serving configs and applied to recommend method calls.

The boost feature is in public preview and is available through the API. For more information about the feature, see Boost and bury media recommendations.

Vertex AI Search: gemini-1.5-flash-002-high-fidelity model (Public preview)

The gemini-1.5-flash-002-high-fidelity model is available for grounded answer generation with RAG. This model is based on the gemini-1.5-flash-002 model and has been further tuned to address context-based question and answering tasks. This model is suitable for specialized industries, such as financial services, healthcare, and insurance.

This model is available in Public preview.

For more information, see High fidelity models.

December 03, 2024

Cloud Composer

All Cloud Composer environment's GKE clusters are set up with maintenance exclusions from December 20, 2024 to January 2, 2025. For more information, see Maintenance exclusions.

Cloud SQL for MySQL

You can now use the Network Connectivity Center hub to propagate Private Service Connect endpoints of Cloud SQL instances in a VPC network. All endpoints in this network become accessible transitively to other spoke VPC networks through the hub. This feature is available in Preview.

Cloud SQL for PostgreSQL

You can now use the Network Connectivity Center hub to propagate Private Service Connect endpoints of Cloud SQL instances in a VPC network. All endpoints in this network become accessible transitively to other spoke VPC networks through the hub. This feature is available in Preview.

Cloud SQL for SQL Server

You can now use the Network Connectivity Center hub to propagate Private Service Connect endpoints of Cloud SQL instances in a VPC network. All endpoints in this network become accessible transitively to other spoke VPC networks through the hub. This feature is available in Preview.

Compute Engine

Generally available: Hyperdisk Balanced High Availability provides cross-zonal, synchronous replication for your disk data, offering the best set of options for RPO, RTO, and performance.

Identity Platform

The Identity Platform integration with reCAPTCHA Enterprise API now supports bot protection and SMS toll fraud protection for SMS-based flows on iOS platforms.

Text-to-Speech

Journey Voices now supports the Journey-O speaker for de-de, en-au, en-in, en-gb, es-es, es-us, fr-ca, fr-fr, and it-it.

Vertex AI Agent Builder

Vertex AI Search: Index and refresh web pages using sitemap (Public preview)

If advanced website indexing is enabled in your data store, you can submit and use sitemaps and sitemap indexes to index and refresh the web pages in your data store. This feature supports only XML sitemaps and sitemap indexes.

This feature is in public preview and is available through the API. For more information about the feature, see Index and refresh web pages using sitemaps.

December 02, 2024

Backup and DR

Backup and DR service added support for immutable and indelible backups with the new backup vault feature. This feature is now generally available.

Backup and DR service added centralized backup management within Google Cloud console, with support for Compute Engine VM backup to backup vaults. This feature is now generally available.

Backup and DR service added integration with the Compute Engine VM creation experience, enabling the application of Backup and DR backup policies when VMs are created. This feature is now generally available.

Bigtable

To create a Bigtable instance, a user or account must be a principal in a role with the permission bigtable.clusters.create. For more information, see Bigtable access control with IAM.

Google Kubernetes Engine

In GKE version 1.31.1-gke.2105000 or later, you can now configure custom compute classes to consume Compute Engine reservations. Workloads that use those custom compute classes automatically trigger reservation consumption during node creation. This lets you manage reservation consumption more centrally. To learn more, see About custom compute classes.

Spanner

A predefined Identity and Access Management (IAM) role is available to enable Spanner permission to query a Spanner database using Data Boost. For more information, see details about the Spanner Database Reader with DataBoost IAM role and Run federated queries with Data Boost.

Vertex AI

Preview: You can consume reservations of VMs that have GPUs attached with your custom training jobs or prediction jobs. Reservations of Compute Engine zonal resources help you gain a high level of assurance that your jobs have the necessary resources to run. For more information, see the following:

December 01, 2024

Google SecOps SOAR

The official maintenance window is on Sundays between 11:00 to 15:00 UTC. Note that maintenance does not always necessitate a service outage.

November 29, 2024

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.71.0 (2024-11-01)

Features
  • spanner/admin/instance: Add support for Cloud Spanner Default Backup Schedules (706ecb2)
  • spanner: Client built in metrics (#10998) (d81a1a7)
Bug Fixes
  • spanner/test/opentelemetry/test: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • spanner/test/opentelemetry/test: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (2b8ca4b)
  • spanner: Attempt latency for streaming call should capture the total latency till decoding of protos (#11039) (255c6bf)
  • spanner: Decode PROTO to custom type variant of base type (#11007) (5e363a3)
  • spanner: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • spanner: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (2b8ca4b)

1.72.0 (2024-11-07)

Features
  • spanner/spansql: Add support for protobuf column types & Proto bundles (#10945) (91c6f0f), refs #10944
Bug Fixes
  • spanner: Skip exporting metrics if attempt or operation is not captured. (#11095) (1d074b5)

1.73.0 (2024-11-14)

Features
  • spanner: Add ResetForRetry method for stmt-based transactions (#10956) (02c191c)
Bug Fixes
  • spanner: Add safecheck to avoid deadlock when creating multiplex session (#11131) (8ee5d05)
  • spanner: Allow non default service account only when direct path is enabled (#11046) (4250788)
  • spanner: Use spanner options when initializing monitoring exporter (#11109) (81413f3)

Java

Changes for google-cloud-spanner

6.80.1 (2024-10-28)

Dependencies
  • Update googleapis/sdk-platform-java action to v2.49.0 (#3430) (beb788c)
  • Update sdk platform java dependencies (#3431) (eef03e9)

6.81.0 (2024-11-01)

Features
Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.54.0 (#3439) (cdec63f)

6.81.1 (2024-11-11)

Bug Fixes
  • Client built in metrics. Skip export if instance id is null (#3447) (8b2e5ef)
  • spanner: Avoid blocking thread in AsyncResultSet (#3446) (7c82f1c)
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.54.0 (#3437) (7e28326)
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.54.0 (#3438) (fa18894)
  • Update dependency com.google.cloud:google-cloud-trace to v2.53.0 (#3440) (314eeb8)
  • Update dependency io.opentelemetry:opentelemetry-bom to v1.44.1 (#3452) (6518eea)
  • Update opentelemetry.version to v1.44.1 (#3451) (d9b0271)
Documentation
  • Update samples' README.md to ensure given (#3420) (663a974)

6.81.2 (2024-11-20)

Bug Fixes
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.55.0 (#3482) (bf350b0)
  • Update dependency com.google.api.grpc:proto-google-cloud-trace-v1 to v2.53.0 (#3454) (8729b30)
  • Update dependency com.google.cloud:google-cloud-trace to v2.53.0 (#3464) (a507e4c)
  • Update dependency com.google.cloud:google-cloud-trace to v2.54.0 (#3488) (1d1fecf)
  • Update googleapis/sdk-platform-java action to v2.50.0 (#3475) (e992f18)
  • Update sdk platform java dependencies (#3476) (acb6446)

Node.js

Changes for @google-cloud/spanner

7.15.0 (2024-10-30)

Features
  • (observability, samples): add tracing end-to-end sample (#2130) (66d99e8)
  • (observability) add spans for BatchTransaction and Table (#2115) (d51aae9), closes #2114
  • (observability) Add support for OpenTelemetry traces and allow observability options to be passed. (#2131) (5237e11), closes #2079
  • (observability) propagate database name for every span generated to aid in quick debugging (#2155) (0342e74)
  • (observability) trace Database.batchCreateSessions + SessionPool.createSessions (#2145) (f489c94)
  • (observability): trace Database.runPartitionedUpdate (#2176) (701e226), closes #2079
  • (observability): trace Database.runTransactionAsync (#2167) (d0fe178), closes #207
  • Allow multiple KMS keys to create CMEK database/backup (#2099) (51bc8a7)
  • observability: Fix bugs found from product review + negative cases (#2158) (cbc86fa)
  • observability: Trace Database methods (#2119) (1f06871), closes #2114
  • observability: Trace Database.batchWriteAtLeastOnce (#2157) (2a19ef1), closes #2079
  • observability: Trace Transaction (#2122) (a464bdb), closes #2114
Bug Fixes

7.16.0 (2024-11-09)

Features
  • spanner: Add support for Cloud Spanner Default Backup Schedules (#2135) (19f137c)
Bug Fixes
  • deps: Update dependency google-gax to v4.4.1 (#2100) (2e94bcd)

Python

Changes for google-cloud-spanner

3.50.0 (2024-11-11)

Features
  • spanner: Add support for Cloud Spanner Default Backup Schedules (45d4517)
Bug Fixes
  • Add PROTO in streaming chunks (#1213) (43c190b)
  • Pass through route-to-leader option in dbapi (#1223) (ec6c204)
  • Pin nox version in requirements.in for devcontainer. (#1215) (41604fe)
Documentation
  • Allow multiple KMS keys to create CMEK database/backup (68551c2)

3.50.1 (2024-11-14)

Bug Fixes

November 28, 2024

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

November 27, 2024

Cloud Composer

In December 2024, Google will remove the following previously deprecated Airflow operators from the apache-airflow-providers-google package.

The new version of this package will be included in one of the future releases of Cloud Composer and the change will be announced in the Release Notes. After this change, it will not be possible to use these operators in your DAGs.

Make sure that you use up-to-date alternatives of the removed operators instead. For more information about removed and deprecated Airflow operators and their up-to-date alternatives, see Deprecated and removed Airflow operators.

Operators that will be removed in December 2024: DataPipelineHook, CreateDataPipelineOperator, RunDataPipelineOperator, AutoMLDatasetLink, AutoMLDatasetListLink, AutoMLModelLink, AutoMLModelTrainLink, AutoMLModelPredictLink.

Cloud Data Fusion

The Snowflake plugin version 1.1.4 is available in Cloud Data Fusion version 6.8.0 and later. This release includes the following changes (PLUGIN-1816):

  • Fixed an issue in the Snowflake source causing pipelines to fail if fields contained decimals.
  • Fixed an issue in the Snowflake source causing pipelines to fail if data contained a backslash (\). You can set a new escape character using the cdap.snowflake.source.escape runtime argument.

The Cloud SQL MySQL plugins version 1.11.5 is available in Cloud Data Fusion versions 6.10.0 and later. This release fixes an issue in the Cloud SQL MySQL sink causing pipelines to fail when the schema contains a MySQL reserved word (PLUGIN-1017).

Cloud SQL for MySQL

You can now create instances with both private services access and Private Service Connect enabled for them. You can also enable Private Service Connect for existing private services access instances. This feature is available in Preview. For more information, see Configure both private services access and Private Service Connect.

Cloud SQL for PostgreSQL

You can now create instances with both private services access and Private Service Connect enabled for them. You can also enable Private Service Connect for existing private services access instances. This feature is available in Preview. For more information, see Configure both private services access and Private Service Connect.

Cloud SQL for SQL Server

You can now create instances with both private services access and Private Service Connect enabled for them. You can also enable Private Service Connect for existing private services access instances. This feature is available in Preview. For more information, see Configure both private services access and Private Service Connect.

Google Kubernetes Engine

Cloud TPU Trillium (v6e) machine types are now in public preview for Autopilot clusters running version 1.31.2-gke.1384000 or later. These TPUs are available in the following zones: us-east5-b, europe-west4-a, us-east1-d, asia-northeast1-b, and us-south1-a. To learn more, see Plan TPUs in GKE.

(2024-R46) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

There are no new releases in the Regular channel.

Stable channel

There are no new releases in the Stable channel.

Extended channel

No channel

(2024-R46) Version updates

(2024-R46) Version updates

There are no new releases in the Regular channel.

(2024-R46) Version updates

There are no new releases in the Stable channel.

(2024-R46) Version updates

(2024-R46) Version updates

November 26, 2024

Compute Engine

To learn more, see Monitor disk health.

Google Kubernetes Engine

Cluster autoscaler and node auto-provisioning support the C4 machine family in GKE version 1.28.15-gke.1159000, 1.29.10-gke.1227000 or later.

Vertex AI Agent Builder

Vertex AI Search: Check ingested data quality for media recommendations (GA)

You can check the quality of your ingested data for media recommendations through the Google Cloud console. These checks are not blocking but can suggest ways that your data can be improved. This feature is Generally available (GA).

Previously, this check was only available through API method calls.

For more information, see Check data quality for media recommendations.

November 25, 2024

Anti Money Laundering AI

A new major engine version is available for Retail and Commercial lines of business, within the v4 tuning version. This includes technical improvements and simplifications for tuning and training.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.44.0 (2024-11-17)

Features
  • Enable maxTimeTravelHours in BigQuery java client library (#3555) (bd24fd8)
Bug Fixes
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.55.0 (#3559) (950ad0c)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20241027-2.0.0 (#3568) (b5ccfcc)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.59.0 (#3561) (1bd24a1)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.40.0 (#3576) (d5fa951)
  • Update github/codeql-action action to v2.27.1 (#3567) (e154ee3)
  • Update github/codeql-action action to v2.27.3 (#3569) (3707a40)
  • Update github/codeql-action action to v2.27.4 (#3572) (2c7b4f7)
Documentation
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.48.0 (2024-11-19)

Features
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (6b35b47)
  • Make client side metrics tag in sync with server (#2401) (bba4183)
Dependencies
Cloud Asset Inventory

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

  • Conversational Insights
    • contactcenterinsights.googleapis.com/IssueModel
    • contactcenterinsights.googleapis.com/PhraseMatcher
    • contactcenterinsights.googleapis.com/View
  • Google Kubernetes Engine
    • admissionregistration.k8s.io/MutatingWebhookConfiguration
    • apps.k8s.io/DaemonSet
    • apps.k8s.io/StatefulSet
    • batch.k8s.io/CronJob
    • k8s.io/PersistentVolume
    • k8s.io/PersistentVolumeClaim
    • k8s.io/PodTemplate
    • k8s.io/ReplicationController
    • k8s.io/ResourceQuota
    • policy.k8s.io/PodDisruptionBudget
    • storage.k8s.io/StorageClass
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.20.7 (2024-11-18)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.49.0 (a1ec68d)
  • deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (afcf63c)
  • Fixed outdated link to X-Cloud-Trace-Context header description (#1713) (d474313)
Dependencies
Cloud Run

You can now set a task timeout up to 168 hours (7 days) for Cloud Run jobs. (Preview)

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.45.0 (2024-11-18)

Features
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.49.0 (aef367d)
  • deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (281cccb)
  • Set default values for monitored resource (#2809) (27829a4)
Dependencies
Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.24.3 (2024-11-18)

Dependencies
Google SecOps

Curated Detections has been enhanced with a new detection category, MacOS Threats. The category includes a Mandiant Intel Emerging Threats rulepack.

Google SecOps SIEM

Curated Detections has been enhanced with a new detection category, MacOS Threats. The category includes a Mandiant Intel Emerging Threats rulepack.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.134.2 (2024-11-18)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.49.0 (77546e0)
  • deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (3f21af3)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.43.3 (#2256) (f7fbc6c)
  • Update dependency com.google.cloud:google-cloud-core to v2.47.0 (#2249) (3df5729)
  • Update dependency com.google.cloud:google-cloud-storage to v2.44.1 (#2240) (f8dae4d)
  • Update googleapis/sdk-platform-java action to v2.50.0 (#2261) (d0aab7d)
  • Update sdk platform java dependencies (#2262) (b689fe2)
Sensitive Data Protection

The PHONE_NUMBER infoType functionality that was previously only available by setting InfoType.version to latest or stable is now also used when InfoType.version is set to legacy. The new model includes US_TOLLFREE_PHONE_NUMBER findings as type PHONE_NUMBER in the scan results.

The old detection model that was previously available by setting InfoType.version to legacy is no longer available.

Spanner

Default backup schedules are now available and automatically enabled for all new instances. You can enable or disable default backup schedules in an instance when creating the instance or by editing the instance later. You can also enable default backup schedules for new databases in existing instances. You can edit or delete the default backup schedule once it's created.

When enabled, Spanner creates a default backup schedule for every new database created in the instance. The default backup schedule creates a full backup every 24 hours. These backups have a retention period of 7 days.

For more information, see Default backup schedules.

November 24, 2024

Google SecOps

New options for closing a case

New custom field options have been added to the admin settings close case page. Using these fields, you can ask the analyst to enter different types of information when closing a case.

For more information, refer to Customize the Close Case dialog.

Google SecOps SOAR

Release 6.3.26 is currently in Preview.

New options for closing a case

New custom field options have been added to the admin settings close case page. Using these fields, you can ask the analyst to enter different types of information when closing a case.

For more information, refer to Customize the Close Case dialog

November 22, 2024

Anthos Attached Clusters

GKE attached clusters now supports clusters in the us-central1 region. For more information, see:

Apigee UI

On November 22, 2024, we released an updated version of the Apigee UI.

This release includes an improved Apps page for Apigee API Management in the Google Cloud console, making it easier to manage API products that are assigned to app credentials.

With this release:

  • Products can be added to an app from a single multi-select list box.
  • Products can be approved, revoked, and removed from a credential by selecting products in the credential product table and using one of the available action buttons.
  • Clicking the Add Credential button adds an empty credential to the list.
  • Credential approval and expiry configuration fields are located in the credential card.
  • A warning appears to users if they attempt to leave the Apps page when un-saved changes are present.
Bug ID Description
357165778 Refactored app credential management experience

Resolved issue causing the Apps page in the Apigee UI in Cloud console to crash when working with apps that have a large amount of products assigned to app credentials.

Assured Workloads Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

Firestore

You can now use Active Assist to provide recommendations and insights that improve the reliability of your databases. This feature is generally available (GA).

For more information, see Reliability recommender.

Firestore in Datastore mode

You can now use Active Assist to provide recommendations and insights that improve the reliability of your databases. This feature is generally available (GA).

For more information, see Reliability recommender.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.30.300-gke.84 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.300-gke.84 runs on Kubernetes v1.30.5-gke.600.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issues are fixed in 1.30.300-gke.84:

  • Fixed the issue that additional manual steps are needed after disabling always-on secrets encryption with gkectl update cluster.
  • Fixed the known issue that caused gkectl to display false warnings on admin cluster version skew.

The following vulnerabilities are fixed in 1.30.300-gke.84:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.30.300-gke.84

Google Distributed Cloud for bare metal 1.30.300-gke.84 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.300-gke.84 runs on Kubernetes 1.30.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed an issue where the control plane VIP might become unavailable because Keepalived didn't check correctly that the VIP is on a node with a responsive HAProxy.

  • Fixed an issue where the registry mirror reachability check fails for a single unreachable registry mirror. Now the reachability check applies to configured registry mirrors only, instead of all registry mirrors.

The following container image security vulnerabilities have been fixed in 1.30.300-gke.84:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Text-to-Speech

Cloud TTS Journey voices have been updated to improve the accuracy of generated speech. This means you should notice fewer instances of dropped words.

November 21, 2024

Agent Assist

Summarization with custom sections V3.1 is generally available. V3.1 provides the following improvements on V3.0:

  • Higher quality summarizations
  • Improved latency
AlloyDB for PostgreSQL

You can set up AlloyDB clusters using a copy of your Cloud SQL for PostgreSQL backup. This feature is in Preview. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.

Model endpoint management is generally available (GA) for both AlloyDB and AlloyDB Omni. You can use sample templates to register model endpoints. For more information, see Register and call remote AI models in AlloyDB or Register and call remote AI models in AlloyDB Omni.

