Google Cloud release notes

You can now upgrade your Cloud SQL instances to use the new network architecture to get additional capabilities not available in the old network architecture. For more information, see Upgrade an instance to the new network architecture.

You can now configure Cloud SQL for MySQL instances for IAM group authentication. IAM group authentication requires MySQL 8.0 and R20230909.02_00 or later. This feature is in Preview.

You can now upgrade your Cloud SQL instances to use the new network architecture to get additional capabilities not available in the old network architecture. For more information, see Upgrade an instance to the new network architecture.

The following BigQuery ML data preprocessing features are now in preview:

• The ML.TRANSFORM function, which you can use to preprocess feature data. This function processes input data by applying the data transformations captured in the TRANSFORM clause of an existing model.
• Transform-only models which you can use to apply preprocessing functions to input data and return the preprocessed data. Transform-only models decouple data preprocessing from model training, making it easier for you to capture and reuse a set of data preprocessing rules.

You can now create a broken-link checker, which periodically validates the links contained in your website. This feature is in Public Preview. For more information, see Create a broken-link checker.

Cloud Storage FUSE now provides the ability to configure log rotation.

Preview: Managed instance groups (MIGs) let you create pools of suspended and stopped virtual machine (VM) instances. You can manually suspend and stop VMs in a MIG to save on costs, or use suspended and stopped pools to speed up scale out operations of your MIG.

For more information, see Work with suspended and stopped VMs in a MIG.

New goal-based query presets for identity and access misconfigurations

New goal-based query presets on the Security Command Center Vulnerabilities page are released to Preview.

The query presets support cloud infrastructure entitlement management (CIEM) by filtering vulnerability finding categories to those that are related to principal accounts that are misconfigured or that have excessive permissions to Google Cloud resources.

For more information, see Goal-based query presets.

New button to create a security action is now in several places in the Abuse detection and Risk assessment pages

The new button links directly to the Security actions page from the Abuse detection or Risk assessment pages, so you can easily create a security action for the environment you are currently viewing. The button is in the following locations:

• The Source assessment view in the Risk assessment page
• The Detected Traffic, Incident, and Incident details views in the Abuse detection page

.NET 8 is now available in preview.

Java 21 is now available in preview.

Java 21 is now available in preview. Update your configuration files based on either of the following options, depending on what your app currently uses:

• If you use legacy bundled services, you must upgrade your apps to run on either:

  • Java Enterprise Edition 10 (EE10 - default, recommended): Java EE10 does not support javax.servlet.* APIs and requires you to update your apps and third-party dependencies to use newer Java artifacts like the Jakarta namespace.
  • Java Enterprise Edition 8 (EE8): Java EE8 lets you use javax.servlet.* APIs, but you must make minor configuration changes to your appengine-web.xml file.

• If you don't use legacy bundled services, update the version in your app.yaml file.

  See Upgrade an existing application for all options.

You can now turn off automatic renewal after you've registered your domain. For more information, see Turn off automatic renewal for a domain name.

Cloud Functions (2nd gen) now supports the Java 21 runtime at the Preview release level.

Cloud Functions (2nd gen) now supports the .NET 8 runtime at the Preview release level.

Cloud Router support for IPv6 BGP sessions is in Public Preview. For more information, see BGP peering IP addresses.

The rollout of the following MySQL versions is currently underway:

MySQL 5.7.43 is upgraded to MySQL 5.7.44. For more information, see MySQL 5.7 Release Notes.

If you use a maintenance window, then the updates to the minor versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks. The new maintenance version is [MySQL version].R20231105.01_00. The details of the security fixes applied as part of this release are published in the MySQL maintenance changelog.

To learn how to check your maintenance version, see Self-service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

Added support for AlloyDBUser (v1beta1) resource.

Added support for EdgeContainerCluster (v1beta1) and EdgeContainerNodePool (v1beta1) resources.

Added support for EdgeNetworkNetwork (v1beta1) and EdgeNetworkSubnet (v1beta1) resources.

Resource BigtableAppProfile(v1beta1):

• Added spec.standardIsolation field.

Call Adapter: The redesigned Call Adapter is now available, including the following enhancements:

• Enhanced transfer experience: Combined Transfer and Add Party are now combined into one streamlined process. You can now use the Outside Line tab during call transfer.
  • Separate Agent and Queue tabs: Switch between Agent and Queue tabs for a smoother transfer management.
  • Search by queue: Find the right queue quickly with a new search feature.
• Improved blended SMS experience: Blended SMS now has a dedicated tab, enhancing accessibility and user-friendliness. The user interface now mirrors a traditional chat experience, providing a more intuitive interaction for agents.
• New call details screen: Provides ready access to call information during a call and allows the the CRM to be opened from the Call Adapter.

See the Agent Call Adapter user guide for more information.

