The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.
You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
December 04, 2024
Cloud ComposerCloud Composer 2 is now available in Mexico (northamerica-south1).
Cloud SQL for MySQL now supports minor version 8.0.40. To upgrade your existing instance to the new version, see Upgrade the database minor version.
Vertex AI Search: gemini-1.5-flash-002-high-fidelity model (Public preview)
The gemini-1.5-flash-002-high-fidelity
model is available for grounded answer generation with RAG. This model is based on the gemini-1.5-flash-002
model and has been further tuned to address context-based question and answering tasks. This model is suitable for specialized industries, such as financial services, healthcare, and insurance.
This model is available in Public preview.
For more information, see High fidelity models.
December 03, 2024
Cloud ComposerAll Cloud Composer environment's GKE clusters are set up with maintenance exclusions from December 20, 2024 to January 2, 2025. For more information, see Maintenance exclusions.
You can now use the Network Connectivity Center hub to propagate Private Service Connect endpoints of Cloud SQL instances in a VPC network. All endpoints in this network become accessible transitively to other spoke VPC networks through the hub. This feature is available in Preview.
You can now use the Network Connectivity Center hub to propagate Private Service Connect endpoints of Cloud SQL instances in a VPC network. All endpoints in this network become accessible transitively to other spoke VPC networks through the hub. This feature is available in Preview.
You can now use the Network Connectivity Center hub to propagate Private Service Connect endpoints of Cloud SQL instances in a VPC network. All endpoints in this network become accessible transitively to other spoke VPC networks through the hub. This feature is available in Preview.
Generally available: Hyperdisk Balanced High Availability provides cross-zonal, synchronous replication for your disk data, offering the best set of options for RPO, RTO, and performance.
The Identity Platform integration with reCAPTCHA Enterprise API now supports bot protection and SMS toll fraud protection for SMS-based flows on iOS platforms.
Journey Voices now supports the Journey-O speaker for de-de, en-au, en-in, en-gb, es-es, es-us, fr-ca, fr-fr, and it-it.
Vertex AI Search: Index and refresh web pages using sitemap (Public preview)
If advanced website indexing is enabled in your data store, you can submit and use sitemaps and sitemap indexes to index and refresh the web pages in your data store. This feature supports only XML sitemaps and sitemap indexes.
This feature is in public preview and is available through the API. For more information about the feature, see Index and refresh web pages using sitemaps.
December 02, 2024
Backup and DRBackup and DR service added support for immutable and indelible backups with the new backup vault feature. This feature is now generally available.
Backup and DR service added centralized backup management within Google Cloud console, with support for Compute Engine VM backup to backup vaults. This feature is now generally available.
Backup and DR service added integration with the Compute Engine VM creation experience, enabling the application of Backup and DR backup policies when VMs are created. This feature is now generally available.
To create a Bigtable instance, a user or account must be a principal in a role with the permission bigtable.clusters.create
. For more information, see Bigtable access control with IAM.
In GKE version 1.31.1-gke.2105000 or later, you can now configure custom compute classes to consume Compute Engine reservations. Workloads that use those custom compute classes automatically trigger reservation consumption during node creation. This lets you manage reservation consumption more centrally. To learn more, see About custom compute classes.
Spanner Graph is Generally Available (GA). For more information, see Spanner Graph overview.
Spanner Graph supports defining path variables and using path functions. For more information, see Work with paths.
Information about how Spanner Graph supports the ISO international standard query language for graph databases is available. For more information, see Spanner Graph and ISO standards.
Spanner Graph supports vector similarity search to find K-nearest neighbors (KNN) and approximate nearest neighbors (ANN). For more information, see Perform vector similarity search in Spanner Graph.
Full-text search is available in Spanner Graph. For more information, see Use full-text search with Spanner Graph.
Preview: You can consume reservations of VMs that have GPUs attached with your custom training jobs or prediction jobs. Reservations of Compute Engine zonal resources help you gain a high level of assurance that your jobs have the necessary resources to run. For more information, see the following:
December 01, 2024
Google SecOps SOARThe official maintenance window is on Sundays between 11:00 to 15:00 UTC. Note that maintenance does not always necessitate a service outage.
November 29, 2024
SpannerA monthly digest of client library updates from across the Cloud SDK.
Go
Changes for spanner/admin/database/apiv1
1.71.0 (2024-11-01)
Features
- spanner/admin/instance: Add support for Cloud Spanner Default Backup Schedules (706ecb2)
- spanner: Client built in metrics (#10998) (d81a1a7)
Bug Fixes
- spanner/test/opentelemetry/test: Update google.golang.org/api to v0.203.0 (8bb87d5)
- spanner/test/opentelemetry/test: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (2b8ca4b)
- spanner: Attempt latency for streaming call should capture the total latency till decoding of protos (#11039) (255c6bf)
- spanner: Decode PROTO to custom type variant of base type (#11007) (5e363a3)
- spanner: Update google.golang.org/api to v0.203.0 (8bb87d5)
- spanner: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (2b8ca4b)
1.72.0 (2024-11-07)
Features
- spanner/spansql: Add support for protobuf column types & Proto bundles (#10945) (91c6f0f), refs #10944
Bug Fixes
1.73.0 (2024-11-14)
Features
Bug Fixes
Java
Changes for google-cloud-spanner
6.80.1 (2024-10-28)
Dependencies
- Update googleapis/sdk-platform-java action to v2.49.0 (#3430) (beb788c)
- Update sdk platform java dependencies (#3431) (eef03e9)
6.81.0 (2024-11-01)
Features
Dependencies
6.81.1 (2024-11-11)
Bug Fixes
- Client built in metrics. Skip export if instance id is null (#3447) (8b2e5ef)
- spanner: Avoid blocking thread in AsyncResultSet (#3446) (7c82f1c)
Dependencies
- Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.54.0 (#3437) (7e28326)
- Update dependency com.google.cloud:google-cloud-monitoring to v3.54.0 (#3438) (fa18894)
- Update dependency com.google.cloud:google-cloud-trace to v2.53.0 (#3440) (314eeb8)
- Update dependency io.opentelemetry:opentelemetry-bom to v1.44.1 (#3452) (6518eea)
- Update opentelemetry.version to v1.44.1 (#3451) (d9b0271)
Documentation
6.81.2 (2024-11-20)
Bug Fixes
Dependencies
- Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.55.0 (#3482) (bf350b0)
- Update dependency com.google.api.grpc:proto-google-cloud-trace-v1 to v2.53.0 (#3454) (8729b30)
- Update dependency com.google.cloud:google-cloud-trace to v2.53.0 (#3464) (a507e4c)
- Update dependency com.google.cloud:google-cloud-trace to v2.54.0 (#3488) (1d1fecf)
- Update googleapis/sdk-platform-java action to v2.50.0 (#3475) (e992f18)
- Update sdk platform java dependencies (#3476) (acb6446)
Node.js
Changes for @google-cloud/spanner
7.15.0 (2024-10-30)
Features
- (observability, samples): add tracing end-to-end sample (#2130) (66d99e8)
- (observability) add spans for BatchTransaction and Table (#2115) (d51aae9), closes #2114
- (observability) Add support for OpenTelemetry traces and allow observability options to be passed. (#2131) (5237e11), closes #2079
- (observability) propagate database name for every span generated to aid in quick debugging (#2155) (0342e74)
- (observability) trace Database.batchCreateSessions + SessionPool.createSessions (#2145) (f489c94)
- (observability): trace Database.runPartitionedUpdate (#2176) (701e226), closes #2079
- (observability): trace Database.runTransactionAsync (#2167) (d0fe178), closes #207
- Allow multiple KMS keys to create CMEK database/backup (#2099) (51bc8a7)
- observability: Fix bugs found from product review + negative cases (#2158) (cbc86fa)
- observability: Trace Database methods (#2119) (1f06871), closes #2114
- observability: Trace Database.batchWriteAtLeastOnce (#2157) (2a19ef1), closes #2079
- observability: Trace Transaction (#2122) (a464bdb), closes #2114
Bug Fixes
- Exact staleness timebound (#2143) (f01516e), closes #2129
- GetMetadata for Session (#2124) (2fd63ac), closes #2123
7.16.0 (2024-11-09)
Features
Bug Fixes
Python
Changes for google-cloud-spanner
3.50.0 (2024-11-11)
Features
- spanner: Add support for Cloud Spanner Default Backup Schedules (45d4517)
Bug Fixes
- Add PROTO in streaming chunks (#1213) (43c190b)
- Pass through route-to-leader option in dbapi (#1223) (ec6c204)
- Pin
nox
version inrequirements.in
for devcontainer. (#1215) (41604fe)
Documentation
- Allow multiple KMS keys to create CMEK database/backup (68551c2)
3.50.1 (2024-11-14)
Bug Fixes
November 27, 2024
Cloud ComposerIn December 2024, Google will remove the following previously deprecated Airflow operators from the apache-airflow-providers-google
package.
The new version of this package will be included in one of the future releases of Cloud Composer and the change will be announced in the Release Notes. After this change, it will not be possible to use these operators in your DAGs.
Make sure that you use up-to-date alternatives of the removed operators instead. For more information about removed and deprecated Airflow operators and their up-to-date alternatives, see Deprecated and removed Airflow operators.
Operators that will be removed in December 2024: DataPipelineHook, CreateDataPipelineOperator, RunDataPipelineOperator, AutoMLDatasetLink, AutoMLDatasetListLink, AutoMLModelLink, AutoMLModelTrainLink, AutoMLModelPredictLink.
The Snowflake plugin version 1.1.4 is available in Cloud Data Fusion version 6.8.0 and later. This release includes the following changes (PLUGIN-1816):
- Fixed an issue in the Snowflake source causing pipelines to fail if fields contained decimals.
- Fixed an issue in the Snowflake source causing pipelines to fail if data contained a backslash (
\
). You can set a new escape character using thecdap.snowflake.source.escape
runtime argument.
The Cloud SQL MySQL plugins version 1.11.5 is available in Cloud Data Fusion versions 6.10.0 and later. This release fixes an issue in the Cloud SQL MySQL sink causing pipelines to fail when the schema contains a MySQL reserved word (PLUGIN-1017).
You can now create instances with both private services access and Private Service Connect enabled for them. You can also enable Private Service Connect for existing private services access instances. This feature is available in Preview. For more information, see Configure both private services access and Private Service Connect.
You can now create instances with both private services access and Private Service Connect enabled for them. You can also enable Private Service Connect for existing private services access instances. This feature is available in Preview. For more information, see Configure both private services access and Private Service Connect.
You can now create instances with both private services access and Private Service Connect enabled for them. You can also enable Private Service Connect for existing private services access instances. This feature is available in Preview. For more information, see Configure both private services access and Private Service Connect.
Cloud TPU Trillium (v6e) machine types are now in public preview for Autopilot clusters running version 1.31.2-gke.1384000 or later. These TPUs are available in the following zones: us-east5-b
, europe-west4-a
, us-east1-d
, asia-northeast1-b
, and us-south1-a
. To learn more, see Plan TPUs in GKE.
(2024-R46) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- The following versions are now available in the Rapid channel:
Regular channel
There are no new releases in the Regular channel.
Stable channel
There are no new releases in the Stable channel.
Extended channel
- Version 1.27.16-gke.2019000 is now available in the Extended channel.
No channel
- The following versions are now available:
- The following node versions are now available:
(2024-R46) Version updates
- The following versions are now available in the Rapid channel:
(2024-R46) Version updates
There are no new releases in the Regular channel.
(2024-R46) Version updates
There are no new releases in the Stable channel.
(2024-R46) Version updates
- Version 1.27.16-gke.2019000 is now available in the Extended channel.
(2024-R46) Version updates
- The following versions are now available:
- The following node versions are now available:
November 26, 2024
Compute EngineTo learn more, see Monitor disk health.
Cluster autoscaler and node auto-provisioning support the C4 machine family in GKE version 1.28.15-gke.1159000, 1.29.10-gke.1227000 or later.
Vertex AI Search: Check ingested data quality for media recommendations (GA)
You can check the quality of your ingested data for media recommendations through the Google Cloud console. These checks are not blocking but can suggest ways that your data can be improved. This feature is Generally available (GA).
Previously, this check was only available through API method calls.
For more information, see Check data quality for media recommendations.
November 25, 2024
Anti Money Laundering AIA new major engine version is available for Retail and Commercial lines of business, within the v4 tuning version. This includes technical improvements and simplifications for tuning and training.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigquery
2.44.0 (2024-11-17)
Features
Bug Fixes
- Update experimental methods documentation to @internalapi (#3552) (20826f1)
Dependencies
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.55.0 (#3559) (950ad0c)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20241027-2.0.0 (#3568) (b5ccfcc)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.59.0 (#3561) (1bd24a1)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.40.0 (#3576) (d5fa951)
- Update github/codeql-action action to v2.27.1 (#3567) (e154ee3)
- Update github/codeql-action action to v2.27.3 (#3569) (3707a40)
- Update github/codeql-action action to v2.27.4 (#3572) (2c7b4f7)
Documentation
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.48.0 (2024-11-19)
Features
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (6b35b47)
- Make client side metrics tag in sync with server (#2401) (bba4183)
Dependencies
The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).
- Conversational Insights
contactcenterinsights.googleapis.com/IssueModel
contactcenterinsights.googleapis.com/PhraseMatcher
contactcenterinsights.googleapis.com/View
- Google Kubernetes Engine
admissionregistration.k8s.io/MutatingWebhookConfiguration
apps.k8s.io/DaemonSet
apps.k8s.io/StatefulSet
batch.k8s.io/CronJob
k8s.io/PersistentVolume
k8s.io/PersistentVolumeClaim
k8s.io/PodTemplate
k8s.io/ReplicationController
k8s.io/ResourceQuota
policy.k8s.io/PodDisruptionBudget
storage.k8s.io/StorageClass
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.20.7 (2024-11-18)
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.49.0 (a1ec68d)
- deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (afcf63c)
- Fixed outdated link to X-Cloud-Trace-Context header description (#1713) (d474313)
Dependencies
You can now set a task timeout up to 168 hours (7 days) for Cloud Run jobs. (Preview)
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-storage
2.45.0 (2024-11-18)
Features
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.49.0 (aef367d)
- deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (281cccb)
- Set default values for monitored resource (#2809) (27829a4)
Dependencies
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-datastore
2.24.3 (2024-11-18)
Dependencies
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.134.2 (2024-11-18)
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.49.0 (77546e0)
- deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (3f21af3)
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.43.3 (#2256) (f7fbc6c)
- Update dependency com.google.cloud:google-cloud-core to v2.47.0 (#2249) (3df5729)
- Update dependency com.google.cloud:google-cloud-storage to v2.44.1 (#2240) (f8dae4d)
- Update googleapis/sdk-platform-java action to v2.50.0 (#2261) (d0aab7d)
- Update sdk platform java dependencies (#2262) (b689fe2)
The PHONE_NUMBER
infoType functionality that was previously only available by setting InfoType.version
to latest
or stable
is now also used when InfoType.version
is set to legacy
. The new model includes US_TOLLFREE_PHONE_NUMBER
findings as type PHONE_NUMBER
in the scan results.
The old detection model that was previously available by setting InfoType.version
to legacy
is no longer available.
Default backup schedules are now available and automatically enabled for all new instances. You can enable or disable default backup schedules in an instance when creating the instance or by editing the instance later. You can also enable default backup schedules for new databases in existing instances. You can edit or delete the default backup schedule once it's created.
When enabled, Spanner creates a default backup schedule for every new database created in the instance. The default backup schedule creates a full backup every 24 hours. These backups have a retention period of 7 days.
For more information, see Default backup schedules.
November 24, 2024
Google SecOpsNew options for closing a case
New custom field options have been added to the admin settings close case page. Using these fields, you can ask the analyst to enter different types of information when closing a case.
For more information, refer to Customize the Close Case dialog.
Release 6.3.26 is currently in Preview.
New options for closing a case
New custom field options have been added to the admin settings close case page. Using these fields, you can ask the analyst to enter different types of information when closing a case.
For more information, refer to Customize the Close Case dialog
November 22, 2024
Anthos Attached ClustersGKE attached clusters now supports clusters in the us-central1
region. For more information, see:
On November 22, 2024, we released an updated version of the Apigee UI.
This release includes an improved Apps page for Apigee API Management in the Google Cloud console, making it easier to manage API products that are assigned to app credentials.
