The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.
You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml
May 20, 2024
BigQueryA weekly digest of client library updates from across the Cloud SDK.
You can now use a search index to optimize lookups on the INT64
and TIMESTAMP
data types. The feature is in preview.
You can use DLP functions to support encryption and decryption between BigQuery and Sensitive Data Protection, using AES-SIV. This feature is now generally available (GA).
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for logging/apiv2
1.10.0 (2024-05-15)
Features
Bug Fixes
Java
Changes for google-cloud-logging
3.17.2 (2024-05-16)
Dependencies
Uptime checks can now be configured and viewed directly within the Cloud Run "metrics" page.
Migrate to AlloyDB database insight recommendation is now available in preview.
Cloud Armor now supports regional internal Application Load Balancers in public preview. You can use the regional backend security policy type with this load balancer. For more information, see types of security policies.
May 17, 2024
Anthos clusters on AzureYou can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
On May 17, 2024, we released an updated version of Apigee (1-12-0-apigee-4-hotfix).
Bug ID | Description |
---|---|
337876238, 330314128, 333762214 | Resolved issues resulting in an increase in 404/503 responses.Upgraded storage for the Apigee router to the latest version to resolve Adjusted traffic weight and delays in the older replica set to handle traffic divergence during the release process to address any |
335832119 | Fixed 404 errors caused during Apigee instance update/rollback. |
255772956 | Turned off asynchronous services callout when the <Response> element is not present due to inconsistent scaling of runtime pods. |
338717278 | Reverted problematic commit to address thread pool exhaustion. |
Navigation menus in the Classic Apigee UI have been restored to support the transition from the Classic console to Apigee in the Google Cloud console.
Each menu item in the Classic console now directs you to the corresponding feature location in the Cloud console where you can carry out your task. Please see Apigee UI in Cloud console navigation for more details.
Correction: Apigee hybrid entitlements are available in Apigee Subscription 2024 plans. For more information, see Apigee Subscription 2024 entitlements.
Node.js .22 is now available in preview.
Node.js 22 is now available in preview.
Cloud Functions (2nd gen) now supports the Node.js 22 runtime at the Preview release level.
Cloud Run is now covered by FedRAMP High.
Dataflow no longer supports the NVIDIA Tesla K80 GPU type. For a list of supported GPU types, see Dataflow support for GPUs.
M121 release
- Updated the R CPU container image from R 4.3 to R 4.4. The R 4.3 container image is deprecated. There will be no further updates to this image in future releases.
M121 release
- CUDA 12.2 images are now available.
- Updated TensorFlow 2.15 images from CUDA 12.1 to CUDA 12.2.
- Re-enabled
common-gpu
Deep Learning VM releases that were erroneously deactivated in M117. - Updated Nvidia drivers to 550.54.15 to fix an issue where Nvidia drivers failed to install on startup after Debian 11 images upgraded kernel to
linux-image-5.10.0-29-cloud-amd64
. - The
linux-headers-cloud-amd64
metapackage is now installed for faster driver recompiling on kernel upgrades. - TensorFlow 2.6 CPU and GPU images are deprecated. There will be no further updates to these images in future releases.
(2024-R14) Version updates
There are no version updates for 2024-R14.
(2024-R15) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- Version 1.28.8-gke.1095000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.26.8-gke.200
- 1.26.14-gke.1044000
- 1.27.8-gke.1067004
- 1.29.3-gke.1282000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.11-gke.1062003 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.11-gke.1062003 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.8-gke.1095000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.1-gke.1589020 with this release.
Stable channel
- Version 1.27.11-gke.1062003 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.26.8-gke.200
- 1.26.14-gke.1044000
- 1.27.11-gke.1062001
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.14-gke.1044001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062003 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062003 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.7-gke.1026001 with this release.
Regular channel
- Version 1.28.8-gke.1095000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.26.8-gke.200
- 1.27.11-gke.1062001
- 1.27.11-gke.1062003
- 1.28.7-gke.1026001
- 1.29.1-gke.1589018
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.12-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.8-gke.1095000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589020 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.26.15-gke.1191000
- 1.27.13-gke.1000000
- 1.28.9-gke.1000000
- 1.29.4-gke.1043000
- 1.29.4-gke.1447000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1300000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.13-gke.1166000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.9-gke.1209000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.9-gke.1209000 with this release.
(2024-R14) Version updates
There are no version updates for 2024-R14.
(2024-R15) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.26.15-gke.1191000
- 1.27.13-gke.1000000
- 1.28.9-gke.1000000
- 1.29.4-gke.1043000
- 1.29.4-gke.1447000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1300000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.13-gke.1166000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.9-gke.1209000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.9-gke.1209000 with this release.
(2024-R14) Version updates
There are no version updates for 2024-R14.
(2024-R15) Version updates
- Version 1.28.8-gke.1095000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.26.8-gke.200
- 1.27.11-gke.1062001
- 1.27.11-gke.1062003
- 1.28.7-gke.1026001
- 1.29.1-gke.1589018
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.12-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.8-gke.1095000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589020 with this release.
(2024-R14) Version updates
There are no version updates for 2024-R14.
(2024-R15) Version updates
- Version 1.27.11-gke.1062003 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.26.8-gke.200
- 1.26.14-gke.1044000
- 1.27.11-gke.1062001
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.14-gke.1044001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062003 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062003 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.7-gke.1026001 with this release.
(2024-R14) Version updates
There are no version updates for 2024-R14.
(2024-R15) Version updates
- Version 1.28.8-gke.1095000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.26.8-gke.200
- 1.26.14-gke.1044000
- 1.27.8-gke.1067004
- 1.29.3-gke.1282000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.11-gke.1062003 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.11-gke.1062003 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.8-gke.1095000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.1-gke.1589020 with this release.
Release 6.3.2 is now in General Availability.
The IAM recommender generates policy insights and role recommendations for identities in Workload Identity Federation pools. To learn more, see Availability. This feature is available in Preview.
During Preview, the actual observation period might be shorter than the observation period listed in recommendations for these principals.
Storage Transfer Service now supports transfers from Amazon S3 over a Google-managed private network. Transfer jobs that select this option pay no AWS egress fees; instead, a flat per-GiB rate is charged by Google Cloud. This allows you to transfer data at a potentially lower overall cost.
Learn more about egress options for S3 transfers, including the managed private network.
M121 release
The M121 release of Vertex AI Workbench user-managed notebooks includes the following:
- Updated Nvidia drivers to 550.54.15 to fix an issue where Nvidia drivers failed to install on startup after Debian 11 images upgraded kernel to
linux-image-5.10.0-29-cloud-amd64
. - The
linux-headers-cloud-amd64
metapackage is now installed for faster driver recompiling on kernel upgrades. - TensorFlow 2.6 CPU and GPU images are deprecated. There will be no further updates to these images in future releases.
The M121 release of Vertex AI Workbench managed notebooks includes the following:
- Updated the R CPU kernel from R 4.3 to R 4.4.
M121 release
The M121 release of Vertex AI Workbench instances includes the following:
- Updated Nvidia drivers to 550.54.15 to fix an issue where Nvidia drivers failed to install on startup after Debian 11 images upgraded kernel to
linux-image-5.10.0-29-cloud-amd64
. - The
linux-headers-cloud-amd64
metapackage is now installed for faster driver recompiling on kernel upgrades.
May 16, 2024
Apigee Integrated PortalOn May 16, 2024 we released a new version of the Apigee integrated portal.
This release includes general improvements to performance and availability.
Generate a SQL query to BigQuery from your Cloud Billing Reports (in preview)
In the cloud console, on the Billing Reports page, you use the report settings and filters to refine the data returned to your report. If you have enabled Cloud Billing data export to BigQuery, you can analyze your exported billing data using SQL queries. In Billing Reports, you can now click a button to generate a SQL query in BigQuery that is configured to use the equivalent Billing Report settings and filters to query your exported billing data. When run against your exported billing data, the generated query returns the equivalent results in BigQuery as the results in the Billing Report.
The fhir_read_ops
, fhir_write_ops
, and fhir_search_ops
quota metrics are generally available (GA) and have replaced the legacy fhir_ops
quota metric. For more information, see FHIR quotas.
Cloud KMS with Autokey is now in Preview for Cloud Storage, Compute Engine, BigQuery, and Secret Manager.
Autokey simplifies creating and using customer-managed encryption keys (CMEKs) by automating provisioning and assignment. With Autokey, key rings, keys, and service accounts don't need to be planned and provisioned before they're needed. Instead, Autokey generates keys on demand as resources are created.
Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings.
For more information, see Autokey overview.
Cloud KMS has two new organization policy constraints that you can use to control key version destruction. These constraints became available on November 1, 2023.
For more information, see Control key version destruction.
New Dataproc on Compute Engine subminor image versions:
2.0.102-debian10, 2.0.102-rocky8, 2.0.102-ubuntu18
2.1.50-debian11, 2.1.50-rocky8, 2.1.50-ubuntu20, 2.1.50-ubuntu20-arm
2.2.16-debian12, 2.2.16-rocky9, 2.2.16-ubuntu22
Dataproc on Compute Engine latest 2.x
image versions:
Removed
repo.anaconda.com
channel from Dataproc on Compute Engine2.x
image version clusters for installation of packages.Blast radius: Packages installed by conda.
Possible symptoms: Packages installed via default channel is not possible now.
Mitigation: Rollback.
Infrastructure for a RAG-capable generative AI application using Vertex AI: Added information about getting started with deploying the reference architecture by using a Jump Start Solution.
Release 1.29.100-gke.248
Google Distributed Cloud on VMware 1.29.100-gke.248 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.100-gke.248 runs on Kubernetes v1.29.4-gke.200.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
Updated Dataplane V2 to use Cilium 1.13.
The following issues are fixed in 1.29.100-gke.248:
- Fixed the
known issue
that after a user cluster upgrade, the user master nodes with COS OS image
used
172.17.0.1/16
as the Docker bridge IP addresses. - Fixed the static IP count validator for HA admin clusters.
- Fixed
gkeadm
preflight not validating VM folder.
The following vulnerabilities are fixed in 1.29.100-gke.248:
Ubuntu vulnerabilities:
Release 6.3.3 is currently in Preview.
Search results distorting the screen (ID #00273643)
Inline CSS removed in Insights (ID #00273271)
SAML login page showing blank (ID #00279230)
Gitsync power up push content not triggering automatically (ID #00283331)
Job page loading slowly and needs to be refreshed many times (ID #50253417)
Alert Type is empty when trying to add alert grouping rules (ID # 00275434)
Generally Available: Service accounts can now use JSON Web Tokens (JWTs) to programmatically access resources protected by Identity-Aware Proxy (IAP). This provides a streamlined authentication process for workloads accessing IAP-protected applications and services. For more information, see Programmatic authentication.
New Looker Studio log event attributes
New event logging attributes are now available for the Looker Studio log event data source. These attributes let Looker Studio administrators audit and monitor how Looker Studio users in their organization interact with schedules and alerts.
Looker data sources now display LookML filters
Filters that are defined in LookML models with the conditionally_filter
and always_filter
LookML parameters are now displayed in Looker Studio charts with a Looker data source.
May 15, 2024
Anthos clusters on AWSA vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-030 security bulletin.
A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-030 security bulletin.
Commitment recommendations in the FinOps hub now include a Recommended quantity column, so you can see more information about recommendations at a glance.
Learn more about using the FinOps hub to optimize your costs.
You can now attach an IAM role binding to a log view that grants a principal access to the log view. For more information about log views and about controlling access to log views, see Configure log views on a log bucket.
Cloud Run has been added to Google Cloud's Pricing Calculator.
Cloud Source Repositories is scheduled for end of sale on June 17, 2024. Starting June 17, 2024, if your organization hasn't previously used Cloud Source Repositories, you cannot enable the API or use Cloud Source Repositories. New projects not connected to an organization can't enable the Cloud Source Repositories API after June 17, 2024. Customers who have already enabled the API prior to this date will not be affected and can continue to use Cloud Source Repositories.
Generally Available: Advanced maintenance control for sole-tenancy lets you control planned maintenance events for sole-tenant node groups and minimize maintenance-related disruptions. This feature is available only for sole-tenant node groups. To use this feature with your existing virtual machines, you must first move your VMs to sole-tenant node groups that have advanced maintenance control enabled.
The advanced maintenance control for sole-tenancy feature lets you:
- Check for maintenance events scheduled for a sole-tenant node 28 days in advance.
- Trigger maintenance immediately or schedule it for later. Note that if you trigger maintenance immediately, the maintenance takes place within 6 hours from the time you trigger the request.
For more information, see Advanced maintenance control for sole-tenancy.
Effective May 15, 2024, Artifact Registry hosts all images for the gcr.io
domain in projects without previous Container Registry usage.
If you use Container Registry, learn about the deprecation. To get started with managing containers on Google Cloud, use Artifact Registry.
Release 1.29.100-gke.251
GKE on Bare Metal 1.29.100-gke.251 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.29.100-gke.251 runs on Kubernetes 1.29.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
Added new API and IAM role requirements for Cloud Monitoring:
You must enable the
kubernetesmetadata.googleapis.com
API for your project and grant theroles/kubernetesmetadata.publisher
IAM role to the Logging and Monitoring service account (anthos-baremetal-cloud-ops
, when created automatically). Clusters use this API as an endpoint to send Kubernetes metadata to Google Cloud. The metadata is vital for cluster monitoring, debugging, and recovery. If you install your clusters behind a proxy, addkubernetesmetadata.googleapis.com
to the list of allowed connections.Due to changes in the way service accounts are checked, you must also grant the following IAM roles to the Logging and Monitoring service account:
roles/monitoring.viewer
roles/serviceusage.serviceUsageViewer
These API and IAM role requirements apply to both creating new 1.29 clusters and upgrading existing clusters to 1.29.
Functionality changes:
Added checks to validate the SSH client certificate file type before saving the certificate as a Secret.
Deprecated the
spec.gkeVersion
field inMachine
andBareMetalMachine
custom resources. After GKE on Bare Metal release 1.30, the value ofgkeVersion
isn't guaranteed to be reliable.Added preflight checks for available disk space in specific directories:
During cluster creation, the following directories are checked:
/
(the root directory) has at least 4 GiB of free space/var/log/fluent-bit-buffers
has at least 12 GiB of free space/var/opt/buffered-metrics
has at least 10016 MiB of free spaceDuring a cluster upgrade, the following directory is checked:
/
(the root directory) has at least 2 GiB of free space
Fixes:
- Fixed an issue where the kubelet doesn't honor shortened, 1-second grace period for pod deletion during eviction-based draining.
The following container image security vulnerabilities have been fixed in 1.29.100-gke.251:
Medium-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-030 security bulletin.
A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-030 security bulletin.
Added a release note to May 16, 2023 for 1.27 available in the Rapid channel. This release note was previously only added to the Release notes (Rapid channel only) page by mistake.
reCAPTCHA Enterprise Mobile SDK v18.5.0 is now available for iOS.
This version contains the following changes:
- Performance and reliability improvements in
getClient()
andexecute()
. - Support for Apple Privacy Manifest.
- The minimum iOS version is now iOS 12 to align with Xcode 15 dropping support for iOS 11.
- New exception type is added for devices without a network connection.
reCAPTCHA Enterprise Mobile SDK v18.5.0 is now available for Android.
This version contains the following changes:
- Performance and reliability improvements in
getClient()
andexecute()
. - Support for Android API 19 is dropped.
- New exception type is added for devices without a network connection.
May 14, 2024
Anthos clusters on AWSA vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-028 security bulletin.
A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-029 security bulletin.
A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-028 security bulletin.
A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-029 security bulletin.
On May 14, 2024 we released an updated version of Advanced API Security.
NOTE: Rollouts of this feature are ongoing and will take multiple days to complete across all Google Cloud zones. You may not be able to use the functionality until the rollout is complete.
Addition of autonomous system numbers (ASN), HTTP methods, and region codes as supported security action rule condition types.
This new functionality is not available with Apigee hybrid at this time.
See Create a security action to learn more.
You can now view information about upcoming maintenance events for Bare Metal Solution on Upcoming maintenance events page.
You can now create Gemini-enhanced translation rules to use with the interactive SQL translator. Translation rules let you customize and adjust the results of the interactive translator according to your SQL migration needs. This feature is in preview.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Cloud Monitoring
monitoring.googleapis.com/Dashboard
- Discovery Engine
discoveryengine.googleapis.com/Engine
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Importing and exporting FHIR resources, including their historical versions, as history bundles using Cloud Storage is available in Preview.
Developer Connect, Google Cloud's tool for connectivity to third-party source code management platforms, is now available in Preview. To get started, see Quickstart.
Gemini 1.5 Flash (Preview)
Gemini 1.5 Flash (gemini-1.5-flash-preview-0514
) is available in Preview. Gemini 1.5 Flash is a multimodal model designed for fast, high volume, cost-effective text generation and chat applications. It can analyze text, code, audio, PDF, video, and video with audio.
Grounding Gemini with Google Search is GA
The Gemini API Grounding with Google Search feature is available in GA. This is available for Gemini 1.0 Pro models. To learn more about model grounding, see Grounding with Google Search.
Batch prediction support for Gemini
Batch prediction is available for Gemini in preview. Available Gemini models include Gemini 1.0 Pro, Gemini 1.5 Pro, and Gemini 1.5 Flash. To get started with batch prediction, see Get batch predictions for Gemini.
PaliGemma model
The PaliGemma model is available. PaliGemma is a lightweight open model that's part of the Google Gemma model family. It's the Gemma model family's best model option for image captioning tasks and visual question and answering tasks. Gemma models are based on Gemini models and intended to be extended by customers.
New stable text embedding models
The following text embedding models are available GA:
text-embedding-004
text-multilingual-embedding-002
For details on how to use these models, see Get text embeddings.
(New guide) Global deployment with Compute Engine and Spanner: Learn how to architect a multi-tier application that runs on Compute Engine VMs and Spanner in a global topology on Google Cloud.
A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-029 security bulletin.
A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-029 security bulletin.
Google SecOps now supports the following functions in Detection Engine rules:
- fingerprint
- sample_rate
For more information about these functions, see YARA-L 2.0 language syntax.
Google SecOps now supports the following functions in Detection Engine rules:
- fingerprint
- sample_rate
For more information about these functions, see YARA-L 2.0 language syntax.
Cloud Text-to-Speech now offers updated Journey voices with an additional speaker, en-us-Journey-O.
Ray on Vertex AI is now Generally Available and includes the following updates:
- Ray version 2.9.3 and Python 3.10 are supported. For information about Ray image support policies, see Supported versions.
- VPC peering connection is no longer required if you use public endpoints.
- Custom images are supported with Ray on Vertex AI.
- You can use custom service accounts with Ray on Vertex AI.
- A Colab template is not automatically created when you create a Ray Cluster. Instead, you can connect directly to Ray on Vertex AI clusters from Colab Enterprise's side panel.
For Ray on Vertex AI, Ray version 2.4 is no longer supported. Migrate your code to support Ray 2.9.3 or later and then delete Ray clusters that are running 2.4.
Vertex AI Search: Check grounding (GA)
The check grounding API is Generally available (GA).
The check grounding API determines how grounded a piece of text is in a given set of facts. The API returns support scores and citations.
Filler and introductory statements can be deemed as not requiring attribution. No scores or citations are provided for those statements.
Additionally, as an experimental feature, the API also generates contradicting citations that show which facts contradict the text and how strongly.
For more information, see Check grounding and the check
API.
May 13, 2024
Backup for GKEBackup for GKE now supports creating a backup plan when creating a cluster.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigquery
2.40.1 (2024-05-06)
Dependencies
2.40.0 (2024-05-06)
Features
Dependencies
Python
Changes for google-cloud-bigquery
3.22.0 (2024-04-19)
Features
Phrase support for the SEARCH
function is in preview.
A weekly digest of client library updates from across the Cloud SDK.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.17.1 (2024-05-06)
Dependencies
You can now configure dashboards to display events by using the Monitoring API.
- For event information, see Event types.
- For information about enabling events, see Show events on a dashboard.
- For an example, see API examples: Enable dashboard events and filters.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/storage
7.11.0 (2024-05-03)
Features
Java
Changes for google-cloud-storage
2.38.0 (2024-05-09)
Features
Bug Fixes
- Add strict client side response validation for gRPC chunked resumable uploads (#2527) (c1d1f4a)
- An existing resource pattern value
projects/{project}/buckets/{bucket}/managedFolders/{managedFolder=**}
to resource definitionstorage.googleapis.com/ManagedFolder
is removed (#2524) (7d7f526) - deps: Update the Java code generator (gapic-generator-java) to 2.39.0 (#2501) (518d4be)
- ParallelCompositeUpload in Transfer Manager hangs when encountering OOM (#2526) (67a7c6b)
- Update grpc WriteObject response handling to provide context when a failure happens (#2532) (170a3f5)
- Update GzipReadableByteChannel to be tolerant of one byte reads (#2512) (87b63f4)
- Update StorageOptions to carry forward fields that aren't part of ServiceOptions (#2521) (b84654e)
Dependencies
- Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#2523) (3e573f7)
- Update dependency info.picocli:picocli to v4.7.6 (#2535) (f26888a)
Documentation
cos-113-18244-85-5
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.90 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
This is an LTS Refresh release.
Upgraded app-admin/node-problem-detector to v0.8.18.
Upgraded app-admin/google-osconfig-agent to v20240501.00.
Upgraded app-admin/google-guest-agent to v20240314.00.
Upgraded app-containers/docker and app-containers/docker-cli to v24.0.9.
Upgraded app-admin/google-guest-configs to v20240307.00.
Upgraded sys-boot/grub-lakitu to the FC 39's current version.
Upgraded app-emulation/cloud-init to v23.4.4.
Added support for i6300 watchdog timer device.
Uprev GPU driver version to v470.239.06.
Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.
Fixed CVE-2024-26900 in the Linux kernel.
Fixed CVE-2024-26809 in the Linux kernel.
Fixed CVE-2024-26882 in the Linux kernel.
Fixed CVE-2024-26884 in the Linux kernel.
Fixed CVE-2024-26885 in the Linux kernel.
Fixed CVE-2024-26883 in the Linux kernel.
Fixed CVE-2024-26907 in the Linux kernel.
Runtime sysctl changes:
- Added: net.core.mem_pcpu_rsv: 256
- Changed: fs.epoll.max_user_watches: 1809474 -> 1809452
- Changed: fs.file-max: 812400 -> 812391
- Changed: kernel.threads-max: 63504 -> 63503
- Changed: net.ipv4.tcp_mem: 94068 125424 188136 -> 94065 125423 188130
- Changed: net.ipv4.udp_mem: 188136 250848 376272 -> 188133 250847 376266
- Changed: user.max_cgroup_namespaces: 31752 -> 31751
- Changed: user.max_ipc_namespaces: 31752 -> 31751
- Changed: user.max_mnt_namespaces: 31752 -> 31751
- Changed: user.max_net_namespaces: 31752 -> 31751
- Changed: user.max_pid_namespaces: 31752 -> 31751
- Changed: user.max_time_namespaces: 31752 -> 31751
- Changed: user.max_user_namespaces: 31752 -> 31751
- Changed: user.max_uts_namespaces: 31752 -> 31751
cos-109-17800-218-26
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Uprev GPU driver version to v470.239.06.
Fixed CVE-2024-26900 in the Linux kernel.
cos-105-17412-370-29
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.239.06(default),v550.54.15(latest) |
Fixed CVE-2024-26900 in the Linux kernel.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for datastore/admin/apiv1
1.17.0 (2024-05-08)
Features
Java
Changes for google-cloud-datastore
2.19.2 (2024-05-03)
Bug Fixes
Dependencies
- Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#1426) (ac3a1c1)
- Update dependency com.google.errorprone:error_prone_core to v2.27.0 (#1411) (a3f5a2c)
- Update dependency com.google.errorprone:error_prone_core to v2.27.1 (#1421) (48d7daf)
- Update dependency com.google.guava:guava-testlib to v33.2.0-jre (#1422) (5a5dfdf)
A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-028 security bulletin.
A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-028 security bulletin.
Media CDN supports content targeting, which helps you cache and deliver assets that are customized for your end-user contexts. It enables device characterization and geo-targeting, which are useful for implementing responsive websites, language customization, and currency settings.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/pubsub
4.4.0 (2024-05-03)
Features
Bug Fixes
Go
Changes for pubsub/apiv1
1.38.0 (2024-05-06)
Features
- pubsub: Add custom datetime format for Cloud Storage subscriptions (4834425)
- pubsub: Support publisher compression (#9711) (4940c3c)
- pubsub: Use Streaming Pull response for ordering check (#9682) (7bf4904)
Bug Fixes
Java
Changes for google-cloud-pubsub
1.129.4 (2024-05-10)
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.40.0 (#2016) (beee523)
- Update dependency com.google.cloud:google-cloud-bigquery to v2.40.1 (#2021) (0873594)
- Update dependency com.google.cloud:google-cloud-storage to v2.38.0 (#2019) (ba3dffc)
1.129.3 (2024-05-06)
Dependencies
The IMMIGRATION_STATUS
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
The RUSSIA_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
The UKRAINE_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
The UZBEKISTAN_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
Spanner now supports a new metric in the monitoring console called read_request_latencies_by_change_stream
. Use this metric to view all read latencies and filter latencies by change stream or non-change stream reads. For more information, see Available charts and metrics.
Vector length annotation is now generally available. For more information, see the PostgreSQL vector length parameter or the GoogleSQL vector_length parameter.
May 11, 2024
Cloud ComposerStarting from GKE version 1.27.5, Cloud Composer environment clusters will start using SSD disks as persistent disks. The disk quota will change from Persistent disk standard (GB) to Persistent disk SSD (GB). Please check the Persistent disk SSD (GB) quota in your project and request an increase if this quota approaches its limit.
A single environment created using a Small environment preset requires at least 600 GB SSD disk space and the SSD quota must be able to accommodate it.
Being close to the limit of the SSD quota might impact the autoscaling capabilities of Cloud Composer environments or make impossible to create new environments.
The Logs in Cloud Logging Only feature is enabled by default in new environments:
- New Cloud Composer environments now save Airflow task logs only in Cloud Logging by default.
- Existing environments are not changed. If you upgrade an existing environment to Cloud Composer 2.8.0, it keeps saving logs to the environment's bucket.
- You can enable and disable saving logs to the environment's bucket for an existing environment.
Fixed a problem where some Airflow tasks were failing because the task could not write logs to the environment's bucket.
Cloud Composer 2.8.0 images are available:
- composer-2.8.0-airflow-2.7.3 (default)
- composer-2.8.0-airflow-2.6.3
May 10, 2024
AlloyDB for PostgreSQLModel endpoint management is now available in Preview for both AlloyDB and AlloyDB Omni. For more information, see Register and call remote AI models in AlloyDB or Register and call remote AI models in AlloyDB Omni.
Version 15.5.3 of the simplified installation method for AlloyDB Omni is now available in Preview. Updates include the following:
- Support for all of the environment variables that are supported by the official PostgreSQL Docker image.
- Various bug fixes and performance improvements.
Artifact Registry generic repositories are available in Preview.
Generic repositories store versioned, immutable artifacts that don't have to adhere to any specific package format in Artifact Registry. You can store and manage arbitrary files such as archives, binaries, and media files with no package specifications or management clients.
To get started with generic repositories, see the quickstart.
Gemini, an AI-powered collaborator in Google Cloud, can help you generate code in Dataform. This feature is in preview. For more information, see Write queries with Gemini assistance.
In new Standard clusters running GKE version 1.29 and later, GKE assigns IP addresses for GKE Services from a Google-managed range: 34.118.224.0/20
by default. With this feature, you don't need to specify your own IP address range for Services. For more information, see Subnet secondary IP address range for Services.
Container Threat Detection (KTD) fails to deploy on Autopilot clusters running the following GKE versions:
- 1.28.6-gke.1095000 to 1.28.7-gke.1025000
- 1.29.1-gke.1016000 to 1.29.1-gke.1781000
To mitigate this issue, upgrade the cluster to version 1.28.7-gke.1026000 or later, or to 1.29.2-gke.1060000 or later.
New SAP HANA certification: Hyperdisk Balanced usage with M1 machine types
For use with SAP HANA on Google Cloud, SAP has certified the usage of Hyperdisk Balanced with the M1 series of memory-optimized machine types.
For more information, see:
- Certified Compute Engine VMs for SAP HANA
- The "Hyperdisk Balanced" tab in Minimum sizes for SSD-based Persistent Disk and Hyperdisk volumes
May 09, 2024
Anthos Attached ClustersThis release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
GKE on AWS now supports clusters in the ap-northeast-2
region.
For more information, see
Supported regions.
On May 9, 2024 we released an updated version of Advanced API Security.
Addition of CIDR range support when specifying IPv4 addresses for security action rules.
Apigee Advanced API Security now includes support for CIDR range specification when creating security action rules that restrict access based on IP addresses.
This new functionality is not available with Apigee hybrid at this time.
See Create a security action to learn more.
Limit on number of basepaths per environment
Apigee is enforcing a temporary limit of 500 basepaths per environment to avoid potential failures when deploying API proxy revisions.
While this limit is in place, you can deploy up to 500 API proxy revisions (each containing a single basepath) per environment. If your API proxies or revisions contain more than one basepath, the total number of basepaths per environment must not exceed 500.
To track the status of this issue, see Apigee Known Issues.
You can now configure a logs panel widget to display log entries by log view. For more information, see Display logs and errors on a custom dashboard.
New Dataproc on Compute Engine subminor image versions:
2.0.101-debian10, 2.0.101-rocky8, 2.0.101-ubuntu18
2.1.49-debian11, 2.1.49-rocky8, 2.1.49-ubuntu20, 2.1.49-ubuntu20-arm
2.2.15-debian12, 2.2.15-rocky9, 2.2.15-ubuntu22
GKE on VMware 1.28.500-gke.121 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.28.500-gke.121 runs on Kubernetes v1.28.8-gke.2000.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
The following issues are fixed in 1.28.500-gke.121:
Added the CNI binaries back to the OS image, so that clusters using multiple network interfaces with these CNI binaries can continue working.
Fixed the static IP count validator for HA admin clusters.
The following vulnerabilities are fixed in1.28.500-gke.121:
Ubuntu vulnerabilities
- CVE-2023-1194
- CVE-2023-32254
- CVE-2023-32258
- CVE-2023-38427
- CVE-2023-38430
- CVE-2023-38431
- CVE-2023-3867
- CVE-2023-46838
- CVE-2023-52340
- CVE-2023-52429
- CVE-2023-52436
- CVE-2023-52438
- CVE-2023-52439
- CVE-2023-52441
- CVE-2023-52442
- CVE-2023-52443
- CVE-2023-52444
- CVE-2023-52445
- CVE-2023-52448
- CVE-2023-52449
- CVE-2023-52451
- CVE-2023-52454
- CVE-2023-52456
- CVE-2023-52457
- CVE-2023-52458
- CVE-2023-52462
- CVE-2023-52463
- CVE-2023-52464
- CVE-2023-52467
- CVE-2023-52469
- CVE-2023-52470
- CVE-2023-52480
- CVE-2023-52609
- CVE-2023-52610
- CVE-2023-52612
- CVE-2024-22705
- CVE-2024-23850
- CVE-2024-23851
- CVE-2024-24860
- CVE-2024-26586
- CVE-2024-26589
- CVE-2024-26591
- CVE-2024-26597
- CVE-2024-26598
- CVE-2024-26631
- CVE-2024-26633
A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-027 security bulletin.
Release 6.3.1 is now in General Availability.
Remote Agents Release 1.6.0 is now in General Availability.
May 08, 2024
Anthos clusters on AWSA vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-027 security bulletin.
A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-027 security bulletin.
On May 8, 2024, we released an updated version of Apigee X.
This release contains the General Availability (GA) release of AppGroups for Apigee and Apigee hybrid (version 1.10.0 and later).
AppGroups represent a relationship between one or more apps that are managed by the same set of people. For information, see Using AppGroups to organize app ownership. Client support for AppGroups is available with the latest Drupal Teams module.
The migration documentation has been updated to explain how to use workflow services that you have configured for Cloud Life Sciences with Batch instead. Specifically, the documentation mentions Workflows from Google Cloud, Cromwell, dsub, Nextflow, and Snakemake. For more information, see Workflow services in the Batch migration documentation.
Preview: You can now use the Require OS Config organization policy constraint to automatically enable VM Manager for all new VMs in your organization, folder, or project. For more information, see Enable VM Manager using an organization policy.
New Dataproc Serverless for Spark runtime versions:
- 1.1.61
- 1.2.5
- 2.0.69
- 2.1.48
- 2.2.5
Dialogflow ES and Dialogflow CX: The us-dialogflow.googleapis.com
endpoint and locations/us
resource location, which served as aliases for global resources, will be discontinued on May 21, 2024. We have changed the date
to update resource locations and endpoints from April 16, 2024 to May 21, 2024 to provide you with additional time. For more information, see the email announcement.
Note
- This change affects only the agents created in the
global
region (ES, CX) and only if you use theus
alias in the API requests to these global-region agents. If you created agents inus-central1
,us-east1
,us-west1
, andus
(multi-region) regions, no action is required. - The discontinued endpoint is different than the
us
multi-region endpoint that was announced recently.
Dialogflow CX and Vertex AI Agents: Effective June 15, 2024, the following generative features will be upgraded from text-bison-001 to gemini-1.0-pro-001:
- Vertex AI agent apps
- Data store agents (aka Chat agents)
- Generators
- Generative fallback
For more information, see the email announcement
(New guide) C3 AI architecture on Google Cloud: Develop applications using C3 AI and Google Cloud.
A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-026 security bulletin.
A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-027 security bulletin.
(2024-R13) Version updates
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.26.13-gke.1144000
- 1.26.15-gke.1158000
- 1.26.15-gke.1243000
- 1.27.12-gke.1190000
- 1.27.13-gke.1070000
- 1.28.3-gke.1118000
- 1.28.3-gke.1286000
- 1.28.8-gke.1175000
- 1.28.9-gke.1069000
- 1.29.1-gke.1589017
- 1.29.3-gke.1093000
- 1.29.3-gke.1093006
- 1.29.4-gke.1165000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.1-gke.1589018 with this release.
Stable channel
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.26.13-gke.1144000
- 1.27.8-gke.1067004
- 1.27.11-gke.1062000
- 1.28.3-gke.1118000
- 1.28.3-gke.1286000
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.26.14-gke.1044000
- 1.29.1-gke.1589017
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.1-gke.1589018 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589018 with this release.
Rapid channel
- Version 1.29.3-gke.1282001 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.26.15-gke.1158000
- 1.26.15-gke.1243000
- 1.27.12-gke.1190000
- 1.27.13-gke.1070000
- 1.28.8-gke.1175000
- 1.28.9-gke.1069000
- 1.29.3-gke.1093006
- 1.29.3-gke.1282000
- 1.29.4-gke.1165000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1282001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1282001 with this release.
A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-026 security bulletin.
(2024-R13) Version updates
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.26.13-gke.1144000
- 1.26.15-gke.1158000
- 1.26.15-gke.1243000
- 1.27.12-gke.1190000
- 1.27.13-gke.1070000
- 1.28.3-gke.1118000
- 1.28.3-gke.1286000
- 1.28.8-gke.1175000
- 1.28.9-gke.1069000
- 1.29.1-gke.1589017
- 1.29.3-gke.1093000
- 1.29.3-gke.1093006
- 1.29.4-gke.1165000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.1-gke.1589018 with this release.
(2024-R13) Version updates
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.26.13-gke.1144000
- 1.27.8-gke.1067004
- 1.27.11-gke.1062000
- 1.28.3-gke.1118000
- 1.28.3-gke.1286000
(2024-R13) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.26.14-gke.1044000
- 1.29.1-gke.1589017
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.1-gke.1589018 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589018 with this release.
(2024-R13) Version updates
- Version 1.29.3-gke.1282001 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.26.15-gke.1158000
- 1.26.15-gke.1243000
- 1.27.12-gke.1190000
- 1.27.13-gke.1070000
- 1.28.8-gke.1175000
- 1.28.9-gke.1069000
- 1.29.3-gke.1093006
- 1.29.3-gke.1282000
- 1.29.4-gke.1165000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1282001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1282001 with this release.
When Applied Threat Intelligence is enabled, it ingests IOCs curated by Mandiant Threat Intelligence with an IC-Score greater than 80 and generates an alert when a match is found.
When Applied Threat Intelligence is enabled, it ingests IOCs curated by Mandiant Threat Intelligence with an IC-Score greater than 80 and generates an alert when a match is found.
Release 6.3.2 is currently in Preview.