Call history: The new call history feature allows agents to see a list of completed calls and associated metadata such as time stamps, call duration, and disposition notes. The call details view provides additional information to aid in determining whether a callback is necessary, for example whether the consumer received assistance from another agent. Call history can be enabled at Settings > Call > Call Details.

Two new voicemail features are included in this release:

• Voicemail forwarding allows agents to forward voicemails to other queues, specific agents, or back to the same queue.
• Voicemail history allows agents to access previous voicemails, providing them with the information they need to take further actions when required.

Holidays Messaging Menu: A new enhancement to the Holidays feature allows you to tailor your contact center's messaging during holidays. You can now customize voice-based and text-based greetings for each holiday under Settings > Support Center Details > Holidays.

Custom caller ID using SIP headers: This feature allows you to set a custom caller ID from an incoming SIP header. You can configure this feature at Settings > Operation Management > Data Parameters > Voice. Select the Use SIP Header Data for Caller ID checkbox and enter the Field Name in the field box. The custom caller ID will be presented on the Call Connecting and Connected screens.

Phone number management, pagination and search: The following updates have been made to the phone number management page (available at Settings > Call> Phone Number Management):

• Pagination: You can now browse entries page by page with a maximum of 100 entries per page.
• Search by Phone Number or Label: To find a specific entry, you can now enter your desired criteria in the ​Search Phone Number or Label search box​.

Session data export settings updates: Available at Settings > Developer Settings > Session Data Export.

• New Verint Face-to-Face recording settings: Configurable for those with a Verint integration. You can now add email domains in order to record calls made by agents with matching email domain addresses.
• The NICE Integration section is renamed to QM Integration.

You can now archive completed Dataflow jobs. When you archive a Dataflow job, the job is moved from the Dataflow Jobs page in the console to the Archived jobs page. For more information, see Archive Dataflow jobs.

The Media CDN capability to use a private S3-compatible bucket as an origin is now Generally Available. You can also use the GUI to configure such origins.

The ability to allow access to protected resources from an internal IP address is available in Preview.

Version @002 of the models for text, chat, code, and code chat are available. The @002 model versions include improved prompt responses. The @002 models are:

• text-bison@002
• chat-bison@002
• code-bison@002
• codechat-bison@002

To ensure that you always use the stable model version, specify the model identifier with the version number. For example, text-bison@002. For more information, see Model versions and lifecycle.

Version 2 of the stable version of the Codey code completion foundation model, named code-gecko@002, is available. code-gecko@002 features improved quality and reduced latency compared to the previous stable version, code-gecko@001. These improvements can lead to a higher rate of acceptance.

You can now query for a specific error group in the Logs Explorer and Log Analytics pages by using the error group ID. For more information, see Find error group details for a log entry.

Cloud Spanner now supports the following PostgreSQL functions:

• unnest
• array_length
• array(subquery)
• date_trunc
• extract
• spanner.date_bin
• spanner.timestamptz_add
• spanner.timestamptz_subtract

For more information, see working with arrays in PostgreSQL-dialect databases.

Confidential Space. You can now use custom attestation tokens to authenticate a workload to relying parties outside of Google Cloud. Relying parties can use authentication to help establish trust and exchange sensitive data securely.

The Dataflow web-based monitoring interface now includes a dashboard that monitors your Dataflow jobs at the project level. For more information, see Dataflow project monitoring dashboard.

Terraform IAM policy for the Dataform repository resource is available.

Grounding with Vertex AI Search

Model grounding is available in (Preview). Use grounding to connect the text-bison and chat-bison models to unstructured data stores in Vertex AI Search. Grounding lets models access and use the information in the data repositories to generate more enhanced and nuanced responses. For more information, see the Grounding Overview.

Advisory Notifications now sends mandatory security and privacy notifications for users using Google Cloud without an organization. This feature is available in Preview. For a list of notification types, see Types of notifications.

You can now select the pod for your Bare Metal Solution resources through the Google Cloud console intake form. This feature is generally available (GA).

The restrict unencrypted HTTP requests organization policy constraint is now generally available (GA). This constraint blocks all unencrypted HTTP access to Cloud Storage resources.

Generally available: The following location and scale enhancements for Persistent Disk Asynchronous Replication are generally available:

• Larger disk capacity: the maximum disk size has increased from 2 TiB to 5 TiB.
• Faster replication rate: the disk data replication rate has increased from 100 MB/min to 250 MB/min.
• Expanded regional support: PD Async Replication is available in 15 additional regions across Europe, APAC, and North America. For the full list of available regions, see Supported region pairs.

Backported support for TCP RTO configuration in networkd.

Preview of uncommitted changes during a commit is available.

Added the Confidential Computing option on the "Manage Security" panel on the "Create a Dataproc cluster on Compute Engine" page in the Google Cloud console.

