The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.
You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml
December 08, 2023
Cloud SQL for MySQLYou can now upgrade your Cloud SQL instances to use the new network architecture to get additional capabilities not available in the old network architecture. For more information, see Upgrade an instance to the new network architecture.
You can now configure Cloud SQL for MySQL instances for IAM group authentication. IAM group authentication requires MySQL 8.0 and R20230909.02_00 or later. This feature is in Preview.
You can now upgrade your Cloud SQL instances to use the new network architecture to get additional capabilities not available in the old network architecture. For more information, see Upgrade an instance to the new network architecture.
December 07, 2023
Anthos Service MeshManaged Anthos Service Mesh 1.18 is rolling out in the rapid channel. See Managed Anthos Service Mesh release channels for more information.
If you use Gateway API Automated Deployment, note the following breaking change. With Anthos Service Mesh v1.18 rolled out to the rapid channel, upgrading gateways no longer requires restarting the Pods to trigger a re-injection. Instead, gateways are updated, via a rolling restart, when their revision changes. For more information, see Istio's release note.
On December 7, 2023 we released an updated version of Apigee integrated portal.
Bug ID | Description |
---|---|
313803133 | Fixed an issue where switching API spec pages in the public developer portal resulted in an error. |
310865440 | Fixed an issue where updating the documentation of a CatalogItem could timeout. |
The following BigQuery ML data preprocessing features are now in preview:
- The
ML.TRANSFORM
function, which you can use to preprocess feature data. This function processes input data by applying the data transformations captured in theTRANSFORM
clause of an existing model. - Transform-only models which you can use to apply preprocessing functions to input data and return the preprocessed data. Transform-only models decouple data preprocessing from model training, making it easier for you to capture and reuse a set of data preprocessing rules.
You can now create a broken-link checker, which periodically validates the links contained in your website. This feature is in Public Preview. For more information, see Create a broken-link checker.
Cloud Storage FUSE now provides the ability to configure log rotation.
Preview: Managed instance groups (MIGs) let you create pools of suspended and stopped virtual machine (VM) instances. You can manually suspend and stop VMs in a MIG to save on costs, or use suspended and stopped pools to speed up scale out operations of your MIG.
For more information, see Work with suspended and stopped VMs in a MIG.
New goal-based query presets for identity and access misconfigurations
New goal-based query presets on the Security Command Center Vulnerabilities page are released to Preview.
The query presets support cloud infrastructure entitlement management (CIEM) by filtering vulnerability finding categories to those that are related to principal accounts that are misconfigured or that have excessive permissions to Google Cloud resources.
For more information, see Goal-based query presets.
December 06, 2023
Apigee Advanced API SecurityOn December 6, 2023 we released an updated version of Advanced API Security.
New button to create a security action is now in several places in the Abuse detection and Risk assessment pages
The new button links directly to the Security actions page from the Abuse detection or Risk assessment pages, so you can easily create a security action for the environment you are currently viewing. The button is in the following locations:
- The Source assessment view in the Risk assessment page
- The Detected Traffic, Incident, and Incident details views in the Abuse detection page
Java 21 is now available in preview. Update your configuration files based on either of the following options, depending on what your app currently uses:
If you use legacy bundled services, you must upgrade your apps to run on either:
- Java Enterprise Edition 10 (EE10 - default, recommended): Java EE10 does not support
javax.servlet.*
APIs and requires you to update your apps and third-party dependencies to use newer Java artifacts like theJakarta
namespace. - Java Enterprise Edition 8 (EE8): Java EE8 lets you use
javax.servlet.*
APIs, but you must make minor configuration changes to yourappengine-web.xml
file.
- Java Enterprise Edition 10 (EE10 - default, recommended): Java EE10 does not support
If you don't use legacy bundled services, update the version in your
app.yaml
file.See Upgrade an existing application for all options.
Chronicle Curated Detections has been enhanced with new detection content for Google Cloud threats. These new rule sets help identify anomalous activity in Google Workspace data.
Chronicle now has an additional mechanism to set up the ingestion of Google Workspace Activities logs (WORKSPACE_ACTIVITY
). This feature simplifies the configuration steps and provides a more direct data integration with Google Workspace. For more information, see Send Google Workspace data to Chronicle.
Cloud Data Fusion versions 6.5 and 6.6 are no longer supported. You should upgrade your instances to run in a supported version. For instructions, see Manage version upgrades for instances and pipelines.
You can now turn off automatic renewal after you've registered your domain. For more information, see Turn off automatic renewal for a domain name.
Cloud Functions (2nd gen) now supports the Java 21 runtime at the Preview release level.
Cloud Functions (2nd gen) now supports the .NET 8 runtime at the Preview release level.
Cloud Router support for IPv6 BGP sessions is in Public Preview. For more information, see BGP peering IP addresses.
The rollout of the following MySQL versions is currently underway:
MySQL 5.7.43 is upgraded to MySQL 5.7.44. For more information, see MySQL 5.7 Release Notes.
If you use a maintenance window, then the updates to the minor versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks. The new maintenance version is [MySQL version].R20231105.01_00. The details of the security fixes applied as part of this release are published in the MySQL maintenance changelog.
To learn how to check your maintenance version, see Self-service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.
Config Connector version 1.112.0 is now available.
Added support for AlloyDBUser
(v1beta1) resource.
Added support for EdgeContainerCluster
(v1beta1) and EdgeContainerNodePool
(v1beta1) resources.
Added support for EdgeNetworkNetwork
(v1beta1) and EdgeNetworkSubnet
(v1beta1) resources.
Resource BigtableAppProfile(v1beta1):
- Added
spec.standardIsolation
field.
Fixed the SecretKeyRef in the Go client. (Issue #598.)
All release notes published on this date are part of the 3.6 release.
Call Adapter: The redesigned Call Adapter is now available, including the following enhancements:
- Enhanced transfer experience: Combined Transfer and Add Party are now combined into one streamlined process. You can now use the Outside Line tab during call transfer.
- Separate Agent and Queue tabs: Switch between Agent and Queue tabs for a smoother transfer management.
- Search by queue: Find the right queue quickly with a new search feature.
- Improved blended SMS experience: Blended SMS now has a dedicated tab, enhancing accessibility and user-friendliness. The user interface now mirrors a traditional chat experience, providing a more intuitive interaction for agents.
- New call details screen: Provides ready access to call information during a call and allows the the CRM to be opened from the Call Adapter.
See the Agent Call Adapter user guide for more information.
Call history: The new call history feature allows agents to see a list of completed calls and associated metadata such as time stamps, call duration, and disposition notes. The call details view provides additional information to aid in determining whether a callback is necessary, for example whether the consumer received assistance from another agent. Call history can be enabled at Settings > Call > Call Details.
Two new voicemail features are included in this release:
- Voicemail forwarding allows agents to forward voicemails to other queues, specific agents, or back to the same queue.
- Voicemail history allows agents to access previous voicemails, providing them with the information they need to take further actions when required.
Holidays Messaging Menu: A new enhancement to the Holidays feature allows you to tailor your contact center's messaging during holidays. You can now customize voice-based and text-based greetings for each holiday under Settings > Support Center Details > Holidays.
Custom caller ID using SIP headers: This feature allows you to set a custom caller ID from an incoming SIP header. You can configure this feature at Settings > Operation Management > Data Parameters > Voice. Select the Use SIP Header Data for Caller ID checkbox and enter the Field Name in the field box. The custom caller ID will be presented on the Call Connecting and Connected screens.
Phone number management, pagination and search: The following updates have been made to the phone number management page (available at Settings > Call> Phone Number Management):
- Pagination: You can now browse entries page by page with a maximum of 100 entries per page.
- Search by Phone Number or Label: To find a specific entry, you can now enter your desired criteria in the Search Phone Number or Label search box.
Session data export settings updates: Available at Settings > Developer Settings > Session Data Export.
- New Verint Face-to-Face recording settings: Configurable for those with a Verint integration. You can now add email domains in order to record calls made by agents with matching email domain addresses.
- The NICE Integration section is renamed to QM Integration.
Fixed an issue that caused the reorder feature from functioning correctly on the queue structure editing page.
Fixed an issue causing the invalid HOLD button.
You can now archive completed Dataflow jobs. When you archive a Dataflow job, the job is moved from the Dataflow Jobs page in the console to the Archived jobs page. For more information, see Archive Dataflow jobs.
Announcing the Preview release of Dataproc Serverless for Spark 2.2 runtime:
- Spark 3.5.0
- BigQuery Spark Connector 0.34.0
- Cloud Storage Connector 3.0.0-RC1
- Conda 23.10
- Java 17
- Python 3.12
- R 4.3
- Scala 2.13
This is an update to the release note regarding the Dataplane V2 issue published on September 07, 2023. The issue, which affected GKE version 1.26, is fixed in control plane versions 1.26.9-gke.1507000 and later. Automatic upgrades will only move clusters to the patched versions.
The Media CDN capability to use a private S3-compatible bucket as an origin is now Generally Available. You can also use the GUI to configure such origins.
The ability to allow access to protected resources from an internal IP address is available in Preview.
Version @002
of the models for text, chat, code, and code chat are
available. The @002
model versions include improved prompt responses.
The @002
models are:
text-bison@002
chat-bison@002
code-bison@002
codechat-bison@002
To ensure that you always use the stable model version, specify the model
identifier with the version number. For example, text-bison@002
. For more
information, see Model versions and lifecycle.
Version 2 of the stable version of the Codey code completion foundation model, named code-gecko@002
, is available. code-gecko@002
features improved quality and reduced latency compared to the previous stable version, code-gecko@001
. These improvements can lead to a higher rate of acceptance.
December 05, 2023
Apigee Advanced API SecurityOn December 5, 2023 we released an updated version of Advanced API Security.
Changes to proxy security scores
The following changes have been made to the way proxy security scores are calculated:
Previously, adding a policy to a proxy or shared flow, but not attaching the policy to any flow (preflow, postflow or conditional flow), could affect the proxy's score.
With this release, you must attach a policy in a flow in order for the policy to affect the proxy's score. A policy that is not attached in a flow is treated as if no policy were present for scoring.
Previously, proxies with no policies were not considered in scoring.
With this release, proxies with no policies are considered in scoring.
See How policies affect proxy security scores to learn more.
You can now query for a specific error group in the Logs Explorer and Log Analytics pages by using the error group ID. For more information, see Find error group details for a log entry.
Cloud Spanner now supports the following PostgreSQL functions:
- unnest
- array_length
- array(subquery)
- date_trunc
- extract
- spanner.date_bin
- spanner.timestamptz_add
- spanner.timestamptz_subtract
For more information, see working with arrays in PostgreSQL-dialect databases.
Improved models are now available for the following features:
- Text detection and documentation text detection (OCR)
- Web detection
- Logo detection
- Object localization
Specify "builtin/latest"
in the model
field of a Feature
object to use the new models.
We'll support both the current model and the new model the next 90 days. After 90 days, the new models will become the default. The current models can still be accessed by specifying "builtin/legacy"
for an additional 90 days before they are deprecated.
Confidential Space. You can now use custom attestation tokens to authenticate a workload to relying parties outside of Google Cloud. Relying parties can use authentication to help establish trust and exchange sensitive data securely.
Confidential Space. A new image (confidential-space-231200) is now available. This image provides support for custom attestation tokens. For more information, see the Changelog.
mirror.gcr.io
is hosted on Artifact Registry. This change doesn't require you to change your usage of mirror.gcr.io
unless you are using it within a VPC service perimeter.
For information on how to use mirror.gcr.io
in a VPC service perimeter after the transition to being hosted on Artifact Registry, see Using Artifact Registry with VPC Service Controls.
The Dataflow web-based monitoring interface now includes a dashboard that monitors your Dataflow jobs at the project level. For more information, see Dataflow project monitoring dashboard.
Google Cloud Deploy is now available in the following regions:
- europe-southwest1 (Madrid)
- europe-west8 (Milan)
- europe-west9 (Paris)
- me-west1 (Israel)
- us-east5 (Columbus)
- us-south1 (Dallas)
Grounding with Vertex AI Search
Model grounding is available in (Preview). Use grounding to
connect the text-bison
and chat-bison
models to unstructured data stores in Vertex AI Search.
Grounding lets models access and use the information in the data repositories to generate more enhanced and nuanced responses.
For more information, see the Grounding Overview.
December 04, 2023
Advisory NotificationsAdvisory Notifications now sends mandatory security and privacy notifications for users using Google Cloud without an organization. This feature is available in Preview. For a list of notification types, see Types of notifications.
The StatefulSet CSI Migration Tool is now available. To learn how to migrate stateful workloads from an in-tree vSphere volume plugin to the vSphere CSI Driver, see Using the StatefulSet CSI Migration Tool.
You can now select the pod for your Bare Metal Solution resources through the Google Cloud console intake form. This feature is generally available (GA).
