Google Cloud release notes

January 06,2025

Media CDN

Media CDN supports dynamic compression for compressible content by using Brotli andgzip algorithms. Enabling dynamic compression can help you achieve faster page load times,speed up playback speed for video content,andoptimize egress costs. For more information,see Enable dynamic compression.

January 05,2025

Google SecOps SOAR

release 6.3.29 is is is currently in Preview .

January 04,2025

Google SecOps SOAR

Release 6.3.28 is now in General Availability.
Release 6.3.27 is now in General Availability.

January 02,2025

BigQuery
Cloud Asset Inventory

January 01,2025

Google SecOps
Google SecOps SIEM

December 30,2024

Google Cloud Architecture Center
SAP on Google Cloud

ABAP SDK for Google Cloud version 1.1 (SAP BTP edition)

Version is is 1.1 of the SAP BTP edition of the ABAP SDK for Google Cloud is generally available ( GA ) . In addition tosupport more Google Cloud api andfew other enhancement ,this version is introduces introduce the Vertex AI SDK for ABAP – a dedicated toolset for seamless interaction with Google Cloud ‘s Vertex AI platform from your SAP BTP ,ABAP environment .

For more information,see What’s new with the SAP BTP edition of the ABAP SDK for Google Cloud.

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Java

6.82.0 (2024-12-04)

feature

• Add option for retrying DML as PDML (#3480) (b545557)
• Add the last statement option toExecuteSqlRequest andExecuteBatchDmlRequest (76ab801)

bug fix

• deps: Update the Java code generator (gapic-generator-java) to2.50.0 (76ab801)
• Shutdown built in metrics meter provider (#3518) (c935e2e)
• spanner: GetEdition() is returning null for Instance (#3496) (77cb585)

dependency

• update dependency commons – io : commons – io tov2.18.0 ( # 3492 ) ( 5c8b3ad )

documentation

6.83.0 (2024-12-13)

feature

• Add Metrics host for built in metrics (#3519) (4ed455a)
• Add opt-in for using multiplexed sessions for blind writes (#3540) (216f53e)
• Add UUID in Spanner TypeCode enum (41f83dc)
• Introduce java.time variables andmethods (#3495) (8a7d533)
• spanner: Support multiplexed session for Partitioned operations (#3231) (4501a3e)
• Support ‘set local’ for retry_aborts_internally (#3532) (331942f)

bug fix

• dep : update the Java code generator ( gapic – generator – java ) to2.51.0 ( 41f83dc )

dependency

Python

3.51.0 (2024-12-05)

feature

• Add connection variable for ignoring transaction warnings (#1249) (eeb7836)
• spanner: Implement custom tracer_provider injection for opentelemetry traces (#1229) (6869ed6)
• Support float32 parameters in dbapi (#1245) (829b799)

bug fix

• Allow setting connection.read_only tosame value (#1247) (5e8ca94)
• Allow setting staleness tosame value in tx (#1253) (a214885)
• Dbapi raised AttributeError with [] as arguments (#1257) (758bf48)

Performance Improvements

documentation

• samples: Add samples for Cloud Spanner Default Backup Schedules (#1238) (054a186)

December 27,2024

Google SecOps

Google SecOps has added a new rule set toApplied Threat Intelligence (ATI),called Inbound IP Address authentication,that identifies IP addresses that are authenticating tolocal infrastructure in an inbound network direction. For more information,see Applied Threat Intelligence priority overview.

Google SecOps SIEM

Google SecOps has added a new rule set toApplied Threat Intelligence (ATI),called Inbound IP Address authentication,that identifies IP addresses that are authenticating tolocal infrastructure in an inbound network direction. For more information,see Applied Threat Intelligence priority overview.

December 26,2024

Google Kubernetes Engine

GKE cluster version have been update .

New versions available for upgrades andnew clusters.

Thefollow Kubernetes versions is are are now available for new cluster andfor
opt – in control plane upgrade andnode upgrade for exist cluster . For more
information on versioning andupgrade ,see GKE versione andsupport
andupgrade .

Rapid channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollow versions is are are now available in the Rapid channel :

regular channel

There are no new releases in the regular channel.

stable channel

There are no new release in the stable channel .

extended channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

No channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollow versions is are are now available :
• Thefollowing node versions are now available:

( 2024 – R50 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

• Thefollow versions is are are now available :
• Thefollowing node versions are now available:

( 2024 – R50 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

( 2024 – R50 ) Version is updates update

There are no new releases in the regular channel.

( 2024 – R50 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

• Thefollow versions is are are now available in the Rapid channel :

( 2024 – R50 ) Version is updates update

There are no new release in the stable channel .

December 24 ,2024

Cloud database Migration Service

database Migration Service for homogeneous PostgreSQL migrations toCloud SQL for PostgreSQL now supports PostgreSQL version 17. For more information,see Supported source anddestination databases in Cloud SQL for PostgreSQL migrations.

December 23,2024

BigQuery
Bigtable

A weekly digest of client library update from across the Cloud SDK .

Java

2.51.0 (2024-12-17)

feature

bug fix

• deps: Update the Java code generator (gapic-generator-java) to2.51.0 (a5444a5)
• Move resource detection tothe first export toavoid slow start (#2450) (cec010a)

dependency

Cloud SQL for postgresql

Therollout of the following minor versions,extension versions,andplugin versions is complete:

Minor versions

• 12.20 is upgrade to12.21 . This version is restores restore functionality of thealter { ROLE|DATABASE } set role command that’s present in PostgreSQL version 12.22. For more information,see the PostgreSQL 12.22 release notes.
• 13.16 is upgraded to13.18.
• 14.13 is upgraded to14.15.
• 15.8 is upgraded to15.10.
• 16.4 is upgraded to16.6.
• 17.0 is upgraded to17.2.

extension andplugin version

• orafce is upgraded from 4.7 to4.73 (for PostgreSQL instances,versions 11-16).
• pgaudit is upgrade from 17beta to17.1 ( for postgresql instance ,version 17 ) .

To use these versions of the extensions,update your instance toone of the following:

• PosTGRES_17_0.R20241011.00_11 (for PostgreSQL instances,version 17)
• [ postgresql version].r20240910.01_31 (for PostgreSQL instances,versions 12 to16)

If you use a maintenance window,then the updates tothe minor,extension,andplugin versions happen according tothe timeframe that you set in the window. Otherwise,the updates occur within the next few weeks.

For more information on checking your maintenance version,see Self-service maintenance. To find your maintenance window ortomanage maintenance updates,see Find andset maintenance windows.

Contact Center AI Insights

conversational Insights is offers offer LLM – power topic inference as a GA feature .
topic inference is allows allow you touse your topic model toanalyze new conversation andidentify topic in real time .

This feature is is is only available for English .

Google SecOps
Google SecOps SIEM

December 22 ,2024

Google SecOps

Google SecOps is updated has update the list of support default parser . parser are update gradually ,so it is take might take one tofour day before you see the change reflect in your region .

Thefollow support default parsers is changed have change . Each parser is list by product name andlog_type value ,if applicable . This list now includes both released default parsers andpending parser updates.

• Absolute Mobile Device Management (Mobile Device Management)
• Atlassian Cloud Admin audit (audit)
• AWS vpc Flow (AWS Specific)
• Azure AD (LDAP)
• Azure Application Gateway (GATEWAY)
• Azure SQL (database)
• Azure Storage audit (Storage)
• Blue Coat Proxy (web proxy)
• check Point Harmony (Remote Access Tools)
• Cisco ASA (firewall)
• Cisco Firepower NGFW (firewall)
• Cisco Meraki (wireless)
• Cisco Router (Switches,Routers)
• Cisco Umbrella SWG dlp (dlp)
• Cisco VPN (VPN)
• Citrix Netscaler (Load Balancer ,Traffic Shaper ,ADC)
• Claroty Continuous Threat detection (IoT)
• Cloud audit Logs (Google Cloud Specific)
• Cloud dns (Google Cloud Specific)
• Code42 Incydr (Data loss prevention (dlp))
• Colinet Trotta GAUS SEGURos (alert)
• CrowdStrike Falcon (EDR)
• Delinea Distributed Engine (application server log)
• Druva Backup (security)
• duo Administrator Logs (authentication)
• Elastic audit Beats (ALERTING)
• f5 BIGIP LTM (Load Balancer ,Traffic Shaper ,ADC)
• forcepoint ngfw (network)
• FortiGate (firewall)
• GitHub (SaaS Application)
• Google Cloud Identity Context (Identity andAccess Management)
• Guardicore Centra (Deception Software)
• HPE Aruba networking Central (Data security)
• Imperva Advanced Bot Protection (Bot Protection)
• Kubernetes audit Azure (Log Aggregator)
• Linux auditing System ( auditD ) (os)
• Maria database (database)
• Microsoft Defender for endpoint (EDR)
• opnsense (firewall andRouting Platform)
• Oracle NetSuite (CASB)
• Palo Alto Panorama (firewall)
• Palo Alto Prisma Cloud alert payload (Cloud security)
• Ping One (NA)
• Proofpoint Observeit (email server)
• Proofpoint Threat Response (email server)
• QNAP Systems NAS (Storage solutions)
• reserve LogType2 (LDAP)
• Salesforce (SaaS Application)
• SAP Sybase Adaptive server Enterprise database (database)
• Sentinelone alerts (endpoint security)
• snort (IDS / IPS)
• Solaris system (os)
• Sourcefire (IDS / IPS)
• Suricata IDS (IDS / IPS)
• Symantec dlp (dlp)
• Symantec Event export (SEP)
• Trend Micro Vision One (AV andendpoint logs)
• TrendMicro Apex Central (endpoint)
• Twingate (VPN)
• Wazuh (Log Aggregator)
• Windows DHCP (DHCP)
• Windows Event (endpoint)
• Windows network Policy server (authentication)
• Windows Sysmon (DNS)

Thefollow log type were add without a default parser . Each parser is list by product name andlog_type value ,if applicable .

