Google Cloud release notes

Stay organized with collections Save and categorize content based on your preferences.

The default major version of PostgreSQL compatibility for new AlloyDB clusters is now PostgreSQL 16.

cos-113-18244-382-15

Runtime sysctl changes:

• Changed: fs.file-max: 812040 -> 812054

cos-dev-125-19041-0-0

Upgraded app-admin/google-guest-configs to v20250501.00.

Added support for 7th generation TPU devices.

Updated the Linux kernel to v6.6.89.

Runtime sysctl changes:

• Changed: fs.file-max: 811773 -> 811729

cos-117-18613-263-13

Upgraded app-admin/google-guest-configs to v20250501.00.

Added support for 7th generation TPU devices.

Runtime sysctl changes:

• Changed: fs.file-max: 811816 -> 811830

cos-109-17800-519-7

Runtime sysctl changes:

• Changed: fs.file-max: 812287 -> 812270

cos-121-18867-90-23

Upgraded app-admin/google-guest-configs to v20250501.00.

Added support for 7th generation TPU devices.

Runtime sysctl changes:

• Changed: fs.file-max: 811788 -> 811731

YARA-L search with data tables updates

• Data tables are now accessible from the Investigation menu, instead of Detection, in the web interface.
• Data tables can now be used as a data source in search queries.
• Role-based access control (RBAC) has been added to manage access to data tables.

YARA-L search with data tables updates

• Data tables are now accessible from the Investigation menu, instead of Detection, in the web interface.
• Data tables can now be used as a data source in search queries.
• Role-based access control (RBAC) has been added to manage access to data tables.

By default, scans for MAC_ADDRESS findings now include MAC_ADDRESS_LOCAL findings. Previously, you could only use this functionality if you set the InfoType.version of MAC_ADDRESS to latest in your InspectConfig.

You can still use the old version of MAC_ADDRESS by setting its InfoType.version to legacy or by using the MAC_ADDRESS_UNIVERSAL infoType. In 90 days, the new functionality will be promoted to legacy.

reCAPTCHA Mobile SDK v18.7.1 is now available for Android

This version contains reliability improvements in the execute() method.

Due to a change to report replay_lsn more accurately during parallel replay, metrics might show a slightly higher replication lag.

New Dataproc on Compute Engine subminor image versions:

• 2.0.140-debian10, 2.0.140-rocky8, 2.0.140-ubuntu18
• 2.1.88-debian11, 2.1.88-rocky8, 2.1.88-ubuntu20, 2.1.88-ubuntu20-arm
• 2.2.56-debian12, 2.2.56-rocky9, 2.2.56-ubuntu22

(2025-R18) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Other changes in 1.33

containerd 2.0 is supported. For more information, see Migrate nodes to containerd 2.

(2025-R18) Version updates

• Version 1.32.3-gke.1927002 is now the default version for cluster creation in the Rapid channel.
• The following versions are now available in the Rapid channel:
  • 1.30.12-gke.1033000
  • 1.31.8-gke.1045000
  • 1.32.3-gke.1785003
  • 1.32.3-gke.1927002
  • 1.32.4-gke.1106000
  • 1.33.0-gke.1552000
  • 1.33.0-gke.1582000
  • 1.33.0-gke.1712000
• The following versions are no longer available in the Rapid channel:
  • 1.30.11-gke.1131000
  • 1.31.7-gke.1212000
  • 1.32.2-gke.1297002
  • 1.32.3-gke.1785000
  • 1.32.3-gke.1927000
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.11-gke.1157000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.7-gke.1265000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.32.3-gke.1785003 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.11-gke.1157000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.7-gke.1265000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.3-gke.1785003 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.33 to version 1.33.0-gke.1552000 with this release.

(2025-R18) Version updates

• Version 1.32.2-gke.1297002 is now the default version for cluster creation in the Regular channel.
• The following versions are now available in the Regular channel:
  • 1.30.11-gke.1157000
  • 1.31.7-gke.1265000
  • 1.32.3-gke.1785003
• The following versions are no longer available in the Regular channel:
  • 1.30.10-gke.1070000
  • 1.31.6-gke.1064001
  • 1.32.2-gke.1182003
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.11-gke.1131000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.31.7-gke.1212000 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.11-gke.1131000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.7-gke.1212000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.2-gke.1297002 with this release.

(2025-R18) Version updates

There are no new releases in the Stable channel.

(2025-R18) Version updates

• Version 1.32.2-gke.1297002 is now the default version for cluster creation in the Extended channel.
• The following versions are now available in the Extended channel:
  • 1.27.16-gke.2682000
  • 1.27.16-gke.2732000
  • 1.28.15-gke.2142000
  • 1.28.15-gke.2192000
  • 1.29.15-gke.1274000
  • 1.30.11-gke.1157000
  • 1.31.7-gke.1265000
  • 1.32.3-gke.1785003
• The following versions are no longer available in the Extended channel:
  • 1.27.16-gke.2650000
  • 1.27.16-gke.2703000
  • 1.28.15-gke.2097000
  • 1.28.15-gke.2169000
  • 1.29.15-gke.1240000
  • 1.30.10-gke.1070000
  • 1.31.6-gke.1064001
  • 1.32.2-gke.1182003
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2121000 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2664000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2121000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.11-gke.1131000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.7-gke.1212000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.2-gke.1297002 with this release.

(2025-R18) Version updates

• Version 1.32.2-gke.1297002 is now the default version for cluster creation.
• The following versions are now available:
  • 1.30.12-gke.1033000
  • 1.31.8-gke.1045000
  • 1.32.3-gke.1785003
  • 1.32.3-gke.1927002
  • 1.32.4-gke.1106000
• The following node versions are now available:
  • 1.27.16-gke.2732000
  • 1.28.15-gke.2192000
  • 1.29.15-gke.1274000
  • 1.30.12-gke.1033000
  • 1.31.8-gke.1045000
  • 1.32.3-gke.1785003
  • 1.32.3-gke.1927002
  • 1.32.4-gke.1106000
• The following versions are no longer available:
  • 1.31.6-gke.1020000
  • 1.32.3-gke.1785000
  • 1.32.3-gke.1927000
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.11-gke.1131000 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.11-gke.1131000 with this release.

If the Force mobile authentication setting is enabled, mobile users will be logged out after 60 minutes, rather than 30 minutes, of inactivity.

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

If you create an instance using the Google Cloud Console, then the per-instance CA (GOOGLE_MANAGED_INTERNAL_CA) option is now the default server certificate authority (CA) mode for your Cloud SQL instance.

For users of the Cloud SQL Auth Proxy:

• If the Cloud SQL instance to which you're connecting is using shared certificate authority (CA) for its serverCaMode setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.13.0 or later.
• If the Cloud SQL instance to which you're connecting is using customer-managed CA for its serverCaMode setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.14.3 or later.

If you create an instance using the Google Cloud Console, then the per-instance CA (GOOGLE_MANAGED_INTERNAL_CA) option is now the default server certificate authority (CA) mode for your Cloud SQL instance.

For users of the Cloud SQL Auth Proxy:

• If the Cloud SQL instance to which you're connecting is using shared certificate authority (CA) for its serverCaMode setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.13.0 or later.
• If the Cloud SQL instance to which you're connecting is using customer-managed CA for its serverCaMode setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.14.3 or later.

If you create an instance using the Google Cloud Console, then the per-instance CA (GOOGLE_MANAGED_INTERNAL_CA) option is now the default server certificate authority (CA) mode for your Cloud SQL instance.

For users of the Cloud SQL Auth Proxy:

• If the Cloud SQL instance to which you're connecting is using shared certificate authority (CA) for its serverCaMode setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.13.0 or later.
• If the Cloud SQL instance to which you're connecting is using customer-managed CA for its serverCaMode setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.14.3 or later.

The following Security Command Center Enterprise pages that you previously accessed through the Google Security Operations console are now under Security Command Center in the Google Cloud console:

• Risk Overview
• Issues
• Assets (previously called resources)
• Findings

The Security Command Center Enterprise left navigation also includes links to pages in the Google Security Operations console. For information about this navigation and accessing Google Security Operations pages, see Security Command Center Enterprise console.

