The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.
You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
May 14, 2025
AlloyDB for PostgreSQLThe default major version of PostgreSQL compatibility for new AlloyDB clusters is now PostgreSQL 16.
On May 14, 2025, we released an updated version of Apigee (1-15-0-apigee-4).
Large message payload support in Apigee
Apigee now supports message payloads up to 30MB. For more information, see:
- Message payload size.
Properties
in the ProxyEndpoint configuration elements reference.Properties
in the TargetEndpoint configuration elements reference.
Improvements to the PublishMessage policy
The PublishMessage policy now supports two new elements:
The <UseMessageAsSource> element uses request or response message content as the source of data to be written to Pub/Sub. For more information, see <UseMessageAsSource>.
The <Attributes> element lets you specify string attributes (key/value pairs) to include with the request or response message that is written to Pub/Sub. For more information, see <Attributes>.
Bug ID | Description |
---|---|
391140293 | Resolved scaling issue resulting in 503 errors Added |
391862684 | Resolved issue with requests stuck at Message Processor causing timeouts. |
N/A | Updates to security infrastructure and libraries. |
You can now schedule automated data transfers from Snowflake to BigQuery using the BigQuery Data Transfer Service. This feature is in preview.
BigQuery now supports cross-region transfers for batch loading and exporting data. You can load or export your data from any region or multi-region to any other region or multi-region using a single bq load
, LOAD DATA
, bq extract
, or EXPORT DATA
statement. This feature is generally available (GA).
Vector indexes support the TreeAH index type, which uses Google's ScaNN algorithm. The TreeAH index is optimized for efficient batch processing, capable of handling anywhere from a few thousand to hundreds of thousands of embeddings at once. This feature is generally available (GA).
Cloud SQL for SQL Server now supports TLS connections to Active Directory endpoints without requiring server certificate trust or the use of IP addresses. Existing server certificates will need to be rotated to use this feature.
Create custom commands
You can now configure and use custom commands with IntelliJ Gemini Code Assist (version 1.15.0
). Create, save, and execute your own pre-configured prompts to perform repetitive tasks faster and more easily in the IDE.
To view the custom commands settings, go to Settings > Tools > Gemini > Prompt Library.
Chat responses with error messages now have action buttons for IntelliJ Gemini Code Assist (version 1.15.0
).
Mobile SDK 2.12 is released
Mobile SDK 2.12 includes the following updates:
- Added support for the following languages:
- Ukrainian
- English - India
- Hindi
- Romanian
- Croatian
- Russian
- Tagalog
- End-users can receive and download attachments during sessions. The following file types are supported:
- Images: JPEG, JPG, PNG, GIF, WebP
- Video: MP4, MOV, AVI, WMV, WebM
- Audio: MP3, WAV, M4A, WEBA
- Other file types: PDF, DOC, XLS, PPT, CSV, TXT
Preview: You can use the Google Cloud console to create admin clusters and view admin cluster details. For more information, see Create an admin cluster.
New premium versions of the following parsers are now available:
- ZSCALER_WEBPROXY
- ZSCALER_FIREWALL
- ZSCALER_DNS
- ZSCALER_INTERNET_ACCESS
- ZSCALER_VPN
- ZSCALER_ZPA
- ZSCALER_TUNNEL
- ZSCALER_CASB
- ZSCALER_DLP
- ZSCALER_ADMIN_AUDIT
We recommend using the documented topology for each parser.
New premium versions of the following parsers are now available:
- ZSCALER_WEBPROXY
- ZSCALER_FIREWALL
- ZSCALER_DNS
- ZSCALER_INTERNET_ACCESS
- ZSCALER_VPN
- ZSCALER_ZPA
- ZSCALER_TUNNEL
- ZSCALER_CASB
- ZSCALER_DLP
- ZSCALER_ADMIN_AUDIT
We recommend using the documented topology for each parser.
Looker 25.8 is expected to include the following changes, features, and fixes:
Expected Looker (original) deployment start: Monday, May 19, 2025
Expected Looker (original) final deployment and download available: Thursday, May 29, 2025
Expected Looker (Google Cloud core) deployment start: Monday, May 19, 2025
Expected Looker (Google Cloud core) final deployment: Monday, June 2, 2025
An issue has been fixed where HTML in a LookML dimension wasn't being applied to Y-axis labels. This feature now performs as expected.
SSL host validation is now enabled by default. If any of your SSL certificates are invalid, certain Looker workflows may break.
You can now create connections using the Amazon Redshift 2.1+ or Amazon Redshift Serverless 2.1+ SQL dialect, both of which use the Redshift JDBC driver. Connections with the original Amazon Redshift SQL dialect option use the Postgres JDBC driver.
The Presto JDBC driver version has been updated to 0.291.
You can now select the JDBC driver version when you create or edit a connection.
The sync_lookml_dashboard
API endpoint now accepts an optional dashboard_ids
parameter to specify a subset of dashboards to synchronize.
The gemini_in_looker
permission can now be applied to selected models on the Looker instance. The Gemini role still applies the gemini_in_looker
permission to all models on the Looker instance; however, if needed, Looker admins can manually restrict use of Gemini in Looker to specific models by creating and assigning a Looker role with gemini_in_looker
permissions on limited models.
When you create a custom measure, suggestions are now displayed for tier filters.
An issue has been fixed where some of the Project API endpoints wouldn't create a fresh dev mode copy of the LookML project files if no dev mode copy already existed. These endpoints now work as expected.
An issue has been fixed where Elite System Activity data could be delayed. This feature now performs as expected.
An issue has been fixed where navigating between Looks could cause the System Activity Explore to correlate an incorrect Look ID with a query ID. This feature now performs as expected.
An issue has been fixed where filtering on a pivoted field while Grid Layout by Row was enabled could return a server error. This feature now performs as expected.
An issue has been fixed where duplicating a dashboard tile and editing it could cause the tile to load indefinitely. This feature now performs as expected.
An issue has been fixed where scheduled reports could include limited columns even if All Results was enabled for the schedule. This feature now performs as expected.
An issue has been fixed where links in data tables couldn't be clicked. This feature now performs as expected.
An issue has been fixed where changes to the row limit and visualization configuration that were applied by custom visualizations were not saved in the System Activity query record. This feature now performs as expected.
An issue has been fixed where Looks could appear before dashboards in embedded folder navigation. This feature now performs as expected.
An issue has been fixed where running queries would not be canceled if a user navigated away from a dashboard, for example, by clicking an Explore from here link. This feature now performs as expected.
An issue has been fixed where all the folders in the IDE would collapse when a user toggled a folder on a new session. This feature now performs as expected.
An issue has been fixed where a scatterplot visualization could crash if there were less than three rows of data and clustering was enabled. This feature now performs as expected.
An issue has been fixed where additional queries that were used for totals and pivots would not include context comments. These queries now include context comments, and this feature performs as expected.
An issue has been fixed where blank measure filters could prevent Looker from correctly displaying subtotals in table visualizations. This feature now performs as expected.
An issue has been fixed where the BigQuery storage project ID could be set to a user attribute value, even though Looker doesn't support user attributes in this field. The user interface for the Connections page has been updated, and this feature now performs as expected.
Previously, using Application Default Credentials (ADC) with a BigQuery connection caused Looker to incorrectly display the service account file upload button on the PDT Override panel; this button has now been removed and this feature now performs as expected.
May 13, 2025
BigQueryThe following SQL features are now generally available (GA) in BigQuery:
GROUP BY STRUCT
and theSELECT DISTINCT
clause.GROUP BY ARRAY
and theSELECT DISTINCT
clause.GROUP BY ALL
clause.
You can export query results from Bigtable Studio. This feature is generally available (GA).
For more information, see Manage your data using Bigtable Studio.
Labels you previously set for your Cloud Run functions using either
gcloud functions
commands or the Cloud Functions v2 API propagate to Cloud Run when you deploy your functions in Cloud Run. For more information on creating labels in Cloud Run, see Configure labels for services.
Labels you previously set for your Cloud Run functions using either
gcloud functions
commands or the Cloud Functions v2 API propagate to Cloud Run when you deploy your functions in Cloud Run. For more information on creating labels in Cloud Run, see Configure labels for services.
Google has applied fixes for a vulnerability (CVE-2024-45332) affecting the following Intel processors: CascadeLake, Ice Lake XeonSP, Ice Lake XeonD, Sapphire Rapids and Emerald Rapids. For more information, see the GCP-2025-025 security bulletin.
Bulk export of universal catalog metadata is generally available (GA).
You can export universal catalog metadata into Cloud Storage and then use it for tasks that require comprehensive retrieval of metadata. You can also query and analyze the exported metadata in BigQuery.
For more information, see Export metadata.
Datastream is now available in the europe-north2
(Stockholm) region. For the list of all available regions, see IP allowlists and regions.
Version 3.34 is released
All release notes published on this date are part of version 3.34.
The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.
Co-browse is renamed to Screen Share
We've renamed the Co-browse capability to Screen Share. We've made this change in the user interface and in the documentation. However, we haven't renamed any endpoint, property, object, or other programmatic element in the APIs or the SDKs for this update.
Manual wrap-up is automatically assigned to the last completed chat
When an agent manually enters wrap-up status, wrap-up is automatically assigned to the agent's last completed chat.
Spelling and grammar check is available for SMS and WhatsApp sessions
Spelling and grammar check is now available for SMS and WhatsApp chat sessions.
Virtual agent to virtual agent chat transfers
A virtual agent can now transfer a chat session to another virtual agent by transferring to the queue that the destination virtual agent is assigned to.
The following issues were addressed in this release:
- Fixed an issue that prevented agents from calling other agents using a phone number with an extension.
- Fixed an issue where a phone number with an extension and a comma separator was not displaying correctly.
- Fixed an issue where some properties in the session metadata file were not correct for a session that was monitored by another user.
- Fixed an issue where chat duration was incorrect in reporting.
- Fixed an issue where a user was unable to change from the wrap-up status to another status.
- Fixed an issue where call IDs mistakenly appeared in agent activity timeline reports.
- Fixed an issue where the scroll bar didn't appear in the chat navigation panel of the chat adapter. This prevented agents from scrolling to chats that were hidden from view.
- Fixed an issue where error messages were mistakenly sent to end-users while they were waiting for a virtual agent to connect to their session.
- Fixed an issue where the Performance Overview Dashboard was displaying incorrect information on the Chats > Queue Abandoned and Virtual Agent Chat > Total Escalations tiles.
- Fixed an issue where sessions that were escalated by a virtual agent arrived in the destination queue and were never assigned to an agent because of an error in prioritization.
- Fixed an issue where auto-generated session summaries for the virtual agent segments of a session were not appearing in the agent adapter.
- Fixed an issue where a Screen Share error message mistakenly appeared the next time Screen Share was attempted.
- Fixed an issue where links that agents sent to end-users in a chat session did not have underscores, despite rich messaging being turned on.
- Fixed an issue where email was causing abnormally high CPU usage.
- Fixed an issue where message preview was not working in the agent adapter for web SDK and chat.
- Fixed an issue where the incorrect error message appeared when SSO sign-in failed.
- Fixed an issue where manual wrap-up caused high CPU usage.
- Fixed an issue where Chat ID was not available as an incoming field type when adding a parameter for post-session chat transfers.
- Fixed an issue where agents were unable to send messages in the chat adapter.
- Fixed an issue where the chat shortcut list continued to display after the agent deleted the shortcut keyword from the chat text field.
- Fixed an issue where chat shortcut categories were appearing in the shortcut list in the chat adapter despite the fact that they contained no chat shortcuts.
- Fixed an issue in the chat adapter where the View original and View translation links where not translated into the language of the chat adapter.
- Fixed a Workforce Management issue where login durations for events that spanned multiple intervals were incorrectly reported.
- Fixed a Workforce Management issue where short abandoned chat counts were incorrectly reported.
- Fixed a Workforce Management issue where the historical or ready time values exceeded 900 seconds.
- Fixed an Workforce Management issue where reporting data was missing for sessions over 45 minutes.
- Fixed a Workforce Management issue where hold duration was counted multiple times in reporting.
- Fixed a Workforce Management issue where query performance was sub-optimal.
- Fixed a Workforce Management issue where the OutboundCount and OutboundHandleTime calculations were incorrect in the AgentSystem report.
- Fixed a Workforce Management issue where agent queue data was not given the same treatment for calls as it was for chats.
- Fixed an agent desktop issue where the calls waiting and chats waiting fields in the menu bar displayed incorrect text when the French language was selected.
- Fixed an agent desktop issue where the Insert summary button (for inserting a generated session summary) appeared during wrap-up even when session summarization was turned off.
- Fixed an agent desktop issue where a View Previous banner mistakenly appeared when clicking the chats field in the menu bar.
- Fixed an agent desktop issue in the session data feed, where the date and time were not formatted correctly in French.
- Fixed an agent desktop issue where an agent who transferred a session and then left it was unable to see the chat adapter after being re-added to the session.
GKE now provides insights and recommendations that help you to identify and troubleshoot clusters with Custom Resource Definitions that contain an invalid or malformed Certificate Authority bundle, which might disrupt cluster operations. Implementing the recommendation helps you to keep your clusters stable and performant.
GKE Autopilot clusters fail to update the cgroup_mode
field and display the following error:
ERROR: (gcloud.container.clusters.update)
ResponseError: code=400,
message=INVALID_ARGUMENT: invalid node_pool_auto_config.linux_node_config.
Allowed fields are: ["cgroup_mode"]
This issue occurs in all GKE versions. A fix for this issue is in progress. For more information, see Migrate nodes to Linux cgroupv2.
You can now create Looker (Google Cloud core) instances that use Private Service Connect with a hybrid network configuration. Instances that have this type of configuration will allow secure inbound access through a web URL and will connect to external services through a private network.
Spanner now supports the INTERVAL
data type in GoogleSQL and PostgreSQL, which represents a duration or an amount of time.
For more information, see Interval functions in GoogleSQL and PostgreSQL data types.
Spanner now supports the SPLIT_SUBSTR()
GoogleSQL function, which splits an input string using a delimiter and returns a substring composed of a specific number of segments, starting from a given segment index.
Spanner also supports the following GoogleSQL aliases:
ADDDATE()
: Alias forDATE_ADD()
SUBDATE()
: Alias forDATE_SUB()
LCASE()
: Alias forLOWER()
UCASE()
: Alias forUPPER()
May 12, 2025
BigQueryA weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigquery
2.50.0 (2025-05-06)
Features
- Add WRITE_TRUNCATE_DATA as an enum value for write disposition (#3752) (acea61c)
- bigquery: Add support for reservation field in jobs. (#3768) (3e97f7c)
Dependencies
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.63.0 (#3770) (934389e)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20250404-2.0.0 (#3754) (1381c8f)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20250427-2.0.0 (#3773) (c0795fe)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.46.3 (#3772) (ab166b6)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.47.0 (#3779) (b27434b)
BigQuery resource utilization charts have the following changes:
- The default timeline shown in the event timeline chart has changed from one to six hours.
- Several improvements have been made to the views, including a new reservation slot usage view. This view helps monitor idle, baseline, and autoscaled slot usage.
This feature is in Preview.
You can now view the Query text section in a BigQuery execution graph to understand how the stage steps are related to the query text. This feature is in preview.
You can now use BigQuery and BigQuery DataFrames to enable multimodal analysis, transformation, and data engineering (ELT) workflows in both SQL and Python. Use multimodal data features to do the following:
Integrate unstructured data into standard tables by using
ObjectRef
values, and then work with this data in analysis and transformation workflows by usingObjectRefRuntime
values.Use generative AI to analyze multimodal data and generate embeddings by using BigQuery ML SQL functions or BigQuery DataFrames methods with Gemini and multimodal embedding models.
Create multimodal DataFrames in BigQuery DataFrames, and then use object transformation methods to transform images and chunk PDF files.
Use Python user-defined functions (UDFs) to transform images and chunk PDF files.
This feature is in Preview.
A weekly digest of client library updates from across the Cloud SDK.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.22.3 (2025-05-06)
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.56.3 (844f4fa)
Dependencies
A vulnerability (CVE-2024-28956) affecting Intel Cascade Lake processors and Intel Ice Lake processors was discovered and is being addressed. For more information, see the GCP-2025-024 security bulletin.
Public preview: In a managed instance group (MIG), you can use a health check to monitor your application health without triggering repairs of an unhealthy VM, if the application fails the health check. You can prevent the MIG from repairing an unhealthy VM by turning off autohealing. For more information, see Turn off repairs in a MIG.
cos-113-18244-382-15
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.134 | v24.0.9 | v1.7.27 | See List |
Fixed issue where modinfo could not display module signatures.
Updated apparmor to 3.1.6. This fixes CVE-2016-1585.
Upgraded containerd to 1.7.27. Fixes CVE-2024-40635.
Fixed CVE-2024-50063 in the Linux kernel.
Fixed CVE-2024-26739 in the Linux kernel.
Fixed CVE-2025-21853 in the Linux kernel.
Fixed KCTF-342debc in the Linux kernel.
Fixed KCTF-3df275e in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812040 -> 812054
cos-dev-125-19041-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.89 | v27.5.1 | v2.0.4 | See List |
Upgraded app-admin/google-guest-configs to v20250501.00.
Added support for 7th generation TPU devices.
Updated the Linux kernel to v6.6.89.
Increased kdump memory reservation.
Fixed issue where modinfo could not display module signatures.
Updated apparmor to 3.1.6. This fixes CVE-2016-1585.
Runtime sysctl changes:
- Changed: fs.file-max: 811773 -> 811729
cos-117-18613-263-13
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.87 | v24.0.9 | v1.7.27 | See List |
Upgraded app-admin/google-guest-configs to v20250501.00.
Added support for 7th generation TPU devices.
Fixed issue where modinfo could not display module signatures.
Updated apparmor to 3.1.6. This fixes CVE-2016-1585.
Upgraded containerd to 1.7.27. Fixes CVE-2024-40635.
Fixed KCTF-3df275e in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811816 -> 811830
cos-109-17800-519-7
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.135 | v24.0.9 | v1.7.27 | See List |
Fixed issue where modinfo could not display module signatures.
Updated apparmor to 3.1.6. This fixes CVE-2016-1585.
Upgraded containerd to 1.7.27. Fixes CVE-2024-40635.
Updated NVIDIA GPU drivers to v535.247.01 for default/ R535, v550.163.01 for R550 and v570.133.20 for latest/R570. This resolves CVE‑2025‑23244.
Fixed CVE-2024-26739 in the Linux kernel.
Fixed KCTF-3df275e in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812287 -> 812270
cos-121-18867-90-23
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.87 | v27.5.1 | v2.0.4 | See List |
Upgraded app-admin/google-guest-configs to v20250501.00.
Added support for 7th generation TPU devices.
Fixed issue where modinfo could not display module signatures.
Updated apparmor to 3.1.6. This fixes CVE-2016-1585.
Fixed KCTF-3df275e in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811788 -> 811731
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for dataflow/apiv1beta3
0.11.0 (2025-05-06)
Features
- dataflow: A new enum
StreamingMode
is added (2f22244) - dataflow: A new field
bugs
is added to message.google.dataflow.v1beta3.SdkVersion
(2f22244) - dataflow: A new field
data_sampling
is added to message.google.dataflow.v1beta3.DebugOptions
(2f22244) - dataflow: A new field
default_streaming_mode
is added to message.google.dataflow.v1beta3.TemplateMetadata
(2f22244) - dataflow: A new field
default_value
is added to message.google.dataflow.v1beta3.ParameterMetadata
(2f22244) - dataflow: A new field
disk_size_gb
is added to message.google.dataflow.v1beta3.RuntimeEnvironment
(2f22244) - dataflow: A new field
dynamic_destinations
is added to message.google.dataflow.v1beta3.PubsubLocation
(2f22244) - dataflow: A new field
enable_launcher_vm_serial_port_logging
is added to message.google.dataflow.v1beta3.FlexTemplateRuntimeEnvironment
(2f22244) - dataflow: A new field
enum_options
is added to message.google.dataflow.v1beta3.ParameterMetadata
(2f22244) - dataflow: A new field
group_name
is added to message.google.dataflow.v1beta3.ParameterMetadata
(2f22244) - dataflow: A new field
hidden_ui
is added to message.google.dataflow.v1beta3.ParameterMetadata
(2f22244) - dataflow: A new field
image_repository_cert_path
is added to message.google.dataflow.v1beta3.ContainerSpec
(2f22244) - dataflow: A new field
image_repository_password_secret_id
is added to message.google.dataflow.v1beta3.ContainerSpec
(2f22244) - dataflow: A new field
image_repository_username_secret_id
is added to message.google.dataflow.v1beta3.ContainerSpec
(2f22244) - dataflow: A new field
name
is added to message.google.dataflow.v1beta3.ListJobsRequest
(2f22244) - dataflow: A new field
parent_name
is added to message.google.dataflow.v1beta3.ParameterMetadata
(2f22244) - dataflow: A new field
parent_trigger_values
is added to message.google.dataflow.v1beta3.ParameterMetadata
(2f22244) - dataflow: A new field
runtime_updatable_params
is added to message.google.dataflow.v1beta3.Job
(2f22244) - dataflow: A new field
satisfies_pzi
is added to message.google.dataflow.v1beta3.Job
(2f22244) - dataflow: A new field
service_resources
is added to message.google.dataflow.v1beta3.Job
(2f22244) - dataflow: A new field
step_names_hash
is added to message.google.dataflow.v1beta3.PipelineDescription
(2f22244) - dataflow: A new field
straggler_info
is added to message.google.dataflow.v1beta3.WorkItemDetails
(2f22244) - dataflow: A new field
straggler_summary
is added to message.google.dataflow.v1beta3.StageSummary
(2f22244) - dataflow: A new field
streaming_mode
is added to message.google.dataflow.v1beta3.Environment
(2f22244) - dataflow: A new field
streaming_mode
is added to message.google.dataflow.v1beta3.FlexTemplateRuntimeEnvironment
(2f22244) - dataflow: A new field
streaming_mode
is added to message.google.dataflow.v1beta3.RuntimeEnvironment
(2f22244) - dataflow: A new field
streaming
is added to message.google.dataflow.v1beta3.TemplateMetadata
(2f22244) - dataflow: A new field
supports_at_least_once
is added to message.google.dataflow.v1beta3.TemplateMetadata
(2f22244) - dataflow: A new field
supports_exactly_once
is added to message.google.dataflow.v1beta3.TemplateMetadata
(2f22244) - dataflow: A new field
trie
is added to message.google.dataflow.v1beta3.MetricUpdate
(2f22244) - dataflow: A new field
update_mask
is added to message.google.dataflow.v1beta3.UpdateJobRequest
(2f22244) - dataflow: A new field
use_streaming_engine_resource_based_billing
is added to message.google.dataflow.v1beta3.Environment
(2f22244) - dataflow: A new field
user_display_properties
is added to message.google.dataflow.v1beta3.JobMetadata
(2f22244) - dataflow: A new message
DataSamplingConfig
is added (2f22244) - dataflow: A new message
HotKeyDebuggingInfo
is added (2f22244) - dataflow: A new message
ParameterMetadataEnumOption
is added (2f22244) - dataflow: A new message
RuntimeUpdatableParams
is added (2f22244) - dataflow: A new message
SdkBug
is added (2f22244) - dataflow: A new message
ServiceResources
is added (2f22244) - dataflow: A new message
Straggler
is added (2f22244) - dataflow: A new message
StragglerInfo
is added (2f22244) - dataflow: A new message
StragglerSummary
is added (2f22244) - dataflow: A new message
StreamingStragglerInfo
is added (2f22244) - dataflow: A new method_signature
job,update_mask
is added to methodUpdateJob
in serviceJobsV1Beta3
(2f22244) - dataflow: A new value
BIGQUERY_TABLE
is added to enumParameterType
(2f22244) - dataflow: A new value
BOOLEAN
is added to enumParameterType
(2f22244) - dataflow: A new value
ENUM
is added to enumParameterType
(2f22244) - dataflow: A new value
GO
is added to enumLanguage
(2f22244) - dataflow: A new value
JAVASCRIPT_UDF_FILE
is added to enumParameterType
(2f22244) - dataflow: A new value
KAFKA_READ_TOPIC
is added to enumParameterType
(2f22244) - dataflow: A new value
KAFKA_TOPIC
is added to enumParameterType
(2f22244) - dataflow: A new value
KAFKA_WRITE_TOPIC
is added to enumParameterType
(2f22244) - dataflow: A new value
KMS_KEY_NAME
is added to enumParameterType
(2f22244) - dataflow: A new value
MACHINE_TYPE
is added to enumParameterType
(2f22244) - dataflow: A new value
NUMBER
is added to enumParameterType
(2f22244) - dataflow: A new value
SERVICE_ACCOUNT
is added to enumParameterType
(2f22244) - dataflow: A new value
WORKER_REGION
is added to enumParameterType
(2f22244) - dataflow: A new value
WORKER_ZONE
is added to enumParameterType
(2f22244)
Bug Fixes
- dataflow: An existing oauth_scope `https (2f22244)
- dataflow: An existing oauth_scope `https (2f22244)
- dataflow: An existing oauth_scope `https (2f22244)
- dataflow: An existing oauth_scope `https (2f22244)
- dataflow: An existing oauth_scope `https (2f22244)
- dataflow: An existing oauth_scope `https (2f22244)
- dataflow: An existing oauth_scope `https (2f22244)
- dataflow: An existing oauth_scope `https (2f22244)
- dataflow: An existing oauth_scope `https (2f22244)
- dataflow: An existing oauth_scope `https (2f22244)
- dataflow: An existing oauth_scope `https (2f22244)
- dataflow: An existing oauth_scope `https (2f22244)
Documentation
- dataflow: A comment for enum
JobState
is changed (2f22244) - dataflow: A comment for enum
WorkerIPAddressConfiguration
is changed (2f22244) - dataflow: A comment for enum value
JOB_VIEW_ALL
in enumJobView
is changed (2f22244) - dataflow: A comment for field
additional_experiments
in message.google.dataflow.v1beta3.RuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
additional_user_labels
in message.google.dataflow.v1beta3.RuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
bypass_temp_dir_validation
in message.google.dataflow.v1beta3.RuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
capabilities
in message.google.dataflow.v1beta3.SdkHarnessContainerImage
is changed (2f22244) - dataflow: A comment for field
current_state
in message.google.dataflow.v1beta3.Job
is changed (2f22244) - dataflow: A comment for field
dataset
in message.google.dataflow.v1beta3.Environment
is changed (2f22244) - dataflow: A comment for field
debug_options
in message.google.dataflow.v1beta3.Environment
is changed (2f22244) - dataflow: A comment for field
dump_heap_on_oom
in message.google.dataflow.v1beta3.FlexTemplateRuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
dynamic_template
in message.google.dataflow.v1beta3.LaunchTemplateRequest
is changed (2f22244) - dataflow: A comment for field
enable_hot_key_logging
in message.google.dataflow.v1beta3.DebugOptions
is changed (2f22244) - dataflow: A comment for field
enable_streaming_engine
in message.google.dataflow.v1beta3.RuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
environment
in message.google.dataflow.v1beta3.Job
is changed (2f22244) - dataflow: A comment for field
flex_resource_scheduling_goal
in message.google.dataflow.v1beta3.Environment
is changed (2f22244) - dataflow: A comment for field
gcs_path
in message.google.dataflow.v1beta3.DynamicTemplateLaunchParams
is changed (2f22244) - dataflow: A comment for field
gcs_path
in message.google.dataflow.v1beta3.LaunchTemplateRequest
is changed (2f22244) - dataflow: A comment for field
id
in message.google.dataflow.v1beta3.Job
is changed (2f22244) - dataflow: A comment for field
ip_configuration
in message.google.dataflow.v1beta3.RuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
job_name
in message.google.dataflow.v1beta3.LaunchTemplateParameters
is changed (2f22244) - dataflow: A comment for field
kms_key_name
in message.google.dataflow.v1beta3.RuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
launch_parameters
in message.google.dataflow.v1beta3.LaunchTemplateRequest
is changed (2f22244) - dataflow: A comment for field
location
in message.google.dataflow.v1beta3.Job
is changed (2f22244) - dataflow: A comment for field
machine_type
in message.google.dataflow.v1beta3.RuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
max_workers
in message.google.dataflow.v1beta3.RuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
name
in message.google.dataflow.v1beta3.Job
is changed (2f22244) - dataflow: A comment for field
network
in message.google.dataflow.v1beta3.RuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
num_workers
in message.google.dataflow.v1beta3.RuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
project_id
in message.google.dataflow.v1beta3.Job
is changed (2f22244) - dataflow: A comment for field
requested_state
in message.google.dataflow.v1beta3.Job
is changed (2f22244) - dataflow: A comment for field
save_heap_dumps_to_gcs_path
in message.google.dataflow.v1beta3.FlexTemplateRuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
service_account_email
in message.google.dataflow.v1beta3.Environment
is changed (2f22244) - dataflow: A comment for field
service_account_email
in message.google.dataflow.v1beta3.RuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
service_kms_key_name
in message.google.dataflow.v1beta3.Environment
is changed (2f22244) - dataflow: A comment for field
service_options
in message.google.dataflow.v1beta3.Environment
is changed (2f22244) - dataflow: A comment for field
set
in message.google.dataflow.v1beta3.MetricUpdate
is changed (2f22244) - dataflow: A comment for field
subnetwork
in message.google.dataflow.v1beta3.RuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
temp_location
in message.google.dataflow.v1beta3.RuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
transform_name_mapping
in message.google.dataflow.v1beta3.Job
is changed (2f22244) - dataflow: A comment for field
type
in message.google.dataflow.v1beta3.Job
is changed (2f22244) - dataflow: A comment for field
worker_region
in message.google.dataflow.v1beta3.Environment
is changed (2f22244) - dataflow: A comment for field
worker_region
in message.google.dataflow.v1beta3.RuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
worker_zone
in message.google.dataflow.v1beta3.Environment
is changed (2f22244) - dataflow: A comment for field
worker_zone
in message.google.dataflow.v1beta3.RuntimeEnvironment
is changed (2f22244) - dataflow: A comment for field
zone
in message.google.dataflow.v1beta3.RuntimeEnvironment
is changed (2f22244) - dataflow: A comment for message
DynamicTemplateLaunchParams
is changed (2f22244) - dataflow: A comment for message
Job
is changed (2f22244) - dataflow: A comment for message
JobExecutionStageInfo
is changed (2f22244) - dataflow: A comment for message
JobMetrics
is changed (2f22244) - dataflow: A comment for message
LaunchTemplateParameters
is changed (2f22244) - dataflow: A comment for message
MetricUpdate
is changed (2f22244) - dataflow: A comment for message
SdkHarnessContainerImage
is changed (2f22244) - dataflow: A comment for message
Step
is changed (2f22244) - dataflow: A comment for method
AggregatedListJobs
in serviceJobsV1Beta3
is changed (2f22244) - dataflow: A comment for method
CreateJob
in serviceJobsV1Beta3
is changed (2f22244) - dataflow: A comment for method
CreateJobFromTemplate
in serviceTemplatesService
is changed (2f22244) - dataflow: A comment for method
GetTemplate
in serviceTemplatesService
is changed (2f22244) - dataflow: A comment for method
LaunchTemplate
in serviceTemplatesService
is changed (2f22244) - dataflow: A comment for method
ListJobs
in serviceJobsV1Beta3
is changed (2f22244) - dataflow: A comment for service
FlexTemplatesService
is changed (2f22244)
Dataproc Serverless for Spark: Spark UI for Dataproc Serverless batches and interactive sessions, which lets you monitor and debug your serverless Spark workloads, now features Event Timeline and Task Quantile views for enhanced troubleshooting.
In GKE version 1.33 and later, the Compute Engine persistent disk CSI Driver supports provisioning Hyperdisk Balanced High Availability volumes in the ReadWriteOnce
, ReadWriteOncePod
, and ReadWriteMany
access modes. For more information, see Provisioning Hyperdisk Balanced High Availability volumes.
A feature rollout on May 8, 2025, introduced new APIs that may require updated permissions for custom roles to access the detection UI page.
If you encounter access errors, update your permissions, as needed, or select Revert to Previous Detection Table on the detection page to revert to the previous UI.
YARA-L search with data tables updates
- Data tables are now accessible from the Investigation menu, instead of Detection, in the web interface.
- Data tables can now be used as a data source in search queries.
- Role-based access control (RBAC) has been added to manage access to data tables.
A feature rollout on May 8, 2025, introduced new APIs that may require updated permissions for custom roles to access the detection UI page.
If you encounter access errors, update your permissions, as needed, or select Revert to Previous Detection Table on the detection page to revert to the previous UI.
YARA-L search with data tables updates
- Data tables are now accessible from the Investigation menu, instead of Detection, in the web interface.
- Data tables can now be used as a data source in search queries.
- Role-based access control (RBAC) has been added to manage access to data tables.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.139.3 (2025-05-06)
Dependencies
- Update dependency com.google.cloud:sdk-platform-java-config to v3.47.0 (#2414) (d78823f)
- Update googleapis/sdk-platform-java action to v2.57.0 (#2415) (1ddf9b8)
1.139.2 (2025-05-05)
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.56.3 (2b928a8)
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.49.2 (#2399) (ff48708)
- Update dependency com.google.cloud:google-cloud-core to v2.54.3 (#2393) (0ffa26a)
- Update dependency com.google.cloud:google-cloud-storage to v2.52.1 (#2396) (283a6e1)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.46.3 (#2406) (8963ed0)
You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Cloud Quotas resources. For more information, see Use custom organization policies. This feature is available in Preview.
By default, scans for MAC_ADDRESS
findings now include MAC_ADDRESS_LOCAL
findings. Previously, you could only use this functionality if you set the InfoType.version
of MAC_ADDRESS
to latest
in your InspectConfig
.
You can still use the old version of MAC_ADDRESS
by setting its InfoType.version
to legacy
or by using the MAC_ADDRESS_UNIVERSAL
infoType. In 90 days, the new functionality will be promoted to legacy
.
You can exclude IP address ranges from being used for automatic IP address allocation for internal ranges. This feature is available in General Availability. For more information, see Reserve internal ranges.
reCAPTCHA Mobile SDK v18.7.1 is now available for Android
This version contains reliability improvements in the execute()
method.
May 11, 2025
Google SecOps SOARRelease 6.3.45 is being rolled out to the first phase of regions as listed here.
This release contains internal and customer bug fixes.
May 10, 2025
AlloyDB for PostgreSQLDue to a change to report replay_lsn
more accurately during parallel replay, metrics might show a slightly higher replication lag.
Release 6.3.44 is now available for all regions.
May 09, 2025
AlloyDB OmniAlloyDB Omni version 16.3.0 with Red Hat Universal Base Image (UBI) as a base image is generally available (GA). The image is RedHat certified and can also be accessed from the Red Hat Ecosystem Catalog. Version UBI 16.3.0 includes third-party extensions, including PostGIS and Orafce, which you can install on RPM-based Linux distributions. For more information about using UBI in AlloyDB Omni, see Install AlloyDB Omni on a VM.
Public preview: A Security Risk Overview dashboard for Compute Engine, available in the Google Cloud console, shows the top Security Command Center findings that affect your Compute Engine resources.
New Dataproc on Compute Engine subminor image versions:
- 2.0.140-debian10, 2.0.140-rocky8, 2.0.140-ubuntu18
- 2.1.88-debian11, 2.1.88-rocky8, 2.1.88-ubuntu20, 2.1.88-ubuntu20-arm
- 2.2.56-debian12, 2.2.56-rocky9, 2.2.56-ubuntu22
VMware Engine ve2
nodes are available in Montreal, Canada (northamerica-northeast1
).
(2025-R18) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- Version 1.32.3-gke.1927002 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.30.11-gke.1131000
- 1.31.7-gke.1212000
- 1.32.2-gke.1297002
- 1.32.3-gke.1785000
- 1.32.3-gke.1927000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.11-gke.1157000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.7-gke.1265000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.32.3-gke.1785003 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.11-gke.1157000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.7-gke.1265000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.3-gke.1785003 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.33 to version 1.33.0-gke.1552000 with this release.
Regular channel
- Version 1.32.2-gke.1297002 is now the default version for cluster creation in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.30.10-gke.1070000
- 1.31.6-gke.1064001
- 1.32.2-gke.1182003
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.11-gke.1131000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.31.7-gke.1212000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.11-gke.1131000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.7-gke.1212000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.2-gke.1297002 with this release.
Stable channel
There are no new releases in the Stable channel.
Extended channel
- Version 1.32.2-gke.1297002 is now the default version for cluster creation in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.2650000
- 1.27.16-gke.2703000
- 1.28.15-gke.2097000
- 1.28.15-gke.2169000
- 1.29.15-gke.1240000
- 1.30.10-gke.1070000
- 1.31.6-gke.1064001
- 1.32.2-gke.1182003
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2121000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2664000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2121000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.11-gke.1131000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.7-gke.1212000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.2-gke.1297002 with this release.
No channel
- Version 1.32.2-gke.1297002 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.31.6-gke.1020000
- 1.32.3-gke.1785000
- 1.32.3-gke.1927000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.11-gke.1131000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.11-gke.1131000 with this release.
1.33 is now available in the Rapid channel
Kubernetes 1.33 is now available in the Rapid channel. For more information about the content of Kubernetes 1.33, read the Kubernetes 1.33 Release Notes.
New features in 1.33
- New v1beta2 versions of the Kubernetes Dynamic Resource Allocation (DRA) APIs will be available (because this is a beta API, using it in GKE clusters requires opt-in). For more information about using DRA in GKE, see About dynamic resource allocation in GKE.
- In-Place Pod Resize (Public Preview) allows you to change the CPU and memory requests and limits assigned to containers within a running Pod (limitations apply) through the new
resize
pod subresource (on-by-default), often without requiring a container restart significantly decreasing service disruptions. For more information, see Resize CPU and Memory Resources assigned to Containers. - Sidecar Containers graduated to stable, enabling the "sidecar pattern". initContainers with
restartPolicy: Always
will start before application containers and remain running throughout the pod's lifecycle, terminating after the main containers exit. - Streaming List Response Encoding enables efficient handling of requests for large object collections, improving API server reliability and performance.
Multiple Service CIDRs is now generally available, allowing cluster administrators to dynamically increase the number of IP addresses available for
type: ClusterIP
Services (by creating new ServiceCIDR objects).
Deprecated in 1.33
The gitRepo volume driver is deprecated and disabled for security reasons. For more information, see KEP-5040.
Removed in 1.33
The status.nodeInfo.kubeProxyVersion
field in the Node API object is no longer populated in 1.33 and later. This field actually reported the kubelet version, not the kube-proxy
version. You can use status.nodeInfo.kubeletVersion
to get the kubelet version. For more information, see KEP-4004.
Other changes in 1.33
containerd 2.0 is supported. For more information, see Migrate nodes to containerd 2.
(2025-R18) Version updates
- Version 1.32.3-gke.1927002 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.30.11-gke.1131000
- 1.31.7-gke.1212000
- 1.32.2-gke.1297002
- 1.32.3-gke.1785000
- 1.32.3-gke.1927000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.11-gke.1157000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.7-gke.1265000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.32.3-gke.1785003 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.11-gke.1157000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.7-gke.1265000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.3-gke.1785003 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.33 to version 1.33.0-gke.1552000 with this release.
(2025-R18) Version updates
- Version 1.32.2-gke.1297002 is now the default version for cluster creation in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.30.10-gke.1070000
- 1.31.6-gke.1064001
- 1.32.2-gke.1182003
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.11-gke.1131000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.31.7-gke.1212000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.11-gke.1131000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.7-gke.1212000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.2-gke.1297002 with this release.
(2025-R18) Version updates
There are no new releases in the Stable channel.
(2025-R18) Version updates
- Version 1.32.2-gke.1297002 is now the default version for cluster creation in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.2650000
- 1.27.16-gke.2703000
- 1.28.15-gke.2097000
- 1.28.15-gke.2169000
- 1.29.15-gke.1240000
- 1.30.10-gke.1070000
- 1.31.6-gke.1064001
- 1.32.2-gke.1182003
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2121000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2664000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2121000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.11-gke.1131000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.7-gke.1212000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.2-gke.1297002 with this release.
(2025-R18) Version updates
- Version 1.32.2-gke.1297002 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.31.6-gke.1020000
- 1.32.3-gke.1785000
- 1.32.3-gke.1927000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.11-gke.1131000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.11-gke.1131000 with this release.
Google SecOps supports Self Service creation of custom log types. Self service custom log types let you create custom log types instantly instead of going through SecOps support, allowing quicker data onboarding. This feature will be available as a public preview starting the week of May 12, 2025.
Google SecOps supports Self Service creation of custom log types. Self service custom log types let you create custom log types instantly instead of going through SecOps support, allowing quicker data onboarding. This feature will be available as a public preview starting the week of May 12, 2025.
If the Force mobile authentication setting is enabled, mobile users will be logged out after 60 minutes, rather than 30 minutes, of inactivity.
Memorystore for Valkey now provides node-level metrics. This feature is Generally Available (GA). For more information, see Supported monitoring metrics.
A Security Risk Overview dashboard for Compute Engine is available in the Google Cloud console. The dashboard, available in Preview, shows the top Security Command Center findings that affect your Compute Engine resources.
May 08, 2025
AlloyDB for PostgreSQLAlloyDB supports IAM authentication in AlloyDB Studio. For more information, see Choose a database authentication method.
You can now use additional concurrency settings for heterogeneous SQL Server migration jobs with Database Migration Service. This lets you adjust the migration process to better align with your scenario.
For information about creating migration jobs using the new full dump configuration and maximum concurrent connection settings, see:
- Create a migration job in the SQL Server to Cloud SQL for PostgreSQL documentation
- Create a migration job in the SQL Server to AlloyDB for PostgreSQL documentation
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Log Analytics can now automatically infer fields of a column when the data type is JSON. You can also view how often these inferred fields appear in your data.
If you create an instance using the Google Cloud Console, then the per-instance CA (GOOGLE_MANAGED_INTERNAL_CA
) option is now the default server certificate authority (CA) mode for your Cloud SQL instance.
For users of the Cloud SQL Auth Proxy:
- If the Cloud SQL instance to which you're connecting is using shared certificate authority (CA) for its
serverCaMode
setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.13.0 or later. - If the Cloud SQL instance to which you're connecting is using customer-managed CA for its
serverCaMode
setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.14.3 or later.
If you create an instance using the Google Cloud Console, then the per-instance CA (GOOGLE_MANAGED_INTERNAL_CA
) option is now the default server certificate authority (CA) mode for your Cloud SQL instance.
For users of the Cloud SQL Auth Proxy:
- If the Cloud SQL instance to which you're connecting is using shared certificate authority (CA) for its
serverCaMode
setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.13.0 or later. - If the Cloud SQL instance to which you're connecting is using customer-managed CA for its
serverCaMode
setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.14.3 or later.
If you create an instance using the Google Cloud Console, then the per-instance CA (GOOGLE_MANAGED_INTERNAL_CA
) option is now the default server certificate authority (CA) mode for your Cloud SQL instance.
For users of the Cloud SQL Auth Proxy:
- If the Cloud SQL instance to which you're connecting is using shared certificate authority (CA) for its
serverCaMode
setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.13.0 or later. - If the Cloud SQL instance to which you're connecting is using customer-managed CA for its
serverCaMode
setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.14.3 or later.
New Dataproc Serverless for Spark runtime versions:
- 1.1.102
- 1.2.46
- 2.2.46
In GKE version 1.32 and later, GKE Sandbox (gVisor) can now be configured with SYS_ADMIN privileges in GKE Autopilot. This lets you use Docker-in-Docker with gVisor in GKE Autopilot.
ClusterProfile sync is now available to generate a cluster inventory for an existing fleet. A cluster inventory lets you work with open source and third party integrations that use the ClusterProfile specification.
New grid lines options for cartesian charts
New grid line options let you set colors and line styles for individual axis grid lines, which makes it easier to distinguish between left or right y-axis grid lines.
The new grid line options are available only for cartesian charts in reports that have modern charts enabled.
You can use custom constraints to define your own restrictions on Google Cloud services for Network Connectivity Center resources. To learn about which Network Connectivity Center resources support custom constraints, and some sample use cases, see Use custom organization policies for Network Connectivity Center.
This feature is available in General Availability for the following resources:
- Hubs
- Spokes
It is available in Public preview for the Groups resource.
The following Security Command Center Enterprise pages that you previously accessed through the Google Security Operations console are now under Security Command Center in the Google Cloud console:
- Risk Overview
- Issues
- Assets (previously called resources)
- Findings
The Security Command Center Enterprise left navigation also includes links to pages in the Google Security Operations console. For information about this navigation and accessing Google Security Operations pages, see Security Command Center Enterprise console.
Security Command Center Enterprise uses predefined security graph rules to identify issues. This feature is in Preview.
For more information, see Predefined security graph rules.
May 07, 2025
AlloyDB for PostgreSQLYou can migrate from Cloud SQL for PostgreSQL to AlloyDB for PostgreSQL using your Cloud SQL for PostgreSQL backup (GA). The Google Cloud CLI is also supported. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.
AlloyDB lets you configure a deny maintenance period on clusters running the latest version. The feature is generally available (GA).
You can now build a vector embedding Extract, Transform, Load (ETL) pipeline that lets you generate and ingest embeddings from files or real time sources to AlloyDB using Google Cloud Dataflow. For more information, see Build realtime vector embedding pipeline for AlloyDB with Dataflow.
The following products are now supported by the following control packages. See supported products for more information:
- Cloud Build, Cloud SQL for PostgreSQL, Cloud Workstations, Document AI, Firebase Security Rules, Cloud OS Login API, Storage Transfer Service:
- Australia Regions
- Australia Regions with Assured Support
- Brazil Regions
- Canada Protected B
- Canada Regions
- Canada Regions and Support
- Chile Regions
- EU Regions
- EU Regions and Support
- Hong Kong Regions
- India Regions
- Indonesia Regions
- Israel Regions
- Israel Regions and Support
- Japan Regions
- Qatar Regions
- Singapore Regions
- South Africa Regions
- South Korea Regions
- Switzerland Regions
- Taiwan Regions
- UK Regions
- US Regions
- US Regions and Support
- Google Cloud NetApp Volumes:
- Canada Regions
- EU Regions
- Singapore Regions
- US Regions
- Google Security Operations (Google SecOps) SOAR
- Australia Regions:
- Australia Regions with Assured Support
- Brazil Regions
- Chile Regions
- Hong Kong Regions
- India Regions
- Indonesia Regions
- Israel Regions
- Israel Regions and Support
- Japan Regions
- Qatar Regions
- Singapore Regions
- South Africa Regions
- South Korea Regions
- Switzerland Regions
- Taiwan Regions
- UK Regions
- US Regions
- US Regions and Support
You can use Data Boost when you analyze your Bigtable data with BigQuery. This feature is available in Preview.
A new Cloud Composer release has started on May 07, 2025. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.
Data lineage in Cloud Composer now uses OpenLineage in all regions supported by Cloud Composer. For more information about this feature, see the previous announcement.
For newly created Cloud Composer 3 environments, the minimum amount of memory is changed to 2 GB.
For newly created environments, database retention policy is now enabled by default in Google Cloud CLI, API, and Terraform. Before this change, it was enabled by default only in Google Cloud Console.
Improved the environment liveness monitoring. This change addresses some cases of transient failures that caused "Liveness probe failed" warnings in the environment's logs.
(Airflow 2.10.5) The apache-airflow-providers-google
package was upgraded to version 15.1.0 in Cloud Composer 2 images and Cloud Composer 3 builds.
For more information about changes, see the apache-airflow-providers-google changelog from version 14.0.0 to version 15.1.0.
(Airflow 2.10.5) Changes in preinstalled packages:
apache-airflow-providers-standard
was upgraded to 1.0.0 from 0.4.0.aiosqlite
was removed from preinstalled packages.json-merge-patch
was removed from preinstalled packages.time-machine
was removed from preinstalled packages.
The default version of Airflow is changed to 2.10.5.
Airflow 2.10.2 is no longer included in Cloud Composer images and builds.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.10.5-build.2 (default)
- composer-3-airflow-2.9.3-build.22
New images are available in Cloud Composer 2:
- composer-2.13.0-airflow-2.10.5 (default)
- composer-2.13.0-airflow-2.10.2
Cloud Composer versions 2.7.0 and 2.7.1 have reached their end of support period.
Version 2.56.0 of the Ops Agent using the Prometheus receiver can fail to send metrics and report negative start times. To resolve this issue, downgrade to version 2.55.0. For more information, see Known issue: Ops Agent version 2.56.0 fails to send metrics.
