Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

July 19, 2024

Apigee Advanced API Security

The preview release of generative AI summaries and recommendations for Advanced API Security Abuse Detection incidents has been temporarily disabled due to a known issue. We will announce in a release note when the functionality is re-enabled.

Cloud Load Balancing

Regional external Application Load Balancers, cross-region internal Application Load Balancers, regional internal Application Load Balancers, regional internal proxy Network Load Balancers, cross-region internal proxy Network Load Balancers, and regional external proxy Network Load Balancers support IPv4 and IPv6 (dual-stack) backends.

Ingress IPv4 traffic can now be proxied over an IPv4 or IPv6 connection to the IPv4 and IPv6 (dual-stack) backends.

The following backends support dual stack:

  • VM instance group
  • Zonal NEGs (GCE_VM_IP_PORT)

You can now convert the load balancers from IPv4 based deployments to dual stack (IPv4 and IPv6) deployments.

For details, see:

This feature is available in Preview.

Cloud Logging

The permissions required to use saved and recent queries have changed. You can also define a location in your default resource settings where saved and recent queries are saved. This location must align with your organization policy.

Cloud SQL for SQL Server

You can now use Extended Events (XEvents) on your Cloud SQL for SQL Server instance to monitor, identify, and troubleshoot the performance of the databases on your instance.

Google Cloud VMware Engine

VMware Engine ve2-standard-128 node type is generally available in us-central1 region. For more information on the node type, see Node types. To use the node type in us-central1 region, contact your Google account team.

Vertex AI Agent Builder

Vertex AI Search: Multi-step retrieval for answer (GA)

For the answer method, multi-step retrieval using multi-step (ReAct) reasoning is Generally available (GA).

For information about this feature, see Query rephrasing and Search and answer (specify maximum steps).

July 18, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26921

For more details, see the GCP-2024-043 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26921

For more details, see the GCP-2024-043 security bulletin.

BigQuery

The following BigQuery migration assessment features are now generally available (GA):

  • When you run a migration assessment, the migration assessment now automatically creates a BigQuery dataset to store the assessment results. You can also choose to store assessment results in an existing empty dataset or manually create a dataset with a custom name.
  • While a migration assessment is running, you can view the assessment report with partial data. You can also view its progress and estimated completion time in the status icon tooltip.
  • You can view more information and errors about a migration assessment in the assessment details page.
Cloud Composer

Information about excluded Cloud Storage objects in the environment's bucket is no longer logged. This change reduces the usage of the Storage API during the synchronization of DAG files, which improves the performance of Airflow components and results in fewer Airflow component restarts. The change will gradually become available in all Cloud Composer environments.

Cloud Data Fusion

Cloud Data Fusion versions 6.9 and later store pipeline run records for 30 days by default. For more information, see View run records.

Cloud Run

You can now disable the default run.app URL for your Cloud Run services (Preview).

Cloud SQL for MySQL

You can now create custom organization policies for Cloud SQL instances. For more information, see Add custom organization policies.

Cloud SQL for PostgreSQL

You can now create custom organization policies for Cloud SQL instances. For more information, see Add custom organization policies.

Cloud SQL for SQL Server

You can now create custom organization policies for Cloud SQL instances. For more information, see Add custom organization policies.

Dataform

As of Dataform Core 3.0.0., Dataform doesn't distribute a Docker image. You can build your own Docker image of Dataform, which you can use to run the equivalent of Dataform CLI commands. To build your own Docker image, see Containerize an application in the Docker documentation.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.112-debian10, 2.0.112-rocky8, 2.0.112-ubuntu18
  • 2.1.60-debian11, 2.1.60-rocky8, 2.1.60-ubuntu20, 2.1.60-ubuntu20-arm
  • 2.2.26-debian12, 2.2.26-rocky9, 2.2.26-ubuntu22
Document AI

For custom extractor with generative AI, model pretrained-foundation-model-v1.1-2024-03-12 provides fine-tuning for US/EU in Public preview. For more information about custom extractor models, see Custom extractor model versions.

Google SecOps SIEM

When you migrate an existing Google SecOps instance so that it is bound to a Google Cloud project, you can also use auto-generated commands to migrate your existing feature RBAC configuration to IAM permissions and roles. For more information, see Migrate existing permissions to IAM.

Looker Studio

Ads Location Extension Fields

The following asset location fields are available in the Google Ads and New Search Ads 360 connectors:

  • Asset location address line 1
  • Asset location address line 2
  • Asset location business name
  • Asset location city
  • Asset location country code
  • Asset location phone number
  • Asset location postal code
  • Asset location province

Partner Connector launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

SAP on Google Cloud

New SAP certifications: C3 bare metal machine types

SAP has certified the following Compute Engine bare metal machine types:

  • c3-highmem-192-metal for use with SAP HANA OLAP and OLTP workloads.
  • c3-standard-192-metal and c3-highmem-192-metal for use with SAP NetWeaver workloads.

For more information, see the following:

Spanner

Spanner now includes the JSON_ARRAY() and JSON_OBJECT() functions for building JSON types in GoogleSQL. For more information, see JSON functions in GoogleSQL.

July 17, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26925

For more details, see the GCP-2024-045 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26925

For more details, see the GCP-2024-045 security bulletin.

AutoML Tables

The shutdown date for AutoML Tables has changed from Mar 31, 2024 to July 24, 2024.

BigQuery

You can now configure the default storage billing model for new datasets. This feature is generally available (GA).

Cloud Composer

A new Cloud Composer release has started on July 17, 2024. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.

Airflow 2.9.1 is available in Cloud Composer images and builds. We recommend checking the list of changes in Apache Airflow release notes before upgrading to this version.

(Airflow 2.9.1) Task context logging is disabled, and it is not possible to enable it.

(Airflow 2.9.1) Raw HTML code in DAG docs and DAG parameter descriptions is disabled by default.

(Airflow 2.9.1) Audit log permissions are revoked from all roles except Admin.

The apache-airflow-providers-google package was upgraded to version 10.21.0 in Cloud Composer 2 images with Airflow 2.7.3 and 2.9.1, and in all latest Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.18.0 to version 10.21.0.

When installing PyPI packages, if you want your builds to run with a custom service account, you can override the COMPOSER_AGENT_BUILD_SERVICE_ACCOUNT environment variable with the chosen service account. For more information, see Install Python dependencies.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.0
  • composer-3-airflow-2.7.3-build.9

Cloud Composer 2.8.6 images are available:

  • composer-2.8.6-airflow-2.9.1
  • composer-2.8.6-airflow-2.7.3 (default)
  • composer-2.8.6-airflow-2.6.3

Support dates for previous Cloud Composer 3 builds are available. All Cloud Composer 3 builds with Airflow 2.7.3 are supported until July 17, 2025.

Cloud Composer version 2.3.4 has reached its end of support period.

Cloud SQL for PostgreSQL

You can now use the following optional flags when you export and import files into Cloud SQL instances:

  • --clean: if you export files, then this flag enables you to include the DROP <object> SQL statement that's required to drop (clean) database objects before you import them. If you import files, then this flag enables you to clean database objects before you recreate them.
  • --if-exists: this flag enables you to include the IF EXISTS SQL statement with each DROP statement that's produced by the clean flag.

If you import files, then these flags apply only if you use the --parallel flag. If you export files, then use these flags only if you're not exporting files in parallel.

Contact Center AI Platform

Version 3.20 is released

All release notes published on this date are part of version 3.20.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Agent chat adapter redesign

We have redesigned the agent chat adapter to streamline workflows, boost productivity, and improve the agent experience. Here are the highlights:

  • A new chat details screen where agents can reference information about the end-user and the chat while the chat is active.

  • An improved chat transfer experience, including:

    • Separate tabs for agents and queues.

    • The ability to search by queue.

  • An expandable chat overview screen where agents can see additional information for each active chat. From this screen, agents can transfer chats, add users to chats, access chat options, and more.

  • An new action bar that puts an agent's most important actions within easy reach.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.70
  • 1.2.14
  • 2.0.78
  • 2.2.14
Google Cloud Armor

Granular models for Cloud Armor Adaptive Protection are now Generally Available. For more information, see the Adaptive Protection overview.

Google Distributed Cloud (software only) for VMware

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26925

For more details, see the GCP-2024-045 security bulletin.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26925

For more details, see the GCP-2024-045 security bulletin.

(2024-R25) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.29.6-gke.1038001 is now the default version.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.27.13-gke.1070002
    • 1.27.13-gke.1201002
    • 1.27.14-gke.1059001
    • 1.27.15-gke.1154000
    • 1.28.10-gke.1058001
    • 1.28.11-gke.1170000
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1091001
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

Stable channel

  • Version 1.29.5-gke.1091002 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.13-gke.1201002
    • 1.28.9-gke.1289002
    • 1.28.10-gke.1058001
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1091001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.

Regular channel

  • Version 1.29.6-gke.1038001 is now the default version in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.27.14-gke.1042001
    • 1.27.14-gke.1059001
    • 1.28.10-gke.1075001
    • 1.29.5-gke.1091002
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1019001
    • 1.28.11-gke.1170000
    • 1.29.6-gke.1254000
    • 1.30.2-gke.1447000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.

GKE Autopilot now supports opportunistic bursting and lower Pod minimums upon cluster creation or upgrade to 1.30.2-gke.1394000 or later, resolving a previous issue with containerd.

(2024-R25) Version updates

  • Version 1.29.6-gke.1038001 is now the default version.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.27.13-gke.1070002
    • 1.27.13-gke.1201002
    • 1.27.14-gke.1059001
    • 1.27.15-gke.1154000
    • 1.28.10-gke.1058001
    • 1.28.11-gke.1170000
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1091001
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

(2024-R25) Version updates

  • Version 1.29.5-gke.1091002 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.13-gke.1201002
    • 1.28.9-gke.1289002
    • 1.28.10-gke.1058001
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1091001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.

(2024-R25) Version updates

  • Version 1.29.6-gke.1038001 is now the default version in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.27.14-gke.1042001
    • 1.27.14-gke.1059001
    • 1.28.10-gke.1075001
    • 1.29.5-gke.1091002
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

(2024-R25) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1019001
    • 1.28.11-gke.1170000
    • 1.29.6-gke.1254000
    • 1.30.2-gke.1447000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
Google SecOps

On December 31, 2024, the managed BigQuery data lake for export will not be accessible to Google SecOps customers except for customers in the Enterprise Plus Tier. Enterprise Plus Tier customers will retain access until a replacement is available. Other customers can use their own BigQuery instance to export telemetry data, a feature currently in preview. For more information, see Configure a data export to BigQuery in a self-managed Google Cloud project.

Google SecOps SIEM

On December 31, 2024, the managed BigQuery data lake for export will not be accessible to Google SecOps customers except for customers in the Enterprise Plus Tier. Enterprise Plus Tier customers will retain access until a replacement is available. Other customers can use their own BigQuery instance to export telemetry data, a feature currently in preview. For more information, see Configure a data export to BigQuery in a self-managed Google Cloud project.

Sensitive Data Protection

The ARMENIA_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

VPC Service Controls

Preview stage support for the following integration:

Vertex AI Agent Builder

Vertex AI Search: Evaluate search quality (Public preview)

Evaluate the search quality of your generic search applications using sample query sets. This lets you assess your search engine's performance, understand potential biases or shortcomings in ranking algorithms, and compare historical evaluation results to understand the impact of changes in your search configuration.

For more information, see Evaluate search quality. This feature is in Public preview.

Virtual Private Cloud

Private Service Connect backends can be used to reach regional endpoints for supported Google APIs. Regional endpoints replace locational endpoints for Private Service Connect backends.

The list of supported regional endpoints that can be accessed by Private Service Connect endpoints and backends is updated to include additional supported Google APIs and regions.

July 16, 2024

AlloyDB for PostgreSQL

Cross-region backup location is now generally available (GA).

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26809

For more information, see the GCP-2024-042 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-36972

For more details, see the GCP-2024-044 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26809

For more information, see the GCP-2024-042 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-36972

For more details, see the GCP-2024-044 security bulletin.

Apigee Integrated Portal

On July 16, 2024 we released a new version of the Apigee integrated portal.

This release includes general improvements to performance and availability.

App Engine standard environment Java

You can now configure an HTTP connector to improve CPU and memory utilization for your App Engine apps. To configure an HTTP connector, include the appengine.use.httpconnector system property in your appengine-web.xml file. For more information, see Google App Engine Java new performant HTTP connector GitHub page.

BigQuery

When you run a migration assessment for Amazon Redshift, Teradata, or Snowflake, the service also creates a dataset containing only highly aggregated assessment results. This aggregated dataset doesn't contain any query logs; therefore, no personally identifiable information (PII) or business-sensitive information is visible. You can share this dataset with users that are not in your project. This feature is in preview.

Cloud SQL for MySQL

Cloud SQL Studio is now generally available. For more information, see Manage your data using Cloud SQL Studio.

You can now search for and manage your Cloud SQL resources by using Dataplex Catalog. For more information about the integration of Cloud SQL and Dataplex Catalog, see Manage your Cloud SQL resources using Dataplex Catalog.

Cloud SQL for PostgreSQL

Cloud SQL Studio is now generally available. For more information, see Manage your data using Cloud SQL Studio.

You can now search for and manage your Cloud SQL resources by using Dataplex Catalog. For more information about the integration of Cloud SQL and Dataplex Catalog, see Manage your Cloud SQL resources using Dataplex Catalog.

Cloud SQL for SQL Server

Cloud SQL Studio is now generally available. For more information, see Manage your data using Cloud SQL Studio.

You can now search for and manage your Cloud SQL resources by using Dataplex Catalog. For more information about the integration of Cloud SQL and Dataplex Catalog, see Manage your Cloud SQL resources using Dataplex Catalog.

Compute Engine

Generally available: C3 bare metal machine types are available in the C3 machine series. Bare metal instances let you create an instance with direct access to the machine's CPU and memory, without a virtualization layer in the middle. With bare metal instances, you can access all the raw compute resources of the server. For more information, see the C3 machine series.

Deep Learning Containers

M123 release

  • Hugging Face Text Generation Inference 2.1 GPU container images are now available.
Deep Learning VM Images

M123 release

  • TensorFlow 2.16 images are now available.
Google Distributed Cloud (software only) for VMware

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26921
  • CVE-2024-36972

For more details, see the GCP-2024-043 and GCP-2024-044 security bulletins.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26921

For more details, see the GCP-2024-043 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-36972

For more details, see the GCP-2024-044 security bulletin.

Compute flexible committed use discounts (CUDs), previously known as Compute Engine Flexible CUDs, have been expanded to include several GKE Autopilot and Cloud Run SKUs (see the GKE CUD documentation for details). The legacy GKE Autopilot CUD will be removed from sale on October 15, 2024. GKE Autopilot CUDs purchased before this date will continue to apply through their term.

SAP on Google Cloud

New SAP certification for operating systems

For use with SAP HANA and SAP NetWeaver on Google Cloud, SAP has certified the operating system Red Hat Enterprise Linux (RHEL) for SAP 9.4.

For more information about SAP-certified operating systems, see:

Spanner

Spanner now supports the following PostgreSQL JSONB functions:

  • jsonb_array_elements()
  • spanner.bool_array()
  • spanner.float32_array()
  • spanner.float64_array()
  • spanner.int64_array()
  • spanner.string_array()

For more information, see JSONB functions and Spanner specific JSONB functions.

Spanner now supports the following GoogleSQL JSON functions:

  • BOOL_ARRAY: Converts a JSON array of booleans to a SQL ARRAY<BOOL> value.
  • FLOAT32: Converts a JSON number to a SQL FLOAT32 value.
  • FLOAT32_ARRAY: Converts a JSON array of numbers to a SQL ARRAY<FLOAT32> value.
  • FLOAT64_ARRAY: Converts a JSON array of numbers to a SQL ARRAY<FLOAT64> value.
  • INT64_ARRAY: Converts a JSON array of numbers to a SQL INT64_ARRAY value.
  • STRING_ARRAY: Converts a JSON array of strings to a SQL ARRAY<STRING> value.

Spanner now supports the GoogleSQL PDML_MAX_PARALLELISM statement-level hint. For more information, see Statement hints.

The following are now supported for the INSERT statement:

Spanner now supports geo-partitioning (in Preview). You can use geo-partitioning to segment and store rows in your database table across different configurations. For more information, see the Geo-partitioning overview.

Vertex AI Workbench

M123 release

The M123 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Fixed a bug that caused conflicting permissions with the Jupyter user and google-sudoers.
  • Fixed a bug for custom container instances using a disabled root.

The M123 release of Vertex AI Workbench managed notebooks includes the following:

  • Fixed a bug that caused conflicting permissions with the Jupyter user and google-sudoers.

M123 release

The M123 release of Vertex AI Workbench instances includes the following:

  • Fixed a bug that caused conflicting permissions with the Jupyter user and google-sudoers.

July 15, 2024

Application Integration

You can now share custom connectors between different Google Cloud projects by exporting and importing the connector specification. This feature is in preview.

Cloud Composer

It is no longer possible to create Cloud Composer 1 environments in Google Cloud console. It's still possible to create Cloud Composer 1 environments through Google Cloud SDK, Terraform, and API in projects that support creating new Cloud Composer 1 environments.

Cloud Data Fusion

The Cloud Storage Copy/Move plugin version 0.23.2, which is bundled with Google Cloud Platform plugin, is available in Cloud Data Fusion versions 6.10.0 and later. The release lets you use a wildcard character (*) in the source path to copy and move multiple files. For example, the source path gs://demo0/prod/reports/*.csv copies and moves all CSV files in the reports directory (PLUGIN-698).

Cloud Run

Compute flexible committed use discounts are now available for Cloud Run services with CPU always allocated, and Cloud Run jobs. A single flexible commitment covers eligible spend across Compute Engine, GKE, and Cloud Run. For more information, see Committed use discounts.

Compute Engine

Compute flexible committed use discounts (CUDs)—previously known as Compute Engine flexible CUDs—have been expanded to also cover your Cloud Billing account's spend across Google Kubernetes Engine (GKE) and Cloud Run. A single flexible commitment covers your eligible spend across all three services. For more information, see Compute flexible CUDs.

To learn about how flexible CUDs apply to the other services, see the following:

Generally available: You can limit the run time of VMs, which automatically stops or deletes a VM after a specific time or duration. Limiting your VMs' run times can help you optimize temporary workloads by minimizing costs and releasing quota. For more information, see Limit the run time of a VM and Limit the runtime of VMs in a MIG.

Config Controller

Config Controller now uses the following versions of its included products:

Contact Center AI Platform

Mobile SDK 2.8 is released

Mobile SDK 2.8 includes the following update: added support for landscape mode.

For more information, see the following:

Container Optimized OS

cos-dev-117-18555-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.37 v24.0.9 v2.0.0rc2 See List

Upgrade fluent-bit to v3.0.6.

Upgraded app-admin/node-problem-detector to v0.8.19.

Upgraded app-containers/cni-plugins to v1.5.1.

Upgraded app-admin/google-guest-configs to v20240607.00.

Added support for TPU v6 devices.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2792.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2437.

Upgraded sys-apps/dbus to v1.14.10-r192.

Upgraded chromeos-base/shill-client to v0.0.1-r4577.

Upgraded chromeos-base/debugd-client to v0.0.1-r2703.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2937.

Upgraded chromeos-base/minijail to v18-r142.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r633.

Upgraded dev-embedded/libftdi to v1.5-r7.

Upgraded sys-apps/pv to v1.8.10.

Upgraded net-dns/c-ares to v1.31.0.

Upgraded app-admin/logrotate to v3.22.0.

Upgraded dev-python/pygobject to v3.46.0-r1.

Upgraded dev-db/sqlite to v3.46.0.

Upgraded dev-libs/nss to v3.101.

Upgraded sys-apps/hwdata to v0.383.

Upgraded net-misc/rsync to v3.3.0.

Upgraded sys-apps/findutils to v4.10.0.

Upgraded sys-libs/libseccomp to v2.5.5-r1.

Upgraded net-misc/curl to v8.8.0-r1.

Upgraded sys-apps/ethtool to v6.9.

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.

Updated cos-gpu-installer to v2.3.5.

Added the package revision number to the SSH banner in net-misc/openssh.

Fixed glibc-2.36 build errors in sys-boot/syslinux.

Upgraded dev-lang/go to v1.22.4. This fixes CVE-2024-24790 and CVE-2024-24789.

Fixed CVE-2024-35195 in dev-python/requests.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_rto_min_us: 200000
  • Changed: fs.file-max: 811785 -> 811776

cos-109-17800-218-76

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded app-editors/vim to v9.1.0470, Upgraded app-editors/vim-core to v9.1.0470.

Upgraded sys-apps/grep to v3.11-r1.

Upgraded sys-apps/dmidecode to v3.6.

Upgraded net-misc/rsync to v3.2.7-r4.

Upgraded sys-apps/ethtool to v6.9.

Upgraded sys-apps/attr to v2.5.2-r1.

Upgraded net-dns/libidn2 to v2.3.7.

Upgraded sys-apps/sed to v4.9-r1.

Upgraded app-admin/logrotate to v3.22.0.

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.

Upgraded sys-process/lsof to v4.99.3.

Upgraded sys-apps/file to v5.45-r4.

Upgraded dev-libs/libusb to v1.0.27-r1.

Upgraded net-misc/curl to v8.8.0-r1.

Updated cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.

Added the package revision number to the SSH banner in net-misc/openssh.

Updated net-misc/wget to version 1.24.5. This fixed CVE-2024-38428.

Fixed CVE-2024-36978 in the Linux kernel.

cos-105-17412-370-75

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.256.02(default),v550.90.07(latest)

Upgraded app-admin/logrotate to v3.22.0.

Upgraded dev-libs/libusb to v1.0.27-r1.

Upgraded sys-apps/dmidecode to v3.6.

Upgraded sys-apps/grep to v3.11-r1.

Upgraded app-shells/dash to v0.5.12.

Upgraded sys-apps/attr to v2.5.2-r1.

Upgraded sys-apps/diffutils to v3.10.

Upgraded net-dns/libidn2 to v2.3.7.

Upgraded net-misc/wget to v1.21.4.

Upgraded app-misc/mime-types to v2.1.54.

Upgraded net-analyzer/netcat to v110.20180111-r2.

Updated cos-gpu-installer to v2.3.5.

Added the package revision number to the SSH banner in net-misc/openssh.

Fixed CVE-2024-24790 and CVE-2024-24789 in dev-lang/go.

Updated net-misc/wget to v1.24.5. This fixed CVE-2024-38428.

Fixed CVE-2024-36978 in the Linux kernel.

cos-113-18244-85-54

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Updated cos-gpu-installer to v2.3.5.

Added the package revision number to the SSH banner in net-misc/openssh.

Updated net-misc/wget to version 1.24.5. This fixed CVE-2024-38428.

Fixed CVE-2024-36978 in the Linux kernel.

cos-101-17162-463-58

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.256.02(default),v550.90.07(latest)

Updated cos-gpu-installer to v2.3.5.

Updated net-misc/wget to v1.24.5. This fixed CVE-2024-38428.

Fixed CVE-2024-36978 in the Linux kernel.

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.10 (2024-07-10)

Bug Fixes
  • dataflow: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
Google Distributed Cloud (software only) for VMware

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

For more details, see the GCP-2024-042 security bulletin.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26809

For more details, see the GCP-2024-042 security bulletin.

Google SecOps

The third-party API feed Symantec Event Export has been discontinued due to the deprecation of Symantec Event Export API. To ingest data, use a Google Cloud storage bucket. For more information, see Add a feed.

Google SecOps SIEM

The third-party API feed Symantec Event Export has been discontinued due to the deprecation of Symantec Event Export API. To ingest data, use a Google Cloud storage bucket. For more information, see Add a feed.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.13.4 (2024-07-10)

Bug Fixes
  • secretmanager: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
Vertex AI Agent Builder

Vertex AI Search: Rotation of CMEK keys, which protect data stores (Private preview)

Customer-managed encryption keys (CMEK) for data stores associated with search apps can be rotated.

Don't rotate keys for data stores associated with recommendations apps. Also, if you rely on analytics, don't rotate keys.

Key rotation is available in Private preview. For information about rotating CMEK keys to protect Vertex AI Agent data stores, see Customer-managed encryption keys.

July 13, 2024

Google SecOps

Python 2.7 is being deprecated and will be fully removed on October 13, 2024.

For information on how to update Marketplace integrations to Python 3.11, refer to Upgrade the Python versions.

Support for Python 3.11: Google SecOps now supports Python 3.11 in all the certified integrations. This feature is in General Availability.

IDE Staging mode: A staging mode has been added to the IDE where you can test certified and custom integrations as well as custom items. The staging mode acts as a sandbox where you can test the new Python 3.11 code or any upgraded integration before pushing to production. For more information, refer to Test integrations in staging mode. This feature is in General Availability.

Google SecOps SOAR

Python 2.7 is being deprecated and will be fully removed on October 13, 2024.

For information on how to update Marketplace integrations to Python 3.11, refer to Upgrade the Python versions.

Support for Python 3.11: Google SecOps now supports Python 3.11 in all the certified integrations. This feature is in General Availability.

IDE Staging mode: A staging mode has been added to the IDE where you can test certified and custom integrations as well as custom items. The staging mode acts as a sandbox where you can test the new Python 3.11 code or any upgraded integration before pushing to production. For more information, refer to Test integrations in staging mode. This feature is in General Availability.

July 12, 2024

App Engine flexible environment .NET

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment Go

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment Java

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment Node.js

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment PHP

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment Python

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment Ruby

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment custom runtimes

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine standard environment Go

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

App Engine standard environment Java

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

App Engine standard environment Node.js

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

App Engine standard environment PHP

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

App Engine standard environment Python

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

App Engine standard environment Ruby

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

Compute Engine

Preview: Hyperdisk Balanced High Availability provides cross-zonal, synchronous replication for your disk data, offering the best set of options for RPO, RTO, and performance.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.111-debian10, 2.0.112-rocky8, 2.0.112-ubuntu18
  • 2.1.59-debian11, 2.1.60-rocky8, 2.1.60-ubuntu20, 2.1.60-ubuntu20-arm
  • 2.2.25-debian12, 2.2.26-rocky9, 2.2.26-ubuntu22
Google SecOps SOAR

Release 6.3.10 is now in General Availability.

Memorystore for Redis Cluster

Single-zone instances are now Generally Available on Memorystore for Redis Cluster.

Spanner

Spanner now supports dual-region instance configurations in Australia, Germany, India, and Japan. Dual-region configurations let you replicate data in multiple zones across two regions in a single country. This helps you meet your data residency requirements, while taking advantage of 99.999% availability. For more information, see Dual-region configurations.