For newly created Cloud Composer 3 environments, the minimum amount of memory is changed to 2 GB.

For newly created environments, database retention policy is now enabled by default in Google Cloud CLI, API, and Terraform. Before this change, it was enabled by default only in Google Cloud Console.

Improved the environment liveness monitoring. This change addresses some cases of transient failures that caused "Liveness probe failed" warnings in the environment's logs.

(Airflow 2.10.5) The apache-airflow-providers-google package was upgraded to version 15.1.0 in Cloud Composer 2 images and Cloud Composer 3 builds.

For more information about changes, see the apache-airflow-providers-google changelog from version 14.0.0 to version 15.1.0.

(Airflow 2.10.5) Changes in preinstalled packages:

• apache-airflow-providers-standard was upgraded to 1.0.0 from 0.4.0.
• aiosqlite was removed from preinstalled packages.
• json-merge-patch was removed from preinstalled packages.
• time-machine was removed from preinstalled packages.

The default version of Airflow is changed to 2.10.5.

Airflow 2.10.2 is no longer included in Cloud Composer images and builds.

New Airflow builds are available in Cloud Composer 3:

• composer-3-airflow-2.10.5-build.2 (default)
• composer-3-airflow-2.9.3-build.22

New images are available in Cloud Composer 2:

• composer-2.13.0-airflow-2.10.5 (default)
• composer-2.13.0-airflow-2.10.2

We just released three new voice features for Chirp 3: HD Voices. Pace control is available across all locales; pause control is available across all locales; custom pronunciations is available across all locales except bn-in, gu-in, nl-be, sw-ke, th-th, uk-ua, ur-in, and vi-vn. Be sure to check our Chirp 3: HD Voices documentation for more information.

In the Google Cloud console, Analytics Hub has been renamed BigQuery sharing (Analytics Hub).

The Deployment Manager API is no longer automatically enabled when you enable Cloud Composer API because this API isn't used by the Cloud Composer service.

Environments with Cloud Composer versions 2.0.* still rely on the Deployment Manager API for updates, upgrades, and environment deletion. It won't be possible to perform these operations if this API is disabled. We recommend to upgrade your 2.0.* environments to a later version to remove this dependency.

cos-113-18244-382-8

Added support for 7th generation TPU devices.

Version changes in 1.32.0-gke.1087:

• The etcd version upgraded to 3.4.33
• COS upgraded to milestone 117
• containerd upgraded to 1.7
• Cilium upgraded to 1.15.6

Other changes in 1.32.0-gke.1087:

• The following legacy features are blocked during cluster upgrade:

  • Dataplane V1 (Calico)
  • Integrated F5 Big IP load balancer configuration
  • Non-HA admin cluster
  • Kubeception user cluster
  • Seesaw load balancer

  You must migrate your clusters to recommended features before upgrading to 1.32.

• The following changes to MetalLB address pools were made to behave the same as advanced clusters:

  • Can't remove existing address pools
  • Can't remove addresses in an existing address pool
  • Can't change address pool name

• The cert-manager component is available on advanced clusters.

• Allow changing stackdriver.projectID to be the same as gkeconnect.projectID.

• Removed support in the Konnectivity server (konnectivity-server) for the following weak cryptographic cipher suites: TLS_RSA_WITH_AES_256_GCM_SHA384 and TLS_RSA_WITH_AES_128_GCM_SHA256.

• Upgraded etcd to v3.4.33-0-gke.3.

• Upgraded containerd to version 1.7.

• Upgraded the SR-IOV operator, sriov-network-operator, to version 1.4.

• Added Compress=yes to /etc/systemd/journald.conf to ensure that objects larger than 512 bytes are compressed before they are written to the file system.

• Added new, default periodic health checks to ensure that Kubernetes cluster resources are configured correctly and functioning properly.

• Added more namespaces to the default snapshot scenarios.

• Added preflight check for kernel fsnotify settings for Red Hat Enterprise Linux (RHEL) 8.x.

• Removed the leading timestamp from the bmctl version response. Temporarily, we've provided -t and --timestamps flags to revert to the old format.

• Added a check for the FailedCgroupRemoval node condition to the node problem detector (NPD) to look for orphan container processes on nodes. By default, a new plugin for NPD automatically fixes this condition on the node.

• Updated the cluster delete process to delete worker node pools prior to removing any control plane nodes. This change applies to supported cluster deletion flows, including bmctl, the Google Cloud CLI, and the Google Cloud console.

• Updated the log entries in the backup.log file created by the bmctl backup command to improve readability.

• Updated the cluster upgrade operation to keep only the three latest kubeadm backups of etcd and configuration information for a node. Previously, kubeadm kept node backups for every attempted upgrade.

• Added the kubelet config, CPU Manager state, and Memory Manager state to node snapshots.

cos-117-18613-263-4

Runtime sysctl changes:

• Changed: fs.file-max: 811753 -> 811816

cos-109-17800-519-1

Runtime sysctl changes:

• Changed: fs.file-max: 812262 -> 812287

cos-dev-125-19025-0-0

Updated the Linux kernel to v6.6.88.

Updated the Linux kernel to v6.6.88.

Runtime sysctl changes:

• Changed: fs.file-max: 811785 -> 811773

cos-121-18867-90-15

Runtime sysctl changes:

• Changed: fs.file-max: 811806 -> 811788

Grounding

The following grounding features are generally available:

• Grounding on your data using Vertex AI Search
• Grounding with Elasticsearch

A new enforcement version, enforcement version 3, is available for principal access boundary policies. To learn more about enforcement versions and see the permissions that enforcement version 3 can block, see Permissions that principal access boundary policies can block.

Light Theme Enhancements

We've improved the color palette for the light theme to enhance visual clarity.

Starting with v1.14.2, third-party container images will be labeled with a version tag that matches the Apigee hybrid image tag. This affects the image tags returned by the apigee-pull-push command line tool. For more information, see:

• Use a private image repository with Apigee hybrid
• apigee-pull-push
• hub

The limit for the number of widgets on a custom dashboard has increased to 100, from 40. For information about dashboards, see the following:

• Create and manage custom dashboards
• Install a dashboard template
• Import Grafana dashboards

Dataproc on Compute Engine: Upgraded NodeProblemDetector to 0.8.20 based version for 2.2 image.

Dataproc on Compute Engine: Upgraded oauth2l to v1.3.3 to address CVEs.

(2025-R17) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

(2025-R17) Version updates

• Version 1.32.2-gke.1297002 is now the default version for cluster creation in the Rapid channel.
• The following versions are now available in the Rapid channel:
  • 1.30.11-gke.1131000
  • 1.30.11-gke.1217000
  • 1.31.7-gke.1212000
  • 1.31.7-gke.1390000
  • 1.32.3-gke.1927000
• The following versions are no longer available in the Rapid channel:
  • 1.30.10-gke.1070000
  • 1.30.10-gke.1102000
  • 1.31.6-gke.1064001
  • 1.31.6-gke.1099001
  • 1.32.2-gke.1182003
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.11-gke.1131000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.7-gke.1212000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.32.2-gke.1297002 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.11-gke.1131000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.7-gke.1212000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.2-gke.1297002 with this release.

(2025-R17) Version updates

• The following versions are now available in the Regular channel:
  • 1.30.11-gke.1131000
  • 1.31.7-gke.1212000
  • 1.32.2-gke.1297002

(2025-R17) Version updates

• Version 1.32.1-gke.1357001 is no longer available in the Stable channel.
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.31.6-gke.1064001 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.32 to version 1.32.2-gke.1182003 with this release.

(2025-R17) Version updates

• The following versions are now available in the Extended channel:
  • 1.27.16-gke.2664000
  • 1.27.16-gke.2703000
  • 1.28.15-gke.2121000
  • 1.28.15-gke.2169000
  • 1.29.15-gke.1240000
  • 1.30.11-gke.1131000
  • 1.31.7-gke.1212000
  • 1.32.2-gke.1297002
• The following versions are no longer available in the Extended channel:
  • 1.27.16-gke.2633000
  • 1.27.16-gke.2682000
  • 1.28.15-gke.2072000
  • 1.28.15-gke.2142000
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2097000 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2650000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2097000 with this release.