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-bigquery
3.14.0rc0 (2023-11-30)
Features
- Add
job_id
,location
,project
, andquery_id
properties onRowIterator
(#1733) (494f275) - Add
job_timeout_ms
to job configuration classes (#1675) (84d64cd) - Add support dataset.max_time_travel_hours (#1683) (f22eff2)
- Add support for Dataset.isCaseInsensitive (#1671) (386fa86)
- Removed pkg_resources from all test files and moved importlib into pandas extra (#1726) (1f4ebb1)
- Support data_governance_type (#1708) (eff365d)
Bug Fixes
load_table_from_dataframe
now assumes there may be local null values (#1735) (f05dc69)- Ensure query job retry has longer deadline than API request deadline (#1734) (5573579)
- Move grpc, proto-plus and protobuf packages to extras (#1721) (5ce4d13)
Performance Improvements
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.15.14 (2023-12-01)
Dependencies
The restrict unencrypted HTTP requests organization policy constraint is now generally available (GA). This constraint blocks all unencrypted HTTP access to Cloud Storage resources.
Cloud TPU now supports TensorFlow 2.14.1. For more information see the TensorFlow 2.14.1 release notes.
Generally available: The following location and scale enhancements for Persistent Disk Asynchronous Replication are generally available:
- Larger disk capacity: the maximum disk size has increased from 2 TiB to 5 TiB.
- Faster replication rate: the disk data replication rate has increased from 100 MB/min to 250 MB/min.
- Expanded regional support: PD Async Replication is available in 15 additional regions across Europe, APAC, and North America. For the full list of available regions, see Supported region pairs.
cos-dev-113-18080-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.64 | v24.0.5 | v1.7.7 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Upgraded chromeos-base/session_manager-client to v0.0.1-r2690.
Upgraded chromeos-base/shill-client to v0.0.1-r4162.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2819.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2354.
Updated the Linux kernel to v6.1.64.
Upgraded app-admin/google-guest-agent to 20231016.00.
Upgraded app-admin/oslogin to 20231004.00.
Upgraded chromeos-base/mojo_service_manager to v0.0.1-r271.
Upgraded chromeos-base/hiberman-client to v0.0.1-r404.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r851.
Upgraded chromeos-base/debugd-client to v0.0.1-r2597.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r588.
Upgraded net-dns/c-ares to v1.22.1.
Upgraded net-misc/socat to v1.8.0.0.
Upgraded dev-python/netifaces to v0.11.0-r1.
Upgraded dev-python/jsonpatch to v1.33.
Upgraded app-admin/sudo to v1.9.15_p2.
Upgraded dev-python/pyyaml to v6.0.1-r1.
Upgraded dev-lang/python-exec to v2.4.10.
Upgraded dev-python/six to v1.16.0-r1.
Upgraded sys-process/lsof to v4.99.0.
Upgraded dev-python/configobj to v5.0.8.
Upgraded dev-python/nose to v1.3.7_p20221026.
Upgraded dev-python/mock to v5.1.0.
Upgraded dev-libs/openssl to v3.0.12. This resolves CVE-2023-5363 and CVE-2023-5678.
Upgraded dev-libs/libxml2 to v2.11.5. This resolves CVE-2023-45322.
Runtime sysctl changes:
- Changed: fs.file-max: 812608 -> 812606
cos-105-17412-226-43
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v23.0.3 | v1.7.7 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Backported support for TCP RTO configuration in networkd.
Fixed CVE-2023-46862 in the Linux kernel.
cos-101-17162-336-28
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v20.10.24 | v1.6.24 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2023-46862 in the Linux kernel.
cos-97-16919-404-21
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.197 | v20.10.24 | v1.6.21 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2023-46862 in the Linux kernel.
Preview of uncommitted changes during a commit is available.
Added the Confidential Computing option on the "Manage Security" panel on the "Create a Dataproc cluster on Compute Engine" page in the Google Cloud console.
New Dataproc on Compute Engine subminor image versions:
- 2.0.85-debian10, 2.0.85-rocky8, 2.0.85-ubuntu18
- 2.1.33-debian11, 2.1.33-rocky8, 2.1.33-ubuntu20, 2.1.33-ubuntu20-arm
Updated the Zookeeper component version from 3.8.0 to 3.8.3 in the latest Dataproc on Compute Engine 2.1 image version.
Fixed Dataproc Hub issue in latest Dataproc on Compute Engine 2.1 image.
Backported HIVE-21698 in Hive 3.1.3 component in latest Dataproc on Compute Engine image versions.
The Speech-to-Text API used by Dialogflow now supports two new speech models for the en
and en-us
language tags: telephony
and telephony_short
. The two models are customized to recognize audio that originates from a phone call and corresponds to the most recent versions of the existing phone_call
model. For more details, see Dialogflow CX speech models and Dialogflow ES speech models.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-datastore
2.17.6 (2023-11-30)
Bug Fixes
Dependencies
DDoS attack visibility is now Generally Available. For more information, see Access DDoS attack visibility telemetry.
(2023-R25) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane and node versions are now available:
- The following control plane versions are no longer available:
- 1.24.15-gke.1700
- 1.24.17-gke.2113000
- 1.24.17-gke.2155000
- 1.24.17-gke.2230000
- 1.25.11-gke.1700
- 1.25.14-gke.1421000
- 1.25.14-gke.1474000
- 1.25.15-gke.1083000
- 1.26.5-gke.2700
- 1.26.9-gke.1437000
- 1.26.9-gke.1507000
- 1.26.10-gke.1073000
- 1.27.2-gke.2100
- 1.27.6-gke.1248000
- 1.27.6-gke.1445000
- 1.27.7-gke.1088000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.16-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.16-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.7-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.4-gke.900 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.3-gke.1203001 with this release.
Stable channel
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.24.15-gke.1700
- 1.26.5-gke.2700
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.16-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.16-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.7-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.4-gke.900 with this release.
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.24.16-gke.500
- 1.25.12-gke.500
- 1.26.7-gke.500
- 1.27.4-gke.900
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.17-gke.200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.13-gke.200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.13-gke.200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.5-gke.200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.3-gke.1203001 with this release.
Rapid channel
- Version 1.28.3-gke.1203001 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.24.17-gke.200
- 1.24.17-gke.2113000
- 1.24.17-gke.2155000
- 1.24.17-gke.2230000
- 1.25.13-gke.200
- 1.25.14-gke.1421000
- 1.25.14-gke.1474000
- 1.25.15-gke.1083000
- 1.26.8-gke.200
- 1.26.9-gke.1437000
- 1.26.9-gke.1507000
- 1.26.10-gke.1073000
- 1.27.4-gke.900
- 1.27.6-gke.1248000
- 1.27.6-gke.1445000
- 1.27.7-gke.1088000
- 1.28.2-gke.1157000
- 1.28.3-gke.1090000
- 1.28.3-gke.1118000
- 1.28.3-gke.1203000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.17-gke.2266000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.17-gke.2266000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.10-gke.1101000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.5-gke.200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.5-gke.200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.3-gke.1203001 with this release.
(2023-R25) Version updates
- The following control plane and node versions are now available:
- The following control plane versions are no longer available:
- 1.24.15-gke.1700
- 1.24.17-gke.2113000
- 1.24.17-gke.2155000
- 1.24.17-gke.2230000
- 1.25.11-gke.1700
- 1.25.14-gke.1421000
- 1.25.14-gke.1474000
- 1.25.15-gke.1083000
- 1.26.5-gke.2700
- 1.26.9-gke.1437000
- 1.26.9-gke.1507000
- 1.26.10-gke.1073000
- 1.27.2-gke.2100
- 1.27.6-gke.1248000
- 1.27.6-gke.1445000
- 1.27.7-gke.1088000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.16-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.16-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.7-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.4-gke.900 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.3-gke.1203001 with this release.
(2023-R25) Version updates
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.24.15-gke.1700
- 1.26.5-gke.2700
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.16-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.16-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.7-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.4-gke.900 with this release.
(2023-R25) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.24.16-gke.500
- 1.25.12-gke.500
- 1.26.7-gke.500
- 1.27.4-gke.900
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.17-gke.200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.13-gke.200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.13-gke.200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.5-gke.200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.3-gke.1203001 with this release.
(2023-R25) Version updates
- Version 1.28.3-gke.1203001 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.24.17-gke.200
- 1.24.17-gke.2113000
- 1.24.17-gke.2155000
- 1.24.17-gke.2230000
- 1.25.13-gke.200
- 1.25.14-gke.1421000
- 1.25.14-gke.1474000
- 1.25.15-gke.1083000
- 1.26.8-gke.200
- 1.26.9-gke.1437000
- 1.26.9-gke.1507000
- 1.26.10-gke.1073000
- 1.27.4-gke.900
- 1.27.6-gke.1248000
- 1.27.6-gke.1445000
- 1.27.7-gke.1088000
- 1.28.2-gke.1157000
- 1.28.3-gke.1090000
- 1.28.3-gke.1118000
- 1.28.3-gke.1203000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.17-gke.2266000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.17-gke.2266000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.10-gke.1101000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.5-gke.200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.5-gke.200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.3-gke.1203001 with this release.
Policy Controller integration released to General Availability
The integration of Policy Controller for Kubernetes clusters with Security Command Center is released to General Availability. Violation alerts from Policy Controller appear in Security Command Center as misconfiguration findings.
For more information, see Policy Controller.
December 01, 2023
Apigee XOn December 1, 2023, we released an updated version of Apigee (1-11-0-apigee-8).
Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.
Dynamic endpoint target metrics aggregated into a single metric.
With this release, all request, response, and latency target metrics for dynamically-configured endpoints are aggregated and presented as a single metric per proxy, using the endpoint
label Dynamic Target
. This feature does not change monitoring behavior for statically configured endpoints.
Bug ID | Description |
---|---|
294882858 | Fixed issue with ServiceCallout policy overriding target_ip value in proxy. |
279037851 | Improved performance when running debug sessions with masked payload. |
312026988 | Resolved possible usage counting issue for monetization prepaid developers using proxies with multiple proxy endpoints configured. |
hybrid v1.10.3-hotfix.4
On December 1, 2023 we released an updated version of the Apigee hybrid software, v1.10.3-hotfix.4.
- To install the hotfix, follow the instructions in Upgrading Apigee hybrid to version 1.10.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
311705715 | Mount a dedicated service account to the remove-dc component. |
Bug ID | Description |
---|---|
311167948 | A security issue was addressed. |
Cloud Pub/Sub trigger supports cross-project topics
You can now configure your Cloud Pub/Sub trigger for a Pub/Sub topic that isn't in the same Google Cloud project as your integration. The Pub/Sub topic can be in any Google Cloud project.
Starting with this release, you must specify a service account when configuring the Cloud Pub/Sub trigger. Your existing Cloud Pub/Sub triggers, that don't have any service account associated with them, will continue to work as before. However, if you want to modify the Pub/Sub topic in any of the existing Cloud Pub/Sub triggers, you must also configure a service account for those triggers to continue using them.
Management console is now highly available within the deployed region, ensuring resilience against zonal outages.
(Available without upgrading) The dags list-import-errors
Airflow CLI command is now supported.
Improved the validation of zone values. Environment creation requests do not start the operation if the zone value is not valid.
The apache-airflow-providers-google
package is upgraded to version 10.11.1 in images with Airflow 2.6.3 and 2.5.3. For more information about changes, see the apache-airflow-providers-google changelog from version 10.10.1 to version 10.11.1.
The apache-airflow-providers-cncf-kubernetes
package was upgraded to version 7.9.0.
Cloud Composer 2.5.2 images are available:
- composer-2.5.2-airflow-2.5.3
- composer-2.5.2-airflow-2.6.3 (default)
Cloud Composer versions 2.0.32 and 1.19.15 have reached their end of full support period.
Ops Agent version 2.44.0 introduces the following features:
- Support for Compute Engine VMs that are running Ubuntu 23.10 (Mantic Minotaur). For more information, see Operating systems.
- Support for Compute Engine Arm VMs that are running Debian 12 (Bookworm). For more information, see Support for Compute Engine Arm VMs.
- An option to prevent the agent from collecting self logs and sending them to Cloud Logging. For more information, see Collection of self logs.
Ops Agent version 2.44.0 introduces the following features:
- Support for Compute Engine VMs that are running Ubuntu 23.10 (Mantic Minotaur). For more information, see Operating systems.
- Support for Compute Engine Arm VMs that are running Debian 12 (Bookworm). For more information, see Support for Compute Engine Arm VMs.
- An option to prevent the agent from collecting self logs and sending them to Cloud Logging. For more information, see Collection of self logs.
New Dataproc Serverless for Spark runtime versions:
- 1.1.40
- 2.0.48
- 2.1.27
The 2.0 and 2.1 Dataproc Serverless runtime image tracks have upgraded the Cloud Storage connector to version 2.2.18.
The following Vertex AI Model Garden updates are available:
- Updated default model deployment settings with L4 GPUs, such as LLaMA2, falcon-instruct, openllama, Stable Diffusion 1.5, 2.1, and XL models.
- Support for hyperparameter tuning and customized datasets for LLaMA2 models using the dataset format used by supervised tuning in Vertex AI.
- Recommended LoRA and QLoRA settings for large language model tuning in Vertex AI. For details, see LoRA and QLoRA recommendations for LLMs.
- Support for AWQ and GPTQ conversions for LLaMA2 and OpenLLaMA models.
- Benchmark reports for ViT pytorch and JAX training, Openllama7b tuning, OpenLLaMA 3b/7b/13b hyperparameter tuning, and Stable Diffusion 1.5 tuning and serving.
November 30, 2023
BigQueryYou can use configuration YAML files to transform SQL code when you translate SQL queries from your source database. Configuration YAML files can be used with the batch SQL translator, the interactive SQL translator, and the batch translation Python client. This feature is now generally available (GA).