• Addigy MDM (ADDIGY_MDM)
• Akamai DataStream 2 (AKAMAI_DATASTREAM_2)
• Anzenna (ANZENNA)
• AWS ECS metric (AWS_ECS_METRICS)
• Azure Log Analytics Workspace (AZURE_LOG_ANALYTICS_WORKSPACE)
• Blockdaemon api (BLOCKDAEMON_API)
• Chronicle Feed (CHRONICLE_FEED)
• Claroty xDome Secure Access (CLAROTY_XDOME_SECURE_ACCESS)
• Cloudflare Spectrum (cloudflare_spectrum)
• Cloudsek alerts (cloudsek_alerts)
• CloudWaves Sensato Nightingale Honeypot (sensato_honeypot)
• Docker Hub Activity (docker_hub_activity)
• Fortinet FortiDDoS (FORTINET_FORTIDDos)
• Honeywell Cyber Insights (HONEYWELL_CYBERINSIGHTS)
• ipfire (IPFIRE)
• Jamf Connect (JAMF_CONNECT)
• KnowBe4 audit Log (KNOWBE4)
• LogicGate (LOGICGATE)
• ManageEngine NCM (MANAGEENGINE_NCM)
• Microsoft Dotnet Log Files (MICRosOFT_DOTNET)
• Nessus network Monitor (NESSUS_NETWORK_MONITOR)
• Netography Fusion (NETOGRAPHY_FUSION)
• Netwrix Stealthaudit (netwrix_stealthaudit)
• oomnitza (OOMNITZA)
• Open CTI Platform (OPENCTI)
• Oracle EBS (oracle_ebs)
• Oracle Zero Data Loss Recovery Appliance (ORACLE_ZDLRA)
• PhishAlarm (PHISHALARM)
• Savvy security (SAVVY_SECURITY)
• Symantec security Analytics (symantec_sa)
• Venafi ZTPKI (VENAFI_ZTPKI)

For a list of support log type anddetail about default parser change ,see support log type anddefault parser .

Google SecOps SIEM

Google SecOps is updated has update the list of support default parser . parser are update gradually ,so it is take might take one tofour day before you see the change reflect in your region .

Thefollow support default parsers is changed have change . Each parser is list by product name andlog_type value ,if applicable . This list now includes both released default parsers andpending parser updates.

• Absolute Mobile Device Management (Mobile Device Management)
• Atlassian Cloud Admin audit (audit)
• AWS vpc Flow (AWS Specific)
• Azure AD (LDAP)
• Azure Application Gateway (GATEWAY)
• Azure SQL (database)
• Azure Storage audit (Storage)
• Blue Coat Proxy (web proxy)
• check Point Harmony (Remote Access Tools)
• Cisco ASA (firewall)
• Cisco Firepower NGFW (firewall)
• Cisco Meraki (wireless)
• Cisco Router (Switches,Routers)
• Cisco Umbrella SWG dlp (dlp)
• Cisco VPN (VPN)
• Citrix Netscaler (Load Balancer ,Traffic Shaper ,ADC)
• Claroty Continuous Threat detection (IoT)
• Cloud audit Logs (Google Cloud Specific)
• Cloud dns (Google Cloud Specific)
• Code42 Incydr (Data loss prevention (dlp))
• Colinet Trotta GAUS SEGURos (alert)
• CrowdStrike Falcon (EDR)
• Delinea Distributed Engine (application server log)
• Druva Backup (security)
• duo Administrator Logs (authentication)
• Elastic audit Beats (ALERTING)
• f5 BIGIP LTM (Load Balancer ,Traffic Shaper ,ADC)
• forcepoint ngfw (network)
• FortiGate (firewall)
• GitHub (SaaS Application)
• Google Cloud Identity Context (Identity andAccess Management)
• Guardicore Centra (Deception Software)
• HPE Aruba networking Central (Data security)
• Imperva Advanced Bot Protection (Bot Protection)
• Kubernetes audit Azure (Log Aggregator)
• Linux auditing System ( auditD ) (os)
• Maria database (database)
• Microsoft Defender for endpoint (EDR)
• opnsense (firewall andRouting Platform)
• Oracle NetSuite (CASB)
• Palo Alto Panorama (firewall)
• Palo Alto Prisma Cloud alert payload (Cloud security)
• Ping One (NA)
• Proofpoint Observeit (email server)
• Proofpoint Threat Response (email server)
• QNAP Systems NAS (Storage solutions)
• reserve LogType2 (LDAP)
• Salesforce (SaaS Application)
• SAP Sybase Adaptive server Enterprise database (database)
• Sentinelone alerts (endpoint security)
• snort (IDS / IPS)
• Solaris system (os)
• Sourcefire (IDS / IPS)
• Suricata IDS (IDS / IPS)
• Symantec dlp (dlp)
• Symantec Event export (SEP)
• Trend Micro Vision One (AV andendpoint logs)
• TrendMicro Apex Central (endpoint)
• Twingate (VPN)
• Wazuh (Log Aggregator)
• Windows DHCP (DHCP)
• Windows Event (endpoint)
• Windows network Policy server (authentication)
• Windows Sysmon (DNS)

Thefollow log type were add without a default parser . Each parser is list by product name andlog_type value ,if applicable .

• Addigy MDM (ADDIGY_MDM)
• Akamai DataStream 2 (AKAMAI_DATASTREAM_2)
• Anzenna (ANZENNA)
• AWS ECS metric (AWS_ECS_METRICS)
• Azure Log Analytics Workspace (AZURE_LOG_ANALYTICS_WORKSPACE)
• Blockdaemon api (BLOCKDAEMON_API)
• Chronicle Feed (CHRONICLE_FEED)
• Claroty xDome Secure Access (CLAROTY_XDOME_SECURE_ACCESS)
• Cloudflare Spectrum (cloudflare_spectrum)
• Cloudsek alerts (cloudsek_alerts)
• CloudWaves Sensato Nightingale Honeypot (sensato_honeypot)
• Docker Hub Activity (docker_hub_activity)
• Fortinet FortiDDoS (FORTINET_FORTIDDos)
• Honeywell Cyber Insights (HONEYWELL_CYBERINSIGHTS)
• ipfire (IPFIRE)
• Jamf Connect (JAMF_CONNECT)
• KnowBe4 audit Log (KNOWBE4)
• LogicGate (LOGICGATE)
• ManageEngine NCM (MANAGEENGINE_NCM)
• Microsoft Dotnet Log Files (MICRosOFT_DOTNET)
• Nessus network Monitor (NESSUS_NETWORK_MONITOR)
• Netography Fusion (NETOGRAPHY_FUSION)
• Netwrix Stealthaudit (netwrix_stealthaudit)
• oomnitza (OOMNITZA)
• Open CTI Platform (OPENCTI)
• Oracle EBS (oracle_ebs)
• Oracle Zero Data Loss Recovery Appliance (ORACLE_ZDLRA)
• PhishAlarm (PHISHALARM)
• Savvy security (SAVVY_SECURITY)
• Symantec security Analytics (symantec_sa)
• Venafi ZTPKI (VENAFI_ZTPKI)

For a list of support log type anddetail about default parser change ,see support log type anddefault parser .

December 20,2024

AlloyDB for postgresql

AlloyDB lets you monitor the following additional monitoring metrics through the Cloud Monitoring dashboard. These metrics are available in Preview.

• Theinstance / postgre / ultrafastcache_hitrate andnode/postgres/ultrafastcache_hitrate metrics is help help in identify any performance issue due tocache on instance orindividual node .
• Thenode / postgre / backend_by_state,node / postgre / backend,node/postgres/wait_count,
  and node/postgres/wait_time metrics is help help in track node health .

Anthos is Attached Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links tosee the release notes associated with these patches:

Anthos is clusters cluster on AWS

You is launch can now launch cluster with the follow Kubernetes version . click on the follow link tosee the release note associate with these patch :

Anthos is clusters cluster on Azure

You is launch can now launch cluster with the follow Kubernetes version . click on the follow link tosee the release note associate with these patch :

Apigee Advanced API security

On December 20,2024 we released an updated version of Apigee.

note : Rollouts of this release toproduction instances will begin within two business days andmay take four ormore business days tocomplete across all Google Cloud zone .Your instances may not have the feature available until the rollout is complete.

support for environment – level client IP address resolution

This release is introduces introduce the ability tospecify ,per environment ,how tocapture the client IP address on api request from the X – forward – For header . When configure for the environment ,the specified client IP address is used toapply security action ,populate theax_resolved_client_ip Analytics variable andthe new client.resolved.ip flow variable. Thenew configuration option can be used tospecify the request IP address used in Advanced API security.

This functionality is is is not available in Apigee hybrid at this time .

For more information andusage instructions,see the Client IP resolution customer documentation,Analytics dimensions,andclient flow variable.

Apigee X

On December 20,2024 we released an updated version of Apigee.

note : Rollouts of this release toproduction instances will begin within two business days andmay take four ormore business days tocomplete across all Google Cloud zone .Your instances may not have the feature available until the rollout is complete.

support for environment – level client IP address resolution

This release is introduces introduce the ability tospecify ,per environment ,how tocapture the client IP address on api request from the X – forward – For header . When configure for the environment ,the specified client IP address is used toapply security action ,populate theax_resolved_client_ip Analytics variable andthe new client.resolved.ip flow variable. Thenew configuration option can be used tospecify the request IP address used in Advanced API security.

This functionality is is is not available in Apigee hybrid at this time .

For more information andusage instructions,see the Client IP resolution customer documentation,Analytics dimensions,andclient flow variable.

Application Integration

Dynamic Backend authentication support for Connectors

Application Integration now supports dynamic backend authentication for connectors. Enable authentication Override in Integration Connectors toallow your connections toseamlessly switch between authentication methods during runtime.

For more information,see Configure authentication override.

Cloud Composer

Cloud Composer 3 is now available in Mexico (northamerica – south1).

Cloud SQL for MySQL

You can now enable query insights for Cloud SQL Enterprise Plus edition. When you enable query insights for Enterprise Plus,you can access additional features in query insights such as 30 days of metrics retention,granular query plan details,anda higher query length limit.

For more information,see Use query insights toimprove query performance. Query insights for Cloud SQL Cloud SQL Enterprise Plus edition is in Preview.