(2025-R17) Version updates

• The following versions are now available:
  • 1.30.11-gke.1131000
  • 1.30.11-gke.1217000
  • 1.31.7-gke.1212000
  • 1.31.7-gke.1390000
  • 1.32.3-gke.1927000
• The following node versions are now available:
  • 1.27.16-gke.2703000
  • 1.28.15-gke.2169000
  • 1.29.15-gke.1240000
  • 1.30.11-gke.1217000
  • 1.31.7-gke.1390000
  • 1.32.3-gke.1927000
• The following versions are no longer available:
  • 1.30.10-gke.1102000
  • 1.31.6-gke.1099001
  • 1.32.1-gke.1357001
  • 1.32.2-gke.1182001
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.31.6-gke.1064001 with this release.

Addressed multiple Common Vulnerabilities and Exposures (CVEs) by updating dependencies.

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

New Alpha resources (direct reconciler)

• ComputeNetworkAttachment
• ComputeNetworkEdgeSecurityService
• DataplexEntryGroup
• DataplexEntryType
• DataplexTask
• DataplexZone
• DatastreamRoute
• DocumentAIVersion
• GKEBackupBackup
• GKEBackupRestore
• PubSubSnapshot
• SpeechCustomClass
• VMwareEngineExternalAddress
• MetastoreService
• MetastoreFederation
• MetastoreBackup
• APIQuotaPreference
• APIQuotaAdjusterSettings
• EventarcGoogleChannelConfig
• EventarcChannel
• AssetSavedQuery
• AssetFeed
• EssentialContactsContact
• DataCatalogEntryGroup
• DataCatalogEntry
• DataCatalogTagTemplate
• DataCatalogTag

Native Query Execution now supports reading Apache ORC complex types.

Design an optimal storage strategy for your cloud workload: Added information about Filestore replication, Hyperdisk Balanced High Availability, Anywhere Cache, and capacity specifications for Google Cloud NetApp Volumes.

• Additional materials are available for deploying a model in Model Garden by using the Python SDK, gcloud CLI, or API, which are available in Preview:
  • Developer blog: Introducing the new Vertex AI Model Garden CLI and SDK
  • Deploy open models by using the SDK tutorial notebook
  • Get started with Vertex AI Model Garden SDK notebook

Multi-regional deployment on Compute Engine: Technical updates to align design recommendations with Google Cloud Well-Architected Framework core principles.

Single-zone deployment on Compute Engine: Technical updates to align design recommendations with Google Cloud Well-Architected Framework core principles.

Hub-and-spoke network architecture: Added Network Connectivity Center as a design option.

cos-113-18244-382-3

Runtime sysctl changes:

• Changed: fs.file-max: 812031 -> 812035

cos-121-18867-90-4

Runtime sysctl changes:

• Changed: fs.file-max: 811714 -> 811806

cos-dev-125-19014-0-0

Patched a null ptr exception bug in NVIDIA 570.124.06 OSS driver

Runtime sysctl changes:

• Changed: fs.file-max: 811798 -> 811785

cos-117-18613-164-124

Runtime sysctl changes:

• Changed: fs.file-max: 811760 -> 811753

Quality AI offers the following conversation filters:

• CSAT
• Sentiment score
• Silence duration

AI and ML perspective: Operational excellence: Major update to expand the operational excellence recommendations in the AI and ML perspective.

(2025-R16) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

(2025-R16) Version updates

• The following versions are now available in the Rapid channel:
  • 1.30.11-gke.1157000
  • 1.31.7-gke.1265000
  • 1.32.3-gke.1785000
• The following versions are no longer available in the Rapid channel:
  • 1.29.14-gke.1067000
  • 1.29.14-gke.1086000
  • 1.29.15-gke.1170000
  • 1.30.11-gke.1131000
  • 1.31.7-gke.1013002
  • 1.31.7-gke.1212000
  • 1.32.3-gke.1717000

(2025-R16) Version updates

• The following versions are no longer available in the Regular channel:
  • 1.29.14-gke.1018000
  • 1.29.14-gke.1067000

(2025-R16) Version updates

• Version 1.32.2-gke.1182003 is now the default version for cluster creation in the Stable channel.
• The following versions are no longer available in the Stable channel:
  • 1.29.13-gke.1038000
  • 1.29.13-gke.1169000

(2025-R16) Version updates

• The following versions are now available in the Extended channel:
  • 1.27.16-gke.2650000
  • 1.27.16-gke.2682000
  • 1.28.15-gke.2097000
  • 1.28.15-gke.2142000
  • 1.29.15-gke.1193000
• The following versions are no longer available in the Extended channel:
  • 1.27.16-gke.2595000
  • 1.27.16-gke.2664000
  • 1.28.15-gke.2027000
  • 1.28.15-gke.2121000
  • 1.29.14-gke.1018000
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2072000 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2633000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2072000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.14-gke.1067000 with this release.

(2025-R16) Version updates

• The following versions are now available:
  • 1.30.11-gke.1157000
  • 1.31.7-gke.1265000
  • 1.32.3-gke.1785000
• The following node versions are now available:
  • 1.27.16-gke.2682000
  • 1.28.15-gke.2142000
  • 1.29.15-gke.1193000
  • 1.30.11-gke.1157000
  • 1.31.7-gke.1265000
  • 1.32.3-gke.1785000
• The following versions are no longer available:
  • 1.29.13-gke.1038000
  • 1.29.13-gke.1169000
  • 1.29.14-gke.1018000
  • 1.29.14-gke.1067000
  • 1.29.14-gke.1086000
  • 1.29.15-gke.1170000
  • 1.30.9-gke.1127000
  • 1.30.11-gke.1131000
  • 1.31.7-gke.1013002
  • 1.31.7-gke.1212000
  • 1.32.3-gke.1717000

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so changes may take one-to-four days to appear in your region.

The following supported default parsers have been updated. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