The slot estimator now supports project level cost-optimal commitment and autoscale recommendations for on-demand workloads. This feature is now in preview.
Due to ongoing system migration, the legacy Analytics Hub Listing for Arbitrum One is now deprecated and has been replaced with the new Analytics Hub Listing.
Due to an ongoing system migration, users may experience data staleness and data absence intermittently throughout next week
Release 6.2.41 is now in General Availability.
Cloud Build is now available in the following regions:
- europe-southwest1
- europe-west8
- europe-west9
- me-west1
- us-east5
- us-south1
For more information, see Cloud Build locations.
You can specify a preferred Cloud SQL zone for the environment's database when creating a standard resilience environment.
Quotas for snapshot operations are increased. Now it's possible to create up to 52 snapshots daily for a single environment. For scheduled snapshots taken at regular intervals, the minimum recommended interval is now 30 minutes (previously it was two hours).
A monthly digest of client library updates from across the Cloud SDK.
Go
Changes for spanner/admin/database/apiv1
1.52.0 (2023-11-14)
Features
- spanner: Add DML, DQL, Mutation, Txn Actions and Utility methods for executor framework (#8976) (ca76671)
- spanner: Add lastUseTime property to session (#8942) (b560cfc)
- spanner: Add method (#8945) (411a51e)
- spanner: Add methods to return Row fields (#8953) (e22e70f)
- spanner: Add PG.OID type cod annotation (#8749) (ffb0dda)
- spanner: Admin, Batch, Partition actions for executor framework (#8932) (b2db89e)
- spanner: Auto-generated executor framework proto changes (#8713) (2ca939c)
- spanner: BatchWrite (#8652) (507d232)
- spanner: Executor framework server and worker proxy (#8714) (6b931ee)
- spanner: Fix falkiness (#8977) (ca8d3cb)
- spanner: Long running transaction clean up - disabled (#8177) (461d11e)
- spanner: Update code for session leaks cleanup (#8978) (cc83515)
Bug Fixes
- spanner: Bump google.golang.org/api to v0.149.0 (8d2ab9f)
- spanner: Expose Mutations field in MutationGroup (#8923) (42180cf)
- spanner: Update grpc-go to v1.56.3 (343cea8)
- spanner: Update grpc-go to v1.59.0 (81a97b0)
Documentation
- spanner: Updated comment formatting (24e410e)
1.53.0 (2023-11-15)
Features
Java
Changes for google-cloud-spanner
6.53.0 (2023-11-06)
Features
- Move session lastUseTime parameter from PooledSession to SessionImpl class. Fix updation of the parameter for chained RPCs within one transaction. (#2704) (e75a281)
- Rely on graal-sdk version declaration from property in java-shared-config (#2696) (cfab83a)
Bug Fixes
- Prevent illegal negative timeout values into thread sleep() method in ITTransactionManagerTest. (#2715) (1c26cf6)
Dependencies
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.19.0 (#2719) (e320753)
- Update dependency com.google.cloud:google-cloud-trace to v2.28.0 (#2670) (078b7ca)
- Update dependency com.google.cloud:google-cloud-trace to v2.29.0 (#2714) (b400eca)
- Update dependency commons-cli:commons-cli to v1.6.0 (#2710) (e3e8f6a)
- Update dependency commons-io:commons-io to v2.15.0 (#2712) (a5f59aa)
- Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.28 (#2692) (d8a2b02)
- Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.28 (#2705) (2b17f09)
- Update dependency org.junit.vintage:junit-vintage-engine to v5.10.1 (#2723) (9cf6d0e)
6.54.0 (2023-11-15)
Features
Bug Fixes
- Copy backup issue when backup is done across different instance IDs (#2732) (7f6b158)
- Respect SPANNER_EMULATOR_HOST env var when autoConfigEmulator=true (#2730) (9c19934)
Dependencies
Node.js
Changes for @google-cloud/spanner
7.1.0 (2023-11-16)
Features
- Add PG.OID type cod annotation (69192b5)
- spanner: Add autoscaling config to the instance proto (#1935) (fe285c6)
- spanner: Add directed_read_option in spanner.proto (69192b5)
Bug Fixes
Storage Transfer Service supports transfers from cloud and on-premises Hadoop Distributed File System (HDFS) sources. This feature is in limited release; complete the form linked from the user guide at Transfer from HDFS to Cloud Storage to request access.
This new feature supports use cases such as migrating from on-premises storage to Cloud Storage, archiving data to free up on-premises storage space, replicating data to Google Cloud for business continuity, or transferring data to Google Cloud for analysis and processing.
The Unicorn model size for PaLM 2 for Text is generally available (GA). The text-unicorn
model provides improved response quality and reasoning capability compared to the text-bison
model. For details, see Model information.
Vertex AI's integration of model and dataset metadata into Dataplex's Data Catalog service is now generally available (GA). Search and discover these assets across projects and regions in Dataplex. Learn more at Use Data Catalog to search for model and dataset resources.
Note: For datasets of type TEXT_PROMPT
, navigating in the UI from Data Catalog back to Vertex AI (via the Open in Vertex AI button, or using the Resource URL link) results in a blank page. This is a known issue and expected to be fixed in the near future. To directly view TEXT_PROMPT
datasets in Vertex AI, navigate to the Generative AI My Prompts tab.
November 29, 2023
Application IntegrationThe Database persistence feature is now renamed to Local logging, which also supports logging in ASYNC mode. For more information, see Local logging.
Application Integration is now available in the Dammam (me-central2
) region.
For the list of all the supported regions, see Locations.
We are performing a scheduled system upgrade on 11/29/2023 from 4:00PM EST to 6:00PM EST. During this upgrade, you may experience increased data staleness and data absences. We apologize for any inconvenience this may cause.
What to Expect:
- Data staleness may increase, causing delays in data retrieval and updates.
- Data absences may occur, meaning that certain blockchain data may be unavailable for a period of time.
The following supported default parsers have changed. Each is listed by product name and log_type
value, if applicable.
- AWS Cloudtrail (
AWS_CLOUDTRAIL
) - Azure AD (
AZURE_AD
) - Azure AD Directory Audit (
AZURE_AD_AUDIT
) - Azure AD Organizational Context (
AZURE_AD_CONTEXT
) - Azure Application Gateway (
AZURE_GATEWAY
) - Azure DevOps Audit (
AZURE_DEVOPS
) - Blue Coat Proxy (
BLUECOAT_WEBPROXY
) - Chrome Management (
N/A
) - Cisco ASA (
CISCO_ASA_FIREWALL
) - Cisco ISE (
CISCO_ISE
) - Cisco Wireless IPS (
CISCO_WIPS
) - Citrix Netscaler (
CITRIX_NETSCALER
) - Clearswift (
CLEARSWIFT
) - Cloud Audit Logs (
N/A
) - Cloud Load Balancing (
GCP_LOADBALANCING
) - Cloud SQL (
GCP_CLOUDSQL
) - Cloudflare (
CLOUDFLARE
) - Corelight (
CORELIGHT
) - CrowdStrike Falcon (
CS_EDR
) - Cyberark Privilege Cloud (
CYBERARK_PRIVILEGE_CLOUD
) - Darktrace (
DARKTRACE
) - Elastic Windows Event Log Beats (
ELASTIC_WINLOGBEAT
) - Evision FircoSoft (
EVISION_FIRCOSOFT
) - Fluentd Logs (
FLUENTD
) - FortiGate (
FORTINET_FIREWALL
) - HPE ILO (
HPE_ILO
) - IBM WebSEAL (
IBM_WEBSEAL
) - Jamf Protect Telemetry (
JAMF_TELEMETRY
) - Jenkins (
JENKINS
) - JumpCloud Directory Insights (
JUMPCLOUD_DIRECTORY_INSIGHTS
) - Juniper MX Router (
JUNIPER_MX
) - Kubernetes Node (
KUBERNETES_NODE
) - Linux Auditing System (AuditD) (
AUDITD
) - Mandiant Custom IOC (
MANDIANT_CUSTOM_IOC
) - Microsoft CASB (
MICROSOFT_CASB
) - Microsoft Exchange (
EXCHANGE_MAIL
) - Microsoft Graph API Alerts (
MICROSOFT_GRAPH_ALERT
) - Nokia Router (
NOKIA_ROUTER
) - Ntopng (
NTOPNG
) - Office 365 (
OFFICE_365
) - OpenVPN (
OPEN_VPN
) - Opnsense (
OPNSENSE
) - OSQuery (
OSQUERY_EDR
) - OSSEC (
OSSEC
) - Palo Alto Networks Firewall (
PAN_FIREWALL
) - Radware Web Application Firewall (
RADWARE_FIREWALL
) - RH-ISAC (
RH_ISAC_IOC
) - Security Command Center Threat (
N/A
) - Sierra Wireless (
SIERRA_WIRELESS
) - Signal Sciences WAF (
SIGNAL_SCIENCES_WAF
) - Sophos Firewall (Next Gen) (
SOPHOS_FIREWALL
) - Splunk Platform (
SPLUNK
) - Suricata IDS (
SURICATA_IDS
) - Symantec Endpoint Protection (
SEP
) - Teleport Access Plane (
TELEPORT_ACCESS_PLANE
) - Ubiquiti UniFi Switch (
UBIQUITI_SWITCH
) - VMware NSX (
VMWARE_NSX
) - Vsftpd (
VSFTPD
) - WatchGuard (
WATCHGUARD
) - Windows Defender ATP (
WINDOWS_DEFENDER_ATP
) - Windows DHCP (
WINDOWS_DHCP
) - Windows DNS (
WINDOWS_DNS
) - Windows Event (
WINEVTLOG
) - Windows Event (XML) (
WINEVTLOG_XML
) - Windows Sysmon (
WINDOWS_SYSMON
) - Workspace Activities (
WORKSPACE_ACTIVITY
) - Workspace Alerts (
WORKSPACE_ALERTS
) - Workspace ChromeOS Devices (
WORKSPACE_CHROMEOS
) - Workspace Groups (
WORKSPACE_GROUPS
) - Workspace Mobile Devices (
WORKSPACE_MOBILE
) - Workspace Privileges (
WORKSPACE_PRIVILEGES
) - Workspace Users (
WORKSPACE_USERS
) - Zeek JSON (
BRO_JSON
) - Zscaler (
ZSCALER_WEBPROXY
)
The following log types, without a default parser, were added. Each is listed by product name and log_type
value, if applicable.
- No new log types were added.
For a list of supported log types and details about default parser changes, see Supported log types and default parsers.
Release 6.2.42 is currently in Preview.
Environments missing after toggling on All Environments in the Permission Group page (ID #00248779)
Hash values are displayed instead of analyst names when generating a report (ID #47508033)
The audit log shows the internal IPs instead of the external ones (ID #00170308, #00245571, #00262470)
Changing remote agents on an integration instance doesn't work
Database Migration Service supports creating Cloud SQL for MySQL and Cloud SQL for PostgreSQL instances with customer-managed encryption keys (CMEK) enabled.
You can now specify an inclusion filter or exclusion filter that is applied to the _Default
sinks of new resources. For more information, see Configure default filter of _Default
sinks.
cos-109-17800-66-32
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.58 | v24.0.5 | v1.7.7 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated NVIDIA GPU drivers. This resolves CVE-2023-31022.
Updated dev-libs/openssl to v3.0.12. This resolves CVE-2023-5363 and CVE-2023-5678.
Updated dev-libs/libxml2 to v2.11.5. This resolves CVE-2023-45322.
Fixed CVE-2023-5090 in the linux kernel.
cos-105-17412-226-41
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v23.0.3 | v1.7.7 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated NVIDIA GPU drivers. This resolves CVE-2023-31022.
Updated dev-libs/libxml2 to v2.11.5. This resolves CVE-2023-45322.
Updated app-editors/vim, app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736 CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781 CVE-2023-5344, CVE-2023-5441 and CVE-2023-5535.
Fixed CVE-2023-46813 in the Linux kernel.
cos-101-17162-336-27
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v20.10.24 | v1.6.24 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated NVIDIA GPU drivers. This resolves CVE-2023-31022.
Updated dev-libs/libxml2 to v2.11.5. This resolves CVE-2023-45322.
cos-97-16919-404-19
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.197 | v20.10.24 | v1.6.21 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated NVIDIA GPU drivers. This resolves CVE-2023-31022.
Updated dev-libs/libxml2 to v2.11.5. This resolves CVE-2023-45322.
cos-dev-113-18059-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.62 | v24.0.5 | v1.7.7 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated NVIDIA GPU drivers.
Dialogflow CX answer feedback is now generally available (GA) and has new configurations in Dialogflow Messenger, conversation history, and BigQuery export.
Starting in GKE version 1.27.6-gke.1248000, clusters in Autopilot mode detect nodes that can't fit all DaemonSets and, over time, migrate workloads to larger nodes that can fit all DaemonSets. For more information, see Best practices for DaemonSets on Autopilot.
Starting in GKE 1.27.7, you can configure your workloads to use TPU reservations with node auto-provisioning.