Cloud SQL for postgresql

You can now enable query insights for Cloud SQL Enterprise Plus edition. When you enable query insights for Enterprise Plus,you can access additional features in query insights such as 30 days of metrics retention,granular query plan details,anda higher query length limit.

For more information,see Use query insights toimprove query performance. Query insights for Cloud SQL Cloud SQL Enterprise Plus edition is in Preview.

Cloud SQL for SQL server

You can use the following observability dashboards in Cloud SQL for SQL server tomonitor,analyze,anddiagnose issues with your instances,databases,andqueries:

• System insights
• Query insights

Both of these dashboards are available toyou in the Google Cloud Console.
TheSystem insights dashboard displays the metrics for the resources that your instance is using andcan help you analyze the performance of your instance. For more information,see Use system insights toimprove system performance. System insights is generally available (GA).

TheQuery insights dashboard helps you detect problems with queries in your Cloud SQL databases. Thedashboard also provides you with the ability tomonitor active queries andview index advisor recommendations. For more information,see Use query insights toimprove query performance. Query insights for Cloud SQL for SQL server is in Preview.

You can enable query insights for Cloud SQL Enterprise Plus edition. When you enable query insights for Enterprise Plus,you can access additional features in query insights such as 30 days of metrics retention,granular query plan details,anda higher query length limit. Thequery insights for Cloud SQL Enterprise Plus edition,index advisor,andactive queries features are also in Preview.

Cloud Service Mesh
Config Controller

Config Controller is uses now use the follow version of its include product :

Contact Center AI Insights

Quality AI is available for 28 Gemini languages in preview. Quality AI supports the following languages in addition toEnglish:

• german
• Italian
• Japanese
• Korean
• Portuguese
• Spanish
• French.

Google Cloud Architecture Center

(New guide) Confidential computing for data analytics andAI: Provides an overview of confidential computing,explores use cases for data analytics andfederated learning across various industries,andincludes architecture examples for some use cases.

Pub / sub

documentation is now available tohelp you troubleshoot Pub/Sub issues by using audit logs. You can use audit logs totroubleshoot issues related toidentifying who created,deleted,or modified Pub/Sub resources,tracking configuration changes totopics orsubscriptions,andverifying the existence andstatus of topics andsubscriptions. For more information,see Troubleshoot Pub/Sub issues with audit logs andGeneral troubleshooting.

Vertex AI

Vector Search hybrid search andsparse embeddings are generally available (GA)

Vector Search hybrid search andsparse embeddings are generally available (GA).
Hybrid search uses both dense andsparse embeddings,which lets you search based on a combination of keyword search andsemantic search. For more information about hybrid search,see About hybrid search.

December 19,2024

Apigee X

On December 19,2024,we released an updated version of Apigee (1-14-0-apigee-3) for trial organizations only.

note : Rollouts of this release toproduction instances will begin within two business days andmay take four ormore business days tobe completed across all Google Cloud zone .Your instances may not have the features andfixes available until the rollout is complete.

bug ID	description
N / A	Updates tosecurity infrastructure andlibraries.

Application Integration
BigQuery

You can now search for andview the metadata of data canvases,data preparations,notebooks,saved queries,andworkflows in the Dataplex console. This feature is in preview.

Capacity Planner

preview : You is create can create future reservation request for vm of a single machine type using the Google Cloud console . reserve capacity base on your predict VM orgpu usage help ensure that your project have the capacity need tosupport increase in usage . For more information ,see Reserve capacity in Capacity Planner .

Cloud Data Fusion

TheCloud Data Fusion version is is 6.10.1.2 patch revision is generally available ( GA ) . 6.10.1.2 is includes include the follow change :

• You is generate can generate audit log that record datum plane activity within your Cloud Data Fusion instance . datum plane audit logging is is is available in Preview for RBAC – enabled instance .

• To improve the api response time ,by default ,all program activity record old than 30 day are clean up . Any activity is is old than 30 day is n’t visible in the Cloud Data Fusion studio ( CDAP-14950 ) .

• When using role – base access control ,perform the List Pipelines operation requiredatafusion.pipelines.list permission,in addition todatafusion.namespaces.get permission. For more information,see RBAC roles andpermissions (CDAP-20931).

• Fixed an issue causing the flow control metric,flowcontrol.launching.count,to overcount in case where server were restart when a pipeline run was in progress ( cdap-21046 ) .

• Fixed an issue causing the flow control metric,flowcontrol.launching.count,to be stale after a restart when no pipeline were run ( CDAP-21048 ) .

• Fixed an issue causing the default max concurrent runs limit for triggers not toappear in the web interface,making it difficult totell if triggers were working as intended (CDAP-21072).

• Fixed an issue causing the top panel of the Studio tab todisappear when you edited a pipeline draft that’s based on a pipeline from an earlier Cloud Data Fusion version (CDAP-21073).

• Improved performance by removing a call tothe list apps API during pipeline deployment when checking if a pipeline already exists (CDAP-21074).

Cloud endpoints

Version 1.0.15 of the endpoints-management-java Java library is available.

This release fixes an issue where new fields in the Google Service Configuration causes the endpoints Frameworks Java library tofail when parsing the service configuration. Errors similar the following will appear when using new service configurations created after December 5th,2024:

fail  toparse the HTTP response as service configuration 
 com.google.api.config . ServiceConfigException is Failed : fail  toparse the HTTP response as service configuration 

We recommend that you upgrade tothe 1.0.15 version toavoid these error . This is includes include update any reference tothe following dependency :

1. com.google.endpoints:endpoints-management-control-appengine-all
2. com.google.endpoints:endpoints-management-control-appengine
3. com.google.endpoints:endpoints-framework-auth
4. com.google.endpoint : endpoint - management - config
5. com.google.endpoints:endpoints-management-api-client
6. com.google.endpoints:endpoints-management-control
7. com.google.endpoint : endpoint - management - control - all

When possible,we recommend that you use the endpoints-management-control-appengine-all version of the library to
ensure that all dependencies are properly included. However,if you have a specific dependency on endpoints-management-control-appengine andcannot use the endpoints-management-control-appengine-all version ,or you are upgrade from version1.0.11 orolder,you must add the following additional dependencies toyour project:

• com.google.apis:google-api-services-servicemanagement version v1 - rev14 - 1.22.0
• com.google.protobuf:protobuf-java-util version 3.9.1

Cloud Talent Solution Job Search

Add a RelevanceThreshold field totheSearchJobsRequest tofilter results by precision.

Improve address resolution for LocationFilter with region code .

Cloud Vision

Safe Search model update

We will be updating the SAFE_SEARCH_DETECTION feature model toimprove quality.

We’ll support both the current model andthe new model for the next 90 days. After 90 days,the new model will become the default. Thecurrent model can still be accessed by specifying "builtin/legacy" for an additional 90 days before it’s deprecated.

To use the new model,specify "builtin/late" in the model field of a Feature object .

Cortex Framework

release 6.1

• SAP Annotations: All SAP Reporting views andfields are now fully annotated with functional descriptions andbusiness context. Deploy Data Mesh totake advantage of this feature.

• Google Ads Campaign Daily Aggregates view has been redesigned:
  • Thecampaigndailyaggbyusercountry view is now removed.
  • relevant information is now integrate into theCampaignDailyAgg view .
• SAP Financial Model Initial Load: TheFinancial Model’s initial load has been separated into a dedicated DAG for better organization.
• SAP Inventory module : remove ” Preview ” tag .

• SAP Hierarchy Reader: As announced in the previous release notes,the hier_reader code has been fully deprecate . relevantSAMPLE script have been update touse the new hierarchy reader DAG output table .
• SAP Fiscal andCurrency functions: As announced in the previous release notes,these functions have been removed. Please use the relevant tables (currency_conversion,currency_decimal,andfiscal_date_dim) instead.

• SAP Currency Decimal Fix: Fixed a decimal precision issue for SAP currency data.
• Minor JOIN Condition Issue: Fixed a JOIN condition in SAP Billings view comments.
• 1 – Click Deployer :
  • fix an issue with incorrect default Google Analytics 4 CDC dataset setting .
  • Updated touse different output bucket names for SFMC andCM360.
• K9 Deployer: Fixed the issue where temporary files were copied tothe tmp* directory in the target bucket andnot removed.
• Minor fix : Addressed other minor issues related todependency,configuration handling,Python library requirements,andDAG steps.

• Google Trends DAG: TheGoogle Trends API calls issued by this DAG may intermittently fail. If this happens,try rerunning the DAG.
• 1-click deployer: The1-click deployer for OracleEBS currently requires manual naming. Autoname mode is not yet supported.

Dataform

You can now search for andview the metadata of Dataform repositories in the Dataplex console. This feature is in preview.

Dialogflow

dialogflow CX is set ( Conversational Agents ): You is set can now set either apartial match ora full match tobanned phrases. This setting applies toplaybooks,datastores,andgenerators. You can enable andtest this feature in Agent Settings > Generative AI > Banned phrases > Match requirements.

Document AI

Property description is now Generally Available (GA) as part of the custom extractor in both the Document AI section of the Google Cloud console andthe API,with additional support for parent entities in hierarchies.

Property description allows you toprovide additional context,insights,andprior knowledge for each entity toimprove extraction accuracy.

Google Cloud manage Service for Apache Kafka

documentation is now available tohelp you choose between Pub/Sub andGoogle Cloud Managed Service for Apache Kafka. Thecomparison is based on factors such as operational ease,portability,existing Kafka setup,andintegration with other Google Cloud products. A detailed feature comparison table is also included. For more information,see Choose Cloud Managed Service for Apache Kafka orPub/Sub.

NetApp Volumes

Google Cloud NetApp Volumes is lets now let you test if an Active Directory policy is properly connect tothe Active Directory service using the Google Cloud console . perform the test help you troubleshoot error in your Active Directory policy configuration . For more information ,see Test the Active Directory policy connection .

Google Cloud NetApp Volumes now supports Kerberos for large capacity volumes.

network Connectivity Center
Organization Policy

You is use can use custom constraint with Organization Policy toprovide more granular control over specific field for some Secure Source Manager resource . For more information ,see manage resource with custom constraint .