• 1Password Audit Events (ONEPASSWORD_AUDIT_EVENTS)
• AIX system (AIX_SYSTEM)
• Akamai DataStream 2 (AKAMAI_DATASTREAM_2)
• Alveo Risk Data Management (ALVEO_RDM)
• Amazon API Gateway (AWS_API_GATEWAY)
• Apache Tomcat (TOMCAT)
• Appian Cloud (APPIAN_CLOUD)
• Arcsight CEF (ARCSIGHT_CEF)
• Asset Panda (ASSET_PANDA)
• Aware Audit (AWARE_AUDIT)
• Aware Signals (AWARE_SIGNALS)
• AWS Cloudtrail (AWS_CLOUDTRAIL)
• AWS CloudWatch (AWS_CLOUDWATCH)
• AWS ECS Metrics (AWS_ECS_METRICS)
• AWS Elastic Load Balancer (AWS_ELB)
• AWS GuardDuty (GUARDDUTY)
• AWS Inspector (AWS_INSPECTOR)
• AWS Lambda Function (AWS_LAMBDA_FUNCTION)
• AWS RDS (AWS_RDS)
• AWS Redshift (AWS_REDSHIFT)
• AWS Route 53 DNS (AWS_ROUTE_53)
• AWS Security Hub (AWS_SECURITY_HUB)
• AWS VPC Flow (AWS_VPC_FLOW)
• AWS WAF (AWS_WAF)
• Azure AD Directory Audit (AZURE_AD_AUDIT)
• Azure AD Organizational Context (AZURE_AD_CONTEXT)
• Azure Application Gateway (AZURE_GATEWAY)
• Azure Firewall (AZURE_FIREWALL)
• Azure Key Vault logging (AZURE_KEYVAULT_AUDIT)
• Barracuda CloudGen Firewall (BARRACUDA_CLOUDGEN_FIREWALL)
• Barracuda WAF (BARRACUDA_WAF)
• BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
• Blue Coat Proxy (BLUECOAT_WEBPROXY)
• Broadcom Support Portal Audit Logs (BROADCOM_SUPPORT_PORTAL)
• Cato Networks (CATO_NETWORKS)
• Cequence Bot Defense (CEQUENCE_BOT_DEFENSE)
• Check Point (CHECKPOINT_FIREWALL)
• ChromeOS XDR (CHROMEOS_XDR)
• Cisco Email Security (CISCO_EMAIL_SECURITY)
• Cisco EStreamer (CISCO_ESTREAMER)
• Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
• Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
• Cisco Internetwork Operating System (CISCO_IOS)
• Cisco IronPort (CISCO_IRONPORT)
• Cisco ISE (CISCO_ISE)
• Cisco NX-OS (CISCO_NX_OS)
• Cisco Switch (CISCO_SWITCH)
• Cisco Umbrella Cloud Firewall (UMBRELLA_FIREWALL)
• Cisco vManage SD-WAN (CISCO_SDWAN)
• Cisco VPN (CISCO_VPN)
• Citrix Netscaler (CITRIX_NETSCALER)
• Citrix Storefront (CITRIX_STOREFRONT)
• Claroty Xdome (CLAROTY_XDOME)
• Cloud Audit Logs (N/A)
• Cloud Data Loss Prevention (N/A)
• Cloudflare Network Analytics (CLOUDFLARE_NETWORK_ANALYTICS)
• Cloudflare WAF (CLOUDFLARE_WAF)
• Cloudflare Warp (CLOUDFLARE_WARP)
• CommVault (COMMVAULT)
• CrowdStrike Detection Monitoring (CS_DETECTS)
• CrowdStrike Falcon (CS_EDR)
• CrowdStrike Falcon Stream (CS_STREAM)
• CrowdStrike Identity Protection Services (CS_IDP)
• CrushFTP (CRUSHFTP)
• Custom Application Access Logs (CUSTOM_APPLICATION_ACCESS)
• CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
• Cybereason EDR (CYBEREASON_EDR)
• Cyolo Secure Remote Access for OT (CYOLO_OT)
• Datadog (DATADOG)
• Delinea Secret Server (DELINEA_SECRET_SERVER)
• Dell CyberSense (DELL_CYBERSENSE)
• Digicert (DIGICERT)
• Edgio WAF (EDGIO_WAF)
• Elastic Packet Beats (ELASTIC_PACKETBEATS)
• F5 ASM (F5_ASM)
• F5 DNS (F5_DNS)
• Forcepoint DLP (FORCEPOINT_DLP)
• Forcepoint NGFW (FORCEPOINT_FIREWALL)
• Forgerock OpenIdM (FORGEROCK_OPENIDM)
• FortiGate (FORTINET_FIREWALL)
• Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
• Fortinet Fortimanager (FORTINET_FORTIMANAGER)
• Fortinet Web Application Firewall (FORTINET_FORTIWEB)
• GitHub (GITHUB)
• Gitlab (GITLAB)
• Harness IO (HARNESS_IO)
• Hashicorp Vault (HASHICORP)
• Hillstone Firewall (HILLSTONE_NGFW)
• Huawei Switches (HUAWEI_SWITCH)
• IBM Guardium (GUARDIUM)
• Imperva Database (IMPERVA_DB)
• Intel Endpoint Management Assistant (INTEL_EMA)
• JAMF Security Cloud (JAMF_SECURITY_CLOUD)
• JFrog Artifactory (JFROG_ARTIFACTORY)
• JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
• Juniper (JUNIPER_FIREWALL)
• Kaspersky AV (KASPERSKY_AV)
• Kaspersky Endpoint (KASPERSKY_ENDPOINT)
• Kolide Endpoint Security (KOLIDE)
• Kubernetes Audit (KUBERNETES_AUDIT)
• Layer7 SiteMinder (SITEMINDER_SSO)
• Linux Auditing System (AuditD) (AUDITD)
• Looker Audit (LOOKER_AUDIT)
• ManageEngine ADAudit Plus (ADAUDIT_PLUS)
• ManageEngine ADManager Plus (ADMANAGER_PLUS)
• McAfee Web Gateway (MCAFEE_WEBPROXY)
• Metabase (METABASE)
• Microsoft AD FS (ADFS)
• Microsoft Azure Activity (AZURE_ACTIVITY)
• Microsoft Azure NSG Flow (AZURE_NSG_FLOW)
• Microsoft CyberX (CYBERX)
• Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
• Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY)
• Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
• Microsoft IIS (IIS)
• Microsoft PowerShell (POWERSHELL)
• Microsoft Sentinel (MICROSOFT_SENTINEL)
• Microsoft System Center Endpoint Protection (MICROSOFT_SCEP)
• Mikrotik Router (MIKROTIK_ROUTER)
• Mimecast (MIMECAST_MAIL)
• MISP Threat Intelligence (MISP_IOC)
• NetIQ eDirectory (NETIQ_EDIRECTORY)
• Netskope V2 (NETSKOPE_ALERT_V2)
• Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
• Office 365 (OFFICE_365)
• Okta (OKTA)
• Okta User Context (OKTA_USER_CONTEXT)
• One Identity Identity Manager (ONE_IDENTITY_IDENTITY_MANAGER)
• Oort Security Tool (OORT)
• Open Cybersecurity Schema Framework (OCSF) (OCSF)
• Open LDAP (OPENLDAP)
• Opnsense (OPNSENSE)
• Ops Genie (OPS_GENIE)
• Oracle (ORACLE_DB)
• Oracle Cloud Guard (OCI_CLOUDGUARD)
• Oracle Cloud Infrastructure Audit Logs (OCI_AUDIT)
• Orca Cloud Security Platform (ORCA)
• Palo Alto Cortex XDR Alerts (CORTEX_XDR)
• Palo Alto Networks Firewall (PAN_FIREWALL)
• Palo Alto Panorama (PAN_PANORAMA)
• Palo Alto Prisma Access (PAN_CASB)
• Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
• Pharos (PHAROS)
• Privacy-I (PRIVACY_I)
• Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
• Proofpoint Tap Alerts (PROOFPOINT_MAIL)
• Proofpoint Threat Response (PROOFPOINT_TRAP)
• Radware Web Application Firewall (RADWARE_FIREWALL)
• ReviveSec (REVIVESEC)
• Rubrik (RUBRIK)
• Salesforce (SALESFORCE)
• Sangfor Proxy (SANGFOR_PROXY)
• Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
• Security Command Center Threat (N/A)
• Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
• ServiceNow CMDB (SERVICENOW_CMDB)
• Snare System Diagnostic Logs (SNARE_SOLUTIONS)
• Snipe-IT (SNIPE_IT)
• Snyk Group level audit/issues logs (SNYK_ISSUES)
• SonicWall (SONIC_FIREWALL)
• Sophos Central (SOPHOS_CENTRAL)
• Swimlane Platform (SWIMLANE)
• Symantec DLP (SYMANTEC_DLP)
• Symantec Event export (SYMANTEC_EVENT_EXPORT)
• Symantec Web Security Service (SYMANTEC_WSS)
• Tanium Question (TANIUM_QUESTION)
• Tanium Threat Response (TANIUM_THREAT_RESPONSE)
• Teleport Access Plane (TELEPORT_ACCESS_PLANE)
• Tenable Active Directory Security (TENABLE_ADS)
• Tenable CSPM (TENABLE_CSPM)
• tenable.io (TENABLE_IO)
• Terraform Enterprise Audit (TERRAFORM_ENTERPRISE)
• Thinkst Canary (THINKST_CANARY)
• ThreatX WAF (THREATX_WAF)
• Trend Micro Email Security Advanced (TRENDMICRO_EMAIL_SECURITY)
• Trend Micro Vision One (TRENDMICRO_VISION_ONE)
• TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
• TXOne Stellar (TRENDMICRO_STELLAR)
• UKG (UKG)
• Unix system (NIX_SYSTEM)
• UPX AntiDDoS (UPX_ANTIDDOS)
• VanDyke SFTP (VANDYKE_SFTP)
• Varonis (VARONIS)
• Vectra Alerts (VECTRA_ALERTS)
• Vectra Stream (VECTRA_STREAM)
• VMware AirWatch (AIRWATCH)
• Vmware Avinetworks iWAF (VMWARE_AVINETWORKS_IWAF)
• VMware ESXi (VMWARE_ESX)
• VMware Horizon (VMWARE_HORIZON)
• Watchguard EDR (WATCHGUARD_EDR)
• Windows Defender AV (WINDOWS_DEFENDER_AV)
• Windows DHCP (WINDOWS_DHCP)
• Windows DNS (WINDOWS_DNS)
• Windows Event (WINEVTLOG)
• Windows Event (XML) (WINEVTLOG_XML)
• Windows Sysmon (WINDOWS_SYSMON)
• Workday Audit Logs (WORKDAY_AUDIT)
• Workday User Activity (WORKDAY_USER_ACTIVITY)
• WPEngine (WPENGINE)
• Zimperium (ZIMPERIUM)
• Zscaler (ZSCALER_WEBPROXY)
• ZScaler DNS (ZSCALER_DNS)
• Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
• ZScaler NGFW (ZSCALER_FIREWALL)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