You can migrate to AlloyDB for PostgreSQL using your Cloud SQL for PostgreSQL backup (GA). The Google Cloud CLI is also supported. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.
Custom connectors for managed connectivity pipelines are available for a variety of third-party data sources. These connectors are contributed by the community. For more information, see Community-contributed custom connectors.
Dataproc on Compute Engine: The default enabling of the following cluster properties previously announced to occur on May 10, 2025 (see the February 10, 2025 release note) has been postponed to a future date. The future date will be announced in a release note at least one month in advance of the change. Until then, these diagnostic properties will continue to be set to false by default unless set to true by the user.
dataproc:diagnostic.capture.enabled
dataproc:dataproc.logging.extended.enabled
dataproc:dataproc.logging.syslog.enabled
Gemini 2.0 Flash with image generation (gemini-2.0-flash-preview-image-generation
) is now available as a public preview offering.
For more information, see Generate images with Gemini.
Seed parameter is now in GA and supports Gemini 2.5 model family.
We are moving service health updates for Google Cloud Security products from the Cloud Status Dashboard to a new security-specific status dashboard.
This dashboard displays service status and incident history for the following products:
- Google SecOps
- Google Threat Intelligence
- Mandiant Advantage Threat Intelligence
- Mandiant Attack Surface Management
- Mandiant Digital Threat Monitoring
- Mandiant Hunt
- Mandiant Managed Defense
- Mandiant Security Validation
We are moving service health updates for Google Cloud Security products from the Cloud Status Dashboard to a new security-specific status dashboard.
This dashboard displays service status and incident history for the following products:
- Google SecOps
- Google Threat Intelligence
- Mandiant Advantage Threat Intelligence
- Mandiant Attack Surface Management
- Mandiant Digital Threat Monitoring
- Mandiant Hunt
- Mandiant Managed Defense
- Mandiant Security Validation
The following features have been added to Studio in Looker, which is available in preview:
- You can now create reports using the responsive layout.
- You can now use variables, including parameters and query result variables. However, the ability to modify parameters using the report link is not supported in Studio in Looker.
Migrate to Virtual Machines now introduces an expiration time for a migrating VM. A migrating VM is a VM that you create during the migration process to migrate your workloads to Google Cloud.
A migrating VM stays active for 100 days from the time that the VM appears in the VM Migrations tab. After 100 days, the VM is moved to the EXPIRED
state and stays in the EXPIRED
state for 30 days. If you need more time to complete your migration, you can extend the lifespan of the migrating VM by an additional 100 days. You can only extend the lifespan of a migrating VM two weeks before the VM expires and throughout the expiration period (between 86 to 130 days from the creation of the VM). If you don't extend the lifespan of the VM during this period, the VM expires.
We just released three new voice features for Chirp 3: HD Voices. Pace control is available across all locales; pause control is available across all locales; custom pronunciations is available across all locales except bn-in, gu-in, nl-be, sw-ke, th-th, uk-ua, ur-in, and vi-vn. Be sure to check our Chirp 3: HD Voices documentation for more information.
The following features of internal ranges are available in General Availability:
- Reserving internal ranges with IPv6 addresses
- Creating immutable ranges (ranges that can't be edited, except for the description)
- Editable descriptions
For more information, see Internal ranges overview.
When you reserve an internal range with an automatically allocated IPv4 CIDR block, you can specify the allocation strategy that is used to select a free block. This feature is available in Preview.
May 06, 2025
Apigee UIOn May 6, 2025, we released a new Apigee REST resource for debug sessions.
Apigee now offers a Management API that allows users to list all recent debug sessions for a given proxy, regardless of revision or environment and current deployment status. This API is available for use, and is now used to populate all recent debug sessions in the Apigee Debug UI.
For more information on this method, see: organizations.apis.debugsessions.list
On May 6, 2025, we released a new Apigee REST resource for debug sessions.
Apigee now offers a Management API that allows users to list all recent debug sessions for a given proxy, regardless of revision or environment and current deployment status. This API is available for use, and is now used to populate all recent debug sessions in the Apigee Debug UI.
For more information on this method, see: organizations.apis.debugsessions.list
In the Google Cloud console, Analytics Hub has been renamed BigQuery sharing (Analytics Hub).
The following resource types are now publicly available through the Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Eventarc
eventarc.googleapis.com/Channel
eventarc.googleapis.com/ChannelConnection
The Deployment Manager API is no longer automatically enabled when you enable Cloud Composer API because this API isn't used by the Cloud Composer service.
Environments with Cloud Composer versions 2.0.* still rely on the Deployment Manager API for updates, upgrades, and environment deletion. It won't be possible to perform these operations if this API is disabled. We recommend to upgrade your 2.0.* environments to a later version to remove this dependency.
When you create a snooze for a single alerting policy, you can now use resource, metric, and metadata label types to filter applicable incidents. For more information, see Create a snooze.
Private NAT supports Cloud Run in Preview. For more information, see Supported resources.
Direct VPC egress supports Private NAT (Preview).
The following images are now rolling out for managed Cloud Service Mesh:
- 1.21.5-asm.42 is rolling out to the rapid release channel.
- 1.20.8-asm.33 is rolling out to the regular release channel.
- 1.19.10-asm.33 is rolling out to the stable release channel.
A behavioral change regarding user-provided credentials (private key and certificate) for TLS termination at ingress is now rolling out to the Rapid release channel. Subsequent announcements will appear for additional release channels.
The Kubernetes Secrets denoted by Gateway.servers.port.tls.credentialName
will be read by each ingress gateway pod directly instead of the Control Plane. This change enhances security because the user-provided secret is read directly by the workloads instead of passing any managed component.
This change is compatible with previous behavior aside from the propagation speed of the updated secrets. Previously, updated secrets would propagate immediately. Now, updated secrets will propagate within 60 minutes. If you need immediate secret rotation, restart the gateway pods.
Each gateway pod reads Kubernetes secrets, so the number of the gateway pods becomes a scalability factor. We recommend the following maximum number of gateway pods:
- If the GKE cluster is regional, 1500 or fewer pods
- If the GKE cluster is zonal or using autopilot, 500 or fewer pods
If this change in behavior doesn't work for you, consider using the deployment with mounted credentials.
This change only affects clusters using Traffic Director and version 1.21.5-asm.42 or later.
cos-113-18244-382-8
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.123 | v24.0.9 | v1.7.24 | See List |
Upgraded sys-apps/grep to v3.12.
Upgraded net-dns/libidn2 to v2.3.8.
Upgraded sys-apps/makedumpfile to v1.7.7.
Fixed CVE-2025-32414, CVE-2025-32415 in dev-libs/libxml2.
Fixed CVE-2025-1178,CVE-2025-1182 and CVE-2025-1181 in sys-libs/binutils-libs.
Updated dev-go/protobuf to v1.33.0. This fixes CVE-2024-24786.
Updated dev-go/net to v0.39.0. This fixes CVE-2025-22870.
Updated NVIDIA GPU drivers to v535.247.01 for default/ R535, v550.163.01 for R550 and v570.133.20 for latest/R570. This resolves CVE-2025-23244.
Added support for 7th generation TPU devices.
Prompt with folders in your local workspace (Preview)
You can now include folders from your local IDE project for IntelliJ Gemini Code Assist (version 1.14.0
) to use as context for your prompts, in Preview. To specify a folder in your chat prompt, type @ and select the folder you want to specify.
Directing Code Assist to add folders to your chat can improve responses by specifying use of the contents within your selected folder(s), with support up to a 1M token context window.
General availability: Managed Service for Apache Kafka now supports configuring standard Apache Kafka ACLs using REST, gRPC, and gcloud CLI. For more information, see Access control with IAM and Kafka ACLs.
Google Distributed Cloud (software only) for VMware 1.32.0-gke.1087 is now available for download. To upgrade, see Upgrade a cluster. Google Distributed Cloud 1.32.0-gke.1087 runs on Kubernetes v1.32.3-gke.1000.
If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
GA: Advanced clusters. By default, new clusters are created as advanced clusters. For more information, see Differences when running advanced clusters.
GKE Identity Service supports a new diagnosis mode that surfaces diagnostic information related to the login flow. This makes it easier to troubleshoot login and OIDC configuration issues. For details, see GKE Identity Service diagnostic utility.
Support configuring cluster-level default topology spread constraints when creating a cluster for use with topology domains. For details, see schedulerConfiguration.
Version changes in 1.32.0-gke.1087:
- The etcd version upgraded to 3.4.33
- COS upgraded to milestone 117
- containerd upgraded to 1.7
- Cilium upgraded to 1.15.6
Other changes in 1.32.0-gke.1087:
The following legacy features are blocked during cluster upgrade:
- Dataplane V1 (Calico)
- Integrated F5 Big IP load balancer configuration
- Non-HA admin cluster
- Kubeception user cluster
- Seesaw load balancer
You must migrate your clusters to recommended features before upgrading to 1.32.
The following changes to MetalLB address pools were made to behave the same as advanced clusters:
- Can't remove existing address pools
- Can't remove addresses in an existing address pool
- Can't change address pool name
The cert-manager component is available on advanced clusters.
Allow changing
stackdriver.projectID
to be the same asgkeconnect.projectID
.Removed support in the Konnectivity server (
konnectivity-server
) for the following weak cryptographic cipher suites: TLS_RSA_WITH_AES_256_GCM_SHA384 and TLS_RSA_WITH_AES_128_GCM_SHA256.
- Windows Server OS node pools are deprecated in version 1.32 and will be unavailable in version 1.33 and higher. Support for Windows Server OS node pools ends May 25, 2026. We recommend that you begin migration planning immediately to ensure a smooth transition before the support period ends.
The following issues were fixed in 1.32.0-gke.1087:
- Fixed an issue that prevented user cluster upgrades when Dataplane V2 was explicitly configured with forward mode.
Skip checking additional IP address requirements for HA admin cluster upgrade.
Fixed missing validators for HA admin cluster and Controlplane V2 user control plane.
Fixed an issue during non-HA to HA admin cluster migration that prevented the migration from completing.
Fixed an issue where the VM template wasn't updated when HA admin control-plane machines were recreated.
Fixed an issue where resource validation counted customer workloads and reported warnings when customers ran high resource request workloads.
The 1.32.0-gke.1087 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.
Release 1.32.0-gke.1087
Google Distributed Cloud for bare metal 1.32.0-gke.1087 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.32.0-gke.1087 runs on Kubernetes v1.32.3-gke.1000.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Version 1.29 end of life: In accordance with the Version Support Policy, version 1.29 (all patch releases) of Google Distributed Cloud for bare metal has reached its end of life and is no longer supported.
GA: Added support for new diagnosis utility for GKE Identity Service, which provides diagnostics information related to the login flow. This makes it easier to troubleshoot login and OIDC configuration issues. For more information, see See GKE Identity Service diagnostic utility.
GA: For high availability control planes, Google Distributed Cloud automatically configures the Keepalived virtual router redundancy protocol (VRRP) configuration to make failover behaviour deterministic and prevent interleaving of ARP replies with different MAC addresses:
- By default, each Keepalived instance is configured with a different
priority
value. - Each Keepalived instance is configured with
nopreempt
to avoid elections when a non-master instance is restarted.
- By default, each Keepalived instance is configured with a different
GA: Added support for a new field,
controlPlane.loadBalancer.keepalivedVRRPGARPMasterRepeat
, in the cluster configuration file that maps to thevrrp_garp_master_repeat
setting for Keepalived. This field specifies the number of gratuitous ARP (GARP) messages to send at a time after a control plane node transitions to the role of the master server. The default value is5
.GA: Added a new
controlPlane.loadBalancer.mode
, field for Layer 2 load balancing. This field lets you separate control plane load balancing from data plane load balancing:- At cluster creation, if you set
controlPlane.loadBalancer.mode
tobundled
andloadBalancer.nodePoolSpec
is configured, the control plane load balancer runs in the control plane node pool and the data plane load balancer runs in the load balancer node pool. - For an existing cluster where
controlPlane.loadBalancer.mode
isn't set andloadBalancer.nodePoolSpec
isn't specified, both the control plane load balancer and the data plane load balancer run in the control plane node pool. You can migrate the data plane load balancer to a load balancer node pool by updating the cluster spec to specify a load balancer node pool (loadBalancer.nodePoolSpec
) and to addcontrolPlane.loadBalancer.mode
set tobundled
.
- At cluster creation, if you set
Upgraded etcd to v3.4.33-0-gke.3.
Upgraded containerd to version 1.7.
Upgraded the SR-IOV operator,
sriov-network-operator
, to version 1.4.Added
Compress=yes
to/etc/systemd/journald.conf
to ensure that objects larger than 512 bytes are compressed before they are written to the file system.Added new, default periodic health checks to ensure that Kubernetes cluster resources are configured correctly and functioning properly.
Added more namespaces to the default snapshot scenarios.
Added preflight check for kernel
fsnotify
settings for Red Hat Enterprise Linux (RHEL) 8.x.Removed the leading timestamp from the
bmctl version
response. Temporarily, we've provided-t
and--timestamps
flags to revert to the old format.Added a check for the
FailedCgroupRemoval
node condition to the node problem detector (NPD) to look for orphan container processes on nodes. By default, a new plugin for NPD automatically fixes this condition on the node.Updated the cluster delete process to delete worker node pools prior to removing any control plane nodes. This change applies to supported cluster deletion flows, including
bmctl
, the Google Cloud CLI, and the Google Cloud console.Updated the log entries in the
backup.log
file created by thebmctl backup
command to improve readability.Updated the cluster upgrade operation to keep only the three latest
kubeadm
backups of etcd and configuration information for a node. Previously,kubeadm
kept node backups for every attempted upgrade.Added the kubelet config, CPU Manager state, and Memory Manager state to node snapshots.
Fixed an issue that resulted in an excessive creation of periodic
kube-proxy-cleanup
jobs on cluster nodes with high pod utilization.Fixed an issue that caused cluster creation to fail because kubelet restarted before required static pods are running.
Fixed an issue where node upgrades failed due to a missing super-admin.conf file.
Fixed an issue where the
bmctl update cluster
command fails for user clusters that were created with thecloudOperationsServiceAccountKeyPath
setting in the header section of the cluster configuration file.Fixed an issue where prompting during
bmctl update cluster
prevented use of automation. You can now use the --quiet flag to skip prompting.Fixed an issue where node machines didn't update when the registry mirror hosts field was updated.
The 1.32.0-gke.1086 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Dataplex and data lineage resources. For more information, see Manage Dataplex resources using custom constraints and Manage data lineage resources using custom constraints. This feature is generally available (GA).
May 05, 2025
App Engine flexible environment PHPSupport for PHP 8.4 runtime is in Preview.
Support for Python 3.13 runtime is in General availability (GA).
Support for Ruby 3.4 runtime is in Preview.
Support for PHP 8.4 runtime is in Preview.
Support for Python 3.13 runtime is in General Availability (GA).
Support for Ruby 3.4 runtime is in Preview.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigquery
8.0.0 (2025-04-23)
⚠ BREAKING CHANGES
- migrate to node 18 (#1458)
Miscellaneous Chores
Changes that you make to your saved queries are now automatically saved. This feature is in preview.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigtable
6.0.0 (2025-04-22)
⚠ BREAKING CHANGES
- Migrate to Node 18 (#1582)
Features
- Add fields and the BackupType proto for Hot Backups (#1439) (433a8e3)
- Add MergeToCell to Mutation APIs (433a8e3)
- Add min, max, hll aggregators and more types (433a8e3)
- Add plumbing PR for client side metrics to support the open telemetry instruments (#1569) (c37a451)
- Add the MetricsCollector for client side metrics (#1566) (d475ef2)
- Add the plumbing for application blocking latencies client side metrics (#1575) (967f440)
- Bigtable authorized views requests on the Data plane (#1509) (da373b5)
- Move the metrics handler fixture (#1570) (c97ebcc)
- Publish ProtoRows Message (433a8e3)
- Publish the Cloud Bigtable ExecuteQuery API (433a8e3)
- Update Go Bigtable import path (433a8e3)
- Update Go Datastore import path (433a8e3)
Bug Fixes
- Address assertion error in TestReadRows_Retry_LastScannedRow conformance test (#1521) (0552638)
- Check and mutate generic header conformance test (#1551) (7f1099a)
- Conformance test sample rowkeys generic deadline (#1562) (2fdf98f)
- Fix plumbing errors for client side metrics collection (#1583) (574c2f4)
- Fix TestReadRows_Generic_CloseClient conformance test by passing grpc status codes for closed client errors (#1524) (8524174)
- Fix paused scan test (#1539) (d009a8f)
- Sample rowkey generic header conformance test (#1550) (6ef7671)
- TestMutateRow_Generic_Headers (#1540) (f6176c1)
- Update owlbot.py to exculde sync repo (#1549) (f1ad565)
- Update sync-repo-settings.yaml to make owl bot optional (#1547) (d745412)
- Use the universe domain if it is provided by the user (#1563) (d26ecb8)
Miscellaneous Chores
Java
Changes for google-cloud-bigtable
2.58.1 (2025-04-28)
Bug Fixes
2.58.0 (2025-04-28)
Features
- Add deletion_protection support for LVs (43c97a3)
- bigtable: Add integration tests for Materialized/Logical Views (#2518) (4d3a7e6)
Bug Fixes
Invalidation using cache tags is Generally Available.
Cloud CDN now also offers faster performance and higher rate limits for invalidation requests using all invalidation matchers. For more information, see Cache validation overview.
It is now possible to migrate from Cloud Composer 1 to Cloud Composer 3 using snapshots. For more information, see the new migration guide.
This feature will gradually roll out to all regions supported by Cloud Composer 3. At the moment it is available in the africa-south1, asia-south1, me-central1, me-central2, me-west1, southamerica-east1, and southamerica-west1 regions.
Support for the Python 3.13 runtime is in General Availability (GA).
Support for the Ruby 3.4 runtime is in Preview.
Support for the PHP 8.4 runtime is in Preview.
Support for the Python 3.13 runtime is in General Availability (GA).
Support for the Ruby 3.4 runtime is in Preview.
Support for the PHP 8.4 runtime is in Preview.
Cloud SQL for Enterprise Plus edition supports AI-assisted troubleshooting. With AI-assisted troubleshooting, you can resolve complex database performance issues like slow queries and high load for your instances in a guided manner. To use AI-assisted troubleshooting, you need Gemini Cloud Assist and query insights for Enterprise Plus edition. AI-assisted troubleshooting is available in Preview.
cos-117-18613-263-4
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.87 | v24.0.9 | v1.7.24 | See List |
This is an LTS Refresh release.
Upgraded sys-apps/makedumpfile to v1.7.7.
Upgraded app-containers/docker-credential-helpers to v0.9.3.
Upgraded app-admin/google-guest-configs to v20250328.00.
Upgraded app-containers/cni-plugins to v1.6.2.
Upgraded dev-lang/go to v1.23.8.
Upgraded sys-apps/grep to v3.12.
Upgraded net-dns/libidn2 to v2.3.8.
Upgraded net-nds/rpcbind to v1.2.7.
Upgraded net-fs/cifs-utils to v7.3, Upgraded sys-libs/talloc to v2.4.2.
Upgraded sys-apps/acl to v2.3.2-r2.
Upgraded sys-libs/libseccomp to v2.6.0-r2.
Upgraded dev-libs/expat to v2.7.1.
Upgraded dev-db/sqlite to v3.49.1.
Upgraded dev-libs/double-conversion to v3.3.1.
Upgraded app-arch/unzip to v6.0_p29.
Upgraded app-admin/sudo to v1.9.16_p2-r1.
Upgraded net-libs/libnetfilter_conntrack to v1.1.0.
Upgraded net-libs/libtirpc to v1.3.6.
Upgraded sys-apps/gentoo-functions to v1.7.3.
Upgraded sys-libs/libcap to v2.71.
Upgraded dev-libs/nss to v3.109.
Updated NVIDIA GPU drivers to v535.247.01 for default/ R535, v550.163.01 for R550 and v570.133.20 for latest/R570. This resolves CVE‑2025‑23244.
Update dev-go/net in policy manager to v0.39.0. This fixes CVE-2025-22870.
Fix CVE-2025-32414, CVE-2025-32415 in dev-libs/libxml2.
Fixed CVE-2025-1178,CVE-2025-1182 and CVE-2025-1181 in sys-libs/binutils-libs.
Updated dev-vcs/git to version 2.49.0. This fixed CVE-2024-52006, CVE-2024-50349
Fixed KCTF-342debc in the Linux kernel.
Fixed CVE-2025-22097 in the Linux kernel.
Fixed CVE-2025-22035 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811753 -> 811816
cos-109-17800-519-1
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.135 | v24.0.9 | v1.7.24 | See List |
This is an LTS Refresh release.
Upgraded sys-apps/makedumpfile to v1.7.7.
Upgraded app-containers/docker-credential-helpers to v0.9.2.
Upgraded app-admin/google-guest-configs to v20250221.00.
Upgraded sys-auth/pambase to v20250228.
Upgraded app-admin/google-guest-configs to v20250124.00.
Upgraded dev-lang/go to v1.21.13.
Upgraded sys-apps/grep to v3.12.
Upgraded net-dns/libidn2 to v2.3.8.
Upgraded net-nds/rpcbind to v1.2.7.
Upgraded net-fs/cifs-utils to v7.3, Upgraded sys-libs/talloc to v2.4.2.
Upgraded net-firewall/iptables to v1.8.11-r1.
Upgraded app-arch/gzip to v1.13-r1.
Upgraded sys-apps/acl to v2.3.2-r2.
Upgraded dev-db/sqlite to v3.49.1.
Upgraded app-admin/sudo to v1.9.16_p2-r1.
Upgraded net-libs/libnetfilter_conntrack to v1.1.0.
Upgraded dev-libs/nss to v3.107.
Upgraded dev-python/configobj to v5.0.9.
Upgraded sys-libs/libcap to v2.71.
Upgraded net-libs/libtirpc to v1.3.6.
Upgraded dev-libs/expat to v2.6.4.
Updated dev-go/protobuf to v1.33.0. This fixes CVE-2024-24786.
Updated dev-go/net to v0.39.0. This fixes CVE-2025-22870.
Fixed CVE-2025-32414, CVE-2025-32415 in dev-libs/libxml2.
Fixed CVE-2025-1178,CVE-2025-1182 and CVE-2025-1181 in sys-libs/binutils-libs.
Fixed CVE-2025-32728 in net-misc/openssh.
Updated dev-vcs/git to version 2.49.0. This fixed CVE-2024-52006, CVE-2024-50349
Fixed CVE-2025-22035 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812262 -> 812287
cos-dev-125-19025-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.88 | v27.5.1 | v2.0.4 | See List |
Upgraded app-admin/google-guest-configs to v20250409.00.
Upgraded app-admin/google-guest-agent to v20250418.00.
Upgraded sys-apps/makedumpfile to v1.7.7.
Upgraded app-benchmarks/microbenchmarks to v0.0.1-r20.
Upgraded chromeos-base/minijail to v18-r167.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r664.
Upgraded chromeos-base/google-breakpad to v2025.04.09.155244-r236.
Upgraded chromeos-base/shill-client to v0.0.1-r4853.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2968.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2480.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2829.
Upgraded chromeos-base/debugd-client to v0.0.1-r2733.
Upgraded app-arch/gzip to v1.14.
Upgraded net-dns/libidn2 to v2.3.8.
Upgraded sys-apps/grep to v3.12.
Updated NVIDIA GPU drivers to v535.247.01 for default/ R535 and v570.133.20 for latest/R570. This resolves CVE‑2025‑23244.
Fixed CVE-2025-32414, CVE-2025-32415 in dev-libs/libxml2.
Updated the Linux kernel to v6.6.88.
Updated the Linux kernel to v6.6.88.
Runtime sysctl changes:
- Changed: fs.file-max: 811785 -> 811773
cos-121-18867-90-15
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.87 | v27.5.1 | v2.0.4 | See List |
Upgraded sys-apps/makedumpfile to v1.7.7.
Upgraded sys-apps/grep to v3.12.
Upgraded net-dns/libidn2 to v2.3.8.
Updated NVIDIA GPU drivers to v535.247.01 for default/ R535 and v570.133.20 for latest/R570. This resolves CVE‑2025‑23244.
Fixed CVE-2025-32414, CVE-2025-32415 in dev-libs/libxml2.
Fixed KCTF-342debc in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811806 -> 811788
You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Dataplex and data lineage resources. For more information, see Manage Dataplex resources using custom constraints and Manage data lineage resources using custom constraints. This feature is generally available (GA).
You can now use Private Service Connect interfaces as a private connectivity method in Datastream. For more information, see the documentation.
Custom extractor model pretrained-foundation-model-v1.5-2025-04-25
powered by Gemini 2.5 Flash LLM is available as Public Preview in US regions. The custom extractor model supports a quota of up to 15 pages per minute for online process requests.
For more information about available models, see Custom extractor model versions.
Grounding
The following grounding features are generally available:
New Light Theme
Google SecOps has introduced a new light theme option in the platform. The light theme includes a color palette for visual clarity.
New Light Theme
Google SecOps has introduced a new light theme option in the platform. The light theme includes a color palette for visual clarity.
A new enforcement version, enforcement version 3, is available for principal access boundary policies. To learn more about enforcement versions and see the permissions that enforcement version 3 can block, see Permissions that principal access boundary policies can block.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/pubsub
5.0.0 (2025-04-28)
⚠ BREAKING CHANGES
- migrate to Node 18 (#2024)
- remove (broken) legacy OTel support
- remove legacy ack deadline options
- move maxExtension into subscriber options
Miscellaneous Chores
Web Security Scanner, a built-in service of Security Command Center, released new detectors. The following detectors, which are available with the Enterprise and Premium tiers of Security Command Center, detect misconfigurations in web applications:
HSTS_MISCONFIGURATION
CSP_MISSING
CSP_MISCONFIGURATION
COOP_MISSING
CLICKJACKING_PROTECTION_MISSING
For more information, see Web Security Scanner misconfiguration findings.
May 03, 2025
Google SecOps SOARRelease 6.3.44 is being rolled out to the first phase of regions as listed here.
Light Theme Enhancements
We've improved the color palette for the light theme to enhance visual clarity.
May 02, 2025
Apigee XOn May 2, 2025, we released an updated version of Apigee (1-15-0-apigee-3).
Large message payload support in Apigee
Apigee now supports message payloads up to 30MB. For more information, see:
- Message payload size.
Properties
in the ProxyEndpoint configuration elements reference.Properties
in the TargetEndpoint configuration elements reference.
Improvements to the PublishMessage policy
The PublishMessage policy now supports two new elements:
The <UseMessageAsSource> element uses request or response message content as the source of data to be written to Pub/Sub. For more information, see <UseMessageAsSource>.
The <Attributes> element lets you specify string attributes (key/value pairs) to include with the request or response message that is written to Pub/Sub. For more information, see <Attributes>.
Bug ID | Description |
---|---|
391140293 | Resolved scaling issue resulting in 503 errors Added |
391862684 | Resolved issue with requests stuck at Message Processor causing timeouts. |
N/A | Updates to security infrastructure and libraries. |
hybrid v1.14.2
On May 2, 2025 we released an updated version of the Apigee hybrid software, 1.14.2.
- For information on upgrading, see Upgrading Apigee hybrid to version 1.14.
- For information on new installations, see The big picture.
Large message payload support in Apigee hybrid
Apigee now supports message payloads up to 30MB. For information see:
- Message payload size
runtime.resources.limits.memory
in the Configuration property reference.runtime.resources.requests.memory
in the Configuration property reference.
Starting with v1.14.2, third-party container images will be labeled with a version tag that matches the Apigee hybrid image tag. This affects the image tags returned by the apigee-pull-push
command line tool. For more information, see:
Bug ID | Description |
---|---|
399447688 | API proxy deployment could become stuck in PROGRESSING state. |
396571537 | Rotating Cassandra credentials in Kubernetes secrets fixed for Multi-region deployments. |
368155212 | Auto Cassandra secret rotation could fail when Enhanced per-environment proxy limits are enabled. |
384937220 | Fixed ApigeeRoute name collision on internal chaining gateway for Enhanced Proxy Limits. |
412324617 | Fixed issue where Runtime container could spin at 100% cpu limit. |
Bug ID | Description |
---|---|
391923260 | Security fixes for apigee-udca . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-fluent-bit . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-hybrid-cassandra . This addresses the following vulnerability: |
N/A | Security fixes for apigee-hybrid-cassandra-client . This addresses the following vulnerability: |
N/A | Security fixes for apigee-mint-task-scheduler . This addresses the following vulnerability: |
N/A | Security fixes for apigee-open-telemetry-collector . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-operators . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-prometheus-adapter . This addresses the following vulnerability: |
N/A | Security fixes for apigee-redis . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-stackdriver-logging-agent . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-watcher . This addresses the following vulnerabilities: |
The Sovereign Controls for Kingdom of Saudi Arabia control package now supports the following products. See Supported products by control package for more information:
- Access Context Manager
- Certificate Authority Service
- Connect
- GKE Hub
- GKE Identity Service
The Sovereign Controls for EU control package now supports the following products. See Supported products by control package for more information:
- Access Context Manager
- Certificate Authority Service
- Cloud Service Mesh
- Connect
- GKE Hub
- MemoryStore for Redis
- Speech-to-Text
The ITAR control package now supports Service Directory.
The limit for the number of widgets on a custom dashboard has increased to 100, from 40. For information about dashboards, see the following:
You can now set up custom DNS names by configuring the custom subject alternative name (SAN) for your instance. After you set up DNS name resolution, you can connect to your Cloud SQL instance using the custom DNS name instead of using an IP address. This feature is available only for instances that are configured with the customer-managed certificate authority (CA) (CUSTOMER_MANAGED_CAS_CA
) option as its server CA mode.
Custom SAN configuration for instances is generally available (GA).
You can now set up custom DNS names by configuring the custom subject alternative name (SAN) for your instance. After you set up DNS name resolution, you can connect to your Cloud SQL instance using the custom DNS name instead of using an IP address. This feature is available only for instances that are configured with the customer-managed certificate authority (CA) (CUSTOMER_MANAGED_CAS_CA
) option as its server CA mode.
Custom SAN configuration for instances is generally available (GA).
You can now set up custom DNS names by configuring the custom subject alternative name (SAN) for your instance. After you set up DNS name resolution, you can connect to your Cloud SQL instance using the custom DNS name instead of using an IP address. This feature is available only for instances that are configured with the customer-managed certificate authority (CA) (CUSTOMER_MANAGED_CAS_CA
) option as its server CA mode.
Custom SAN configuration for instances is generally available (GA).
New Dataproc on Compute Engine subminor image versions:
- 2.0.139-debian10, 2.0.139-rocky8, 2.0.139-ubuntu18
- 2.1.87-debian11, 2.1.87-rocky8, 2.1.87-ubuntu20, 2.1.87-ubuntu20-arm
- 2.2.55-debian12, 2.2.55-rocky9, 2.2.55-ubuntu22
Dataproc on Compute Engine: Upgraded NodeProblemDetector to 0.8.20 based version for 2.2 image.
Dataproc on Compute Engine: Upgraded oauth2l to v1.3.3 to address CVEs.
Dataproc on Compute Engine: Fixed an issue with Apache Hudi that caused failure in Hudi CLI.
The global endpoint is generally available (GA). For details, see Global endpoint.
(2025-R17) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- Version 1.32.2-gke.1297002 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.30.10-gke.1070000
- 1.30.10-gke.1102000
- 1.31.6-gke.1064001
- 1.31.6-gke.1099001
- 1.32.2-gke.1182003
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.11-gke.1131000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.7-gke.1212000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.32.2-gke.1297002 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.11-gke.1131000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.7-gke.1212000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.2-gke.1297002 with this release.
Regular channel
- The following versions are now available in the Regular channel:
Stable channel
- Version 1.32.1-gke.1357001 is no longer available in the Stable channel.
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.31.6-gke.1064001 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.32 to version 1.32.2-gke.1182003 with this release.
Extended channel
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.2633000
- 1.27.16-gke.2682000
- 1.28.15-gke.2072000
- 1.28.15-gke.2142000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2097000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2650000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2097000 with this release.
No channel
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.30.10-gke.1102000
- 1.31.6-gke.1099001
- 1.32.1-gke.1357001
- 1.32.2-gke.1182001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.31.6-gke.1064001 with this release.
(2025-R17) Version updates
- Version 1.32.2-gke.1297002 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.30.10-gke.1070000
- 1.30.10-gke.1102000
- 1.31.6-gke.1064001
- 1.31.6-gke.1099001
- 1.32.2-gke.1182003
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.11-gke.1131000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.7-gke.1212000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.32.2-gke.1297002 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.11-gke.1131000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.7-gke.1212000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.2-gke.1297002 with this release.
(2025-R17) Version updates
- The following versions are now available in the Regular channel:
(2025-R17) Version updates
- Version 1.32.1-gke.1357001 is no longer available in the Stable channel.
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.31.6-gke.1064001 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.32 to version 1.32.2-gke.1182003 with this release.
(2025-R17) Version updates
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.2633000
- 1.27.16-gke.2682000
- 1.28.15-gke.2072000
- 1.28.15-gke.2142000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2097000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2650000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2097000 with this release.
(2025-R17) Version updates
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.30.10-gke.1102000
- 1.31.6-gke.1099001
- 1.32.1-gke.1357001
- 1.32.2-gke.1182001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.31.6-gke.1064001 with this release.
Auto extraction of JSON logs
Google SecOps supports Auto Extraction of JSON logs. The auto extraction feature lets you use raw log fields directly in search, detection rules, and Native Dashboards, with or without a parser. Public preview for this feature begins the week of May 5, 2025.
Auto extraction of JSON logs
Google SecOps supports Auto Extraction of JSON logs. The auto extraction feature lets you use raw log fields directly in search, detection rules, and Native Dashboards, with or without a parser. Public preview for this feature begins the week of May 5, 2025.
Cloud Logging for agent-based transfers now logs skipped files. A skipped file is logged when the file already exists in the sink, and your transfer job is configured to ignore existing files.
See Cloud Logging for Storage Transfer Service for details.
May 01, 2025
Anthos Config ManagementThe Config Sync auto-upgrades feature is now unavailable. You can no longer configure auto-upgrade settings and must manually upgrade the Config Sync version. If you currently use auto-upgrades, you must first disable auto-upgrades before you can manually update Config Sync.
Upgraded the Open Telemetry Collector image from v0.103.0 to v0.118.0. This upgrade includes a breaking change where the default OTLP component endpoint is now localhost
instead of 0.0.0.0
. You will be impacted only if you use a customized configuration for the built-in Otel Collector within Config Sync, and you can explicitly specify 0.0.0.0
for endpoints to ensure that your monitoring solution continues to function correctly. To understand the changes in each release, review the full changelog for opentelemetry-collector-contrib.
The nomos vet
command now supports a --threshold
flag to proactively validate the number of objects in your Config Sync repository. You can use this flag in validation pipelines to prevent sync failures caused by exceeding the underlying etcd
size limits when your repository contains a large number of objects. For more information, see Enforce the maximum number of objects to sync.
Deleting a RootSync or RepoSync now removes its management metadata from all managed objects. This allows objects to be adopted by their new managers, simplifying the procedure for splitting a large configuration repository across multiple RootSync or RepoSync objects. For more information, see Break up a repository into multiple repositories.
Addressed multiple Common Vulnerabilities and Exposures (CVEs) by updating dependencies.
Fixed an issue impacting the Ignore object mutations feature. The client.lifecycle.config.k8s.io/mutation: ignore
annotation was not always effective, causing Config Sync to potentially overwrite changes made directly to annotated resources in the cluster. Config Sync now correctly ignores mutations on these resources.
Fixed an issue preventing ResourceGroup objects from being garbage collected when their corresponding RootSync or RepoSync objects were deleted.
Fixed several issues to improve ResourceGroup status reporting and reliability.
Fixed an issue where drift prevention incorrectly blocked modifications of abandoned resources.
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Cloud SQL gives you the flexibility to choose between three CA hierarchy options when you create a Cloud SQL instance.
You can choose between the per-instance CA (GOOGLE_MANAGED_INTERNAL_CA
), the shared CA (GOOGLE_MANAGED_CAS_CA
), or the customer-managed CA (CUSTOMER_MANAGED_CAS_CA
) options as the server certificate authority (CA) mode for your instance. If you create an instance using the Google Cloud Console, then the shared CA option, (GOOGLE_MANAGED_CAS_CA
), is the default configuration. If you create an instance using gcloud, the Cloud SQL Admin REST API, or Terraform, then the per-instance CA option (GOOGLE_MANAGED_INTERNAL_CA
) is the default configuration.
The shared CA and customer-managed CA options are now generally available (GA).
Cloud SQL gives you the flexibility to choose between three CA hierarchy options when you create a Cloud SQL instance.
You can choose between the per-instance CA (GOOGLE_MANAGED_INTERNAL_CA
), the shared CA (GOOGLE_MANAGED_CAS_CA
), or the customer-managed CA (CUSTOMER_MANAGED_CAS_CA
) options as the server certificate authority (CA) mode for your instance. If you create an instance using the Google Cloud Console, then the shared CA option, (GOOGLE_MANAGED_CAS_CA
), is the default configuration. If you create an instance using gcloud, the Cloud SQL Admin REST API, or Terraform, then the per-instance CA option (GOOGLE_MANAGED_INTERNAL_CA
) is the default configuration.
The shared CA and customer-managed CA options are now generally available (GA).
Cloud SQL gives you the flexibility to choose between three CA hierarchy options when you create a Cloud SQL instance.
You can choose between the per-instance CA (GOOGLE_MANAGED_INTERNAL_CA
), the shared CA (GOOGLE_MANAGED_CAS_CA
), or the customer-managed CA (CUSTOMER_MANAGED_CAS_CA
) options as the server certificate authority (CA) mode for your instance. If you create an instance using the Google Cloud Console, then the shared CA option, (GOOGLE_MANAGED_CAS_CA
), is the default configuration. If you create an instance using gcloud, the Cloud SQL Admin REST API, or Terraform, then the per-instance CA option (GOOGLE_MANAGED_INTERNAL_CA
) is the default configuration.
The shared CA and customer-managed CA options are now generally available (GA).
Config Connector version 1.131.0 is now available.
New Beta resources (direct reconciler)
New Alpha resources (direct reconciler)
ComputeNetworkAttachment
ComputeNetworkEdgeSecurityService
DataplexEntryGroup
DataplexEntryType
DataplexTask
DataplexZone
DatastreamRoute
DocumentAIVersion
GKEBackupBackup
GKEBackupRestore
PubSubSnapshot
SpeechCustomClass
VMwareEngineExternalAddress
MetastoreService
MetastoreFederation
MetastoreBackup
APIQuotaPreference
APIQuotaAdjusterSettings
EventarcGoogleChannelConfig
EventarcChannel
AssetSavedQuery
AssetFeed
EssentialContactsContact
DataCatalogEntryGroup
DataCatalogEntry
DataCatalogTagTemplate
DataCatalogTag
- Fixed an issue: excessive compute.firewallPolicies.patchRule Logs triggered by Config Connector direct reconciliation.
New Dataproc Serverless for Spark runtime versions:
- 1.1.101
- 1.2.45
- 2.2.45
Native Query Execution now supports reading Apache ORC complex types.
Dialogflow CX (Conversational Agents): Models gemini-2.0-flash-001
and gemini-2.0-flash-lite-001
are now GA. They are available in all supported regions.
This change applies to the following features:
- Playbooks
- Data store tools in playbooks
- Generators
Design an optimal storage strategy for your cloud workload: Added information about Filestore replication, Hyperdisk Balanced High Availability, Anywhere Cache, and capacity specifications for Google Cloud NetApp Volumes.
On or after September 30, 2025, you can no longer send inspection and discovery results from Sensitive Data Protection to Data Catalog. Data Catalog is deprecated and will be discontinued on January 30, 2026. For Sensitive Data Protection, no action is required from you. No inspection or discovery configuration will break.
For discovery operations, we recommend that you add Dataplex Catalog aspects based on insights from data profiles instead.
You can automatically attach aspects to Dataplex entries after profiling supported data resources. For more information, see Add Dataplex Catalog aspects based on insights from data profiles.
Spanner Graph now lets you model schemaless data with a dynamic label and properties. For more information, see Manage schemaless data with Spanner Graph.
April 30, 2025
Cloud ComposerStarting from 5 May, 2025, new Cloud Composer 3 environments will use 1 CPU and 4 GB of memory for the Airflow web server by default. The minimum and maximum values for these parameters will not change.
The rollout of the following extension versions and plugin versions is complete:
Extensions and plugins
pg_partman
is upgraded from 5.0.1 to 5.2.4 (for PostgreSQL versions 14 and later).
To use this version of the extension, update your instance to [PostgreSQL version].R20250302.00_10
.
If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.
For more information on checking your maintenance version, see Self-service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.
You can now include folders from your local IDE project for IntelliJ Gemini Code Assist (version 1.14.0
) to use as context for your prompts, in Preview.
- Llama 4 Maverick and Scout models are available in Model Garden with Model-as-a-Service API Service and self-hosted deployments.
- HiDream-I1, Llama Guard 4, Llama Prompt Guard 2, and Qwen3 are available in Model Garden.
- Additional materials are available for deploying a model in Model Garden by using the Python SDK, gcloud CLI, or API, which are available in Preview:
Multi-regional deployment on Compute Engine: Technical updates to align design recommendations with Google Cloud Well-Architected Framework core principles.
Single-zone deployment on Compute Engine: Technical updates to align design recommendations with Google Cloud Well-Architected Framework core principles.
Hub-and-spoke network architecture: Added Network Connectivity Center as a design option.
A monthly digest of client library updates from across the Cloud SDK.
Go
Changes for spanner/admin/database/apiv1
1.79.0 (2025-04-08)
Features
- spanner: Allow string values for Scan functions (#11898) (9989dd0)
- spanner: New client(s) (#11946) (c60f28d)
0.1.0 (2025-04-15)
Bug Fixes
- spanner/benchmarks: Update google.golang.org/api to 0.229.0 (3319672)
1.80.0 (2025-04-23)
Features
Bug Fixes
- spanner/benchmarks: Update google.golang.org/api to 0.229.0 (3319672)
- spanner/test/opentelemetry/test: Update google.golang.org/api to 0.229.0 (3319672)
- spanner: Retry INTERNAL retriable auth error (#12034) (65c7461)
- spanner: Update google.golang.org/api to 0.229.0 (3319672)
Performance Improvements
Java
Changes for google-cloud-spanner
6.90.0 (2025-03-31)
Features
- Add default_isolation_level connection property (#3702) (9472d23)
- Adds support for Interval datatype in Java client (#3416) (8be8f5e)
- Integration test for End to End tracing (#3691) (bf1a07a)
- Specify isolation level per transaction (#3704) (868f30f)
- Support PostgreSQL isolation level statements (#3706) (dda2e1d)
6.91.0 (2025-04-17)
Features
- [Internal] open telemetry built in metrics for GRPC (#3709) (cd76c73)
- Add java sample for the pre-splitting feature (#3713) (e97b92e)
- Add TransactionMutationLimitExceededException as cause to SpannerBatchUpdateException (#3723) (4cf5261)
- Built in metrics for afe latency and connectivity error (#3724) (e13a2f9)
- Support unnamed parameters (#3820) (1afd815)
Bug Fixes
- Add default implementations for Interval methods in AbstractStructReader (#3722) (97f4544)
- Set transaction isolation level had no effect (#3718) (b382999)
Performance Improvements
- Cache the key used for OTEL traces and metrics (#3814) (c5a2045)
- Optimize parsing in Connection API (#3800) (a2780ed)
- Qualify statements without removing comments (#3810) (d358cb9)
- Remove all calls to getSqlWithoutComments (#3822) (0e1e14c)
6.91.1 (2025-04-21)
Bug Fixes
Node.js
Changes for @google-cloud/spanner
7.20.0 (2025-04-11)
Features
- Add support for Interval (#2192) (8c886cb)
- debugging: Implement x-goog-spanner-request-id propagation per request (#2205) (e42caea)
- spanner: Add support for snapshot isolation (#2245) (b60a683)
- spanner: Support for Multiplexed Session Partitioned Ops (#2252) (e7ce471)
7.21.0 (2025-04-15)
Features
Bug Fixes
The enhance_query
option on the SEARCH, SCORE, and SNIPPET functions is now updated to provide automatic synonym matching and spell correction of single words, by default. Previously, if you provided a single word as the search string it would likely not return any matches and required a phrase with context to perform the enhanced search.
If you're a service producer that makes a service available through VPC Network Peering, you can migrate your service to Private Service Connect without changing the IPv4 address that consumers use to access the service. This feature is available in General Availability.
April 29, 2025
Apigee API hubOn April 29, 2025, we released an updated version of Apigee.
Apigee API hub is enabled for existing Apigee organizations in supported regions.
With this release, we are enabling Apigee API hub for existing Apigee organizations in regions where API hub is supported. All existing Apigee organizations, including hybrid organizations, that selected an API hub-supported region for their Apigee Analytics region will have access to API hub features at no additional cost.
API hub allows you to view, organize, and manage all of the APIs in your Apigee organization in one central location. To learn more, see What is Apigee API hub?
The process of enabling API hub for these organizations will continue over the next several weeks until all eligible organizations are updated. No action on your part is required to provision API hub for your organization, with the following exceptions:
- If your Apigee organization has Data Residency or VPC Service Controls enabled, you must configure your API hub instance manually to support these services. See VPC Service Controls for API hub and API hub and data residency for more information.
- If your Apigee organization uses Customer-Managed Encryption Keys (CMEK), you must deprovision the Apigee API hub instance provided by default and recreate it to support CMEK. See Deprovision Apigee API hub and Provision API hub in the Cloud console for step-by-step instructions.
Contact Google Cloud Support for questions or assistance.
On April 29, 2025, we released an updated version of Apigee.
Apigee API hub is enabled for existing Apigee organizations in supported regions.
With this release, we are enabling Apigee API hub for existing Apigee organizations in regions where API hub is supported. All existing Apigee organizations, including hybrid organizations, that selected an API hub-supported region for their Apigee Analytics region will have access to API hub features at no additional cost.
API hub allows you to view, organize, and manage all of the APIs in your Apigee organization in one central location. To learn more, see What is Apigee API hub?
The process of enabling API hub for these organizations will continue over the next several weeks until all eligible organizations are updated. No action on your part is required to provision API hub for your organization, with the following exceptions:
- If your Apigee organization has Data Residency or VPC Service Controls enabled, you must configure your API hub instance manually to support these services. See VPC Service Controls for API hub and API hub and data residency for more information.
- If your Apigee organization uses Customer-Managed Encryption Keys (CMEK), you must deprovision the Apigee API hub instance provided by default and recreate it to support CMEK. See Deprovision Apigee API hub and Provision API hub in the Cloud console for step-by-step instructions.
Contact Google Cloud Support for questions or assistance.
Similarity vector search in Bigtable by finding the K-nearest neighbors is generally available (GA).
The MCP Toolbox for Databases includes a Bigtable connector. This feature is available in Preview.
Find and eliminate waste using FinOps hub 2.0 with Gemini Cloud Assist (preview)
FinOps hub 2.0 adds a new dashboard, Utilization insights, designed to help you quickly identify and reduce cloud waste to get the most value from Google Cloud. You can do the following with FinOps hub's Utilization insights dashboard:
- Assess estimated costs from underutilized resources (for example, idle, overprovisioned, underprovisioned and suboptimal configurations).
- Use the visual Waste map to find the top waste drivers by projects and waste category, helping you focus your optimization efforts.
- Leverage data-driven recommendations to optimize key services (Compute Engine, Kubernetes Engine (GKE), Cloud SQL, and Cloud Run) and App Hub applications.
Use Gemini Cloud Assist in FinOps hub to save time and simplify collaboration. If you have enabled Gemini Cloud Assist in Billing, Gemini generates summaries of top wasted usage insights and drafts email reports of utilization insights that you can share with your engineering teams for quicker remediation.
For more information about the FinOps hub Utilization insights dashboard, see:
For more information about Gemini Cloud Assist features in FinOps hub, see:
App Hub applications are now integrated with billing reports and the FinOps hub, to let you analyze costs by application. This integration provides detailed cost analysis for your specific applications, so FinOps and DevOps can see the cost of their applications and get recommendations on how to optimize their cloud efficiency.
- In cost Reports, you can configure your report to Group by Application, or filter on Applications.