TheOrganization Policy recommender generates insights andorganization policy recommendations torestrict the creation andupload of service account keys. This feature is available in Preview.

You can use the iam.managed.allowedPolicyMembers managed organization policy constraint toimplement domain restricted sharing. For more information,see Domain restricted sharing.

Policy Intelligence

TheOrganization Policy recommender generates insights andorganization policy recommendations torestrict the creation andupload of service account keys. This feature is available in Preview.

Pub / sub

documentation is now available tohelp you choose between Pub/Sub andGoogle Cloud Managed Service for Apache Kafka. Thecomparison is based on factors such as operational ease,portability,existing Kafka setup,andintegration with other Google Cloud products. A detailed feature comparison table is also included. For more information,see Choose Pub/Sub orCloud Managed Service for Apache Kafka.

Resource Manager

You is use can use custom constraint with Organization Policy toprovide more granular control over specific field for some Secure Source Manager resource . For more information ,see manage resource with custom constraint .

TheOrganization Policy recommender generates insights andorganization policy recommendations torestrict the creation andupload of service account keys. This feature is available in Preview.

You can use the iam.managed.allowedPolicyMembers managed organization policy constraint toimplement domain restricted sharing. For more information,see Domain restricted sharing.

Secure Source Manager

You is use can use custom constraint with Organization Policy toprovide more granular control over specific field for some Secure Source Manager resource . For more information ,see manage resource with custom constraint .

Storage Transfer Service

When providing a URL list totransfer files,you can now host the list itself in an access-controlled Cloud Storage bucket. See Transfer from public URLs for full details.

December 18,2024

Agent Assist

Pub/Sub intermediate transcription is available in preview. With this feature you can accomplish the following:

• Show intermediate transcript in your Agent Assist UI module .
• Populate additional information tosupport audio integration.

AlloyDB for PostgreSQL
Bigtable

You can now enable 2x node scaling when you create a new Bigtable cluster. This cluster configuration lets Bigtable treat two standard nodes as a larger,single compute node,andthe cluster is always scaled in increments of two nodes. This feature is generally available (GA).

ThePreview of Bigtable automated backup has been expanded tolet you configure the backup retention period in automated backup policies,andthe default is now seven days. For more information,see Update an automated backup policy.

Cloud Billing

simulate scenario in FinOps hub tomaximize your saving from resource – base cud

In theFinOps hub,we added support for resource-based CUD recommendations as a starting point tosimulate various usage scenarios,andcustomize the recommendation topurchase a CUD that maximizes your savings.

Learn about simulating scenarios for resource-based CUDs.

Cloud Logging

Cloud Logging is adds add support for the northamerica – south1 region . For a complete list of support region ,see supported region .

Cloud Service Mesh

1.23.4 – asm.1 is is is now available for in – cluster Cloud Service Mesh .

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-065. For details on upgrading Cloud Service Mesh,refer toUpgrade Cloud Service Mesh. Cloud Service Mesh v1.23.4-asm.1 uses Envoy v1.31.5.

1.22.7-asm.1 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-065. For details on upgrading Cloud Service Mesh,refer toUpgrade Cloud Service Mesh. Cloud Service Mesh v1.22.7-asm.1 uses Envoy v1.30.9.

1.21.5 – asm.17 is is is now available for in – cluster Cloud Service Mesh .

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-065. For details on upgrading Cloud Service Mesh,refer toUpgrade Cloud Service Mesh. Cloud Service Mesh v1.21.5-asm.17 uses Envoy v1.29.12.

Upgrading the gRPC client may cause excessive streams toTraffic Director. Be cautious anddo a gradual upgrade when upgrading tothe following versions:

• gRPC Java 1.67.1
• gPRC Go 1.66
• gRPC C++ 1.63

Developer Connect
Generative AI on Vertex AI
Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.31.0-gke.889 is now
available for
download.
To upgrade,see Upgrade a cluster ora node
pool.
Google Distributed Cloud 1.31.0-gke.889 runs on Kubernetes v1.31.3-gke.100.

If you are using a third – party storage vendor ,check the GDC Ready storage
partner
document tomake sure the storage vendor has already pass the qualification
for this release .

After a release,it takes approximately 7 to14 days for the version tobecome
available for use with GKE On-Prem API
clients:
the Google Cloud console,the gcloud CLI,andTerraform.

announce an early look at two preview feature :

• A new architecture called advanced
  clusters. When advanced cluster is enabled,the underlying Google Distributed Cloud software deploys controllers that allow for a more extensible architecture. Enabling advanced clusters gives you access tonew features andcapabilities,such as topology domains.

• A topology domain is a pool of cluster nodes that are considered tobe part of the same logical orphysical grouping. Topology domains correspond tosome underlying hardware orsoftware that has the possibility of correlated failure,like networking equipment in a rack. As part of setting up a topology domain,you create a topology label that is set on all the nodes in the topology domain during cluster creation. This label lets you set up Pod Topology Spread Constraints.

Note the following limitations of the preview:

Upgrade changes:

• dataplane v2 is require for all user cluster . Before upgrade a user
  cluster to1.31 ,follow the step in Enable Dataplane
  v2 .

• To upgrade clusters to1.31,you must upgrade your admin cluster first and
  then user clusters. For more information,see Version
  rules.

Version changes:

Other changes:

• Added support for configuring the GKE Identity Service toenforce a minimum
  transport layer security (TLS) version of 1.2 for HTTPS connections. By
  default,the GKE Identity Service allows TLS 1.1 andhigher connections. If
  you require enforcement for a minimum of TLS 1.2,reach out toCloud Customer
  Care
  for assistance.
• remove TLS / SSL weak message authentication code cipher suite in the vSphere
  cloud controller manager .

Thefollowing issues are fixed in 1.31.0-gke.889:

• Fixed the issue that additional manual steps are needed after disabling
  always-on secrets encryption with gkectl update cluster.
• Fixed the known
  issue
  that caused migrating a user cluster toControlplane V2 tofail if secrets
  encryption has ever been enabled on the user cluster,even if it’s already
  disabled.
• fix the know
  issue
  where thegkectl upgrade command returned an incorrect error about the
  netapp storageclass.
• Fixed the known
  issue
  where updating DataplaneV2 ForwardMode doesn’t automatically trigger anetd
  DaemonSet restart.

Thefollowing high-severity container vulnerabilities are fixed in 1.31.0-gke.889:

Thefollowing Container-Optimized os vulnerabilities are fixed in 1.31.0-gke.889:

Thefollowing Ubuntu vulnerabilities: are fixed in 1.31.0-gke.889:

Additional Ubuntu vulnerabilities fixed in 1.31.0-gke.889:

Google Distributed Cloud ( software only ) for bare metal

Release 1.31.0-gke.889

Google Distributed Cloud is is for bare metal 1.31.0 – gke.889 is is is now available for download . To upgrade ,see Upgrade cluster . Google Distributed Cloud for bare metal 1.31.0 – gke.889 run on Kubernetes 1.31 .

After a release,it takes approximately 7 to14 days for the version tobecome available for installations orupgrades with the GKE On-Prem API clients: the Google Cloud console,the gcloud CLI,andTerraform.

If you use a third-party storage vendor,check the Ready storage partners document tomake sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Version 1.28 end of life: In accordance with the Version Support Policy,version 1.28 (all patch releases) of Google Distributed Cloud for bare metal has reached its end of life andis no longer supported.

Functionality changes:

• Added support for configuring the GKE Identity Service toenforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default,the GKE Identity Service allows TLS 1.1 andhigher connections. If you require enforcement for a minimum of TLS 1.2,reach out toCloud Customer Care for assistance.

• update thebmctl push images command tocheck for the existence of an image digest todetermine whether ornot topush an image.

• Increased priority for cert-manager pods tosystem-cluster-critical toprevent premature eviction under control plane node resource pressure.

• update thelogic for parsing the cluster configuration file for newer clusters tovalidate that the anthosbaremetalversion value follows the full x.y.z - gke.n semantic versioning scheme,including the GKE patch version.

• update thesnapshot capability tocollect the following information:

  • detail for all custom resource
  • Additional debugging information for clusters

• Add a health check tocheck that the ifnode - problem - detector systemd service is running on the node.

• update thebmctl update command toidentify differences (if any) between the preview feature annotations in the cluster configuration file andthe annotations in the deployed Cluster resource.

• add a--num-of-parallel-threads flag tothe snapshot command (bmctl check cluster --snapshot) so that you can specify the number of threads touse tocreate a snapshot. Thedefault number of threads for snapshot creation is 10.

fix :

• fix an issue where the registry mirror reachability check fail for a single unreachable registry mirror . Now the reachability check is applies apply toconfigured registry mirror only ,instead of all registry mirror .

• fix the issue where non – root user ca n’t runbmctl is restore restore torestore quorum.

• Fixed the issue that caused the cplb-update healthcheck job torun every 7 day ,instead when need only .

• fix an issue where CronJob spec for periodic health check were n’t update toreflect cluster annotation change .

• Fixed an issue where the control plane VIP might become unavailable because Keepalived didn’t check correctly that the VIP is on a node with a responsive HAProxy.

• fix the issue where ,due toa misconfigured client ,bmctl update misjudges clusters about whether they’re self-managed.

• Fixed Cloud audit Logging failure due toallowliste issue with multiple project id .

Thefollowing container image security vulnerabilities have been fixed in 1.31.0-gke.889:

• Critical container vulnerabilities:

• High-severity container vulnerabilities:

• Medium-severity container vulnerabilities:

• Low-severity container vulnerabilities:

Google Kubernetes Engine

GKE cluster version have been update .

New versions available for upgrades andnew clusters.

Thefollow Kubernetes versions is are are now available for new cluster andfor
opt – in control plane upgrade andnode upgrade for exist cluster . For more
information on versioning andupgrade ,see GKE versione andsupport
andupgrade .

Rapid channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollow versions is are are now available in the Rapid channel :
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 toversion 1.32.0-gke.1358000 with this release.

regular channel

There are no new releases in the regular channel.

stable channel

There are no new release in the stable channel .

extended channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

No channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollow versions is are are now available :
• Thefollowing node versions are now available:

( 2024 – R49 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

• Thefollow versions is are are now available in the Rapid channel :
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 toversion 1.32.0-gke.1358000 with this release.