Spanner now supports the approximate nearest neighbor (ANN) distance functions (APPROX_COSINE_DISTANCE(), APPROX_EUCLIDEAN_DISTANCE(), and APPROX_DOT_PRODUCT()) in the GoogleSQL dialect (in Preview). If you have tables with a large amount of unstructured data that can be represented as vector data, you can create a vector index using DDL statements and accelerate similarity searches and nearest neighbor queries using standard SQL using these functions without having to copy the data into a separate system. For more information, see Find approximate nearest neighbors to index and query vector embeddings in Spanner.

July 11, 2024

Anti Money Laundering AI

A new major engine version is now available for Retail and Commercial lines of business, within the v4 tuning version. This includes:

  • Additional data validation errors with more granular checks and corresponding actionable error messages
  • Improved accuracy and better descriptions for existing data validation checks
  • A fix for processing of alert events in the Risk Case Event table
  • Improved reliability of training, prediction, and backtesting operations for very large datasets (greater than 20 million parties)
  • Reduction in the time taken for tuning when creating an engine config
Apigee X

On July 11, 2024, we released an updated version of Apigee (1-12-0-apigee-8).

This release addresses the security concerns in GCP-2024-032 from Google Anthos Service Mesh.

Bug ID Description
330175485 Security fix for apigee-ingress.
This addresses the following vulnerabilities:
Bug ID Description
N/A Updated libraries and infrastructure.
Application Integration Cloud Functions

Starting in July 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying functions for the first time may be using a default Cloud Build service account with insufficient permissions for building a function. If you are impacted by this change you can do one of the following:

Cloud Run

Starting July 2024, Cloud Build changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change documentation. As a result of this change, new projects deploying to Cloud Run from source code for the first time may be using a default Cloud Build service account with insufficient permissions for deploying from source.

If you are impacted by this change, you can do one of the following:

Cloud Storage

You can now specify Frankfurt (europe-west3) and Zürich (europe-west6) as a predefined dual-region pairing. For more information, see Predefined dual-regions.

Compute Engine

You can only create on-demand reservations of A3 VMs if you create specifically targeted reservations. This restriction doesn't affect reservations that were created before July 11, 2024, which you can continue to consume based on their consumption type.

For more information, see the following pages:

Dataflow

You can now use the Dataflow job builder UI to create and run Dataflow pipelines in the Google Cloud console, without writing any code. This feature is generally available (GA).

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.69
  • 1.2.13
  • 2.0.77
  • 2.2.13
Dialogflow

Vertex AI Agents: Agent apps now provide generative settings for input token limit, output token limit, and temperature.

Google Cloud VMware Engine

Added missing release notes for ve2-standard-128 availability in australia-southeast1 region

Looker Studio

Pro feature: Gemini in Looker public preview features

The following Gemini in Looker features are now available in Public Preview:

Learn more about Gemini in Looker and how to enable it in Looker Studio.

Partner Connector launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Search Ads 360 connector deprecation complete

The Search Ads 360 connector deprecation that was announced on April 2, 2024 is complete. Please use the New Search Ads 360 connector.

reCAPTCHA

reCAPTCHA for WAF integration with Akamai is now available in Preview. For more information, see Integrate reCAPTCHA for WAF with Akamai .

July 10, 2024

AlloyDB for PostgreSQL Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

App Engine flexible environment .NET

.NET version 3 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of .NET.

App Engine flexible environment Go

Go version 1.19 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Go.

App Engine flexible environment Node.js

Node.js version 16 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Node.js.

App Engine flexible environment PHP

PHP version 7.4 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of PHP.

App Engine flexible environment Python

Python version 3.7 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Python.

App Engine flexible environment Ruby

Ruby version 3.1 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Ruby.

Cloud Billing

You can now view granular AlloyDB for PostgreSQL usage in the Cloud Billing Detailed export to BigQuery

You can now view granular AlloyDB for PostgreSQL cluster, instance, and backup data in the Google Cloud Billing detailed export. Use the resource.global_name and resource.name fields in the export to view and filter your detailed AlloyDB cluster, instance, and backup usage.

Review the schema of the Detailed cost data export.

Tags data for AlloyDB for PostgreSQL cluster, instance, and backup usage is available in both the Standard usage cost export and the Detailed usage cost export.

To learn more about Tags, see Tags overview. To learn about using Tags in your cost data exported to BigQuery, see about tags and query examples with tags.

Datastream

Datastream is now available in the us-east5 (Columbus) region. For the list of all available regions, see IP allowlists and regions.

Google Cloud Marketplace Partners

We've made the following changes to Cloud Marketplace partner reports:

Google Kubernetes Engine

(2024-R24) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.29.5-gke.1091002 is now the default version.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.26.15-gke.1090000
    • 1.26.15-gke.1090004
    • 1.26.15-gke.1191000
    • 1.26.15-gke.1191001
    • 1.26.15-gke.1300000
    • 1.26.15-gke.1300001
    • 1.26.15-gke.1320000
    • 1.26.15-gke.1320002
    • 1.26.15-gke.1381000
    • 1.26.15-gke.1381001
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1390001
    • 1.26.15-gke.1404000
    • 1.26.15-gke.1404002
    • 1.26.15-gke.1469000
    • 1.26.15-gke.1469001
    • 1.27.11-gke.1062004
    • 1.27.13-gke.1070000
    • 1.27.13-gke.1166000
    • 1.27.13-gke.1166001
    • 1.27.13-gke.1201000
    • 1.27.14-gke.1022000
    • 1.27.14-gke.1022001
    • 1.27.14-gke.1042000
    • 1.27.14-gke.1059000
    • 1.27.14-gke.1100000
    • 1.27.14-gke.1100002
    • 1.27.15-gke.1012000
    • 1.27.15-gke.1012003
    • 1.28.9-gke.1000000
    • 1.28.9-gke.1069000
    • 1.28.9-gke.1069002
    • 1.28.9-gke.1209000
    • 1.28.9-gke.1209001
    • 1.28.9-gke.1289000
    • 1.28.10-gke.1058000
    • 1.28.10-gke.1075000
    • 1.28.10-gke.1089000
    • 1.28.10-gke.1089002
    • 1.28.10-gke.1148000
    • 1.28.10-gke.1148001
    • 1.28.11-gke.1019000
    • 1.29.4-gke.1043002
    • 1.29.5-gke.1060000
    • 1.29.5-gke.1060001
    • 1.29.5-gke.1091000
    • 1.29.6-gke.1038000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.

Stable channel

  • Version 1.28.9-gke.1289002 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.26.15-gke.1090000
    • 1.26.15-gke.1090004
    • 1.26.15-gke.1191000
    • 1.26.15-gke.1191001
    • 1.26.15-gke.1300000
    • 1.26.15-gke.1300001
    • 1.27.13-gke.1070000
    • 1.27.13-gke.1070002
    • 1.27.13-gke.1166000
    • 1.27.13-gke.1166001
    • 1.27.13-gke.1201000
    • 1.28.9-gke.1069000
    • 1.28.9-gke.1069002
    • 1.28.9-gke.1209000
    • 1.28.9-gke.1209001
    • 1.28.9-gke.1289000
    • 1.29.4-gke.1043002
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.

Regular channel

  • Version 1.29.5-gke.1091002 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1320000
    • 1.26.15-gke.1320002
    • 1.26.15-gke.1381000
    • 1.26.15-gke.1381001
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1390001
    • 1.27.13-gke.1201000
    • 1.27.13-gke.1201002
    • 1.27.14-gke.1022000
    • 1.27.14-gke.1022001
    • 1.27.14-gke.1042000
    • 1.28.9-gke.1289000
    • 1.28.9-gke.1289002
    • 1.28.10-gke.1058000
    • 1.28.10-gke.1058001
    • 1.28.10-gke.1075000
    • 1.29.4-gke.1043002
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1060000
    • 1.29.5-gke.1060001
    • 1.29.5-gke.1091000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1404000
    • 1.26.15-gke.1404002
    • 1.26.15-gke.1469000
    • 1.26.15-gke.1469001
    • 1.27.14-gke.1059000
    • 1.27.14-gke.1100000
    • 1.27.14-gke.1100002
    • 1.27.15-gke.1012000
    • 1.27.15-gke.1012003
    • 1.28.10-gke.1089000
    • 1.28.10-gke.1089002
    • 1.28.10-gke.1148000
    • 1.28.10-gke.1148001
    • 1.28.11-gke.1019000
    • 1.29.5-gke.1091000
    • 1.29.5-gke.1091002
    • 1.29.6-gke.1038000
    • 1.30.1-gke.1329000
    • 1.30.2-gke.1023000
    • 1.30.2-gke.1023004
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

(2024-R24) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1404000
    • 1.26.15-gke.1404002
    • 1.26.15-gke.1469000
    • 1.26.15-gke.1469001
    • 1.27.14-gke.1059000
    • 1.27.14-gke.1100000
    • 1.27.14-gke.1100002
    • 1.27.15-gke.1012000
    • 1.27.15-gke.1012003
    • 1.28.10-gke.1089000
    • 1.28.10-gke.1089002
    • 1.28.10-gke.1148000
    • 1.28.10-gke.1148001
    • 1.28.11-gke.1019000
    • 1.29.5-gke.1091000
    • 1.29.5-gke.1091002
    • 1.29.6-gke.1038000
    • 1.30.1-gke.1329000
    • 1.30.2-gke.1023000
    • 1.30.2-gke.1023004
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

(2024-R24) Version updates

  • Version 1.28.9-gke.1289002 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.26.15-gke.1090000
    • 1.26.15-gke.1090004
    • 1.26.15-gke.1191000
    • 1.26.15-gke.1191001
    • 1.26.15-gke.1300000
    • 1.26.15-gke.1300001
    • 1.27.13-gke.1070000
    • 1.27.13-gke.1070002
    • 1.27.13-gke.1166000
    • 1.27.13-gke.1166001
    • 1.27.13-gke.1201000
    • 1.28.9-gke.1069000
    • 1.28.9-gke.1069002
    • 1.28.9-gke.1209000
    • 1.28.9-gke.1209001
    • 1.28.9-gke.1289000
    • 1.29.4-gke.1043002
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.

(2024-R24) Version updates

  • Version 1.29.5-gke.1091002 is now the default version.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.26.15-gke.1090000
    • 1.26.15-gke.1090004
    • 1.26.15-gke.1191000
    • 1.26.15-gke.1191001
    • 1.26.15-gke.1300000
    • 1.26.15-gke.1300001
    • 1.26.15-gke.1320000
    • 1.26.15-gke.1320002
    • 1.26.15-gke.1381000
    • 1.26.15-gke.1381001
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1390001
    • 1.26.15-gke.1404000
    • 1.26.15-gke.1404002
    • 1.26.15-gke.1469000
    • 1.26.15-gke.1469001
    • 1.27.11-gke.1062004
    • 1.27.13-gke.1070000
    • 1.27.13-gke.1166000
    • 1.27.13-gke.1166001
    • 1.27.13-gke.1201000
    • 1.27.14-gke.1022000
    • 1.27.14-gke.1022001
    • 1.27.14-gke.1042000
    • 1.27.14-gke.1059000
    • 1.27.14-gke.1100000
    • 1.27.14-gke.1100002
    • 1.27.15-gke.1012000
    • 1.27.15-gke.1012003
    • 1.28.9-gke.1000000
    • 1.28.9-gke.1069000
    • 1.28.9-gke.1069002
    • 1.28.9-gke.1209000
    • 1.28.9-gke.1209001
    • 1.28.9-gke.1289000
    • 1.28.10-gke.1058000
    • 1.28.10-gke.1075000
    • 1.28.10-gke.1089000
    • 1.28.10-gke.1089002
    • 1.28.10-gke.1148000
    • 1.28.10-gke.1148001
    • 1.28.11-gke.1019000
    • 1.29.4-gke.1043002
    • 1.29.5-gke.1060000
    • 1.29.5-gke.1060001
    • 1.29.5-gke.1091000
    • 1.29.6-gke.1038000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.

(2024-R24) Version updates

  • Version 1.29.5-gke.1091002 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1320000
    • 1.26.15-gke.1320002
    • 1.26.15-gke.1381000
    • 1.26.15-gke.1381001
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1390001
    • 1.27.13-gke.1201000
    • 1.27.13-gke.1201002
    • 1.27.14-gke.1022000
    • 1.27.14-gke.1022001
    • 1.27.14-gke.1042000
    • 1.28.9-gke.1289000
    • 1.28.9-gke.1289002
    • 1.28.10-gke.1058000
    • 1.28.10-gke.1058001
    • 1.28.10-gke.1075000
    • 1.29.4-gke.1043002
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1060000
    • 1.29.5-gke.1060001
    • 1.29.5-gke.1091000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
Google SecOps SOAR

Release 6.3.11 is currently in Preview.

Case tag filter pagination is not working in cases page (ID #339581969)

Issues when testing SOAR Webhooks for ingestion. (ID #51862016)

Looker

Looker 24.12 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, July 15, 2024

  • Expected Looker (original) final deployment and download available: Thursday, July 25, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, July 15, 2024

  • Expected Looker (Google Cloud core) final deployment: Monday, July 29, 2024

A LookML validator error, which catches illegal sql_trigger values in models with parameterized connections, has been added.

The Chart Config Editor now supports the following pie chart legend properties: align, verticalAlign, and layout.

Admins can now edit groups and roles for users who only have API keys.

When a file or folder is created, updated, or accessed in the Looker IDE, Looker now displays a loading indicator.

A new Create button in the main navigation panel lets users create dashboards, boards, LookML models, and database connections. To view the button, users must have permissions to create dashboards, models, or connections. Note: This feature will release in late July.

A new Explore from Here icon now appears on dashboard tiles and lets dashboard viewers explore a tile's data in one click. Note: This feature will release in late July.

Looker (Google Cloud core) now supports connections to Teradata databases.

Looker now supports Databricks Unity Catalog. When you create a Databricks connection in Looker, you can define the Databricks catalog in which Looker will run queries.

An issue has been fixed where filter values with a special character and a trailing space would filter out valid results. This feature now performs as expected.

An issue has been fixed where Aurora MySQL connections that do not provide the lookerFailover parameter in the Additional JDBC parameters setting would fail to connect. This feature now performs as expected.

The LookML validator will now return an error if a sql_distinct_key is used in a field type that does not support it.

An issue where PDT overrides could not be toggled off in some situations has been fixed. This feature now performs as expected.

An issue was causing tooltips on timeline visualizations to not respect timezone conversion settings. This feature now performs as expected.

Rendering for dashboards that include special characters in their titles has been fixed. This feature now performs as expected.

Query results that contained characters that aren't in the UTF-8 character set could cause queries to fail. This feature now performs as expected.

Previously, extra filter suggestions queries would run when a filter was removed in an Explore. This feature now performs as expected.

An issue was causing the LookML validator to return an incorrect error for an improperly formed value format string. This feature now performs as expected.

An issue was causing visualization formats to round incorrectly. This feature now performs as expected.

Previously, some Looks had a null Look ID in System Activity Explores. This feature now performs as expected.

An issue was causing Looker to sometimes incorrectly generate date literals for Postgres queries. This feature now performs as expected.

Previously, queries could not be sorted on date fields in specific situations. This feature now performs as expected.

Previously, user attribute values that contained certain special characters could not be saved. This feature now performs as expected.

An issue was causing Looker to generate incorrect join SQL for circular join references. This feature now performs as expected.

Previously, drill-downs didn't work properly in some map visualizations. This feature now performs as expected.

An issue with the Closed System option allowed the name of the user who created or updated a dashboard last to be viewed by users who weren't in the same group. This feature now performs as expected.

OpenJDK 8 is no longer supported. Self-hosted customers must upgrade to OpenJDK 11.

A new Labs feature, Delegate Schedule Management, introduces the manage_schedules permission. This permission lets users reassign and delete schedules on the Schedules page for the models that they can access.

If a Looker instance does not yet have any Looks or dashboards, the Looker homepage now shows sample dashboards. Note: This feature will release in late July.

Managed Kafka

Terraform samples are now available for creating clusters and topics. For more information, see Provision Apache Kafka for BigQuery resources with Terraform.

Migrate to Virtual Machines

The Migrate Connector, the virtual appliance used to connect VMware sources to Migrate to Virtual Machines, is exposed to a security vulnerability on SSHD (CVE-2024-6387). Migrate Connector version 2.6.2497 has been released to mitigate this issue and is being gradually rolled out. For information, see the GCP-2024-040 security bulletin.

Vertex AI Agent Builder

Vertex AI Search: Edit the schema for structured data on import (Public preview)

When you create a data store by importing structured data from BigQuery or Cloud Storage, you can review and edit the schema before you import the data. This saves time over the alternative method of importing the data first and subsequently editing the schema.

This feature is available in Public preview and applies to generic and media data stores. To try this feature for healthcare data stores, contact your Google account team and ask for access to the Private preview.

Vertex AI Search: Bring your own schema for media data stores (Public preview)

Previously, all media data stores had to follow a JSON schema for media predefined by Google. However, now you can use your own JSON schema for media data, provided that you map fields in your schema to the key properties: category, media_available_time, media_duration, title, and uri.

This feature is in Public preview.

Vertex AI Search: Media app creation (Public preview)

Media data stores can be created directly from the Data Stores page.

This is an alternative to the method where you create a media data store as part of the app creation workflow.

This feature is available in Public preview.

July 09, 2024

AlloyDB for PostgreSQL

The extension pgvector is updated to version 0.7.0.

Performing a switchover with zero data loss in cross-region replication setups, to test disaster recovery (DR) or to perform workload migration, is now generally available (GA).

Apigee X

Updated: Limit on number of basepaths per environment

Apigee is raising the temporary limit of 1000 basepaths per environment to avoid potential failures when deploying API proxy revisions.

While this limit is in place, you can deploy up to 1000 API proxy revisions (each containing a single basepath) per environment. If your API proxies or revisions contain more than one basepath, the total number of basepaths per environment must not exceed 1000.

To track the status of this issue, see Apigee Known Issues.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Google Kubernetes Engine
    • admissionregistration.k8s.io/MutatingWebhookConfiguration
    • apps.k8s.io/DaemonSet
    • apps.k8s.io/StatefulSet
    • batch.k8s.io/CronJob
    • extensions.k8s.io/DaemonSet
    • k8s.io/PersistentVolume
    • k8s.io/PersistentVolumeClaim
    • k8s.io/PodTemplate
    • k8s.io/ReplicationController
    • k8s.io/ResourceQuota
    • policy.k8s.io/PodDisruptionBudget
    • storage.k8s.io/StorageClass
    • gateway.networking.k8s.io/Gateway
    • gateway.networking.k8s.io/GatewayClass
    • gateway.networking.k8s.io/HTTPRoute
Cloud Build

Cloud Build users can connect to Bitbucket Cloud and Bitbucket Data Center hosts and add repositories with the Terraform provider for Google Cloud.

To learn more, see Connect to a Bitbucket Cloud host and Connect to a Bitbucket Data Center host.

Cloud Composer

A new Airflow build is available in Cloud Composer 3:

  • composer-3-airflow-2.7.3-build.8

Cloud Composer 2.8.5 images are available:

  • composer-2.8.5-airflow-2.7.3 (default)
  • composer-2.8.5-airflow-2.6.3
Cloud Healthcare API

Using customer-managed encryption keys (CMEK) to encrypt Cloud Healthcare API datasets is generally available (GA) and available in Preview. For more information, see Enable customer-managed encryption keys (CMEK) for Cloud Healthcare API datasets.

Cloud Monitoring

Starting no sooner than January 7, 2025, Cloud Monitoring will begin charging for alerting. For information about the pricing model and examples of pricing scenarios, see Pricing for alerting.

Compute Engine

Generally available: You can create GPU VMs in a managed instance group (MIG) by using resize requests. Resize requests help you create VMs all at once and give you higher chances to obtain highly demanded resources such as GPUs.

For more information, see About resize requests in a MIG.

Generally available: Hyperdisk ML, block storage designed specifically for high-performance AI workloads. Each Hyperdisk ML volume can achieve up to 1,200,000 MBps of throughput. For large-scale training and inference workloads, you can attach a single Hyperdisk ML volume to up to 2,500 VM instances. For more information, see About Hyperdisk.

Config Connector

Config Connector version 1.120.1 is now available.

IAM configuration can now be applied to PrivateCACAPool.

You can configure the ConfigConnector operator to roll back to install the v1.119.0 CRDs by specifying spec.version: 1.119.0 in the ConfigConnectorContext CR (namespaced mode).

CloudBuildWorkerPool is promoted from alpha to beta.

CloudIDSEndpoint is promoted from alpha to beta.

ComputeMangedSSLCertificate is promoted from alpha to beta.

AlloyDBInstance

  • Added networkConfig field to support Public-IP feature.

MonitoringAlertPolicy

  • Added spec.severity field.

MonitoringDashboard

  • Added dashboardFilters support.
  • Added alertChart widgets.
  • Added collapsibleGroup widgets.
  • Added pieChart widgets.
  • Added sectionHeader widgets.
  • Added singleViewGroup widgets.
  • Added timeSeriesTable widgets.

  • Added blankView to scorecard widgets.

  • Added dataSets.targetAxis and y2Axis fields to xyChart widgets.

  • Added id field to all widgets.

  • Added prometheusQuery and outputFullDuration to timeSeriesQuery.

  • Added style fields to text widgets.

  • Added targetAxis field to thresholds.

StorageBucket

  • Added spec.softDeletePolicy field.
  • Added status.observedState.softDeletePolicy field.
Contact Center AI Platform

Version 3.18 is released

All release notes published on this date are part of version 3.18.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

New custom data types for events

The following custom data types for events are now available using the Web SDK:

  • custom_data_secured
  • custom_data_not_secured

For more information, see Data for events.

New session events for quality management

The following session events are now available for quality management (QM) integration:

  • Hold
  • Mute
  • Redaction
  • Recording indication
  • Queue information

Fixed an issue where agents were not receiving audio notifications for breakthrough calls.

Fixed an issue where saving queue-level wrap-up settings to the global defaults was not behaving as expected.

Fixed an issue where viewing agent assignments was not possible for agents with a custom role.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.29.200-gke.245 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.200-gke.245 runs on Kubernetes v1.29.5-gke.800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following vulnerabilities are fixed In 1.29.200-gke.245:

Google Distributed Cloud for VMware 1.28.700-gke.151 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.700-gke.151 runs on Kubernetes v1.28.10-gke.2100.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following issues are fixed in 1.28.700-gke.151:

  • Fixed the known issue where the Binary Authorization webhook blocked the CNI plugin, which caused user cluster creation to stall.

  • Fixed the known issue that caused cluster creation to fail because the control plane VIP was in a different subnet from other cluster nodes.

The following vulnerabilities are fixed In 1.28.700-gke.151:

Google Distributed Cloud for VMware 1.16.10-gke.36 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.16.10-gke.36 runs on Kubernetes v1.27.14-gke.1600.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following vulnerabilities are fixed In 1.16.10-gke.36:

Google Distributed Cloud (software only) for bare metal

Release 1.28.700-gke.150

Google Distributed Cloud for bare metal 1.28.700-gke.150 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.700-gke.150 runs on Kubernetes 1.28.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version.

The following container image security vulnerabilities have been fixed in 1.28.700-gke.150:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-52654
  • CVE-2023-52656

For more information, see the GCP-2024-041 security bulletin.

Google SecOps SOAR

Release 6.3.9 is now in General Availability.

July 08, 2024

Agent Assist

Agent Assist now offers a new version of summarization with custom sections in preview. Summarization with custom sections V3 reduces latency from V2.1

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-52654
  • CVE-2023-52656

For more information, see the GCP-2024-041 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-52654
  • CVE-2023-52656

For more information, see the GCP-2024-041 security bulletin.

Cloud Data Fusion

You can configure maintenance windows for Cloud Data Fusion instances, in versions 6.8 and later, in Preview.

Cloud Database Migration Service

Database Migration Service for heterogeneous Oracle migrations can now migrate tables without primary or unique constraints that have more than 500 million rows. The previous maximum row limitation for such tables is no longer in place. For more information on known limitations, see:

Cloud Logging

Log buckets in all regions supported by Cloud Logging can now be upgraded to use Log Analytics. For more information, see Supported regions.

Cloud Monitoring

Your dashboards will now recommend event types for display. For more information, see Show events on a dashboard.

Cloud Service Mesh

1.21.4-asm.5 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for an Envoy bug where the additional cookie attributes are not properly sent to clients. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.21.4-asm.5 uses Envoy v1.29.7.

1.20.8-asm.1 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for an Envoy bug where the additional cookie attributes are not properly sent to clients. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.20.8-asm.1 uses Envoy v1.28.5.

1.19.10-asm.9 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for an Envoy bug where the additional cookie attributes are not properly sent to clients. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.19.10-asm.9 uses Envoy v1.27.7.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.43.0 (2024-07-03)

Features
  • storage/transfermanager: Add DownloadDirectory (#10430) (0d0e5dd)
  • storage/transfermanager: Automatically shard downloads (#10379) (05816f9)
Bug Fixes
Documentation
  • storage/control: Remove allowlist note from Folders RPCs (d6c543c)

You can now specify London (europe-west2) and Frankfurt (europe-west3) as a predefined dual-region pairing. For more information, see Predefined dual-regions.

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.9 (2024-07-01)

Bug Fixes
  • dataflow: Bump google.golang.org/api@v0.187.0 (8fa9e39)
Dataplex

Dataplex Catalog is generally available (GA). Dataplex Catalog provides a platform for storing, managing, and accessing your metadata.

For more information, see Dataplex Catalog overview, Search for data assets, Manage aspects and enrich metadata, and Manage entries and ingest custom sources.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.110-debian10, 2.0.110-rocky8, 2.0.110-ubuntu18
  • 2.1.58-debian11, 2.1.58-rocky8, 2.1.58-ubuntu20, 2.1.58-ubuntu20-arm
  • 2.2.24-debian12, 2.2.24-rocky9, 2.2.24-ubuntu22
Google Distributed Cloud (software only) for VMware

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

For more information, see the GCP-2024-041 security bulletin.

Google Distributed Cloud connected

This is a minor release of Google Distributed Cloud connected (version 1.7.0).

The following new functionality has been introduced in this release of Google Distributed Cloud connected:

  • Customer-sourced hardware. You now have the option to purchase the Google Distributed Cloud connected hardware from a Google-partnered System Integrator (SI) and retain full ownership instead of leasing it from Google. For more information, contact Google Support.

  • Refreshed machine hardware. The server machines comprising Google Distributed Cloud connected racks have been updated to a more powerful hardware configuration. For more information, contact Google Support.

  • Flexible rack configuration. You can now order a Google Distributed Cloud connected rack with 3, 6, 9, or 12 server machines. For more information, contact Google Support.

  • IPv4/IPv6 dual-stack networking. Google Distributed Cloud connected now supports IPv6 networking in addition to IPv4 networking. For more information, see IPv4/IPv6 dual-stack networking.