• Accenture Synthetic (ACCENTURE_SYNTHETIC)
• Adyen Platform (ADYEN)
• AliCloud ActionTrail (ALICLOUD_ACTIONTRAIL)
• Apache LOG4J Java Application Log (LOG4J)
• AppSmith Audit (APPSMITH_AUDIT)
• Arctic Security Arctic Node (ARCTIC_NODE)
• Arista CorvilNet DANZ Integration (ARISTA_CORVILNET)
• Arista Extensible Operating System (ARISTA_EOS)
• AvePoint EnPower (AVEPOINT_ENPOWER)
• Avigilon Alta Cloud Security (AVIGILON_ALTA_CLOUD_SECURITY)
• Avigilon Ava Security Camera (AVIGILON_AVA_SECURITY_CAMERA)
• AWS Dasha (AWS_DASHA)
• AWS Elastic Kubernetes Service (AWS_EKS)
• Azure Network Security Group Event (AZURE_NSG_EVENT)
• Azure Windows Virtual Desktop Connections Logs (AZURE_WVD_CONNECTIONS)
• Azure Windows Virtual Desktop Management Logs (AZURE_WVD_MANAGEMENT)
• Barracuda Load Balancer ADC (BARRACUDA_LOAD_BALANCER)
• Broadcom Edge Secure Web Gateway (BROADCOM_EDGE_SWG)
• Celonis Audit Logs (CELONIS)
• Chopin PrePay Solutions (CHOPIN_PPS)
• Cisco Duo Authentication Proxy (DUO_AUTH_PROXY)
• Cloudflare CASB Findings (CLOUDFLARE_CASB_FINDINGS)
• Cloudflare Device posture results (CLOUDFLARE_DEVICE_POSTURE_RESULTS)
• Cloudflare DLP Forensic Copies (CLOUDFLARE_DLP_FORENSIC_COPIES)
• Cloudflare DNS Firewall Logs (CLOUDFLARE_DNS_FIREWALL_LOGS)
• Cloudflare DNS logs (CLOUDFLARE_DNS_LOGS)
• Cloudflare Email Security Alerts (CLOUDFLARE_EMAIL_SECURITY_ALERTS)
• Cloudflare Firewall Events (CLOUDFLARE_FIREWALL_EVENTS)
• Cloudflare Gateway DNS (CLOUDFLARE_GATEWAY_DNS)
• Cloudflare Gateway HTTP (CLOUDFLARE_GATEWAY_HTTP)
• Cloudflare Gateway Network (CLOUDFLARE_GATEWAY_NETWORK)
• Cloudflare HTTP requests (CLOUDFLARE_HTTP_REQUESTS)
• Cloudflare Magic IDS Detections (CLOUDFLARE_MAGIC_IDS_DETECTIONS)
• Cloudflare NEL reports (CLOUDFLARE_NEL_REPORTS)
• Cloudflare Sinkhole HTTP Logs (CLOUDFLARE_SINKHOLE_HTTP_LOGS)
• Cloudflare SSH Logs (CLOUDFLARE_SSH_LOGS)
• Cloudflare Workers Trace Events (CLOUDFLARE_WORKERS_TRACE_EVENTS)
• Cloudflare Zero Trust Network Session (CLOUDFLARE_ZERO_TRUST_NETWORK_SESSION)
• CloudWave Honeypot (CLOUDWAVE_HONEYPOT)
• ColorTokens (COLORTOKENS)
• Contrast Security (CONTRAST_SECURITY)
• Conversational Agents and Dialogflow (CONVERSATIONAL_AGENT)
• Corero SmartWall One (CORERO_SMARTWALL_ONE)
• Cytracom Control One (CYTRACOM_CONTROL_ONE)
• Datadog Application Security Management (DATADOG_ASM)
• Express NodeJS (EXPRESS_NODEJS)
• F5 Distributed Cloud WAF (F5_DCS_WAF)
• Figma Developers (FIGMA)
• FIS Trax Payment Factory (TRAX)
• Fortinet FortiDeceptor (FORTINET_FORTIDECEPTOR)
• Fortinet FortiSASE (FORTINET_FORTISASE)
• Gemini Code Assist (GEMINI_CODE_ASSIST)
• Genea Access Control (GENEA_ACCESS_CONTROL)
• Genetec Synergis (GENETEC_SYNERGIS)
• GL TRADE (GL_TRADE)
• HP Inc MFP (HP_INC_MFP)
• HP Tandem (HP_TANDEM)
• Huawei Versatile Routing Platform (HUAWEI_VRP)
• Human Security (HUMAN_SECURITY)
• iManage Threat Manager (IMANAGE_THREAT_MANAGER)
• Indefend DLP (INDEFEND_DLP)
• Invicti (INVICTI)
• Isonline ISL Light (ISL_LIGHT)
• Itential Pronghorn (ITENTIAL_PRONGHORN)
• Jit (JIT)
• Kodem Security (KODEM_SECURITY)
• Konica Minolta YSoft SafeQ (YSOFT_SAFEQ)
• LayerX (LAYERX)
• LinOTP (LIN_OTP)
• Magento Cloud (MAGENTO_CLOUD)
• Mandiant Advantage Security Validation (MA_SV)
• NetApp ONTAP Audit (NETAPP_ONTAP_AUDIT)
• Netscout Arbor Threat Mitigation System (NETSCOUT_TMS)
• Netwrix Privilege Secure (NETWRIX_PRIVILEGE_SECURE)
• NeuVector SUSE (NEUVECTOR)
• Novidea Insurance Management System (NOVIDEA_CLAIM_HISTORY)
• OneTrust (ONETRUST)
• Openpath Context (OPENPATH_CONTEXT)
• Oracle Audit Vault Database Firewall (ORACLE_AVDF)
• Oracle CPQ (ORACLE_CPQ)
• Oracle Exadata Database Machine (ORACLE_EXADATA)
• Palo Alto Prisma Cloud Workload Protection (PAN_PRISMA_CWP)
• Palo Alto Prisma Dig Cloud DSPM (PAN_PRISMA_DIG_CLOUD_DSPM)
• Panorays (PANORAYS)
• Pathlock Identity Security Platform (PATHLOCK)
• Procore (PROCORE)
• ProofPoint Email Protection (PROOFPOINT_EMAIL_PROTECTION)
• Radiantone (RADIANTONE)
• Radware Cloud WAF Service Access (RADWARE_ACCESS)
• Reblaze Web Application Firewall (REBLAZE_WAF)
• Red Access Browsing Security (RED_ACCESS)
• SafeNet Network HSM (SAFENET_HSM)
• Salesforce Marketing Cloud Audit (SALESFORCE_MARKETING_CLOUD_AUDIT)
• Salesforce Shield (SALESFORCE_SHIELD)
• Sangfor IAG (SANGFOR_IAG)
• SAP Leasing (SAP_LEASING)
• SAS Institute (SAS_INSTITUTE)
• Securden (SECURDEN)
• SecurEnvoy SecurAccess (SECURENVOY_MFA)
• Securesoft Sniper IPS (SECURESOFT_SNIPER_IPS)
• Sentra Data Loss Prevention (SENTRA_DLP)
• Shield IoT (SHIELD_IOT)
• Siemens Simatic S7 PLC SNMP (SIEMENS_S7_PLC_SNMP)
• Siemens Simatic S7 PLC SYSLOG (SIEMENS_S7_PLC_SYSLOG)
• Smartsheet User Context (SMARTSHEET_USER_CONTEXT)
• Snowflake Access (SNOWFLAKE_ACCESS)
• SOCRadar Incidents (SOCRADAR_INCIDENTS)
• Strata Maverics Identity Orchestration Platform (STRATA_MAVERICS)
• Stripe Payments (STRIPE)
• Suridata (SURIDATA)
• Teradata Access (TERADATA_ACCESS)
• Thales payShield 10K HSM (THALES_PS10K_HSM)
• Trend Micro TippingPoint Security Management System (TREND_MICRO_TIPPING_POINT)
• Valence Security (VALENCE)
• Vertica Audit (VERTICA_AUDIT)
• Windows NTP (WINDOWS_NTP)
• Winget Autoupdate (WINGET_AUTOUPDATE)
• Wiz Runtime Execution Data (WIZ_RUNTIME_EXECUTION_DATA)
• Workiva Wdesk (WORKIVA_WDESK)
• XL Release (XLR)
• Yugabyte Database (YUGABYTE_DATABASE)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so changes may take one-to-four days to appear in your region.