Issues when Siemplify > Set Case SLA
actions run at the exact same time (ID #49397338)
Wrong error message displays when you to try add a custom list with a name that already exists (ID #50610331)
User mentioned in case not receiving an email notification (ID #00274991)
Widgets not fully aligned on Case view page (ID #49711925)
Number increased for integer type integration parameters (ID #00287205)
Looker 24.8 includes the following changes, features, and fixes:
Expected Looker (original) deployment start: Monday, May 13, 2024
Expected Looker (original) final deployment and download available: Thursday, May 23, 2024
Expected Looker (Google Cloud core) deployment start: Monday, May 13, 2024
Expected Looker (Google Cloud core) final deployment: Monday, May 20, 2024
Database connection pooling is becoming generally available. For Looker (original) instances, the feature is moved out of Looker Labs. For dialects that support database connection pooling, the Connection settings page will include a Database Connection Pooling option. As part of this update, the Database Connection Pooling Labs setting for your instance has been applied to the Database Connection Pooling setting for the applicable database connections on your instance. If you very recently changed the Database Connection Pooling Labs setting, please check your connection settings to verify that the migration has applied the Database Connection Pooling setting that you want for each database connection.
The last_logged_in_at
time is now captured when a URL that is created by the create_embed_url
is used to log in to the Looker instance. This feature now performs as expected.
Previously, queries for totals would not run when a derived table referenced an ephemeral derived table using the SQL_TABLE_NAME
syntax. This feature now performs as expected.
An issue has been fixed with the scrollbar appearing in text tiles. This feature now performs as expected.
An issue has been fixed where embed download filter parameters for cookieless embed were incorrectly escaped (space mapped to x2B [+] rather than x20). This feature now performs as expected.
An issue has been fixed where ↙ ↘ characters were being reversed in single value visualizations. This feature now performs as expected.
Text is now properly truncated in table visualizations even when the underlying field has defined html
and link
parameters.
Previously, an issue could cause Look titles to be cut off. This feature now performs as expected.
Previously, an issue caused filters to be incorrectly restored in the dashboard edit filter dialog. This feature now performs as expected.
Previously, if Looker encountered an invalid visualization type on a tile, the dashboard would not load. This feature now performs as expected.
Previously, queries that were defined with the API occasionally could not be downloaded as PNGs or JPGs. This feature now performs as expected.
Quick start queries with missing identifiers will no longer cause validation to fail.
Referencing the ALL_FIELDS
set in a join or view will no longer cause validation to fail.
You can now see longer embedded Look titles without needing to scroll.
For LookML projects with a large number of files, IDE folders were slow to respond when you were navigating and creating, editing, or deleting LookML files. A performance issue has been identified and fixed.
When you search for a user or group, strings with commas now work as expected.
An issue where paper size did not change correctly when Fit to Dashboard was used has been fixed. This feature now performs as expected.
Previously, when embedded Explores were rendered in an iframe, a screen jump might have occurred. This feature now performs as expected.
Previously, query downloads of type json_bi
could have failed if they included fields that were hidden from the visualization. This feature now performs as expected.
Looker now initializes Development Mode projects for Looker projects that are in Production Mode.
Text in the project IDE will now be line wrapped.
When a Git project becomes corrupted, Looker now proactively converts it to a clone to prevent further issues.
When a LookML project fails to load, a log message will now be generated.
The log error about getting an access token from the Google OAuth library has been reclassified as a warning.
When a custom filter is too large for the JSON parser to handle, Looker now returns a more descriptive error.
HSQLDB has been updated to version 2.7.2 to comply with GHSA-77xx-rxvh-q682.
On the Looker Labs page, links to documentation will now open in a new browser tab instead of navigating away from the Looker UI.
May 07, 2024
AlloyDB for PostgreSQLPrivate Service Connect is now generally available (GA). Private Service Connect lets you connect to an AlloyDB for PostgreSQL instance from multiple VPC networks belonging to different groups, teams, projects, or organizations.
AlloyDB Omni version 15.5.1 and later lets you add sidecar containers to your database cluster when you use the AlloyDB Omni Kubernetes Operator.
A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-026 security bulletin.
A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-026 security bulletin.
On May 7, 2024, we released an updated version of Apigee.
Target server SSL enforcement
With this release, Apigee customers can specify strict SSL
southbound enforcement in TargetServer configurations using the object's enforce
key. If set to true
, SSL enforcement is applied to service callouts.
The option to specify this behavior is analogous to usage of the <Enforce>
tag in the <SSLInfo>
block of the TargetEndpoint configuration.
For more information, see Configure strict SSL enforcement .
Environment-level flag for SSL enforcement
Apigee customers can specify strict SSL southbound enforcement across an Apigee environment, using the SSLInfo.Enforce
flag.
If SSLInfo.Enforce
is set to true
or false
, the value specified overrides any granular enforcement options specified in <SSLInfo>
blocks in TargetEndpoint or TargetServer configurations.
If SSLInfo.Enforce
is unset, SSL enforcement is determined by any values specified using the <Enforce>
element within individual <SSLInfo>
blocks.
For more information, see TLS/SSL TargetEndpoint configuration.
Two-way HTTPS health monitor support
Apigee health monitors using <HTTPMonitor>
can now use all SSL parameters available in the <SSLInfo>
block of their TargetServer configurations when performing health checks.
To enable access, set <UseTargetServerSSLInfo>
to true
in the <Request>
block of the HTTPMonitor configuration.
For more information, see Health monitor using HTTP monitor .
JavaScript user-defined aggregate functions (UDAFs) are in preview. You can create a JavaScript UDAF with the CREATE AGGREGATE FUNCTION statement.
You can now store columns in your vector indexes and pre-filter data in your vector searches to improve query efficiency. This feature is in preview.
Using a filter when exporting HL7v2 messages to Cloud Storage is generally available (GA) and available in Preview.
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
May 06, 2024
AlloyDB for PostgreSQLYou can now set password policies for local database users.
Apigee API hub is available in preview.
With Apigee API hub, you can consolidate and organize critical information about your APIs in one place. Use API hub to accelerate the consistency, use, reuse, and governance of your API portfolio.
Use API hub to:
- Create and manage a complete catalog of your APIs and API resources.
- Add rich attributes to your APIs for tracking, organizing, and filtering.
- Link to one or more Apigee projects to automatically fetch and store Apigee API proxy information.
- Find APIs with powerful free-form semantic search capabilities.
- Track compliance for your API specification files using Linting functionality.
To learn more about the features and functionality available, see What is Apigee API hub?
NOTE: Rollouts of this feature will begin on May 6, 2024, and may take four or more business days to be completed across all Google Cloud zones. You may not be able to provision API hub until the rollout is complete.
This legacy version of AutoML Natural Language is deprecated and new models can no longer be trained nor deployed on the legacy platform. Already deployed models will stop working on May 30, 2024. All the functionality of legacy AutoML Natural Language and new features are available on the Vertex AI platform. See Migrate to Vertex AI to learn how to migrate your resources.
Backup and DR Service 11.0.10.425 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance. This release includes fixes for the following security vulnerabilities:
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigquery
7.7.0 (2024-05-03)
Features
Java
Changes for google-cloud-bigquery
2.39.1 (2024-04-29)
Bug Fixes
Dependencies
- Update actions/checkout action (#3267) (c297ed2)
- Update actions/upload-artifact action to v4.3.3 (#3258) (5215235)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.44.0 (#3270) (ee09ab6)
- Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.5.0 (e7c6201)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.48.0 (#3271) (3b6e0d5)
- Update github/codeql-action action to v2.25.2 (#3260) (3302dc4)
- Update github/codeql-action action to v2.25.3 (#3268) (1cf2377)
BigQuery Managed Disaster Recovery provides managed failover and redundant compute capacity for business critical workloads. It is intended for use in the case of a total region outage and is supported with the BigQuery Enterprise Plus edition only. This feature is now available in preview.
You can now create AWS Glue federated datasets using the the Google Cloud console. This feature is generally available (GA).
A weekly digest of client library updates from across the Cloud SDK.
Implement fine-grained policy controls over your certificate issuance using certificate templates. Certificate templates can be used in conjunction with IAM conditions to effectively create different policy controls for different users on the same CA pool. You can test certificate issuance in a validation mode and proactively identify conflicts between the CA pool's issuance policies and the certificate template's policies. For information, see Request a certificate using a certificate template. The feature is in General Availability (GA).
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Compute Engine
compute.googleapis.com/StoragePool
Download committed use discount data as a CSV file
You can now download data about all your committed use discounts (CUD) as a flat comma-separated value (CSV) file. The CSV file includes the subscription ID for each commitment, which you can use join your CUDs data to your usage data in the BigQuery export.
Synthetic monitors no longer require that the ingress rule be set to allow all traffic. For more information, see Cloud Function configuration.
A Selenium WebDriver sample is now available for synthetic monitors. For more information, see Selenium WebDriver template.
cos-101-17162-463-16
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
Fixed CVE-2017-18207 in dev-lang/python.
Fixed CVE-2023-32681 in dev-python/requests.
Updated cos-gpu-installer to v2.3.0.
Fixed CVE-2022-2806 in app-admin/sosreport.
Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.
Fixed CVE-2021-37600, CVE-2021-3995, CVE-2021-3996 in sys-apps/util-linux.
Updated net-dns/c-ares to v1.27. This fixed CVE-2024-25629.
Fixed CVE-2024-26921 in the Linux kernel.
cos-105-17412-370-23
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.239.06(default),v550.54.15(latest) |
Upgraded sys-apps/makedumpfile to v1.7.5.
Updated cos-gpu-installer to v2.3.0.
Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.
Fixed CVE-2021-37600, CVE-2021-3995, CVE-2021-3996 in sys-apps/util-linux.
Updated net-dns/c-ares to v1.27. This fixed CVE-2024-25629.
Fixed CVE-2023-32681 in dev-python/requests.
Fixed CVE-2024-26921 in the Linux kernel.
cos-109-17800-218-20
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Upgraded sys-apps/makedumpfile to v1.7.5.
Upgraded app-admin/node-problem-detector to v0.8.18.
Updated cos-gpu-installer to v2.3.0.
Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.
Updated net-dns/c-ares to v1.27. This fixed CVE-2024-25629.
Fixed CVE-2023-32681 in dev-python/requests.
cos-113-18244-1-65
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.77 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Upgraded sys-apps/makedumpfile to v1.7.5.
Upgraded app-admin/sosreport to v4.7.1.
Updated cos-gpu-installer to v2.3.0.
Fixed CVE-2023-52620 in Linux kernel.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for dataflow/apiv1beta3
0.9.7 (2024-05-01)
Bug Fixes
- dataflow: Bump x/net to v0.24.0 (ba31ed5)
New Dataproc on Compute Engine subminor image versions:
- 2.0.100-debian10, 2.0.100-rocky8, 2.0.100-ubuntu18
- 2.1.48-debian11, 2.1.48-rocky8, 2.1.48-ubuntu20, 2.1.48-ubuntu20-arm
- 2.2.14-debian12, 2.2.14-rocky9, 2.2.14-ubuntu22
Dataproc on Compute Engine:
- Backported patches for HIVE-14557, HIVE-19326, HIVE-20514, HIVE-21100, HIVE-22165, HIVE-22416, HIVE-24435.
- Hive: Improved ORC split generation.
Batch processing with Layout Parser is available. For more about Layout Parser, see Process documents with Layout Parser.
Model pretrained-foundation-model-v1.1-2024-03-12
is available for custom extractor. For more information about available models, see Custom extractor model versions.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for datastore/admin/apiv1
1.16.0 (2024-04-29)
Features
- datastore: Adding BeginLater and transaction state (#8984) (5f8e21f)
- datastore: Adding BeginLater transaction option (#8972) (4067f4e)
- datastore: Adding reserve IDs support (#9027) (2d66de0)
- datastore: Configure both mTLS and TLS endpoints for Datastore client (#9653) (38bd793)
- datastore: Respect DATASTORE_EMULATOR_HOST setting (#9789) (7259373)
Bug Fixes
- datastore: Add explicit sleep before read time use (#9080) (0538be4)
- datastore: Adding tracing to run method (#9602) (a5e197c)
- datastore: Bump x/net to v0.24.0 (ba31ed5)
- datastore: Enable universe domain resolution options (fd1d569)
- datastore: Prevent panic on GetMulti failure (#9656) (55845ad)
- datastore: Update protobuf dep to v1.33.0 (30b038d)
Gemini for investigation assistance
Gemini for investigation assistance can now support you with the following:
- Search: Gemini can help you build, edit, and run searches targeted toward relevant events using natural language prompts.
- Search summaries: Gemini can automatically summarize search results after every search and subsequent filter action. Gemini can also answer contextual follow-up questions about the summaries it provides.
- Rule generation: Gemini can create new YARA-L rules from the UDM search queries it generates.
- Security questions and threat intelligence analysis: Gemini can answer general security domain questions and specific threat intelligence questions. Gemini can provide summaries about threat actors, IOCs, and other threat intelligence topics.
- Incident remediation: Based on the event information returned, Gemini can suggest follow-on steps.
For more information, see Use Gemini to investigate security issues.
Gemini for investigation assistance
Gemini for investigation assistance can now support you with the following:
- Search: Gemini can help you build, edit, and run searches targeted toward relevant events using natural language prompts.
- Search summaries: Gemini can automatically summarize search results after every search and subsequent filter action. Gemini can also answer contextual follow-up questions about the summaries it provides.
- Rule generation: Gemini can create new YARA-L rules from the UDM search queries it generates.
- Security questions and threat intelligence analysis: Gemini can answer general security domain questions and specific threat intelligence questions. Gemini can provide summaries about threat actors, IOCs, and other threat intelligence topics.
- Incident remediation: Based on the event information returned, Gemini can suggest follow-on steps.
For more information, see Use Gemini to investigate security issues.
Identity-Aware Proxy (IAP) now supports Workforce Identity Federation for application access. You can now use your extended workforce identities to access IAP-protected applications without having to sync your identities into Cloud Identity. For more information, see Configure IAP with Workforce Identity Federation.
The Migrate to Containers UI in the Google Cloud console, migctl
, and CRDs that used processing clusters to migrate workloads to Google Cloud are no longer available.
To perform migrations, use the Migrate to Containers CLI on your local machine. For more information, see Migrate to Containers overview.
If you have any questions or require additional support, then reach out to m2c-external-feedback@google.com.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.129.2 (2024-04-30)
Dependencies
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for secretmanager/apiv1
1.13.0 (2024-05-01)
Features
- secretmanager: Add Secret Version Delayed Destroy changes for client libraries (1d757c6)
Bug Fixes
- secretmanager: Bump x/net to v0.24.0 (ba31ed5)
Assign high-value resources based on Sensitive Data Protection insights for Cloud SQL
The attack path simulations feature can now automatically set the resource value of a Cloud SQL resource based on the sensitivity of the data that the instance contains.
For information about how to enable the automatic assignment of resource values based on data sensitivity, see Create a resource value configuration.
For information about how to configure Sensitive Data Protection to send data sensitivity classifications to Security Command Center, see Publish data profiles to Security Command Center.
May 03, 2024
Application IntegrationLoop Metadata variables are changing
In the For each loop and While loop tasks, there's a Loop metadata
variable in which you will find duplicate keys for the output variable–for example, Current Iteration Count
and current_iteration_count
. We recommend you to use the variables that contain the underscore (_
) symbol because the other keys are being deprecated.
For more information, see Known issue: Duplicate keys in the Loop metadata.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- AI Platform
aiplatform.googleapis.com/Index
aiplatform.googleapis.com/IndexEndpoint
- Compute Engine
compute.googleapis.com/NetworkAttachment
Create a new playbook using Gemini (Preview)
You can now use Gemini to create a fully structured playbook. All you need to do is write a well structured prompt and click Create. For more information, see Create playbook with Gemini.
As of May 3, 2024, when you create a new organization, it enforces the following organization policy constraints by default:
iam.disableServiceAccountKeyCreation
iam.disableServiceAccountKeyUpload
iam.automaticGrantsForDefaultServiceAccounts
iam.allowedPolicyMemberDomains
For more information, see Restricting service account usage and Restricting identities by domain.
Installing Policy Controller 1.18.0 or newer will fail unless you first enable the anthospolicycontroller.googleapis.com
API. For more information on directly installing and managing Policy Controller, see Install Policy Controller.
Policy Controller bundles have been updated to the following versions: cis-gke-v1.5.0
: 202403.0
, nist-sp-800-190
: 202403.0
, nist-sp-800-53-r5
: 202403.0
, pci-dss-v3.2.1
: 202403.0
, pci-dss-v4.0
: 202403.0
, policy-essentials-v2022
: 202403.0
, pss-baseline-v2022
: 202403.1
, pss-restricted-v2022
: 202403.1
. For reference, see Policy Controller bundles overview.
Some Policy Intelligence features are only available for customers with organization-level activations of Security Command Center. For more information, see Billing questions.
Private Service Connect supports IPv6 in Preview for the following supported configurations:
- Service consumers can access published services by using Private Service Connect endpoints that have IPv6 addresses.
- Service producers that use supported load balancers can publish services by using service attachments that have IPv6 addresses.
For more information, see IP version translation.
May 02, 2024
Anthos Config ManagementInstalling Policy Controller 1.18.0 or newer will fail unless you first enable the anthospolicycontroller.googleapis.com
API. For more information on directly installing and managing Policy Controller, see Install Policy Controller.
Policy Controller now has its own release notes page. For future announcements, visit Policy Controller release notes.
Dynamic namespace selection using the spec.mode
field in the NamespaceSelector CRD is now generally available (GA). This feature supports deploying namespace-scoped resources in matching Namespaces statically-declared in the source of truth and dynamically present on the cluster. For more information, refer to NamespaceSelector mode.
Config Sync now supports specifying CA certificates for helm and OCI source types. This is surfaced on the caCertSecretRef
field on the RootSync and RepoSync APIs. For more information, refer to RootSync and RepoSync fields.
Policy Controller bundles have been updated to the following versions: cis-gke-v1.5.0
: 202403.0
, nist-sp-800-190
: 202403.0
, nist-sp-800-53-r5
: 202403.0
, pci-dss-v3.2.1
: 202403.0
, pci-dss-v4.0
: 202403.0
, policy-essentials-v2022
: 202403.0
, pss-baseline-v2022
: 202403.1
, pss-restricted-v2022
: 202403.1
. For reference, see Policy Controller bundles overview.
When syncing from Helm, Config Sync now retries faster on errors with exponential backoff.
Reduced memory footprint in reconcilers by not loading the OpenAPI when the Config Sync admission webhook is disabled.
On Autopilot clusters, the helm-sync
container CPU request is changed from 150m to 250m, and memory request is changed from 256Mi to 384Mi. For information on resource requirements, see Resource requests.
Upgraded bundled Helm version from v3.13.3 to v3.14.3 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.
You can now set up Ops Agent on your Bare Metal Solution server to view Bare Metal Solution metrics. This feature is generally available (GA).
Bare Metal Solution now supports Oracle Linux 9. This feature is generally available (GA). For more information, see Operating systems and Change the OS for a server.
Analytics Hub Subscription Management is generally available (GA). Data Publishers can now manage their subscriptions, view information about their subscribers, and revoke access to their data at any time.
Analytics Hub Provider Usage Metrics is now generally available (GA). The usage metrics include the following:
- Jobs that run against your shared data.
- The consumption details of your shared data by subscribers' projects and organizations.
- The number of rows and bytes processed by the job.
The Bigtable Spark connector lets you read and write data from and to Bigtable using Spark SQL and DataFrames inside your Spark application. This feature is generally available (GA).
You can now revert an instance to a snapshot state. This feature is generally available for instances created in the zonal and enterprise service tiers.
Filestore supports IP-based access control for your volumes. You can now use the Filestore CSI driver to configure IP-based access control at volume creation.
Release 1.28.500-gke.120
GKE on Bare Metal 1.28.500-gke.120 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.28.500-gke.120 runs on Kubernetes 1.28.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
The following container image security vulnerabilities have been fixed in 1.28.500-gke.120:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
The new release of the GKE Gateway controller (2024-R1) is now generally available. With this release, the GKE Gateway controller will provide the following new capabilities and fixes:
New capabilities:
- Gateway API CRDs v1.0.0
- Cloud Armor backend security policy support for Regional external Gateways
- Self-managed certificates with Certificate Manager on Regional internal & external Gateways
- Google-managed certificates with Certificate Manager on Regional internal & external Gateways [Preview]
Bug fixes:
- Fixed missing permissions to MCI service agent role for regional SSL policy
To learn more about our GKE Gateway controller capabilities, see the supported capabilities per GatewayClass.
Starting in GKE 1.30, the metric scheduler_pod_scheduling_duration_seconds
in control plane metrics package will no longer be available, as a result of deprecation in the upstream OSS. The replacement metric scheduler_pod_scheduling_sli_duration_seconds
will be exported as part of the the control plane metrics package instead.
The following supported default parsers have changed. Each is listed by product name and log_type
value, if applicable.
- AIX system (
AIX_SYSTEM
) - Arcsight CEF (
ARCSIGHT_CEF
) - Arista Switch (
ARISTA_SWITCH
) - Aruba (
ARUBA_WIRELESS
) - Aruba Switch (
ARUBA_SWITCH
) - Attivo Networks (
ATTIVO
) - AWS Cloudtrail (
AWS_CLOUDTRAIL
) - AWS Control Tower (
AWS_CONTROL_TOWER
) - AWS Elastic Load Balancer (
AWS_ELB
) - AWS WAF (
AWS_WAF
) - Azure AD (
AZURE_AD
) - Azure AD Directory Audit (
AZURE_AD_AUDIT
) - Azure AD Organizational Context (
AZURE_AD_CONTEXT
) - Azure Application Gateway (
AZURE_GATEWAY
) - Azure Storage Audit (
AZURE_STORAGE_AUDIT
) - Azure WAF (
AZURE_WAF
) - Barracuda Firewall (
BARRACUDA_FIREWALL
) - BeyondTrust Endpoint Privilege Management (
BEYONDTRUST_ENDPOINT
) - BigQuery (
N/A
) - Blue Coat Proxy (
BLUECOAT_WEBPROXY
) - Brocade Switch (
BROCADE_SWITCH
) - Check Point (
CHECKPOINT_FIREWALL
) - Cisco ASA (
CISCO_ASA_FIREWALL
) - Cisco Firepower NGFW (
CISCO_FIREPOWER_FIREWALL
) - Cisco FireSIGHT Management Center (
CISCO_FIRESIGHT
) - Cisco Internetwork Operating System (
CISCO_IOS
) - Cisco ISE (
CISCO_ISE
) - Cisco Meraki (
CISCO_MERAKI
) - Cisco VPN (
CISCO_VPN
) - Cisco WLC/WCS (
CISCO_WIRELESS
) - Citrix Netscaler (
CITRIX_NETSCALER
) - Claroty Enterprise Management Console (
CLAROTY_EMC
) - Cloud Audit Logs (
N/A
) - Cloud Intrusion Detection System (
GCP_IDS
) - Corelight (
CORELIGHT
) - CrowdStrike Detection Monitoring (
CS_DETECTS
) - CrowdStrike Falcon (
CS_EDR
) - CyberArk (
CYBERARK
) - Cyberark Privilege Cloud (
CYBERARK_PRIVILEGE_CLOUD
) - Cybergatekeeper NAC (
CYBERGATEKEEPER_NAC
) - Darktrace (
DARKTRACE
) - Dell ECS Enterprise Object Storage (
DELL_ECS
) - Dell Switch (
DELL_SWITCH
) - Elastic Packet Beats (
ELASTIC_PACKETBEATS
) - ESET (
ESET_EDR
) - ESET AV (
ESET_AV
) - F5 Advanced Firewall Management (
F5_AFM
) - F5 ASM (
F5_ASM
) - F5 BIGIP LTM (
F5_BIGIP_LTM
) - FireEye HX (
FIREEYE_HX
) - FireEye NX Audit (
FIREEYE_NX_AUDIT
) - Firewall Rule Logging (
N/A
) - Forcepoint DLP (
FORCEPOINT_DLP
) - Forescout NAC (
FORESCOUT_NAC
) - Forgerock OpenIdM (
FORGEROCK_OPENIDM
) - FortiGate (
FORTINET_FIREWALL
) - Fortinet FortiAnalyzer (
FORTINET_FORTIANALYZER
) - Fortra Powertech SIEM Agent (
FORTRA_POWERTECH_SIEM_AGENT
) - Cloud NAT (
N/A
) - GCP_SWP (
GCP_SWP
) - Gitlab (
GITLAB
) - GMAIL Logs (
GMAIL_LOGS
) - GMV Checker ATM Security (
GMV_CHECKER
) - Guardicore Centra (
GUARDICORE_CENTRA
) - HPE BladeSystem C7000 (
HPE_BLADESYSTEM_C7000
) - HYPR MFA (
HYPR_MFA
) - IBM AS/400 (
IBM_AS400
) - IBM DS8000 Storage (
IBM_DS8000
) - IBM Guardium (
GUARDIUM
) - IBM Tape Storages (
IBM_LTO
) - IBM Tivoli (
IBM_TIVOLI
) - IBM-i Operating System (
IBM_I
) - Illumio Core (
ILLUMIO_CORE
) - Imperva (
IMPERVA_WAF
) - Imperva Advanced Bot Protection (
IMPERVA_ABP
) - Imperva SecureSphere Management (
IMPERVA_SECURESPHERE
) - Infoblox (
INFOBLOX
) - ION Spectrum (
ION_SPECTRUM
) - Ipswitch MOVEit Transfer (
IPSWITCH_MOVEIT_TRANSFER
) - Jamf Protect Alerts (
JAMF_PROTECT
) - Jamf Protect Telemetry (
JAMF_TELEMETRY
) - Juniper Junos (
JUNIPER_JUNOS
) - Juniper MX Router (
JUNIPER_MX
) - Kubernetes Node (
KUBERNETES_NODE
) - LastPass Password Management (
LASTPASS
) - Linux Auditing System (AuditD) (
AUDITD
) - McAfee Enterprise Security Manager (
MCAFEE_ESM
) - Medigate IoT (
MEDIGATE_IOT
) - Microsoft AD (
WINDOWS_AD
) - Microsoft Azure Activity (
AZURE_ACTIVITY
) - Microsoft Defender for Endpoint (
MICROSOFT_DEFENDER_ENDPOINT
) - Microsoft Defender for Identity (
MICROSOFT_DEFENDER_IDENTITY
) - Microsoft Exchange (
EXCHANGE_MAIL
) - Microsoft Graph API Alerts (
MICROSOFT_GRAPH_ALERT
) - Microsoft IAS Server (
MICROSOFT_IAS
) - Microsoft Intune (
AZURE_MDM_INTUNE
) - Microsoft SQL Server (
MICROSOFT_SQL
) - Mongo Database (
MONGO_DB
) - Netscout Arbor Sightline (
ARBOR_SIGHTLINE
) - Netskope Web Proxy (
NETSKOPE_WEBPROXY
) - NGFW Enterprise (
GCP_NGFW_ENTERPRISE
) - Office 365 (
OFFICE_365
) - Office 365 Message Trace (
OFFICE_365_MESSAGETRACE
) - Opengear Remote Management (
OPENGEAR
) - Oracle (
ORACLE_DB
) - OSQuery (
OSQUERY_EDR
) - OSSEC (
OSSEC
) - Palo Alto Cortex XDR Alerts (
CORTEX_XDR
) - Palo Alto Networks Firewall (
PAN_FIREWALL
) - Palo Alto Prisma Cloud (
PAN_PRISMA_CLOUD
) - PerimeterX Bot Protection (
PERIMETERX_BOT_PROTECTION
) - Phishlabs (
PHISHLABS
) - Proofpoint Tap Alerts (
PROOFPOINT_MAIL
) - Pulse Secure (
PULSE_SECURE_VPN
) - Riverbed Steelhead (
STEELHEAD
) - RSA SecurID Access Identity Router (
RSA_SECURID
) - SAP SM20 (
SAP_SM20
) - SAP SuccessFactors (
SAP_SUCCESSFACTORS
) - SAP Webdispatcher (
SAP_WEBDISP
) - Security Command Center Posture Violation (
GCP_SECURITYCENTER_POSTURE_VIOLATION
) - Security Command Center Threat (
N/A
) - Security Command Center Toxic Combination (
GCP_SECURITYCENTER_TOXIC_COMBINATION
) - Sentinelone Alerts (
SENTINELONE_ALERT
) - SentinelOne EDR (
SENTINEL_EDR
) - SentinelOne Singularity Cloud Funnel (
SENTINELONE_CF
) - Snare System Diagnostic Logs (
SNARE_SOLUTIONS
) - Solaris system (
SOLARIS_SYSTEM
) - SonicWall (
SONIC_FIREWALL
) - Sonicwall Secure Mobile Access (
SONICWALL_SMA
) - Splunk Platform (
SPLUNK
) - Squid Web Proxy (
SQUID_WEBPROXY
) - Suricata EVE (
SURICATA_EVE
) - Suricata IDS (
SURICATA_IDS
) - Swift Alliance Messaging Hub (
SWIFT_AMH
) - Symantec CloudSOC CASB (
SYMANTEC_CASB
) - Symantec DLP (
SYMANTEC_DLP
) - Tenable OT (
TENABLE_OT
) - Tetragon Ebpf Audit Logs (
TETRAGON_EBPF_AUDIT_LOGS
) - Trellix HX Event Streamer (
TRELLIX_HX_ES
) - Trend Micro (
TIPPING_POINT
) - Trend Micro Cloud one (
TRENDMICRO_CLOUDONE
) - Trend Micro Deep Security (
TRENDMICRO_DEEP_SECURITY
) - TrendMicro Apex Central (
TRENDMICRO_APEX_CENTRAL
) - TrendMicro Web Proxy (
TRENDMICRO_WEBPROXY
) - Unifi AP (
UNIFI_AP
) - Unix system (
NIX_SYSTEM
) - Vectra Detect (
VECTRA_DETECT
) - VeridiumID by Veridium (
VERIDIUM_ID
) - VPC Flow Logs (
GCP_VPC_FLOW
) - Windows Defender ATP (
WINDOWS_DEFENDER_ATP
) - Windows DNS (
WINDOWS_DNS
) - Windows Event (
WINEVTLOG
) - Windows Event (XML) (
WINEVTLOG_XML
) - Windows Network Policy Server (
WINDOWS_NET_POLICY_SERVER
) - Windows Sysmon (
WINDOWS_SYSMON
) - Workspace Activities (
WORKSPACE_ACTIVITY
) - Workspace Alerts (
WORKSPACE_ALERTS
) - Workspace ChromeOS Devices (
WORKSPACE_CHROMEOS
) - Workspace Groups (
WORKSPACE_GROUPS
) - Workspace Mobile Devices (
WORKSPACE_MOBILE
) - Workspace Privileges (
WORKSPACE_PRIVILEGES
) - Workspace Users (
WORKSPACE_USERS
) - YAMAHA ROUTER RTX1200 (
YAMAHA_ROUTER
) - Zeek JSON (
BRO_JSON
) - Zimperium (
ZIMPERIUM
) - Zscaler (
ZSCALER_WEBPROXY
) - Zscaler CASB (
ZSCALER_CASB
) - ZScaler NGFW (
ZSCALER_FIREWALL
)
The following log types, without a default parser, were added. Each is listed by product name and log_type
value, if applicable.
- Adaxes (
ADAXES
) - Air Table (
AIR_TABLE
) - Alert Enterprise Guardian (
ALERT_GUARDIAN
) - Amavis (
AMAVIS
) - Atlassian Beacon (
ATLASSIAN_BEACON
) - Banner dd (
BANNER_DD
) - BetterStack Uptime (
BETTERSTACK_UPTIME
) - BloodHound (
BLOODHOUND
) - Core Privileged Access Manager (BoKS) (
BOKS
) - Cisco Secure Access (
CISCO_SECURE_ACCESS
) - Cleafy (
CLEAFY
) - Clear Bank Portal Audit (
CLEARBANK_PORTAL
) - CloudBees (
CLOUDBEES
) - Comforte SecurDPS (
COMFORTE_SECURDPS
) - Control Plane (
CONTROL_PLANE
) - Corrata (
CORRATA
) - Cubist Audit (
CUBIST_AUDIT
) - C Zentrix (
C_ZENTRIX
) - DefectDojo (
DEFECTDOJO
) - Dmarcian (
DMARCIAN
) - DocuSign (
DOCUSIGN
) - Duo Activity Logs (
DUO_ACTIVITY
) - E2 Guardian (
E2_GUARDIAN
) - Egress Defend (
EGRESS_DEFEND
) - Egress Prevent (
EGRESS_PREVENT
) - Emsisoft AntiVirus (
EMSISOFT_ANTIVIRUS
) - F5 System Logs (
F5_SYSTEM_LOGS
) - Fastly CDN (
FASTLY_CDN
) - FireEye CMS (
FIREEYE_CMS
) - Forcepoint Mail Relay (
FORCEPOINT_MAIL_RELAY
) - Google Ads (
GOOGLE_ADS
) - H3C Comware Platform Switch
- Halcyon Anti Ransomware (
HALCYON
) - Halo (
HALO
) - HP Poly (
HP_POLY
) - Huawei CloudEngine (
HUAWEI_CLOUDENGINE
) - Intruder.IO (
INTRUDER_IO
) - Ivanti Connect Secure (
IVANTI_CONNECT_SECURE
) - Keyfactor (
KEYFACTOR
) - Kyverno (
KYVERNO
) - LaunchDarkly (
LAUNCH_DARKLY
) - LeanIX Enterprise (
LEANIX
) - Leanix CMDB (
LEANIX_CMDB
) - Lucid (
LUCID
) - Lumeta Spectre (
LUMETA
) - ManageEngine Asset Explorer (
MANAGE_ENGINE_ASSET_EXPLR
) - ManageEngine Endpoint Central (
MANAGE_ENGINE_ENDPT_CNTRL
) - Mandiant Digital Threat Monitoring (
MANDIANT_DTM_ALERTS
) - Manhattan Warehouse Management System (
MANHATTAN_WMS
) - Mend IO (
MEND_IO
) - Meta Marketing (
META_MARKETING
) - Miasma SecretScanner (
MIASMA_SECRETSCANNER
) - Microsoft Ads (
MICROSOFT_ADS
) - Microsoft Purview (
MICROSOFT_PURVIEW
) - ModSecurity (
MODSECURITY
) - Netapp Storagegrid (
NETAPP_STORAGEGRID
) - NetBrain (
NETBRAIN
) - Netenrich Entity Context (
NETENRICH_ENTITY_CONTEXT
) - Netwrix Activity Monitor (
NETWRIX_ACTIVITY_MONITOR
) - Netwrix Stealth Intercept (
NETWRIX_STEALTH_INTERCEPT
) - Netwrix Threat Manager (
NETWRIX_THREAT_MANAGER
) - Nexus Sonatype (
NEXUS_SONATYPE
) - Oracle Fusion (
ORACLE_FUSION
) - PAGELY (
PAGELY
) - Palantir (
PALANTIR
) - Proofpoint Meta (
PROOFPOINT_META
) - Qumulo FS (
QUMULO_FS
) - Radware Alteon (
RADWARE_ALTEON
) - SailPoint IdentityIQ (
SAILPOINT_IIQ
) - Sentinelone Activity (
SENTINELONE_ACTIVITY
) - Siga Level Zero OT Resilience (
SIGA
) - Site24x7 (
SITE24X7
) - Winevtlog Snare (
SNARE_WINEVTLOG
) - Solar System (
SOLAR_SYSTEM
) - Stealthbits DLP (
STEALTHBITS_DLP
) - Symantec VIP Authentication Hub (
SYMANTEC_VIP_AUTHHUB
) - Temenos Journey Manager System Event Publisher (
TEMENOS_MANAGER_SYSTEMEVENT
) - Teradata Aster (
TERADATA_ASTER
) - Tiktok for Developers (
TIKTOK
) - Transmit BindID (
TRANSMIT_BINDID
) - Trend Micro Vision One Audit (
TRENDMICRO_VISION_ONE_AUDIT
) - Trend Micro Vision One Observerd Attack Techniques (
TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES
) - Trend Micro Vision One Workbench (
TRENDMICRO_VISION_ONE_WORKBENCH
) - TrueNAS (
TRUENAS
) - E-Motional Transparent Screen Lock TSL RFID (
TSL_PRO
) - UPX AntiDDoS (
UPX_ANTIDDOS
) - Verba Recording System (
VERBA_REC
) - Vercara (
VERCARA
) - Veza Access Control Platform (
VEZA
) - Web Methods Api Gateway (
WEBMETHODS_API_GATEWAY
)
For a list of supported log types and details about default parser changes, see Supported log types and default parsers.