  • Pod image caching. Google Distributed Cloud connected now supports local caching of Pod images. For more information, see Configure a Pod for image caching.

  • Kafka support. Google Distributed Cloud now supports collecting workload metrics with Apache Kafka. For more information, see Logs and metrics.

  • Cluster connection state indication. You can now check whether a cluster is connected, disconnected, or reconnected and synchronizing with Google Cloud Platform. For more information, see Survivability mode.

  • Cluster maintenance exclusion windows. You can now specify one or more maintenance exclusion windows for a cluster. This prevents Google from performing maintenance or software upgrades on the cluster during the specified times. For more information, see Understand software updates and maintenance windows.

  • GDC Hardware Management API. You can now place orders for Google Distributed Cloud connected hardware programmatically using the GDC Hardware Management API. For more information, see Google Distributed Cloud connected CLI and API reference. This is a Preview-level feature.

The following changes to existing functionality have been introduced in this release of Google Distributed Cloud connected:

  • Bastion host GA. The bastion host feature of Google Distributed Cloud connected is now generally available. For more information, see Configure a bastion host.

  • Worker node software upgrades are now staggered. Google Distributed Cloud connected now upgrades worker node software in stages instead of all at once. This allows your workloads to continue running on some nodes, while others are upgrading. You have the option to specify the number of worker nodes that can go down for a software upgrade simultaneously. For more information, see Software update staggering.

  • GPU support is now automatically enabled. You no longer have to modify the VMRuntime resource to enable GPU support on Google Distributed Cloud connected. GPU support is now automatically enabled if a GPU is detected on a Google Distributed Cloud connected machine.

  • Google Distributed Cloud connected component updates:

    • GKE on Bare Metal. This component has been updated from version 1.1.6.1 to version 1.28.500.
    • Kubernetes control plane. This component has been updated from version 1.27.9 to version 1.28.8.
    • Symcloud Storage. This component has been updated from version 5.4.6 to version 5.4.8.

The following functionality has been deprecated in this release of Google Distributed Cloud connected:

  • Cloud control plane cluster support. As of this release, Google Distributed Cloud connected no longer supports Cloud control plane clusters. Local control plane clusters are now the only supported cluster type.

  • Raw block storage for virtual machine workloads. As of this release, you can no longer provision virtual machine workloads with raw block storage. Symcloud Storage is now the only supported storage type for virtual machine workloads.

The following issues have been resolved in this release of Google Distributed Cloud connected:

  • Symcloud Storage volume clean-up now functions correctly. Single node failures, such as power loss or network disconnection, no longer cause rescheduling failures for virtual machines that use Symcloud Storage volumes. When a node fails, virtual machines are automatically rescheduled onto another node and then scheduled back onto the original node once that node returns to operation.

  • Virtual machines no longer enter a stuck state when node network connections are intermittent. Virtual machines no longer get stuck in container creation state when their network connections repeatedly disconnect and reconnect. When all three nodes in a Google Distributed Cloud connected server group regain network connectivity, the affected virtual machines are automatically rescheduled back onto their original nodes.

  • Virtual machine restore operations now complete successfully. Problems related to taking subsequent snapshots of virtual machines after the initial ones have been resolved. These problems caused virtual machine restore operations to fail.

  • Virtual machine heartbeat has been tuned to increase failover resilience. Occasionally, when a node failed, virtual machines on other nodes in the cluster would fail multiple successive heartbeats to the Kubernetes control plane that ran on the failed node. The heartbeat configuration has been tuned to mitigate this and increase failover resilience.

  • Intermittent SR-IOV device availability on large deployments has been resolved. SR-IOV devices are no longer intermittently unavailable on large, long-uptime deployments of Google Distributed Cloud connected after creating SR-IOV network node policies.

This release of Google Distributed Cloud connected contains the following known issues:

  • Refreshed Google Distributed Cloud connected hardware requires Google Distributed Cloud connected software version 1.7.0 or later. The refreshed Google Distributed Cloud connected hardware does not support versions of Google Distributed Cloud connected prior to release 1.7.0.

  • Virtual machine workloads might temporarily go down when upgrading Google Distributed Cloud connected software to release 1.7.0. The virtual machine workloads will go back up and be healthy once the Google Distributed Cloud software upgrade completes.

  • **Cluster upgrades to software release 1.7.0 might fail with an ABM upgrade timed out error. Under certain conditions, if the GKE token expires while a cluster upgrade is in progress, the upgrade fails with an ABM upgrade timed out error and a missing gkehub.memberships.update permission is recorded in the logs. If you encounter this issue, contact Google Support.

  • Storage operations hang when volume replicas are deleted from a cluster without removing the corresponding Symcloud Storage persistent volume intent. If you delete the volume replicas for a Symcloud Storage persistent volume but do not remove the corresponding intent, TCMU devices on the worker node hang, causing storage operations to stall indefinitely. This can affect both your workload data availability as well core system functionality of Google Distributed Cloud connected. To prevent this, you must always remove a Symcloud Storage persistent volume before deleting its associated volume replicas.

  • Virtual machines might not get scheduled onto nodes after their network has been partitioned. When you partition a network, some virtual machines using that network might not get scheduled back onto their node after the node reconnects to the network. To work around this issue, restart the affected virtual machines or contact Google Support.

  • Cluster deletion can fail due to stale Symcloud Storage data. When attempting to delete a cluster during disaster recovery or cluster reset, the deletion might fail due to the corresponding Symcloud Storage volumes not having been cleaned up. To resolve this issue, contact Google Support.

  • Virtual machine management can fail after a node has been powered down for an extended time. If you power down your Google Distributed Cloud connected machines for an extended period of time, you might not be able to manage the virtual machines scheduled on the corresponding nodes after you power the machines back up, even though those virtual machine workloads continue to run. To resolve this issue, contact Google Support.

  • Nodes can get stuck in Ready,SchedulingDisabled state after applying configuration changes. Applying or deleting the NodeSystemConfigUpdate or SriovNetworkNodePolicy resources can result in a node that's stuck in the Ready, Scheduling Disabled state after it reboots. To resolve this issue, see Troubleshoot Google Distributed Cloud connected.

  • The Kubernetes API server might return 404 errors when attempting to access virt-api endpoints. To work around this issue, contact Google Support.

  • Changes required to VMRuntime resource before upgrading to Google Distributed Cloud connected version 1.7.0. To ensure your existing virtual machine workloads successfully upgrade to Google Distributed Cloud connected version 1.7.0, you must modify the VMRuntime resource before upgrading the cluster as described in Upgrade existing virtual machines to Google Distributed Cloud connected version 1.7.0.

  • The containerd daemon state might not be reset after deleting a cluster. In very rare situations, cluster deletion does not reset the state of the containerd daemon. To resolve this issue, contact Google Support.

  • GKE Identity Service (GKE IS) Pods stuck in Failed state after machine reboot. Rebooting a machine might spawn one or more GKE IS pods stuck in a Failed state, even though the GKE IS deployment is healthy and running. This does not impact the cluster nor the GKE IS functionality. Since GKE IS Pods are deployed into a protected namespace, contact Google Support to resolve this issue.

  • Cluster software upgrade might stall into a Paused state. If there are GKE IS pods stuck in a Failed state after a machine reboot, upgrading the corresponding cluster to Google Distributed Cloud connected software release 1.7.0 might stall and enter a Paused state. Workloads on the cluster continue to run and the cluster remains healthy. To resolve this issue, contact Google Support.

Google Kubernetes Engine

Ray Operator on GKE is now generally available in the Rapid channel. Ray Operator is a GKE add-on that allows you to manage and scale Ray applications. To learn more, see the Ray Operator documentation.

(2024-R23) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.29.4-gke.1043004 is now the default version.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

Stable channel

  • Version 1.27.13-gke.1070002 is now the default version in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.15-gke.1090004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.15-gke.1090004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1069002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

Regular channel

  • Version 1.29.4-gke.1043004 is now the default version in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

Rapid channel

  • Version 1.30.1-gke.1329003 is now the default version in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1404002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1404002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1089002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1329003 with this release.

(2024-R23) Version updates

  • Version 1.29.4-gke.1043004 is now the default version.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

(2024-R23) Version updates

  • Version 1.27.13-gke.1070002 is now the default version in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.15-gke.1090004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.15-gke.1090004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1069002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

(2024-R23) Version updates

  • Version 1.29.4-gke.1043004 is now the default version in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

(2024-R23) Version updates

  • Version 1.30.1-gke.1329003 is now the default version in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1404002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1404002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1089002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1329003 with this release.
Network Intelligence Center

The GKE Enterprise view of Network Topology is generally available. Network Topology now shows the infrastructure of your GKE deployments - clusters, namespaces, workloads, and pods, and their associated metrics.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-pubsub

2.22.0 (2024-07-06)

Features
  • Add service_account_email for export subscriptions (ec0cc34)
  • Add use_topic_schema for Cloud Storage Subscriptions (ec0cc34)
SAP on Google Cloud

New SAP HANA certification: 16 TB X4 bare metal machine type for OLAP workloads

SAP has certified the Compute Engine 16 TB x4-megamem-960-metal machine type for use with SAP HANA OLAP workloads in scale-out configurations with up to 4 nodes.

For more information, see X4 memory-optimized bare metal machine types.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.13.3 (2024-07-01)

Bug Fixes
  • secretmanager: Bump google.golang.org/api@v0.187.0 (8fa9e39)

July 05, 2024

Dataflow

The remote code execution vulnerability, CVE-2024-6387, in OpenSSH has been mitigated. A patched Dataflow VM image that includes an updated OpenSSH is available. For more information about how to apply mitigations, see the GCP-2024-040 security bulletin.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.68
  • 1.2.12
  • 2.0.76
  • 2.2.12
Google SecOps SOAR

Remote Agents Release 2.0.2 is currently in Preview. Note the version number has been changed from 2.0.0 to 2.0.2.

July 04, 2024

Google SecOps SOAR

Release 6.3.10 is now in Preview.

The limit for action result attachments has now been raised to 50 MB. (ID #00294694)

Playbook is stuck in the queue. (ID #51894700)

Issues when importing a custom list which contains duplicated records.

July 03, 2024

Anthos clusters on AWS

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. At the time of publication, exploitation is believed to be difficult and take several hours per machine being attacked. We are not aware of any exploitation attempts. This vulnerability has a Critical severity.

For mitigation steps and more details, see the GCP-2024-040 security bulletin.

Anthos clusters on Azure

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. At the time of publication, exploitation is believed to be difficult and take several hours per machine being attacked. We are not aware of any exploitation attempts. This vulnerability has a Critical severity.

For mitigation steps and more details, see the GCP-2024-040 security bulletin.

Cloud Composer

New Cloud Composer 2 environments are gradually switched to using GKE 1.29 and PSC as a connectivity channel to the GKE control plane. The IP address for the PSC endpoint will be taken from the nodes IP range. This change might require using a larger IP range for the nodes when you create an environment.

Cloud Database Migration Service

Database Migration Service for heterogeneous Oracle migrations to AlloyDB for PostgreSQL now supports network connectivity with Private Service Connect for AlloyDB clusters with Private Service Connect enabled. For more information, see Configure Private Service Connect.

Cloud Logging

Agent-installation policies for the Ops Agent are now GA. For more information, see Overview of agent policies for the Ops Agent.

You can now view the estimated number of byte processed along with the validation status of your SQL query when running queries in Log Analytics. You can use this information to understand the relative volume of data that your SQL query will scan.

Cloud Monitoring

Agent-installation policies for the Ops Agent are now GA. For more information, see Overview of agent policies for the Ops Agent.

Dataflow

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. Dataflow jobs might create VMs that use an OS image with versions of OpenSSH that are vulnerable to CVE-2024-6387. For more information, see the GCP-2024-040 security bulletin.

Dataproc

Added Cloud Profiler support in Dataproc Serverless for Spark. Enable profiling via the dataproc.profiling.enabled=true property and configure it via dataproc.profiling.name=<PROFILE_NAME>

New Dataproc on Compute Engine subminor image versions:

  • 2.0.109-debian10, 2.0.109-rocky8, 2.0.109-ubuntu18
  • 2.1.57-debian11, 2.1.57-rocky8, 2.1.57-ubuntu20, 2.1.57-ubuntu20-arm
  • 2.2.23-debian12, 2.2.23-rocky9, 2.2.23-ubuntu22
Google Distributed Cloud (software only) for VMware

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. At the time of publication, exploitation is believed to be difficult and take several hours per machine being attacked. We are not aware of any exploitation attempts. This vulnerability has a Critical severity.

For mitigation steps and more details, see the GCP-2024-040 security bulletin.

Google Distributed Cloud (software only) for bare metal

Security bulletin (all minor versions)

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. At the time of publication, exploitation is believed to be difficult and take several hours per machine being attacked. We are not aware of any exploitation attempts. This vulnerability has a Critical severity.

For mitigation steps and more details, see the GCP-2024-040 security bulletin.

Google Kubernetes Engine

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. This vulnerability has a Critical severity for GKE. An expedited rollout is in progress to make patch versions available.

For patch versions and mitigation steps, see the GCP-2024-040 security bulletin.

(2024-R22) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

Regular channel

Rapid channel

You can now preload data or container images in new nodes on GKE, enabling faster workload deployment and autoscaling. This feature is Generally Available and production-ready, with support for Autopilot and Terraform. To learn more, see Use secondary boot disks to preload data or container images.

GKE Managed DCGM Metrics Package is now available in Preview for both GKE Standard and Autopilot clusters running version 1.30.1-gke.1204000 and later.

You can now configure Autopilot and Standard clusters to export a predefined list of DCGM metrics emitted by GKE Managed DCGM exporter including metrics for GPU performance, utilization, and I/Os in the GPU node pools with GKE-managed NVIDIA drivers. These metrics are collected by Google Cloud Managed Service for Prometheus. You can view the curated DCGM metrics in the Observability Tab on the Kubernetes Clusters page or in Cloud Monitoring.

For more information, see Collect and view DCGM metrics.

Policy Intelligence

You can use Policy Troubleshooter to troubleshoot principal access boundary policies. This feature is available in Preview.

Spanner

Spanner now allows privileged users to cancel long-running queries. For more information, see GoogleSQL Query cancellation or PostgreSQL Query cancellation.

Multiplexed sessions are now generally available. Multiplexed session is a new session management model which simplifies the pool management in clients. For more information, see Multiplexed sessions.

Vertex AI Agent Builder

Vertex AI Search: On July 6, text-bison@001/answer_gen/v1 is discontinued

As of July 6, 2024, model version text-bison@001/answer_gen/v1 is discontinued.

If you specify text-bison@001/answer_gen/v1 by name in your search requests, replace text-bison@001/answer_gen/v1 with a newer model or with stable.

For more information, see Answer generation model versions and lifecycle.

Vertex AI Search: gemini-1.5-flash-001/answer_gen/v1 for answer generation

Model version gemini-1.5-flash-001/answer_gen/v1 is the stable model for generating answers in Vertex AI Search.

For more information, see Answer generation model versions and lifecycle.

Vertex AI Search: You can't use the Folder option to upload structured data from Cloud Storage

When creating a data store for structured or media data, you must use the File option when importing from a Cloud Storage bucket. Choosing the Folder option results in an error, "Schema preview failed. Requested entity was not found."

To work around this issue, use the File option and upload one file from the folder. After you've created the data store, import the folder contents from the Documents tab of the data store.

July 02, 2024

Apigee X

On July 2, 2024, we published a security bulletin for Apigee.

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that could be used to obtain access to a remote shell, enabling attackers to gain root access to GKE or VM nodes.

Security bulletin published: GCP-2024-040

Cloud Billing

Simulate scenarios in FinOps hub to maximize your savings from spend-based CUDs

In the FinOps hub, you can now use a spend-based CUD recommendation as a starting point to simulate various usage scenarios, and customize the recommendation to purchase a CUD that maximizes your savings.

Learn about simulating scenarios for spend-based CUDs.

Cloud Build

Cloud Build is introducing new organization policy constraints.

The default behavior for how Cloud Build uses service accounts in new projects was changed to improve the security posture of our customers going forward. Organizations can opt out of these changes using new organization policy boolean constraints.

To learn more about these changes, see Cloud Build Service Account Change.

Cloud Composer

2024-07-03 Update: Resolution status updated.

The CVE-2024-6387 vulnerability in the OpenSSH package issue was discovered recently. GKE clusters used by Cloud Composer environments are impacted by this vulnerability, and Cloud Composer 1 and 2 environments that use Public IP networking are especially vulnerable to the described issue. For more information about CVE-2024-6387, see Google GKE Security bulletins.

  • Newly created Composer environments should not be impacted by this issue any more

  • Composer-owned GKE clusters will be auto-upgraded to newer GKE versions including the fix for CVE-2024-6387. Other components of Composer environments using older versions of COS images will also be upgraded. These operations will be done in an expedited manner so some of the update operations might be done outside environment's regular maintenance windows.

While Google works on resolving this issue so Composer environments are immune to CVE-2024-6387, you can disallow SSH to the Cloud Composer's cluster nodes through establishing proper firewall rules on the environment's cluster as described in the Google GKE Security bulletins. Follow the steps outlined for GKE.

A new Airflow build is available in Cloud Composer 3:

  • composer-3-airflow-2.7.3-build.7

Cloud Composer 2.8.4 images are available:

  • composer-2.8.4-airflow-2.7.3 (default)
  • composer-2.8.4-airflow-2.6.3

Cloud Composer version 2.3.3 has reached its end of support period.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud SQL for MySQL

Cloud SQL Enterprise Plus edition now supports the southamerica-west1 (Santiago) region.

Cloud SQL for PostgreSQL

Cloud SQL Enterprise Plus edition now supports the southamerica-west1 (Santiago) region.

Cloud Storage

You can now disable soft delete for multiple buckets at a time or for all buckets in a project. To learn more, see Bulk disable soft delete.

Generative AI on Vertex AI

Google's open weight Gemma 2 model is available in Model Garden. For details, see Use Gemma open models.

Google Kubernetes Engine

A faulty component in the Persistent Disk CSI (PDCSI) driver may cause mount failures for NVMe block devices on specific GKE clusters. This issue affects machine types that exclusively use the NVMe interface for attached Persistent Disks, such as third-generation machine types, T2A instances, and Confidential VMs. For more details, see About persistent disks.

Impacted GKE versions include:

  • 1.30.2-gke.1023000
  • 1.27.15-gke.1012000
  • 1.27.14-gke.1100000

Mount failures will log errors indicating difficulties verifying and re-linking the GCE Persistent Disk. You will see log errors like this:

"Error when getting device path: rpc error: code = Internal desc = error verifying GCE PD ("$PVC") is attached: failed to find and re-link disk $PVC with udevadm after retrying for 3s: couldn't get serial number for disk $PVC at device path /dev/$NVME_PATH: google_nvme_id failed for device "/dev/$NVME_PATH" with output [**numbers**]: exit status 1"

This issue will be resolved in the next GKE releases. In the meantime, if you are experiencing mount failures, upgrade your cluster to the default version 1.30.1-gke.1329000 for the 1.30 release channel or 1.27.14-gke.1059000 for the 1.27 release channel.

Google SecOps SOAR

Remote Agents Release 2.0.1 is currently in Preview. Note that the version number has changed from 2.0.0 to 2.0.1.

VPC Service Controls

VPC Service Controls feature: Support to programmatically retrieve the list of services that are supported by VPC Service Controls is generally available. Using this feature, you also can retrieve the list of methods and permissions supported by VPC Service Controls for a service.

  • The following changes are made in the output of the gcloud access-context-manager supported-services list command:
    • The field name SUPPORT_STAGE is changed into SERVICE_SUPPORT_STAGE.
    • The status BETA is changed into PREVIEW in the SERVICE_SUPPORT_STAGE field.
    • A new status DEPRECATED is added in the SERVICE_SUPPORT_STAGE field.
  • The field name supportStage is changed into serviceSupportStage in the output of the gcloud access-context-manager supported-services describe command.

July 01, 2024

API Gateway

As of July 1, 2024, API gateways located in asia-east1 are decommissioned and will no longer serve traffic.

Between October 2021 and October 2022, customers with gateways located in asia-east1 were notified of the planned decommissioning and advised to delete or relocate any gateways in this region. A final reminder was sent in May, 2024.

As of July 1, 2024, any remaining gateways located in asia-east1 are fully decommissioned.

AlloyDB for PostgreSQL

The AlloyDB free trial clusters are now generally available (GA). These clusters let you test the majority of AlloyDB features for up to 30 days through a 8 vCPU basic primary instance along with an optional 8 vCPU read pool instance, and automatically scale storage up to 1TB.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.8.0 (2024-06-19)

Features

Java

Changes for google-cloud-bigquery

2.41.0 (2024-06-25)

Features
  • Add columnNameCharacterMap to LoadJobConfiguration (#3356) (2f3cbe3)
  • Add MetadataCacheMode to ExternalTableDefinition (#3351) (2814dc4)
Bug Fixes
  • Add clustering value to ListTables result (#3359) (5d52bc9)
Dependencies
  • Update actions/checkout action to v4.1.7 (#3349) (0857234)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240602-2.0.0 (#3273) (7b7e52b)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#3360) (4420996)
  • Update github/codeql-action action to v2.25.10 (#3348) (8b6feff)

Cloud console updates: You can now drag a tab in the details pane to open a new column and compare tabs. You can also drag the tab to a new position in the current or an adjacent column. This feature is in preview.

The following Analytics Hub features are now generally available:

  • Making exchanges and listings publicly discoverable.
  • Highlighting listings in the Featured section of the Analytics Hub catalog.
  • Generating unauthenticated URLs for public listings.

Data publishers can now share Pub/Sub topics and manage subscriptions in Analytics Hub. This feature is in preview.

Capacity Planner

Preview: Capacity Planner displays GPU usage and forecasts of the GPUs in your Google Cloud project or organization. This is useful to plan and optimize your GPU consumption.

For more information, see the following pages:

Cloud Billing

View your Carbon Footprint in the FinOps hub

In the FinOps hub, you can now view the estimated greenhouse gas emissions for your Google Cloud usage by visiting the Carbon Footprint dashboard.

Learn about Carbon Footprint data.

Cloud Interconnect

Partner Cross-Cloud Interconnect for Oracle Cloud Infrastructure is now generally available. It lets you connect any Google Cloud and OCI resources privately with no data transfer charges.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.19.0 (2024-06-26)

Features
  • logging: OpenTelemetry trace/span ID integration for Java logging library (#1596) (67db829)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#1649) (cb428d1)
Cloud Monitoring

You can now create private uptime checks that issue TCP requests. For more information, see Create private uptime checks.

Cloud Service Mesh

New fleets that provision managed Cloud Service Mesh in organizations that have existing fleets with the managed istiod control plane implementation will receive the Traffic Director control plane implementation by default.

If you received a Service Announcement, or requested an exception from your account team, then your organization's default control plane implementation for new fleets continues to be istiod.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.40.1 (2024-06-26)

Bug Fixes
  • Add a workaround to make sure grpc clients' hosts always match their universe domain (#2588) (87bf737)
  • Include x-goog-user-project on resumable upload puts for grpc transport (#2586) (6f2f504)
  • Update grpc bidi resumable uploads to validate ack'd object size (#2570) (5c9cecf)
  • Update grpc finalize on close resumable uploads to validate ack'd object size (#2572) (55a6d15)
  • Update grpc single-shot uploads to validate ack'd object size (#2567) (65c8808)
Dependencies
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20240524-2.0.0 (#2565) (d193243)
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20240621-2.0.0 (#2596) (73b8753)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#2597) (25940a4)
Documentation
  • Add Hierarchical Namespace Bucket and Folders samples (#2583) (3030081), closes #2569
  • Remove allowlist note from Folders RPCs (#2593) (82161de)
  • Update DeleteObject Sample to be clearer on object versioning behavior (#2595) (79b7cf0)
Compute Engine

The issue related to creating larger (>90 vCPUs) C3D standard-lssd or highmem-lssd VM instances.

Container Optimized OS

cos-113-18244-85-49

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded sys-apps/dmidecode to v3.6.

Upgraded dev-embedded/libftdi to v1.5-r7.

Upgraded app-admin/logrotate to v3.22.0.

Upgraded sys-apps/hwdata to v0.383.

Upgraded net-misc/curl to v8.8.0-r1.

Upgraded sys-apps/sed to v4.9-r1.

Upgraded dev-libs/libusb to v1.0.27-r1.

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.

Upgraded sys-apps/ethtool to v6.9.

Upgraded sys-apps/grep to v3.11-r1.

Upgraded sys-apps/pv to v1.8.10.

Added tcp_rto_min_us sysctl.

Upgraded dev-lang/go to v1.21.11. This fixes CVE-2024-24790 and CVE-2024-24789.

Fixed CVE-2024-35195 in dev-python/requests.

Fixed CVE-2024-36901 in the Linux kernel.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_rto_min_us: 200000
  • Changed: fs.file-max: 812039 -> 812035

Fixed CVE-2024-6387 in net-misc/openssh.

cos-109-17800-218-69

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Fixed CVE-2024-35195 in dev-python/requests.

Fixed CVE-2024-36901 in the Linux kernel.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_rto_min_us: 200000
  • Changed: fs.file-max: 812261 -> 812270

Fixed CVE-2024-6387 in net-misc/openssh.

cos-105-17412-370-67

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.256.02(default),v550.90.07(latest)

Fixed CVE-2024-35195 in dev-python/requests.

Fixed CVE-2024-38662 in the Linux kernel.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_rto_min_us: 200000
  • Changed: fs.file-max: 812707 -> 812700

Fixed CVE-2024-6387 in net-misc/openssh.

cos-101-17162-463-55

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.256.02(default),v550.90.07(latest)

Fixed CVE-2024-38662 in the Linux kernel.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_rto_min_us: 200000

Fixed CVE-2024-6387 in net-misc/openssh.

Dataflow

Dataflow batch jobs are now cancelled after ten days. Previously, they were cancelled after 30 days. See Quotas and limits.

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.8 (2024-06-26)

Bug Fixes
  • dataflow: Enable new auth lib (b95805f)
Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/datastore

9.1.0 (2024-06-24)

Features
Bug Fixes

Java

Changes for google-cloud-datastore

2.20.2 (2024-06-28)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#1492) (d940c93)
Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2024-26923) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-039 security bulletin.

Google Distributed Cloud (software only) for bare metal

Release 1.16.10

Google Distributed Cloud for bare metal 1.16.10 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.16.10 runs on Kubernetes 1.27.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version.