The Speech-to-Text API used by Dialogflow now supports two new speech models for the en and en-us language tags: telephony and telephony_short. The two models are customized to recognize audio that originates from a phone call and corresponds to the most recent versions of the existing phone_call model. For more details, see Dialogflow CX speech models and Dialogflow ES speech models.

DDoS attack visibility is now Generally Available. For more information, see Access DDoS attack visibility telemetry.

Policy Controller integration released to General Availability

The integration of Policy Controller for Kubernetes clusters with Security Command Center is released to General Availability. Violation alerts from Policy Controller appear in Security Command Center as misconfiguration findings.

For more information, see Policy Controller.

Cloud Pub/Sub trigger supports cross-project topics

You can now configure your Cloud Pub/Sub trigger for a Pub/Sub topic that isn't in the same Google Cloud project as your integration. The Pub/Sub topic can be in any Google Cloud project.

Starting with this release, you must specify a service account when configuring the Cloud Pub/Sub trigger. Your existing Cloud Pub/Sub triggers, that don't have any service account associated with them, will continue to work as before. However, if you want to modify the Pub/Sub topic in any of the existing Cloud Pub/Sub triggers, you must also configure a service account for those triggers to continue using them.

Management console is now highly available within the deployed region, ensuring resilience against zonal outages.

(Available without upgrading) The dags list-import-errors Airflow CLI command is now supported.

Ops Agent version 2.44.0 introduces the following features:

• Support for Compute Engine VMs that are running Ubuntu 23.10 (Mantic Minotaur). For more information, see Operating systems.
• Support for Compute Engine Arm VMs that are running Debian 12 (Bookworm). For more information, see Support for Compute Engine Arm VMs.
• An option to prevent the agent from collecting self logs and sending them to Cloud Logging. For more information, see Collection of self logs.

Ops Agent version 2.44.0 introduces the following features:

• Support for Compute Engine VMs that are running Ubuntu 23.10 (Mantic Minotaur). For more information, see Operating systems.
• Support for Compute Engine Arm VMs that are running Debian 12 (Bookworm). For more information, see Support for Compute Engine Arm VMs.
• An option to prevent the agent from collecting self logs and sending them to Cloud Logging. For more information, see Collection of self logs.

You can use configuration YAML files to transform SQL code when you translate SQL queries from your source database. Configuration YAML files can be used with the batch SQL translator, the interactive SQL translator, and the batch translation Python client. This feature is now generally available (GA).

The slot estimator now supports project level cost-optimal commitment and autoscale recommendations for on-demand workloads. This feature is now in preview.

You can specify a preferred Cloud SQL zone for the environment's database when creating a standard resilience environment.

(New guide) Set up an embedded finance solution using Google Cloud and Cloudentity

Storage Transfer Service supports transfers from cloud and on-premises Hadoop Distributed File System (HDFS) sources. This feature is in limited release; complete the form linked from the user guide at Transfer from HDFS to Cloud Storage to request access.

This new feature supports use cases such as migrating from on-premises storage to Cloud Storage, archiving data to free up on-premises storage space, replicating data to Google Cloud for business continuity, or transferring data to Google Cloud for analysis and processing.

The Unicorn model size for PaLM 2 for Text is generally available (GA). The text-unicorn model provides improved response quality and reasoning capability compared to the text-bison model. For details, see Model information.

You can now specify an inclusion filter or exclusion filter that is applied to the _Default sinks of new resources. For more information, see Configure default filter of _Default sinks.

Updated NVIDIA GPU drivers. This resolves CVE-2023-31022.

Updated NVIDIA GPU drivers. This resolves CVE-2023-31022.

Updated NVIDIA GPU drivers. This resolves CVE-2023-31022.

Updated NVIDIA GPU drivers. This resolves CVE-2023-31022.

Updated NVIDIA GPU drivers.

Dialogflow CX answer feedback is now generally available (GA) and has new configurations in Dialogflow Messenger, conversation history, and BigQuery export.

Starting in GKE version 1.27.6-gke.1248000, clusters in Autopilot mode detect nodes that can't fit all DaemonSets and, over time, migrate workloads to larger nodes that can fit all DaemonSets. For more information, see Best practices for DaemonSets on Autopilot.

Starting in GKE 1.27.7, you can configure your workloads to use TPU reservations with node auto-provisioning.

The AlloyDB columnar engine now supports columns with the array data type.

Release 1.16.3

Anthos clusters on bare metal 1.16.3 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.16.3 runs on Kubernetes 1.27.