The following supported default parsers have changed. Each is listed by product name and log_type
value, if applicable.
- AIX system (
AIX_SYSTEM
) - Arcsight CEF (
ARCSIGHT_CEF
) - Arista Switch (
ARISTA_SWITCH
) - Aruba (
ARUBA_WIRELESS
) - Aruba Switch (
ARUBA_SWITCH
) - Attivo Networks (
ATTIVO
) - AWS Cloudtrail (
AWS_CLOUDTRAIL
) - AWS Control Tower (
AWS_CONTROL_TOWER
) - AWS Elastic Load Balancer (
AWS_ELB
) - AWS WAF (
AWS_WAF
) - Azure AD (
AZURE_AD
) - Azure AD Directory Audit (
AZURE_AD_AUDIT
) - Azure AD Organizational Context (
AZURE_AD_CONTEXT
) - Azure Application Gateway (
AZURE_GATEWAY
) - Azure Storage Audit (
AZURE_STORAGE_AUDIT
) - Azure WAF (
AZURE_WAF
) - Barracuda Firewall (
BARRACUDA_FIREWALL
) - BeyondTrust Endpoint Privilege Management (
BEYONDTRUST_ENDPOINT
) - BigQuery (
N/A
) - Blue Coat Proxy (
BLUECOAT_WEBPROXY
) - Brocade Switch (
BROCADE_SWITCH
) - Check Point (
CHECKPOINT_FIREWALL
) - Cisco ASA (
CISCO_ASA_FIREWALL
) - Cisco Firepower NGFW (
CISCO_FIREPOWER_FIREWALL
) - Cisco FireSIGHT Management Center (
CISCO_FIRESIGHT
) - Cisco Internetwork Operating System (
CISCO_IOS
) - Cisco ISE (
CISCO_ISE
) - Cisco Meraki (
CISCO_MERAKI
) - Cisco VPN (
CISCO_VPN
) - Cisco WLC/WCS (
CISCO_WIRELESS
) - Citrix Netscaler (
CITRIX_NETSCALER
) - Claroty Enterprise Management Console (
CLAROTY_EMC
) - Cloud Audit Logs (
N/A
) - Cloud Intrusion Detection System (
GCP_IDS
) - Corelight (
CORELIGHT
) - CrowdStrike Detection Monitoring (
CS_DETECTS
) - CrowdStrike Falcon (
CS_EDR
) - CyberArk (
CYBERARK
) - Cyberark Privilege Cloud (
CYBERARK_PRIVILEGE_CLOUD
) - Cybergatekeeper NAC (
CYBERGATEKEEPER_NAC
) - Darktrace (
DARKTRACE
) - Dell ECS Enterprise Object Storage (
DELL_ECS
) - Dell Switch (
DELL_SWITCH
) - Elastic Packet Beats (
ELASTIC_PACKETBEATS
) - ESET (
ESET_EDR
) - ESET AV (
ESET_AV
) - F5 Advanced Firewall Management (
F5_AFM
) - F5 ASM (
F5_ASM
) - F5 BIGIP LTM (
F5_BIGIP_LTM
) - FireEye HX (
FIREEYE_HX
) - FireEye NX Audit (
FIREEYE_NX_AUDIT
) - Firewall Rule Logging (
N/A
) - Forcepoint DLP (
FORCEPOINT_DLP
) - Forescout NAC (
FORESCOUT_NAC
) - Forgerock OpenIdM (
FORGEROCK_OPENIDM
) - FortiGate (
FORTINET_FIREWALL
) - Fortinet FortiAnalyzer (
FORTINET_FORTIANALYZER
) - Fortra Powertech SIEM Agent (
FORTRA_POWERTECH_SIEM_AGENT
) - Cloud NAT (
N/A
) - GCP_SWP (
GCP_SWP
) - Gitlab (
GITLAB
) - GMAIL Logs (
GMAIL_LOGS
) - GMV Checker ATM Security (
GMV_CHECKER
) - Guardicore Centra (
GUARDICORE_CENTRA
) - HPE BladeSystem C7000 (
HPE_BLADESYSTEM_C7000
) - HYPR MFA (
HYPR_MFA
) - IBM AS/400 (
IBM_AS400
) - IBM DS8000 Storage (
IBM_DS8000
) - IBM Guardium (
GUARDIUM
) - IBM Tape Storages (
IBM_LTO
) - IBM Tivoli (
IBM_TIVOLI
) - IBM-i Operating System (
IBM_I
) - Illumio Core (
ILLUMIO_CORE
) - Imperva (
IMPERVA_WAF
) - Imperva Advanced Bot Protection (
IMPERVA_ABP
) - Imperva SecureSphere Management (
IMPERVA_SECURESPHERE
) - Infoblox (
INFOBLOX
) - ION Spectrum (
ION_SPECTRUM
) - Ipswitch MOVEit Transfer (
IPSWITCH_MOVEIT_TRANSFER
) - Jamf Protect Alerts (
JAMF_PROTECT
) - Jamf Protect Telemetry (
JAMF_TELEMETRY
) - Juniper Junos (
JUNIPER_JUNOS
) - Juniper MX Router (
JUNIPER_MX
) - Kubernetes Node (
KUBERNETES_NODE
) - LastPass Password Management (
LASTPASS
) - Linux Auditing System (AuditD) (
AUDITD
) - McAfee Enterprise Security Manager (
MCAFEE_ESM
) - Medigate IoT (
MEDIGATE_IOT
) - Microsoft AD (
WINDOWS_AD
) - Microsoft Azure Activity (
AZURE_ACTIVITY
) - Microsoft Defender for Endpoint (
MICROSOFT_DEFENDER_ENDPOINT
) - Microsoft Defender for Identity (
MICROSOFT_DEFENDER_IDENTITY
) - Microsoft Exchange (
EXCHANGE_MAIL
) - Microsoft Graph API Alerts (
MICROSOFT_GRAPH_ALERT
) - Microsoft IAS Server (
MICROSOFT_IAS
) - Microsoft Intune (
AZURE_MDM_INTUNE
) - Microsoft SQL Server (
MICROSOFT_SQL
) - Mongo Database (
MONGO_DB
) - Netscout Arbor Sightline (
ARBOR_SIGHTLINE
) - Netskope Web Proxy (
NETSKOPE_WEBPROXY
) - NGFW Enterprise (
GCP_NGFW_ENTERPRISE
) - Office 365 (
OFFICE_365
) - Office 365 Message Trace (
OFFICE_365_MESSAGETRACE
) - Opengear Remote Management (
OPENGEAR
) - Oracle (
ORACLE_DB
) - OSQuery (
OSQUERY_EDR
) - OSSEC (
OSSEC
) - Palo Alto Cortex XDR Alerts (
CORTEX_XDR
) - Palo Alto Networks Firewall (
PAN_FIREWALL
) - Palo Alto Prisma Cloud (
PAN_PRISMA_CLOUD
) - PerimeterX Bot Protection (
PERIMETERX_BOT_PROTECTION
) - Phishlabs (
PHISHLABS
) - Proofpoint Tap Alerts (
PROOFPOINT_MAIL
) - Pulse Secure (
PULSE_SECURE_VPN
) - Riverbed Steelhead (
STEELHEAD
) - RSA SecurID Access Identity Router (
RSA_SECURID
) - SAP SM20 (
SAP_SM20
) - SAP SuccessFactors (
SAP_SUCCESSFACTORS
) - SAP Webdispatcher (
SAP_WEBDISP
) - Security Command Center Posture Violation (
GCP_SECURITYCENTER_POSTURE_VIOLATION
) - Security Command Center Threat (
N/A
) - Security Command Center Toxic Combination (
GCP_SECURITYCENTER_TOXIC_COMBINATION
) - Sentinelone Alerts (
SENTINELONE_ALERT
) - SentinelOne EDR (
SENTINEL_EDR
) - SentinelOne Singularity Cloud Funnel (
SENTINELONE_CF
) - Snare System Diagnostic Logs (
SNARE_SOLUTIONS
) - Solaris system (
SOLARIS_SYSTEM
) - SonicWall (
SONIC_FIREWALL
) - Sonicwall Secure Mobile Access (
SONICWALL_SMA
) - Splunk Platform (
SPLUNK
) - Squid Web Proxy (
SQUID_WEBPROXY
) - Suricata EVE (
SURICATA_EVE
) - Suricata IDS (
SURICATA_IDS
) - Swift Alliance Messaging Hub (
SWIFT_AMH
) - Symantec CloudSOC CASB (
SYMANTEC_CASB
) - Symantec DLP (
SYMANTEC_DLP
) - Tenable OT (
TENABLE_OT
) - Tetragon Ebpf Audit Logs (
TETRAGON_EBPF_AUDIT_LOGS
) - Trellix HX Event Streamer (
TRELLIX_HX_ES
) - Trend Micro (
TIPPING_POINT
) - Trend Micro Cloud one (
TRENDMICRO_CLOUDONE
) - Trend Micro Deep Security (
TRENDMICRO_DEEP_SECURITY
) - TrendMicro Apex Central (
TRENDMICRO_APEX_CENTRAL
) - TrendMicro Web Proxy (
TRENDMICRO_WEBPROXY
) - Unifi AP (
UNIFI_AP
) - Unix system (
NIX_SYSTEM
) - Vectra Detect (
VECTRA_DETECT
) - VeridiumID by Veridium (
VERIDIUM_ID
) - VPC Flow Logs (
GCP_VPC_FLOW
) - Windows Defender ATP (
WINDOWS_DEFENDER_ATP
) - Windows DNS (
WINDOWS_DNS
) - Windows Event (
WINEVTLOG
) - Windows Event (XML) (
WINEVTLOG_XML
) - Windows Network Policy Server (
WINDOWS_NET_POLICY_SERVER
) - Windows Sysmon (
WINDOWS_SYSMON
) - Workspace Activities (
WORKSPACE_ACTIVITY
) - Workspace Alerts (
WORKSPACE_ALERTS
) - Workspace ChromeOS Devices (
WORKSPACE_CHROMEOS
) - Workspace Groups (
WORKSPACE_GROUPS
) - Workspace Mobile Devices (
WORKSPACE_MOBILE
) - Workspace Privileges (
WORKSPACE_PRIVILEGES
) - Workspace Users (
WORKSPACE_USERS
) - YAMAHA ROUTER RTX1200 (
YAMAHA_ROUTER
) - Zeek JSON (
BRO_JSON
) - Zimperium (
ZIMPERIUM
) - Zscaler (
ZSCALER_WEBPROXY
) - Zscaler CASB (
ZSCALER_CASB
) - ZScaler NGFW (
ZSCALER_FIREWALL
)
The following log types, without a default parser, were added. Each is listed by product name and log_type
value, if applicable.
- Adaxes (
ADAXES
) - Air Table (
AIR_TABLE
) - Alert Enterprise Guardian (
ALERT_GUARDIAN
) - Amavis (
AMAVIS
) - Atlassian Beacon (
ATLASSIAN_BEACON
) - Banner dd (
BANNER_DD
) - BetterStack Uptime (
BETTERSTACK_UPTIME
) - BloodHound (
BLOODHOUND
) - Core Privileged Access Manager (BoKS) (
BOKS
) - Cisco Secure Access (
CISCO_SECURE_ACCESS
) - Cleafy (
CLEAFY
) - Clear Bank Portal Audit (
CLEARBANK_PORTAL
) - CloudBees (
CLOUDBEES
) - Comforte SecurDPS (
COMFORTE_SECURDPS
) - Control Plane (
CONTROL_PLANE
) - Corrata (
CORRATA
) - Cubist Audit (
CUBIST_AUDIT
) - C Zentrix (
C_ZENTRIX
) - DefectDojo (
DEFECTDOJO
) - Dmarcian (
DMARCIAN
) - DocuSign (
DOCUSIGN
) - Duo Activity Logs (
DUO_ACTIVITY
) - E2 Guardian (
E2_GUARDIAN
) - Egress Defend (
EGRESS_DEFEND
) - Egress Prevent (
EGRESS_PREVENT
) - Emsisoft AntiVirus (
EMSISOFT_ANTIVIRUS
) - F5 System Logs (
F5_SYSTEM_LOGS
) - Fastly CDN (
FASTLY_CDN
) - FireEye CMS (
FIREEYE_CMS
) - Forcepoint Mail Relay (
FORCEPOINT_MAIL_RELAY
) - Google Ads (
GOOGLE_ADS
) - H3C Comware Platform Switch
- Halcyon Anti Ransomware (
HALCYON
) - Halo (
HALO
) - HP Poly (
HP_POLY
) - Huawei CloudEngine (
HUAWEI_CLOUDENGINE
) - Intruder.IO (
INTRUDER_IO
) - Ivanti Connect Secure (
IVANTI_CONNECT_SECURE
) - Keyfactor (
KEYFACTOR
) - Kyverno (
KYVERNO
) - LaunchDarkly (
LAUNCH_DARKLY
) - LeanIX Enterprise (
LEANIX
) - Leanix CMDB (
LEANIX_CMDB
) - Lucid (
LUCID
) - Lumeta Spectre (
LUMETA
) - ManageEngine Asset Explorer (
MANAGE_ENGINE_ASSET_EXPLR
) - ManageEngine Endpoint Central (
MANAGE_ENGINE_ENDPT_CNTRL
) - Mandiant Digital Threat Monitoring (
MANDIANT_DTM_ALERTS
) - Manhattan Warehouse Management System (
MANHATTAN_WMS
) - Mend IO (
MEND_IO
) - Meta Marketing (
META_MARKETING
) - Miasma SecretScanner (
MIASMA_SECRETSCANNER
) - Microsoft Ads (
MICROSOFT_ADS
) - Microsoft Purview (
MICROSOFT_PURVIEW
) - ModSecurity (
MODSECURITY
) - Netapp Storagegrid (
NETAPP_STORAGEGRID
) - NetBrain (
NETBRAIN
) - Netenrich Entity Context (
NETENRICH_ENTITY_CONTEXT
) - Netwrix Activity Monitor (
NETWRIX_ACTIVITY_MONITOR
) - Netwrix Stealth Intercept (
NETWRIX_STEALTH_INTERCEPT
) - Netwrix Threat Manager (
NETWRIX_THREAT_MANAGER
) - Nexus Sonatype (
NEXUS_SONATYPE
) - Oracle Fusion (
ORACLE_FUSION
) - PAGELY (
PAGELY
) - Palantir (
PALANTIR
) - Proofpoint Meta (
PROOFPOINT_META
) - Qumulo FS (
QUMULO_FS
) - Radware Alteon (
RADWARE_ALTEON
) - SailPoint IdentityIQ (
SAILPOINT_IIQ
) - Sentinelone Activity (
SENTINELONE_ACTIVITY
) - Siga Level Zero OT Resilience (
SIGA
) - Site24x7 (
SITE24X7
) - Winevtlog Snare (
SNARE_WINEVTLOG
) - Solar System (
SOLAR_SYSTEM
) - Stealthbits DLP (
STEALTHBITS_DLP
) - Symantec VIP Authentication Hub (
SYMANTEC_VIP_AUTHHUB
) - Temenos Journey Manager System Event Publisher (
TEMENOS_MANAGER_SYSTEMEVENT
) - Teradata Aster (
TERADATA_ASTER
) - Tiktok for Developers (
TIKTOK
) - Transmit BindID (
TRANSMIT_BINDID
) - Trend Micro Vision One Audit (
TRENDMICRO_VISION_ONE_AUDIT
) - Trend Micro Vision One Observerd Attack Techniques (
TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES
) - Trend Micro Vision One Workbench (
TRENDMICRO_VISION_ONE_WORKBENCH
) - TrueNAS (
TRUENAS
) - E-Motional Transparent Screen Lock TSL RFID (
TSL_PRO
) - UPX AntiDDoS (
UPX_ANTIDDOS
) - Verba Recording System (
VERBA_REC
) - Vercara (
VERCARA
) - Veza Access Control Platform (
VEZA
) - Web Methods Api Gateway (
WEBMETHODS_API_GATEWAY
)
For a list of supported log types and details about default parser changes, see Supported log types and default parsers.
Remote Agents Release 1.6.0 is currently in Preview.
Jobs can now be run remotely over remote agents.
Chart titles
You can now add a title directly to a chart in Looker Studio. You can customize the title's font, color, size, styling, and positioning within the Title section of the Style tab of the properties panel.
Service producers are no longer charged producer data processing for ingress or egress traffic through a Private Service Connect service attachment. For more information, see pricing for published services.
Private Service Connect now offers consumers volume-based discounts for consumer data processing. For more information, see Consumer data processing.
May 01, 2024
AlloyDB for PostgreSQLYou can now set maintenance windows for your AlloyDB clusters. If you do, then AlloyDB schedules non-emergency maintenance events to begin only during the weekly period that you specify. You can also opt in to receive email notifications of upcoming maintenance events.
On May 1, 2024 we released an updated version of Apigee integrated portal.
This release contains multiple security fixes.
A new Confidential Space image (240402) is now available. This image provides support for automatically resizing the boot disk stateful partition. See disk and memory limits for more information.
cos-113-18244-1-61
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.77 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Updated Konlet to v.0.12.0. This fixes an iptables compatibility issue.
Fixed CVE-2023-4641 in sys-apps/shadow.
Fixed CVE-2023-50387, CVE-2023-50868 in sys-apps/systemd.
Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.
Fixed CVE-2023-32681 in dev-python/requests.
Fixed CVE-2024-3772 in dev-python/pydantic.
Fixed CVE-2023-5388 in dev-libs/nss.
Updated net-dns/c-ares to version 1.27. This fixes CVE-2024-25629.
Updated dev-python/pyyaml to version 6.0.1. This fixes CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.
Updated dev-vcs/git to version VERSION. This fixes CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Updated net-misc/curl to version 8.7.1. This fixes CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.
Updated dev-libs/expat to version 2.6.2. This fixes CVE-2024-28757.
Fixed CVE-2024-28182 in net-libs/nghttp2.
Fixed CVE-2024-26602 in the Linux kernel.
Fixed CVE-2024-26603 in the Linux kernel.
Fixed CVE-2024-26601 in the Linux kernel.
New Dataproc Serverless for Spark runtime versions:
- 1.1.60
- 1.2.4
- 2.0.68
- 2.1.47
- 2.2.4
Dataproc Serverless for Spark:
- Upgraded Spark RAPIDS to version 24.04.0 in 1.2 and 2.2 Dataproc Serverless for Spark runtimes.
When you submit a Dataproc Serverless Batch with a CMEK key:
- In addition to encrypting disk and Cloud Storage data, Dataproc Serverless will use your CMEK to also encrypt batch job arguments. This change will require you to do the following:
- Assign the Cloud KMS CryptoKey Encrypter/Decrypter role to the Dataproc Service Agent service account.
- Enable the Cloud KMS API on the project that runs Dataproc Batches resources.
- If the Dataproc Service Agent role is not attached to the Dataproc Service Agent service account, then add the
serviceusage.services.use
permission to the custom role attached to the Dataproc Service Agent service account.
- batches.list will return an
unreachable
field that lists any batches with job arguments that couldn't be decrypted. You can issue a batches.get request to obtain more information on an unreachable batch. - Multi-regional and cross-regional CMEKs will no longer be permitted. The key (CMEK) must be located in the same location as the encrypted resource.
For example, the CMEK used to encrypt a batch that runs in the
us-central1
region must also be located in theus-central1
region.
Online processing is available for Layout Parser in Document AI. The Document AI Layout Parser transforms documents in various formats into structured representations, making content like paragraphs, tables, lists, and structural elements like headings, page headers, and footers easily accessible, and creating context-aware chunks that facilitate information retrieval in a range of generative AI and discovery applications. For more information, see Process documents with Layout Parser.
Eventarc support for creating triggers for direct events from Cloud Speech-to-Text is generally available (GA).
1.30 is now available in the Rapid channel
Kubernetes 1.30 is now available in the Rapid channel. For more information about the content of Kubernetes 1.30, read the Kubernetes 1.30 Release Notes.
New features in 1.30
The following features are new in Kubernetes 1.30:
- ValidatingAdmissionPolicy is GA and now enabled by default.
- Validation Ratcheting is beta and enabled by default, and makes CustomResourceDefinitions even safer and easier to manage.
New APIs in 1.30
The following APIs are new in Kubernetes 1.30:
admissionregistration.k8s.io/v1
ValidatingAdmissionPolicyBinding
andValidatingAdmissionPolicy
Deprecated APIs in 1.30
The following Beta versions of graduated APIs were previously deprecated in 1.29 in favor of newer versions:
flowcontrol.apiserver.k8s.io/v1beta3 FlowSchema, PriorityLevelConfiguration
: Deprecated since 1.29, will no longer be served in 1.32. Instead, useflowcontrol.apiserver.k8s.io/v1
, which is available since Kubernetes 1.29- The
status.nodeInfo.kubeProxyVersion
field in the Node API is deprecated and will not be populated starting in v1.33. The field is currently populated with the kubelet version, not the kube-proxy version, and might not accurately reflect the kube-proxy version in use. For more information, see KEP-4004.
Deprecated features in 1.30
The Ceph CephFS (kubernetes.io/cephfs
) and RBD (kubernetes.io/rbd
) volume plugins are deprecated since 1.28 and will be removed in a future release.
To determine if you have volumes/pods using RBD or Ceph volumes, run the following commands. If either of them print output, then you are using a deprecated volume type:
kubectl describe pv | egrep -i 'Type: *(RBD|CephFS)'
kubectl describe pod -A | egrep -i 'Type: *(RBD|CephFS)'
Switch to use an RBD or CephFS CSI driver (like the CSI drivers provided in the Ceph CSI driver project), or a Google Cloud-managed solution like Filestore. For more information, refer to the OSS Kubernetes announcement and to the Ceph CSI driver project.
(2024-R12) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane and node versions are now available:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.11-gke.1062001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.11-gke.1062001 with this release.
Stable channel
- Version 1.27.11-gke.1062001 is now the default version in the Stable channel.
- Version 1.27.11-gke.1062001 is now available in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062001 with this release.
Regular channel
- Version 1.27.11-gke.1062001 is now available in the Regular channel.
- Version 1.27.11-gke.1062000 is no longer available in the Regular channel.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.11-gke.1062001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.11-gke.1062001 with this release.
Rapid channel
- Version 1.29.3-gke.1282000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- Version 1.29.3-gke.1093000 is no longer available in the Rapid channel.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1191000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.13-gke.1000000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.9-gke.1000000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1282000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1282000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.0-gke.1167000 with this release.
(2024-R12) Version updates
- The following control plane and node versions are now available:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.11-gke.1062001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.11-gke.1062001 with this release.
(2024-R12) Version updates
- Version 1.27.11-gke.1062001 is now the default version in the Stable channel.
- Version 1.27.11-gke.1062001 is now available in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062001 with this release.
(2024-R12) Version updates
- Version 1.27.11-gke.1062001 is now available in the Regular channel.
- Version 1.27.11-gke.1062000 is no longer available in the Regular channel.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.11-gke.1062001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.11-gke.1062001 with this release.
(2024-R12) Version updates
- Version 1.29.3-gke.1282000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- Version 1.29.3-gke.1093000 is no longer available in the Rapid channel.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1191000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.13-gke.1000000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.9-gke.1000000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1282000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1282000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.0-gke.1167000 with this release.
Release 6.3.1 is currently in Preview.
Create a new playbook using Gemini (Preview)
You can now use Gemini to create a fully structured playbook. All you need to do is write a well structured prompt and click Create.
For more information, see Create playbooks with Gemini.
Change entities to be marked as non suspicious
When an entity is marked as IsSuspicious
, you can now change the value from True to False.
Two changes have been made to the sort within cases ability:
- Option to sort cases by name has been removed.
- Added ability to sort through all existing cases and not only across a single page.
Cannot insert images in reports (ID #00244001)
HTML templates, case sensitivity issue and generic error (ID #44058663)
Change Alert Priority action not working as expected (ID #00277602)
Clicking on events configuration takes you to the wrong mapping & modeling rules
Alert Grouping settings not displaying correctly.
AI summaries of finding are disabled in Security Command Center
Effective May 1, 2024, the preview of Gemini AI-generated summaries of Security Command Center findings is discontinued. The summaries are no longer available in the Google Cloud console.
For more information, see Gemini features in Security Command Center.
reCAPTCHA Enterprise Mobile SDK v18.5.0-beta03 is now available for Android.
This version contains the following changes:
- Performance and reliability improvements in
getClient()
andexecute()
. - Dependency from OkHttp is removed.
April 30, 2024
Anthos clusters on AWSGKE on AWS now supports clusters in the ap-northeast-2
region.
For more information, see
Supported regions.
AWS Glue federated datasets are now generally available (GA).
An AWS Glue federated dataset is a connection at the dataset level between BigQuery and an existing database in AWS Glue.
You can now specify translation configurations in the BigQuery interactive SQL translator and use it to debug batch SQL translator jobs. This feature is generally available (GA).
The following BigQuery ML data preprocessing features are now generally available (GA):
- The
ML.TRANSFORM
function, which you can use to preprocess feature data. This function processes input data by applying the data transformations captured in theTRANSFORM
clause of an existing model. - Transform-only models, which you can use to apply preprocessing functions to input data and return the preprocessed data. Transform-only models decouple data preprocessing from model training, making it easier for you to capture and reuse a set of data preprocessing rules.
You can now reference Iceberg tables in materialized views instead of migrating that data to BigQuery-managed storage. This feature is in preview.
The global serial console gateway is deprecated. For more information, see Global serial console gateway deprecation.
cos-101-17162-463-8
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
This is an LTS Refresh release.
Included nvidia plugin in sosreport.
Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation.
Updated docker and docker-cli to v20.10.27.
Fixed CVE-2023-4641 in sys-apps/shadow.
Fixed CVE-2023-50387, CVE-2023-50868, CVE-2023-7008 in sys-apps/systemd.
Updated sys-apps/shadow to v4.12.3. This resolves CVE-2013-4235.
Fixed CVE-2023-0767, CVE-2023-5388, CVE-2023-6135, CVE-2024-0743 in dev-libs/nss.
Fixed CVE-2023-5678 in dev-libs/openssl.
Updated dev-vcs/git to v2.44.0. This fixed CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Updated net-dns/c-ares to v1.19.1. This fixed CVE-2022-4904, CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067
Updated dev-python/pyyaml to v5.4.1. This fixed CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.
Updated app-arch/tar to v1.35. This fixed CVE-2023-39804.
Updated net-misc/curl to v8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.
Updated dev-libs/expat to v2.6.2. This fixed CVE-2022-40674, CVE-2022-43680, CVE-2023-52425, CVE-2023-52426, CVE-2024-28757.
Updated sys-libs/zlib to v1.2.13. This fixed CVE-2018-25032, CVE-2022-37434.
Updated app-admin/sudo to v1.9.15_p5. This fixed CVE-2022-33070, CVE-2022-43995, CVE-2023-22809, CVE-2023-27320, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465.
Fixed CVE-2024-28182 in net-libs/nghttp2.
Fixed CVE-2024-26603 in the Linux kernel.
Fixed CVE-2024-26602 in the Linux kernel.
Fixed CVE-2024-26601 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 813030 -> 813025
- Changed: net.ipv6.route.max_size: 4096 -> 2147483647
cos-109-17800-218-14
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
This is an LTS Refresh release.
Updated app-containers/containerd to v1.7.15.
Set serial port baudrate to 115200.
Included nvidia plugin in sosreport.
Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation.
Fixed CVE-2023-4641 in sys-apps/shadow.
Fixed CVE-2023-50387, CVE-2023-50868, CVE-2023-7008 in sys-apps/systemd.
Fixed CVE-2023-0767, CVE-2023-5388, CVE-2023-6135, CVE-2024-0743 in dev-libs/nss.
Fixed CVE-2024-3772 in dev-python/pydantic.
Updated dev-python/pyyaml to v6.0.1. This fixed CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.
Updated dev-vcs/git to v2.44.0 This fixed CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Updated net-misc/curl to v8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.
Updated dev-libs/expat to v2.6.2. This fixed CVE-2023-52425, CVE-2023-52426, CVE-2024-28757.
Updated app-admin/sudo to v1.9.15_p5. This fixed CVE-2023-42465.
Fixed CVE-2024-28182 in net-libs/nghttp2.
Fixed CVE-2024-26808 in the Linux kernel.
Fixed CVE-2024-26642 in the Linux kernel.
Fixed CVE-2024-26642,CVE-2024-26643 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812605 -> 812597
- Changed: kernel.threads-max: 63520 -> 63519
- Changed: net.ipv4.tcp_mem: 94092 125456 188184 -> 94089 125455 188178
- Changed: net.ipv4.udp_mem: 188184 250912 376368 -> 188181 250911 376362
- Changed: user.max_cgroup_namespaces: 31760 -> 31759
- Changed: user.max_ipc_namespaces: 31760 -> 31759
- Changed: user.max_mnt_namespaces: 31760 -> 31759
- Changed: user.max_net_namespaces: 31760 -> 31759
- Changed: user.max_pid_namespaces: 31760 -> 31759
- Changed: user.max_time_namespaces: 31760 -> 31759
- Changed: user.max_user_namespaces: 31760 -> 31759
- Changed: user.max_uts_namespaces: 31760 -> 31759
cos-105-17412-370-14
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.239.06(default),v550.54.15(latest) |
This is an LTS Refresh release.
Updated app-emulation/containerd to v1.7.15.
Included nvidia plugin in sosreport.
Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation.
Fixed CVE-2023-4641 in sys-apps/shadow.
Fixed CVE-2023-50387, CVE-2023-50868, CVE-2023-7008 in sys-apps/systemd.
Fixed CVE-2023-0767, CVE-2023-5388, CVE-2023-6135, CVE-2024-0743 in dev-libs/nss.
Updated net-dns/c-ares to v1.19.1. This fixed CVE-2022-4904, CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067
Updated dev-python/pyyaml to v5.4.1. This fixed CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.
Updated app-arch/tar to v1.35. This fixed CVE-2023-39804.
Updated dev-vcs/git to v2.44.0. This fixed CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Updated net-misc/curl to v8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.
Updated dev-libs/expat to v2.6.2. This fixed CVE-2022-40674, CVE-2022-43680, CVE-2023-52425, CVE-2023-52426, CVE-2024-28757.
Updated app-admin/sudo to v1.9.15_p5. This fixed CVE-2022-43995, CVE-2023-22809, CVE-2023-27320, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465.
Fixed CVE-2024-28182 in net-libs/nghttp2.
Fixed CVE-2024-26808 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 813029 -> 813024
- Changed: net.ipv6.route.max_size: 4096 -> 2147483647
Vertex AI Conversation has been renamed to Vertex AI Agents
Vertex AI Agents: Agent apps now support all languages supported by Vertex AI generative models.
Vertex AI Agents: Agent apps now support the eu
multi-region.
Dialogflow CX: You can now access the session ID with built-in parameters.
You can now configure access to private image registries that use private certificates using a containerd configuration file. For details, see Customize containerd configuration in GKE nodes.
In GKE 1.29.2-gke.1355000 and later, GPU workloads using the Accelerator compute class in GKE Autopilot support scheduling multiple GPU pods on a single node. To schedule multiple GPU Pods on the same node, specify the gke-accelerator-count
node selector with a value that's higher than the Pod GPU request. For details, see Deploy GPU workloads in GKE Autopilot.
A Quick Start Solution and Reference Architecture are now available for developing and deploying Retrieval Augmented Generation (RAG) applications on GKE. RAG improves the quality of Large Language Model (LLM) responses for a specific application. For example, RAG can enable a customer service chatbot to access help center articles, a shopping assistant to tap into product catalogs and customer reviews, or a travel booking agent to access up-to-date flight and hotel information.
(2024-R11) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.25.16-gke.1460000
- 1.25.16-gke.1537000
- 1.25.16-gke.1570000
- 1.25.16-gke.1711000
- 1.25.16-gke.1759000
- 1.26.14-gke.1006000
- 1.27.7-gke.1121002
- 1.27.10-gke.1055000
- 1.28.5-gke.1217000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.12-gke.1115000 with this release.
Stable channel
- The following versions are no longer available in the Stable channel:
- 1.25.16-gke.1460000
- 1.25.16-gke.1537000
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.25.16-gke.1537000
- 1.25.16-gke.1570000
- 1.26.14-gke.1006000
- 1.27.10-gke.1055000
- 1.28.3-gke.1286000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.14-gke.1044000 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1711000
- 1.25.16-gke.1759000
- 1.26.15-gke.1090000
- 1.27.12-gke.1115000
- 1.28.8-gke.1095000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1158000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.12-gke.1190000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.8-gke.1175000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.8-gke.1175000 with this release.
(2024-R11) Version updates
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.25.16-gke.1460000
- 1.25.16-gke.1537000
- 1.25.16-gke.1570000
- 1.25.16-gke.1711000
- 1.25.16-gke.1759000
- 1.26.14-gke.1006000
- 1.27.7-gke.1121002
- 1.27.10-gke.1055000
- 1.28.5-gke.1217000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.12-gke.1115000 with this release.
(2024-R11) Version updates
- The following versions are no longer available in the Stable channel:
- 1.25.16-gke.1460000
- 1.25.16-gke.1537000
(2024-R11) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.25.16-gke.1537000
- 1.25.16-gke.1570000
- 1.26.14-gke.1006000
- 1.27.10-gke.1055000
- 1.28.3-gke.1286000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.14-gke.1044000 with this release.
(2024-R11) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1711000
- 1.25.16-gke.1759000
- 1.26.15-gke.1090000
- 1.27.12-gke.1115000
- 1.28.8-gke.1095000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1158000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.12-gke.1190000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.8-gke.1175000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.8-gke.1175000 with this release.
Migrate to Virtual Machines now supports importing virtual disk image files in the following formats:
- QEMU copy-on-write (QCOW)
- QEMU copy-on-write 2 (QCOW2)
- QEMU enhanced disk format (QED)
- VPC
- Virtual disk image (VDI)
- Virtual hard disk v2 (VHDX)
- Virtual hard disk (VHD)
In addition to these formats, Virtual machine disk (VMDK), and raw files compressed as a .tar.gz file are also supported.
Spanner now supports the following for PostgreSQL arrays:
Through self-service and with zero downtime, you can now add and remove read-only replicas in base instance configurations and move your Spanner instance to a different instance configuration. For more information, see Move an instance.
A monthly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-spanner
6.62.1 (2024-03-28)
Dependencies
- Update dependency com.google.cloud:google-cloud-monitoring to v3.39.0 (#2966) (a5cb1dd)
- Update dependency com.google.cloud:google-cloud-trace to v2.38.0 (#2967) (b2dc788)
6.63.0 (2024-03-30)
Features
Dependencies
- Update dependency com.google.cloud:google-cloud-monitoring to v3.40.0 (#2987) (0a1ffcb)
- Update dependency com.google.cloud:google-cloud-trace to v2.39.0 (#2988) (cf11641)
- Update dependency commons-io:commons-io to v2.16.0 (#2986) (4697261)
6.64.0 (2024-04-12)
Features
- Add endpoint connection URL property (#2969) (c9be29c)
- Add PG OID support (#2736) (ba2a4af)
- Add SessionPoolOptions, SpannerOptions protos in executor protos (#2932) (1673fd7)
- Support max_commit_delay in Connection API (#2954) (a8f1852)
Bug Fixes
- Executor framework changes skipped in clirr checks, and added exception for partition methods in admin class (#3000) (c2d8e95)
Dependencies
- Update actions/checkout action to v4 (#3006) (368a9f3)
- Update actions/github-script action to v7 (#3007) (b0cfea6)
- Update actions/setup-java action to v4 (#3008) (d337080)
- Update dependency com.google.cloud:google-cloud-monitoring to v3.42.0 (#2997) (0615beb)
- Update dependency com.google.cloud:google-cloud-trace to v2.41.0 (#2998) (f50cd04)
- Update dependency commons-io:commons-io to v2.16.1 (#3020) (aafd5b9)
- Update opentelemetry.version to v1.37.0 (#3021) (8f1ed2a)
- Update stcarolas/setup-maven action to v5 (#3009) (541acd2)
6.65.0 (2024-04-20)
Features
- Remove grpclb (#2760) (1df09d9)
- Support client-side hints for tags and priority (#3005) (48828df), closes #2978
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.39.0 (#3001) (6cec1bf)
- NullPointerException on AbstractReadContext.span (#3036) (55732fd)
Dependencies
Node.js
Changes for @google-cloud/spanner
7.6.0 (2024-03-26)
Features
- Add instance partition support to spanner instance proto (#2001) (4381047)
- Managed Autoscaler (#2015) (547ca1b)
- spanner: Add a sample for max commit delays (#1993) (91c7204)
- spanner: Add support for float32 (#2020) (99e2c1d)
7.7.0 (2024-04-17)
Features
- OptimisticLock option for getTransaction method (#2028) (dacf869)
- spanner: Adding
EXPECTED_FULFILLMENT_PERIOD
to the indicate instance creation times (withFULFILLMENT_PERIOD_NORMAL
orFULFILLMENT_PERIOD_EXTENDED
ENUM) with the extended instance creation time triggered by On-Demand Capacity Feature (#2024) (5292e03)
Bug Fixes
Python
Changes for google-cloud-spanner
3.45.0 (2024-04-17)
Features
Bug Fixes
Vertex AI custom training supports TPU v5e. For details, see Training with TPU accelerators.