The following supported default parsers have been updated. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

• 1Password Audit Events (ONEPASSWORD_AUDIT_EVENTS)
• AIX system (AIX_SYSTEM)
• Akamai DataStream 2 (AKAMAI_DATASTREAM_2)
• Alveo Risk Data Management (ALVEO_RDM)
• Amazon API Gateway (AWS_API_GATEWAY)
• Apache Tomcat (TOMCAT)
• Appian Cloud (APPIAN_CLOUD)
• Arcsight CEF (ARCSIGHT_CEF)
• Asset Panda (ASSET_PANDA)
• Aware Audit (AWARE_AUDIT)
• Aware Signals (AWARE_SIGNALS)
• AWS Cloudtrail (AWS_CLOUDTRAIL)
• AWS CloudWatch (AWS_CLOUDWATCH)
• AWS ECS Metrics (AWS_ECS_METRICS)
• AWS Elastic Load Balancer (AWS_ELB)
• AWS GuardDuty (GUARDDUTY)
• AWS Inspector (AWS_INSPECTOR)
• AWS Lambda Function (AWS_LAMBDA_FUNCTION)
• AWS RDS (AWS_RDS)
• AWS Redshift (AWS_REDSHIFT)
• AWS Route 53 DNS (AWS_ROUTE_53)
• AWS Security Hub (AWS_SECURITY_HUB)
• AWS VPC Flow (AWS_VPC_FLOW)
• AWS WAF (AWS_WAF)
• Azure AD Directory Audit (AZURE_AD_AUDIT)
• Azure AD Organizational Context (AZURE_AD_CONTEXT)
• Azure Application Gateway (AZURE_GATEWAY)
• Azure Firewall (AZURE_FIREWALL)
• Azure Key Vault logging (AZURE_KEYVAULT_AUDIT)
• Barracuda CloudGen Firewall (BARRACUDA_CLOUDGEN_FIREWALL)
• Barracuda WAF (BARRACUDA_WAF)
• BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
• Blue Coat Proxy (BLUECOAT_WEBPROXY)
• Broadcom Support Portal Audit Logs (BROADCOM_SUPPORT_PORTAL)
• Cato Networks (CATO_NETWORKS)
• Cequence Bot Defense (CEQUENCE_BOT_DEFENSE)
• Check Point (CHECKPOINT_FIREWALL)
• ChromeOS XDR (CHROMEOS_XDR)
• Cisco Email Security (CISCO_EMAIL_SECURITY)
• Cisco EStreamer (CISCO_ESTREAMER)
• Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
• Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
• Cisco Internetwork Operating System (CISCO_IOS)
• Cisco IronPort (CISCO_IRONPORT)
• Cisco ISE (CISCO_ISE)
• Cisco NX-OS (CISCO_NX_OS)
• Cisco Switch (CISCO_SWITCH)
• Cisco Umbrella Cloud Firewall (UMBRELLA_FIREWALL)
• Cisco vManage SD-WAN (CISCO_SDWAN)
• Cisco VPN (CISCO_VPN)
• Citrix Netscaler (CITRIX_NETSCALER)
• Citrix Storefront (CITRIX_STOREFRONT)
• Claroty Xdome (CLAROTY_XDOME)
• Cloud Audit Logs (N/A)
• Cloud Data Loss Prevention (N/A)
• Cloudflare Network Analytics (CLOUDFLARE_NETWORK_ANALYTICS)
• Cloudflare WAF (CLOUDFLARE_WAF)
• Cloudflare Warp (CLOUDFLARE_WARP)
• CommVault (COMMVAULT)
• CrowdStrike Detection Monitoring (CS_DETECTS)
• CrowdStrike Falcon (CS_EDR)
• CrowdStrike Falcon Stream (CS_STREAM)
• CrowdStrike Identity Protection Services (CS_IDP)
• CrushFTP (CRUSHFTP)
• Custom Application Access Logs (CUSTOM_APPLICATION_ACCESS)
• CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
• Cybereason EDR (CYBEREASON_EDR)
• Cyolo Secure Remote Access for OT (CYOLO_OT)
• Datadog (DATADOG)
• Delinea Secret Server (DELINEA_SECRET_SERVER)
• Dell CyberSense (DELL_CYBERSENSE)
• Digicert (DIGICERT)
• Edgio WAF (EDGIO_WAF)
• Elastic Packet Beats (ELASTIC_PACKETBEATS)
• F5 ASM (F5_ASM)
• F5 DNS (F5_DNS)
• Forcepoint DLP (FORCEPOINT_DLP)
• Forcepoint NGFW (FORCEPOINT_FIREWALL)
• Forgerock OpenIdM (FORGEROCK_OPENIDM)
• FortiGate (FORTINET_FIREWALL)
• Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
• Fortinet Fortimanager (FORTINET_FORTIMANAGER)
• Fortinet Web Application Firewall (FORTINET_FORTIWEB)
• GitHub (GITHUB)
• Gitlab (GITLAB)
• Harness IO (HARNESS_IO)
• Hashicorp Vault (HASHICORP)
• Hillstone Firewall (HILLSTONE_NGFW)
• Huawei Switches (HUAWEI_SWITCH)
• IBM Guardium (GUARDIUM)
• Imperva Database (IMPERVA_DB)
• Intel Endpoint Management Assistant (INTEL_EMA)
• JAMF Security Cloud (JAMF_SECURITY_CLOUD)
• JFrog Artifactory (JFROG_ARTIFACTORY)
• JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
• Juniper (JUNIPER_FIREWALL)
• Kaspersky AV (KASPERSKY_AV)
• Kaspersky Endpoint (KASPERSKY_ENDPOINT)
• Kolide Endpoint Security (KOLIDE)
• Kubernetes Audit (KUBERNETES_AUDIT)
• Layer7 SiteMinder (SITEMINDER_SSO)
• Linux Auditing System (AuditD) (AUDITD)
• Looker Audit (LOOKER_AUDIT)
• ManageEngine ADAudit Plus (ADAUDIT_PLUS)
• ManageEngine ADManager Plus (ADMANAGER_PLUS)
• McAfee Web Gateway (MCAFEE_WEBPROXY)
• Metabase (METABASE)
• Microsoft AD FS (ADFS)
• Microsoft Azure Activity (AZURE_ACTIVITY)
• Microsoft Azure NSG Flow (AZURE_NSG_FLOW)
• Microsoft CyberX (CYBERX)
• Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
• Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY)
• Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
• Microsoft IIS (IIS)
• Microsoft PowerShell (POWERSHELL)
• Microsoft Sentinel (MICROSOFT_SENTINEL)
• Microsoft System Center Endpoint Protection (MICROSOFT_SCEP)
• Mikrotik Router (MIKROTIK_ROUTER)
• Mimecast (MIMECAST_MAIL)
• MISP Threat Intelligence (MISP_IOC)
• NetIQ eDirectory (NETIQ_EDIRECTORY)
• Netskope V2 (NETSKOPE_ALERT_V2)
• Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
• Office 365 (OFFICE_365)
• Okta (OKTA)
• Okta User Context (OKTA_USER_CONTEXT)
• One Identity Identity Manager (ONE_IDENTITY_IDENTITY_MANAGER)
• Oort Security Tool (OORT)
• Open Cybersecurity Schema Framework (OCSF) (OCSF)
• Open LDAP (OPENLDAP)
• Opnsense (OPNSENSE)
• Ops Genie (OPS_GENIE)
• Oracle (ORACLE_DB)
• Oracle Cloud Guard (OCI_CLOUDGUARD)
• Oracle Cloud Infrastructure Audit Logs (OCI_AUDIT)
• Orca Cloud Security Platform (ORCA)
• Palo Alto Cortex XDR Alerts (CORTEX_XDR)
• Palo Alto Networks Firewall (PAN_FIREWALL)
• Palo Alto Panorama (PAN_PANORAMA)
• Palo Alto Prisma Access (PAN_CASB)
• Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
• Pharos (PHAROS)
• Privacy-I (PRIVACY_I)
• Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
• Proofpoint Tap Alerts (PROOFPOINT_MAIL)
• Proofpoint Threat Response (PROOFPOINT_TRAP)
• Radware Web Application Firewall (RADWARE_FIREWALL)
• ReviveSec (REVIVESEC)
• Rubrik (RUBRIK)
• Salesforce (SALESFORCE)
• Sangfor Proxy (SANGFOR_PROXY)
• Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
• Security Command Center Threat (N/A)
• Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
• ServiceNow CMDB (SERVICENOW_CMDB)
• Snare System Diagnostic Logs (SNARE_SOLUTIONS)
• Snipe-IT (SNIPE_IT)
• Snyk Group level audit/issues logs (SNYK_ISSUES)
• SonicWall (SONIC_FIREWALL)
• Sophos Central (SOPHOS_CENTRAL)
• Swimlane Platform (SWIMLANE)
• Symantec DLP (SYMANTEC_DLP)
• Symantec Event export (SYMANTEC_EVENT_EXPORT)
• Symantec Web Security Service (SYMANTEC_WSS)
• Tanium Question (TANIUM_QUESTION)
• Tanium Threat Response (TANIUM_THREAT_RESPONSE)
• Teleport Access Plane (TELEPORT_ACCESS_PLANE)
• Tenable Active Directory Security (TENABLE_ADS)
• Tenable CSPM (TENABLE_CSPM)
• tenable.io (TENABLE_IO)
• Terraform Enterprise Audit (TERRAFORM_ENTERPRISE)
• Thinkst Canary (THINKST_CANARY)
• ThreatX WAF (THREATX_WAF)
• Trend Micro Email Security Advanced (TRENDMICRO_EMAIL_SECURITY)
• Trend Micro Vision One (TRENDMICRO_VISION_ONE)
• TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
• TXOne Stellar (TRENDMICRO_STELLAR)
• UKG (UKG)
• Unix system (NIX_SYSTEM)
• UPX AntiDDoS (UPX_ANTIDDOS)
• VanDyke SFTP (VANDYKE_SFTP)
• Varonis (VARONIS)
• Vectra Alerts (VECTRA_ALERTS)
• Vectra Stream (VECTRA_STREAM)
• VMware AirWatch (AIRWATCH)
• Vmware Avinetworks iWAF (VMWARE_AVINETWORKS_IWAF)
• VMware ESXi (VMWARE_ESX)
• VMware Horizon (VMWARE_HORIZON)
• Watchguard EDR (WATCHGUARD_EDR)
• Windows Defender AV (WINDOWS_DEFENDER_AV)
• Windows DHCP (WINDOWS_DHCP)
• Windows DNS (WINDOWS_DNS)
• Windows Event (WINEVTLOG)
• Windows Event (XML) (WINEVTLOG_XML)
• Windows Sysmon (WINDOWS_SYSMON)
• Workday Audit Logs (WORKDAY_AUDIT)
• Workday User Activity (WORKDAY_USER_ACTIVITY)
• WPEngine (WPENGINE)
• Zimperium (ZIMPERIUM)
• Zscaler (ZSCALER_WEBPROXY)
• ZScaler DNS (ZSCALER_DNS)
• Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
• ZScaler NGFW (ZSCALER_FIREWALL)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