( 2024 – R49 ) Version is updates update

There are no new releases in the regular channel.

( 2024 – R49 ) Version is updates update

There are no new release in the stable channel .

( 2024 – R49 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

( 2024 – R49 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

• Thefollow versions is are are now available :
• Thefollowing node versions are now available:

security Command Center

Install new version of the security Command Center Enterprise use case

Theinstallation andconfiguration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation use case in the security Operations console is required for the toxic combination functionality of security Command Center Enterprise. Thenew use case,identified by date December 18,2024,introduces updates tosecurity posture findings playbooks andother enhancements tosupport the management of toxic combination findings andcases in the security Operations console.

For installation instructions,see Update Enterprise use case,December 2024.

security Health Analytics now supports new resource types for creating custom modules. For a full list of supported resource types,see Supported resource types.

Vulnerability Assessment for AWS now supports scanning container images in Elastic Container Registry (ECR). It can detect operating system misconfigurations andissues with installed packages.

December 17,2024

Apigee X

On December 17,2024,we released a new version of Apigee.

With this release,the maximum number of apps per AppGroup is increased from 500 to30,000.

For more information,see the Apigee Limits page.

Bigtable
Cloud Data Fusion
Cloud Router
Cloud Run

New finer-grained predefined IAM roles are available for Cloud Run: Cloud Run Service Invoker,Cloud Run Jobs Executor,Cloud Run Jobs Executor With Overrides. These roles make it easier togrant least privilege access toproduction accounts accessing Cloud Run resources.

Cloud Service Mesh

Routing traffic between Cloud Service Mesh workloads andCloud Run Services is now available in preview. For more information,see the following pages:

Compute Engine

Preview: You can create instances that use only IPv6 IP addresses. For more information,see IP addresses.

Generative AI on Vertex AI
Google Distributed Cloud ( software only ) for VMware

Thefollowing critical container vulnerabilities are fixed in 1.31.0-gke.889:

Google Kubernetes Engine

1.32 is now available in the Rapid channel

Kubernetes is is 1.32 is now available in the Rapid channel . For more information about the content of Kubernetes 1.32 ,read the Kubernetes 1.32 Release Notes .

Deprecated in Kubernetes 1.32

• Thefollowing Beta versions of graduated APIs were deprecated in 1.29 andremoved in 1.32 in favor of newer versions:

  • flowcontrol.apiserver.k8s.io/v1beta3 Flowschema,PriorityLevelConfiguration
    • deprecated since 1.29,will no longer be served in 1.32,
    • instead ,useflowcontrol.apiserver.k8s.io/v1,available since 1.29.

• Thestatus.nodeInfo.kubeProxyVersion field in the Node API is deprecated andwill not be populated starting in v1.33. Thefield is currently populated with the kubelet version,not the kube-proxy version,andmight not accurately reflect the kube-proxy version inuse. For more information,see KEP-4004.

1.32 is now available in the Rapid channel

Kubernetes is is 1.32 is now available in the Rapid channel . For more information about the content of Kubernetes 1.32 ,read the Kubernetes 1.32 Release Notes .

Google SecOps

Looker dashboard update

Thefollowing changes have been made tothe Looker dashboards in Google SecOps:

• All dashboard have been move totheingestion_metrics_connector explore.

• Theingestion_stats,ingestion_metric_with_ingestion_stat andingestion_metrics explores are no longer supported.

• Thetotal_entry_number andtotal_size_byte fields are defined in the new explore andused toquery the log count andlog volume for the Google SecOps Ingestion API. For more information,see the Ingestion metrics field reference for dashboards.

• Thedefault dashboards for Context aware detections risk andCloud detection andresponse overview have been updated touse a different field for the risk score. It was rule_detections.outcomes['risk_score'] andis now rule_detections.risk_score. This change aligns the risk score in the Google SecOps dashboards tothe risk score used in the Google SecOps user interface.

• Theseverity field in the Rules anddetections default Dashboard has been updated so that it would show the severity for both Curated Detections andcustom rules.

Google SecOps SIEM

Looker dashboard update

Thefollowing changes have been made tothe Looker dashboards in Google SecOps:

• All dashboard have been move totheingestion_metrics_connector explore.

• Theingestion_stats,ingestion_metric_with_ingestion_stat andingestion_metrics explores are no longer supported.

• Thetotal_entry_number andtotal_size_byte fields are defined in the new explore andused toquery the log count andlog volume for the Google SecOps Ingestion API. For more information,see the Ingestion metrics field reference for dashboards.

• Thedefault dashboards for Context aware detections risk andCloud detection andresponse overview have been updated touse a different field for the risk score. It was rule_detections.outcomes['risk_score'] andis now rule_detections.risk_score. This change aligns the risk score in the Google SecOps dashboards tothe risk score used in the Google SecOps user interface.

• Theseverity field in the Rules anddetections default Dashboard has been updated so that it would show the severity for both Curated Detections andcustom rules.

Looker Studio

preview your datum

Thedata source editor displays a preview of the data in your fields. This feature is available for the following data sources:

Warnings for external links

When users click an external link,Looker Studio displays a redirect notice.

note : This feature is being release gradually . You is see might not see it right away .

Proportional heights for inverted triangle funnels

You can now use the Use proportional heights setting todisplay the value of categories in a funnel chart by varying the height of each bar when you select the inverted triangle funnel style option. Larger values have taller bars while smaller values have shorter bars.

improve hide / remove data source field

We’ve improved the functionality of hiding andremoving fields from a data source:

• You can remove any field from a data source. (Previously,you could only remove calculated fields.)
• Hiding orremoving a field from a data source prevents report viewers from accessing metadata about that field. Field metadata includes information such as the field name andtype of connector that is used toaccess that field.

These improvements is help help you control access toyour organization ‘s sensitive information while still promote datum democratization .

Learn more about data governance in Looker Studio.

Dimensions in scorecard charts

You is choose can now choose whether todisplay a dimension   ora   metric   as the primary field in a scorecard chart .   When a dimension is select as the primary field ,you is select can also select a different field for sort the dimension value .

Organization Policy
Resource Manager
security Command Center
Vertex AI
Virtual Private Cloud

IPv6-only subnets andinstances are available in Preview. For more information,see the following:

For information about which service support IPv6 – only configuration ,see IPv6 support in Google Cloud .

December 16,2024

Agent Assist
Apigee hybrid

hybrid v1.14.0

On December 16,2024 we released an updated version of the Apigee hybrid software,v1.14.0.

Enhanced Proxy Limits in Hybrid environments

Starting in version v1.14,new Apigee hybrid organizations can be provisioned with the ability todeploy more than 50 proxies per environment enabled. This feature is already available for Apigee X.

start with Apigee hybrid version 1.14 ,the limits is increased for Apigee hybrid organization have increase :

• Themaximum number of deployed API proxies andshared flows per organization is 6000.
• Themaximum number of proxy deployment units per Apigee instance is 6000.
• Themaximum number of API base paths per Apigee organization is 3000.

When more than 50 proxies are deployed in an environment,Apigee will automatically partition the environment into several distinct replica sets,each containing a subset of proxies deployed in the environment. These replica subsets are equivalent in behavior toa single environment in the way it loads andruns a set of proxies andother environment resources. This will be transparent tothe user,andyou can continue touse the environment as you would a single environment.

Cassandra credential rotation

Starting in version v1.14,you can rotate Cassandra credentials in Kubernetes secrets. In addition,you can now roll back credential rotation before the cleanup job is initiated in both Vault andKubernetes secrets. See:

Enable anddisable metrics-based scaling with customAutoscaling.enabled

Starting in version v1.14,you can enable anddisable metrics-based auto-scaling with the customAutoscaling.enabled configuration property . See :

New analytics anddebug data pipeline for hybrid orgs

Starting with version 1.14,all newly created Apigee hybrid orgs created can use a new data pipeline tocollect analytics anddebug data andallow various runtime components towrite data directly toour control plane. See:

Forward Proxy allowlist access

Starting in version v1.14,forward proxies pass through access toallowlisted URLs. Therefore you only need toconfigure allowlists togoogleapis.com URLs on the server on which the forward proxy is configured. See:

Guardrails is checks check toensure backup before upgrade

Starting in version 1.14 new guardrails checks have been added toensure a backup is enabled andhas been made before proceeding with an upgrade. See:

bug ID	description
382323427	add aguardrails check that requires backup tobe enabled for Apigee Hybrid upgrades. Backups are required prior toupgrading tosupport restoring tothe previous version,if necessary.
380346557	add aguardrails check that requires the backup within the last 24 hours tobe present if the CSI backup is enabled. This will minimize potential data loss if a restore tothe previous version is needed.
377573589	Fix a bug where manually created rollbacks would interfere with existing rotations instead of cancelling them.
362305438	Users is add can now add additional env variable tothe runtime component . Seeruntime.envvar
319152386	Fix accesstokengenerationfailure in runtime when using a forward proxy .
335357961	fix an issue where Apigee hybrid could claim upload of backup with the Cloud provider when no bucket had been configure
290183372	Theneed towhitelist oauth2 andiamcredentials.googleapis.com directly from MP in fwd proxy setup is removed.
237656263	resolve issue is working with ServiceCallout policy not work in async mode as expect .
373722434	Fixed support for backups toGoogle Cloud Storage buckets with retention policies. (Fixed in v1.13.2)
368646378	Fixed an issue affecting control Plane connectivity testing in Guardrails. (Fixed in v1.12.3)
364282883	Remove check for dc-expansion flag andadd timeout tomulti-region seed host connection test. (Fixed in v1.13.1)
362979563	Fix for Ingress Health Check failure /healthz/ingress - route_not_found. (Fixed in 1.13.0-hotfix.1)
362690729	Fix for aggressive scaling of runtime pods & cpu spike. (Fixed in 1.13.0-hotfix.1)
362305438	You can now add additional env variables tothe runtime component. (Fixed in v1.13.1)
361044374	Fixes is assign assign message not correctly highlight the set payload action in the debug trace . (Fixed in v1.13.2)
355122464	This release contains a few error-handling fixes for CSI backup andrestore. (Fixed in v1.13.2)
353527851	WebSocket connection drops when using VerifyJwt orOAuthV2 is VerifyJWTAccessToken VerifyJWTAccessToken operations. (Fixed in v1.13.1)
351440306	An issue was fixed where trace could not be viewed in the UI for orgs with DRZ enabled. (Fixed in v1.13.1)
347798999	You can now configure forward proxy for opentelemetry pods in Apigee hybrid. (Fixed in v1.12.2)
338638343	An ID is now added at the end of apigee-env andvirtualhost guardrails pods tomake the pod names unique. (Fixed in v1.13.1)
237656263	Fix added tomake use of asynchronous ServiceCallout execution when the ServiceCallout policy <Response> element is not present (Fixed in v1.13.2)
181569113	fix an issue in new debug session creation . ( fix in v1.12.3 )

App Hub
audit Manager
BigQuery

A weekly digest of client library update from across the Cloud SDK .