The following GKE versions fix an issue that could cause the NVIDIA GPU driver installer image to be garbage collected on Container-optimized OS nodes:
- 1.25.15-gke.1040000 and later
- 1.26.10-gke.1030000 and later
- 1.27.6-gke.1513000 and later
- 1.28.3-gke.1061000 and later
On November 29, 2023 we released version 1.4.0 of the Migrate to Containers modernization plugins.
Learn how to Upgrade Migrate to Containers plugins.
The following changes have been made to the migration plan format for Tomcat workloads:
A new field
baseImage
of typeobject
has been added that lets you do the following:Specify the Docker community image or provide your own Docker image to use as the base image for the migration using the
baseImage.name
property of typestring
.Specify a custom Tomcat installation path using the
baseImage.catalinaHome
property of typestring
.
The
fromImage
field of typestring
has been replaced by thebaseImage.name
property.Two new fields
userName
andgroupName
of typestring
have been added that let you specify a custom user and group under which you want the application to run.
Support for IBM WebSphere Application Server migrations has been enhanced. The websphere-container
plugin now supports WebSphere Application Server traditional as a source and as a target.
The websphere-traditional
plugin is now deprecated. For
existing customers, it is still supported till December 2023, after which it
will no longer be available. If you're new to WebSphere workload modernization,
then use the websphere-container
plugin with the Migrate to Containers CLI instead.
Cloud Text-to-Speech now offers de-DE and fr-FR Studio voices: de-DE-Studio-B, de-DE-Studio-C, fr-FR-Studio-A, and fr-FR-Studio-D.
November 28, 2023
AlloyDB for PostgreSQLThe AlloyDB columnar engine now supports columns with the array
data type.
Release 1.16.3
Anthos clusters on bare metal 1.16.3 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.16.3 runs on Kubernetes 1.27.
Functionality changes:
- Increased the certificate time to live (TTL) for
metrics-providers-ca
andstackdriver-prometheus-scrape
for third-party monitoring.
Supported node pool versions:
If you use selective worker node pool upgrades to upgrade a cluster to version 1.16.3, the following versions are supported for the worker node pools:
|
|
|
Fixes:
Fixed an issue where
CoreDNS
Pods can get stuck in an unready state.Fixed an issue that caused application metrics to be unavailable in Anthos clusters on bare metal versions 1.16.0 and 1.16.1.
Fixes:
The following container image security vulnerabilities have been fixed in 1.16.3:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Google Cloud VMWare Engine
vmwareengine.googleapis.com/ExternalAccessRule
vmwareengine.googleapis.com/ExternalAddress
vmwareengine.googleapis.com/NetworkPeering
vmwareengine.googleapis.com/NetworkPolicy
vmwareengine.googleapis.com/PrivateCloud
vmwareengine.googleapis.com/Cluster
vmwareengine.googleapis.com/PrivateConnection
vmwareengine.googleapis.com/VmwareEngineNetwork
November 27, 2023
Anthos Service MeshThe rollout of managed Anthos Service Mesh version 1.17 to the rapid channel has completed. Additionally, the rollout of managed Anthos Service Mesh version 1.16 to the stable channel has completed.
See Select a managed Anthos Service Mesh release channel for more information.
If you use Gateway API Automated Deployment, note the following upcoming change. When Anthos Service Mesh v1.18 is rolled out to the rapid channel, upgrading gateways will no longer require restarting the Pods to trigger a re-injection. Instead, gateways will be updated, via a rolling restart, when their revision changes. For more information, see Istio's release note.
Documentation has been added to explain how to configure jobs that can run on reserved VMs. Using reserved VMs helps minimize a job's scheduling time and prevent resource availability errors.
For more information, see Ensure resource availability using VM reservations
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
admissionregistration.k8s.io/ValidatingWebhookConfiguration
Deploy Apache Guacamole on GKE and Cloud SQL: Updated deployment to use Artifact Registry, and updated Cloud Shell commands for compatibility with latest Terraform provider.
Google Cloud's Agent for SAP version 2.8
Version 2.8 of Google Cloud's Agent for SAP is generally available (GA). From this version, the agent additionally collects the SAP Host Agent metrics Guaranteed IOPS
and Guaranteed Throughput
for Google Cloud Hyperdisk volumes.
For more information, see What's new with Google Cloud's Agent for SAP.
November 24, 2023
Vertex AIComputeToken API now available in Preview
The ComputeToken API is now available in (Preview). You can use this API to get a list of tokens for a given prompt. A token is a way to represent a common sequence of characters found in a text input. To learn more, see Get a list of tokens.
November 23, 2023
Application IntegrationHubSpot trigger is now available in preview.
Release 6.2.40 is now in General Availability.
November 22, 2023
AlloyDB for PostgreSQLVersion 1.5.0 of the AlloyDB Auth Proxy client might fail to connect to AlloyDB instances created before mid-November, 2023.
To mitigate this issue, take either one of the following steps:
Use version 1.4.1 of the AlloyDB Auth Proxy client. You can download this version by following the instructions on Download the Auth Proxy client, replacing
1.5.0
orlatest
in the commands with1.4.1
.Update any database flag on the affected instance. We recommend using the Google Cloud console to set and then clear a flag that doesn't require the instance to restart, such as
autovacuum
. For a full list of flags, see Supported database flags.
A vulnerability (CVE-2023-5717) has been discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2023-046 security bulletin.
Release 6.2.41 is currently in Preview.
Jobs enhancement
The following features have been added:
- Ability to sort the job execution table by time or status
- Indication in the jobs queue for each failed job iteration
IDE's Live Autocomplete feature not working properly (ID #00250083)
Confidential Space. You can now use the Split-Trust Encryption Tool (STET) with Confidential Space.
Datastream now supports SSL/TLS encryption for connections to PostgreSQL sources that don't require client certificates.
A vulnerability (CVE-2023-5717) has been discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
GKE clusters are impacted.
For more information, see the GCP-2023-046 security bulletin.
November 21, 2023
Anthos clusters on bare metalRelease 1.14.11
Anthos clusters on bare metal 1.14.11 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.11 runs on Kubernetes 1.25.
Fixes:
The following container image security vulnerabilities have been fixed in 1.14.11:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.
The following Connector Event triggers are available in preview:
Backup and DR Service 11.0.8.454 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance.
SAP HANA databases running in Compute Engine instances can now be backed up as Persistent Disk snapshots of the Compute Engine instance. This feature is in Private Preview.
Added basic connector support for the following OSes. See Support matrix.
- OEL 8.8, 9.1, and 9.2
- RHEL 8.8 and 9.2
- RHEL for SAP 8.8, 9.0, and 9.2
- Rocky Linux 8.8, 9.0, 9.1, and 9.2
- Rocky Linux Optimised for Google Cloud 8.8 and 9.2
- SLES 15 SP5
- SLES for SAP 15 SP5
Between January, 2024 and April, 2024 newly created Cloud Composer 2 environments will start using Python 3.11. After this change, Python 3.8 will no longer be available in new versions of Cloud Composer. If you upgrade an existing Cloud Composer 2 environment, the Python version will change to Python 3.11 as well.
The timing for Python 3.11 availability will be announced in January, 2024.
For BigQuery inspection jobs, when you set a sampling limit based on a percentage of the total number of table
rows
(rowsLimitPercent
),
Sensitive Data Protection can inspect more rows than expected. If you need to
put a hard limit on the number of rows to scan, we recommend setting a maximum
number of rows
(rowsLimit
)
instead.
Cloud Spanner emulator support for the PostgreSQL dialect is now generally available. To learn more about the emulator, see Emulate Cloud Spanner locally.
The Object Retention Lock feature is now available.
Using this feature, you can place a retention configuration on individual objects.
A retention configuration defines a date prior to which the object cannot be deleted or overwritten.
A retention configuration can optionally be locked to prevent the retention date from being shortened or removed.
Network edge security polices (custom rules) are now available to allowlisted users. For more information about network edge policies, see Types of security policies. In addition, you can learn how to Configure network edge security policies.
Preview stage supported for the following integration:
November 20, 2023
Anthos clusters on VMwareAnthos clusters on VMware 1.14.10-gke.35 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.14.8-gke.37 runs on Kubernetes v1.25.13-gke.200.
The following issues are fixed in 1.14.10-gke.35:
- Fixed the etcd hostname mismatch issue when using FQDN
- Fixed the issue where deleting a user cluster with a volume attached stalls, in which case the cluster can't be deleted and can't be used.
The following vulnerabilities are fixed in 1.14.10-gke.35:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
Ubuntu vulnerabilities:
Release 1.15.7
Anthos clusters on bare metal 1.15.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.15.7 runs on Kubernetes 1.26.
Fixed an issue where CoreDNS Pods can get stuck in an unready state.
The following container image security vulnerabilities have been fixed in 1.15.7:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Financial Services
financialservices.googleapis.com/Dataset
financialservices.googleapis.com/BacktestResult
financialservices.googleapis.com/EngineConfig
financialservices.googleapis.com/Model
financialservices.googleapis.com/PredictionResult
Regional endpoints are now available in Preview. Regional endpoints let you run your workloads in a manner that complies with data residency and data sovereignty requirements, where your request traffic is routed directly to the region specified in the endpoint.
Confidential Space. Support for VPC Service Controls is released to General Availability.
You can now protect Confidential Space using VPC Service Controls perimeters. For more information, see VPC Service Controls supported products.
Jump Start Solution: Analytics lakehouse: Updated the Deploy the solution section to clarify that the organizational
policy constraint constraints/compute.requireOsLogin
must not be enforced.
Cloud Storage Backint agent for SAP HANA version 1.0.32
Version 1.0.32 of the Cloud Storage Backint agent for SAP HANA is available. This version updates the JRE to the latest SAP JRE 21.0.1.
For more information about the agent, see Cloud Storage Backint agent for SAP HANA overview.
General availability support for the following integration:
You can use Private Service Connect backends to access published services that are hosted on regional internal Application Load Balancers and regional internal proxy Network Load Balancers.
November 17, 2023
Apigee hybridhybrid v1.11.0
On November 17, 2023 we released an updated version of the Apigee hybrid software, v1.11.0.
- For information on upgrading, see Upgrading Apigee hybrid to version v1.11.0.
- For information on new installations, see The big picture.
Helm charts management for Apigee hybrid
Starting in version v1.11.0, you have the choice of installing and managing your clusters with either Helm or apigeectl
. You cannot manage a cluster with both. Apigee recommends using Helm for new hybrid installations. See Apigee hybrid Helm charts reference.
Vault integration for Cassandra credentials (preview)
Starting in version v1.11.0, you can store Cassandra credentials in Hashicorp Vault.
Note: Using Vault requires Helm management of your Apigee installation.
See Storing Cassandra credentials in Hashicorp Vault.
Vault integration is in preview as of the Apigee hybrid 1.11.0 release.
Apigee Advance API Security Actions for Apigee hybrid
Advanced API Security's new Security Actions feature is now available in Apigee hybrid.