- In the Cost table report, you can filter on Applications.
- In the Cost breakdown report, you can filter on Applications.
- In the FinOps hub Utilization insights dashboard, you can view insights by App Hub Application, to see the estimated costs of potentially wasted usage, and find recommendations to reduce waste and optimize your costs.
A script for migrating from Cloud Composer 2 to Cloud Composer 3 is now available on GitHub.
For instructions about migrating with the script, see the new migration guide in Cloud Composer documentation.
All Application and Proxy Network Load Balancers now support deployments where the load balancer frontend and the load balancer backend use different VPC networks. This is supported without the use of a Shared VPC deployment.
For regional and cross-region load balancers, connectivity between the load balancer's VPC network and the backend VPC network must be configured using either VPC Network Peering, Cloud VPN tunnels, Cloud Interconnect VLAN attachments, or a Network Connectivity Center framework.
For global and classic load balancers, the different VPC networks don't need to be connected using VPC Network Peering because GFEs communicate directly with backends in their respective VPC networks.
For more details, see the following pages:
Gemini in Colab Enterprise, which is a product in the Gemini for Google Cloud portfolio, now includes additional capabilities in Preview. See the following:
- Chat about your notebook with Gemini
- Explain code cells with Gemini assistance
- Explain and fix errors with Gemini assistance
To enable and activate Gemini in Colab Enterprise features, see Set up Gemini in Colab Enterprise.
cos-113-18244-382-3
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.134 | v24.0.9 | v1.7.24 | See List |
This is an LTS Refresh Release.
Upgraded app-admin/google-guest-configs to v20250221.00.
Upgraded sys-auth/pambase to v20250228.
Upgraded app-containers/docker-credential-helpers to v0.9.2.
Upgraded app-admin/google-guest-configs to v20250124.00.
Upgraded dev-lang/go to v1.21.13.
Upgraded app-arch/unzip to v6.0_p29.
Upgraded net-nds/rpcbind to v1.2.7.
Upgraded net-fs/cifs-utils to v7.3, Upgraded sys-libs/talloc to v2.4.2.
Upgraded dev-libs/double-conversion to v3.3.1.
Upgraded dev-db/sqlite to v3.49.1.
Upgraded sys-apps/acl to v2.3.2-r2.
Upgraded dev-libs/expat to v2.6.4.
Upgraded sys-process/procps to v4.0.4-r2.
Upgraded net-libs/libnetfilter_conntrack to v1.1.0.
Upgraded dev-libs/nss to v3.107.
Upgraded app-admin/sudo to v1.9.16_p2-r1.
Upgraded net-libs/libtirpc to v1.3.6.
Upgraded sys-libs/libcap to v2.71.
Fixed CVE-2025-32728 in net-misc/openssh.
Updated dev-vcs/git to version 2.49.0. This fixed CVE-2024-52006, CVE-2024-50349
Runtime sysctl changes:
- Changed: fs.file-max: 812031 -> 812035
cos-121-18867-90-4
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.87 | v27.5.1 | v2.0.4 | See List |
This is an LTS Refresh Release.
Fixed an issue in containerd that potentially breaks metric collection
Fixed an issue in containerd that prevented some v2 shims from shutting down properly.
Upgraded sys-auth/pambase to v20250228.
Upgraded app-containers/docker-credential-helpers to v0.9.2.
Upgraded app-admin/google-guest-agent to v20250304.03.
Upgraded app-admin/google-guest-configs to v20250221.00.
Upgraded app-admin/google-guest-configs to v20250124.00.
Upgraded app-containers/docker-registry-test to v2.8.3.
Upgraded dev-lang/go to v1.23.8.
Upgraded dev-db/sqlite to v3.49.1.
Upgraded sys-apps/acl to v2.3.2-r2.
Upgraded dev-libs/double-conversion to v3.3.1.
Upgraded sys-libs/libseccomp to v2.6.0.
Updated dev-go/net in policy manager to v0.39.0. This fixes CVE-2025-22870.
Fixed CVE-2025-32728 in net-misc/openssh.
Updated dev-vcs/git to version 2.49.0. This fixed CVE-2024-52006, CVE-2024-50349
Runtime sysctl changes:
- Changed: fs.file-max: 811714 -> 811806
cos-dev-125-19014-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.87 | v27.5.1 | v2.0.4 | See List |
Patched a null ptr exception bug in NVIDIA 570.124.06 OSS driver
Fixed an issue in containerd that potentially breaks metric collection
Fixed an issue in containerd that prevented some v2 shims from shutting down properly.
Updated dev-go/net in policy manager to v0.39.0. This fixes CVE-2025-22870.
Fixed CVE-2025-32728 in net-misc/openssh.
Fixed CVE-2025-31498 in net-dns/c-ares.
Runtime sysctl changes:
- Changed: fs.file-max: 811798 -> 811785
cos-117-18613-164-124
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.72 | v24.0.9 | v1.7.24 | See List |
Fixed CVE-2025-32728 in net-misc/openssh.
Runtime sysctl changes:
- Changed: fs.file-max: 811760 -> 811753
New Dataproc on Compute Engine subminor image versions:
2.0.138-debian10, 2.0.138-rocky8, 2.0.138-ubuntu18
2.1.86-debian11, 2.1.86-rocky8, 2.1.86-ubuntu20, 2.1.86-ubuntu20-arm
2.2.54-debian12, 2.2.54-rocky9, 2.2.54-ubuntu22
Dataproc on Compute Engine: Fixed Job ID retrieval in Dataproc job logs for clusters created with 2.0
, 2.1
image versions, by ignoring timestamp prefix.
Dataproc on Compute Engine: Added an temporary object hold on the spark-job-history
folder in Cloud Stroage to prevent deletion by Cloud Storage life cycling.
VS Code Gemini Code Assist (version 2.32.0
) now supports creation and management of multiple chats.
VS Code Gemini Code Assist (version 2.32.0
) now supports streamlined multi-part chat code suggestions. You have the option to accept a single code change or all suggested changes.
You can now specify and apply rules to each chat request with VS Code Gemini Code Assist (version 2.32.0
).
Gemini 1.5 Pro and Gemini 1.5 Flash models are not available in projects that have no prior usage of these models, including new projects. For details, see Model versions and lifecycle.
Advanced reporting dashboards are released for GA
Advanced reporting dashboards can help you gain insights into the performance of your contact center. You can create new custom dashboards based on tiles from other dashboards and use powerful editing capabilities to customize dashboards to suit your business needs. Advanced reporting dashboards are released for General Availability. For more information, see Advanced reporting dashboards.
For dialects that support period-over-period measures, Looker developers can create a measure
of type: period_over_period
to enable period-over-period analysis in the corresponding Looker Explores. See Period-over-period measures in Looker for more information.
For Looker connections with Google BigQuery, Looker admins can now specify a Temp Project that is used to write PDTs to your database and a PDT Override Billing Project ID that is used for billing for PDT build and maintenance queries.
In addition to automated 24-hour backups, Looker (Google Cloud core) now supports customer-initiated backups and self-service restore.
IPv4 address range filtering for VPC spokes is available in public preview.
This feature lets you change IPv4 address ranges for VPC spokes that are specified to be exported to hub.
Preview stage support for the following integration:
April 28, 2025
BigQueryA weekly digest of client library updates from across the Cloud SDK.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigquery
2.49.2 (2025-04-26)
Dependencies
When you translate SQL queries from your source database, you can use configuration YAML files to optimize and improve the performance of your translated SQL. This feature is generally available (GA).
Dataplex automatic discovery in BigQuery scans your data in Cloud Storage buckets to extract and catalog metadata, creating BigLake, external, or object tables for analytics and AI for insights, security, and governance. This feature is generally available (GA).
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Security Command Center
securitycenter.googleapis.com/BigQueryExport
securitycenter.googleapis.com/ContainerThreatDetectionSettings
securitycenter.googleapis.com/EventThreatDetectionSettings
securitycenter.googleapis.com/MuteConfig
securitycenter.googleapis.com/NotificationConfig
securitycenter.googleapis.com/ResourceValueConfig
securitycenter.googleapis.com/SecurityHealthAnalyticsSettings
securitycenter.googleapis.com/VirtualMachineThreatDetectionSettings
securitycenter.googleapis.com/WebSecurityScannerSettings
- Oracle Database@Google Cloud
oracledatabase.googleapis.com/AutonomousDatabase
oracledatabase.googleapis.com/CloudExadataInfrastructure
oracledatabase.googleapis.com/CloudVmCluster
Using a fully qualified domain name (FQDN) forwarding target is available for outbound DNS forwarding in Preview.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.22.2 (2025-04-25)
Dependencies
3.22.1 (2025-04-25)
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.56.2 (7cce5b5)
Python
Changes for google-cloud-logging
3.12.1 (2025-04-21)
Bug Fixes
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for storage/internal/apiv2
1.52.0 (2025-04-22)
Features
- storage/control: Add Anywhere cache control APIs (#11807) (12bfa98)
- storage: Add CurrentState function to determine state of stream in MRD (#11688) (14e8e13)
- storage: Add OwnerEntity to bucketAttrs (#11857) (4cd4a0c)
- storage: Takeover appendable object (#11977) (513b937)
- storage: Unfinalized appendable objects. (#11647) (52c0218)
Bug Fixes
- storage: Fix Attrs for append takeover (#11989) (6db35b1)
- storage: Fix panic when Flush called early (#11934) (7d0b8a7)
- storage: Fix unfinalized write size (#12016) (6217f8f)
- storage: Force first message on next sendBuffer when nothing sent on current (#11871) (a1a2292)
- storage: Populate Writer.Attrs after Flush() (#12021) (8e56f74)
- storage: Remove check for FinalizeOnClose (#11992) (2664b8c)
- storage: Wrap read response parsing errors (#11951) (d2e6583)
Java
Changes for google-cloud-storage
2.51.0 (2025-04-23)
Features
- Add @BetaApi Storage#blobAppendableUpload for gRPC Transport (#3020) (62b6248)
- Add @BetaApi Storage#blobReadSession for gRPC Transport (#3020) (62b6248)
- Implement improved retry context information (#3020) (62b6248)
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.56.0 (8f9f5ec)
- Ensure object generation is sent for Storage#update(BlobInfo) using HTTP Transport (#3006) (2a3e0e7), closes #2980
- Update 416 handling for ReadChannel (#3018) (4a9c3e4)
- Update gRPC Bidi resumable upload to have more robust error message generation (#2998) (79b5d85)
- Update gRPC implementation for storage.buckets.get to translate NOT_FOUND to null (#3005) (704af65)
Dependencies
- Remove explicit version declarations for packages that are in shared-dependencies (#3014) (61cdb30)
- Update dependency com.google.apis:google-api-services-storage to v1-rev20250312-2.0.0 (#3000) (78fc076)
- Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.34.0 (#2938) (ff6f696)
- Update sdk-platform-java dependencies (#3046) (861f958)
- Update sdk-platform-java dependencies (#3053) (921d1ba)
Public preview: Resize request in a managed instance group (MIG) lets you specify the name of the VMs to create all at once. This feature helps if your orchestration mechanism or workload requires specific VM naming. For more information, see About resize requests in a MIG.
Generally available: The Memory-optimized machine family has added two new M4 machine types:
- m4-megamem-28
- m4-ultramem-224
The m4-megamem-28 offers 28 vCPUs with 372 GB of memory. The m4-ultramem-224 offers 224 vCPUs with 5,952 GB of memory.
Quality AI offers the following conversation filters:
- CSAT
- Sentiment score
- Silence duration
Dataplex automatic discovery scans your data in Cloud Storage buckets to extract and catalog metadata, creating BigLake, external, or object tables for analytics and AI for insights, security, and governance. This feature is generally available (GA).
Custom performance is now generally available for Filestore instances.
AI and ML perspective: Operational excellence: Major update to expand the operational excellence recommendations in the AI and ML perspective.
(2025-R16) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.29.14-gke.1067000
- 1.29.14-gke.1086000
- 1.29.15-gke.1170000
- 1.30.11-gke.1131000
- 1.31.7-gke.1013002
- 1.31.7-gke.1212000
- 1.32.3-gke.1717000
Regular channel
- The following versions are no longer available in the Regular channel:
- 1.29.14-gke.1018000
- 1.29.14-gke.1067000
Stable channel
- Version 1.32.2-gke.1182003 is now the default version for cluster creation in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.29.13-gke.1038000
- 1.29.13-gke.1169000
Extended channel
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.2595000
- 1.27.16-gke.2664000
- 1.28.15-gke.2027000
- 1.28.15-gke.2121000
- 1.29.14-gke.1018000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2072000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2633000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2072000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.14-gke.1067000 with this release.
No channel
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.29.13-gke.1038000
- 1.29.13-gke.1169000
- 1.29.14-gke.1018000
- 1.29.14-gke.1067000
- 1.29.14-gke.1086000
- 1.29.15-gke.1170000
- 1.30.9-gke.1127000
- 1.30.11-gke.1131000
- 1.31.7-gke.1013002
- 1.31.7-gke.1212000
- 1.32.3-gke.1717000
(2025-R16) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.29.14-gke.1067000
- 1.29.14-gke.1086000
- 1.29.15-gke.1170000
- 1.30.11-gke.1131000
- 1.31.7-gke.1013002
- 1.31.7-gke.1212000
- 1.32.3-gke.1717000
(2025-R16) Version updates
- The following versions are no longer available in the Regular channel:
- 1.29.14-gke.1018000
- 1.29.14-gke.1067000
(2025-R16) Version updates
- Version 1.32.2-gke.1182003 is now the default version for cluster creation in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.29.13-gke.1038000
- 1.29.13-gke.1169000
(2025-R16) Version updates
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.2595000
- 1.27.16-gke.2664000
- 1.28.15-gke.2027000
- 1.28.15-gke.2121000
- 1.29.14-gke.1018000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2072000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2633000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2072000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.14-gke.1067000 with this release.
(2025-R16) Version updates
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.29.13-gke.1038000
- 1.29.13-gke.1169000
- 1.29.14-gke.1018000
- 1.29.14-gke.1067000
- 1.29.14-gke.1086000
- 1.29.15-gke.1170000
- 1.30.9-gke.1127000
- 1.30.11-gke.1131000
- 1.31.7-gke.1013002
- 1.31.7-gke.1212000
- 1.32.3-gke.1717000
Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so changes may take one-to-four days to appear in your region.
The following supported default parsers have been updated. Each parser is listed by product name and log_type
value, if applicable. This list now includes both released default parsers and pending parser updates.
- 1Password Audit Events (
ONEPASSWORD_AUDIT_EVENTS
) - AIX system (
AIX_SYSTEM
) - Akamai DataStream 2 (
AKAMAI_DATASTREAM_2
) - Alveo Risk Data Management (
ALVEO_RDM
) - Amazon API Gateway (
AWS_API_GATEWAY
) - Apache Tomcat (
TOMCAT
) - Appian Cloud (
APPIAN_CLOUD
) - Arcsight CEF (
ARCSIGHT_CEF
) - Asset Panda (
ASSET_PANDA
) - Aware Audit (
AWARE_AUDIT
) - Aware Signals (
AWARE_SIGNALS
) - AWS Cloudtrail (
AWS_CLOUDTRAIL
) - AWS CloudWatch (
AWS_CLOUDWATCH
) - AWS ECS Metrics (
AWS_ECS_METRICS
) - AWS Elastic Load Balancer (
AWS_ELB
) - AWS GuardDuty (
GUARDDUTY
) - AWS Inspector (
AWS_INSPECTOR
) - AWS Lambda Function (
AWS_LAMBDA_FUNCTION
) - AWS RDS (
AWS_RDS
) - AWS Redshift (
AWS_REDSHIFT
) - AWS Route 53 DNS (
AWS_ROUTE_53
) - AWS Security Hub (
AWS_SECURITY_HUB
) - AWS VPC Flow (
AWS_VPC_FLOW
) - AWS WAF (
AWS_WAF
) - Azure AD Directory Audit (
AZURE_AD_AUDIT
) - Azure AD Organizational Context (
AZURE_AD_CONTEXT
) - Azure Application Gateway (
AZURE_GATEWAY
) - Azure Firewall (
AZURE_FIREWALL
) - Azure Key Vault logging (
AZURE_KEYVAULT_AUDIT
) - Barracuda CloudGen Firewall (
BARRACUDA_CLOUDGEN_FIREWALL
) - Barracuda WAF (
BARRACUDA_WAF
) - BeyondTrust BeyondInsight (
BEYONDTRUST_BEYONDINSIGHT
) - Blue Coat Proxy (
BLUECOAT_WEBPROXY
) - Broadcom Support Portal Audit Logs (
BROADCOM_SUPPORT_PORTAL
) - Cato Networks (
CATO_NETWORKS
) - Cequence Bot Defense (
CEQUENCE_BOT_DEFENSE
) - Check Point (
CHECKPOINT_FIREWALL
) - ChromeOS XDR (
CHROMEOS_XDR
) - Cisco Email Security (
CISCO_EMAIL_SECURITY
) - Cisco EStreamer (
CISCO_ESTREAMER
) - Cisco Firepower NGFW (
CISCO_FIREPOWER_FIREWALL
) - Cisco FireSIGHT Management Center (
CISCO_FIRESIGHT
) - Cisco Internetwork Operating System (
CISCO_IOS
) - Cisco IronPort (
CISCO_IRONPORT
) - Cisco ISE (
CISCO_ISE
) - Cisco NX-OS (
CISCO_NX_OS
) - Cisco Switch (
CISCO_SWITCH
) - Cisco Umbrella Cloud Firewall (
UMBRELLA_FIREWALL
) - Cisco vManage SD-WAN (
CISCO_SDWAN
) - Cisco VPN (
CISCO_VPN
) - Citrix Netscaler (
CITRIX_NETSCALER
) - Citrix Storefront (
CITRIX_STOREFRONT
) - Claroty Xdome (
CLAROTY_XDOME
) - Cloud Audit Logs (
N/A
) - Cloud Data Loss Prevention (
N/A
) - Cloudflare Network Analytics (
CLOUDFLARE_NETWORK_ANALYTICS
) - Cloudflare WAF (
CLOUDFLARE_WAF
) - Cloudflare Warp (
CLOUDFLARE_WARP
) - CommVault (
COMMVAULT
) - CrowdStrike Detection Monitoring (
CS_DETECTS
) - CrowdStrike Falcon (
CS_EDR
) - CrowdStrike Falcon Stream (
CS_STREAM
) - CrowdStrike Identity Protection Services (
CS_IDP
) - CrushFTP (
CRUSHFTP
) - Custom Application Access Logs (
CUSTOM_APPLICATION_ACCESS
) - CyberArk Privileged Access Manager (PAM) (
CYBERARK_PAM
) - Cybereason EDR (
CYBEREASON_EDR
) - Cyolo Secure Remote Access for OT (
CYOLO_OT
) - Datadog (
DATADOG
) - Delinea Secret Server (
DELINEA_SECRET_SERVER
) - Dell CyberSense (
DELL_CYBERSENSE
) - Digicert (
DIGICERT
) - Edgio WAF (
EDGIO_WAF
) - Elastic Packet Beats (
ELASTIC_PACKETBEATS
) - F5 ASM (
F5_ASM
) - F5 DNS (
F5_DNS
) - Forcepoint DLP (
FORCEPOINT_DLP
) - Forcepoint NGFW (
FORCEPOINT_FIREWALL
) - Forgerock OpenIdM (
FORGEROCK_OPENIDM
) - FortiGate (
FORTINET_FIREWALL
) - Fortinet FortiAnalyzer (
FORTINET_FORTIANALYZER
) - Fortinet Fortimanager (
FORTINET_FORTIMANAGER
) - Fortinet Web Application Firewall (
FORTINET_FORTIWEB
) - GitHub (
GITHUB
) - Gitlab (
GITLAB
) - Harness IO (
HARNESS_IO
) - Hashicorp Vault (
HASHICORP
) - Hillstone Firewall (
HILLSTONE_NGFW
) - Huawei Switches (
HUAWEI_SWITCH
) - IBM Guardium (
GUARDIUM
) - Imperva Database (
IMPERVA_DB
) - Intel Endpoint Management Assistant (
INTEL_EMA
) - JAMF Security Cloud (
JAMF_SECURITY_CLOUD
) - JFrog Artifactory (
JFROG_ARTIFACTORY
) - JumpCloud Directory Insights (
JUMPCLOUD_DIRECTORY_INSIGHTS
) - Juniper (
JUNIPER_FIREWALL
) - Kaspersky AV (
KASPERSKY_AV
) - Kaspersky Endpoint (
KASPERSKY_ENDPOINT
) - Kolide Endpoint Security (
KOLIDE
) - Kubernetes Audit (
KUBERNETES_AUDIT
) - Layer7 SiteMinder (
SITEMINDER_SSO
) - Linux Auditing System (AuditD) (
AUDITD
) - Looker Audit (
LOOKER_AUDIT
) - ManageEngine ADAudit Plus (
ADAUDIT_PLUS
) - ManageEngine ADManager Plus (
ADMANAGER_PLUS
) - McAfee Web Gateway (
MCAFEE_WEBPROXY
) - Metabase (
METABASE
) - Microsoft AD FS (
ADFS
) - Microsoft Azure Activity (
AZURE_ACTIVITY
) - Microsoft Azure NSG Flow (
AZURE_NSG_FLOW
) - Microsoft CyberX (
CYBERX
) - Microsoft Defender for Endpoint (
MICROSOFT_DEFENDER_ENDPOINT
) - Microsoft Defender for Identity (
MICROSOFT_DEFENDER_IDENTITY
) - Microsoft Defender for Office 365 (
MICROSOFT_DEFENDER_MAIL
) - Microsoft IIS (
IIS
) - Microsoft PowerShell (
POWERSHELL
) - Microsoft Sentinel (
MICROSOFT_SENTINEL
) - Microsoft System Center Endpoint Protection (
MICROSOFT_SCEP
) - Mikrotik Router (
MIKROTIK_ROUTER
) - Mimecast (
MIMECAST_MAIL
) - MISP Threat Intelligence (
MISP_IOC
) - NetIQ eDirectory (
NETIQ_EDIRECTORY
) - Netskope V2 (
NETSKOPE_ALERT_V2
) - Nozomi Networks Scada Guardian (
NOZOMI_GUARDIAN
) - Office 365 (
OFFICE_365
) - Okta (
OKTA
) - Okta User Context (
OKTA_USER_CONTEXT
) - One Identity Identity Manager (
ONE_IDENTITY_IDENTITY_MANAGER
) - Oort Security Tool (
OORT
) - Open Cybersecurity Schema Framework (OCSF) (
OCSF
) - Open LDAP (
OPENLDAP
) - Opnsense (
OPNSENSE
) - Ops Genie (
OPS_GENIE
) - Oracle (
ORACLE_DB
) - Oracle Cloud Guard (
OCI_CLOUDGUARD
) - Oracle Cloud Infrastructure Audit Logs (
OCI_AUDIT
) - Orca Cloud Security Platform (
ORCA
) - Palo Alto Cortex XDR Alerts (
CORTEX_XDR
) - Palo Alto Networks Firewall (
PAN_FIREWALL
) - Palo Alto Panorama (
PAN_PANORAMA
) - Palo Alto Prisma Access (
PAN_CASB
) - Palo Alto Prisma Cloud Alert payload (
PAN_PRISMA_CA
) - Pharos (
PHAROS
) - Privacy-I (
PRIVACY_I
) - Proofpoint On Demand (
PROOFPOINT_ON_DEMAND
) - Proofpoint Tap Alerts (
PROOFPOINT_MAIL
) - Proofpoint Threat Response (
PROOFPOINT_TRAP
) - Radware Web Application Firewall (
RADWARE_FIREWALL
) - ReviveSec (
REVIVESEC
) - Rubrik (
RUBRIK
) - Salesforce (
SALESFORCE
) - Sangfor Proxy (
SANGFOR_PROXY
) - Security Command Center Posture Violation (
GCP_SECURITYCENTER_POSTURE_VIOLATION
) - Security Command Center Threat (
N/A
) - Security Command Center Toxic Combination (
GCP_SECURITYCENTER_TOXIC_COMBINATION
) - ServiceNow CMDB (
SERVICENOW_CMDB
) - Snare System Diagnostic Logs (
SNARE_SOLUTIONS
) - Snipe-IT (
SNIPE_IT
) - Snyk Group level audit/issues logs (
SNYK_ISSUES
) - SonicWall (
SONIC_FIREWALL
) - Sophos Central (
SOPHOS_CENTRAL
) - Swimlane Platform (
SWIMLANE
) - Symantec DLP (
SYMANTEC_DLP
) - Symantec Event export (
SYMANTEC_EVENT_EXPORT
) - Symantec Web Security Service (
SYMANTEC_WSS
) - Tanium Question (
TANIUM_QUESTION
) - Tanium Threat Response (
TANIUM_THREAT_RESPONSE
) - Teleport Access Plane (
TELEPORT_ACCESS_PLANE
) - Tenable Active Directory Security (
TENABLE_ADS
) - Tenable CSPM (
TENABLE_CSPM
) - tenable.io (
TENABLE_IO
) - Terraform Enterprise Audit (
TERRAFORM_ENTERPRISE
) - Thinkst Canary (
THINKST_CANARY
) - ThreatX WAF (
THREATX_WAF
) - Trend Micro Email Security Advanced (
TRENDMICRO_EMAIL_SECURITY
) - Trend Micro Vision One (
TRENDMICRO_VISION_ONE
) - TrendMicro Apex Central (
TRENDMICRO_APEX_CENTRAL
) - TXOne Stellar (
TRENDMICRO_STELLAR
) - UKG (
UKG
) - Unix system (
NIX_SYSTEM
) - UPX AntiDDoS (
UPX_ANTIDDOS
) - VanDyke SFTP (
VANDYKE_SFTP
) - Varonis (
VARONIS
) - Vectra Alerts (
VECTRA_ALERTS
) - Vectra Stream (
VECTRA_STREAM
) - VMware AirWatch (
AIRWATCH
) - Vmware Avinetworks iWAF (
VMWARE_AVINETWORKS_IWAF
) - VMware ESXi (
VMWARE_ESX
) - VMware Horizon (
VMWARE_HORIZON
) - Watchguard EDR (
WATCHGUARD_EDR
) - Windows Defender AV (
WINDOWS_DEFENDER_AV
) - Windows DHCP (
WINDOWS_DHCP
) - Windows DNS (
WINDOWS_DNS
) - Windows Event (
WINEVTLOG
) - Windows Event (XML) (
WINEVTLOG_XML
) - Windows Sysmon (
WINDOWS_SYSMON
) - Workday Audit Logs (
WORKDAY_AUDIT
) - Workday User Activity (
WORKDAY_USER_ACTIVITY
) - WPEngine (
WPENGINE
) - Zimperium (
ZIMPERIUM
) - Zscaler (
ZSCALER_WEBPROXY
) - ZScaler DNS (
ZSCALER_DNS
) - Zscaler Internet Access Audit Logs (
ZSCALER_INTERNET_ACCESS
) - ZScaler NGFW (
ZSCALER_FIREWALL
)
The following log types were added without a default parser. Each parser is listed by product name and log_type
value, if applicable.
- Accenture Synthetic (
ACCENTURE_SYNTHETIC
) - Adyen Platform (
ADYEN
) - AliCloud ActionTrail (
ALICLOUD_ACTIONTRAIL
) - Apache LOG4J Java Application Log (
LOG4J
) - AppSmith Audit (
APPSMITH_AUDIT
) - Arctic Security Arctic Node (
ARCTIC_NODE
) - Arista CorvilNet DANZ Integration (
ARISTA_CORVILNET
) - Arista Extensible Operating System (
ARISTA_EOS
) - AvePoint EnPower (
AVEPOINT_ENPOWER
) - Avigilon Alta Cloud Security (
AVIGILON_ALTA_CLOUD_SECURITY
) - Avigilon Ava Security Camera (
AVIGILON_AVA_SECURITY_CAMERA
) - AWS Dasha (
AWS_DASHA
) - AWS Elastic Kubernetes Service (
AWS_EKS
) - Azure Network Security Group Event (
AZURE_NSG_EVENT
) - Azure Windows Virtual Desktop Connections Logs (
AZURE_WVD_CONNECTIONS
) - Azure Windows Virtual Desktop Management Logs (
AZURE_WVD_MANAGEMENT
) - Barracuda Load Balancer ADC (
BARRACUDA_LOAD_BALANCER
) - Broadcom Edge Secure Web Gateway (
BROADCOM_EDGE_SWG
) - Celonis Audit Logs (
CELONIS
) - Chopin PrePay Solutions (
CHOPIN_PPS
) - Cisco Duo Authentication Proxy (
DUO_AUTH_PROXY
) - Cloudflare CASB Findings (
CLOUDFLARE_CASB_FINDINGS
) - Cloudflare Device posture results (
CLOUDFLARE_DEVICE_POSTURE_RESULTS
) - Cloudflare DLP Forensic Copies (
CLOUDFLARE_DLP_FORENSIC_COPIES
) - Cloudflare DNS Firewall Logs (
CLOUDFLARE_DNS_FIREWALL_LOGS
) - Cloudflare DNS logs (
CLOUDFLARE_DNS_LOGS
) - Cloudflare Email Security Alerts (
CLOUDFLARE_EMAIL_SECURITY_ALERTS
) - Cloudflare Firewall Events (
CLOUDFLARE_FIREWALL_EVENTS
) - Cloudflare Gateway DNS (
CLOUDFLARE_GATEWAY_DNS
) - Cloudflare Gateway HTTP (
CLOUDFLARE_GATEWAY_HTTP
) - Cloudflare Gateway Network (
CLOUDFLARE_GATEWAY_NETWORK
) - Cloudflare HTTP requests (
CLOUDFLARE_HTTP_REQUESTS
) - Cloudflare Magic IDS Detections (
CLOUDFLARE_MAGIC_IDS_DETECTIONS
) - Cloudflare NEL reports (
CLOUDFLARE_NEL_REPORTS
) - Cloudflare Sinkhole HTTP Logs (
CLOUDFLARE_SINKHOLE_HTTP_LOGS
) - Cloudflare SSH Logs (
CLOUDFLARE_SSH_LOGS
) - Cloudflare Workers Trace Events (
CLOUDFLARE_WORKERS_TRACE_EVENTS
) - Cloudflare Zero Trust Network Session (
CLOUDFLARE_ZERO_TRUST_NETWORK_SESSION
) - CloudWave Honeypot (
CLOUDWAVE_HONEYPOT
) - ColorTokens (
COLORTOKENS
) - Contrast Security (
CONTRAST_SECURITY
) - Conversational Agents and Dialogflow (
CONVERSATIONAL_AGENT
) - Corero SmartWall One (
CORERO_SMARTWALL_ONE
) - Cytracom Control One (
CYTRACOM_CONTROL_ONE
) - Datadog Application Security Management (
DATADOG_ASM
) - Express NodeJS (
EXPRESS_NODEJS
) - F5 Distributed Cloud WAF (
F5_DCS_WAF
) - Figma Developers (
FIGMA
) - FIS Trax Payment Factory (
TRAX
) - Fortinet FortiDeceptor (
FORTINET_FORTIDECEPTOR
) - Fortinet FortiSASE (
FORTINET_FORTISASE
) - Gemini Code Assist (
GEMINI_CODE_ASSIST
) - Genea Access Control (
GENEA_ACCESS_CONTROL
) - Genetec Synergis (
GENETEC_SYNERGIS
) - GL TRADE (
GL_TRADE
) - HP Inc MFP (
HP_INC_MFP
) - HP Tandem (
HP_TANDEM
) - Huawei Versatile Routing Platform (
HUAWEI_VRP
) - Human Security (
HUMAN_SECURITY
) - iManage Threat Manager (
IMANAGE_THREAT_MANAGER
) - Indefend DLP (
INDEFEND_DLP
) - Invicti (
INVICTI
) - Isonline ISL Light (
ISL_LIGHT
) - Itential Pronghorn (
ITENTIAL_PRONGHORN
) - Jit (
JIT
) - Kodem Security (
KODEM_SECURITY
) - Konica Minolta YSoft SafeQ (
YSOFT_SAFEQ
) - LayerX (
LAYERX
) - LinOTP (
LIN_OTP
) - Magento Cloud (
MAGENTO_CLOUD
) - Mandiant Advantage Security Validation (
MA_SV
) - NetApp ONTAP Audit (
NETAPP_ONTAP_AUDIT
) - Netscout Arbor Threat Mitigation System (
NETSCOUT_TMS
) - Netwrix Privilege Secure (
NETWRIX_PRIVILEGE_SECURE
) - NeuVector SUSE (
NEUVECTOR
) - Novidea Insurance Management System (
NOVIDEA_CLAIM_HISTORY
) - OneTrust (
ONETRUST
) - Openpath Context (
OPENPATH_CONTEXT
) - Oracle Audit Vault Database Firewall (
ORACLE_AVDF
) - Oracle CPQ (
ORACLE_CPQ
) - Oracle Exadata Database Machine (
ORACLE_EXADATA
) - Palo Alto Prisma Cloud Workload Protection (
PAN_PRISMA_CWP
) - Palo Alto Prisma Dig Cloud DSPM (
PAN_PRISMA_DIG_CLOUD_DSPM
) - Panorays (
PANORAYS
) - Pathlock Identity Security Platform (
PATHLOCK
) - Procore (
PROCORE
) - ProofPoint Email Protection (
PROOFPOINT_EMAIL_PROTECTION
) - Radiantone (
RADIANTONE
) - Radware Cloud WAF Service Access (
RADWARE_ACCESS
) - Reblaze Web Application Firewall (
REBLAZE_WAF
) - Red Access Browsing Security (
RED_ACCESS
) - SafeNet Network HSM (
SAFENET_HSM
) - Salesforce Marketing Cloud Audit (
SALESFORCE_MARKETING_CLOUD_AUDIT
) - Salesforce Shield (
SALESFORCE_SHIELD
) - Sangfor IAG (
SANGFOR_IAG
) - SAP Leasing (
SAP_LEASING
) - SAS Institute (
SAS_INSTITUTE
) - Securden (
SECURDEN
) - SecurEnvoy SecurAccess (
SECURENVOY_MFA
) - Securesoft Sniper IPS (
SECURESOFT_SNIPER_IPS
) - Sentra Data Loss Prevention (
SENTRA_DLP
) - Shield IoT (
SHIELD_IOT
) - Siemens Simatic S7 PLC SNMP (
SIEMENS_S7_PLC_SNMP
) - Siemens Simatic S7 PLC SYSLOG (
SIEMENS_S7_PLC_SYSLOG
) - Smartsheet User Context (
SMARTSHEET_USER_CONTEXT
) - Snowflake Access (
SNOWFLAKE_ACCESS
) - SOCRadar Incidents (
SOCRADAR_INCIDENTS
) - Strata Maverics Identity Orchestration Platform (
STRATA_MAVERICS
) - Stripe Payments (
STRIPE
) - Suridata (
SURIDATA
) - Teradata Access (
TERADATA_ACCESS
) - Thales payShield 10K HSM (
THALES_PS10K_HSM
) - Trend Micro TippingPoint Security Management System (
TREND_MICRO_TIPPING_POINT
) - Valence Security (
VALENCE
) - Vertica Audit (
VERTICA_AUDIT
) - Windows NTP (
WINDOWS_NTP
) - Winget Autoupdate (
WINGET_AUTOUPDATE
) - Wiz Runtime Execution Data (
WIZ_RUNTIME_EXECUTION_DATA
) - Workiva Wdesk (
WORKIVA_WDESK
) - XL Release (
XLR
) - Yugabyte Database (
YUGABYTE_DATABASE
)
For a list of supported log types and details about default parser changes, see Supported log types and default parsers.
Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so changes may take one-to-four days to appear in your region.
The following supported default parsers have been updated. Each parser is listed by product name and log_type
value, if applicable. This list now includes both released default parsers and pending parser updates.
- 1Password Audit Events (
ONEPASSWORD_AUDIT_EVENTS
) - AIX system (
AIX_SYSTEM
) - Akamai DataStream 2 (
AKAMAI_DATASTREAM_2
) - Alveo Risk Data Management (
ALVEO_RDM
) - Amazon API Gateway (
AWS_API_GATEWAY
) - Apache Tomcat (
TOMCAT
) - Appian Cloud (
APPIAN_CLOUD
) - Arcsight CEF (
ARCSIGHT_CEF
) - Asset Panda (
ASSET_PANDA
) - Aware Audit (
AWARE_AUDIT
) - Aware Signals (
AWARE_SIGNALS
) - AWS Cloudtrail (
AWS_CLOUDTRAIL
) - AWS CloudWatch (
AWS_CLOUDWATCH
) - AWS ECS Metrics (
AWS_ECS_METRICS
) - AWS Elastic Load Balancer (
AWS_ELB
) - AWS GuardDuty (
GUARDDUTY
) - AWS Inspector (
AWS_INSPECTOR
) - AWS Lambda Function (
AWS_LAMBDA_FUNCTION
) - AWS RDS (
AWS_RDS
) - AWS Redshift (
AWS_REDSHIFT
) - AWS Route 53 DNS (
AWS_ROUTE_53
) - AWS Security Hub (
AWS_SECURITY_HUB
) - AWS VPC Flow (
AWS_VPC_FLOW
) - AWS WAF (
AWS_WAF
) - Azure AD Directory Audit (
AZURE_AD_AUDIT
) - Azure AD Organizational Context (
AZURE_AD_CONTEXT
) - Azure Application Gateway (
AZURE_GATEWAY
) - Azure Firewall (
AZURE_FIREWALL
) - Azure Key Vault logging (
AZURE_KEYVAULT_AUDIT
) - Barracuda CloudGen Firewall (
BARRACUDA_CLOUDGEN_FIREWALL
) - Barracuda WAF (
BARRACUDA_WAF
) - BeyondTrust BeyondInsight (
BEYONDTRUST_BEYONDINSIGHT
) - Blue Coat Proxy (
BLUECOAT_WEBPROXY
) - Broadcom Support Portal Audit Logs (
BROADCOM_SUPPORT_PORTAL
) - Cato Networks (
CATO_NETWORKS
) - Cequence Bot Defense (
CEQUENCE_BOT_DEFENSE
) - Check Point (
CHECKPOINT_FIREWALL
) - ChromeOS XDR (
CHROMEOS_XDR
) - Cisco Email Security (
CISCO_EMAIL_SECURITY
) - Cisco EStreamer (
CISCO_ESTREAMER
) - Cisco Firepower NGFW (
CISCO_FIREPOWER_FIREWALL
) - Cisco FireSIGHT Management Center (
CISCO_FIRESIGHT
) - Cisco Internetwork Operating System (
CISCO_IOS
) - Cisco IronPort (
CISCO_IRONPORT
) - Cisco ISE (
CISCO_ISE
) - Cisco NX-OS (
CISCO_NX_OS
) - Cisco Switch (
CISCO_SWITCH
) - Cisco Umbrella Cloud Firewall (
UMBRELLA_FIREWALL
) - Cisco vManage SD-WAN (
CISCO_SDWAN
) - Cisco VPN (
CISCO_VPN
) - Citrix Netscaler (
CITRIX_NETSCALER
) - Citrix Storefront (
CITRIX_STOREFRONT
) - Claroty Xdome (
CLAROTY_XDOME
) - Cloud Audit Logs (
N/A
) - Cloud Data Loss Prevention (
N/A
) - Cloudflare Network Analytics (
CLOUDFLARE_NETWORK_ANALYTICS
) - Cloudflare WAF (
CLOUDFLARE_WAF
) - Cloudflare Warp (
CLOUDFLARE_WARP
) - CommVault (
COMMVAULT
) - CrowdStrike Detection Monitoring (
CS_DETECTS
) - CrowdStrike Falcon (
CS_EDR
) - CrowdStrike Falcon Stream (
CS_STREAM
) - CrowdStrike Identity Protection Services (
CS_IDP
) - CrushFTP (
CRUSHFTP
) - Custom Application Access Logs (
CUSTOM_APPLICATION_ACCESS
) - CyberArk Privileged Access Manager (PAM) (
CYBERARK_PAM
) - Cybereason EDR (
CYBEREASON_EDR
) - Cyolo Secure Remote Access for OT (
CYOLO_OT
) - Datadog (
DATADOG
) - Delinea Secret Server (
DELINEA_SECRET_SERVER
) - Dell CyberSense (
DELL_CYBERSENSE
) - Digicert (
DIGICERT
) - Edgio WAF (
EDGIO_WAF
) - Elastic Packet Beats (
ELASTIC_PACKETBEATS
) - F5 ASM (
F5_ASM
) - F5 DNS (
F5_DNS
) - Forcepoint DLP (
FORCEPOINT_DLP
) - Forcepoint NGFW (
FORCEPOINT_FIREWALL
) - Forgerock OpenIdM (
FORGEROCK_OPENIDM
) - FortiGate (
FORTINET_FIREWALL
) - Fortinet FortiAnalyzer (
FORTINET_FORTIANALYZER
) - Fortinet Fortimanager (
FORTINET_FORTIMANAGER
) - Fortinet Web Application Firewall (
FORTINET_FORTIWEB
) - GitHub (
GITHUB
) - Gitlab (
GITLAB
) - Harness IO (
HARNESS_IO
) - Hashicorp Vault (
HASHICORP
) - Hillstone Firewall (
HILLSTONE_NGFW
) - Huawei Switches (
HUAWEI_SWITCH
) - IBM Guardium (
GUARDIUM
) - Imperva Database (
IMPERVA_DB
) - Intel Endpoint Management Assistant (
INTEL_EMA
) - JAMF Security Cloud (
JAMF_SECURITY_CLOUD
) - JFrog Artifactory (
JFROG_ARTIFACTORY
) - JumpCloud Directory Insights (
JUMPCLOUD_DIRECTORY_INSIGHTS
) - Juniper (
JUNIPER_FIREWALL
) - Kaspersky AV (
KASPERSKY_AV
) - Kaspersky Endpoint (
KASPERSKY_ENDPOINT
) - Kolide Endpoint Security (
KOLIDE
) - Kubernetes Audit (
KUBERNETES_AUDIT
) - Layer7 SiteMinder (
SITEMINDER_SSO
) - Linux Auditing System (AuditD) (
AUDITD
) - Looker Audit (
LOOKER_AUDIT
) - ManageEngine ADAudit Plus (
ADAUDIT_PLUS
) - ManageEngine ADManager Plus (
ADMANAGER_PLUS
) - McAfee Web Gateway (
MCAFEE_WEBPROXY
) - Metabase (
METABASE
) - Microsoft AD FS (
ADFS
) - Microsoft Azure Activity (
AZURE_ACTIVITY
) - Microsoft Azure NSG Flow (
AZURE_NSG_FLOW
) - Microsoft CyberX (
CYBERX
) - Microsoft Defender for Endpoint (
MICROSOFT_DEFENDER_ENDPOINT
) - Microsoft Defender for Identity (
MICROSOFT_DEFENDER_IDENTITY
) - Microsoft Defender for Office 365 (
MICROSOFT_DEFENDER_MAIL
) - Microsoft IIS (
IIS
) - Microsoft PowerShell (
POWERSHELL
) - Microsoft Sentinel (
MICROSOFT_SENTINEL
) - Microsoft System Center Endpoint Protection (
MICROSOFT_SCEP
) - Mikrotik Router (
MIKROTIK_ROUTER
) - Mimecast (
MIMECAST_MAIL
) - MISP Threat Intelligence (
MISP_IOC
) - NetIQ eDirectory (
NETIQ_EDIRECTORY
) - Netskope V2 (
NETSKOPE_ALERT_V2
) - Nozomi Networks Scada Guardian (
NOZOMI_GUARDIAN
) - Office 365 (
OFFICE_365
) - Okta (
OKTA
) - Okta User Context (
OKTA_USER_CONTEXT
) - One Identity Identity Manager (
ONE_IDENTITY_IDENTITY_MANAGER
) - Oort Security Tool (
OORT
) - Open Cybersecurity Schema Framework (OCSF) (
OCSF
) - Open LDAP (
OPENLDAP
) - Opnsense (
OPNSENSE
) - Ops Genie (
OPS_GENIE
) - Oracle (
ORACLE_DB
) - Oracle Cloud Guard (
OCI_CLOUDGUARD
) - Oracle Cloud Infrastructure Audit Logs (
OCI_AUDIT
) - Orca Cloud Security Platform (
ORCA
) - Palo Alto Cortex XDR Alerts (
CORTEX_XDR
) - Palo Alto Networks Firewall (
PAN_FIREWALL
) - Palo Alto Panorama (
PAN_PANORAMA
) - Palo Alto Prisma Access (
PAN_CASB
) - Palo Alto Prisma Cloud Alert payload (
PAN_PRISMA_CA
) - Pharos (
PHAROS
) - Privacy-I (
PRIVACY_I
) - Proofpoint On Demand (
PROOFPOINT_ON_DEMAND
) - Proofpoint Tap Alerts (
PROOFPOINT_MAIL
) - Proofpoint Threat Response (
PROOFPOINT_TRAP
) - Radware Web Application Firewall (
RADWARE_FIREWALL
) - ReviveSec (
REVIVESEC
) - Rubrik (
RUBRIK
) - Salesforce (
SALESFORCE
) - Sangfor Proxy (
SANGFOR_PROXY
) - Security Command Center Posture Violation (
GCP_SECURITYCENTER_POSTURE_VIOLATION
) - Security Command Center Threat (
N/A
) - Security Command Center Toxic Combination (
GCP_SECURITYCENTER_TOXIC_COMBINATION
) - ServiceNow CMDB (
SERVICENOW_CMDB
) - Snare System Diagnostic Logs (
SNARE_SOLUTIONS
) - Snipe-IT (
SNIPE_IT
) - Snyk Group level audit/issues logs (
SNYK_ISSUES
) - SonicWall (
SONIC_FIREWALL
) - Sophos Central (
SOPHOS_CENTRAL
) - Swimlane Platform (
SWIMLANE
) - Symantec DLP (
SYMANTEC_DLP
) - Symantec Event export (
SYMANTEC_EVENT_EXPORT
) - Symantec Web Security Service (
SYMANTEC_WSS
) - Tanium Question (
TANIUM_QUESTION
) - Tanium Threat Response (
TANIUM_THREAT_RESPONSE
) - Teleport Access Plane (
TELEPORT_ACCESS_PLANE
) - Tenable Active Directory Security (
TENABLE_ADS
) - Tenable CSPM (
TENABLE_CSPM
) - tenable.io (
TENABLE_IO
) - Terraform Enterprise Audit (
TERRAFORM_ENTERPRISE
) - Thinkst Canary (
THINKST_CANARY
) - ThreatX WAF (
THREATX_WAF
) - Trend Micro Email Security Advanced (
TRENDMICRO_EMAIL_SECURITY
) - Trend Micro Vision One (
TRENDMICRO_VISION_ONE
) - TrendMicro Apex Central (
TRENDMICRO_APEX_CENTRAL
) - TXOne Stellar (
TRENDMICRO_STELLAR
) - UKG (
UKG
) - Unix system (
NIX_SYSTEM
) - UPX AntiDDoS (
UPX_ANTIDDOS
) - VanDyke SFTP (
VANDYKE_SFTP
) - Varonis (
VARONIS
) - Vectra Alerts (
VECTRA_ALERTS
) - Vectra Stream (
VECTRA_STREAM
) - VMware AirWatch (
AIRWATCH
) - Vmware Avinetworks iWAF (
VMWARE_AVINETWORKS_IWAF
) - VMware ESXi (
VMWARE_ESX
) - VMware Horizon (
VMWARE_HORIZON
) - Watchguard EDR (
WATCHGUARD_EDR
) - Windows Defender AV (
WINDOWS_DEFENDER_AV
) - Windows DHCP (
WINDOWS_DHCP
) - Windows DNS (
WINDOWS_DNS
) - Windows Event (
WINEVTLOG
) - Windows Event (XML) (
WINEVTLOG_XML
) - Windows Sysmon (
WINDOWS_SYSMON
) - Workday Audit Logs (
WORKDAY_AUDIT
) - Workday User Activity (
WORKDAY_USER_ACTIVITY
) - WPEngine (
WPENGINE
) - Zimperium (
ZIMPERIUM
) - Zscaler (
ZSCALER_WEBPROXY
) - ZScaler DNS (
ZSCALER_DNS
) - Zscaler Internet Access Audit Logs (
ZSCALER_INTERNET_ACCESS
) - ZScaler NGFW (
ZSCALER_FIREWALL
)
The following log types were added without a default parser. Each parser is listed by product name and log_type
value, if applicable.