April 29, 2024
AlloyDB for PostgreSQLAlloyDB now supports up to 64 TiB storage per cluster in all locations. For more information about available locations, see AlloyDB locations.
With Gemini, you can now build integrations in Application Integration:
- Create and build integrations
- Configure connector tasks in an integration
- Add edge conditions and append additional tasks to an integration
- Generate integration description
This feature is in preview.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigquery
7.6.1 (2024-04-26)
Bug Fixes
Go
Changes for bigquery/storage/apiv1beta1
1.61.0 (2024-04-24)
Features
- bigquery/storage/managedwriter/adapt: Add RANGE support to adapt (#9836) (ae25253)
- bigquery: RANGE support for basic data movement (#9762) (07f0806)
- bigquery: RANGE support when reading Arrow format (#9795) (da245fa)
- bigquery: RANGE type StandardSQLDataType support (#9754) (33666cf)
Bug Fixes
Java
Changes for google-cloud-bigquery
2.39.0 (2024-04-22)
Features
- Add ExportDataStats to QueryStatistics (#3244) (e91be80)
- Add new fields to copy job statistics (#3205) (64bdda8)
- Add Range object to allow reading range value (#3236) (2c3399d)
- Add support for inserting Range values (#3246) (ff1ebc6)
- Add support for ObjectMetadata (#3217) (975df05)
- Add totalSlotMs to JobStatistics (#3250) (75ea095)
Bug Fixes
- Fix BigQuery#listDatasets to include dataset location in the response (#3238) (c50c17b)
- Remove @InternalApi from TableResult (#3257) (19d92a1)
Dependencies
- Update actions/checkout action (#3256) (6df3a32)
- Update actions/upload-artifact action to v4.3.2 (#3248) (066b51f)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.40.0 (#3210) (bf7e97e)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.41.0 (#3219) (9d71b8b)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.43.0 (#3225) (a897306)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240323-2.0.0 (#3239) (2c0f48f)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.44.0 (#3211) (6993b51)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.45.0 (#3220) (21ae09c)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.47.0 (#3226) (d45d168)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#3207) (6204331)
- Update dependency org.threeten:threeten-extra to v1.8.0 (#3242) (66d5efd)
- Update github/codeql-action action to v2.24.9 (#3204) (7a24d3e)
- Update github/codeql-action action to v2.25.1 (#3229) (aeedf29)
You can now let users that are in Microsoft Entra groups access BigQuery data in Power BI by using Workforce Identity Federation. This feature is generally available.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Vertex AI Workbench
notebooks.googleapis.com/Instance
The apache-airflow-providers-google
package is upgraded to version 10.17.0. For more information about changes, see the apache-airflow-providers-google changelog from version 10.16.0 to version 10.17.0.
The apache-airflow-providers-cncf-kubernetes
package was upgraded to version 8.1.0.
Cloud Composer 2.7.1 images are available:
- composer-2.7.1-airflow-2.7.3 (default)
- composer-2.7.1-airflow-2.6.3
Cloud Composer version 2.1.14 has reached its end of full support period.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.17.0 (2024-04-25)
Features
Bug Fixes
Dependencies
A weekly digest of client library updates from across the Cloud SDK.
Cloud Workstations base images are being upgraded to Ubuntu 22.04 from Ubuntu 20.04 this week. The last images built on Ubuntu 20.04 are tagged with last-ubuntu2004
for building backwards compatible custom images.
Cloud Workstations base images now default to Python 3.10.12
Starting the week of April 29, 2024, when you limit the run time of a standalone VM or a VM in a managed instance group (MIG), the following changes take effect:
When you stop or suspend a VM that has a time limit, the time limit will no longer be automatically removed. Whenever you start or resume the VM, its time limit is reapplied until you update or remove the time limit. If a VM's time limit is defined as a specific time and that time has passed, you can't rerun the VM until you update or remove its time limit.
When a VM in a MIG reaches its time limit, the MIG deletes that VM instead of repairing it.
For more information, see Limit the run time of a VM and Limit the run time of VMs in a MIG.
New Dataproc on Compute Engine subminor image versions:
- 2.0.99-debian10, 2.0.99-rocky8, 2.0.99-ubuntu18
- 2.1.47-debian11, 2.1.47-rocky8, 2.1.47-ubuntu20, 2.1.47-ubuntu20-arm
- 2.2.13-debian12, 2.2.13-rocky9, 2.2.13-ubuntu22
Firestore now supports the us-south1
Dallas region.
For a full list of supported locations, see Locations.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-datastore
2.19.1 (2024-04-19)
Dependencies
Firestore in Datastore mode now supports the us-south1
Dallas region.
For a full list of supported locations, see Locations.
Release 1.29.0-gke.1449
GKE on Bare Metal 1.29.0-gke.1449 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.29.0-gke.1449 runs on Kubernetes 1.29.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
Version 1.15 end of life: In accordance with the Version Support Policy, version 1.15 (all patch releases) of GKE on Bare Metal has reached its end of life and is no longer supported.
Added new API and IAM role requirements for Cloud Monitoring:
You must enable the
kubernetesmetadata.googleapis.com
API for your project and grant theroles/kubernetesmetadata.publisher
IAM role to the Logging and Monitoring service account (anthos-baremetal-cloud-ops
, when created automatically). Clusters use this API as an endpoint to send Kubernetes metadata to Google Cloud. The metadata is vital for cluster monitoring, debugging, and recovery. If you install your clusters behind a proxy, addkubernetesmetadata.googleapis.com
to the list of allowed connections.Due to changes in the way service accounts are checked, you must also grant the following IAM roles to the Logging and Monitoring service account:
roles/monitoring.viewer
roles/serviceusage.serviceUsageViewer
These API and IAM role requirements apply to both creating new 1.29 clusters and upgrading existing clusters to 1.29.
GA: Support GKE Identity Service v2 capability for an improved security flow when you authenticate with third-party identity solutions.
The GA offering of GKE Identity Service v2 has the following requirements and restrictions:
GKE Identity Service v2 now requires ports
11001
and11002
on the control plane load balancer nodes, instead of8443
and8444
. Ensure these ports are open and available before you upgrade a cluster to version 1.29.0-gke.1449 and higher. If the ports aren't open, upgrade preflight checks fail.GKE Identity Service v2 requires version 1.5.1 or higher of the Anthos Auth gcloud CLI component. If necessary, update the Anthos Auth component (
gcloud components update anthos-auth
). If you use the Google Cloud SDK, updating the SDK (gcloud components update
) to version 474.0.0 or later also updates the Anthos Auth component to the required version.GKE Identity Service v2 doesn't work with GKE on Bare Metal clusters with the following configurations:
Clusters with a single control plane node only.
Clusters that use control plane nodes for load balancing. That is, clusters that aren't configured with either a separate load balancing node pool or manual load balancing.
GA: Added support for skews of up to two minor versions for selective node pool upgrades.
GA: Added capability to pause and resume cluster upgrades.
GA: Maintenance mode now uses eviction-based draining for nodes, instead of taint-based draining. Eviction-based draining uses the Eviction API, which honors Pod Disruption Budgets (PDBs). Draining nodes this way provides better protection against workload disruptions.
Preview: Added support for node-level private registry configuration for workload images.
Preview: Added support for rolling back select node pool upgrades.
Preview: Added support for admin and hybrid clusters to manage multiple versions user clusters concurrently.
Preview: Added support for using an intermediate Certificate Authority (CA) as the cluster root CA.
Preview: Added support to route workload logs to a third-party custom Kafka destination. This capability isn't enabled by default. You enable this capability in the cluster
stackdriver
resource spec by adding theunmanagedKafkaOutputConfig
section. This section lets you specify the IP addresses of Kafka message brokers (brokers
), topic names (topics
), and keys to map the topics to partitions (topicKeys
).Improved command-line interface errors and error documentation.
Functionality changes:
GKE Identity Service v2 now sends extra parameters (
extraParams
) to your OIDC provider.Extra node viewing permissions are added for accounts specified with the
spec.clusterSecurity.authorization.clusterViewer.gcpAccounts
field in the Cluster resource.Added
Status.Available
field toBareMetalMachine
resources to indicate whether the machine is available.Updated preflight checks add a check for networking kernel modules (
ip_tables
ornp_tables
) and remove theiptables
package check.The Google plugin for the GKE Identity Service now caches the public keys based on
max-age
incache-control
header.
Fixes:
Fixed an issue where the kubelet doesn't honor shortened, 1-second grace period for pod deletion during eviction-based draining.
Fixed a cluster upgrade issue where the
lifecycle-controller-deployer
Pod was unable to migrate existing GKE on Bare Metal resources to the latest API version. This issue blocked upgrades to earlier version 1.28 releases.Fixed an issue with configuring a proxy for your cluster that required you to manually set
HTTPS_PROXY
andNO_PROXY
environment variables on the admin workstation.Fixed an issue where upgrades are blocked because
cluster-operator
can't delete stale, failing preflight check resources.Fixed an issue where the network check ConfigMap wasn't updated when nodes were added or removed.
The following container image security vulnerabilities have been fixed in version 1.29.0-gke.1449:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
- Clusters that use bundled load balancing with BGP might have performance degradation as the total number of Services of type
LoadBalancer
approaches 2,000.
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
GKE on VMware 1.29.0-gke.1456 is now available. To upgrade, see Upgrade a cluster or a node pool. GKE on VMware 1.29.0-gke.1456 runs on Kubernetes v1.29.3-gke.600.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
- Preview: Support migrating a vSphere datastore to SPBM.
- Preview: Support migrating the configuration for integrated F5 BIG-IP to manual load balancing mode.
- Preview: Support migrating a user cluster to Controlplane V2.
- Preview: Support migrating a non-HA admin cluster to HA.
- GA: Support migrating disks from one vSphere datastore to another vSphere datastore with SPBM.
- GA: Support updating multiple service account keys together with
gkectl update credentials
. - GA: A user cluster control plane can be two minor versions later than its node pools and admin cluster.
- GA: Support for cgroupv2 Linux images for cluster nodes.
GA: Support GKE Identity Service v2 capability for an improved security flow when you authenticate with third-party identity solutions.
Warning: GKE Identity Service v2 requires ports 11001 and 11002 on the user cluster control plane nodes. Ensure these ports are open and available before you upgrade a cluster to version 1.29.0-gke.1456 and higher.
Server-side preflight checks are enabled by default for admin and user cluster create, update, and upgrade. Server-side preflight checks require the following additional firewall rules from your admin cluster control-plane nodes:
- Admin cluster F5 BIG_IP API (only if using the F5 BIG-IP load balancer)
- User cluster F5 BIG_IP API (only if using the F5 BIG-IP load balancer)
- Admin cluster NTP servers
- User cluster NTP servers
- Admin cluster DNS servers
- User cluster DNS servers
- User cluster on-premises local Docker registry (if your user cluster is
configured to use a local private Docker registry instead of
gcr.io
) - Admin cluster nodes
- User cluster nodes
- Admin cluster Load Balancer VIPs
- User cluster Load Balancer VIPs
- User cluster worker nodes
For the complete list of firewall rules required for server-side preflight checks, see Firewall rules for admin clusters and search for "Preflight checks".
Version changes in GKE on VMware 1.29.0-gke.1456:
- Updated Dataplane V2 to use Cilium 1.13.
- Bumped the AIS version to hybrid_identity_charon_20240331_0730_RC00.
Other changes in GKE on VMware 1.29.0-gke.1456:
- The
gkectl create cluster
command prompts for confirmation if the cluster configuration file enables legacy features. - The
gkectl prepare
command always prepares cgroup v2 images. - Cluster configuration files are prepopulated with
ubuntu_cgv2
(cgroupv2) as theosImageType
. - The
gkeadm
tool isn't supported on macOS and Windows. - A lightweight version of
gkectl diagnose snapshot
is available for both admin and user clusters. - User cluster upgrades: the
--dry-run
flag forgkectl upgrade cluster
runs preflight checks but doesn't doesn't start the upgrade process. - The
--async
flag forgkectl upgrade cluster
to run an asynchronous upgrade is now supported for admin clusters
The following issues are fixed in 1.29.0-gke.1456:
- Fixed the issue where the admin cluster backup did a retry on non-idempotent operations.
- Fixed the
known issue
where the
controlPlaneNodePort
field defaults to 30968 when themanualLB
spec is empty` - Fixed the known issue that caused the preflight check to fail when the hostname wasn't in the IP block file.
- Fixed the known issue that caused Kubelet to be flooded with logs stating that "/etc/kubernetes/manifests" does not exist on the worker nodes.
- Fixed the manual load balancer issue where the IngressIP is overwritten
with the
Spec.LoadBalancerIP
even if it is empty. - Fixed the issue that preflight jobs might be stuck in the pending state.
- Fixed an issue where egress NAT erroneously broke long-lived connections.
- Fixed Seesaw crashing on duplicated service IP.
- Fixed a warning in the storage preflight check.
Fixed the following vulnerabilities GKE on VMware 1.29.0-gke.1456:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
Ubuntu vulnerabilities:
Dual-stack LoadBalancer Services are now generally available with GKE. You can now create a dual-stack GKE cluster and expose GKE Services using either IPv4, IPv6 ,or a combination of both, depending on your ipFamilyPolicy
and ipFamilies
specs.
To learn more, see GKE LoadBalancer Service parameters.
Cloud DNS additive VPC scope is now available in Preview. You can now configure your GKE clusters to add GKE headless Service entries to your Cloud DNS private zone visible from your VPC networks, on top of using Cloud DNS (cluster scope) as your GKE DNS provider.
To learn more, see Cloud DNS scopes for GKE.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.129.1 (2024-04-25)
Bug Fixes
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.39.0 (#2002) (88517fe)
- Update dependency com.google.cloud:google-cloud-core to v2.37.0 (#1997) (b4573ae)
- Update dependency com.google.cloud:google-cloud-storage to v2.37.0 (#1999) (cff6d6a)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.29.0 (#1998) (bb80924)
General availability support for the following integration:
General availability support for the following integration:
Vertex AI Search: Order healthcare search results (Public preview)
When you search over FHIR resource types that contain unstructured text, you can order your search results according to their relevance to your query. For more information, see Order healthcare search results.
Vertex AI Search: Boost search results (Public preview)
Boosting search results for media apps and for generic search apps that contain unstructured and website data is available in Public preview. For more information, see Boost search results.
Vertex AI Search: Add structured data for advanced website indexing (Public preview)
If advanced website indexing is enabled in your data store, you can use structured data, such as Google-inferred page dates, meta
tags, and PageMap content, to enrich your indexing.
For more information, see Use structured data for advanced site indexing and Example use case using a Google-inferred page date.
Vertex AI Search: gemini-1.0-pro-002/answer_gen/v1 for answer generation
Model version gemini-1.0-pro-002/answer_gen/v1
is available for generating answers in Vertex AI Search. For more information, see Answer generation model versions and lifecycle.
M120 release
The M120 release of Vertex AI Workbench managed notebooks includes the following:
- Minor bug fixes for the
libcurl
package.
reCAPTCHA Enterprise Mobile SDK v18.5.0-beta04 is now available for iOS.
This version contains the workaround for the bug in Xcode 15.3 that prevents apps from being published in AppStore.
April 28, 2024
Application IntegrationWhile configuring a Cloud Pub/Sub trigger, you can now add a config variable for your service account. Config variables let you externalize configuration for integrations.
April 26, 2024
Apigee XOn April 26, 2024, we released an updated version of Apigee.
Logging Apigee access logs
Apigee Subscription and Pay-as-you-go customers can now enable Cloud Logging ingress access logs for each Apigee instance in their organization. Once enabled, this feature allows you to view the logs generated by ingress gateways in your Apigee infrastructure, such as an external Application Load Balancer or an Anthos gateway, to assist in troubleshooting Apigee API calls.
For more information, see Logging Apigee access logs.
SQL code generation is now available for all BigQuery projects. This feature is available in preview. To learn how to enable and activate Gemini in BigQuery features, see Set up Gemini in BigQuery.
The HTTP plugin (version 1.4.2) is available in Cloud Data Fusion versions 6.8.0 and later. The release fixed an issue in the HTTP source causing an error in the retrieved schema when one of the retrieved columns contained a quoted value with a delimiter, such as a comma (PLUGIN-1781).
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Broken-link checkers collect screenshots of failing tests in a Cloud Storage bucket. You can configure this feature to collect screenshots for all tests or disable this feature. For more information, see Create a broken-link checker.
Generally available: Zonal metadata (previously known as project zonal metadata) is custom metadata that you define at a zonal scope within a project and provides information about VMs in that specific zone. Zonal metadata helps you with fault isolation and provides greater reliability. By setting custom zonal metadata, you gain more control over the metadata for VMs in your project and limit the impact of any incorrect metadata updates to VMs within a specific zone.
To get started working with zonal metadata, see Set custom zonal metadata.
The following Dataflow templates now support user-defined functions (UDFs) written in Python:
New Dataproc Serverless for Spark runtime versions:
- 1.1.59
- 1.2.3
- 2.0.67
- 2.1.46
- 2.2.3
We've added a new field, wholesale_charges
, to Detailed Disbursements reports and Customer Insights reports for Cloud Marketplace.
A vulnerability (CVE-2024-26585) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-024 security bulletin.
You can now use the node system configuration file in GKE to enable and use Linux huge pages in your Pods. For instructions, see Linux huge page configuration options.
GKE Standard clusters now support nested virtualization. For details, including requirements and limitations, see Use nested VMs with GKE Standard clusters.
GKE Sandbox supports the use of NVIDIA GPUs (H100, A100, L4, and T4) in Public Preview in GKE version 1.29.2-gke.1108000 and later on both Standard and Autopilot clusters. GKE Sandbox provides an extra layer of security to prevent untrusted code from affecting the host kernel on your cluster nodes. For GPUs, while GKE Sandbox doesn't mitigate all NVIDIA driver vulnerabilities, it helps protect against Linux kernel vulnerabilities. For details, see GPUs in GKE Sandbox.
The feed management feature is now enhanced to include the following:
- Feed names: You can assign custom names to new and existing data feeds.
- Troubleshooting information: You can diagnose error feeds by accessing detailed information about the cause of an issue and recommended actions.
- Last succeeded time: Stay informed about the status of a feed, with a timestamp identifying when data was last successfully fetched by each feed.
You can now set up feeds to push logs using an HTTPS endpoint by using either the feed management user interface or the feed management API. You can use the following feed management source types to set up ingestion using an HTTPS endpoint:
- Amazon Data Firehose
- Google Cloud Pub/Sub
- Webhooks
You can also generate a secret key and API key to authenticate feeds that use Amazon Data Firehose and webhooks as the feed source type.
The feed management feature is now enhanced to include the following:
- Feed names: You can assign custom names to new and existing data feeds.
- Troubleshooting information: You can diagnose error feeds by accessing detailed information about the cause of an issue and recommended actions.
- Last succeeded time: Stay informed about the status of a feed, with a timestamp identifying when data was last successfully fetched by each feed.
You can now set up feeds to push logs using an HTTPS endpoint by using either the feed management user interface or the feed management API. You can use the following feed management source types to set up ingestion using an HTTPS endpoint:
- Amazon Data Firehose
- Google Cloud Pub/Sub
- Webhooks
You can also generate a secret key and API key to authenticate feeds that use Amazon Data Firehose and webhooks as the feed source type.
Bring your own IP v2 for regional addresses is available in General Availability.
- v2 public advertised prefixes are provisioned in approximately two weeks.
- v2 public delegated prefixes are provisioned in minutes.
- v2 prefixes are not automatically announced when provisioned; you control when to announce or withdraw advertisements.
April 25, 2024
Anthos clusters on AWSA vulnerability (CVE-2024-26585) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. For more information, see the GCP-2024-024 security bulletin.
A vulnerability (CVE-2024-26585) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. For more information, see the GCP-2024-024 security bulletin.
A new major engine version is now available for Retail and Commercial lines of business, within the v4 tuning version. This includes:
- More sensitive skew metrics for better model and data quality monitoring
- A bugfix for risk score threshold estimation used in recall metrics in AML AI resource metadata
BigQuery Studio is now available in the following regions:
- Johannesburg (africa-south1)
- Hong Kong (asia-east2)
- Seoul (asia-northeast3)
- Jakarta (asia-southeast2)
- Sydney (australia-southeast1)
- Madrid (europe-southwest1)
- Turin (europe-west12)
- Doha (me-central1)
- Dammam (me-central2)
- Montréal (northamerica-northeast1)
- N. Virginia (us-east4)
- Columbus (us-east5)
- Dallas (us-south1)
- Los Angeles (us-west2)
- Las Vegas (us-west4)
For more information, see BigQuery Studio locations.
The BigQuery Data Transfer Service for Google Merchant Center supports the Product Targeting report.
Config Controller is now supported in region us-west4
, us-west3
, us-west1
, europe-central2
, europe-west10
, europe-west12
, europe-west4
, europe-west9
, africa-south1
, asia-east1
, asia-east2
, asia-northeast3
, asia-south1
, asia-south2
, me-west1
, europe-southwest1
, us-south1
, asia-southeast2
, me-central1
, southamerica-west1
and southamerica-east1
.
Config Controller now uses the following versions of its included products:
- Config Connector v1.115.0, release notes
- Anthos Config Management v1.17.3, release notes
Dataplex automatic data quality supports the following capabilities:
- The SQL assertion rule type for custom SQL rules lets you check for an invalid state of a dataset.
- You can use the data reference parameter in a custom SQL rule to refer to a data source table and all of its precondition filters, instead of explicitly mentioning the table and its filters.
M120 release
- Upgraded TensorFlow 2.15 container images to TensorFlow 2.15.1.
- Added CUDA-specific release tags for all TensorFlow and PyTorch container images, for example,
us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-cu121.2-15
.
M120 release
- Upgraded TensorFlow 2.15 images to TensorFlow 2.15.1.
- Added Ubuntu 22.04 support for CPU images, and for GPU images using CUDA 12.1 or higher.
You can now create multiple orders for the same product with flat fee pricing. This feature is available in Preview. For more information about creating multiple orders, see Create multiple orders of the same product.
Release 1.16.8
GKE on Bare Metal 1.16.8 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.16.8 runs on Kubernetes 1.27.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
Fixes:
The following container image security vulnerabilities have been fixed in 1.16.8:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
GKE on VMware 1.16.8-gke.19 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.16.8-gke.19 runs on Kubernetes v1.27.12-gke.1000.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
The following vulnerabilities are fixed in 1.16.8-gke.19:
Container-optimized OS vulnerabilities:
Ubuntu vulnerabilities:
A vulnerability (CVE-2024-26585) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-024 security bulletin.
Chronicle Security Operations (Chronicle SecOps) has been rebranded to Google Security Operations (Google SecOps). Both the logo and the platform name have been rebranded as part of this change. This rebranding reflects our commitment to bringing you the best of Google security operations features. There is no change to functionality in the platform.
Timeline chart option
The new timeline chart option lets you visualize the relationships between groups of events and compare the timespans over which these events took place.
Create a Looker Studio report within Google Sheets
You can create a Looker Studio report directly within Google Sheets. To create a report from a Google Sheets worksheet or range, use the Looker Studio extension in Google Sheets.
Create a Google Cloud project while subscribing to Looker Studio Pro
You can create a new Cloud project during the Looker Studio Pro subscription process. This project is used to host your Looker Studio Pro content.
Learn more about linking Looker Studio Pro to a Google Cloud project.
A new detection model is available for the STREET_ADDRESS
infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version
to latest
when including the STREET_ADDRESS
infoType in your InspectConfig
.
You can still use the old model by setting InfoType.version
to stable
or leaving it unset when using the STREET_ADDRESS
infoType. In 30 days, the new model will be promoted to stable
.
M120 release
The M120 release of Vertex AI Workbench user-managed notebooks includes the following:
- Upgraded TensorFlow 2.15 user-managed notebooks to TensorFlow 2.15.1.
- Minor bug fixes for the
libcurl
package.
M120 release
The M120 release of Vertex AI Workbench instances includes the following:
- Minor bug fixes for the
libcurl
package.
April 24, 2024
Anthos Service Mesh1.18.7-asm.21 is now available for in-cluster Anthos Service Mesh.
This patch release contains the fix for the security vulnerability listed in GCP-2024-023. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh. Anthos Service Mesh v1.18.7-asm.21 uses Envoy v1.26.8.
1.19.10-asm.0 is now available for in-cluster Anthos Service Mesh.
This patch release contains the fix for the security vulnerability listed in GCP-2024-023. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh. Anthos Service Mesh v1.19.10-asm.0 uses Envoy v1.27.5.
1.20.6-asm.0 is now available for in-cluster Anthos Service Mesh.
This patch release contains the fix for the security vulnerability listed in GCP-2024-022. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh. Anthos Service Mesh v1.20.6-asm.0 uses Envoy v1.28.3.
For Cloud Pub/Sub triggers, the default value of the expiration period option for subscriptions is changed from 31 days
to never expire
. If you want to change the value of the expiration period, then you must update the Cloud Pub/Sub subscription in the Google Cloud console.
User-defined aggregate functions (UDAFs) that support SQL expressions are in preview. You can create a UDAF with the CREATE AGGREGATE FUNCTION statement.
Support for Direct VPC egress, which lets you send traffic directly to a VPC network with no Serverless VPC Access connector required, is now at general availability (GA).
A known issue causes a subset of Pods in GKE Autopilot clusters to occasionally become stuck during termination or creation. As a result, we temporarily disabled bursting in Autopilot clusters that were created or upgraded to version 1.29.2-gke.1060000 and later on or after April 24, 2024. Clusters that enabled bursting prior to April 24, 2024 continue to support bursting. For information and troubleshooting steps, see Pods stuck during termination or creation.
Vertex AI Agent Builder: Renamed in the console and documentation
The Google Cloud console and the documentation at cloud.google.com have been updated to show the current product name for Vertex AI Agent Builder. On the console, look for "Agent Builder".
You might see the old name (Vertex AI Search and Conversation) in some places—for example, in videos.
April 23, 2024
Cloud InterconnectVerified Peering Provider is now generally available. Verified Peering Provider lets you reach all publicly available Google Cloud resources through an internet service provider, without the need to directly peer with Google.
Default replication monitoring for multi-region and dual-region buckets in the Google Cloud console is now available for the following graphs:
- Percent of minutes out of RPO
- Percent of objects out of target
- Meeting RPO
Mobile SDK 2.6 is released
For more information, see the following:
Deployment schedules
With deployment schedules, you can control the timing of Google's automatic updates to your contact center instance. For more information, see Deployment schedules.
cos-beta-113-18244-1-44
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.77 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Updated app-containers/containerd to v1.7.15.
Fixed CVE-2024-26642 in the Linux kernel.
Fixed CVE-2024-26642, CVE-2024-26643 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812399 -> 812400
- Changed: kernel.threads-max: 63503 -> 63504
- Changed: user.max_cgroup_namespaces: 31751 -> 31752
- Changed: user.max_ipc_namespaces: 31751 -> 31752
- Changed: user.max_mnt_namespaces: 31751 -> 31752
- Changed: user.max_net_namespaces: 31751 -> 31752
- Changed: user.max_pid_namespaces: 31751 -> 31752
- Changed: user.max_time_namespaces: 31751 -> 31752
- Changed: user.max_user_namespaces: 31751 -> 31752
- Changed: user.max_uts_namespaces: 31751 -> 31752
cos-105-17412-294-68
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.13 | v470.239.06(default),v550.54.15(latest) |
Fixed a crash during CIFS volumes mount.
Fixed CVE-2024-26642 in the Linux kernel.
cos-101-17162-386-65
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
Fixed a crash during CIFS volumes mount.
Dialogflow CX: The following new region is available:
us
: United States multi-region accessed viausa-dialogflow.googleapis.com
hostname
WebSocket support for managing Compute Engine resource sessions is now available. For more information, see Managing IAP sessions .
The Private Service Connect interface documentation has been updated. Google recommends avoiding multi-tenant architectures, where multiple consumers connect to the same Private Service Connect interface VM. In a multi-tenant architecture, if one consumer terminates their Private Service Connect interface connection, other consumers that are connected to the same VM also lose connectivity. For more information, see Limitations.
April 22, 2024
Backup and DRBackup and DR Service now support viewing Backup and DR Service pre built reports in Looker Studio. Learn more.
Backup for GKE now supports Smart Scheduling, an alternative backup creation scheduling approach based on desired RPO instead of a fixed schedule. This approach is in addition to the existing cron scheduling approach. For more information, see Automatic backup creation and deletion.
Backup index is now available for viewing the resource information in backups. See details on view backup index.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigquery
7.6.0 (2024-04-09)
Features
Bug Fixes
Python
Changes for google-cloud-bigquery
3.21.0 (2024-04-18)
Features
- Add compression option ZSTD. (#1890) (5ed9cce)
- Adds billing to opentel (#1889) (38697fb)
- Support RANGE in queries Part 1: JSON (#1884) (3634405)
Bug Fixes
- Add types to DatasetReference constructor (#1601) (bf8861c)
- Creates linting-typing.cfg in presubmit (#1881) (c852c15)
- Remove duplicate key time_partitioning from Table._PROPERTY_TO_A… (#1898) (82ae908)
- Retry query jobs that fail even with ambiguous
jobs.getQueryResults
REST errors (#1903, #1900) (1367b58)
Performance Improvements
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.38.0 (2024-04-15)
Features
- Add Data Boost configurations to admin API (f29c5bb)
- Add feature flag for client side metrics (#2179) (f29c5bb)
- Migrate to OTEL and enable metrics by default (#2166) (1682939)
Bug Fixes
Python
Changes for google-cloud-bigtable
2.23.1 (2024-04-15)
Bug Fixes
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.16.3 (2024-04-17)
Dependencies
The pgvector
extension is upgraded from version 0.5.1 to version 0.6.0. Use this extension to store and search for vector embeddings in PostgreSQL databases. For more information, see Configure PostgreSQL extensions.
To use this version of the extension, update your instance to [PostgreSQL version].R20240130.00_09
. For more information, see Self-service maintenance.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/storage
7.10.0 (2024-04-15)
Features
- Add ability to create a File object from URL (#2432) (1b71fcc)
- Allow setting contentEncoding during compose (#2431) (6e81e05)
Bug Fixes
Java
Changes for google-cloud-storage
2.37.0 (2024-04-19)
Features
- Adds a ZeroCopy response marshaller for grpc ReadObject handling (#2489) (8c7404d)
- Port BufferToDiskThenUpload to work with HttpStorageOptions (#2473) (d84e255)
- Port DefaultBlobWriteSessionConfig to work with HttpStorageOptions (#2472) (e5772a4)
- Port ParallelCompositeUploadBlobWriteSessionConfig to work with HttpStorageOptions (#2474) (3bf6026)
- Transfer Manager ParallelCompositeUploads (#2494) (8b54549)
Bug Fixes
- Ensure all BlobWriteSession types conform to the semantics specified in BlobWriteSession (#2482) (d47afcf)
- Fix BidiBlobWriteSessionConfigs to respect preconditions (#2481) (955d78a)
- Update ApiaryUnbufferedWritableByteChannel to be graceful of non-quantum aligned write calls (#2493) (f548335)
- Update BidiBlobWriteSessionConfig to respect a provided bufferSize (#2471) (e1fb857)
- Update grpc handling of IAM Policy etag to account for base64 encoding (#2499) (032f2f2)
- Update Grpc Retry Conformance after new additions to testbench (#2309) (09043c5)
Dependencies
- Update dependency com.google.apis:google-api-services-storage to v1-rev20240319-2.0.0 (#2460) (9c2ee90)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#2467) (c12f329)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.29.0 (#2502) (7ed8446)
- Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.43.0 (#2459) (2dc4748)
- Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.44.0 (#2497) (9b0253c)
Documentation
Version 3.15 is released
All release notes published on this date are part of version 3.15.
Authentication context
You can select the authentication context that you want when you set up single sign-on (SSO) for CRMs that use the Security Assertion Markup Language (SAML) standard.
Glossary support in live translation
Live translation supports glossaries, helping you ensure that specific terms are translated appropriately. For more information, see Set up live translation.
Email channel endpoints in the Manager API
The Manager API has the following two new endpoints for email data management and analysis:
- Email manager.
GET /manager/api/v1/emails
- Email session data report.
GET /manager/api/v1/emails/managed
Skip CRM account and record creation
With the Salesforce CRM and custom CRMs, you can skip account creation or record creation (or both) during a session. For more information, see Skip CRM account and record creation.
Configure chat auto answer at the queue level
You can configure auto answer settings for chat at the queue level. For more information, see Auto-answer.
Chat dismissal warning for agents
Agents receive a chat dismissal warning at the same time that an end-user receives one.
New event field in session reports from the Manager API
Session reports from the Manager API now include an event
field. This field indicates how sessions end—for example, finished
, failed
, or abandoned
. For more information, see Calls Endpoints and Chats Endpoints.
On the Agents page, the All teams filter now shows all teams, regardless of whether an agent is assigned.
Fixed an issue where the Create a Record API used the user ID instead of the queue name.
Fixed a reporting error that showed Wait, Queue, and Handle times as 0 for expired or abandoned chats that were escalated from a virtual agent to a queue.
Fixed an issue where the All teams filter on the Agents page didn't display the complete team hierarchy.
Fixed an issue where a user with a custom role that included the Settings > Queue permission was not able to view the Queues page.
Fixed an issue where a user could sometimes still hear a call after ending call monitoring.
Fixed an issue with the ServiceNow CRM where selecting Skip CRM record creation disabled the contact lookup feature.
Fixed an issue with the Chat API where photos and videos sent by an end-user would sometimes not be visible to the agent in the adapter.
Fixed an issue where virtual escalations canceled by an end-user were not being logged as abandoned.
Fixed an issue where the virtual agent streaming service ended mid-session.
We've made the following updates to the the provider Entitlement resource:
- A new field called
new_offer_start_time
is populated with the start time of an offer that's scheduled to start in the future. This field works the same way as the field in the Pub/Sub messages. - The existing field named
new_offer_end_time
is now also populated when an offer with a specified end date activates. The field is now empty only if the offer was created with a term instead of a specified end date, or if there is no upcoming offer.
The ingestion_stats
table in BigQuery is deprecated and will no longer be updated after May 15, 2024. We recommend that you use the Chronicle ingestion_metrics
table in BigQuery, which provides more accurate ingestion metrics.
The ingestion alerting system using Chronicle has been deprecated. This system will no longer be updated, and no alerts will be sent from this system after September 01, 2024. We recommend that you use the Cloud Monitoring integration which provides more flexibility in alert logic, alert workflow, and integration with third-party ticketing systems.
The ingestion_stats
table in BigQuery is deprecated and will no longer be updated after May 15, 2024. We recommend that you use the Chronicle ingestion_metrics
table in BigQuery, which provides more accurate ingestion metrics.
The ingestion alerting system using Chronicle has been deprecated. This system will no longer be updated, and no alerts will be sent from this system after September 01, 2024. We recommend that you use the Cloud Monitoring integration which provides more flexibility in alert logic, alert workflow, and integration with third-party ticketing systems.
A weekly digest of client library updates from across the Cloud SDK.
Resolved an issue where Pub/Sub pull RPCs incorrectly return a "cancelled" status when the configured deadline is reached in the absence of a backlog. This fix ensures deadlines are honored.
VOD configs are now used to create VOD sessions. When you create a VOD session, specify a VOD config in the vodConfig
field to use the config's sourceUri
and adTagUri
fields.
Workflows is available in the following additional region: me-central1
(Doha, Qatar).
April 21, 2024
Application IntegrationApache Kafka trigger is now in preview.
New Dataproc on Compute Engine subminor image versions:
- 2.0.98-debian10, 2.0.98-rocky8, 2.0.98-ubuntu18
- 2.1.46-debian11, 2.1.46-rocky8, 2.1.46-ubuntu20, 2.1.46-ubuntu20-arm
- 2.2.12-debian12, 2.2.12-rocky9, 2.2.12-ubuntu22
April 20, 2024
DataprocAnnouncing Dataproc Workflow Templates supports the CMEK organization policy.