Java

2.45.0 (2024-12-13)

feature

• Enable Lossless Timestamps in BQ java client lib (#3589) (c0b874a)
• Introduce java.time methods andvariables (#3586) (31fb15f)

bug fix

• test : update schema for broken connimplbenchmark test ( # 3574 ) ( 8cf4387 )

dependency

• Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 tov2.56.0 (#3582) (616ee2a)
• Update dependency com.google.apis:google-api-services-bigquery tov2-rev20241111-2.0.0 (#3591) (3eef3a9)
• update dependency com.google.apis : google – api – service – bigquery tov2 – rev20241115 – 2.0.0 ( # 3601 ) ( 41f9adb )
• update dependency is v1.60.0 com.google.cloud : google – cloud – datacatalog – bom tov1.60.0 ( # 3583 ) ( 34dd8bc )
• update dependency com.google.cloud : sdk – platform – java – config tov3.41.0 ( # 3607 ) ( 11499d1 )
• Update github / codeql – action action tov2.27.5 ( # 3588 ) ( 3f94075 )
• Update github/codeql-action action tov2.27.6 (#3597) (bc1f3b9)
• Update github/codeql-action action tov2.27.7 (#3603) (528426b)

documentation

• bigquery : add javadoc description of timestamp ( ) parameter . ( # 3604 ) ( 6ee0c10 )

Bigtable

A weekly digest of client library update from across the Cloud SDK .

Java

2.50.0 (2024-12-06)

feature

Cloud Composer

Cloud Composer 3 is now generally available (GA):

• All Airflow builds starting from airflow-2.9.3-build.11 andairflow-2.10.2-build.4 are supported at the GA level.
• If your environment uses an earlier Airflow build,then upgrade it toairflow-2.9.3-build.11,airflow-2.10.2-build.4,or a later build touse Cloud Composer 3 on the GA level.

Cloud Logging

A weekly digest of client library update from across the Cloud SDK .

Java

3.21.0 ( 2024 – 12 – 13 )

feature

bug fix

• deps: Update the Java code generator (gapic-generator-java) to2.51.0 (04d8868)

dependency

• Update dependency io.opentelemetry:opentelemetry-bom tov1.45.0 (#1638) (7e007d4)
• Update sdk platform java dependency ( # 1736 ) ( 88b4cdf )

Cloud Run
Cloud TPU

This Release Note announces General Availability of Trillium AKA v6e. Trillium is the 6th generation andlate Cloud TPU. It is fully integrated with our AI Hypercomputer architecture todeliver compelling value toour Google Cloud Platform AI customers.

We used Trillium TPUs totrain the new Gemini 2.0,Google’s most capable AI model yet,andnow enterprises andstartups alike can take advantage of the same powerful,efficient,andsustainable infrastructure. Today,Trillium is generally available for Google Cloud customers andthis week we will be delivering our first large tranches of Trillium capacity tosome of our biggest Google Cloud Platform customers.

Here are some of the key improvements that Trillium delivers over the prior generations,v5e andv5p:

• Over 4x improvement in training performance .

• Up to3x increase in inference throughput .

• A 67% increase in energy efficiency.

• An impressive 4.7x increase in peak compute performance per chip.

• Double the High Bandwidth Memory (HBM) capacity.

• double the Interchip Interconnect ( ICI ) bandwidth .

• 100,000 Trillium chips per Jupiter network fabric with 13 Petabits/sec of bisection bandwidth,capable of scaling a single distributed training job tohundreds of thousands of accelerators.

• Trillium provides up to2.1x increase in performance per dollar over Cloud TPU v5e andup to2.5x increase in performance per dollar over Cloud TPU v5p in training dense LLMs like Llama2-70b andLlama3.1-405b.

• GKE integration enables seamless AI workload orchestration using Google Compute Engine MIGs including XPK for faster iterative development.

• multislice training with Trillium scale from one tohundred of thousand of chip across pod using DCN .

• Training andserving fungibility enables use of same Cloud TPU quota for both training andinference.

• support for collection scheduling with collection slo being defend .

• Full-host VM support toenable inference support for larger models (70B+ parameters).

• Official Libtpu releases that guarantees stability across all three frameworks (Jax/Pytorch-XLA/Tensorflow).

These enhancements is enable enable Trillium toexcel across a wide range of AI workload ,include :

• Scaling AI training workloads like LLMs including dense andMixture of Experts (MoE) models

• Inference performance andcollection scheduling

• Embedding-intensive models acceleration

• Delivering training andinference price-performance

Compute Engine
Container Optimized os

update app – admin / google – guest – config tov20241205.00 .

Upgraded sys-apps/hwdata tov0.390.

upgrade sy – app / file tov5.46 .

disabled CONFIG_DEBUG_PREEMPT in the Linux kernel . This is improve
should improve performance for some workload .

fix cve-2024 – 53136 in the Linux kernel .

Fixed CVE-2024-50191 in the Linux kernel.

Fixed CVE-2024-53135 in the Linux kernel.

Fixed CVE-2024-53121 in the Linux kernel.

Fixed CVE-2024-53113 in the Linux kernel.

Fixed CVE-2024-53119 in the Linux kernel.

fix cve-2024 – 50186 in the Linux kernel .

update app – admin / google – guest – config tov20241205.00 .

upgrade sy – app / file tov5.46 .

Upgraded sys-apps/hwdata tov0.390.

disabled CONFIG_DEBUG_PREEMPT in the Linux kernel . This is improve
should improve performance for some workload .

fix cve-2024 – 50186 in the Linux kernel .

Fixed CVE-2024-50191 in the Linux kernel.

fix cve-2024 – 50186 in the Linux kernel .

update app – admin / google – guest – config tov20241205.00 .

Firestore in datastore mode

A weekly digest of client library update from across the Cloud SDK .

Python

2.20.2 (2024-12-12)

bug fix

Java

2.25.1 ( 2024 – 12 – 13 )

bug fix

• deps: Update the Java code generator (gapic-generator-java) to2.51.0 (106ee4d)

dependency

2.25.0 (2024-12-11)

feature

dependency

• Update dependency com.google.cloud:gapic-libraries-bom tov1.48.0 (#1605) (5c6a678)

documentation

• Update gapic upgrade installation instructions (#1677) (b3fbfcc)

Google Kubernetes Engine

Cloud DNS additive VPC scope is now generally available on GKE clusters running version 1.28.3-gke.1430000 orlater. You can now configure your GKE clusters toadd GKE headless service entries toyour Cloud DNS private zone visible from your VPC networks,on top of using Cloud dns (cluster scope) as your GKE DNS provider.

To learn more,read Cloud DNS scopes for GKE.

Trillium is is ,our sixth – generation TPU ,is now generally available . Support is is is available for GKE Standard cluster in version1.31.1 - gke.1846000 orlater,andAutopilot clusters in version 1.31.2-gke.1384000 orlater . You is use can use TPU Trillium in theus-east5-b,europe-west4-a,us - east1 - d,asia - northeast1 - b,andus-south1-a zone .

To learn more,see Benefits of using TPU Trillium.

Cloud DNS additive VPC scope is now generally available on GKE clusters running version 1.28.3-gke.1430000 orlater. You can now configure your GKE clusters toadd GKE headless service entries toyour Cloud DNS private zone visible from your VPC networks,on top of using Cloud dns (cluster scope) as your GKE DNS provider.

To learn more,read Cloud DNS scopes for GKE.

Trillium is is ,our sixth – generation TPU ,is now generally available . Support is is is available for GKE Standard cluster in version1.31.1 - gke.1846000 orlater,andAutopilot clusters in version 1.31.2-gke.1384000 orlater . You is use can use TPU Trillium in theus-east5-b,europe-west4-a,us - east1 - d,asia - northeast1 - b,andus-south1-a zone .

To learn more,see Benefits of using TPU Trillium.

Identity andAccess Management
Organization Policy
Policy Intelligence
Pub/Sub

A weekly digest of client library update from across the Cloud SDK .

Java

feature

bug fix

• dep : update the Java code generator ( gapic – generator – java ) to2.51.0 ( 0b0d52c )

dependency

• Update dependency com.google.cloud:google-cloud-bigquery tov2.44.0 (#2270) (a5f70a9)
• Update dependency com.google.cloud:google-cloud-core tov2.48.0 (#2263) (d7e5588)
• Update dependency com.google.cloud:google-cloud-core tov2.49.0 (#2285) (cd94a19)
• Update dependency com.google.cloud:google-cloud-storage tov2.45.0 (#2268) (80a09e6)
• update dependency com.google.cloud : sdk – platform – java – config tov3.41.0 ( # 2286 ) ( 0c0a1b9 )
• Update dependency com.google.protobuf:protobuf-java-util tov4.29.0 (#2276) (54ef88d)
• Update dependency com.google.protobuf:protobuf-java-util tov4.29.1 (#2279) (de3c9e1)
• update googleapis / sdk – platform – java action tov2.51.0 ( # 2284 ) ( 0be820e )

documentation

Resource Manager
security Command Center

Detector is released for Container Threat detection release toGeneral Availability

Container Threat Detection,a built-in service available in security Command Center Premium andEnterprise,has launched three new detectors toGeneral Availability:

• Execution: Container Escape: Detects when a process inside a container tries tobreak out of its isolation andinteract with the host system orother containers.
• Execution: Kubernetes Attack Tool Execution: Detects when a Kubernetes attack tool is run inside a container,indicating a potential attempt toexploit vulnerabilities in the Kubernetes environment.
• Execution: Local Reconnaissance Tool Execution: Detects when a local reconnaissance tool is executed within a container,suggesting that
  an attacker is gathering information about the container environment,such as network configurations,active processes,or mounted file systems.