The following container image security vulnerabilities have been fixed in 1.16.10:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Migrate to Virtual Machines

Generally available: Migrate to Virtual Machines lets you import a virtual disk image to a Compute Engine image. If you have virtual disk images with software and configurations that you need, you can save time by importing these virtual disk images to Compute Engine images, and use this image to create virtual machine instances or persistent disks.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

1.40.0 (2024-06-26)

Features
  • pubsub: Add client ID to initial streaming pull request (#10436) (a3d70ed)
  • pubsub: Add use_topic_schema for Cloud Storage Subscriptions (d6c543c)

Java

Changes for google-cloud-pubsub

1.131.0 (2024-06-25)

Features
  • Add use_topic_schema for Cloud Storage Subscriptions (#2082) (11d67d4)
Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.40.0 (#2087) (26b01c9)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#2088) (aebc3ed)

Public preview: Data publishers can now share Pub/Sub topics and manage subscriptions in Analytics Hub.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.13.2 (2024-06-26)

Bug Fixes
  • secretmanager: Enable new auth lib (b95805f)
Security Command Center

Working with findings and resources in the Security Operations console

Security Command Center Enterprise customers can now work with findings and affected resources using the Security Operations console. For example, you can do the following in the Security Operations console:

  • Filter for findings and resources based on different attributes.
  • Fine-tune your queries.
  • View the details of specific findings and resources.
  • View high-value resources and their attack exposure scores.
  • View the changes to a resource.

This feature is available in Preview.

For more information, see the following:

Sensitive Data Protection

The BELARUS_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Vertex AI Agent Builder

Vertex AI Search: Filter search results by relevance (Public preview)

Each document returned by a search query is given an estimated level of relevance to the query. When you make a query through an API call, you can set a relevance threshold.

Setting a high relevance threshold can greatly reduce the number of documents returned by a query. You can experiment with low, medium, and high thresholds to find the right level for your users.

Filter by relevance is available in Public preview.

For more information, see Filter searches by document-level relevance.

Vertex AI Search: Healthcare search using natural language query with generative AI answers (GA with allowlist)

Healthcare data search using natural language query with generative AI answer is Generally available to select Google customers (GA with allowlist).

For more information, see Search using natural language query with generative AI answer.

June 30, 2024

Dataproc Metastore

Dataproc Metastore managed migrations is generally available (GA)

Dataproc Metastore autoscaling is generally available (GA)

June 28, 2024

Access Context Manager

Generally available: You can now use an internal IP address when specifying an IP address range in basic access levels.

For more information, see Creating a basic access level.

Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26923

For more information, see the GCP-2024-039 security bulletin.

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26923

For more information, see the GCP-2024-039 security bulletin.

Apigee hybrid

hybrid v1.12.1

On June 28, 2024 we released an updated version of the Apigee hybrid software, 1.12.1.

Bug ID Description
347798999 Fixed an issue preventing configuration of forward proxies for OpenTelemetry collector pods.
345501069 Fixed issue with Hybrid Guardrails resource configuration preventing the Guardails pod from starting.
341797795 Autofill the Hybrid Guardrails checkpoint value if a checkpoint is not provided.
340248314 Added support for targetCPUUtilizationPercentage to apigeeIngressGateway and ingressGateways. The default value is 75.
324779388 Improved error handling for backup and restore.
311489774 Removed inclusion of Java in Cassandra client image..
310338146 Fixed invalid download directory output from the create-service-account tool.
300135626 Removed inclusion of Java in Cassandra Backup Utility image.
239523766 Remove "Unable to evaluate jsonVariable, returning null" logging string from ExtractVariables Policy
Bug ID Description
345791712 Security fix for fluent-bit.
This addresses the following vulnerability:
335910066 Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerability:
335909737 Security fixes for apigee-asm-ingress.
This addresses the following vulnerabilities:
335909397 Security fixes for apigee-open-telemetry-collector.
This addresses the following vulnerability:
335908990 Security fixes for apigee-asm-istiod.
This addresses the following vulnerabilities:
335908985 Security fix for apigee-prometheus-adapter.
This addresses the following vulnerabilities: .
335908657 Security fixes for apigee-prom-prometheus.
This addresses the following vulnerabilities:
335908139 Security fix for fluent-bit.
This addresses the following vulnerability:
332821083 Security fix for apigee-operators.
This addresses the following vulnerability:
317528509 Security fixes for apigee-synchronizer.
This addresses the following vulnerabilities:
308835165 Security fix for apigee-synchronizer.
This addresses the following vulnerability:
N/A Security fixes for apigee-asm-ingress.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-asm-istiod.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-cassandra-backup-utility.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-fluent-bit.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prometheus-adapter.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-stackdriver-prometheus-sidecar.
This addresses the following vulnerabilities:

hybrid 1.11.2-hotfix.1

On June 28, 2024 we released an updated version of the Apigee hybrid software, 1.11.2-hotfix.1.

Note: This release reflects a change to the Helm chart templates and not a change to the images. If your hybrid installation is currently on Apigee hybrid v1.11.2, Apply this hotfix with the following steps:

  1. In your overrides file, update the ao.image url and tag:

    ao:
      image:
        url: "gcr.io/apigee-release/hybrid/apigee-operators"
        tag: "1.11.2-hotfix.1"
    
  2. Install the hotfix release:

    • For Helm-managed releases, update the apigee-operator with the helm upgrade command and your current overrides files:

      helm upgrade operator apigee-operator/ \
        --namespace apigee-system \
        --atomic \
        -f overrides.yaml 
      
    • For apigeectl-managed releases, install the hotfix release with apigeectl init using your updated overrides files:

      ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE --dry-run=client 
      

      Followed by:

      ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE 
      
Bug ID Description
347997965 Upgrading to Apigee Hybrid 1.11.2 and 1.10.5 can cause missing metrics.

hybrid 1.10.5-hotfix.1

On June 28, 2024 we released an updated version of the Apigee hybrid software, 1.10.5-hotfix.1.

Note: This release reflects a change to the Helm chart templates and not a change to the images. If your hybrid installation is currently on Apigee hybrid v1.10.5, Apply this hotfix with the following steps:

  1. In your overrides file, update the ao.image url and tag:

    ao:
      image:
        url: "gcr.io/apigee-release/hybrid/apigee-operators"
        tag: "1.10.5-hotfix.1"
    
  2. Install the hotfix release with apigeectl init using your updated overrides files:

    ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE --dry-run=client 
    

    Followed by:

    ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE 
    
Bug ID Description
347997965 Upgrading to Apigee Hybrid 1.11.2 and 1.10.5 can cause missing metrics.
Cloud Data Fusion

The Cloud Storage Multi File sink plugin version 0.23.2 is available in Cloud Data Fusion version 6.10.1 and later. The release fixes an issue in the Cloud Storage Multi File sink causing pipelines to fail when the Flexible schema property was set to true (PLUGIN-1780).

Cloud Functions

Cloud Functions 1st gen and 2nd gen now support custom service accounts for Cloud Build at the General Availability release level.

Cloud Storage

You can now specify the Frankfurt, Germany (europe-west3) and Paris, France (europe-west9) regions when using regional endpoints.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.108-debian10, 2.0.108-rocky8, 2.0.108-ubuntu18
  • 2.1.56-debian11, 2.1.56-rocky8, 2.1.56-ubuntu20, 2.1.56-ubuntu20-arm
  • 2.2.22-debian12, 2.2.22-rocky9, 2.2.22-ubuntu22

Backported fixes for HIVE-25958 and HIVE-20220 (new configuration hive.groupby.enable.deterministic.distribution=false/true).

Firestore

Scheduled backups are now available in GA.

Firestore in Datastore mode

Scheduled backups are now available in GA.

Generative AI on Vertex AI

The following models have been added to Model Garden:

For more information, see the Hugging Face model deployment in the console.

Launched Hex-LLM for high-efficiency large language model serving. This performant TPU serving solution is based on XLA and optimized kernels to achieve high throughput and low latency.

Hex-LLM uses several parallelism strategies for multiple TPU chips, quantizations, dynamic LoRA, and more. Hex-LLM supports the following dense and sparse LLMs:

  • Gemma 2B and 7B
  • Gemma 2 9B and 27B
  • Llama 2 7B, 13B and 70B
  • Llama 3 8B and 70B
  • Mistral 7B and Mixtral 8x7B
  • Updated Docker images in Llama 3 notebooks that are more efficient at tuning.
  • A notebook-based interactive workshop UI was added in Model Garden for image generative models such as stable-diffusion-xl-base, image inpainting, controlnet. You can find these models from the Open Notebook list.
  • Colab Notebooks for frequently used models in Model Garden have been revised with no-code or low-code implementations to improve accessibility and user experience.
Google Cloud Architecture Center

(New guide) Migrate from AWS to Google Cloud: Migrate from Amazon RDS for SQL Server to Cloud SQL for SQL Server: Describes how to design, implement, and validate a plan to migrate from Amazon Relational Database Service (RDS) to Cloud SQL for SQL Server.

Google Cloud Deploy

You can now set the logging level to debug, or the equivalent, for Skaffold, gcloud, and kubectl, using the verbose flag in each target's execution environment.

Google Kubernetes Engine

Resource requests for anetd Pods have been increased from 200mil CPU and 110m memory to 205mil CPU and 230m memory. In some cases, if the CPU and memory budgets on the nodes are limited, GKE might evict workloads to facilitate anetd during control plane upgrades. This can occur if your clusters are being upgraded from earlier versions to one of the following versions:

  • 1.28.5-gke.1217000 and later
  • 1.29 and later
  • 1.30 and later

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26923

For more information, see the GCP-2024-039 security bulletin.

Google SecOps SOAR

Release 6.3.8 is now in General Availability.

Remote Agents Release 2.0.1 is now in General Availability. Note that the version number has changed from 2.0.0 to 2.0.1.
This Release Note is incorrect; see entry for July 2, 2024.

Identity-Aware Proxy

On February 14, 2024, the Cloud Audit Logging (CAL) type was inadvertently changed from DATA_ACCESS to ADMIN_ACTIVITY. This change causes a change in the log name and log bucket location for the UpdateIapSettings and ValidateIapAttributeExpression methods.

The CAL type has been changed back to DATA_ACCESS.

Sensitive Data Protection

Terraform support

You can now use Terraform to create and manage scan configurations. Terraform management of discovery scan configurations is supported for BigQuery data, Cloud SQL data, and secrets in Cloud Functions environment variables. For a detailed reference document about Terraform resources, see data_loss_prevention_discovery_config in the Terraform documentation.

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-spanner

6.68.0 (2024-05-27)

Features
  • Allow passing libraries_bom_version from env (#1967) (#3112) (7d5a52c)
  • Allow DML batches in transactions to execute analyzeUpdate (#3114) (dee7cda)
  • spanner: Add support for Proto Columns in Connection API (#3123) (7e7c814)
Bug Fixes
  • Allow getMetadata() calls before calling next() (#3111) (39902c3)
Dependencies
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.2 (#3117) (ddebbbb)

6.69.0 (2024-06-12)

Features
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.31.0 (#3159) (1ee19d1)

Python

Changes for google-cloud-spanner

3.47.0 (2024-05-22)

Features
Vertex AI

Vertex AI custom training on TPU VMs support customer managed encryption keys (CMEK).

Virtual Private Cloud

Bring your own IP does not support creating BYOIP addresses in Shared VPC service projects. This limitation is documented, but was previously not enforced. Enforcement has been added to prevent the creation of BYOIP addresses in service projects. If you're using bring your own IP with Shared VPC, use the project architecture described in BYOIP addresses administration with Shared VPC.

June 27, 2024

Anthos Config Management

Reverted an undocumented change to a metric name. The Cloud Monitoring metric current_declared_resources (introduced in version 1.16.1) has been renamed to its original name, declared_resources. For reference see Monitor Config Sync with Cloud Monitoring.

Upgraded the Open Telemetry image from v0.99.0 to v0.102.0 to pick up vulnerability fixes. To understand the changes in each release, review the full changelog for opentelemetry-collector-contrib.

Resolved an issue that prevented the declared_resources metric from decrementing when an object became unmanaged by Config Sync.

Apigee Advanced API Security

On June 27, 2024 we released a new version of Advanced API Security

Rollouts of this feature are ongoing and will take multiple days to complete across all Google Cloud zones. You might not be able to use the functionality until the rollout is complete.

Preview release of generative AI incident report summaries

This release introduces the preview release of generative AI summaries and recommendations for Advanced API Security Abuse Detection incidents. The new generative AI features are available for all Advanced API Security-enabled projects and do not require the Gemini Code Assist add-on.

For usage information, see the Abuse Detection customer documentation.

Apigee X

On June 27, 2024, we released an updated version of Apigee.

Apigee is now available in new regions:

  • Europe - Berlin (europe-west10)
  • Africa - Johannesburg (africa-south1)

See Apigee locations for more information about available regions.

Backup for GKE

Backup for GKE now supports creating a backup plan when creating a cluster.

BigQuery

You can now use tags on BigQuery tables to conditionally grant or deny access with Identity and Access Management (IAM) policies. This feature is generally available (GA). You can also attach tags to BigQuery datasets during dataset creation to conditionally grant or deny access with IAM policies.

Cloud Functions

To simplify searches and improve your documentation experience, we have split the 1st generation and 2nd generation documentation into separate documentation sets.

Cloud Run

The following IAM roles are now available in preview:

Cloud Service Mesh

1.21.4-asm.0 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for a security vulnerability where the Datadog tracer does not handle trace headers with unicode characters. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.21.4-asm.0 uses Envoy v1.29.6.

Dialogflow

Dialogflow ES: As of May 27 2024, Twilio no longer supports integrations with Dialogflow ES. For more details and information about migrating to Dialogflow CX, see the Twilio documentation.

Dialogflow CX: The gemini-1.5-flash generative model is now available for the generators feature.

Generative AI on Vertex AI

Context caching is available for Gemini 1.5 Pro. Use context caching to reduce the cost of requests that contain repeat content with high input token counts. For more information, see Context caching overview.

Google Cloud Armor

Cloud Armor supports IP address groups in Preview.

Google Cloud Deploy

Cloud Deploy now supports deploying using a proxy for Google Kubernetes Engine targets. Learn more.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.29.200-gke.242 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.200-gke.242 runs on Kubernetes v1.29.5-gke.800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following issues are fixed in 1.29.200-gke.242:

  • Fixed the known issue that caused cluster creation to fail because the control plane VIP was in a different subnet from other cluster nodes.
  • Fixed the known issue where the Binary Authorization webook blocked the CNI plugin, which caused user cluster creation to stall.
  • Fixed the known issue that caused the Connect Agent to lose connection to Google Cloud after a non-HA to HA admin cluster migration.
  • Fixed the known issue that caused an admin cluster upgrade to fail for clusters created on versions 1.10 or earlier.
  • Added back the CNI binaries to the OS image so that multiple network interfaces with standard CNI will work (see this known issue).

The following vulnerabilities are fixed in 1.29.200-gke.242:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.29.200-gke.243

Google Distributed Cloud for bare metal 1.29.200-gke.243 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.200-gke.243 runs on Kubernetes 1.29.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

  • Updated registry mirror support to allow you to specify a port for host addresses.

  • Updated the networking preflight check to verify that either the ip_tables or the nf_tables kernel module is available for loading, instead of being explicitly loaded.

  • Added support for Red Hat Enterprise Linux 8.10 for Google Distributed Cloud software version 1.29.200-gke.243 and higher.

Fixes:

  • Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version.

  • Fixed an issue where service accounts created by using the --create-service-accounts flag with the bmctl create config command don't have enough permissions.

The following container image security vulnerabilities have been fixed in 1.29.200-gke.243

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26924

For more information, see the GCP-2024-038 security bulletin.

Google SecOps SOAR

Release 6.3.9 is currently in Preview.

Case List preferences are now saved permanently per user. This includes column selection, order of columns, and sorting within columns.

Environment table column width display issue when using dynamic parameters with many characters (ID #51611835)

Editing or saving any step in the playbook resets the view to zoom out (ID #00162859, #48257046)

Managed Kafka

Client library samples for Java and Go are now added to all relevant pages. For more information, see Apache Kafka for BigQuery client libraries.

Network Connectivity Center

Route exchange with VPC spokes is now available in public preview.

This feature lets you lets you connect VPC spokes and hybrid spokes, such as Cloud Interconnect VLAN attachments, HA VPN tunnels, and Router appliance VMs on the same hub.

SAP on Google Cloud

New SAP certification: 16 TB X4 bare metal machine type

The Compute Engine memory-optimized bare metal machine type x4-megamem-960-metal is generally available (GA) and certified by SAP for use with SAP HANA scale-up (OLAP and OLTP) and SAP NetWeaver workloads.

For more information, see:

Google Cloud's Agent for SAP version 3.4

Version 3.4 of Google Cloud's Agent for SAP is generally available (GA). This version introduces a workload performance diagnostic tool, and enhancements to the Backint and disk snapshot features.

For more information, see What's new with Google Cloud's Agent for SAP.

Sensitive Data Protection

The INDIA_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

If you set InfoType.version to latest when including the PHONE_NUMBER infoType in your InspectConfig, Sensitive Data Protection will now include US_TOLLFREE_PHONE_NUMBER findings as type PHONE_NUMBER in the scan results.

You can still use the old functionality by setting InfoType.version to stable or leaving it unset when using the PHONE_NUMBER infoType. In 30 days, the new functionality will be promoted to stable.

VPC Service Controls

VPC Service Controls feature: Support for using an internal IP address to allow access to protected resources is generally available.

For more information, see Allow access to protected resources from an internal IP address. Make sure that you read the updated Limitations section before using this feature.

Vertex AI Agent Builder

Vertex AI Search: Connect BigQuery datasets to Vertex AI Search (Public preview)

You can create Vertex AI Search data stores that periodically sync with data in BigQuery datasets. You can choose how often you want to update your data stores: every day, every 3 days, or every 5 days.

Synchronizing BigQuery data to Vertex AI Search is available in Public preview.

For more information, see Import from BigQuery.

June 26, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-52654
  • CVE-2023-52656

For more information, see the GCP-2024-041 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26924

For more information, see the GCP-2024-038 security bulletin.

Apigee X

On June 26, 2024, we released an updated version of Apigee (1-12-0-apigee-7).

Bug ID Description
N/A Upgraded infrastructure and libraries.

These issues were fixed in 1-12-0-apigee-4-hotfix and are included in this release:

Bug ID Description
337876238, 330314128, 333762214 Resolved issues resulting in an increase in 404/503 responses.

Upgraded storage for the Apigee router to the latest version to resolve 404 responses.

Adjusted traffic weight and delays in the older replica set to handle traffic divergence during the release process to address any 5xx responses.

335832119 Fixed 404 errors caused during Apigee instance update/rollback.
255772956 Turned off asynchronous services callout when the <Response> element is not present due to inconsistent scaling of runtime pods.
338717278 Reverted problematic commit to address thread pool exhaustion.
App Hub

App Hub support is available in the asia-east2 (Hong Kong) and europe-west3 (Frankfurt, Germany) regions.

Cloud Logging

You can now analyze your billable log volume when using Log Analytics. This feature is in Public Preview. For more information, see Analyze log volume with Log Analytics.

Cloud Monitoring

You can now configure your dashboards to show disruptions in Google Cloud Services. This feature is GA. For more information, see the following pages:

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.67
  • 1.2.11
  • 2.0.75
  • 2.2.11

Dataproc Serverless for Spark: To fix compatibility with open table formats (Apache Iceberg, Apache Hudi and Delta Lake), the ANTLR version downgraded from 4.13.1 to 4.9.3 in Dataproc Serverless for Spark runtime versions 1.2 and 2.2.

Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2024-26924) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-038 security bulletin.

Google Kubernetes Engine

(2024-R21) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.27.13-gke.1070000 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.11-gke.1062004
    • 1.28.9-gke.1000000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1069000 with this release.

Regular channel

Rapid channel

  • Version 1.30.1-gke.1329000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1436000
    • 1.27.14-gke.1042000
    • 1.27.14-gke.1093000
    • 1.28.10-gke.1075000
    • 1.28.10-gke.1141000
    • 1.29.5-gke.1121000
    • 1.29.5-gke.1192000
    • 1.30.1-gke.1156000
    • 1.30.1-gke.1500000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1404000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1404000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1059000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1089000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1329000 with this release.

(2024-R21) Version updates

  • Version 1.30.1-gke.1329000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1436000
    • 1.27.14-gke.1042000
    • 1.27.14-gke.1093000
    • 1.28.10-gke.1075000
    • 1.28.10-gke.1141000
    • 1.29.5-gke.1121000
    • 1.29.5-gke.1192000
    • 1.30.1-gke.1156000
    • 1.30.1-gke.1500000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1404000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1404000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1059000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1089000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1329000 with this release.

(2024-R21) Version updates

(2024-R21) Version updates

  • Version 1.27.13-gke.1070000 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.11-gke.1062004
    • 1.28.9-gke.1000000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1069000 with this release.

(2024-R21) Version updates

Google SecOps

You can use the BindPlane agent to collect Windows event logs, query SQL databases, read logs from files, and receive logs using syslog. The agent sends data directly to the Google Security Operations ingestion API or to a Google SecOps forwarder. For more information, see Use the BindPlane agent.

Google SecOps SIEM

You can use the BindPlane agent to collect Windows event logs, query SQL databases, read logs from files, and receive logs using syslog. The agent sends data directly to the Google Security Operations ingestion API or to a Google SecOps forwarder. For more information, see Use the BindPlane agent.

June 25, 2024

AlloyDB for PostgreSQL

AlloyDB Omni version 15.5.4 is generally available (GA). This version includes the following features and changes:

  • The simplified installation method for AlloyDB Omni is now generally available (GA). You can install and manage your AlloyDB Omni installation using common container-management tools such as Docker. For information on upgrading an existing AlloyDB Omni installation, see Migrate from an earlier version of AlloyDB Omni to the latest version.
  • AlloyDB Omni supports the Podman container tool on Red Hat Enterprise Linux (RHEL).
  • Support for Arm-based architectures is now available in Preview.
  • Various bug fixes and performance improvements.
BigQuery

You can now use the BigQuery JupyterLab plugin to explore your data, use BigQuery DataFrames in a Jupyter notebook, and deploy a BigQuery DataFrames notebook to Cloud Composer. This feature is in preview.

Cloud Build

Cloud Build support for Supply-chain Levels for Software Artifacts (SLSA) version 1.0 compliant provenance is now generally available to help you safeguard your automated build pipelines.

Build provenance is verifiable metadata that you can use to audit builds. Cloud Build can generate provenance aligned with the SLSA v1.0 spec when you use the option requestedVerifyOption with triggered builds.

Learn how to use build provenance in Cloud Build.

Cloud Composer

Cloud Composer is now available in Johannesburg (africa-south1).

Cloud Logging

Ops Agent version 2.48.0 introduces support for Compute Engine VMs that are running Deep Learning VM Images based on Debian 11 (Bullseye). For more information, see Operating systems.

Cloud Monitoring

Ops Agent version 2.48.0 introduces support for Compute Engine VMs that are running Deep Learning VM Images based on Debian 11 (Bullseye). For more information, see Operating systems.

Config Controller

Config Controller is now supported in regions europe-west8, us-central2 and us-east7.

Config Controller now uses the following versions of its included products:

Dataproc

The Dataproc Component Gateway is now activated by default when you create a Dataproc on Compute Engine cluster using the Google Cloud console.

Generative AI on Vertex AI

Controlled generation is available on Gemini 1.5 Pro and supports the JSON schema. For more information, see Control generated output.

Google Cloud Armor

Cloud Armor support for Layer 7 filtering in globally scoped edge security policies for Media CDN is now Generally Available.

Media CDN

Globally scoped Cloud Armor edge security policies for Layer 7 filtering are now Generally Available. For an example, see Example: Deny requests for cached content with specific headers.

NetApp Volumes

NetApp Volumes now supports committed use discounts (CUDs). For more information, see NetApp Volumes committed use discounts.

Security Command Center

Introducing the Security Command Center Risk Engine

Security Command Center introduces Risk Engine as the name of the functionality that provides attack path simulations, attack exposure scores, attack path visualizations, and toxic combination findings.

For more information, see Assess risk with Risk Engine.

Toxic combination findings release to Preview

In the Enterprise tier of Security Command Center, the Risk Engine generates a finding when it detects a toxic combination during attack path simulations. A toxic combination is a group of security issues that, when they occur together in a particular pattern, create a path to one or more of your high-value resources.

The toxic combinations features introduces a new finding class, Toxic combination, and adds new fields in the Finding object to hold information about toxic combinations.

For more information, see Overview of toxic combinations.

UPDATE: The Preview release of the toxic combination feature is being rolled out to customers in stages. You might not receive toxic combination findings or see the new features in the Security Operations console for up to two weeks.

The release note for the toxic combination feature published on June 25, 2024 was updated to explain the staged release of the feature.

Install new version of the Security Command Center Enterprise use case

The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise. The new use case, identified by date, June 25, 2024, introduces new widgets, new playbooks, and other enhancements to support the management of toxic combination findings and cases in the Security Operations console.

For installation instructions, see Update Enterprise use case, June 2024.

June 24, 2024

Access Approval

Access Approval supports Apigee in the GA stage.

Access Transparency

Access Transparency supports Apigee in the GA stage.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigquery

3.25.0 (2024-06-17)

Features
  • Add prefer_bqstorage_client option for Connection (#1945) (bfdeb3f)
  • Support load job option ColumnNameCharacterMap (#1952) (7e522ee)
Bug Fixes
  • Do not overwrite page_size with max_results when start_index is set (#1956) (7d0fcee)
Certificate Authority Service

Certificate Authority Service is now available in the following region:

  • africa-south1

For more information, see Certificate Authority Service locations.

Cloud Billing

Avoid getting charged for idle Compute Engine reservations in the FinOps hub

You can now get recommendations to modify or delete your idle, on-demand reservations for Compute Engine resources when you haven't consumed any resources for at least 7 days.

Learn about idle reservation recommendations.

Cloud Functions

Cloud Functions (2nd gen) now supports fully automatic security updates. For details, see the document Execution environment security.

Cloud Logging

Gauges and scorecards are now available to visualize the results of your SQL queries. For more information, see Chart query results with Log Analytics.

Cloud Monitoring

You can now configure your dashboards to show when incidents were opened. For more information, see Alert events.

Cloud SQL for MySQL

You can now upgrade the network architecture of Cloud SQL for MySQL instances that store transaction logs used for point-in-time recovery (PITR) in Cloud Storage. The previous limitation on upgrade of such instances is removed. To check where your MySQL instance stores its PITR logs, see Check the storage location of transaction logs used for PITR.

For more information about upgrading your network architecture, see Upgrade an instance to the new network architecture.

Container Optimized OS

cos-dev-117-18514-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.34 v24.0.9 v2.0.0rc2 v535.183.01(default),v550.90.07(latest)

Disabled default automatic updates. Automatic updates must now be explicitly enabled by setting the cos-update-strategy metadata to "update_enabled".