April 19, 2024
Apigee XOn April 19, 2024, we released an updated version of Apigee.
With this release, Apigee API Management organizations with Subscription 2021 contracts have been upgraded to introduce standard and extensible API proxy features and expanded limits on deployments.
With this upgrade:
- Standard and extensible API proxy calls are counted equally when calculating overall API call entitlement for Subscription 2021 contracts.
- The maximum number of shared flow deployments is 75 per environment.
- There are no limits on the total number of API proxy deployments per environment.
- The maximum limit of total deployment units (API proxies or shared flows) per organization is 4250.
Note: The fleetwide upgrade is complete for the majority of Subscription 2021 contract organizations. Organization administrators for the remaining 5% of organizations have been contacted by Apigee representatives regarding timelines for the release.
To learn more about:
- Standard and Extensible API Proxy types, see API Proxy types.
- Expanded limits for API proxy and shared flow deployments, see Limits.
- Account level deployment limits, see Subscription 2021 entitlements.
- Viewing proxy deployment count, see View proxy deployment usage.
Subscription Apigee organizations (without hybrid entitlements) upgraded in this release will see changes to the user experience in the Classic Apigee UI. To support management of the upgraded functionality now available to these organizations, a number of feature administration pages are now only available in the Apigee UI in Cloud console.
For more information, see Apigee UI in Cloud console navigation.
Artifact Registry download file feature is Generally Available (GA) for standard repositories and remote repositories.
The download file feature allows users to download individual files without configuring authentication for format-specific tooling. For more information, see Download files.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
App Hub
Integration Connectors
connectors.googleapis.com/EndpointAttachment
connectors.googleapis.com/EventSubscription
connectors.googleapis.com/ManagedZone
Database Migration Service for homogeneous migrations to Cloud SQL for MySQL and homogeneous migrations to Cloud SQL for PostgreSQL now supports migrations to existing destination instances that have read replicas enabled.
For more information, see:
General purpose C3 VMs are now available in Sydney, (australia-southeast1-c)
.
Dataproc Serverless for Spark: runtime version 2.2 will become the default Dataproc Serverless for Spark runtime version on June 28, 2024 (instead of May 3, 2024, as previously announced).
A bug in the Image streaming feature might cause containers to fail because of missing files.
Containers running on a node with image streaming enabled on specific GKE versions might fail to be created with the following error:
"CreateContainer in sandbox from runtime service failed" err="rpc error: code = Unknown desc = failed to create containerd container: failed to mount [PATH]: too many levels of symbolic links"
The following GKE versions are impacted:
- All 1.28 versions
- All 1.29 versions
We're working on fixing this issue. In the meantime, if you're impacted by this issue, disable Image streaming.
Release 6.2.54 is now in General Availability.
Cloud Text-to-Speech now offers es-ES Studio voices: es-ES-Studio-C and es-ES-Studio-F
April 18, 2024
Artifact RegistryThe immutable tags setting is generally available for Docker repositories. When tags are immutable, you can't change the image digest that a tag references in the repository. You can configure this setting when you create a repository or change the setting on an existing repository.
The quantified LIKE
operator is generally available (GA). With this operator, you can check a search value for matches against a list of patterns or an array of patterns, using one of these conditions:
LIKE ANY
: Checks if at least one pattern matches.LIKE SOME
: Synonym forLIKE ANY
.LIKE ALL
: Checks if every pattern matches.
Python 3.11.8 is available in environments with Airflow 2.6.3 and 2.7.3:
Existing environments with Airflow 2.6.3 and 2.7.3 switch to Python 3.11.8 when upgraded.
Before upgrading, make sure that custom PyPI packages in your environment are compatible with Python 3.11.8.
Between April 16, 2024, 2:00 AM (PST) and April 17, 2024, 3:30 AM (PST), Cloud Composer service experienced problems with environment creation, upgrades, and changing the environment size. The problem is resolved and all operations are working. If you think that your environment is still impacted by this issue, please reach out to the Cloud Support team.
(New environments only) Increased the default value of the [webserver]auto_refresh_interval
Airflow configuration option to 15 seconds. Pages in the Airflow UI, such as the list of DAGs, now will update every 15 seconds.
(Available without upgrading) Fixed a problem where enabling or disabling Logs in Cloud Logging Only could render the Airflow web server and workers inoperative. If your environment is affected, apply the fix by enabling or disabling this feature again.
Airflow 2.5.3 is no longer included in Cloud Composer images.
The default version of Airflow is changed to 2.7.3.
Cloud Composer 2.7.0 images are available:
- composer-2.7.0-airflow-2.7.3 (default)
- composer-2.7.0-airflow-2.6.3
Cloud Composer versions 2.1.13, 2.1.12 and 1.20.12 have reached their end of full support period.
New Dataproc Serverless for Spark runtime versions:
- 1.1.58
- 1.2.2
- 2.0.66
- 2.1.45
- 2.2.2
Set the soft delete policy of newly created Dataproc staging and temp Cloud Storage buckets to 0
days.
Updated the default autoscaling V2 cool-down time from 2m
to 1m
to reduce scaling latency.
Fixed a bug where Dataproc Serverless sessions that live longer than 48 hours are underbilled.
Dialogflow CX: The Conversation history API is now available for public preview.
Meta's open weight Llama 3 model is available in the Vertex AI Model Garden.
(2024-R10) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- Version 1.28.7-gke.1026000 is now the default version.
- The following control plane versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.25.15-gke.1115000
- 1.25.16-gke.1041000
- 1.25.16-gke.1596000
- 1.25.16-gke.1648000
- 1.26.11-gke.1055000
- 1.26.14-gke.1076000
- 1.26.14-gke.1133000
- 1.27.3-gke.100
- 1.27.11-gke.1118000
- 1.27.11-gke.1202000
- 1.28.3-gke.1203001
- 1.28.7-gke.1226000
- 1.29.0-gke.1381000
- 1.29.2-gke.1521000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.25.16-gke.1537000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.
Stable channel
- Version 1.27.11-gke.1062000 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.25.15-gke.1115000
- 1.25.16-gke.1041000
- 1.26.11-gke.1055000
- 1.27.7-gke.1121002
- 1.28.3-gke.1203001
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.25.16-gke.1460000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.
Regular channel
- Version 1.28.7-gke.1026000 is now the default version in the Regular channel.
- Version 1.25.16-gke.1570000 is now available in the Regular channel.
- The following versions are no longer available in the Regular channel:
- 1.25.16-gke.1460000
- 1.27.8-gke.1067004
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1537000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.16-gke.1537000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.
Rapid channel
- Version 1.29.3-gke.1093000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1596000
- 1.25.16-gke.1648000
- 1.26.14-gke.1076000
- 1.26.14-gke.1133000
- 1.27.11-gke.1118000
- 1.27.11-gke.1202000
- 1.28.7-gke.1026000
- 1.28.7-gke.1226000
- 1.29.1-gke.1589017
- 1.29.2-gke.1521000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1711000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.8-gke.1095000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1093000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1093000 with this release.
(2024-R10) Version updates
- Version 1.28.7-gke.1026000 is now the default version.
- The following control plane versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.25.15-gke.1115000
- 1.25.16-gke.1041000
- 1.25.16-gke.1596000
- 1.25.16-gke.1648000
- 1.26.11-gke.1055000
- 1.26.14-gke.1076000
- 1.26.14-gke.1133000
- 1.27.3-gke.100
- 1.27.11-gke.1118000
- 1.27.11-gke.1202000
- 1.28.3-gke.1203001
- 1.28.7-gke.1226000
- 1.29.0-gke.1381000
- 1.29.2-gke.1521000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.25.16-gke.1537000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.
(2024-R10) Version updates
- Version 1.27.11-gke.1062000 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.25.15-gke.1115000
- 1.25.16-gke.1041000
- 1.26.11-gke.1055000
- 1.27.7-gke.1121002
- 1.28.3-gke.1203001
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.25.16-gke.1460000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.
(2024-R10) Version updates
- Version 1.28.7-gke.1026000 is now the default version in the Regular channel.
- Version 1.25.16-gke.1570000 is now available in the Regular channel.
- The following versions are no longer available in the Regular channel:
- 1.25.16-gke.1460000
- 1.27.8-gke.1067004
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1537000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.16-gke.1537000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.
(2024-R10) Version updates
- Version 1.29.3-gke.1093000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1596000
- 1.25.16-gke.1648000
- 1.26.14-gke.1076000
- 1.26.14-gke.1133000
- 1.27.11-gke.1118000
- 1.27.11-gke.1202000
- 1.28.7-gke.1026000
- 1.28.7-gke.1226000
- 1.29.1-gke.1589017
- 1.29.2-gke.1521000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1711000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.8-gke.1095000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1093000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1093000 with this release.
Release 6.3.0 is currently in Preview.
Chronicle SOAR is being rebranded to Google Security Operations (Google SecOps). Both the logo and the platform name have been rebranded as part of this change. This rebranding reflects our commitment to bringing you the best of Google security operations features. There is no change to functionality in the platform.
Context-sensitive help added to the platform When you click the documentation link at the top of the platform, you will now be directed to the exact documentation page that relates to the screen you are on.
Custom List import error not propagated to the user (ID #1032784)
Advanced Text Editor text formatting not working (ID #00274952)
Issues with Login (ID #00283928)
Parse case wall email doesn't work in playbook simulator (ID #00260679)
Unable to create advanced reports when a specific environment is selected (ID #49898167)
Playbooks not visible due to missing categoryId
and categoryName
values (ID #00274872)
Events tab lists all artifacts even though they are part of different events (ID #49103838)
Tagged user is not highlighted or hyperlinked on the Case Wall page & Notification popup
Viewer role for team workspaces
The Viewer role can now be assigned to members of a team workspace. The Viewer role lets users view existing assets in the team workspace, view folders in the team workspace, and view the team workspace Trash.
Pro feature: New Viewer permissions to create scheduled report deliveries
When sharing a Pro report, Pro users can now grant users with a Viewer role the ability to create scheduled deliveries of the shared report.
reCAPTCHA Enterprise Mobile SDK v18.5.0-beta03 is now available for iOS.
This version contains the following changes:
- Support for Apple Privacy Manifest.
- The minimum supported version of Xcode is 15.3.
- The minimum supported version of client's CocoaPods version is 1.12.0.
April 17, 2024
Apigee hybridhybrid v1.12.0
On April 17, 2024 we released an updated version of the Apigee hybrid software, v1.12.0.
For information on upgrading, see Upgrading Apigee hybrid to version v1.12.0. For information on new installations, see The big picture.
A new suite of metrics for monitoring Apigee proxies and target endpoints is now available for Hybrid 1.12.
You can now add your own contractEncryptionKey
for new Apigee hybrid installations. For details, see Data encryption.
The JAR file dependencies required to create a Java callout are now hosted securely in Artifact Registry.
For more information on downloading the JAR dependencies from Artifact Regsitry, see Compile your code with Maven.
Hybrid 1.12 validates required conditions are satisfied before allowing Runtime services to be created. See Diagnosing issues with guardrails.
Apigee hybrid now supports Workload Identity Federation for component authentication on AKS and EKS installations. See Enabling Workload Identity Federation on AKS and EKS.
Hybrid v1.12 now supports storing service account keys in Hashicorp Vault. See Storing service account keys in Hashicorp Vault.
The apigeectl
command-line tool is deprecated. as of April 17, 2024. The apigeectl
tool is not supported for Apigee hybrid v1.12. Support for apigeectl
for hybrid v1.10 and v1.11 will end on April 17, 2025. For more information, see apigeectl deprecation.
The Proxyv2
and targetv2
metrics suite is deprecated. The Apigee hybrid v1.12 release supports the new proxy and target metrics by default. Support for Proxyv2
and targetv2
metrics in hybrid v 1.10 and v1.11 will end on April 17, 2025. For more information, see ProxyV2 and TargetV2 deprecation.
Bug ID | Description |
---|---|
284034011 | Modified Apigee Watcher and Apigee Ingress to leverage a sidecar instead of pod/exec for collecting ingress routing status. |
298202120 | The Datastore component now uses Cassandra 4. |
311705715 | Use a non-default service account for the remove-dc component. (Fixed in Apigee hybrid 1.10.3-hotfix.4, 1.10.4, and 1.11.1) |
306341401 | Fixed regression where virtualhost cipherSuites overrides weren't being used. (Fixed in Apigee hybrid 1.10.4 and 1.11.1) |
302186503 | Added the missing HTTP proxy template settings to the Apigee Hybrid Helm datastore component. (Fixed in Apigee hybrid 1.10.4) |
300542690 | Added dedicated service accounts for Apigee Connect, Redis, and UDCA to prevent Kubernetes from automatically injecting credentials for a specified Service Account or the default Service Account. (Fixed in Apigee hybrid 1.10.4) |
277353680 | Fixed issue causing target server HealthMonitors to continue beyond revision or deletion of the proxy. Target health checks are now terminated as soon as the proxy is removed from the runtime (undeployed or deleted). Note: There may be a delay between removal of the proxy and termination of the target server health checks. (Fixed in Apigee hybrid 1.10.4) |
These security bugs were fixed in Apigee hybrid v1.12.0
These security bugs were fixed in Apigee hybrid v1.10.4.
Bug ID | Description |
---|---|
315034009 | Security fixes: apigee-asm-ingress and apigee-asm-istiod (ingressgateway and ingressgateway-controller ) are upgraded to Service Mesh version 1.17.8-asm.4. This addresses the following vulnerabilities:
|
311167948 | A security issue was addressed. |
303460289 | Security fixes for apigee-prometheus-adapter . This addresses the following vulnerabilities: |
303459588 | Security fixes for apigee-prom-prometheus . This addresses the following vulnerabilities: |
300319489 | Security fixes for fluentd . This addresses the following vulnerabilities: |
294892189 | Security fixes for apigee-diagnostics-collector . This addresses the Guava vulnerability: |
N/A | Security fixes for apigee-cassandra-backup-utility and apigee-prom-prometheus . This addresses the following vulnerabilities:
|
N/A | Security fixes for apigee-fluent-bit . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-hybrid-cassandra and apigee-hybrid-cassandra-client . This addresses the following vulnerabilities:
|
N/A | Security fixes for apigee-installer , apigee-operators , and apigee-watcher . This addresses the following vulnerabilities:
|
N/A | Security fixes for apigee-kube-rbac-proxy . This addresses the following vulnerabilities: |
These security bugs were fixed in Apigee hybrid v1.11.1.
Bug ID | Description |
---|---|
315034009 | Security fixes: apigee-asm-ingress and apigee-asm-istiod (ingressgateway and ingressgateway-controller ) are upgraded to Service Mesh version 1.17.8-asm.4. This addresses the following vulnerabilities:
|
303460289 | Security fixes to apigee-prometheus-adapter . This addresses the following vulnerabilities: |
303459588 | Security fixes to apigee-prom-prometheus . This addresses the following vulnerabilities: |
303292806 | Restrict connections from the Cassandra backup utility to Cassandra server pods in the apigee namespace. |
N/A | Security fixes to apigee-cassandra-backup-utility . This addresses the following vulnerabilities: |
N/A | Security fixes to apigee-fluent-bit . This addresses the following vulnerabilities: |
N/A | Security fixes to apigee-hybrid-cassandra . This addresses the following vulnerabilities: |
N/A | Security fixes to apigee-hybrid-cassandra-client . This addresses the following vulnerabilities: |
N/A | Security fixes to apigee-kube-rbac-proxy . This addresses the following vulnerabilities: |
N/A | Security fixes to apigee-installer , apigee-operators , and apigee-watcher . This addresses the following vulnerabilities:
|
These security bugs were fixed in Apigee hybrid v1.11.1-hotfix.1.
Bug ID | Description |
---|---|
324460830 | Security fix for apigee-ingress. This addresses the following vulnerabilities: |
These security bugs were fixed in Apigee hybrid v1.10.4-hotfix.1.
Bug ID | Description |
---|---|
324460830 | Security fix for apigee-ingress. This addresses the following vulnerabilities: |
More permissions are now supported by deny policies. This feature is in preview.
The Salesforce Marketing Cloud plugin (version 1.3.1) is available in Cloud Data Fusion version 6.8.0 and later. The release fixed an issue in the Salesforce Marketing sink plugin causing upsert operations to fail (PLUGIN-1773).
Config Connector version 1.116.0 is now available.
This release includes enhanced support for DNSRecordSet, enabling advanced configurations such as geo-routing, primary/backup, and weighted round-robin load-balancing.
ContainerCluster
- Added
spec.nodeConfig.linuxNodeConfig.cgroupMode
field.
ContainerNodePool
- Added
spec.nodeConfig.linuxNodeConfig.cgroupMode
field.
DNSRecordSet
Added
spec.routingPolicy.geo.healthCheckedTargets
field.Added
spec.routingPolicy.primaryBackup
field.Added
spec.routingPolicy.wrr
field.
EventArcTrigger
Added
spec.destination.httpEndpoint
field.Added
spec.destination.networkConfig
field.
LoggingLogBucket
- Added
spec.enableAnalytics
field.
Web SDK 2.19 is released
For more information, see Web SDK changelog.
Architecting disaster recovery for cloud infrastructure outages: Added DR guidance for Personalized Service Health.
We've made the following changes to Cloud Marketplace reports:
- A new field,
offer_title
, has been added to the Detailed disbursements report and the Customer Insights report. - The
entitlement_id
field from the Detailed disbursements report is now also available in the Customer Insights report.
GKE on VMware 1.28.400-gke.75 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.28.400-gke.75 runs on Kubernetes v1.28.7-gke.1700.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
The following vulnerabilities are fixed in1.28.400-gke.75:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
Ubuntu vulnerabilities:
BigQuery Connector for SAP version v2.7
Version 2.7 of the BigQuery Connector for SAP is generally available (GA). This version extends support for using the SAP SLT add-on DMIS 2018 SP 11.
For more information, see What's new with BigQuery Connector for SAP.
Storage Transfer Service has added support for Shared Keys as an authentication method when transferring from Microsoft Azure Storage.
To use an Azure Shared Key, you must store the key value in Secret Manager. See Save your Microsoft credentials in Secret Manager for details.
April 16, 2024
BigQueryBigQuery now supports subqueries in row level access policies. This feature is now in public preview.
Client-side metrics are enabled by default in the Bigtable client library for Java versions 2.38.0 and later.
Internal passthrough Network Load Balancer now supports load-balancing for TCP, UDP, ICMP, ICMPv6, SCTP, ESP, AH, and GRE protocols. To handle multiple protocol traffic, you set the load balancer's forwarding rule protocol to L3_DEFAULT
and set the backend service protocol to UNSPECIFIED
.
For details, see:
This feature is available in General Availability.
Generally available: Z3 VMs, which offer the latest compute, networking, and storage innovations in one platform with a particular focus on high density, high performing Local SSD are now available on Compute Engine. For more information, see Storage-optimized machine family.
Generally available: Hyperdisk Balanced is available with M1 and M2 VMs. Hyperdisk Balanced is a good fit for a wide range of use cases such as LOB applications, and medium-tier databases that don't require the performance of Hyperdisk Extreme. For more information, see About Hyperdisk.
New Dataproc Metastore services configured with Private Service Connect can be connected from subnetworks of any region within the same VPC network.
Existing services configured with Private Service Connect do not inherit this change and continue to only support access from the VPC subnetworks that were specified during service creation.
Disaster recovery building blocks: Added DNS policies to the DR building blocks.
The Z3 machine family is generally available in Standard clusters running for GKE 1.25 and later. You can select this family by using the --machine-type
flag when creating a cluster or node pool. The following limitations apply:
- Node auto-provisioning for Z3 is supported in 1.29 and later.
- GKE Autopilot is supported in 1.29 and later.
- Z3 machines are gracefully terminated during host maintenance.
New SAP HANA certification: Hyperdisk Balanced usage with M2 machine types
For use with SAP HANA on Google Cloud, SAP has certified the usage of Hyperdisk Balanced with the M2 series of memory-optimized machine types.
For more information, see:
- Certified Compute Engine VMs for SAP HANA
- The "Hyperdisk Balanced" tab in Minimum sizes for SSD-based Persistent Disk and Hyperdisk volumes
April 15, 2024
Apigee XOn April 15, 2024, we released an updated version of Apigee (1-12-0-apigee-4).
Bug ID | Description |
---|---|
332981542 | Optimized VerifyAPI policy execution time for high count of API products. |
Binary Authorization legacy continuous validation (CV) is deprecated and will no longer be available on Google Cloud after May 1, 2025. You can instead use continuous validation with check-based platform policies. To learn how to migrate to check-based platform policies, see Legacy continuous validation deprecation and shutdown.
Cloud KMS now supports asymmetric signing and validation using ECDSA on the Curve25519 in PureEdDSA mode, which takes raw data as input instead of hashed data.
For more information on this and other algorithms supported by Cloud KMS, see Key purposes and algorithms.
The Direct VPC egress feature of Cloud Run is now supported in all regions.
cos-dev-117-18374-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.10 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Upgraded sys-boot/grub-lakitu to the FC 39's current version.
Updated the Linux kernel to v6.1.85.
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
cos-113-18244-1-37
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.77 | v24.0.9 | v1.7.10 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Fixed integrity-fs dm-crypt creation flakiness.
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
Runtime sysctl changes:
- Changed: fs.file-max: 812400 -> 812399
- Changed: kernel.threads-max: 63504 -> 63503
- Changed: user.max_cgroup_namespaces: 31752 -> 31751
- Changed: user.max_ipc_namespaces: 31752 -> 31751
- Changed: user.max_mnt_namespaces: 31752 -> 31751
- Changed: user.max_net_namespaces: 31752 -> 31751
- Changed: user.max_pid_namespaces: 31752 -> 31751
- Changed: user.max_time_namespaces: 31752 -> 31751
- Changed: user.max_user_namespaces: 31752 -> 31751
- Changed: user.max_uts_namespaces: 31752 -> 31751
cos-105-17412-294-66
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.13 | v470.239.06(default),v550.54.15(latest) |
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
Fixed CVE-2024-26642,CVE-2024-26643 in the Linux kernel.
cos-109-17800-147-60
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.75 | v24.0.9 | v1.7.13 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
cos-101-17162-386-64
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
Disaster recovery building blocks: Added information about the soft-deletion feature in Cloud Storage.
The following labels
fields for UDM nouns are deprecated and these fields will not appear in the search results after November 29, 2024: about.labels
, intermediary.labels
, observer.labels
, principal.labels
, src.labels
, security_result.about.labels
, and target.labels
. For existing parsers, in addition to these UDM fields, the logs fields are also mapped to key and value additional.fields
UDM fields. For new parsers, the key and value settings in additional.fields
UDM fields are used instead of the deprecated labels
UDM fields. We recommend that you update the existing rules to use the key and value settings in the additional.fields
UDM fields instead of the deprecated labels
UDM fields.
The following labels
fields for UDM nouns are deprecated and these fields will not appear in the search results after November 29, 2024: about.labels
, intermediary.labels
, observer.labels
, principal.labels
, src.labels
, security_result.about.labels
, and target.labels
. For existing parsers, in addition to these UDM fields, the logs fields are also mapped to key and value additional.fields
UDM fields. For new parsers, the key and value settings in additional.fields
UDM fields are used instead of the deprecated labels
UDM fields. We recommend that you update the existing rules to use the key and value settings in the additional.fields
UDM fields instead of the deprecated labels
UDM fields.
Automatic, anonymous account deletion is now enforced for all projects that have autodelete_anonymous_users
enabled.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for pubsub/apiv1
This is the second preview release of the Pub/Sub client that includes OpenTelemetry Tracing.
CHANGES
- Fix leak of ackIDs in
activeSpans
map - Allow passing of context into user callback
- Align attributes for batch operation spans (publish, ack, nack, modack) with that of the main message spans
Java
Changes for google-cloud-pubsub
1.128.1 (2024-04-10)
Dependencies
Security Health Analytics use of security marks for asset allowlists deprecated
Starting April 15, 2025, Security Health Analytics will no longer use security marks to allowlist assets for Security Health Analytics detectors.
After that date, you can still apply security marks to assets, but they will no longer affect the way that Security Health Analytics processes assets.
For more information about security marks for assets, see Add assets to allowlists.
Historical snapshots to be disabled in Security Command Center API
Starting July 15, 2024, Security Command Center will discontinue historical snapshot capabilities in the Security Command Center API, which were used to query for findings at a particular point in time. Specifically, readTime
and compareDuration
will be removed from list
and group
API calls for findings. Also, start_time
will be removed from SetFindingState
, SetFindingWorkflowState
and UpdateSecurityMarks
.
For more information about the Security Command Center API, see Overview.
Data retention period to be reduced for Standard tier findings
For existing Standard tier users, on July 14, 2024, the data retention period for findings will be reduced from 13 months to 35 days. For new users activating the Standard tier after April 15, 2024, the data retention period for findings is 35 days.
The retention period for findings in the Premium tier and Enterprise tier remains 13 months.
For more information, see Data retention.
Persistent resource for Vertex AI custom training is generally available (GA).
Vertex AI Feature Store
The following features of Vertex AI Feature Store are now generally available (GA):
Optimized online serving: Serve features at ultra-low latencies. For more information, see Optimized online serving.
Search using embeddings: Perform vector similarity searches to retrieve semantically similar or related features for real-time serving. You can search using embeddings if your online store is configured to support embeddings. For more information, see Search using embeddings.
Feature view sync: Refresh or synchronize the feature data in a feature view within an online store from the feature data source in BigQuery. For more information, see Sync feature data to online store.
April 12, 2024
AlloyDB for PostgreSQLAlloyDB Omni version 15.5.2 is now available. This version fixes the issue causing AlloyDB Omni running in Kubernetes to run out of memory and crash under some heavy workloads. To apply this fix to a database cluster running in Kubernetes, update its DBCluster
manifest definition so that its databaseVersion
value is "15.5.2"
.
Architecting disaster recovery for cloud infrastructure outages: Added DR guidance for Vertex AI online predictions.
Deploying the enterprise application blueprint: Added information about using a single Git repository (a monorepo) instead of a separate repository for each application.
GPUDirect-TCPX is now supported on GKE version 1.27 and later and requires the following patch versions:
- For GKE version 1.27, use GKE patch version 1.27.7-gke.1121000 or later.
- For GKE version 1.28, use GKE patch version 1.28.8-gke.1095000 or later.
- For GKE version 1.29, use GKE patch version 1.29.3-gke.1093000 or later.
To use GPUDirect-TCPX, see Maximize GPU network bandwidth with GPUDirect-TCPX and multi-networking.
Release 6.2.53 is now in General Availability.
Remote Agent Release 1.5.0 is now in General Availability.
April 11, 2024
BigtableBigtable now integrates with LangChain, an LLM orchestration framework. For more information, see Build LLM-powered applications using LangChain. This feature is available in Preview.
Starting from June 15, 2024 it will not be possible to create Cloud Composer 1 environments in Google Cloud console. It will still be possible to create Cloud Composer 1 environments through Google Cloud SDK, Terraform, and API in allowlisted projects.
Anthropic Claude 3.0 Opus model
The Anthropic Claude 3.0 Opus model is available in Preview. The Claude 3.0 Opus model is an Anthropic partner model that you can use with Vertex AI. It's the most capable of the Anthropic models at performing complex tasks quickly. To learn more, see its model card in Model Garden.
Architecting disaster recovery for cloud infrastructure outages: Added DR guidance for Vertex AI batch predictions.
If you've turned on Marketplace reports in Producer Portal, you now receive proactive email notifications from Google when reports are delayed, have inaccurate data, or have been regenerated. For steps to set up reports and receive these notifications, see Set up to receive reports.
Release 6.2.54 is currently in Preview.
In Release 6.2.45 the option to manually enter General placeholders was added. The General Placeholders section has now been added to the platform.
Error when adding or removing a tag on a closed case (ID #50195120)
Unable to import dynamic parameters (ID #00262571)
Playbooks re-running during platform update (ID 00282275)
Playbook block input can't be used to select dynamic instance (ID #00276416)
Refreshing dashboard changes displayed data (ID #49716319)
Playbooks not saving correctly (ID #49142793)
When logging in via SAML it doesn't show up in the SOAR Audit logs.
If you use Pub/Sub metrics as a signal to autoscale your pipeline, refer to Best practices for using Pub/Sub metrics as a scaling signal.
April 10, 2024
Google Kubernetes EngineThe N4 machine family is generally available in GKE Standard clusters running on GKE 1.29 and later. You can select this family by using the --machine-type
flag when creating a cluster or node pool. The following limitations apply:
- Confidential GKE nodes is not supported.
- Local SSD is not supported.
hyperdisk-balanced
is the only supported boot disk type.
Looker 24.6 includes the following changes, features, and fixes:
Expected Looker (original) deployment start: Wednesday, April 17, 2024
Expected Looker (original) final deployment and download available: Tuesday, April 30, 2024
Expected Looker (Google Cloud core) deployment start: Monday, April 15, 2024
Expected Looker (Google Cloud core) final deployment: Monday, April 22, 2024
The Embedded Looker Studio feature is now available to preview. This feature lets you view and edit Looker Studio reports in Looker and create ad hoc analyses in embedded Looker Studio reports with the Open in Reports feature on Looker Explores.
To participate in this closed experiment, you must meet the following requirements:
Your Looker instance must be running on Looker 24.6 or later.
Your Looker instance must be using Google OAuth authentication.
You must have a Looker Studio Pro license for each user who accesses embedded Looker Studio.
You must submit the sign-up form for the closed experiment.
More information for using the Embedded Looker Studio feature is coming soon.
The Allow Legacy Maps legacy feature is now disabled by default. When the Allow Legacy Maps legacy feature is disabled, any map visualization that uses the Map (Legacy) chart type will be converted to use the Google Maps chart type. This may be a breaking change for some customers who are still using Legacy Maps.
Open SQL Interface now supports parameters and filter-only fields.
As part of a Looker Studio Pro subscription, Looker Studio Pro licenses are available at no cost to Looker users. Looker admins of Looker (original) instances and Looker (Google Cloud core) instances can accept these complimentary licenses and finish setting up a Looker Studio Pro subscription to get started using Looker Studio.
The Performant Field Picker is now generally available. Search modifiers in the Field Picker can no longer be used.
An issue that caused user attribute filter values to fail to load in some situations has been fixed. This feature now performs as expected.
The json_bi
and json_detail_lite_stream
query result formats did not respect the apply_formatting
parameter in certain cases. This feature now performs as expected.
Previously, fields with full_suggestions
would not show suggestions while interacting with the filter. This feature now performs as expected.
An issue has been fixed where the fiscal year was not rendering correctly in some Excel downloads. This feature now performs as expected.
A more descriptive error message is now returned when a user tries to delete a project using the API while not in dev mode.
An issue has been fixed where some projects were empty when a user first entered dev mode. This feature now performs as expected.
Previously, an issue would cause Looker to incorrectly generate derived table SQL if a derived table referenced a view that referenced another derived table that was using the SQL_TABLE_NAME
syntax. This feature now performs as expected.
When New LookML Runtime is enabled, the LookML Validator will now include more descriptive error information when an aliased derived table's definition references an unqualified field name in Liquid.
Previously, comparison text on single value visualization dashboard tiles could be cut off when the tile was a specific height. This feature now performs as expected.
Performance for PDT stable view publishing has been improved.
An issue was causing the LookML Validator to incorrectly mark some fields as duplicates. This feature now performs as expected.
Previously, an unclear error message was returned when you selected a measure in an aggregate query using the SQL interface. The language of this error message has been clarified.
An intermittent issue was rendering a blank page when content was added to a board. This feature now performs as expected.
An issue was causing QR codes for mobile app authentication to be improperly generated. This feature now performs as expected.
April 09, 2024
AlloyDB for PostgreSQLThe following Gemini in Databases features are now available in Public Preview:
- Database Center: an AI-assisted dashboard that gives you one centralized view across your entire database fleet.
- AlloyDB Studio (GA): lets authorized users interact directly with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
- Monitor active queries: monitor and troubleshoot the queries that are active in your database.
- Index advisor: a fully managed index advisor that tracks the queries your database handles regularly.
- Enhanced Query Insights: an assistive query performance diagnostics platform that lets you detect, troubleshoot, and prevent database and query performance problems in near real-time.
- 4-week query metric retention in the Query Insights dashboard.
- 5 new database insight recommendations.
To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.
AlloyDB Omni version 15.5.1 has the following AlloyDB AI features available in Preview:
- Model endpoint management lets you maintain a per-project registry of AI model endpoints from a variety of sources and providers.
- The
postgres_ann
extension provides a configurable and highly efficient nearest-neighbor index powered by the ScaNN algorithm. - You can query your database using natural language. This Technology Preview includes parameterized secure views, which let you narrowly define the scope of data that natural-language queries have access to.
BigQuery ML now offers the following expanded embedding support features in preview:
- Using the
ML.GENERATE_EMBEDDING
function with a remote model based on a Vertex AImultimodalembedding
large language model (LLM) to create multimodal embeddings, which embed text and images into the same semantic space. - Using the
ML.GENERATE_EMBEDDING
function with a principal component analysis (PCA) model or autoencoder model to create embeddings for structured independent and identically distributed random variables (IID) data. - Using the
ML.GENERATE_EMBEDDING
function with a matrix factorization model to create embeddings for user or item data.
Try the new multimodal embedding functionality:
You can now create a data canvas in BigQuery Studio. A data canvas lets you discover, transform, query, and visualize data using natural language. It provides a graphic interface for your analysis that lets you work with data sources, queries, and visualizations in a directed acyclic graph (DAG), giving you a graphical view of your analysis workflow that maps to your mental model. You can iterate on query results and work with multiple branches of inquiry in a single place. This feature is in preview and access can be requested here.
The following Gemini in BigQuery features are now available in Public Preview:
- Data insights: an automated and intuitive way to explore and understand your data.
- Data canvas: a graphic interface that lets you discover, transform, query, and visualize data using natural language.
- SQL and Python code assistance: Gemini-assisted code generation, completion, and explanation.
- Materialized views, partitioning, and clustering recommendations: recommendations to reduce cost and improve performance.
- Autotune and troubleshoot serverless Spark: optimize and explain Spark workloads.
To learn how to enable and activate Gemini in BigQuery features, see Set up Gemini in BigQuery.
Bigtable Data Boost, a serverless compute service designed for high-throughput read jobs and queries, is available in Preview.
You can now build distributed counters with Bigtable with write-time aggregates. This feature is available in Preview.
You can control access to data in your Bigtable tables with authorized views. This feature is generally available (GA).
Bigtable app profiles let you configure request priorities to prioritize certain workload data requests over others. This feature is now generally available (GA).
Bigtable now lets you increase the retention period in the garbage collection policy for a column family in a replicated table. For more information, see Changing age-based garbage collection policies.
Database Migration Service support for code conversion with Gemini assistance is now available in preview. For more information, see:
Database Migration service support for homogeneous SQL Server migrations to Cloud SQL for SQL Server is now available in preview. For more information, see Database Migration Service for SQL Server.
Database Migration Service support for Oracle to AlloyDB for PostgreSQL migrations is now generally available. For more information, see Database Migration Service for Oracle to AlloyDB for PostgreSQL.
Database Migration Service conversion workspaces for heterogeneous migrations are now generally available (GA). For more information, see:
The following Gemini in Databases features are now available in Public Preview:
- Database Center: an AI-assisted dashboard that gives you one centralized view across your entire database fleet.
- Cloud SQL Studio: lets authorized users interact directly with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
- Monitor active queries: monitor and troubleshoot the queries that are active in your database.
- Index advisor: a fully managed index advisor that tracks the queries your database handles regularly.
- 4-week query metric retention in the Query Insights dashboard.
- 17 new database insight recommendations.
To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.
Cloud SQL for MySQL now supports the storage of vector embeddings in MySQL 8.0.36 and later databases. To use this feature, update your instance to MySQL 8.0.36.R20240401.03_00
or later.
After you store vector embeddings in your database, you can then perform K-nearest neighbor (KNN) searches on the dataset along with the rest of your data. Cloud SQL for MySQL also supports the creation of vector search indexes for several different index types using approximate nearest neighbor (ANN) search.
For more information, see Working with vector embeddings using Cloud SQL for MySQL. This feature is in Preview.
The following Gemini in Databases features are now available in Public Preview:
- Database Center: an AI-assisted dashboard that gives you one centralized view across your entire database fleet.
- Cloud SQL Studio: lets authorized users interact directly with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
- Monitor active queries: monitor and troubleshoot the queries that are active in your database.
- Index advisor: a fully managed index advisor that tracks the queries your database handles regularly.