Backup and DR

This release fixes an issue with OnVault pool jobs leaving behind inactive cloudbacker mountpoints. It does this by retrying the unmount process a set number of times, including forced unmounts. Due to the increased number of retries and the wait time between them, job durations may be slightly longer.

This release deprecates support for ssh-rsa as the ssh Host Key algorithm.

This release fixes the synchronization between database and log backup states. Log backups should not copy the logs to the database staging after the database staging disk is unmounted and the state DBBACKUP_DONE is set.

This release fixes an issue where SAP HANA database and log backup jobs using Persistent Disk snapshots would complete with a warning status due to metadata upload failures to Google Cloud Storage for disaster recovery.

This release removes the 700 thread hard limit and psrv restarts at 800 threads when the psrv is at high usage.

This release fixes the Tomcat vulnerability CVE-2024-38286.

This release fixes the following Kernel vulnerabilities:

CRITICAL Kernel issues: CVE-2023-25775 CVE-2019-15505

MEDIUM Kernel issues CVE-2019-13631 CVE-2020-25656 CVE-2020-26555 CVE-2020-36777 CVE-2021-3753 CVE-2021-46909 CVE-2021-46939 CVE-2021-47171 CVE-2022-38096 CVE-2022-48743 CVE-2023-1192 CVE-2023-4133 CVE-2023-5090 CVE-2023-6121 CVE-2023-6176 CVE-2023-6240 CVE-2023-6622 CVE-2023-6915 CVE-2023-24023 CVE-2023-31083 CVE-2023-37453 CVE-2023-38409 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-39198 CVE-2023-42754 CVE-2023-42755 CVE-2023-45863 CVE-2023-52448 CVE-2023-52463 CVE-2023-52471 CVE-2024-0340 CVE-2024-21140 CVE-2024-21145 CVE-2024-25739 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26586 CVE-2024-26602 CVE-2024-26603 CVE-2024-26901 CVE-2024-26908 CVE-2024-27014 CVE-2024-27019 CVE-2024-36270 CVE-2024-36489 CVE-2024-38598 CVE-2024-39472 CVE-2024-39476

HIGH Kernel issues: CVE-2019-25162 CVE-2021-4204 CVE-2021-33631 CVE-2021-47624 CVE-2022-0500 CVE-2022-3565 CVE-2022-23222 CVE-2022-45884 CVE-2022-45886 CVE-2022-45919 CVE-2022-45934 CVE-2023-2163 CVE-2023-3567 CVE-2023-3812 CVE-2023-4244 CVE-2023-5178 CVE-2023-6546 CVE-2023-6931 CVE-2023-6932 CVE-2023-28464 CVE-2023-51042 CVE-2023-51780 CVE-2023-52340 CVE-2023-52434 CVE-2023-52439 CVE-2023-52445 CVE-2023-52451 CVE-2023-52464 CVE-2023-52469 CVE-2024-0565 CVE-2024-0841 CVE-2024-1086 CVE-2024-21147 CVE-2024-23307 CVE-2024-25744 CVE-2024-26593 CVE-2024-26907 CVE-2024-26933 CVE-2024-26934 CVE-2024-27020 CVE-2024-36971 CVE-2024-36978 CVE-2024-36979 CVE-2024-38538 CVE-2024-38555 CVE-2024-38627 CVE-2024-39487

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, and Feed APIs.

Cloud Data Fusion

The HTTP plugin version 1.4.3 is available in Cloud Data Fusion version 6.8.0 and later. This release includes the following changes (PLUGIN-1810):

  • In the HTTP streaming source, batch source, and batch sink, a PATCH option was added to the HTTP Method field.
  • Fixed an issue in the HTTP sink causing data loss when a pipeline didn't fail by default when a non-2xx response code was received.
  • Fixed an issue in the HTTP source causing a pipeline not to fail when the get_schema method was called and a non-2xx response code was received.
Cloud SQL for PostgreSQL

You can now set up AlloyDB clusters using a copy of your Cloud SQL for PostgreSQL backup. This feature is in Preview. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.

Generative AI on Vertex AI

Mistral Large (24.11) is Generally Available on Vertex AI as a managed model. To learn more, view the Mistral Large (24.11) model card in Model Garden.

The Gen AI evaluation service can now help you evaluate your translation models using MetricX, COMET, and BLEU metrics. To learn more about evaluating your translation models, see Evaluate translation models.

Google Cloud VMware Engine

VMware Engine ve1 nodes are now available in the following additional region:

  • Dallas, Texas, North America (us-south1-b).
Google Distributed Cloud (software only) for bare metal

Release 1.29.800-gke.111

Google Distributed Cloud for bare metal 1.29.800-gke.111 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.800-gke.111 runs on Kubernetes 1.29.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

  • Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.

Fixes:

  • Fixed the issue where non-root users can't run bmctl restore to restore quorum.

The following container image security vulnerabilities have been fixed in 1.29.800-gke.111:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

If your GKE cluster was created before version 1.26, you can now migrate it to cgroupv2. This migration enables the use of Pod bursting in Autopilot mode.

Google SecOps SIEM

The Google SecOps team identified that a cloud threat detection rule pack (azure-defender-for-cloud-vm-extensions) was inadvertently made available to all customers. The licensing requirements restrict the availability of this rule pack to only Enterprise and Enterprise+ customers and this has been corrected.

This change should not remove any prior detections for customers who have enabled this rule pack and do not meet the licensing requirements but the rules themselves will now be unavailable and no new detections will generate.

Looker Studio

Let report viewers see all filters

Report editors can let report viewers see all of the filters applied to a report, including filters that viewers can't edit.

Filter value suggestions

When defining filters on charts, pages, or reports that use Equal to (=) or In conditions, report editors can select from a list of possible filter values that are provided from the underlying data. Filter suggestions are supported for all data connectors and can be disabled during filter creation.

Learn more about filter properties.

Looker connector filter enhancements

The following features are now available for use with the Looker connector:

  • Filter-only fields can be set as a report control and a quick filter.
  • Looker Studio displays suggestions for filter values based on the data source's LookML suggest_dimension and suggest_explore definitions when Equal to (=) and In conditions are used.
Secure Source Manager

Secure Source Manager supports email notifications. For more information, see Notifications overview. To configure notifications, follow the instructions in Set up notifications.

Security Command Center

The Sensitive Data Protection discovery service is now included in Security Command Center Enterprise. To enable discovery, see Enable sensitive data discovery in the Enterprise tier.

The Sensitive Data Protection discovery service remains available to Security Command Center Premium and Standard customers as a separately priced feature.

As of November 13, 2024, Security Command Center can produce Cloud Entitlement Infrastructure Management (CIEM) findings for the following identity and access issues in AWS environments:

  • Users, groups, or assumed IAM roles that are inactive and have one or more permissions.
  • Overly permissive trust policies that are enforced on an AWS IAM role.
  • Identities that can move laterally through impersonation.

November 20, 2024

Artifact Registry

Artifact Registry is available in the northamerica-south1 region (Querétaro, Mexico, North America). For more information, see Global locations.

Cloud Load Balancing

Regional external Application Load Balancers, cross-region internal Application Load Balancers, regional internal Application Load Balancers, regional internal proxy Network Load Balancers, cross-region internal proxy Network Load Balancers, and regional external proxy Network Load Balancers now support IPv4 and IPv6 (dual-stack) backends.

The following backends have dual-stack support:

  • VM instance groups
  • Zonal NEGs (GCE_VM_IP_PORT endpoints)

You can also convert your existing single-stack load balancers from IPv4-only to dual stack (IPv4 and IPv6) deployments.

For details, see the following pages:

This feature is available in General Availability.

Cloud SQL for MySQL

You can now authenticate to Cloud SQL Studio by using IAM database authentication.

For more information about authentication in Cloud SQL Studio, see Manage your data using Cloud SQL Studio.

Cloud SQL for PostgreSQL

You can now authenticate to Cloud SQL Studio by using IAM database authentication.

For more information about authentication in Cloud SQL Studio, see Manage your data using Cloud SQL Studio.

Dataproc

Dataproc Serverless for Spark: Spark Lineage is available for all supported Dataproc Serverless for Spark runtime versions.

Deep Learning Containers

M126 release

  • Base CUDA 12.3 container images are now available.
  • Base CUDA 12.4 container images are now available.
  • PyTorch 2.4.0 with CUDA 12.4 and Python 3.10 container images are now available.
  • Upgraded R from 4.4.1 to 4.4.2 for R container images.
Deep Learning VM Images

M126 release

  • CUDA 12.4 VM images are now available.
  • PyTorch 2.4.0 with CUDA 12.4 and Python 3.10 VM images are now available.
  • Upgraded R from 4.4.1 to 4.4.2 for R VM images.
  • One or more framework versions have reached their end of patch and support dates. To view end of patch and support dates, see Supported framework versions. To create a VM instance using an image family that has reached its end of patch and support date, you must specify an image from the image family when you create the VM instance. To list images from an image family name after its end of patch and support date, include the --show-deprecated flag in your gcloud compute images list command, or select Show deprecated images when creating an instance in the Google Cloud console.
Google Cloud Deploy

You can now automatically promote releases across targets at scheduled times, in preview.

Google Cloud VMware Engine

VMware Engine ve2 nodes are now available in the following regions:

  • São Paulo, Brazil (southamerica-east1)
  • Santiago, Chile (southamerica-west1)
Google Kubernetes Engine

You can now specify a custom resource policy as a compact placement policy with node auto-provisioning in clusters running GKE version 1.31.1-gke.2010000 or later. To learn more, see Use compact placement for node auto-provisioning.

VPC Service Controls

VPC Service Controls feature: VPC Service Controls extends support for etags in the service perimeter resources. For example, you can use the --etag flag with the gcloud CLI commands such as gcloud access-context-manager perimeters update and gcloud access-context-manager perimeters describe. This feature is generally available.

Vertex AI Workbench

M126 release

The M126 release of Vertex AI Workbench user-managed notebooks includes the following:

The M126 release of Vertex AI Workbench managed notebooks includes the following:

  • Upgraded JupyterLab to 3.6.8.

M126 release

The M126 release of Vertex AI Workbench instances includes the following:

  • Preview: JupyterLab 4+ is available on new Vertex AI Workbench instances. To try it, select JupyterLab 4 when you create your instance.
  • Upgraded JupyterLab to 3.6.8.

November 19, 2024

App Engine flexible environment Go

Go 1.23 is now available in preview.

App Engine flexible environment Node.js App Engine standard environment Go

Go 1.23 is now available in preview.

App Engine standard environment Node.js Artifact Registry

Artifact Registry now provides the option to enable or disable vulnerability scanning on individual repositories. By giving you more granular control over the number of images scanned, this feature can help you manage scanning costs and reduce noise in vulnerability scanning results.

This feature is Generally Available.

For more information, see Enable or disable automatic scanning.

BigQuery

You can create a search index on columns containing INT64 or TIMESTAMP data and BigQuery can optimize predicates that use those columns. This feature is generally available (GA).

Cloud Load Balancing

Percentage-based request mirroring is now supported for the cross-region and regional internal Application Load Balancers. By default, the mirrored backend service receives all requests, even if the original traffic is being split between multiple weighted backend services. You can now configure the mirrored backend service to receive only a percentage of the requests by using the mirrorPercent flag to specify the percentage of requests to be mirrored expressed as a value between 0 and 100.0.

For an example, see Set up traffic management for regional internal Application Load Balancers.

This capability is available in Preview.

Cloud Run

Support for the Go 1.23 runtime is now in Preview.

Cloud Run functions

Cloud Run functions now supports the Go 1.23 runtime at the Preview release level.

Cloud SQL for MySQL

For Cloud SQL Enterprise Plus edition instances, advanced disaster recovery (DR) is now generally available (GA). For more information, see Advanced disaster recovery (DR) and Use advanced disaster recovery (DR).

The write endpoint feature is now available in Preview. This endpoint is a global domain name service (DNS) name. This name resolves to the IP address of the current primary Cloud SQL instance that's enabled with private services access.

By using a write endpoint, you can avoid having to make application connection changes after performing a switchover or replica failover operation to test or mitigate a regional failure. For more information, see Configure private IP.

Cloud SQL for PostgreSQL

For Cloud SQL Enterprise Plus edition instances, you can now use advanced disaster recovery (DR) to simplify recovery and fallback processes after you perform a cross-regional failover. With advanced DR, you can:

  • Designate a cross-region disaster recovery (DR) replica
  • Perform a cross-region replica failover for disaster recovery
  • Restore your original deployment by using zero-data loss switchover

You can also use switchover to simulate disaster recovery without data loss. You can use advanced DR on Cloud SQL for PostgreSQL version 12, 13, 14, 15, or 16.

For more information, see Advanced disaster recovery (DR) and Use advanced disaster recovery (DR). This feature is generally available (GA).

The write endpoint feature is now available in Preview. This endpoint is a global domain name service (DNS) name. This name resolves to the IP address of the current primary Cloud SQL instance that's enabled with private services access.

By using a write endpoint, you can avoid having to make application connection changes after performing a switchover or replica failover operation to test or mitigate a regional failure. For more information, see Configure private IP.

Cloud Service Mesh

The rollout of managed Cloud Service Mesh version 1.19 to all channels has completed.

Compute Engine

The documentation has been updated to clarify that future reservation requests don't support E2 machine types. To reserve VMs that use E2 machine types, use on-demand reservations instead.

For more information, see Restrictions on creation.

Google Cloud Architecture Center

(New guide) Cross-Cloud Network inter-VPC connectivity using VPC Network Peering: Describes how to configure hub-and-spoke Cross-Cloud Network using VPC Network Peering.

(New guide) Deploy and operate generative AI applications: Describes how you can adapt DevOps and MLOps processes to develop, deploy, and operate generative AI applications on existing foundation models.

Google Kubernetes Engine

(2024-R45) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

There are no new releases in the Regular channel.

Stable channel

There are no new releases in the Stable channel.

Extended channel

No channel

(2024-R45) Version updates

(2024-R45) Version updates

There are no new releases in the Regular channel.

(2024-R45) Version updates

There are no new releases in the Stable channel.

(2024-R45) Version updates

(2024-R45) Version updates

GKE version 1.31 introduces increased scalability, allowing users to create clusters with up to 65,000 nodes. For clusters exceeding 5,000 nodes, a quota increase is required. Contact Google Cloud support to request this increase.

Kf

Upgraded server-side dependencies - Tekton Pipelines, ASM

Updated Go version used to build images and CLI tools

Changed version of php-buildpack to address build issue.

Secret Manager

Creating custom organization policies with Secret Manager resources is now in General Availability (GA). You can use custom organization policies to enhance secret security by enforcing rotation schedules, annotations, and expirations for secrets. You can also use custom organization policies to restrict secret types to manage costs. To learn more about using custom organization policies in Secret Manager, see Use custom organization policies.

Sensitive Data Protection

The November 4 release note announcing the release of sample discovery findings was published in error. This feature is not available.

Spanner

Spanner supports the ALL_DIFFERENT graph predicate in GoogleSQL-dialect databases. You can use this predicate to see if the graph elements in a list are mutually distinct.

November 18, 2024

Access Approval

Access Approval now supports Cloud Healthcare API in the Preview stage.

AlloyDB for PostgreSQL

AlloyDB for PostgreSQL is now available in the following region: northamerica-south1 (Mexico). For more information, see AlloyDB Locations.

Anti Money Laundering AI

Two major engine versions within the v4 tuning version are no longer used by customers and are deprecated as of today. We recommend customers use the most recent engine versions instead. Deprecation overrides the support timeline for all minor versions within these major engine versions.

App Hub Application Integration

JavaScript task using Gemini

If your integration flow requires any complex data mapping logic, Gemini can now recommend a JavaScript task. For more information, see Create an integration using Gemini.

You can add a JavaScript task, edit an existing task, or use Gemini to help understand the JavaScript code. For more information, see Configure JavaScript tasks.

Assured Workloads

The Sovereign Controls for Kingdom of Saudi Arabia control package now supports the following products. See Supported products by control package for more information:

  • Sensitive Data Protection
  • Google Cloud Armor
  • Secret Manager

The Sovereign Controls for EU control package now supports the following products. See Supported products by control package for more information:

  • BigQuery Data Transfer Service
  • Sensitive Data Protection
  • GKE Identity Service
  • Google Cloud Armor
  • Resource Manager
  • Secret Manager
Bigtable

You can now create a Data Boost app profile and view Data Boost metrics in the Google Cloud console. Data Boost for Bigtable is in Preview. For more information, see Create and configure app profiles.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.47.0 (2024-11-13)

Features
  • Add an experimental feature to skip waiting for trailers for unary ops (#2404) (cf58f26)
  • Add internal "deadline remaining" client side metric #2341 (#2370) (75d4105)
Bug Fixes

Python

Changes for google-cloud-bigtable

2.27.0 (2024-11-12)

Features
  • Add support for Cloud Bigtable Node Scaling Factor for CBT Clusters (#1023) (0809c6a)
  • Surface retry param to Table.read_row api (#982) (a8286d2)
Bug Fixes

Bigtable is now available in the northamerica-south1 (Mexico) region. For more information, see Bigtable locations.

Cloud Data Fusion

The Cloud SQL MySQL plugins version 1.11.5 is available in Cloud Data Fusion versions 6.8.0 and later. This release fixes an issue in the Cloud SQL MySQL sink causing pipelines to fail when the schema contains a MySQL reserved word (PLUGIN-1017). This note is incorrect; see entry for November 27, 2024.

The SAP table batch source plugin version 0.11.5 is available in Cloud Data Fusion version 6.8.0 and later. This release fixes an issue causing the following error: Error encountered while configuring the stage: Unable to access Cloud Storage or download JCo libraries from Cloud Storage.

Cloud Database Migration Service

Database Migration Service now lets you select if a connection profile is for a source or a destination database, based on your migration scenario. Database Migration Service shows configuration options applicable to your choice.

Cloud Interconnect

Dedicated Cloud Interconnect support is available in the following colocation facilities:

  • Queretaro, Mexico, North America

For more information, see the Locations table and Global Locations.

Cloud Key Management Service

Cloud KMS is available in the following region:

  • northamerica-south1

For more information, see Cloud KMS locations.

Cloud Run

Support for the Node.js 22 runtime is now in general availability (GA).

Cloud Run functions

Cloud Run functions now supports the Node.js 22 runtime at the General Availability release level.

Cloud SQL for MySQL

Support for the northamerica-south1 (Mexico) region.

Cloud SQL now supports near-zero downtime when you enable or disable data cache for Cloud SQL Enterprise Plus edition primary instances. For more information, see Availability in Cloud SQL.

Cloud SQL now supports near-zero downtime for infrequent scale downs (once every three hours) of the compute size (vCPU, memory) of your Cloud SQL Enterprise Plus edition primary instance.

For more information, see Availability in Cloud SQL.

Cloud SQL for PostgreSQL

The pgvector extension is now upgraded from version 0.7.4 to version 0.8.0. Use this extension to store and search for vector embeddings in PostgreSQL databases. For more information, see Configure PostgreSQL extensions.

To use this version of the extension, update your instance to one of the following:

  • POSTGRES_17_0.R20241011.00_03 (for PostgreSQL instances, version 17)
  • [PostgreSQL version].R20240910.01_17 (for PostgreSQL instances, versions 13 to 16)

For more information, see Self-service maintenance.