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

• Google Cloud VMWare Engine
  • vmwareengine.googleapis.com/ExternalAccessRule
  • vmwareengine.googleapis.com/ExternalAddress
  • vmwareengine.googleapis.com/NetworkPeering
  • vmwareengine.googleapis.com/NetworkPolicy
  • vmwareengine.googleapis.com/PrivateCloud
  • vmwareengine.googleapis.com/Cluster
  • vmwareengine.googleapis.com/PrivateConnection
  • vmwareengine.googleapis.com/VmwareEngineNetwork

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

• admissionregistration.k8s.io/ValidatingWebhookConfiguration

ComputeToken API now available in Preview

The ComputeToken API is now available in (Preview). You can use this API to get a list of tokens for a given prompt. A token is a way to represent a common sequence of characters found in a text input. To learn more, see Get a list of tokens.

HubSpot trigger is now available in preview.

Jobs enhancement

The following features have been added:

• Ability to sort the job execution table by time or status
• Indication in the jobs queue for each failed job iteration

Confidential Space. You can now use the Split-Trust Encryption Tool (STET) with Confidential Space.

Datastream now supports SSL/TLS encryption for connections to PostgreSQL sources that don't require client certificates.

Release 1.14.11

Anthos clusters on bare metal 1.14.11 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.11 runs on Kubernetes 1.25.

The following Connector Event triggers are available in preview:

• IBM MQ trigger
• Rabbit MQ trigger

SAP HANA databases running in Compute Engine instances can now be backed up as Persistent Disk snapshots of the Compute Engine instance. This feature is in Private Preview.

Added basic connector support for the following OSes. See Support matrix.

• OEL 8.8, 9.1, and 9.2
• RHEL 8.8 and 9.2
• RHEL for SAP 8.8, 9.0, and 9.2
• Rocky Linux 8.8, 9.0, 9.1, and 9.2
• Rocky Linux Optimised for Google Cloud 8.8 and 9.2
• SLES 15 SP5
• SLES for SAP 15 SP5

Cloud Spanner emulator support for the PostgreSQL dialect is now generally available. To learn more about the emulator, see Emulate Cloud Spanner locally.

The Object Retention Lock feature is now available.

• Using this feature, you can place a retention configuration on individual objects.

• A retention configuration defines a date prior to which the object cannot be deleted or overwritten.

• A retention configuration can optionally be locked to prevent the retention date from being shortened or removed.

Network edge security polices (custom rules) are now available to allowlisted users. For more information about network edge policies, see Types of security policies. In addition, you can learn how to Configure network edge security policies.

Release 1.15.7

Anthos clusters on bare metal 1.15.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.15.7 runs on Kubernetes 1.26.

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed and Search (SearchAllResources, SearchAllIamPolicies) APIs.

• Financial Services
  • financialservices.googleapis.com/Dataset
  • financialservices.googleapis.com/BacktestResult
  • financialservices.googleapis.com/EngineConfig
  • financialservices.googleapis.com/Model
  • financialservices.googleapis.com/PredictionResult

Regional endpoints are now available in Preview. Regional endpoints let you run your workloads in a manner that complies with data residency and data sovereignty requirements, where your request traffic is routed directly to the region specified in the endpoint.

Confidential Space. Support for VPC Service Controls is released to General Availability.

You can now protect Confidential Space using VPC Service Controls perimeters. For more information, see VPC Service Controls supported products.

General availability support for the following integration:

• Confidential Space

You can use Private Service Connect backends to access published services that are hosted on regional internal Application Load Balancers and regional internal proxy Network Load Balancers.

Helm charts management for Apigee hybrid

Starting in version v1.11.0, you have the choice of installing and managing your clusters with either Helm or apigeectl. You cannot manage a cluster with both. Apigee recommends using Helm for new hybrid installations. See Apigee hybrid Helm charts reference.

Vault integration for Cassandra credentials (preview)

Starting in version v1.11.0, you can store Cassandra credentials in Hashicorp Vault.
Note: Using Vault requires Helm management of your Apigee installation.
See Storing Cassandra credentials in Hashicorp Vault.

Vault integration is in preview as of the Apigee hybrid 1.11.0 release.

Apigee Advance API Security Actions for Apigee hybrid

Advanced API Security's new Security Actions feature is now available in Apigee hybrid.

The sensitive data discovery service can now detect the presence of secrets, such as passwords and authentication tokens, in your Cloud Functions environment variables. Sensitive Data Protection sends any findings to Security Command Center as vulnerability findings. For more information, see Report secrets in environment variables to Security Command Center.

Observability for Google Kubernetes Engine: The Observability tab for a GKE cluster adds a dashboard for GPU metrics. The charts on this dashboard are populated only if the cluster has GPU nodes. For more information, see View observability metrics.

For services with cold start times exceeding 10 seconds, requests are now queued for at least the cold start time before timing out while waiting for instances to start.

Cloud SQL now supports migrating data to an instance that already exists. You can create the instance by using Terraform or other Infrastructure-As-Code (IaC) Tools. After creating the instance, use the demote API to migrate data to it. This API demotes an existing standalone instance to be a Cloud SQL read replica for an external database server.