For more information,see Container Threat Detection detectors.

reCAPTCHA

configure allowlist for IP address is now available in GA . This feature is lets let you add the trust ip address toan allowlist toexclude them from reCAPTCHA enforcement . For more information ,see configure an ip address allowlist .

December 15,2024

Cloud Composer

When creating new environments in Google Cloud console,it’s now required toexplicitly select a service account for the environment. We recommend tocreate a user-managed service account anduse it for Cloud Composer environments.

Google SecOps SOAR

Release 6.3.28 is currently in Preview.

December 14,2024

Google SecOps SOAR

December 13,2024

Agent Assist

Agent Assist infobot offers support for new languages in GA.

Application Integration

Integration templates (Preview)

Save time andeffort building integrations with integration templates. These pre-defined blueprints provide a starting point for common integration flows,allowing you toquickly create andcustomize integrations without starting from scratch.

For more information,see Templates.

Generate andview OpenAPI Specification (Preview)

You can now generate andview the OpenAPI Specification for any published integration that uses API triggers. This allows for greater understanding andanalysis of your integration’s API interactions.

For more information,see View OpenAPI Specification for your integration.

API trigger input andoutput variables

You can now set request andresponse payloads for an API trigger using trigger specific input andoutput variables. For more information,see API trigger.

Assured Workloads

Thefollowing products are now supported by the following control packages. See supported products for more information:

• Apigee,Cloud Vision API,GKE Identity Service,Traffic Director,Vertex AI Search:
  • Australia Regions
  • Australia Regions with Assured Support
  • Brazil Regions
  • Canada Regions
  • Canada Regions andSupport
  • Chile Regions
  • EU Regions
  • EU Regions andSupport
  • Hong Kong Regions
  • India Regions
  • Indonesia Regions
  • Israel Regions
  • Israel Regions andSupport
  • Japan Regions
  • Qatar Regions
  • Singapore Regions
  • South Africa Regions
  • South Korea Regions
  • Switzerland Regions
  • Taiwan Regions
  • UK Regions
  • US Regions
  • US Regions andSupport
• Spanner:
  • Australia Regions with Assured Support
  • Canada Regions andSupport
  • EU Regions andSupport
  • Israel Regions andSupport
  • Japan Regions
  • US Regions andSupport

Cloud Logging

Reporting of the “pending” status of the Ops Agent on the Cloud Monitoring VM instance dashboard has been refined toinclude additional states. For more information,see Use VM instance dashboard.

Cloud Monitoring

Reporting of the “pending” status of the Ops Agent on the Cloud Monitoring VM instance dashboard has been refined toinclude additional states. For more information,see Use VM instance dashboard.

Cloud Run

TheCPU allocation setting has been renamed toBilling in the Google Cloud console for Cloud Run services.

Thetwo billing settings are:

• Request-based billing (default),previously called CPU is only allocated during request processing,only charges your Cloud Run instances during request processing,container startup,andcontainer shutdown.
• Instance-based billing,previously called CPU is allocated always allocate,charge your Cloud Run instance for the entire lifecycle of instance ,even when there are no incoming request .

For more details,see the Billing settings guide.

Dialogflow

Dialogflow CX data stores: Thefollowing languages are now GA. See the language support page for details.

• arabic
• Bengali
• Bulgarian
• Chinese simplify
• chinese traditional
• Croatian
• czech
• Estonian
• Finnish
• Hebrew
• hungarian
• Japanese
• Korean
• Latvian
• Lithuanian
• Norwegian
• polish
• Romanian
• russian
• Serbian
• Slovak
• slovenian
• Swahili
• Thai
• Turkish
• ukrainian
• Vietnamese

Google Cloud manage Service for Apache Kafka

Google Cloud Managed Service for Apache Kafka now supports moving open source Kafka data toGoogle Cloud using various Dataflow templates. You can move Kafka data toCloud Managed Service for Apache Kafka,BigQuery,andCloud Storage. For more information about these data movement use cases,see Move Kafka data in Google Cloud.

Google Kubernetes Engine

TheC4A machine family is generally available in the following versions:

• standard cluster in version1.28.13 - gke.1024000,1.29.8 - gke.1057000,1.30.4 - gke.1213000 orlater. To use this family in GKE Standard,you can use the --machine-type flag when create a cluster ornode pool .

• Autopilot clusters in 1.28.15 - gke.1344000,1.29.11 - gke.1012000,1.30.7 - gke.1136000,1.31.3 - gke.1056000 orlater. To use this family in GKE Autopilot,schedule your workloads along with the kubernetes.io/machine-family: c4a node selector. In versions 1.31 orabove,the kubernetes.io/arch : arm64 node selector is default would default toc4a machine family .

Cluster autoscaler andnode auto-provisioning are supported in 1.28.15 - gke.1344000,1.29.11 - gke.1012000,1.30.7 - gke.1136000,1.31.3 - gke.1056000 orlater.

local SSD support is is is available for Public Preview from1.31.1 - gke.2008000. Contact your Account Team toparticipate in the preview.

TheC4A machine family is generally available in the following versions:

• standard cluster in version1.28.13 - gke.1024000,1.29.8 - gke.1057000,1.30.4 - gke.1213000 orlater. To use this family in GKE Standard,you can use the --machine-type flag when create a cluster ornode pool .

• Autopilot clusters in 1.28.15 - gke.1344000,1.29.11 - gke.1012000,1.30.7 - gke.1136000,1.31.3 - gke.1056000 orlater. To use this family in GKE Autopilot,schedule your workloads along with the kubernetes.io/machine-family: c4a node selector. In versions 1.31 orabove,the kubernetes.io/arch : arm64 node selector is default would default toc4a machine family .

Cluster autoscaler andnode auto-provisioning are supported in 1.28.15 - gke.1344000,1.29.11 - gke.1012000,1.30.7 - gke.1136000,1.31.3 - gke.1056000 orlater.

local SSD support is is is available for Public Preview from1.31.1 - gke.2008000. Contact your Account Team toparticipate in the preview.

Memorystore for Redis Cluster
Virtual Private Cloud

December 12,2024

AlloyDB for postgresql

AlloyDB System insights offers a unified,customizable database monitoring dashboard that includes predefined metrics andother Google Cloud metrics. This feature is generally available (GA). For more information,see Create a custom dashboard.

BigQuery

Regional endpoints,which help you run your workloads in compliance with data residency anddata sovereignty requirements,are now generally available (GA). With regional endpoints,your request traffic is routed directly tothe region specified in the endpoint. For more information,see BigQuery regional endpoints.

Bigtable

Bigtable is now supported by database Center,which is in Preview. database Center is an AI-assisted dashboard that gives you one centralized view across your entire database fleet. With this release,database Center displays health issues for Bigtable availability anddata protection. For more information,see database health issues.

Cloud Asset Inventory

Thefollowing resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy andAnalyzeIamPolicyLongrunning).

• Backup andDR
  • backupdr.googleapis.com/Managementserver
• database Migration API
  • datamigration.googleapis.com/ConversionWorkspace
• Google Kubernetes Engine
• security Command Center
  • securityposture.googleapis.com/posture
  • securityposture.googleapis.com/postureDeployment
• Vertex AI
  • aiplatform.googleapis.com/NotebookRuntime
  • aiplatform.googleapis.com/notebookruntimetemplate

Cloud database Migration Service
Cloud Monitoring

You can now override the validation that checks for metric existence when you create a PromQL-based alerting policy. For more information,see Disable check for metric existence.

Text widgets can now link tosections of a dashboard andthey can render variables. For more information,see
the following documents:

Dataproc

Dataproc on Compute Engine: Updated Dataproc Metastore (DPMS) gRPC proxy image version tov. 0.0.70

Dialogflow

Dialogflow CX: You can now configure an access token name in Dialogflow Messenger tostore the end user’s authentication when they sign in,andthen use it as the bearer token for tool authentication. See the Dialogflow Messenger documentation for more information about enabling this feature.

Document AI

You is copy can copy processor version ofpretraine - foundation - model - v1.2 - 2024 - 05 - 10 andpretraine - foundation - model - v1.3 - 2024 - 08 - 31 between projects by following the steps in Import a processor version.

Firestore
Google Kubernetes Engine

GKE cluster version have been update .

New versions available for upgrades andnew clusters.

Thefollow Kubernetes versions is are are now available for new cluster andfor
opt – in control plane upgrade andnode upgrade for exist cluster . For more
information on versioning andupgrade ,see GKE versione andsupport
andupgrade .