- 4-week query metric retention in the Query Insights dashboard.
- 15 new database insight recommendations.
To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.
The following Gemini in Databases features are now available in Public Preview:
- Database Center: an AI-assisted dashboard that gives you one centralized view across your entire database fleet.
- Cloud SQL Studio: lets authorized users interact directly with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
- 9 new database insight recommendations.
To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.
Generally available: N4 VMs are generally available on the Intel Emerald Rapids CPU with 640 GB DDR5 memory. The N4 machine series offers predefined and custom machine types with extended memory and Hyperdisk Balanced storage.
N4 VMs are available in limited regions and zones.
See VM pricing for cost details.
Generally available: You can plan ahead for VM maintenance on M1, M2, and M3 machine types by viewing their maintenance schedule notifications. For specific machine types within these families, you can also trigger VM maintenance ahead of schedule.
Dataproc Serverless for Spark: The preview release of Advanced troubleshooting, including Gemini-assisted troubleshooting, is now available for Spark workloads submitted with the following or later-released runtime versions:
- 1.1.55
- 1.2.0-RC1
- 2.0.63
- 2.1.42
- 2.2.0-RC15
Dataproc Serverless for Spark: Announcing the preview release of Autotuning Spark workloads.
New Imagen on Vertex AI image generation model and features
The 006 version of the Imagen 2 image generation model (imagegeneration@006
) is now available. This model offers the following additional features:
- Additional aspect ratios (1:1, 3:4, 4:3, 9:16, 16:9)
- Digital watermark (SynthID) enabled by default
- Watermark verification*
- New user-configurable safety features (safety setting, person/face setting)
For more information, see Model versions and Generate images using text prompts.
* The seed
field can't be used while digital watermark is enabled.
New Imagen on Vertex AI image editing model and features
The 006 version of the Imagen 2 image editing model (imagegeneration@006
) is now available. This model offers the following additional features:
- Inpainting - Add or remove content from a masked area of an image
- Outpainting - Expand a masked area of an image
- Product image editing - Identify and maintain a primary product while changing the background or product position
For more information, see Model versions.
Change in Imagen image generation version 006 (imagegeneration@006
) seed
field behavior
For the new Imagen image generation model version 006 (imagegeneration@006
) the seed
field behavior has changed. For the v.006 model a digital watermark is enabled by default for image generation. To be able to use a seed
value to get deterministic output you must disable digital watermark generation by setting the following parameter
: "addWatermark": false
.
For more information, see the Imagen for image generation and editing API reference.
CodeGemma model
The CodeGemma model is available. CodeGemma is a lightweight open model that's part of the Google Gemma model family. CodeGemma is the Gemma model family's code generation and code completion offering. Gemma models are based on Gemini models and intended to be extended by customers.
Grounding Gemini and Grounding with Google Search
The Gemini API now supports Grounding with Google Search in Preview. Currently available for Gemini 1.0 Pro models.
Regional APIs
- Regional APIs are available in 11 new countries for Gemini, Imagen, and embeddings.
- US and EU have machine-learning processing boundaries for the
gemini-1.0-pro-001
,gemini-1.0-pro-002
,gemini-1.0-pro-vision-001
, andimagegeneration@005
models.
Generative AI on Vertex AI security control update
Security controls are available for the online prediction feature for Gemini 1.0 Pro and Gemini 1.0 Pro Vision.
Gemini 1.5 Pro (Preview)
Gemini 1.5 Pro (gemini-1.5-pro-preview-0409
) is available in Preview. Gemini 1.5 Pro is a multimodal model that analyzes text, code, audio, PDF, video, and video with audio.
New text embedding models
The following text embedding models are now in Preview.
text-embedding-preview-0409
text-multilingual-embedding-preview-0409
When evaluated using the MTEB benchmarks, these models produce better embeddings compared to previous versions. The new models also offer dynamic embedding sizes, which you can use to output smaller embedding dimensions, with minor performance loss, to save on computing and storage costs.
For details on how to use these models, refer to the public documentation and try out our Colab.
System instructions
System instructions are supported in Preview by the Gemini 1.0 Pro (stable version gemini-1.0-pro-002
only) and Gemini 1.5 Pro (Preview) multimodal models. Use system instructions to guide model behavior based on your specific needs and use cases. For more information, see System instructions examples.
Supervised Tuning for Gemini
Supervised tuning is available for the gemini-1.0-pro-002 model
.
Online Evaluation Service
Generative AI evaluation supports online evaluation in addition to pipeline evaluation. The list of supported evaluation metrics has also expanded. See API reference and SDK reference.
Generative AI Knowledge Base
The Jump Start Solution: Generative AI Knowledge Base demonstrates how to build a simple chatbot with business- and domain-specific knowledge.
Text translation
Translate text in Vertex AI Studio is available in Preview.
Gemini 1.0 Pro stable version 002
The 002 version of the Gemini 1.0 Pro multimodal model (gemini-1.0-pro-002
) is available. For more information about stable versions of Gemini models, see Gemini model versions and lifecycle.
Vertex AI Studio features and updates
- The Vertex AI Studio supports side-by-side comparison to allow users to compare up to 3 prompts in a side-by-side view.
- The Vertex AI Studio supports rapid evaluation in console and the ability to upload a ground truth response (or a model response to try to emulate).
To learn more, see Try your prompts in Vertex AI Studio
GitLab on Google Cloud is in Preview. The integration enables customers to deploy source from GitLab to Google Cloud run-time environments. The integration simplifies authentication and authorization to Google for GitLab piplines, and uses GitLab and Google CI/CD components. To get started, try the GitLab end-to-end tutorial.
GKE on VMware 1.16.7-gke.46 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.16.7-gke.46 runs on Kubernetes v1.27.10-gke.500.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
The following issues are fixed in 1.16.7-gke.46.
- Fixed the
known issue
where the
controlPlaneNodePort
field defaults to 30968 when themanualLB
spec is empty.
The following vulnerabilities are fixed in 1.16.7-gke.46:
High-severity container vulnerabilities:
Ubuntu vulnerabilities:
Container-optimized OS vulnerabilities:
Cloud Tensor Processing Units (TPUs) are now available in GKE Autopilot clusters running version 1.29.2-gke.1521000 or later. To learn more, visit Deploy TPU workloads on GKE Autopilot.
Flow Analyzer is now available in Preview.
Flow Analyzer lets you quickly and efficiently understand your VPC traffic flows without the need to write complex SQL queries for analyzing VPC Flow Logs.
The following Gemini in Databases features are now available in Public Preview:
- Spanner Studio (GA): lets users interact with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
- Spanner now supports the use of Gemini models with GoogleSQL and PostgreSQL machine learning prediction functions.
To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.
Spanner now supports the ML_PREDICT_ROW()
function for PostgreSQL. You can use this function to generate predictions using SQL. To learn more about this function and how to use it, see Using Spanner Vertex AI integration functions.
You can now generate ML predictions using the Spanner emulator with GoogleSQL and PostgreSQL.
Spanner GoogleSQL now supports SAFE.ML.PREDICT()
, which allows you to return a null
instead of an error in your predictions.
You can generate and backfill vector embeddings for textual data (STRING
or JSON
) stored in Spanner using GoogleSQL partitioned DML and the Vertex AI textembedding-gecko
model. For more information, see Generate vector embeddings for textual data in bulk using partitioned DML.
Spanner now supports several new PostgreSQL JSONB
functions:
spanner.jsonb_query_array()
jsonb_build_array()
jsonb_build_object()
The PostgreSQL CONCAT()
function also supports more than 4 arguments.
For more information, see Supported PostgreSQL functions.
Spanner has extended the array data type with the VECTOR LENGTH
parameter (in Preview). This optional parameter sets an array to a fixed size for use in a vector search. For more information, see the PostgreSQL array
data type or the GoogleSQL array
data type.
Spanner now supports the dot_product()
function (in Preview). For more information, see Choose among vector distance functions to measure vector embeddings similarity.`
Spanner now supports the float32
(GoogleSQL) and float4/real
(PostgreSQL) data type (in Preview).
Spanner now supports the use of Gemini models with GoogleSQL and PostgreSQL machine learning prediction functions (in Preview).
Spanner now supports using LangChain with the vector store, document loader, and chat message history objects. For more information, see Build LLM-powered applications using LangChain.
Vertex AI Search: Document chunking support for more search types (Public preview)
When document chunking is turned on for an unstructured data store, search summaries and search with follow-ups are supported in Public preview.
For information, see Chunk documents for RAG.
Vertex AI Search: Document ranking API (Public preview)
The ranking API takes a list of documents and reranks those documents based on how relevant the documents are to a query. This is a stateless API that does not require you to index documents in advance.
For more information, see Rank and rerank documents.
Vertex AI Search: Check grounding (Public preview)
The check grounding API is available as a Public preview feature.
The check grounding API determines how grounded a piece of text is in a given set of facts. Perfect grounding requires that every statement in the text can be attributed to one or more of the given facts. The API returns support scores and citations.
Additionally, as an experimental feature, the API also generates contradicting citations that show which facts contradict the text and how strongly.
For more information, see Check grounding and the check
API.
Vertex AI Search: Answers with summaries and follow-ups (Public preview)
The answer API improves on the search with summary and search with follow-ups features. For example, it better handles complex queries, can do multi-step retrieval, and provides customization of answer styles.
The answer API is supported in Public preview.
For more information, see Get answers and follow-ups.
Vertex AI Search: FHIR data streaming ingestion (Private preview)
Select the import frequency for your healthcare FHIR data. You can either perform a one-time batch import or set up a streaming import. Streaming import is available as a Private preview feature.
For more information, see Create a healthcare search data store.
Vertex AI Search: Autocomplete support for healthcare search (Public preview)
Autocomplete is available as a Public preview feature for healthcare data search. The autocomplete configuration uses a canonical medical data source to generate autocomplete suggestions for healthcare data stores.
For more information, see Configure autocomplete.
Vertex AI Search: Connect Google Drive to Vertex AI Search (GA)
Syncing Google Drive data to Vertex AI Search is available in GA. For more information about creating a Google Drive data store, see Sync from Google Drive.
Vertex AI Search: Connect multiple search apps to the same data store (GA)
Connecting more than one generic search app to a single data store is supported in GA. With this capability, you can create multiple apps that search across the same data without having to ingest that data multiple times.
Vertex AI Search: Blended search (GA)
Blended search, where you can search across multiple data stores using a single search app, is available in GA. For more information about blended search, see About connecting multiple data stores.
Vertex AI Search: Connect Spanner, Cloud SQL, Firestore, and Bigtable to Vertex AI Search (Public preview)
Importing data from Spanner, Cloud SQL, Firestore, and Bigtable to Vertex AI Search is available in Public preview. For more information about creating a Google Drive data store, see Create a search data store.
Vertex AI Search: Media search (GA)
Vertex AI Search for media is Generally available (GA).
You can create media search apps on media data stores. You can connect the media search app to an existing media data store or create a new one. You can also use document metadata to filter search queries of your media content.
Vertex AI Search: Additional languages supported for media search
Vertex AI Search for media is supported in nine languages: Arabic, English, French, German, Hindi, Korean, Japanese, Portuguese, and Spanish.
For more information, see Languages.
Vertex AI Search: Search-as-you-type for media apps (GA)
The search-as-you-type feature is Generally available (GA) for media search apps.
Search results are returned after each character instead of after the full query is entered. Search-as-you-type is ideal for search apps with awkward input devices such as television remotes. You can enable search-as-you-type through the widget UI as well as through the API.
For more information, see Get search-as-you-type results for a media app.
April 08, 2024
AlloyDB for PostgreSQLYou can preview a simplified installation method for AlloyDB Omni. This lets you install and run AlloyDB Omni on your environment using portable open-source tools, such as the docker
command-line interface.
AlloyDB Omni version 15.5.1 is now available. This version includes the following features and changes:
The AlloyDB Omni Kubernetes Operator version 1.0.0 is Generally Available (GA). The operator includes the following new features:
- Backups now support point-in-time recovery (PITR).
- You can create asynchronous read pool instances.
- High availability (HA) database clusters can have more than one standby replica
- HA database clusters don't require any change in connection parameters when failing over.
- You can use an HA standby replica as a read-only instance.
- You can enable and configure logical replication.
- You can set up physical replication between a primary and secondary database cluster running on two separate Kubernetes clusters.
- You can restrict AlloyDB Omni pods to run on specific nodes in your Kubernetes cluster.
- A number of database and system metrics are available.
The
pg_squeeze
extension version 1.0 is included.Various bug fixes and performance improvements.
The following issue was fixed on April 12, 2024.
Some heavy workloads might cause AlloyDB Omni running in Kubernetes to run out of memory and crash.
To mitigate this issue, make sure that transparent huge pages are enabled on your Kubernetes nodes:
- Follow the instructions on Configuring Transparent Huge Pages.
On every node that you enable transparent huge pages on, run the following command:
echo within_size > /sys/kernel/mm/transparent_hugepage/shmem_enabled
You can now enable Chrome Security Insights to monitor insider risk and data loss with enhanced monitoring for Chrome activity if you have Chrome Enterprise Core and Workspace Enterprise Standard or Workspace Enterprise Plus with assigned licenses. For more information, see Monitoring for insider risk and data loss.
BigQuery Studio is generally available (GA).
BigQuery Studio lets you save, share, and manage versions of code assets such as notebooks and saved queries.
BigQuery DataFrames is generally available (GA).
BigQuery DataFrames is a set of open source Python libraries that implements the pandas
and scikit-learn
APIs with server-side processing. To get started, you can try BigQuery DataFrames.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-bigquery
3.20.1 (2024-04-01)
Bug Fixes
The BigQuery materialized view recommender analyzes your past query jobs to identify opportunities to apply materialized views to your queries for potential cost savings. You can view all available materialized view recommendations through the BigQuery UI or Recommender API. This feature is in preview.
Cloud NGFW Enterprise, including the intrusion prevention service, is available in General Availability. Use intrusion prevention service to safeguard your workload traffic from threats such as malware, spyware, and command-and-control attacks.
Starting April 9, 2024, you will be charged for the Cloud NGFW Enterprise feature—intrusion prevention service. For more information about billing, see Cloud NGFW pricing.
Cloud Firewall in Google Cloud is now Cloud Next Generation Firewall (NGFW). For more information, see Cloud NGFW.
Application Load Balancers now support Certificate Manager allowlisted certificates. For more information, see Mutual TLS authentication.
This capability is in General Availability.
Hybrid NAT is now available in Preview.
Cloud SQL Enterprise Plus edition primary instances with high availability (HA) now require less than one second of downtime for planned maintenance.
Cloud SQL Enterprise Plus edition primary instances with high availability (HA) now require less than one second of downtime for planned maintenance.
Code Transformations for Gemini Code Assist are now available for Public Preview. You can now use an inline text box directly in your code file to do the following:
- Generate comment lines to document your code.
- Troubleshoot code with issues.
- Improve code readability.
- Make code more efficient.
You can also view context sources of a generated response in the Gemini: Chat pane.
For more information, see Code with Gemini Code Assist.
Code Transformations for Gemini Code Assist are now available for Public Preview. You can now use an inline text box directly in your code file to do the following:
- Generate comment lines to document your code.
- Troubleshoot code with issues.
- Improve code readability.
- Make code more efficient.
You can also view context sources of a generated response in the Gemini: Chat pane.
For more information, see Code with Gemini Code Assist.
Pricing change: On January 26, 2024, Red Hat announced a price model update on RHEL and RHEL for SAP for all Cloud providers that scales image subscription costs according to vCPU count. The new pricing model will be reflected on Compute Engine starting July 1, 2024.
For the pricing changes, see Premium images. To learn about your options to optimize subscription costs, see the Red Hat Enterprise Linux pricing FAQs.
On January 26, 2024, Red Hat announced a price model update on RHEL and RHEL for SAP for all Cloud providers that scales image subscription costs according to vCPU count. As a result, starting July 1, 2024, any active commitments for RHEL and RHEL for SAP licenses will be canceled and will not be charged for the remainder of the commitment's term duration.
Google Cloud has notified and will issue adjustments to affected customers.
Firestore now supports the following additional locations:
africa-south1
Johannesburgeurope-north1
Finlandeurope-southwest1
Madrideurope-west10
Berlineurope-west12
Turineurope-west8
Milansouthamerica-west1
Santiagous-central1
Iowaus-east5
Columbus
For a full list of supported locations, see Locations.
Firestore in Datastore mode now supports the following additional locations:
africa-south1
Johannesburgeurope-north1
Finlandeurope-southwest1
Madrideurope-west10
Berlineurope-west12
Turineurope-west8
Milansouthamerica-west1
Santiagous-central1
Iowaus-east5
Columbus
For a full list of supported locations, see Locations.
Deploy an enterprise developer platform on Google Cloud: Consolidated the eab-fleet-(env)
project into the eab-gke-(env)
project in each environment.
Release 1.28.400-gke.77
GKE on Bare Metal 1.28.400-gke.77 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.28.400-gke.77 runs on Kubernetes 1.28.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
Functionality changes:
- Updated preflight checks to add a check for networking kernel modules.
- Updated preflight checks to remove the check for
iptables
package availability.
Fixes:
- Fixed a cluster upgrade issue where the
lifecycle-controller-deployer
Pod was unable to migrate existing GKE on Bare Metal resources to the latest API version. This issue blocked upgrades to earlier version 1.28 releases.
Fixes:
The following container image security vulnerabilities have been fixed in 1.28.400-gke.77:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
Release 1.16.7
GKE on Bare Metal 1.16.7 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.16.7 runs on Kubernetes 1.27.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
Fixes:
- Fixed an issue with configuring a proxy for your cluster that required you to manually set
HTTPS_PROXY
andNO_PROXY
environment variables on the admin workstation.
The following container image security vulnerabilities have been fixed in 1.16.7:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
(2024-R09) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following cluster and node versions are now available:
Stable channel
- There are no new releases in the Stable release channel.
Regular channel
- There are no new releases in the Regular release channel.
Rapid channel
- The following versions are now available in the Rapid channel:
(2024-R09) Version updates
- The following cluster and node versions are now available:
(2024-R09) Version updates
- There are no new releases in the Stable release channel.
(2024-R09) Version updates
- There are no new releases in the Regular release channel.
(2024-R09) Version updates
- The following versions are now available in the Rapid channel:
Vector search capabilities are now Generally Available on Memorystore for Redis.
You can now ingest streaming data from Amazon Kinesis Data Streams into Pub/Sub by using an import topic. For more information about import topics, including required roles and permissions and how to create an import topic, see Create an import topic. The change is being rolled out in a phased manner over the rest of the week.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.128.0 (2024-04-03)
Features
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.38.2 (#1965) (ec3b386)
- Update dependency com.google.cloud:google-cloud-storage to v2.36.1 (#1968) (524109c)
- Update dependency com.google.protobuf:protobuf-java-util to v4.26.1 (#1972) (53c1120)
Documentation
Python
Changes for google-cloud-pubsub
2.21.1 (2024-04-04)
Bug Fixes
You can now add a time to live (TTL)-based deletes filter to your Spanner change streams using the exclude_ttl_deletes
option.
You can now add a table modification type filter to your Spanner change streams to exclude INSERT
, UPDATE
, or DELETE
table modifications.
Spanner change streams now support a new value capture type called NEW_ROW_AND_OLD_VALUES
. This new type captures all new values for both modified and unmodified columns, and old values for modified columns.
April 05, 2024
Advisory NotificationsAdvisory Notifications for users using Google Cloud without an organization is now in General Availability. Advisory Notifications now lets users opt in to or out of optional notification types.
The following extensions are added to the extensions supported by AlloyDB.
autoinc
insert_username
moddatetime
pg_background
pg_squeeze
tcn
The extension pgvector
is updated to version 0.6.0.
You can now use BigLake to access Delta Lake tables. For more information, see Create Delta Lake BigLake tables. This feature is available in preview.
The Cloud Billing FinOps hub is now Generally Available
Use the FinOps hub to monitor and share your current savings, explore recommended opportunities to optimize costs, and plan your optimization goals. The FinOps hub dashboard generates recommendations based on historical usage, including recent usage and current commitments, and helps you gauge how well you're using Google Cloud tools to monitor and save costs.
Database Migration Service now supports physical backup files created by using the Percona XtraBackup utility for homogeneous MySQL to Cloud SQL for MySQL migrations. For more information, see Migrate your databases by using a Percona XtraBackup physical file.
Custom constraints for Cloud Storage are now available. You can use custom constraints to enforce policies on Cloud Storage resources, such as a policy that enforces all buckets to have Object Versioning enabled.
The following Dataflow templates are generally available (GA):
Support for Customer-managed encryption keys (CMEK). This feature is in Preview.
Support for Customer-managed encryption keys (CMEK). This feature is in Preview.
(New guide) Use Google Cloud Armor, load balancing, and Cloud CDN to deploy programmable global front ends: Provides an architecture that uses a global front end incorporating Google Cloud best practices to help scale, secure, and accelerate the delivery of internet-facing applications.
GPU NVIDIA Multi-Process Service (MPS) is available in version 1.27.7-gke.1088000 and later, which allows multiple workloads to share a single NVIDIA GPU hardware accelerator with NVIDIA MPS.
Added support for new node types, including smaller and larger nodes. For more details, see Cluster and node specification.
Added support for AOF and RDB persistence (Preview). For more details, see Persistence overview.
Added support for instance configurations (Preview). For more details, see Supported instance configurations.
SAP BTP edition of the ABAP SDK for Google Cloud
Version 1.0 of the SAP BTP edition of ABAP SDK for Google Cloud is generally available (GA). With the BTP edition of the SDK, developers can create innovative solutions using Google Cloud APIs in their SAP BTP, ABAP environment.
For more information, see:
April 04, 2024
Anthos clusters on AWSYou can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
The allow_non_incremental_definition
option and max_staleness
option for materialized views are now generally available (GA). The allow_non_incremental_definition
option supports an expanded range of SQL queries to create materialized views, and the max_staleness
option provides consistently high performance with controlled costs when processing large, frequently changing datasets.
You can now perform model monitoring in BigQuery ML. The following model monitoring functions are now in preview:
ML.DESCRIBE_DATA
: compute descriptive statistics for a set of training or serving data.ML.VALIDATE_DATA_SKEW
: compute the statistics for a set of serving data, and then compare them to the statistics for the data used to train a BigQuery ML model in order to identify anomalous differences between the two data sets.ML.VALIDATE_DATA_DRIFT
: compute and compare the statistics for two sets of serving data in order to identify anomalous differences between the two data sets.ML.TFDV_DESCRIBE
: compute fine-grained descriptive statistics for a set of training or serving data. This function provides the same behavior as the TensorFlowtfdv.generate_statistics_from_csv
API.ML.TFDV_VALIDATE
: compute and compare the statistics for training and serving data, or two sets of serving data, in order to identify anomalous differences between the two data sets. This function provides the same behavior as the TensorFlowvalidate_statistics
API.
BigQuery data clean rooms with analysis rules and enhanced usage metrics are now generally available (GA). Data clean rooms provide a security-enhanced and privacy-preserving environment for multiple parties to share and augment data without moving or revealing the underlying data.
Join restrictions, list overlap, differential privacy with privacy budgeting, and aggregation thresholding are now enforceable in BigQuery data clean rooms using analysis rules.
Cloud Data Fusion is available in the africa-south1
region. For more information, see Pricing.
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Bare Metal Rack HSM is generally available for customers with specific business and technical requirements in limited regions.
Bare Metal Rack HSM is an infrastructure-as-a-service offering that lets you deploy large numbers of customer-owned hardware security modules (HSMs) in PCI-compliant facilities next to your Google Cloud workloads. This product helps to accelerate migration of your payment applications to Google Cloud.
For more information, including to compare Bare Metal Rack HSM with Bare Metal HSM, see Bare Metal Rack HSM.
For Cloud SQL Enterprise Plus edition, you can now use advanced disaster recovery (DR) to simplify recovery and fallback processes after you perform a cross-regional failover. With advanced DR, you can:
- Designate a cross-region disaster recovery (DR) replica
- Perform replica failover
- Restore your original deployment by using zero data loss switchover
You can also use switchover to simulate disaster recovery without data loss.
For more information, see Advanced disaster recovery (DR) and Use advanced disaster recovery (DR). This feature is in Preview.
Generally available: Simplify block storage management for Compute Engine instances with Hyperdisk Storage Pools. A Hyperdisk Storage Pool is a pre-purchased collection of disk capacity, throughput, and IOPS which you can then provision to your applications as needed. By managing disks in aggregate, you can save costs while achieving expected capacity and performance growth. For more information, see About Hyperdisk Storage Pools.
cos-105-17412-294-62
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.13 | v470.239.06(default),v550.54.14(latest) |
Updated app-emulation/containerd to 1.7.13.
Upgraded net-misc/chrony to v4.5.
Upgraded sys-apps/makedumpfile to v1.7.4.
Upgraded app-admin/node-problem-detector to v0.8.17.
Upgraded app-admin/localtoast to v1.1.7.
Add NVIDIA GPU drivers R550 branch and update latest to 550.54.14.
Downgraded app-admin/localtoast to v1.1.5.
Fix bug in google-guest-agent service enablement.
Fixed CVE-2024-26591 in the Linux kernel.
Fixed CVE-2024-26589 in the Linux kernel
Fixed CVE-2024-26585 in the Linux kernel.
Fixed CVE-2023-52439 in the Linux kernel.
Fixed CVE-2023-52434 in the Linux kernel.
New Dataproc Serverless for Spark runtime versions:
- 1.1.57
- 1.2.1
- 2.0.65
- 2.1.44
- 2.2.1
Added bigframes
Python package by default in the Dataproc Serverless for Spark runtime versions 1.2 and 2.2
Vertex AI Conversation: You can now create a data store in one language that is connected to an agent that uses different languages.
Architecting disaster recovery for cloud infrastructure outages: Added DR guidance for Cloud Billing.
A Denial-of-Service (DoS) vulnerability (CVE-2023-45288) was recently discovered in multiple implementations of the HTTP/2 protocol, including the golang HTTP server used by Kubernetes. The vulnerability could lead to a DoS of the Google Kubernetes Engine (GKE) control plane.
For more information, see the GCP-2024-022 security bulletin.
April 03, 2024
Anthos clusters on AWSA Denial-of-Service (DoS) vulnerability (CVE-2023-45288) was recently discovered in multiple implementations of the HTTP/2 protocol, including the golang HTTP server used by Kubernetes. The vulnerability could lead to a DoS of the Google Kubernetes Engine (GKE) control plane. For more information, see the GCP-2024-022 security bulletin.
A Denial-of-Service (DoS) vulnerability (CVE-2023-45288) was recently discovered in multiple implementations of the HTTP/2 protocol, including the golang HTTP server used by Kubernetes. The vulnerability could lead to a DoS of the Google Kubernetes Engine (GKE) control plane. For more information, see the GCP-2024-022 security bulletin.
On April 3, 2024, we released an updated version of Apigee.
With this release, Apigee expanded its support for data residency to additional regions in Asia-Pacific and the Middle East. Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.
For more information, see Introduction to data residency.
For a list of supported geographic locations, see Apigee locations.
You can set maximum time limits for tasks and runnables. For more information, see Limit run times for tasks and runnables using timeouts.
When a job fails due to exceeding a timeout, the job's logs don't indicate whether the failure was caused by the relevant task's timeout or the relevant runnable's timeout. For more information, including a workaround, see Known issues.
Collation now supports the following generally available (GA) features:
- The underscore in the
LIKE
operator. - Comparison support for the
STRUCT
data type with the following operators and conditional expressions:=
,!=
,IN
andCASE
.
You can now configure materialized views with tables enabled for change data capture (CDC) streaming update and delete operations.
The cross-region internal Application Load Balancer supports backends in multiple regions, provides seamless cross-region failover using Cloud DNS routing policies, and is globally accessible by clients from any Google Cloud region, on premise, or other clouds. Supports Google-managed certificates using Cloud Certificate Manager and Certificate Authority Service.
For details, see the Internal Application Load Balancer overview.
To set up a cross-region internal Application Load Balancer, see the following pages:
This capability is in General Availability.
The cross-region internal proxy Network Load Balancer supports backends in multiple regions, provides seamless cross-region failover, and is globally accessible by clients from any Google Cloud region, on premise, or other clouds.
For details, see the Internal proxy Network Load Balancer overview.
To set up a cross-region internal proxy Network Load Balancer, see the following pages:
This capability is in General Availability.
The Logging query language now supports the cast
and regexp_extract
functions. For more information, see the Logging query language documentation.
You can now migrate your external MySQL 5.7 and 8.0 databases into Cloud SQL for MySQL by using Percona XtraBackup physical files. This feature is in Preview.
For more information, see Migrate to Cloud SQL from an XtraBackup physical file.
You can now migrate data in the tables of your database in parallel. There's a performance improvement because Cloud SQL can transfer the data with parallel processes within a database. You can set the speed that Cloud SQL transfers this data to min
, optimal
, or max
.
Managed folders are now available in the Google Cloud Console.
You can now use managed folders in your Cloud Storage buckets using the Cloud Console. You can create, list, move, and delete your managed folders in the Console, as well as set IAM policies. To learn more, see Create and manage managed folders.
Compute Engine is not affected by CVE-2024-3094. For more information, see the the GCP-2024-021 security bulletin.
Config Connector version 1.115.0 is now available.
Improved support for AlloyDB, by adding new fields to AlloyDBCluster and AlloyDBInstance.
AlloyDBCluster
Added
spec.clusterType
field.Added
spec.deletionPolicy
field.Added
spec.secondaryConfig
field.
AlloyDBInstance
- Added
spec.instanceTypeRef
field.
Dialogflow CX: Language auto detect is now available for chat conversations. You can configure Dialogflow CX to detect an end-user's language and automatically respond in that same language. See the language reference page for a list of languages available for this feature.
You can now use Firestore to perform K-nearest neighbor (KNN) vector searches. This feature is in Preview.
(New guide) Infrastructure for a RAG-capable generative AI application using GKE: Design the infrastructure to run a generative AI application with retrieval-augmented generation (RAG) using GKE, Cloud SQL, and open source tools like Ray, Hugging Face, and LangChain.
The Cloud Armor premium service tier "Cloud Armor Managed Protection Plus" has been renamed to "Cloud Armor Enterprise." This change is being made to reflect the evolution of Cloud Armor's enterprise features. SKU IDs and pricing are unchanged. The name change does not impact the enrollment status of existing projects, or any features that were part of Managed Protection Plus. Learn more about Cloud Armor Enterprise.
Cloud Armor Enterprise Paygo (formerly Managed Protection Plus Paygo) is now Generally Available. Learn more about Cloud Armor Enterprise service tiers.
A Denial-of-Service (DoS) vulnerability (CVE-2023-45288) was recently discovered in multiple implementations of the HTTP/2 protocol, including the golang HTTP server used by Kubernetes. The vulnerability could lead to a DoS of the Google Kubernetes Engine (GKE) control plane. For more information, see the GCP-2024-022 security bulletin.
A Denial-of-Service (DoS) vulnerability (CVE-2023-45288) was recently discovered in multiple implementations of the HTTP/2 protocol, including the golang HTTP server used by Kubernetes. The vulnerability could lead to a DoS of the Google Kubernetes Engine (GKE) control plane. For more information, see the GCP-2024-022 security bulletin.
The GKE compliance dashboard now offers compliance evaluation for CIS Kubernetes Benchmark 1.5, Pod Security Standards (PSS) Baseline, and PSS Restricted standards in Preview. To learn more, see About the compliance dashboard.
GKE threat detection is now available in Preview. Threats against the Kubernetes control plane impacting your GKE Enterprise clusters are now visible in the GKE security posture dashboard. To learn more, see About GKE threat detection.
On or after May 1, 2024, in an effort to improve enrichment quality, the enrichment process using telemetry events and entities will prioritize values set by parsers over values from aliases in unenriched events. If a parser does not set the value, the enrichment process will set the enriched value to using aliases.
Curated Detections rule packs covering AWS threats are generally available to Chronicle Enterprise and Enterprise Plus customers.
Curated Detections has been enhanced with new detection content for Cloud Threats category. These new rule sets identify threats in AWS environments and are generally available to customers with a Chronicle Security Operations Enterprise and Enterprise Plus license.
BigQuery Connector for SAP version v2.6
Version 2.6 of the BigQuery Connector for SAP is generally available (GA). This version offers several enhancements and bug fixes, including the addition of the Create Table tool, the Mass Field Conversion tool, a custom transaction designed to only display the BigQuery Connector for SAP settings, and support for replicating cluster tables to BigQuery.
For more information, see What's new with BigQuery Connector for SAP.
April 02, 2024
AlloyDB for PostgreSQLAlloyDB Studio is now generally available (GA). AlloyDB Studio includes an Explorer pane that integrates with an enhanced query editor, letting you browse, query, and modify your AlloyDB databases with this single interface. For more information, see Manage your data using AlloyDB Studio.
On April 2, 2024, we announced an increase in the rate limits for the Spike Arrest policy.
The limit on the rate you can specify increased from 1,000 requests per second, 60,000 requests per minute to 4,000 requests per second, 240,000 requests per minute.
See the Spike Arrest section of the Limits page for information on Spike Arrest limits.
Artifact Analysis automatic scanning for Ruby, Rust, .NET and PHP vulnerabilities in container images is now generally available. If the Container Scanning API is enabled, it scans container images pushed to Artifact Registry for Ruby, Rust, .NET and PHP vulnerabilities, in addition to already supported operating system and language package vulnerabilities.
Artifact Analysis returns Ruby, Rust, .NET and PHP vulnerability results for images that have a supported or unsupported operating system. When you push new versions of images to the registry, you might see more successful vulnerability scans against images without a supported operating system.
For more information, see Container scanning overview.
The following BigQuery ML features are now in preview:
- Performing
supervised tuning
on a remote model based on a
Vertex AI
text-bison
large language model (LLM). - Evaluate a Vertex AI LLM using the
ML.EVALUATE
function. Pre-trainedtext-bison
,text unicorn
, orgemini-pro
models and tunedtext-bison
models are supported for evaluation.
Try tuning and evaluating an LLM with the Customize an LLM by using supervised fine tuning how-to topic.
The Google Sheets plugin version 1.4.2 (bundled with the Google Drive plugins) is available in all Cloud Data Fusion versions. The release includes the following changes:
- Macros are supported for the following OAuth fields: Client ID, Client secret, and Refresh token (PLUGIN-1762).
- You can specify a single file ID in the File identifier field (PLUGIN-1763).
- Added an Access token field, which supports macros (PLUGIN-1764).
- You can turn on auto detection for the number of rows and columns (PLUGIN-1766).
You can now scale up the compute size (vCPU, memory) of a Cloud SQL Enterprise Plus edition primary instance with near-zero downtime.
Version 0.6.0 of the pgvector
extension that's listed in the March 27 release note isn't available yet. Use version 0.5.1 of this extension.
You can now scale up the compute size (vCPU, memory) of a Cloud SQL Enterprise Plus edition primary instance with near-zero downtime.
You can now use SSL mode instead of the legacy require_ssl
setting to specify the encryption requirements for connections to your Cloud SQL for SQL Server instances. For more information, see Enforce SSL/TLS encryption.
You can now use Customer-Managed Encryption Keys (CMEK) to protect repositories in Dataform. CMEK in Dataform is available in preview. For more information, see Use customer-managed encryption keys.
The following previously released sub-minor versions of Dataproc on Compute Engine images have been rolled back and can only be used when updating existing clusters that already use them:
- 2.0.97-debian10, 2.0.97-rocky8, 2.0.97-ubuntu18
- 2.1.45-debian11, 2.1.45-rocky8, 2.1.45-ubuntu20, 2.1.45-ubuntu20-arm
- 2.2.11-debian12, 2.2.11-rocky9, 2.2.11-ubuntu22
Dialogflow CX: Call companion is now generally available with new user interface settings.
Dialogflow CX: Dialogflow CX phone gateway is now generally available.
Vertex AI Conversation: Data stores now support parse and chunk configuration.
Fine tuning generative AI models within the Custom Extractor is now supported in GA. For more information, see custom processors and fine tuning pricing.
Eventarc support for creating triggers for direct events from Cloud Deploy is generally available (GA).
Model Garden supports all Text Generation Inference supported models in HuggingFace:
- Verified deployment settings for about 400 Hugging Face text generation models (including google/gemma-7b-it, meta-llama/Llama-2-7b-chat-hf, and mistralai/Mistral-7B-v0.1).
- Other Hugging Face text generation models have unverified deployment settings that are auto generated.