Cloud SQL for MySQL now supports minor version 8.0.35. To upgrade your existing instance to the new version, see Upgrade the database minor version.

Cloud SQL now supports migrating data to an instance that already exists. You can create the instance by using Terraform or other Infrastructure-As-Code (IaC) Tools. After creating the instance, use the demote API to migrate data to it. This API demotes an existing standalone instance to be a Cloud SQL read replica for an external database server.

You can now run workloads on L4 GPUs in Autopilot clusters that use GKE version 1.28.3-gke.1203000 and later. For instructions, see Deploy GPU workloads in Autopilot.

Vertex AI Feature Store

The following features of the new and improved Vertex AI Feature Store are now generally available (GA):

• Feature Registry: Register your feature data sources in BigQuery by creating feature groups and features. For more information, see Create a feature group and Create a feature.

• Cloud Bigtable online serving: Serve features from one or more BigQuery data sources. You can set up Cloud Bigtable online serving by defining online serving clusters called online store instances and creating feature views within the online store instances.

Note that the following features of Vertex AI Feature Store are still in Preview:

• Serve features at ultra-low latencies with Optimized online serving.
• Sync data in a feature view within an online store.
• Retrieve vector embeddings for real-time serving.

For more information, see About Vertex AI Feature Store.

Support for a Kubernetes API connector is available in Preview. The connector allows you to interact with Kubernetes objects in a Google Kubernetes Engine cluster. For more information, see Access Kubernetes API objects using a connector.

See the blog post: Deploy and manage Kubernetes applications with Workflows.

The IL4 compliance program now supports the following products. See Supported products for more information:

• Cloud DNS
• Cloud Interconnect
• Cloud Monitoring
• Cloud Router
• Cloud SQL
• Cloud VPN
• Pub/Sub

The following BigQuery ML features for Vertex AI large language models (LLMs) are now generally available (GA):

• The SQL syntax for remote models has been updated to provide access to all text generation and text embedding LLMs (for example, text-bison-32k and textembedding-gecko-multilingual) and also to provide support for different LLM versions.

• Region support for text-bison* LLM models has been expanded to include the following locations in addition to us and us-central1:

  • asia-northeast3
  • asia-southeast1
  • eu
  • europe-west1
  • europe-west2
  • europe-west3
  • europe-west4
  • europe-west9
  • us-west4

Cloud Spanner now supports automatic cleanup of long running transactions (in Preview). To enable this feature, use the Java or Go client library to automatically remove long running transactions that might cause session leaks and receive warning logs about problematic transactions. For more information, see Automatic cleanup of session leaks.

Cloud Spanner now supports Hibernate ORM 6.3 in GoogleSQL Hibernate dialect. For more information, see Integrate Spanner with Hibernate ORM (GoogleSQL dialect).

M113 release

• Miscellaneous bug fixes and improvements in Python 3.10 container images.

M113 release

• Miscellaneous bug fixes and improvements in Python 3.10 images.

You can now configure alerts for Cloud Deploy release render failures.

M113 release

The M113 release of Vertex AI Workbench instances includes the following:

• Added the Dataproc JupyterLab plugin to Vertex AI Workbench instances. To get started, see Create a Dataproc-enabled instance.
• When using an instance's Google Cloud CLI, gcloud config is preset with the following defaults:
  • project is set to your instance's project.
  • Your compute region is set to your instance's region.
  • Your Dataproc region is set to your instance's region.
• Fixed an issue that prevented Dataproc kernels from working.
• Fixed a CORS (cross-origin resource sharing) error.

The M113 release of Vertex AI Workbench user-managed notebooks includes the following:

• Miscellaneous bug fixes and improvements in Python 3.10 notebooks.

You can now restrict an OAuth 2.0 access token so that it works only for AlloyDB authentication.

You can now configure the AlloyDB Auth Proxy to automatically authenticate IAM-based database logins. This works only with the IAM account that you use to run the proxy client.

The AlloyDB Omni Kubernetes Operator version 0.2.0 is available in Preview. This update adds support for AlloyDB Omni version 15.2.2, and includes various bug fixes and improvements. For more information about upgrading AlloyDB using the Kubernetes operator, see Upgrade AlloyDB Omni.

Cloud SQL supports the bulk insert functionality of SQL Server for importing data. This functionality is supported only on SQL Server 2022.

For more information, see Use bulk insert for importing data.

Cloud Spanner now provides an integration workflow with Vertex AI Vector Search to enable vector similarity search on data stored in Spanner. For more information, see Export embeddings from Spanner to Vector Search.

Backported support for TCP RTO configuration in networkd.

Dynamic Workload Scheduler support on GKE through the Provisioning Request API launched in Preview in version 1.28. Use the Dynamic Workload Scheduler to get large atomic sets of available GPU models in GKE Standard clusters. For more information, see Deploy GPUs for batch workloads with ProvisioningRequest.