Updated R550, latest driver to v550.90.07.This fixes CVE‑2024‑0090, CVE‑2024‑0091 and CVE‑2024‑0092.

Updated R535, default driver to v535.183.01.This fixes CVE‑2024‑0090 and CVE‑2024‑0092.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_backlog_ack_defer: 1
  • Changed: fs.epoll.max_user_watches: 1809452 -> 1809007
  • Changed: fs.fanotify.max_user_marks: 67560 -> 67544
  • Changed: fs.file-max: 811880 -> 811785
  • Changed: fs.inotify.max_user_watches: 63441 -> 63425
  • Changed: kernel.threads-max: 63503 -> 63487
  • Changed: net.core.optmem_max: 20480 -> 131072
  • Changed: net.ipv4.tcp_mem: 94065 125423 188130 -> 94041 125391 188082
  • Changed: net.ipv4.udp_mem: 188133 250847 376266 -> 188085 250783 376170
  • Changed: user.max_cgroup_namespaces: 31751 -> 31743
  • Changed: user.max_fanotify_marks: 67560 -> 67544
  • Changed: user.max_inotify_watches: 63441 -> 63425
  • Changed: user.max_ipc_namespaces: 31751 -> 31743
  • Changed: user.max_mnt_namespaces: 31751 -> 31743
  • Changed: user.max_net_namespaces: 31751 -> 31743
  • Changed: user.max_pid_namespaces: 31751 -> 31743
  • Changed: user.max_time_namespaces: 31751 -> 31743
  • Changed: user.max_user_namespaces: 31751 -> 31743
  • Changed: user.max_uts_namespaces: 31751 -> 31743
  • Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0

cos-105-17412-370-61

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.256.02(default),v550.90.07(latest)

Fixed CVE-2024-26584 in the Linux kernel.

Fixed CVE-2024-26583 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812704 -> 812707

Fixed a crash in the Linux kernel.

cos-113-18244-85-39

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Added support for TPU v6 devices.

Runtime sysctl changes:

  • Changed: fs.file-max: 812036 -> 812039

Fixed a crash in the Linux kernel.

cos-109-17800-218-62

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Runtime sysctl changes:

  • Changed: fs.file-max: 812259 -> 812261

Fixed a crash in the Linux kernel.

cos-101-17162-463-51

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.256.02(default),v550.90.07(latest)

Fixed upload throughput in gVisor container in gVNIC.

Fixed a crash in the Linux kernel.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.107-debian10, 2.0.107-rocky8, 2.0.107-ubuntu18
  • 2.1.55-debian11, 2.1.55-rocky8, 2.1.55-ubuntu20, 2.1.55-ubuntu20-arm
  • 2.2.21-debian12, 2.2.21-rocky9, 2.2.21-ubuntu22
Google SecOps

You can now configure Cloud Identity or Google Workspace as an identity provider during the Google Security Operations onboarding steps. For more information about onboarding, see Onboarding or migrating a Google Security Operations instance.

During the Google Security Operations onboarding steps, you can now specify identity provider groups that include administrators who configure user access to SOAR-related features. For more information, see Link Google SecOps to Google Cloud services.

Google SecOps SIEM

You can now configure Cloud Identity or Google Workspace as an identity provider during the Google Security Operations onboarding steps. For more information about onboarding, see Onboarding or migrating a Google Security Operations instance.

During the Google Security Operations onboarding steps, you can now specify identity provider groups that include administrators who configure user access to SOAR-related features. For more information, see Link Google SecOps to Google Cloud services.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

1.39.0 (2024-06-18)

Features
  • pubsub/pstest: Add support to register other servers into grpc.Server (#9722) (db8216e)
  • pubsub: Add service_account_email for export subscriptions (92dc381)
  • pubsub: Batch receipt modacks (#10234) (4c2cd10)
  • pubsub: Make lease management RPCs concurrent (#10238) (426a8c2)
Bug Fixes

Python

Changes for google-cloud-pubsub

2.21.5 (2024-06-20)

Bug Fixes

2.21.4 (2024-06-18)

Documentation
  • samples: Add code sample for optimistic subscribe (#1182) (d8e8aa5)
Sensitive Data Protection

The RELIGIOUS_TERM infoType detector is available in Preview in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

A new detection model is available for the ORGANIZATION_NAME infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version to latest when including the ORGANIZATION_NAME infoType in your InspectConfig.

You can still use the old model by setting InfoType.version to stable or leaving it unset when using the ORGANIZATION_NAME infoType. In 30 days, the new model will be promoted to stable.

Vertex AI Agent Builder

Vertex AI Search: Check ingested data quality for media recommendations (Public preview)

You can check the quality of your ingested data for media recommendations.

By running the Public preview requirements:checkRequirement method, you find out if your data store meets the minimum quality requirements for your recommendations app. If your data doesn't meet the minimum threshold for the key metrics for your model and objective, you receive a warning about the issues. Address the issues and rerun the check.

For more information, see Check data quality for media recommendations.

June 21, 2024

BigQuery

The BigQuery migration assessment for Amazon Redshift is now generally available (GA). You can use this feature to assess the complexity of migrating from your Amazon Redshift data warehouse to BigQuery.

Cloud SQL for PostgreSQL

You can now use the in-place major version upgrade feature to upgrade your Cloud SQL for PostgreSQL instance to PostgreSQL 16.

Dataflow

Dataflow SQL is deprecated. As of July 31, 2024, you can't access Dataflow SQL in the Google Cloud console. As of January 31, 2025, you can't use Dataflow SQL in the Google Cloud CLI. As a replacement, use Beam SQL.

Dataform

The 3.0.0 version of the open-source Dataform framework is available.

The workflow_settings.yaml file, which was introduced in Dataform Core 3.0.0-beta.0, replaces dataform.json.

You can specify the Dataform Core version directly in the workflow_settings.yaml file, which removes the need for package.json for most repositories. To have package dependencies other than @dataform/core, the package.json file is still required.

No immediate action to convert existing Dataform code is required. You can continue to use dataform.json and package.json in existing repositories.

You can convert your dataform.json file into workflow_settings.yaml by following the instructions in the 3.0.0 GitHub release.

New repositories use workflow_settings.yaml by default. You can replace the workflow_settings.yaml file with dataform.json to continue using the JSON format. If you remove workflow_settings.yaml, you need to add a package.json file to your repository to install @dataform/core.

For more information, see the 3.0.0 release on GitHub.

Dataproc

Dataproc Serverless for Spark: To fix compatibility with open table formats (Apache Iceberg, Apache Hudi and Delta Lake), the ANTLR version will be downgraded from 4.13.1 to 4.9.3 in Dataproc Serverless for Spark runtime versions 1.2 and 2.2 on June 26, 2024.

Datastream

Datastream now supports the change tables CDC method for SQL Server sources. For more information, see the Source SQL Server database page.

Deep Learning Containers

M122 release

  • TensorFlow 2.16 container images are now available.
  • PyTorch Inference 2.2 GPU container images are now available.
  • PyTorch Inference 2.2 CPU container images are now available.
Deep Learning VM Images

M122 release

  • Updated Nvidia drivers to version 550.90.07 to fix vulnerabilities.
Google SecOps SOAR

Release 6.3.7 is now in General Availability.

Sensitive Data Protection

The discovery service of Sensitive Data Protection now supports Cloud Storage. You can run discovery at the organization, folder, or project level to generate data profiles of your Cloud Storage buckets. Data profiles provide metrics and insights about the sensitivity and risk levels of your data to help you plan your data governance workflows.

To get started on profiling Cloud Storage data, see the following:

For more information about sensitive data discovery, see Data profiles.

Vertex AI Agent Builder

Vertex AI Search: Answers with summaries and follow-ups (GA)

The answer API improves on the search with summary and search with follow-ups features. For example, it better handles complex queries and provides customization of answer styles.

The answer API is Generally available (GA). However, the multi-step retrieval functionality remains in Public preview.

For more information, see Get answers and follow-ups.

Vertex AI Search: The answer method can skip irrelevant answers

The answer method can be set to generate an answer only if at least one of the results is deemed relevant.

If you choose to ignore low relevant content and if all the results are deemed irrelevant or almost irrelevant, then the answer method doesn't generate an answer. Instead, a fallback message replaces the answer.

For more information, see Show only relevant answers.

Vertex AI Search: Add structured data for advanced website indexing (Public preview)

If advanced website indexing is enabled in your data store, you can use structured data, such as schema.org data, to enrich your indexing.

For more information, see Use structured data for advanced site indexing.

Vertex AI Search: Generate grounded answers (GA with allowlist)

You can add system instructions as preambles to your prompts. System instructions govern the behavior of the model and modify the output accordingly. For example, you can add a persona to the generated answer or instruct the model to format the output text a certain way.

For more information, see Generate grounded answers.

Vertex AI Search: The generated answer message doesn't contain the name field for synchronous and sessionless queries

The name field is only included in the answer response for session queries and for asynchronous queries. These are stateful and context-aware queries.

If a query is a synchronous and stateless query, the name field is no longer included in the generated answer message.

For more information about the answer method, see Get answers and follow-ups.

Vertex AI Search: Choose when to enable autocomplete

You can choose to enable autocomplete as soon as possible instead of waiting a couple of days for sufficiently good autocomplete data. If you choose to make autocomplete available sooner, at first, you won't get suggestions for all queries and some suggestions might be of poor quality.

For more information, see Enable autocomplete in Update autocomplete settings.

Vertex AI Workbench

M122 release

The M122 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Updated Nvidia drivers to version 550.90.07 to fix vulnerabilities.

M122 release

The M122 release of Vertex AI Workbench instances includes the following:

  • Updated Nvidia drivers to version 550.90.07 to fix vulnerabilities.

June 20, 2024

Apigee X

On June 20, 2024, we released an updated version of Apigee.

This release includes a change in the user experience of selecting a physical location for control plane hosting when provisioning a Subscription or Pay-as-you-go Apigee organization with data regionalization enabled.

The new provisioning experience provides the opportunity to select a control plane hosting jurisdiction that refers to a location within a geopolitical boundary that may span more than one region. For more information, see Select an Apigee API control plane hosting jurisdiction.

Assured Workloads

During the Regional Controls Public Preview, the ComplianceRegime enum value has changed from FREE_REGIONS to REGIONAL_CONTROLS. When using the REST API, Terraform, or gcloud, ensure that you use the new REGIONAL_CONTROLS value. This change does not impact existing Assured Workloads folders that were created using the old value. However, areas with potential impact include the following:

Cloud Composer

​​We are thrilled to announce the Public Preview launch of the new generation of Cloud Composer, Cloud Composer 3. The new version is now publicly available in all regions supported by Cloud Composer. It comes with a number of new features and characteristics:

  • All infrastructure hidden in a tenant project
  • Evergreen versioning
  • Simplified networking configuration
  • Improved performance
  • More reliable DAG parsing and scheduling as DAG Processor and Schedulers are now separate components
  • 10 times bigger storage for Airflow workers

As well as most functionalities already known from the previous Composer versions. To see the list of features already supported by Composer 3, see Comparison of Cloud Composer versions.

(Airflow 2.7.3) New operators for executing jobs in Google Kubernetes Engine and Kubernetes are available. For example, you can use these operators with Kueue.

Operators for Google Kubernetes Engine:

  • GKEStartJobOperator
  • GKEStartKueueInsideClusterOperator
  • GKEDescribeJobOperator
  • GKEListJobsOperator
  • GKECreateCustomResourceOperator
  • GKEDeleteCustomResourceOperator
  • GKEStartKueueJobOperator
  • GKEDeleteJobOperator
  • GKESuspendJobOperator
  • GKEResumeJobOperator

Operators for Kubernetes:

  • KubernetesJobOperator
  • KubernetesPatchJobOperator
  • KubernetesDeleteJobOperator

(Airflow 2.7.3) The apache-airflow-providers-google package was upgraded to version 10.18.0. For more information about changes, see the apache-airflow-providers-google changelog from version 10.17.0 to version 10.18.0.

(Airflow 2.7.3) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 8.3.1.

(Airflow 2.7.3) The apache-beam package was upgraded to version 2.56.0.

A new Airflow build is available in Cloud Composer 3:

  • composer-3-airflow-2.7.3-build.6

Cloud Composer 2.8.3 images are available:

  • composer-2.8.3-airflow-2.7.3 (default)
  • composer-2.8.3-airflow-2.6.3

Cloud Composer versions 2.3.2, 2.3.1, and 2.3.0 have reached their end of full support period.

Cloud Composer 2.8.3 is a version with an extended upgrade timeline.

Cloud Data Fusion

The Oracle sink plugin version 1.10.7 is available in Cloud Data Fusion version 6.9. The release fixes an issue in the Oracle sink causing null values to be assigned to fields in the input schema that have lowercase letters in the field name (PLUGIN-1793).

Cloud Domains

You can migrate your Google Domains DNS settings and export your domain and email forwarding configurations if you use Google Domains as your DNS provider. For more information, see Migrate Google Domains DNS settings.

Cloud SQL for MySQL

You can now use the gcloud sql instances describe command or the SQL Admin API to retrieve a list of database versions that are available to your MySQL instance for upgrade. For more information, see Plan a major version upgrade and Upgrade the database minor version.

Cloud SQL for PostgreSQL

You can now use the gcloud sql instances describe command or the SQL Admin API to retrieve a list of database versions that are available to your PostgreSQL instance for upgrade. For more information, see Plan a major version upgrade.

Cloud SQL for SQL Server

You can now use the gcloud sql instances describe command or the SQL Admin API to retrieve a list of database versions that are available to your SQL Server instance for upgrade. For more information, see Plan a major version upgrade.

Dataproc

Dataproc Serverless for Spark: Spark runtime version 2.2 will become the default Dataproc Serverless for Spark runtime version on August 1, 2024.

New Dataproc Serverless for Spark runtime versions:

  • 1.1.66
  • 1.2.10
  • 2.0.74
  • 2.2.10
Generative AI on Vertex AI

The Anthropic Claude Sonnet 3.5 is Generally Available. To learn more, view the Claude Sonnet 3.5 model card in Model Garden.

Google SecOps SOAR

Release 6.3.8 is currently in Preview.

When running an imported playbook with an assigned user that doesn't exist, the playbook stops working when it gets to manual actions. (ID #00290960)

Entity properties not showing in the platform if the key name contains the time string (ID #51599403)

Network Connectivity Center

Include export filters is now available in public preview.

This feature lets you limit connectivity by specifying a list of permitted CIDR ranges, thereby blocking all but the permitted IP address ranges.

Spanner

Named schemas is now generally available. With named schemas, you can group database objects in a namespace to avoid naming conflicts and collectively manage their FGAC permissions, see Named schemas.

Vertex AI

Vertex AI custom training supports TPU v5e in us-central1. For details, see Vertex AI locations.

June 19, 2024

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud VPN

Cloud VPN lets you connect two VPC networks in different regions by using HA VPN gateways.

For more information, see HA VPN topologies.

Datastream

Datastream now supports the append-only write mode when ingesting data to BigQuery. For more information, see Configure write mode.

reCAPTCHA

reCAPTCHA Enterprise Mobile SDK v18.6.0-beta01 is now available for Android.

This version contains the following changes:

  • A new API, fetchClient, is available that provides built-in retries for network issues.
  • Bug fixes and improvements.

June 18, 2024

App Engine flexible environment Ruby

Ruby 3.3 is now available in preview.

App Engine standard environment Ruby

Ruby 3.3 is now available in preview.

BigQuery

Additional collation support for the NULLIF conditional expression has been added. The NULLIF conditional expression is now affected by collation and can be used in collation-supported comparisons with the STRUCT data type. This feature is generally available (GA).

Cloud Functions

Cloud Functions has added support for a new runtime, Ruby 3.3, at the Preview release level.

You can now enable execution ID in the logs for 2nd gen Python functions that use functions-framework >= 3.7.0 and 2nd gen Node.js functions that use functions-framework >= 3.4.0 by setting the runtime environment variable LOG_EXECUTION_ID to true.

Cloud Storage

Hierarchical namespace for Cloud Storage buckets is now available in Preview. With hierarchical namespace, you can store your data in a logical file system structure.

Renaming a folder in a bucket with hierarchical namespace enabled using command line is not supported.

Cloud Storage FUSE now offers list caching, which is a cache for directory and file list, or ls, responses that improves list operation speeds. To learn more about list caching and how to enable it, see the Cloud Storage FUSE caching overview page.

Compute Engine

Preemptible allocation quotas also apply to some temporary GPU VMs. This behavior can help you improve quota obtainability for temporary GPU VMs while maintaining the benefits of uninterrupted run time of the standard provisioning model. For more information, see GPU VMs and preemptible allocation quotas.

The issue related to creating C2 sole tenant nodes with more than 60 CPUs.

Confidential VM

Support for AMD SEV-SNP on Confidential VM instances is now generally available. AMD SEV-SNP is supported on N2D machine types with AMD EPYC Milan CPU platforms.

Config Connector

Config Connector version 1.119.0 is now available.

Added options to customize resource reconciliation for ConfigConnector

  • Added a new ControllerReconciler CRD (v1alpha1). See example.
  • This feature lets you customize the client-side kube-apiserver request rate limit.

The Direct Controller is now the default reconciler

  • Initialize the Direct Controller registration
  • Set the default reconciler to Direct Controller if the ConfigConnector CRD does not have cnrm.cloud.google.com/tf2crd: "true" or cnrm.cloud.google.com/dcl2crd: "true" label.

Added CloudBuildWorkerPool (v1alpha1) resource for service cloudbuild

Added MonitoringDashboard (v1beta1) resource for service monitoring

Added ComputeServiceAttachment (v1beta1) resource for service compute

  • Added ComputeServiceAttachment as dependency of ComputeForwardingRule through spec.target.serviceAttachmentRef.

Added three output-only fields for ContainerCluster

  • Added status.observedState.masterAuth.clusterCaCertificate
  • Added status.observedState.privateClusterConfig.privateEndpoint
  • Added status.observedState.privateClusterConfig.publicEndpoint
Container Optimized OS

cos-dev-117-18508-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.33 v24.0.9 v2.0.0rc2 v535.161.08(default),v550.54.15(latest)

Upgraded containerd to 2.0.0-rc.2

Upgraded app-containers/docker-credential-helpers to v0.8.2.

Upgraded app-admin/google-guest-agent to v20240528.00.

Upgraded app-containers/cni-plugins to v1.5.0.

Upgraded app-admin/google-guest-configs to v20240514.00.

Updated cos-gpu-installer to v2.3.1. This switches the default location of GPU drivers sourced from gs://nvidia-drivers-{region}-public to gs://cos-nvidia-gpu-drivers.

Upgraded app-admin/google-osconfig-agent to v20240501.00.

Upgraded sys-apps/makedumpfile to v1.7.5.

Upgraded app-admin/sosreport to v4.7.1.

Upgraded app-admin/node-problem-detector to v0.8.18.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2430.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2784.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r627.

Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2795.

Upgraded chromeos-base/minijail to v18-r141.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2928.

Upgraded chromeos-base/debugd-client to v0.0.1-r2693.

Upgraded sys-apps/rootdev to v0.0.1-r50.

Upgraded chromeos-base/shill-client to v0.0.1-r4515.

Upgraded dev-util/puffin to v1.0.0-r451.

Upgraded net-dns/c-ares to v1.29.0.

Upgraded dev-libs/double-conversion to v3.3.0.

Upgraded sys-apps/sed to v4.9-r1.

Upgraded sys-process/procps to v4.0.4-r1.

Upgraded dev-libs/nss to v3.100.

Upgraded sys-fs/e2fsprogs to v1.47.0-r3.

Upgraded sys-libs/libcap to v2.70.

Upgraded dev-python/jinja to v3.1.4.

Upgraded sys-apps/pv to v1.8.9.

Upgraded net-libs/gnutls to v3.8.5-r1.

Upgraded sys-apps/hwdata to v0.382.

Upgraded sys-apps/dmidecode to v3.6.

Upgraded sys-fs/xfsprogs to v6.8.0.

Upgraded sys-apps/less to v643-r2.

Upgraded sys-apps/acl to v2.3.2-r1.

Upgraded sys-apps/grep to v3.11-r1.

Upgraded net-misc/curl to v8.8.0.

Upgraded net-libs/libtirpc to v1.3.4-r2.

Upgraded sys-apps/gentoo-functions to v1.6.

Upgraded net-misc/wget to v1.24.5.

Upgraded dev-embedded/libftdi to v1.5-r6.

Upgraded dev-libs/libusb to v1.0.27-r1.

Upgraded sys-libs/timezone-data to v2024a-r1.

Upgraded sys-libs/libcap-ng to v0.8.5.

Updated the Linux kernel to v6.6.33.

Mount efivarfs fs by default on EFI-enabled systems.

Added igzip CLI tool.

Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.

Updated cos-gpu-installer to v2.2.3. New changes in cos-gpu-installer:v2.2.3: 1. Introduced --gcs-download-bucket-nvidia and --gcs-download-prefix-nvidia flags for customizing NVIDIA installer runfile downloads from Google Cloud Storage. 2. Introduced the --target-gpu flag to facilitate precise GPU driver installations when no GPU is attached. 3. Replaced the HTTP client with a Google Cloud Storage client to improve the reliability of NVIDIA OSS installer runfiles downloads. 4. Implemented the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type. (Currently disabled) 5. Fixed an issue in the Google Cloud Storage Object download functionality to automatically remove the empty target file if a download fails. 6. Internal Cleanup: Migrated GPU device-related information to the deviceInfo package. Created a feature flags module in the features package. Added a config reader in the utils module to parse the cos-gpu-config.json.

Removed support for NVIDIA 470 drivers.

Removed net-libs/grpc.

Removed crash-reporter KVM support.

Removed dev-go/grpc.

Fix bug that cause constant restarts in fluent-bit stackdriver plugin.

Updated cos-gpu-installer to v2.3.3 - Resolved potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.

Updated cos-gpu-installer to v2.3.2. Added a validation check to ensure the '--no-verify' flag is specified when the '--target-gpu' flag is used in 'install' command.

Installed the google_optimize_local_ssd script.

Updated Konlet to v.0.12.0. This fixes an iptables compatibility issue.

Upgraded go to version 1.22.3.

Updated dev-go/pprof to v0.0.0_p20230811.

Updated dev-go/go-tools to v0.16.2_p20231218.

Updated dev-go/term to v0.15.0.

Updated dev-go/go-sys to v0.15.0.

Updated dev-go/sync to v0.5.0.

Updated dev-go/mod to v0.14.0.

Updated dev-go/demangle to v0.0.0_p20230524.

Updated dev-go/go-arch to v0.6.0.

Uprev GPU driver version to v470.239.06.

Updated cos-gpu-installer to v2.3.3 - Fix CVEs for cos-gpu-installer: Upgraded golang from 1.16 to 1.22.3, Upgraded google.golang.org/protobuf from v1.28.0 to v1.33.0, Upgraded google.golang.org/grpc from v1.48.0 to v1.56.3.

Fixed CVE-2024-21626 in github.com/opencontainers/runc in kubelet.

Fixed CVE-2023-4641 in sys-apps/shadow.

Fixed CVE-2023-50387, CVE-2023-50868 in sys-apps/systemd.

Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.

Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.

Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.

Fixed CVE-2024-34459 in the libxml2 package.

Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002,CVE-2024-32020,CVE-2024-32465,CVE-2024-32004,CVE-2024-32021.

Fixed CVE-2023-32681 in dev-python/requests.

Fixed CVE-2024-3772 in dev-python/pydantic.

Fixed CVE-2023-5388 in dev-libs/nss.

Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.

Updated net-dns/c-ares to version 1.27. This fixed CVE-2024-25629.

Updated dev-python/pyyaml to version 6.0.1. This fixed CVE-2017-18342, CVE-2020-14343, CVE-2020-1747.

Updated dev-vcs/git to version VERSION. This fixed CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.

Updated net-misc/curl to version 8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.

Updated dev-libs/expat to version 2.6.2. This fixed CVE-2024-28757.

Fixed CVE-2024-28182 in net-libs/nghttp2.

Runtime sysctl changes:

  • Added: dev.tty.legacy_tiocsti: 1
  • Added: kernel.io_uring_group: -1
  • Added: kernel.kexec_load_limit_panic: -1
  • Added: kernel.kexec_load_limit_reboot: -1
  • Added: kernel.loadpin.enforce: 1
  • Added: net.core.mem_pcpu_rsv: 256
  • Added: net.core.rps_default_mask: 00
  • Added: net.ipv4.tcp_plb_cong_thresh: 128
  • Added: net.ipv4.tcp_plb_enabled: 0
  • Added: net.ipv4.tcp_plb_idle_rehash_rounds: 3
  • Added: net.ipv4.tcp_plb_rehash_rounds: 12
  • Added: net.ipv4.tcp_plb_suspend_rto_sec: 60
  • Added: net.ipv4.tcp_syn_linear_timeouts: 4
  • Added: net.ipv4.udp_child_hash_entries: 0
  • Added: net.ipv4.udp_hash_entries: 4096
  • Added: net.ipv6.icmp.error_anycast_as_unicast: 0
  • Added: vm.memfd_noexec: 0
  • Changed: fs.file-max: 812391 -> 811880
  • Changed: net.core.optmem_max: 131072 -> 20480
  • Changed: vm.lowmem_reserve_ratio: 256 256 32 0 0 -> 256 256 32 0
  • Deleted: net.ipv4.tcp_backlog_ack_defer: 1

cos-113-18244-85-36

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Mount efivarfs fs by default on EFI-enabled systems.

Update R550, latest driver to v550.90.07.This fixes CVE‑2024‑0090, CVE‑2024‑0091, CVE‑2024‑0092 Update R535, default driver to v535.183.01.This fixes CVE‑2024‑0090, CVE‑2024‑0092 Update R470 to v470.256.02.This fixes CVE‑2024‑0090, CVE‑2024‑0092

Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.

Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.

Fixes CVE-2024-36902 in the Linux kernel.

Fixes CVE-2024-36938 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812002 -> 812036

cos-101-17162-463-48

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.256.02(default),v550.90.07(latest)

Update R550, latest driver to v550.90.07.This fixes CVE‑2024‑0090, CVE‑2024‑0091, CVE‑2024‑0092 Update R535 to v535.183.01.This fixes CVE‑2024‑0090, CVE‑2024‑0092 Update R470, default driver to v470.256.02.This fixes CVE‑2024‑0090, CVE‑2024‑0092

Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.

Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.

Fixed CVE-2024-26584 in the Linux kernel.

Fixed CVE-2024-26583 in the Linux kernel.

Fixes CVE-2024-36902 in the Linux kernel.

Fixes CVE-2024-36938 in the Linux kernel.

cos-105-17412-370-58

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.256.02(default),v550.90.07(latest)

Update R550, latest driver to v550.90.07.This fixes CVE‑2024‑0090, CVE‑2024‑0091, CVE‑2024‑0092 Update R535 to v535.183.01.This fixes CVE‑2024‑0090, CVE‑2024‑0092 Update R470, default driver to v470.256.02.This fixes CVE‑2024‑0090, CVE‑2024‑0092

Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.

Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.

Fixes CVE-2024-36902 in the Linux kernel.

Fixes CVE-2024-36938 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812695 -> 812704

cos-109-17800-218-61

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Update R550, latest driver to v550.90.07.This fixes CVE‑2024‑0090, CVE‑2024‑0091, CVE‑2024‑0092 Update R535, default driver to v535.183.01.This fixes CVE‑2024‑0090, CVE‑2024‑0092 Update R470 to v470.256.02.This fixes CVE‑2024‑0090, CVE‑2024‑0092

Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.

Fixes CVE-2024-36902 in the Linux kernel.

Fixes CVE-2024-36938 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812271 -> 812259

Google Distributed Cloud (software only) for VMware

A vulnerability, CVE-2024-26584, was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes.

For more information, see the GCP-2024-036 security bulletin.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

  • CVE-2024-26584

For more information, see the GCP-2024-036 security bulletin.

(2024-R20) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1090000
    • 1.27.13-gke.1166000
    • 1.28.9-gke.1209000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1320000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.15-gke.1320000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1201000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.9-gke.1289000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1289000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1381000
    • 1.27.14-gke.1022000
    • 1.28.10-gke.1058000
    • 1.29.5-gke.1060000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1390000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1390000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1042000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1075000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.5-gke.1091000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.5-gke.1091000 with this release.

(2024-R20) Version updates

(2024-R20) Version updates

(2024-R20) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1090000
    • 1.27.13-gke.1166000
    • 1.28.9-gke.1209000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1320000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.15-gke.1320000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1201000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.9-gke.1289000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1289000 with this release.

(2024-R20) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1381000
    • 1.27.14-gke.1022000
    • 1.28.10-gke.1058000
    • 1.29.5-gke.1060000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1390000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1390000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1042000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1075000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.5-gke.1091000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.5-gke.1091000 with this release.
Google SecOps

Google SecOps now integrates with Access Transparency.

If you enabled Access Transparency in your organization, Google SecOps writes Access Transparency logs when any Google personnel accesses customer content that supports SIEM features.

For more information, see enabling Access Transparency and viewing Access Transparency logs.

Google SecOps now supports data RBAC. This feature enables you to control user access to data within your Google SecOps environment based on their assigned roles.

lastAlertStatusChangeTime is added to the response of the GetRule Detection Engine API. This indicates when alertingEnabled was last updated from true to false or from false to true.

The field is also added to RuleDeployment of Chronicle API v1 alpha.

Google SecOps SIEM

Google SecOps now integrates with Access Transparency.

If you enabled Access Transparency in your organization, Google SecOps writes Access Transparency logs when any Google personnel accesses customer content that supports SIEM features.

For more information, see enabling Access Transparency and viewing Access Transparency logs.

Google SecOps now supports data RBAC. This feature enables you to control user access to data within your Google SecOps environment based on their assigned roles.

lastAlertStatusChangeTime is added to the response of the GetRule Detection Engine API. This indicates when alertingEnabled was last updated from true to false or from false to true.

The field is also added to RuleDeployment of Chronicle API v1 alpha.

Vertex AI

Starting on September 15, 2024, you can only customize classification, entity extraction, and sentiment analysis objectives by moving to Vertex AI Gemini prompts and tuning. Training or updating models for Vertex AI AutoML for Text classification, entity extraction, and sentiment analysis objectives will no longer be available. You can continue using existing Vertex AI AutoML Text models until June 15, 2025. For more information about how Gemini offers enhanced user experience through improved prompting capabilities, see Overview of model tuning for Gemini.

June 17, 2024

Apigee Advanced API Security

On June 17, 2024 we released an updated version of Advanced API Security.

Shadow API Discovery, which is in preview, no longer requires separate creation of P4SA permissions in order to enable the functionality.

For usage information, see the Shadow API Discovery documentation.

Apigee X

On June 17, 2024, we released an updated version of Apigee.

Update Pay-as-you-go environment types using the Apigee UI in the Google Cloud console

Apigee Pay-as-you-go customers can modify the type of an existing environment using the Apigee UI in the Cloud console. This feature allows you to add or remove feature capabilities for your environments from the UI.

For more information, see Update your environment type. To learn more about environment types, see Apigee Pay-as-you-go environment types.

Apigee hybrid

hybrid v1.10.5

On June 17, 2024 we released an updated version of the Apigee hybrid software, 1.10.5.

Bug ID Description
329540114 Security fix for apigee-installer.
This addresses the following vulnerability:
317528509 Security fix for apigee-synchronizer.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-synchronizer.
This addresses the following vulnerability:
N/A Security fixes for apigee-asm-ingress and apigee-asm-istiod.
This addresses the following vulnerability:
N/A Security fixes for apigee-cassandra-backup-utility.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-connect-agent.
This addresses the following vulnerability:
N/A Security fixes for apigee-diagnostics-collector.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-fluent-bit.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra-client.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-mart-server.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-mint-task-scheduler.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prom-prometheus.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prometheus-adapter.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-runtime.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-udca.
This addresses the following vulnerabilities:
Batch

Documentation has been added to explain how to view resource metrics for your jobs in Cloud Monitoring. The metrics provide resource utilization and performance information, which you can use to help optimize the performance and costs of future jobs. For more information, see Monitor and optimize job resources by viewing metrics.

You can configure a job to automatically install the Ops Agent, which provides additional resource metrics in Cloud Monitoring. For more information, see Collect additional resource metrics using the Ops Agent.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.40.3 (2024-06-12)

Dependencies
  • Update actions/checkout action to v4.1.6 (#3309) (c7d6362)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.46.0 (#3328) (a6661ad)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.47.0 (#3342) (79e34c2)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.50.0 (#3330) (cabb0ab)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.51.0 (#3343) (e3b934f)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.31.0 (#3335) (0623455)
  • Update dependency com.google.oauth-client:google-oauth-client-java6 to v1.36.0 (#3305) (d05e554)
  • Update dependency com.google.oauth-client:google-oauth-client-jetty to v1.36.0 (#3306) (0eeed66)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.10.2 (#3311) (3912a92)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.2 (#3312) (9737a5d)
  • Update github/codeql-action action to v2.25.6 (#3307) (8999d33)
  • Update github/codeql-action action to v2.25.7 (#3334) (768342d)
  • Update github/codeql-action action to v2.25.8 (#3338) (8673fe5)

You can now perform supervised tuning on a BigQuery ML remote model based on a gemini-1.0-pro-002 model. This feature is in preview. To try this feature, see Tune a model using your data.

You can also perform supervised tuning by using the BigQuery DataFrames Python API. Use the fit() and score() methods in the bigframes.ml.llm.GeminiTextGenerator model class to perform supervised tuning.

Global rate limits on BigQuery Omni connection creation and use have replaced the regional limits on AWS and Azure connections.

Bigtable

The Python client library for Bigtable now offers an asynchronous API for use with asynchronous applications. The async API is generally available (GA). To get started, see the Python hello world.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.39.5 (2024-06-10)

Bug Fixes
  • Make change stream unknown mod error more actionable (#1938) (e7ba045)
  • Rate limiting should be ineffective when RateLimitInfo is not present (#2243) (a0ec901)
Dependencies

Python

Changes for google-cloud-bigtable

2.24.0 (2024-06-11)

Features
  • Add String type with Utf8Raw encoding to Bigtable API (#968) (2a2bbfd)
  • Improve async sharding (#977) (fd1f7da)
Bug Fixes
Cloud Database Migration Service

In Database Migration Service for heterogeneous Oracle migrations, you can now use the Promote action directly on the migration job details page to finalize your migration process. For more information, see Finalize a migration in Oracle to AlloyDB and Finalize a migration in Oracle to Cloud SQL for PostgreSQL.

Cloud Monitoring

In the Monitoring API, you can now configure documentation links for your notifications. For more information, see Links.

Cloud Source Repositories

Effective June 17, 2024, Cloud Source Repositories isn't available to new customers. If your organization hasn't previously used Cloud Source Repositories, you can't enable the API or use Cloud Source Repositories. New projects not connected to an organization can't enable the Cloud Source Repositories API. Organizations that have used Cloud Source Repositories prior to June 17, 2024 are not affected by this change.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.42.0 (2024-06-10)

Features
  • storage: Add new package transfermanager. This package is intended for parallel uploads and downloads, and is in preview. It is not stable, and is likely to change. (#10045) (cde5cbb)
  • storage: Add bucket HierarchicalNamespace (#10315) (b92406c), refs #10146
  • storage: Add BucketName to BucketHandle (#10127) (203cc59)
Bug Fixes
  • storage: Set invocation headers on xml reads (#10250) (c87e1ab)
Documentation

Python

Changes for google-cloud-storage

2.17.0 (2024-05-22)

Features
Bug Fixes
  • Remove deprecated methods in samples and tests (#1274) (4db96c9)
Documentation
  • Reference Storage Control in readme (#1254) (3d6d369)
  • Update DEFAULT_RETRY_IF_GENERATION_SPECIFIED docstrings (#1234) (bdd426a)
Cloud Workstations

Cloud Workstations is available in the australia-southeast2 region (Melbourne, Australia). For more information, see Locations.

Colab Enterprise

You can now use customer-managed encryption keys (CMEK) to protect runtimes in Colab Enterprise. Using CMEK for notebook files isn't currently supported.

For more information, see Use customer-managed encryption keys for runtimes.

Compute Engine

Generally available: You can now use the Require OS Config organization policy constraint to automatically enable VM Manager for all new VMs in your organization, folder, or project. For more information, see Enable VM Manager using an organization policy.

Contact Center AI Platform

Web SDK 2.21 is released

For more information, see Web SDK changelog.

Dataform

You can now inspect past manual compilation results of a selected release configuration. For more information, see View details of a release configuration.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for datastore/admin/apiv1

1.17.1 (2024-06-10)

Bug Fixes
  • datastore: Regenerate protos in new namespace (#10158) (8875511), refs #10155
  • datastore: Update retry transaction logic to be inline with Spanner (#10349) (5929a6e)
Generative AI on Vertex AI

Increased the input token limit for Gemini 1.5 Pro from 1M to 2M. For more information, see Google models.

Google Cloud Marketplace Partners

You can now create custom private offers with flexible payment options, including a duration of up to 5 years, with an annual ratable commit drawdown schedule, if applicable. For more information about creating custom private offers, see Set up your offer's pricing.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.5.0 (2024-06-11)

Features
  • Add service_account_email for export subscriptions (#1927) (c532854)

Java

Changes for google-cloud-pubsub

1.130.1 (2024-06-13)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.40.3 (#2071) (0844bfb)
  • Update dependency com.google.cloud:google-cloud-storage to v2.40.0 (#2066) (dfcaeb5)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.27.1 (#2065) (6baf69a)

Python

Changes for google-cloud-pubsub

2.21.3 (2024-06-10)

Bug Fixes
  • Race condition where future callbacks invoked before client is in paused state (#1145) (d12bac6)
  • Suppress warnings caused during pytest runs (#1189) (cd51149)
  • Typecheck errors in samples/snippets/subscriber.py (#1186) (3698450)
Pub/Sub Lite

Pub/Sub Lite is deprecated. Effective March 18, 2026, Pub/Sub Lite will be turned down.

  • Current customers: Pub/Sub Lite remains functional until March 18, 2026. If you have not used Pub/Sub Lite within the 90-day period preceding September 24, 2024 (June 26, 2024 - September 24, 2024), you won't be able to access Pub/Sub Lite starting on September 24, 2024.

  • New customers: Pub/Sub Lite is no longer available for new customers after September 18, 2024

You can migrate your Pub/Sub Lite service to Apache Kafka for BigQuery or Pub/Sub.

Security Command Center

The Security Command Center Assets page will require new permissions

On or after July 11, 2024, a new Identity and Access Management (IAM) permission will be required to view the Assets page in Google Cloud console. If you use custom roles to control access to Google Cloud resources, you will need to add this new permission to your custom roles before that date to continue using the Assets page.

For more information, see Assets page.

Spanner

Generated columns no longer require the STORED attribute. Without this, the generated column is evaluated at query or index time and doesn't require additional storage or write overhead. For more information, see Create and manage generated columns.

Virtual Private Cloud Workflows

Support for a Vertex AI API connector is available in Preview. Learn how to access Vertex AI models from a workflow.

June 14, 2024

Agent Assist

Proactive generative knowledge assist is now launched to GA. See the documentation for details.

AlloyDB for PostgreSQL

The maintenance downtime for a basic instance has been improved to match that of an HA primary instance, ensuring both instance types experience minimal downtime of less than a second.

Cloud Composer

Environment upgrading is now generally available (GA)

Cloud Key Management Service

As previously announced, Cloud KMS has changed the default duration of the scheduled for destruction period from 24 hours to 30 days.

As of February 1, 2024, newly created CryptoKeys use the new default duration of 30 days, unless a different duration is specified during key creation. For more information about key destruction, see Destroy and restore key versions.

Owners of existing CryptoKeys that had used the default duration were given until May 1, 2024 to opt out from automatically updating those keys to use the new default duration. Existing CryptoKeys that were not opted out have been updated to use the new default duration of 30 days. No further action is required from you.

Cloud Load Balancing

You can now access backend services residing in different projects than the external or internal Application Load Balancers with cross-project service referencing.

For details, see:

This feature is available in General Availability.

Compute Engine

Spot VMs are now available for the H3 machine series.

Google Cloud VMware Engine

VMware Engine ve2-standard-128 node type is generally available in australia-southeast1 region. For more information on the node type, see Node types. To use the node type in australia-southeast1 region, contact your Google account team.

Google Kubernetes Engine

For GKE clusters running versions later than 1.28.10-gke.1141000, the NEG, Ingress, L4 internal load balancer, and L4 RBS controllers skip processing nodes that are missing the thetopology.kubernetes.io/zone label until the zone information is ready. The load balancer controllers no longer block sync operations when a node is introduced without the label.

Google SecOps SOAR

Remote Agents Release 2.0.0 is currently in Preview.

Support added for Python 3.11

The following articles have been updated as a result:

Create Agent with Installer for RHEL

Create Agent with Installer for CentOS

Perform a major upgrade using installer for CentOS

Perform a major upgrade using installer for RHEL

Release 6.3.6 is now in General Availability.

NetApp Volumes

You can now use Active Directory policies to manage the BUILTIN\Administrators group. For more information, see Create an Active Directory Policy.

Network Connectivity Center

Private Service Connect connection propagation is now available in public preview.

The propagation of Private Service Connect services through the Network Connectivity Center hub enables VPC-hosted services in private VPC networks to be reachable across VPC networks.

Sensitive Data Protection

The AZERBAIJAN_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Vertex AI Agent Builder

Vertex AI Search: Boost search results

Boosting search results for media apps and for generic search apps that contain unstructured and website data is Generally available.

For more information, see Boost search results.

Vertex AI Search: Set language codes for data stores (Public preview)

Setting a language code for a data store can improve the quality of the extractive segments and extractive answers returned in search results. Language codes for data stores are supported in public preview.

For information about the language code field for data stores, see the DataStore resource.

Vertex AI Search: Specify a language code in search request (Public preview)

Setting a language code in a search query can improve the quality of the search results. Language codes in search queries are supported in public preview.

For information about the language code field in search, see the servingConfigs.search method.

Virtual Private Cloud

Private Service Connect port mapping is available in Preview. Port mapping lets consumer virtual machine (VM) instances privately communicate with specific service ports on specific producer VMs through a single Private Service Connect endpoint.

Private Service Connect propagated connections are available in Preview. With propagated connections, services that are accessible in one consumer VPC spoke through Private Service Connect endpoints can be privately accessed by other consumer VPC spokes that are connected to the same Network Connectivity Center hub.

June 13, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26584

For more information, see the GCP-2024-035 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26584

For more information, see the GCP-2024-035 security bulletin.

BigQuery

You can now schedule notebooks. This feature is available in preview.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.18.0 (2024-06-04)

Features
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.31.0 (#1625) (9db8f3b)

You can now use Terraform commands to attach an IAM role binding to a log view that grants a principal access to the log view. For more information about log views and about controlling access to log views, see Configure log views on a log bucket.

Cloud SQL for MySQL

Cloud SQL for MySQL now supports minor version 8.0.37. To upgrade your existing instance to the new version, see Upgrade the database minor version.

Cloud VPN

Cloud VPN support for IPv6-only HA VPN gateways is available in General Availability. For more information, see IPv6 support.

Cloud Workstations

Cloud Workstations is available in the asia-northeast3 region (Seoul, South Korea). For more information, see Locations.

Compute Engine

Preview: C3 bare metal machine types are available in Preview in the C3 machine series. Bare metal instances let you create an instance with direct access to the machine's CPU and memory, without a virtualization layer in the middle. With bare metal instances, you can access all the raw compute resources of the server. For more information, see the C3 machine series.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.106-debian10, 2.0.106-rocky8, 2.0.106-ubuntu18
  • 2.1.54-debian11, 2.1.54-rocky8, 2.1.54-ubuntu20, 2.1.54-ubuntu20-arm
  • 2.2.20-debian12, 2.2.20-rocky9, 2.2.20-ubuntu22

New Dataproc Serverless for Spark runtime versions:

  • 1.1.65
  • 1.2.9
  • 2.0.73
  • 2.2.9

Dataproc Serverless for Spark: Upgraded Spark BigQuery connector to version 0.36.3 in the latest 1.2 and 2.2 Dataproc Serverless for Spark runtime versions.

Support configuration to prevent HiveMetaStore metrics expensive database queries. To prevent expensive queries during HiveMetaStore startup, set Hive property metastore.initial.metadata.count.enabled to false.

Dialogflow

Vertex AI Agents: The following new regions are supported by agent apps:

  • europe-west1
  • europe-west2
  • europe-west3
  • northamerica-northeast1
  • us-west1
Google SecOps SOAR

Release Notes 6.3.7 is currently in Preview.

Case filters are removed when refreshing the browser (ID #50834432)

Custom Actions, and the parameter types multi-select and password cause errors when trying to save a playbook (ID #51582854)

Looker Studio

Group Others available in more chart types

The Group Others chart setting lets you aggregate results that are outside of specified limits into a category labeled Others. This checkbox lets you compare data against the context of the remaining results.

Group Others is supported for the following chart types:

Expanded data label customization options

The Data label section in the Style tab of the Properties panel provides expanded customization options, including font type, font color, font size, and font styling, as well as background color, opacity, and border radius settings. These options are supported for the following chart types:

New Bin calculated field type

The Bin calculated field type lets you create ad hoc numeric tiers for numeric dimensions without needing to develop CASE WHEN expressions in calculated fields or logic in SQL.

New Color by tooltip option for Timeline charts

You can use the Color by tooltip style option to color timeline charts by tooltip dimension values.

Security Command Center

Preview of Cloud Infrastructure Entitlement Management capabilities

Cloud Infrastructure Entitlement Management (CIEM) for Amazon Web Services (AWS) and other identity providers on Google Cloud, such as Entra ID (Azure AD) and Okta, is now in preview.

CIEM helps you adhere to the principle of least privilege by providing a comprehensive look at the security of your identity and access configuration. CIEM provides insight into details such as what permissions are associated with a given identity, what roles are not optimal (highly permissive), and what steps you can take to remediate potential misconfigurations.

For more information, see Overview of Cloud Infrastructure Entitlement Management.

June 12, 2024

Agent Assist

The Agent Assist integration backend's public github repository now includes a mechanism for authentication customization and support for authenticating agents with the following providers: Twilio, Genesys Cloud, and Salesforce. See the documentation for more details.

Apigee X

On June 12, 2024, we released an updated version of Apigee

Feature: Preview release of Google Cloud-based mock servers for API Management features in Gemini Code Assist.

This release introduces the ability to easily deploy a Google Cloud-based remote mock server for Gemini Code Assist API management, which allows interaction with the designed API by anyone with access to the mock server, helping with testing and validating the APIs.

For more information and usage instructions, see Use Gemini Code Assist.

Cloud Domains

If your domain expired within the past 30 days, you can renew it using the Google Cloud CLI or the Cloud Domains API. For more information, see Renew a recently expired domain.

For domains such as .uk or .co.uk that don't support authorization codes, you can now use the Google Cloud CLI or the Cloud Domains API to initiate a push transfer to another registrar. For more information see, Transfer a .uk or .co.uk domain.

Compute Engine

Expanded Hyperdisk Balanced support for M3 and C3 machine types: The maximum number of Hyperdisk Balanced volumes that you can use with C3 and M3 virtual machines has been increased, as follows:

  • C3 VMs with 4 or 8 vCPUs now support attaching up to 16 Hyperdisk Balanced volumes.
  • C3 VMs with 16 or more vCPUs support 32 Hyperdisk Balanced volumes.
  • M3 virtual machines support up to 32 Hyperdisk Balanced volumes, up from 2.

For more information, see the documentation for M3 and C3 VMs.

Preview: General Purpose C4 VM instances are now available in Public Preview on the Intel Emerald Rapids CPU. The C4 machine series offers consistently high performance with up to 192 vCPUs and 1.5 TB of DDR5 memory, and support for Hyperdisk storage.

Google Distributed Cloud (software only) for VMware

A vulnerability, CVE-2022-23222, was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes.

For more information, see the GCP-2024-033 security bulletin.

A vulnerability, CVE-2024-26584, was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-035 security bulletin.

Google Distributed Cloud on VMware 1.28.600-gke.154 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.600-gke.154 runs on Kubernetes v1.28.9-gke.1800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following issues are fixed in 1.28.600-gke.154:

  • Fixed the known issue that caused admin cluster upgrades to fail for clusters created on versions 1.10 or earlier.
  • Fixed the known issue where the Docker bridge IP uses 172.17.0.1/16 for COS cluster control plane nodes.

The following vulnerabilities are fixed in 1.28.600-gke.154:

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26584

For more information, see the GCP-2024-035 security bulletin.

(2024-R19) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

Regular channel

  • The following versions are no longer available in the Regular channel:
    • 1.27.13-gke.1070000
    • 1.28.9-gke.1000000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1166000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.9-gke.1209000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1209000 with this release.

Rapid channel

  • Version 1.30.1-gke.1156000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1320000
    • 1.27.13-gke.1201000
    • 1.28.9-gke.1289000
    • 1.29.4-gke.1670000
    • 1.30.0-gke.1167000
    • 1.30.1-gke.1261000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1381000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1381000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1022000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1058000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.5-gke.1060000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.5-gke.1060000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1156000 with this release.

(2024-R19) Version updates

  • Version 1.30.1-gke.1156000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1320000
    • 1.27.13-gke.1201000
    • 1.28.9-gke.1289000
    • 1.29.4-gke.1670000
    • 1.30.0-gke.1167000
    • 1.30.1-gke.1261000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1381000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1381000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1022000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1058000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.5-gke.1060000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.5-gke.1060000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1156000 with this release.

(2024-R19) Version updates

  • The following versions are no longer available in the Regular channel:
    • 1.27.13-gke.1070000
    • 1.28.9-gke.1000000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1166000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.9-gke.1209000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1209000 with this release.

(2024-R19) Version updates

(2024-R19) Version updates

Looker

Looker 24.10 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, June 17, 2024

  • Expected Looker (original) final deployment and download available: Thursday, June 27, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, June 17, 2024

  • Expected Looker (Google Cloud core) final deployment: Monday, July 1, 2024

When an admin edits a user's email address, Looker will now log out that user and send an email verification link to the user's new email address. Looker will prevent the user from logging in again until the user clicks the email verification link.

The ability to change your Development Mode folder from the Account page has been removed. To view LookML in another user's dev mode folder, switch to their branch instead.

If your LookML model includes duplicate datagroup names, the LookML validator will return this error message during model compilation: A datagroup named "xxxx" has been defined multiple times. Each datagroup in a model must have a unique name.

If you receive this message, you will need to change your datagroup names so that each datagroup in your model has a unique name. The error message text will include the duplicate datagroup names.

The listen property on a merge query dashboard element can now be defined on a source query directly, rather than on the element as a whole. Extending this parameter is also supported.

A loading indicator will show up on the IDE modal when you're creating, renaming, or deleting a file or folder.

You can now create treemap charts using the Chart Config Editor.

The lightweight drill links Labs feature is now GA.

The SingleStore7+ derived table strategy has been updated to use Common Table Expressions.

OAuth 2.0 support has been added for Trino connections.

OAuth 2.0 support has been added for Databricks connections.

An issue with git initialization that could potentially have caused Looker to fail when starting up has been fixed. This feature now performs as expected.

An issue in map visualizations where null values caused the map to disappear has been resolved. This feature now performs as expected.

An issue has been fixed where text visualizations were causing errors on other dashboard tiles immediately after the dashboard was saved. This feature now performs as expected.

Generation of a signed embed URL now requires the manage_embed_settings permission.

A startup issue related to database connection pooling has been fixed. This feature now performs as expected.

An issue where some Liquid number comparisons were returning incorrect results has been fixed. This feature now performs as expected.

The User Activity dashboard has been updated with new Looks.

A curated sidebar title was not being localized properly. This issue has been resolved, and this feature now performs as expected.

An issue where parameter filters of type: number were not showing the filter label has been fixed. This feature now performs as expected.

An issue where BOOL_OR and BOOL_AND functions on Snowflake were generating incorrect SQL has been fixed. This feature now performs as expected.

Previously, when users searched for fields in the field picker, some special characters were not being properly escaped. This issue has been fixed, and this feature now performs as expected.

Content validator queries have been optimized. This may improve content validator performance for instances that have many dashboards with merged query tiles.

LookML model loading time has been optimized by reducing unnecessary filesystem interactions.

In the Open SQL Interface, user errors and internal server errors are now more clearly differentiated.

An issue in table visualizations has been fixed where column widths were not always respected when subtotals were enabled. This feature now performs as expected.

An issue where users were unable to drill on pivot tables that were transposed has been fixed. This feature now performs as expected.

Referencing another view by using Liquid in the sql_table_name parameter will no longer cause suggestions on fields that are defined with full_suggestions: no to be forced to full_suggestions: yes.

An issue has been fixed where downloading all results with subtotals enabled from a BigQuery database with BI Engine enabled would sometimes produce no results. This feature now performs as expected.

Previously, dashboard tiles that were based on map visualizations with no data would display an error rather than report an absence of data. This issue has been resolved, and this feature now performs as expected.

The timeline visualization has been updated to better enable integration with annotations using the Chart Config Editor.

Timeline visualizations can now have the same start and end time.

An issue where the "is in the month" filter was displaying the incorrect month has been fixed. This feature now performs as expected.

An issue where suggest_explore failed to link to filter suggestion results has been fixed. This feature now performs as expected.