- Accenture Synthetic (
ACCENTURE_SYNTHETIC
) - Adyen Platform (
ADYEN
) - AliCloud ActionTrail (
ALICLOUD_ACTIONTRAIL
) - Apache LOG4J Java Application Log (
LOG4J
) - AppSmith Audit (
APPSMITH_AUDIT
) - Arctic Security Arctic Node (
ARCTIC_NODE
) - Arista CorvilNet DANZ Integration (
ARISTA_CORVILNET
) - Arista Extensible Operating System (
ARISTA_EOS
) - AvePoint EnPower (
AVEPOINT_ENPOWER
) - Avigilon Alta Cloud Security (
AVIGILON_ALTA_CLOUD_SECURITY
) - Avigilon Ava Security Camera (
AVIGILON_AVA_SECURITY_CAMERA
) - AWS Dasha (
AWS_DASHA
) - AWS Elastic Kubernetes Service (
AWS_EKS
) - Azure Network Security Group Event (
AZURE_NSG_EVENT
) - Azure Windows Virtual Desktop Connections Logs (
AZURE_WVD_CONNECTIONS
) - Azure Windows Virtual Desktop Management Logs (
AZURE_WVD_MANAGEMENT
) - Barracuda Load Balancer ADC (
BARRACUDA_LOAD_BALANCER
) - Broadcom Edge Secure Web Gateway (
BROADCOM_EDGE_SWG
) - Celonis Audit Logs (
CELONIS
) - Chopin PrePay Solutions (
CHOPIN_PPS
) - Cisco Duo Authentication Proxy (
DUO_AUTH_PROXY
) - Cloudflare CASB Findings (
CLOUDFLARE_CASB_FINDINGS
) - Cloudflare Device posture results (
CLOUDFLARE_DEVICE_POSTURE_RESULTS
) - Cloudflare DLP Forensic Copies (
CLOUDFLARE_DLP_FORENSIC_COPIES
) - Cloudflare DNS Firewall Logs (
CLOUDFLARE_DNS_FIREWALL_LOGS
) - Cloudflare DNS logs (
CLOUDFLARE_DNS_LOGS
) - Cloudflare Email Security Alerts (
CLOUDFLARE_EMAIL_SECURITY_ALERTS
) - Cloudflare Firewall Events (
CLOUDFLARE_FIREWALL_EVENTS
) - Cloudflare Gateway DNS (
CLOUDFLARE_GATEWAY_DNS
) - Cloudflare Gateway HTTP (
CLOUDFLARE_GATEWAY_HTTP
) - Cloudflare Gateway Network (
CLOUDFLARE_GATEWAY_NETWORK
) - Cloudflare HTTP requests (
CLOUDFLARE_HTTP_REQUESTS
) - Cloudflare Magic IDS Detections (
CLOUDFLARE_MAGIC_IDS_DETECTIONS
) - Cloudflare NEL reports (
CLOUDFLARE_NEL_REPORTS
) - Cloudflare Sinkhole HTTP Logs (
CLOUDFLARE_SINKHOLE_HTTP_LOGS
) - Cloudflare SSH Logs (
CLOUDFLARE_SSH_LOGS
) - Cloudflare Workers Trace Events (
CLOUDFLARE_WORKERS_TRACE_EVENTS
) - Cloudflare Zero Trust Network Session (
CLOUDFLARE_ZERO_TRUST_NETWORK_SESSION
) - CloudWave Honeypot (
CLOUDWAVE_HONEYPOT
) - ColorTokens (
COLORTOKENS
) - Contrast Security (
CONTRAST_SECURITY
) - Conversational Agents and Dialogflow (
CONVERSATIONAL_AGENT
) - Corero SmartWall One (
CORERO_SMARTWALL_ONE
) - Cytracom Control One (
CYTRACOM_CONTROL_ONE
) - Datadog Application Security Management (
DATADOG_ASM
) - Express NodeJS (
EXPRESS_NODEJS
) - F5 Distributed Cloud WAF (
F5_DCS_WAF
) - Figma Developers (
FIGMA
) - FIS Trax Payment Factory (
TRAX
) - Fortinet FortiDeceptor (
FORTINET_FORTIDECEPTOR
) - Fortinet FortiSASE (
FORTINET_FORTISASE
) - Gemini Code Assist (
GEMINI_CODE_ASSIST
) - Genea Access Control (
GENEA_ACCESS_CONTROL
) - Genetec Synergis (
GENETEC_SYNERGIS
) - GL TRADE (
GL_TRADE
) - HP Inc MFP (
HP_INC_MFP
) - HP Tandem (
HP_TANDEM
) - Huawei Versatile Routing Platform (
HUAWEI_VRP
) - Human Security (
HUMAN_SECURITY
) - iManage Threat Manager (
IMANAGE_THREAT_MANAGER
) - Indefend DLP (
INDEFEND_DLP
) - Invicti (
INVICTI
) - Isonline ISL Light (
ISL_LIGHT
) - Itential Pronghorn (
ITENTIAL_PRONGHORN
) - Jit (
JIT
) - Kodem Security (
KODEM_SECURITY
) - Konica Minolta YSoft SafeQ (
YSOFT_SAFEQ
) - LayerX (
LAYERX
) - LinOTP (
LIN_OTP
) - Magento Cloud (
MAGENTO_CLOUD
) - Mandiant Advantage Security Validation (
MA_SV
) - NetApp ONTAP Audit (
NETAPP_ONTAP_AUDIT
) - Netscout Arbor Threat Mitigation System (
NETSCOUT_TMS
) - Netwrix Privilege Secure (
NETWRIX_PRIVILEGE_SECURE
) - NeuVector SUSE (
NEUVECTOR
) - Novidea Insurance Management System (
NOVIDEA_CLAIM_HISTORY
) - OneTrust (
ONETRUST
) - Openpath Context (
OPENPATH_CONTEXT
) - Oracle Audit Vault Database Firewall (
ORACLE_AVDF
) - Oracle CPQ (
ORACLE_CPQ
) - Oracle Exadata Database Machine (
ORACLE_EXADATA
) - Palo Alto Prisma Cloud Workload Protection (
PAN_PRISMA_CWP
) - Palo Alto Prisma Dig Cloud DSPM (
PAN_PRISMA_DIG_CLOUD_DSPM
) - Panorays (
PANORAYS
) - Pathlock Identity Security Platform (
PATHLOCK
) - Procore (
PROCORE
) - ProofPoint Email Protection (
PROOFPOINT_EMAIL_PROTECTION
) - Radiantone (
RADIANTONE
) - Radware Cloud WAF Service Access (
RADWARE_ACCESS
) - Reblaze Web Application Firewall (
REBLAZE_WAF
) - Red Access Browsing Security (
RED_ACCESS
) - SafeNet Network HSM (
SAFENET_HSM
) - Salesforce Marketing Cloud Audit (
SALESFORCE_MARKETING_CLOUD_AUDIT
) - Salesforce Shield (
SALESFORCE_SHIELD
) - Sangfor IAG (
SANGFOR_IAG
) - SAP Leasing (
SAP_LEASING
) - SAS Institute (
SAS_INSTITUTE
) - Securden (
SECURDEN
) - SecurEnvoy SecurAccess (
SECURENVOY_MFA
) - Securesoft Sniper IPS (
SECURESOFT_SNIPER_IPS
) - Sentra Data Loss Prevention (
SENTRA_DLP
) - Shield IoT (
SHIELD_IOT
) - Siemens Simatic S7 PLC SNMP (
SIEMENS_S7_PLC_SNMP
) - Siemens Simatic S7 PLC SYSLOG (
SIEMENS_S7_PLC_SYSLOG
) - Smartsheet User Context (
SMARTSHEET_USER_CONTEXT
) - Snowflake Access (
SNOWFLAKE_ACCESS
) - SOCRadar Incidents (
SOCRADAR_INCIDENTS
) - Strata Maverics Identity Orchestration Platform (
STRATA_MAVERICS
) - Stripe Payments (
STRIPE
) - Suridata (
SURIDATA
) - Teradata Access (
TERADATA_ACCESS
) - Thales payShield 10K HSM (
THALES_PS10K_HSM
) - Trend Micro TippingPoint Security Management System (
TREND_MICRO_TIPPING_POINT
) - Valence Security (
VALENCE
) - Vertica Audit (
VERTICA_AUDIT
) - Windows NTP (
WINDOWS_NTP
) - Winget Autoupdate (
WINGET_AUTOUPDATE
) - Wiz Runtime Execution Data (
WIZ_RUNTIME_EXECUTION_DATA
) - Workiva Wdesk (
WORKIVA_WDESK
) - XL Release (
XLR
) - Yugabyte Database (
YUGABYTE_DATABASE
)
For a list of supported log types and details about default parser changes, see Supported log types and default parsers.
The new gcp.restrictTLSCipherSuites organization policy constraint can be applied to Looker (Google Cloud core) instances that use a public IP networking configuration. See the Restrict TLS cipher suites on a Looker (Google Cloud core) instance documentation page for more information.
For VM Clusters on Exadata Infrastructure, you can now select a guest OS version that is optimized for your VMs. This feature is generally available (GA). See Create VM Clusters.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.139.1 (2025-04-25)
Dependencies
1.139.0 (2025-04-25)
Features
- Generate renamed go pubsub admin clients (4472d7b)
Bug Fixes
- Add retries for ack and modack operations that don't return with a metadata map (#2385) (00070b7)
- deps: Update the Java code generator (gapic-generator-java) to 2.56.2 (4472d7b)
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.49.0 (#2380) (405e485)
- Update dependency com.google.cloud:google-cloud-core to v2.53.1 (#2365) (748058f)
- Update dependency com.google.cloud:google-cloud-storage to v2.50.0 (#2372) (b81164a)
- Update dependency com.google.protobuf:protobuf-java-util to v4.30.1 (#2364) (05eb9c0)
- Update dependency com.google.protobuf:protobuf-java-util to v4.30.2 (#2383) (4119cc0)
Documentation
- Update documentation for JavaScriptUDF to indicate that the
message_id
metadata field is optional instead of required (f904786)
Security Command Center provides increased support for Microsoft Azure data.
- Security Command Center can collect Microsoft Azure resource and configuration data.
- Risk Engine can discover toxic combinations, attack paths, and issues in your Microsoft Azure environment.
- The Sensitive Data Protection discovery service can profile your Azure Blob Storage data and identify vulnerabilities and misconfigurations that can expose sensitive data.
- Cloud Infrastructure Entitlement Management (CIEM) can analyze and generate misconfiguration findings for Azure role-assignments that grant principals excessive privileges beyond what they use. This capability is available in Preview.
Toxic Combinations for Amazon Web Services (AWS) has been released to General Availability.
The discovery service of Sensitive Data Protection now supports Azure Blob Storage. You can run discovery to generate data profiles of your Blob Storage containers. Data profiles provide metrics and insights about the sensitivity and risk levels of your data to help you plan your data protection and governance workflows.
This feature is available only to Security Command Center Enterprise customers. To use this feature, you need an Azure connector in Security Command Center that has permissions for Sensitive Data Protection discovery.
To get started on profiling Blob Storage data, see the following:
Manually adding split points to your Spanner database is now generally available. Spanner automatically splits, or partitions, data in response to traffic changes to spread load across all available resources in an instance. For large, anticipated traffic changes, such as for a product launch, you can now pre-split the database with split boundaries that represent future traffic. This warmup can yield significant performance benefits for large scaling events.
For more information about configuring split points for your database, see Pre-splitting overview.
April 27, 2025
Google SecOps SOARRelease 6.3.43 is now available for all regions.
April 25, 2025
Agent AssistSummarization with custom sections, generative knowledge assist, and proactive generative knowledge assist are available in the following regions:
- northamerica-northeast1 (Montreal)
- northamerica-northeast2 (Toronto)
- europe-west4 (Eemshaven)
- europe-west6 (Zurich)
- asia-southeast2 (Jakarta)
- me-west1 (Tel Aviv)
8 AlloyDB recommenders are now generally available (GA). For more information, see the following pages:
Bigtable is supported by Database Center, which is generally available (GA). The Database Center now provides performance, availability, and data protection in the form of recommender-related health issues. You can also view these performance recommendations in Recommendation Hub.
Starting April 28, 2025, the Global external Application Load Balancer and the Classic Application Load Balancer will no longer allow the use of custom request headers that reference connection-specific hop-by-hop headers.
This change applies only to HTTP/1.1 traffic. Connection-specific hop-by-hop headers are already disallowed by the HTTP/2 and HTTP/3 protocols.
This change is in accordance with RFC 2616 which states that these connection-specific hop-by-hop headers headers are meaningful only for a single transport-level connection and should not be forwarded by proxies.
The impacted hop-by-hop headers are: Connection
, Keep-Alive
, TE
, Trailer
, Transfer-Encoding
, and Upgrade
.
Starting April 28, 2025, connection-specific hop-by-hop headers that were configured by using custom headers will no longer be applied. These headers will only be set by the load balancer during normal connection handling.
Starting June 30, 2025, any configuration changes that reference the connection-specific hop-by-hop custom headers will no longer be accepted.
What you need to do
If you are an HTTP/1.1 user affected by this change, complete the following steps:
Determine if your application depends on the values of any hop-by-hop headers configured as custom headers. If any dependencies are found, replace them with an allowed custom header and modify your application accordingly.
Review your backend service and URL map
headerAction
configuration to remove any references to connection-specific hop-by-hop headers.
Public Preview: License Manager lets you subscribe, manage, and track your third-party license usage on Google Cloud. As an administrator, you can use License Manager to offer per-user licensing products, like Microsoft Office, to your users with no long-term commitments and no overhead of managing compliance.
For more information, see About License Manager.
Support for accelerator-optimized a3-highgpu-1g machine type for securely running AI and ML workloads is now available in Preview, with the following specifications:
- 4th Generation Intel Xeon Scalable processor (Sapphire Rapids)
- Intel TDX
- 1 NVIDIA H100 GPU
cos-117-18613-164-121
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.72 | v24.0.9 | v1.7.24 | See List |
Updated cos-gpu-installer to v2.5.0: Support IMEX Driver installation for NVIDIA_GB200 GPU device.
Upgraded app-admin/node-problem-detector to v0.8.20.
Reverted a change in the linux kernel which caused nfs directories to unexpectedly be mounted as ro instead of rw.
Fixed CVE-2024-48615 in app-arch/libarchive.
Fixed CVE-2025-21963 in the Linux kernel.
Fixed CVE-2025-21964 in the Linux kernel.
Fixed CVE-2025-21962 in the Linux kernel.
Fixed CVE-2025-21908 in the Linux kernel.
Fixed CVE-2025-21898 in the Linux kernel.
Fixed CVE-2025-21959 in the Linux kernel.
Fixed CVE-2025-21919 in the Linux kernel.
Fixed CVE-2025-21922 in the Linux kernel.
Fixed CVE-2025-21920 in the Linux kernel.
Fixed CVE-2025-21997 in the Linux kernel.
Fixed CVE-2025-22005 in the Linux kernel.
Fixed CVE-2025-21991 in the Linux kernel.
Fixed CVE-2025-21980 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811760 -> 811799
cos-121-18867-0-104
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.74 | v27.5.1 | v2.0.4 | See List |
Updated cos-gpu-installer to v2.5.0: Support IMEX Driver installation for NVIDIA_GB200 GPU device.
Reverted a change in the linux kernel which caused nfs directories to unexpectedly be mounted as ro instead of rw.
Fixed CVE-2025-31498 in net-dns/c-ares.
Fixed CVE-2024-48615 in app-arch/libarchive.
Fixed CVE-2025-21963 in the Linux kernel.
Fixed CVE-2025-21964 in the Linux kernel.
Fixed CVE-2025-21908 in the Linux kernel.
Fixed CVE-2025-21898 in the Linux kernel.
Fixed CVE-2025-21959 in the Linux kernel.
Fixed CVE-2025-21962 in the Linux kernel.
Fixed CVE-2025-21919 in the Linux kernel.
Fixed CVE-2025-21920 in the Linux kernel.
Fixed CVE-2025-21922 in the Linux kernel.
Fixed CVE-2025-21980 in the Linux kernel.
Fixed CVE-2025-22005 in the Linux kernel.
Fixed CVE-2025-21997 in the Linux kernel.
Fixed CVE-2025-21991 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811714 -> 811816
cos-109-17800-436-106
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.124 | v24.0.9 | v1.7.24 | See List |
Reverted a change in the linux kernel which caused nfs directories to unexpectedly be mounted as ro instead of rw.
Fixed CVE-2024-48615 in app-arch/libarchive.
Fixed CVE-2025-21962 in the Linux kernel.
Fixed CVE-2025-21964 in the Linux kernel.
Fixed CVE-2025-21963 in the Linux kernel.
Fixed CVE-2025-21959 in the Linux kernel.
Fixed CVE-2025-21898 in the Linux kernel.
Fixed CVE-2025-21980 in the Linux kernel.
Fixed CVE-2025-22005 in the Linux kernel.
Fixed CVE-2025-21997 in the Linux kernel.
Fixed CVE-2025-21999 in the Linux kernel.
Fixed CVE-2025-21922 in the Linux kernel.
Fixed CVE-2025-21920 in the Linux kernel.
Fixed CVE-2025-21919 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812288 -> 812262
cos-dev-125-19000-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.87 | v27.5.1 | v2.0.4 | See List |
Updated cos-gpu-installer to v2.5.0: Support IMEX Driver installation for NVIDIA_GB200 GPU device.
Updated the Linux kernel to v6.6.87.
Upgraded app-admin/google-guest-agent to v20250408.00.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2479.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2967.
Upgraded chromeos-base/shill-client to v0.0.1-r4850.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2828.
Upgraded chromeos-base/debugd-client to v0.0.1-r2732.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r663.
Reverted a change in the linux kernel which caused nfs directories to unexpectedly be mounted as ro instead of rw.
Fixed CVE-2024-53427 in app-misc/jq.
Fixed CVE-2024-48615 in app-arch/libarchive.
Updated dev-vcs/git to version 2.49.0. This fixed CVE-2024-52006, CVE-2024-50349
Runtime sysctl changes:
- Changed: fs.file-max: 811798 -> 811749
cos-113-18244-291-109
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.123 | v24.0.9 | v1.7.24 | See List |
Reverted a change in the linux kernel which caused nfs directories to unexpectedly be mounted as ro instead of rw.
Fixed CVE-2024-48615 in app-arch/libarchive.
Fixed CVE-2025-21963 in the Linux kernel.
Fixed CVE-2025-21959 in the Linux kernel.
Fixed CVE-2025-21898 in the Linux kernel.
Fixed CVE-2025-21964 in the Linux kernel.
Fixed CVE-2025-21962 in the Linux kernel.
Fixed CVE-2025-21919 in the Linux kernel.
Fixed CVE-2025-21922 in the Linux kernel.
Fixed CVE-2025-21920 in the Linux kernel.
Fixed CVE-2025-21997 in the Linux kernel.
Fixed CVE-2025-21980 in the Linux kernel.
Fixed CVE-2025-22005 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812031 -> 812016
Google Distributed Cloud (software only) for VMware 1.31.400-gke.110 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.31.400-gke.110 runs on Kubernetes v1.31.7-gke.800.
If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
Upgraded etcd to v3.4.33-0-gke.3.
Fixed an issue that prevented user cluster upgrades when Dataplane V2 was explicitly configured with forward mode.
The 1.31.400-gke.110 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.
Release 1.31.400-gke.110
Google Distributed Cloud (software only) for VMware 1.31.400-gke.110 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.31.400-gke.110 runs on Kubernetes v1.31.7-gke.800.
If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
The following functional change was made in 1.31.400-gke.110:
Updated the cluster upgrade operation to keep only the three latest
kubeadm
backups of etcd and configuration information for a node. Previously,kubeadm
kept node backups for every attempted upgrade.Upgraded etcd to v3.4.33-0-gke.3.
The following fixes were made in 1.31.400-gke.110:
Fixed an issue where network interfaces were being leaked, preventing namespace deletion.
Fixed an issue that resulted in an excessive creation of periodic
kube-proxy-cleanup
jobs on cluster nodes with high pod utilization.Fixed an issue that caused cluster creation to fail because kubelet restarted before required static pods are running.
Fixed an issue that allowed
bmctl reset
to run in situations where the reset resulted in the loss of quorum for control plane nodes. To run the command without enforcing the quorum, use the newly added--bypass-quorum-check
flag.
The 1.31.400-gke.110 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
Google SecOps now supports native integration with Azure Event Hub through the feed management API or web interface. This enhancement enables real-time log ingestion without requiring Azure blob storage. For more information, see Create an Azure Event Hub feed.
Google SecOps now supports native integration with Azure Event Hub through the feed management API or web interface. This enhancement enables real-time log ingestion without requiring Azure blob storage. For more information, see Create an Azure Event Hub feed.
The maintenance feature for Memorystore for Valkey is now Generally Available (GA).
New SAP certifications: Additional M4 memory-optimized machine types
For use with SAP HANA scale-up (OLAP and OLTP) and SAP NetWeaver workloads, SAP has certified the following Compute Engine M4 memory-optimized machine types: 372 GB m4-megamem-28
and 6 TB m4-ultramem-224
.
For more information, see:
- For SAP HANA, M4 memory-optimized VM types
- For SAP NetWeaver, M4 memory-optimized VM types
New SAP certification: 3 TB m4-megamem-224
for SAP HANA scale-out workloads
For use with SAP HANA scale-out (OLAP and OLTP) workloads, SAP has certified the 3 TB m4-megamem-224
memory-optimized machine type.
For more information, see M4 memory-optimized VM types.
Updated the limitations for the following integration in the Supported products and limitations page:
- Firestore: using Firestore Enterprise edition with restricted VIP requires adding IP ranges to an allowlist.
April 24, 2025
AI ApplicationsVertex AI Search: Obtain claim-level grounding scores (GA)
Claim-level scores from the check grounding API is Generally available (GA). In addition to the answer-level support score, you can obtain a support score for each claim in an answer candidate.
For more information, see Obtain claim-level scores for an answer candidate.
You can now work with a Gemini powered assistant in a BigQuery data canvas. The data canvas assistant is an agent-like tool, capable of constructing and modifying a data canvas to answer data analytics questions from user prompting. This feature is now in Preview.
Starting from June 2025, the default version for new Cloud Composer environments changes from Cloud Composer 2 to Cloud Composer 3. New environments will use the latest default Airflow build (composer-3-airflow-2
). Currently, the default version is composer-2-airflow-2
.
Database Migration Service for heterogeneous migrations to PostgreSQL now supports migrating to PostgreSQL versions 16 and 17.
- PostgreSQL versions 16 and 17 are supported for migrations from Oracle and SQL Server to Cloud SQL for PostgreSQL.
- PostgreSQL version 16 is supported for migrations from Oracle and SQL Server to AlloyDB for PostgreSQL.
For more information, see Supported source and destination databases.
You can use a single request to batch update all the firewall policy rules for hierarchical and network firewall policies. For more information, see Overview of batch update to firewall policy rules. This feature is available in General Availability.
Private Service Connect endpoint propagation is now generally available (GA). You can use the Network Connectivity Center hub to propagate the Private Service Connect endpoints of your Cloud SQL instances in a VPC network.
Private Service Connect endpoint propagation is now generally available (GA). You can use the Network Connectivity Center hub to propagate the Private Service Connect endpoints of your Cloud SQL instances in a VPC network.
Private Service Connect endpoint propagation is now generally available (GA). You can use the Network Connectivity Center hub to propagate the Private Service Connect endpoints of your Cloud SQL instances in a VPC network.
Dialogflow CX (Conversational Agents): You can now create personalized voice models with voice cloning.
Dialogflow CX (Conversational Agents): You can now use code blocks to get better control over playbooks.
Dialogflow CX (Conversational Agents): You can now use the console to test your tools.
Saxml on GKE is de-prioritized beginning April 24, 2025. This means the project won't get further updates. Existing Saxml deployments will continue to function as is without disruption. We strongly suggest that you migrate to JetStream, Google's up to date open source inference framework for high-performance LLM serving on TPUs and GPUs. JetStream offers continuous batching and quantization for better throughput and memory efficiency. For a migration example, see Serve Gemma using TPUs on GKE with JetStream.
After May 23, 2025, Gemini in Looker will be enabled by default for Looker (original) instances outside of the EMEA region.
Looker admins can opt out of automatic enablement by disabling the Automated Gemini in Looker enablement and user management setting on the Settings page in the Looker Admin panel, now available for Looker (original) instances on Looker 25.6.
For instances outside of the EMEA region that are slated to update to Looker 25.6 after May 23, 2025, Gemini in Looker will be enabled automatically, and Looker admins must disable Gemini in Looker manually.
Note: This item was updated on April 29, 2025.
April 23, 2025
BigQueryYou can now set a maximum slot limit for a reservation. You can configure the maximum reservation size when creating or updating a reservation. This feature is in public preview.
You can now specify which reservation a query uses at runtime, and set IAM policies directly on reservations. This provides more flexibility and fine-grained control over resource management. This feature is in public preview.
You can now allocate idle slots fairly across reservations within a single admin project. This ensures each reservation receives an approximately equal share of available capacity. This feature is in public preview.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, and Feed APIs.
- GKE Hub API
gkehub.googleapis.com/MembershipFeature
Cloud Billing supports Dark theme in the Google Cloud console (in preview)
Dark theme is now available in the Billing section of the Google Cloud console (preview). To enable the Dark theme, in the Google Cloud console, click Settings > Preferences > Appearance. Choose Dark theme and click Save.
Quality AI offers fine-grained access control in preview. Use IAM custom roles and authorized views to control who can view which portions of your dataset.
This feature is currently in Preview. Google SecOps now supports composite detections. Composite detections lets users link multiple YARA-L rules to detect complex, multistage threats. This capability enhances detection by correlating alerts that individual rules might not detect.
This feature is currently in Preview. Google SecOps now supports composite detections. Composite detections lets users link multiple YARA-L rules to detect complex, multistage threats. This capability enhances detection by correlating alerts that individual rules might not detect.
April 22, 2025
Apigee Integrated PortalOn April 22, 2025 we released a new version of the Apigee integrated portal.
Public Preview: Apigee Integrated Developer Portal Admin UI in the Google Cloud console.
This release adds the Apigee Integrated Developer Portal Admin UI from the Classic Apigee UI into the Google Cloud console.
Leveraging Google Cloud console components provides API providers and Portal Admins with a centralized platform to efficiently configure, publish, and manage your API consumer portals, eliminating the need to switch between different UIs.
No new APIs have been introduced in this release.
See Publishing overview to get started.
You can now specify build dependencies in your build configuration file. For more information, see Manage build dependencies.
Cloud KMS with Autokey is now in General Availability (GA) for Cloud Run.
Public Preview: General purpose C4D machine types have reached Public Preview. C4D is powered by the fifth generation AMD EPYC processor (Turin) and Google Titanium.
C4D is designed to run mission critical workloads including web app and game servers, AI inference, web serving, video streaming, and data centric applications like analytics, relational, and in-memory databases.
C4D is available in standard
, highmem
, and highcpu
machine types and only supports Google Cloud Hyperdisk storage.
To learn where to create C4D instances, see the Regions and zones page.
Release 6.3
- Cortex for Meridian.
- Cortex Framework for Meridian, Google's open-source Marketing Mix Modeling (MMM) tool (v1.0.5), delivers ready data models and automation of Meridian Model execution using Google Cloud tools like Enterprise Colab and Cloud Workflows.
- This integration empowers users to make data-driven marketing decisions by providing accurate campaign performance measurement and budget optimization.
- Cortex for Meridian simplifies the pre-modeling process by gathering and transforming data from core Cortex Framework data sources, including:
- Task Dependent DAGs:
- Provided out-of-the-box, recommended DAGs and task dependencies for SAP ECC/S4 reporting.
- Enabled the creation and deployment of customized task-dependent reporting settings for all data sources.
- CATGAP has been deprecated.
- SAP Machine Learning (ML) models have been deprecated.
- Resolved duplicate entries from
VendorsMD
- Fixed DATE_ADD overflow issue in
InventoryByPlant
. - Fixed mislabeled columns in
AccountingDocumentsReceivable
. - Addressed JSON parsing errors related to FLOAT numbers in Meta Raw to DAG Change Data Capture (CDC).
- Fixed a typo in the
LeadsCaptureConversions
Salesforce (SFDC) reporting table:LeadFirstResponeDatestamp
corrected toLeadFirstResponseDatestamp
.
Dataproc Metastore multi-regional services now support the use of customer-managed encryption keys (CMEKs) -- (in preview).
Committed use discounts are now generally available (GA) for Firestore in exchange for a commitment to continuously spend a certain amount on Firestore read/write/delete operations for one year or three years. For details, see Committed use discounts.
Committed use discounts are now generally available (GA) for Firestore in Datastore mode in exchange for a commitment to continuously spend a certain amount on read/write/delete operations for one year or three years. For details, see Committed use discounts.
The following parser documentation is now available:
Collect Barracuda Email Security Gateway logs
Collect CrowdStrike Falcon logs in CEF
Collect Juniper NetScreen Firewall logs
Collect Micro Focus NetIQ Access Manager logs
Collect Aruba Wireless Controller and Access Point logs
Collect BeyondTrust Secure Remote Access logs
Collect CyberArk Privileged Threat Analytics logs
Collect Fortinet FortiMail logs
Collect Sophos XG Firewall logs
Collect Cisco Stealthwatch logs
Collect Cisco Umbrella audit logs
Collect Cisco Umbrella DNS logs
Collect Cisco Umbrella Web Proxy logs
Collect CommVault Backup and Recovery logs
Collect Fortinet FortiAnalyzer logs
Collect Fortinet FortiAuthenticator logs
Collect Fortinet Firewall logs
Collect Palo Alto Networks Traps logs
Collect SecureAuth Identity Platform logs
Collect A10 Network Load Balancer logs
Collect AlgoSec Security Management logs
Collect Arbor Edge Defense logs
Collect Fortra Digital Guardian DLP logs
The following parser documentation is now available:
Collect Barracuda Email Security Gateway logs
Collect CrowdStrike Falcon logs in CEF
Collect Juniper NetScreen Firewall logs
Collect Micro Focus NetIQ Access Manager logs
Collect Aruba Wireless Controller and Access Point logs
Collect BeyondTrust Secure Remote Access logs
Collect CyberArk Privileged Threat Analytics logs
Collect Fortinet FortiMail logs
Collect Sophos XG Firewall logs
Collect Cisco Stealthwatch logs
Collect Cisco Umbrella audit logs
Collect Cisco Umbrella DNS logs
Collect Cisco Umbrella Web Proxy logs
Collect CommVault Backup and Recovery logs
Collect Fortinet FortiAnalyzer logs
Collect Fortinet FortiAuthenticator logs
Collect Fortinet Firewall logs
Collect Palo Alto Networks Traps logs
Collect SecureAuth Identity Platform logs
Collect A10 Network Load Balancer logs
Collect AlgoSec Security Management logs
Collect Arbor Edge Defense logs
Collect Fortra Digital Guardian DLP logs
The Looker Mobile (Legacy) application will be deprecated on March 1, 2026. Use the Looker application instead.
Looker (Google Cloud core) now supports Google group mirroring when using OAuth authentication.
Memorystore for Valkey supports storing and querying vector data. This feature is now Generally Available (GA). For more information, see About vector search.
Policy Controller version 1.20.2 is now available.
April 21, 2025
App Engine flexible environment PythonPython 3.13 is now available in Preview.
Python 3.13 is now available in Preview.
New Canvas View is enabled by default in the Integration Editor
The new Canvas View is now enabled by default in the integration editor. This change is a default setting and no manual enablement is required. You can switch to the old canvas view by disabling the New canvas view toggle.
For more information, see Use the new canvas view.
There is a new committed use discount (CUD) for customers using Backup and DR Service to protect Oracle databases into a backup vault. This is a way to lower backup costs in consideration of a 1-year or 3-year commitment. You can purchase CUDs from Google Cloud Marketplace via the standard process.
Introduced logging and alerting capabilities to monitor the health and status of your backup/recovery appliances. You can configure email notifications via Cloud Logging to receive timely alerts on appliance status changes or potential issues.
Backup and DR Service now supports backup and restore of Db2 databases using persistent disk snapshots. This is typically faster and simpler than previous methods and in some cases may also reduce costs.
These issues have been fixed:
- An issue in which multiple snapshot/Direct OnVault jobs became stuck in an unresponsive state after attempting to connect to vCenter with an openssl command.
- An issue in which database persistent disk snapshot backup jobs failed with the unhelpful error message
resource not found
now has a useful error message. - An issue in which Log explorer was showing some spurious "read error, check permissions" results on backup/recovery appliances.
- An issue in which a backup/recovery appliance could come out of synchronization with a management console following a
Trying to release lock
orFailed to acquire lock
error. - A rare issue in which a backup/recovery appliance became unresponsive after a very heavy load exhausted all job threads and /var/log/ was 100% full. Thread management is now more efficient.
- An issue in which persistent disk database snapshot images were failing to import log backups, and the recovery range was missing on imported backups.
- An issue in which some backups of PostgreSQL version 15 failed due to a premature timeout.
- An issue in which some mount jobs failed if the host's lvmconfig has global/system_id_source set to
uname
. - An issue in which database names provided in mount screen were not honored correctly when creating child applications on the target host.
- The
Staging disk is full
error message has been made more useful.
Vulnerabilities CVE-2024-42301, CVE-2024-42284, and CVE-2024-41092 have been fixed at kernel version 4.18.0-553.33.1.el8_10.
Introduced management console events for the Appliance Connectivity Events and Dynamic Protection Events.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigquery
7.9.4 (2025-04-02)
Bug Fixes
BigQuery now provides spend-based committed use discounts (CUDs). Spend-based committed use discounts provide a discount in exchange for your commitment to spend a minimum amount per hour on PAYG compute resources listed here. You can purchase CUDs with a one or three year commitment period.
You can now enable fine-grained access control on BigQuery metastore Iceberg tables. This feature is generally available (GA).
You can get the required permissions to use BigQuery data preparation through the BigQuery Studio User (roles/bigquery.studioUser
) and Gemini for Google Cloud User (roles/cloudaicompanion.user
) roles, and permission to access the data you're preparing.
BigQuery data preparation no longer requires that you have the permissions granted by the following IAM roles:
- BigQuery Data Editor (
roles/bigquery.dataEditor
) - Service Usage Consumer (
roles/serviceusage.serviceUsageConsumer
)
For more information about the required roles, see Manage data preparations.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-bigtable
2.30.1 (2025-04-17)
Bug Fixes
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
DICOM files have a limit of 4 GB per tag. This limit does not apply for values with undefined length. For more information, see Resource limits.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-logging
3.12.0 (2025-04-10)
Features
- Add REST Interceptors which support reading metadata (681bcc5)
- Add support for opt-in debug logging (681bcc5)
- Added flushes/close functionality to logging handlers (#917) (d179304)
Bug Fixes
- Allow protobuf 6.x (#977) (6757890)
- deps: Require google-cloud-audit-log >= 0.3.1 (#979) (1cc00ec)
- Fix typing issue with gRPC metadata when key ends in -bin (681bcc5)
Documentation
Cloud Logging adds support for the europe-north2 region. For a complete list of supported regions, see Supported regions.
Support for the Python 3.13 runtime is now in Preview.
Cloud Run functions now supports the Python 3.13 runtime at the Preview release level.
The notebook gallery is now available.
The notebook gallery is a curated collection of notebooks to help you get started using Colab Enterprise. This collection consists of ready-to-use templates and examples to make it easier to learn new techniques, understand best practices, and get projects started quickly. Browse the notebooks by category or use the search bar to find a notebook that helps you get started. See the notebook gallery.
Generally available: Compute flexible committed use discounts (CUDs) are available for the sole-tenancy premium that you pay for eligible sole-tenant node types. Flexible CUDs add flexibility to your Compute Engine spending capabilities by eliminating the need to restrict your commitments to a single project, region, or machine series.
For more information, see Compute flexible CUDs.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for dataflow/apiv1beta3
0.10.6 (2025-04-15)
Bug Fixes
- dataflow: Update google.golang.org/api to 0.229.0 (3319672)
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-datastore
2.21.0 (2025-04-10)
Features
- Add REST Interceptors which support reading metadata (7be9c4c)
- Add support for opt-in debug logging (7be9c4c)
Bug Fixes
Curated Detections has been enhanced with new detection content for Cloud Threats to include rule packs covering Office 365 and Okta. These rule packs are in public preview for customers with a Google Security Operations or Enterprise Plus license.
Curated Detections has been enhanced with new detection content for Cloud Threats to include rule packs covering Office 365 and Okta. These rule packs are in public preview for customers with a Google Security Operations or Enterprise Plus license.
Network Analyzer includes an insight that indicates if a GKE cluster's pod CIDR range isn't included in the ip-masq-agent
ConfigMap. For more information, see GKE IP masquerade configuration insights.
The Execution: Ingress Nightmare Vulnerability Execution
detector of Container Threat Detection is in Preview.
April 20, 2025
Google SecOps SOARRelease 6.3.43 is being rolled out to the first phase of regions as listed here.
This release contains internal and customer bug fixes.
April 19, 2025
Google SecOps SOARRelease 6.3.42 is now available for all regions.
April 18, 2025
Cloud SQL for MySQLCloud SQL for MySQL 8.0.40 is now the default minor version. To upgrade your existing instance to the new version, see Upgrade the database minor version.
New Dataproc Serverless for Spark runtime versions:
- 1.1.99
- 1.2.43
- 2.2.43
The ability to use Git proxy for Git calls to your SCM connections is now generally available.
Parallel file systems for HPC workloads: Added guidance about Google Cloud Managed Lustre.
(2025-R15) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- Version 1.32.2-gke.1182003 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.29.14-gke.1132000
- 1.29.15-gke.1017000
- 1.29.15-gke.1058000
- 1.29.15-gke.1108000
- 1.29.15-gke.1134000
- 1.30.10-gke.1145000
- 1.30.10-gke.1227000
- 1.30.10-gke.1227001
- 1.30.11-gke.1008001
- 1.30.11-gke.1072000
- 1.30.11-gke.1093000
- 1.31.5-gke.1169001
- 1.31.5-gke.1233001
- 1.31.6-gke.1020001
- 1.31.6-gke.1064000
- 1.31.6-gke.1099000
- 1.31.6-gke.1140000
- 1.31.6-gke.1221000
- 1.31.6-gke.1221001
- 1.31.7-gke.1013001
- 1.31.7-gke.1112000
- 1.31.7-gke.1149000
- 1.32.2-gke.1182001
- 1.32.2-gke.1182002
- 1.32.2-gke.1297001
- 1.32.2-gke.1400003
- 1.32.2-gke.1652000
- 1.32.2-gke.1652003
- 1.32.3-gke.1057001
- 1.32.3-gke.1170000
- 1.32.3-gke.1440000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.6-gke.1064001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.32.2-gke.1182003 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.6-gke.1064001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.2-gke.1182003 with this release.
Regular channel
- Version 1.32.2-gke.1182003 is now the default version for cluster creation in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.30.10-gke.1022000
- 1.31.6-gke.1020000
- 1.31.6-gke.1064000
- 1.32.1-gke.1357001
- 1.32.2-gke.1182001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.10-gke.1070000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.31.6-gke.1064001 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.10-gke.1070000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.6-gke.1064001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.2-gke.1182003 with this release.
Stable channel
- Version 1.31.6-gke.1064001 is now the default version for cluster creation in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.29.13-gke.1109000
- 1.30.9-gke.1127000
- 1.30.9-gke.1201000
- 1.30.10-gke.1022000
- 1.31.5-gke.1169000
- 1.31.5-gke.1233000
- 1.31.6-gke.1020000
- 1.31.6-gke.1064000
- 1.32.2-gke.1182001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.10-gke.1070000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.10-gke.1070000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.6-gke.1064001 with this release.
Extended channel
- Version 1.32.2-gke.1182003 is now the default version for cluster creation in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.2451000
- 1.27.16-gke.2477000
- 1.27.16-gke.2528000
- 1.27.16-gke.2573000
- 1.27.16-gke.2650000
- 1.28.15-gke.1844000
- 1.28.15-gke.1881000
- 1.28.15-gke.1940000
- 1.28.15-gke.2003000
- 1.28.15-gke.2097000
- 1.30.10-gke.1022000
- 1.31.6-gke.1020000
- 1.31.6-gke.1064000
- 1.32.1-gke.1357001
- 1.32.2-gke.1182001
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2595000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2027000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.10-gke.1070000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.6-gke.1064001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.2-gke.1182003 with this release.
No channel
- Version 1.32.2-gke.1182003 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.29.13-gke.1109000
- 1.29.14-gke.1132000
- 1.29.15-gke.1017000
- 1.29.15-gke.1058000
- 1.29.15-gke.1108000
- 1.29.15-gke.1134000
- 1.30.9-gke.1046000
- 1.30.9-gke.1201000
- 1.30.10-gke.1022000
- 1.30.10-gke.1145000
- 1.30.10-gke.1227000
- 1.30.10-gke.1227001
- 1.30.11-gke.1008001
- 1.30.11-gke.1072000
- 1.30.11-gke.1093000
- 1.31.5-gke.1169000
- 1.31.5-gke.1169001
- 1.31.5-gke.1233000
- 1.31.5-gke.1233001
- 1.31.6-gke.1020001
- 1.31.6-gke.1064000
- 1.31.6-gke.1099000
- 1.31.6-gke.1140000
- 1.31.6-gke.1221000
- 1.31.6-gke.1221001
- 1.31.7-gke.1013001
- 1.31.7-gke.1112000
- 1.31.7-gke.1149000
- 1.32.1-gke.1729000
- 1.32.2-gke.1182002
- 1.32.2-gke.1297001
- 1.32.2-gke.1400003
- 1.32.2-gke.1652000
- 1.32.2-gke.1652003
- 1.32.3-gke.1057001
- 1.32.3-gke.1170000
- 1.32.3-gke.1440000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.10-gke.1070000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.10-gke.1070000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.31 to version 1.31.6-gke.1064001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.32 to version 1.32.2-gke.1182003 with this release.
(2025-R15) Version updates
- Version 1.32.2-gke.1182003 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.29.14-gke.1132000
- 1.29.15-gke.1017000
- 1.29.15-gke.1058000
- 1.29.15-gke.1108000
- 1.29.15-gke.1134000
- 1.30.10-gke.1145000
- 1.30.10-gke.1227000
- 1.30.10-gke.1227001
- 1.30.11-gke.1008001
- 1.30.11-gke.1072000
- 1.30.11-gke.1093000
- 1.31.5-gke.1169001
- 1.31.5-gke.1233001
- 1.31.6-gke.1020001
- 1.31.6-gke.1064000
- 1.31.6-gke.1099000
- 1.31.6-gke.1140000
- 1.31.6-gke.1221000
- 1.31.6-gke.1221001
- 1.31.7-gke.1013001
- 1.31.7-gke.1112000
- 1.31.7-gke.1149000
- 1.32.2-gke.1182001
- 1.32.2-gke.1182002
- 1.32.2-gke.1297001
- 1.32.2-gke.1400003
- 1.32.2-gke.1652000
- 1.32.2-gke.1652003
- 1.32.3-gke.1057001
- 1.32.3-gke.1170000
- 1.32.3-gke.1440000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.6-gke.1064001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.32.2-gke.1182003 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.6-gke.1064001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.2-gke.1182003 with this release.
(2025-R15) Version updates
- Version 1.32.2-gke.1182003 is now the default version for cluster creation in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.30.10-gke.1022000
- 1.31.6-gke.1020000
- 1.31.6-gke.1064000
- 1.32.1-gke.1357001
- 1.32.2-gke.1182001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.10-gke.1070000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.31.6-gke.1064001 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.10-gke.1070000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.6-gke.1064001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.2-gke.1182003 with this release.
(2025-R15) Version updates
- Version 1.31.6-gke.1064001 is now the default version for cluster creation in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.29.13-gke.1109000
- 1.30.9-gke.1127000
- 1.30.9-gke.1201000
- 1.30.10-gke.1022000
- 1.31.5-gke.1169000
- 1.31.5-gke.1233000
- 1.31.6-gke.1020000
- 1.31.6-gke.1064000
- 1.32.2-gke.1182001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.10-gke.1070000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.10-gke.1070000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.6-gke.1064001 with this release.
(2025-R15) Version updates
- Version 1.32.2-gke.1182003 is now the default version for cluster creation in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.2451000
- 1.27.16-gke.2477000
- 1.27.16-gke.2528000
- 1.27.16-gke.2573000
- 1.27.16-gke.2650000
- 1.28.15-gke.1844000
- 1.28.15-gke.1881000
- 1.28.15-gke.1940000
- 1.28.15-gke.2003000
- 1.28.15-gke.2097000
- 1.30.10-gke.1022000
- 1.31.6-gke.1020000
- 1.31.6-gke.1064000
- 1.32.1-gke.1357001
- 1.32.2-gke.1182001
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2595000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2027000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.10-gke.1070000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.6-gke.1064001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.2-gke.1182003 with this release.
(2025-R15) Version updates
- Version 1.32.2-gke.1182003 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.29.13-gke.1109000
- 1.29.14-gke.1132000
- 1.29.15-gke.1017000
- 1.29.15-gke.1058000
- 1.29.15-gke.1108000
- 1.29.15-gke.1134000
- 1.30.9-gke.1046000
- 1.30.9-gke.1201000
- 1.30.10-gke.1022000
- 1.30.10-gke.1145000
- 1.30.10-gke.1227000
- 1.30.10-gke.1227001
- 1.30.11-gke.1008001
- 1.30.11-gke.1072000
- 1.30.11-gke.1093000
- 1.31.5-gke.1169000
- 1.31.5-gke.1169001
- 1.31.5-gke.1233000
- 1.31.5-gke.1233001
- 1.31.6-gke.1020001
- 1.31.6-gke.1064000
- 1.31.6-gke.1099000
- 1.31.6-gke.1140000
- 1.31.6-gke.1221000
- 1.31.6-gke.1221001
- 1.31.7-gke.1013001
- 1.31.7-gke.1112000
- 1.31.7-gke.1149000
- 1.32.1-gke.1729000
- 1.32.2-gke.1182002
- 1.32.2-gke.1297001
- 1.32.2-gke.1400003
- 1.32.2-gke.1652000
- 1.32.2-gke.1652003
- 1.32.3-gke.1057001
- 1.32.3-gke.1170000
- 1.32.3-gke.1440000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.10-gke.1070000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.10-gke.1070000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.31 to version 1.31.6-gke.1064001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.32 to version 1.32.2-gke.1182003 with this release.
Chrome Enterprise Threats Category
This feature is currently in Preview.
Google SecOps has introduced a new detection category, Chrome Enterprise Threats, as part of the Curated Detections feature. This category provides rule sets for extension and browser threats. For more information, see Overview of Chrome Enterprise Threats Category.
Chrome Enterprise Threats Category
This feature is currently in Preview.
Google SecOps has introduced a new detection category, Chrome Enterprise Threats, as part of the Curated Detections feature. This category provides rule sets for extension and browser threats. For more information, see Overview of Chrome Enterprise Threats Category.
The backups feature for Memorystore for Redis Cluster is now Generally Available (GA).
You can now manage backups for Memorystore for Valkey instances. This feature is Generally Available (GA).
Oracle Database@Google Cloud now lets you provision the Exadata Infrastructure instances with the new model X11M. This feature is generally available (GA). See Create Exadata Infrastructure instances.
The ability of Event Threat Detection to analyze foundational log sources is generally available (GA).
April 17, 2025
Anti Money Laundering AINew minor engine versions released for retail and commercial lines of business within the v004 tuning version. These extend support for the major version and include no significant changes versus the previous minor versions.
The CJIS control package now supports the following products:
- Access Transparency
- Cloud Tasks
- Cloud OS Login API
- Eventarc
- Firebase Security Rules
- Generative AI on Vertex AI
You can now use BigQuery DataFrames version 2.0, which makes security and performance improvements to the BigQuery DataFrames API, adds new features, and introduces breaking changes.
You can use partial ordering mode in BigQuery DataFrames to generate efficient queries. This feature is generally available (GA).
Airflow 2.10.5 is available in Cloud Composer.
Database retention policy is now enabled by default in Google Cloud console and remains disabled in Google Cloud CLI, API, and Terraform.
This feature helps to maintain the Airflow database size. You can enable or disable the database retention policy or adjust the retention period for new and existing environments.
The default environment's service account setting is gradually removed in Cloud Composer. After the change, you'll need to explicitly specify a service account when you create a new Cloud Composer environment. For more information about addressing the change, see the eariler announcement of this change.