With this release:
- Products can be added to an app from a single multi-select list box.
- Products can be approved, revoked, and removed from a credential by selecting products in the credential product table and using one of the available action buttons.
- Clicking the Add Credential button adds an empty credential to the list.
- Credential approval and expiry configuration fields are located in the credential card.
- A warning appears to users if they attempt to leave the Apps page when un-saved changes are present.
Bug ID | Description |
---|---|
357165778 | Refactored app credential management experience Resolved issue causing the Apps page in the Apigee UI in Cloud console to crash when working with apps that have a large amount of products assigned to app credentials. |
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Infrastructure Manager
You can now use Active Assist to provide recommendations and insights that improve the reliability of your databases. This feature is generally available (GA).
For more information, see Reliability recommender.
You can now use Active Assist to provide recommendations and insights that improve the reliability of your databases. This feature is generally available (GA).
For more information, see Reliability recommender.
Google Distributed Cloud (software only) for VMware 1.30.300-gke.84 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.300-gke.84 runs on Kubernetes v1.30.5-gke.600.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
The following issues are fixed in 1.30.300-gke.84:
- Fixed the issue that additional manual steps are needed after disabling always-on secrets encryption with
gkectl update cluster
. - Fixed the known issue that caused
gkectl
to display false warnings on admin cluster version skew.
The following vulnerabilities are fixed in 1.30.300-gke.84:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
Release 1.30.300-gke.84
Google Distributed Cloud for bare metal 1.30.300-gke.84 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.300-gke.84 runs on Kubernetes 1.30.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Fixes:
Fixed an issue where the control plane VIP might become unavailable because Keepalived didn't check correctly that the VIP is on a node with a responsive HAProxy.
Fixed an issue where the registry mirror reachability check fails for a single unreachable registry mirror. Now the reachability check applies to configured registry mirrors only, instead of all registry mirrors.
The following container image security vulnerabilities have been fixed in 1.30.300-gke.84:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
Cloud TTS Journey voices have been updated to improve the accuracy of generated speech. This means you should notice fewer instances of dropped words.
November 21, 2024
Agent AssistSummarization with custom sections V3.1 is generally available. V3.1 provides the following improvements on V3.0:
- Higher quality summarizations
- Improved latency
You can set up AlloyDB clusters using a copy of your Cloud SQL for PostgreSQL backup. This feature is in Preview. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.
Model endpoint management is generally available (GA) for both AlloyDB and AlloyDB Omni. You can use sample templates to register model endpoints. For more information, see Register and call remote AI models in AlloyDB or Register and call remote AI models in AlloyDB Omni.
This release fixes an issue with OnVault pool jobs leaving behind inactive cloudbacker mountpoints. It does this by retrying the unmount process a set number of times, including forced unmounts. Due to the increased number of retries and the wait time between them, job durations may be slightly longer.
This release deprecates support for ssh-rsa as the ssh Host Key algorithm.
This release fixes the synchronization between database and log backup states. Log backups should not copy the logs to the database staging after the database staging disk is unmounted and the state DBBACKUP_DONE is set.
This release fixes an issue where SAP HANA database and log backup jobs using Persistent Disk snapshots would complete with a warning status due to metadata upload failures to Google Cloud Storage for disaster recovery.
This release removes the 700 thread hard limit and psrv restarts at 800 threads when the psrv is at high usage.
This release fixes the Tomcat vulnerability CVE-2024-38286.
This release fixes the following Kernel vulnerabilities:
CRITICAL Kernel issues: CVE-2023-25775 CVE-2019-15505
MEDIUM Kernel issues CVE-2019-13631 CVE-2020-25656 CVE-2020-26555 CVE-2020-36777 CVE-2021-3753 CVE-2021-46909 CVE-2021-46939 CVE-2021-47171 CVE-2022-38096 CVE-2022-48743 CVE-2023-1192 CVE-2023-4133 CVE-2023-5090 CVE-2023-6121 CVE-2023-6176 CVE-2023-6240 CVE-2023-6622 CVE-2023-6915 CVE-2023-24023 CVE-2023-31083 CVE-2023-37453 CVE-2023-38409 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-39198 CVE-2023-42754 CVE-2023-42755 CVE-2023-45863 CVE-2023-52448 CVE-2023-52463 CVE-2023-52471 CVE-2024-0340 CVE-2024-21140 CVE-2024-21145 CVE-2024-25739 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26586 CVE-2024-26602 CVE-2024-26603 CVE-2024-26901 CVE-2024-26908 CVE-2024-27014 CVE-2024-27019 CVE-2024-36270 CVE-2024-36489 CVE-2024-38598 CVE-2024-39472 CVE-2024-39476
HIGH Kernel issues: CVE-2019-25162 CVE-2021-4204 CVE-2021-33631 CVE-2021-47624 CVE-2022-0500 CVE-2022-3565 CVE-2022-23222 CVE-2022-45884 CVE-2022-45886 CVE-2022-45919 CVE-2022-45934 CVE-2023-2163 CVE-2023-3567 CVE-2023-3812 CVE-2023-4244 CVE-2023-5178 CVE-2023-6546 CVE-2023-6931 CVE-2023-6932 CVE-2023-28464 CVE-2023-51042 CVE-2023-51780 CVE-2023-52340 CVE-2023-52434 CVE-2023-52439 CVE-2023-52445 CVE-2023-52451 CVE-2023-52464 CVE-2023-52469 CVE-2024-0565 CVE-2024-0841 CVE-2024-1086 CVE-2024-21147 CVE-2024-23307 CVE-2024-25744 CVE-2024-26593 CVE-2024-26907 CVE-2024-26933 CVE-2024-26934 CVE-2024-27020 CVE-2024-36971 CVE-2024-36978 CVE-2024-36979 CVE-2024-38538 CVE-2024-38555 CVE-2024-38627 CVE-2024-39487
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, and Feed APIs.
- Apigee API Hub
The HTTP plugin version 1.4.3 is available in Cloud Data Fusion version 6.8.0 and later. This release includes the following changes (PLUGIN-1810):
- In the HTTP streaming source, batch source, and batch sink, a
PATCH
option was added to the HTTP Method field. - Fixed an issue in the HTTP sink causing data loss when a pipeline didn't fail by default when a non-2xx response code was received.
- Fixed an issue in the HTTP source causing a pipeline not to fail when the
get_schema
method was called and a non-2xx response code was received.
You can now set up AlloyDB clusters using a copy of your Cloud SQL for PostgreSQL backup. This feature is in Preview. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.
Mistral Large (24.11) is Generally Available on Vertex AI as a managed model. To learn more, view the Mistral Large (24.11) model card in Model Garden.
The Gen AI evaluation service can now help you evaluate your translation models using MetricX, COMET, and BLEU metrics. To learn more about evaluating your translation models, see Evaluate translation models.
VMware Engine ve1 nodes are now available in the following additional region:
- Dallas, Texas, North America (
us-south1-b
).
Release 1.29.800-gke.111
Google Distributed Cloud for bare metal 1.29.800-gke.111 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.800-gke.111 runs on Kubernetes 1.29.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Functionality changes:
- Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.
Fixes:
- Fixed the issue where non-root users can't run
bmctl restore
to restore quorum.
The following container image security vulnerabilities have been fixed in 1.29.800-gke.111:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
If your GKE cluster was created before version 1.26, you can now migrate it to cgroupv2. This migration enables the use of Pod bursting in Autopilot mode.
Let report viewers see all filters
Report editors can let report viewers see all of the filters applied to a report, including filters that viewers can't edit.
Filter value suggestions
When defining filters on charts, pages, or reports that use Equal to (=) or In conditions, report editors can select from a list of possible filter values that are provided from the underlying data. Filter suggestions are supported for all data connectors and can be disabled during filter creation.
Looker connector filter enhancements
The following features are now available for use with the Looker connector:
- Filter-only fields can be set as a report control and a quick filter.
- Looker Studio displays suggestions for filter values based on the data source's LookML
suggest_dimension
andsuggest_explore
definitions when Equal to (=) and In conditions are used.
Secure Source Manager supports email notifications. For more information, see Notifications overview. To configure notifications, follow the instructions in Set up notifications.
The Sensitive Data Protection discovery service is now included in Security Command Center Enterprise. To enable discovery, see Enable sensitive data discovery in the Enterprise tier.
The Sensitive Data Protection discovery service remains available to Security Command Center Premium and Standard customers as a separately priced feature.
As of November 13, 2024, Security Command Center can produce Cloud Entitlement Infrastructure Management (CIEM) findings for the following identity and access issues in AWS environments:
- Users, groups, or assumed IAM roles that are inactive and have one or more permissions.
- Overly permissive trust policies that are enforced on an AWS IAM role.
- Identities that can move laterally through impersonation.
November 20, 2024
Artifact RegistryArtifact Registry is available in the northamerica-south1
region (Querétaro, Mexico, North America). For more information, see Global locations.
Regional external Application Load Balancers, cross-region internal Application Load Balancers, regional internal Application Load Balancers, regional internal proxy Network Load Balancers, cross-region internal proxy Network Load Balancers, and regional external proxy Network Load Balancers now support IPv4 and IPv6 (dual-stack) backends.
The following backends have dual-stack support:
- VM instance groups
- Zonal NEGs (
GCE_VM_IP_PORT
endpoints)
You can also convert your existing single-stack load balancers from IPv4-only to dual stack (IPv4 and IPv6) deployments.
For details, see the following pages:
- IPv6 overview
- Convert your existing Application Load Balancer to IPv6
- Convert your existing proxy Network Load Balancer to IPv6
This feature is available in General Availability.
You can now authenticate to Cloud SQL Studio by using IAM database authentication.
For more information about authentication in Cloud SQL Studio, see Manage your data using Cloud SQL Studio.
You can now authenticate to Cloud SQL Studio by using IAM database authentication.
For more information about authentication in Cloud SQL Studio, see Manage your data using Cloud SQL Studio.
Dataproc Serverless for Spark: Spark Lineage is available for all supported Dataproc Serverless for Spark runtime versions.
M126 release
- Base CUDA 12.3 container images are now available.
- Base CUDA 12.4 container images are now available.
- PyTorch 2.4.0 with CUDA 12.4 and Python 3.10 container images are now available.
- Upgraded R from 4.4.1 to 4.4.2 for R container images.
M126 release
- CUDA 12.4 VM images are now available.
- PyTorch 2.4.0 with CUDA 12.4 and Python 3.10 VM images are now available.
- Upgraded R from 4.4.1 to 4.4.2 for R VM images.
- One or more supported framework versions have reached their end of patch and support dates. To view end of patch and support dates, see Supported framework versions. To create a VM instance using an image family that has reached its end of patch and support date, you must specify an image from the image family when you create the VM instance. To list images from an image family name after its end of patch and support date, include the
--show-deprecated
flag in yourgcloud compute images list
command, or select Show deprecated images when creating an instance in the Google Cloud console.
You can now automatically promote releases across targets at scheduled times, in preview.
VMware Engine ve2 nodes are now available in the following regions:
- São Paulo, Brazil (
southamerica-east1
) - Santiago, Chile (
southamerica-west1
)
You can now specify a custom resource policy as a compact placement policy with node auto-provisioning in clusters running GKE version 1.31.1-gke.2010000 or later. To learn more, see Use compact placement for node auto-provisioning.
VPC Service Controls feature: VPC Service Controls extends support for etags in the service perimeter resources. For example, you can use the --etag
flag with the gcloud CLI commands such as gcloud access-context-manager perimeters update
and gcloud access-context-manager perimeters describe
. This feature is generally available.
M126 release
The M126 release of Vertex AI Workbench user-managed notebooks includes the following:
- Upgraded JupyterLab to 3.6.8.
- One or more supported framework versions have reached their end of patch and support dates. To view end of patch and support dates, see Supported framework versions. To create an instance using an image family that has reached its end of patch and support date, see Create an instance after end of patch and support date.
The M126 release of Vertex AI Workbench managed notebooks includes the following:
- Upgraded JupyterLab to 3.6.8.
M126 release
The M126 release of Vertex AI Workbench instances includes the following:
- Preview: JupyterLab 4+ is available on new Vertex AI Workbench instances. To try it, select JupyterLab 4 when you create your instance.
- Upgraded JupyterLab to 3.6.8.
November 19, 2024
App Engine flexible environment GoGo 1.23 is now available in preview.
Node.js 22 is now generally available.
Go 1.23 is now available in preview.
Node.js 22 is now generally available.
Artifact Registry now provides the option to enable or disable vulnerability scanning on individual repositories. By giving you more granular control over the number of images scanned, this feature can help you manage scanning costs and reduce noise in vulnerability scanning results.
This feature is Generally Available.
For more information, see Enable or disable automatic scanning.
You can create a search index on columns containing INT64
or TIMESTAMP
data and BigQuery can optimize predicates that use those columns. This feature is generally available (GA).
Percentage-based request mirroring is now supported for the cross-region and regional internal Application Load Balancers. By default, the mirrored backend service receives all requests, even if the
original traffic is being split between multiple weighted backend services. You
can now configure the mirrored backend service to receive only a percentage of the
requests by using the mirrorPercent
flag to specify the percentage of
requests to be mirrored expressed as a value between 0 and 100.0.
For an example, see Set up traffic management for regional internal Application Load Balancers.
This capability is available in Preview.
Support for the Go 1.23 runtime is now in Preview.
Cloud Run functions now supports the Go 1.23 runtime at the Preview release level.
For Cloud SQL Enterprise Plus edition instances, advanced disaster recovery (DR) is now generally available (GA). For more information, see Advanced disaster recovery (DR) and Use advanced disaster recovery (DR).
The write endpoint feature is now available in Preview. This endpoint is a global domain name service (DNS) name. This name resolves to the IP address of the current primary Cloud SQL instance that's enabled with private services access.
By using a write endpoint, you can avoid having to make application connection changes after performing a switchover or replica failover operation to test or mitigate a regional failure. For more information, see Configure private IP.
For Cloud SQL Enterprise Plus edition instances, you can now use advanced disaster recovery (DR) to simplify recovery and fallback processes after you perform a cross-regional failover. With advanced DR, you can:
- Designate a cross-region disaster recovery (DR) replica
- Perform a cross-region replica failover for disaster recovery
- Restore your original deployment by using zero-data loss switchover
You can also use switchover to simulate disaster recovery without data loss. You can use advanced DR on Cloud SQL for PostgreSQL version 12, 13, 14, 15, or 16.
For more information, see Advanced disaster recovery (DR) and Use advanced disaster recovery (DR). This feature is generally available (GA).
The write endpoint feature is now available in Preview. This endpoint is a global domain name service (DNS) name. This name resolves to the IP address of the current primary Cloud SQL instance that's enabled with private services access.
By using a write endpoint, you can avoid having to make application connection changes after performing a switchover or replica failover operation to test or mitigate a regional failure. For more information, see Configure private IP.
The rollout of managed Cloud Service Mesh version 1.19 to all channels has completed.
The documentation has been updated to clarify that future reservation requests don't support E2 machine types. To reserve VMs that use E2 machine types, use on-demand reservations instead.
For more information, see Restrictions on creation.
(New guide) Cross-Cloud Network inter-VPC connectivity using VPC Network Peering: Describes how to configure hub-and-spoke Cross-Cloud Network using VPC Network Peering.
(New guide) Deploy and operate generative AI applications: Describes how you can adapt DevOps and MLOps processes to develop, deploy, and operate generative AI applications on existing foundation models.
(2024-R45) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- The following versions are now available in the Rapid channel:
Regular channel
There are no new releases in the Regular channel.
Stable channel
There are no new releases in the Stable channel.
Extended channel
- Version 1.27.16-gke.1836000 is now available in the Extended channel.
No channel
- The following versions are now available:
- The following node versions are now available:
(2024-R45) Version updates
- The following versions are now available in the Rapid channel:
(2024-R45) Version updates
There are no new releases in the Regular channel.
(2024-R45) Version updates
There are no new releases in the Stable channel.
(2024-R45) Version updates
- Version 1.27.16-gke.1836000 is now available in the Extended channel.
(2024-R45) Version updates
- The following versions are now available:
- The following node versions are now available:
GKE version 1.31 introduces increased scalability, allowing users to create clusters with up to 65,000 nodes. For clusters exceeding 5,000 nodes, a quota increase is required. Contact Google Cloud support to request this increase.
Upgraded server-side dependencies - Tekton Pipelines, ASM
Updated Go version used to build images and CLI tools
Changed version of php-buildpack to address build issue.