• Accenture Synthetic (ACCENTURE_SYNTHETIC)
• Adyen Platform (ADYEN)
• AliCloud ActionTrail (ALICLOUD_ACTIONTRAIL)
• Apache LOG4J Java Application Log (LOG4J)
• AppSmith Audit (APPSMITH_AUDIT)
• Arctic Security Arctic Node (ARCTIC_NODE)
• Arista CorvilNet DANZ Integration (ARISTA_CORVILNET)
• Arista Extensible Operating System (ARISTA_EOS)
• AvePoint EnPower (AVEPOINT_ENPOWER)
• Avigilon Alta Cloud Security (AVIGILON_ALTA_CLOUD_SECURITY)
• Avigilon Ava Security Camera (AVIGILON_AVA_SECURITY_CAMERA)
• AWS Dasha (AWS_DASHA)
• AWS Elastic Kubernetes Service (AWS_EKS)
• Azure Network Security Group Event (AZURE_NSG_EVENT)
• Azure Windows Virtual Desktop Connections Logs (AZURE_WVD_CONNECTIONS)
• Azure Windows Virtual Desktop Management Logs (AZURE_WVD_MANAGEMENT)
• Barracuda Load Balancer ADC (BARRACUDA_LOAD_BALANCER)
• Broadcom Edge Secure Web Gateway (BROADCOM_EDGE_SWG)
• Celonis Audit Logs (CELONIS)
• Chopin PrePay Solutions (CHOPIN_PPS)
• Cisco Duo Authentication Proxy (DUO_AUTH_PROXY)
• Cloudflare CASB Findings (CLOUDFLARE_CASB_FINDINGS)
• Cloudflare Device posture results (CLOUDFLARE_DEVICE_POSTURE_RESULTS)
• Cloudflare DLP Forensic Copies (CLOUDFLARE_DLP_FORENSIC_COPIES)
• Cloudflare DNS Firewall Logs (CLOUDFLARE_DNS_FIREWALL_LOGS)
• Cloudflare DNS logs (CLOUDFLARE_DNS_LOGS)
• Cloudflare Email Security Alerts (CLOUDFLARE_EMAIL_SECURITY_ALERTS)
• Cloudflare Firewall Events (CLOUDFLARE_FIREWALL_EVENTS)
• Cloudflare Gateway DNS (CLOUDFLARE_GATEWAY_DNS)
• Cloudflare Gateway HTTP (CLOUDFLARE_GATEWAY_HTTP)
• Cloudflare Gateway Network (CLOUDFLARE_GATEWAY_NETWORK)
• Cloudflare HTTP requests (CLOUDFLARE_HTTP_REQUESTS)
• Cloudflare Magic IDS Detections (CLOUDFLARE_MAGIC_IDS_DETECTIONS)
• Cloudflare NEL reports (CLOUDFLARE_NEL_REPORTS)
• Cloudflare Sinkhole HTTP Logs (CLOUDFLARE_SINKHOLE_HTTP_LOGS)
• Cloudflare SSH Logs (CLOUDFLARE_SSH_LOGS)
• Cloudflare Workers Trace Events (CLOUDFLARE_WORKERS_TRACE_EVENTS)
• Cloudflare Zero Trust Network Session (CLOUDFLARE_ZERO_TRUST_NETWORK_SESSION)
• CloudWave Honeypot (CLOUDWAVE_HONEYPOT)
• ColorTokens (COLORTOKENS)
• Contrast Security (CONTRAST_SECURITY)
• Conversational Agents and Dialogflow (CONVERSATIONAL_AGENT)
• Corero SmartWall One (CORERO_SMARTWALL_ONE)
• Cytracom Control One (CYTRACOM_CONTROL_ONE)
• Datadog Application Security Management (DATADOG_ASM)
• Express NodeJS (EXPRESS_NODEJS)
• F5 Distributed Cloud WAF (F5_DCS_WAF)
• Figma Developers (FIGMA)
• FIS Trax Payment Factory (TRAX)
• Fortinet FortiDeceptor (FORTINET_FORTIDECEPTOR)
• Fortinet FortiSASE (FORTINET_FORTISASE)
• Gemini Code Assist (GEMINI_CODE_ASSIST)
• Genea Access Control (GENEA_ACCESS_CONTROL)
• Genetec Synergis (GENETEC_SYNERGIS)
• GL TRADE (GL_TRADE)
• HP Inc MFP (HP_INC_MFP)
• HP Tandem (HP_TANDEM)
• Huawei Versatile Routing Platform (HUAWEI_VRP)
• Human Security (HUMAN_SECURITY)
• iManage Threat Manager (IMANAGE_THREAT_MANAGER)
• Indefend DLP (INDEFEND_DLP)
• Invicti (INVICTI)
• Isonline ISL Light (ISL_LIGHT)
• Itential Pronghorn (ITENTIAL_PRONGHORN)
• Jit (JIT)
• Kodem Security (KODEM_SECURITY)
• Konica Minolta YSoft SafeQ (YSOFT_SAFEQ)
• LayerX (LAYERX)
• LinOTP (LIN_OTP)
• Magento Cloud (MAGENTO_CLOUD)
• Mandiant Advantage Security Validation (MA_SV)
• NetApp ONTAP Audit (NETAPP_ONTAP_AUDIT)
• Netscout Arbor Threat Mitigation System (NETSCOUT_TMS)
• Netwrix Privilege Secure (NETWRIX_PRIVILEGE_SECURE)
• NeuVector SUSE (NEUVECTOR)
• Novidea Insurance Management System (NOVIDEA_CLAIM_HISTORY)
• OneTrust (ONETRUST)
• Openpath Context (OPENPATH_CONTEXT)
• Oracle Audit Vault Database Firewall (ORACLE_AVDF)
• Oracle CPQ (ORACLE_CPQ)
• Oracle Exadata Database Machine (ORACLE_EXADATA)
• Palo Alto Prisma Cloud Workload Protection (PAN_PRISMA_CWP)
• Palo Alto Prisma Dig Cloud DSPM (PAN_PRISMA_DIG_CLOUD_DSPM)
• Panorays (PANORAYS)
• Pathlock Identity Security Platform (PATHLOCK)
• Procore (PROCORE)
• ProofPoint Email Protection (PROOFPOINT_EMAIL_PROTECTION)
• Radiantone (RADIANTONE)
• Radware Cloud WAF Service Access (RADWARE_ACCESS)
• Reblaze Web Application Firewall (REBLAZE_WAF)
• Red Access Browsing Security (RED_ACCESS)
• SafeNet Network HSM (SAFENET_HSM)
• Salesforce Marketing Cloud Audit (SALESFORCE_MARKETING_CLOUD_AUDIT)
• Salesforce Shield (SALESFORCE_SHIELD)
• Sangfor IAG (SANGFOR_IAG)
• SAP Leasing (SAP_LEASING)
• SAS Institute (SAS_INSTITUTE)
• Securden (SECURDEN)
• SecurEnvoy SecurAccess (SECURENVOY_MFA)
• Securesoft Sniper IPS (SECURESOFT_SNIPER_IPS)
• Sentra Data Loss Prevention (SENTRA_DLP)
• Shield IoT (SHIELD_IOT)
• Siemens Simatic S7 PLC SNMP (SIEMENS_S7_PLC_SNMP)
• Siemens Simatic S7 PLC SYSLOG (SIEMENS_S7_PLC_SYSLOG)
• Smartsheet User Context (SMARTSHEET_USER_CONTEXT)
• Snowflake Access (SNOWFLAKE_ACCESS)
• SOCRadar Incidents (SOCRADAR_INCIDENTS)
• Strata Maverics Identity Orchestration Platform (STRATA_MAVERICS)
• Stripe Payments (STRIPE)
• Suridata (SURIDATA)
• Teradata Access (TERADATA_ACCESS)
• Thales payShield 10K HSM (THALES_PS10K_HSM)
• Trend Micro TippingPoint Security Management System (TREND_MICRO_TIPPING_POINT)
• Valence Security (VALENCE)
• Vertica Audit (VERTICA_AUDIT)
• Windows NTP (WINDOWS_NTP)
• Winget Autoupdate (WINGET_AUTOUPDATE)
• Wiz Runtime Execution Data (WIZ_RUNTIME_EXECUTION_DATA)
• Workiva Wdesk (WORKIVA_WDESK)
• XL Release (XLR)
• Yugabyte Database (YUGABYTE_DATABASE)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Release 6.3.43 is now available for all regions.