In this release, the change is rolling out to the following regions: africa-south1, asia-northeast2, asia-south2, australia-southeast2, europe-north2, europe-southwest1, europe-west8, europe-west10, europe-west12, me-central1, me-central2, me-west1, northamerica-northeast2, northamerica-south1, southamerica-west1, us-east7, and us-south1. It will be rolled out to more regions in future releases.
Cloud Composer 2 environments now always use the environment's service account for performing PyPI packages installations:
- Existing Cloud Composer 2 environments that previously used the default Cloud Build service account now use the environment's service account instead.
- Cloud Composer 2 environments created in versions 2.10.2 and later already have this change.
- Cloud Composer 3 environments already use the environment's service account, and are not affected by this change.
- This change is gradually rolled out to all regions supported by Cloud Composer 2.
Cloud Composer now detects situations when asynchronous tasks are blocked in Airflow triggerers. If a trigger's execution is blocked for more than five minutes, Cloud Composer restarts the triggerer, which solves this transient issue.
(Cloud Composer 3) Key Access Justifications now correctly works for Customer Managed Encryption Keys (CMEK).
The bucket synchronization process doesn't fail if the /plugins
folder isn't available in the environment's bucket.
(Cloud Composer 3) It's now possible to override the default scopes of access tokens. Before the fix, the scope always defaulted to https://www.googleapis.com/auth/cloud-platform
and https://www.googleapis.com/auth/userinfo.email
. This resulted in authentication failures when accessing non-Google Cloud services.
The change is gradually rolled out to the following regions: africa-south1, asia-south2, australia-southeast2, europe-north2, europe-west3, europe-west10, europe-west12, northamerica-south1, southamerica-west1, us-east7, and us-south1. It will be rolled out to more regions in future releases.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.10.5-build.0
- composer-3-airflow-2.10.2-build.13 (default)
- composer-3-airflow-2.9.3-build.20
New images are available in Cloud Composer 2:
- composer-2.12.1-airflow-2.10.5
- composer-2.12.1-airflow-2.10.2 (default)
- composer-2.12.1-airflow-2.9.3
Support dates for previous Cloud Composer 3 builds are available. All Cloud Composer 3 builds with Airflow 2.10.2 are supported until April 17, 2026.
In the Logs Explorer, you can now view the most frequently occurring fields and values in the JSON payload of your logs. For more information, see the Fields pane documentation.
Best practices for using Cloud Storage with media workloads are now available.
New Dataproc on Compute Engine subminor image versions:
- 2.0.137-debian10, 2.0.137-rocky8, 2.0.137-ubuntu18
- 2.1.85-debian11, 2.1.85-rocky8, 2.1.85-ubuntu20, 2.1.85-ubuntu20-arm
- 2.2.53-debian12, 2.2.53-rocky9, 2.2.53-ubuntu22
Dataproc on Compute Engine: The Spark BigQuery connector has been upgraded to version 0.34.1
in the latest 2.2
image version.
Fixed a bug in which Jupyter fails to restart upon cluster restart on Personal Authentication clusters.
You can now use custom constraints with Organization Policy to provide more granular control over specific fields for some Filestore resources. For more information, see Creating custom constraints for Filestore.
Gemini 2.5 Flash with thinking and other well-rounded capabilities is now available in Preview.
(New guide) Oracle E‑Business Suite with Oracle Database on Compute Engine VMs: Shows how to build the infrastructure to run Oracle E‑Business Suite applications with Oracle Database on Compute Engine VMs in Google Cloud.
GKE Inference Gateway is now available to significantly improve the performance, efficiency, and observability of generative AI workloads on GKE.
GKE Inference Gateway provides:
- Improved performance: AI serving tail latency is reduced, and AI serving throughput is increased through inference-optimized load balancing.
- Efficient resource utilization: Enables dense multi-workload serving of multiple LoRA fine-tuned models on a shared accelerator, leading to higher GPU/TPU utilization.
- Simplified operations: Features include model-aware routing, model-specific serving priority, and integrated AI Safety.
- Enhanced observability: Golden signals of observability are provided for inference requests.
Entity Context in Search
This feature enhances security investigations and incident response by letting users search for and view context events related to entities. It incorporates UDM entity context data to provide deeper insights into security incidents.
This feature is currently in Preview.
Entity Context in Search
This feature enhances security investigations and incident response by letting users search for and view context events related to entities. It incorporates UDM entity context data to provide deeper insights into security incidents.
This feature is currently in Preview.
Looker connector enhancements
You can now authorize the Looker connector to use the BigQuery OAuth credentials that you use with Looker, letting you view and interact with Looker Explores that use BigQuery data in Looker Studio. Learn more about how to authorize Looker data sources to use BigQuery OAuth credentials.
Custom organization policies are now generally available for Filestore. For more information, see Creating custom constraints for Filestore.
The discovery findings that Sensitive Data Protection generates in Security Command Center include recommended next steps. This improvement applies to the finding categories listed in Publish data profiles to Security Command Center.
The discovery findings that Sensitive Data Protection generates in Security Command Center include recommended next steps. This improvement applies to the finding categories listed in Publish data profiles to Security Command Center.
April 16, 2025
Cloud Service MeshNew troubleshooting tools for your service mesh are now available. You can get detailed error codes for your Istio resources and check the state of your mesh to identify and resolve configuration problems. Learn more about Resolving configuration issues and Understanding Feature State Conditions.
In-cluster Cloud Service Mesh 1.21 is no longer supported. For more information and to view the earliest end-of-life dates for other versions, see Supported versions.
M129 release
- Updated the Dataproc JupyterLab plugin to version 0.1.85.
You can now create Memorystore for Valkey instances with the Cluster Mode Disabled configuration. This configuration is in addition to the Cluster Mode Enabled configuration that we already support. The Cluster Mode Disabled feature is available in Preview. For more information, see Enable and disable cluster mode.
The polyglot voices feature is only supported in multi-regions.
Persistent resources for custom training is generally available (GA) and supports rebooting.
M129 release
The M129 release of Vertex AI Workbench instances includes the following:
- Updated the Dataproc JupyterLab plugin to version 0.1.85.
April 15, 2025
Apigee AnalyticsOn April 15, 2025 we released an updated version of Apigee Analytics and the Apigee UI.
Starting with this release, the Analytics dashboards available in the Apigee Classic UI redirect to the comparable dashboards in Apigee UI in Cloud console. These dashboards are available exclusively in the Apigee UI in Cloud console going forward.
For information and usage instructions for the Analytics dashboards, see Apigee API Analytics overview.
On April 15, 2025 we released an updated version of Apigee Analytics and the Apigee UI.
Starting with this release, the Analytics dashboards available in the Apigee Classic UI redirect to the comparable dashboards in Apigee UI in Cloud console. These dashboards are available exclusively in the Apigee UI in Cloud console going forward.
For information and usage instructions for the Analytics dashboards, see Apigee API Analytics overview.
Artifact Registry attachments are available in Preview for all repository formats. Attachments are artifacts that store metadata about a related artifact stored in Artifact Registry. To get started with attachments, see Store artifact metadata in attachments.
Fixed markdown rendering issues in chat for IntelliJ Gemini Code Assist.
We are releasing updated versions of the following premium parsers:
- Crowdstrike Detection Monitoring (CS_DETECTS)
- Crowdstrike Falcon (CS_EDR)
- Microsoft Defender for Endpoint
These updates include significant improvements to parser mappings. For a detailed list of all mapping changes, contact your Google SecOps representative.
The new versions will remain in an extended Release Candidate period through the end of May 2025. We recommend that you opt-in early and make any necessary adjustments before these updates become the default.
We are releasing updated versions of the following premium parsers:
- Crowdstrike Detection Monitoring (CS_DETECTS)
- Crowdstrike Falcon (CS_EDR)
- Microsoft Defender for Endpoint
These updates include significant improvements to parser mappings. For a detailed list of all mapping changes, contact your Google SecOps representative.
The new versions will remain in an extended Release Candidate period through the end of May 2025. We recommend that you opt-in early and make any necessary adjustments before these updates become the default.
Regional endpoints are now available in Secure Source Manager. For more information, see Configure data locality by using regional endpoints.
April 14, 2025
Apigee XOn April 14, 2025 we released an updated version of Apigee.
Announcing data collectors data residency (DRZ) compliance for Apigee and Apigee hybrid.
Data collectors can be used with data residency for Subscription and Pay-as-you-go organizations and hybrid versions 1.14.0 and later.
See Data residency compatibility for information.
hybrid 1.11.2-hotfix.3
On April 14, 2025 we released an updated version of the Apigee hybrid software, 1.11.2-hotfix.3.
Apply this hotfix with the following steps:
In your overrides file, update the
image.url
andimage.tag
properties ofao
andruntime
:runtime: image: url: "gcr.io/apigee-release/hybrid/apigee-runtime" tag: "1.11.2-hotfix.3"
Install the hotfix release:
For Helm-managed releases, update the
apigee-env
chart with thehelm upgrade
command and your current overrides files:For each environment in your Apigee org:
helm upgrade ENV_RELEASE_NAME apigee-env/ \ --namespace APIGEE_NAMESPACE \ --set env=ENV_NAME \ --atomic \ -f OVERRIDES_FILE
- ENV_RELEASE_NAME is a name used to keep track of installation and upgrades of the
apigee-env chart
. This name must be unique from the other Helm release names in your installation. Usually this is the same as ENV_NAME. However, if your environment has the same name as your environment group, you must use different release names for the environment and environment group, for exampledev-env-release
anddev-envgroup-release
. For more information on releases in Helm, see Three big concepts in the Helm documentation. - APIGEE_NAMESPACE is your installation's namespace. The default is
apigee
. - ENV_NAME is the name of the environment you are upgrading.
- OVERRIDES_FILE is your edited overrides file.
- ENV_RELEASE_NAME is a name used to keep track of installation and upgrades of the
For
apigeectl
-managed releases:Install the hotfix release with
apigeectl init
using your updated overrides file:${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE --dry-run=client
Followed by:
${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE
Apply the hotfix release with
apigeectl apply
:${APIGEECTL_HOME}/apigeectl apply -f OVERRIDES_FILE --all-envs --dry-run=client
Followed by:
${APIGEECTL_HOME}/apigeectl apply -f OVERRIDES_FILE --all-envs
- For information on upgrading, see Upgrading Apigee hybrid to version 1.11.
- For information on new installations, see The big picture.
- For recommended actions after upgrading, see Validate policies after upgrade to 1.12-hotfix.3.
Stricter class instantiation checks included in this release.
JavaCallout policy now includes additional security during Java class instantiation. The enhanced security measure prevents the deployment of policies that directly or indirectly attempt actions that require permissions that are not allowed.
In most cases, existing policies will continue to function as expected without any issues. However, there is a possibility that policies relying on third-party libraries, or those with custom code that indirectly triggers operations requiring elevated permissions, could be affected.
To test your installation, follow the procedure in Validate policies after upgrade to 1.11.2-hotfix.3 to validate policy behavior.
Bug ID | Description |
---|---|
382967738 | Fixed a vulnerability in PythonScript policy. |
On April 14, 2025 we released an updated version of Apigee.
Announcing data collectors data residency (DRZ) compliance for Apigee and Apigee hybrid.
Data collectors can be used with data residency for Subscription and Pay-as-you-go organizations and hybrid versions 1.14.0 and later.
See Data residency compatibility for information.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, and Feed APIs.
- Eventarc
eventarc.googleapis.com/Channel
eventarc.googleapis.com/ChannelConnection
cos-dev-125-18986-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.86 | v27.5.1 | v2.0.4 | See List |
Updated app-containers/containerd to v2.0.4.
Updated the Linux kernel to v6.6.86.
Modified toolbox to use unified cgroup hierarchy mode, when possible, instead of hybrid mode.
Upgraded app-admin/google-guest-agent to v20250331.00.
Upgraded app-admin/google-guest-configs to v20250328.00.
Upgraded app-containers/docker-credential-helpers to v0.9.3.
Fixed EINTR error in app-container/cni-plugins.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r662.
Upgraded chromeos-base/shill-client to v0.0.1-r4848.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2966.
Upgraded sys-apps/dbus to v1.14.10-r196.
Upgraded chromeos-base/google-breakpad to v2025.04.01.213855-r235.
Upgraded chromeos-base/debugd-client to v0.0.1-r2731.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2827.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2478.
Upgraded chromeos-base/minijail to v18-r164.
Upgraded sys-apps/diffutils to v3.11-r2.
Upgraded net-nds/rpcbind to v1.2.7.
Upgraded net-misc/rsync to v3.4.1.
Upgraded dev-libs/nss to v3.110.
Upgraded sys-libs/libseccomp to v2.6.0-r2.
Upgraded dev-libs/expat to v2.7.1.
Upgraded app-arch/unzip to v6.0_p29.
Runtime sysctl changes:
- Changed: fs.file-max: 811816 -> 811798
cos-121-18867-0-94
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.74 | v27.5.1 | v2.0.4 | See List |
Updated app-containers/containerd to v2.0.4.
Modified toolbox to use unified cgroup hierarchy mode, when possible, instead of hybrid mode.
Fixed EINTR error in app-container/cni-plugins.
Upgraded sys-apps/diffutils to v3.11-r2.
Fixed CVE-2024-58083 in the Linux kernel.
Fixed CVE-2025-21999 in the Linux kernel.
Fixed CVE-2025-21887 in the Linux kernel.
Fixed CVE-2025-21867 in the Linux kernel.
Fixed CVE-2024-58070 in the Linux kernel.
Fixed CVE-2025-21853 in the Linux kernel.
Fixed CVE-2025-21853 in the Linux kernel.
Fixed CVE-2025-21763 in the Linux kernel.
Fixed CVE-2025-21762 in the Linux kernel.
Fixed CVE-2025-21764 in the Linux kernel.
Fixed CVE-2025-21759 in the Linux kernel.
Fixed CVE-2025-21760 in the Linux kernel.
Fixed CVE-2025-21726 in the Linux kernel.
Fixed CVE-2025-21796 in the Linux kernel.
Fixed CVE-2024-50138 in the Linux kernel.
Fixed KCTF-0c3057a in the Linux kernel.
Fixed CVE-2024-57979 in the Linux kernel.
Fixed CVE-2025-21727 in the Linux kernel.
Fixed CVE-2025-21812 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811827 -> 811714
cos-117-18613-164-109
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.72 | v24.0.9 | v1.7.24 | See List |
Modified toolbox to use unified cgroup hierarchy mode, when possible, instead of hybrid mode.
Upgraded sys-apps/diffutils to v3.11-r2.
Upgraded dev-libs/libusb to v1.0.28.
Fixed CVE-2025-21999 in the Linux kernel.
Fixed CVE-2025-21887 in the Linux kernel.
Fixed CVE-2025-21867 in the Linux kernel.
Fixed CVE-2024-58083 in the Linux kernel.
Fixed CVE-2024-58070 in the Linux kernel.
Fixed CVE-2025-21853 in the Linux kernel.
Fixed CVE-2025-21853 in the Linux kernel.
Fixed CVE-2025-21763 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811785 -> 811760
cos-113-18244-291-102
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.123 | v24.0.9 | v1.7.24 | See List |
Modified toolbox to use unified cgroup hierarchy mode, when possible, instead of hybrid mode.
Upgraded sys-apps/diffutils to v3.11-r2.
Upgraded dev-libs/libusb to v1.0.28.
Fixed CVE-2025-22868 in dev-go/oauth2.
Updated dev-libs/expat to v2.7.0. This fixes CVE-2024-8176.
Fixed KCTF-0c3057a in the Linux kernel.
Fixed CVE-2024-35866 in the Linux kernel.
Fixed CVE-2025-21999 in the Linux kernel.
Fixed CVE-2024-58083 in the Linux kernel.
Fixed CVE-2025-21887 in the Linux kernel.
Fixed CVE-2025-21867 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812050 -> 812031
cos-109-17800-436-99
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.124 | v24.0.9 | v1.7.24 | See List |
Modified toolbox to use unified cgroup hierarchy mode, when possible, instead of hybrid mode.
Upgraded net-firewall/iptables to v1.8.11-r1.
Upgraded dev-libs/libusb to v1.0.28.
Upgraded sys-apps/diffutils to v3.11-r2.
Fixed CVE-2025-22868 in dev-go/oauth2.
Updated dev-libs/expat to v2.7.0. This fixes CVE-2024-8176.
Fixed CVE-2024-35866 in the Linux kernel.
Fixed KCTF-0c3057a in the Linux kernel.
Fixed CVE-2024-58083 in the Linux kernel.
Fixed CVE-2025-21887 in the Linux kernel.
Fixed CVE-2025-21867 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812258 -> 812288
Encrypting Dataplex data with customer-managed encryption keys (CMEK) is now available.
Headless web SDK 3.6.4 is released
Headless web SDK 3.6.4 fixes a problem where the virtual agent was sending multiple repeated messages to end-users in chat sessions.
Google Distributed Cloud (software only) for VMware 1.30.800-gke.66 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.800-gke.66 runs on Kubernetes v1.30.11-gke.500.
If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
The following functional change was made in 1.30.800-gke.66:
- Removed support in the Konnectivity server (
konnectivity-server
) for the following weak cryptographic cipher suites: TLS_RSA_WITH_AES_256_GCM_SHA384 and TLS_RSA_WITH_AES_128_GCM_SHA256.
Fixed an issue that prevented user cluster upgrades when Dataplane V2 was explicitly configured with forward mode.
The 1.30.800-gke.66 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.
Release 1.30.800-gke.66
Google Distributed Cloud for bare metal 1.30.800-gke.66 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.800-gke.66 runs on Kubernetes v1.30.11-gke.500.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
The following functional change was made in 1.30.800-gke.66:
- Updated the cluster upgrade operation to keep only the three latest
kubeadm
backups of etcd and configuration information for a node. Previously,kubeadm
kept node backups for every attempted upgrade.
The following issues are fixed in 1.30.800-gke.66:
Fixed an issue that resulted in an excessive creation of periodic
kube-proxy-cleanup
jobs on cluster nodes with high pod utilization.Fixed an issue that caused cluster creation to fail because kubelet restarted before required static pods are running.
Fixed an issue that allowed
bmctl reset
to run in situations where the reset resulted in the loss of quorum for control plane nodes. To run the command without enforcing the quorum, use the newly added--bypass-quorum-check
flag.
The 1.30.800-gke.66 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for pubsub/apiv1
1.49.0 (2025-04-07)
Features
ABAP SDK for Google Cloud version 1.10 (On-premises or any cloud edition)
Version 1.10 of the on-premises or any cloud edition of the ABAP SDK for Google Cloud is generally available (GA). In addition to offering expanded support for more than 294 Google Cloud APIs and few other enhancements, this version introduces the BigQuery AI and ML SDK for ABAP, Business Eventing Toolkit, and the ability to use Cloud Storage as content repository for SAP.
For more information, see What's new with the on-premises or any cloud edition of the ABAP SDK for Google Cloud.
End-to-end tracing is now generally available (GA). Spanner now supports end-to-end tracing, along with client-side tracing in the Node.js and Python client libraries, in addition to Java and Go. For more information, see Trace collection overview.
April 11, 2025
Access TransparencyAccess Transparency supports Backup for GKE in the GA stage.
Agent Assist offers a UI Connector with Salesforce to integrate with voice conversations.
For applicable events, if a context attribute value size limit is exceeded, you are notified through a publishing error (Eventarc Advanced), or attribute names for truncated values are listed in an extension attribute (Eventarc Standard). For more information, see Quotas and limits.
(New guide) Harness CI/CD pipeline for RAG applications: Shows how to implement a continuous integration (CI) and continuous deployment (CD) pipeline for a retrieval-augmented generation (RAG) application in Google Cloud. The architecture uses CI/CD products from Harness to deploy containers to Cloud Run services.
Use of Oracle Linux images provided by Compute Engine with Oracle Database
To run Oracle Database with SAP NetWeaver based applications on Google Cloud, SAP and Oracle have validated the use of the Oracle Linux images provided by Compute Engine.
For more information, see Supported operating systems.
If you set InfoType.version
to latest
when including the MAC_ADDRESS
infoType in your InspectConfig
, Sensitive Data Protection will now include MAC_ADDRESS_LOCAL
findings as type MAC_ADDRESS
in the scan results.
You can still use the old functionality by setting InfoType.version
to stable
, by leaving InfoType.version
unset when using the MAC_ADDRESS
infoType, or by using the MAC_ADDRESS_UNIVERSAL
infoType. In 30 days, the new functionality will be promoted to stable
.
April 10, 2025
Apigee XOn April 10, 2025, we released an updated version of Apigee.
The Apigee Extension Processor is now generally available (GA).
The Apigee Extension Processor lets Apigee customers add API management capabilities to Google Cloud and third-party products and services exposed using Cloud Load Balancing. Select from a range of Apigee policies that enable you to:
- Secure access to your workloads.
- Apply quota enforcement to network traffic.
- Manage Google access token and Google ID token injection to authenticate requests.
- Support native protocols like gRPC, SSE, and HTTP/3.
For more information, see the Apigee Extension Processor overview.
The Bigtable CQL client library for Java is available in Preview.
The Cassandra-Bigtable proxy adapter, which lets you connect your Apache Cassandra-based applications to Bigtable, is available in Preview.
The Bigtable Kafka sink, which lets you directly connect Apache Kafka and Google Cloud Managed Service for Apache Kafka, is now generally available (GA).
Managed APIs for Llama 4 Maverick and Scout are in Preview on Vertex AI. For more information, see the Llama 4 model card.
Design an optimal storage strategy for your cloud workload: Added guidance about Google Cloud Managed Lustre.
The following partner connectors have been added to the Looker Studio Connector Gallery:
- Netsuite by Windsor.ai
- Simplesat by Simplesat
- Pinterest Ads by Porter Metrics
- Recharge by Supermetrics
- Hurma by Hurma
- Shopware 6 Order Analytics by SHOPSY
- Instagram Public by Windsor.ai
When you create a Private Service Connect endpoint to connect to a regional endpoint of a supported service, you can use the public hostname in your configuration—for example, spanner.me-central2.rep.googleapis.com
.
April 09, 2025
AlloyDB OmniAlloyDB Omni is in General Availability on the Aiven Platform. Aiven provides managed AlloyDB Omni as a service on multiple public clouds. For more information, see Store your data on any major cloud.
The alloydb_scann
extension is updated to include the following vector search improvements. These features are generally available (GA):
Inline filtering enables the execution of vector search and filter evaluation through the combined use of vector and secondary indexes. For more information, see "Inline filtering" in the documentation for AlloyDB PostgreSQL and AlloyDB Omni 15.7.1 and 16.3.0.
You can let AlloyDB automatically create multiple parallel workers during index creation when the dataset grows, leading to faster build times. For more information, see "Build indexes in parallel" in the documentation for AlloyDB PostgreSQL and AlloyDB Omni 15.7.1 and 16.3.0.
A distribution histogram is available in the
pg_stat_ann_indexes
view, which helps you understand the distribution of vectors between partitions of your ScaNN index. For more information, including recommendations about tuning thedistributionpercentile
metric, see "Tuning metrics" in the documentation for AlloyDB PostgreSQL, and AlloyDB Omni 15.7.1 and 16.3.0.You can use a query recall evaluator to find the recall for a vector query for a given configuration, and to tune your parameters to achieve the desired vector query recall results for different vector indexes. For more information, see "Measure vector query recall" in the documentation for AlloyDB PostgreSQL, and AlloyDB Omni 15.7.1 and 16.3.0.
The alloydb_scann
extension is updated to include the following vector search improvements in (Preview):
You can enable auto-maintenance for your ScaNN index and let incrementally manage the index such that when your dataset grows, AlloyDB splits large outlier partitions, and tries to provide better QPS and search results. For more information, see "Maintain indexes automatically" in the documentation for AlloyDB PostgreSQL and AlloyDB Omni 15.7.1 and 16.3.0.
Adaptive filtering for ScaNN significantly improves the speed of filtered vector searches. Adaptive filtering automatically selects the most efficient filtering method at runtime. For more information, see "Filtered vector search" and "Adaptive filtering" in the documentation for AlloyDB for PostgreSQL and AlloyDB Omni 15.7.1 and 16.3.0.
You can enable index auto maintenance and adaptive inline filtering together using the
scann.enable_preview_features
Grand Unified Configuration (GUC) parameters. For more information, see "AlloyDB flags" for AlloyDB for PostgreSQL and AlloyDB Omni 15.7.1 and 16.3.0.
AlloyDB for PostgreSQL supports a 1 virtual central processing unit (vCPU) configuration with 8GB of memory, which is suitable for development and sandbox environments. For information about 1 vCPU supported regions and limitations, see Considerations when using 1 vCPU. This feature is in Preview.
AlloyDB supports AI-assisted troubleshooting that helps you resolve complex database performance issues like slow queries and high load. AI-assisted troubleshooting is available in Preview.
AlloyDB AI query engine that builds on model endpoint management, and adds support for AI operators and Vertex AI multimodal and ranking models is available in (Preview). You can combine natural language phrases with SQL queries, like ai.if() for filters and joins, ai.rank() for ordering using ranking models, and ai.generate() for generating summaries of your data, and generate multimodal embeddings.
The alloydb_scann
extension is updated to include the following vector search improvements. These features are generally available (GA):
Inline filtering enables the execution of vector search and filter evaluation through the combined use of vector and secondary indexes. For more information, see "Inline filtering" in the documentation for AlloyDB PostgreSQL and AlloyDB Omni 15.7.1 and 16.3.0.
You can let AlloyDB automatically create multiple parallel workers during index creation when the dataset grows, leading to faster build times. For more information, see "Build indexes in parallel" in the documentation for AlloyDB PostgreSQL and AlloyDB Omni 15.7.1 and 16.3.0.
A distribution histogram is available in the
pg_stat_ann_indexes
view, which helps you understand the distribution of vectors between partitions of your ScaNN index. For more information, including recommendations about tuning thedistributionpercentile
metric, see "Tuning metrics" in the documentation for AlloyDB PostgreSQL, and AlloyDB Omni 15.7.1 and 16.3.0.You can use a query recall evaluator to find the recall for a vector query for a given configuration, and to tune your parameters to achieve the desired vector query recall results for different vector indexes. For more information, see "Measure vector query recall" in the documentation for AlloyDB PostgreSQL, and AlloyDB Omni 15.7.1 and 16.3.0.
The alloydb_scann
extension is updated to include the following vector search improvements in (Preview):
You can enable auto-maintenance for your ScaNN index and let incrementally manage the index such that when your dataset grows, AlloyDB splits large outlier partitions, and tries to provide better QPS and search results. For more information, see "Maintain indexes automatically" in the documentation for AlloyDB PostgreSQL and AlloyDB Omni 15.7.1 and 16.3.0.
Adaptive filtering for ScaNN significantly improves the speed of filtered vector searches. Adaptive filtering automatically selects the most efficient filtering method at runtime. For more information, see "Filtered vector search" and "Adaptive filtering" in the documentation for AlloyDB for PostgreSQL and AlloyDB Omni 15.7.1 and 16.3.0.
You can enable index auto maintenance and adaptive inline filtering together using the
scann.enable_preview_features
Grand Unified Configuration (GUC) parameters. For more information, see "AlloyDB flags" for AlloyDB for PostgreSQL and AlloyDB Omni 15.7.1 and 16.3.0.
AlloyDB for PostgreSQL supports parameterized secure views, which provide a secure interface for application developers by improving data security and row access control while using SQL. This feature is in (Preview). For more information, see Parameterized secure views overview.
AlloyDB AI natural language (Preview) delivers secure and accurate responses for application end user natural language questions. For more information, see AlloyDB AI natural language overview.
AlloyDB supports C4A Arm VMs on Google's custom-built Axiom processors. C4A VMs are available as predefined configurations from 1, 4, 8, 16, 32, 48, 64, and 72 vCPUs, up to 576 GB of DDR5 memory. C4A machines are available in limited regions. This feature is in Preview. For more information, see Considerations when using the 1 vCPU machine type.
AlloyDB now supports managed connection pooling in Preview. You can use managed connection pooling on your instances to improve the reliability, scalability, and performance of your workloads by optimizing resource utilization. For more information, see Configure managed connection pooling.
A bug was identified that can occasionally lead to parties appearing multiple times in prediction results. For engine versions v004.005 and later, this can also impact risk scores.
As of April 09, 2025 this bug has been fixed in-place for all existing engine versions in major version v004.004 and later.
Google recommends checking the risk scores output generated prior to this fix, or with engine versions that have not been fixed.
- For impacted engine versions within major versions v003.000, v004.002 or v004.004: Check whether the same party_id occurs multiple times in predictions output for a given risk_period_end_time. If so, remove these duplicate rows. The risk scores themselves are not affected.
- For impacted engine versions within major version v004.005 or later: Re-run prediction results. Risk scores might have been impacted for this run.
You can create and manage your App Hub applications using app-enabled folders, now available in Preview.
Gemini Cloud Assist in App Hub is supported in Preview. You can use the chat panel to retrieve information about your application in your app-enabled folder with Gemini assistance.
Gemini Cloud Assist for Artifact Registry is in Preview. You can learn about your container images with Gemini assistance.
To learn more, read the Gemini Cloud Assist overview.
Updated pricing, packaging, and setup guidance is now available for Gemini in BigQuery.
You can now combine raster and vector data with the ST_REGIONSTATS
geography function to perform geospatial analysis in BigQuery. For more information, see Work with raster data and try the tutorial that shows you how to use raster data to analyze global temperature by country. This feature is in preview.
You can now use the Apache Arrow format to stream data to BigQuery with the Storage Write API. This feature is available in preview.
Analytics Hub has been renamed BigQuery sharing. You'll see this new name in the documentation set and the marketing collateral. The product functionality and endpoints remain the same. For more information, see Introduction to data governance in BigQuery.
Dataplex Catalog has been renamed BigQuery universal catalog. You'll see this new name in the product page of the Google Cloud console, the documentation set, and the marketing collateral. Universal catalog brings together the data catalog capabilities of Dataplex Catalog and the runtime metastore capabilities of BigQuery metastore. For more information, see Introduction to data governance in BigQuery.
Continuous materialized views for Bigtable are available in Preview.
SQL support for Bigtable is generally available (GA), including an UNPACK
feature that lets you read time series data in a tabular format.
Logical views of Bigtable tables are available in Preview.
The Bigtable Studio query editor is generally available (GA).
The Airflow web server in Cloud Composer 3 requires at least 2 GB of memory when an environment is created or updated. This might lead to longer operation times or failures to perform these operations.
As a workaround, when you create a new Cloud Composer 3 environment or upgrade an existing environment, provide at least 2 GB of memory (default value) to the Airflow web server.
Gemini-powered auto-conversion is now available in Preview for all heterogeneous migration scenarios. You can use code and schema conversion enhancements automatically provided by Gemini to significantly reduce the time and complexity of your database migrations.
For more information about auto-conversion and other AI conversion features, such as conversion assistant or pattern matching, see Accelerate code and schema conversion with Gemini.
Database Migration Service support for heterogeneous SQL Server to PostgreSQL migrations is now available in Preview.
For more information, see:
Cross-Site Interconnect is available in Preview.
Cross-Site Interconnect is a new feature of Cloud Interconnect that helps you establish reliable, high-bandwidth Layer 2 connectivity between your on-premises network sites.
When you order Cross-Site Interconnect wires, Google provisions a transparent Layer 2 overlay over its global network between your two Cross-Site Interconnect locations.
For more information, see the Cross-Site Interconnect overview.
To help you get the right Cloud KMS keys on-demand, for consistent alignment with recommended encryption practices, Cloud KMS Autokey now has a free tier. The free tier covers the following usage:
- 100 free active key versions monthly
- 10,000 free cryptographic operations monthly
The free tier only applies to keys created using Cloud KMS Autokey. Key administration operations including key rotation are always free. For more details, see Cloud Key Management Service pricing
Application Monitoring lets you monitor the resources and infrastructure from the perspective of an App Hub application. The out-of-the-box (OOTB) dashboards generated for your application display log, metric, and incident data. These dashboards can help you understand how your application's resources are performing, and they can help you to diagnose issues. This feature is in Public Preview.
- Application Monitoring overview provides a brief overview of this feature.
- Set up application monitoring describes how to configure an observability scope so that you have an aggregated view of your log, metric, and trace data.
- View application telemetry describes the labels attached to your telemetry data, and it provides guidance about how to explore the OOTB dashboards.
Application Monitoring now supports app-enabled folders and App Hub host projects. For app-enabled folders, the metrics scope of the management project is automatically synchronized with the list of projects in the folder, provided quota is available. This feature is in Public Preview.
- Metrics scopes for app-enabled folders describes the synchronization algorithm and how to view your usage of the metrics scope quota.
Gemini Cloud Assist in Cloud Run is supported in Preview. You can use the chat panel to design, optimize, and troubleshoot your Cloud Run apps with Gemini assistance.
Cloud SQL Enterprise Plus edition now supports a new machine series called the C4A machine series, which provides optimized price-performance and delivers predictable high performance for high demand Cloud SQL workloads. C4A uses a new type of storage called Hyperdisk Balanced, and offers up to 72 vCPUs and up to 576 GB memory. The C4A machine series is available in Preview.
For more information about the C4A machine series and its availability, see Machine series overview.
Query insights for Cloud SQL Enterprise Plus edition is now generally available (GA) for your Cloud SQL Enterprise Plus edition for MySQL instances. Query insights for Cloud SQL Enterprise Plus edition offers fine-grained metrics such as wait events and granular query plan samples for faster root-cause analysis and intelligent index recommendations.
For more information, see Use query insights to improve query performance.
Cloud SQL for Enterprise Plus edition supports AI-assisted troubleshooting. With AI-assisted troubleshooting, you can resolve complex database performance issues like slow queries and high load for your instances in a guided manner. To use AI-assisted troubleshooting, you need Gemini Cloud Assist and query insights for Enterprise Plus edition. AI-assisted troubleshooting is available in Preview.
Cloud SQL Enterprise Plus edition now supports a new machine series called the C4A machine series, which provides optimized price-performance and delivers predictable high performance for high demand Cloud SQL workloads. C4A uses a new type of storage called Hyperdisk Balanced, and offers up to 72 vCPUs and up to 576 GB memory. The C4A machine series is available in Preview.
For more information about the C4A machine series and its availability, see Machine series overview.
Query insights for Cloud SQL Enterprise Plus edition is now generally available (GA) for your Cloud SQL Enterprise Plus edition for PostgreSQL instances. Query insights for Cloud SQL Enterprise Plus edition offers fine-grained metrics such as wait events and granular query plan samples for faster root-cause analysis and intelligent index recommendations.
For more information, see Use query insights to improve query performance.
Cloud SQL for Enterprise Plus edition supports AI-assisted troubleshooting. With AI-assisted troubleshooting, you can resolve complex database performance issues like slow queries and high load for your instances in a guided manner. To use AI-assisted troubleshooting, you need Gemini Cloud Assist and query insights for Enterprise Plus edition. AI-assisted troubleshooting is available in Preview.
Query insights for Cloud SQL Enterprise edition and Cloud SQL Enterprise Plus edition is now generally available (GA) for Cloud SQL for SQL Server. You can also now view the query details, query plans, and statistical query execution charts for your top queries.
For more information, see Use query insights to improve query performance.
Dataplex Catalog has been renamed BigQuery universal catalog.
Database Center is generally available (GA). Database Center is an AI-assisted dashboard that gives you a centralized view across your database fleet. You can view database fleet health issues and recommendations, and you can ask questions about database fleet health issues, including availability configuration, data protection, security, and industry compliance. For more information, see Database Center overview.
Additional supported health issues are available in Database Center. Database Center detects health issues in multiple database products to help you maintain and troubleshoot your database fleet. For more information, see Supported health issues in the Database Center documentation.
You can view incidents and alerting policies in Database Center. Use incidents to be notified when a metric specific to a resource is more or less than a threshold value. Use an alerting policy to create incidents to help you monitor your database fleet resources. For more information, see Monitor your database fleet with alerting policies.
You can create a customized dashboard view that shows only the health issues in your database fleet that you want to see. A dashboard view can be for only you, or it can be shared with other users who have access to your Google Cloud project. For more information, see Create customized dashboard views.
Database Center is integrated with VPC Service Controls to secure data and resources. Use VPC Service Controls to create service perimeters that protect the resources in your database fleet and data of services that you explicitly specify. For more information, see Configure VPC Service Controls.
When you enable Gemini, the following performance recommendations and insights are available in Database Center:
- Inefficient query/index advisor for Cloud SQL
- Analyze option for high resource utilization health recommendation for Cloud SQL and AlloyDB.
For more information, see Supported health issues.
To use Gemini chat, you must open a Google Cloud project. Use Gemini chat to learn more about database fleet health issues in Database Center. For more information, see Use Gemini chat.
Dataplex Catalog has been renamed BigQuery universal catalog. You'll see this new name in the product page of the Google Cloud console, the documentation set, and the marketing collateral. Universal catalog brings together the data catalog capabilities of Dataplex Catalog and the runtime metastore capabilities of BigQuery metastore. For more information, see Introduction to data governance in BigQuery.
Dataproc Serverless for Spark: Gemini Cloud Assist Investigations is available in Preview for the following runtimes:
- 1.1
- 1.2
- 2.2
The Datastream API now supports streaming data to BigLake managed tables. For more information, see Stream data to BigLake managed tables (BLMT).
You can now use account connectors to connect your Google Cloud account with individual accounts on supported non-Google Developer Tools providers. This feature is in Preview.
You can now use Query insights to view query performance metrics for your database. This feature is in Preview.
Firestore is now available on Database Center. You can track your Firestore resources in the fleet inventory section and the resource table in the Database Center. You can also use Database Center to monitor the following health issues for your Firestore resources:
- No automated backup policy
- No point-in-time recovery
For more information about Database Center, see Database Center overview. For more information about health issues supported for Firestore, see Supported health issues.
You can now use Query insights to view query performance metrics for your database. This feature is in Preview.
Gemini Code Assist tools are in Preview. You can use tools to access external services from your IDE. To learn more about tools, see the Gemini Code Assist Tools overview.
Agent Development Kit (ADK) is now available in Preview. For more information, see Agent Development Kit.
Vertex AI Agent Engine
The following features are now available for Vertex AI Agent Engine in Preview:
The following features are now generally available for Vertex AI Agent Engine:
Gemini Live API is now available as a public preview offering and has been updated with the following features:
- Support for responses in 8 voices and 31 languages using Chirp 3
- Updated UI support in Vertex AI Studio
- Expanded conversation session window
- Ability to extend conversation sessions
- Support to share your current screen with Gemini during conversations
- Transcription support for audio in and audio out
- Support to change or update the system instructions mid-session
For more information, see Gemini 2.0 Flash Live API.
Agent Garden is now available in Preview. For more information, see Vertex AI Agent Builder overview or go directly to Agent Garden in the Cloud Console.
Gemini 2.5 Pro is now available as a public preview offering.
For more information, see Gemini 2.5 Pro.
Vertex AI Agent Builder now refers to a suite of features for building and deploying AI agents in Vertex AI. For more information see, Vertex AI Agent Builder overview.
The original Vertex AI Agent Builder product has been renamed AI Applications. The product functionality and endpoints remain the same. For more information, see What is AI Applications?.
Grounding: Grounding with Google Maps is now available as a Public Experimental feature. For more information, see Grounding with Google Maps.
Grounding: Web Grounding for Enterprise is now Generally available. For more information, see Web Grounding for Enterprise.
Design storage for AI and ML workloads in Google Cloud: Updated to include Cloud Storage FUSE, Anywhere Cache, Hyperdisk ML, and Google Cloud Managed Lustre.
(New guide) Optimize AI and ML workloads with Cloud Storage FUSE: Learn how to optimize performance for AI and ML workloads on Google Kubernetes Engine (GKE) by using Cloud Storage FUSE.
Web SDK 2.24.4 patch is released
This patch fixes a cross-site scripting vulnerability.
Looker 25.6 is expected to include the following changes, features, and fixes:
Expected Looker (original) deployment start: Monday, April 14, 2025
Expected Looker (original) final deployment and download available: Thursday, April 24, 2025
Expected Looker (Google Cloud core) deployment start: Monday, April 14, 2025
Expected Looker (Google Cloud core) final deployment: Monday, April 28, 2025
In the Chart Config Editor, you can save a configuration as a template so that you can reuse it in other visualizations or share it as a starting point for other users.
The classification for the version
, versions
, and page_events
API endpoints have been changed from "Admin" to "N/A" in System Activity queries. These endpoints no longer count toward Admin API endpoint quotas.
The Druid JDBC driver has been updated from 1.22.0 to 1.25.0.
The Athena JDBC driver has been updated from 2.0.35.1000 to 2.1.5.1000.
The Dremio JDBC driver has been updated from 4.5.0 to 25.2.0.
The Spark Databricks JDBC driver has been updated from 2.6.34 to 2.7.1.
The Exasol JDBC driver has been updated from 6.2.3 to 24.2.1.
The Denodo JDBC driver has been updated from 8.8.0 to 9.1.3.
The Trino JDBC driver has been updated from 402 to 468.
Looker now supports key-pair authentication for Snowflake connections. Note: This feature is available only in Looker 25.6.17 and later.
An issue has been fixed where an Action Hub query could finish with a complete
status even if the query failed. This feature now performs as expected.
An issue has been fixed where sorting on a table visualization could fail to retrieve cached results, even if cached results were available for the query. This feature now performs as expected.
An issue has been fixed where a dashboard tile could appear to load indefinitely if a user didn't have permission to the model. This feature now performs as expected.
The file browser in the Looker IDE can now display files nested in 21 or fewer folders. The previous limit was 6.
An issue has been fixed where certain LookML validation errors could prevent Looker from successfully retrieving a list of models on the instance. This feature now performs as expected.
If a user doesn't have an email address associated with their Looker account, the schedule dialog will not display the Send Test button.
An issue has been fixed where an empty manifest file could cause the LookML Validator to display an error. This feature now performs as expected.
An issue has been fixed where changing the subtotal column sort on dashboard tiles wouldn't properly update the sort order. This feature now performs as expected.
An issue has been fixed where schedules to SFTP destinations could time out because of long SSH key generation times. This feature now performs as expected.
An issue has been fixed where an embedded folder could still be loading content but not display a loading indicator. This feature now performs as expected.
When uploading a JSON database authentication file to a connection, Looker now requires the file to be configured with the service_account
type.
An issue has been fixed where Looker would return a 500 error when it displayed a visualization with no results when the Grid Layout was set to By Row. This feature now performs as expected.
A new Labs feature, Fast Dev Mode Transition, improves the performance of Development Mode on your instance by loading LookML projects in read-only mode until a developer clicks the Create Developer Copy button for the project.
The New Database Connection Setup feature is now out of Labs and generally available. This feature updates the Add/Edit Connection page with a modernized UI, enhanced validation, connection testing capabilities, and a comprehensive configuration summary. If you want to revert to the legacy connections workflow, you can enable the Use Legacy Connections Page legacy toggle.
The Content Validator scoping feature is now generally available for customer-hosted Looker deployments (the feature is already available for Looker-hosted deployments). This feature lets developers scope the validation to specific LookML projects and a specific content folder (including its subfolders, if any). This can improve the performance of the Content Validator.
An issue has been fixed where embed users could save Looks to shared folders that they didn't have access to if the New Explore & Look Saving Labs feature was enabled. This feature now performs as expected.
The New Database Connection Setup feature is now generally available. This feature updates the Add/Edit Connection page with a modernized UI, enhanced validation, connection testing capabilities, and a comprehensive configuration summary. If you want to revert to the legacy connections workflow, you can enable the Use Legacy Connections Page legacy toggle.
Recommendations for Memorystore for Redis are now available at Database Center. With this release, Database Center displays health issues about the manageability and performance of Memorystore for Redis. This feature is in Preview. For more information, see Database Center overview and Database health issues.
Recommendations for Memorystore for Redis Cluster are now available at Database Center. With this release, Database Center displays health issues about the manageability and performance of Memorystore for Redis. This feature is in Preview. For more information, see Database Center overview and Database health issues.
Gemini Cloud Assist for Flow Analyzer is in Preview. You can generate SQL queries for VPC Flow Logs with Gemini assistance.
Model Armor and GKE integration
Model Armor now enforces security policies uniformly on generative AI inference traffic using a traffic extension. This applies to all application load balancers, including Google Kubernetes Engine Inference Gateway. This feature is in Preview. For more information, see Integration with Google Kubernetes Engine.
IAM recommender findings are now available with project-level activations of Security Command Center.
The Google Kubernetes Engine (GKE) Gateway supports using extensions to add custom logic into the load balancing processing path. For more information, see GKE extensions. This feature is in Preview.
You can configure Model Armor with Service Extensions to protect AI workloads on supported Application Load Balancers. For more information, see Callouts to Google services. This feature is in Preview.
You can use Gemini assistance to help you use system insights to optimize and troubleshoot Spanner resources. For more information, see Optimize and troubleshoot with Gemini assistance.
Spanner offers Cassandra compatibility with API support and new migration tools allowing seamless lift-and-shift migrations of Cassandra applications. For more information, see Migrate from Cassandra to Spanner.
General availability support for the following integration:
April 08, 2025
AlloyDB OmniAlloyDB Omni version 16.3.0 is generally available (GA). Version 16.3.0 includes the following features and changes:
- AlloyDB Omni supports PostgreSQL version 16.3.
- Asynchronous I/O improves performance on systems with atomic writes for high concurrency Online Transaction Processing (OLTP) workloads. This feature is available in Preview.
- You can upgrade your AlloyDB Omni PostgreSQL 15-based containers to AlloyDB Omni PostgreSQL 16 using
pg_upgrade
. For more information, see Upgrade to AlloyDB Omni version 16.3.0 on a VM. - AlloyDB Omni provides additional low-level logs (called "internal logs"), which are useful for debugging database issues. Production users are encouraged to enable this feature for greater observability. We recommend that you enable this feature to improve production observability.
- Active Directory integration lets you use your Active Directory Server to authenticate users for accessing your AlloyDB Omni 16.3.0 databases. This feature is available in Preview. For more information, see Integrate Active Directory with AlloyDB Omni.
- Multiple extensions are updated.
- Multiple GUCs have been updated or added.
- Security fixes for CVE-2024-7348 are implemented.
- Various bug fixes.
AlloyDB Omni version 15.7.1 is generally available (GA). Version 15.7.1 includes the following features and changes:
- AlloyDB Omni supports PostgreSQL version 15.7.
- AlloyDB Omni provides additional low-level logs (called internal logs), which are useful for debugging database issues. Production users are encouraged to enable this feature for greater observability. We recommend that you enable this feature to improve production observability.
- Multiple extensions are updated.
- Multiple GUCs have been updated or added.
- Security fixes for CVE-2024-7348 are implemented.
- Bug fixes.
The PostgreSQL Audit Extension (pgaudit) logging fix In AlloyDB Omni 15.7.0, which enables the pgAudit
extension together with the PostgreSQL logging_collector
parameter, might have resulted in audit logs loss. This issue is fixed in AlloyDB Omni versions 15.7.1 and 16.3.0.
The AlloyDB Omni Kubernetes operator version 1.4.0 is generally available (GA). Version 1.4.0 includes the following new features and changes:
- You can enable Active Directory integration on your Kubernetes-based AlloyDB Omni database cluster so that you can allow your existing Active Directory-based users to access your AlloyDB Omni database. This feature is available in Preview. For more information, see Integrate Active Directory with AlloyDB Omni on Kubernetes.
- You can create backups in any cloud or on-premises object storage systems that are compatible with the Amazon S3 API. For more information, see Create backups to S3-compatible storage (AlloyDB Omni 15.7.1 and 16.3.0).
- You can now access log files from sidecar containers.
- You can manually upgrade your AlloyDB Omni 15 database clusters to AlloyDB Omni 16.3.0 using
pg_upgrade
. For more information, see Migrate to the latest version of AlloyDB Omni on Kubernetes. - Beginning with Kubernetes operator version 1.4.0, the
alloydb_omni_instance_postgresql_wait_time_second_total
metric is renamed toalloydb_omni_instance_postgresql_wait_time_us_total
to reflect the correct unit of the metric value. If you are not already using microseconds (us
) for your metric unit, your queries and dashboard calculations need to change to reflect the correct unit of this metric:seconds
->us
. For more information, see Upgrade your AlloyDB Omni Kubernetes operator to version 1.4.0. - The PgBouncer connection pooler is generally available (GA). This release includes g-pgBouncer 1.4.0, which incorporates features and bug fixes from PgBouncer 1.24.0.