Support for the northamerica-south1 (Mexico) region.

Cloud SQL now supports near-zero downtime when you enable or disable data cache for Cloud SQL Enterprise Plus edition primary instances. For more information, see Availability in Cloud SQL.

Cloud SQL now supports near-zero downtime for infrequent scale downs (once every three hours) of the compute size (vCPU, memory) of your Cloud SQL Enterprise Plus edition primary instance.

For more information, see Availability in Cloud SQL.

Cloud SQL for SQL Server

Support for the northamerica-south1 (Mexico) region.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.47.0 (2024-11-14)

Features
  • storage: Introduce dp detector based on grpc metrics (#11100) (60c2323)
Bug Fixes

Cloud Storage is now available in Querétaro, Mexico (northamerica-south1 region). For more information, see Cloud Storage regions.

Cloud VPN

Cloud VPN is now available in region northamerica-south1 (Queretaro, Mexico, North America). For more information, see Global locations.

Pricing is available on the Cloud VPN pricing page.

Cloud Workstations

The Cloud Workstations base editor (Code OSS) has been upgraded to 1.94.2. The last image that offers the previous version is tagged code-oss-1.89.1.

Compute Engine

Generally available: Queretaro, Mexico, North America (northamerica-south1-a,b,c) has launched with E2, N4, C4, and C3D VMs available in all three zones. For more information, see Global Locations and VM instance pricing.

Container Optimized OS

cos-117-18613-75-37

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.23 See List

Fixed CVE-2024-50101 in the Linux kernel.

Fixed CVE-2024-50095 in the Linux kernel.

Fixed CVE-2024-50066 in the Linux kernel.

Fixed CVE-2024-50010 in the Linux kernel.

Fixed CVE-2024-50110 in the Linux kernel.

Fixed CVE-2024-50120 in the Linux kernel.

Fixed CVE-2024-50121 in the Linux kernel.

Fixed CVE-2024-50115 in the Linux kernel.

Fixed CVE-2024-50130 in the Linux kernel.

Fixed CVE-2024-50131 in the Linux kernel.

cos-113-18244-236-44

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Fixed CVE-2024-49952 in the Linux kernel.

Fixed CVE-2024-50095 in the Linux kernel.

Fixed CVE-2024-49946 in the Linux kernel.

Fixed CVE-2024-50010 in the Linux kernel.

Fixed CVE-2024-50138 in the Linux kernel.

Fixed CVE-2024-49959 in the Linux kernel.

Fixed CVE-2024-49954 in the Linux kernel.

Fixed CVE-2024-50110 in the Linux kernel.

Fixed CVE-2024-50115 in the Linux kernel.

Fixed CVE-2024-50131 in the Linux kernel.

cos-109-17800-372-45

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Fixed CVE-2024-45310 in app-containers/runc.

Fixed CVE-2024-50010 in the Linux kernel.

Fixed CVE-2024-49959 in the Linux kernel.

Fixed CVE-2024-49954 in the Linux kernel.

Fixed CVE-2024-50110 in the Linux kernel.

Fixed CVE-2024-50138 in the Linux kernel.

Fixed CVE-2024-50115 in the Linux kernel.

Fixed CVE-2024-50131 in the Linux kernel.

cos-105-17412-495-45

Kernel Docker Containerd GPU Drivers
COS-5.15.167 v23.0.3 v1.7.23 See List

Fixed CVE-2024-49952 in the Linux kernel.

Fixed CVE-2024-50110 in the Linux kernel.

Fixed CVE-2024-49959 in the Linux kernel.

Fixed CVE-2024-49954 in the Linux kernel.

Fixed CVE-2024-50010 in the Linux kernel.

Fixed CVE-2024-50131 in the Linux kernel.

Fixed CVE-2024-46855 in the Linux kernel.

cos-dev-121-18759-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.61 v24.0.9 v2.0.0 See List

Updated app-admin/google-guest-configs to v20241112.00.

Updated app-containers/containerd to v2.0.0.

Updated the Linux kernel to v6.6.61.

Upgraded cos-gpu-installer to v2.4.4: Relax precise GPU driver version check to allow version with two numeric segments pass.

Data Catalog

Data Catalog is now available in the Mexico (northamerica-south1) region. For more information, see Global locations and pricing.

Dataflow

Dataflow is available in Queretaro, Mexico (northamerica-south1). Learn more about Google Cloud locations.

Dataproc

Dataproc is now available in the northamerica-south1 region (Queretaro, Mexico).

Filestore

Filestore is now available in Mexico (northamerica-south1 region).

Firestore

Firestore now supports the northamerica-south1 Queretaro region.

For a full list of supported locations, see Locations.

Firestore in Datastore mode

Firestore in Datastore mode now supports the northamerica-south1 Queretaro region.

For a full list of supported locations, see Locations.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.24.2 (2024-11-06)

Bug Fixes
  • doc: Add discriptions for TransactionCallable interface (#1644) (173a883)
  • doc: Fix return types for batch interface (#1645) (1189211)
Google Kubernetes Engine

The northamerica-south1 region in Querétaro, Mexico location is now available. For more information, see Global Locations.

Performance horizontal Pod autoscaling (HPA) profile is now available in Preview for new and existing GKE clusters running version 1.31.2-gke.1138000 or later. This feature speeds up HPA reaction time and enables quick recalculation of up to 1,000 HPA objects. To learn more, see Configuring Performance HPA profile.

Live Stream API

You can now create a DVR session for a past, current, or future live stream.

Memorystore for Memcached

Added new Memorystore for Memcached region: Querétaro (northamerica-south1).

Pub/Sub

Pub/Sub is now available in the northamerica-south1 region (Querétaro, Mexico, North America). For more information, see Cloud locations.

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.9.0 (2024-11-12)

Features
  • Add IngestionFailureEvent to the external proto (#1984) (7075430)
Bug Fixes
Sovereign Controls by Partners

The Sovereign Controls Foundation by CNTXT and Sovereign Controls Advanced by CNTXT control packages now support the following products. See Supported products by control package for more information:

  • Google Cloud Armor
  • Secret Manager
  • Sensitive Data Protection

The following control packages now support the following products. See Supported products by control package for more information:

Control packages:

New supported products:

  • BigQuery Data Transfer Service
  • GKE Identity Service
  • Google Cloud Armor
  • Secret Manager
  • Sensitive Data Protection
Spanner

You can create Spanner regional instance configurations in Querétaro, Mexico (northamerica-south1). For more information, see Google Cloud locations and Spanner pricing.

Virtual Private Cloud

For auto mode VPC networks, added a new subnet 10.224.0.0/20 for the Mexico northamerica-south1 region. For more information, see Global Locations and Auto mode IP ranges.

November 17, 2024

Google SecOps SOAR

Release 6.3.25 is now in General Availability.

From now on, only new features and changes will be written up for the Release Notes. Please use the customer portal to track progress of your support tickets or reach out to Customer Support for more information.

Secret Manager

Secret Manager is now available in the following region:

  • northamerica-south1

For more information, see Secret Manager locations.

November 15, 2024

AlloyDB for PostgreSQL

AlloyDB free trial clusters are now available in all regions. For more information, see the AlloyDB free trial clusters overview.

The extension vector, which includes pgvector functions and operators, is updated to version 0.7.4.

Apigee UI

On November 15, 2024, we released an updated version of the Apigee UI.

Bug ID Description
376257906 Fixed issue with custom report editing

Resolved issue where customer reports without properties that were created using the API could not be rendered with the Edit option.

Assured Workloads

The CJIS control package now supports the following products. See Supported products by control package for more information:

  • Access Context Manager
  • Apigee
  • Cloud Build
  • Cloud EKM
  • Cloud Interconnect
  • Cloud NAT
  • Cloud Router
  • Cloud Service Mesh
  • Cloud VPN
  • Resource Manager
  • Firestore
  • Identity-Aware Proxy (IAP)
  • Memorystore for Redis
  • Sensitive Data Protection
Backup for GKE

Backup for GKE now supports backing up and restoring Hyperdisk throughput, extreme, and balanced types volumes.

Capacity Planner

Preview: You can view and export historical utilization of on-demand and future reservations in your project, folder, or organization. This data helps you analyze usage trends for your VMs or GPUs, as well as plan for future capacity needs. For more information, see the following:

Cloud Run

asia-south1 (Mumbai, India) is now subject to Tier 1 pricing.

Cloud Run is now in scope for International Traffic in Arms Regulations (ITAR).

Cloud SQL for PostgreSQL

You can now register an AI model endpoint, generate vector embeddings, and invoke predictions by using model endpoint management in Cloud SQL. For more information, see Register and call remote AI models in Cloud SQL overview.

Cloud Storage

You can now use the x-amz-decoded-content-length header to allow an XML API upload that uses chunked transfer encoding to include a signature in its Authorization header.

Security Command Center

Manage security postures using the Google Cloud console is generally available.

You can now create, deploy, update, and delete security postures using the Google Cloud console. For more information, see Manage a security posture.

Sensitive Data Protection

Sensitive data discovery is now included in Security Command Center Enterprise. To enable discovery in the Security Command Center Enterprise tier, see Enable sensitive data discovery in the Enterprise tier in the Security Command Center documentation.

The Sensitive Data Protection discovery service remains available to Security Command Center Premium and Standard customers as a separately priced feature. For more information, see Publish data profiles to Security Command Center.

VPC Service Controls

VPC Service Controls feature (Status: Preview): VPC Service Controls adds support for using groups of third-party identities in ingress and egress rules to allow access to resources protected by service perimeters. This feature is available in Preview.

For more information, see Configure identity groups and third-party identities in ingress and egress rules.

November 14, 2024

Apigee Advanced API Security

On November 14, 2024 we released a new version of Advanced API Security

IP address drill down details are now available in the preview release of Advanced API Security Abuse Detection Incidents.

This new functionality allows viewing details of detected abuse by source IP.

For usage information, see the Abuse Detection customer documentation.

Batch

Dependent jobs are available in Preview. Dependent jobs let you schedule an automated chain of jobs, which can help you optimize resource consumption—for example, separate the types of VMs used for data preparation and compute-intensive data processing.

BigQuery

The following BigQuery ML features are now available:

Try these features with the Generate text by using the ML.GENERATE_TEXT function how-to topic.

These features are now generally available (GA).

You can try Gemini in BigQuery at no charge until January 27, 2025. After that date, to continue to use Gemini in BigQuery you must do one of the following:

  • Purchase and assign BigQuery Enterprise Plus edition reservations to projects that use Gemini in BigQuery.
  • Purchase Gemini Code Assist Enterprise.
To learn more, see Purchase Gemini in BigQuery. These purchase options are now generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, and Feed APIs.

  • Cloud Build
    • cloudbuild.googleapis.com/Build
Cloud SQL for MySQL

You can now create custom organization policies for the BackupRun resource in Cloud SQL instances. In addition, more fields in the Instances resource are available to create custom organization policies. For more information, see Add custom organization policies.

Cloud SQL for PostgreSQL

You can now create custom organization policies for the BackupRun resource in Cloud SQL instances. In addition, more fields in the Instances resource are available to create custom organization policies. For more information, see Add custom organization policies.

Cloud SQL for SQL Server

You can now create custom organization policies for the BackupRun resource in Cloud SQL instances. In addition, more fields in the Instances resource are available to create custom organization policies. For more information, see Add custom organization policies.

Cloud Storage

Bucket IP filtering for Cloud Storage is now available in Preview. With bucket IP filtering, you can restrict access to a bucket based on the source IP address of the request and secure your data from unauthorized access.

Contact Center AI Insights

Conversational Insights offers Rule-based analysis as a preview feature to customize your conversation analyses. Rule-based analysis provides the following customizations for your conversation analyses:

  • Filter conversations.
  • Select a percentage of your dataset.
  • Designate different types of analysis.
Dialogflow

Data store tools: You can now optimize the RAG performance of data store tools used by Playbooks. See the documentation for details.

Dialogflow CX: New feature Context token limits has been added to Agent Settings > Generative AI. You can use this feature to set a percentage of the token budget to be reserved for conversation history, as a maximum. See the Agent Settings documentation for details.

Generators and data store handlers: The model gemini-1.5-flash-002 is now GA.

Data store handlers: The default generative model has been changed to gemini-1.5-flash-001.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.29.800-gke.108 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.800-gke.108 runs on Kubernetes 1.29.10-gke.100.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.

The following issue is fixed in 1.29.800-gke.108:

Fixed the issue that additional manual steps are needed after disabling always-on secrets encryption with gkectl update cluster.

The following vulnerabilities are fixed in 1.29.800-gke.108:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Looker

You can now use the Google Cloud console to create a Looker (Google Cloud core) Private Service Connect instance. The console also includes additional options to edit Looker (Google Cloud core) Private Service Connect instance settings.

Migrate to Virtual Machines

Preview: Migrate to Virtual Machines lets you migrate Elastic Block Store (EBS) volumes not attached to a VM from AWS to Google Cloud, as part of a preview program. Use this feature when you have detached the disks associated with a VM to archive data and need to migrate these disks to Google cloud.

To participate in the preview, contact us at m2vm-independent-disks-migration@google.com.

Secure Source Manager

Secure Source Manager supports Workforce Identity Federation.

To create an instance with Workforce Identity Federation enabled, follow the instructions in Create a Secure Source Manager instance to use with federated identities.

Security Command Center

You can now view the configurations that determine the resource values of your high-value resource set. For more information, see View the configurations that match a high-value resource.

The Defense Evasion: Rootkit detector of Virtual Machine Threat Detection is in General Availability. For more information, see Virtual Machine Threat Detection overview.

The application steps to activate the Security Command Center Enterprise tier have been streamlined. For information, see Activate the Security Command Center Enterprise tier.

Sensitive Data Protection

The current default STREET_ADDRESS infoType detection model, which is available when InfoType.version is set to latest or stable, is now also used when InfoType.version is set to legacy.

The old detection model that was previously available by setting InfoType.version to legacy is no longer available.

November 13, 2024

Agent Assist

Agent Assist offers a UI Connector with Salesforce to integrate with chat conversations.

Cloud Composer

Airflow 2.10.2 is available in Cloud Composer.

(Airflow 2.7.3) Backported #35887 to fix an issue that occurred during the DST transition. The issue affected DAGs with timezone-aware cron schedule and caused infinite loops in the Airflow scheduler.

Improved the error message generated when a Cloud Composer 3 environment creation fails because of missing permissions.

(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-google package was upgraded to version 10.25.0 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.24.0 to version 10.25.0.

(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 9.0.1 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 9.0.0 to version 9.0.1.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.10.2-build.0
  • composer-3-airflow-2.9.3-build.7 (default)
  • composer-3-airflow-2.7.3-build.23

New images are available in Cloud Composer 2:

  • composer-2.9.11-airflow-2.10.2
  • composer-2.9.11-airflow-2.9.3 (default)
  • composer-2.9.11-airflow-2.7.3

Support dates for previous Cloud Composer 3 builds are available. All Cloud Composer 3 builds with Airflow 2.9.3 are supported until November 13, 2025.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Compute Engine

Preview: The OS policy orchestrator feature in VM Manager lets you manage OS policy assignments across projects and zones at scale in large organizations. OS policy assignment was previously available only for zonal resources in a project. For more information, see About OS Policy Orchestrator.

Config Connector

Config Connector version 1.125.0 is now available.

New Beta resources (direct reconciler)

Added cluster mode to manage the rate-limit for the Config Connector requests

SQLInstance Reconciliation Improvements

  • You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the SQLInstance CR object to opt-in the direct controller.
  • The direct reconciler contains 2 fix and improvement:
    • Fix the upgrade and downgrade issue between ENTERPRISE and ENTERPRISE_PLUS.
    • Supports creating from clone functionality via spec. cloneSource
  • Migrated the SQLInstance from the Terraform-based or DCL-based controller to the new Direct Controller to enhance the reliability and performance. The CRD is unchanged.

ComputeFirewallPolicyRule Reconciliation Improvements

  • You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the ComputeFirewallPolicyRule CR object to opt-in the direct controller, which fixes the targetResources error "required value priority could not be found".
  • Migrated this resource from the Terraform-based controller to the new Direct Controller to enhance the reliability and performance. The resource CRD is unchanged.

AlloyDBInstance

  • Added spec.networkConfig.enableOutboundPublicIp field.
  • Added status.outboundPublicIpAddresses field.

Issue 3007 ComputeBackendService cannot refer clientTLSPolicy due to invalid format

Issue 2973 kubelet_config has insecure_kubelet_readonly_port_enabled: true set even if not configured in the ContainerNodePool object.

Google Cloud Contact Center as a Service

Flutter for the Mobile SDKs

You can now use Flutter to help you integrate the Mobile SDKs (the Android SDK and the iOS SDK) into your Android or iOS app. For more information, see Integrate using Flutter.

Google Kubernetes Engine

(2024-R44) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.1-gke.2105000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1376000
    • 1.29.9-gke.1541000
    • 1.30.5-gke.1628000
    • 1.31.1-gke.1846000
    • 1.31.2-gke.1115000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.2105000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.

Regular channel

Stable channel

Extended channel

No channel

(2024-R44) Version updates

GKE cluster versions have been updated.

  • Version 1.31.1-gke.2105000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1376000
    • 1.29.9-gke.1541000
    • 1.30.5-gke.1628000
    • 1.31.1-gke.1846000
    • 1.31.2-gke.1115000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.2105000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.

(2024-R44) Version updates

GKE cluster versions have been updated.

(2024-R44) Version updates

GKE cluster versions have been updated.

(2024-R44) Version updates

GKE cluster versions have been updated.

(2024-R44) Version updates

GKE cluster versions have been updated.

November 12, 2024

AlloyDB for PostgreSQL

AlloyDB now supports up to 128 TiB storage per cluster in all regions where AlloyDB is available.

If you are dropping an AlloyDB database that is larger than 64 TiB, then any write operations on other AlloyDB databases are paused until the drop operation is completed.

Apigee hybrid

hybrid v1.13.2

On November 12, 2024 we released an updated version of the Apigee hybrid software, 1.13.2.

Bug ID Description
373722434 Fixed support for backups to GCS buckets with retention policies.
361044374 Fixes assign message not correctly highlighting the set payload action in the debug trace.
355122464 This release contains a few error-handling fixes for CSI backup and restore.
237656263 Fix added to make use of asynchronous ServiceCallout execution when the ServiceCallout policy <Response> element is not present.

Procedure:

  1. In the apigee-env/values.yaml file set conf_system_servicecallout.expects.response to false under runtime:cwcAppend:. For example:
    # Apigee Runtime.
    runtime:
      cwcAppend:
        conf_system_servicecallout.expects.response: false
  2. Upgrade the apigee-env chart for each environment to apply the change. For example:
    helm upgrade ENV_RELEASE_NAME apigee-env/ \
      --install \
      --namespace APIGEE_NAMESPACE \
      --set env=ENV_NAME \
      -f OVERRIDES_FILE
Bug ID Description
N/A Security fixes for apigee-redis.
This addresses the following vulnerabilities:
App Engine flexible environment .NET

.NET 6 has reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of .NET.