Bug ID | Description |
---|---|
295929616 | Installation of Hybrid 1.10.x would fail on OpenShift due to out of memory issues. (Fixed in Apigee hybrid v1.10.3) |
294069799 | Updated the security context settings for the Apigee Hybrid Backup and Restore pod. |
292571089 | An error with support for CSI backup and restore for Cassandra was fixed. (Fixed in Apigee hybrid v1.10.3) |
292118812 | Fixed UDCA regression in Hybrid 1.10.1 where UDCA would ignore forward proxy configuration. (Fixed in Apigee hybrid v1.10.2) |
289254725 | Implemented a fix to prevent failure of proxy deployments that include the OASValidation policy. (Fixed in Apigee hybrid v1.10.1) |
287321226 | Security context has been corrected for apigee-prom-prometheus to avoid privilege escalation. (Fixed in Apigee hybrid v1.10.3) |
277353680 | Fixed issue causing target server HealthMonitors to continue beyond revision or deletion of the proxy. Target health checks are now terminated as soon as the proxy is removed from the runtime (undeployed or deleted). Note: There may be a delay between removal of the proxy and termination of the target server health checks. (Fixed in Apigee X) |
240180122 | Disable privilege escalation on the cassandra container by moving the ulimit settings to the newly introduced initContainer "apigee-cassandra-ulimit-init". If you are using security controls with gatekeeper, ensure that apigee-cassandra-ulimit-init initContainer can runAs user, group as 0 and allow capabilities IPC_LOCK and SYS_RESOURCES. (Fixed in Apigee hybrid v1.11.0) |
205666368 | Fixed issue with default validation of TLS target endpoint certificates. To enable strict SSL on southbound connections to a proxy target endpoint, add the tag See About setting TLS options in a target endpoint or target server. See also Known Issue #205666368. (Fixed in Apigee hybrid v1.10.3-hotfix.1) |
158132963 | Added improvements to capture relevant target flow variables in trace and analytics in case of target timeouts. (Fixed in Apigee hybrid v1.10.2) |
Bug ID | Description |
---|---|
303292806 | Set backup utility to only connect to Cassandra server pods in the apigee namespace. (Fixed in Apigee hybrid v1.10.3-hotfix.3) |
300542690 | Added dedicated service accounts for Apigee Connect, Redis, and UDCA to prevent Kubernetes from automatically injecting credentials for a specified ServiceAccount or the default ServiceAccount. (Fixed in Apigee hybrid v1.10.3-hotfix.3) |
297938600, 297938559, 297938486, 294892344 |
Security fixes for apigee-diagnostics-collector . (Fixed in Apigee hybrid v1.10.3) This addresses the following vulnerabilities: |
297938498, 297938487 |
Security fixes for apigee-fluent-bit .(Fixed in Apigee hybrid v1.10.3) This addresses the following vulnerabilities: |
297938441 | Security fixes for apigee-runtime . (Fixed in Apigee hybrid v1.10.3) This addresses the following vulnerabilities: |
297286274 | Security fixes for apigee-installer . (Fixed in Apigee hybrid v1.10.3) This addresses the following vulnerabilities: |
296719459, 296719400, 296719348, 296719307, 296719306, 296719188, 296719187, 296719186, 296719115, 296719018, 296718937, 296718918, 296718917, 296718916, 296716670, 296716669, 296716472, 296716471, 296715155 |
Security fixes for apigee-hybrid-cassandra . (Fixed in Apigee hybrid v1.10.3) This addresses the following vulnerabilities: |
296717666, 296717283, 296716668, 296716667, 296716650, 296716635, 296716634, 296716633, 296716470, 296716234, 296715734, 296715733, 296715154, 296715153 |
Security fixes for apigee-hybrid-cassandra-client . (Fixed in Apigee hybrid v1.10.3) This addresses the following vulnerabilities: |
296717665, 296717664, 296717663, 296717662, 296717185, 296716666, 296716649, 296716632, 296716468, 296716467, 296716232, 296715152, 296715151, 296714218 |
Security fixes for apigee-cassandra-backup-utility . (Fixed in Apigee hybrid v1.10.3) This addresses the following vulnerabilities: |
295936113 | Security fixes for apigee-mart-server . (Fixed in Apigee hybrid v1.10.3) This addresses the following vulnerability: |
294906706 | Security fixes for apigee-prom-prometheus . (Fixed in Apigee hybrid v1.10.3) This addresses the following vulnerabilities:
|
293925856 | Security fixes for apigee-prometheus-adapter . (Fixed in Apigee hybrid v1.10.3) This addresses the following vulnerabilities: |
293348130 | Security fixes for apigee-udca . (Fixed in Apigee hybrid v1.10.2) This addresses the following vulnerabilities: |
291994501 | Security fixes for apigee-operator and apigee-watcher . (Fixed in Apigee hybrid v1.10.2) This addresses the following vulnerabilities: |
291994501 | Security fixes for apigee-installer . (Fixed in Apigee hybrid v1.10.2) This addresses the following vulnerabilities:
|
290829031 | Security fixes for apigee-hybrid-cassandra , apigee-cassandra-client , and cassandra-backup-utility . (Fixed in Apigee hybrid v1.10.2) This addresses the following vulnerabilities: |
290829028 | Security fixes for Apigee Connect and apigee-connect-agent and apigee-redis . (Fixed in Apigee hybrid v1.10.2) This addresses the following vulnerabilities: |
290068742 | Security fixes for apigee-udca . (Fixed in Apigee hybrid v1.10.1) This addresses the following vulnerability: |
290067464 | Security fixes for apigee-stackdriver-logging-agent . (Fixed in Apigee hybrid v1.10.1) This addresses the following vulnerability: |
290065830 | Security fixes for apigee-udca . (Fixed in Apigee hybrid v1.10.1) This addresses the following vulnerability: |
281561243 | Security fixes for apigee-diagnostics-collector , apigee-mart-server , apigee-mint-task-scheduler , apigee-runtime , and apigee-synchronizer . (Fixed in Apigee hybrid v1.10.1) This addresses the following vulnerability: |
N/A | Security fixes for apigee-prometheus-adapter . (Fixed in Apigee hybrid hybrid v1.11) This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-prom-prometheus/master . (Fixed in Apigee hybrid hybrid v1.11) This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-kube-rbac-proxy . (Fixed in Apigee hybrid hybrid v1.11) This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-hybrid-cassandra . (Fixed in Apigee hybrid hybrid v1.11) This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-fluent-bit . (Fixed in Apigee hybrid hybrid v1.11) This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-diagnostics-collector , apigee-mart-server , apigee-mint-task-scheduler , apigee-runtime , and apigee-synchronizer . (Fixed in Apigee hybrid hybrid v1.11) This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-cassandra-backup-utility , apigee-hybrid-cassandra-client , and apigee-connect-agent . (Fixed in Apigee hybrid v1.11) This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-asm-ingress and apigee-asm-istiod . (Fixed in Apigee hybrid v1.11) This addresses the following vulnerabilities: |
App Hub is available in Preview.
Starting December 1, 2023, in the europe-central2, northamerica-northeast1, us-west1, and us-west2 regions it will be possible to create new Cloud Composer 1 environments only in projects that already have Cloud Composer 1 environments.
In all other existing or newly created projects in these regions, it will be possible to create only Cloud Composer 2 environments. This change is a part of the preparation for Cloud Composer 1 end of support, as communicated earlier and described in the Versioning overview.
The sensitive data discovery service can now detect the presence of secrets, such as passwords and authentication tokens, in your Cloud Functions environment variables. Sensitive Data Protection sends any findings to Security Command Center as vulnerability findings. For more information, see Report secrets in environment variables to Security Command Center.
Observability for Google Kubernetes Engine: The Observability tab for a GKE cluster adds a dashboard for GPU metrics. The charts on this dashboard are populated only if the cluster has GPU nodes. For more information, see View observability metrics.
For services with cold start times exceeding 10 seconds, requests are now queued for at least the cold start time before timing out while waiting for instances to start.
Cloud SQL now supports migrating data to an instance that already exists. You can create the instance by using Terraform or other Infrastructure-As-Code (IaC) Tools. After creating the instance, use the demote API to migrate data to it. This API demotes an existing standalone instance to be a Cloud SQL read replica for an external database server.
Cloud SQL for MySQL now supports minor version 8.0.35. To upgrade your existing instance to the new version, see Upgrade the database minor version.
Cloud SQL now supports migrating data to an instance that already exists. You can create the instance by using Terraform or other Infrastructure-As-Code (IaC) Tools. After creating the instance, use the demote API to migrate data to it. This API demotes an existing standalone instance to be a Cloud SQL read replica for an external database server.
Dataflow supports NVIDIA® L4 and NVIDIA® A100 80 GB GPU types. For more information, see Dataflow support for GPUs.
New Dataproc on Compute Engine subminor image versions:
- 2.0.84-debian10, 2.0.84-rocky8, 2.0.84-ubuntu18
- 2.1.32-debian11, 2.1.32-rocky8, 2.1.32-ubuntu20, 2.1.32-ubuntu20-arm
Upgraded the Cloud Storage connector version to 2.2.18 in the latest 2.0 and 2.1 Dataproc on Compute Engine image versions.
In the Flink component in the latest Dataproc on Compute Engine 2.1 image version, added the following java-storage client properties:
gs.retry.max.attempts
property to set the max number of retry attemptsgs.retry.total.timeout
property to set the total retry timeout
Fixed a regression in the Zeppelin websocket rules that caused a websocket error in Zeppelin notebooks.
The Python kernel does not work in Zeppelin on the Dataproc on Compute Engine 2.1 image version. Other kernels are not impacted.
The Zeppelin REST API does not work (drops query parameters) on Dataproc on Compute Engine 2.0 and 2.1 image versions via the Component Gateway. Other Zeppelin interactions can also break as a result of dropped query parameters.
You can now run workloads on L4 GPUs in Autopilot clusters that use GKE version 1.28.3-gke.1203000 and later. For instructions, see Deploy GPU workloads in Autopilot.
(2023-R24) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane and node versions are now available:
- The following control plane versions are no longer available:
- 1.24.17-gke.2198000
- 1.24.17-gke.2211000
- 1.25.15-gke.1033000
- 1.25.15-gke.1049000
- 1.26.10-gke.1024000
- 1.26.10-gke.1038000
- 1.27.7-gke.1038000
- 1.27.7-gke.1056000
Stable channel
- There are no new releases in the Stable release channel.
Regular channel
- There are no new releases in the Regular release channel.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.24.17-gke.2198000
- 1.24.17-gke.2211000
- 1.25.15-gke.1033000
- 1.25.15-gke.1049000
- 1.26.10-gke.1024000
- 1.26.10-gke.1038000
- 1.27.7-gke.1038000
- 1.27.7-gke.1056000
- 1.28.3-gke.1098000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.17-gke.2230000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.15-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.10-gke.1073000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.10-gke.1073000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.3-gke.1118000 with this release.
(2023-R24) Version updates
- The following control plane and node versions are now available:
- The following control plane versions are no longer available:
- 1.24.17-gke.2198000
- 1.24.17-gke.2211000
- 1.25.15-gke.1033000
- 1.25.15-gke.1049000
- 1.26.10-gke.1024000
- 1.26.10-gke.1038000
- 1.27.7-gke.1038000
- 1.27.7-gke.1056000
(2023-R24) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.24.17-gke.2198000
- 1.24.17-gke.2211000
- 1.25.15-gke.1033000
- 1.25.15-gke.1049000
- 1.26.10-gke.1024000
- 1.26.10-gke.1038000
- 1.27.7-gke.1038000
- 1.27.7-gke.1056000
- 1.28.3-gke.1098000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.17-gke.2230000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.15-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.10-gke.1073000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.10-gke.1073000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.3-gke.1118000 with this release.
(2023-R24) Version updates
- There are no new releases in the Stable release channel.
(2023-R24) Version updates
- There are no new releases in the Regular release channel.
Vertex AI Feature Store
The following features of the new and improved Vertex AI Feature Store are now generally available (GA):
Feature Registry: Register your feature data sources in BigQuery by creating feature groups and features. For more information, see Create a feature group and Create a feature.
Cloud Bigtable online serving: Serve features from one or more BigQuery data sources. You can set up Cloud Bigtable online serving by defining online serving clusters called online store instances and creating feature views within the online store instances.
Note that the following features of Vertex AI Feature Store are still in Preview:
- Serve features at ultra-low latencies with Optimized online serving.
- Sync data in a feature view within an online store.
- Retrieve vector embeddings for real-time serving.
For more information, see About Vertex AI Feature Store.
Support for a Kubernetes API connector is available in Preview. The connector allows you to interact with Kubernetes objects in a Google Kubernetes Engine cluster. For more information, see Access Kubernetes API objects using a connector.
See the blog post: Deploy and manage Kubernetes applications with Workflows.
November 16, 2023
Anthos clusters on VMwareAnthos clusters on VMware 1.16.3-gke.45 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.16.1-gke.44 runs on Kubernetes 1.27.4-gke.1600.
The Prometheus and Grafana add-ons field, loadBalancer.vips.addonsVIP
, is
deprecated. This change is because
Google Managed Service for Prometheus
replaced the Prometheus and Grafana add-ons.
The following issues are fixed in 1.16.3-gke.45:
- Fixed a Cilium issue causing egress NAT to erroneously break long-lived connections.
- Fixed the etcd hostname mismatch issue when using a FQDN.
- Fixed the known issue that caused admin cluster updates or upgrades to fail if the projects or locations of add-on services don't match each other.
- Fixed the issue that external cluster snapshot won't be taken after
gkectl update admin
fails. - Fixed an issue that caused the CSI workload preflight to fail when Istio is enabled.
- Fixed the issue that deleting a user cluster with a volume attached may be stuck forever.
- Fixed the known issue that caused user cluster deletion to fail when using a user-managed admin workstation.
The following vulnerabilities are fixed in 1.16.3-gke.45:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
Ubuntu vulnerabilities:
Windows vulnerabilities:
The IL4 compliance program now supports the following products. See Supported products for more information:
- Cloud DNS
- Cloud Interconnect
- Cloud Monitoring
- Cloud Router
- Cloud SQL
- Cloud VPN
- Pub/Sub
The following BigQuery ML features for Vertex AI large language models (LLMs) are now generally available (GA):
The SQL syntax for remote models has been updated to provide access to all text generation and text embedding LLMs (for example,
text-bison-32k
andtextembedding-gecko-multilingual
) and also to provide support for different LLM versions.Region support for
text-bison*
LLM models has been expanded to include the following locations in addition tous
andus-central1
:asia-northeast3
asia-southeast1
eu
europe-west1
europe-west2
europe-west3
europe-west4
europe-west9
us-west4
Release 6.2.40 is currently in Preview.
Playbook actions carried out by automation are not labeled as such on the case wall (ID #47525692).
This bug fix is in Preview.
Case title is not picking up information if it's in square brackets (ID #00262914).
This bug fix is in Preview.
Cloud Spanner now supports automatic cleanup of long running transactions (in Preview). To enable this feature, use the Java or Go client library to automatically remove long running transactions that might cause session leaks and receive warning logs about problematic transactions. For more information, see Automatic cleanup of session leaks.
Cloud Spanner now supports Hibernate ORM 6.3 in GoogleSQL Hibernate dialect. For more information, see Integrate Spanner with Hibernate ORM (GoogleSQL dialect).
Dataform is compliant with VPAT.
For more information, see Dataform compliance.
M113 release
- Miscellaneous bug fixes and improvements in Python 3.10 container images.
M113 release
- Miscellaneous bug fixes and improvements in Python 3.10 images.
Parallel file systems for HPC workloads: Added Sycomp Storage Fueled by IBM Spectrum Scale as an option for parallel file system (PFS) storage, and replaced NetApp Cloud Volumes Service with Google Cloud NetApp Volumes.