An issue has been fixed where refreshing the page could cause unexpected behavior with "is not between" filters. This feature now performs as expected.

The LookML validator will now return an error if the url parameter of a link parameter uses http instead of https.

An issue has been fixed where merged results filters did not retain certain settings after a dashboard was saved. This feature now performs as expected.

SQL generation measures of type: min and type: max for Firebolt connections have been updated.

Default permissions of OAuth authentication to BigQuery connections are limited to read-only.

An issue has been fixed where attributes in the Attribute Pairing section of the SAML, LDAP, and OIDC settings could not be deleted. This feature now performs as expected.

The performance of the folder copying and moving actions has been improved.

Performance improvements have been implemented for the loading time of Explores for projects that use local import.

An issue has been fixed where, previously, dates were not accepted when a "before absolute" filter was used in Explores.

The account setup URL field and the password reset URL field have both been removed from the Edit User page UI to ensure that the URLs aren't misused. These fields will also not appear in the responses of any Looker API calls.

The Disallow Numeric Query IDs Legacy feature is now deprecated.

Admins can now update a user email address through IAM or IdP.

CloudSQL dialects on Looker (Google Cloud core) can connect using application default credentials and service account impersonation.

Secret Manager

Delayed destruction of secret versions is now generally available (GA). You can set up a duration for delayed destruction at the time of creating or updating a secret. When a destruction delay duration is configured for a secret, destroying a version of that secret will disable the version and prevent its use. However, it won't be immediately destroyed. Instead, it will remain scheduled for destruction for the specified delay duration. After that duration expires, the version will be permanently destroyed. Secret Manager administrators can restore a secret version that is scheduled for destruction by either enabling or disabling it during the delay period.

June 11, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

  • CVE-2024-26583

For more information, see the GCP-2024-034 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

  • CVE-2024-26583

For more information, see the GCP-2024-034 security bulletin.

Apigee API hub

Vertex AI extensions

You can create Vertex AI extensions for the APIs registered in API hub. These extensions can be integrated with Large Language Models (LLMs) to process real-time data. For more information, see Create a Vertex AI extension.

Eventarc triggers

API hub is integrated with Google Cloud's Eventarc. You can now create Eventarc triggers to listen for specific events in API hub, and then trigger custom workflows based on the event. For more information, see Create an Eventarc trigger.

Multi-level delete

By default, you can delete an API only if all underlying versions are deleted. Starting with this release, you can use the force option to delete an API and its child resources in a single step. For more information, see Delete an API resource.

Backup and DR

Backup and DR Service added support to view storage resource usage logs in Cloud Logging.

Backup and DR Service added support to view storage resource utilization reports in BigQuery.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Compute Engine

Generally available: The A3 Mega accelerator-optimized machine type is now available. The A3 Mega machine type has NVIDIA® H100 80GB GPUs attached and provides twice the network bandwidth speed when compared to A3 Standard. A3 Mega VMs can be used to support your large artificial intelligence (AI) models, machine learning (ML), and high performance computing (HPC) workloads. The A3 machine type is available in the following regions and zones:

  • APAC
    • Singapore: asia-southeast1-b
  • Europe
    • Netherlands: europe-west4-b,c
  • North America
    • Iowa: us-central1-a,c
    • Virginia: us-east4-a,b
    • Ohio:us-east5-a
    • Oregon: us-west1-a,b
    • Nevada: us-west4-a

To get started with A3 Mega VMs, see Run large-scale model training and fine-tuning.

C3 and C3D VMs are available in the following regions and zones:

C3:

  • asia-northeast1-b Tokyo, Japan
  • europe-west3-b,c Frankfurt, Germany
  • us-west1-a,b The Dalles, OR
  • us-west2-a Los Angeles, CA
  • us-south1-a Dallas, TX

C3D:

  • australia-southeast1-c Sydney, Australia
  • europe-west3-c Frankfurt, Germany
  • us-west4-a Las Vegas, NV
Container Optimized OS

cos-109-17800-218-52

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Fixed a performance issue observed in some Postgres databases.

Updated cos-gpu-installer to v2.3.4 - This fixes CVEs: CVE-2023-29402, CVE-2023-29405, CVE-2023-29404, CVE-2023-24540, CVE-2023-24538, CVE-2022-41721, GHSA-m425-mq94-257g, CVE-2022-41715, CVE-2022-30633, CVE-2022-41724, CVE-2022-2880, CVE-2022-30631, CVE-2021-29923, CVE-2022-24675, CVE-2022-30580, CVE-2022-41723, CVE-2023-24534, CVE-2022-41725, CVE-2022-2879, CVE-2023-24539, CVE-2022-30635, CVE-2023-45285, CVE-2022-32149, CVE-2023-24537, CVE-2022-32189, CVE-2022-28131, CVE-2023-39323, CVE-2022-28327, CVE-2022-30630, CVE-2023-44487, CVE-2023-39325, CVE-2022-27664, CVE-2023-45287, CVE-2023-29400, CVE-2023-24536, CVE-2023-29403, CVE-2022-30632, CVE-2023-39318, CVE-2020-29511, CVE-2024-24786, CVE-2023-3978, CVE-2022-41717, CVE-2022-32148, CVE-2023-39326, CVE-2023-45288, CVE-2022-1962, CVE-2023-24532, CVE-2023-39319, CVE-2022-1705, CVE-2020-29509, CVE-2023-29406, CVE-2023-29409, CVE-2022-30629

Runtime sysctl changes:

  • Changed: fs.file-max: 812253 -> 812271

Dataproc

The Apache Spark in BigQuery feature is available in Private Preview. This feature lets you create a Spark session in a BigQuery notebook that you can use to develop and submit PySpark code from BigQuery. To access this feature, fill in and submit the Dataproc Preview access request form.

Dialogflow

The following was incorrectly announced: Dialogflow CX: The gemini-1.5-flash generative model is now available for the generators feature.

Generative AI on Vertex AI

Upload media from Google Drive

You can upload media, such as PDF, MP4, WAV, and JPG files from Google Drive, when you send image, video, audio, and document prompt requests.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

  • CVE-2024-26583

For more information, see the GCP-2024-034 security bulletin.

Memorystore for Redis Cluster

Added support for single-zone instances (Preview). Also removed network billing charge for Consumer Data Processing for same-zone traffic. For more details about same-zone (intra-zone) traffic billing, see Network pricing. For more information about single-zone instances, see Single-zone instances.

June 10, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

  • CVE-2022-23222

For more information, see the GCP-2024-033 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

  • CVE-2022-23222

For more information, see the GCP-2024-033 security bulletin.

Apigee hybrid

hybrid v1.11.2

On June 10, 2024 we released an updated version of the Apigee hybrid software, 1.11.2.

Bug ID Description
340248314 Added support for targetCPUUtilizationPercentage to apigeeIngressGateway and ingressGateways for hybrid installations managed with Helm. The default value is 75.
Note: targetCPUUtilizationPercentage is not supported for apigeectl.
324779388 Improved error handling for backup and restore.
311489774 Removed inclusion of Java and Python installations in Cassandra client image.
300135626 Removed inclusion of Java and Python installations in Cassandra Backup Utility image.
181569113 Fixed an issue in new debug session creation.
Bug ID Description
345520525 Security fixes for apigee-asm-ingress. and apigee-asm-istiod.
This addresses the following vulnerabilities:
335908139 Security fixes for apigee-fluent-bit.
This addresses the following vulnerability:
333121802 Security fixes for apigee-cassandra-backup-utility. and apigee-hybrid-cassandra.
This addresses the following vulnerability:
317528509 Security fix for apigee-synchronizer.
This addresses the following vulnerabilities:
317447390 Security fix for apigee-operators.
This addresses the following vulnerability:
329762216 Security fix for apigee-installer.
This addresses the following vulnerability:
308835165 Security fixes for apigee-synchronizer.
This addresses the following vulnerability:
308926079 Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:
300091388 Security fixes for Apigee Connect Agent.
This addresses the following vulnerability:
N/A Security fixes for apigee-cassandra-backup-utility.
This addresses the following vulnerability:
N/A Security fixes for apigee-diagnostics-collector.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-fluent-bit.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra-client.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-mart-server.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-mint-task-scheduler.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prom-prometheus.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prometheus-adapter.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-redis.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-runtime.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-synchronizer.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-udca.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-watcher.
This addresses the following vulnerabilities:
Bare Metal Solution

Support for BIOS_PUR043.37.14.021 (TS24.02) and BIOS_PUR043.37.16.023 (TS24.05) firmware on Bare Metal Solution is now deprecated. For information, see Available firmware.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigquery

3.24.0 (2024-06-04)

Features
  • Add default timeout for Client.get_job() (#1935) (9fbad76)
  • Add support for map target type in Parquet options (#1919) (c3f7b23)
Bug Fixes
  • Create query job in job.result() if doesn't exist (#1944) (8f5b4b7)
  • Retry is_job_done on ConnectionError (#1930) (4f72723)
Performance Improvements
  • If page_size or max_results is set on QueryJob.result(), use to download first page of results (#1942) (3e7a48d)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigtable

5.1.0 (2024-05-28)

Features
  • Add feature for copying backups (#1153) (91f85b5)
  • Add String type with Utf8Raw encoding to Bigtable API (#1419) (724b711)
  • Publish Automated Backups protos (#1391) (17838ed)
  • Trusted Private Cloud support, use the universeDomain parameter (#1386) (c0c287e)
Bug Fixes
  • deps: Update dependency @google-cloud/precise-date to v4 (#1318) (9dcef90)
  • Extend timeouts for deleting snapshots, backups and tables (#1387) (1a6f59a)
  • Fix flaky test by extending timeout (#1350) (906ac79)
  • Improve retry logic for streaming API calls (#1372) (e8083a4)
  • Remove the watermarks (#1313) (0126a0e)
Cloud Database Migration Service

Database Migration Service for homogeneous PostgreSQL migrations to Cloud SQL for PostgreSQL now supports PostgreSQL version 16. See Supported source and destination databases in Cloud SQL for PostgreSQL migrations.

Cloud SQL for MySQL

You can now choose to receive a maintenance notification 5 weeks before the maintenance update of your Cloud SQL instance is scheduled to occur. This option is named Week 5.

In addition, some labels in the Google Cloud Console have been renamed to align with this new option:

  • Order of update is renamed to Maintenance timing
  • Earlier is renamed to Week 1
  • Later is renamed to Week 2

For more information, see Maintenance settings and Find and set maintenance windows.

Cloud SQL for PostgreSQL

The temporal_tables extension, version 1.2.2 is generally available. This extension provides support for temporal tables. A temporal table records the period of time when a row is valid from a database perspective. For more information, see Configure PostgreSQL extensions.

You can now perform CREATE CAST and DROP CAST statements as a database user with the cloudsqlsuperuser role. For more information, see About PostgreSQL users and roles.

The rollout of the following minor versions, extension versions, and plugin versions is underway:

Minor versions

  • 12.17 is upgraded to 12.19.
  • 13.13 is upgraded to 13.15.
  • 14.10 is upgraded to 14.12.
  • 15.5 is upgraded to 15.7.

Extension and plugin versions

  • google_ml_integration is upgraded from 1.2 to 1.3.
  • pg_partman is upgraded from 4.7.4 to 5.0.1 (for PostgreSQL versions 14 and later).
  • pgvector is upgraded from 0.6.0 to 0.7.0.
  • Plv8 is upgraded from 3.2.0 to 3.2.2.
  • PostGIS is upgraded from 3.2.5 to 3.4.0 (for PostgreSQL versions 12 and later).

If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

The new maintenance version is [PostgreSQL version].R20240514.00_04. To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

You can now choose to receive a maintenance notification 5 weeks before the maintenance update of your Cloud SQL instance is scheduled to occur. This option is named Week 5.

In addition, some labels in the Google Cloud Console have been renamed to align with this new option:

  • Order of update is renamed to Maintenance timing
  • Earlier is renamed to Week 1
  • Later is renamed to Week 2

For more information, see Maintenance settings and Find and set maintenance windows.

Cloud SQL for SQL Server

You can now choose to receive a maintenance notification 5 weeks before the maintenance update of your Cloud SQL instance is scheduled to occur. This option is named Week 5.

In addition, some labels in the Google Cloud Console have been renamed to align with this new option:

  • Order of update is renamed to Maintenance timing
  • Earlier is renamed to Week 1
  • Later is renamed to Week 2

For more information, see Maintenance settings and Find and set maintenance windows.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.11.2 (2024-06-07)

Bug Fixes

Java

Changes for google-cloud-storage

2.40.0 (2024-06-06)

Features
  • Promote google-cloud-storage-control to GA (#2575) (129f188)
Bug Fixes
  • Reduce Java 21 Virtual Thread Pinning in IO operations (#2553) (498fd0b)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.31.0 (#2571) (67ce3d6)
  • Update dependency net.jqwik:jqwik to v1.8.5 (#2563) (88f7d86)
Documentation
Cloud Workstations

Workstations that enable nested virtualization are hosted on VMs running Container-Optimized OS (COS) instead of Ubuntu.

Colab Enterprise

Gemini in Colab Enterprise, which is a product in the Gemini for Google Cloud portfolio, is available in Preview. Gemini in Colab Enterprise helps you write code by suggesting code as you type. You can also use the Help me code tool to generate code from a description of what you want.

To learn how to enable and activate Gemini in Colab Enterprise features, see Set up Gemini in Colab Enterprise.

The notebook scheduler is now available in Preview. You can schedule a notebook to run immediately one time, or on a recurring schedule.

For more information, see Schedule a notebook run.

Contact Center AI Platform

New critical deployment schedule

We've added a new critical deployment schedule, which lets you get updates outside of peak business hours. We update instances set for the critical deployment schedule within one week after all regular deployment schedule instances are updated. We recommend the critical deployment schedule for instances that are in production environments. For more information, see Deployment schedules.

Container Optimized OS

cos-105-17412-370-54

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.239.06(default),v550.54.15(latest)

Fixed frequent restarts in fluent-bit stackdriver plugin.

Updated cos-gpu-installer to v2.3.3. This resolves potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.

Updated cos-gpu-installer to v2.3.4. This fixes CVEs: CVE-2023-29402, CVE-2023-29405, CVE-2023-29404, CVE-2023-24540, CVE-2023-24538, CVE-2022-41721, GHSA-m425-mq94-257g, CVE-2022-41715, CVE-2022-30633, CVE-2022-41724, CVE-2022-2880, CVE-2022-30631, CVE-2021-29923, CVE-2022-24675, CVE-2022-30580, CVE-2022-41723, CVE-2023-24534, CVE-2022-41725, CVE-2022-2879, CVE-2023-24539, CVE-2022-30635, CVE-2023-45285, CVE-2022-32149, CVE-2023-24537, CVE-2022-32189, CVE-2022-28131, CVE-2023-39323, CVE-2022-28327, CVE-2022-30630, CVE-2023-44487, CVE-2023-39325, CVE-2022-27664, CVE-2023-45287, CVE-2023-29400, CVE-2023-24536, CVE-2023-29403, CVE-2022-30632, CVE-2023-39318, CVE-2020-29511, CVE-2024-24786, CVE-2023-3978, CVE-2022-41717, CVE-2022-32148, CVE-2023-39326, CVE-2023-45288, CVE-2022-1962, CVE-2023-24532, CVE-2023-39319, CVE-2022-1705, CVE-2020-29509, CVE-2023-29406, CVE-2023-29409, CVE-2022-30629

Fixed CVE-2024-27020, CVE-2024-27015, CVE-2024-27016, CVE-2024-27013, CVE-2024-27018, CVE-2024-36008, CVE-2024-27019 and CVE-2024-27020 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812685 -> 812695

cos-101-17162-463-42

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.239.06(default),v550.54.15(latest)

Updated cos-gpu-installer to v2.3.3. This resolves potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.

Fixed frequent restarts in the fluent-bit stackdriver plugin.

Updated cos-gpu-installer to v2.3.4. This fixes CVEs: CVE-2023-29402, CVE-2023-29405, CVE-2023-29404, CVE-2023-24540, CVE-2023-24538, CVE-2022-41721, GHSA-m425-mq94-257g, CVE-2022-41715, CVE-2022-30633, CVE-2022-41724, CVE-2022-2880, CVE-2022-30631, CVE-2021-29923, CVE-2022-24675, CVE-2022-30580, CVE-2022-41723, CVE-2023-24534, CVE-2022-41725, CVE-2022-2879, CVE-2023-24539, CVE-2022-30635, CVE-2023-45285, CVE-2022-32149, CVE-2023-24537, CVE-2022-32189, CVE-2022-28131, CVE-2023-39323, CVE-2022-28327, CVE-2022-30630, CVE-2023-44487, CVE-2023-39325, CVE-2022-27664, CVE-2023-45287, CVE-2023-29400, CVE-2023-24536, CVE-2023-29403, CVE-2022-30632, CVE-2023-39318, CVE-2020-29511, CVE-2024-24786, CVE-2023-3978, CVE-2022-41717, CVE-2022-32148, CVE-2023-39326, CVE-2023-45288, CVE-2022-1962, CVE-2023-24532, CVE-2023-39319, CVE-2022-1705, CVE-2020-29509, CVE-2023-29406, CVE-2023-29409, CVE-2022-30629

Updated dev-vcs/git to v2.45.1. This fixes CVE-2024-32002,CVE-2024-32020,CVE-2024-32465,CVE-2024-32004,CVE-2024-32021.

Fixed CVE-2024-27018 and CVE-2024-36008 in the linux kernel.

cos-beta-113-18244-85-29

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Fixed frequent restarts in fluent-bit stackdriver plugin.

Updated cos-gpu-installer to v2.3.3. This resolves potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.

Updated cos-gpu-installer to v2.3.4. This fixes CVEs: CVE-2023-29402, CVE-2023-29405, CVE-2023-29404, CVE-2023-24540, CVE-2023-24538, CVE-2022-41721, GHSA-m425-mq94-257g, CVE-2022-41715, CVE-2022-30633, CVE-2022-41724, CVE-2022-2880, CVE-2022-30631, CVE-2021-29923, CVE-2022-24675, CVE-2022-30580, CVE-2022-41723, CVE-2023-24534, CVE-2022-41725, CVE-2022-2879, CVE-2023-24539, CVE-2022-30635, CVE-2023-45285, CVE-2022-32149, CVE-2023-24537, CVE-2022-32189, CVE-2022-28131, CVE-2023-39323, CVE-2022-28327, CVE-2022-30630, CVE-2023-44487, CVE-2023-39325, CVE-2022-27664, CVE-2023-45287, CVE-2023-29400, CVE-2023-24536, CVE-2023-29403, CVE-2022-30632, CVE-2023-39318, CVE-2020-29511, CVE-2024-24786, CVE-2023-3978, CVE-2022-41717, CVE-2022-32148, CVE-2023-39326, CVE-2023-45288, CVE-2022-1962, CVE-2023-24532, CVE-2023-39319, CVE-2022-1705, CVE-2020-29509, CVE-2023-29406, CVE-2023-29409, CVE-2022-30629

Runtime sysctl changes:

  • Changed: fs.file-max: 812026 -> 812002

cos-109-17800-218-50

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Fixed frequent restarts in fluent-bit stackdriver plugin.

Updated cos-gpu-installer to v2.3.3. This resolves potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.

Fixed CVE-2024-26987, CVE-2024-27020, CVE-2024-27014, CVE-2024-27022, CVE-2024-27019 ,CVE-2024-27013, CVE-2024-36008, CVE-2024-27018 ,CVE-2024-27016 and CVE-2024-27015 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812257 -> 812253

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.20.1 (2024-06-04)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.31.0 (#1471) (42c643d)
  • Update dependency com.google.errorprone:error_prone_core to v2.28.0 (#1469) (e3fac2b)
  • Update dependency com.google.guava:guava-testlib to v33.2.1-jre (#1470) (614e930)
Generative AI on Vertex AI

Experiment in the Vertex AI Studio login-free

The Vertex AI Studio multi-model prompt designer can be accessed login-free. With this feature, prospective customers can use the Vertex AI Studio to test queries before deciding to sign up and create an account. To learn more about this experience, see Vertex AI Studio console experiences or to access the console directly go to Vertex AI Studio.

Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2022-23222) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

For more information, see the GCP-2024-033 security bulletin.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

  • CVE-2022-23222

For more information, see the GCP-2024-033 security bulletin.

Identity and Access Management

You can use principal access boundary policies to limit the resources that a principal is eligible to access. This feature is available in Preview.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.130.0 (2024-06-03)

Features
  • [java] allow passing libraries_bom_version from env (#1967) (#2033) (825c5f8)
  • Add service_account_email for export subscriptions (#2054) (670db3e)
Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.39.0 (#2057) (43446d2)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.31.0 (#2058) (a998ef5)
Sensitive Data Protection

A new detection model is available for the DATE_OF_BIRTH infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version to latest when including the DATE_OF_BIRTH infoType in your InspectConfig.

You can still use the old model by setting InfoType.version to stable or leaving it unset when using the DATE_OF_BIRTH infoType. In 30 days, the new model will be promoted to stable.

Virtual Private Cloud

The following features of policy-based routes are available in Preview:

  • Applying policy-based routes to IPv6 traffic
  • Using a next hop that is in a peered VPC network

For more information, see Create policy-based routes.

VPC Flow Logs includes internet routing details for egress flows. For more information, see InternetRoutingDetails field format. This field is available in General Availability.

June 07, 2024

Cloud SQL for PostgreSQL

PostgreSQL version 16 is now generally available.

When you use gcloud or the API to create an instance or replica, the following conditions now apply:

  • If the database version for the instance or replica that you're creating is PostgreSQL 16, then the default Cloud SQL edition is Enterprise Plus.
  • If you either don't specify a database version or you specify a version other than PostgreSQL 16, then the default Cloud SQL edition is Enterprise.

You can't use the in place major version upgrade feature to upgrade your Cloud SQL for PostgreSQL instance to PostgreSQL 16.

To start using PostgreSQL 16, see Create instances.

Dialogflow

Dialogflow CX now offers custom webhook templates for integration with Salesforce. See the webhooks documentation for details.

Data store agents: You can now run self-service evaluation which will assess the quality of your data store agent and recommend changes.

All generative features: It was announced previously that the text-bison@001 model will be deprecated. In addition, the code-bison@001 model and fine-tuned text-bison@001 options will be deprecated. This deprecation will happen mid June. The deprecated models will be updated to gemini-1.0-pro-001, as previously announced. For more information, see the email announcement.

Data store agents: The gemini-1.5-flash generative model is now available for selection in the console.

Google Cloud Architecture Center

Infrastructure for a RAG-capable generative AI application using Vertex AI: Added a design alternative that uses Vertex AI Vector Search for the vector store and semantic search components in the architecture.

Google Kubernetes Engine

Fully managed cAdvisor/Kubelet metrics are now available on GKE clusters running version 1.29.3-gke.1093000 or later.

Updated 2024-R13 release notes to indicate that control planes and nodes with auto-upgrade enabled in the Regular channel were not upgraded from version 1.28 to version 1.29.1-gke.1589018. That release note was published by mistake.

Google SecOps

The syntax for placeholders in UDM saved searches is updated. See Save a search for the new syntax.

Google SecOps SIEM

The syntax for placeholders in UDM saved searches is updated. See Save a search for the new syntax.

Sensitive Data Protection

From May 27 through June 7, 2024, a bug caused Sensitive Data Protection to sometimes inaccurately populate integer fields as null instead of zero for findings written to BigQuery. This bug is now resolved.

For more information about sensitive data inspection, see Inspect Google Cloud storage and databases for sensitive data.

Vertex AI Workbench

You can now create a Vertex AI Workbench instance based on a custom container. This feature is available in Preview. Only custom containers derived from the Google-provided base container are supported. For more information, see Create an instance using a custom container.

June 06, 2024

Access Approval

Access Approval supports Cloud Service Mesh in the GA stage.

Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Cloud Database Migration Service

Database Migration Service for heterogeneous Oracle migrations now features additional logging information that can help you better monitor the health and progress of your migration jobs. For more information, see Logging for Oracle to AlloyDB, and Logging for Oracle to Cloud SQL for PostgreSQL.

Database Migration Service for heterogeneous Oracle migrations can now skip foreign keys and triggers, so dropping them from the destination database is no longer required. For more information, see Considerations for foreign keys and triggers for Oracle to AlloyDB and Considerations for foreign keys and triggers for Oracle to Cloud SQL for PostgreSQL.

Cloud Monitoring

You can now pin your event type selections for custom dashboards. Pinning saves your selections to the dashboard configuration, so they are applied when you reopen the dashboard. For more information, see Show events on a dashboard.

Cloud Storage

Cloud Storage now offers a new pre-defined dual region, EUROPE-WEST2 (London) and EUROPE-WEST1 (Belgium). To learn more about Cloud Storage pre-defined dual regions, see the Bucket locations page.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.105-debian10, 2.0.105-rocky8, 2.0.105-ubuntu18
  • 2.1.53-debian11, 2.1.53-rocky8, 2.1.53-ubuntu20, 2.1.53-ubuntu20-arm
  • 2.2.19-debian12, 2.2.19-rocky9, 2.2.19-ubuntu22

Dataproc on Compute Engine: When creating a cluster with the latest Dataproc on Compute Engine image versions, the secondary worker boot disk type now defaults to the primary worker boot disk type, which is pd-standard if the primary worker boot disk type is not specified.

Google Distributed Cloud (software only) for bare metal

Release 1.28.600-gke.163

Google Distributed Cloud for bare metal 1.28.600-gke.163 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.600-gke.163 runs on Kubernetes 1.28.

If you use a third-party storage vendor, check the Ready storage partners page to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

  • Updated preflight checks add a check for networking kernel modules (ip_tables or np_tables) and remove the iptables package check.

  • Added checks to validate the SSH client certificate file type before saving the certificate as a Secret.

  • Added support for Red Hat Enterprise Linux 8.10 for Google Distributed Cloud software version 1.28.600-gke.163 and higher.

Fixed an issue where the kubelet doesn't honor shortened, 1-second grace period for pod deletion during eviction-based draining.

The following container image security vulnerabilities have been fixed in 1.28.600-gke.163:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

(2024-R18) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.27.11-gke.1062004 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.11-gke.1062003
    • 1.27.12-gke.1115000
    • 1.28.8-gke.1095000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062004 with this release.

Regular channel

  • Version 1.29.4-gke.1043002 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1300000
    • 1.27.13-gke.1000000
    • 1.29.1-gke.1589020
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.4-gke.1043002 with this release.

Rapid channel

(2024-R18) Version updates

(2024-R18) Version updates

  • Version 1.29.4-gke.1043002 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1300000
    • 1.27.13-gke.1000000
    • 1.29.1-gke.1589020
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.4-gke.1043002 with this release.