Cloud Load Balancing

Cloud Load Balancing resources now let you use custom constraints to define your own restrictions on Google Cloud services. To learn about which load balancing resources support custom constraints, and some sample use cases, see Manage Cloud Load Balancing resources using custom constraints.

For more information about custom constraints, see the following:

This feature is available in General Availability.

Cloud Run

The in-memory volume type is now generally available (GA) for Cloud Run services and jobs.

Cloud SQL for MySQL

You can now have Cloud SQL create a Private Service Connect endpoint automatically instead of creating the endpoint manually after the instance is created. You use this endpoint to access a Cloud SQL instance through a VPC network. For more information, see Connect to an instance using Private Service Connect. This feature is available in Preview.

Cloud SQL for PostgreSQL

You can now have Cloud SQL create a Private Service Connect endpoint automatically instead of creating the endpoint manually after the instance is created. You use this endpoint to access a Cloud SQL instance through a VPC network. For more information, see Connect to an instance using Private Service Connect. This feature is available in Preview.

Cloud SQL for SQL Server

You can now have Cloud SQL create a Private Service Connect endpoint automatically instead of creating the endpoint manually after the instance is created. You use this endpoint to access a Cloud SQL instance through a VPC network. For more information, see Connect to an instance using Private Service Connect. This feature is available in Preview.

Cloud Service Mesh

In-cluster Cloud Service Mesh 1.20 is no longer supported. For more information, see Supported versions.

1.20.8-asm.10 is now available for in-cluster Cloud Service Mesh.

1.20 is no longer supported. While the fix for the bug in the distroless proxy container has been backported to 1.20, you should upgrade to 1.21 or later.

You can now download 1.20.8-asm.10 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.20.8 subject to the list of supported features. Cloud Service Mesh version 1.20.8-asm.10 uses envoy v1.28.6.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

1.23.3-asm.2 is now available for in-cluster Cloud Service Mesh.

You can now download 1.23.3-asm.2 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.23.3 subject to the list of supported features. Cloud Service Mesh version 1.23.3-asm.2 uses envoy v1.31.2.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

1.22.6-asm.2 is now available for in-cluster Cloud Service Mesh.

You can now download 1.22.6-asm.2 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.22.6 subject to the list of supported features. Cloud Service Mesh version 1.22.6-asm.2 uses envoy v1.30.6.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

1.21.5-asm.12 is now available for in-cluster Cloud Service Mesh.

You can now download 1.21.5-asm.12 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.21.5 subject to the list of supported features. Cloud Service Mesh version 1.21.5-asm.12 uses envoy v1.29.8.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

This release fixes a bug in the distroless proxy container. Before this fix, the distroless proxy produced errors similar to the following when deployed in a Kubernetes cluster with in-cluster control plane that did not have Container Network Interface (CNI) installed.

xtables resource problem: can't open lock file /run/xtables.lock: No such file or directory

This fix applies to the following new versions:

  • 1.20.8-asm.10
  • 1.21.5-asm.12
  • 1.22.6-asm.2
  • 1.23.3-asm.2
Config Controller

Config Controller now uses the following versions of its included products:

Datastream

Datastream now supports global transaction identifier (GTID)-based replication for MySQL sources. The feature is in Preview.

GTID-based replication supports failovers and managed database clusters, such as Cloud SQL Enterprise Plus edition. For more information, see the Datastream documentation.

Google Cloud Contact Center as a Service

Mobile SDK 2.10 is released

Mobile SDK 2.10 includes the following updates:

  • iOS SDK:
    • Text resizing. End-users can increase text size up to 200%. Text is resized using the device settings.
  • Android SDK:
    • Fixed the sticky button behavior so that it matches iOS.
  • Android SDK and iOS SDK:
    • Fixed an issue where content card text was misaligned.
Google Cloud Managed Service for Apache Kafka

Google Cloud Managed Service for Apache Kafka is now in General Availability (GA).

November 11, 2024

Artifact Registry

The Container Registry -> Artifact Registry Migration Admin role simplifies the IAM roles required for the transition from Container Registry to Artifact Registry. For instructions on how to use the role, see Automatically migrate from Container Registry to Artifact Registry.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigquery

3.27.0 (2024-11-01)

Features
  • Updates to allow users to set max_stream_count (#2039) (7372ad6)

The following BigQuery ML features are now available:

Try tuning and evaluating an LLM with the Customize an LLM by using supervised fine tuning how-to topic or the Use tuning and evaluation to improve model performance tutorial.

These BigQuery ML features are generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Dataplex
    • dataplex.googleapis.com/AspectType
    • dataplex.googleapis.com/EntryGroup
    • dataplex.googleapis.com/EntryType
Cloud Monitoring

Dashboard variables and dashboard-level filtering is now GA. Pinned filters and variables can have multiple default values and they support selection of multiple values. For more information, see the following documents:

Container Optimized OS

cos-105-17412-495-37

Kernel Docker Containerd GPU Drivers
COS-5.15.167 v23.0.3 v1.7.23 See List

Fixed CVE-2024-50602 in dev-libs/expat.

Fixed KCTF-2e95c43 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50082 in the Linux kernel.

Fixed CVE-2024-50083 in the Linux kernel.

Fixed CVE-2024-50024 in the Linux kernel.

Fixed CVE-2024-50002 in the Linux kernel.

Fixed CVE-2024-49967 in the Linux kernel.

Fixed CVE-2024-50006 in the Linux kernel.

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-50015 in the Linux kernel.

Fixed CVE-2024-50015 in the Linux kernel.

Fixed CVE-2024-50001 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812681 -> 812709

cos-117-18613-75-26

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.23 See List

Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675

Fixed CVE-2024-50602 in dev-libs/expat.

Fixed CVE-2024-50067 in the Linux kernel.

Fixed CVE-2024-50036 in the Linux kernel.

Fixed KCTF-2e95c43 in the Linux kernel.

Fixed CVE-2024-50076 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50082 in the Linux kernel.

Fixed CVE-2024-50024 in the Linux kernel.

Fixed KCTF-8ea6073 in the Linux kernel.

Fixed CVE-2024-50072 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811757 -> 811721

cos-113-18244-236-35

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675.

Fixed CVE-2024-50602 in dev-libs/expat.

Fixed KCTF-2e95c43 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50082 in the Linux kernel.

Fixed CVE-2024-50083 in the Linux kernel.

Fixed CVE-2024-50024 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812026 -> 812011

cos-109-17800-372-38

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Fixed CVE-2024-50602 in dev-libs/expat.

Fixed KCTF-2e95c43 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50082 in the Linux kernel.

Fixed CVE-2024-50083 in the Linux kernel.

Fixed CVE-2024-50024 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812248 -> 812209

cos-dev-121-18747-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.59 v24.0.9 v1.7.23 See List

Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675.

Fixed CVE-2024-9143 in dev-libs/openssl.

Fixed KCTF-2e95c43 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811822 -> 811804

Dataproc

Announcing the General Availability (GA) of Flexible shapes for Dataproc secondary workers which allows you to provide a ranked selection of machine types to use for the creation of VMs.

Announcing the General Availability (GA) of Spot and non-preemptible VM mixing for Dataproc secondary workers which allows you to mix spot and non-preemptible secondary workers when you create a Dataproc cluster.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/datastore

9.2.1 (2024-11-06)

Bug Fixes
  • Address edge cases for excluding large properties when using save (#1356) (ceaff7e)
  • Create a release (#1353) (536873e)
Google Kubernetes Engine

Clusters now have unified and flexible configuration, allowing you to modify control plane access and cluster node settings at any time, without the need to recreate the cluster. This eliminates the previous distinction between private and public clusters. All clusters support this flexibility and utilize DNS-based endpoints for secure and direct control plane access from any network, removing the need for bastion hosts or proxies. You can still enhance security with measures like VPC Service Controls.

To learn more, see About network isolation in GKE.

DNS-based access for GKE clusters control plane is now generally available. This capability provides each cluster with a unique domain name system (DNS) name or fully-qualified domain name (FQDN). Access to clusters is controlled through IAM policies, eliminating the need for bastion hosts or proxy nodes. Authorized users can connect to the control plane from different cloud networks, on-prem deployments, or from remote locations, without relying on proxies.

To learn more, see About network isolation in GKE.

Memorystore for Redis Cluster

Instances that use 1, 2, or 4 shards are now Generally Available. For more information about the minimum and maximum supported shard count, see Cluster and node specification.

Added support for Node-level monitoring metrics (Generally Available).

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-pubsub

2.27.1 (2024-11-08)

Bug Fixes
Security Command Center

As of December 9, 2024, if you activate Security Command Center within an organization for the first time, then you must use only version 2 of the Security Command Center API in that organization. Earlier versions are not supported.

If you activated Security Command Center at the project level prior to December 9, 2024, then any projects you activate in the same organization will support all available versions of the Security Command Center API.

To migrate to the v2 API from an earlier version, see Migrate to v2 of the Security Command Center API.

The Vulnerability management dashboard was enhanced to include information about containers with exploitable vulnerabilities. This feature is in Preview.

Starting October 24, 2024, the IAM Recommender service is enabled by default when activating Security Command Center. You manage the IAM Recommender service under the Security Command Center Settings page > Integrated services tab. For more information, see Add integrated Google Cloud services to Security Command Center.

Sensitive Data Protection

The current default ORGANIZATION_NAME infoType detection model, which is available when InfoType.version is set to latest or stable, is now also used when InfoType.version is set to legacy.

The old detection model that was previously available by setting InfoType.version to legacy is no longer available.

The region restriction on the ORGANIZATION_NAME infoType has been lifted. It is now available in all regions.

Text-to-Speech

Journey Voices now supports the de-de, en-gb, en-in, es-us, fr-ca, fr-fr, and it-it locales.

November 10, 2024

Google SecOps SOAR

Release 6.3.25 is in Preview.

November 09, 2024

Google SecOps Google SecOps SIEM Google SecOps SOAR

Release 6.3.24 is now in General Availability.

November 08, 2024

AlloyDB for PostgreSQL

AlloyDB Omni version 15.7.0 is generally available (GA). Version 15.7.0 includes the following features and changes:

  • AlloyDB Omni supports PostgreSQL version 15.7.

  • The alloydb_scann extension—previously named postgres_scann—is generally available (GA). For more information about storing vector embeddings, creating indexes, and tuning indexes to achieve faster query performance and better recall, see Work with vectors.

  • Support for Red Hat Enterprise Linux (RHEL) 8 is generally available (GA).

  • The AlloyDB Omni columnar engine is available in Preview on ARM.

  • Disk cache and columnar storage cache are available to improve AlloyDB Omni performance by accelerating data access for AlloyDB Omni in a container and on a Kubernetes cluster.

  • Security fixes for CVE-2023-50387 and CVE-2024-7348 have been implemented.

  • The AlloyDB Omni Reference documentation is available. This includes metrics, database flags, model endpoint management reference, and extensions documentation for AlloyDB Omni 15.7.0.

  • AlloyDB Omni supports the pg_ivm extension, which provides incremental view maintenance for materialized views.

  • Various bug fixes and performance improvements.

The AlloyDB Omni Kubernetes operator version 1.2.0 is generally available (GA). Version 1.2.0 includes the following new features:

  • The healthcheckPeriodSeconds parameter lets you specify the number of seconds to wait between health checks. For more information, see Adjust automatic failover trigger settings.

  • The following metrics help you monitor the performance of your database container. Each of these metrics is of type gauge. For more information, see Database container-level metrics.

    • alloydb_omni_memory_limit_byte shows the memory limit of a database container.

    • alloydb_omni_instance_postgresql_replication_state shows the state of each replica that's connected to the AlloyDB Omni primary node.

    • alloydb_omni_memory_used_byte shows the memory used by the database container in bytes.

  • An issue that caused a brief interruption to all database clusters when the following is true is fixed:

  • High availability is supported on a secondary database cluster after it's promoted. For more information, see Promote a secondary database cluster and Manage high availability in Kubernetes.

  • You can enable or disable model endpoint management through Kubernetes manifests. For more information, see Install AlloyDB Omni with AlloyDB AI.

  • You can configure when logs rotate using thresholds that are based on the size of the log files, the time since the log file last rotated, or both. For more information, see Configure AlloyDB Omni log rotation.

  • You can create a snapshot of the memory heap of AlloyDB Omni Kubernetes operator to help you analyze and debug its memory performance. For more information, see Analyze AlloyDB Omni Kubernetes operator memory heap usage.

In AlloyDB Omni versions 15.5.5 and earlier, parameterized view features were available in the alloydb_ai_nl extension. Starting in version 15.7.0, parameterized view features are available in the parameterized_views extension, which you must create before you use parameterized views. Also starting in version 15.7.0, the related function, google_exec_param_query, has been renamed to execute_parameterized_query and is available in the parameterized_views extension. For more information, see Query your database using natural language.

The extension pg_ivm version 1.9 has been added to extensions supported by AlloyDB Omni.

The following extensions are updated:

  • google_ml_integration from 1.3 to 1.4.2
  • pg_partman from 4.7.4 to 5.0.1
  • pglogical from 2.4.4 to 2.4.5
  • pgtt from 3.0.0 to 4.0.0
  • vector is updated from 0.7.0 to 0.7.4
Cloud Data Fusion

The Multiple table plugin version 1.4.1 is available in Cloud Data Fusion versions 6.10.1 and later. This release fixes an issue causing pipelines to fail if a Multiple database tables batch source's Reference Name field contains spaces. The field no longer accepts spaces (PLUGIN-1752).

Cloud Logging

Audit Logging now populates the status.details field in the audit log with the google.rpc.ErrorInfo and google.rpc.Help proto payload types in cases where an API returns an error status and that status includes one of those types in the details field.

Cloud Workstations

Cloud Workstations supports granting access to individual ports. For details, see the Grant access to individual Cloud Workstations ports page.

Eventarc

Eventarc Standard is available in the northamerica-south1 (Mexico, North America) region.

Generative AI on Vertex AI

Batch predictions for Llama models on Vertex AI (MaaS) is available in Preview.

Batch prediction support for Gemini

Batch prediction is available for Gemini in General Availability (GA). Available Gemini models include Gemini 1.0 Pro, Gemini 1.5 Pro, and Gemini 1.5 Flash. To get started with batch prediction, see Get batch predictions for Gemini.

Google Kubernetes Engine

The machine family of N1 custom machine types (like custom-1-1024) is now accurately labeled as "N1" for all node versions later than 1.31.2-gke.1115000.

Live Stream API

The Live Stream API is now available in asia-south1 and europe-north1. For more information, see Live Stream API locations.

Security Command Center

To help you detect potentially malicious anomalies in your network, Event Threat Detection now supports the ability to analyze foundational log sources, which produce Bad IP findings without enabling VPC Flow Logs. This feature is in Preview.

  • If you activated Security Command Center Premium or Enterprise in a project or organization before October 18, 2024, then you have access to this feature in that project or organization.
  • If you activated Security Command Center Premium or Enterprise at the project level before October 18, 2024, and you activate additional projects in the same organization, then the additional projects will have access to this feature.
  • If you activated Security Command Center Premium or Enterprise in a project or organization on or after October 18, 2024, and you want to enable this feature, then contact Google Cloud Customer Care.
Sensitive Data Protection

The EMPLOYMENT_STATUS infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

November 07, 2024

AlloyDB for PostgreSQL

Since the google_ml_integration.enable_model_support flag is enabled by default, if you are using the google_ml_integration extension version 1.3, your ability to query Vertex AI models using the embedding() function might be impacted. Querying registered models using the google_ml.embedding() function remains unaffected.

To resolve the issue with using the embedding() function , upgrade the google_ml_integration extension version 1.3 to the latest version, 1.4.2. For more information, see how to upgrade the extension.

Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Audit Manager

Audit Manager is now generally available (GA).

Audit Manager is a compliance audit solution that helps you to simplify your compliance audit process on Google Cloud.

Cloud Database Migration Service

Database Migration Service now supports MySQL minor version 8.0.39 for homogeneous MySQL migrations. For more information, see Supported source and destination databases in Cloud SQL for MySQL migrations.

Cloud Run

You can now specify mount options when you configure Cloud Storage volume mounts for both Cloud Run services and jobs. (In Preview)

Cloud Service Mesh

The following images are now rolling out for managed Cloud Service Mesh:

  • 1.19.10-asm.21 is rolling out to the rapid release channel.
  • 1.19.10-asm.21 is rolling out to the regular release channel.
  • 1.19.10-asm.21 is rolling out to the stable release channel.
Cloud Storage

You can now restore soft-deleted buckets. If you delete a bucket with an active soft delete policy, Cloud Storage retains the bucket for the specified soft delete retention duration, during which the bucket can be restored to a live state. To learn more about the bucket restore feature, see Use soft-deleted buckets.

Dialogflow

Dialogflow CX: As of August 2024, us-dialogflow.* has been re-introduced as the canonical endpoint for the US multi-region. The usa-dialogflow.* endpoint is still supported as an alias. See the regionalization documentation for details.

Google Cloud Contact Center as a Service

Version 3.29 is released

All release notes published on this date are part of version 3.29.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Skip CRM account and record creation (Zendesk and ServiceNow)

You can now skip CRM account and record creation for Zendesk and ServiceNow. For more information, see Skip CRM account and record creation.

Agent status translation

You can translate the default, system, and custom agent statuses for the languages supported by Google Cloud Contact Center as a Service (CCaaS). Google Cloud CCaaS provides automatic translation of default and system statuses. It also lets you do translations manually. For more information, see Agent status translation.

Generative session summarization using Agent Assist

Agent Assist now supports generative session summarization for chat and voice sessions. Agents can view information about a customer's previous support interactions in the agent adapter, including generative session summaries, agent notes, and transcripts. This helps give agents the context they need for a customer and can improve overall handling times. Supervisors can view generative session summarizations for ongoing and completed sessions in the session monitoring pages.

Generative session summarizations are generated for an entire session and for segments of a session. Session segments are generated when a session is handled by multiple human or virtual agents.

Generative session summarization requires you to enable Agent Assist and configure external storage.

Generative knowledge assist using Agent Assist

Agents can now view knowledge articles while on a call or chat. These knowledge articles appear as clickable tiles in the agent adapter and are generated based on the ongoing conversation between the agent and end-user. Agents can click a tile to open the article in a browser tab. Agents can also search for knowledge articles using a search field in the agent adapter.

Queue transfer restrictions

You can control which queues or teams that agents can transfer sessions to. This provides more granular control over call flows and helps prevent improper transfers. For more information, see Restrict queue transfers.

Support for direct SIP REFER in virtual agent call transfers

Virtual assistant call transfers now support the direct SIP REFER method. This means you can pass useful information in the call transfer, such as caller intent and account information. Call transfer data is recorded as Planned Transfers in virtual assistant metrics. For more information, see Transfer a call to a SIP endpoint using the SIP REFER method.

Alvaria WFM for chat

Customers with Alvaria integrations can now receive chat session data. For more information, see Alvaria Workforce integration.

Clear the voicemails in a queue

You can now clear the voicemails in any queue from the Call settings page. For more information, see Clear voicemails from queues.

Queue operation statuses endpoint

We added a new API endpoint that lets you check whether a queue is in After Hours (AH) or Overcapacity (OC) status. For more information, see Queue operation statuses endpoint.

SDK parameters in the custom CRM lookup flow

You can now use SDK data parameters in the CRM lookup flow. For more information, see CRM lookup URLs.