You can now configure alerts for Cloud Deploy release render failures.
The Advanced Data Networking (ADN) traffic is accounted only for large-sized flows (approximately >20 Kbps) that cross VPC boundaries. Currently, small-sized flows are not accounted.
M113 release
The M113 release of Vertex AI Workbench instances includes the following:
- Added the Dataproc JupyterLab plugin to Vertex AI Workbench instances. To get started, see Create a Dataproc-enabled instance.
- When using an instance's Google Cloud CLI,
gcloud config
is preset with the following defaults:project
is set to your instance's project.- Your compute region is set to your instance's region.
- Your Dataproc region is set to your instance's region.
- Fixed an issue that prevented Dataproc kernels from working.
- Fixed a CORS (cross-origin resource sharing) error.
The M113 release of Vertex AI Workbench user-managed notebooks includes the following:
- Miscellaneous bug fixes and improvements in Python 3.10 notebooks.
November 15, 2023
AlloyDB for PostgreSQLIAM authentication for AlloyDB is generally available (GA).
You can now restrict an OAuth 2.0 access token so that it works only for AlloyDB authentication.
You can now configure the AlloyDB Auth Proxy to automatically authenticate IAM-based database logins. This works only with the IAM account that you use to run the proxy client.
AlloyDB Omni version 15.2.2 is available. This version resolves the previous version's issue with incremental backups, and contains various other bug fixes and improvements. For more information about upgrading AlloyDB Omni, see Upgrade AlloyDB Omni.
The AlloyDB Omni Kubernetes Operator version 0.2.0 is available in Preview. This update adds support for AlloyDB Omni version 15.2.2, and includes various bug fixes and improvements. For more information about upgrading AlloyDB using the Kubernetes operator, see Upgrade AlloyDB Omni.
The following supported default parsers have changed. Each is listed by product name and log_type
value, if applicable.
- Abnormal Security (
ABNORMAL_SECURITY
) - Akamai Enterprise Application Access (
AKAMAI_EAA
) - Atlassian Confluence (
ATLASSIAN_CONFLUENCE
) - Atlassian Jira (
ATLASSIAN_JIRA
) - AWS Aurora (
AWS_AURORA
) - AWS Cloudtrail (
AWS_CLOUDTRAIL
) - Bitwarden Events (
BITWARDEN_EVENTS
) - Check Point Harmony (
CHECKPOINT_HARMONY
) - Cisco Router (
CISCO_ROUTER
) - Cisco Switch (
CISCO_SWITCH
) - Cisco Umbrella DNS (
UMBRELLA_DNS
) - Cloud Audit Logs (
N/A
) - Dell Switch (
DELL_SWITCH
) - Elastic Search (
ELASTIC_SEARCH
) - Elastic Windows Event Log Beats (
ELASTIC_WINLOGBEAT
) - F5 ASM (
F5_ASM
) - FireEye (
FIREEYE_ALERT
) - Firewall Rule Logging (
N/A
) - IBM DataPower Gateway (
IBM_DATAPOWER
) - Infoblox (
INFOBLOX
) - Jamf Protect Alerts (
JAMF_PROTECT
) - Juniper (
JUNIPER_FIREWALL
) - Lacework Cloud Security (
LACEWORK
) - Linux Sysmon (
LINUX_SYSMON
) - Medigate IoT (
MEDIGATE_IOT
) - Microsoft Sentinel (
MICROSOFT_SENTINEL
) - Netskope (
NETSKOPE_ALERT
) - Openpath (
OPENPATH
) - Palo Alto Cortex XDR Alerts (
CORTEX_XDR
) - Proofpoint Observeit (
OBSERVEIT
) - Proofpoint On Demand (
PROOFPOINT_ON_DEMAND
) - Pulse Secure (
PULSE_SECURE_VPN
) - Pulse Secure Virtual Traffic Manager (
PULSE_SECURE_VTM
) - SentinelOne EDR (
SENTINEL_EDR
) - Sophos Firewall (Next Gen) (
SOPHOS_FIREWALL
) - SpyCloud (
SPYCLOUD
) - Stealthbits Defend (
STEALTHBITS_DEFEND
) - Stealthbits PAM (
STEALTHBITS_PAM
) - STIX Threat Intelligence (
STIX
) - Symantec Endpoint Protection (
SEP
) - Symantec Event export (
SYMANTEC_EVENT_EXPORT
) - Tenable Active Directory Security (
TENABLE_ADS
) - Unix system (
NIX_SYSTEM
) - VMware vCenter (
VMWARE_VCENTER
) - Windows Event (XML) (
WINEVTLOG_XML
) - Zscaler (
ZSCALER_WEBPROXY
)
The following log types, without a default parser, were added. Each is listed by product name and log_type
value, if applicable.
- Aruba Orchestrator (
ARUBA_ORCHESTRATOR
) - AWS Shield (
AWS_SHIELD
) - Azure DNS logs (
AZURE_DNS
) - Backbox (
BACKBOX
) - Bitvise SSHd (
BITVISE_SSHD
) - Cylera IOT (
CYLERA_IOT
) - Druva Backup (
DRUVA_BACKUP
) - Ensono Cloud Mainframe Solution (
ENSONO
) - xtreme Networks ExtremeControl NAC Solution (
EXTREME_CONTROL
) - EzProxy (
EZPROXY
) - Github Events (
GITHUB_EVENTS
) - Glean (
GLEAN
) - ISM Xtraction (
IVANTI_XTRACTION
) - Lira (
LIRA
) - LogonBox (
LOGONBOX
) - Mandiant Custom IOC (
MANDIANT_CUSTOM_IOC
) - Monday (
MONDAY
) - Onapsis (
ONAPSIS
) - Opentelemetry (
OPENTELEMETRY
) - Opswat Kiosk (
OPSWAT_KIOSK
) - Outpost24 (
OUTPOST24
) - Pentera Leef (
PENTERA_LEEF
) - Phishlabs (
PHISHLABS
) - Portnix Audit (
PORTNOX_AUDIT
) - Portnix CEF (
PORTNOX_CEF
) - Proofpoint Sendmail Sentrion (
PROOFPOINT_SENDMAIL_SENTRION
) - SAP SM20 (
SAP_SM20
) - Splunk Attack Analyzer (
SPLUNK_ATTACK_ANALYZER
) - Stellar Cyber (
STELLAR_CYBER
) - Talon (
TALON
) - Teradici PCoIP (
TERADICI_PCOIP
) - TrendMicro Apex Central (
TRENDMICRO_APEX_CENTRAL
) - TrendMicro Webproxy DSM (
TRENDMICRO_WEBPROXY_DSM
) - Vonage (
VONAGE
) - Waterfall Data Security Manager (
WATERFALL_DSM
) - Ysoft Data Security Manager (
YSOFT_DSM
) - Zscaler Client Connector (
ZSCALER_ZCC
) - Zscaler ZDX (
ZSCALER_ZDX
)
For a list of supported log types and details about default parser changes, see Supported log types and default parsers.
Release 6.2.39 is now in General Availability.
All Cloud Composer environment's GKE clusters are set up with maintenance exclusions for the following periods:
- From November 20, 2023 to November 29, 2023 (already configured)
- From December 20, 2023 to January 2, 2024 (will be configured in December)
For more information, see Maintenance exclusions.
A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.
Cloud SQL supports the bulk insert functionality of SQL Server for importing data. This functionality is supported only on SQL Server 2022.
For more information, see Use bulk insert for importing data.
Cloud Spanner now provides an integration workflow with Vertex AI Vector Search to enable vector similarity search on data stored in Spanner. For more information, see Export embeddings from Spanner to Vector Search.
cos-dev-113-18054-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.62 | v24.0.5 | v1.7.7 | v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Updated the Linux kernel to v6.1.62.
Updated the Linux kernel to v6.1.61.
Backported support for TCP RTO configuration in networkd.
Upgraded dev-python/pyserial to v3.5-r2.
Upgraded sys-apps/hwdata to v0.376.
Upgraded sys-libs/zlib to v1.3-r2.
Upgraded net-dns/c-ares to v1.21.0.
Upgraded app-arch/xz-utils to v5.4.5.
Updated dev-lang/go to 1.21.3. This resolves CVE-2023-44487 and CVE-2023-39325.
Updated dev-go/net to v0.17.0. This fixes CVE-2023-44487 and CVE-2023-39325.
Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
cos-109-17800-66-27
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.58 | v24.0.5 | v1.7.7 | v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Updated dev-lang/go to v1.21.3. This resolves CVE-2023-44487 and CVE-2023-39325.
Updated dev-go/net to v0.17.0. This fixes CVE-2023-44487 and CVE-2023-39325.
Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
Fixed CVE-2023-46813 in the Linux kernel.
Fixed CVE-2023-46862 in the Linux kernel.
cos-101-17162-336-25
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v20.10.24 | v1.6.24 | v470.199.02(default),v535.104.12(latest) |
Updated dev-lang/go to v1.20.10. This resolves CVE-2023-44487 and CVE-2023-39325.
Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
Fixed CVE-2023-46813 in the Linux kernel.
cos-97-16919-404-17
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.197 | v20.10.24 | v1.6.21 | v470.199.02(default),v535.104.12(latest) |
Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
Fixed CVE-2023-46813 in the Linux kernel.
You can use CMEK (Customer Managed Encrytion Keys) with encrypted Dataproc cluster data, incuding persistent disk data, job arguments and queries submitted with Dataproc jobs, and cluster data saved in the cluster Dataproc staging bucket. See Use CMEK with cluster data for more information.
Eventarc is available in the me-central2
(Dammam, Kingdom of Saudi Arabia) region.
Dynamic Workload Scheduler support on GKE through the Provisioning Request API launched in Preview in version 1.28. Use the Dynamic Workload Scheduler to get large atomic sets of available GPU models in GKE Standard clusters. For more information, see Deploy GPUs for batch workloads with ProvisioningRequest.
Vertex AI Search: Autocomplete denylist (Preview with allowlist)
Importing an autocomplete denylist is available as a preview with allowlist feature. To use this feature, contact your Google account team.
For information about autocomplete denylists, see Use an autocomplete denylist.
Batch video and image support in Vertex AI Vision Warehouse is Generally Available. Vertex AI Vision Warehouse now supports semantic searches and similarity searches on video and images. For more information, see Vision Warehouse overview
November 14, 2023
Anthos Service Mesh1.19.3-asm.4 is now available for in-cluster Anthos Service Mesh.
You can now download 1.19.3-asm.4 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.19.3 subject to the list of supported features. Anthos Service Mesh 1.19.3-asm.4 uses Envoy v1.27.2.
1.18.5-asm.2 is now available for in-cluster Anthos Service Mesh.
You can now download 1.18.5-asm.2 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.18.5 subject to the list of supported features. Anthos Service Mesh 1.18.5-asm.2 uses Envoy v1.26.5.
1.17.8-asm.4 is now available for in-cluster Anthos Service Mesh.
You can now download 1.17.8-asm.4 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.17.8 subject to the list of supported features. Anthos Service Mesh 1.17.8-asm.4 uses Envoy v1.25.12.
1.16.7-asm.14 is now available for in-cluster Anthos Service Mesh.
You can now download 1.16.7-asm.14 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.16.7 subject to the list of supported features. Anthos Service Mesh 1.16.7-asm.14 uses Envoy v1.24.11.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
- CVE-2023-4147
For more information, see the GCP-2023-042 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
- CVE-2023-4147
For more information, see the GCP-2023-042 security bulletin.
You can now see query performance insights about partition skew. This feature is in preview.
You can apply a patch revision version when you create a new Cloud Data Fusion instance by adding the optional --patch_revision
argument to the gcloud beta data-fusion instances create
command. For more information, see Manage patch revisions for instances.
You can update the patch revision version of an instance by adding the optional --patch_revision
argument to the gcloud beta data-fusion instances update
command. For more information, see Manage patch revisions for instances.
Cancelling a currently running job execution is now at general availability (GA).
New bandwidth quotas are now in effect.
- Bandwidth quotas are now variable and based in part on a project's billing account history. Previously, the same default value applied to all projects.
- For most projects, egress bandwidth quotas either remain unchanged or have increased.
- You can view your project's egress bandwidth quotas in the Console.
cos-dev-113-18054-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.62 | v24.0.5 | v1.7.7 | v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Updated the Linux kernel to v6.1.62.
Updated the Linux kernel to v6.1.61.
Backported support for TCP RTO configuration in networkd.
Upgraded dev-python/pyserial to v3.5-r2.
Upgraded sys-apps/hwdata to v0.376.
Upgraded sys-libs/zlib to v1.3-r2.
Upgraded net-dns/c-ares to v1.21.0.
Upgraded app-arch/xz-utils to v5.4.5.
Updated dev-lang/go to 1.21.3. This resolves CVE-2023-44487 and CVE-2023-39325.
Updated dev-go/net to v0.17.0. This resolves CVE-2023-44487 and CVE-2023-39325.
Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
cos-109-17800-66-27
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.58 | v24.0.5 | v1.7.7 | v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Update dev-lang/go to 1.21.3. This resolves CVE-2023-44487 and CVE-2023-39325.
Updated dev-go/net to v0.17.0. This fixes CVE-2023-44487 and CVE-2023-39325.
Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
Fixed CVE-2023-46813 in the Linux kernel.