Creating custom organization policies with Secret Manager resources is now in General Availability (GA). You can use custom organization policies to enhance secret security by enforcing rotation schedules, annotations, and expirations for secrets. You can also use custom organization policies to restrict secret types to manage costs. To learn more about using custom organization policies in Secret Manager, see Use custom organization policies.
The November 4 release note announcing the release of sample discovery findings was published in error. This feature is not available.
Spanner supports the ALL_DIFFERENT
graph predicate in GoogleSQL-dialect databases. You can use this predicate to see if the graph elements in a list are mutually distinct.
November 18, 2024
Access ApprovalAccess Approval now supports Cloud Healthcare API in the Preview stage.
AlloyDB for PostgreSQL is now available in the following region: northamerica-south1
(Mexico). For more information, see AlloyDB Locations.
Two major engine versions within the v4 tuning version are no longer used by customers and are deprecated as of today. We recommend customers use the most recent engine versions instead. Deprecation overrides the support timeline for all minor versions within these major engine versions.
App Hub supports regional infrastructure resources with global applications in Preview.
JavaScript task using Gemini
If your integration flow requires any complex data mapping logic, Gemini can now recommend a JavaScript task. For more information, see Create an integration using Gemini.
You can add a JavaScript task, edit an existing task, or use Gemini to help understand the JavaScript code. For more information, see Configure JavaScript tasks.
The Sovereign Controls for Kingdom of Saudi Arabia control package now supports the following products. See Supported products by control package for more information:
- Sensitive Data Protection
- Google Cloud Armor
- Secret Manager
The Sovereign Controls for EU control package now supports the following products. See Supported products by control package for more information:
- BigQuery Data Transfer Service
- Sensitive Data Protection
- GKE Identity Service
- Google Cloud Armor
- Resource Manager
- Secret Manager
You can now create a Data Boost app profile and view Data Boost metrics in the Google Cloud console. Data Boost for Bigtable is in Preview. For more information, see Create and configure app profiles.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.47.0 (2024-11-13)
Features
- Add an experimental feature to skip waiting for trailers for unary ops (#2404) (cf58f26)
- Add internal "deadline remaining" client side metric #2341 (#2370) (75d4105)
Bug Fixes
Python
Changes for google-cloud-bigtable
2.27.0 (2024-11-12)
Features
- Add support for Cloud Bigtable Node Scaling Factor for CBT Clusters (#1023) (0809c6a)
- Surface
retry
param toTable.read_row
api (#982) (a8286d2)
Bug Fixes
Bigtable is now available in the northamerica-south1
(Mexico) region. For more information, see Bigtable locations.
The Cloud SQL MySQL plugins version 1.11.5 is available in Cloud Data Fusion versions 6.8.0 and later. This release fixes an issue in the Cloud SQL MySQL sink causing pipelines to fail when the schema contains a MySQL reserved word (PLUGIN-1017). This note is incorrect; see entry for November 27, 2024.
The SAP table batch source plugin version 0.11.5 is available in Cloud Data Fusion version 6.8.0 and later. This release fixes an issue causing the following error: Error encountered while configuring the stage: Unable to access Cloud Storage or download JCo libraries from Cloud Storage
.
Database Migration Service now lets you select if a connection profile is for a source or a destination database, based on your migration scenario. Database Migration Service shows configuration options applicable to your choice.
Dedicated Cloud Interconnect support is available in the following colocation facilities:
- Queretaro, Mexico, North America
For more information, see the Locations table and Global Locations.
Cloud KMS is available in the following region:
northamerica-south1
For more information, see Cloud KMS locations.
Support for the Node.js 22 runtime is now in general availability (GA).
Cloud Run functions now supports the Node.js 22 runtime at the General Availability release level.
Support for the northamerica-south1
(Mexico) region.
Cloud SQL now supports near-zero downtime when you enable or disable data cache for Cloud SQL Enterprise Plus edition primary instances. For more information, see Availability in Cloud SQL.
Cloud SQL now supports near-zero downtime for infrequent scale downs (once every three hours) of the compute size (vCPU, memory) of your Cloud SQL Enterprise Plus edition primary instance.
For more information, see Availability in Cloud SQL.
The pgvector
extension is now upgraded from version 0.7.4 to version 0.8.0. Use this extension to store and search for vector embeddings in PostgreSQL databases. For more information, see Configure PostgreSQL extensions.
To use this version of the extension, update your instance to one of the following:
POSTGRES_17_0.R20241011.00_03
(for PostgreSQL instances, version 17)[PostgreSQL version].R20240910.01_17
(for PostgreSQL instances, versions 13 to 16)
For more information, see Self-service maintenance.
Support for the northamerica-south1 (Mexico) region.
Cloud SQL now supports near-zero downtime when you enable or disable data cache for Cloud SQL Enterprise Plus edition primary instances. For more information, see Availability in Cloud SQL.
Cloud SQL now supports near-zero downtime for infrequent scale downs (once every three hours) of the compute size (vCPU, memory) of your Cloud SQL Enterprise Plus edition primary instance.
For more information, see Availability in Cloud SQL.
Support for the northamerica-south1
(Mexico) region.
A weekly digest of client library updates from across the Cloud SDK.
Cloud Storage is now available in Querétaro, Mexico (northamerica-south1
region). For more information, see Cloud Storage regions.
Cloud VPN is now available in region northamerica-south1
(Queretaro, Mexico, North America).
For more information, see Global locations.
Pricing is available on the Cloud VPN pricing page.
The Cloud Workstations base editor (Code OSS) has been upgraded to 1.94.2. The last image that offers the previous version is tagged code-oss-1.89.1
.
Generally available: Queretaro, Mexico, North America (northamerica-south1-a,b,c
) has launched with E2, N4, C4, and C3D VMs available in all three zones. For more information, see Global Locations and VM instance pricing.
cos-117-18613-75-37
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.56 | v24.0.9 | v1.7.23 | See List |
Fixed CVE-2024-50101 in the Linux kernel.
Fixed CVE-2024-50095 in the Linux kernel.
Fixed CVE-2024-50066 in the Linux kernel.
Fixed CVE-2024-50010 in the Linux kernel.
Fixed CVE-2024-50110 in the Linux kernel.
Fixed CVE-2024-50120 in the Linux kernel.
Fixed CVE-2024-50121 in the Linux kernel.
Fixed CVE-2024-50115 in the Linux kernel.
Fixed CVE-2024-50130 in the Linux kernel.
Fixed CVE-2024-50131 in the Linux kernel.
cos-113-18244-236-44
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.23 | See List |
Fixed CVE-2024-49952 in the Linux kernel.
Fixed CVE-2024-50095 in the Linux kernel.
Fixed CVE-2024-49946 in the Linux kernel.
Fixed CVE-2024-50010 in the Linux kernel.
Fixed CVE-2024-50138 in the Linux kernel.
Fixed CVE-2024-49959 in the Linux kernel.
Fixed CVE-2024-49954 in the Linux kernel.
Fixed CVE-2024-50110 in the Linux kernel.
Fixed CVE-2024-50115 in the Linux kernel.
Fixed CVE-2024-50131 in the Linux kernel.
cos-109-17800-372-45
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.23 | See List |
Fixed CVE-2024-45310 in app-containers/runc.
Fixed CVE-2024-50010 in the Linux kernel.
Fixed CVE-2024-49959 in the Linux kernel.
Fixed CVE-2024-49954 in the Linux kernel.
Fixed CVE-2024-50110 in the Linux kernel.
Fixed CVE-2024-50138 in the Linux kernel.
Fixed CVE-2024-50115 in the Linux kernel.
Fixed CVE-2024-50131 in the Linux kernel.
cos-105-17412-495-45
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.167 | v23.0.3 | v1.7.23 | See List |
Fixed CVE-2024-49952 in the Linux kernel.
Fixed CVE-2024-50110 in the Linux kernel.
Fixed CVE-2024-49959 in the Linux kernel.
Fixed CVE-2024-49954 in the Linux kernel.
Fixed CVE-2024-50010 in the Linux kernel.
Fixed CVE-2024-50131 in the Linux kernel.
Fixed CVE-2024-46855 in the Linux kernel.
cos-dev-121-18759-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.61 | v24.0.9 | v2.0.0 | See List |
Updated app-admin/google-guest-configs to v20241112.00.
Updated app-containers/containerd to v2.0.0.
Updated the Linux kernel to v6.6.61.
Upgraded cos-gpu-installer to v2.4.4: Relax precise GPU driver version check to allow version with two numeric segments pass.
Data Catalog is now available in the Mexico (northamerica-south1
) region. For more information, see Global locations and pricing.
Dataflow is available in Queretaro, Mexico (northamerica-south1). Learn more about Google Cloud locations.
Dataproc is now available in the northamerica-south1
region (Queretaro, Mexico).
Filestore is now available in Mexico (northamerica-south1
region).
Firestore now supports the northamerica-south1
Queretaro region.
For a full list of supported locations, see Locations.
Firestore in Datastore mode now supports the northamerica-south1
Queretaro region.
For a full list of supported locations, see Locations.
A weekly digest of client library updates from across the Cloud SDK.
The northamerica-south1
region in Querétaro, Mexico location is now available. For more information, see Global Locations.
Performance horizontal Pod autoscaling (HPA) profile is now available in Preview for new and existing GKE clusters running version 1.31.2-gke.1138000 or later. This feature speeds up HPA reaction time and enables quick recalculation of up to 1,000 HPA objects. To learn more, see Configuring Performance HPA profile.
You can now create a DVR session for a past, current, or future live stream.
Added new Memorystore for Memcached region: Querétaro (northamerica-south1
).
Pub/Sub is now available in the northamerica-south1
region (Querétaro, Mexico, North America). For more information, see Cloud locations.
A weekly digest of client library updates from across the Cloud SDK.
The Sovereign Controls Foundation by CNTXT and Sovereign Controls Advanced by CNTXT control packages now support the following products. See Supported products by control package for more information:
- Google Cloud Armor
- Secret Manager
- Sensitive Data Protection
The following control packages now support the following products. See Supported products by control package for more information:
Control packages:
- Local Controls by S3NS
- Sovereign Controls by PSN
- Sovereign Controls by SIA/Minsait
- Sovereign Controls by T-Systems
New supported products:
- BigQuery Data Transfer Service
- GKE Identity Service
- Google Cloud Armor
- Secret Manager
- Sensitive Data Protection
You can create Spanner regional instance configurations in Querétaro, Mexico (northamerica-south1
). For more information, see Google Cloud locations and Spanner pricing.
For auto mode VPC networks, added a new subnet 10.224.0.0/20
for the Mexico northamerica-south1
region. For more information, see Global Locations and Auto mode IP ranges.
November 17, 2024
Google SecOps SOARRelease 6.3.25 is now in General Availability.
From now on, only new features and changes will be written up for the Release Notes. Please use the customer portal to track progress of your support tickets or reach out to Customer Support for more information.
Secret Manager is now available in the following region:
- northamerica-south1
For more information, see Secret Manager locations.
November 15, 2024
AlloyDB for PostgreSQLAlloyDB free trial clusters are now available in all regions. For more information, see the AlloyDB free trial clusters overview.
The extension vector
, which includes pgvector
functions and operators, is updated to version 0.7.4.
On November 15, 2024, we released an updated version of the Apigee UI.
Bug ID | Description |
---|---|
376257906 | Fixed issue with custom report editing Resolved issue where customer reports without properties that were created using the API could not be rendered with the Edit option. |
The CJIS control package now supports the following products. See Supported products by control package for more information:
- Access Context Manager
- Apigee
- Cloud Build
- Cloud EKM
- Cloud Interconnect
- Cloud NAT
- Cloud Router
- Cloud Service Mesh
- Cloud VPN
- Resource Manager
- Firestore
- Identity-Aware Proxy (IAP)
- Memorystore for Redis
- Sensitive Data Protection
Backup for GKE now supports backing up and restoring Hyperdisk throughput, extreme, and balanced types volumes.
Preview: You can view and export historical utilization of on-demand and future reservations in your project, folder, or organization. This data helps you analyze usage trends for your VMs or GPUs, as well as plan for future capacity needs. For more information, see the following:
asia-south1
(Mumbai, India) is now subject to Tier 1 pricing
You can now register an AI model endpoint, generate vector embeddings, and invoke predictions by using model endpoint management in Cloud SQL. For more information, see Register and call remote AI models in Cloud SQL overview.
You can now use the x-amz-decoded-content-length
header to allow an XML API upload that uses chunked transfer encoding to include a signature in its Authorization
header.
Manage security postures using the Google Cloud console is generally available.
You can now create, deploy, update, and delete security postures using the Google Cloud console. For more information, see Manage a security posture.
Sensitive data discovery is now included in Security Command Center Enterprise. To enable discovery in the Security Command Center Enterprise tier, see Enable sensitive data discovery in the Enterprise tier in the Security Command Center documentation.
The Sensitive Data Protection discovery service remains available to Security Command Center Premium and Standard customers as a separately priced feature. For more information, see Publish data profiles to Security Command Center.
VPC Service Controls feature (Status: Preview): VPC Service Controls adds support for using groups of third-party identities in ingress and egress rules to allow access to resources protected by service perimeters. This feature is available in Preview.
For more information, see Configure identity groups and third-party identities in ingress and egress rules.
November 14, 2024
Apigee Advanced API SecurityOn November 14, 2024 we released a new version of Advanced API Security
IP address drill down details are now available in the preview release of Advanced API Security Abuse Detection Incidents.
This new functionality allows viewing details of detected abuse by source IP.
For usage information, see the Abuse Detection customer documentation.
Dependent jobs are available in Preview. Dependent jobs let you schedule an automated chain of jobs, which can help you optimize resource consumption—for example, separate the types of VMs used for data preparation and compute-intensive data processing.
The following BigQuery ML features are now available:
- Creating remote models based on the Vertex AI gemini-1.5-flash and gemini-1.5-pro models.
- Using the
ML.GENERATE_TEXT
function with these remote models to perform generative natural language tasks for text stored in BigQuery tables. - Using the
ML.GENERATE_TEXT
function with these remote models to perform generative AI tasks, for example audio transcription or document classification, using image, video, audio, PDF, or text content stored in BigQuery object tables.
Try these features with the
Generate text by using the ML.GENERATE_TEXT
function
how-to topic.
These features are now generally available (GA).
You can try Gemini in BigQuery at no charge until January 27, 2025. After that date, to continue to use Gemini in BigQuery you must do one of the following:
- Purchase and assign BigQuery Enterprise Plus edition reservations to projects that use Gemini in BigQuery.
- Purchase Gemini Code Assist Enterprise.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, and Feed APIs.
- Cloud Build
cloudbuild.googleapis.com/Build
You can now create custom organization policies for the BackupRun
resource in Cloud SQL instances. In addition, more fields in the Instances
resource are available to create custom organization policies. For more information, see Add custom organization policies.
You can now create custom organization policies for the BackupRun
resource in Cloud SQL instances. In addition, more fields in the Instances
resource are available to create custom organization policies. For more information, see Add custom organization policies.
You can now create custom organization policies for the BackupRun
resource in Cloud SQL instances. In addition, more fields in the Instances
resource are available to create custom organization policies. For more information, see Add custom organization policies.
Bucket IP filtering for Cloud Storage is now available in Preview. With bucket IP filtering, you can restrict access to a bucket based on the source IP address of the request and secure your data from unauthorized access.
Conversational Insights now offers Rule-based analysis as a preview feature to customize your conversation analyses. Rule-based analysis provides the following customizations for your conversation analyses:
- Filter conversations.
- Select a percentage of your dataset.
- Designate different types of analysis.
For more information, see the documentation.
Data store tools: You can now optimize the RAG performance of data store tools used by Playbooks. See the documentation for details.
Dialogflow CX: New feature Context token limits has been added to Agent Settings > Generative AI. You can use this feature to set a percentage of the token budget to be reserved for conversation history, as a maximum. See the Agent Settings documentation for details.
Generators and data store handlers: The model gemini-1.5-flash-002
is now GA.
Data store handlers: The default generative model has been changed to gemini-1.5-flash-001
.
Google Distributed Cloud (software only) for VMware 1.29.800-gke.108 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.800-gke.108 runs on Kubernetes 1.29.10-gke.100.
If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.
The following issue is fixed in 1.29.800-gke.108:
Fixed the issue that additional manual steps are needed after disabling always-on secrets encryption with gkectl update cluster
.