- You can configure the monitoring dashboard on your Grafana operator to visualize metrics using the monitoring endpoint of the Kubernetes operator.
- When the AlloyDB Omni Kubernetes Operator detects low disk space, the Kubernetes Operator reports a low disk space Critical Incident (CI) on the database cluster.
- AlloyDB Omni provides internal logs for debugging database issues. We recommend that you enable this feature to improve production observability. See "Enable internal logging" for AlloyDB Omni 15.7.1 and 16.3.0 for details.
- Disk cache metrics
alloydb_omni_database_postgresql_chill_cache_get_entry_calls_total
andalloydb_omni_database_postgresql_chill_cache_num_hits_total
are exposed when you enable disk cache on AlloyDB Omni versions 15.7.1 and 16.3.0. These metrics are database container-level metrics. For more information, see AlloyDB Omni metrics (15.7.1 and 16.3.0). - Use
alloydb_omni_instance_postgresql_version
to get the current PostgreSQL major version. For more information, see "Database container-level metrics" for AlloyDB Omni 15.7.1 and 16.3.0. - Various bug fixes and performance improvements.
The Kubernetes 1.4.0 DBCluster might have a status of DBClusterReady
even though its endpoint, which allows clients to connect, is not yet ready.
If you use mutating admission webhooks in your Kubernetes cluster, you might experience issues when you create database clusters and the webhooks conflict with the AlloyDB Omni Kubernetes Operator. Examples of mutating admission webhooks include LimitRanger and DefaultTolerationSecond. When the conflict occurs, the database pod repeatedly switches between running and terminating. To work around this issue, disable these webhooks where you run your AlloyDB Omni database cluster.
Action required: You can access Kubernetes operator 1.4.0 high availability (HA) improvements for automatic setup, failover, and healing capabilities starting with AlloyDB Omni 15.7.1 and later. To access these features, see "Migrate to the latest version of AlloyDB Omni on Kubernetes" for AlloyDB Omni 15.7.1 and 16.3.0.
The command to connect to the interactive serial console of a server is changing on May 1, 2025.
Old command:
ssh -i SSH_KEY_ID -p 9600 PROJECT_ID.REGION.SERVER_NAME.USERNAME.bms=true@ssh-serialport.googleapis.com
New command:
ssh -i SSH_KEY_ID -p 9600 PROJECT_ID.REGION.SERVER_NAME.USERNAME.bms=true@\REGION\-ssh-serialport.googleapis.com
We recommend that you update your configurations by April 30, 2025 to avoid any disruptions. For instructions, see Configure serial console.
BigQuery ML now offers a built-in TimesFM univariate time series forecasting model that implements Google Research's open source TimesFM model. You can use BigQuery ML's built-in TimesFM model with the AI.FORECAST
function to perform forecasting without having to create and train your own model. This lets you avoid the need for model management.
To try using a TimesFM model with the AI.FORECAST
function, see Forecast a time series with a TimesFM univariate model.
This feature is in preview.
You can now create, view, modify, and delete Apache Iceberg resources in BigQuery metastore. This feature is generally available (GA).
You can now connect BigQuery metastore to Apache Flink. This feature is generally available (GA).
New Dataproc on Compute Engine subminor image versions:
- 2.2.52-debian12, 2.2.52-rocky9, 2.2.52-ubuntu22
Dataproc on Compute Engine: Fixed an issue with the retrieval of an Access token when using the ranger-gcs-plugin
with 2.2 images.
Previous Custom Extractor versions pretrained-foundation-model-v1.0-2023-08-22
and pretrained-foundation-model-v1.1-2024-03-12
will be deprecated on April 9, 2025. To ensure uninterrupted service, prediction traffic to these versions, including any fine-tuned variants, will be automatically redirected to the latest version, pretrained-foundation-model-v1.4-2025-02-05
.
For guidance on how to fine-tune a new version, refer to the fine tuning documentation.
(New guide) Oracle E-Business Suite with Oracle Exadata in Google Cloud: Shows how to build the infrastructure to run Oracle E-Business Suite applications with Oracle Cloud Infrastructure Exadata in Google Cloud.
Headless web SDK 3.6.3 is released
Headless web SDK 3.6.3 fixes a cross-site scripting vulnerability.
(2025-R14) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- The following versions are now available in the Rapid channel:
Regular channel
There are no new releases in the Regular channel.
Stable channel
There are no new releases in the Stable channel.
Extended channel
- The following versions are now available in the Extended channel:
No channel
- The following versions are now available:
- The following node versions are now available:
(2025-R14) Version updates
- The following versions are now available in the Rapid channel:
(2025-R14) Version updates
There are no new releases in the Regular channel.
(2025-R14) Version updates
There are no new releases in the Stable channel.
(2025-R14) Version updates
- The following versions are now available in the Extended channel:
(2025-R14) Version updates
- The following versions are now available:
- The following node versions are now available:
Google Cloud Managed Lustre is now Generally Available (GA) with access by invitation.
Managed Lustre provides a fully managed parallel file system optimized for AI and HPC applications, with storage capacity up to 1 PB.
To request access to Managed Lustre in your Google Cloud project, contact your sales representative.
Custom organization policies are now generally available for Identity-Aware Proxy. For more information, see Use custom organization policies.
April 07, 2025
AI ApplicationsVertex AI Search: Stream Google Cloud Storage buckets to data stores
In addition to one time and periodic imports from Cloud Storage, you can stream unstructured data from Cloud Storage into a data store. This lets you serve results from the bucket to your users in near real time.
Streaming must be set up at the bucket-level (not at the folder- or file-level), and the bucket may only contain unstructured data.
For general information about creating data stores, see Create a search data store.
Vertex AI Search: Grounded generation with the generateGroundedContent
API
The generateGroundedContent
API to that grounds your answers with your inline text, Vertex AI Search data store, and Google Search is no longer available.
Instead, to generate grounded answers, Google recommends that you use the Generally available groundContent
API. You can either ground your answers with Google Search or with your own data. For more information, see Overview.
BigQuery data preparation is generally available (GA). It offers AI-powered suggestions from Gemini for data cleansing, transformation, and enrichment. BigQuery supports visual data preparation pipelines and pipeline scheduling with Dataform.
You can now create remote models in BigQuery ML based on Llama and Mistral AI models in Vertex AI.
Use the ML.GENERATE_TEXT
function with these remote models to perform generative natural language tasks for text stored in BigQuery tables. Try this feature with the Generate text by using the ML.GENERATE_TEXT
function tutorial.
This feature is generally available (GA).
An updated version of JDBC driver for BigQuery is now available.
Smart-tuning is now supported for materialized views when they are in the same project as one of their base tables, or when they are in the project running the query. This feature is generally available (GA).
BigQuery ML now uses dynamic token-based batching for embedding generation requests. Dynamic token-based batching puts as many rows as possible into one request. This change boosts per-request utilization and improves scalability for any queries per minute (QPM) quota. Actual performance varies based on the embedding content length, with an average 10x improvement.
A weekly digest of client library updates from across the Cloud SDK.
All Cloud Composer environment's GKE clusters are set up with maintenance exclusions from March 27, 2025 to April 12, 2025. For more information, see Maintenance exclusions.
Direct VPC egress support for Cloud Run jobs is now generally available (GA).
You can now configure Identity-Aware Proxy (IAP) for Cloud Run to secure your services with a single click from all ingress paths (in Preview).
Configuring GPU in your Cloud Run service is now generally available (GA).
Cloud Run Threat Detection is available in Preview.
Cloud SQL now supports the Enterprise Plus recommender. Based on your application workloads and resource utilization, the recommender helps you optimize performance by identifying SQL Server instances that might see performance improvements when upgraded to Cloud SQL Enterprise Plus edition.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/storage
7.16.0 (2025-03-31)
Features
Config Connector version 1.130.2 is now available.
New Beta resources (direct reconciler)
New Fields
-
- Added
spec.configmanagement.configSync.stopSyncing
in version1.129.
- Added
-
- Added
spec.defaultBackupScheduleType
field. - Added
spec.labels
field
- Added
New Alpha resources (direct reconciler)
ApphubApplication
BackupDRManagementServer
BackupDRBackupVault
BackupDRBackupPlan
BackupDRBackupPlanAssociation
BatchJob
BigLakeTable
BigQueryReservation
CodeDeployDeliveryPipeline
DataplexLake
DatastreamPrivateConnection
DatastreamConnectionProfile
DocumentAIProcessor
GKEBackupBackupPlan
GKEBackupRestorePlan
NetAppBackupPolicy
NotebooksEnvironment
SpannerInstanceConfig
VertexAIFeaturestore
VMwareEnginePrivateCloud
VMwareEngineNetwork
VMwareEngineNetworkPeering
VMwareEngineNetworkPolicy
WorkflowExecution
Reconciliation Improvements
Added support for direct reconciliation to more resources, with opt-in behaviour. The API is backward compatible. To use the direct reconciler, add the alpha.cnrm.cloud.google.com/reconciler: direct
annotation to the corresponding Config Connector object. The following resources now have direct reconciliation support (and we list some of the issues that this fixes):
- SpannerInstance
- You can use
spec.edition
field to optimize your enterprise edition type - You can use
spec.autoscalingConfig
to automate the scaling instead of manually configurespec.processingUnit
orspec. numNodes
. - You can use the
defaultBackupScheduleType
now. - Behavior Change If you use the SpannerInstance Kubernetes
metadata.labels
to configure your GCP labels, please change them to use thespec.labels
field instead.
- You can use
The basic HDD extended range tier is now generally available to all GKE customers through the Filestore CSI driver.
Premium parsers
Specific high-volume parsers are now categorized as premium. Google aims to address customer issues related to premium parsers as quickly as possible, typically within a few days.
For a complete list of different types of parsers and the level of support that Google provides for each, see Manage prebuilt and custom parsers.
For a complete list of premium parsers, see Default parser configuration and ingestion.
Premium parsers
Specific high-volume parsers are now categorized as premium. Google aims to address customer issues related to premium parsers as quickly as possible, typically within a few days.
For a complete list of different types of parsers and the level of support that Google provides for each, see Manage prebuilt and custom parsers.
For a complete list of premium parsers, see Default parser configuration and ingestion.
Preview: You can now enable IAP directly on your Cloud Run services without configuring load balancers.
For more information, see Configure Identity-Aware Proxy for Cloud Run.
Looker has released version 1.4.2 of the Looker–Power BI Connector. See the Looker–Power BI Connector change log for details about version 1.4.2.
IPv6 subnet exchange is generally available.
You can use export filters to configure a VPC spoke to exchange IPv6 subnet ranges or both IPv4 and IPv6 subnet ranges. For more information, see VPC connectivity with export filters.
For Autonomous Databases, you now have the options to set up public network access and private network access in Google Cloud. This feature is generally available (GA).
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for pubsub/apiv1
1.48.1 (2025-04-01)
Bug Fixes
- pubsub/pstest: Message ordering issue (#11603) (1d6ffc0)
- pubsub: Update golang.org/x/net to 0.37.0 (1144978)
Documentation
- pubsub: Update documentation for JavaScriptUDF to indicate that the
message_id
metadata field is optional instead of required (f437f08)
Cloud Run Threat Detection is available in Preview.
April 06, 2025
Google SecOpsCreate a quick action (Preview)
Administrators can now predefine quick actions for analysts to execute directly within cases and alerts.
The Quick Actions widget can be added to default case and alert views, and customized alert views within playbooks.
For more information, see Create a quick action.
What's New in Google SecOps
At the top of your Google SecOps screen, click the question mark and select What's New to display the top five new features in the Google SecOps platform.
Release 6.3.41 is now available for all regions.
April 05, 2025
Google SecOps SOARRelease 6.3.42 is being rolled out to the first phase of regions as listed here.
Create a quick action (Preview)
Administrators can now predefine quick actions for analysts to execute directly within cases and alerts.
The Quick Actions widget can be added to default case and alert views, and customized alert views within playbooks.
For more information, see Create a quick action.
April 04, 2025
Access ApprovalAccess Approval supports Document AI in the GA stage.
Access Approval supports Storage Intelligence in the GA stage.
BigQuery ML now supports the following generative AI functions, which let you analyze text using a Vertex AI Gemini model. The function output includes a response that matches the type in the function name:
This feature is in preview.
The following resource types are now publicly available through the analyze policy (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning) APIs.
- Compute Engine
compute.googleapis.com/StoragePool
- Discovery Engine
discoveryengine.googleapis.com/Engine
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
You can include pipe syntax in the SQL queries you run on the Log Analytics page. Pipe syntax supports a linear query structure designed to make your queries easier to read, write, and maintain. The pipe syntax feature is generally available (GA).
If you have enabled logging for failures of an uptime check, you can view the logs from the Uptime details page. For more information, see View details of an uptime check.
The rollout of the following extension versions and plugin versions is complete:
Extensions and plugins
- PostGIS is upgraded from 3.4.4 to 3.5.2.
To use these versions of the extensions, update your instance to [PostgreSQL version]. R20250302.00_04
.
If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.
For more information on checking your maintenance version, see Self-service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.
1.25.0-asm.8 is now available for in-cluster Cloud Service Mesh.
You can now download 1.25.0-asm.8 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.25.0 subject to the list of supported features.
The following environment variables are not supported:
- PILOT_MX_ADDITIONAL_LABELS
- PILOT_DNS_CARES_UDP_MAX_QUERIES
- PILOT_DNS_JITTER_DURATION
- PILOT_SEND_UNHEALTHY_ENDPOINTS
The following annotations are not supported:
- networking.istio.io/traffic-distribution
- istio.io/reroute-virtual-interfaces
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh. Cloud Service Mesh version 1.25.0-asm.8 uses Envoy v1.33.1-dev.
There is a known issue where all gateway CRs will see a downtime for status updates when upgrading from 1.24.3 to 1.25.x .
On June, 30, 2024, Red Hat Enterprise Linux (RHEL) 7 will reach end of support and the images marked deprecated on Google Cloud. If you use RHEL 7 images in your project, review RHEL end of support.
On June 30th, 2024, CentOS 7 will reach end of support and the images marked deprecated on Google Cloud. If you use CentOS 7 images in your project, review CentOS end of support guidance .
Optimize log management using extractors
This feature is currently in Preview.
You can now optimize log management by creating extractors to pull specific fields from high-volume log sources. For more information, see Work with extractors.
Optimize log management using extractors
This feature is currently in Preview.
You can now optimize log management by creating extractors to pull specific fields from high-volume log sources. For more information, see Work with extractors.
Google Cloud NetApp Volumes now supports SnapMirror-based volume migration for allow-listed users. This feature lets you migrate from ONTAP-based Flex volumes to NetApp Volumes. For more information, see Volume migration.
Risk Manager is now called Cyber Insurance Hub. Additional insurance partners have been added with expanded customer eligibility.
For detailed information about this product, see the Cyber Insurance Hub documentation.
The Secret Manager add-on for Google Kubernetes Engine (GKE) now supports the automatic rotation of secrets. You can configure the Secret Manager add-on to automatically rotate secrets so that secrets updated in Secret Manager after initial pod deployment are automatically and periodically pushed to the pod. This feature is available in Preview.
For more information, see Configure automatic rotation of secrets.
Spanner has added the PARAMETER_DEFAULT
column to the INFORMATION_SCHEMA.PARAMETERS
table. This column returns the default value of change stream read functions parameters.
April 03, 2025
BigQueryBigQuery migration assessment now includes support for Amazon Redshift Serverless. This feature is in preview.
You can now generate structured data by using BigQuery ML's AI.GENERATE_TABLE
function with Gemini 1.5 Pro, Gemini 1.5 Flash, and Gemini 2.0 Flash models. You can use the AI.GENERATE_TABLE
function's output_schema
argument to more easily format the model's response. The output_schema
argument lets you specify a SQL schema for formatting, similar to the schema used in the CREATE TABLE
statement. By creating structured output, you can more easily convert the function output into a BigQuery table.
Try this feature with the Generate structured data by using the AI.GENERATE_TABLE
function tutorial.
This feature is in preview.
The unification of Cloud Composer 3 billing with BigQuery is paused until further notice. The change was previously scheduled for April 13, 2025.
In recently released Airflow builds of Cloud Composer 3, the Airflow web server requires more CPU to finish its initialization when an environment is created or updated. This might lead to longer operation times or failures to perform these operations.
As a workaround, when you create a new Cloud Composer 3 environment or upgrade an existing environment, provide at least 1 CPU to the Airflow web server.
This issue currently affects composer-3-airflow-2.10.2-build.12 and composer-3-airflow-2.9.3-build.19 Airflow builds.
You can now integrate Cloud SQL for MySQL and Vertex AI (in Preview). This allows you to invoke predictions and generate vector embeddings using models hosted in Vertex AI. To use this integration, update your instance to [MySQL version].R20250304.00_01
.
For more information, see Integrate Cloud SQL with Vertex AI.
New Dataproc Serverless for Spark runtime versions:
- 1.1.98
- 1.2.42
- 2.2.42
Dataproc Serverless for Spark: Installed CUDA, cuDNN and NCCL NVIDIA libraries in 1.2 and 2.2 runtimes.
Google Cloud VMware Engine now supports 24 ve2 node types, enabling precise and efficient environment sizing. See VMware Engine node types for full details.
GKE now provides insights and recommendations that help you identify workloads without resource requests or limits so that you can specify the resource needs for these workloads. Configuring CPU and memory requests and limits for containers is the best practice for improving reliability and performance, and is a necessary prerequisite for understanding and optimizing resource utilization by your workloads and their cost.
Migrate to Virtual Machines supports importing Arm disk images to Google Cloud. For information on operating systems supporting this feature, see Supported operating systems.
In Spanner Graph you can view a visualization of graph elements returned by a Spanner Graph query and of a Spanner Graph schema. A graph query visualization helps you understand the query results by revealing patterns, dependencies, and anomalies in the returned graph elements. A graph schema visualization helps you understand how the nodes and edges in a schema are related. For more information, see Work with Spanner Graph visualizations.
April 02, 2025
AI ApplicationsAI Applications: Renamed from Vertex AI Agent Builder
The Vertex AI Agent Builder product has been renamed AI Applications. You'll see this new name in the product console, the documentation set, and the marketing collateral. The product functionality and endpoints remain the same.
On April 2, 2025, we released an updated version of API Gateway.
With this release, API Gateway meets the regulatory and compliance requirements for support of data residency for data at rest.
For more information, see Google Cloud Platform Services with Data residency.
When the ScaNN index creation updates the reltuples
statistics of a heap table, performance might be degraded for queries involving that table. For information to mitigate the issue, see Analyze your indexed table.
When the ScaNN index creation updates the reltuples
statistics of a heap table, performance might be degraded for queries involving that table. For information to mitigate the issue, see "Analyze your indexed table" in the documentation for AlloyDB for PostgreSQL and AlloyDB Omni.
VPC Service Controls (VPC-SC) integration (Preview)
API hub now integrates with VPC Service Controls, providing enhanced network security for your API hub instance provisioned in Google Cloud. Establish service perimeters to control ingress and egress traffic. For more information, see VPC Service Controls for API hub.
Data Residency Zone (DRZ) compliance
API hub is now compliant with Data Residency Zone (DRZ) C3 requirements. For more information, see API hub locations.
Terraform support for provisioning
You can now provision API hub instances programmatically using Terraform for Google Cloud within Cloud Shell, enabling infrastructure-as-code practices. For more information, see Provision API hub using Terraform.
Plugin Framework
API hub now uses a plugin framework to connect and ingest API metadata from various Google Cloud services and external sources where your APIs are managed or defined. This provides a flexible and extensible way to integrate with your existing API landscape. For more information, see Plugins overview.
API Metadata Curations
API hub introduces a curation process to transform and enrich API metadata ingested by plugins. This ensures consistency across different sources, enabling effective governance, discovery, and management of your APIs. For more information, see Curations overview.
API Supply chain graph view
Visualize and understand the dependencies within your API ecosystem with the new interactive API supply chain graph view. This directed graph allows you to explore the relationships between your APIs and API operations. For more information, see API Supply chain views.
Enhancements to the Operations entity [API only]
You can now add, edit, or delete operations for an API version even if it lacks a specification file or has an unparsable one. For more information, see Manage operations.
Attach API documents
You can now enhance your API documentation by attaching additional relevant files, such as requirements, design documents, and functionality details, directly to your APIs in API hub.
Deprovision an API hub instance [API only]
You can now delete an API hub instance from your Google Cloud project using the ApiHubInstance API. For more information, see Deprovision Apigee API hub.
Build Conversational Agents with Dialogflow CX (Preview)
Application Integration now simplifies the creation of conversational experiences with direct integration with Conversational Agents (Dialogflow CX). Using API triggers, you can now build intelligent chatbots and automated tools directly within your integration workflows, enhancing user interactions and automating tasks.
For more information, see Build conversational agents with Application Integration.
Enhancements to Replay Execution
Application Integration Replay Execution now provides the following enhancements:
- Modify input parameters on replay: You can now modify the input parameters of an integration execution when initiating a replay. This provides greater flexibility in fixing failed executions.
- Continue execution from point of failure: When replaying an integration, you can now choose to continue the execution from the point of the last failure. This will retry the failed task and, upon success, continue the execution from that point, saving time and effort.
For more information, see Introduction to replay executions.
You can now create and use Python user-defined functions (UDFs) in BigQuery. Python UDFs support the use of additional libraries and external APIs. This feature is in preview.
The Python code that you generate using Gemini in BigQuery Notebooks is now much more likely to leverage your data. With this change, BigQuery Notebooks can intelligently pull relevant table names directly from your BigQuery project, resulting in personalized, executable Python code.
You can now generate Dataframes code in BigQuery Notebooks that use BigFrames libraries. In your code generation prompt, include the word BigFrames
to generate code that uses BigQuery DataFrames. This feature is in preview.
Deploying multiple containers (sidecars) to a Cloud Run job is now generally available. (GA)
Generally available: You can manage OS policy assignments across projects and zones at scale in large organizations using the OS policy orchestrator feature in VM Manager. OS policy assignment was previously available only for zonal resources in a project. For more information, see About OS Policy Orchestrator.
All processors can now extend the Maximum page limit for online and synchronous requests up to 30 pages.
To do so, enable imageless_mode
in ProcessRequest.
For Custom Extractor, you will need to first request to be allowlisted for this feature by filling out the form Allowlist Request for 30 Page limit in CDE.
Version 3.33 is released
All release notes published on this date are part of version 3.33.
The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.
Salesforce CRMs: attach a CCaaS session object to a CRM record if a matching CRM record is found
For Salesforce CRMs, when you append a call or chat session to the latest open record, you have the option to attach a CCaaS session object to a CRM record if a matching CRM record is found. For more information, see Session data mapping by CRM.
New options for CRM comments when saving call recordings and chat transcripts to external storage
When you save call recordings and chat transcripts to external storage, you can control how these are referenced in the CRM record. You now have the following options:
- Add a call recording or chat transcript link as a comment in the CRM record.
- Add the call recording or chat transcript filename as a comment in the CRM record.
- Don't add any reference to the call recording or chat transcript in the CRM record.
To make comments consistent across CRM platforms, we've standardized on the following phrases in CRM comments: Chat Transcripts, Call Recordings, and Voicemails.
For more information, see Configure CRM comments.
New call type in reports: Voice Outbound (UCaaS)
We've added the Voice Outbound (UCaaS) report type to the Create Reports page for calls and chats so you can generate reports that contain this type of call. For more information, see Call and chat types.
Conditional overcapacity deflections
You can now enable conditional overcapacity deflections for calls. You can choose from a number of wait-time conditions or time-of-day conditions, and you can create a distinct deflection message for each each condition that you configure.
Administrators: be aware that configuring conditional overcapacity deflections can override queue-level settings.
For more information, see Configure call settings .
New post events for virtual task assistants
The following new virtual task assistant post events are available:
- Virtual task assistant joined
- Virtual task assistant left
- Virtual task assistant session variables received
The agent adapter can use the browser's postMessage()
method to send events to the parent iFrame to trigger various actions in your custom CRM application.
Administrators: if you use virtual agents to capture session variables and display them in any downstream integrations such as a CRM or the agent adapter, you must use these new post events. Review your current implementation and remap session variable associations as needed. The existing Dialogflow payload for custom session variables has also been updated to support data selection for virtual task assistant post events.
For more information, see Post events for virtual task assistants.
Bulk agent status import improvements
When you import agent statuses in bulk, the Import Statuses dialog now indicates when the upload is complete and sends you a confirmation email. For more information, see Bulk status management.
Configure a contact list destination to pass data parameters to a SIP header
You can configure a contact list destination to pass data parameters to a SIP URI when an agent uses the destination to make an outbound call or transfer a call. For more information, see Add a destination to a contact list.
View transcripts for completed chats
If you save chat transcripts in external storage, you can view them from the Completed Chats dashboard. This capability is not available in version 3.33. We expect to include it in an upcoming release.
Session metadata contains conversation IDs for virtual agents and Agent Assist
The session metadata file now contains the conversation ID for a virtual agent or for Agent Assist if either of those are involved in a session.
Administrators: if you're directly mapping session metadata fields in downstream systems, review your current implementation and remap your field associations as needed.
For more information, see Sessions metadata content.
Fixed a cross-site scripting vulnerability
This update fixes a cross-site scripting vulnerability.
The following issues were addressed in this release:
- Fixed an issue where users couldn't deactivate a disposition code or list that was assigned to a queue when the queue was deleted prior to the deactivation.
- Fixed an issue in Kustomer integrations where an outbound call to a number that wasn't in the CRM wasn't creating a record.
- Fixed an issue where the button to assign a record ID to a session was missing from the agent adapter.
- Fixed an issue for the Customer End User Dial '0' Behavior queue settings. After a user selected and saved the Dialing '0' moves user back up one level in IVR setting, an error was returned when they attempted to select a different setting.
- Fixed an issue where NICE call recordings failed and returned an
Exception 12
error. - Fixed an issue where agents couldn't transfer call or chat sessions to another queue. This occurred when all assigned agents in the destination queue were unavailable or at the concurrency limit.
- Fixed an issue where searches for chat shortcuts were case sensitive. These searches are now case insensitive.
- Fixed an issue where the option to select the account ID and record ID for a session appeared in the agent adapter even when they were configured in the platform to not appear.
- Fixed an issue where the call flexible inbound record ID for a session was not automatically suggested in the agent adapter.
- Fixed an issue where no records were displayed in the Record ID field during wrap up.
- Fixed an issue where the first open record created by the end-user was selected instead of Create New Record being selected.
- Fixed an issue where the default value for the record ID for a session was not the most recently closed and updated record.
- Fixed an issue in Salesforce integrations where the Answer button in the agent adapter didn't appear for incoming calls. This happened after the agent clicked the Assign button multiple times while attempting to assign a record ID or account ID to a session during wrap up.
- Fixed an issue where the Assign button appeared in the agent adapter during wrap-up even when the account ID and record ID were already assigned to the session.
- Fixed an issue where the Assign button in the agent adapter was clickable multiple times during wrap up. Now, after an agent assigns a record ID or account ID to a session, the Assign button is no longer active.
- Fixed an issue where the option to assign a record ID or account ID to a session didn't appear during wrap up even though the agent didn't make these assignments during the call.
- Fixed an issue where the Next button for assigning a record ID or account ID to a session was inactive until the agent made a different selection.
- Fixed an issue where the Agent Assist icon didn't appear in the agent adapter when an agent returned to an inactive chat.
- Fixed an issue where an error was returned when a user attempted to assign an email session to another user.
- Fixed an issue in workforce management where the day planner didn't display the green checkmark after a file was imported.
- Fixed an issue in workforce management where the green success message didn't appear for some forecast types.
- Fixed an intermittant issue where the chat adapter was not appearing when incoming chat sessions arrived.
- Fixed an issue to preserve expected chat adapter behavior when switching to a custom CRM.
- Fixed an issue where the data passed in SIP headers was malformatted if the SIP endpoint was selected from the contact list.
- Fixed an issue in the agent desktop where the chat window was unavailable after an agent ended a session that was transferred or routed from a virtual agent chat session.
- Fixed an issue to ensures that a customer who returns to an inactive chat after hours sees an "after hours" message.
- Fixed an issue where agents couldn't add attachments to emails.
- Fixed a date and time mismatch issue in Alvaria agent productivity files generated by Google Cloud CCaaS.
- Fixed an issue where Chrome's built-in spelling checker was not working in the chat adapter.
(2025-R13) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- The following versions are now available in the Rapid channel:
Regular channel
There are no new releases in the Regular channel.
Stable channel
There are no new releases in the Stable channel.
Extended channel
- The following versions are now available in the Extended channel:
No channel
- The following versions are now available:
- The following node versions are now available:
(2025-R13) Version updates
- The following versions are now available in the Rapid channel:
(2025-R13) Version updates
There are no new releases in the Regular channel.
(2025-R13) Version updates
There are no new releases in the Stable channel.
(2025-R13) Version updates
- The following versions are now available in the Extended channel:
(2025-R13) Version updates
- The following versions are now available:
- The following node versions are now available:
Automatic application monitoring is now generally available in GKE versions 1.28 and later. When configured on GKE clusters, this feature automatically collects key metrics with Google Cloud Managed Service for Prometheus and provides out-of-the-box dashboards for monitoring the supported workloads. Automatic application monitoring supports six new AI model servers (NVIDIA Triton, vLLM, TGI, JetStream, TorchServe and TensorFlow Serving). For more information, see Configure automatic application monitoring.
Medium Priority rule set
Google SecOps has introduced a new rule set, Medium Priority, in Applied Threat Intelligence (ATI). This rule set extends the capabilities of the ATI indicator prioritization model and expands prioritization logic to include commodity malware. For more information, see Applied Threat Intelligence priority overview.
Medium Priority rule set
Google SecOps has introduced a new rule set, Medium Priority, in Applied Threat Intelligence (ATI). This rule set extends the capabilities of the ATI indicator prioritization model and expands prioritization logic to include commodity malware. For more information, see Applied Threat Intelligence priority overview.
Memorystore for Valkey is now Generally Available (GA).
Multi-VPC support for Memorystore for Valkey is now Generally Available (GA). This functionality enables you to create Private Service Connect endpoints in multiple VPCs to connect to the same Memorystore for Valkey instance. This provides you with enhanced flexibility and resilience for your network architecture. For more information, see About multiple VPC networking.
The cross-region replication feature for Memorystore for Valkey is now Generally Available (GA). This release includes Terraform support for cross-region replication on Memorystore for Valkey.
You can now upgrade the version of your Memorystore for Valkey instance from 7.2 to 8.0. For more information, see About upgrading the Valkey version of an instance. This feature is Public Preview.
When activating Security Command Center Enterprise, you can monitor the provisioning status and progress of initial scans. This capability is in Preview.
The MAC_ADDRESS_UNIVERSAL
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
Chirp 3: HD voices with 8 speakers and 31 locales is now GA. It offers real-time streaming and batch processing capabilities and is accessible in global, us, eu, and asia-southeast1 regions.
Explore the latest Chirp 3: HD voices capabilities. Find out their full potential by visiting our updated documentation, specifically the voice controls section.
General availability support for the following integration:
April 01, 2025
BigQueryPipe syntax supports a linear query structure designed to make your queries easier to read, write, and maintain. This feature is generally available (GA).
You can use a CREATE MODEL
statement to create a contribution analysis model in BigQuery ML. The top_k_insights_by_apriori_support
and pruning_method model
options are now supported. You can use a contribution analysis model with the ML.GET_INSIGHTS
function to generate insights about changes to key metrics in your multi-dimensional data. The following metric types are supported:
This feature is generally available (GA).
New Dataproc on Compute Engine subminor image versions:
- 2.2.51-debian12, 2.2.51-rocky9, 2.2.51-ubuntu22
Dataproc on Compute Engine: Hyperdisk-Balanced is now the default primary disk type when creating a cluster from the console.
Dataproc on Compute Engine: Fixed incorrectly attributed Dataproc job logs in Cloud Logging for clusters created with 2.2+ image versions. This happened when multiple Dataproc jobs were running concurrently on the same cluster.
Dialogflow CX (Conversational Agents): Data store tools no longer require the use of a playbook and can be used with any agent. For information about configuring data store tools for a flow-based agent, see the data store tools documentation.
Dialogflow CX (Conversational Agents): The gemini-1.0-pro
model is deprecated as of March 24, 2025 and has been automatically upgraded to the gemini-1.5-flash-001
model. This change applies to the following features:
- Playbooks
- Data stores
- Generators
Dialogflow CX (Conversational Agents): AI generation of language-specific information, entities and training phrases is now GA.
Dialogflow CX (Conversational Agents): All prebuilt agents are now GA.
Code customization for chat is generally available (GA) for VS Code and IntelliJ Gemini Code Assist. This feature provides contextually relevant code suggestions and insights in your IDE's Gemini Code Assist chat interface. Code customization for chat is available without any additional configuration required. For more information on how to use code customization for chat effectively, see Use code customization.
The following features have been added to Studio in Looker, which is available in preview:
- You can connect to Google BigQuery and Google Sheets using Owner's Credentials.
- Localized number formatting is supported.
Terraform support for using NFS solutions with SAP HANA scale-out HA deployments
While using Terraform to deploy an SAP HANA scale-out HA system on Google Cloud, you can use existing NFS solutions to share the /hana/shared
and /hanabackup
volumes with the worker hosts in your deployment:
- For the
/hana/shared
volume, use theprimary_sap_hana_shared_nfs
andsecondary_sap_hana_shared_nfs
arguments. - For the
/hanabackup
volume, use theprimary_sap_hana_backup_nfs
andsecondary_sap_hana_backup_nfs
arguments.
These optional arguments are available from version 1.3.730053050 of the sap_hana_ha
Terraform module provided by Google Cloud. For more information, see Terraform: SAP HANA scale-out high-availability cluster configuration guide.
March 31, 2025
AlloyDB for PostgreSQLIf your cluster is encrypted with a customer-managed encryption key (CMEK), and no specific CMEK key is configured for continuous or automated backups, then backups will be created with the cluster CMEK. For more information, see About CMEK and Configure backup plans.
On March 31, 2025, we released an updated version of Apigee (1-15-0-apigee-2).
New flow variable suffixes available for accessing base64-encoded message content.
There are two new read-only flow variable suffixes available for accessing message content in base64-encoded form:
content.as.base64
content.as.url.safe.base64
These variable suffixes can be used with the request
, response
, and message
objects, as well as with any Message
object created implicitly during API proxy execution when using the AssignMessage or ServiceCallout policies.
For more information, see Flow variables reference.
Bug ID | Description |
---|
| N/A | Updates to security infrastructure and libraries.
Iceberg external tables now support merge-on-read. You can query Iceberg tables with position deletes and equality deletes. This feature is generally available (GA).
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-bigquery
3.31.0 (2025-03-20)
Features
- Add query text and total bytes processed to RowIterator (#2140) (2d5f932)
- Add support for Python 3.13 (0842aa1)
Bug Fixes
- Add property setter for table constraints, #1990 (#2092) (f8572dd)
- Allow protobuf 6.x (0842aa1)
- Avoid "Unable to determine type" warning with JSON columns in
to_dataframe
(#1876) (968020d) - Remove setup.cfg configuration for creating universal wheels (#2146) (d7f7685)
Dependencies
On the Scheduling page, you can now view existing schedules, create new schedules, and perform other actions for data preparations, notebooks, BigQuery pipelines, and scheduled queries. For more information, see Create a pipeline schedule. This feature is generally available (GA).
You can build BigQuery pipelines (formerly workflows), composed of SQL queries or notebooks, in BigQuery Studio. You can then run these pipelines on a schedule. You can also configure notebook runtimes for a pipeline, share a pipeline, or share a pipeline link. This feature is generally available (GA).
You can now define a _CHANGE_SEQUENCE_NUMBER
for BigQuery change data capture (CDC) to manage streaming UPSERT
ordering for BigQuery. This feature is generally available (GA).
BigQuery now supports subqueries in row level access policies. It also includes support for BigLake managed tables and the BigQuery Storage Read API. This feature is now generally available (GA).
You can now use BigQuery Data Transfer Service for Search Ads to view Performance Max (PMax) campaign data for the following tables:
- CartDataSalesStats
- ProductAdvertised
- ProductAdvertisedDeviceStats
- ProductAdvertisedConversionActionAndDeviceStats
This feature is generally available (GA).
You can now configure the repeat frequency of BigQuery Data Transfer Service for Google Ad Manager. This option has a default of every 8 hours and a minimum of every 4 hours. This feature is generally available (GA).
You can now skip loading match tables for BigQuery Data Transfer Service for Google Ad Manager. If match tables are not needed, you can set parameter load_match_tables
to FALSE
. This feature is generally available (GA).
You can include data preparation tasks in BigQuery pipelines that execute your code assets in sequence at a scheduled time. This feature is in Preview.
A weekly digest of client library updates from across the Cloud SDK.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Security Command Center Management API
securitycentermanagement.googleapis.com/EventThreatDetectionCustomModule
securitycentermanagement.googleapis.com/SecurityCenterService
securitycentermanagement.googleapis.com/SecurityHealthAnalyticsCustomModule
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, and Feed APIs.
- Eventarc
eventarc.googleapis.com/Enrollment
eventarc.googleapis.com/GoogleApiSource
eventarc.googleapis.com/MessageBus
eventarc.googleapis.com/Pipeline
Cloud Data Fusion version 6.9 is no longer supported. You should upgrade your instances to run in a supported version. For instructions, see Manage version upgrades for instances and pipelines.
Cloud Deploy support for timed promote is now generally available.
Cloud Deploy support for deploy policies is now generally available.
Cloud Deploy support for repair rollout automation is now generally available.
Cloud SQL now supports Managed Connection Pooling (MCP) in Preview, which lets you scale your workloads by optimizing resource utilization for your Cloud SQL instances using pooling. To use Managed Connection Pooling, update your instance to [MySQL version].R20250302.00_04
.
For more information, see Managed Connection Pooling overview.
Cloud SQL now supports Managed Connection Pooling (MCP) in Preview, which lets you scale your workloads by optimizing resource utilization for your Cloud SQL instances using pooling. To use Managed Connection Pooling, update your instance to [PostgreSQL version].R20250302.00_04
.
For more information, see Managed Connection Pooling overview.
Additional functionality is now available for the bucket IP filtering feature:
You can use IP filtering for buckets in all regions, dual-regions, and multi-regions.
You can use custom organization policies to enforce IP filtering.
Storage batch operations for Cloud Storage is now generally available (GA). Using storage batch operations, you can perform operations on billions of Cloud Storage objects in a serverless manner. To learn more about storage batch operations, see Overview of storage batch operations.
You can now use metrics to monitor Cloud Storage FUSE performance. For more information, see Cloud Storage FUSE metrics.
Flex-start for Cloud TPU, powered by Dynamic Workload Scheduler, is available in Preview. Flex-start is a flexible and cost-effective consumption option for AI workloads. Flex-start enables you to dynamically provision TPUs for up to 7 days using the queued resources API, without long-term reservations. This option is ideal for quick experimentation, small-scale testing, dynamic inference provisioning, and model fine-tuning. For more information about Flex-start for Cloud TPU, see Request Cloud TPUs using Flex-start.
Preview: You can switch to a default runtime with GPUs by using a button in your Colab Enterprise notebook. To enable a default runtime with GPUs for your users, see Enable default runtimes with GPUs.
Compute Engine provides the interactive serial console for troubleshooting malfunctioning instances. The serial console SSH key endpoint is deprecated and a new serial SSH key endpoint is available. For more information, see Serial console SSH host key endpoint deprecation.
Support for Confidential Space on Intel CPUs (C3 machine family) with Intel TDX is now generally available.
Confidential Space now allows adding specific Linux capabilities, including CAP_SYS_ADMIN, and provides a namespaced read or write cgroup.
New Confidential Space images (250300 and 250301) are now available.
cos-105-17412-535-98
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.173 | v23.0.3 | v1.7.23 | See List |
Updated dev-go/net to v0.33.0. This fixed CVE-2023-45288.
Fixed CVE-2025-21763 in the Linux kernel.
Fixed CVE-2025-21764 in the Linux kernel.
Fixed CVE-2025-21762 in the Linux kernel.
Fixed CVE-2025-21760 in the Linux kernel.
Fixed CVE-2025-21726 in the Linux kernel.
Fixed KCTF-fcdd224 in the Linux kernel.
Fixed CVE-2024-53174 in the Linux kernel.
Fixed CVE-2024-53194 in the Linux kernel.
Fixed CVE-2024-56558 in the Linux kernel.
Fixed CVE-2024-57979 in the Linux kernel.
Fixed CVE-2025-21727 in the Linux kernel.
Fixed CVE-2025-21796 in the Linux kernel.
Fixed CVE-2024-58005 in the Linux kernel.
Fixed CVE-2025-21846 in the Linux kernel.
Fixed CVE-2025-21844 in the Linux kernel.
Fixed CVE-2024-57977 in the Linux kernel.
Fixed CVE-2024-57977 in the Linux kernel.
Fixed CVE-2025-21745 in the Linux kernel.
Fixed CVE-2025-21814 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812690 -> 812692
cos-109-17800-436-91
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.124 | v24.0.9 | v1.7.24 | See List |
Updated dev-go/net to v0.33.0. This fixed CVE-2023-45288.
Fixed CVE-2025-21763 in the Linux kernel.
Fixed CVE-2025-21764 in the Linux kernel.
Fixed CVE-2025-21760 in the Linux kernel.
Fixed CVE-2025-21762 in the Linux kernel.
Fixed CVE-2025-21726 in the Linux kernel.
Fixed KCTF-fcdd224 in the Linux kernel.
Fixed CVE-2024-57979 in the Linux kernel.
Fixed CVE-2025-21727 in the Linux kernel.
Fixed CVE-2025-21796 in the Linux kernel.
Fixed CVE-2025-21812 in the Linux kernel.
Fixed CVE-2024-56549 in the Linux kernel.
Fixed CVE-2023-52927 in the Linux kernel.
Fixed CVE-2024-57977 in the Linux kernel.
Fixed CVE-2024-57977 in the Linux kernel.
Fixed CVE-2024-58005 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812224 -> 812258
cos-117-18613-164-98
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.72 | v24.0.9 | v1.7.24 | See List |
Updated dev-libs/expat to v2.7.0. This fixes CVE-2024-8176.
Fixed CVE-2025-21762 in the Linux kernel.
Fixed CVE-2025-21759 in the Linux kernel.
Fixed CVE-2025-21764 in the Linux kernel.
Fixed CVE-2025-21760 in the Linux kernel.
Fixed CVE-2025-21726 in the Linux kernel.
Fixed CVE-2024-56549 in the Linux kernel.
Fixed KCTF-0c3057a in the Linux kernel.
Fixed CVE-2024-57979 in the Linux kernel.
Fixed CVE-2025-21727 in the Linux kernel.
Fixed CVE-2025-21796 in the Linux kernel.
Fixed CVE-2025-21812 in the Linux kernel.
Fixed CVE-2024-50138 in the Linux kernel.
Fixed CVE-2024-57977 in the Linux kernel.
Fixed CVE-2024-57977 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811744 -> 811785
cos-113-18244-291-93
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.123 | v24.0.9 | v1.7.24 | See List |
Update dev-go/net to v0.33.0. This fixed CVE-2023-45288.
Fixed CVE-2025-21763 in the Linux kernel.
Fixed CVE-2025-21762 in the Linux kernel.
Fixed CVE-2025-21764 in the Linux kernel.
Fixed CVE-2025-21760 in the Linux kernel.
Fixed CVE-2025-21726 in the Linux kernel.
Fixed KCTF-fcdd224 in the Linux kernel.
Fixed CVE-2024-57979 in the Linux kernel.
Fixed CVE-2025-21727 in the Linux kernel.
Fixed CVE-2025-21796 in the Linux kernel.
Fixed CVE-2025-21812 in the Linux kernel.
Fixed CVE-2024-56549 in the Linux kernel.
Fixed CVE-2023-52927 in the Linux kernel.
Fixed CVE-2024-57977 in the Linux kernel.
Fixed CVE-2024-57977 in the Linux kernel.
cos-beta-121-18867-0-75
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.74 | v27.5.1 | v2.0.2 | See List |
Updated dev-libs/expat to v2.7.0. This fixes CVE-2024-8176.
Fixed CVE-2024-57977 in the Linux kernel.
Fixed CVE-2024-57977 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811789 -> 811827
cos-dev-125-18971-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.84 | v27.5.1 | v2.0.2 | See List |
Updated the Linux kernel to v6.6.84.
Runtime sysctl changes:
- Changed: fs.file-max: 811727 -> 811816
New Dataproc Serverless for Spark runtime versions:
- 1.1.97
- 1.2.41
- 2.2.41
Dataproc Metastore federation now supports multi-regional Dataproc Metastore services.
Public preview: Google Cloud Managed Service for Apache Kafka now supports Kafka Connect. Kafka Connect provides a curated set of built-in connector plugins hosted in Connect clusters. Configure these connector plugins to create connectors that let you stream data at scale between Managed Service for Apache Kafka clusters and other systems, such as external Kafka deployments, BigQuery, Cloud Storage, or Pub/Sub. For more information, see Kafka Connect overview.
Modern charts general availability
Modern charts offers new chart styling, new default theme colors, new chart configuration options, new axis customization options, and new chart settings that give report creators greater control over how data is curated and presented to users.
This feature is now generally available and is the default for all new Looker Studio reports. Existing reports must be upgraded to use modern charts. Classic report themes are still available in the Themes panel.
Looker connector enhancements
The following enhancements to the Looker connector are now generally available:
- The Looker connector can now connect to a private IP (private services access) only Looker (Google Cloud core) instance or to a private IP (Private Service Connect) Looker (Google Cloud core) instance using the Looker instance ID.
Responsive reports
You can now select between Freeform and Responsive layouts when creating a report.
- The freeform report layout is the default option. This layout is tailored for desktop screens.
- The responsive report layout scales well across many different screen sizes. Choose this layout if you expect your users to regularly view the report on a tablet or other mobile device.
Query results variables
Query result variables let you insert data directly into text elements.You can choose a cell from a table as a "query result" to insert into a text element, and Looker Studio will keep the result up to date.
YouTube Connector update
On March 31, 2025, YouTube changed the way views are calculated. Learn more about this change.
Release 1.5.0
This release is not a critical update, unless you are directly impacted by the bug fixes, you don't need to update, and you can wait for future releases before updating.
- Metadata Versioning: To enhance the query readability of the metadata instances, MDE v1.5.0 introduced a new field called
validFrom
that designates the time when a particular metadata instance is effective. MDE uses this field to check which metadata instance picks based on the source message event time, not processing time, enabling accurate historical data representation. For more information, see Versioning metadata buckets.
- Configuration Packages: Introduces a file-based configuration package system for atomic deployments and GitOps integration. For more information, see Upload configuration package and File content.
- Development Mode: Adds a "Development Mode" to allow deletion of MDE entities and configuration packages, use with caution. For more information, see Development mode.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/pubsub
4.11.0 (2025-03-27)
Features
Bug Fixes
Spanner now supports the following GoogleSQL JSON mutator functions:
JSON_ARRAY_APPEND()
JSON_ARRAY_INSERT()
JSON_REMOVE()
JSON_SET()
JSON_STRIP_NULLS()
Spanner now supports the following PostgreSQL JSONB mutator functions:
jsonb_insert()
jsonb_set()
jsonb_set_lax()
jsonb_strip_nulls()
Spanner also supports the following PostgreSQL JSONB operators:
- concat:
jsonb || jsonb -> jsonb
- delete:
jsonb - text -> jsonb
For more information, see JSON functions in GoogleSQL and Supported PostgreSQL functions.
The GoogleSQL JSON_KEYS
and PostgreSQL json_object_keys
functions, which extract unique JSON keys from a JSON expression, are generally available.
JSON search indexes are generally available in Spanner. This extension of Spanner's full-text index capabilities accelerates many JSON document queries, even without prior knowledge of the documents' structure. You can create search indexes over any JSON document stored in a JSON column. The JSON_CONTAINS
function in GoogleSQL and the @>
and <@
operators in PostgreSQL can use search indexes to determine if one document structure is contained in another. Search indexing supports JSON types in GoogleSQL-dialect databases and JSONB in PostgreSQL-dialect databases. For more information, see JSON search indexes.
A monthly digest of client library updates from across the Cloud SDK.