Vertex AI Search: Autocomplete denylist (Preview with allowlist)

Importing an autocomplete denylist is available as a preview with allowlist feature. To use this feature, contact your Google account team.

For information about autocomplete denylists, see Use an autocomplete denylist.

Batch video and image support in Vertex AI Vision Warehouse is Generally Available. Vertex AI Vision Warehouse now supports semantic searches and similarity searches on video and images. For more information, see Vision Warehouse overview

You can now see query performance insights about partition skew. This feature is in preview.

Cancelling a currently running job execution is now at general availability (GA).

Backported support for TCP RTO configuration in networkd.

Google Cloud console experience for VMware Engine: You can use the Google Cloud console to manage your VMware Engine environments without opening another tab. For more information on migrating to this refreshed experience, see What's new with VMware Engine.

VMware Engine network: Further simplification of the networking architecture and experience in VMware Engine removes the need for private service networking. With VMware Engine networks, you can create multiple isolated networks within the same project and connect them as needed to consumer VPCs to deliver complex topologies.

Integrated networking: Private cloud deployment is now just one simple step. VMware Engine network and initial VPC peering to your VPC can be done at the time of private cloud creation.

Advanced VPC Peering: Virtual Private Cloud network peerings define network connectivity between VMware Engine networks, Google VPCs, and other services. You can now create a complex set of VPC peerings within the Google Cloud console.

Increase to the default VPC Peer count: Any standard VMware Engine network now supports 25 VPC Peers by default.

Integrated Cloud DNS for workloads (DNS Bindings): Bi-directional Cloud DNS capabilities that enable DNS resolution for VMware Engine workloads, delivering enterprise needs in a simplified and more streamlined manner. Cloud DNS administrators can bind the VMware Engine network just as any other VPC.

DNS Server IP: Workloads within your private cloud can now use native Cloud DNS for DNS resolution.

Management DNS for private clouds: Automatic Management DNS Peering is now Automatic Management DNS for Private Clouds. You can now view and manage the DNS bindings for the private cloud management zone.

External access rules: Control access to external IP addresses. We have simplified the rule creation process to no longer require creation of a table and attachment to a subnet. External access rules now support one or more external IP address within a single rule.

(Legacy Networks) DNS forwarding rules: Allows configuration of management appliance DNS resolution for private clouds attached to legacy VMware Engine networks.

ESXi (NSX-T Distributed Log Forwarding): You can now configure both ESXi logs, including NSX-T Distributed Firewall (DFW) Logs, to a remote syslog server.

Finer-grained access controls for additional resources: VMware Engine provides finer-grained, per-action access controls for actions performed on new resources added. To view a comprehensive list of permissions for VMware Engine, go to the Permissions reference and search for the prefix vmwareengine.

Additional Google Cloud CLI and VMware Engine API Endpoints: More capabilities delivered using VMware Engine API and Google Cloud CLI enables you to programmatically manage VMware Engine environments, including VMware Engine API and Google Cloud CLI functions for managing the new networking model, network peering, external access rules and external IP service, consumer DNS, and more.

Preview: You can now use Customer-Managed Encryption Keys (CMEK) in Migrate to Virtual Machines to do the following:

• Protect data stored by Migrate to Virtual Machines during the migration process.
• Protect data of the migrated VMs created by clone and cut-over operations for all sources - AWS, Azure, and VMware.

Vertex AI Search: Additional languages supported

Extractive answers are now supported in the following languages:

• Arabic
• Chinese (Simplified)
• Japanese

See Languages.

The following BigQuery ML point-in-time lookup functions are now generally available (GA). These functions let you specify a point-in-time cutoff when retrieving features for training a model or running inference, in order to avoid data leakage.

• Use the ML.FEATURES_AT_TIME function to use the same point-in-time cutoff for all entities when retrieving features.
• Use the ML.ENTITY_FEATURES_AT_TIME function to retrieve features from multiple points in time for multiple entities.

The following AI features in BigQuery are now in preview:

• The ability to process documents from BigQuery object tables by doing the following:

  • Creating a remote model based on the Document AI API, including specifying a document processor to use.
  • Using the ML.PROCESS_DOCUMENT function with a Document AI-based remote model to process the documents.
    
    Try this feature with the Process documents with the ML.PROCESS_DOCUMENT function how-to.
    
    

• The ability to transcribe audio files from BigQuery object tables by doing the following:

  • Creating a remote model based on the Speech-to-Text API, including specifying a speech recognizer to use.
  • Using the ML.TRANSCRIBE function with a Speech-to-Text-based remote model to transcribe the audio files.
    
    Try this feature with the Transcribe audio files with the ML.TRANSCRIBE function how-to.

Deploying sidecar containers to your Cloud Run service is now at general availability (GA). Console UI and CLI are also now available for this feature.