Fixed CVE-2023-46862 in the Linux kernel.
cos-101-17162-336-25
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v20.10.24 | v1.6.24 | v470.199.02(default),v535.104.12(latest) |
Updated dev-lang/go to 1.20.10. This resolves CVE-2023-44487, CVE-2023-39325
Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736 CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781 CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
Fixed CVE-2023-46813 in the Linux kernel.
cos-97-16919-404-17
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.197 | v20.10.24 | v1.6.21 | v470.199.02(default),v535.104.12(latest) |
Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736 CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781 CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
Fixed CVE-2023-46813 in the Linux kernel.
Parallel file systems for HPC workloads: Added Parallelstore and Weka Data Platform as options for parallel file system (PFS) storage.
Google Cloud console experience for VMware Engine: You can use the Google Cloud console to manage your VMware Engine environments without opening another tab. For more information on migrating to this refreshed experience, see What's new with VMware Engine.
VMware Engine network: Further simplification of the networking architecture and experience in VMware Engine removes the need for private service networking. With VMware Engine networks, you can create multiple isolated networks within the same project and connect them as needed to consumer VPCs to deliver complex topologies.
Integrated networking: Private cloud deployment is now just one simple step. VMware Engine network and initial VPC peering to your VPC can be done at the time of private cloud creation.
Advanced VPC Peering: Virtual Private Cloud network peerings define network connectivity between VMware Engine networks, Google VPCs, and other services. You can now create a complex set of VPC peerings within the Google Cloud console.
Increase to the default VPC Peer count: Any standard VMware Engine network now supports 25 VPC Peers by default.
Integrated Cloud DNS for workloads (DNS Bindings): Bi-directional Cloud DNS capabilities that enable DNS resolution for VMware Engine workloads, delivering enterprise needs in a simplified and more streamlined manner. Cloud DNS administrators can bind the VMware Engine network just as any other VPC.
DNS Server IP: Workloads within your private cloud can now use native Cloud DNS for DNS resolution.
Management DNS for private clouds: Automatic Management DNS Peering is now Automatic Management DNS for Private Clouds. You can now view and manage the DNS bindings for the private cloud management zone.
External access rules: Control access to external IP addresses. We have simplified the rule creation process to no longer require creation of a table and attachment to a subnet. External access rules now support one or more external IP address within a single rule.
(Legacy Networks) DNS forwarding rules: Allows configuration of management appliance DNS resolution for private clouds attached to legacy VMware Engine networks.
ESXi (NSX-T Distributed Log Forwarding): You can now configure both ESXi logs, including NSX-T Distributed Firewall (DFW) Logs, to a remote syslog server.
Finer-grained access controls for additional resources: VMware Engine provides finer-grained, per-action access controls for actions performed on new resources added. To view a comprehensive list of permissions for VMware Engine, go to the Permissions reference and search for the prefix vmwareengine.
Additional Google Cloud CLI and VMware Engine API Endpoints: More capabilities delivered using VMware Engine API and Google Cloud CLI enables you to programmatically manage VMware Engine environments, including VMware Engine API and Google Cloud CLI functions for managing the new networking model, network peering, external access rules and external IP service, consumer DNS, and more.
DNS Profiles: Existing DNS Profiles will be migrated to each private cloud in which the DNS Profile was assigned. DNS forwarding rules can be configured within each private cloud.
Firewall Tables: Existing firewall tables and rules have been migrated to external access rules.
Elevate privilege option is no longer available. You can sign in using one of the solution users to perform elevated privileges actions. For details, see Elevating VMware Engine privileges.
Announced August 10, 2022: Removed ability to manage point-to-site (P2S) VPN gateways for projects with existing P2S VPN gateways. You can continue to use an alternative VPN solution. For details, see Connecting using VPN. Contact customer care for P2S VPN gateway removal.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
- CVE-2023-4147
For more information, see the GCP-2023-042 security bulletin.
Memorystore for Redis Cluster is now Generally Available (GA).
Preview: You can now use Customer-Managed Encryption Keys (CMEK) in Migrate to Virtual Machines to do the following:
Vertex AI Search: Additional languages supported
Extractive answers are now supported in the following languages:
- Arabic
- Chinese (Simplified)
- Japanese
See Languages.
November 13, 2023
Anthos Config ManagementPolicy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: a1f01f4 ).
Policy Controller bundles have been updated to the following versions: asm-policy-v0.0.1
: 202310.0
, cis-k8s-v1.5.1
: 202310.0
, cost-reliability-v2023
: 202310.0-preview
, nist-sp-800-190
: 202310.0
, nist-sp-800-53-r5
: 202310.0
, nsa-cisa-k8s-v1.2
: 202310.0
, pci-dss-v3.2.1
: 202310.0
, policy-essentials-v2022
: 202310.0
, psp-v2022
: 202310.0
, pss-baseline-v2022
: 202310.0
, pss-restricted-v2022
: 202310.0
. For reference, see Policy Controller bundles overview.
The constraint template library's K8sPSPAllowedUsers
, K8sPSPAllowPrivilegeEscalationContainer
, K8sPSPAutomountServiceAccountTokenPod
, K8sPSPCapabilities
, K8sPSPFlexVolumes
, K8sPSPForbiddenSysctls
, K8sPSPFSGroup
, K8sPSPHostFilesystem
, K8sPSPHostNamespace
, K8sPSPHostNetworkingPorts
, K8sPSPPrivilegedContainer
, K8sPSPProcMount
, K8sPSPReadOnlyRootFilesystem
, K8sPSPSELinuxV2
, K8sPSPVolumeTypes
, and K8sRequiredProbes
no longer raise violations during updates of existing objects for immutable fields.
Updated the Open Telemetry image from 0.86.0 to 0.87.0 to address security vulnerabilities. For more information about these changes, see the full changelog for opentelemetry-collector-contrib.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
- CVE-2023-4147
For more information, see the GCP-2023-042 security bulletin.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigquery
2.34.2 (2023-11-07)
Dependencies
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.32.0 (#2989) (47a61a7)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.36.0 (#2990) (81c0727)
2.34.1 (2023-11-06)
Dependencies
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.19.0 (#2986) (0d400da)
- Update dependency org.checkerframework:checker-compat-qual to v2.5.6 (#2982) (c137f1f)
- Update dependency org.junit.vintage:junit-vintage-engine to v5.10.1 (#2984) (a64b91c)
- Update github/codeql-action action to v2.22.5 (#2975) (0b88846)
The following BigQuery ML point-in-time lookup functions are now generally available (GA). These functions let you specify a point-in-time cutoff when retrieving features for training a model or running inference, in order to avoid data leakage.
- Use the
ML.FEATURES_AT_TIME
function to use the same point-in-time cutoff for all entities when retrieving features. - Use the
ML.ENTITY_FEATURES_AT_TIME
function to retrieve features from multiple points in time for multiple entities.
The following AI features in BigQuery are now in preview:
The ability to process documents from BigQuery object tables by doing the following:
- Creating a remote model based on the Document AI API, including specifying a document processor to use.
- Using the
ML.PROCESS_DOCUMENT
function with a Document AI-based remote model to process the documents.
Try this feature with the Process documents with theML.PROCESS_DOCUMENT
function how-to.
The ability to transcribe audio files from BigQuery object tables by doing the following:
- Creating a remote model based on the Speech-to-Text API, including specifying a speech recognizer to use.
- Using the
ML.TRANSCRIBE
function with a Speech-to-Text-based remote model to transcribe the audio files.
Try this feature with the Transcribe audio files with theML.TRANSCRIBE
function how-to.
A weekly digest of client library updates from across the Cloud SDK.
A weekly digest of client library updates from across the Cloud SDK.
A new query interface for creating charts is now in Public Preview. The new interface provides a style update and simplifies building a query by automatically configuring your aggregation settings. For more information, see Create charts with Metrics Explorer.
Deploying sidecar containers to your Cloud Run service is now at general availability (GA). Console UI and CLI are also now available for this feature.
Managed autoscaler for compute capacity on Cloud Spanner instances is now in preview. With managed autoscaler, Spanner automatically increases or decreases compute capacity on the instance in response to changing workload or storage needs and user defined goals. For more information, see Managed autoscaler.
Cloud TPU now supports TensorFlow 2.15.0, which adds support for PJRT. For more information see the TensorFlow 2.15.0 release notes.
Preview: When creating or modifying an on-demand reservation, you can configure reservations to be automatically deleted at a specific date and time. Automatically deleting reservations makes it easier to prevent charges from unused reservations when you no longer need them.
For more information, see the documentation for creating on-demand reservations.
The Cloud Spanner to Vertex AI Vector Search template is generally available (GA).
Dataflow jobs now scale to 4,000 worker VMs.
Designing networks for migrating enterprise workloads: Adds Cross-Cloud Interconnect functionality and updates Private Service Connect information.
Cloud Deploy now supports delivery pipeline automation, including automated release promotion and automated rollout phase advancement, in preview.
Google Cloud's Agent for SAP version 2.7
Version 2.7 of Google Cloud's Agent for SAP is generally available (GA). This version fixes the handling of SAP HANA database passwords that contain special characters, and introduces Process Monitoring metrics related to TCP network.
For more information, see What's new with Google Cloud's Agent for SAP.
Numerical filtering available in Vertex AI Vector Search
With Vector Search you can restrict results by "filtering" your index results. In addition to filtering by using categorical restrictions, you can now use numeric filtering. To learn more, see Filter vector matches.
reCAPTCHA Enterprise Mobile SDK v18.4.0 is now available for iOS.
This version contains the following changes:
- Internal networking improvements.
- Sample codes for the iOS SDK and visual reCAPTCHA in GitHub.
- The
-ObjC
flag is not required when integrating with reCAPTCHA Enterprise on iOS.
November 10, 2023
Apigee Integrated PortalOn November 10, 2023 we released an updated version of Apigee integrated portal.
This release includes the public preview of integrated portal APIs which allow you to manage your integrated portal APIs and reference documentation using API calls.
The catalog items list view now uses pagination when making requests to the portals service, examples have been added to Publishing your APIs, and new reference documentation is available:
As of November 10, 2023, Configurable API Proxies (preview) is no longer available. For more information, see Configurable API Proxies (preview) deprecation.
On November 10, 2023 we released an updated version of Apigee.
Apigee is now available in a new region: Middle East - Dammam (me-central2
).
See Apigee locations for more information about available regions.
Database Migration Service now supports data cache in Cloud SQL for PostgreSQL Enterprise Plus edition instance creation.
You can enable data cache in the destination database when you create a migration job. To learn more about data cache in Cloud SQL for PostgreSQL, see Data cache overview.
You can now load saved queries in the Log Analytics page by using the Load button. The Load button lets you edit the query in the Query pane before running the query.
You can now upgrade Enterprise edition instances to Enterprise Plus edition in place with minimal disruption. Similarly, you can also switch from Enterprise Plus edition to Enterprise edition in place. For more information, see Upgrade an instance by using in-place upgrade.
You can now upgrade Enterprise edition instances to Enterprise Plus edition in place with minimal disruption. Similarly, you can also switch from Enterprise Plus edition to Enterprise edition in place. For more information, see Upgrade an instance by using in-place upgrade.
Cloud Spanner now supports batch-oriented scans. For certain queries, Spanner chooses a batch-oriented processing mode to help improve scan throughput and performance. For more information, see Optimize scans.
Preview: In a managed instance group (MIG), you can turn off repairs to inspect failed and unhealthy VMs, to implement your own repair logic, or to monitor the application health without triggering repairs by MIG. For more information, see Turn off repairs in a MIG.
Announcing the General Availability (GA) release of Dataproc Jupyter Plugin and its availability in Vertex AI Workbench instance notebooks.
New Dataproc on Compute Engine subminor image versions:
- 2.0.83-debian10, 2.0.83-rocky8, 2.0.83-ubuntu18
- 2.1.31-debian11, 2.1.31-rocky8, 2.1.31-ubuntu20, 2.1.31-ubuntu20-arm
You can now stream the following large object data types for Oracle sources:
BLOB
CLOB
NCLOB
Support for Firestore point-in-time recovery (PITR) feature that provides protection against accidental deletion or writes is now generally available (GA).
Support for Firestore in Datastore mode point-in-time recovery (PITR) feature that provides protection against accidental deletion or writes is now generally available (GA).
A vulnerability (CVE-2023-4004) has been discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. GKE clusters are impacted. For more information, see the GCP-2023-041 security bulletin.
The Observability tab for a GKE deployment now shows application performance metrics if the metrics are available. The supported metric sources include Istio, GKE Ingress, NGINX Ingress and gRPC, and HTTP metrics collected by using Google Managed Service for Prometheus. For more information, see Use application performance metrics.
Policy Controller integration now in Preview
The integration of Policy Controller for Kubernetes clusters with Security Command Center is released to Preview. Violation alerts from Policy Controller now appear in Security Command Center as misconfiguration findings.
For more information, see Policy Controller.
Generative AI on Vertex AI
Security controls are available for additional Generative AI on Vertex AI features.
November 09, 2023
Chronicle SOARRelease 6.2.39 - Preview
Dynamic mode instance support
When a playbook is built for more than one environment, you need to use dynamic mode which picks the relevant instance configuration from the target environment. When using dynamic mode within environments that contain multiple instances, the playbook needs to stop and wait for the analyst to pick the right instance by the context of the alert.