Go
Changes for spanner/admin/database/apiv1
1.77.0 (2025-03-03)
Features
- spanner: A new enum
IsolationLevel
is added (#11624) (2c4fb44) - spanner: A new field
isolation_level
is added to message.google.spanner.v1.TransactionOptions
(2c4fb44) - spanner: Add a last field in the PartialResultSet (#11645) (794ecf7)
- spanner: Add option for LastStatement in transaction (#11638) (d662a45)
Bug Fixes
Documentation
- spanner: A comment for enum value
OPTIMISTIC
in enumReadLockMode
is changed (2c4fb44) - spanner: A comment for enum value
PESSIMISTIC
in enumReadLockMode
is changed (2c4fb44) - spanner: A comment for enum value
READ_LOCK_MODE_UNSPECIFIED
in enumReadLockMode
is changed (2c4fb44) - spanner: A comment for field
chunked_value
in message.google.spanner.v1.PartialResultSet
is changed (794ecf7) - spanner: A comment for field
precommit_token
in message.google.spanner.v1.PartialResultSet
is changed (794ecf7) - spanner: A comment for field
precommit_token
in message.google.spanner.v1.ResultSet
is changed (794ecf7) - spanner: A comment for field
query_plan
in message.google.spanner.v1.ResultSetStats
is changed (794ecf7) - spanner: A comment for field
row_count_lower_bound
in message.google.spanner.v1.ResultSetStats
is changed (794ecf7) - spanner: A comment for field
row_type
in message.google.spanner.v1.ResultSetMetadata
is changed (794ecf7) - spanner: A comment for field
rows
in message.google.spanner.v1.ResultSet
is changed (794ecf7) - spanner: A comment for field
stats
in message.google.spanner.v1.PartialResultSet
is changed (794ecf7) - spanner: A comment for field
stats
in message.google.spanner.v1.ResultSet
is changed (794ecf7) - spanner: A comment for field
values
in message.google.spanner.v1.PartialResultSet
is changed (794ecf7) - spanner: A comment for message
ResultSetMetadata
is changed (794ecf7) - spanner: A comment for message
ResultSetStats
is changed (794ecf7)
1.78.0 (2025-03-24)
Features
- spanner/spansql: Add support for tokenlist and create search index (#11522) (cd894f8)
- spanner: Support multiplexed sessions for ReadWriteStmtBasedTransaction (#11852) (528d9dd)
Bug Fixes
Java
Changes for google-cloud-spanner
6.88.0 (2025-02-27)
Features
- Add a last field in the PartialResultSet (7c714be)
- Automatically set default sequence kind in JDBC and PGAdapter (#3658) (e8abf33)
- Default authentication support for external hosts (#3656) (ace11d5)
- spanner: A new enum
IsolationLevel
is added (3fd33ba) - spanner: Add instance partitions field in backup proto (3fd33ba)
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.54.0 (57497ad)
Dependencies
6.89.0 (2025-03-20)
Features
- Enable ALTS hard bound token in DirectPath (#3645) (42cc961)
- Next release from main branch is 6.89.0 (#3669) (7a8a29b)
- Support isolation level REPEATABLE_READ for R/W transactions (#3670) (e62f5ab)
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.55.1 (b959f4c)
- Revert the ALTS bound token enablement (#3679) (183c1f0)
Performance Improvements
- Get database dialect using multiplexed session (#3684) (f641a40)
- Skip gRPC trailers for StreamingRead & ExecuteStreamingSql (#3661) (bd4b1f5)
Dependencies
Node.js
Changes for @google-cloud/spanner
7.19.0 (2025-02-26)
Features
- Add AddSplitPoints API (e4d389a)
- Paging changes for bigquery (e4d389a)
- spanner: A new enum
IsolationLevel
is added (#2225) (e4d389a) - spanner: A new field
isolation_level
is added to message.google.spanner.v1.TransactionOptions
(e4d389a) - spanner: Add instance partitions field in backup proto (e4d389a)
- spanner: Add support for Multiplexed Session for Read Only Tran… (#2214) (3a7a51b)
- x-goog-spanner-request-id: Add bases (#2211) (0008038)
Bug Fixes
- Add x-goog-request params to headers for LRO-polling methods (e4d389a)
- Error from fill method should not be emitted (#2233) (2cc44cf), closes #2103
- Finalize fixing typings for headers in generator (e4d389a)
- Fix typings for headers in generator (e4d389a)
- Remove extra protos in ESM & capture ESM in headers (e4d389a)
- Rollback with no id (#2231) (a6919b1), closes #2103
7.19.1 (2025-03-13)
Bug Fixes
- CreateQueryPartition with query params (91f5afd)
Python
Changes for google-cloud-spanner
3.53.0 (2025-03-12)
Features
- Add AddSplitPoints API (7a5afba)
- Add Attempt, Operation and GFE Metrics (#1302) (fb21d9a)
- Add REST Interceptors which support reading metadata (7a5afba)
- Add support for opt-in debug logging (7a5afba)
- Add support for reading selective GAPIC generation methods from service YAML (7a5afba)
- Add the last statement option to ExecuteSqlRequest and ExecuteBatchDmlRequest (7a5afba)
- Add UUID in Spanner TypeCode enum (7a5afba)
- End to end tracing (#1315) (aa5d0e6)
- Exposing FreeInstanceAvailability in InstanceConfig (7a5afba)
- Exposing FreeInstanceMetadata in Instance configuration (to define the metadata related to FREE instance type) (7a5afba)
- Exposing InstanceType in Instance configuration (to define PROVISIONED or FREE spanner instance) (7a5afba)
- Exposing QuorumType in InstanceConfig (7a5afba)
- Exposing storage_limit_per_processing_unit in InstanceConfig (7a5afba)
- Snapshot isolation (#1318) (992fcae)
- spanner: A new enum
IsolationLevel
is added (#1224) (7a5afba)
Bug Fixes
- Allow Protobuf 6.x (#1320) (1faab91)
- Cleanup after metric integration test (#1322) (d7cf8b9)
- deps: Require grpc-google-iam-v1>=0.14.0 (7a5afba)
- Fix typing issue with gRPC metadata when key ends in -bin (7a5afba)
Performance Improvements
Documentation
- A comment for enum
DefaultBackupScheduleType
is changed (7a5afba) - A comment for enum value
AUTOMATIC
in enumDefaultBackupScheduleType
is changed (7a5afba) - A comment for enum value
GOOGLE_MANAGED
in enumType
is changed (7a5afba) - A comment for enum value
NONE
in enumDefaultBackupScheduleType
is changed (7a5afba) - A comment for enum value
USER_MANAGED
in enumType
is changed (7a5afba) - A comment for field
base_config
in message.google.spanner.admin.instance.v1.InstanceConfig
is changed (7a5afba) - A comment for field
default_backup_schedule_type
in message.google.spanner.admin.instance.v1.Instance
is changed (7a5afba) - A comment for field
filter
in message.google.spanner.admin.instance.v1.ListInstanceConfigOperationsRequest
is changed (7a5afba) - A comment for field
filter
in message.google.spanner.admin.instance.v1.ListInstancePartitionOperationsRequest
is changed (7a5afba) - A comment for field
instance_config
in message.google.spanner.admin.instance.v1.CreateInstanceConfigRequest
is changed (7a5afba) - A comment for field
instance_partition_deadline
in message.google.spanner.admin.instance.v1.ListInstancePartitionOperationsRequest
is changed (7a5afba) - A comment for field
location
in message.google.spanner.admin.instance.v1.ReplicaInfo
is changed (7a5afba) - A comment for field
node_count
in message.google.spanner.admin.instance.v1.Instance
is changed (7a5afba) - A comment for field
node_count
in message.google.spanner.admin.instance.v1.InstancePartition
is changed (7a5afba) - A comment for field
operations
in message.google.spanner.admin.instance.v1.ListInstanceConfigOperationsResponse
is changed (7a5afba) - A comment for field
operations
in message.google.spanner.admin.instance.v1.ListInstancePartitionOperationsResponse
is changed (7a5afba) - A comment for field
optional_replicas
in message.google.spanner.admin.instance.v1.InstanceConfig
is changed (7a5afba) - A comment for field
parent
in message.google.spanner.admin.instance.v1.ListInstancePartitionsRequest
is changed (7a5afba) - A comment for field
processing_units
in message.google.spanner.admin.instance.v1.Instance
is changed (7a5afba) - A comment for field
processing_units
in message.google.spanner.admin.instance.v1.InstancePartition
is changed (7a5afba) - A comment for field
referencing_backups
in message.google.spanner.admin.instance.v1.InstancePartition
is changed (7a5afba) - A comment for field
replicas
in message.google.spanner.admin.instance.v1.InstanceConfig
is changed (7a5afba) - A comment for field
storage_utilization_percent
in message.google.spanner.admin.instance.v1.AutoscalingConfig
is changed (7a5afba) - A comment for field
unreachable
in message.google.spanner.admin.instance.v1.ListInstancePartitionsResponse
is changed (7a5afba) - A comment for message
CreateInstanceConfigRequest
is changed (7a5afba) - A comment for message
DeleteInstanceConfigRequest
is changed (7a5afba) - A comment for message
UpdateInstanceConfigRequest
is changed (7a5afba) - A comment for method
CreateInstance
in serviceInstanceAdmin
is changed (7a5afba) - A comment for method
CreateInstanceConfig
in serviceInstanceAdmin
is changed (7a5afba) - A comment for method
CreateInstancePartition
in serviceInstanceAdmin
is changed (7a5afba) - A comment for method
ListInstanceConfigOperations
in serviceInstanceAdmin
is changed (7a5afba) - A comment for method
ListInstanceConfigs
in serviceInstanceAdmin
is changed (7a5afba) - A comment for method
ListInstancePartitionOperations
in serviceInstanceAdmin
is changed (7a5afba) - A comment for method
MoveInstance
in serviceInstanceAdmin
is changed (7a5afba) - A comment for method
UpdateInstance
in serviceInstanceAdmin
is changed (7a5afba) - A comment for method
UpdateInstanceConfig
in serviceInstanceAdmin
is changed (7a5afba) - A comment for method
UpdateInstancePartition
in serviceInstanceAdmin
is changed (7a5afba) - Fix typo timzeone -> timezone (7a5afba)
Transfers over a Google-managed private network are now supported from more AWS regions, including regions in Europe and Asia. See the full list of supported regions.
You can access global Google APIs by using Private Service Connect backends that are based on cross-region internal Application Load Balancers. This feature is available in General Availability. For more information, see Access global Google APIs through backends.
March 30, 2025
Google SecOps SOARRemote Agent Release 2.4.0
Remote agent high availability
Remote agents can now leverage high availability deployment, ensuring increased reliability for remote connectors, actions, and jobs.
This feature also introduces a new cloud-based remote connector scheduler for improved performance and scalability.
For more information, see Deploy high availability in remote agents.
Release 6.3.40 is now available for all regions.
March 29, 2025
Google SecOps SOARRelease 6.3.41 is being rolled out to the first phase of regions as listed here.
Configure user preferences
The ability to manage platform time zones, date/time settings, and notifications have moved to the new User Preferences dialog, accessible from your avatar.
In addition, a new accessibility option in the User Preferences dialog lets you customize how long feedback messages remain on the screen.
For more information, see Configure user preferences.
March 28, 2025
Access ApprovalAccess Approval supports Org Lifecycle API in the GA stage.
Access Approval supports Integration Connectors in the GA stage.
Access Transparency supports Integration Connectors in the GA stage.
Access Transparency supports Org Lifecycle API in the GA stage.
The CJIS control package now supports the following products:
- Bigtable
- Cloud Armor
- Cloud Workstations
- Storage Transfer Service
The Python Transform plugin (version 2.3.2) is available in CDAP version 6.10.1. This includes bug fix for the deprecated PROTOCOL_TLSv1
on Dataproc 2.0 and later. The issue occurs when earlier TLS versions, such as TLSv1 and TLSv1.1 are disabled by default due to security concerns. Applications relying on ssl.PROTOCOL_TLSv1
in Python might fail and requires updates to use ssl.PROTOCOL_TLSv1_2
or later.
The ability to disable the Invoker IAM check for Cloud Run services is now at general availability (GA).
When you create a Cloud SQL for SQL Server instance, version SQL Server 2022 Standard is now the default.
AWS token support for Confidential Space is now generally available.
You can now integrate Confidential Space with AWS resources. For more information, see Integrate AWS resources.
New Dataproc Serverless for Spark runtime versions:
- 1.1.96
- 1.2.40
- 2.2.40
Dataproc Serverless for Spark: Hadoop Native libraries are installed by default in all runtimes.
Instance replication is now generally available (GA).
Local codebase awareness is now available for IntelliJ Gemini Code Assist. You can now include files from your local IDE project in the prompt context by typing @ in the chat prompt box.
You can now see what files are used by IntelliJ Gemini Code Assist chat and can customize the context as needed.
Google Distributed Cloud (software only) for VMware 1.29.1200-gke.99 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.1200-gke.99 runs on Kubernetes v1.29.13-gke.500. This is the final patch for the 1.29 minor release.
If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
The 1.29.1200-gke.99 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.
Release 1.29.1200-gke.98
Google Distributed Cloud for bare metal 1.29.1200-gke.98 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.1200-gke.98 runs on Kubernetes v1.29.13-gke.500. This is the final patch for the 1.29 minor release.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Updated the cluster upgrade operation to keep only the three latest kubeadm
backups of etcd and configuration information for a node. Previously, kubeadm
kept node backups for every attempted upgrade.
Fixed an issue that caused cluster creation to fail because kubelet restarted before required static pods are running.
The 1.29.1200-gke.98 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
In version 1.32.1-gke.1729000 and later, you can customize specific kubelet and Linux kernel parameters like sysctls and huge pages by using the nodeSystemConfig
field in your GKE compute classes. Additionally, you can now specify default values for fields that are omitted in individual rules in a compute class by using the priorityDefaults
field. For details, see About custom compute classes.
Finding and setting maintenance windows are now Generally Available (GA) on Memorystore for Redis Cluster.
You can now perform maintenance on a Memorystore for Valkey instance. This feature is Public Preview.
The auto-tiering feature which is previously available to allow-listed users, is now generally available. For more information, see Auto-tiering.
You can now create and manage quota rules on a NetApp Volumes volume using the Google Cloud console. For more information, see Manage quota rules.
Added performance benchmark information for the electronic design automation workload.
Spanner vector index and approximate nearest neighbor (ANN) distance functions in the GoogleSQL-dialect are Generally Available. If you have a table with a large amount of vector data, you can use a vector index to accelerate similarity searches and nearest neighbor queries. Spanner now also supports the following:
ALTER VECTOR INDEX
DDL syntax- Import and export databases that use ANN
- Use the
STORING
clause to store a copy of a column in the vector index to accelerate queries that filter by those columns - Use ANN in instances smaller than one node or 1000 processing units
For more information, see Find approximate nearest neighbors, create vector indexes, and query vector embeddings.
Spanner ANN indexes are now supported in Langchain. For more information, see LangChain Quickstart for Spanner.
VPC Service Controls feature (Status: Preview): VPC Service Controls adds support for using IAM roles in ingress and egress rules to allow access to resources protected by service perimeters. This feature is available in Preview.
For more information, see Configure IAM roles in ingress and egress rules.
General availability support for the following integration:
Preview stage support for the following integration:
Support for a Kubernetes API connector is generally available (GA). The connector allows you to interact with Kubernetes objects in a Google Kubernetes Engine cluster. For more information, see Access Kubernetes API objects using a connector.
March 27, 2025
Anthos Config ManagementAddressed multiple Common Vulnerabilities and Exposures (CVEs) by updating dependencies.
On March 27, 2025, we released an updated version of Apigee.
Availability of client IP resolution functionality with Apigee hybrid.
Client IP resolution functonality is now available with Apigee hybrid versions 1.14.0 and later.
See Client IP resolution for information.
On March 26, 2025, we released an updated version of Apigee (1-14-0-apigee-5). This Apigee version applies only to organizations using the JavaCallout policy in production environments.
Bug ID | Description |
---|---|
N/A | Updates to security infrastructure and libraries. |
On March 27, 2025, we released an updated version of Apigee.
Availability of client IP resolution functionality with Apigee hybrid.
Client IP resolution functonality is now available with Apigee hybrid versions 1.14.0 and later.
See Client IP resolution for information.
You can now enable metadata caching for SQL translation, which can significantly reduce latency for subsequent translation requests. This feature is in preview.
In the filtering toolbar of the Build history page, you can now filter builds by region. The region drop-down has been removed. For more information, see View build results.
1.24.3-asm.6 is now available for in-cluster Cloud Service Mesh.
You can now download 1.24.3-asm.6 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.24.3 subject to the list of supported features. Cloud Service Mesh version 1.24.3-asm.6 uses envoy v1.32.4-dev.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
1.23.5-asm.3 is now available for in-cluster Cloud Service Mesh.
You can now download 1.23.5-asm.3 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.23.5 subject to the list of supported features. Cloud Service Mesh version 1.23.5-asm.3 uses envoy v1.31.6-dev.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
1.22.8-asm.5 is now available for in-cluster Cloud Service Mesh.
You can now download 1.22.8-asm.5 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.22.8 subject to the list of supported features. Cloud Service Mesh version 1.22.8-asm.5 uses envoy v1.30.10-dev.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
1.21.5-asm.34 is now available for in-cluster Cloud Service Mesh.
You can now download 1.21.5-asm.34 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.21.5 subject to the list of supported features. Cloud Service Mesh version 1.21.5-asm.34 uses envoy v1.29.12-dev.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
Cloud Workstations is available in the me-central2
region (Dammam, Saudi Arabia, Middle East). For more information, see Locations.
Dialogflow CX (Conversational Agents) data stores: Dialogflow now supports additional native and third-party data store sources as a private GA feature. For a list of data store sources, integration instructions, and the request form to be added to the allowlist, see the data stores documentation.
Dialogflow CX (Conversational Agents) data store handlers: The method of adding data store handlers to an agent has been streamlined. You are no longer required to create a Chat app on Agent Builder. For updated implementation instructions, see the data stores tools documentation.
Google SecOps is renaming Applied Threat Intelligence (ATI) rules to improve clarity and better reflect the associated UDM fields with each rule detection.
Currently, multiple underlying ATI rules with the same name can appear in the Google SecOps console, even though the rules apply to different UDM fields.
This change modifies the rule_name
field in the customer metadata to specify the relevant UDM field for each rule.
For example:
Old rule name: ATI Active Breach Rule Match for File IoCs (SHA256)
New rule name: ATI Active Breach Rule Match for File IoCs (about.file.sha256)
Google SecOps is renaming Applied Threat Intelligence (ATI) rules to improve clarity and better reflect the associated UDM fields with each rule detection.
Currently, multiple underlying ATI rules with the same name can appear in the Google SecOps console, even though the rules apply to different UDM fields.
This change modifies the rule_name
field in the customer metadata to specify the relevant UDM field for each rule.
For example:
Old rule name: ATI Active Breach Rule Match for File IoCs (SHA256)
New rule name: ATI Active Breach Rule Match for File IoCs (about.file.sha256)
Site-to-site data transfer locations in the following countries have been added to Network Connectivity Center:
- Belgium
- Canada
- Chile
- Finland
- Israel
- Mexico
- Sweden
Parameter Manager, an extension to the Secret Manager service, is now Generally available (GA). Parameter Manager lets you store, access, and manage the lifecycle of workload parameters. You can interact with Parameter Manager using the console, gcloud CLI, REST API, and client libraries.
For information, see the Parameter Manager documentation.
You can save and manage your SQL scripts in Spanner Studio. This feature is in preview. For more information, see Saved queries overview.
Chirp 3: HD voices in en-US now support experimental features for pace and pause controls.
General availability support for the following integration:
Generally available: To reduce the cost of running your training and prediction jobs, you can use Spot VMs. Spot VMs are virtual machine (VM) instances that are excess Compute Engine capacity. Spot VMs have significant discounts, but Compute Engine might preemptively stop or delete Spot VMs to reclaim the capacity at any time.
For more information, see Use Spot VMs with training and Use Spot VMs with prediction.
March 26, 2025
API GatewayOn March 26, 2025, we released an updated version of API Gateway.
With this release, customer data in API Gateway is now CMEK-compliant at rest. No configuration is required.
For more information, see CMEK compliance in API Gateway.
To learn more about CMEK, see Customer-managed encryption keys (CMEK).
You can now set the column granularity when you create a search index, which stores additional column information in your search index to further optimize your search query performance. This feature is in preview.
The Monitoring page in the Google Cloud console for Bigtable has been renamed to System insights.
Data lineage in Cloud Composer now uses OpenLineage.
Data lineage support for a specific Airflow operator is now provided by the provider package where the operator is located. See Supported classes in the apache-airflow-providers-openlineage
documentation for a list of latest supported operators.
For more information about data lineage in Cloud Composer, see Data lineage with Dataplex.
This feature is gradually rolled out. It will be available in us-west1, us-south1, europe-north1, me-west1, asia-northeast2, asia-southeast2, and africa-south1 regions. We plan to provide this feature in other regions in future releases.
(Available without upgrading) Fixed an issue with updating maintenance windows when there is an upcoming Cloud Composer 3 infrastructure operation.
(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-google
package was upgraded to version 14.0.0 in Cloud Composer 2 images and Cloud Composer 3 builds.
This package is a new major version where many previously deprecated Airflow operators are removed. It is not possible to use these operators in your DAGs.
Make sure that you update your DAGs to use up-to-date alternatives of the removed operators. For more information about removed and deprecated Airflow operators and their up-to-date alternatives, see Deprecated and removed Airflow operators.
For more information about changes, see the apache-airflow-providers-google changelog from version 10.26.0 to version 14.0.0.
(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-cncf-kubernetes
package was upgraded to version 10.3.0 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 10.1.0 to version 10.3.0.
(Airflow 2.10.2 and 2.9.3) Changes in preinstalled packages:
apache-airflow-providers-postgres
was upgraded to 6.1.0 from 5.14.0.apache-airflow-providers-smtp
was upgraded to 2.0.0 from 1.9.0.types-requests
was removed from preinstalled packages.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.10.2-build.12 (default)
- composer-3-airflow-2.9.3-build.19
New images are available in Cloud Composer 2:
- composer-2.12.0-airflow-2.10.2 (default)
- composer-2.12.0-airflow-2.9.3
Cloud Composer versions 2.6.4, 2.6.5, and 2.6.6 have reached their end of support period.
Cloud Deploy is now available in the following regions:
northamerica-south1
(Mexico)europe-north2
(Stockholm)
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Cloud Run services configured with Direct VPC egress now use only 2 times (2X) as many IP addresses as the number of instances for the duration of the instance plus up to 20 minutes, reduced from 4X as many IP addresses.
Generally available: You can use instant snapshots to take in-place backups of the following types of disks:
- Hyperdisk Balanced
- Hyperdisk Balanced High Availability
- Hyperdisk Extreme
Instant snapshots are ideal for rapid data restoration only within the same location as the source disk. You can use an instant snapshot to create a new disk in under a minute. For more information, see About instant snapshots.
Generally available: You can specify a custom ephemeral internal IPv6 address when creating an instance. For more information, see Create instances that use IPv6 addresses.
Generally available: Asynchronous Replication is now generally available for Hyperdisk Balanced, Hyperdisk Balanced High Availability, and Hyperdisk Extreme disks. Asynchronous Replication provides low-RPO and low-RTO block storage replication for cross-region disaster recovery. For more information, see About Asynchronous Replication.
Google Cloud Private Marketplace now lets you control access at the product level, across all deployment surfaces (Cloud Marketplace, API, and the command line), for the following types of products:
- Compute Engine products
- Google Kubernetes Engine products
- Cloud Run
- Procurable Vertex AI products
- Procurable data products
If you've ever previously turned on Private Marketplace, you must upgrade it to ensure that it properly blocks API deployments of unapproved products. For more information, see Upgrade Google Cloud Private Marketplace's enforcement capabilities.
(2025-R12) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- The following versions are now available in the Rapid channel:
Regular channel
There are no new releases in the Regular channel.
Stable channel
- The following versions are now available in the Stable channel:
Extended channel
- The following versions are now available in the Extended channel:
No channel
- The following versions are now available:
- The following node versions are now available:
(2025-R12) Version updates
- The following versions are now available in the Rapid channel:
(2025-R12) Version updates
There are no new releases in the Regular channel.
(2025-R12) Version updates
- The following versions are now available in the Stable channel:
(2025-R12) Version updates
- The following versions are now available in the Extended channel:
(2025-R12) Version updates
- The following versions are now available:
- The following node versions are now available:
The managed BigQuery resources and API keys associated with the chronicle-tla Google Cloud project will be fully deprecated by April 30, 2025. This applies to non-Enterprise+ customers only.
The managed BigQuery resources and API keys associated with the chronicle-tla Google Cloud project will be fully deprecated by April 30, 2025. This applies to non-Enterprise+ customers only.
Custom organization policies are now available in Preview for Cloud Resource Manager. For more information, see Manage resources with custom constraints.
Generally available: You can consume reservations of VMs that have GPUs attached with your custom training jobs or prediction jobs. Reservations of Compute Engine zonal resources help you gain a high level of assurance that your jobs have the necessary resources to run. For more information, see the following:
The ability to back up and restore data on a Vertex AI Workbench instance is now generally available. For more information, see Back up and restore data on an instance.
Support for the following is available in General availability for dual-stack configurations:
- IPv6 static routes with a next hop internal passthrough Network Load Balancer (
next-hop-ilb
) - IPv6 static routes with a next hop instance identified by address (
next-hop-address
)
For more information, see Next hops and features in the static routes overview.
March 25, 2025
API GatewayOn March 25, 2025, we released an updated version of API Gateway.
API Gateway now supports Workforce Identity Federation.
Workforce Identity Federation lets you use an external identity provider (IdP) to authenticate and authorize a workforce — a group of users, such as employees, partners, and contractors — using Identity and Access Management (IAM) to access API Gateway services.
See Identity federation: products and limitations for more information.
On March 25, 2025 we released an updated version of Advanced API Security.
Risk Assessment v2 is now the default Risk Assessment version
Starting with this release, Risk Assessment v2 is the default Risk Assessment version in the UI. You will see the see v2 functionality and interfaces unless you choose to switch back to v1 by clicking Switch to v1 in the upper right of the UI.
Note: Rollouts of this functionality to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.
New Advanced API Security support when using data residency (DRZ) with Apigee hybrid
Advanced API Security is now available for Apigee hybrid orgs using DRZ, for hybrid versions 1.14.0 and later. See Using data residency with Apigee hybrid.
See Introduction to data residency for information on DRZ and Advanced API Security support across organization types.
New features added to public preview of Risk Assessment v2
This release introduces new features to the Risk Assessment v2 preview:
- Security monitoring conditions. Security monitoring conditions allow you to map resources (proxies or environments) to security profiles. Cloud Monitoring can then use this mapping to alert or create dedicated dashboards so that you can track security scores over time.
- Alerts on security monitoring conditions. Once you've created a monitoring condition, you can set up alerts using Alerting in Cloud Monitoring so that you're notified when the security scores change.
For information on monitoring conditions features and usage see monitoring conditions and alerts. For usage information and a list of all features in Risk Assessment v2, see the Risk Assessment v2 customer documentation.
Note: Rollouts of this functionality to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.
On March 25, 2025 we released an updated version of Advanced API Security.
New Advanced API Security support when using data residency (DRZ) with Apigee hybrid
Advanced API Security is now available for Apigee hybrid orgs using DRZ, for hybrid versions 1.14.0 and later. See Using data residency with Apigee hybrid.
See Introduction to data residency for information on DRZ and Advanced API Security support across organization types.
BigQuery ML now supports visualization of model monitoring metrics. This feature lets you use charts and graphs to analyze model monitoring function output. The following functions support metric visualization:
ML.VALIDATE_DATA_SKEW
: compute the statistics for a set of serving data, and then compare them to the statistics for the data used to train a BigQuery ML model in order to identify anomalous differences between the two data sets.ML.VALIDATE_DATA_DRIFT
: compute and compare the statistics for two sets of serving data in order to identify anomalous differences between the two data sets.
This feature is in preview.
New services using GPUs by default will have zonal redundancy turned on. However, you can now specify GPUs with zonal redundancy or without zonal redundancy, and request quota for either of these configurations. (In Preview)
Cloud SQL read pools provide operational simplicity and scaling for your large read workloads.
Read pools provide a single endpoint in front of up to 20 read pool nodes and automatically load balance traffic.
You can scale your read pool in several ways:
- Scale in or out: scale load balancing capacity horizontally by modifying the number of read pool nodes in the read pool. Each read pool supports up to 20 read pool nodes.
- Scale up or down: scale load balancing capacity vertically by modifying the machine type associated with a read pool node. Once defined, configuration is uniformly applied across each read pool node in the read pool.
For more information, see About read pools.
Cloud SQL read pools provide operational simplicity and scaling for your large read workloads.
Read pools provide a single endpoint in front of up to 20 read pool nodes and automatically load balance traffic.
You can scale your read pool in several ways:
- Scale in or out: scale load balancing capacity horizontally by modifying the number of read pool nodes in the read pool. Each read pool supports up to 20 read pool nodes.
- Scale up or down: scale load balancing capacity vertically by modifying the machine type associated with a read pool node. Once defined, configuration is uniformly applied across each read pool node in the read pool.
For more information, see About read pools.
To send trace data to your Google Cloud project, we recommend that you use the new Telemetry API, which implements the OpenTelemetry OTLP API and provides compatibility and support for the open source ecosystem. The limits for the Telemetry API are often more generous than those for the proprietary Cloud Trace API, which you can continue to use. The Telemetry API supports VPC Service Controls. For more information about the Telemetry API, see the following documents:
Resolved: Fixed the issue that caused Persistent Disks attached to VMs with n2d-standard-64
machine types to inconsistently reach the maximum performance limit of 100,000 IOPS.
For more information, see Known issues.
On February 18, 2025, Google released a security fix for Confidential VM instances using AMD SEV-SNP on N2D machine types, which might result in performance degradation. The extent of the performance impact varies depending on the specific workload.
- DeepSeek-V3-0324, TxGemma and Sesame CSM are now available in Model Garden.
- DeepSeek-R1, V3 and V3-0324 can be deployed with H200 GPUs and improved vLLM support.
- You can deploy a model in Model Garden by using the Python SDK, gcloud CLI, or API, which are available in Preview. You can get started with the "Equivalent code" in the deploy panel in the Model Garden console.
Since release 1.30.0-gke.1930, the featureGates.enableGMPForSystemMetrics
field in the stackdriver
custom resource is always on and can't be disabled. It has been enabled by default since 1.16. If you have manually turned this feature off, upgrading clusters to version 1.30 means a breaking change in the format of some system metrics. For information on this feature, see Using Managed Service for Prometheus.
Since release 1.30.0-gke.1930, the featureGates.enableGMPForSystemMetrics
field in the stackdriver
custom resource is always on and can't be disabled. It has been enabled by default since 1.16. If you've manually turned this feature off, upgrading clusters to version 1.30 means a breaking change in the format of some system metrics. For information on this feature, see Use Google Cloud Managed Service for Prometheus for selected system components.
The backups feature for the Flex service level is now generally available. For more information, see About NetApp Volumes.
Google Cloud NetApp Volumes now supports cross-region backup vaults in Preview. For more information, see Backup vaults.
The Flex service level of Google Cloud NetApp Volumes now supports custom performance in Preview, enabling independent provisioning of capacity and performance with zonal pools in selected regions. For more information, see NetApp Volumes key features.
Preview stage support for the following integration:
March 24, 2025
Apigee XOn March 24, 2025, we released an updated version of Apigee.
Apigee Spaces is now generally available (GA) for use in Apigee organizations.
Apigee Spaces enables identity-based isolation and grouping of API resources within an Apigee organization. With Apigee Spaces, you can have granular IAM control over access to your API proxies, shared flows, and API products.
Spaces also provide the option of resource isolation at a team level, providing a clear separation of resources associated with different teams operating within the same Apigee organization. IAM policies can be applied at the Space level, eliminating the need to manage permissions individually for every API proxy, shared flow, and API product.
Spaces are a brand new resource type with resource-level permissions. This means that Space permissions are not subject to the 64k limitation for project-level IAM conditions. Each space has its own 64k limit.
To learn more, see Apigee Spaces overview.
The Backup and DR service has added support for activating the management console, for creating backup plans, and for storing backup vault data in the following regions: northamerica-northeast1 (Montréal), northamerica-northeast2 (Toronto), and asia-east2 (Hong Kong).
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigquery
7.9.3 (2025-03-17)
Bug Fixes
Go
Changes for bigquery/storage/apiv1beta1
1.67.0 (2025-03-14)
Features
- bigquery/reservation: Add a new field
enable_gemini_in_bigquery
to.google.cloud.bigquery.reservation.v1.Assignment
that indicates if "Gemini in BigQuery" (601e742) - bigquery/reservation: Add a new field
replication_status
to.google.cloud.bigquery.reservation.v1.Reservation
to provide visibility into errors that could arise during Disaster Recovery(DR) replication (#11666) (601e742) - bigquery/reservation: Add the CONTINUOUS Job type to
.google.cloud.bigquery.reservation.v1.Assignment.JobType
for continuous SQL jobs (601e742) - bigquery: Support MetadataCacheMode for ExternalDataConfig (#11803) (af5174d), refs #11802
Bug Fixes
- bigquery: Increase timeout for storage api test and remove usage of deprecated pkg (#11810) (f47e038), refs #11801
- bigquery: Update golang.org/x/net to 0.37.0 (1144978)
Documentation
- bigquery/reservation: Remove the section about
EDITION_UNSPECIFIED
in the comment forslot_capacity
in.google.cloud.bigquery.reservation.v1.Reservation
to clarify that (601e742) - bigquery/reservation: Update the
google.api.field_behavior
for the.google.cloud.bigquery.reservation.v1.Reservation.primary_location
and.google.cloud.bigquery.reservation.v1.Reservation.original_primary_location
fields to clarify that they areOUTPUT_ONLY
(601e742)
Java
Changes for google-cloud-bigquery
2.49.0 (2025-03-20)
Features
- bigquery: Implement getArray in BigQueryResultImpl (#3693) (e2a3f2c)
- Next release from main branch is 2.49.0 (#3706) (b46a6cc)
Bug Fixes
Dependencies
- Exclude io.netty:netty-common from org.apache.arrow:arrow-memor… (#3715) (11b5809)
- Update actions/upload-artifact action to v4.6.2 (#3724) (426a59b)
- Update actions/upload-artifact action to v4.6.2 (#3724) (483f930)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.61.0 (#3703) (53b07b0)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.62.0 (#3726) (38e004b)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20250302-2.0.0 (#3720) (c0b3902)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20250313-2.0.0 (#3723) (b8875a8)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.65.0 (#3704) (53b68b1)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.66.0 (#3727) (7339f94)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.45.1 (#3714) (e4512aa)
- Update dependency com.google.oauth-client:google-oauth-client-java6 to v1.39.0 (#3710) (c0c6352)
- Update dependency com.google.oauth-client:google-oauth-client-jetty to v1.39.0 (#3711) (43b86e9)
- Update dependency node to v22 (#3713) (251def5)
- Update netty.version to v4.1.119.final (#3717) (08a290a)
Documentation
You can now use KLL quantile functions to efficiently compute approximate quantiles. This feature is in preview.
You can now set labels on reservations. These labels can be used to organize your reservations and for billing analysis. This feature is in preview.
The BigQuery Data Transfer Service can now transfer reporting and configuration data from Google Analytics 4 into BigQuery. This feature is in preview.
We have redesigned the Add Data dialog to guide you through loading data into BigQuery with a source-first experience and enhanced search and filtering capabilities. This feature is generally available (GA).
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.56.0 (2025-03-18)
Features
- bigtable: Add support for Logical Views in Admin API (#2519) (6dac3fd)
- bigtable: Add support for Materialized Views in Admin API (#2511) (55cd719)
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.55.1 (7992af0)
Dependencies
Python
Changes for google-cloud-bigtable
2.30.0 (2025-03-18)
Features
Bug Fixes
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Binary Authorization
binaryauthorization.googleapis.com/Attestor
binaryauthorization.googleapis.com/PlatformPolicy
binaryauthorization.googleapis.com/Policy
- Compute Engine
compute.googleapis.com/InstanceSettings
- Network Security
networksecurity.googleapis.com/AuthorizationPolicy
networksecurity.googleapis.com/ClientTlsPolicy
networksecurity.googleapis.com/ServerTlsPolicy
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.22.0 (2025-03-18)
Features
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.55.1 (dd25992)
Dependencies
Cloud SQL now lets you retain existing backups after an instance is deleted. These consist of on-demand and automatic backups created when the instance was live. For more information, see Retained backups.
Cloud SQL now lets you retain existing backups after an instance is deleted. These consist of on-demand and automatic backups created when the instance was live. For more information, see Retained backups.
Cloud SQL now lets you retain existing backups after an instance is deleted. These consist of on-demand and automatic backups created when the instance was live. For more information, see Retained backups.
Generally available: Multi-writer support for Hyperdisk Balanced High Availability disks. You can give up to 8 VMs, across two zones, simultaneous read-write access to the same disk. For more information, see Share disks between instances.
cos-dev-125-18964-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.83 | v27.5.1 | v2.0.2 | See List |
Fixed an issue that resulted in missing grub boot measurements in some machine configurations.
Updated Python to v3.11.
Upgraded app-containers/docker to v27.5.1, Upgraded app-containers/docker-test to v27.5.1, Upgraded app-containers/docker-cli to v27.5.1.
Updated app-admin/google-guest-configs to v20250207.00.
Updated the default tag of the GPU driver supporting the NVIDIA H200 GPU device to 570.86.15.
Upgrade cloud-init from 23.4.3 to 24.4.1.
Added support for NVIDIA GB200 GPU with 570.124.06 GPU driver. This driver version has been assigned the latest, default, and R570 tags for this GPU type.
Added support for the Lustre 2.14.0 client drivers.
Added support for NVIDIA 570.124.06 GPU driver. Updated the LATEST GPU driver label to version 570.124.06 for all GPU devices. Updated the DEFAULT GPU driver label to version 570.124.06 for NVIDIA_B200 and NVIDIA_H200 GPU devices.
Add support for iRDMA devices.
Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.
Applied Intel patches to add iRDMA support in the Linux kernel.
Support for NVIDIA B200 GPU – Added support for the R570 driver series, including version 570.86.15. This version has been assigned the latest, default, and R570 tags.
Updated cos-gpu-installer to v2.4.7: 1.Added Support for NVIDIA B200 GPU. 2.Enabled --prepare-build-tools flag to preload GPU driver metadata for ARM64
Upgraded sys-auth/pambase to v20250228.
Upgraded app-admin/google-guest-agent to v20250304.03.
Upgraded app-containers/docker-credential-helpers to v0.9.2.
Disabled martian logging for ConnectX-7 network cards. These cards only communicate locally, but martian logging during communications with the host can lead to a race condition which causes GID table construction to sometimes fail.
Upgraded app-containers/runc to v1.2.5, Upgraded app-containers/runc-test to v1.2.5.
Upgraded app-admin/google-guest-configs to v20250221.00.
Upgraded app-admin/google-guest-agent to v20250225.00.
Upgraded app-admin/google-guest-agent to v20250204.02.
Upgraded app-admin/node-problem-detector to v0.8.20.
Upgraded app-admin/fluent-bit to v3.2.5.
Upgraded app-admin/google-guest-agent to v20250122.00.
Upgraded app-admin/google-guest-configs to v20250124.00.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r659.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2821.
Upgraded chromeos-base/shill-client to v0.0.1-r4838.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2820.
Upgraded chromeos-base/debugd-client to v0.0.1-r2728.
Upgraded chromeos-base/shill-client to v0.0.1-r4834.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2474.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2963.
Upgraded sys-apps/dbus to v1.14.10-r195.
Upgraded chromeos-base/minijail to v18-r163.
Upgraded chromeos-base/shill-client to v0.0.1-r4825.
Upgraded chromeos-base/minijail to v18-r160.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2471.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2818.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r658.
Upgraded sys-apps/dbus to v1.14.10-r194.
Upgraded chromeos-base/debugd-client to v0.0.1-r2727.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2962.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2961.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2470.
Upgraded chromeos-base/shill-client to v0.0.1-r4818.
Upgraded chromeos-base/debugd-client to v0.0.1-r2726.
Upgraded chromeos-base/google-breakpad to v2024.02.16.014630-r227.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2817.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r657.
Upgraded sys-libs/libseccomp to v2.6.0-r1.
Upgraded sys-apps/acl to v2.3.2-r2.
Upgraded sys-apps/pv to v1.9.31.
Upgraded dev-libs/nss to v3.109.
Updated app-admin/awscli to v1.38.4.
Updated dev-python/s3transfer to v0.11.4.
Updated dev-python/botocore to v1.37.9.
Updated dev-python/python-dateutil to v2.9.0.
Upgraded sys-apps/which to v2.23.
Upgraded dev-db/sqlite to v3.49.1.
Upgraded dev-libs/nss to v3.108.
Upgraded sys-apps/diffutils to v3.11-r1.
Upgraded dev-libs/double-conversion to v3.3.1.
Upgraded net-misc/socat to v1.8.0.3.
Upgraded sys-apps/diffutils to v3.11.
Upgraded sys-apps/pv to v1.9.27.
Upgraded sys-apps/hwdata to v0.391.
Upgraded dev-db/sqlite to v3.47.2-r1.
Upgraded sys-libs/libseccomp to v2.6.0.
Fixed a race condition that could cause a kernel panic.
Upgraded dev-go/crypto to v0.35.0. This fixes CVE-2025-22869.
Updated dev-go/oauth2 to v0.27.0. Fixes CVE-2025-22868.
Fixed CVE-2024-13176 in dev-libs/openssl.
Fixed CVE-2025-0395 in sys-libs/glibc.
Fixed CVE-2024-9287 in dev-lang/python.
Fixed CVE-2025-0840 in binutils.
Upgraded net-misc/openssh to version 9.9_p2. This fixed CVE-2025-26465 and CVE-2025-26466.
Upgrade sys-libs/binutils-libs to 2.44-r1. This fixes CVE-2024-53589.
Upgraded net-misc/wget to version 1.25.0. Fixes CVE-2024-10524.
Upgraded dev-libs/libxml2 to version 1.12.10. Fixes CVE-2025-27113.
Runtime sysctl changes:
- Changed: fs.file-max: 811701 -> 811727
cos-beta-121-18867-0-73
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.74 | v27.5.1 | v2.0.2 | See List |
Fixed an issue that resulted in missing grub boot measurements in some machine configurations.
Updated Python to v3.11.
Added support for NVIDIA GB200 GPU with 570.124.06 GPU driver. This driver version has been assigned the latest, default, and R570 tags for this GPU type.
Added support for the Lustre 2.14.0 client drivers.
Added support for NVIDIA 570.124.06 GPU driver. Updated the LATEST GPU driver label to version 570.124.06 for all GPU devices. Updated the DEFAULT GPU driver label to version 570.124.06 for NVIDIA_B200 and NVIDIA_H200 GPU devices.
Upgraded app-admin/node-problem-detector to v0.8.20.
Updated app-admin/awscli to v1.38.4.
Updated dev-python/s3transfer to v0.11.4.
Updated dev-python/botocore to v1.37.9.
Updated dev-python/python-dateutil to v2.9.0.
Upgraded sys-apps/which to v2.23.
Upgraded sys-apps/pv to v1.9.31.
Fixed a race condition that could cause a kernel panic.
Fixed CVE-2024-58005 in the Linux kernel.
Fixed CVE-2024-57996 in the Linux kernel.
Fixed CVE-2024-57996 in the Linux kernel.
Fixed CVE-2024-57996 in the Linux kernel.
Fixed KCTF-647cef2 in the Linux kernel.
Fixed CVE-2025-21785 in the Linux kernel.
Fixed CVE-2025-21716 in the Linux kernel.
Fixed CVE-2025-21857 in the Linux kernel.
Fixed CVE-2024-58088 in the Linux kernel.
Fixed CVE-2025-21844 in the Linux kernel.
Fixed CVE-2025-21779 in the Linux kernel.
Fixed CVE-2025-21854 in the Linux kernel.
Fixed CVE-2025-21846 in the Linux kernel.
Fixed CVE-2025-21864 in the Linux kernel.
Fixed CVE-2025-21858 in the Linux kernel.
Fixed CVE-2025-21791 in the Linux kernel.
Fixed CVE-2025-21863 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811701 -> 811789
cos-109-17800-436-79
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.124 | v24.0.9 | v1.7.24 | See List |
Added support for NVIDIA 570.124.06 GPU driver. Updated the R570, LATEST GPU driver label to version 570.124.06 for all GPU devices. Updated the DEFAULT GPU driver label to version 570.124.06 for NVIDIA_B200 and NVIDIA_H200 GPU devices.
Upgraded sys-apps/which to v2.23.
Fixed a race condition that could cause a kernel panic.
Fixed CVE-2023-45288 in app-containers/docker.
Fixed CVE-2024-53166 in the Linux kernel.
Fixed CVE-2024-53166 in the Linux kernel.
Fixed KCTF-647cef2 in the Linux kernel.
Fixed CVE-2025-21716 in the Linux kernel.
Fixed CVE-2025-21785 in the Linux kernel.
Fixed CVE-2025-21844 in the Linux kernel.
Fixed CVE-2025-21779 in the Linux kernel.
Fixed CVE-2025-21846 in the Linux kernel.
Fixed CVE-2025-21864 in the Linux kernel.
Fixed CVE-2025-21858 in the Linux kernel.
Fixed CVE-2025-21791 in the Linux kernel.
Fixed CVE-2024-26982 in the Linux kernel.
Fixed CVE-2024-57996 in the Linux kernel.
Fixed CVE-2024-57996 in the Linux kernel.
Fixed CVE-2024-57996 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812258 -> 812224
cos-117-18613-164-93
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.72 | v24.0.9 | v1.7.24 | See List |
Fixed an issue that resulted in missing grub boot measurements in some machine configurations.
Added support for NVIDIA GB200 GPU with 570.124.06 GPU driver. This driver version has been assigned the latest, default, and R570 tags for this GPU type.
Added support for the Lustre 2.14.0 client drivers.
Upgraded dev-lang/go to v1.23.7.
Fixed a race condition that could cause a kernel panic.
Fixed CVE-2024-58005 in the Linux kernel.
Fixed KCTF-647cef2 in the Linux kernel.
Fixed CVE-2025-21785 in the Linux kernel.
Fixed CVE-2025-21716 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811752 -> 811744
cos-113-18244-291-82
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.123 | v24.0.9 | v1.7.24 | See List |
Fixed an issue that resulted in missing grub boot measurements in some machine configurations.
Fixed a race condition that could cause a kernel panic.
Fixed CVE-2024-58005 in the Linux kernel.
Fixed CVE-2024-53166 in the Linux kernel.
Fixed CVE-2024-53166 in the Linux kernel.
Fixed KCTF-647cef2 in the Linux kernel.
Fixed CVE-2025-21716 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812031 -> 812050
cos-105-17412-535-84
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.173 | v23.0.3 | v1.7.23 | See List |
Fixed CVE-2024-58017 in the Linux kernel.
Fixed CVE-2022-49728 in the Linux kernel.
Fixed CVE-2025-21785 in the Linux kernel.
Fixed KCTF-638ba50 in the Linux kernel.
Fixed KCTF-647cef2 in the Linux kernel.
Fixed CVE-2025-21858 in the Linux kernel.
Fixed CVE-2025-21791 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812699 -> 812690
As we launch Custom Extractor version pretrained-foundation-model-v1.4-2025-02-05
in GA with fine tuning (in Preview), these versions will no longer be accessible effective September 24, 2025:
pretrained-foundation-model-v1.2-2024-05-10
pretrained-foundation-model-v1.3-2024-08-31
To avoid service disruptions, migrate to a later version, such as pretrained-foundation-model-v1.4-2025-02-05
. To learn more about the migration process, refer to our Manage processor versions documentation.
Customers and projects can access pretrained-foundation-model-v1.2-2024-05-10
and pretrained-foundation-model-v1.3-2024-08-31
until September 24, 2025. This includes the ability to create tuning jobs and access fine-tuned processor versions.
Starting March 24, 2025:
- Newly created processor versions using
pretrained-foundation-model-v1.2-2024-05-10
can only be used for batch processing. - Newly created processor versions using
pretrained-foundation-model-v1.2-2024-05-10 and pretrained-foundation-model-v1.3-2024-08-31
will have a quota limit of 120 pages per minute.
This update requires planning, but if you have questions or need assistance, contact Google Cloud support.