The following vulnerabilities are fixed in 1.29.800-gke.108:
Container-optimized OS vulnerabilities:
Ubuntu vulnerabilities:
You can now use the Google Cloud console to create a Looker (Google Cloud core) Private Service Connect instance. The console also includes additional options to edit Looker (Google Cloud core) Private Service Connect instance settings.
Preview: Migrate to Virtual Machines lets you migrate Elastic Block Store (EBS) volumes not attached to a VM from AWS to Google Cloud, as part of a preview program. Use this feature when you have detached the disks associated with a VM to archive data and need to migrate these disks to Google cloud.
To participate in the preview, contact us at m2vm-independent-disks-migration@google.com.
Secure Source Manager supports Workforce Identity Federation.
To create an instance with Workforce Identity Federation enabled, follow the instructions in Create a Secure Source Manager instance to use with federated identities.
You can now view the configurations that determine the resource values of your high-value resource set. For more information, see View the configurations that match a high-value resource.
The Defense Evasion: Rootkit
detector of Virtual Machine Threat Detection is in General Availability. For more information, see Virtual Machine Threat Detection overview.
The application steps to activate the Security Command Center Enterprise tier have been streamlined. For information, see Activate the Security Command Center Enterprise tier.
The current default STREET_ADDRESS
infoType detection model, which is available when InfoType.version
is set to latest
or stable
, is now also used when InfoType.version
is set to legacy
.
The old detection model that was previously available by setting InfoType.version
to legacy
is no longer available.
November 13, 2024
Agent AssistAgent Assist offers a UI Connector with Salesforce to integrate with chat conversations.
Airflow 2.10.2 is available in Cloud Composer.
(Airflow 2.7.3) Backported #35887 to fix an issue that occurred during the DST transition. The issue affected DAGs with timezone-aware cron schedule and caused infinite loops in the Airflow scheduler.
Improved the error message generated when a Cloud Composer 3 environment creation fails because of missing permissions.
(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-google
package was upgraded to version 10.25.0 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.24.0 to version 10.25.0.
(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-cncf-kubernetes
package was upgraded to version 9.0.1 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 9.0.0 to version 9.0.1.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.10.2-build.0
- composer-3-airflow-2.9.3-build.7 (default)
- composer-3-airflow-2.7.3-build.23
New images are available in Cloud Composer 2:
- composer-2.9.11-airflow-2.10.2
- composer-2.9.11-airflow-2.9.3 (default)
- composer-2.9.11-airflow-2.7.3
Support dates for previous Cloud Composer 3 builds are available. All Cloud Composer 3 builds with Airflow 2.9.3 are supported until November 13, 2025.
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Preview: The OS policy orchestrator feature in VM Manager lets you manage OS policy assignments across projects and zones at scale in large organizations. OS policy assignment was previously available only for zonal resources in a project. For more information, see About OS Policy Orchestrator.
Config Connector version 1.125.0 is now available.
New Beta resources (direct reconciler)
-
- Manage connections to connect to Google services and external data sources
BigQueryAnalyticsHubDataExchange
- Manage data exchange to enable self-service data sharing
PrivilegedAccessManagerEntitlement
- Manage entitlements to grant for projects, folders, and organizations
-
- Manage workstation cluster to define a group of workstations in a particular region and the VPC network they're attached to.
Added cluster mode to manage the rate-limit for the Config Connector requests
- You can set the rate-limit for the reconciling requests to the kube-apiserver in Cluster and Namespace mode.
- Configure
NamespacedControllerReconciler
(Alpha) for namespace mode. This is added since 1.119 - Configure
ControllerReconciler
(Alpha) for cluster mode. The ControllerReconciler shows an example.
SQLInstance
Reconciliation Improvements
- You can use the
alpha.cnrm.cloud.google.com/reconciler: direct
annotation on the SQLInstance CR object to opt-in the direct controller. - The direct reconciler contains 2 fix and improvement:
- Fix the upgrade and downgrade issue between ENTERPRISE and ENTERPRISE_PLUS.
- Supports creating from clone functionality via
spec. cloneSource
- Migrated the
SQLInstance
from the Terraform-based or DCL-based controller to the new Direct Controller to enhance the reliability and performance. The CRD is unchanged.
ComputeFirewallPolicyRule
Reconciliation Improvements
- You can use the
alpha.cnrm.cloud.google.com/reconciler: direct
annotation on theComputeFirewallPolicyRule
CR object to opt-in the direct controller, which fixes the targetResources error "required value priority could not be found". - Migrated this resource from the Terraform-based controller to the new Direct Controller to enhance the reliability and performance. The resource CRD is unchanged.
AlloyDBInstance
- Added
spec.networkConfig.enableOutboundPublicIp
field. - Added
status.outboundPublicIpAddresses
field.
Issue 3007 ComputeBackendService
cannot refer clientTLSPolicy due to invalid format
Issue 2973 kubelet_config has insecure_kubelet_readonly_port_enabled: true
set even if not configured in the ContainerNodePool
object.
Flutter for the Mobile SDKs
You can now use Flutter to help you integrate the Mobile SDKs (the Android SDK and the iOS SDK) into your Android or iOS app. For more information, see Integrate using Flutter.
(2024-R44) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- Version 1.31.1-gke.2105000 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.14-gke.1376000
- 1.29.9-gke.1541000
- 1.30.5-gke.1628000
- 1.31.1-gke.1846000
- 1.31.2-gke.1115000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.2105000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.
Regular channel
- The following versions are now available in the Regular channel:
Stable channel
- The following versions are now available in the Stable channel:
Extended channel
- The following versions are now available in the Extended channel:
- Version 1.27.16-gke.1373000 is no longer available in the Extended channel.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1681000 with this release.
No channel
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.30.5-gke.1628000
- 1.31.1-gke.1678000
- 1.31.2-gke.1115000
(2024-R44) Version updates
GKE cluster versions have been updated.
- Version 1.31.1-gke.2105000 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.14-gke.1376000
- 1.29.9-gke.1541000
- 1.30.5-gke.1628000
- 1.31.1-gke.1846000
- 1.31.2-gke.1115000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.2105000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.
(2024-R44) Version updates
GKE cluster versions have been updated.
- The following versions are now available in the Regular channel:
(2024-R44) Version updates
GKE cluster versions have been updated.
- The following versions are now available in the Stable channel:
(2024-R44) Version updates
GKE cluster versions have been updated.
- The following versions are now available in the Extended channel:
- Version 1.27.16-gke.1373000 is no longer available in the Extended channel.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1681000 with this release.
(2024-R44) Version updates
GKE cluster versions have been updated.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.30.5-gke.1628000
- 1.31.1-gke.1678000
- 1.31.2-gke.1115000
November 12, 2024
AlloyDB for PostgreSQLAlloyDB now supports up to 128 TiB storage per cluster in all regions where AlloyDB is available.
If you are dropping an AlloyDB database that is larger than 64 TiB, then any write operations on other AlloyDB databases are paused until the drop operation is completed.
hybrid v1.13.2
On November 12, 2024 we released an updated version of the Apigee hybrid software, 1.13.2.
- For information on upgrading, see Upgrading Apigee hybrid to version 1.13.2.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
373722434 | Fixed support for backups to GCS buckets with retention policies. |
361044374 | Fixes assign message not correctly highlighting the set payload action in the debug trace. |
355122464 | This release contains a few error-handling fixes for CSI backup and restore. |
237656263 | Fix added to make use of asynchronous ServiceCallout execution when the ServiceCallout policy <Response> element is not present.
Procedure:
|
Bug ID | Description |
---|---|
N/A | Security fixes for apigee-redis . This addresses the following vulnerabilities: |
.NET 6 has reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of .NET.
Cloud Load Balancing resources now let you use custom constraints to define your own restrictions on Google Cloud services. To learn about which load balancing resources support custom constraints, and some sample use cases, see Manage Cloud Load Balancing resources using custom constraints.
For more information about custom constraints, see the following:
This feature is available in General Availability.
You can now have Cloud SQL create a Private Service Connect endpoint automatically instead of creating the endpoint manually after the instance is created. You use this endpoint to access a Cloud SQL instance through a VPC network. For more information, see Connect to an instance using Private Service Connect. This feature is available in Preview.
You can now have Cloud SQL create a Private Service Connect endpoint automatically instead of creating the endpoint manually after the instance is created. You use this endpoint to access a Cloud SQL instance through a VPC network. For more information, see Connect to an instance using Private Service Connect. This feature is available in Preview.
You can now have Cloud SQL create a Private Service Connect endpoint automatically instead of creating the endpoint manually after the instance is created. You use this endpoint to access a Cloud SQL instance through a VPC network. For more information, see Connect to an instance using Private Service Connect. This feature is available in Preview.
In-cluster Cloud Service Mesh 1.20 is no longer supported. For more information, see Supported versions.
1.20.8-asm.10 is now available for in-cluster Cloud Service Mesh.
1.20 is no longer supported. While the fix for the bug in the distroless proxy container has been backported to 1.20, you should upgrade to 1.21 or later.
You can now download 1.20.8-asm.10 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.20.8 subject to the list of supported features. Cloud Service Mesh version 1.20.8-asm.10 uses envoy v1.28.6.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
1.23.3-asm.2 is now available for in-cluster Cloud Service Mesh.
You can now download 1.23.3-asm.2 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.23.3 subject to the list of supported features. Cloud Service Mesh version 1.23.3-asm.2 uses envoy v1.31.2.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
1.22.6-asm.2 is now available for in-cluster Cloud Service Mesh.
You can now download 1.22.6-asm.2 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.22.6 subject to the list of supported features. Cloud Service Mesh version 1.22.6-asm.2 uses envoy v1.30.6.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
1.21.5-asm.12 is now available for in-cluster Cloud Service Mesh.
You can now download 1.21.5-asm.12 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.21.5 subject to the list of supported features. Cloud Service Mesh version 1.21.5-asm.12 uses envoy v1.29.8.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
This release fixes a bug in the distroless proxy container. Before this fix, the distroless proxy produced errors similar to the following when deployed in a Kubernetes cluster with in-cluster control plane that did not have Container Network Interface (CNI) installed.
xtables resource problem: can't open lock file /run/xtables.lock: No such file or directory
This fix applies to the following new versions:
- 1.20.8-asm.10
- 1.21.5-asm.12
- 1.22.6-asm.2
- 1.23.3-asm.2
Config Controller now uses the following versions of its included products:
- Config Connector v1.124.0, release notes
Datastream now supports global transaction identifier (GTID)-based replication for MySQL sources. The feature is in Preview.
GTID-based replication supports failovers and managed database clusters, such as Cloud SQL Enterprise Plus edition. For more information, see the Datastream documentation.
Mobile SDK 2.10 is released
Mobile SDK 2.10 includes the following updates:
- iOS SDK:
- Text resizing. End-users can increase text size up to 200%. Text is resized using the device settings.
- Android SDK:
- Fixed the sticky button behavior so that it matches iOS.
- Android SDK and iOS SDK:
- Fixed an issue where content card text was misaligned.
Google Cloud Managed Service for Apache Kafka is now in General Availability (GA).
November 11, 2024
Artifact RegistryThe Container Registry -> Artifact Registry Migration Admin role simplifies the IAM roles required for the transition from Container Registry to Artifact Registry. For instructions on how to use the role, see Automatically migrate from Container Registry to Artifact Registry.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-bigquery
3.27.0 (2024-11-01)
Features
The following BigQuery ML features are now available:
- You can perform supervised tuning on a remote model based on a Vertex AI Gemini 1.5 flash or Gemini 1.5 pro model.
- You can evaluate a Vertex AI LLM using the
ML.EVALUATE
function. Pre-trained PaLM and Gemini models and tuned Gemini models are supported for evaluation.
Try tuning and evaluating an LLM with the Customize an LLM by using supervised fine tuning how-to topic or the Use tuning and evaluation to improve model performance tutorial.
These BigQuery ML features are generally available (GA).
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Dataplex
dataplex.googleapis.com/AspectType
dataplex.googleapis.com/EntryGroup
dataplex.googleapis.com/EntryType
Dashboard variables and dashboard-level filtering is now GA. Pinned filters and variables can have multiple default values and they support selection of multiple values. For more information, see the following documents:
cos-105-17412-495-37
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.167 | v23.0.3 | v1.7.23 | See List |
Fixed CVE-2024-50602 in dev-libs/expat.
Fixed KCTF-2e95c43 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50082 in the Linux kernel.
Fixed CVE-2024-50083 in the Linux kernel.
Fixed CVE-2024-50024 in the Linux kernel.
Fixed CVE-2024-50002 in the Linux kernel.
Fixed CVE-2024-49967 in the Linux kernel.
Fixed CVE-2024-50006 in the Linux kernel.
Fixed CVE-2024-49881 in the Linux kernel.
Fixed CVE-2024-49881 in the Linux kernel.
Fixed CVE-2024-50015 in the Linux kernel.
Fixed CVE-2024-50015 in the Linux kernel.
Fixed CVE-2024-50001 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812681 -> 812709
cos-117-18613-75-26
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.56 | v24.0.9 | v1.7.23 | See List |
Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675
Fixed CVE-2024-50602 in dev-libs/expat.
Fixed CVE-2024-50067 in the Linux kernel.
Fixed CVE-2024-50036 in the Linux kernel.
Fixed KCTF-2e95c43 in the Linux kernel.
Fixed CVE-2024-50076 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50082 in the Linux kernel.
Fixed CVE-2024-50024 in the Linux kernel.
Fixed KCTF-8ea6073 in the Linux kernel.
Fixed CVE-2024-50072 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811757 -> 811721
cos-113-18244-236-35
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.23 | See List |
Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675.
Fixed CVE-2024-50602 in dev-libs/expat.
Fixed KCTF-2e95c43 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50082 in the Linux kernel.
Fixed CVE-2024-50083 in the Linux kernel.
Fixed CVE-2024-50024 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812026 -> 812011
cos-109-17800-372-38
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.23 | See List |
Fixed CVE-2024-50602 in dev-libs/expat.
Fixed KCTF-2e95c43 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50082 in the Linux kernel.
Fixed CVE-2024-50083 in the Linux kernel.
Fixed CVE-2024-50024 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812248 -> 812209
cos-dev-121-18747-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.59 | v24.0.9 | v1.7.23 | See List |
Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675.
Fixed CVE-2024-9143 in dev-libs/openssl.
Fixed KCTF-2e95c43 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811822 -> 811804
Announcing the General Availability (GA) of Flexible shapes for Dataproc secondary workers which allows you to provide a ranked selection of machine types to use for the creation of VMs.
Announcing the General Availability (GA) of Spot and non-preemptible VM mixing for Dataproc secondary workers which allows you to mix spot and non-preemptible secondary workers when you create a Dataproc cluster.
A weekly digest of client library updates from across the Cloud SDK.
Clusters now have unified and flexible configuration, allowing you to modify control plane access and cluster node settings at any time, without the need to recreate the cluster. This eliminates the previous distinction between private and public clusters. All clusters support this flexibility and utilize DNS-based endpoints for secure and direct control plane access from any network, removing the need for bastion hosts or proxies. You can still enhance security with measures like VPC Service Controls.
To learn more, see About network isolation in GKE.
DNS-based access for GKE clusters control plane is now generally available. This capability provides each cluster with a unique domain name system (DNS) name or fully-qualified domain name (FQDN). Access to clusters is controlled through IAM policies, eliminating the need for bastion hosts or proxy nodes. Authorized users can connect to the control plane from different cloud networks, on-prem deployments, or from remote locations, without relying on proxies.
To learn more, see About network isolation in GKE.
Instances that use 1, 2, or 4 shards are now Generally Available. For more information about the minimum and maximum supported shard count, see Cluster and node specification.
Added support for Node-level monitoring metrics (Generally Available).
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-pubsub
2.27.1 (2024-11-08)
Bug Fixes
As of December 9, 2024, if you activate Security Command Center within an organization for the first time, then you must use only version 2 of the Security Command Center API in that organization. Earlier versions are not supported.
If you activated Security Command Center at the project level prior to December 9, 2024, then any projects you activate in the same organization will support all available versions of the Security Command Center API.
To migrate to the v2 API from an earlier version, see Migrate to v2 of the Security Command Center API.
The Vulnerability management dashboard was enhanced to include information about containers with exploitable vulnerabilities. This feature is in Preview.