(2024-R18) Version updates

  • Version 1.27.11-gke.1062004 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.11-gke.1062003
    • 1.27.12-gke.1115000
    • 1.28.8-gke.1095000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062004 with this release.

(2024-R18) Version updates

Google SecOps SOAR

Release 6.3.5 is now in General Availability.

Looker Studio

Create totals that ignore canvas filters

You can configure totals and comparison metrics to ignore any viewer-applied filters.

Partner Connector launch update

The following partner connectors have been added to the Looker Studio Report Gallery:

Sensitive Data Protection

The KAZAKHSTAN_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

June 05, 2024

BigQuery

The BigQuery ML ML.GENERATE_EMBEDDING function now supports the output_dimensionality argument for text-embedding and text-multilingual-embedding models. The output_dimensionality argument lets you specify the number of dimensions to use when generating embeddings.

Analytics Hub data egress controls are now generally available (GA). Publishers can now enforce egress restrictions on Analytics Hub listings to prevent subscribers from copying or exporting the shared data.

The slot recommender for editions analyzes historical usage data to recommend optimal capacity purchasing for edition and on-demand workloads. This feature is generally available (GA).

Cloud Composer

The google-cloud-bigquery package version was downgraded from 3.23.1 to 3.20.1 because of the #39541 issue in the public version of Airflow.

The dbt-core and dbt-bigquery packages were upgraded to version 1.8.1.

Cloud Composer 2.8.2 images are available:

  • composer-2.8.2-airflow-2.7.3 (default)
  • composer-2.8.2-airflow-2.6.3

Cloud Composer versions 2.2.1, 2.2.0, and 2.1.15 have reached their end of full support period.

Cloud Data Fusion

The Google Sheets plugin version 1.4.3, which is bundled with the Google Drive plugins, is available in the Cloud Data Fusion Hub. The release includes the following changes:

  • Fixed an issue causing the Google Sheets plugin to incorrectly parse column names that have special characters (PLUGIN-1785).

  • Fixed an issue causing pipelines to fail when the Google Sheets plugin is used with Wrangler and any of the fields required to fetch schema was a macro (PLUGIN-1791).

Compute Engine

You can't provision C2 sole tenant nodes with 60 vCPUs. For details, see Known issues.

Contact Center AI Platform

Mobile SDK 2.7 is released

For more information, see the following:

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.64
  • 1.2.8
  • 2.0.72
  • 2.2.8
Google Cloud Architecture Center

(New guide: 1 of 4) Cross-Cloud Network for distributed applications: Provides an overview about how you can design Cross-Cloud Network for distributed applications.

(New guide 2 of 4) Network segmentation and connectivity for distributed applications in Cross-Cloud Network: Describes how to design the network segmentation structure and connectivity of Cross-Cloud Network for distributed applications.

(New guide 3 of 4) Service networking for distributed applications in Cross-Cloud Network: Describes how to design Cross-Cloud Network service networking for distributed applications.

(New guide 4 of 4) Network security for distributed applications in Cross-Cloud Network: Describes how to design Cross-Cloud Network security for distributed applications.

Google Kubernetes Engine

Updated 2024-R03 release notes to indicate that control planes and nodes with auto-upgrade enabled in the Stable channel were upgraded from version 1.27 to version 1.27.7-gke.1121002, not 1.28.3-gke.1203001 as previously stated.

Google SecOps SOAR

Release 6.3.6 is currently in Preview.

Change Alert Priority action does not update the case priority (ID #00277602)

Vertex AI Agent Builder

Vertex AI Search: Generate grounded answers (GA with allowlist)

Generating grounded answers is Generally available to select Google Cloud customers (GA with allowlist).

As part of your Retrieval Augmented Generation (RAG) experience, generate grounded answers based on Google Search, inline text, or the content in your Vertex AI Search data store. You can generate answers in a single turn or over multiple turns. For more information, see Generate grounded answers.

When you use Google Search as a grounding source, you connect your Gemini large language model (LLM) to the most up-to-date information on the internet. You must display a Google Search entry point when grounding with Google Search. For more information, see Use Google Search entry point.

June 04, 2024

Cloud Billing

You can now view granular cost data for more Google Cloud services

  • You can now view granular Cloud Logging log bucket cost data in the Google Cloud Billing detailed export. Use the resource.global_name field in the export to view and filter your detailed log bucket usage.
  • You can now view granular Managed Microsoft Active Directory cost data in the Google Cloud Billing detailed export. Use the resource.name or resource.global_name field in the export to view and filter your detailed domain usage.
  • You can now view granular Dataproc Metastore cost data in the Google Cloud Billing detailed export. Use the resource.name or resource.global_name field in the export to view and filter your detailed service usage.
  • You can now view granular Cloud Deploy cost data in the Google Cloud Billing detailed export. Use the resource.name or resource.global_name field in the export to view and filter your detailed delivery pipeline usage.
  • You can now view granular Cloud Data Fusion cost data in the Google Cloud Billing detailed export. Use the resource.name or resource.global_name field in the export to view and filter your detailed instance usage.

Review the schema of the Detailed cost data export.

Cloud Data Fusion

Cloud Data Fusion supports annotating resources with tags in Preview. For more information, see the Tags overview and Control access with tags.

Cloud Service Mesh

1.21.3-asm.3 is now available for in-cluster Cloud Service Mesh.

You can now download 1.21.3-asm.3 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.21.3 subject to the list of supported features. Cloud Service Mesh 1.21.3-asm.3 uses Envoy v1.29.5.

This release contains the fixes for the security vulnerabilities listed in GCP-2024-032.

1.21 isn't rolling out to the rapid release channel at this time. You can periodically check this page for announcements regarding rapid channel rollout.

The following 3 changes break backwards compatibility in 1.21.

  1. The default value of the feature flag ENABLE_AUTO_SNI has changed from false to true. To opt out, set the environment variable to ENABLE_AUTO_SNI=false.

  2. The default value of the feature flag VERIFY_CERT_AT_CLIENT changed from false to true. To opt out, set the environment variable to VERIFY_CERT_AT_CLIENT=false.

  3. There are additional changes in external name support. To opt out, set the environment variable ENABLE_EXTERNAL_NAME_ALIAS=false.

Note that opting out is only possible for in-cluster installations. If you do opt out, you must restore the default values before upgrading to 1.22.

1.18.7-asm.26 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for the security vulnerability listed in GCP-2024-032. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.18.7-asm.26 uses Envoy v1.26.8.

1.19.10-asm.6 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for the security vulnerability listed in GCP-2024-032. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.19.10-asm.6 uses Envoy v1.27.6.

1.20.7-asm.2 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for the security vulnerability listed in GCP-2024-032. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.20.7-asm.2 uses Envoy v1.28.4.

Compute Engine

You can now order and request quota for X4 bare metal instances. You create bare metal instances using a new predefined machine type for the X4 memory-optimized machine series. X4 instances can be used to host the largest production SAP HANA databases. For more information, see the X4 machine series.

Config Connector

Config Connector version 1.118.2 is now available.

LoggingLogMetric

  • Change .spec.projectRef.kind from required to be optional.
  • If this field is given, it has to be .spec.projectRef.kind: Project.
Dataflow

Iceberg read/write support is available through the new Managed I/O Java API. For more information, see Dataflow managed I/O.

Document AI

Layout Parser in Document AI is generally available. The Document AI Layout Parser transforms documents in various formats into structured representations. It makes content like paragraphs, tables, lists, and structural elements like headings, page headers, and footers easily accessible. It also creates context-aware chunks that facilitate information retrieval in a range of generative AI and discovery applications.

For more information, see Process documents with Layout Parser.

Filestore

Filestore instances no longer require reserved capacity for certain internal operations. For more information, see Monitoring instances.

Media CDN

By default, Media CDN proxies only GET, HEAD, and OPTIONS methods to your origin and filters out the methods that can modify your origin. In Preview, you can override this default behavior for a specific route rule by specifying other supported methods that you would like proxied to your origin.

Resource Manager

Cloud Data Fusion supports annotating resources with tags in Preview. For more information, see the Services that support tags.

June 03, 2024

Agent Assist

Agent Assist now offers a native UI Connector with Genesys Cloud to integrate with Chat conversations. See the documentation for details.

Agent Assist now offers a native UI Connector with Twilio Flex to integrate with chat conversations. See the documentation for details.

Backup for GKE

Backup for GKE introduces new policies for handling namespaced resources conflict during restoration that are compatible with GitOps tools. For more information, see Handle resource conflicts during restore.

Backup for GKE now supports specifying the restore order when you create or update a restore plan. For more information, see Specify resource restore ordering during restoration.

Backup for GKE now allows configuration of volume data restore policies bound to specific volume types and overridden for specific volumes. This gives you more flexibility when restoring volumes. For more information, see Define volume data restore behavior.

Starting June 24, 2024, Backup for GKE will gradually roll out the Backup-Side Restore Validation feature to help ensure that backups are restorable. This change applies to backups under backup plans created from June 24, 2024 onwards. For more information, see Enable permissive mode on a backup plan.

Backup for GKE now provides enhanced granularity in resource selection during the restore creation process. For more information, see Enable fine-grained restore.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.7.1 (2024-05-31)

Bug Fixes

Java

Changes for google-cloud-bigquery

2.40.2 (2024-05-26)

Bug Fixes
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.45.0 (#3295) (c659523)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.49.0 (#3296) (7d148d5)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.1 (#3310) (641f1a8)
  • Update github/codeql-action action to v2.25.4 (#3291) (13bb5aa)
  • Update ossf/scorecard-action action to v2.3.3 (#3304) (d096082)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.39.4 (2024-05-28)

Dependencies
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.10.2 (#2236) (2609103)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.2 (#2237) (6728931)
  • Update shared dependencies (#2235) (8d38150)
Cloud Load Balancing

Bring your own IP lets you bring your own public IPv6 addresses to Google Cloud. IPv6 BYOIP addresses can be used with external passthrough Network Load Balancers. Bring your own IP for IPv6 addresses is available in General Availability.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/logging

11.1.0 (2024-05-29)

Features
  • Add several fields to manage state of database encryption update (#1495) (4137f7b)
  • Update Nodejs generator to send API versions in headers for GAPICs (#1502) (346e646)
Bug Fixes
  • Correct long audio synthesis HTTP binding (#1479) (1f94504)
  • Improve retry logic for streaming API calls (#1484) (7e11e11)
Container Optimized OS

cos-101-17162-463-37

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.239.06(default),v550.54.15(latest)

Updated cos-gpu-installer to v2.3.2.

Fixed CVE-2024-34459 in the libxml2 package.

Fixed CVE-2024-27013 in the linux kernel.

Fixed a bug in auto update engine when confidential VMs are enabled.

cos-113-18244-85-24

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated cos-gpu-installer to v2.3.2.

Fixed CVE-2024-34459 in the libxml2 package.

Fixed a bug in auto update engine when confidential VMs are enabled.

cos-109-17800-218-44

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated cos-gpu-installer to v2.3.2.

Fixed CVE-2024-34459 in the libxml2 package.

Fixed a bug in auto update engine when confidential VMs are enabled.

cos-105-17412-370-44

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.239.06(default),v550.54.15(latest)

Updated cos-gpu-installer to v2.3.2.

Fixed CVE-2024-34459 in the libxml2 package.

Fixed a bug in auto update engine when confidential VMs are enabled.

Dataproc

Dataproc on Compute Engine: Update restartable job error messages to include job IDs.

Dataproc Serverless for Spark: Automatically apply goog-dataproc-session-id, goog-dataproc-session-uuid and goog-dataproc-location labels for a session resource.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/datastore

9.0.0 (2024-05-09)

⚠ BREAKING CHANGES
  • An existing method UpdateVehicleLocation is removed from service VehicleService (#1248)
Features
Bug Fixes
  • An existing method UpdateVehicleLocation is removed from service VehicleService (#1248) (ba79118)
  • Read time should be used for transaction reads (#1171) (73a0a39)

Java

Changes for google-cloud-datastore

2.20.0 (2024-05-27)

Features
  • New PropertyMask field which allows partial commits, lookups, and query results (#1455) (ff5e397)
Bug Fixes
  • Migrate off TextPrinter's deprecated methods (#1452) (c3c1317)
  • Set the correct database id on the key parent when calling Key#getParent (#1457) (992815d)
Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.16.9-gke.40 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.16.9-gke.40 runs on Kubernetes v1.27.13-gke.500.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following vulnerabilities are fixed in 1.16.9-gke.40:

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.4.1 (2024-05-30)

Bug Fixes
  • An existing message UpdateVehicleLocationRequest is removed (5451d15)
  • An existing method SearchFuzzedVehicles is removed from service VehicleService (5451d15)
  • An existing method UpdateVehicleLocation is removed from service VehicleService (5451d15)
  • deps: Update dependency protobufjs to ~7.3.0 (#1921) (c5afd34)
  • Pull in new gax for protobufjs vuln fix (#1925) (8024c6d)

Java

Changes for google-cloud-pubsub

1.129.7 (2024-05-29)

Dependencies
  • Change scope of grpc-inprocess dependency from runtime to test (#2038) (1ab45c9)
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.40.2 (#2046) (f81c5e1)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.27.0 (#2044) (37e94ce)

Python

Changes for google-cloud-pubsub

2.21.2 (2024-05-30)

Bug Fixes
SAP on Google Cloud

New SAP certifications: X4 series of memory-optimized bare metal machine types

For use with SAP HANA scale-up (OLAP and OLTP) and SAP NetWeaver workloads, SAP has certified the following Compute Engine memory-optimized bare metal machine types: x4-megamem-1440-metal and x4-megamem-1920-metal.

For more information, see:

Security Command Center

Vulnerability Assessment for AWS service released to General Availability

The Vulnerability Assessment for AWS service, a built-in service of the Enterprise tier of Security Command Center, is released to General Availability.

The Vulnerability Assessment for AWS service creates a disk snapshot to assess Amazon Web Service EC2 machines for software vulnerabilities.

For more information, see Overview of Vulnerability Assessment for AWS.

Spanner

Query Optimizer version 7 is generally available. Version 6 remains the default optimizer version.

Vertex AI Workbench

You can now use Workforce Identity Federation with Vertex AI Workbench instances in Preview. Workforce Identity Federation lets you create and manage Vertex AI Workbench instances with credentials provided by an external identity provider (IdP). For more information, see Create an instance with third party credentials.

Virtual Private Cloud

Support for IPv6 static routes with a next hop instance identified by address (next-hop-address) is available in Preview.

Bring your own IP lets you bring your own public IPv6 addresses to Google Cloud. IPv6 BYOIP addresses can be used with external passthrough Network Load Balancers. Bring your own IP for IPv6 addresses is available in General Availability.

June 01, 2024

reCAPTCHA

reCAPTCHA launches three usage-based tiers: Enterprise, Standard, and Essentials. For more information about these tiers, see Compare features between reCAPTCHA tiers.

May 31, 2024

Access Approval

Access Approval supports Cloud Service Mesh in the Preview stage.

Access Approval supports Apigee in the Preview stage.

Access Approval supports Resource Manager in the GA stage.

Apigee Integrated Portal

On May 31, 2024 we released an updated version of Apigee integrated portal.

This release includes the general availability (GA) of integrated portal APIs which allow you to manage your integrated portal APIs and reference documentation using API calls. The available functionality has not changed since the public preview release.

The catalog items list view now uses pagination when making requests to the portals service, examples have been added to Publishing your APIs, and new reference documentation is available:

BigQuery

You can now use IAM conditions to control access to BigQuery resources. This feature is generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the Analyze IAM Policies APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

  • Cloud Config Manager API
    • config.googleapis.com/Deployment
  • Cloud Monitoring
    • monitoring.googleapis.com/NotificationChannel
    • monitoring.googleapis.com/Snooze
Cloud SQL for SQL Server

Cloud SQL for SQL Server now supports storage of point-in-time recovery (PITR) transaction logs in Cloud Storage.

Compute Engine

Creating a larger (>90 vCPUs) C3D standard-lssd or highmem-lssd VM results in an error message. See Known issues for the workaround. Larger C3D VMs that don't require -lssd are not impacted.

Dataflow

You can now use Metrics Explorer to find individual DoFns that cause latencies in streaming jobs. These metrics are available in streaming pipelines that use Apache Beam 2.53.0 and later versions. The following new metrics are available:

  • Average message processing time per DoFn (job/dofn_latency_average)
  • Maximum message processing time per DoFn (job/dofn_latency_max)
  • Minimum message processing time per DoFn (job/dofn_latency_min)
  • Number of messages processed per DoFn (job/dofn_latency_num_messages)
  • Oldest active message processing time per DoFn (job/oldest_active_message_age)
  • Total message processing time per DoFn (job/dofn_latency_total)

For more information about Dataflow metrics, see Google Cloud metrics.

Generative AI on Vertex AI

Anthropic Claude 3.0 Opus model

The Anthropic Claude 3.0 Opus model is Generally Available. To learn more, see its model card in Model Garden.

Generative AI on Vertex AI Regional APIs

Generative AI on Vertex AI regional APIs are available in the following three regions:

  • us-east5
  • me-central1
  • me-central2

Policy Intelligence

Activity Analyzer checks service activation and quota for the project that you're using to analyze access (the client project) instead of the projects whose resources you're analyzing (the resource projects). As a result, you only need to enable the Policy Analyzer API in your client project, not in your resource projects.

Security Command Center

VM Threat Detection's malware detector released to General Availability

Virtual Machine Threat Detection, a built-in service of Security Command Center, launched the Malware: Malicious file on disk (YARA) detector to GA. This detector generates a finding if an executable file in a virtual machine matches known malware signatures.

Spanner

Spanner now supports the protocol buffer data type in GoogleSQL. For more information, see Work with protocol buffers in GoogleSQL.

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.61.0 (2024-04-30)

Features
  • spanner/admin/instance: Adding EXPECTED_FULFILLMENT_PERIOD to the indicate instance creation times (with FULFILLMENT_PERIOD_NORMAL or FULFILLMENT_PERIOD_EXTENDED ENUM) with the extended instance creation time triggered by On-Demand Capacity... (#9693) (aa93790)
  • spanner/executor: Add SessionPoolOptions, SpannerOptions protos in executor protos (2cdc40a)
  • spanner: Add support for change streams transaction exclusion option (#9779) (979ce94)
  • spanner: Support MultiEndpoint (#9565) (0ac0d26)
Bug Fixes
  • spanner/test/opentelemetry/test: Bump x/net to v0.24.0 (ba31ed5)
  • spanner: Bump x/net to v0.24.0 (ba31ed5)
  • spanner: Fix uint8 conversion (9221c7f)

1.62.0 (2024-05-15)

Features
  • spanner/admin/database: Add support for multi region encryption config (3e25053)
  • spanner/executor: Add QueryCancellationAction message in executor protos (292e812)
  • spanner: Add RESOURCE_EXHAUSTED to the list of retryable error codes (1d757c6)
  • spanner: Add support for Proto Columns (#9315) (3ffbbbe)
Bug Fixes

1.63.0 (2024-05-24)

Features

Java

Changes for google-cloud-spanner

6.65.1 (2024-04-30)

Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.43.0 (#3066) (97b0a93)
Documentation

6.66.0 (2024-05-03)

Features
  • Allow DDL with autocommit=false (#3057) (22833ac)
  • Include stack trace of checked out sessions in exception (#3092) (ba6a0f6)
Bug Fixes
  • Multiplexed session metrics were not included in refactor move (#3088) (f3589c4)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#3082) (ddfc98e)

6.67.0 (2024-05-22)

Features
  • Add tracing for batchUpdate, executeUpdate, and connections (#3097) (45cdcfc)
Performance Improvements
  • Minor optimizations to the standard query path (#3101) (ec820a1)
Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.44.0 (#3099) (da44e93)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.1 (#3116) (d205a73) (d205a73)

Node.js

Changes for @google-cloud/spanner

7.8.0 (2024-05-24)

Features
  • Add RESOURCE_EXHAUSTED to the list of retryable error codes (#2032) (a4623c5)
  • Add support for multi region encryption config (81fa610)
  • Add support for Proto columns (#1991) (ae59c7f)
  • spanner: Add support for change streams transaction exclusion option (#2049) (d95cab5)
Bug Fixes

Python

Changes for google-cloud-spanner

3.46.0 (2024-05-02)

Features
  • spanner: Adding EXPECTED_FULFILLMENT_PERIOD to the indicate instance creation times (with FULFILLMENT_PERIOD_NORMAL or FULFILLMENT_PERIOD_EXTENDED ENUM) with the extended instance creation time triggered by On-Demand Capacity Feature (293ecda)
Documentation
Vertex AI

Model Monitoring v2 is in Preview, which centralizes model monitoring configuration and visualization on a model version and enables monitoring models being served outside of Vertex AI. For more information, see Vertex AI Model Monitoring overview.

Vertex AI Regional APIs

Vertex AI regional APIs are available in the following seven regions:

  • us-east5
  • us-south1
  • africa-south1
  • europe-southwest1
  • europe-west12
  • me-central1
  • me-central2

Vertex AI Agent Builder

Vertex AI Search: Document ranking API (GA)

The ranking API takes a list of documents and reranks those documents based on how relevant the documents are to a query. This is a stateless API that does not require you to index documents in advance.

The ranking API is Generally available (GA).

For more information, see Rank and rerank documents.

Workflows

May 30, 2024

Agent Assist

Agent Assist now offers Summarization with custom sections as a GA feature. See the Summarization documentation for details.

Anthos Config Management

Upgraded bundled Helm version from v3.14.3 to v3.14.4 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.

Upgraded the Open Telemetry image from v0.91.0-gke.9 to v0.99.0-gke.1 to pick up vulnerability fixes. To understand the changes in each release, review the full changelog for opentelemetry-collector-contrib.

Fixed an issue where Config Sync installation would fail when using a private registry with a specified port in the image URL.

BigQuery

You can now define a _CHANGE_SEQUENCE_NUMBER for BigQuery change data capture (CDC) to manage streaming UPSERT ordering for BigQuery. This feature is in preview.

Confidential Space

A new Confidential Space image (240500) is now available. This image provides the following fixes:

  • Fixed an issue where default service account credentials would expire after 1 hour, causing Failed to fetch signatures from the target repo errors.
  • Fixed a concurrent TPM access issue.
Contact Center AI Platform

Web SDK 2.20 is released

For more information, see Web SDK changelog.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.104-debian10, 2.0.104-rocky8, 2.0.104-ubuntu18
  • 2.1.52-debian11, 2.1.52-rocky8, 2.1.52-ubuntu20, 2.1.52-ubuntu20-arm
  • 2.2.18-debian12, 2.2.18-rocky9, 2.2.18-ubuntu22

New Dataproc Serverless for Spark runtime versions:

  • 1.1.63
  • 1.2.7
  • 2.0.71
  • 2.1.50
  • 2.2.7

Dataproc Serverless for Spark: Subminor version 2.1.50 is the last release of runtime version 2.1, which will no longer be supported and will not receive new releases.

Dataproc Serverless for Spark: Removed Spark data lineage support for runtime version 1.2.

Dataproc Serverless for Spark: Enabled Spark checkpoint (spark.checkpoint.compress) and RDD (spark.rdd.compress) compression in the latest 1.2 and 2.2 runtime versions.

Google SecOps

The following supported default parsers have changed. Each is listed by product name and log_type value, if applicable.

  • Abnormal Security (ABNORMAL_SECURITY)
  • Akamai DNS (AKAMAI_DNS)
  • Akamai WAF (AKAMAI_WAF)
  • Apigee (GCP_APIGEE_X)
  • Array Networks SSL VPN (ARRAYNETWORKS_VPN)
  • AWS CloudFront (AWS_CLOUDFRONT)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure AD Sign-In (AZURE_AD_SIGNIN)
  • Barracuda Email (BARRACUDA_EMAIL)
  • Barracuda Firewall (BARRACUDA_FIREWALL)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • BMC AMI Defender (BMC_AMI_DEFENDER)
  • Carbon Black (CB_EDR)
  • Check Point (CHECKPOINT_FIREWALL)
  • Check Point Sandblast (CHECKPOINT_EDR)
  • Checkpoint Audit (CHECKPOINT_AUDIT)
  • Cisco AMP (CISCO_AMP)
  • Cisco EStreamer (CISCO_ESTREAMER)
  • Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
  • Cisco ISE (CISCO_ISE)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Switch (CISCO_SWITCH)
  • Cisco Umbrella DNS (UMBRELLA_DNS)
  • Cisco VPN (CISCO_VPN)
  • Cisco WLC/WCS (CISCO_WIRELESS)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloud SQL (GCP_CLOUDSQL)
  • Cloud Storage Context (N/A)
  • Cohesity (COHESITY)
  • CrowdStrike Falcon (CS_EDR)
  • CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
  • ESET AV (ESET_AV)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • F5 VPN (F5_VPN)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • FortiGate (FORTINET_FIREWALL)
  • GMAIL Logs (GMAIL_LOGS)
  • HID DigitalPersona (HID_DIGITALPERSONA)
  • Honeyd (HONEYD)
  • HP Aruba (ClearPass) (CLEARPASS)
  • IBM AS/400 (IBM_AS400)
  • IBM DS8000 Storage (IBM_DS8000)
  • IBM Security Verify (IBM_SECURITY_VERIFY)
  • Infoblox (INFOBLOX)
  • Island Browser logs (ISLAND_BROWSER)
  • JAMF CMDB (JAMF)
  • JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
  • Juniper Mist (JUNIPER_MIST)
  • Kubernetes Node (KUBERNETES_NODE)
  • Linux Auditing System (AuditD) (AUDITD)
  • ManageEngine ADAudit Plus (ADAUDIT_PLUS)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft CyberX (CYBERX)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Graph Activity Logs (MICROSOFT_GRAPH_ACTIVITY_LOGS)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Mikrotik Router (MIKROTIK_ROUTER)
  • NetDocuments Solutions (NETDOCUMENTS)
  • Netwrix (NETWRIX)
  • Office 365 (OFFICE_365)
  • Office 365 Message Trace (OFFICE_365_MESSAGETRACE)
  • Okta (OKTA)
  • OneLogin (ONELOGIN_SSO)
  • Opengear Remote Management (OPENGEAR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • pfSense (PFSENSE)
  • PostFix Mail (POSTFIX_MAIL)
  • Proofpoint Sendmail Sentrion (PROOFPOINT_SENDMAIL_SENTRION)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Pulse Secure (PULSE_SECURE_VPN)
  • Qumulo FS (QUMULO_FS)
  • Rapid7 (RAPID7_NEXPOSE)
  • Rapid7 Insight (RAPID7_INSIGHT)
  • Rubrik Polaris (RUBRIK_POLARIS)
  • SailPoint IAM (SAILPOINT_IAM)
  • SAP SuccessFactors (SAP_SUCCESSFACTORS)
  • Semperis DSP (SEMPERIS_DSP)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne EDR (SENTINEL_EDR)