Use the admin user for CRM API calls with Salesforce

Using Salesforce, you can now use the admin user for all CRM API calls for record creation and updating, while still allowing agents to retain ownership of CRM-specific actions. For more information, see Salesforce configuration.

New Agent_Assist_Started event

A new Agent_Assist_Added event is now available. This event contains the conversation ID for a specific agent assist session. For more information, see Agent Assist started.

Chat transcripts download

This capability is currently not available.

Display email session ID in the email adapter and email subject

You can now display the session ID in the email adapter and in the subject line of an email thread. For more information, see Append the session ID to email subject lines and Agent email adapter.

Clickable authentication icon

The authentication icon in the agent adapter can now be clicked by the agent to mark the customer as either authenticated or unauthenticated. For more information, see User profile flags for calls and User profile tags for chat.

Interaction history

In the agent adapter, agents can view an end-user's interactions from previous call and chat sessions. This provides context to help agents provide a better support experience and improve handle time. Supervisors can also see interaction history when viewing connected call or chat sessions. For more information, see Interaction history.

Fixed an issue where the session summary wouldn't automatically scale with the height of the chat adapter.

Fixed an issue where wrap-up and disposition settings were not following destination queue settings when calls and chats were transferred.

Fixed an issue where transferring calls to a parent queue sometimes caused calls to drop.

Fixed an issue that sometimes prevented agents from going into Available status after wrapping up a call while still in a chat session.

Fixed an issue where the wait time for transferred sessions sometimes displayed incorrectly on the "Queued Calls" and "Queued Chats" dashboards.

Improved the user interface for the email transcript capability.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.28.1200-gke.83 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.1200-gke.83 runs on Kubernetes v1.28.14-gke.700.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issue is fixed in 1.28.1200-gke.83:

  • Fixed the issue that additional manual steps are needed after disabling always-on secrets encryption with gkectl update cluster.

The following vulnerabilities are fixed in 1.28.1200-gke.83:

Container-optimized OS vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.28.1200-gke.83

Google Distributed Cloud for bare metal 1.28.1200-gke.83 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.1200-gke.83 runs on Kubernetes 1.28.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed an issue where the registry mirror reachability check fails for a single unreachable registry mirror. Now the reachability check applies to configured registry mirrors only, instead of all registry mirrors.

  • Fixed the issue where non-root users can't run bmctl restore to restore quorum.

The following container image security vulnerabilities have been fixed in 1.28.1200-gke.83:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

GKE clusters running version 1.28 or later now support automatic application monitoring in public preview. Enabling this feature automatically deploys PodMonitoring configurations to capture key metrics for supported workloads like Apache Airflow, Istio, and RabbitMQ. These metrics are integrated with Cloud Monitoring dashboards for observability. To learn more, see Configure automatic application monitoring for workloads.

Looker

Looker 24.20 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, November 11, 2024

  • Expected Looker (original) final deployment and download available: Thursday, November 21, 2024

  • Expected Looker (Google Cloud core) deployment start: Thursday, November 7, 2024

  • Expected Looker (Google Cloud core) final deployment: Thursday, November 14, 2024

In the Looker application API, for methods that include a query_id field, or, in the case of Query APIs, an id field, the query_id and id fields no longer accept a numeric value and now require a query slug value. This change will be released in phases:

  • Looker 24.20: December 4, 2024 for Americas Early (Note: This information was updated on November 12, 2024.)

  • Looker 25.0: Americas Mid

  • Looker 25.2: General Availability (GA) (Note: This information was updated on November 15, 2024.)

Users no longer need the download_without_limit permission to select the All Results option when they schedule Looks and dashboards.

The Chart Config Editor now supports creating a Dependency Wheel visualization.

The Chart Config Editor now supports creating an Item visualization.

The New Project page in Looker has been replaced with the Create a Model page. However, you can still access the New Project page if you are using a Looker (original) instance and your Looker admin has enabled the Use Legacy Project Creation Page legacy feature or through the informational banner at the top of the Create a Model page.

Looker has released version 1.4.0 of the Looker–Power BI Connector. See the Looker–Power BI Connector change log for details about the version 1.4.0. Note: This item was added on November 11, 2024.

With Connected Sheets for Looker, pivot tables can now pull up to 100,000 rows from a Looker Explore (increased from the previous limit of 30,000). See the Looker & Looker Studio Community for the announcement. Note: This information was added on December 11, 2024.

An issue has been fixed where renaming a project using a bare repository could prevent deploying to production for that project. This feature now performs as expected.

An issue has been fixed where editing a model set could take a long time to load. This feature now performs as expected.

An issue has been fixed where the Actions page could fail to reflect recently saved settings. This feature now performs as expected.

An issue has been fixed where Sankey charts could ignore series values if they matched other series values.

An issue has been fixed where conditional formatting could fail to apply to total rows if the value was zero. This feature now performs as expected.

An issue has been fixed where Looker could generate datagroup names with dashes even though dashes aren't allowed in datagroup names. This feature now performs as expected.

An issue has been fixed where certain System Activity queries could time out. This feature now performs as expected.

The PDF and PNG rendering software has been upgraded to the latest stable version.

An issue has been fixed where visualizations that were created with the Chart Config Editor could fail to be displayed in an embedded context. This feature now performs as expected.

An issue has been fixed where the LookML Validator would not display an error message if the convert_tz parameter was used in an invalid context. This feature now performs as expected.

An issue has been fixed where selecting the word cloud visualization could cause Looker to display a blank page. This feature now performs as expected.

Tooltips have been added for truncated progress values in single value visualizations.

An issue has been fixed where progress values in single value visualizations were unnecessarily truncated. This feature now performs as expected.

An issue has been fixed where modifying dashboard filters after deleting a tile could cause Looker to display an error. This feature now performs as expected.

An issue has been fixed where progress bars in single value visualizations could disappear when the visualization was resized. This feature now performs as expected.

An issue has been fixed where relative date filters could misinterpret numbers with more than three digits (such as "in the last 1000 minutes") as dates. This feature now performs as expected.

An issue has been fixed where killing queries on BigQuery Standard SQL could be unnecessarily expensive. This feature now performs as expected.

An issue has been fixed where special characters (such as < and >) in pivoted dimension values could cause Looker to incorrectly truncate legend labels. This feature now performs as expected.

An issue has been fixed where downloading a dashboard tile with an invalid hex color code as an Excel spreadsheet could cause the download to fail. Looker now applies a default font color instead.

An issue has been fixed where location type fields could not be used in custom filter expressions. This feature now performs as expected.

An issue has been fixed where invalid "set" or "when" LookML fields could cause the LookML Validator to fail with a 500 error. The LookML Validator now displays a more informative error message.

An issue has been fixed where a locale value of fr would fall back to fr-CA instead of fr-FR, which was causing text to be translated incorrectly. This feature now performs as expected.

An issue has been fixed where the LookML IDE did not persist line wrap settings. This feature now performs as expected.

Upon upgrade to Looker 24.20, support access will be disabled on Looker (original) instances. To enable it, set a duration and a support access role on the Support Access page of the Admin panel.

Looker (original) deployments can now use the Redshift 2.1.0.30 driver.

A new Labs feature is available, New Database Connection Setup. When enabled, this feature updates the Add/Edit Connection page with a modernized UI, enhanced validation and connection testing capabilities, and a comprehensive configuration summary.

Google Cloud Technical Support access has updated duration settings of 0 to 48 hours. Admins may choose to grant all Support users either a Support Basic Editor role or a Support Advanced Editor role.

A new Labs feature is available, Tiered Support Access, which defaults to enabled. When this feature is disabled, Looker uses the legacy version of support access.

A new legacy feature is available, Use Legacy Project Creation Page. When this feature is enabled, it hides the Create a Model page and displays the deprecated New Project page.

A new Labs feature is available, Complex Filters UI Configuration for Explores. When this feature is enabled, matches (advanced) filters no longer update to simpler filter types when a comma is entered into the filter expression until the page is reloaded. This feature resolves a few stability issues with matches (advanced) filters.

Google Cloud Technical Support access is now available for Looker (Google Cloud core) instances. Update: This feature will become available to customers in January 2025. This item was updated on December 3, 2024.

An issue has been fixed where logging in to an instance using IP Allowlist could take a long time. This feature now performs as expected.

Memorystore for Redis Cluster

Added support for multiple VPC networks (Preview). For more details, see About multiple VPC networking.

Security Command Center

The v2 Security Command Center API is generally available (GA).

To migrate from an earlier version, see Migrate to v2 of the Security Command Center API.

November 06, 2024

BigQuery

BigQuery now offers the following Gemini-enhanced SQL translation features:

Cloud Composer

(Cloud Composer 3) Fixed an issue that affected the speed of PyPI package installation. PyPI packages are now installed slightly faster.

(Airflow 2.9.3 and 2.7.3) The docutils package was removed from preinstalled packages.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.3-build.6 (default)
  • composer-3-airflow-2.7.3-build.22

New images are available in Cloud Composer 2:

  • composer-2.9.10-airflow-2.9.3 (default)
  • composer-2.9.10-airflow-2.7.3

Cloud Composer version 2.5.1 has reached its end of support period.

Cloud Composer 2.9.7 is a version with an extended upgrade timeline.

Cloud Service Mesh

1.23.3-asm.1 is now available for in-cluster Cloud Service Mesh.

You can now download 1.23.3-asm.1 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.23.3 subject to the list of supported features. Cloud Service Mesh version 1.23.3-asm.1 uses envoy v1.31.2.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

1.22.6-asm.1 is now available for in-cluster Cloud Service Mesh.

You can now download 1.22.6-asm.1 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.22.6 subject to the list of supported features. Cloud Service Mesh version 1.22.6-asm.1 uses envoy v1.30.6.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

1.21.5-asm.10 is now available for in-cluster Cloud Service Mesh.

You can now download 1.21.5-asm.10 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.21.5 subject to the list of supported features. Cloud Service Mesh version 1.21.5-asm.10 uses envoy v1.29.8.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

1.20.8-asm.9 is now available for in-cluster Cloud Service Mesh.

You can now download 1.20.8-asm.9 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.20.8 subject to the list of supported features. Cloud Service Mesh version 1.20.8-asm.9 uses envoy v1.28.6.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

This release fixes a bug in the following versions where the default user for distroless proxy was changed to root; As a result of this fix, the default user is now back to non-root

  • 1.20.8-asm.6
  • 1.20.8-asm.7
  • 1.21.5-asm.5
  • 1.21.5-asm.7
  • 1.22.3-asm.1
  • 1.22.4-asm.0
  • 1.22.5-asm.1

This change may affect some gateway deployments which rely on the root user to expose a privileged port for ingress or egress. To ensure your gateways continue to work correctly, you may need to apply additional security contexts to your deployments. For details, see the troubleshooting guide.

Patches fixing a bug where the default user for distroless proxy was changed to root will be rolling out to all release channels. As a result of this fix, the default user is changing back to non-root. When you see the release note notifying that this rollout is complete, you must restart each affected workload to make the change effective.

Container Optimized OS

cos-113-18244-236-26

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Updated NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.

Fixed CVE-2024-50002 in the Linux kernel.

Fixed CVE-2024-49967 in the Linux kernel.

Fixed CVE-2024-50006 in the Linux kernel.

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-47678 in the Linux kernel.

Fixed CVE-2024-47678 in the Linux kernel.

Fixed CVE-2024-47705 in the Linux kernel.

Fixed CVE-2024-47705 in the Linux kernel.

Fixed CVE-2024-50001 in the Linux kernel.

Fixed CVE-2024-50019 in the Linux kernel.

Fixed CVE-2024-49983 in the Linux kernel.

Fixed CVE-2024-49978 in the Linux kernel.

Fixed CVE-2024-49993 in the Linux kernel.

Fixed CVE-2024-49889 in the Linux kernel.

Fixed CVE-2024-47707 in the Linux kernel.

Fixed CVE-2024-49884 in the Linux kernel.

Fixed CVE-2024-49936 in the Linux kernel.

Fixed CVE-2024-50045 in the Linux kernel.

Fixed CVE-2024-47710 in the Linux kernel.

Fixed CVE-2024-49870 in the Linux kernel.

Fixed CVE-2024-50039 in the Linux kernel.

Fixed CVE-2024-50015 in the Linux kernel.

Fixed CVE-2024-49975 in the Linux kernel.

Fixed CVE-2024-49875 in the Linux kernel.

Fixed CVE-2024-50000 in the Linux kernel.

Fixed CVE-2024-50046 in the Linux kernel.

Fixed CVE-2024-49883 in the Linux kernel.

Fixed CVE-2024-47696 in the Linux kernel.

Fixed CVE-2024-47728 in the Linux kernel.

Fixed CVE-2024-47679 in the Linux kernel.

Fixed CVE-2024-50035 in the Linux kernel.

Fixed CVE-2024-49851 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-50033 in the Linux kernel.

Fixed CVE-2024-49860 in the Linux kernel.

Fixed CVE-2024-47737 in the Linux kernel.

Fixed CVE-2024-47742 in the Linux kernel.

Fixed CVE-2024-47739 in the Linux kernel.

Fixed CVE-2024-47706 in the Linux kernel.

Fixed CVE-2024-49858 in the Linux kernel.

Fixed CVE-2024-47682 in the Linux kernel.

Fixed CVE-2024-47692 in the Linux kernel.

Fixed CVE-2024-47727 in the Linux kernel.

Fixed CVE-2024-47693 in the Linux kernel.

Fixed CVE-2024-47734 in the Linux kernel.

Fixed CVE-2024-47743 in the Linux kernel.

Fixed CVE-2024-47684 in the Linux kernel.

Fixed CVE-2024-49850 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812035 -> 812026

cos-109-17800-372-31

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.

Updated NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.

Fixed CVE-2024-50002 in the Linux kernel.

Fixed CVE-2024-49967 in the Linux kernel.

Fixed CVE-2024-50006 in the Linux kernel.

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-47705 in the Linux kernel.

Fixed CVE-2024-47705 in the Linux kernel.

Fixed CVE-2024-50001 in the Linux kernel.

Fixed CVE-2024-47678 in the Linux kernel.

Fixed CVE-2024-47678 in the Linux kernel.

Fixed CVE-2024-49870 in the Linux kernel.

Fixed CVE-2024-50045 in the Linux kernel.

Fixed CVE-2024-49983 in the Linux kernel.

Fixed CVE-2024-49978 in the Linux kernel.

Fixed CVE-2024-50015 in the Linux kernel.

Fixed CVE-2024-50039 in the Linux kernel.

Fixed CVE-2024-50000 in the Linux kernel.

Fixed CVE-2024-49975 in the Linux kernel.

Fixed CVE-2024-49993 in the Linux kernel.

Fixed CVE-2024-50019 in the Linux kernel.

Fixed CVE-2024-49875 in the Linux kernel.

Fixed CVE-2024-47710 in the Linux kernel.

Fixed CVE-2024-47707 in the Linux kernel.

Fixed CVE-2024-49850 in the Linux kernel.

Fixed CVE-2024-49936 in the Linux kernel.

Fixed CVE-2024-49889 in the Linux kernel.

Fixed CVE-2024-47696 in the Linux kernel.

Fixed CVE-2024-49851 in the Linux kernel.

Fixed CVE-2024-49883 in the Linux kernel.

Fixed CVE-2024-47728 in the Linux kernel.

Fixed CVE-2024-49884 in the Linux kernel.

Fixed CVE-2024-47679 in the Linux kernel.

Fixed CVE-2024-50035 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-47727 in the Linux kernel.

Fixed CVE-2024-47682 in the Linux kernel.

Fixed CVE-2024-49858 in the Linux kernel.

Fixed CVE-2024-50033 in the Linux kernel.

Fixed CVE-2024-49860 in the Linux kernel.

Fixed CVE-2024-47737 in the Linux kernel.

Fixed CVE-2024-47742 in the Linux kernel.

Fixed CVE-2024-47739 in the Linux kernel.

Fixed CVE-2024-47706 in the Linux kernel.

Fixed CVE-2024-47692 in the Linux kernel.

Fixed CVE-2024-47693 in the Linux kernel.

Fixed CVE-2024-47734 in the Linux kernel.

Fixed CVE-2024-47743 in the Linux kernel.

Fixed CVE-2024-47684 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812253 -> 812248

cos-105-17412-495-28

Kernel Docker Containerd GPU Drivers
COS-5.15.167 v23.0.3 v1.7.23 See List

Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.

Updated NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.

Fixed CVE-2024-47705 in the Linux kernel.

Fixed CVE-2024-47705 in the Linux kernel.

Fixed CVE-2024-49975 in the Linux kernel.

Fixed CVE-2024-49993 in the Linux kernel.

Fixed CVE-2024-50019 in the Linux kernel.

Fixed CVE-2024-50045 in the Linux kernel.

Fixed CVE-2024-47710 in the Linux kernel.

Fixed CVE-2024-47706 in the Linux kernel.

Fixed CVE-2024-49983 in the Linux kernel.

Fixed CVE-2024-50000 in the Linux kernel.

Fixed CVE-2024-50039 in the Linux kernel.

Fixed CVE-2024-49875 in the Linux kernel.

Fixed CVE-2024-49936 in the Linux kernel.

Fixed CVE-2024-47696 in the Linux kernel.

Fixed CVE-2024-47679 in the Linux kernel.

Fixed CVE-2024-50035 in the Linux kernel.

Fixed CVE-2024-49883 in the Linux kernel.

Fixed CVE-2024-49884 in the Linux kernel.

Fixed CVE-2024-49889 in the Linux kernel.

Fixed CVE-2024-49851 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-50033 in the Linux kernel.

Fixed CVE-2024-49860 in the Linux kernel.

Fixed CVE-2024-47737 in the Linux kernel.

Fixed CVE-2024-47742 in the Linux kernel.

Fixed CVE-2024-47739 in the Linux kernel.

Fixed CVE-2024-49858 in the Linux kernel.

Fixed CVE-2024-50046 in the Linux kernel.

Fixed CVE-2024-47692 in the Linux kernel.

Fixed CVE-2024-47693 in the Linux kernel.

Fixed CVE-2024-47684 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812685 -> 812681

cos-dev-121-18736-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.59 v24.0.9 v1.7.23 See List

Updated the Linux kernel to v6.6.59.

Update NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.

Fixed CVE-2024-50602 in dev-libs/expat.

Runtime sysctl changes:

  • Changed: fs.file-max: 811799 -> 811822

cos-117-18613-75-7

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.23 See List

Upgraded sys-apps/xemu to v0.0.6

Runtime sysctl changes:

  • Changed: fs.file-max: 811796 -> 811757

Firestore

You can now use the Firestore managed bulk delete service to delete documents in bulk. This feature is in Preview.

For more information, see Bulk delete data.

Firestore in Datastore mode

You can now use the managed bulk delete service to delete entities in bulk. This feature is in Preview.

For more information, see Bulk delete data.

Google Kubernetes Engine

The GKE Volume Populator is generally available on GKE clusters running version 1.31.1-gke.1729000 or later. This feature provides a way to automate data transfer from a Google Cloud Storage bucket source storage to a destination PersistentVolumeClaim backed by a Parallelstore instance. To learn more, see Transfer data from Cloud Storage during dynamic provisioning using GKE Volume Populator.