Observability for Google Kubernetes Engine: Added a dashboard for Tensor Processing Unit (TPU) metrics on the Observability tab of both the cluster listing and cluster details pages for GKE clusters. The charts on this dashboard are populated with data only if the cluster has TPU nodes and GKE system metrics is enabled. For more information, see View observability metrics.
On or after May 1, 2024, in an effort to improve enrichment quality, the enrichment process using telemetry events and entities will prioritize values set by parsers over values from aliases in unenriched events. If a parser does not set the value, the enrichment process will set the enriched value to using aliases.
Search Ads 360 connector deprecation
After April 30, 2024, you will no longer be able to create new reports from this connector. Please start using the New Search Ads 360 connector.
To learn more about this change, read the Connect to Search Ads 360 (deprecated) Help Center article.
ABAP SDK for Google Cloud version v1.6
Version 1.6 of the ABAP SDK for Google Cloud is generally available (GA). This version brings in expanded support for more Google Cloud APIs, including support for multi-modal LLMs such as Gemini, SDK feature enhancements, and bug fixes.
For more information, see What's new with the ABAP SDK for Google Cloud.
To learn more, see Delay destruction of secret versions.
Enterprise tier released to General Availability
The Enterprise tier, which transforms Security Command Center into a cloud-native application protection platform (CNAPP) that combines cloud security and enterprise security operations with multicloud support, is released to General Availability.
The following features and capabilities of the Enterprise tier are new to Security Command Center:
- Multicloud support: You can now connect Security Command Center to Amazon Web Services for the following capabilities:
- Detect threats and vulnerabilities
- Assess the risk exposure of your high-value AWS resources
- Assess compliance with security standards
- A new Security Operations console for global security operations tasks
- SIEM and SOAR capabilities for security operations
- Security investigation and event management (SIEM) capabilities:
- Ingest and normalize logs from Google Cloud, AWS, Security Command Center findings, and resource metadata from multiple sources
- Detect the most important cloud threats with curated threat detection
- Search across consolidated SIEM data
- Security operations and response (SOAR) capabilities:
- Manage detections, investigations, and responses with cases
- Automate response workflows with playbooks
- Focus on posture and threat findings with dedicated views in the Security Operations console
- Integrate with IT service management products, such as Jira and ServiceNow, for posture management
- Search across consolidated SOAR data
- Security investigation and event management (SIEM) capabilities:
- The following attack exposure scoring features are in General Availability:
- Vulnerability and misconfiguration detections
- Security Health Analytics includes the following enhancements:
- New misconfiguration detectors for AWS resources
- Detectors are mapped to new security standards
- You can now manage the remediation of critical and high severity vulnerability and misconfiguration findings using cases that are automatically opened for you.
- Security Health Analytics includes the following enhancements:
- Threat detection and investigation
- Detect threats in your AWS deployments
- Investigate and respond to incidents with SIEM-like capabilities across 90 days of cloud logs
- Manage the investigation of and response to threats by using cases
- Define response workflows and automated actions in response to threats by using playbooks
- Mandiant Attack Surface Management integration
- Mandiant Attack Surface Management scans your external attack surfaces to identify vulnerability and misconfiguration findings
- Sensitive Data Protection integration
- The Risk overview page of Security Command Center in the Google Cloud console now shows data security findings from the Sensitive Data Protection discovery service
- Findings from Sensitive Data Protection that indicate the sensitivity and data risk levels of your data can inform the automated assignment of resource values for the attack path simulation feature
- Gemini artificial intelligence features
- Natural language search for threat findings
- AI investigation widget for cases
- Compliance, security standards
- Support for AWS security standards
- Validate infrastructure as code (IaC) against organization policies and Security Health Analytics detectors. The IaC validation feature lets you determine whether your new or modified resource definitions violate the existing policies that are applied to your Google Cloud resources.
- Integration with Assured Open Source Software The paid tier of Assured OSS is included with your Enterprise tier license, so that you can enhance your code security by using the open source software packages that Google uses for its own developer workflows.
With the Enterprise tier, severity levels of certain findings are now variable
In the Enterprise tier of Security Command Center, the default severity level of an active vulnerability or misconfiguration finding can change if the finding's attack exposure score changes. If you are a user of the Premium tier and you upgrade to the Enterprise tier, check any automated or manual procedures that rely on the value of the severity
property to ensure that they can support a variable severity value.
For more information, see Severities that vary based on attack exposure score.
If you opted to publish your data profiles to Security Command Center, you can configure Security Command Center to prioritize resources automatically according to the sensitivity of the data that the resources contain. For more information, see Set resource priority values automatically by data sensitivity.
If your discovery scan configuration isn't set to publish data profiles to Security Command Center, see Enable publishing to Security Command Center in an existing configuration.
Service Extensions is Generally Available for callout extensions for most Google Cloud Application Load Balancers.
You can also configure Cloud Load Balancing callout extensions by using the Console.
April 01, 2024
Apigee XOn April 1, 2024, we released an updated version of Apigee.
With this release, Apigee expanded its support for data residency to additional regions in Canada. Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.
For more information, see Introduction to data residency.
For a list of supported geographic locations, see Apigee locations.
The following new control packages are now available in Preview. See Supported products to learn about which Google Cloud products are supported for each new control package:
You can now create Assured Workloads folders from Resource Manager's Manage resources page in the Google Cloud console. See Creating and managing folders for more information.
Backup and DR Service added support to automatically protect your compute engine instances using Google Cloud tags. The dynamic protection tags feature is supported for backup/recovery appliances running on version 11.0.10.417 or later. You can check the appliance version from Manage > Appliances page.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigquery
7.5.2 (2024-03-27)
Bug Fixes
Go
Changes for bigquery/storage/apiv1beta1
1.60.0 (2024-03-27)
Features
- bigquery/analyticshub: Support selective sharing on data clean room Listings (a3bb7c0)
- bigquery/datatransfer: Add UnenrollDataSources API which gives users a programmatic way to unenroll data sources (a86aa8e)
- bigquery/storage: Add the RANGE type to the google.cloud.bigquery.storage.v1.TableFieldSchema (0195fe9)
Bug Fixes
- bigquery/storage/managedwriter: Fix flowcontrol refund on error (#9649) (a07bf1d)
- bigquery/storage/managedwriter: Retry improvements (#9642) (48a9258)
- bigquery: Update protobuf dep to v1.33.0 (30b038d)
Documentation
Python
Changes for google-cloud-bigquery
3.20.0 (2024-03-27) - YANKED
Reason this release was yanked:
undeclared dependency on pyarrow
Features
Bug Fixes
You can now enable, disable, and analyze history-based optimizations for queries. This feature is in preview.
BigQuery Studio is now available in the South Carolina (us-east1) region to manage versions of code assets such as notebooks and saved queries.
The BigQuery Data Transfer Service for Search Ads 360 now supports the new Search Ads 360 Reporting API. You can use the Search Ads 360 connector to specify custom Floodlight variables and custom columns when transferring Search Ads 360 data to BigQuery. This feature is now generally available (GA).
A weekly digest of client library updates from across the Cloud SDK.
Scope 2 market-based emissions data is now launched in Preview. This metric represents purchased electricity, incorporating Google's annual renewable energy purchases. Scope 2 emissions on this page are estimated using annual emissions factors from government sources (IEA, EPA & AIB). You can learn more here about the methodology and the difference between location-based and market-based emission metrics.
Scope 2 market-based emissions data is available only from January 2023 onwards and can be accessed in:
The console Dashboard on the Market-based emissions tab, and
The BigQuery export as field
carbon_footprint_kgCO2e.scope2.market_based
in the export data schema.
Please note that data already exported to BigQuery for previous months will still have Scope 2 market-based emissions data as NULL in your exported tables. To see the newly-released market-based data, schedule a manual data backfill for the desired time period. Note that there is a half-month lag of our data release. For example, to backfill January and February 2023 data, run the backfill for February 15, 2023 and March 15, 2023, which will update the data for January and February 2023 in your BigQuery table.
You can now configure advanced traffic management using flexible pattern matching. This feature allows you to use wildcard syntax anywhere in your path matcher configuration. You can use this feature to customize origin routing for different types of traffic and request and response behaviors. In addition, you can now use results from your pattern matching to rewrite the path that is sent to the origin.
Pattern matching with wildcards is now supported for the following products:
- Global external Application Load Balancer (launched previously)
- Regional external Application Load Balancer
- Cross-region internal Application Load Balancer
- Regional internal Application Load Balancer
- Traffic Director
For details, see URL maps overview: Wildcards and pattern matching operators in path templates for route rules.
This capability is available in General availability.
If your Cloud SQL Enterprise edition instance stores the transaction logs used for point-in-time recovery (PITR) on disk, then when you do an in-place upgrade to Cloud SQL Enterprise Plus edition, the storage location for the transaction logs is switched to Cloud Storage. For more information, see Upgrade an instance to Cloud SQL Enterprise Plus edition by using in-place upgrade.
To check where your instance stores the transaction logs used for PITR, see Use point-in-time recovery (PITR)
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for storage/internal/apiv2
1.40.0 (2024-03-29)
Features
- storage: Implement io.WriterTo in Reader (#9659) (8264a96)
- storage: New storage control client (#9631) (1f4d279)
Bug Fixes
- storage: Retry errors from last recv on uploads (#9616) (b6574aa)
- storage: Update protobuf dep to v1.33.0 (30b038d)
Performance Improvements
Google Cloud Storage now offers Dual-region Google Egress Bandwidth quotas per dual-region location. See Bandwidth usage in Cloud Storage.
cos-dev-117-18342-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.83 | v24.0.9 | v1.7.10 | v535.161.07(default),v550.54.14(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Upgraded app-admin/google-guest-configs to v20240307.00.
Upgraded localtoast to v1.1.7 and opted out of logging-service-running benchmark by default for cis-level2.
Upgraded app-containers/cni-plugins to v1.4.1.
Upgraded app-admin/node-problem-detector to v0.8.17.
Upgraded app-admin/google-osconfig-agent to v20240320.00.
Upgraded app-containers/docker, app-containers/docker-test and app-containers/docker-cli to v24.0.9.
Upgraded app-admin/google-guest-agent to v20240314.00.
Update app-containers/nvidia-container-toolkit to v1.14.6.
Upgraded chromeos-base/debugd-client to v0.0.1-r2662.
Upgraded chromeos-base/vm_protos to v0.0.1-r563.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r613.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2889.
Upgraded chromeos-base/shill-client to v0.0.1-r4408.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2404.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2753.
Upgraded chromeos-base/hiberman-client to v0.0.1-r470.
Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2788.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r610.
Upgraded app-benchmarks/bootchart to v0.9.2-r5.
Updated the Linux kernel to v6.1.83.
Added NVIDIA GPU drivers R550 branch and update latest to 550.54.14.
Fixed a bug in google-guest-agent service enablement.
Downgraded app-misc/ca-certificates to v20230311.3.96.1.
cos-109-17800-147-54
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.75 | v24.0.9 | v1.7.13 | v535.161.07(default),v550.54.14(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Updated app-containers/nvidia-container-toolkit to v1.14.6.
Upgraded localtoast to v1.1.7 and opted out of logging-service-running benchmark by default for cis-level2.
Upgraded sys-apps/makedumpfile to v1.7.4.
Upgraded app-admin/fluent-bit to v1.9.10.
Upgraded app-admin/node-problem-detector to v0.8.17.
Upgraded net-misc/chrony to v4.5.
Added NVIDIA GPU drivers R550 branch and update latest to 550.54.14.
Fixed a bug in google-guest-agent service enablement.
Fixed CVE-2024-26584 in the Linux kernel.
Fixed CVE-2024-26585 in the Linux kernel.
cos-beta-113-18244-1-33
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.77 | v24.0.9 | v1.7.10 | v535.161.07(default),v550.54.14(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Update app-containers/nvidia-container-toolkit to v1.14.6.
Added NVIDIA GPU drivers R550 branch and update latest to 550.54.14.
cos-101-17162-386-59
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.239.06(default),v550.54.14(latest) |
Added NVIDIA GPU drivers R550 branch and update latest to 550.54.14.
Dataproc Metastore now supports managed migrations.
Managed migration is an automated feature that helps you migrate data from a self-managed Hive Metastore to a Dataproc Metastore service, without any sizable down time.
Dataproc Metastore now supports autoscaling. Autoscaling automatically increases or decreases the scaling factor required to run your workloads.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/datastore
8.6.0 (2024-03-25)
Features
- Add new types ExplainOptions, ExplainMetrics, PlanSummary, ExecutionStats (#1241) (6c409d5)
- Nodejs transaction redesign feature branch (#1235) (1585d4a)
Bug Fixes
Java
Changes for google-cloud-datastore
2.19.0 (2024-03-25)
Features
Architecting disaster recovery for cloud infrastructure outages: Added DR guidance for Vertex ML Metadata.
Architecting disaster recovery for cloud infrastructure outages: Added DR guidance for Vertex AI Pipelines.
Policy Troubleshooter for IAM currently doesn't fetch tags for regional resources, such as Google Kubernetes Engine (GKE) clusters. As a result, if you have IAM policies with tag-based conditions and you try to use Policy Troubleshooter to troubleshoot access to regional resources, you might get inaccurate results. Our engineering team is working to resolve this issue.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-pubsub
2.21.0 (2024-03-26)
Features
Google Cloud's Agent for SAP version 3.2
Version 3.2 of Google Cloud's Agent for SAP is generally available (GA). This version introduces the default collection of Workload Manager evaluation metrics for new agent installations, configuration commands for updating the agent configuration, and enhancements to the Backint, disk snapshot, and Process Monitoring features.
For more information, see What's new with Google Cloud's Agent for SAP.
The following Security Health Analytics misconfiguration detectors have changed to check for overly restrictive flag values that might prevent error messages from being written to the logs:
SQL_LOG_ERROR_VERBOSITY
SQL_LOG_MIN_ERROR_STATEMENT_SEVERITY
For the flag values that the detectors check for, see:
You can use Packet Mirroring to collect IPv6 traffic. This feature is available in General Availability.
March 30, 2024
Network Intelligence CenterGeneral Availability: Network Topology provides dedicated views and insights of VMs and instance groups that generate higher egress is now . You can further filter the traffic based on the following traffic types: all egress, cross-zonal egress, egress to internet, and hybrid egress. For more information, see Network Topology overview.
March 29, 2024
AlloyDB for PostgreSQLFixed the issue causing AlloyDB clusters created using the Google Cloud CLI, the AlloyDB Admin API, or Terraform to have PostgreSQL 14 compatibility by default, instead of PostgreSQL 15 compatibility.
On March 29, 2024, we released an updated version of Apigee (1-12-0-apigee-2).
With this release, Apigee expanded its support for data residency to additional regions in the European Union. Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.
For more information, see Introduction to data residency.
For a list of supported geographic locations, see Apigee locations.
New Apigee API Monitoring Metrics
An new suite of metrics for monitoring Apigee proxies and target endpoints is now available. With improved scalability and accuracy, the new suite can support large workloads and withstand underlying infrastructure changes.
Apigee's API Monitoring tables and dashboards have been updated to include the following new metrics, which can be used to configure alerts and create custom dashboards:
proxy/request_count
proxy/response_count
proxy/latencies
target/request_count
target/response_count
target/latencies
Bug ID | Description |
---|---|
322843888 | Fixed issue with incorrect proxy routing when using base paths in proxy chaining. |
293933387 | KVM list operation now permits entries with null or empty values. |
239523766 | Removed Unable to evaluate jsonVariable, returning null error string from ExtractVariable Policy logging. |
285592278 | Fixed issue with deduction of recurring fees from prepaid balances. |
237656263 | Resolved issue with async mode in the ServiceCallout policy when the <Response> element is removed.This note is incorrect; this fix is not included in this release. |
321744310 | Added support for caching JSON results retrieved from the ExtractVariables policy. |
295341973 | Resolved issue causing delay in updating southbound SSL certificates in truststore and keystore references. |
For SAP HANA databases, the database and log backups are not run together in parallel.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Apigee
apigee.googleapis.com/Instance
apigee.googleapis.com/Organization
Database Migration Service now supports faster migrations of large PostgreSQL databases to AlloyDB for PostgreSQL.
For information about creating migration jobs using the high-performance parallelism settings, see Create a migration job to a new destination instance and Create a migration job to an existing destination instance.
The Storage Control API is now available for use. The Storage Control API lets you perform metadata-specific, control plane, and long-running operations. To learn more about the Storage Control API and operations you can perform, see Storage Control API overview.
Dataproc Serverless for Spark: runtime version 2.2 will become the default Dataproc Serverless for Spark runtime version on May 3, 2024.
Note: This announcement was updated in the April 19, 2024 release note.
M119 release
- Fixed an issue wherein Dataproc extensions caused JupyterLab to crash when remote kernels weren't available.
M119 release
- Fixed an issue wherein Dataproc extensions caused JupyterLab to crash when remote kernels weren't available.
Starting on April 17, 2024, the Dialogflow CX and Dialogflow ES traffic with audio will gradually route away from the classic phone_call
speech model to the new conformer-based speech models for the following language tags: en-au
, en-gb
, de
, de-de
, es
, es-es
, es-us
, fr
, fr-ca
, fr-fr
, it
, it-it
, ja
, pt-br
. For more information, see Dialogflow ES migration documentation and Dialogflow CX migration documentation.
Dialogflow CX: You can now enable smart endpointing.
The MedLM-large model infrastructure has been upgraded to improve latency and stability. Responses from the model might be slightly different.
Chronicle now supports direct ingestion and parsing of Google Cloud Next Generation Firewall (NGFW) Enterprise logs.
Release 6.2.52 is now in General Availability.
Vertex AI Retail Search: Search analytics v2 improvements
- Enhanced dashboard experience: Leverages Looker for a more interactive and informative analysis of your search and browse performance.
- Detailed metrics: Gain granular insights with per-search/per-browse metrics, along with metrics tied to search/browse visits.
- Full funnel reporting: Analyze page-views, add-to-cart events, purchases, and revenue to understand the entire customer conversion journey.
- Flexible analysis: Filter data by date ranges and device types to tailor your analysis.
A monthly digest of client library updates from across the Cloud SDK.
Go
Changes for spanner/admin/database/apiv1
1.58.0 (2024-03-06)
Features
- spanner/admin/instance: Add instance partition support to spanner instance proto (ae1f547)
- spanner: Add field for multiplexed session in spanner.proto (a86aa8e)
- spanner: SelectAll struct spanner tag annotation match should be case-insensitive (#9460) (6cd6a73)
- spanner: Update TransactionOptions to include new option exclude_txn_from_change_streams (0195fe9)
1.59.0 (2024-03-13)
Features
- spanner/spansql: Support Table rename & Table synonym (#9275) (9b97ce7)
- spanner: Add support of float32 type (#9525) (87d7ea9)
Bug Fixes
1.60.0 (2024-03-19)
Features
- spanner: Allow attempt direct path xds via env var (e4b663c)
Java
Changes for google-cloud-spanner
6.61.0 (2024-03-04)
Features
Bug Fixes
Dependencies
- Update dependency com.google.cloud:sdk-platform-java-config to v3.27.0 (#2935) (f8f835a)
- Update dependency org.json:json to v20240303 (#2936) (1d7044e)
Documentation
- Samples and tests for backup Admin APIs and overall spanner Admin APIs. (#2882) (de13636)
- Update all public documents to use auto-generated admin clients. (#2928) (ccb110a)
6.62.0 (2024-03-19)
Features
- Allow attempt direct path xds via env var (#2950) (247a15f)
- Next release from main branch is 6.56.0 (#2929) (66374b1)
Bug Fixes
Performance Improvements
Dependencies
- Update dependency com.google.cloud:google-cloud-monitoring to v3.38.0 (#2942) (ba665bd)
- Update dependency com.google.cloud:google-cloud-trace to v2.37.0 (#2944) (b5e608e)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#2952) (1e45237)
- Update opentelemetry.version to v1.36.0 (#2945) (e70b035)
Documentation
Node.js
Changes for @google-cloud/spanner
7.5.0 (2024-03-04)
Features
Bug Fixes
Python
Changes for google-cloud-spanner
3.43.0 (2024-03-06)
Features
- Add retry and timeout for batch dml (#1107) (4f6340b)
- Add support for max commit delay (#1050) (d5acc26)
- Exposing Spanner client in dbapi connection (#1100) (9299212)
- Include RENAME in DDL regex (#1075) (3669303)
- Support partitioned dml in dbapi (#1103) (3aab0ed)
- Untyped param (#1001) (1750328)
Documentation
- Samples and tests for admin backup APIs (#1105) (5410c32)
- Samples and tests for admin database APIs (#1099) (c25376c)
- Update all public documents to use auto-generated admin clients. (#1109) (d683a14)
- Use autogenerated methods to get names from admin samples (#1110) (3ab74b2)
3.44.0 (2024-03-13)
Features
Bug Fixes
Documentation
M119 release
The M119 release of Vertex AI Workbench user-managed notebooks includes the following:
- Fixed an issue wherein Dataproc extensions caused JupyterLab to crash when remote kernels weren't available.
March 28, 2024
Apigee Integrated PortalOn March 28, 2024 we released an updated version of Apigee integrated portal.
Bug ID | Description |
---|---|
324872865 | Fixed scrolling issue with API documentation display when navigating to the overview page. |
The following compliance programs now support the following products. See supported products for more information:
- Australia Regions with Assured Support:
- Access Transparency
- Canada Regions and Support:
- Access Transparency
- EU Regions and Support:
- Access Approval
- Certificate Authority Service
- Cloud Monitoring
- Cloud Run
- Firestore
- Sensitive Data Protection
- FedRAMP Moderate:
- Artifact Registry
- Cloud Workstations
- Israel Regions and Support:
- Dataflow
- Memorystore for Redis
- Japan Regions:
- Access Approval
- Access Transparency
- US Regions and Support:
- Access Transparency
You can now query data in SAP Datasphere using a federated query. This feature is in preview.
Query optimization using search indexes is now applied to comparisons of string literals and indexed data, including the equal (=
), IN
, and LIKE
operators and the STARTS_WITH
function. This feature is generally available (GA).
Preview: Capacity planner supports the following for data aggregated by organization ID:
View and export the actual and forecasted usage data of the VMs and persistent disks in your organization.
Generate gcloud CLI commands to create future reservation requests based on the actual or forecasted usage data of your VMs by organization.
For more information, see the following pages:
Pie charts are now available for visualizing data in the Log Analytics page. For more information, see Change chart type.
Uptime checks now support authentication by using a service account and a generated OpenID Connect (OIDC) token, as an alternative to providing a username and password. For more information, see Create public uptime checks.
All jobs are now subject to maintenance events, not just jobs longer than one hour, which increases reliability for jobs under 1 hour. These maintenance events are transparent and don't require any changes to your container.
You can now simulate a planned maintenance update with near-zero downtime on your Cloud SQL Enterprise Plus primary instance without updating your database. For more information, see About maintenance on Cloud SQL instances.
You can now simulate a planned maintenance update with near-zero downtime on your Cloud SQL Enterprise Plus primary instance without updating your database. For more information, see About maintenance on Cloud SQL instances.
Config Connector version 1.114.1 is now available.
SQLInstance and ComputeBackendService now have additional safeguards against populating plain-text secrets back into the object.
Fixed resource deletion of AlloyDBInstance and EdgeContainerNodePool when their "parent objects" no longer exist.
Initial support (alpha stability) for pausing reconciliation, by setting spec.actuationMode: Paused
in the ConfigConnectorContext.
Initial support (alpha stability) for defaulting state-into-spec to absent (the recommended setting),
by setting spec.stateIntoSpec: Absent
in the ConfigConnectorContext.
AccessContextManagerServicePerimeterResource
is promoted from alpha to beta
Added support for ComputeNetworkFirewallPolicyAssociation
(v1beta1) resource.
Added support for APIKeysKey
(v1alpha1) resource.
BigQueryDataSet
- Added
access[].iamMember
field.
ComputeAddress
- Added
status.observedState.address
field.
ComputeTargetHttpsProxy
- Added
spec.certificateManagerCertificates
field.
DNSRecordSet
- Added
spec.routingPolicy
field.
GKEHubFeatureMembership
- Added
spec.policycontroller
field.
The Dataflow right fitting feature is now supported by non-Prime batch pipelines.
New Dataproc on Compute Engine subminor image versions:
- 2.0.97-debian10, 2.0.97-rocky8, 2.0.97-ubuntu18
- 2.1.45-debian11, 2.1.45-rocky8, 2.1.45-ubuntu20, 2.1.45-ubuntu20-arm
- 2.2.11-debian12, 2.2.11-rocky9, 2.2.11-ubuntu22
Note: the above subminor image versions were rolled back on April 2, 2024
Dataproc on Compute Engine: New Hadoop Google Secret Manager Credential Provider feature introduced in latest Dataproc on Compute Engine 2.0 image versions.
You can use CMEK organization policies to manage key usage with your new Filestore resources. This feature is now generally available.
(New guide) Model development and data labeling with Google Cloud and Labelbox: Provides guidance for building a standardized pipeline to help accelerate the development of ML models.
(New guide) Jump Start Solution: Generative AI RAG with Cloud SQL: Deploy a retrieval augmented generation (RAG) application with vector embeddings and Cloud SQL.
(New guide) Build and deploy generative AI and machine learning models in an enterprise: Describes the generative AI and machine learning blueprint, which deploys a pipeline for creating AI models.
Release 6.2.53 is currently in Preview.
Issue when filtering Cases in Cases Page (ID #49689809)
Case filter is_not
not working as expected (ID #00279039)
Unsupported providers causing playbooks not to run (ID #00262970)
Playbook block missing when trying to add it to a case (ID #00273133)
Report Scheduler not sending out reports as planned (ID #00277914)
Looker Studio release notes moved to Google Cloud
We've changed how we deliver product release notes. Looker Studio release notes are available solely on the Google Cloud release notes platform.
Release notes prior to this change are preserved in the historical release notes page in the Looker Studio Help Center.
Label fields available in the New Search Ads 360 connector
You can now include the following New Search Ads 360 fields in your reports:
- Label (Keyword)
- Label (Ad)
The SWITZERLAND_SOCIAL_SECURITY_NUMBER
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
Vertex AI Search: Autocomplete updates
Autocomplete is Generally available (GA) for the US and EU multi-regions as well for the global region.
Autocomplete supports access transparency. This means that, when access transparency is enabled, if Google personal access your autocomplete data, this is recorded in the Access Transparency logs.
For information about autocomplete, see Configure autocomplete, and for information about Access Transparency, see Enable Access Transparency in Vertex AI Search.
Vertex AI Search: Structured data stores (GA)
Use of data stores containing structured data is Generally available (GA). Additionally, two new field value types are allowed for structured data stores: geolocation
and datetime
.
For information about structured data stores, see Structured data in Prepare for ingesting and Schemas: auto-dectection versus providing you own.
Vertex AI Search: Boost search results (Public preview)
Boosting search results using custom numerical attributes and according to freshness is available in Public preview.
For more information, see Boost search results.
Vertex AI Search: Extractive segments and relevance scores (GA)
Extractive segments and relevance scores for extractive segments are GA.
For more information, see Extractive segments.
Vertex AI Search: Document chunking and parsing improvements (Public preview)
The following improvements have been introduced for document chunking and parsing:
- Adjacent chunks: When returning chunks in search responses, you can return chunks from immediately before and after the relevant chunk in the source document. Doing so can improve context and accuracy.
- Page span: Chunk metadata in search responses includes the span of pages where the chunk appeared in the source document.
- List chunks: List all chunks from a specific source document.
- Get chunks: Get a specific chunk.
- Get processed documents in JSON: Get a parsed document or a chunked document in JSON format.
- Bring your own chunks (Preview with allowlist): Upload data that you've already chunked. Contact your Google account team if you're interested in trying this feature.
For more information, see Parse and chunk documents.
Vertex AI Search: Media recommendations analytics (GA)
Analytics for media recommendations are GA. You can view analytics for your media recommendations apps in the Google Cloud console.
For more information, see View analytics.
Added a new tokenConfig
field to the Media CDN key. Set this field to sign the URL using the Media CDN token.
reCAPTCHA Enterprise account defender for mobile applications is now generally available (GA).
You can use this feature to detect and prevent account-related fraudulent activities on mobile applications.
March 27, 2024
BigQueryAn updated version of JDBC driver for BigQuery is now available.
A new migration job status called Running with errors is available for heterogeneous Oracle migrations in Database Migration Service. This status represents migration jobs that encounter errors, but continue replicating data for unaffected objects and attempt to retry faulty operations.
For more information, see Migration job statuses for Oracle to AlloyDB for PostgreSQL and Migration job statuses for Oracle to Cloud SQL for PostgreSQL.
Database Migration Service now supports faster migrations of large PostgreSQL databases to Cloud SQL for PostgreSQL.
For information about creating migration jobs using the high-performance parallelism settings, see Create a migration job to a new destination instance and Create a migration job to an existing destination instance.
Typically with HTTPS communication, the authentication works only one way: the client verifies the identity of the server. For applications that require the load balancer to authenticate the identity of clients that connect to it, regional external Application Load Balancer, regional internal Application Load Balancer, and cross-region internal Application Load Balancer support mutual TLS (mTLS).
With mTLS, the load balancer requests that the client send a certificate to authenticate itself during the TLS handshake with the load balancer. You can configure a trust store that the load balancer uses to validate the client certificate's chain of trust.
For details, see the following:
- Mutual TLS authentication
- Set up mutual TLS for a regional external Application Load Balancer
- Set up mutual TLS for a regional internal Application Load Balancer
- Set up mutual TLS for a cross-region internal Application Load Balancer
This capability is in Preview.
Global external Application Load Balancer and global external Application Load Balancer (classic) already support frontend mTLS(General Availability).
The pgvector
extension is upgraded from version 0.5.1 to version 0.6.0. Use this extension to store and search for vector embeddings in PostgreSQL databases. For more information, see Configure PostgreSQL extensions.
To use this version of the extension, update your instance to [PostgreSQL version].R20240130.00_07
. For more information, see Self-service maintenance.
The rollout of the following items in the February 7 release note is now complete:
- Extensions
- Flags
- Minor versions
- Extension versions
- Plugin versions
cos-beta-113-18244-1-31
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.77 | v24.0.9 | v1.7.10 | v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Upgraded app-admin/node-problem-detector to v0.8.17.
Upgraded localtoast to 1.1.7 and opted out of logging-service-running benchmark by default for cis-level2.
Upgraded app-admin/fluent-bit to v1.9.10.
Upgraded app-admin/sosreport to v4.7.0.
Upgraded app-admin/localtoast to v1.1.7.
Added infiniband and mlx5 device drivers.
Fixed bug in google-guest-agent service enablement.
Fixed CVE-2024-26584 in the Linux kernel.
Fixed CVE-2024-26585 in the Linux kernel.
Fixed CVE-2023-52434 in the Linux kernel.
Fixed CVE-2024-26583 in the Linux kernel.
Fixed CVE-2024-26582 in the Linux kernel.
Fixed CVE-2023-52435 in the Linux kernel.
cos-101-17162-386-57
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.239.06(default),v535.161.07(latest) |
Fixed bug in google-guest-agent service enablement.
Fixed CVE-2024-26591 in the Linux kernel.
Fixed CVE-2024-26589 in the Linux kernel
Fixed CVE-2024-26585 in the Linux kernel.
Fixed CVE-2023-52439 in the Linux kernel.
Fixed CVE-2023-52434 in the Linux kernel.
Fixed CVE-2023-52435 in the Linux kernel.
Fixed CVE-2023-52443 in the Linux kernel.
cos-97-16919-450-41
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.208 | v20.10.24 | v1.6.21 | v470.239.06(default),v535.161.07(latest) |
Fixed bug in google-guest-agent service enablement.
Fixed CVE-2024-26589 in the Linux kernel.
Fixed CVE-2024-26585 in the Linux kernel.
Fixed CVE-2023-52439 in the Linux kernel.
Fixed CVE-2023-52434 in the Linux kernel.
Fixed CVE-2023-52435 in the Linux kernel.
Fixed CVE-2023-52443 in the Linux kernel.
cos-109-17800-147-41
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.75 | v24.0.9 | v1.7.13 | v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Fixed CVE-2023-52434 in the Linux kernel.
Fixed CVE-2024-26583 in the Linux kernel.
Fixed CVE-2024-26582 in the Linux kernel.
Fixed CVE-2023-52435 in the Linux kernel.
cos-105-17412-294-48
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.239.06(default),v535.161.07(latest) |
Fixed CVE-2023-52435 in the Linux kernel.
Fixed CVE-2023-52443 in the Linux kernel.
cos-dev-117-18313-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.80 | v24.0.9 | v1.7.10 | v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Fixed integrity-fs dm-crypt creation flakiness.
Data insights in Dataplex is available in Preview. Data insights offers an automated and intuitive way to explore and understand your data. It uses Gemini large language models to generate queries based on the metadata of a table, and lets you uncover patterns, assess data quality, and perform statistical analysis.
New Dataproc Serverless for Spark runtime versions:
- 1.1.56
- 1.2.0
- 2.0.64
- 2.1.43
- 2.2.0
Announcing the General Availability (GA) release of Dataproc Serverless for Spark runtime versions 1.2 and 2.2, which include the following components:
- Spark 3.5.1
- BigQuery Spark Connector 0.36.1
- Cloud Storage Connector 3.0.0
- Conda 24.1
- Java 17
- Python 3.12
- R 4.3
- Scala 2.12 (1.2 runtime) and Scala 2.13 (2.2 runtime)
Dataproc Serverless for Spark:
Firestore now supports using range and inequality filters on multiple fields in a single query. This feature is in Preview.
Support for Query Explain. This feature is in Preview.
Query Explain lets you submit queries and receive detailed query plan, billing and performance statistics on query execution in return. It helps you understand how your queries are executed, showing you inefficiencies.
It functions like the EXPLAIN [ANALYZE]
operation in many relational database systems.
For more information, see the guide for Query Explain.
Datastore now supports using range and inequality filters on multiple fields in a single query. This feature is in Preview.
Support for Query Explain. This feature is in Preview.
Query Explain lets you submit queries and receive detailed query plan, billing and performance statistics on query execution in return. It helps you understand how your queries are executed, showing you inefficiencies.
It functions like the EXPLAIN [ANALYZE]
operation in many relational database systems.
For more information, see the guide for Query Explain.
(New guide) Jump Start Solution: Generative AI Knowledge Base: Demonstrates how to build an extractive question-answering (EQA) pipeline to produce content for an internal knowledge base.
AI and machine learning resources: Added introduction information with guiding links to our generative AI and traditional AI resources.
GKE on VMware 1.15.10-gke.32 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.15.10-gke.32 runs on Kubernetes v1.26.13-gke.1100.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
The following issue is fixed in 1.15.10-gke.32:
- Fixed the
known issue where the
controlPlaneNodePort
field defaults to 30968 when themanualLB
spec is empty.
The following vulnerabilities are fixed in 1.15.10-gke.32:
High-severity container vulnerabilities:
Ubuntu vulnerabilities:
Container-optimized OS vulnerabilities:
Remote Agent Release 1.5.0 is currently in Preview.
Support for future major upgrades
Currently, Google supports minor upgrades which make changes to the remote agent code only.
We have now added support for the customer to carry out a major upgrade which requires changes to the entire OS or libraries in the machine.
You will receive clear instructions before a major upgrade. These must be followed very carefully in order to ensure the Remote Agent can continue to work with your machine.
Support for updating custom environment variables (ID #47675122)
You can now configure environment variables on the agent.
Remote connector logs are now written to the following path:
/opt/SiemplifyAgent/Integrations/<integration name>/Connectors/<connector instance>/remote_script.log
March 26, 2024
Apigee XOn March 26, 2024, we released an updated version of Apigee (1-12-0-apigee-1).
New Apigee API Monitoring Metrics
An new suite of metrics for monitoring Apigee proxies and target endpoints is now available. With improved scalability and accuracy, the new suite can support large workloads and withstand underlying infrastructure changes.
Apigee's API Monitoring tables and dashboards have been updated to include the following new metrics, which can be used to configure alerts and create custom dashboards:
proxy/request_count
proxy/response_count
proxy/latencies
target/request_count
target/response_count
target/latencies
Bug ID | Description |
---|---|
322843888 | Fixed issue with incorrect proxy routing when using base paths in proxy chaining. |
293933387 | KVM list operation now permits entries with null or empty values. |
239523766 | Removed Unable to evaluate jsonVariable, returning null error string from ExtractVariable Policy logging. |
285592278 | Fixed issue with deduction of recurring fees from prepaid balances. |
237656263 | Resolved issue with async mode in the ServiceCallout policy when the <Response> element is removed.This note is incorrect; this fix is not included in this release. |
321744310 | Added support for caching JSON results retrieved from the ExtractVariables policy. |
295341973 | Resolved issue causing delay in updating southbound SSL certificates in truststore and keystore references. |
Go 1.22 is now generally available.