Starting October 24, 2024, the IAM Recommender service is enabled by default when activating Security Command Center. You manage the IAM Recommender service under the Security Command Center Settings page > Integrated services tab. For more information, see Add integrated Google Cloud services to Security Command Center.
The current default ORGANIZATION_NAME
infoType detection model, which is available when InfoType.version
is set to latest
or stable
, is now also used when InfoType.version
is set to legacy
.
The old detection model that was previously available by setting InfoType.version
to legacy
is no longer available.
The region restriction on the ORGANIZATION_NAME
infoType has been lifted. It is now available in all regions.
Journey Voices now supports the de-de, en-gb, en-in, es-us, fr-ca, fr-fr, and it-it locales.
November 10, 2024
Google SecOps SOARRelease 6.3.25 is in Preview.
November 09, 2024
Google SecOpsThe following parser documentation is now available.
Collect Microsoft Azure AD logs
Collect Cisco Secure Email Gateway logs
Collect Amazon CloudFront logs
Collect the General Dynamics Fidelis XPS logs
Collect Imperva Incapsula Web Application Firewall logs
Collect Microsoft Graph security API alert logs
Collect Kemp Load Balancer logs
Collect Mimecast Secure Email Gateway logs
Collect Proofpoint TAP alerts logs
Collect RSA Authentication Manager logs
Collect Symantec Event Export logs
Collect Palo Alto Prisma Cloud logs
The following parser documentation is now available.
Collect Microsoft Azure AD logs
Collect Cisco Secure Email Gateway logs
Collect Amazon CloudFront logs
Collect the General Dynamics Fidelis XPS logs
Collect Imperva Incapsula Web Application Firewall logs
Collect Microsoft Graph security API alert logs
Collect Kemp Load Balancer logs
Collect Mimecast Secure Email Gateway logs
Collect Proofpoint TAP alerts logs
Collect RSA Authentication Manager logs
Collect Symantec Event Export logs
Collect Palo Alto Prisma Cloud logs
Release 6.3.24 is now in General Availability.
November 08, 2024
AlloyDB for PostgreSQLAlloyDB Omni version 15.7.0 is generally available (GA). Version 15.7.0 includes the following features and changes:
AlloyDB Omni supports PostgreSQL version 15.7.
The
alloydb_scann
extension—previously namedpostgres_scann
—is generally available (GA). For more information about storing vector embeddings, creating indexes, and tuning indexes to achieve faster query performance and better recall, see Work with vectors.Support for Red Hat Enterprise Linux (RHEL) 8 is generally available (GA).
The AlloyDB Omni columnar engine is available in Preview on ARM.
Disk cache and columnar storage cache are available to improve AlloyDB Omni performance by accelerating data access for AlloyDB Omni in a container and on a Kubernetes cluster.
Security fixes for CVE-2023-50387 and CVE-2024-7348 have been implemented.
The AlloyDB Omni Reference documentation is available. This includes metrics, database flags, model endpoint management reference, and extensions documentation for AlloyDB Omni 15.7.0.
AlloyDB Omni supports the
pg_ivm
extension, which provides incremental view maintenance for materialized views.Various bug fixes and performance improvements.
The AlloyDB Omni Kubernetes operator version 1.2.0 is generally available (GA). Version 1.2.0 includes the following new features:
The
healthcheckPeriodSeconds
parameter lets you specify the number of seconds to wait between health checks. For more information, see Adjust automatic failover trigger settings.The following metrics help you monitor the performance of your database container. Each of these metrics is of type
gauge
. For more information, see Database container-level metrics.alloydb_omni_memory_limit_byte
shows the memory limit of a database container.alloydb_omni_instance_postgresql_replication_state
shows the state of each replica that's connected to the AlloyDB Omni primary node.alloydb_omni_memory_used_byte
shows the memory used by the database container in bytes.
An issue that caused a brief interruption to all database clusters when the following is true is fixed:
You're upgrading the AlloyDB Omni Kubernetes operator version 1.1.1 to a newer version.
You're using the AlloyDB Omni database version 15.5.5 or later.
AlloyDB AI is not enabled.
High availability is supported on a secondary database cluster after it's promoted. For more information, see Promote a secondary database cluster and Manage high availability in Kubernetes.
You can enable or disable model endpoint management through Kubernetes manifests. For more information, see Install AlloyDB Omni with AlloyDB AI.
You can configure when logs rotate using thresholds that are based on the size of the log files, the time since the log file last rotated, or both. For more information, see Configure AlloyDB Omni log rotation.
You can create a snapshot of the memory heap of AlloyDB Omni Kubernetes operator to help you analyze and debug its memory performance. For more information, see Analyze AlloyDB Omni Kubernetes operator memory heap usage.
In AlloyDB Omni versions 15.5.5 and earlier, parameterized view features were available in the alloydb_ai_nl
extension. Starting in version 15.7.0, parameterized view features are available in the parameterized_views
extension, which you must create before you use parameterized views. Also starting in version 15.7.0, the related function, google_exec_param_query
, has been renamed to execute_parameterized_query
and is available in the parameterized_views
extension. For more information, see Query your database using natural language.
The extension pg_ivm
version 1.9 has been added to extensions supported by AlloyDB.
The following extensions are updated:
google_ml_integration
from 1.3 to 1.4.2pg_partman
from 4.7.4 to 5.0.1pglogical
from 2.4.4 to 2.4.5pgtt
from 3.0.0 to 4.0.0vector
is updated from 0.7.0 to 0.7.4
The Multiple table plugin version 1.4.1 is available in Cloud Data Fusion versions 6.10.1 and later. This release fixes an issue causing pipelines to fail if a Multiple database tables batch source's Reference Name field contains spaces. The field no longer accepts spaces (PLUGIN-1752).
Audit Logging now populates the status.details
field in the audit log with the google.rpc.ErrorInfo
and google.rpc.Help
proto payload types in cases where an API returns an error status and that status includes one of those types in the details field.
Cloud Workstations supports granting access to individual ports. For details, see the Grant access to individual Cloud Workstations ports page.
Eventarc Standard is available in the northamerica-south1
(Mexico, North America) region.
Batch predictions for Llama models on Vertex AI (MaaS) is available in Preview.
Batch prediction support for Gemini
Batch prediction is available for Gemini in General Availability (GA). Available Gemini models include Gemini 1.0 Pro, Gemini 1.5 Pro, and Gemini 1.5 Flash. To get started with batch prediction, see Get batch predictions for Gemini.
The machine family of N1 custom machine types (like custom-1-1024
) is now accurately labeled as "N1" for all node versions later than 1.31.2-gke.1115000.
The Live Stream API is now available in asia-south1
and europe-north1
. For more information, see Live Stream API locations.
To help you detect potentially malicious anomalies in your network, Event Threat Detection now supports the ability to analyze foundational log sources, which produce Bad IP findings without enabling VPC Flow Logs. This feature is in Preview.
- If you activated Security Command Center Premium or Enterprise in a project or organization before October 18, 2024, then you have access to this feature in that project or organization.
- If you activated Security Command Center Premium or Enterprise at the project level before October 18, 2024, and you activate additional projects in the same organization, then the additional projects will have access to this feature.
- If you activated Security Command Center Premium or Enterprise in a project or organization on or after October 18, 2024, and you want to enable this feature, then contact Google Cloud Customer Care.
The EMPLOYMENT_STATUS
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
November 07, 2024
AlloyDB for PostgreSQLSince the google_ml_integration.enable_model_support
flag is enabled by default, if you are using the google_ml_integration
extension version 1.3, your ability to query Vertex AI models using the embedding()
function might be impacted. Querying registered models using the google_ml.embedding()
function remains unaffected.
To resolve the issue with using the embedding()
function , upgrade the google_ml_integration
extension version 1.3 to the latest version, 1.4.2. For more information, see how to upgrade the extension.
This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
Audit Manager is now generally available (GA).
Audit Manager is a compliance audit solution that helps you to simplify your compliance audit process on Google Cloud.
Database Migration Service now supports MySQL minor version 8.0.39 for homogeneous MySQL migrations. For more information, see Supported source and destination databases in Cloud SQL for MySQL migrations.
You can now specify mount options when you configure Cloud Storage volume mounts for both Cloud Run services and jobs. (In Preview)
The following images are now rolling out for managed Cloud Service Mesh:
- 1.19.10-asm.21 is rolling out to the rapid release channel.
- 1.19.10-asm.21 is rolling out to the regular release channel.
- 1.19.10-asm.21 is rolling out to the stable release channel.
You can now restore soft-deleted buckets. If you delete a bucket with an active soft delete policy, Cloud Storage retains the bucket for the specified soft delete retention duration, during which the bucket can be restored to a live state. To learn more about the bucket restore feature, see Use soft-deleted buckets.
Dialogflow CX: As of August 2024, us-dialogflow.*
has been re-introduced as the canonical endpoint for the US multi-region. The usa-dialogflow.*
endpoint is still supported as an alias. See the regionalization documentation for details.
Version 3.29 is released
All release notes published on this date are part of version 3.29.
The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.
Skip CRM account and record creation (Zendesk and ServiceNow)
You can now skip CRM account and record creation for Zendesk and ServiceNow. You can also adjust the CRM pop-up settings.
Agent status translation
You can translate the default, system, and custom agent statuses for the languages supported by Google Cloud Contact Center as a Service (CCaaS). Google Cloud CCaaS provides automatic translation of default and system statuses. It also lets you do translations manually. For more information, see Agent status translation.
Generative session summarization using Agent Assist
Agent Assist now supports generative session summarization for chat and voice sessions. Agents can view information about a customer's previous support interactions in the agent adapter, including generative session summaries, agent notes, and transcripts. This helps give agents the context they need for a customer and can improve overall handling times. Supervisors can view generative session summarizations for ongoing and completed sessions in the session monitoring pages.
Generative session summarizations are generated for an entire session and for segments of a session. Session segments are generated when a session is handled by multiple human or virtual agents.
Generative session summarization requires you to enable Agent Assist and configure external storage.
Generative knowledge assist using Agent Assist
Agents can now view knowledge articles while on a call or chat. These knowledge articles appear as clickable tiles in the agent adapter and are generated based on the ongoing conversation between the agent and end-user. Agents can click a tile to open the article in a browser tab. Agents can also search for knowledge articles using a search field in the agent adapter.
Queue transfer restrictions
You can control which queues or teams that agents can transfer sessions to. This provides more granular control over call flows and helps prevent improper transfers. For more information, see Restrict queue transfers.
Support for direct SIP REFER in virtual agent call transfers
Virtual assistant call transfers now support the direct SIP REFER method. This means you can pass useful information in the call transfer, such as caller intent and account information. Call transfer data is recorded as Planned Transfers in virtual assistant metrics. For more information, see Transfer a call to a SIP endpoint using the SIP REFER method.
Alvaria WFM for chat
Customers with Alvaria integrations can now receive chat session data. For more information, see Alvaria Workforce integration.
Clear the voicemails in a queue
You can now clear the voicemails in any queue from the Call settings page. For more information, see Clear voicemails from queues.
Queue status API
We added two new API endpoints that let you check whether a queue is in After Hours (AH) or Overcapacity (OC) status.
SDK parameters in the custom CRM lookup flow
You can now use SDK data parameters in the CRM lookup flow. For more information, see CRM lookup URLs.
Use the admin user for CRM API calls with Salesforce
Using Salesforce, you can now use the admin user for all CRM API calls for record creation and updating, while still allowing agents to retain ownership of CRM-specific actions. For more information, see Salesforce configuration.
New Agent_Assist_Started event
A new Agent_Assist_Added
event is now available. This event contains the conversation ID for a specific agent assist session. For more information, see Agent Assist started.
Chat transcripts download
You can now download a chat transcript using the web SDK.
Display email session ID in the email adapter and email subject
You can now display the session ID in the email adapter and in the subject line of an email thread.
Clickable authentication icon
The authentication icon in the agent adapter can now be clicked by the agent to mark the customer as either authenticated or unauthenticated. For more information, see User profile flags for calls and User profile tags for chat.
Fixed an issue where the session summary wouldn't automatically scale with the height of the chat adapter.
Fixed an issue where wrap-up and disposition settings were not following destination queue settings when calls and chats were transferred.
Fixed an issue where transferring calls to a parent queue sometimes caused calls to drop.
Fixed an issue that sometimes prevented agents from going into Available status after wrapping up a call while still in a chat session.
Fixed an issue where the wait time for transferred sessions sometimes displayed incorrectly on the "Queued Calls" and "Queued Chats" dashboards.
Improved the user interface for the email transcript capability.
Google Distributed Cloud (software only) for VMware 1.28.1200-gke.83 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.1200-gke.83 runs on Kubernetes v1.28.14-gke.700.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
The following issue is fixed in 1.28.1200-gke.83:
- Fixed the issue that additional manual steps are needed after disabling always-on secrets encryption with
gkectl update cluster
.
The following vulnerabilities are fixed in 1.28.1200-gke.83:
Container-optimized OS vulnerabilities:
Release 1.28.1200-gke.83
Google Distributed Cloud for bare metal 1.28.1200-gke.83 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.1200-gke.83 runs on Kubernetes 1.28.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Fixes:
Fixed an issue where the registry mirror reachability check fails for a single unreachable registry mirror. Now the reachability check applies to configured registry mirrors only, instead of all registry mirrors.
Fixed the issue where non-root users can't run
bmctl restore
to restore quorum.
The following container image security vulnerabilities have been fixed in 1.28.1200-gke.83:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
GKE clusters running version 1.28 or later now support automatic application monitoring in public preview. Enabling this feature automatically deploys PodMonitoring
configurations to capture key metrics for supported workloads like Apache Airflow, Istio, and RabbitMQ. These metrics are integrated with Cloud Monitoring dashboards for observability. To learn more, see Configure automatic application monitoring for workloads.
Looker 24.20 includes the following changes, features, and fixes:
Expected Looker (original) deployment start: Monday, November 11, 2024
Expected Looker (original) final deployment and download available: Thursday, November 21, 2024
Expected Looker (Google Cloud core) deployment start: Thursday, November 7, 2024
Expected Looker (Google Cloud core) final deployment: Thursday, November 14, 2024
In the Looker application API, for methods that include a query_id
field, or, in the case of Query APIs, an id
field, the query_id
and id
fields no longer accept a numeric value and now require a query slug value. This change will be released in phases:
Looker 24.20: December 4, 2024 for Americas Early (Note: This information was updated on November 12, 2024.)
Looker 25.0: Americas Mid
Looker 25.2: General Availability (GA) (Note: This information was updated on November 15, 2024.)
Users no longer need the download_without_limit
permission to select the All Results option when they schedule Looks and dashboards.
The Chart Config Editor now supports creating a Dependency Wheel visualization.
The Chart Config Editor now supports creating an Item visualization.
The New Project page in Looker has been replaced with the Create a Model page. However, you can still access the New Project page if you are using a Looker (original) instance and your Looker admin has enabled the Use Legacy Project Creation Page legacy feature or through the informational banner at the top of the Create a Model page.
Looker has released version 1.4.0 of the Looker–Power BI Connector. See the Looker–Power BI Connector change log for details about the version 1.4.0. Note: This item was added on November 11, 2024.
An issue has been fixed where renaming a project using a bare repository could prevent deploying to production for that project. This feature now performs as expected.
An issue has been fixed where editing a model set could take a long time to load. This feature now performs as expected.
An issue has been fixed where the Actions page could fail to reflect recently saved settings. This feature now performs as expected.
An issue has been fixed where Sankey charts could ignore series values if they matched other series values.
An issue has been fixed where conditional formatting could fail to apply to total rows if the value was zero. This feature now performs as expected.
An issue has been fixed where Looker could generate datagroup names with dashes even though dashes aren't allowed in datagroup names. This feature now performs as expected.
An issue has been fixed where certain System Activity queries could time out. This feature now performs as expected.
The PDF and PNG rendering software has been upgraded to the latest stable version.
An issue has been fixed where visualizations that were created with the Chart Config Editor could fail to be displayed in an embedded context. This feature now performs as expected.
An issue has been fixed where the LookML Validator would not display an error message if the convert_tz
parameter was used in an invalid context. This feature now performs as expected.
An issue has been fixed where selecting the word cloud visualization could cause Looker to display a blank page. This feature now performs as expected.
Tooltips have been added for truncated progress values in single value visualizations.
An issue has been fixed where progress values in single value visualizations were unnecessarily truncated. This feature now performs as expected.