Cloud Firestore now supports multi-region nam7
United States (Central and East), which consists of regions us-central1
(Iowa) and us-east4
(Northern Virginia).
For a full list of supported locations, see Locations.
Firestore in Datastore mode now supports multi-region nam7
United States (Central and East), which consists of regions us-central1
(Iowa) and us-east4
(Northern Virginia).
For a full list of supported locations, see Locations.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-datastore
2.27.1 (2025-03-18)
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.55.1 (ba1ad98)
Dependencies
Purging of expired raw logs and normalized events is now based on the Ingestion Timestamp instead of the Event Timestamp.
Purging of expired raw logs and normalized events is now based on the Ingestion Timestamp instead of the Event Timestamp.
The following features have been added to Studio in Looker, which is available in preview:
- The Looker connector can now connect to a private IP (private services access) only Looker (Google Cloud core) instance or to a private IP (Private Service Connect) Looker (Google Cloud core) instance using the Looker instance ID.
- The Looker connector now supports Looker export, download, and scheduling permissions.
- Looker System Activity now includes usage, historical, and performance information about Looker reports.
- You can now enable Studio in Looker on Looker instances that use Google OAuth authentication.
- The Looker connector now supports some calculated field functions.
Looker connector enhancements
The following enhancements to the Looker connector are available in Preview:
- The Looker connector can now connect to a private IP (private services access) only Looker (Google Cloud core) instance or to a private IP (Private Service Connect) Looker (Google Cloud core) instance using the Looker instance ID.
- The Looker connector now supports some calculated field functions.
Partner connection launch update
The following partner connectors have been added to the Looker Studio Connector Gallery:
- SEMSTORM Reports by SEMSTORM
- Pango by Pango Solutions AB
- AppsFlyer by Dataslayer
- Vista Social by Vista Social
- Linkedin Pages -Free by Data Bloo
- WooCommerce - Free by Data Bloo
Media CDN supports dynamic compression in General Availability.
After you create a Memorystore for Redis Cluster instance, you can now change the node type for the instance. For more information, see Scale an instance.
After you create a Memorystore for Valkey instance, you can now change the node type for the instance. For more information, see Scale an instance.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-pubsub
2.29.0 (2025-03-19)
Features
- Add REST Interceptors which support reading metadata (4363179)
- Add support for opt-in debug logging (4363179)
- Deprecate
enabled
field for message transforms and adddisabled
field (4363179)
Bug Fixes
- Allow logs to propagate upstream for caplog testing (#1374) (fa39b0e)
- Allow Protobuf 6.x (#1369) (c95b7a5)
- Fix typing issue with gRPC metadata when key ends in -bin (4363179)
Documentation
- A comment for field
code
in message.google.pubsub.v1.JavaScriptUDF
is changed (4363179) - Add samples and test for ingestion from Kafka sources (#1354) (820f986)
- Deprecate
enabled
field for message transforms and adddisabled
field (4363179) - samples: Increase example max_bytes setting for cloud storage subscriptions to encourage more performant subscribe (#1324) (cb760a7)
Preview stage support for the following integration:
The Dialogflow entry has been corrected to reflect that the Dialogflow integration with VPC Service Controls is generally available (GA).
The integration of Dialogflow with VPC Service Controls has been generally available since January 29, 2021.
March 23, 2025
Google SecOps SOARRelease 6.3.40 is being rolled out to the first wave of regions as listed here.
Theme enhancement for SOAR platform
The header and left hand navigation menu now fully reflect the selected theme. If you select the light theme, both the header and side menu will also appear in light mode. This might impact customers who are using the rebranding feature.
March 22, 2025
Google SecOps SOARRelease 6.3.39 is now available for all regions.
March 21, 2025
Access Context ManagerAccess Context Manager now supports custom organization policies. This feature is generally available (GA). For more information, see Create custom constraints for Access Context Manager.
The ITAR control package now supports Cloud Composer.
In the filtering toolbar of the Triggers page, you can now filter by trigger repository and region. The region drop-down has been removed. For more information, see Create and manage build triggers.
You can now specify, in your build config file, a custom Pub/Sub topic for build notifications. For more information, see Pub/Sub topics for build notifications.
Cloud Deploy now uses Skaffold 2.14 as the default Skaffold version, as of March 21, 2025, for all target types.
The Google-Built OpenTelemetry Collector is now available. This Collector is an open-source, production-ready build of the upstream OpenTelemetry Collector that is built with upstream OpenTelemetry Collector components. The Google-built Collector lets you send correlated OTLP traces, metrics, and logs to Cloud Observability and other backends from applications instrumented by using OpenTelemetry SDKs. The Collector also captures metadata for Google Cloud resources, so you can correlate application performance data with infrastructure telemetry data.
For information about using this Collector, see Overview of the Google-Built OpenTelemetry Collector.
Storage Intelligence for Cloud Storage is now generally available (GA). Storage Intelligence simplifies data management in Cloud Storage at scale by providing a unified platform for data exploration, cost optimization, security enforcement, and governance implementation. To learn more about Storage Intelligence, see Overview of Storage Intelligence.
Storage Insights datasets is now generally available (GA). Storage Insights datasets helps you get insights for your Cloud Storage resources and export the data to BigQuery. Storage Insights datasets is an exclusive feature only available through the Storage Intelligence subscription. To learn more about Storage Insights, see Overview of Storage Insights datasets.
Cross-bucket replication is now generally available (GA). You can use cross-bucket replication to copy new and updated objects asynchronously from a source bucket to a destination bucket.
Generally available: Resource-based committed use discounts (CUDs) are available for licenses of RHEL operating system images. You can purchase commitments with a 1-year plan for these licenses and receive up to 20% discounts over on-demand prices.
To learn how to purchase these commitments, see Purchase commitments for licenses. For pricing information, reach out to your Technical account manager (TAM).
Config Controller now uses the following versions of its included products:
- Config Sync v1.19.2, release notes
The Conversational Agents console is now generally available (GA). This console combines the power of Generative AI playbooks and data stores with deterministic flows. Additional features:
- The console is now hosted at
https://conversational-agents.cloud.google.com/
. - There is a new menu option for managing languages. Selecting Manage languages from the language drop-down menu at the top of the console now automatically redirects you to the Agent Settings language management section in the Deterministic Flows tab.
- The simulator now has feature parity with the Dialogflow CX console.
Conversational Agents: Conversational Agents now supports multiple tool versions in addition to playbooks and flows. See the versions and environments documentation for details.
Conversational Agents: You can now toggle a Show latency option in the Conversational Agents Console simulator to view latency per conversation turn for simulator conversations. To view latency breakdown, click the total latency value for the conversation turn. Latency values are also shown in the original response, Cloud logging, and BigQuery export.
Be aware that latency values are not recorded directly in the logs, but are represented as startTime
and completeTime
values in the traceBlocks
field.
Conversational Agents playbooks: New model gemini-2.0-flash (Preview)
is now available. For more information and supported regions, see Model support.
Conversational Agents: New Chirp 3 HD Cloud Text-to-Speech voices are now available.
Conversational Agents playbooks: Playbooks now support 38 languages. Playbook language support is displayed on the language support page. Supported languages have been tested for quality with the gemini-2.0-flash-001
and gemini-1.5-flash-002
models.
Conversational Agents playbooks: You can now enable DTMF in playbook Settings and as a conditional actions as a Preview feature. See the playbook settings and DTMF for telephony integrations pages for more information.
In GKE version 1.32.2-gke.1652000 and later, new external LoadBalancer Services use zonal Network Endpoint Group (NEG) backends by default. This applies only to new backend service-based external LoadBalancer Services. Existing LoadBalancer Services are not affected. To learn more, see Create a backend service-based external load balancer.
All GKE clusters now export four new rollup metrics by default at no additional charge. These new metrics are for monitoring GKE TPU NodePools and JobSets:
kubernetes.io/node_pool/accelerator/times_to_recover
: Distribution of recovery period durations. Each sample indicates a single recovery operation for the NodePool to recover from a downtime period. The data is sampled within 60s after the completion of NodePool recovery, and emitted within 24h. This metric does not include a sample for downtime period longer than 7 days. This metric is only applicable for GKE multi-host TPU node pools.kubernetes.io/jobset/times_between_interruptions
: Distribution of times between the end of last interruption and beginning of current interruption for a JobSet. Each sample indicates a single duration between last and current interruption. The data is sampled within 60s after the current interruption starts, and emitted within 24h. The metric does not include a sample for duration between interruptions longer than 7 days. This metric is only applicable for JobSets running on nodes with GPU/TPU and having a single replicated job.kubernetes.io/jobset/times_to_recover
: Distribution of recovery period durations. Each sample indicates a single recovery operation for the JobSet to recover from a downtime period. The data is sampled within 60s after the completion of JobSet recovery, and emitted within 24h. This metric does not include samples for downtime periods longer than 7 days. This metric is only applicable for JobSets running on nodes with GPU/TPU and having a single replicated job.kubernetes.io/jobset/uptime
: Total time the JobSet has been available. The data is sampled every 60s and emitted within 24h after sampling. This metric is only applicable for JobSets running on nodes with GPU/TPU and having a single replicated job.
Starting in GKE version 1.32.1-gke.1729000, Autopilot clusters will automatically use the new Performance HPA Profile. This new profile enables faster autoscaling on CPU and Memory metrics for up to 1,000 HorizontalPodAutoscaler
objects by routing autoscaling metrics through the gke-metrics-agent
Daemonset. If desired, users can revert to the old autoscaling profile by disabling the Peformance HPA Profile.
Upgraded server-side dependencies - Tekton Pipelines, Config Connector
Upgrade upload-pages-artifact dependency
Custom organization policies are now generally available for Access Context Manager and VPC Service Controls. For more information, see Manage Access Context Manager resources with custom constraints and Create custom constraints for VPC Service Controls.
Model Armor filter update
The prompt injection and jailbreak detection filter in Model Armor is upgraded with increased efficacy and higher model quality scores.
VPC Service Controls now supports custom organization policies. This feature is generally available (GA). For more information, see Create custom constraints for VPC Service Controls.
March 20, 2025
BigQueryBigQuery workflows have been renamed to BigQuery pipelines in the Google Cloud console. For more information, see Introduction to BigQuery pipelines.
You can now use repositories and workspaces in BigQuery to perform version control.
Repositories perform version control on files by using Git to record changes and manage file versions. You can use workspaces within repositories to edit the code stored in the repository.
You can have a repository use Git directly on BigQuery, or you can connect a repository to a third-party Git provider.
This feature is in preview.
You can now create remote models in BigQuery ML based on the Anthropic Claude model in Vertex AI.
Use the ML.GENERATE_TEXT
function with these remote models to perform generative natural language tasks for text stored in BigQuery tables. Try this feature with the Generate text by using the ML.GENERATE_TEXT
function tutorial.
You can also evaluate Claude models by using the ML.EVALUATE
function.
This feature is generally available (GA).
The following resource types are now publicly available through the analyze policy (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning) APIs.
- Developer Connect
developerconnect.googleapis.com/Connection
developerconnect.googleapis.com/GitRepositoryLink
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
You can now use custom constraints with Organization Policy to provide more granular control over specific fields for some networksecurity and networkservices resources.
Cloud Service Mesh now supports dual-stack, extending IPv6 capability to both proxy-based Envoy and proxyless gRPC. For more information, see Configure IPv6 dual-stack for Cloud Service Mesh.
If you use the managed Cloud Service Mesh with the ISTIOD
control plane implementation, important changes have been made to how and when you'll receive notifications of upcoming modernization. For details, see Managed control plane modernization.
You can now use Secret Manager to securely store authentication resources with Datastream. For more information, see Use Secret Manager to store sensitive data.
Anthropic's Claude Sonnet 3.7 is GA on Vertex AI and supports Provision Throughput. To learn more, view the Claude Sonnet 3.7 model card in Model Garden.
Quotas for scheduled emails
Looker Studio now limits the number of recipients to whom a user can send scheduled emails per day and per month. See the Quotas for scheduled email delivery section for more information. If you have Looker Studio Pro, no such quotas apply. However, any reports in the Owned by me folder are considered to be personal reports and will be subject to quotas. To resolve this, you can upgrade a report to Looker Studio Pro.
Scheduled email updates
The following features are now available only for Looker Studio Pro reports:
- Send Now: The ability to immediately send a report with email using the "Send Now" option is available only for Pro reports.
- Custom Subject and Messages: The option to customize the email subject and message is available only for Pro reports. Any custom messages in existing schedules will be preserved, but you will no longer be able to edit them.
- Image in Preview: A preview of the report will be added to emails only for Pro reports.
These features are also unavailable for reports in the Owned by me folder, even if you have Looker Studio Pro. To resolve this, you can upgrade a report to Looker Studio Pro.
Preview your data
The data source editor displays a preview of the data in your fields. This feature is now generally available.
Partner connection launch update
The following partner connectors have been added to the Looker Studio Connector Gallery:
- Reddit Ads by Dataslayer
- Odoo Accounting AppiWorks by Jivrus Technologies
- Spotify Advertising by Power My Analytics
- Instagram Insights by Data Bloo
- Niteco Performance Insights by Niteco Group
- Yahoo! Japan Display by Catchr
- Line Ads by Catchr Sources
- Yahoo! Japan Search Ads by Catchr
- Oracle AppiWorks by Jivrus Technologies
- Trackingplan by Trackingplan
- Facebook Ads by Master Metrics
- YouTube Analytics by everythingData
- YouTube Analytics by Two Minute Reports
- X Ads by Two Minute Reports
- Google Ads by everythingData
- Hubspot by everythingData
- IOT Dashzoom by Dashzoom
- ad:personam Analytics by ad:personam GmbH
- 快客-Thread 社群洞察 by 黑客數位
- Datastore AppiWorks by Jivrus Technologies
- Google PageSpeed by Catchr
- Yelp Review by Catchr
- Xero by Windsor.ai
- Google Trends by Catchr
- Appstore Review by Catchr
- Branch by Catchr
- Airbnb Review by Catchr
- Booking Review by Catchr
- Facebook Review by Catchr
- Glassdoor Review by Catchr
- Capterra Review by Catchr
- g2 Review by Catchr
- Indeed Review by Catchr
- Tripadvisor Review by Catchr
- Google Play Review by Catchr
- Trustpilot Review by Catchr
- DynamoDB AppiWorks by Jivrus Technologies
- 快客-Instagram 社群洞察 by 黑客數位
- Capterra PPC by everythingData
- ProfitWell by Catchr
- Zoho CRM by Catchr
- ChartMogul by Catchr
- HubSpot by Dataslayer
For Autonomous Databases, you can now set up cross-region disaster recovery with Autonomous Data Guard in Google Cloud. You can create and manage peer databases, and perform switchover operations. This feature is generally available (GA).
The Risk section of the SecOps console has been updated for Security Command Center Enterprise, introducing the following features in Preview:
- Issues are the most important security risks Security Command Center Enterprise has found in your cloud environments. Sourced from Security Command Center's virtual red teaming and security graph, issues give you all the details you need to understand, triage, and remediate a risk. Explore attack path diagrams, attack exposure scores, exposed resources, related findings, and whether multiple issues exist on a primary resource, all from the one place.
- Security graph is a graph database that has cloud resources like assets, identities, apps, and data assigned to its nodes, while the edges of the graph determine the risk relationship between those resources following detection rules. When a relationship risk is discovered, the security graph generates an issue.
- Chokepoints are critical severity issues that focus on common resources or resource groups where multiple attack paths converge. Because of this focus on a common point, resolving a chokepoint can resolve other issues too, like toxic combinations.
The Risk Overview dashboard has also been updated, and a new Issues page added to the Risk section. You can navigate through different security domains in the Risk section using the tabs near the top of the page, such as All risk, Vulnerabilities, and Code.
Encrypt your data-in-use by using Confidential Computing. This feature is now available in Preview. You can enable the Confidential VM service when you create a Vertex AI Workbench instance. To get started, see Create an instance with Confidential Computing.
March 19, 2025
AI ApplicationsVertex AI Search: Generate and return charts in answers and with follow-ups (Public preview)
The answer method can include a chart in an answer, as well as text. The chart is generated from the data in the data store. A chart is generated if there is sufficient data, and the query either asks for a chart or the answer is sufficiently complex that the method itself determines that a chart is helpful.
This feature is in public preview and is only available through the API. For more information, see Generate charts for answers.
Vertex AI Search: Return corpus images in answers and with follow-ups (Public preview)
The answer method can return images in answers, along with text.
If appropriate, one image from the data store can be returned with the answer. Citations can also include images from the data store.
This feature is restricted to queries made to unstructured data stores where the layout parser is in effect and is only available through the API. For more information, see Retrieve existing images from the data store.
Build your own Gen AI Assist is available in preview. BYOA is available in all customer engagement suite regions and offers the following:
- Foundation models
- Gemini access
- New trigger events based on agent and customer messages
Agent Assist offers Vertex extensions for Build your own assist (BYOA) in preview. Enable BYOA to access remote APIs with Vertex LLM extensions.
Performing an in-place major version upgrade of your AlloyDB cluster is generally available (GA). You can upgrade your AlloyDB cluster to any higher supported PostgreSQL version. For information about supported PostgreSQL versions, see Database version policies.
Preview: You can create regionally scoped snapshots. Setting a regional scope ensures that all snapshot data and the metadata necessary to use the snapshot are co-located within the scoped region. Regionally scoped snapshots also support additional location control by letting you restrict allowed snapshot creation and restore locations.
For more information, see Snapshot scopes.
Custom Extractor model pretrained-foundation-model-v1.4-2025-02-05
is in General Availability (GA), and has fine-tuning available in Preview for the US and EU.
From version v1.4 and later, we will use a new quota for online processing called Number of online process document pages per minute per processor_type_and_model_version
. This quota will be enforced at a per-page and per-foundation model level. There will be no change to the batch processing quota.
(2025-R11) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- Version 1.32.2-gke.1182001 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.32.2-gke.1182000
- 1.32.2-gke.1400001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.32.2-gke.1182001 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.2-gke.1182001 with this release.
Regular channel
- Version 1.32.2-gke.1182001 is now available in the Regular channel.
- Version 1.32.2-gke.1182000 is no longer available in the Regular channel.
Stable channel
- The following versions are now available in the Stable channel:
Extended channel
- The following versions are now available in the Extended channel:
- Version 1.32.2-gke.1182000 is no longer available in the Extended channel.
No channel
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.32.2-gke.1182000
- 1.32.2-gke.1400001
(2025-R11) Version updates
- Version 1.32.2-gke.1182001 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.32.2-gke.1182000
- 1.32.2-gke.1400001
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.32.2-gke.1182001 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.2-gke.1182001 with this release.
(2025-R11) Version updates
- Version 1.32.2-gke.1182001 is now available in the Regular channel.
- Version 1.32.2-gke.1182000 is no longer available in the Regular channel.
(2025-R11) Version updates
- The following versions are now available in the Stable channel:
(2025-R11) Version updates
- The following versions are now available in the Extended channel:
- Version 1.32.2-gke.1182000 is no longer available in the Extended channel.
(2025-R11) Version updates
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.32.2-gke.1182000
- 1.32.2-gke.1400001
The following parser documentation is now available:
Collect AWS Elastic Load Balancing logs
Collect AWS S3 server access logs
Collect Azure Application Gateway logs
Collect Carbon Black App Control logs
Collect Delinea Secret Server logs
Collect AWS Control Tower logs
Collect AWS Elastic MapReduce logs
Collect AWS Key Management Service logs
Collect AWS Network Firewall logs
Collect AWS Session Manager logs
Collect Zscaler ZPA Audit logs
Collect Azure API Management logs
Collect Azure APP Service logs
Collect Azure Storage Audit logs
Collect CrowdStrike Falcon Stream logs
Collect SentinelOne Deep Visibility logs
Collect Cloud Compute context logs
Collect Cloud Intrusion Detection System (Cloud IDS) logs
Collect Cloud Next Generation Firewall Enterprise logs
Collect Cloud Storage context logs
Collect Cloud Identity and Access Management (IAM) Analysis logs
Collect Cloud Identity Devices logs
Collect Cloud Identity Device Users logs
Collect Cloud Security Command Center Error logs
Collect Cloud Security Command Center Observation logs
Collect Cloud Security Command Center Posture Violation logs
Collect Cloud Security Command Center Toxic Combination logs
Generally available: Migrate to Virtual Machines support for the Arm64 migration journey is now generally available. This feature lets you migrate Arm virtual machine (VM) instances from AWS and Azure cloud services to Arm VM instances on Compute Engine, and it is supported for the following operating systems:
- Debian 11 and 12
- RHEL 9
- Rocky Linux 8 and 9
- SLES 15 SP5
- Ubuntu 20.04 and 22.04
The CZECHIA_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
March 18, 2025
AI HypercomputerGenerally available: The A4 accelerator-optimized machine type is now generally available. A4 VMs are powered by NVIDIA B200 GPUs and provide up to 3x performance of previous GPU machine types for most GPU accelerated workloads. A4 is especially recommended for ML training workloads at large scales. A4 is available in the following region and zone:
- Council Bluffs, Iowa:
us-central1-b
When provisioning A4 machine types, you can use Hypercompute Cluster to request capacity and create VMs or clusters. To get started see Overview of creating VMs and clusters.
Software stack updates
The following new Docker images are also released to support workloads running on your A4 GKE clusters that are deployed using Hypercompute Cluster.
- NeMo docker image:
nemo25.02-gib1.0.5-A4
- MaxText docker image:
jax-maxtext-gpu:jax0.5.1-cuda_dl25.02-rev1-maxtext-20150317
For more information, see AI Hypercomputer images.
You can use a query recall evaluator (Preview) to find the recall for a vector query for a given configuration, and to tune your parameters to achieve the desired vector query recall results. For more information, see Measure vector query recall.
Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images. By default, new deployments created after March 5, 2025, use Artifact Registry instead of Container Registry for storing application build images. For more information, see Migrate App Engine container images to Artifact Registry.
Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images. By default, new deployments created after March 5, 2025, use Artifact Registry instead of Container Registry for storing application build images. For more information, see Migrate App Engine container images to Artifact Registry.
Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images. By default, new deployments created after March 5, 2025, use Artifact Registry instead of Container Registry for storing application build images. For more information, see Migrate App Engine container images to Artifact Registry.
Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images. By default, new deployments created after March 5, 2025, use Artifact Registry instead of Container Registry for storing application build images. For more information, see Migrate App Engine container images to Artifact Registry.
Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images. By default, new deployments created after March 5, 2025, use Artifact Registry instead of Container Registry for storing application build images. For more information, see Migrate App Engine container images to Artifact Registry.
Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images. By default, new deployments created after March 5, 2025, use Artifact Registry instead of Container Registry for storing application build images. For more information, see Migrate App Engine container images to Artifact Registry.
Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images. By default, new deployments created after March 5, 2025, use Artifact Registry instead of Container Registry for storing application build images. For more information, see Migrate App Engine container images to Artifact Registry.
Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images. By default, new deployments created after March 5, 2025, use Artifact Registry instead of Container Registry for storing application build images. For more information, see Migrate App Engine container images to Artifact Registry.
Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images. By default, new deployments created after March 5, 2025, use Artifact Registry instead of Container Registry for storing application build images. For more information, see Migrate App Engine container images to Artifact Registry.
Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images. By default, new deployments created after March 5, 2025, use Artifact Registry instead of Container Registry for storing application build images. For more information, see Migrate App Engine container images to Artifact Registry.
Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images. By default, new deployments created after March 5, 2025, use Artifact Registry instead of Container Registry for storing application build images. For more information, see Migrate App Engine container images to Artifact Registry.
Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images. By default, new deployments created after March 5, 2025, use Artifact Registry instead of Container Registry for storing application build images. For more information, see Migrate App Engine container images to Artifact Registry.
Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images. By default, new deployments created after March 5, 2025, use Artifact Registry instead of Container Registry for storing application build images. For more information, see Migrate App Engine container images to Artifact Registry.
Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images. By default, new deployments created after March 5, 2025, use Artifact Registry instead of Container Registry for storing application build images. For more information, see Migrate App Engine container images to Artifact Registry.
After April 15, 2025 the database retention policy feature will be enabled by default in newly created Cloud Composer 3 environments.
This feature helps to maintain the Airflow database size. You can enable or disable the database retention policy or adjust the retention period for new and existing environments.
The issue with Cloud Composer 2 upgrade operations is now resolved. The upgrade operations are unblocked in all regions.
Container Registry is shut down and writing images to Container Registry is unavailable. For more information about the Container Registry shut down and how to migrate to Artifact Registry, see Container Registry deprecation.
Streamed chat responses are now available in public preview for IntelliJ and VS Code Gemini Code Assist. You can disable this feature in settings.
You can now configure and use custom commands in the inline chat menu and lightbulb menu for VS Code Gemini Code Assist. To view custom commands settings, go to Settings > Gemini Code Assist > Custom Commands.
Fixed an issue with an infinite progress bar while trying to log in to IntelliJ Gemini Code Assist.
VMware Engine is integrated with Google Cloud Essential Contacts for email notifications. Automatic emails are sent to the appropriate Essential Contacts notification categories for service-impacting events. For more information, see Overview of VMware Engine monitoring.
Google Distributed Cloud (software only) for VMware 1.31.300-gke.81 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.31.300-gke.81 runs on Kubernetes v1.30.9-gke.500.
If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
The 1.31.300-gke.81 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.
Release 1.31.300-gke.81
Google Distributed Cloud for bare metal 1.31.300-gke.81 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.31.300-gke.81 runs on Kubernetes v1.31.5-gke.700.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
The 1.31.300-gke.81 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.
On GKE clusters running versions 1.32.2-gke.1182000 to 1.32.2-gke.1297000, Pods using Cloud Storage FUSE CSI driver volumes (persistent or CSI ephemeral) fail to schedule when both of the following are true:
- The Pods run on the host network (
hostNetwork: true
) - You use a custom sidecar image built with a Cloud Storage FUSE CSI driver version earlier than v1.12.2.
The fix is available on GKE cluster version 1.32.2-gke.1297001 or later.
Statistics and aggregations in UDM search using YARA-L 2.0
You can now run statistical queries on UDM events and group the results for analysis using YARA-L 2.0. You can use the statistical queries to track critical metrics, detect anomalous behavior, and analyze trends over time. For more information on how to run statistical queries on UDM events, see Statistics and aggregations in UDM search using YARA-L 2.0.
Statistics and aggregations in UDM search using YARA-L 2.0
You can now run statistical queries on UDM events and group the results for analysis using YARA-L 2.0. You can use the statistical queries to track critical metrics, detect anomalous behavior, and analyze trends over time. For more information on how to run statistical queries on UDM events, see Statistics and aggregations in UDM search using YARA-L 2.0.
Custom organization policies are now generally available for Cloud Service Mesh. For more information, see Set up custom constraints.
Cloud Infrastructure Entitlement Management (CIEM) has launched support for the following:
- Log ingestion from Amazon SQS queues.
- An alternate
CIEM only
feed to reduce costs.
For more information, see Configure AWS log ingestion for CIEM.
This feature is available in General Availability to the Security Command Center Enterprise tier.
The default time zone of your Spanner databases can now be set. For more information, see Set the default time zone of a database. This feature is generally available (GA).
March 17, 2025
AlloyDB for PostgreSQLOutbound connectivity for Private Service Connect-enabled AlloyDB clusters is generally available (GA). Enabling outbound connectivity allows secure connection between your project and an AlloyDB instance during outbound operations such as migrations or foreign data wrappers (FDW).
You can enforce specific tags on AlloyDB cluster and backup resources using custom organization policies. If a mandatory tag is missing or does not have a value set, AlloyDB resource creation fails. This feature is available in Preview.
On March 17, 2025, Apigee announced the GA support for DNS peering for Apigee organizations that have VPC peering disabled.
For Apigee organizations set up without VPC peering, you can now configure Apigee to resolve your private domains by peering your DNS zones with Apigee. See Connecting with private DNS peering zones.
You can now use EXPORT DATA
statements to reverse ETL BigQuery data to Spanner. This feature is generally available (GA).
You can now create an external dataset in BigQuery that links to an existing database in Spanner. This feature is generally available (GA).
You can now use the TYPEOF
function to determine the data type of an expression. This feature is generally available (GA).
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.55.0 (2025-03-11)
Features
- Add MaterializedViewName to ReadRows and SampleRowKeys (1763c6e)
- Add MaterializedViews and LogicalViews APIs (1763c6e)
- Add MaterializedViews and LogicalViews APIs (7340527)
- Add PrepareQuery api and update ExecuteQuery to support it (1763c6e)
- bigtable: Add support for data APIs for materialized views (#2508) (6310a63)
- large-row-skip: Added large-row-skip-callable with configurable rowadapter (#2509) (ba193ef)
- Next release from main branch is 2.55.0 (#2506) (4e45837)
- Publish row_key_schema fields in table proto and relevant admin APIs to setup a table with a row_key_schema (7340527)
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.54.0 (91e4369)
Documentation
- Fixed formatting of resource path strings (7340527)
Cloud Data Fusion version 6.11.0 is available in Preview.
You can view instance metrics and pipeline metrics in Cloud Monitoring and in the dashboard provided by Cloud Data Fusion. For more information, see Metrics overview and Monitor Cloud Data Fusion system, instance, and pipeline health.
You can view instance logs and pipeline logs in Cloud Logging, and in the dashboard provided by Cloud Data Fusion. For more information, see View Cloud Data Fusion logs.
When a pipeline run fails, you can retrieve detailed error information on the pipeline details page of the Cloud Data Fusion web interface.
Cloud Data Fusion classifies pipeline errors by category, reason, and message. This classification speeds up resolution and reduces the need to examine complex logs. For more information, see Retrieve error information for a failed pipeline run.
Cloud Data Fusion 6.11.0 offers high availability with reduced upgrade downtime.
Changes in Cloud Data Fusion 6.11.0:
To create ephemeral clusters, Cloud Data Fusion uses the Dataproc 2.2 image by default. For more information about its limitations in Cloud Data Fusion, see Change the Dataproc image to version 2.1.
The maximum concurrent runs limit for triggers is displayed in the console (CDAP-21072).
Added support for destination table write preference in the BigQuery Execute plugin (PLUGIN-1438).
Fixed in Cloud Data Fusion 6.11.0:
Fixed a null pointer exception in the BigQuery multi-sink plugin when used without a reference name (PLUGIN-1843).
Fixed Joiner plugin failures observed on Dataproc 2.2-debian12 instances (CDAP-21075).
Fixed an issue that prevented pipelines from accepting empty input in Amazon S3 and Google Cloud Storage source plugins (PLUGIN-1742).
Fixed an issue in RBAC-enabled instances where the pipeline details page displayed an incorrect author name (CDAP-21069).
A soft limit of 2 MB for pipeline JSON size is introduced in 6.11.0. Pipelines exceeding this size might encounter deployment failures.
The following APIs for searching and querying metrics are deprecated in 6.11.0:
POST v3/metrics/query
POST v3/metrics/search
The following APIs for downloading system service and pipeline run logs are deprecated in 6.11.0:
GET /v3/namespaces/<NAMESPACE_ID>/apps/<APP_ID>/<PROGRAM_TYPE>/<PROGRAM_ID>/logs
GET /v3/system/services/<SERVICE_ID>/logs
The ability to retrieve all applications without pagination using the GET /v3/namespaces/<NAMESPACE_ID>/apps
endpoint is deprecated in 6.11.0.
Google Cloud periodically renews Google-managed certificates by requesting them from certificate authorities (CAs). Certificate authorities verify domain control by checking DNS settings of the domain and in case of load balancer authorization attempting to contact the server behind the domain's IP address. The CAs that Google Cloud works with have introduced a verification method called Multi-Perspective Issuance Corroboration, that is becoming mandatory for all public CAs and that consists in performing the verification from multiple locations in the world. As a result, if DNS settings do not correctly and consistently resolve from all locations, the validation fails and Google-managed certificates will fail to renew.
To learn more about preventing multi-perspective domain validation failures for misconfigured DNS records, see Multi-perspective domain validation.
You can now enable and disable uptime-checks by using the disabled
field in the Cloud Monitoring API.
Cloud SQL for SQL Server supports transparent data encryption (TDE) to encrypt data stored in your Cloud SQL for SQL Server instances.
TDE automatically encrypts data before it is written to storage, and automatically decrypts data when the data is read from storage.
TDE provides another layer of encryption in addition to Google's default offering of encryption for data at rest and Google's optional offering of customer-managed encryption keys (CMEK). TDE helps you meet regulatory compliance requirements and supports import or export operations of TDE encrypted backups. For more information, see About transparent data encryption.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for storage/internal/apiv2
1.51.0 (2025-03-12)
Features
- storage/append: Support appends in w1r3. (#11483) (48bb391)
- storage: Benchmark with experimental MRD. (#11501) (7b49152)
- storage: Implement RetryChunkDeadline for grpc writes (#11476) (03575d7)
- storage: Specify benchmark integrity check. (#11465) (da18845)
- storage: Use ReadHandle for faster re-connect (#11510) (cac52f7)
- storage: Wrap NotFound errors for buckets and objects (#11519) (0dd7d3d)
Bug Fixes
- storage/append: Report progress for appends. (#11503) (96dbb6c)
- storage: Add a safety check for readhandle (#11549) (c9edb37)
- storage: Add universe domain to defaultSignBytesFunc (#11521) (511608b)
- storage: Clone the defaultRetry to avoid modifying it directly (#11533) (7f8d69d)
- storage: Fix adding multiple range on stream with same read id (#11584) (0bb3434)
- storage: Modify the callback of mrd to return length of data read instead of limit. (#11687) (9e359f0)
- storage: Propagate ctx from invoke to grpc upload reqs (#11475) (9ad9d76)
- storage: Remove duplicate routing header (#11534) (8eeb59c)
- storage: Return sentinel ErrObjectNotExist for copy and compose (#11369) (74d0c10), refs #10760
- storage: Wait for XML read req to finish to avoid data races (#11527) (782e12a)
Java
Changes for google-cloud-storage
2.50.0 (2025-03-14)
Features
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.54.0 (22e7e3d)
- deps: Update the Java code generator (gapic-generator-java) to 2.55.1 (81c8c61)
- Improve 503 handling for json resumable uploads (#2987) (9bc2b14)
- Update usages of String.format to explicitly pass Locale.US (#2974) (8bcb2de), closes #2972
Dependencies
Cloud Storage now offers the DE
configurable dual-region code, which can be used when creating a dual-region bucket in europe-west3
(Frankfurt) and europe-west10
(Berlin). To learn more about Cloud Storage configurable dual-regions, see Configurable dual-regions
Generally available: The A4 accelerator-optimized machine type is now generally available. A4 instances are powered by NVIDIA B200 GPUs and provide up to 3x performance of previous GPU instance types for most GPU accelerated workloads. A4 is especially recommended for ML training workloads at large scales. A4 is available in the a4-highgpu-8g
machine type in the us-central1-b
zone.
To create A4 instances, you must either use AI Hypercomputer to request capacity and create VMs or clusters, or use Spot VMs. For detailed instructions, see Create an A3 Ultra or A4 VM.
cos-dev-121-18867-0-53
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.74 | v27.5.1 | v2.0.2 | See List |
Upgraded app-containers/docker to v27.5.1, Upgraded app-containers/docker-test to v27.5.1, Upgraded app-containers/docker-cli to v27.5.1.
Added support for iRDMA devices.
Applied Intel patches to add iRDMA support in the Linux kernel.
Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.
Disabled martian logging for ConnectX-7 network cards. These cards only communicate locally, but martian logging during communications with the host can lead to a race condition which causes GID table construction to sometimes fail.
Upgraded net-misc/socat to v1.8.0.3.
Upgraded dev-go/crypto to v0.35.0. This fixes CVE-2025-22869.
Upgraded dev-go/oauth2 to v0.27.0. This fixes CVE-2025-22868.
Upgraded net-misc/openssh to version 9.9_p2. This fixed CVE-2025-26465 and CVE-2025-26466.
Upgrade sys-libs/binutils-libs to 2.44-r1. This fixes CVE-2024-53589.
Upgraded net-misc/wget to version 1.25.0. This fixes CVE-2024-10524.
Upgraded dev-libs/libxml2 to version 1.12.10. This fixes CVE-2025-27113.
Fixed CVE-2024-58017 in the Linux kernel.
Fixed CVE-2025-21745 in the Linux kernel.
Fixed CVE-2025-21814 in the Linux kernel.
Fixed CVE-2024-50017 in the Linux kernel.
Fixed CVE-2024-50146 in the Linux kernel.
Fixed CVE-2024-50304 in the Linux kernel.
Fixed KCTF-8802766 in the Linux kernel.
Fixed KCTF-fcdd224 in the Linux kernel.
Fixed CVE-2024-56549 in the Linux kernel.
Fixed KCTF-638ba50 in the Linux kernel.
Fixed CVE-2024-50014 in the Linux kernel.
Fixed CVE-2024-49994 in the Linux kernel.
Fixed CVE-2025-21690 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811788 -> 811701
- Deleted: net.bridge.bridge-nf-call-arptables: 1
- Deleted: net.bridge.bridge-nf-call-ip6tables: 1
- Deleted: net.bridge.bridge-nf-call-iptables: 1
- Deleted: net.bridge.bridge-nf-filter-pppoe-tagged: 0
- Deleted: net.bridge.bridge-nf-filter-vlan-tagged: 0
- Deleted: net.bridge.bridge-nf-pass-vlan-input-dev: 0
cos-beta-121-18867-0-53
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.74 | v27.5.1 | v2.0.2 | See List |
Upgraded app-containers/docker to v27.5.1, Upgraded app-containers/docker-test to v27.5.1, Upgraded app-containers/docker-cli to v27.5.1.
Added support for iRDMA devices.
Applied Intel patches to add iRDMA support in the Linux kernel.
Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.
Disabled martian logging for ConnectX-7 network cards. These cards only communicate locally, but martian logging during communications with the host can lead to a race condition which causes GID table construction to sometimes fail.
Upgraded net-misc/socat to v1.8.0.3.
Upgraded dev-go/crypto to v0.35.0. This fixes CVE-2025-22869.
Upgraded dev-go/oauth2 to v0.27.0. This fixes CVE-2025-22868.
Upgraded net-misc/openssh to version 9.9_p2. This fixed CVE-2025-26465 and CVE-2025-26466.
Upgraded sys-libs/binutils-libs to 2.44-r1. This fixes CVE-2024-53589.
Upgraded net-misc/wget to version 1.25.0. This fixes CVE-2024-10524.
Upgraded dev-libs/libxml2 to version 1.12.10. This fixes CVE-2025-27113.
Fixed CVE-2024-58017 in the Linux kernel.
Fixed CVE-2025-21745 in the Linux kernel.
Fixed CVE-2025-21814 in the Linux kernel.
Fixed CVE-2024-50017 in the Linux kernel.
Fixed CVE-2024-50146 in the Linux kernel.
Fixed CVE-2024-50304 in the Linux kernel.
Fixed KCTF-8802766 in the Linux kernel.
Fixed KCTF-fcdd224 in the Linux kernel.
Fixed CVE-2024-56549 in the Linux kernel.
Fixed KCTF-638ba50 in the Linux kernel.
Fixed CVE-2024-50014 in the Linux kernel.
Fixed CVE-2024-49994 in the Linux kernel.
Fixed CVE-2025-21690 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811788 -> 811701
- Deleted: net.bridge.bridge-nf-call-arptables: 1
- Deleted: net.bridge.bridge-nf-call-ip6tables: 1
- Deleted: net.bridge.bridge-nf-call-iptables: 1
- Deleted: net.bridge.bridge-nf-filter-pppoe-tagged: 0
- Deleted: net.bridge.bridge-nf-filter-vlan-tagged: 0
- Deleted: net.bridge.bridge-nf-pass-vlan-input-dev: 0
cos-117-18613-164-81
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.72 | v24.0.9 | v1.7.24 | See List |
Added support for NVIDIA 570.124.06 GPU driver. Updated the R570, LATEST GPU driver label to version 570.124.06 for all GPU devices. Updated the DEFAULT GPU driver label to version 570.124.06 for NVIDIA_B200 and NVIDIA_H200 GPU devices.
Added support for iRDMA devices.
Upgraded net-misc/socat to v1.8.0.3.
Fixed CVE-2023-45288 in app-containers/docker.
Fixed CVE-2025-21857 in the Linux kernel.
Fixed CVE-2024-58088 in the Linux kernel.
Fixed CVE-2025-21844 in the Linux kernel.
Fixed CVE-2025-21779 in the Linux kernel.
Fixed CVE-2025-21854 in the Linux kernel.
Fixed CVE-2025-21846 in the Linux kernel.
Fixed CVE-2025-21864 in the Linux kernel.
Fixed CVE-2025-21858 in the Linux kernel.
Fixed CVE-2025-21791 in the Linux kernel.
Fixed CVE-2025-21863 in the Linux kernel.
Fixed CVE-2024-57996 in the Linux kernel.
Fixed CVE-2024-57996 in the Linux kernel.
Fixed CVE-2024-57996 in the Linux kernel.
Fixed CVE-2025-21745 in the Linux kernel.
Fixed CVE-2024-58017 in the Linux kernel.
Fixed CVE-2025-21814 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811757 -> 811752
cos-113-18244-291-73
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.123 | v24.0.9 | v1.7.24 | See List |
Added support for NVIDIA 570.124.06 GPU driver. Updated the R570, LATEST GPU driver label to version 570.124.06 for all GPU devices. Updated the DEFAULT GPU driver label to version 570.124.06 for NVIDIA_B200 and NVIDIA_H200 GPU devices.
Fixed CVE-2023-45288 in app-containers/docker.
Fixed CVE-2025-21785 in the Linux kernel.
Fixed CVE-2025-21844 in the Linux kernel.
Fixed CVE-2025-21779 in the Linux kernel.
Fixed CVE-2025-21846 in the Linux kernel.
Fixed CVE-2025-21864 in the Linux kernel.
Fixed CVE-2025-21858 in the Linux kernel.
Fixed CVE-2025-21791 in the Linux kernel.
Fixed CVE-2024-26982 in the Linux kernel.
Fixed CVE-2024-57996 in the Linux kernel.
Fixed CVE-2024-57996 in the Linux kernel.
Fixed CVE-2024-57996 in the Linux kernel.
Fixed CVE-2024-58017 in the Linux kernel.
Fixed CVE-2025-21745 in the Linux kernel.
Fixed CVE-2025-21814 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812049 -> 812031
cos-105-17412-535-78
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.173 | v23.0.3 | v1.7.23 | See List |
Updated the default tag of the GPU driver supporting the NVIDIA H200 GPU device to 570.86.15.
Upgraded gzip to v1.13.
Added support for NVIDIA 570.124.06 GPU driver. Updated the R570, LATEST GPU driver label to version 570.124.06 for all GPU devices. Updated the DEFAULT GPU driver label to version 570.124.06 for NVIDIA_H200 GPU devices.
Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.
Fixed console TTY leak in runc shim in containerd.
Fixed CVE-2023-45288 in app-containers/docker.
Upgraded dev-go/crypto to v0.35.0. This fixes CVE-2025-22869.
Fixed CVE-2025-26465 and CVE-2025-26466 in net-misc/openssh.
Fixed CVE-2024-53589 in sys-libs/libutils-libs.
Upgraded net-misc/wget to version 1.25.0. This fixes CVE-2024-10524.
Upgraded dev-libs/libxml2 to version 1.12.10. This fixes CVE-2024-56171, CVE-2025-27113 and CVE-2025-24928.
Fixed CVE-2024-26982 in the Linux kernel.
Fixed CVE-2024-57946 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812677 -> 812699
cos-109-17800-436-64
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.124 | v24.0.9 | v1.7.24 | See List |
Fixed CVE-2025-21814 in the Linux kernel.
Fixed CVE-2024-58017 in the Linux kernel.
Fixed CVE-2025-21745 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812157 -> 812258
Data Catalog is available in the europe-north2
(Stockholm) region.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for dataflow/apiv1beta3
0.10.5 (2025-03-13)
Bug Fixes
- dataflow: Update golang.org/x/net to 0.37.0 (1144978)
Dataplex and data lineage are available in the europe-north2
(Stockholm) region.
Dataplex and data lineage are available in the northamerica-south1
(Mexico) region.
New Dataproc on Compute Engine subminor image versions:
- 2.0.136-debian10, 2.0.136-rocky8, 2.0.136-ubuntu18
- 2.1.84-debian11, 2.1.84-rocky8, 2.1.84-ubuntu20, 2.1.84-ubuntu20-arm
- 2.2.50-debian12, 2.2.50-rocky9, 2.2.50-ubuntu22
Dataproc on Compute Engine: Spark upgraded to version 3.5.3 in the latest Dataproc image version 2.2.
Dataproc on Compute Engine: The latest Dataproc 2.2 image version now supports Spark data lineage.
Dataproc on Compute Engine: Added support for Enhanced Flexibility Mode (EFM) with primary worker shuffle mode on Spark for image version 2.2.50 and above.
Eventarc Standard is available in the europe-north2
(Stockholm, Sweden) region.
Mistral Small 3.1 (25.03) feature multimodal capabilities and a context of up to 128,000 tokens. For more information, see the Mistral Small 3.1 (25.03) model card in Model Garden.
The following features have been added to Studio in Looker, which is available in preview:
- If Studio in Looker is disabled and then re-enabled, reports that had been saved within the previous 30 days will still be available. Recovered reports may appear in the Recovered reports folder after an admin re-enables Studio in Looker.
- The Looker Search function will include reports.
- The Looker Trash folder will now contain deleted reports, and Looker admins can restore previously deleted reports.
- The ability to set an instance or a group locale for Studio in Looker.
- Looker admins can manage the data source connectors that are available in Studio in Looker.
Note: This item was updated on March 19, 2025.
Looker connector enhancements
More Looker permissions have been propagated to Looker Studio and can now be granted to Looker Studio Pro users to perform the following the tasks on Looker Studio reports that are built with the Looker connector:
- Scheduling report deliveries
- Create alerts
- Download and export chart and report data
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for pubsub/apiv1
1.48.0 (2025-03-12)
Features
- pubsub/pstest: Support listening on custom address (#11606) (63865a2)
- pubsub: Add support for message transforms to Topic and Subscription (59fe58a)
- pubsub: Deprecate
enabled
field for message transforms and adddisabled
field (dd0d1d7)
Documentation
Java
Changes for google-cloud-pubsub
1.138.0 (2025-03-14)
Features
- Deprecate
enabled
field for message transforms and adddisabled
field (76b2a3d) - Next release from main branch is 1.138.0 (#2361) (b6ba56c)
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.55.1 (76b2a3d)
- Prevent excessive string parsing when publishing and receiving messages to improve performance (#2317) (07b1350)
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.48.1 (#2356) (7d3d2e4)
- Update dependency com.google.cloud:google-cloud-storage to v2.49.0 (#2358) (81d3435)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.45.1 (#2366) (15899d1)
- Update googleapis/sdk-platform-java action to v2.55.1 (#2367) (de6f84a)
You can enforce mandatory tags on resources using custom organization policies. When a user attempts to create a resource, the system checks for the presence of the mandatory tags. If any mandatory tag is missing or does not have a value, the resource creation is blocked. By defining mandatory tags within an organization policy, you can ensure that all newly created resources adhere to your organization's tagging standards. This feature is available in Preview.
For more information, see Enforcing mandatory tags on resources.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for secretmanager/apiv1
1.14.6 (2025-03-13)
Bug Fixes
- secretmanager: Update golang.org/x/net to 0.37.0 (1144978)
You can now create an external dataset in BigQuery that links to an existing database in Spanner. This feature is generally available (GA).
You can now use EXPORT DATA
statements to reverse ETL BigQuery data to Spanner. This feature is generally available (GA).
Chirp 3: HD voices are only available in the global, us, eu, and asia-southeast1 regions. To use these voices, switch your endpoint to a supported region.
Generally available: Workload Manager supports deploying Microsoft SQL Server workloads on Google Cloud. You can configure and deploy a SQL Server system using the Guided Deployment Automation tool in Workload Manager. For more information, see Overview of SQL Server deployment.
Workload Manager supports the following features when you deploy SAP S/4HANA workloads on Google Cloud:
- Deploy SAP S/4HANA workloads on X4 instances.
- Customize the names of application server VMs.
- Specify network tags for the deployed instances.
- Skip the creation of automatic firewall rules.
- Skip the DNS configuration.
- Choose an existing NFS shared storage.
- Specify a service account to be attached to instances for each layer of the deployment.
For more information, see Deploy an SAP S/4HANA application