In this release, we have added a new option to the playbook designer, such that the analyst can specify an instance for the dynamic mode to use within the target environment by entering a name or a pattern in a new Specify Instance Name field.
For more information, see Specify instance in dynamic mode. This feature is in Preview.
Jobs enhancement
The Jobs page in the platform has been enhanced to provide more information at a glance for the security analyst. The following is a list of the added features:
- Filter jobs according to success or failure.
- Click View Details to open a side bar with full details.
- Export the log details in raw text format.
- View all job iterations with extra pagination support.
This feature is in Preview.
Update SiemplifyUtils to support Python 3 (ID #45825896).
This feature is in Preview
Incorrect playbook is attached to alert when using trigger Product Name when alerts are grouped (ID #47362407).
This bug fix is in Preview.
Issues with remote agent connected to remote connector in a shared instance configuration.
This bug fix is in Preview.
SDK function result.add_html which generates HTML reports within a case ends up generating blank text (ID #47721779).
This bug fix is in Preview
The following changes were made to the COUNTRY_DEMOGRAPHIC
infoType detector:
- The sensitivity score was changed from
HIGH
toMODERATE
. - The type category was changed from
PII
toDEMOGRAPHIC
.
You can now display events, such as the crash of a GKE pod, on your dashboards. This feature is in Public Preview.
- For a list of supported events, see Events overview.
- For information about enabling events, see Show events on a dashboard.
Data cache is now available for Cloud SQL for PostgreSQL Enterprise Plus edition instances.
cos-105-17412-226-34
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v23.0.3 | v1.7.7 | v470.199.02(default),v535.104.12(latest) |
Sync TCPX changes to commit 2e6e06f61bdb
Update dev-lang/go to 1.20.10. This resolves CVE-2023-44487, CVE-2023-39325.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
You can now recover a permanently failed stream. For more information, see Recover a stream.
You can now start a stream from a specific binary log position for MySQL sources using the Datastream API. For more information, see Start a stream from a specific binary log position.
(2023-R23) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane and node versions are now available:
- The following control plane versions are no longer available:
- 1.24.14-gke.2700
- 1.27.6-gke.1506000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.15-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.15-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.6-gke.1700 with this release.
Stable channel
- Version 1.24.14-gke.2700 is no longer available in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to 1.24.15-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to 1.24.15-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to 1.26.5-gke.2700 with this release.
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.24.15-gke.1700
- 1.25.11-gke.1700
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to 1.24.16-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to 1.25.12-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to 1.25.12-gke.500 with this release.
Rapid channel
- Version 1.27.5-gke.200 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.12-gke.500
- 1.26.7-gke.500
- 1.27.6-gke.1506000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.24.17-gke.2198000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to 1.25.15-gke.1033000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to 1.26.10-gke.1024000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to 1.27.4-gke.900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to 1.28.3-gke.1090000 with this release.
(2023-R23) Version updates
- The following control plane and node versions are now available:
- The following control plane versions are no longer available:
- 1.24.14-gke.2700
- 1.27.6-gke.1506000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.15-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.15-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.6-gke.1700 with this release.
(2023-R23) Version updates
- Version 1.24.14-gke.2700 is no longer available in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to 1.24.15-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to 1.24.15-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to 1.26.5-gke.2700 with this release.
(2023-R23) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.24.15-gke.1700
- 1.25.11-gke.1700
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to 1.24.16-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to 1.25.12-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to 1.25.12-gke.500 with this release.
(2023-R23) Version updates
- Version 1.27.5-gke.200 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.12-gke.500
- 1.26.7-gke.500
- 1.27.6-gke.1506000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.24.17-gke.2198000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to 1.25.15-gke.1033000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to 1.26.10-gke.1024000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to 1.27.4-gke.900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to 1.28.3-gke.1090000 with this release.
GKE Infrastructure Dashboards and Metrics Packages are now generally available for both GKE Autopilot and Standard clusters with control plane version 1.27.2-gke.1200 and later.
You can now configure your Autopilot or Standard clusters to export a predefined list of metrics emitted by GKE managed kube-state-metrics (KSM) for workloads state and persistent storage. The component will run in the GKE system namespace "gke-managed-cim" to collect the metrics using Google Cloud Managed Service for Prometheus and send them to Cloud Monitoring. You can view the metrics in the new Persistent and Workloads State dashboards in the Observability tab.
Looker (Google Cloud core) now supports the following regions:
- asia-east2 - Hong Kong
- asia-northeast2 - Osaka
- asia-northeast3 - Seoul
- europe-southwest1 - Madrid
- europe-west6 - Zurich
- europe-west8 - Milan
- europe-west9 - Paris
- northamerica-northeast2 - Toronto
- southamerica-east1 - São Paulo
- us-west2 - Los Angeles
Vertex AI Search: New model for search summarization
A better model for generating search summaries has been launched. This underlying model improves the quality of search summaries and their grounding in the provided document corpus. You might see some differences in summary output after this update.
For more information about search summaries, see Get search summaries.
Vertex AI Search: Confidence scores are changed to relevance scores (Preview with allowlist)
Confidence scores are renamed to relevance scores. Scores are returned in the relevanceScore
field. Previously, they were returned in the confidenceScore
field.
This feature is in preview with allowlist. For more information about relevance scores, see Get snippets and extracted content.
November 08, 2023
AlloyDB for PostgreSQLThe extension pgvector
is updated to version 0.5.0.
The extension oracle_fdw
is added to the extensions supported by AlloyDB. The extension provides a foreign data wrapper for accessing Oracle databases.
A vulnerability (CVE-2023-4004) has been discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. For more information, see the GCP-2023-041 security bulletin.
A vulnerability (CVE-2023-4004) has been discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. For more information, see the GCP-2023-041 security bulletin.
A vulnerability (CVE-2023-4004) has been discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. For more information, see the GCP-2023-041 security bulletin.
On November 8, 2023 we released an updated version of Apigee integrated portal.
Bug ID | Description |
---|---|
305287906 | Fixed links to an API product from the API details, User account details, or Team details page in the Apigee UI. |
307600672 | Fixed issue where the name of the documentation was not populated in the Documentation column on the Apigee UI, API catalog page. |
307599975 | Improved pagination through large API catalogs on the Apigee UI, API catalog page. |
You might experience latency when listing jobs in projects that contain more than 10,000 jobs. For more information, see Known issues.
Documentation has been added to explain how to configure jobs to send status notifications using Pub/Sub and how to query those notifications using BigQuery.
For more information, see the following pages:
To configure your project to support status notifications, see Monitor job status using Pub/Sub notifications and BigQuery.
To configure a job to send status notifications, see Create and run a job that sends Pub/Sub status notifications.
Detection Engine has added support for rule statuses for Chronicle YARA-L rules running on live data. In addition to being in Enabled or Disabled state, rules can also have Limited or Paused status depending on their resource usage.
Cloud Bigtable app profiles now let you configure request priorities to prioritize certain workload data requests over others. This feature is available in Preview.
Cloud Functions now supports on-deployment security updates (1st gen and 2nd gen) and fully automatic security updates (1st gen only). For details, see Execution environment security.
Observability for Google Kubernetes Engine: The curated set of kube state metrics is now Generally Available. You can enable this package of metrics from the Observability tab for your GKE cluster and preview the available charts and metrics before you enable the metrics. For more information, see Package: Kube state metrics.
Setting custom audiences on your Cloud Run services is now at general availability (GA).
Confidential Space. Support for VPC Service Controls is released to Preview.
You can now protect Confidential Space using VPC Service Controls perimeters. For more information, see VPC Service Controls supported products.
Announcing the release of Workflow Template CMEK (Customer Managed Encryption Key) encryption. Use this feature to apply CMEK encryption to workflow template job arguments. For example, when this feature is enabled, the query string of a workflow template SparkSQL job is encrypted using CMEK.
You can now use Dataproc Serverless autoscaling V2 to help you manage Dataproc Serverless workloads, improve workload performance, and save costs.
Configuring Google Cloud operations suite alerts is now supported in the Cloud Deploy console.
New inference-focused Cloud Tensor Processing Unit (TPU) v5e machine types are available in GKE. These single-host TPU VMs are designed for inference workloads and contain one, four, or eight TPU v5e chips. These three new TPU v5e machine types (ct5l-hightpu-1t
, ct5l-hightpu-4t
, and ct5l-hightpu-8t
) are currently available in the us-central1-a
and europe-west4-b
zones.
Cloud Tensor Processing Unit (TPU) v5e is generally available in clusters running GKE version 1.27.2-gke.2100 and later.
TPU v5e is purpose-built to bring the cost-efficiency and performance required for medium- and large-scale training and inference. TPU v5e delivers up to 2x higher training performance per dollar and up to 2.5x inference performance per dollar for LLMs and gen AI models compared to Cloud TPU v4. At less than half the cost of TPU v4, TPU v5e makes it possible for more organizations to train and deploy larger, more complex AI models.
Looker 23.20 includes the following changes, features, and fixes.
Expected Looker (original) deployment start: Monday, November 13, 2023
Expected Looker (original) final deployment and download available: Thursday, November 30, 2023
Expected Looker (Google Cloud core) deployment start: Monday, November 13, 2023
Expected Looker (Google Cloud core) final deployment: Tuesday, December 05, 2023
Drilling on a scatterplot with quadrants and a size-by field shows all data points.
References to history_id
are being replaced with a slug for query event tracking.
The Data history playback feature requires users to have the explore
role permission in order to use it.
The default values have changed for the Persistent Sessions and Inactivity Logout settings. Persistent Sessions is now disabled by default while Inactivity Logout is now enabled by default. You can change these values on the Admin Sessions page. The behavior of these settings will not change for users who have modified the session defaults.
Users can now move dashboard tiles to the left or the right side and also resize them to standard sizes.
Quick Layout for dashboard editors has been added behind the dashboard_layout_accelerator
feature flag, which is set to ON by default for all customers besides core instances.
Malformed type declarations in a dimension_group
no longer crash the LookML validator and now work as expected.
The "Go to LookML" link on the Explore page now works as expected.
Custom filter expressions get pushed down into NDT queries as expected when using bind_all_filters
.
Number filter of type "between" reverted to type "is" when the first number was entered. This issue has been fixed.
The Databricks JDBC driver has been updated from 2.6.27 to 2.6.32.
Previously, resizing Google Maps immediately after loading could produce an error. This issue has been fixed.
An issue with configuring an SMTP server has been fixed, and the fields (Mail Server, From, User Name, Password, Port) have been made mandatory on the UI.
Custom value formats are no longer double escaped in table charts and legacy tables.
Previously, conditional formats such as "[>=1000] $#0.00,k; $#0.00" did not properly format negative numbers in tables and legacy tables. This issue has been fixed.
AND/OR filters no longer highlight required filters in red.
AND/OR filters now improve browser performance by delaying fetching suggestions until the user interacts with the filter.
The Performant Field Picker Labs feature now defaults to a new "Any" search option that searches for matches across views, groups, and fields for Explores with fewer than 5,000 fields.
Connecting VPC networks by using Network Connectivity Center is now generally available.
This feature lets you connect two or more VPC networks, represented as spokes, to a hub in the same or a different project for full mesh connectivity.
Connectivity Tests now supports verifying connectivity between two VPC networks connected by using Network Connectivity Center. For more information, see Create and run Connectivity Tests.
Support for VPC Service Controls released to Preview
You can now protect Security Command Center using VPC Service Controls perimeters. For more information, see VPC Service Controls supported products.
Traffic Director advanced load balancing, which is in Preview, is updated to include failover health threshold configuration.
Preview stage supported for the following integration:
Preview stage supported for the following integration:
November 07, 2023
BigQueryThe batch SQL translator has added enhancements when viewing SQL translation reports. You can now see a log summary of all issues during a translation job, as well as a code tab that displays a side-by-side comparison of your input and output files from a translation. This feature is in preview.
The following resource types are now publicly available through the Search APIs (SearchAllResources, SearchAllIamPolicies):
Observability for Google Kubernetes Engine: The Observability tab for a GKE deployment now shows application performance metrics if the metrics are available. The supported metric sources include Istio, GKE Ingress, NGINX Ingress and gRPC and HTTP metrics collected by using Google Managed Service for Prometheus. For more information, see Use application performance metrics.
Cloud Spanner now supports the Go programming language ORM, GORM, with GoogleSQL-dialect databases. For more information, see Integrate Spanner with GORM (GoogleSQL dialect).
Cloud Workstations is available in the asia-east2
region (Hong Kong, APAC). For more information, see Locations.
Generally available: A replica recovery checkpoint of a regional Persistent Disk volume represents the most recent crash-consistent point in time of the fully replicated disk. For disks that are not fully replicated, you can use the checkpoint to create disk snapshots from an incomplete zonal replica. You can create and use these snapshots to recover disk data in the rare scenario where your synced replica goes down before your incomplete replica catches up.
Learn more about Regional Persistent Disk replica recovery checkpoints and how to use checkpoints to recover a degraded disk.
Release 3.4
All release notes published on this date are part of the 3.4 release.
Campaigns, Do Not Call (DNC) list: You can now create your own Do Not Call (DNC) list for campaign calls. You can enable the Company DNC at Settings > Campaigns > Company Do Not C