Managed autoscaler for compute capacity on Cloud Spanner instances is now in preview. With managed autoscaler, Spanner automatically increases or decreases compute capacity on the instance in response to changing workload or storage needs and user defined goals. For more information, see Managed autoscaler.

Preview: When creating or modifying an on-demand reservation, you can configure reservations to be automatically deleted at a specific date and time. Automatically deleting reservations makes it easier to prevent charges from unused reservations when you no longer need them.

For more information, see the documentation for creating on-demand reservations.

The Cloud Spanner to Vertex AI Vector Search template is generally available (GA).

Dataflow jobs now scale to 4,000 worker VMs.

Cloud Deploy now supports delivery pipeline automation, including automated release promotion and automated rollout phase advancement, in preview.

Numerical filtering available in Vertex AI Vector Search

With Vector Search you can restrict results by "filtering" your index results. In addition to filtering by using categorical restrictions, you can now use numeric filtering. To learn more, see Filter vector matches.

This release includes the public preview of integrated portal APIs which allow you to manage your integrated portal APIs and reference documentation using API calls.

The catalog items list view now uses pagination when making requests to the portals service, examples have been added to Publishing your APIs, and new reference documentation is available:

• Publishing your APIs
• API categories reference documentation
• API documents reference documentation

Apigee is now available in a new region: Middle East - Dammam (me-central2).

See Apigee locations for more information about available regions.

Database Migration Service now supports data cache in Cloud SQL for PostgreSQL Enterprise Plus edition instance creation.

You can enable data cache in the destination database when you create a migration job. To learn more about data cache in Cloud SQL for PostgreSQL, see Data cache overview.

You can now load saved queries in the Log Analytics page by using the Load button. The Load button lets you edit the query in the Query pane before running the query.

You can now upgrade Enterprise edition instances to Enterprise Plus edition in place with minimal disruption. Similarly, you can also switch from Enterprise Plus edition to Enterprise edition in place. For more information, see Upgrade an instance by using in-place upgrade.

You can now upgrade Enterprise edition instances to Enterprise Plus edition in place with minimal disruption. Similarly, you can also switch from Enterprise Plus edition to Enterprise edition in place. For more information, see Upgrade an instance by using in-place upgrade.

Cloud Spanner now supports batch-oriented scans. For certain queries, Spanner chooses a batch-oriented processing mode to help improve scan throughput and performance. For more information, see Optimize scans.

Preview: In a managed instance group (MIG), you can turn off repairs to inspect failed and unhealthy VMs, to implement your own repair logic, or to monitor the application health without triggering repairs by MIG. For more information, see Turn off repairs in a MIG.

You can now stream the following large object data types for Oracle sources:

• BLOB
• CLOB
• NCLOB

Support for Firestore point-in-time recovery (PITR) feature that provides protection against accidental deletion or writes is now generally available (GA).

Support for Firestore in Datastore mode point-in-time recovery (PITR) feature that provides protection against accidental deletion or writes is now generally available (GA).

The Observability tab for a GKE deployment now shows application performance metrics if the metrics are available. The supported metric sources include Istio, GKE Ingress, NGINX Ingress and gRPC, and HTTP metrics collected by using Google Managed Service for Prometheus. For more information, see Use application performance metrics.

Policy Controller integration now in Preview

The integration of Policy Controller for Kubernetes clusters with Security Command Center is released to Preview. Violation alerts from Policy Controller now appear in Security Command Center as misconfiguration findings.

For more information, see Policy Controller.

Generative AI on Vertex AI

Security controls are available for additional Generative AI on Vertex AI features.

Release 6.2.39 - Preview

Dynamic mode instance support

When a playbook is built for more than one environment, you need to use dynamic mode which picks the relevant instance configuration from the target environment. When using dynamic mode within environments that contain multiple instances, the playbook needs to stop and wait for the analyst to pick the right instance by the context of the alert.

In this release, we have added a new option to the playbook designer, such that the analyst can specify an instance for the dynamic mode to use within the target environment by entering a name or a pattern in a new Specify Instance Name field.

For more information, see Specify instance in dynamic mode. This feature is in Preview.

Jobs enhancement

The Jobs page in the platform has been enhanced to provide more information at a glance for the security analyst. The following is a list of the added features:

• Filter jobs according to success or failure.
• Click View Details to open a side bar with full details.
• Export the log details in raw text format.
• View all job iterations with extra pagination support.

This feature is in Preview.

Update SiemplifyUtils to support Python 3 (ID #45825896).

This feature is in Preview

You can now display events, such as the crash of a GKE pod, on your dashboards. This feature is in Public Preview.

• For a list of supported events, see Events overview.
• For information about enabling events, see Show events on a dashboard.

Data cache is now available for Cloud SQL for PostgreSQL Enterprise Plus edition instances.

You can now recover a permanently failed stream. For more information, see Recover a stream.