Summarization with custom sections, generative knowledge assist, and proactive generative knowledge assist are available in the following regions:

• northamerica-northeast1 (Montreal)
• northamerica-northeast2 (Toronto)
• europe-west4 (Eemshaven)
• europe-west6 (Zurich)
• asia-southeast2 (Jakarta)
• me-west1 (Tel Aviv)

cos-117-18613-164-121

Updated cos-gpu-installer to v2.5.0: Support IMEX Driver installation for NVIDIA_GB200 GPU device.

Runtime sysctl changes:

• Changed: fs.file-max: 811760 -> 811799

cos-121-18867-0-104

Updated cos-gpu-installer to v2.5.0: Support IMEX Driver installation for NVIDIA_GB200 GPU device.

Runtime sysctl changes:

• Changed: fs.file-max: 811714 -> 811816

cos-109-17800-436-106

Runtime sysctl changes:

• Changed: fs.file-max: 812288 -> 812262

cos-dev-125-19000-0-0

Updated cos-gpu-installer to v2.5.0: Support IMEX Driver installation for NVIDIA_GB200 GPU device.

Updated the Linux kernel to v6.6.87.

Runtime sysctl changes:

• Changed: fs.file-max: 811798 -> 811749

cos-113-18244-291-109

Runtime sysctl changes:

• Changed: fs.file-max: 812031 -> 812016

Upgraded etcd to v3.4.33-0-gke.3.

The following functional change was made in 1.31.400-gke.110:

• Updated the cluster upgrade operation to keep only the three latest kubeadm backups of etcd and configuration information for a node. Previously, kubeadm kept node backups for every attempted upgrade.

• Upgraded etcd to v3.4.33-0-gke.3.

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Updated the limitations for the following integration in the Supported products and limitations page:

• Firestore: using Firestore Enterprise edition with restricted VIP requires adding IP ranges to an allowlist.

Starting from June 2025, the default version for new Cloud Composer environments changes from Cloud Composer 2 to Cloud Composer 3. New environments will use the latest default Airflow build (composer-3-airflow-2). Currently, the default version is composer-2-airflow-2.

Release 6.3

Policy Controller version 1.20.2 is now available.

New Canvas View is enabled by default in the Integration Editor

The new Canvas View is now enabled by default in the integration editor. This change is a default setting and no manual enablement is required. You can switch to the old canvas view by disabling the New canvas view toggle.

For more information, see Use the new canvas view.

You can get the required permissions to use BigQuery data preparation through the BigQuery Studio User (roles/bigquery.studioUser) and Gemini for Google Cloud User (roles/cloudaicompanion.user) roles, and permission to access the data you're preparing.

BigQuery data preparation no longer requires that you have the permissions granted by the following IAM roles:

• BigQuery Data Editor (roles/bigquery.dataEditor)
• Service Usage Consumer (roles/serviceusage.serviceUsageConsumer)

For more information about the required roles, see Manage data preparations.

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud SQL for MySQL 8.0.40 is now the default minor version. To upgrade your existing instance to the new version, see Upgrade the database minor version.

The ability to use Git proxy for Git calls to your SCM connections is now generally available.

Parallel file systems for HPC workloads: Added guidance about Google Cloud Managed Lustre.

(2025-R15) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.