An issue has been fixed where modifying dashboard filters after deleting a tile could cause Looker to display an error. This feature now performs as expected.
An issue has been fixed where progress bars in single value visualizations could disappear when the visualization was resized. This feature now performs as expected.
An issue has been fixed where relative date filters could misinterpret numbers with more than three digits (such as "in the last 1000 minutes") as dates. This feature now performs as expected.
An issue has been fixed where killing queries on BigQuery Standard SQL could be unnecessarily expensive. This feature now performs as expected.
An issue has been fixed where special characters (such as <
and >
) in pivoted dimension values could cause Looker to incorrectly truncate legend labels. This feature now performs as expected.
An issue has been fixed where downloading a dashboard tile with an invalid hex color code as an Excel spreadsheet could cause the download to fail. Looker now applies a default font color instead.
An issue has been fixed where location type fields could not be used in custom filter expressions. This feature now performs as expected.
An issue has been fixed where invalid "set" or "when" LookML fields could cause the LookML Validator to fail with a 500 error. The LookML Validator now displays a more informative error message.
An issue has been fixed where a locale value of fr
would fall back to fr-CA
instead of fr-FR
, which was causing text to be translated incorrectly. This feature now performs as expected.
An issue has been fixed where the LookML IDE did not persist line wrap settings. This feature now performs as expected.
Upon upgrade to Looker 24.20, support access will be disabled on Looker (original) instances. To enable it, set a duration and a support access role on the Support Access page of the Admin panel.
Looker (original) deployments can now use the Redshift 2.1.0.30 driver.
A new Labs feature is available, New Database Connection Setup. When enabled, this feature updates the Add/Edit Connection page with a modernized UI, enhanced validation and connection testing capabilities, and a comprehensive configuration summary.
Google Cloud Technical Support access has updated duration settings of 0 to 48 hours. Admins may choose to grant all Support users either a Support Basic Editor role or a Support Advanced Editor role.
A new Labs feature is available, Tiered Support Access, which defaults to enabled. When this feature is disabled, Looker uses the legacy version of support access.
A new legacy feature is available, Use Legacy Project Creation Page. When this feature is enabled, it hides the Create a Model page and displays the deprecated New Project page.
A new Labs feature is available, Complex Filters UI Configuration for Explores. When this feature is enabled, matches (advanced) filters no longer update to simpler filter types when a comma is entered into the filter expression until the page is reloaded. This feature resolves a few stability issues with matches (advanced) filters.
Google Cloud Technical Support access is now available for Looker (Google Cloud core) instances. Update: This feature will become available to customers in January 2025. This item was updated on December 3, 2024.
An issue has been fixed where logging in to an instance using IP Allowlist could take a long time. This feature now performs as expected.
Added support for multiple VPC networks (Preview). For more details, see About multiple VPC networking.
The v2 Security Command Center API is generally available (GA).
To migrate from an earlier version, see Migrate to v2 of the Security Command Center API.
November 06, 2024
BigQueryBigQuery now offers the following Gemini-enhanced SQL translation features:
In interactive translation mode, you can use Gemini-enhanced SQL translations to customize translated GoogleSQL queries. This feature is generally available (GA).
You can generate AI suggestions for batch translations using the Gemini model. The suggestions are based on a Gemini-based configuration YAML file. This feature is in Preview.
After running an interactive SQL translation, you can request a Gemini-generated text explanation that includes a summary of the translated SQL query. This feature is in Preview.
(Cloud Composer 3) Fixed an issue that affected the speed of PyPI package installation. PyPI packages are now installed slightly faster.
(Airflow 2.9.3 and 2.7.3) The docutils
package was removed from preinstalled packages.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.9.3-build.6 (default)
- composer-3-airflow-2.7.3-build.22
New images are available in Cloud Composer 2:
- composer-2.9.10-airflow-2.9.3 (default)
- composer-2.9.10-airflow-2.7.3
Cloud Composer version 2.5.1 has reached its end of support period.
Cloud Composer 2.9.7 is a version with an extended upgrade timeline.
1.23.3-asm.1 is now available for in-cluster Cloud Service Mesh.
You can now download 1.23.3-asm.1 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.23.3 subject to the list of supported features. Cloud Service Mesh version 1.23.3-asm.1 uses envoy v1.31.2.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
1.22.6-asm.1 is now available for in-cluster Cloud Service Mesh.
You can now download 1.22.6-asm.1 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.22.6 subject to the list of supported features. Cloud Service Mesh version 1.22.6-asm.1 uses envoy v1.30.6.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
1.21.5-asm.10 is now available for in-cluster Cloud Service Mesh.
You can now download 1.21.5-asm.10 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.21.5 subject to the list of supported features. Cloud Service Mesh version 1.21.5-asm.10 uses envoy v1.29.8.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
1.20.8-asm.9 is now available for in-cluster Cloud Service Mesh.
You can now download 1.20.8-asm.9 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.20.8 subject to the list of supported features. Cloud Service Mesh version 1.20.8-asm.9 uses envoy v1.28.6.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
This release fixes a bug in the following versions where the default user for distroless proxy was changed to root; As a result of this fix, the default user is now back to non-root
- 1.20.8-asm.6
- 1.20.8-asm.7
- 1.21.5-asm.5
- 1.21.5-asm.7
- 1.22.3-asm.1
- 1.22.4-asm.0
- 1.22.5-asm.1
This change may affect some gateway deployments which rely on the root user to expose a privileged port for ingress or egress. To ensure your gateways continue to work correctly, you may need to apply additional security contexts to your deployments. For details, see the troubleshooting guide.
Patches fixing a bug where the default user for distroless proxy was changed to root will be rolling out to all release channels. As a result of this fix, the default user is changing back to non-root. When you see the release note notifying that this rollout is complete, you must restart each affected workload to make the change effective.
cos-113-18244-236-26
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.23 | See List |
Updated NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.
Fixed CVE-2024-50002 in the Linux kernel.
Fixed CVE-2024-49967 in the Linux kernel.
Fixed CVE-2024-50006 in the Linux kernel.
Fixed CVE-2024-49881 in the Linux kernel.
Fixed CVE-2024-49881 in the Linux kernel.
Fixed CVE-2024-47678 in the Linux kernel.
Fixed CVE-2024-47678 in the Linux kernel.
Fixed CVE-2024-47705 in the Linux kernel.
Fixed CVE-2024-47705 in the Linux kernel.
Fixed CVE-2024-50001 in the Linux kernel.
Fixed CVE-2024-50019 in the Linux kernel.
Fixed CVE-2024-49983 in the Linux kernel.
Fixed CVE-2024-49978 in the Linux kernel.
Fixed CVE-2024-49993 in the Linux kernel.
Fixed CVE-2024-49889 in the Linux kernel.
Fixed CVE-2024-47707 in the Linux kernel.
Fixed CVE-2024-49884 in the Linux kernel.
Fixed CVE-2024-49936 in the Linux kernel.
Fixed CVE-2024-50045 in the Linux kernel.
Fixed CVE-2024-47710 in the Linux kernel.
Fixed CVE-2024-49870 in the Linux kernel.
Fixed CVE-2024-50039 in the Linux kernel.
Fixed CVE-2024-50015 in the Linux kernel.
Fixed CVE-2024-49975 in the Linux kernel.
Fixed CVE-2024-49875 in the Linux kernel.
Fixed CVE-2024-50000 in the Linux kernel.
Fixed CVE-2024-50046 in the Linux kernel.
Fixed CVE-2024-49883 in the Linux kernel.
Fixed CVE-2024-47696 in the Linux kernel.
Fixed CVE-2024-47728 in the Linux kernel.
Fixed CVE-2024-47679 in the Linux kernel.
Fixed CVE-2024-50035 in the Linux kernel.
Fixed CVE-2024-49851 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-50033 in the Linux kernel.
Fixed CVE-2024-49860 in the Linux kernel.
Fixed CVE-2024-47737 in the Linux kernel.
Fixed CVE-2024-47742 in the Linux kernel.
Fixed CVE-2024-47739 in the Linux kernel.
Fixed CVE-2024-47706 in the Linux kernel.
Fixed CVE-2024-49858 in the Linux kernel.
Fixed CVE-2024-47682 in the Linux kernel.
Fixed CVE-2024-47692 in the Linux kernel.
Fixed CVE-2024-47727 in the Linux kernel.
Fixed CVE-2024-47693 in the Linux kernel.
Fixed CVE-2024-47734 in the Linux kernel.
Fixed CVE-2024-47743 in the Linux kernel.
Fixed CVE-2024-47684 in the Linux kernel.
Fixed CVE-2024-49850 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812035 -> 812026
cos-109-17800-372-31
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.112 | v24.0.9 | v1.7.23 | See List |
Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.
Updated NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.
Fixed CVE-2024-50002 in the Linux kernel.
Fixed CVE-2024-49967 in the Linux kernel.
Fixed CVE-2024-50006 in the Linux kernel.
Fixed CVE-2024-49881 in the Linux kernel.
Fixed CVE-2024-49881 in the Linux kernel.
Fixed CVE-2024-47705 in the Linux kernel.
Fixed CVE-2024-47705 in the Linux kernel.
Fixed CVE-2024-50001 in the Linux kernel.
Fixed CVE-2024-47678 in the Linux kernel.
Fixed CVE-2024-47678 in the Linux kernel.
Fixed CVE-2024-49870 in the Linux kernel.
Fixed CVE-2024-50045 in the Linux kernel.
Fixed CVE-2024-49983 in the Linux kernel.
Fixed CVE-2024-49978 in the Linux kernel.
Fixed CVE-2024-50015 in the Linux kernel.
Fixed CVE-2024-50039 in the Linux kernel.
Fixed CVE-2024-50000 in the Linux kernel.
Fixed CVE-2024-49975 in the Linux kernel.
Fixed CVE-2024-49993 in the Linux kernel.
Fixed CVE-2024-50019 in the Linux kernel.
Fixed CVE-2024-49875 in the Linux kernel.
Fixed CVE-2024-47710 in the Linux kernel.
Fixed CVE-2024-47707 in the Linux kernel.
Fixed CVE-2024-49850 in the Linux kernel.
Fixed CVE-2024-49936 in the Linux kernel.
Fixed CVE-2024-49889 in the Linux kernel.
Fixed CVE-2024-47696 in the Linux kernel.
Fixed CVE-2024-49851 in the Linux kernel.
Fixed CVE-2024-49883 in the Linux kernel.
Fixed CVE-2024-47728 in the Linux kernel.
Fixed CVE-2024-49884 in the Linux kernel.
Fixed CVE-2024-47679 in the Linux kernel.
Fixed CVE-2024-50035 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-47727 in the Linux kernel.
Fixed CVE-2024-47682 in the Linux kernel.
Fixed CVE-2024-49858 in the Linux kernel.
Fixed CVE-2024-50033 in the Linux kernel.
Fixed CVE-2024-49860 in the Linux kernel.
Fixed CVE-2024-47737 in the Linux kernel.
Fixed CVE-2024-47742 in the Linux kernel.
Fixed CVE-2024-47739 in the Linux kernel.
Fixed CVE-2024-47706 in the Linux kernel.
Fixed CVE-2024-47692 in the Linux kernel.
Fixed CVE-2024-47693 in the Linux kernel.
Fixed CVE-2024-47734 in the Linux kernel.
Fixed CVE-2024-47743 in the Linux kernel.
Fixed CVE-2024-47684 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812253 -> 812248
cos-105-17412-495-28
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.167 | v23.0.3 | v1.7.23 | See List |
Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.
Updated NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.
Fixed CVE-2024-47705 in the Linux kernel.
Fixed CVE-2024-47705 in the Linux kernel.
Fixed CVE-2024-49975 in the Linux kernel.
Fixed CVE-2024-49993 in the Linux kernel.
Fixed CVE-2024-50019 in the Linux kernel.
Fixed CVE-2024-50045 in the Linux kernel.
Fixed CVE-2024-47710 in the Linux kernel.
Fixed CVE-2024-47706 in the Linux kernel.
Fixed CVE-2024-49983 in the Linux kernel.
Fixed CVE-2024-50000 in the Linux kernel.
Fixed CVE-2024-50039 in the Linux kernel.
Fixed CVE-2024-49875 in the Linux kernel.
Fixed CVE-2024-49936 in the Linux kernel.
Fixed CVE-2024-47696 in the Linux kernel.
Fixed CVE-2024-47679 in the Linux kernel.
Fixed CVE-2024-50035 in the Linux kernel.
Fixed CVE-2024-49883 in the Linux kernel.
Fixed CVE-2024-49884 in the Linux kernel.
Fixed CVE-2024-49889 in the Linux kernel.
Fixed CVE-2024-49851 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-50033 in the Linux kernel.
Fixed CVE-2024-49860 in the Linux kernel.
Fixed CVE-2024-47737 in the Linux kernel.
Fixed CVE-2024-47742 in the Linux kernel.
Fixed CVE-2024-47739 in the Linux kernel.
Fixed CVE-2024-49858 in the Linux kernel.
Fixed CVE-2024-50046 in the Linux kernel.
Fixed CVE-2024-47692 in the Linux kernel.
Fixed CVE-2024-47693 in the Linux kernel.
Fixed CVE-2024-47684 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812685 -> 812681
cos-dev-121-18736-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.59 | v24.0.9 | v1.7.23 | See List |
Updated the Linux kernel to v6.6.59.
Update NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.
Fixed CVE-2024-50602 in dev-libs/expat.
Runtime sysctl changes:
- Changed: fs.file-max: 811799 -> 811822
cos-117-18613-75-7
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.56 | v24.0.9 | v1.7.23 | See List |
Upgraded sys-apps/xemu to v0.0.6
Runtime sysctl changes:
- Changed: fs.file-max: 811796 -> 811757
You can now use the Firestore managed bulk delete service to delete documents in bulk. This feature is in Preview.
For more information, see Bulk delete data.
You can now use the managed bulk delete service to delete entities in bulk. This feature is in Preview.
For more information, see Bulk delete data.
The GKE Volume Populator is generally available on GKE clusters running version 1.31.1-gke.1729000 or later. This feature provides a way to automate data transfer from a Google Cloud Storage bucket source storage to a destination PersistentVolumeClaim backed by a Parallelstore instance. To learn more, see Transfer data from Cloud Storage during dynamic provisioning using GKE Volume Populator.
(2024-R43) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.14-gke.1340000
- 1.28.15-gke.1015000
- 1.29.9-gke.1496000
- 1.29.10-gke.1043000
- 1.30.5-gke.1443001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1376000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1541000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1628000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1376000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1541000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1628000 with this release.
Regular channel
- Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Regular channel.
- The following versions are no longer available in the Regular channel:
- 1.28.14-gke.1217000
- 1.29.9-gke.1341000
- 1.30.5-gke.1355000
- 1.31.1-gke.1678000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.
Stable channel
There are no new releases in the Stable channel.
Extended channel
- Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Extended channel.
- The following versions are no longer available in the Extended channel:
- 1.28.14-gke.1217000
- 1.29.9-gke.1341000
- 1.30.5-gke.1355000
- 1.31.1-gke.1678000
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.
No channel
- Version 1.30.5-gke.1443001 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.28.14-gke.1217000
- 1.28.15-gke.1015000
- 1.29.9-gke.1341000
- 1.29.10-gke.1043000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.
(2024-R43) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.14-gke.1340000
- 1.28.15-gke.1015000
- 1.29.9-gke.1496000
- 1.29.10-gke.1043000
- 1.30.5-gke.1443001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1376000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1541000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1628000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1376000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1541000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1628000 with this release.
(2024-R43) Version updates
- Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Regular channel.
- The following versions are no longer available in the Regular channel:
- 1.28.14-gke.1217000
- 1.29.9-gke.1341000
- 1.30.5-gke.1355000
- 1.31.1-gke.1678000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.
(2024-R43) Version updates
There are no new releases in the Stable channel.
(2024-R43) Version updates
- Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Extended channel.
- The following versions are no longer available in the Extended channel:
- 1.28.14-gke.1217000
- 1.29.9-gke.1341000
- 1.30.5-gke.1355000
- 1.31.1-gke.1678000
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.
(2024-R43) Version updates
- Version 1.30.5-gke.1443001 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.28.14-gke.1217000
- 1.28.15-gke.1015000
- 1.29.9-gke.1341000
- 1.29.10-gke.1043000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.