Starting in Go version 1.22 and later:
- You can't use
go get
outside of a module in the legacyGOPATH
mode (GO111MODULE=off
). - Go recommends that you use a
go.mod
file for managing dependencies.
For more information, see Specify dependencies.
Go 1.22 is now generally available.
Starting in Go version 1.22 and later:
- You can't use
go get
outside of a module in the legacyGOPATH
mode (GO111MODULE=off
). - Go recommends that you use a
go.mod
file for managing dependencies.
For more information, see Specify dependencies.
The Help me code tool lets you use natural language to generate a SQL query that can then be run in BigQuery. This feature is now in preview.
The following Generative AI features are now in preview:
- Creating a remote model based on a Vertex AI gemini-pro-vision large vision model (VLM).
- Using the
ML.GENERATE_TEXT
function with this remote model to perform Vision Generative AI tasks, such as image or video captioning and visual Q&A, for visual content stored in BigQuery object tables.
Try these features with the Generate text that describes visual content how-to topic.
Duet AI in BigQuery is now Gemini for BigQuery. See our blog post for more information.
The Logs in Cloud Logging only feature is available in all regions:
- In newly created Cloud Composer environments, Airflow task logs are now stored only in Cloud Logging by default.
- You can disable this feature for a new or an existing environment. In this case, Airflow task logs are saved both to Cloud Logging and to the environment's bucket.
In new environments with Airflow 2.6.3 and 2.7.3 the default values of the following Airflow configuration options are changed to provide more optimized Cloud Composer environments:
[scheduler]job_heartbeat_sec
to 30[scheduler]scheduler_health_check_threshold
to 60[scheduler]scheduler_heartbeat_sec
to 15
If you want to override the [scheduler]scheduler_heartbeat_sec
option's value, then also adjust the [scheduler]scheduler_health_check_threshold
option, as described in Cloud Composer documentation.
Cloud Composer 2.6.6 images are available:
- composer-2.6.6-airflow-2.7.3
- composer-2.6.6-airflow-2.6.3 (default)
- composer-2.6.6-airflow-2.5.3
Cloud Composer versions 2.1.11 and 1.20.11 have reached their end of full support period.
The Amazon Redshift batch source connector version 1.11.1 is available in Preview in Cloud Data Fusion 6.10.0 and later. This source lets you load batch data from your Redshift dataset to a destination, such as BigQuery.
The Amazon Redshift batch source connector version 1.10.6 is available in Preview in Cloud Data Fusion 6.9 versions. This source lets you load batch data from your Redshift dataset to a destination, such as BigQuery.
Cloud Data Fusion is available in the following regions:
asia-south2
me-central2
For more information, see Pricing.
Cloud Functions (2nd gen) now supports the Go 1.22 runtime at the General Availability release level.
You can now configure your aggregated sink to be intercepting, which prevents logs from being passed through the Log Router of child resources. For more information, see Collate and route organization-level logs to supported destinations.
Duet AI in Google Cloud is now Gemini for Google Cloud. See our blog post for more information.
Duet AI in Google Cloud is now Gemini for Google Cloud. See our blog post for more information.
You can now integrate Cloud SQL and Vertex AI. This integration lets you apply large language models (LLMs), which are hosted in Vertex AI, to a Cloud SQL for PostgreSQL database, version 12 and later. For more information, see Integrate Cloud SQL with Vertex AI.
Duet AI in Google Cloud is now Gemini for Google Cloud. See our blog post for more information.
Version 3.13 is released
All release notes published on this date are part of version 3.13.
Agent alias
Agents can use aliases instead of their real names when communicating with end-users. Admins can configure agent aliases manually or with a bulk upload. Agents can also configure their own aliases. The agent alias feature is available when using the mobile and web SDKs. For more information, see Agent alias.
Country code of the outbound phone number is included with the added party's phone number
When an agent adds a party to a call, the country code from the outbound phone number is automatically included with the added party's phone number.
Calls waiting indicator
The call adapter includes a calls waiting indicator that indicates the number of calls in the queue waiting to be answered. You can find the calls waiting indicator in the Calls tab of the call adaptor.
Time stamp in the chat adapter displays seconds
The message time stamp in the chat adapter displays seconds.
Virtual task assistant for chats
The virtual task assistant is available for chats. Configuration and use are similar to that of the virtual task assistant for calls. Available for the web SDK only. For more information, see Virtual task assistants.
Configure SSO for your email channel using OAuth credentials from Google Cloud
You can configure single sign-on (SSO) for your Contact Center AI Platform email channel using OAuth 2.0 credentials from Google Cloud. For more information, see Configure your email channel for OAuth with Google Cloud.
Deflections are available for agent-to-agent calls
You can configure agent-to-agent calls to deflect to voicemail after a period of time that you set. You can also include these "voice internal" calls in your call reports. For more information, see Turn on deflections.
Support phone number is included for incoming calls
The incoming call screen shows the support phone number that the end-user used to call your support center. For more information, see Receive an inbound call.
Support for multiple data parameters in API requests to the DAPs for your IVR queues
You can capture data in the headers of incoming Session Initiation Protocol (SIP) calls and pass them in API requests to the Direct Access Points (DAPs) for your Interactive Voice Response (IVR) queues. For more information, see API DAPs.
Fixed an issue that resulted in an error being returned whenever an agent tried to send a blended SMS message, despite preset SMS being disabled.
Fixed an issue where the queue-level call music section was not displayed to users with a custom role.
Fixed an issue where calls sometimes got stuck in a queued state when an agent had a poor network connection.
Fixed an issue where the Copy CRM Link button in the call adapter sometimes copied the CRM ID instead of the URL.
Fixed an issue where the Assign Agents button wasn't working on top-level queues.
Fixed an issue where using keyboard shortcuts or arrow keys to scroll in a window did not allow scrolling beyond a single screen of text.
Fixed an issue where a CRM page did not load in the Call Center AI Platform portal.
(New guide) Cross-silo and cross-device federated learning on Google Cloud: Provides guidance to help you create a federated learning platform that supports either a cross-silo or cross-device architecture.
Duet AI in Google Cloud is now Gemini for Google Cloud. See our blog post for more information.
Preview: Migrate to Virtual Machines supports the ARM64 migration journey. This feature lets you migrate ARM virtual machine (VM) instances from AWS and Azure cloud services to ARM VM instances on Compute Engine, and it is supported for the following operating systems:
- Debian 11 and 12
- RHEL 9
- Rocky Linux 8 and 9
- SLES 15 SP5
- Ubuntu 20.04 and 22.04
GKE security posture recommendations released to Preview
Recommendations from GKE security posture are now available as findings in all tiers of Security Command Center as a Preview release.
GKE security posture publishes workload configuration auditing results as Misconfiguration
class findings and vulnerability assessment results as Vulnerability
class findings in Security Command Center.
For more information, see GKE security posture dashboard.
Duet AI in Google Cloud is now Gemini for Google Cloud. See our blog post for more information.
You can now optimize your writes by setting the maximum delay time of your Spanner write requests between 0 and 500 milliseconds. For more information, see Throughput optimized writes.
March 25, 2024
AlloyDB for PostgreSQLThe following issue was fixed on March 29, 2024.
AlloyDB clusters created using the Google Cloud CLI, the AlloyDB Admin API, or Terraform have PostgreSQL 14 compatibility by default, instead of PostgreSQL 15 compatibility.
To mitigate this issue, take either one of the following steps:
- Specify PostgreSQL version 15 when creating a cluster, instead of relying on the default value.
- Use the Google Cloud console to create the cluster.
The software bill of materials (SBOM) feature is now Generally Available (GA). To learn more, see SBOM overview.
Artifact Analysis support for Vulnerability Exploitability eXchange (VEX) statements now includes the capability to upload VEX statements for multiple versions of an image. You can specify whether to associate a VEX statement with one image digest, or all versions of an image. This feature is in Preview. To learn more, see Upload VEX statements.
Backup and DR Service added support to view daily scheduled compliance logs in Cloud Logging.
Backup and DR Service added support to view daily scheduled compliance reports in BigQuery.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigquery
2.38.2 (2024-03-21)
Dependencies
- Update actions/checkout action (#3190) (940e4f6)
- Update arrow.version to v15.0.1 (#3189) (fb6284e)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.39.0 (#3186) (9e705a1)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240229-2.0.0 (#3188) (a018424)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.43.0 (#3187) (497ff29)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#3196) (61f23a3)
- Update github/codeql-action action to v2.24.6 (#3178) (8843cae)
- Update github/codeql-action action to v2.24.7 (#3194) (2e2d730)
- Update github/codeql-action action to v2.24.8 (#3198) (bd81a56)
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Compute Engine
compute.googleapis.com/NetworkEdgeSecurityService
- Database Migration
datamigration.googleapis.com/ConversionWorkspace
- Redis
redis.googleapis.com/Cluster
Cloud Composer 1 entered the post-maintenance mode. Google will not release any further updates to Cloud Composer 1, including new versions of Airflow, bugfixes, and security updates. We recommend planning migration to Cloud Composer 2.
In Cloud Composer versions from 2.1.0 to 2.6.4, task instances that succeeded in the past can be marked as FAILED in some cases. We recommend to upgrade to Cloud Composer version 2.6.5 or later where this issue is fixed. For more information, see the related known issue.
A weekly digest of client library updates from across the Cloud SDK.
Private Service Connect now includes support for cross-region read replicas. You can also choose an availability type (REGIONAL or ZONAL) for Private Service Connect-enabled instances. Both features are in GA.
Private Service Connect now includes support for cross-region read replicas. You can also choose an availability type (REGIONAL or ZONAL) for Private Service Connect-enabled instances. Both features are in GA.
You can now use Private Service Connect to connect to a Cloud SQL for SQL Server instance. This solution allows you to connect to the instance from multiple VPC networks that belong to different groups, teams, projects, or organizations.
Private Service Connect includes support for cross-region read replicas. You can also choose an availability type (REGIONAL or ZONAL) for Private Service Connect-enabled instances.
All features are in GA.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/storage
7.9.0 (2024-03-18)
Features
Java
Changes for google-cloud-storage
2.36.1 (2024-03-20)
Dependencies
Python
Changes for google-cloud-storage
2.16.0 (2024-03-18)
Features
cos-beta-113-18244-1-7
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.77 | v24.0.9 | v1.7.10 | v535.154.05(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updates to Major Packages:
Updated cos-gpu-installer to v2.2.0. Some key features of this update include:
- Switched precompiled driver and signature location to COS build artifacts for M109.
- This fixes a permissions issue in the GPU driver install directory with OSS drivers.
- Added major version specification for GPU driver installation.
Update default and latest NVIDIA GPU drivers to v535.154.05.
Updated sys-apps/systemd to v254.9.
Updated docker-credential-gcr to v2.1.22.
Updated app-containers/docker-cli to v24.0.5.
Updated app-emulation/kubernetes to v1.29.1.
Updated app-containers/containerd to v1.7.10.
Updated app-containers/runc to v1.1.12.
Upgraded app-emulation/cloud-init to v23.4.3.
Upgraded app-admin/oslogin to v20231004.00.
Upgraded app-admin/google-osconfig-agent to v20240126.00.
Upgraded app-admin/google-guest-agent to v20240213.00.
Upgraded app-admin/google-guest-configs to v20240122.00.
Updated app-admin/sosreport to v4.6.1.
Updated latest GPU driver to v535.104.05.
Updated GPU drivers to v535.54.03 (R535 LTSB NVIDIA branch).
Upgraded app-containers/docker-credential-helpers to v0.8.1.
Runtime sysctl changes:
- Added: net.ipv4.tcp_backlog_ack_defer: 1
- Changed: fs.epoll.max_user_watches: 1809920 -> 1809474
- Changed: fs.fanotify.max_user_marks: 67577 -> 67560
- Changed: fs.file-max: 812606 -> 812400
- Changed: fs.inotify.max_user_watches: 63456 -> 63441
- Changed: kernel.threads-max: 63520 -> 63504
- Changed: net.core.optmem_max: 20480 -> 131072
- Changed: net.ipv4.tcp_mem: 94092 125456 188184 -> 94068 125424 188136
- Changed: net.ipv4.udp_mem: 188184 250912 376368 -> 188136 250848 376272
- Changed: net.ipv6.route.max_size: 4096 -> 2147483647
- Changed: user.max_cgroup_namespaces: 31760 -> 31752
- Changed: user.max_fanotify_marks: 67577 -> 67560
- Changed: user.max_inotify_watches: 63456 -> 63441
- Changed: user.max_ipc_namespaces: 31760 -> 31752
- Changed: user.max_mnt_namespaces: 31760 -> 31752
- Changed: user.max_net_namespaces: 31760 -> 31752
- Changed: user.max_pid_namespaces: 31760 -> 31752
- Changed: user.max_time_namespaces: 31760 -> 31752
- Changed: user.max_user_namespaces: 31760 -> 31752
- Changed: user.max_uts_namespaces: 31760 -> 31752
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0
- Added: net.netfilter.nf_flowtable_tcp_timeout: 30
- Added: net.netfilter.nf_flowtable_udp_timeout: 30
- Changed: fs.file-max: 812608 -> 812606
- Added: net.ipv4.tcp_shrink_window: 0
- Added: net.ipv6.conf.all.accept_ra_min_lft: 0
- Added: net.ipv6.conf.default.accept_ra_min_lft: 0
- Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
- Added: kernel.io_uring_disabled: 0
- Changed: fs.file-max: 812619 -> 812608
- Changed: kernel.threads-max: 63519 -> 63520
- Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd: 0 -> 3
- Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent: 0 -> 3
- Changed: user.max_cgroup_namespaces: 31759 -> 31760
- Changed: user.max_ipc_namespaces: 31759 -> 31760
- Changed: user.max_mnt_namespaces: 31759 -> 31760
- Changed: user.max_net_namespaces: 31759 -> 31760
- Changed: user.max_pid_namespaces: 31759 -> 31760
- Changed: user.max_time_namespaces: 31759 -> 31760
- Changed: user.max_user_namespaces: 31759 -> 31760
- Changed: user.max_uts_namespaces: 31759 -> 31760
- Changed: fs.epoll.max_user_watches: 1809474 -> 1809452
- Changed: fs.file-max: 812400 -> 812392
- Changed: kernel.threads-max: 63504 -> 63503
- Changed: net.ipv4.tcp_mem: 94068 125424 188136 -> 94065 125423 188130
- Changed: net.ipv4.udp_mem: 188136 250848 376272 -> 188133 250847 376266
- Changed: user.max_cgroup_namespaces: 31752 -> 31751
- Changed: user.max_ipc_namespaces: 31752 -> 31751
- Changed: user.max_mnt_namespaces: 31752 -> 31751
- Changed: user.max_net_namespaces: 31752 -> 31751
- Changed: user.max_pid_namespaces: 31752 -> 31751
- Changed: user.max_time_namespaces: 31752 -> 31751
- Changed: user.max_user_namespaces: 31752 -> 31751
- Changed: user.max_uts_namespaces: 31752 -> 31751
- Changed: fs.file-max: 812620 -> 812619
- Added: fs.overflowgid: 65534
- Added: fs.overflowuid: 65534
The default iptables implementation has been changed from iptables-legacy to iptables-nft.
New Features and Changes in the Linux Kernel:
Added additional option to existing kernel cmdline flag that moves protected stateful partition integrity tags to memory.
Fixed a kernel crash that occurred when running Postgres databases.
Enabled TDX Guest support in the Linux Kernel.
Updated the Linux kernel to v6.1.77.
New Features and Changes in the Image:
Changed default umask value for a user to 027.
Removed legacy logging agent (fluentd).
Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.
Enhanced integrity-fs with disk resize and dm-clone.
Removed deprecated R525 NVIDIA GPU drivers.
Added support for dm-zero and dm-clone.
Sosreport now includes GPU Installer logs.
Fixed a performance issue that was observed in Postgres databases.
Fixed a container performance issue that occurred after running systemctl start cloud-audit-setup.
Updated NVIDIA GPU drivers.
Backported support for TCP RTO configuration in networkd.
Enable portmapper registration reporting for lsof. This also fixes an issue where lsof is missing from SOS reports.
Add compiler mitigations to mitigate memory corruption vulnerabilities.
Sequence named before nss-lookup.target.
Restore systemd-logind restart behavior when dbus restarts.
Fixed an issue where symlinks could not be moved.
Fixed an issue where IPv6 networking would fail under high CPU load.
Fixed an issue with NFS reconnects on GKE.
The get_metadata_value script will now retry if it experiences a connection error.
Enabled persistence mode with Nvidia GPU driver installation.
Fixed an issue in ip6tables where the -C option did not work correctly.
Simplified GPU driver installation by remounting driver installation path as executable from cos-extensions.
Added support for user.* xattr on tmpfs.
Added automatic generation of known modules list to image build process.
Include nvidia plugin into sosreport.
Added support for iSCSI targets and RAM block devices.
Fixed a time-to-login slowdown introduced by cloud-init changes.
CVE/Security Fixes:
Fixed CVE-2024-21626 in app-containers/runc.
Upgraded app-editors/vim to v9.0.2167 and app-editors/vim-core to v9.0.2167. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Updated dev-lang/go to v1.21.5. This fixes CVE-2023-45285 and CVE-2023-39326.
Upgraded dev-go/crypto to v0.17.0. This fixes CVE-2023-48795.
Upgraded sys-apps/dbus to v1.12.28. This fixes CVE-2023-34969.
Fixed CVE-2023-49083 in package dev-python/cryptography.
Fixed CVE-2023-6622, CVE-2023-5197, CVE-2023-42753, CVE-2023-4921, CVE-2023-4623, CVE-2023-4194, CVE-2024-23851, CVE-2024-26581 in the Linux kernel.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
Updated dev-go/net to v0.17.0. This resolves CVE-2023-44487 and CVE-2023-39325.
Fixed CVE-2023-4911 in sys-libs/glibc.
Fixed CVE-2023-38039 in net-misc/curl.
Fixed CVE-2023-5345 and CVE-2023-42756 in COS kernel.
Fixed CVE-2023-32636, CVE-2023-29499, CVE-2023-32643, CVE-2023-32665, CVE-2023-32611 in glib and glib-utils.
Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.
Fixed CVE-2023-4016 in sys-process/procps.
Updated dev-go/yaml to v3.0.1. This resolves CVE-2022-28948.
Fixed CVE-2022-40896 in pygments.
Fixed CVE-2023-24329 and CVE-2023-40217 in dev-lang/python.
Fixed ncurses upgrade to 6.4p20220423. This resolves CVE-2023-29491.
Upgraded dev-db/sqlite to v3.45.1-r1. This also fixes CVE-2023-7104.
Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549, CVE-2023-40551, CVE-2023-40547, and CVE-2023-40550 in sys-boot/shim.
Upgrade docker to v24.0.9. This fixes CVE-2024-24557.
Updated dev-libs/openssl to v3.0.13. This resolves CVE-2024-0727 and CVE-2023-6129.
Fixed CVE-2024-0684 in sys-apps/coreutils.
Upgraded net-misc/curl to version 8.6.0. This fixes CVE-2024-0853 and CVE-2023-38545.
Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.
Updated default GPU driver to v470.199.02 and latest GPU driver to v525.125.06. This resolves CVE-2023-25515 and CVE-2023-25516.
Updates for Minor Packages:
Upgraded dev-libs/nss to v3.97.
Upgraded net-libs/gnutls to v3.8.3.
Upgraded dev-python/jinja to v3.1.3.
Upgraded app-admin/node-problem-detector to v0.8.15.
Upgraded app-eselect/eselect-iptables to v20220320.
Upgraded sys-libs/libcap-ng to v0.8.4-r1.
Upgraded net-misc/rsync to v3.2.7-r4.
Upgraded dev-python/netifaces to v0.11.0-r2.
Upgraded net-libs/libtirpc to v1.3.4-r1.
Upgraded app-admin/sudo to v1.9.15_p5.
Upgraded app-misc/jq to v1.7.1.
Upgraded sys-apps/pv to v1.8.5.
Upgraded sys-process/lsof to v4.99.3.
Upgraded dev-util/bsdiff to v4.3.1-r42.
Updated net-misc/openssh to v9.6_p1-r1.
Upgraded sys-apps/less to v643-r1.
Upgraded chromeos-base/mojo_service_manager to v0.0.1-r271.
Upgraded net-misc/socat to v1.8.0.0.
Upgraded dev-python/jsonpatch to v1.33.
Upgraded dev-python/pyyaml to v6.0.1-r1.
Upgraded dev-lang/python-exec to v2.4.10.
Upgraded dev-python/six to v1.16.0-r1.
Upgraded dev-python/configobj to v5.0.8.
Upgraded dev-python/nose to v1.3.7_p20221026.
Upgraded dev-python/mock to v5.1.0.
Upgraded dev-python/pyserial to v3.5-r2.
Upgraded sys-apps/hwdata to v0.376.
Upgraded sys-fs/xfsprogs to v6.5.0.
Upgraded dev-python/pygobject to v3.46.0.
Upgraded sys-devel/libtool to v2.4.6-r7.
Upgraded dev-libs/double-conversion to v3.2.1.
Upgraded net-fs/cifs-utils to v7.0-r1, Upgraded sys-libs/talloc to v2.4.1.
Upgraded app-arch/unzip to v6.0_p27-r1.
Upgraded sys-apps/dmidecode to v3.5-r3.
Upgraded dev-util/gn to v2121.
Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2787.
Updated dev-embedded/libftdi to v1.5-r5.
Upgraded sys-apps/coreutils to v9.4.
Upgraded sys-process/procps to v4.0.4.
Updated dev-go/go-tools to v0.11.1_p20230712.
Upgraded app-arch/pigz to v2.8.
Upgraded sys-block/thin-provisioning-tools to v0.9.0-r2.
Upgraded app-arch/tar to v1.35.
Upgraded app-arch/xz-utils to v5.4.6-r1.
Upgraded app-misc/ca-certificates to v20230311.3.97.
Upgraded net-dns/c-ares to v1.26.0.
Upgraded net-dns/libidn2 to v2.3.7.
Upgraded sys-apps/attr to v2.5.2-r1.
Upgraded sys-apps/ethtool to v6.7.
Upgraded sys-apps/file to v5.45-r4.
Upgraded sys-libs/libcap to v2.69-r1.
Upgraded sys-libs/timezone-data to v2024a.
Upgraded sys-libs/zlib to v1.3.1-r1.
Upgraded dev-libs/libusb to v1.0.27.
Upgraded dev-libs/expat to v2.6.0.
Upgraded sys-apps/acl to v2.3.2.
Updated gzip to v1.13.
Upgraded sys-auth/pambase to v20240128.
Upgraded net-misc/chrony to v4.5.
Upgraded app-containers/cni-plugins to v1.4.0.
Upgraded sys-apps/makedumpfile to v1.7.4.
Upgraded chromeos-base/system_api to v0.0.1-r5643.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2385.
Upgraded chromeos-base/hiberman-client to v0.0.1-r455.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2859.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r884.
Upgraded chromeos-base/vm_protos to v0.0.1-r552.
Upgraded chromeos-base/shill-client to v0.0.1-r4325.
Upgraded chromeos-base/minijail to v18-r135.
Upgraded chromeos-base/debugd-client to v0.0.1-r2641.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2722.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r601.
Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r226.
Upgraded dev-util/puffin to v1.0.0-r450.
Upgraded sys-fs/squashfs-tools to v4.6.1.
Upgraded sys-apps/sandbox to v2.29-r1.
Automated cataloging of Vertex AI feature store is available in Preview. With this integration, you can discover Vertex AI feature groups and features across projects and regions using the Console or Dataplex API. Dataplex fully automates the process of ingesting and indexing metadata, while performing source IAM permission checks, providing a governed single-pane-of-glass experience for data and AI artifacts across Cloud services.
Dialogflow CX: The Override request-level speech model has been added to advanced speech settings. This can be used to override the speech model provided in a runtime API request.
Vertex AI Conversation data stores: Gemini-pro 1.0 is now officially in General Availability. The model includes optimized prompting, delivering enhanced results with minimal latency impact. Please note: prompt optimization is currently focused on English, with other languages to follow.
Vertex AI Conversation data stores: The text-bison-001 model and fine-tuned text-bison@001 options will be deprecated by Vertex AI on July 6th. Please transition as soon as possible to the default option or another model available in the settings.
Dialogflow CX: DTMF for telephony integrations is now available for preview.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-ndb
2.3.1 (2024-03-16)
Bug Fixes
- grpc: Fix large payload handling when using the emulator. (#975) (d9162ae)
- Remove uses of six. #913 (#958) (e17129a)
- Show a non-None error for core_exception.Unknown errors. (#968) (66e61cc)
Documentation
Java
Changes for google-cloud-datastore
2.18.6 (2024-03-18)
Bug Fixes
Dependencies
- Update dependency com.google.cloud:sdk-platform-java-config to v3.28.0 (#1372) (09db2a7)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#1373) (c6e63e5)
- Update dependency com.google.errorprone:error_prone_core to v2.26.0 (#1361) (9442766)
- Update dependency com.google.errorprone:error_prone_core to v2.26.1 (#1363) (05fe5bc)
- Update dependency com.google.guava:guava-testlib to v33.1.0-jre (#1368) (0195345)
Chronicle Applied Threat Intelligence helps you identify and respond to threats. When enabled, it ingests IOCs curated by Mandiant Threat Intelligence with an IC-Score greater than 80 and generates an error when a match is found. The following are some of the features of Applied Threat Intelligence.
Event-level enrichment: All telemetry in Chronicle is enriched with Google Threat Intelligence which is a combination of Mandiant and Virus Total, including all threat intelligence associations like campaigns and actors.
Sophisticated indicator matching: Curated out-of-the-box detections that deliver sophisticated indicator matching using augmented prioritization logic, noise reduction based on customer environment context, and other correlation techniques to maximize signal to noise.
Active breach alerting: Uses Mandiant's incident response intelligence to alert on potential active breaches delivering on our no patient 1 vision.
Curated behavioral detections for emerging threats: To protect against newly emerging risks and tactics, techniques, and procedures (TTPs), Applied Threat Intelligence uses real-time insights.
DIY detection engineering and response automation: Access to Fusion intelligence (formerly known as Mandiant Fusion) for the following.
- Customer authoring of rules
- Customer development of response playbooks
Curated views for Investigation and triage Insights: Applied Threat Intelligence provides curated views that show valuable associations between an indicator and threat actor, threat campaign, or malware, statistics about a threat observed in customer environments. These views are invaluable for all security operations workflows.
For more information about Applied Threat Intelligence, see Applied Threat Intelligence overview.
This note incorrectly states that an error is generated when an IOC match is found. See the entry for May 8, 2024 for the updated statement.
Chronicle Applied Threat Intelligence helps you identify and respond to threats. When enabled, it ingests IOCs curated by Mandiant Threat Intelligence with an IC-Score greater than 80 and generates an error when a match is found. The following are some of the features of Applied Threat Intelligence.
Event-level enrichment: All telemetry in Chronicle is enriched with Google Threat Intelligence which is a combination of Mandiant and Virus Total, including all threat intelligence associations like campaigns and actors.
Sophisticated indicator matching: Curated out-of-the-box detections that deliver sophisticated indicator matching using augmented prioritization logic, noise reduction based on customer environment context, and other correlation techniques to maximize signal to noise.
Active breach alerting: Uses Mandiant's incident response intelligence to alert on potential active breaches delivering on our no patient 1 vision.
Curated behavioral detections for emerging threats: To protect against newly emerging risks and tactics, techniques, and procedures (TTPs), Applied Threat Intelligence uses real-time insights.
DIY detection engineering and response automation: Access to Fusion intelligence (formerly known as Mandiant Fusion) for the following.
- Customer authoring of rules
- Customer development of response playbooks
Curated views for Investigation and triage Insights: Applied Threat Intelligence provides curated views that show valuable associations between an indicator and threat actor, threat campaign, or malware, statistics about a threat observed in customer environments. These views are invaluable for all security operations workflows.
For more information about Applied Threat Intelligence, see Applied Threat Intelligence overview.
This note incorrectly states that an error is generated when an IOC match is found. See the entry for May 8, 2024 for the updated statement.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.127.3 (2024-03-20)
Dependencies
- Update dependency com.google.cloud:google-cloud-core to v2.36.0 (#1955) (d25d14a)
- Update dependency com.google.cloud:google-cloud-core to v2.36.1 (#1962) (96c1c97)
- Update dependency com.google.cloud:google-cloud-storage to v2.36.0 (#1957) (0d8c182)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.28.0 (#1956) (183df2c)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#1960) (faa45a4)
- Update dependency com.google.protobuf:protobuf-java-util to v4 (#1951) (243ec9a)
Python
Changes for google-cloud-pubsub
2.20.3 (2024-03-21)
Documentation
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for secretmanager/apiv1
1.12.0 (2024-03-19)
Features
From February 12 through 27, 2024, a bug caused Sensitive Data Protection to inaccurately set the free-text scores of certain data profiles to 0, where they should have been higher. This bug is now resolved. All affected data profiles have been reprofiled.
For more information about the discovery service, see Data profiles.
March 22, 2024
Artifact RegistryEffective March 22, 2024, Artifact Registry npm repositories enforce not including uppercase letters in package names in order to match npmjs naming rules. Packages with uppercase letters in their names pushed to Artifact Registry prior to this date aren't affected by this change unless you want to push them to a new repository.
The March 20, 2024 release notes announced the preview for user-defined aggregate functions, but user-defined aggregate functions are not yet supported.
Direct VPC egress (Preview) is now available in the following additional regions:
africa-south1
asia-south1
asia-southeast2
australia-southeast2
europe-central2
europe-west2
europe-west6
europe-west8
europe-west9
europe-west10
me-central1
me-central2
southamerica-west1
us-east5
us-west2
us-west3
us-west8
Cloud Run services can now connect to a Firestore database using integrations (Preview).
Cloud Run services can now connect to Vertex AI to access generative AI models using integrations (Preview).
Support for GPUs is generally available (GA). For more information, see Available GPUs.
Cloud Workstations supports the following machine type:
- a2-megagpu-16g
For more information, see Available machine types, REST workstationConfigs, or RPC google.cloud.workstations.v1beta GceInstance.
Generally available: Disaster recovery with Persistent Disk Async Replication has been expanded to allow you to replicate data on a disk in one region to any other region within the same continent.
Also, the following performance and capacity enhancements are available:
- Data replication change rate increased to 2 GiB/min from 250 MB/min.
- Maximum provisioned disk size increased to 32 TB from 5 TB per disk.
- The number of disks per project increased to 1000 from 100.
- The number of disks per consistency group increased to 128 from 64.
cos-dev-117-18269-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.79 | v24.0.9 | v1.7.10 | v535.154.05(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Upgraded app-admin/sosreport to v4.7.0.
Upgraded app-containers/docker-credential-helpers to v0.8.1.
Upgraded app-emulation/cloud-init to v23.4.3.
Upgraded app-admin/google-guest-agent to v20240213.00.
Upgraded app-admin/google-osconfig-agent to v20240126.00.
Upgraded sys-auth/pambase to v20240128.
Upgraded net-misc/chrony to v4.5.
Upgraded app-containers/cni-plugins to v1.4.0.
Updated sys-apps/systemd to v254.9.
Updated app-emulation/kubernetes to v1.29.1.
Updated docker-credential-gcr to v2.1.22.
Upgraded app-admin/google-guest-agent to v20240122.00.
Upgraded app-admin/google-guest-configs to v20240122.00.
Upgraded app-admin/google-osconfig-agent to v20240123.01.
Upgraded sys-apps/makedumpfile to v1.7.4.
Updated app-containers/runc to v1.1.12.
Updated app-emulation/cloud-init to v23.4.2.
Updated app-admin/sosreport to v4.6.1.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r602.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2723.
Upgraded chromeos-base/shill-client to v0.0.1-r4341.
Upgraded chromeos-base/system_api to v0.0.1-r5653.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r886.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2861.
Upgraded chromeos-base/hiberman-client to v0.0.1-r456.
Upgraded chromeos-base/minijail to v18-r136.
Upgraded chromeos-base/system_api to v0.0.1-r5643.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2385.
Upgraded chromeos-base/hiberman-client to v0.0.1-r455.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2859.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r884.
Upgraded chromeos-base/vm_protos to v0.0.1-r552.
Upgraded chromeos-base/shill-client to v0.0.1-r4325.
Upgraded chromeos-base/minijail to v18-r135.
Upgraded chromeos-base/debugd-client to v0.0.1-r2641.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2722.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r601.
Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r226.
Upgraded chromeos-base/debugd-client to v0.0.1-r2634.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2721.
Upgraded chromeos-base/shill-client to v0.0.1-r4308.
Upgraded dev-util/puffin to v1.0.0-r450.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r872.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2369.
Upgraded chromeos-base/hiberman-client to v0.0.1-r446.
Upgraded sys-fs/squashfs-tools to v4.6.1.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2849.
Upgraded sys-apps/sandbox to v2.29-r1.
Upgraded app-arch/xz-utils to v5.4.6-r1.
Upgraded app-misc/ca-certificates to v20230311.3.97.
Upgraded net-dns/c-ares to v1.26.0.
Upgraded net-dns/libidn2 to v2.3.7.
Upgraded sys-apps/attr to v2.5.2-r1.
Upgraded sys-apps/ethtool to v6.7.
Upgraded sys-apps/file to v5.45-r4.
Upgraded sys-libs/libcap to v2.69-r1.
Upgraded sys-libs/timezone-data to v2024a.
Upgraded sys-libs/zlib to v1.3.1-r1.
Upgraded dev-libs/libusb to v1.0.27.
Upgraded dev-libs/expat to v2.6.0.
Upgraded dev-db/sqlite to v3.45.1-r1.
Upgraded net-misc/curl to v8.5.0-r3.
Upgraded sys-apps/acl to v2.3.2.
Updated gzip to v1.13.
Updated cos-gpu-installer to v2.2.0.
Added automatic generation of known modules list to image build process.
Include nvidia plugin into sosreport.
Added support for iSCSI targets and RAM block devices.
Fixed a time-to-login slowdown introduced by cloud-init changes.
Upgrade docker to v24.0.9. This fixes CVE-2024-24557.
Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549 and CVE-2023-40550 in sys-boot/shim.
Fixed CVE-2023-40551 in sys-boot/shim.
Fixed CVE-2023-40547 in sys-boot/shim.
Updated dev-libs/openssl to v3.0.13. This resolves CVE-2024-0727 and CVE-2023-6129.
Fixed CVE-2024-0684 in sys-apps/coreutils.
Upgraded net-misc/curl to version 8.6.0. This fixes CVE-2024-0853.
Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.
Fixed CVE-2024-23851 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1809474 -> 1809452
- Changed: fs.file-max: 812400 -> 812392
- Changed: kernel.threads-max: 63504 -> 63503
- Changed: net.ipv4.tcp_mem: 94068 125424 188136 -> 94065 125423 188130
- Changed: net.ipv4.udp_mem: 188136 250848 376272 -> 188133 250847 376266
- Changed: user.max_cgroup_namespaces: 31752 -> 31751
- Changed: user.max_ipc_namespaces: 31752 -> 31751
- Changed: user.max_mnt_namespaces: 31752 -> 31751
- Changed: user.max_net_namespaces: 31752 -> 31751
- Changed: user.max_pid_namespaces: 31752 -> 31751
- Changed: user.max_time_namespaces: 31752 -> 31751
- Changed: user.max_user_namespaces: 31752 -> 31751
- Changed: user.max_uts_namespaces: 31752 -> 31751
Chronicle now supports direct ingestion and parsing of reCAPTCHA Enterprise logs from Google Cloud.
There is no longer a limit on the number of feeds you can create for the same log type in Feed Management.
Chronicle has added a new rule set to Cloud Threat Detections , called Serverless Threats, that detects activity associated with potential compromise or abuse of server-less resources in Google Cloud, such as Cloud Run and Cloud Functions.
Chronicle has added a new rule set to Cloud Threat Detections , called Serverless Threats, that detects activity associated with potential compromise or abuse of server-less resources in Google Cloud, such as Cloud Run and Cloud Functions.
Chronicle now supports direct ingestion and parsing of reCAPTCHA Enterprise logs from Google Cloud.
The discovery and inspection services, which support BigQuery, now support tables that contain columns with INTERVAL
, RANGE<DATE>
, RANGE<DATETIME>
, and RANGE<TIMESTAMP>
data types.
For more information about sensitive data discovery, see Data profiles.
For more information about sensitive data inspection for BigQuery, see Inspect a BigQuery table.