You can now start a stream from a specific binary log position for MySQL sources using the Datastream API. For more information, see Start a stream from a specific binary log position.

GKE Infrastructure Dashboards and Metrics Packages are now generally available for both GKE Autopilot and Standard clusters with control plane version 1.27.2-gke.1200 and later.

You can now configure your Autopilot or Standard clusters to export a predefined list of metrics emitted by GKE managed kube-state-metrics (KSM) for workloads state and persistent storage. The component will run in the GKE system namespace "gke-managed-cim" to collect the metrics using Google Cloud Managed Service for Prometheus and send them to Cloud Monitoring. You can view the metrics in the new Persistent and Workloads State dashboards in the Observability tab.

The extension oracle_fdw is added to the extensions supported by AlloyDB. The extension provides a foreign data wrapper for accessing Oracle databases.

Detection Engine has added support for rule statuses for Chronicle YARA-L rules running on live data. In addition to being in Enabled or Disabled state, rules can also have Limited or Paused status depending on their resource usage.

Cloud Bigtable app profiles now let you configure request priorities to prioritize certain workload data requests over others. This feature is available in Preview.

Cloud Functions now supports on-deployment security updates (1st gen and 2nd gen) and fully automatic security updates (1st gen only). For details, see Execution environment security.

Setting custom audiences on your Cloud Run services is now at general availability (GA).

Confidential Space. Support for VPC Service Controls is released to Preview.

You can now protect Confidential Space using VPC Service Controls perimeters. For more information, see VPC Service Controls supported products.

You can now use Dataproc Serverless autoscaling V2 to help you manage Dataproc Serverless workloads, improve workload performance, and save costs.

Configuring Google Cloud operations suite alerts is now supported in the Cloud Deploy console.

New inference-focused Cloud Tensor Processing Unit (TPU) v5e machine types are available in GKE. These single-host TPU VMs are designed for inference workloads and contain one, four, or eight TPU v5e chips. These three new TPU v5e machine types (ct5l-hightpu-1t, ct5l-hightpu-4t, and ct5l-hightpu-8t) are currently available in the us-central1-a and europe-west4-b zones.

Cloud Tensor Processing Unit (TPU) v5e is generally available in clusters running GKE version 1.27.2-gke.2100 and later.

TPU v5e is purpose-built to bring the cost-efficiency and performance required for medium- and large-scale training and inference. TPU v5e delivers up to 2x higher training performance per dollar and up to 2.5x inference performance per dollar for LLMs and gen AI models compared to Cloud TPU v4. At less than half the cost of TPU v4, TPU v5e makes it possible for more organizations to train and deploy larger, more complex AI models.

Admins can now restrict non-admins from accessing the dashboard auto-refresh option.

Users can now move dashboard tiles to the left or the right side and also resize them to standard sizes.

Quick Layout for dashboard editors has been added behind the dashboard_layout_accelerator feature flag, which is set to ON by default for all customers besides core instances.

Support for VPC Service Controls released to Preview

You can now protect Security Command Center using VPC Service Controls perimeters. For more information, see VPC Service Controls supported products.

Traffic Director advanced load balancing, which is in Preview, is updated to include failover health threshold configuration.

The batch SQL translator has added enhancements when viewing SQL translation reports. You can now see a log summary of all issues during a translation job, as well as a code tab that displays a side-by-side comparison of your input and output files from a translation. This feature is in preview.

The following resource types are now publicly available through the Search APIs (SearchAllResources, SearchAllIamPolicies):

• autoscaling.k8s.io/HorizontalPodAutoscaler
• k8s.io/ServiceAccount

Observability for Google Kubernetes Engine: The Observability tab for a GKE deployment now shows application performance metrics if the metrics are available. The supported metric sources include Istio, GKE Ingress, NGINX Ingress and gRPC and HTTP metrics collected by using Google Managed Service for Prometheus. For more information, see Use application performance metrics.

Cloud Spanner now supports the Go programming language ORM, GORM, with GoogleSQL-dialect databases. For more information, see Integrate Spanner with GORM (GoogleSQL dialect).

Cloud Workstations is available in the asia-east2 region (Hong Kong, APAC). For more information, see Locations.

Generally available: A replica recovery checkpoint of a regional Persistent Disk volume represents the most recent crash-consistent point in time of the fully replicated disk. For disks that are not fully replicated, you can use the checkpoint to create disk snapshots from an incomplete zonal replica. You can create and use these snapshots to recover disk data in the rare scenario where your synced replica goes down before your incomplete replica catches up.

Learn more about Regional Persistent Disk replica recovery checkpoints and how to use checkpoints to recover a degraded disk.

Campaigns, Do Not Call (DNC) list: You can now create your own Do Not Call (DNC) list for campaign calls. You can enable the Company DNC at Settings > Campaigns > Company Do Not C