General availability: You can now create Cloud Storage import topics in Pub/Sub that lets you ingest data from Cloud Storage into Pub/Sub. The change is being rolled out in a phased manner over the rest of the week. For more information about Cloud Storage import topics, see Create a Cloud Storage import topic .
General availability: You can now enable Google Cloud platform logs to help you troubleshoot issues when you are using Cloud Storage import topics to ingest data. For more information, see Use platform logs to troubleshoot Cloud Storage import topics.
November 05, 2024
BigQueryDataplex automatic discovery lets you scan data in Cloud Storage buckets to extract and catalog metadata. Automatic discovery creates BigLake or external tables and object tables you can use for analytics and AI, and catalogs that data in Dataplex Catalog. This feature is available in public preview.
The BigQuery Data Transfer Service data source change log provides details about upcoming changes to data source schemas and schema mappings.
For Java jobs, you can use Artifact Registry to store and manage the JAR files for your BigQuery Engine for Apache Flink jobs. For more information, see Use Artifact Registry.
Generally available: An updated version of the gVNIC driver for Windows offers improved network performance and support for Jumbo frames. For more information, see Update to the latest gVNIC driver for Windows.
Dataplex automatic discovery is available in public preview. Automatic discovery is a feature in BigQuery that lets you scan data in Cloud Storage buckets to extract and catalog metadata. Automatic discovery creates BigLake or external tables and object tables you can use for analytics and AI, and catalogs that data in Dataplex Catalog. For more information, see Discover and catalog Cloud storage data.
We are extending the availability of Gemini 1.0 Pro 001 and Gemini 1.0 Pro Vision 001 from February 15, 2025 to April 9, 2025. For details, see the Deprecations.
Generally available: In GKE version 1.26 and later, Hyperdisk Balanced volumes can be created in Confidential mode for custom boot disks and persistent volumes and attached to Confidential GKE Nodes.
Cloud TPU v6e machine types are now in public preview for GKE clusters running version 1.30.4-gke.1167000 or later. These TPU VMs (ct6e-standard
) are available in the following zones: us-east5-b
, europe-west4-a
, us-east1-d
, asia-northeast1-b
, and us-south1-a
. To learn more, see Plan TPUs in GKE.
Spanner now supports client-side metrics for Java and Go applications. These metrics can be used with server-side metrics to enable faster troubleshooting of performance and latency issues.
These metrics are included in the latest Spanner client libraries for the following languages:
- Java in version 6.81.0 and later
- Go in version 1.71.0 and later
For more information, see View and manage client-side metrics.
November 04, 2024
BigQueryA weekly digest of client library updates from across the Cloud SDK.
Go
Changes for bigquery/storage/apiv1beta1
1.64.0 (2024-10-30)
Features
- bigquery/datatransfer: Add scheduleOptionsV2 and Error fields for TransferConfig (78d8513)
- bigquery/storage: Add experimental ArrowData type and arrow_data field within AppendRowsRequest (f0b05e2)
Bug Fixes
- bigquery: Handle null RANGE (#11058) (9979e72), refs #11047
- bigquery: Parse negative NUMERIC from arrow (#11052) (83352c4)
- bigquery: Update google.golang.org/api to v0.203.0 (8bb87d5)
- bigquery: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (8bb87d5)
Documentation
Java
Changes for google-cloud-bigquery
2.43.3 (2024-10-29)
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.10.2 (19fc184)
2.43.2 (2024-10-27)
Dependencies
- Update actions/checkout action to v4.2.2 (#3541) (c36c123)
- Update actions/upload-artifact action to v4.4.2 (#3524) (776a554)
- Update actions/upload-artifact action to v4.4.3 (#3530) (2f87fd9)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.54.0 (#3532) (25be311)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20241013-2.0.0 (#3544) (0c42092)
- Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.10.0 (0bd3c86)
- Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.10.1 (c03a63a)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.58.0 (#3533) (cad2643)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.38.0 (#3542) (16448ee)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.39.0 (#3548) (616b2f6)
- Update github/codeql-action action to v2.26.13 (#3536) (844744f)
- Update github/codeql-action action to v2.27.0 (#3540) (1616a0f)
Documentation
A weekly digest of client library updates from across the Cloud SDK.
Percentage-based request mirroring is now supported for the global and regional external Application Load Balancers (classic is not supported). By default, the mirrored backend service receives all requests, even if the
original traffic is being split between multiple weighted backend services. You
can now configure the mirrored backend service to receive only a percentage of the
requests by using the mirrorPercent
flag to specify the percentage of
requests to be mirrored expressed as a value between 0 and 100.0.
For an example, see Set up traffic management for regional external Application Load Balancers.
This capability is available in Preview.
You can now view the size of a backup for a Cloud SQL instance.
You can now view the size of a backup for a Cloud SQL instance.
You can now view the size of a backup for a Cloud SQL instance.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/storage
7.14.0 (2024-10-29)
Features
Go
Changes for storage/internal/apiv2
1.46.0 (2024-10-31)
Features
Bug Fixes
- storage: Skip only specific transport tests. (#11016) (d40fbff)
- storage: Update google.golang.org/api to v0.203.0 (8bb87d5)
- storage: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (2b8ca4b)
Miscellaneous Chores
The translation LLM now supports Polish, Turkish, Indonesian, Dutch, Vietnamese, Thai and Czech. For the full list of supported languages, see the Translate text page.
Preview: You can create GPU VMs all at once in a regional managed instance group (MIG) by using resize requests. This feature was previously available only for zonal MIGs. For more information, see About resize requests in a MIG.
Project-based semantic search offered by Dataplex Search is available in Preview. Semantic search, powered by Gemini, simplifies the search process without the need for complex search syntax. It supports natural language queries. For more information, see Discover data using semantic search.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/datastore
9.2.0 (2024-10-30)
Features
- Add FindNearest API to the stable branch (#1333) (1d56433)
- Update Go Datastore import path (#1261) (bf3dafd)
Bug Fixes
Go
Changes for datastore/admin/apiv1
1.20.0 (2024-10-29)
Features
- datastore: Add FindNearest API to the stable branch (#10980) (f0b05e2)
- datastore: Support for field update operators in the Datastore API and resolution strategies when there is a conflict at write time (78d8513)
Bug Fixes
- datastore: Bump dependencies (2ddeb15)
- datastore: Do not delay on final transaction attempt (#10824) (0d732cc)
- datastore: Remove namespace from Key.String() (40229e6)
- datastore: Remove namespace from Key.String() (#10684) (#10823) (40229e6)
- datastore: Update google.golang.org/api to v0.203.0 (8bb87d5)
- datastore: Use local retryer in transactions (#11050) (3ef61a2)
- datastore: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (8bb87d5)
Java
Changes for google-cloud-datastore
2.24.1 (2024-10-28)
Dependencies
The translation LLM now supports Polish, Turkish, Indonesian, Dutch, Vietnamese, Thai and Czech. For the full list of supported languages, see the Translate text page.
The Anthropic Claude Haiku 3.5 is Generally Available on Vertex AI. To learn more, view the Claude Haiku 3.5 model card in Model Garden.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.134.1 (2024-10-26)
Dependencies
Python
Changes for google-cloud-pubsub
2.27.0 (2024-11-02)
Features
Bug Fixes
You can configure discovery to save sample findings to a BigQuery table. This feature is useful if you want to evaluate whether your inspection configuration is correctly matching the type of information that you want to flag as sensitive. To enable this feature, create or edit the scan configuration for the data resource that you want to profile.
November 02, 2024
Google SecOps SOARRelease 6.3.24 is currently in Preview.
You can now use custom integrations in prompts when creating a playbook with Gemini.
Release 6.3.23 is now in General Availability.
From now on, only new features and changes will be written up for the Release Notes. Please use the customer portal to track progress of your support tickets or reach out to Customer Support for more information.
November 01, 2024
Apigee hybridhybrid v1.12.3
On November 1, 2024 we released an updated version of the Apigee hybrid software, 1.12.3.
- For information on upgrading, see Upgrading Apigee hybrid to version 1.12.3.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
368646378 | Fixed an issue affecting control Plane connectivity testing in Guardrails. |
361044374 | Fixes assign message not correctly highlighting the set payload action in the debug trace. |
335357961 | Fixed an issue where Apigee hybrid could claim uploads of backups with the Cloud provider when no bucket had been configured |
181569113 | Fixed an issue in new debug session creation. |
Bug ID | Description |
---|---|
376104926 | Security fixes for apigee-kube-rbac-proxy . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-open-telemetry-collector . This addresses the following vulnerability: |
Creating a Multislice TPU environment is now available in the Google Cloud Console. You can use Multislice to run training jobs using multiple TPU slices within a single Pod or on slices in multiple Pods. You must use a queued resource request to create a Multislice environment. For more information, see Cloud TPU Multislice overview.
You can now request Cloud TPUs as queued resources in the Google Cloud Console. Queuing your request for TPU resources can help alleviate stockout issues. If the resources you request are not immediately available, your request is added to a queue until the request succeeds or you delete it. You can also specify a time range in which you want to fulfill the resource request. For more information, see Manage queued resources.
(New guide) Migrate from AWS Lambda to Cloud Run: Describes how to design, implement, and validate a plan to migrate from AWS Lambda to Cloud Run.
October 31, 2024
Anti Money Laundering AIA new major engine version is available for Retail and Commercial lines of business, within the v4 tuning version. These engine versions:
Introduce a new feature area within the unusual-counterparty-activity feature family focused on surfacing suspicious parties through their inbound and outbound transactions with exited parties.
Apply a new data validation to ensure there are no periods in the required time range without any valid entries in the Party, Transaction, or AccountPartyLink table.
The retail engine version also has more reliable tuning performance, in particular for small datasets. This improvement was already present in commercial engine versions.
Java 11 has reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Java.
Java 11 has reached end of support. Your existing Java 11 applications using will continue to run and receive traffic. However, App Engine might block re-deployments of applications that use runtimes after their end of support date. We recommend that you upgrade to the latest supported version of Java.
You can also use the Google Cloud Console to enable private origin authentication for Amazon Simple Storage Service (Amazon S3) and compatible object stores.
Support for IPv6 static routes with a next hop internal passthrough Network Load Balancer (next-hop-ilb
) is available in Preview.
cos-117-18613-75-4
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.56 | v24.0.9 | v1.7.23 | See List |
This is an LTS Refresh release.
Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.
Update R550, latest driver to v550.90.12.
Update NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.
Fixed CVE-2024-50039 in the Linux kernel.
Fixed CVE-2024-50023 in the Linux kernel.
Fixed CVE-2024-50019 in the Linux kernel.
Fixed CVE-2024-50045 in the Linux kernel.
Fixed CVE-2024-50000 in the Linux kernel.
Fixed CVE-2024-49975 in the Linux kernel.
Fixed CVE-2024-50015 in the Linux kernel.
Fixed CVE-2024-49889 in the Linux kernel.
Fixed CVE-2024-49936 in the Linux kernel.
Fixed CVE-2024-47696 in the Linux kernel.
Fixed CVE-2024-47728 in the Linux kernel.
Fixed CVE-2024-47679 in the Linux kernel.
Fixed CVE-2024-49851 in the Linux kernel.
Fixed CVE-2024-50035 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-47706 in the Linux kernel.
Fixed CVE-2024-47737 in the Linux kernel.
Fixed CVE-2024-50064 in the Linux kernel.
Fixed CVE-2024-49858 in the Linux kernel.
Fixed CVE-2024-50033 in the Linux kernel.
Fixed CVE-2024-47688 in the Linux kernel.
Fixed CVE-2024-47675 in the Linux kernel.
Fixed CVE-2024-47745 in the Linux kernel.
Fixed CVE-2024-47700 in the Linux kernel.
Fixed CVE-2024-50055 in the Linux kernel.
Fixed CVE-2024-47660 in the Linux kernel.
Fixed CVE-2024-50047 in the Linux kernel.
Fixed CVE-2024-47678 in the Linux kernel.
Fixed CVE-2024-49860 in the Linux kernel.
Fixed CVE-2024-47742 in the Linux kernel.
Fixed CVE-2024-50046 in the Linux kernel.
Fixed CVE-2024-47739 in the Linux kernel.
Fixed CVE-2024-47668 in the Linux kernel.
Fixed CVE-2024-47682 in the Linux kernel.
Fixed CVE-2024-47692 in the Linux kernel.
Fixed CVE-2024-47727 in the Linux kernel.
Fixed CVE-2024-47693 in the Linux kernel.
Fixed CVE-2024-47734 in the Linux kernel.
Fixed CVE-2024-47744 in the Linux kernel.
Fixed CVE-2024-47743 in the Linux kernel.
Fixed CVE-2024-47684 in the Linux kernel.
Fixed CVE-2024-50058 in the Linux kernel.
Fixed CVE-2024-49850 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811706 -> 811796
New Dataproc Serverless for Spark runtime versions:
- 1.1.86
- 1.2.30
- 2.2.30
New Dataproc on Compute Engine subminor image versions:
- 2.0.125-debian10, 2.0.125-rocky8, 2.0.125-ubuntu18
- 2.1.73-debian11, 2.1.73-rocky8, 2.1.73-ubuntu20, 2.1.73-ubuntu20-arm
- 2.2.39-debian12, 2.2.39-rocky9, 2.2.39-ubuntu22
Note: When using Dataproc version 2.0.125 with the ranger-gcs-plugin, please create a customer support request for your project to use the enhanced version of the plugin prior to its GA release. This note does not apply Dataproc on Compute Engine image versions 2.1 and 2.2.
Disabled HiveServer2 Ranger policy synchronization in non-HA clusters for latest image version 2.1 and later. Policy synchronization is causing instability of the HiveServer2 process while trying to connect to ZooKeeper, which is not active by default in non-HA clusters.
Eventarc is available in Preview in a new edition: Eventarc Advanced lets you receive, filter, transform, route, and deliver messages between different services, apps, and systems.
Eventarc Standard continues to deliver events from provider to destination by letting you define triggers that filter events.
The Google Cloud console now includes a monitoring dashboard for each database. For more information, see Use the Cloud Monitoring dashboard.
Google Cloud Architecture Framework: Operational excellence: Major update to align the recommendations with core principles of operational excellence.
For GKE clusters running version 1.31.1-gke.1146000 or later, Cloud Tensor Processing Unit (TPU) v3 machine types are generally available. These TPU VMs (ct3-hightpu-4t
and ct3p-hightpu-4t
) are currently available in us-east1-d, europe-west4-a, us-central1-a, us-central1-b, and us-central1-f. To learn more, see TPUs in GKE.
GKE control plane authority is now generally available with version 1.31.1-gke.1846000 or later. GKE control plane authority provides enhanced visibility, security controls, and customization of the GKE control plane. For more information, see the About GKE control plane authority.
Clusters that are experiencing stale endpoint resources and stale kube-dns entries are likely affected by Kubernetes issue #126578. Your cluster is most likely affected if endpoint resources consistently have incorrect Pod IPs. This issue has been fixed in the following GKE versions or later:
- 1.28.14-gke.1115000
- 1.29.9-gke.1207000
- 1.30.5-gke.1171000
- 1.31.1-gke.1414000
Support for SMS-based authentication flows in the Identity Platform integration with reCAPTCHA Enterprise API is now in Preview. In addition, the integration now supports reCAPTCHA's SMS toll fraud protection and the ability to bring your own reCAPTCHA keys.
For more information, see the following pages:
Partner connection launch update
The following partner connectors have been added to the Looker Studio Connector Gallery:
- Oktopost by Oktopost
- Jepto - GMB/GBP Free by Jepto
- Instagram Insights by Detrics
- Bing Ads by Detrics
- LinkedIn Ads by Detrics
- X Ads (Twitter) by Detrcs
- Insites by Insites
- LinkedIn Ads by Pro Plugg
- TikTok Organic by Power My Analytics
- Nightwatch SEO Tracker by Nightwatch
- MongoDB AppiWorks by Jivrus Technologies
- Google Merchant Center by Adformatic
Text wrapping for pivot table row headers
You can now choose to wrap row header text in pivot table charts by enabling the Wrap text option in the Style tab.
A monthly digest of client library updates from across the Cloud SDK.