(2024-R43) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1340000
    • 1.28.15-gke.1015000
    • 1.29.9-gke.1496000
    • 1.29.10-gke.1043000
    • 1.30.5-gke.1443001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1376000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1541000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1628000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1376000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1541000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1628000 with this release.

Regular channel

  • Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.28.14-gke.1217000
    • 1.29.9-gke.1341000
    • 1.30.5-gke.1355000
    • 1.31.1-gke.1678000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.

Stable channel

There are no new releases in the Stable channel.

Extended channel

  • Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Extended channel.
  • The following versions are no longer available in the Extended channel:
    • 1.28.14-gke.1217000
    • 1.29.9-gke.1341000
    • 1.30.5-gke.1355000
    • 1.31.1-gke.1678000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.

No channel

(2024-R43) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1340000
    • 1.28.15-gke.1015000
    • 1.29.9-gke.1496000
    • 1.29.10-gke.1043000
    • 1.30.5-gke.1443001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1376000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1541000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1628000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1376000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1541000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1628000 with this release.

(2024-R43) Version updates

  • Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.28.14-gke.1217000
    • 1.29.9-gke.1341000
    • 1.30.5-gke.1355000
    • 1.31.1-gke.1678000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.

(2024-R43) Version updates

There are no new releases in the Stable channel.

(2024-R43) Version updates

  • Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Extended channel.
  • The following versions are no longer available in the Extended channel:
    • 1.28.14-gke.1217000
    • 1.29.9-gke.1341000
    • 1.30.5-gke.1355000
    • 1.31.1-gke.1678000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.

(2024-R43) Version updates

Pub/Sub

General availability: You can now create Cloud Storage import topics in Pub/Sub that lets you ingest data from Cloud Storage into Pub/Sub. The change is being rolled out in a phased manner over the rest of the week. For more information about Cloud Storage import topics, see Create a Cloud Storage import topic .

General availability: You can now enable Google Cloud platform logs to help you troubleshoot issues when you are using Cloud Storage import topics to ingest data. For more information, see Use platform logs to troubleshoot Cloud Storage import topics.

November 05, 2024

BigQuery

Dataplex automatic discovery lets you scan data in Cloud Storage buckets to extract and catalog metadata. Automatic discovery creates BigLake or external tables and object tables you can use for analytics and AI, and catalogs that data in Dataplex Catalog. This feature is available in public preview.

The BigQuery Data Transfer Service data source change log provides details about upcoming changes to data source schemas and schema mappings.

BigQuery Engine for Apache Flink

For Java jobs, you can use Artifact Registry to store and manage the JAR files for your BigQuery Engine for Apache Flink jobs. For more information, see Use Artifact Registry.

Compute Engine

Generally available: An updated version of the gVNIC driver for Windows offers improved network performance and support for Jumbo frames. For more information, see Update to the latest gVNIC driver for Windows.

Dataplex

Dataplex automatic discovery is available in public preview. Automatic discovery is a feature in BigQuery that lets you scan data in Cloud Storage buckets to extract and catalog metadata. Automatic discovery creates BigLake or external tables and object tables you can use for analytics and AI, and catalogs that data in Dataplex Catalog. For more information, see Discover and catalog Cloud storage data.

Generative AI on Vertex AI

We are extending the availability of Gemini 1.0 Pro 001 and Gemini 1.0 Pro Vision 001 from February 15, 2025 to April 9, 2025. For details, see the Deprecations.

Google Kubernetes Engine

Generally available: In GKE version 1.26 and later, Hyperdisk Balanced volumes can be created in Confidential mode for custom boot disks and persistent volumes and attached to Confidential GKE Nodes.

Cloud TPU v6e machine types are now in public preview for GKE clusters running version 1.30.4-gke.1167000 or later. These TPU VMs (ct6e-standard) are available in the following zones: us-east5-b, europe-west4-a, us-east1-d, asia-northeast1-b, and us-south1-a. To learn more, see Plan TPUs in GKE.

Spanner

Spanner now supports client-side metrics for Java and Go applications. These metrics can be used with server-side metrics to enable faster troubleshooting of performance and latency issues.

These metrics are included in the latest Spanner client libraries for the following languages:

  • Java in version 6.81.0 and later
  • Go in version 1.71.0 and later

For more information, see View and manage client-side metrics.

November 04, 2024

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.64.0 (2024-10-30)

Features
  • bigquery/datatransfer: Add scheduleOptionsV2 and Error fields for TransferConfig (78d8513)
  • bigquery/storage: Add experimental ArrowData type and arrow_data field within AppendRowsRequest (f0b05e2)
Bug Fixes
  • bigquery: Handle null RANGE (#11058) (9979e72), refs #11047
  • bigquery: Parse negative NUMERIC from arrow (#11052) (83352c4)
  • bigquery: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • bigquery: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (8bb87d5)
Documentation

Java

Changes for google-cloud-bigquery

2.43.3 (2024-10-29)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.10.2 (19fc184)

2.43.2 (2024-10-27)

Dependencies
  • Update actions/checkout action to v4.2.2 (#3541) (c36c123)
  • Update actions/upload-artifact action to v4.4.2 (#3524) (776a554)
  • Update actions/upload-artifact action to v4.4.3 (#3530) (2f87fd9)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.54.0 (#3532) (25be311)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20241013-2.0.0 (#3544) (0c42092)
  • Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.10.0 (0bd3c86)
  • Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.10.1 (c03a63a)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.58.0 (#3533) (cad2643)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.38.0 (#3542) (16448ee)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.39.0 (#3548) (616b2f6)
  • Update github/codeql-action action to v2.26.13 (#3536) (844744f)
  • Update github/codeql-action action to v2.27.0 (#3540) (1616a0f)
Documentation
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.46.0 (2024-10-29)

Features
Bug Fixes
Dependencies
Cloud Load Balancing

Percentage-based request mirroring is now supported for the global and regional external Application Load Balancers (classic is not supported). By default, the mirrored backend service receives all requests, even if the original traffic is being split between multiple weighted backend services. You can now configure the mirrored backend service to receive only a percentage of the requests by using the mirrorPercent flag to specify the percentage of requests to be mirrored expressed as a value between 0 and 100.0.

For an example, see Set up traffic management for regional external Application Load Balancers.

This capability is available in Preview.

Cloud SQL for MySQL

You can now view the size of a backup for a Cloud SQL instance.

Cloud SQL for PostgreSQL

You can now view the size of a backup for a Cloud SQL instance.

Cloud SQL for SQL Server

You can now view the size of a backup for a Cloud SQL instance.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.14.0 (2024-10-29)

Features
  • Add support for restore token (#2548) (8241e91)
  • Adds integration tests for Universe Domain configuration (#2538) (53db6ba)
  • Adds integration tests for Universe Domain configuration with (53db6ba)
  • storage: Add support for 'skipIfExists' option for downloadMany (#2526) (729efb2)

Go

Changes for storage/internal/apiv2

1.46.0 (2024-10-31)

Features
  • storage: Add grpc metrics experimental options (#10984) (5b7397b)
Bug Fixes
  • storage: Skip only specific transport tests. (#11016) (d40fbff)
  • storage: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • storage: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (2b8ca4b)
Miscellaneous Chores
  • storage/internal: Remove notification, service account, and hmac RPCS. These API have been migrated to Storage Control and are available via the JSON API. (#11008) (e0759f4)
Cloud Translation

The translation LLM now supports Polish, Turkish, Indonesian, Dutch, Vietnamese, Thai and Czech. For the full list of supported languages, see the Translate text page.

Compute Engine

Preview: You can create GPU VMs all at once in a regional managed instance group (MIG) by using resize requests. This feature was previously available only for zonal MIGs. For more information, see About resize requests in a MIG.

Dataplex

Project-based semantic search offered by Dataplex Search is available in Preview. Semantic search, powered by Gemini, simplifies the search process without the need for complex search syntax. It supports natural language queries. For more information, see Discover data using semantic search.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/datastore

9.2.0 (2024-10-30)

Features
Bug Fixes
  • Add excludeFromIndexes in the proper places for large properties of nested fields (#1266) (9c7730a)
  • Query object description (#1340) (ad2c6c0)

Go

Changes for datastore/admin/apiv1

1.20.0 (2024-10-29)

Features
  • datastore: Add FindNearest API to the stable branch (#10980) (f0b05e2)
  • datastore: Support for field update operators in the Datastore API and resolution strategies when there is a conflict at write time (78d8513)
Bug Fixes
  • datastore: Bump dependencies (2ddeb15)
  • datastore: Do not delay on final transaction attempt (#10824) (0d732cc)
  • datastore: Remove namespace from Key.String() (40229e6)
  • datastore: Remove namespace from Key.String() (#10684) (#10823) (40229e6)
  • datastore: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • datastore: Use local retryer in transactions (#11050) (3ef61a2)
  • datastore: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (8bb87d5)

Java

Changes for google-cloud-datastore

2.24.1 (2024-10-28)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.39.0 (#1640) (fe61f66)
  • Update googleapis/sdk-platform-java action to v2.49.0 (#1638) (57598d7)
Generative AI on Vertex AI

The translation LLM now supports Polish, Turkish, Indonesian, Dutch, Vietnamese, Thai and Czech. For the full list of supported languages, see the Translate text page.

The Anthropic Claude Haiku 3.5 is Generally Available on Vertex AI. To learn more, view the Claude Haiku 3.5 model card in Model Garden.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.134.1 (2024-10-26)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.39.0 (#2251) (083cc7c)
  • Update googleapis/sdk-platform-java action to v2.49.0 (#2250) (af0f194)

Python

Changes for google-cloud-pubsub

2.27.0 (2024-11-02)

Features
Bug Fixes
  • Mark test_streaming_pull_max_messages flaky (#1288) (d6635a0)
Sensitive Data Protection

You can configure discovery to save sample findings to a BigQuery table. This feature is useful if you want to evaluate whether your inspection configuration is correctly matching the type of information that you want to flag as sensitive. To enable this feature, create or edit the scan configuration for the data resource that you want to profile.

November 02, 2024

Google SecOps SOAR

Release 6.3.24 is currently in Preview.

You can now use custom integrations in prompts when creating a playbook with Gemini.

Release 6.3.23 is now in General Availability.

From now on, only new features and changes will be written up for the Release Notes. Please use the customer portal to track progress of your support tickets or reach out to Customer Support for more information.

November 01, 2024

Apigee hybrid

hybrid v1.12.3

On November 1, 2024 we released an updated version of the Apigee hybrid software, 1.12.3.

Bug ID Description
368646378 Fixed an issue affecting control Plane connectivity testing in Guardrails.
361044374 Fixes assign message not correctly highlighting the set payload action in the debug trace.
335357961 Fixed an issue where Apigee hybrid could claim uploads of backups with the Cloud provider when no bucket had been configured
181569113 Fixed an issue in new debug session creation.
Bug ID Description
376104926 Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-open-telemetry-collector.
This addresses the following vulnerability:
Cloud TPU

Creating a Multislice TPU environment is now available in the Google Cloud Console. You can use Multislice to run training jobs using multiple TPU slices within a single Pod or on slices in multiple Pods. You must use a queued resource request to create a Multislice environment. For more information, see Cloud TPU Multislice overview.

You can now request Cloud TPUs as queued resources in the Google Cloud Console. Queuing your request for TPU resources can help alleviate stockout issues. If the resources you request are not immediately available, your request is added to a queue until the request succeeds or you delete it. You can also specify a time range in which you want to fulfill the resource request. For more information, see Manage queued resources.

Google Cloud Architecture Center

(New guide) Migrate from AWS Lambda to Cloud Run: Describes how to design, implement, and validate a plan to migrate from AWS Lambda to Cloud Run.

October 31, 2024

Anti Money Laundering AI

A new major engine version is available for Retail and Commercial lines of business, within the v4 tuning version. These engine versions:

  • Introduce a new feature area within the unusual-counterparty-activity feature family focused on surfacing suspicious parties through their inbound and outbound transactions with exited parties.

  • Apply a new data validation to ensure there are no periods in the required time range without any valid entries in the Party, Transaction, or AccountPartyLink table.

The retail engine version also has more reliable tuning performance, in particular for small datasets. This improvement was already present in commercial engine versions.

App Engine flexible environment Java

Java 11 has reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Java.

App Engine standard environment Java

Java 11 has reached end of support. Your existing Java 11 applications using will continue to run and receive traffic. However, App Engine might block re-deployments of applications that use runtimes after their end of support date. We recommend that you upgrade to the latest supported version of Java.

Cloud CDN

You can also use the Google Cloud Console to enable private origin authentication for Amazon Simple Storage Service (Amazon S3) and compatible object stores.

Cloud Load Balancing

Support for IPv6 static routes with a next hop internal passthrough Network Load Balancer (next-hop-ilb) is available in Preview.

Container Optimized OS

cos-117-18613-75-4

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.23 See List

Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.

Update R550, latest driver to v550.90.12.

Update NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.

Fixed CVE-2024-50039 in the Linux kernel.

Fixed CVE-2024-50023 in the Linux kernel.

Fixed CVE-2024-50019 in the Linux kernel.

Fixed CVE-2024-50045 in the Linux kernel.

Fixed CVE-2024-50000 in the Linux kernel.

Fixed CVE-2024-49975 in the Linux kernel.

Fixed CVE-2024-50015 in the Linux kernel.

Fixed CVE-2024-49889 in the Linux kernel.

Fixed CVE-2024-49936 in the Linux kernel.

Fixed CVE-2024-47696 in the Linux kernel.

Fixed CVE-2024-47728 in the Linux kernel.

Fixed CVE-2024-47679 in the Linux kernel.

Fixed CVE-2024-49851 in the Linux kernel.

Fixed CVE-2024-50035 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-47706 in the Linux kernel.

Fixed CVE-2024-47737 in the Linux kernel.

Fixed CVE-2024-50064 in the Linux kernel.

Fixed CVE-2024-49858 in the Linux kernel.

Fixed CVE-2024-50033 in the Linux kernel.

Fixed CVE-2024-47688 in the Linux kernel.

Fixed CVE-2024-47675 in the Linux kernel.

Fixed CVE-2024-47745 in the Linux kernel.

Fixed CVE-2024-47700 in the Linux kernel.

Fixed CVE-2024-50055 in the Linux kernel.

Fixed CVE-2024-47660 in the Linux kernel.

Fixed CVE-2024-50047 in the Linux kernel.

Fixed CVE-2024-47678 in the Linux kernel.

Fixed CVE-2024-49860 in the Linux kernel.

Fixed CVE-2024-47742 in the Linux kernel.

Fixed CVE-2024-50046 in the Linux kernel.

Fixed CVE-2024-47739 in the Linux kernel.

Fixed CVE-2024-47668 in the Linux kernel.

Fixed CVE-2024-47682 in the Linux kernel.

Fixed CVE-2024-47692 in the Linux kernel.

Fixed CVE-2024-47727 in the Linux kernel.

Fixed CVE-2024-47693 in the Linux kernel.

Fixed CVE-2024-47734 in the Linux kernel.

Fixed CVE-2024-47744 in the Linux kernel.

Fixed CVE-2024-47743 in the Linux kernel.

Fixed CVE-2024-47684 in the Linux kernel.

Fixed CVE-2024-50058 in the Linux kernel.

Fixed CVE-2024-49850 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811706 -> 811796

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.125-debian10, 2.0.125-rocky8, 2.0.125-ubuntu18
  • 2.1.73-debian11, 2.1.73-rocky8, 2.1.73-ubuntu20, 2.1.73-ubuntu20-arm
  • 2.2.39-debian12, 2.2.39-rocky9, 2.2.39-ubuntu22

Note: When using Dataproc version 2.0.125 with the ranger-gcs-plugin, please create a customer support request for your project to use the enhanced version of the plugin prior to its GA release. This note does not apply Dataproc on Compute Engine image versions 2.1 and 2.2.

Disabled HiveServer2 Ranger policy synchronization in non-HA clusters for latest image version 2.1 and later. Policy synchronization is causing instability of the HiveServer2 process while trying to connect to ZooKeeper, which is not active by default in non-HA clusters.

Eventarc

Eventarc is available in Preview in a new edition: Eventarc Advanced lets you receive, filter, transform, route, and deliver messages between different services, apps, and systems.

Eventarc Standard continues to deliver events from provider to destination by letting you define triggers that filter events.

Firestore

The Google Cloud console now includes a monitoring dashboard for each database. For more information, see Use the Cloud Monitoring dashboard.

Google Cloud Architecture Center

Google Cloud Architecture Framework: Operational excellence: Major update to align the recommendations with core principles of operational excellence.

Google Kubernetes Engine

For GKE clusters running version 1.31.1-gke.1146000 or later, Cloud Tensor Processing Unit (TPU) v3 machine types are generally available. These TPU VMs (ct3-hightpu-4t and ct3p-hightpu-4t) are currently available in us-east1-d, europe-west4-a, us-central1-a, us-central1-b, and us-central1-f. To learn more, see TPUs in GKE.

GKE control plane authority is now generally available with version 1.31.1-gke.1846000 or later. GKE control plane authority provides enhanced visibility, security controls, and customization of the GKE control plane. For more information, see the About GKE control plane authority.

Clusters that are experiencing stale endpoint resources and stale kube-dns entries are likely affected by Kubernetes issue #126578. Your cluster is most likely affected if endpoint resources consistently have incorrect Pod IPs. This issue has been fixed in the following GKE versions or later:

  • 1.28.14-gke.1115000
  • 1.29.9-gke.1207000
  • 1.30.5-gke.1171000
  • 1.31.1-gke.1414000
Identity Platform

Support for SMS-based authentication flows in the Identity Platform integration with reCAPTCHA Enterprise API is now in Preview. In addition, the integration now supports reCAPTCHA's SMS toll fraud protection and the ability to bring your own reCAPTCHA keys.

For more information, see the following pages:

Looker Studio

Partner connection launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Text wrapping for pivot table row headers

You can now choose to wrap row header text in pivot table charts by enabling the Wrap text option in the Style tab.