Go
Changes for spanner/admin/database/apiv1
1.69.0 (2024-10-03)
Features
Bug Fixes
Performance Improvements
1.70.0 (2024-10-14)
Features
- spanner/admin/instance: Define ReplicaComputeCapacity and AsymmetricAutoscalingOption (78d8513)
- spanner: Add INTERVAL API (78d8513)
- spanner: Add new QueryMode enum values (WITH_STATS, WITH_PLAN_AND_STATS) (78d8513)
Documentation
- spanner/admin/instance: A comment for field
node_count
in messagespanner.admin.instance.v1.Instance
is changed (78d8513) - spanner/admin/instance: A comment for field
processing_units
in messagespanner.admin.instance.v1.Instance
is changed (78d8513) - spanner: Update comment for PROFILE QueryMode (78d8513)
Java
Changes for google-cloud-spanner
6.77.0 (2024-10-02)
Features
- Add INTERVAL API (c078ac3)
Dependencies
- Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.52.0 (#3291) (9241063)
- Update dependency com.google.cloud:google-cloud-monitoring to v3.52.0 (#3292) (da27a19)
- Update dependency com.google.cloud:google-cloud-monitoring to v3.52.0 (#3293) (c6dbdb2)
- Update dependency com.google.cloud:google-cloud-trace to v2.51.0 (#3294) (a269747)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#3355) (5191e71)
- Update dependency com.google.cloud.opentelemetry:exporter-metrics to v0.32.0 (#3371) (d5b5ca0)
- Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.32.0 (#3372) (aa9a71d)
- Update dependency commons-io:commons-io to v2.17.0 (#3349) (7c21164)
- Update dependency io.opentelemetry:opentelemetry-bom to v1.42.1 (#3323) (95dfc02)
- Update dependency ubuntu to v24 (#3356) (042c294)
- Update googleapis/sdk-platform-java action to v2.46.1 (#3354) (378f5cf)
- Update junixsocket.version to v2.10.1 (#3367) (5f94915)
- Update opentelemetry.version to v1.42.1 (#3330) (7b05e43)
Documentation
- Update comment for PROFILE QueryMode (c078ac3)
6.78.0 (2024-10-11)
Features
- Define ReplicaComputeCapacity and AsymmetricAutoscalingOption (f46a6b3)
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.47.0 (139a715)
Dependencies
6.79.0 (2024-10-11)
Features
Dependencies
- Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.53.0 (#3390) (a060e92)
- Update dependency com.google.cloud:google-cloud-monitoring to v3.53.0 (#3391) (7f0927d)
- Update dependency com.google.cloud:google-cloud-monitoring to v3.53.0 (#3392) (fd3e92d)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.37.0 (#3395) (8ecb1a9)
- Update dependency com.google.cloud.opentelemetry:exporter-metrics to v0.33.0 (#3388) (26aa51d)
- Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.33.0 (#3389) (6e34c5a)
- Update googleapis/sdk-platform-java action to v2.47.0 (#3383) (4f0d693)
6.80.0 (2024-10-25)
Features
Dependencies
- Update dependency com.google.cloud:sdk-platform-java-config to v3.38.0 (#3424) (b727453)
- Update dependency io.opentelemetry:opentelemetry-bom to v1.43.0 (#3399) (a755c6c)
- Update dependency io.opentelemetry:opentelemetry-sdk-testing to v1.43.0 (#3398) (693243a)
- Update googleapis/sdk-platform-java action to v2.48.0 (#3422) (d5d1f55)
Documentation
PSC-I Egress is supported for Ray clusters Vertex AI. PSC-I is recommended for private connectivity since it reduces the chance of IP exhaustion, and allows for transitive peering. Check out Private Service Connect interface for Ray on Vertex AI. This feature is available in Preview.
Private Service Connect interface (PSC-I) is now supported for ML pipeline runs in Vertex AI Pipelines. PSC-I is recommended for private connectivity, since it reduces the chance of IP exhaustion, and allows for transitive peering.
For more information, see Configure Private Service Connect interface for a pipeline. This feature is available in Preview.
Vertex AI Search: Stream answers (GA with allowlist)
The answer streaming method can return generated answers in sequential parts. This reduces the perception of latency. As the end users read the first part of the answer, the subsequent parts of the answer are being generated.
The answer streaming method also includes many of the features of the original answer method.
This feature is Generally available to select Google customers (GA with allowlist). For more information, see Stream answers.
Support for IPv6 static routes with a next hop internal passthrough Network Load Balancer (next-hop-ilb
) is available in Preview.
October 30, 2024
Cloud Composer(Cloud Composer 3) Airflow workers now generate a proper OpenID Connect (OIDC) token.
(Airflow 2.9.3 and 2.7.3) The dbt-common
package was downgraded from 1.11.0 to 1.10.0.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.9.3-build.5 (default)
- composer-3-airflow-2.7.3-build.21
Cloud Composer 2.9.9 images are available:
- composer-2.9.9-airflow-2.9.3 (default)
- composer-2.9.9-airflow-2.7.3
Cloud Composer version 2.5.0 has reached its end of support period.
Dedicated Interconnect and Cross-Cloud Interconnect now support network traffic differentiation through application awareness on Cloud Interconnect in Preview. For more information, see "Configure traffic differentiation" for Dedicated Interconnect and Cross-Cloud Interconnect.
Service Extensions plugins are available for Google Cloud Application Load Balancers, excluding Classic, in Preview.
Service Extensions plugins help you insert WebAssembly (Wasm) plugins in a fully managed serverless environment directly into the data path of Application Load Balancers.
For details, see Plugins for Cloud Load Balancing.
Generally available: General purpose C4A Arm VMs on Google's custom-built Axiom processors. C4A VMs are available as predefined configurations in sizes ranging from 1 vCPU to 72 vCPUs and up to 576 GB of DDR5 memory. C4A uses Google Cloud's latest generation storage options including Hyperdisk Balanced and Hyperdisk Extreme.
C4A VMs are available in the following regions and zones:
- Singapore - asia-southeast1-a,b,c
- Belgium - europe-west1-b,c,d
- Frankfurt - europe-west3-a,b,c
- Netherlands - europe-west4-a,b,c
- Iowa - us-central1-a,b,c
- South Carolina - us-east1-b,c,d
- Virginia - us-east4-a,b,c
Generally available: You can autoscale a regional MIG with a BALANCED target distribution shape. With the BALANCED shape, the autoscaler is aware of the capacity in each zone and creates VMs in zones that have resource availability. For more information, see Autoscaling a regional MIG.
Weighted load balancing for GKE External LoadBalancer Services is now available in Preview. Weighted load balancing is a more efficient way to distribute traffic to nodes based on the number of serving Pods they have backing the Service. To learn more, see About LoadBalancer Services.
(2024-R42) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- Version 1.31.1-gke.1846000 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.14-gke.1217000
- 1.29.9-gke.1341000
- 1.30.5-gke.1355000
- 1.31.1-gke.1678000
- 1.31.1-gke.2008000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1846000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.
Regular channel
- Version 1.30.5-gke.1355000 is now the default version for cluster creation in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.28.14-gke.1099000
- 1.29.9-gke.1177000
- 1.30.5-gke.1014001
- 1.30.5-gke.1014003
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1355000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.
Stable channel
- Version 1.30.5-gke.1014003 is now the default version for cluster creation in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.28.14-gke.1004000
- 1.29.8-gke.1278000
- 1.30.5-gke.1014001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1014003 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1014003 with this release.
Extended channel
- Version 1.30.5-gke.1355000 is now the default version for cluster creation in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.1712000
- 1.28.14-gke.1099000
- 1.29.9-gke.1177000
- 1.30.5-gke.1014001
- 1.30.5-gke.1014003
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.
No channel
- Version 1.30.5-gke.1355000 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.28.14-gke.1004000
- 1.29.8-gke.1278000
- 1.30.4-gke.1348000
- 1.30.4-gke.1348001
- 1.31.1-gke.1146000
- 1.31.1-gke.2008000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.5-gke.1014003 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.5-gke.1014003 with this release.
(2024-R42) Version updates
- Version 1.31.1-gke.1846000 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.14-gke.1217000
- 1.29.9-gke.1341000
- 1.30.5-gke.1355000
- 1.31.1-gke.1678000
- 1.31.1-gke.2008000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1846000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.
(2024-R42) Version updates
- Version 1.30.5-gke.1355000 is now the default version for cluster creation in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.28.14-gke.1099000
- 1.29.9-gke.1177000
- 1.30.5-gke.1014001
- 1.30.5-gke.1014003
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1355000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.
(2024-R42) Version updates
- Version 1.30.5-gke.1014003 is now the default version for cluster creation in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.28.14-gke.1004000
- 1.29.8-gke.1278000
- 1.30.5-gke.1014001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1014003 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1014003 with this release.
(2024-R42) Version updates
- Version 1.30.5-gke.1355000 is now the default version for cluster creation in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.1712000
- 1.28.14-gke.1099000
- 1.29.9-gke.1177000
- 1.30.5-gke.1014001
- 1.30.5-gke.1014003
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.
(2024-R42) Version updates
- Version 1.30.5-gke.1355000 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.28.14-gke.1004000
- 1.29.8-gke.1278000
- 1.30.4-gke.1348000
- 1.30.4-gke.1348001
- 1.31.1-gke.1146000
- 1.31.1-gke.2008000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.5-gke.1014003 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.5-gke.1014003 with this release.
You can use Packet Mirroring, an "out-of-band" Network Security Integration, to analyze your workloads' network traffic at scale. This feature is available in Preview. For more information, see Network Security Integration overview.
For Preview, Network Security Integration resources are available free of charge. For other Google Cloud resources, see the product-specific pricing documentation.
Service Extensions plugins help you insert WebAssembly (Wasm) plugins in a fully managed serverless environment directly into the data path of most Cloud Load Balancing Application Load Balancers. This feature is in Preview.
For details, see Plugins for Cloud Load Balancing.
Studio Voices now support synthesis with multiple speakers to generate audios for interviews, interactive storytelling, video games, e-learning platforms, and accessibility solutions.
October 29, 2024
Cloud Load BalancingAll the Application Load Balancers, except the classic Application Load Balancer, now support stateful cookie-based session affinity. When you use stateful cookie-based affinity, the load balancer includes an HTTP cookie in the Set-Cookie
header in response to the initial HTTP request. With stateful session affinity, customers can preserve stickiness to the selected backend.
For details, see Stateful cookie-based session affinity.
This capability is in General Availability.
You can now create and manage log scopes by using the Google Cloud CLI, in addition to using the Cloud Console and Terraform. Log scopes are in Public Preview. For more information, see
Data Access logs are now compatible with all authenticated browser downloads.
- When an authenticated browser download occurs outside of the Google Cloud console, a resulting Data Access log has its
principalEmail
andcallerIp
fields redacted.
Three new metrics are added for measuring node and workload startup latency:
kubernetes.io/node/latencies/startup
: The total startup latency of a node, from the GCE instance'sCreationTimestamp
toKubernetes Node Ready
for the first time.kubernetes.io/pod/latencies/pod_first_ready
: The Pod end-to-end startup latency (from PodCreated
toReady
), including image pulls. This metric is available for clusters with GKE version 1.31.1-gke.1678000 or later.kubernetes.io/autoscaler/latencies/per_hpa_recommendation_scale_latency_seconds
: Horizontal Pod Autoscaling (HPA) scaling recommendation latency (the time between metrics being created and the corresponding scaling recommendation being applied to the API server) for the HPA target. This metric is available for clusters running the following versions or later:- 1.30.4-gke.1348001
- 1.31.0-gke.1324000
Instance Group Managers for node pools created with version 1.30.5-gke.1523000 or later and 1.31.1-gke.1869000 or later will now have update on repair enabled by default. This will allow labels to persist upon Spot VM preemption.
Added support for the databases
configuration. For more details, see the entry for databases
in Supported Redis configurations.
Organization Policy managed constraints are a set of constraints built on the custom organization policy platform. You can use managed constraints in place of certain predefined constraints to perform dry-run tests and simulate changes to your policies using Policy Intelligence tools. This feature is now in General Availability.
BigQuery Connector for SAP version 2.8
Version 2.8 of the BigQuery Connector for SAP is generally available (GA). This version offers several enhancements and bug fixes, including the record compression option at field level, a transaction to view the version of BigQuery Connector for SAP, and an enhancement spot for HTTP error handling.
For more information, see What's new with BigQuery Connector for SAP.
October 28, 2024
AlloyDB for PostgreSQLAlloyDB for PostgreSQL now supports in-place major version upgrade in Preview. You can upgrade your cluster that is compatible with PostgreSQL version 14 to 15. For more information, see Upgrade a database in-place major version.
Add failure policy (Generally available (GA))
You can now configure more complicated retry strategies for tasks, such as retries based on the error codes or the variable values during the execution:
- Configure multiple ordered conditional failure policies for each task.
- Configure a default failure policy that will be applied if no conditional failure policies matches.
- Use system auto-generated variables in the failure policies. For example,
ExecutionMode
andErrorInfo
.
For more information, see Example for error handling.
Dynamic Workload Scheduler for Batch is available in Preview. We recommend using Dynamic Workload Scheduler to improve resource availability for jobs that run on A3 GPU VMs when you don't intend to use a reservation. For more information, see Create and run a job that uses GPUs.
The Oracle plugin version 1.11.4 is available in Cloud Data Fusion versions 6.10.1 and later. This release includes the following change:
- Fixed an issue causing pipelines with an Oracle sink that has date columns in the input schema to fail (PLUGIN-1812).
To take advantage of the new features of the global external Application Load Balancer, you can now migrate your classic Application Load Balancer resources to the global external Application Load Balancer infrastructure.
To migrate to the global external Application Load Balancer, you change the load balancing scheme of your load balancing resources—specifically, the backend services and forwarding rules—from EXTERNAL
to EXTERNAL_MANAGED
. You can also rollback resources to the classic Application Load Balancer infrastructure, as long as you do so within 90 days of changing the load balancing scheme.
For more details on the migration process, see the following pages:
- Migration overview
- Migrate resources from classic to global external Application Load Balancer
- Roll back migrated resources to classic Application Load Balancer
This capability is available in Preview.
You can now use tags to annotate your log buckets and use the tags to manage access to the log buckets. For more information, see Manage log buckets by using tags.
A weekly digest of client library updates from across the Cloud SDK.
The capabilities for dashboard-level filtering has been enhanced. You can now configure pinned filters and variables to have multiple default values and support selection of multiple values. You can also create value-only variables and generate the list of possible values for a variable by running a SQL query. These features are in Public Preview. For more information, see the following documents:
Additional functionality is now available for the Object Retention Lock and Bucket Lock features:
You can now enable Object Retention Lock on existing buckets using the Console.
Enabling Object Retention Lock on a bucket will cause a lien to be placed, at best effort, on the project containing the bucket.
Buckets can now have Bucket Lock and Object Versioning enabled at the same time.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-storage
2.44.1 (2024-10-25)
Dependencies
2.44.0 (2024-10-23)
Features
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.47.0 (c517798)
- Fix createFrom resumable upload retry offset calculation (#2771) (1126cdc), closes #2770
- Update gRPC ReadObject retry to avoid double retry (#2765) (1fc57b9)
Dependencies
- Update dependency com.google.apis:google-api-services-storage to v1-rev20241008-2.0.0 (#2776) (0545b5e)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.38.0 (#2787) (a470e88)
- Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.48.0 (#2781) (8fa013e)
- Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.49.0 (#2782) (a7baffb)
- Update googleapis/sdk-platform-java action to v2.48.0 (#2786) (2893e61)
You can now use the Google Cloud console to get soft delete recommendations for buckets. Soft delete recommendations help you determine when it's best to enable or disable the soft delete feature on a bucket based on impact to cost and security.
cos-105-17412-495-13
Date | Kernel | Docker | Containerd | GPU Drivers |
Oct 28, 2024 | COS-5.15.167 | v23.0.3 | v1.7.23 | See List |
Upgraded app-admin/google-guest-configs to v20240725.00.
Upgraded app-containers/cni-plugins to v1.5.1.
Updated R550, latest driver to v550.90.12.
Fixed CVE-2024-8096 and CVE-2024-7264 in net-misc/curl.
Fixed CVE-2024-47685 in the Linux kernel.
Fixed CVE-2024-27017 in the Linux kernel.
Fixed CVE-2024-38632 in the Linux kernel.
Fixed CVE-2024-39463 in the Linux kernel.
Fixed CVE-2024-47674 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812700 -> 812685
cos-117-18613-0-99
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.44 | v24.0.9 | v1.7.23 | See List |
Fixed CVE-2024-47685 in the Linux kernel.
Fixed CVE-2024-44991 in the Linux kernel.
Fixed CVE-2024-47674 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811768 -> 811706