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.69.0 (2024-10-03)

Features
  • spanner: Add x-goog-spanner-end-to-end-tracing header for requests to Spanner (#10241) (7f61cd5)
Bug Fixes
Performance Improvements
  • spanner: Use passthrough with emulator endpoint (#10947) (9e964dd)

1.70.0 (2024-10-14)

Features
  • spanner/admin/instance: Define ReplicaComputeCapacity and AsymmetricAutoscalingOption (78d8513)
  • spanner: Add INTERVAL API (78d8513)
  • spanner: Add new QueryMode enum values (WITH_STATS, WITH_PLAN_AND_STATS) (78d8513)
Documentation
  • spanner/admin/instance: A comment for field node_count in message spanner.admin.instance.v1.Instance is changed (78d8513)
  • spanner/admin/instance: A comment for field processing_units in message spanner.admin.instance.v1.Instance is changed (78d8513)
  • spanner: Update comment for PROFILE QueryMode (78d8513)

Java

Changes for google-cloud-spanner

6.77.0 (2024-10-02)

Features
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.52.0 (#3291) (9241063)
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.52.0 (#3292) (da27a19)
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.52.0 (#3293) (c6dbdb2)
  • Update dependency com.google.cloud:google-cloud-trace to v2.51.0 (#3294) (a269747)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#3355) (5191e71)
  • Update dependency com.google.cloud.opentelemetry:exporter-metrics to v0.32.0 (#3371) (d5b5ca0)
  • Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.32.0 (#3372) (aa9a71d)
  • Update dependency commons-io:commons-io to v2.17.0 (#3349) (7c21164)
  • Update dependency io.opentelemetry:opentelemetry-bom to v1.42.1 (#3323) (95dfc02)
  • Update dependency ubuntu to v24 (#3356) (042c294)
  • Update googleapis/sdk-platform-java action to v2.46.1 (#3354) (378f5cf)
  • Update junixsocket.version to v2.10.1 (#3367) (5f94915)
  • Update opentelemetry.version to v1.42.1 (#3330) (7b05e43)
Documentation
  • Update comment for PROFILE QueryMode (c078ac3)

6.78.0 (2024-10-11)

Features
  • Define ReplicaComputeCapacity and AsymmetricAutoscalingOption (f46a6b3)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.47.0 (139a715)
Dependencies
  • Update dependency com.google.cloud:google-cloud-trace to v2.52.0 (#3393) (79453f9)

6.79.0 (2024-10-11)

Features
  • Support DML auto-batching in Connection API (#3386) (a1ce267)
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.53.0 (#3390) (a060e92)
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.53.0 (#3391) (7f0927d)
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.53.0 (#3392) (fd3e92d)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.37.0 (#3395) (8ecb1a9)
  • Update dependency com.google.cloud.opentelemetry:exporter-metrics to v0.33.0 (#3388) (26aa51d)
  • Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.33.0 (#3389) (6e34c5a)
  • Update googleapis/sdk-platform-java action to v2.47.0 (#3383) (4f0d693)

6.80.0 (2024-10-25)

Features
  • Enabling endToEndTracing support in Connection API (#3412) (16cc6ee)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.38.0 (#3424) (b727453)
  • Update dependency io.opentelemetry:opentelemetry-bom to v1.43.0 (#3399) (a755c6c)
  • Update dependency io.opentelemetry:opentelemetry-sdk-testing to v1.43.0 (#3398) (693243a)
  • Update googleapis/sdk-platform-java action to v2.48.0 (#3422) (d5d1f55)
Documentation
  • Fix tracing sample to exit when completed, and use custom monitored resource for export (#3287) (ddb65b1)
Vertex AI

PSC-I Egress is supported for Ray clusters Vertex AI. PSC-I is recommended for private connectivity since it reduces the chance of IP exhaustion, and allows for transitive peering. Check out Private Service Connect interface for Ray on Vertex AI. This feature is available in Preview.

Private Service Connect interface (PSC-I) is now supported for ML pipeline runs in Vertex AI Pipelines. PSC-I is recommended for private connectivity, since it reduces the chance of IP exhaustion, and allows for transitive peering.

For more information, see Configure Private Service Connect interface for a pipeline. This feature is available in Preview.

Vertex AI Agent Builder

Vertex AI Search: Stream answers (GA with allowlist)

The answer streaming method can return generated answers in sequential parts. This reduces the perception of latency. As the end users read the first part of the answer, the subsequent parts of the answer are being generated.

The answer streaming method also includes many of the features of the original answer method.

This feature is Generally available to select Google customers (GA with allowlist). For more information, see Stream answers.

Virtual Private Cloud

Support for IPv6 static routes with a next hop internal passthrough Network Load Balancer (next-hop-ilb) is available in Preview.

October 30, 2024

Cloud Composer

(Cloud Composer 3) Airflow workers now generate a proper OpenID Connect (OIDC) token.

(Airflow 2.9.3 and 2.7.3) The dbt-common package was downgraded from 1.11.0 to 1.10.0.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.3-build.5 (default)
  • composer-3-airflow-2.7.3-build.21

Cloud Composer 2.9.9 images are available:

  • composer-2.9.9-airflow-2.9.3 (default)
  • composer-2.9.9-airflow-2.7.3

Cloud Composer version 2.5.0 has reached its end of support period.

Cloud Interconnect

Dedicated Interconnect and Cross-Cloud Interconnect now support network traffic differentiation through application awareness on Cloud Interconnect in Preview. For more information, see "Configure traffic differentiation" for Dedicated Interconnect and Cross-Cloud Interconnect.

Cloud Load Balancing

Service Extensions plugins are available for Google Cloud Application Load Balancers, excluding Classic, in Preview.

Service Extensions plugins help you insert WebAssembly (Wasm) plugins in a fully managed serverless environment directly into the data path of Application Load Balancers.

For details, see Plugins for Cloud Load Balancing.

Compute Engine

Generally available: General purpose C4A Arm VMs on Google's custom-built Axiom processors. C4A VMs are available as predefined configurations in sizes ranging from 1 vCPU to 72 vCPUs and up to 576 GB of DDR5 memory. C4A uses Google Cloud's latest generation storage options including Hyperdisk Balanced and Hyperdisk Extreme.

C4A VMs are available in the following regions and zones:

  • Singapore - asia-southeast1-a,b,c
  • Belgium - europe-west1-b,c,d
  • Frankfurt - europe-west3-a,b,c
  • Netherlands - europe-west4-a,b,c
  • Iowa - us-central1-a,b,c
  • South Carolina - us-east1-b,c,d
  • Virginia - us-east4-a,b,c

Generally available: You can autoscale a regional MIG with a BALANCED target distribution shape. With the BALANCED shape, the autoscaler is aware of the capacity in each zone and creates VMs in zones that have resource availability. For more information, see Autoscaling a regional MIG.

Google Kubernetes Engine

Weighted load balancing for GKE External LoadBalancer Services is now available in Preview. Weighted load balancing is a more efficient way to distribute traffic to nodes based on the number of serving Pods they have backing the Service. To learn more, see About LoadBalancer Services.

(2024-R42) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.1-gke.1846000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1217000
    • 1.29.9-gke.1341000
    • 1.30.5-gke.1355000
    • 1.31.1-gke.1678000
    • 1.31.1-gke.2008000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1846000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.

Regular channel

  • Version 1.30.5-gke.1355000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.14-gke.1099000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1014001
    • 1.30.5-gke.1014003
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1355000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.

Stable channel

  • Version 1.30.5-gke.1014003 is now the default version for cluster creation in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1278000
    • 1.30.5-gke.1014001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1014003 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1014003 with this release.

Extended channel

  • Version 1.30.5-gke.1355000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1712000
    • 1.28.14-gke.1099000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1014001
    • 1.30.5-gke.1014003
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.

No channel

(2024-R42) Version updates

  • Version 1.31.1-gke.1846000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1217000
    • 1.29.9-gke.1341000
    • 1.30.5-gke.1355000
    • 1.31.1-gke.1678000
    • 1.31.1-gke.2008000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1846000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.

(2024-R42) Version updates

  • Version 1.30.5-gke.1355000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.14-gke.1099000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1014001
    • 1.30.5-gke.1014003
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1355000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.

(2024-R42) Version updates

  • Version 1.30.5-gke.1014003 is now the default version for cluster creation in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1278000
    • 1.30.5-gke.1014001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1014003 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1014003 with this release.

(2024-R42) Version updates

  • Version 1.30.5-gke.1355000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1712000
    • 1.28.14-gke.1099000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1014001
    • 1.30.5-gke.1014003
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.

(2024-R42) Version updates

Network Security Integration

You can use Packet Mirroring, an "out-of-band" Network Security Integration, to analyze your workloads' network traffic at scale. This feature is available in Preview. For more information, see Network Security Integration overview.

For Preview, Network Security Integration resources are available free of charge. For other Google Cloud resources, see the product-specific pricing documentation.

Service Extensions

Service Extensions plugins help you insert WebAssembly (Wasm) plugins in a fully managed serverless environment directly into the data path of most Cloud Load Balancing Application Load Balancers. This feature is in Preview.

For details, see Plugins for Cloud Load Balancing.

Text-to-Speech

Studio Voices now support synthesis with multiple speakers to generate audios for interviews, interactive storytelling, video games, e-learning platforms, and accessibility solutions.

October 29, 2024

Cloud Load Balancing

All the Application Load Balancers, except the classic Application Load Balancer, now support stateful cookie-based session affinity. When you use stateful cookie-based affinity, the load balancer includes an HTTP cookie in the Set-Cookie header in response to the initial HTTP request. With stateful session affinity, customers can preserve stickiness to the selected backend.

For details, see Stateful cookie-based session affinity.

This capability is in General Availability.

Cloud Logging

You can now create and manage log scopes by using the Google Cloud CLI, in addition to using the Cloud Console and Terraform. Log scopes are in Public Preview. For more information, see

Cloud Storage

Data Access logs are now compatible with all authenticated browser downloads.

  • When an authenticated browser download occurs outside of the Google Cloud console, a resulting Data Access log has its principalEmail and callerIp fields redacted.
Google Kubernetes Engine

Three new metrics are added for measuring node and workload startup latency:

  • kubernetes.io/node/latencies/startup: The total startup latency of a node, from the GCE instance's CreationTimestamp to Kubernetes Node Ready for the first time.

  • kubernetes.io/pod/latencies/pod_first_ready: The Pod end-to-end startup latency (from Pod Created to Ready), including image pulls. This metric is available for clusters with GKE version 1.31.1-gke.1678000 or later.

  • kubernetes.io/autoscaler/latencies/per_hpa_recommendation_scale_latency_seconds: Horizontal Pod Autoscaling (HPA) scaling recommendation latency (the time between metrics being created and the corresponding scaling recommendation being applied to the API server) for the HPA target. This metric is available for clusters running the following versions or later:

    • 1.30.4-gke.1348001
    • 1.31.0-gke.1324000

Instance Group Managers for node pools created with version 1.30.5-gke.1523000 or later and 1.31.1-gke.1869000 or later will now have update on repair enabled by default. This will allow labels to persist upon Spot VM preemption.

Memorystore for Redis

Added support for the databases configuration. For more details, see the entry for databases in Supported Redis configurations.

Resource Manager

Organization Policy managed constraints are a set of constraints built on the custom organization policy platform. You can use managed constraints in place of certain predefined constraints to perform dry-run tests and simulate changes to your policies using Policy Intelligence tools. This feature is now in General Availability.

SAP on Google Cloud

BigQuery Connector for SAP version 2.8

Version 2.8 of the BigQuery Connector for SAP is generally available (GA). This version offers several enhancements and bug fixes, including the record compression option at field level, a transaction to view the version of BigQuery Connector for SAP, and an enhancement spot for HTTP error handling.

For more information, see What's new with BigQuery Connector for SAP.

October 28, 2024

AlloyDB for PostgreSQL

AlloyDB for PostgreSQL now supports in-place major version upgrade in Preview. You can upgrade your cluster that is compatible with PostgreSQL version 14 to 15. For more information, see Upgrade a database in-place major version.

Application Integration

Add failure policy (Generally available (GA))

You can now configure more complicated retry strategies for tasks, such as retries based on the error codes or the variable values during the execution:

  • Configure multiple ordered conditional failure policies for each task.
  • Configure a default failure policy that will be applied if no conditional failure policies matches.
  • Use system auto-generated variables in the failure policies. For example, ExecutionMode and ErrorInfo.

For more information, see Example for error handling.

Batch

Dynamic Workload Scheduler for Batch is available in Preview. We recommend using Dynamic Workload Scheduler to improve resource availability for jobs that run on A3 GPU VMs when you don't intend to use a reservation. For more information, see Create and run a job that uses GPUs.

Cloud Data Fusion

The Oracle plugin version 1.11.4 is available in Cloud Data Fusion versions 6.10.1 and later. This release includes the following change:

  • Fixed an issue causing pipelines with an Oracle sink that has date columns in the input schema to fail (PLUGIN-1812).
Cloud Load Balancing

To take advantage of the new features of the global external Application Load Balancer, you can now migrate your classic Application Load Balancer resources to the global external Application Load Balancer infrastructure.

To migrate to the global external Application Load Balancer, you change the load balancing scheme of your load balancing resources—specifically, the backend services and forwarding rules—from EXTERNAL to EXTERNAL_MANAGED. You can also rollback resources to the classic Application Load Balancer infrastructure, as long as you do so within 90 days of changing the load balancing scheme.

For more details on the migration process, see the following pages:

This capability is available in Preview.

Cloud Logging

You can now use tags to annotate your log buckets and use the tags to manage access to the log buckets. For more information, see Manage log buckets by using tags.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.20.6 (2024-10-26)

Dependencies

3.20.5 (2024-10-23)

Dependencies
Cloud Monitoring

The capabilities for dashboard-level filtering has been enhanced. You can now configure pinned filters and variables to have multiple default values and support selection of multiple values. You can also create value-only variables and generate the list of possible values for a variable by running a SQL query. These features are in Public Preview. For more information, see the following documents:

Cloud Storage

Additional functionality is now available for the Object Retention Lock and Bucket Lock features:

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.44.1 (2024-10-25)

Dependencies

2.44.0 (2024-10-23)

Features
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.47.0 (c517798)
  • Fix createFrom resumable upload retry offset calculation (#2771) (1126cdc), closes #2770
  • Update gRPC ReadObject retry to avoid double retry (#2765) (1fc57b9)
Dependencies
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20241008-2.0.0 (#2776) (0545b5e)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.38.0 (#2787) (a470e88)
  • Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.48.0 (#2781) (8fa013e)
  • Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.49.0 (#2782) (a7baffb)
  • Update googleapis/sdk-platform-java action to v2.48.0 (#2786) (2893e61)

You can now use the Google Cloud console to get soft delete recommendations for buckets. Soft delete recommendations help you determine when it's best to enable or disable the soft delete feature on a bucket based on impact to cost and security.

Container Optimized OS

cos-105-17412-495-13

Date Kernel Docker Containerd GPU Drivers
Oct 28, 2024 COS-5.15.167 v23.0.3 v1.7.23 See List

Upgraded app-admin/google-guest-configs to v20240725.00.

Upgraded app-containers/cni-plugins to v1.5.1.

Updated R550, latest driver to v550.90.12.

Fixed CVE-2024-8096 and CVE-2024-7264 in net-misc/curl.

Fixed CVE-2024-47685 in the Linux kernel.

Fixed CVE-2024-27017 in the Linux kernel.

Fixed CVE-2024-38632 in the Linux kernel.

Fixed CVE-2024-39463 in the Linux kernel.

Fixed CVE-2024-47674 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812700 -> 812685

cos-117-18613-0-99

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.23 See List

Fixed CVE-2024-47685 in the Linux kernel.

Fixed CVE-2024-44991 in the Linux kernel.

Fixed CVE-2024-47674 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811768 -> 811706

cos-113-18244-236-9

Date Kernel Docker Containerd GPU Drivers
Oct 28, 2024 COS-6.1.112 v24.0.9 v1.7.23 See List

Fixed CVE-2024-47685 in the Linux kernel.

Fixed CVE-2024-38632 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812026 -> 812035

cos-109-17800-372-12

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Fixed CVE-2024-47685 in the Linux kernel.

Fixed CVE-2024-38632 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812259 -> 812253

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.10.2 (2024-10-23)

Bug Fixes
  • dataflow: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • dataflow: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (8bb87d5)
Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.24.0 (2024-10-24)

Features
  • Add FindNearest API to the stable branch (3512ba2)
Bug Fixes
  • sample: Change update entity sample to use transaction (#1633) (c44f17a)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.38.0 (#1632) (6453f1e)
  • Update googleapis/sdk-platform-java action to v2.48.0 (#1628) (d3bce79)
Generative AI on Vertex AI

You can now fine-tune the following models from the Cloud console:

The Whisper large v3 and Whisper large v3 turbo models have been added to Model Garden.

Updated the fine-tuning notebooks for Gemma 2, Llama 3.1, Mistral, and Mixtral with the following enhancements:

  • The notebooks use an updated high-performance container for single host multi-GPU LoRA fine-tuning.
    • Better throughput and GPU utilization with well-tested max-sequence-lengths.
    • Support for input token masking.
    • No out of memory (OOM) error during fine-tuning.
  • Added a custom dataset example that uses a template and format validation.
  • Support for a default accelerator pool with quota checks.
  • Improved documentation.
Google Kubernetes Engine

The A3 Edge (a3-edgegpu-8g) machine type with H100 80GB GPUs attached is now available on GKE Standard clusters. To learn more, see About GPUs.

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • AIX system (OS)
  • Apache Tomcat (Web server)
  • Apigee (Google Cloud Specific)
  • Aqua Security (IaaS Applications)
  • Aruba Switch (Network Infrastructure)
  • Auth0 (Authentication log)
  • AWS Cloudtrail (Cloud Log Aggregator)
  • AWS GuardDuty (IDS/IPS)
  • AWS RDS (Database)
  • AWS Route 53 DNS (AWS Specific)
  • AWS VPC Flow (AWS Specific)
  • Azure AD (LDAP)
  • Azure AD Sign-In (Misc Windows Specific)
  • Azure VPN (VPN)
  • Blue Coat Proxy (Web Proxy)
  • BMC Client Management (Security)
  • Checkpoint Audit (AUDIT)
  • Chrome Management (Browser)
  • Cisco ASA (firewall)
  • Cisco Internetwork Operating System (Network Infrastructure)
  • Cisco IronPort (Gateway Security)
  • Cisco Meraki (Wireless)
  • Cisco Router (Switches, Routers)
  • Cisco Switch (Switches, Routers)
  • Cisco UCM (Communication Manager)
  • Cisco Unity Connection (Administration and Management)
  • Citrix Netscaler (Load Balancer, Traffic Shaper, ADC)
  • Claroty Continuous Threat Detection (IoT)
  • Cloud Audit Logs (Google Cloud Specific)
  • Cloudflare (SaaS Application)
  • CommVault (Alert System)
  • CrowdStrike Detection Monitoring (EDR)
  • CrowdStrike Falcon (EDR)
  • Darktrace (NDR)
  • Dell Switch (Switches, Routers)
  • Druva Backup (Security)
  • Entrust nShield HSM (Hardware Security Module)
  • F5 ASM (WAF)
  • F5 BIGIP LTM (Load Balancer, Traffic Shaper, ADC)
  • Fidelis Network (NDR)
  • FireEye (Alerts)
  • FireEye HX (EDR)
  • FireEye NX (NDR)
  • FortiGate (Firewall)
  • Fortinet FortiAnalyzer (Fortinet FortiAnalyzer)
  • GitGuardian Enterprise (SaaS Applications)
  • Guardicore Centra (Deception Software)
  • Halcyon Anti Ransomware (AV and endpoint logs)
  • Hashicorp Vault (Privileged Account Activity)
  • HP Linux (OS)
  • IBM Mainframe Storage (Monitoring)
  • IBM OpenPages (Data Security)
  • IBM Security QRadar SOAR (Security)
  • Imperva (WAF)
  • Imperva Advanced Bot Protection (Bot Protection)
  • Imperva Audit Trail (IT infrastructure)
  • Infoblox DHCP (DHCP)
  • INTEL471 Watcher Alerts (Data Security)
  • Jamf Protect Alerts (Endpoint Security)
  • Juniper (Firewall)
  • KnowBe4 PhishER (Email server log types.)
  • Kubernetes Node (Kubernetes Container)
  • Linux Auditing System (AuditD) (OS)
  • McAfee ePolicy Orchestrator (Policy Management)
  • Microsoft AD (LDAP)
  • Microsoft Azure Resource (Log Aggregator)
  • Microsoft Defender for Identity (EDR)
  • Microsoft Defender for Office 365 (Email server log types.)
  • Microsoft Graph Activity Logs (AUDIT)
  • Microsoft Netlogon (Authentication)
  • Microsoft SQL Server (Database)
  • Microsoft System Center Endpoint Protection (Malware Detection)
  • Netscope Client (CASB)
  • Office 365 (SaaS Application)
  • Okta User Context (Identity and Access Management)
  • One Identity Identity Manager (unified identity security)
  • Opswat Metadefender (Threat Protection)
  • Palo Alto Networks Firewall (Firewall)
  • Palo Alto Prisma Cloud Alert payload (Cloud Security)
  • pfSense (FIREWALL)
  • Ping Federate (Authentication)
  • Proofpoint Observeit (Email Server)
  • ProofPoint Secure Email Relay (Email server)
  • Pure Storage (Data Storage)
  • Red Hat Directory Server LDAP (Identity and Access Management)
  • Salesforce (SaaS Application)
  • Salesforce Commerce Cloud (SaaS Application)
  • Security Command Center Threat (Google Cloud Specific)
  • ServiceNow CMDB (Policy Management)
  • Sophos UTM (Unified Threat Management)
  • Symantec Endpoint Protection (AV / Endpoint)
  • Sysdig (Security)
  • Tanium Threat Response (Tanium Specific)
  • ThreatX WAF (WAF)
  • Thycotic (Identity and Access Management)
  • Tines (Data Security)
  • Trend Micro (SMS, UNITY_ONE)
  • Trend Micro Deep Security (AV / Endpoint)
  • Trend Micro Vision One (AV and endpoint logs)
  • Twingate (VPN)
  • Unix system (OS)
  • Velo Firewall (FIREWALL)
  • VMware AirWatch (Wireless)
  • Windows Defender ATP (AV / Endpoint)
  • Windows Event (Endpoint)
  • Windows Event (XML) (AV / Endpoint)
  • Windows Local Administrator Password Solution (Local Administrator Password Solution)
  • Windows Sysmon (DNS)
  • Workday Audit Logs (Audit And Compliance)
  • Workspace Activities (Google Cloud Specific)
  • Workspace Alerts (Google Cloud Specific)
  • Zscaler (Web Proxy)
  • Zscaler Tunnel (N/A)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Adobe I/O Runtime (ADOBE_IO_RUNTIME)
  • Amazon VPC Transit Gateway Flow Logs (AWS_VPC_TRANSIT_GATEWAY)
  • Appsentinels (APPSENTINELS)
  • Asset Panda (ASSET_PANDA)
  • AstriX (ASTRIX)
  • Atlan (ATLAN)
  • Azure Container Registry (AZURE_CONTAINER_REGISTRY)
  • Backbase Engagement Banking Platform (BACKBASE)
  • Barracuda Incident Response (BARRACUDA_INCIDENTRESPONSE)
  • Cloudflare Access (CLOUDFLARE_ACCESS)
  • Control D DNS (CONTROL_D)
  • Digicert (DIGICERT)
  • Elastic Defend (ELASTIC_DEFEND)
  • FingerprintJS (FINGERPRINT_JS)
  • Hashicorp Nomad (HASHICORP_NOMAD)
  • IBM NS1 (IBM_NS1)
  • Intel 471 Malware Intelligence (INTEL471_MALWARE_INTEL)
  • MacStadium (MACSTADIUM)
  • N-Able N-Central RMM (N_ABLE_N_CENTRAL_RMM)
  • Opentext Exstream (OPENTEXT_EXSTREAM)
  • OVHcloud (OVHCLOUD)
  • OX Security (OX_SECURITY)
  • Pharos (PHAROS)
  • ReliaQuest (RELIAQUEST)
  • Rublon (RUBLON)
  • Snyk Group level audit/issues logs (SNYK_ISSUES)
  • SolarWinds Network Performance Monitor (SOLARWINDS_NPM)
  • StackHawk (STACKHAWK)
  • Tencent Cloud Firewall (TENCENT_CLOUD_FIREWALL)
  • Tencent Cloud Waf (TENCENT_CLOUD_WAF)
  • Tencent Cloud Workload Protection (TENCENT_CLOUD_WORKLOAD_PROTECTION)
  • Trend Micro Server Protect (TRENDMICRO_SERVER_PROTECT)
  • UKG (UKG)
  • Uptivity (UPTIVITY)
  • USBAV Koramis (USBAV_KORAMIS)
  • Virtual Network Flow Logs (VIRTUAL_NETWORK_FLOW_LOGS)
  • Windows Performance Monitor (MS_PERFMON)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • AIX system (OS)
  • Apache Tomcat (Web server)
  • Apigee (Google Cloud Specific)
  • Aqua Security (IaaS Applications)
  • Aruba Switch (Network Infrastructure)
  • Auth0 (Authentication log)
  • AWS Cloudtrail (Cloud Log Aggregator)
  • AWS GuardDuty (IDS/IPS)
  • AWS RDS (Database)
  • AWS Route 53 DNS (AWS Specific)
  • AWS VPC Flow (AWS Specific)
  • Azure AD (LDAP)
  • Azure AD Sign-In (Misc Windows Specific)
  • Azure VPN (VPN)
  • Blue Coat Proxy (Web Proxy)
  • BMC Client Management (Security)
  • Checkpoint Audit (AUDIT)
  • Chrome Management (Browser)
  • Cisco ASA (firewall)
  • Cisco Internetwork Operating System (Network Infrastructure)
  • Cisco IronPort (Gateway Security)
  • Cisco Meraki (Wireless)
  • Cisco Router (Switches, Routers)
  • Cisco Switch (Switches, Routers)
  • Cisco UCM (Communication Manager)
  • Cisco Unity Connection (Administration and Management)
  • Citrix Netscaler (Load Balancer, Traffic Shaper, ADC)
  • Claroty Continuous Threat Detection (IoT)
  • Cloud Audit Logs (Google Cloud Specific)
  • Cloudflare (SaaS Application)
  • CommVault (Alert System)
  • CrowdStrike Detection Monitoring (EDR)
  • CrowdStrike Falcon (EDR)
  • Darktrace (NDR)
  • Dell Switch (Switches, Routers)
  • Druva Backup (Security)
  • Entrust nShield HSM (Hardware Security Module)
  • F5 ASM (WAF)
  • F5 BIGIP LTM (Load Balancer, Traffic Shaper, ADC)
  • Fidelis Network (NDR)
  • FireEye (Alerts)
  • FireEye HX (EDR)
  • FireEye NX (NDR)
  • FortiGate (Firewall)
  • Fortinet FortiAnalyzer (Fortinet FortiAnalyzer)
  • GitGuardian Enterprise (SaaS Applications)
  • Guardicore Centra (Deception Software)
  • Halcyon Anti Ransomware (AV and endpoint logs)
  • Hashicorp Vault (Privileged Account Activity)
  • HP Linux (OS)
  • IBM Mainframe Storage (Monitoring)
  • IBM OpenPages (Data Security)
  • IBM Security QRadar SOAR (Security)
  • Imperva (WAF)
  • Imperva Advanced Bot Protection (Bot Protection)
  • Imperva Audit Trail (IT infrastructure)
  • Infoblox DHCP (DHCP)
  • INTEL471 Watcher Alerts (Data Security)
  • Jamf Protect Alerts (Endpoint Security)
  • Juniper (Firewall)
  • KnowBe4 PhishER (Email server log types.)
  • Kubernetes Node (Kubernetes Container)
  • Linux Auditing System (AuditD) (OS)
  • McAfee ePolicy Orchestrator (Policy Management)
  • Microsoft AD (LDAP)
  • Microsoft Azure Resource (Log Aggregator)
  • Microsoft Defender for Identity (EDR)
  • Microsoft Defender for Office 365 (Email server log types.)
  • Microsoft Graph Activity Logs (AUDIT)
  • Microsoft Netlogon (Authentication)
  • Microsoft SQL Server (Database)
  • Microsoft System Center Endpoint Protection (Malware Detection)
  • Netscope Client (CASB)
  • Office 365 (SaaS Application)
  • Okta User Context (Identity and Access Management)
  • One Identity Identity Manager (unified identity security)
  • Opswat Metadefender (Threat Protection)
  • Palo Alto Networks Firewall (Firewall)
  • Palo Alto Prisma Cloud Alert payload (Cloud Security)
  • pfSense (FIREWALL)
  • Ping Federate (Authentication)
  • Proofpoint Observeit (Email Server)
  • ProofPoint Secure Email Relay (Email server)
  • Pure Storage (Data Storage)
  • Red Hat Directory Server LDAP (Identity and Access Management)
  • Salesforce (SaaS Application)
  • Salesforce Commerce Cloud (SaaS Application)
  • Security Command Center Threat (Google Cloud Specific)
  • ServiceNow CMDB (Policy Management)
  • Sophos UTM (Unified Threat Management)
  • Symantec Endpoint Protection (AV / Endpoint)
  • Sysdig (Security)
  • Tanium Threat Response (Tanium Specific)
  • ThreatX WAF (WAF)
  • Thycotic (Identity and Access Management)
  • Tines (Data Security)
  • Trend Micro (SMS, UNITY_ONE)
  • Trend Micro Deep Security (AV / Endpoint)
  • Trend Micro Vision One (AV and endpoint logs)
  • Twingate (VPN)
  • Unix system (OS)
  • Velo Firewall (FIREWALL)
  • VMware AirWatch (Wireless)
  • Windows Defender ATP (AV / Endpoint)
  • Windows Event (Endpoint)
  • Windows Event (XML) (AV / Endpoint)
  • Windows Local Administrator Password Solution (Local Administrator Password Solution)
  • Windows Sysmon (DNS)
  • Workday Audit Logs (Audit And Compliance)
  • Workspace Activities (Google Cloud Specific)
  • Workspace Alerts (Google Cloud Specific)
  • Zscaler (Web Proxy)
  • Zscaler Tunnel (N/A)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Adobe I/O Runtime (ADOBE_IO_RUNTIME)
  • Amazon VPC Transit Gateway Flow Logs (AWS_VPC_TRANSIT_GATEWAY)
  • Appsentinels (APPSENTINELS)
  • Asset Panda (ASSET_PANDA)
  • AstriX (ASTRIX)
  • Atlan (ATLAN)
  • Azure Container Registry (AZURE_CONTAINER_REGISTRY)
  • Backbase Engagement Banking Platform (BACKBASE)
  • Barracuda Incident Response (BARRACUDA_INCIDENTRESPONSE)
  • Cloudflare Access (CLOUDFLARE_ACCESS)
  • Control D DNS (CONTROL_D)
  • Digicert (DIGICERT)
  • Elastic Defend (ELASTIC_DEFEND)
  • FingerprintJS (FINGERPRINT_JS)
  • Hashicorp Nomad (HASHICORP_NOMAD)
  • IBM NS1 (IBM_NS1)
  • Intel 471 Malware Intelligence (INTEL471_MALWARE_INTEL)
  • MacStadium (MACSTADIUM)
  • N-Able N-Central RMM (N_ABLE_N_CENTRAL_RMM)
  • Opentext Exstream (OPENTEXT_EXSTREAM)
  • OVHcloud (OVHCLOUD)
  • OX Security (OX_SECURITY)
  • Pharos (PHAROS)
  • ReliaQuest (RELIAQUEST)
  • Rublon (RUBLON)
  • Snyk Group level audit/issues logs (SNYK_ISSUES)
  • SolarWinds Network Performance Monitor (SOLARWINDS_NPM)
  • StackHawk (STACKHAWK)
  • Tencent Cloud Firewall (TENCENT_CLOUD_FIREWALL)
  • Tencent Cloud Waf (TENCENT_CLOUD_WAF)
  • Tencent Cloud Workload Protection (TENCENT_CLOUD_WORKLOAD_PROTECTION)
  • Trend Micro Server Protect (TRENDMICRO_SERVER_PROTECT)
  • UKG (UKG)
  • Uptivity (UPTIVITY)
  • USBAV Koramis (USBAV_KORAMIS)
  • Virtual Network Flow Logs (VIRTUAL_NETWORK_FLOW_LOGS)
  • Windows Performance Monitor (MS_PERFMON)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

1.45.1 (2024-10-24)

Bug Fixes
  • pubsub: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • pubsub: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (8bb87d5)
Documentation
  • pubsub: Add doc links to top level package doc (#11029) (fe2ec56)

1.45.0 (2024-10-22)

Features
  • pubsub: Add IngestionFailureEvent to the external proto (f0b05e2)
  • pubsub: Add support for ingestion platform logging settings (#10969) (c60241f)

Java

Changes for google-cloud-pubsub

1.134.0 (2024-10-23)

Features
  • Add IngestionFailureEvent to the external proto (6c67798)
  • Track batch size using serialized size of PublishRequest (#2113) (be78e64)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.43.1 (#2202) (acaf5f2)
  • Update dependency com.google.cloud:google-cloud-core to v2.46.0 (#2238) (dc06d54)
  • Update dependency com.google.cloud:google-cloud-storage to v2.43.2 (#2226) (eb87c04)
  • Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.33.0 (#2225) (cc1b072)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.28.3 (#2237) (75abe83)
  • Update dependency org.apache.avro:avro to v1.11.4 security (31f276b)
  • Update sdk platform java dependencies (#2239) (8f4f855)
Documentation
Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.14.2 (2024-10-23)

Bug Fixes
  • secretmanager: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • secretmanager: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (2b8ca4b)
Sensitive Data Protection

The ITALY_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Spanner

Query Optimizer version 8 is available. Version 7 remains the default optimizer version.

Workflows

Two standard library functions to support common hashing algorithms have been added: compute_checksum and compute_hmac.

October 26, 2024

Google SecOps SOAR

Release 6.3.23 is currently in Preview.

Custom SMTP Configuration does not send emails with send_mail function in monitoring jobs (ID #52614371)

Unexpected behavior between system wide and user preference localization time zone settings. Following this bug fix, the default time zone is now set to UTC + 1. This does not override the user local settings. The admin needs to change the default timezone to the required timezone if needed. (ID #51914939, #52558921)

October 25, 2024

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud SQL for MySQL

When you run the backupRuns.GET API or the gcloud sql backups describe command, the maxChargeableBytes parameter now appears in the response. This parameter contains the maximum number of bytes that you can be charged for a backup.

Cloud SQL for PostgreSQL

When you run the backupRuns.GET API or the gcloud sql backups describe command, the maxChargeableBytes parameter now appears in the response. This parameter contains the maximum number of bytes that you can be charged for a backup.

Cloud SQL for SQL Server

When you run the backupRuns.GET API or the gcloud sql backups describe command, the maxChargeableBytes parameter now appears in the response. This parameter contains the maximum number of bytes that you can be charged for a backup.

Colab Enterprise

Colab Enterprise is now available in the following regions:

  • Hamina, Finland (europe-north1)
  • Milan, Italy (europe-west8)
  • Tel Aviv, Israel (me-west1)
  • Warsaw, Poland (europe-central2)

See Colab Enterprise locations.

Compute Engine

Generally available: The A3 Edge accelerator-optimized machine type is now available. The A3 Edge machine type has NVIDIA® H100 80GB GPUs attached and provides up to 800 Gbps of network bandwidth speed depending on the region. A3 Edge VMs are ideal for inference or training ML workloads that require a single node. The A3 Edge machine type is available in the following regions and zones:

  • APAC
    • Tokyo, Japan: asia-northeast1-c
    • Seoul, South Korea: asia-northeast3-a,c
    • Mumbai, India: asia-south1-c
  • Europe
    • London, England: europe-west2-b
    • Frankfurt, Germany: europe-west3-a
    • Eemshaven, Netherlands: europe-west4-b
    • Milan, Italy: europe-west8-c
    • Paris, France: europe-west9-c
    • Turin, Italy: europe-west12-b
  • North America
    • Toronto, Ontario: northamerica-northeast2-c

To get started with A3 Edge VMs, see Create an A3 VM.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.124-debian10, 2.0.124-rocky8, 2.0.124-ubuntu18
  • 2.1.72-debian11, 2.1.72-rocky8, 2.1.72-ubuntu20, 2.1.72-ubuntu20-arm
  • 2.2.38-debian12, 2.2.38-rocky9, 2.2.38-ubuntu22

Dataproc Serverless for Spark: The Hadoop Google Secret Manager Credential Provider feature is now available in the Dataproc Serverless for Spark 1.2 and 2.2 runtimes.

Dataproc Serverless for Spark: Added common AI/ML Python packages by default to Dataproc Serverless for Spark 1.2 and 2.2 runtimes.

Dataproc Serverless for Spark: Upgraded Cloud Storage connector to 3.0.3 version in the latest 1.2 and 2.2 runtimes.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.29.700-gke.110 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.700-gke.110 runs on Kubernetes v1.29.8-gke.1800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issues are fixed in 1.29.700-gke.110:

  • Fixed the known issue that caused gkectl to display false warnings on admin cluster version skew.
  • Fixed the known issue that caused migrating a user cluster to Controlplane V2 to fail if secrets encryption has ever been enabled on the user cluster, even if it's already disabled.
  • Fixed the known issue that caused migrating an admin cluster from non-HA to HA to fail if the admin cluster had enabled secret encryption at 1.14 or earlier, and upgraded all the way from that version.

The following vulnerabilities are fixed in 1.29.700-gke.110:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Google Kubernetes Engine

(2024-R41) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.1-gke.1678000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1099000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1145000
    • 1.31.1-gke.1146000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1355000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1678000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1678000 with this release.

Regular channel

Stable channel

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.13-gke.1119000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1014001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1014001 with this release.

Extended channel

No channel

(2024-R41) Version updates

  • Version 1.31.1-gke.1678000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1099000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1145000
    • 1.31.1-gke.1146000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1355000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1678000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1678000 with this release.

(2024-R41) Version updates

(2024-R41) Version updates

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.13-gke.1119000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1014001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1014001 with this release.

(2024-R41) Version updates

(2024-R41) Version updates

Security Command Center

Event Threat Detection's Outgoing DoS finding has been shut down and is no longer available.

Sensitive Data Protection

The PARAGUAY_TAX_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The sensitive data discovery service can now detect the presence of secrets, such as passwords and authentication tokens, in your Cloud Run service revision environment variables. Sensitive Data Protection sends any findings to Security Command Center as vulnerability findings. For more information, see Report secrets in environment variables to Security Command Center.

Vertex AI Agent Builder

Vertex AI Search: Get grounding scores for answers with summaries and follow-ups (GA)

The answer method can return aggregated grounding scores for answers and individual grounding scores for claims.

This feature is Generally available (GA). For more information, see Return grounding support scores.

Vertex AI Search: Return only well-grounded answers with summaries and follow-ups (GA)

With the answer method, you can choose to filter out poorly-grounded answers. There are two filter levels: choose to return only answers with high grounding scores (at the risk of losing some helpful answers) or choose a lower filter to get more answers.

This feature is Generally available (GA). For more information, see Show only well-grounded answers.

Vertex AI Search: Advanced autocomplete (Public preview)

Use advanced autocomplete to enable autocomplete on blended search apps. Also, advanced autocomplete supports:

  • Access control
  • Language boosting
  • Rich suggestions, which return document suggestions or recent search suggestions

For more information, see Configure advanced autocomplete. This feature is in Public preview.