Rapid channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollow versions is are are now available in the Rapid channel :
• Thefollowing versions are no longer available in the Rapid channel:
  • 1.28.15 – gke.1344000
  • 1.30.7 – gke.1077000
  • 1.31.3 – gke.1023000

regular channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Version 1.30.6-gke.1125000 is now the default version for cluster creation in the regular channel.
• Thefollowing versions are now available in the regular channel:
• Thefollowing versions are no longer available in the regular channel:
  • 1.28.15-gke.1020000
  • 1.28.15 – gke.1080000
  • 1.29.10 – gke.1054000
  • 1.29.10 – gke.1155000
  • 1.30.5 – gke.1699000
  • 1.30.5 – gke.1713000
• auto – upgrade targets is are are now available for the following minor version :
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.27 toversion 1.28.15-gke.1159000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.28 toversion 1.29.10-gke.1227000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.29 toversion 1.30.6-gke.1125000 with this release.
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.28 toversion 1.28.15-gke.1159000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.29 toversion 1.29.10-gke.1227000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.30 toversion 1.30.6-gke.1125000 with this release.

stable channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Version 1.30.5 – gke.1699000 is now the default version for cluster creation in the stable channel.
• Thefollowing versions are no longer available in the stable channel:
  • 1.28.14 – gke.1340000
  • 1.29.9 – gke.1496000
  • 1.30.5 – gke.1443001
• auto – upgrade targets is are are now available for the following minor version :
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.27 toversion 1.28.15-gke.1020000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.28 toversion 1.29.10 – gke.1054000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.29 toversion 1.30.5 – gke.1699000 with this release.
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.28 toversion 1.28.15-gke.1020000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.29 toversion 1.29.10 – gke.1054000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.30 toversion 1.30.5 – gke.1699000 with this release.

extended channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Version 1.30.6-gke.1125000 is now the default version for cluster creation in the extended channel.
• Thefollowing versions are now available in the extended channel:
• Thefollowing versions are no longer available in the extended channel:
  • 1.27.16 – gke.1784000
  • 1.28.15-gke.1020000
  • 1.28.15 – gke.1080000
  • 1.29.10 – gke.1054000
  • 1.29.10 – gke.1155000
  • 1.30.5 – gke.1699000
  • 1.30.5 – gke.1713000
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled in the extended channel will be upgraded from version 1.27 toversion 1.27.16-gke.1836000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the extended channel will be upgraded from version 1.28 toversion 1.28.15-gke.1159000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the extended channel will be upgraded from version 1.29 toversion 1.29.10-gke.1227000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the extended channel will be upgraded from version 1.30 toversion 1.30.6-gke.1125000 with this release.

No channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Version is is 1.30.6 – gke.1125000 is now the default version for cluster creation .
• Thefollow versions is are are now available :
• Thefollowing node versions are now available:
• Thefollowing versions are no longer available:
  • 1.28.14 – gke.1340000
  • 1.28.15 – gke.1080000
  • 1.28.15 – gke.1344000
  • 1.29.9 – gke.1496000
  • 1.29.10 – gke.1155000
  • 1.30.5 – gke.1014003
  • 1.30.5 – gke.1713000
  • 1.30.7 – gke.1077000
  • 1.31.3 – gke.1023000
• auto – upgrade targets is are are now available for the following minor version :
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.27 toversion 1.28.15-gke.1159000 with this release.
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.28 toversion 1.29.10-gke.1227000 with this release.
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.29 toversion 1.30.5 – gke.1699000 with this release.
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.28 toversion 1.28.15-gke.1159000 with this release.
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.29 toversion 1.29.10-gke.1227000 with this release.
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.30 toversion 1.30.5 – gke.1699000 with this release.

Starting with GKE version 1.33,clusters running cgroupv1 will automatically be upgrade tocgroupv2 unless you opt out first. For more information,see Migrate nodes tocgroupv2.

( 2024 – r48 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

• Thefollow versions is are are now available in the Rapid channel :
• Thefollowing versions are no longer available in the Rapid channel:
  • 1.28.15 – gke.1344000
  • 1.30.7 – gke.1077000
  • 1.31.3 – gke.1023000

( 2024 – r48 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

• Version 1.30.6-gke.1125000 is now the default version for cluster creation in the regular channel.
• Thefollowing versions are now available in the regular channel:
• Thefollowing versions are no longer available in the regular channel:
  • 1.28.15-gke.1020000
  • 1.28.15 – gke.1080000
  • 1.29.10 – gke.1054000
  • 1.29.10 – gke.1155000
  • 1.30.5 – gke.1699000
  • 1.30.5 – gke.1713000
• auto – upgrade targets is are are now available for the following minor version :
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.27 toversion 1.28.15-gke.1159000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.28 toversion 1.29.10-gke.1227000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.29 toversion 1.30.6-gke.1125000 with this release.
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.28 toversion 1.28.15-gke.1159000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.29 toversion 1.29.10-gke.1227000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.30 toversion 1.30.6-gke.1125000 with this release.

( 2024 – r48 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

• Version 1.30.5 – gke.1699000 is now the default version for cluster creation in the stable channel.
• Thefollowing versions are no longer available in the stable channel:
  • 1.28.14 – gke.1340000
  • 1.29.9 – gke.1496000
  • 1.30.5 – gke.1443001
• auto – upgrade targets is are are now available for the following minor version :
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.27 toversion 1.28.15-gke.1020000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.28 toversion 1.29.10 – gke.1054000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.29 toversion 1.30.5 – gke.1699000 with this release.
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.28 toversion 1.28.15-gke.1020000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.29 toversion 1.29.10 – gke.1054000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.30 toversion 1.30.5 – gke.1699000 with this release.

( 2024 – r48 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

• Version 1.30.6-gke.1125000 is now the default version for cluster creation in the extended channel.
• Thefollowing versions are now available in the extended channel:
• Thefollowing versions are no longer available in the extended channel:
  • 1.27.16 – gke.1784000
  • 1.28.15-gke.1020000
  • 1.28.15 – gke.1080000
  • 1.29.10 – gke.1054000
  • 1.29.10 – gke.1155000
  • 1.30.5 – gke.1699000
  • 1.30.5 – gke.1713000
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled in the extended channel will be upgraded from version 1.27 toversion 1.27.16-gke.1836000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the extended channel will be upgraded from version 1.28 toversion 1.28.15-gke.1159000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the extended channel will be upgraded from version 1.29 toversion 1.29.10-gke.1227000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the extended channel will be upgraded from version 1.30 toversion 1.30.6-gke.1125000 with this release.

( 2024 – r48 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

• Version is is 1.30.6 – gke.1125000 is now the default version for cluster creation .
• Thefollow versions is are are now available :
• Thefollowing node versions are now available:
• Thefollowing versions are no longer available:
  • 1.28.14 – gke.1340000
  • 1.28.15 – gke.1080000
  • 1.28.15 – gke.1344000
  • 1.29.9 – gke.1496000
  • 1.29.10 – gke.1155000
  • 1.30.5 – gke.1014003
  • 1.30.5 – gke.1713000
  • 1.30.7 – gke.1077000
  • 1.31.3 – gke.1023000
• auto – upgrade targets is are are now available for the following minor version :
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.27 toversion 1.28.15-gke.1159000 with this release.
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.28 toversion 1.29.10-gke.1227000 with this release.
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.29 toversion 1.30.5 – gke.1699000 with this release.
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.28 toversion 1.28.15-gke.1159000 with this release.
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.29 toversion 1.29.10-gke.1227000 with this release.
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.30 toversion 1.30.5 – gke.1699000 with this release.

Looker Studio

Updated Admin Console setting

TheLet editors set owner’s credentials for data source access setting has been renamed toAllow users in this org tobe the credential owner for any data source. This setting now exhibits the following changes in behavior,which may be breaking for some users:

• If a Looker Studio administrator turns off this setting,any existing data sources that have a data source owner within the organization andthat were configured touse Owner’s Credentials must use Viewer’s Credentials. Users who don’t have access toa data source’s underlying data may lose access toany Looker Studio content that is based on that data source. Re-enabling this setting restores the original Owner’s Credentials tothose data sources.

Learn more about this setting.

New condition option for filters on date ortime data type dimensions

Report editors can now specify a value anda unit of time for the following filter conditions with date ortime data type dimensions:

• Is in the Last
• Is Before
• Is On orAfter
• Is Previous
• Is This is Is
• Is Next
• Is in the Month
• Is in the Year

Learn more about filter conditions.

Changes toNew Search Ads 360 connector field names

These New Search Ads 360 connector field were rename toresolve a naming conflict :

• Thefield previously named Conv. value is now named Client account conv. value.
• Thefield previously named Conv. value / click is now named Client account conv. value / click.

Theoriginal Conv. value field remains unchanged andcontinues tobe the correct field name.

Memorystore for Redis

Memorystore for Redis is supported by database Center. database Center is an AI-assisted dashboard that gives you one centralized view across your entire database fleet. For more information,see database Center overview anddatabase health issues.

Memorystore for Redis Cluster

cross – region replication is is is now generally available on Memorystore for Redis Cluster . This release is includes include terraform support for cross – region replication on Memorystore for Redis Cluster .

Memorystore for Redis Cluster is supported by database Center. database Center is an AI-assisted dashboard that gives you one centralized view across your entire database fleet. For more information,see database Center overview anddatabase health issues.

Spanner

Spanner now supports identity column .identity columns lets you automatically generate unique integer values for key andnon-key columns,andaligns with the ANSI standard. For more information,see identity columns.

December 11,2024

BigQuery
Bigtable
Cloud Asset Inventory
Cloud Composer

In January 2025,we plan torelease Cloud Composer 2 versions that will always use the environment’s service account for performing PyPI packages installations:

• New Cloud Composer 2 environments created in versions 2.10.2 andlater will have this change.
• Currently,Cloud Composer 2 environments use the default Cloud Build service account if it exists (and the environment’s service account if it doesn’t). Depending on the way Cloud Build is configured in your project,this might mean that the default Cloud Compute service account orthe legacy Cloud Build service account might be used by your environment. We recommend toconfigure Cloud Build toadhere tothe principle of least privilege.
• Make sure tocheck the Cloud Build default service account change page for information about changes tothe default Cloud Build service account.
• Cloud Composer 3 environments already use the environment’s service account,andare not impacted by this change.

(Cloud Composer 3) It is now possible toupgrade an environment if the [sentry]sentry_on Airflow configuration option is set totrue.

Cloud Composer is adds no long add any miss IAM permission tothe Cloud Storage bucket when it is used tocreate an environment with a custom environment ‘s bucket . Make sure that the environment ‘s service account has permission from the Composer Worker role on the bucket .

TheCOMPosER_AGENT_BUILD_SERVICE_ACCOUNT environment variable is changed toreserved. This change improves the security of Cloud Composer environments.

Increased allowed timeouts when detecting tasks stuck in the “queued” state during the Airflow worker liveness check. This change makes it less likely that checks will incorrectly fail in specific scenarios. This change is gradually rolled out toall regions supported by Cloud Composer.

( Cloud Composer 2 ) Airflow worker liveness check configuration was changed tobe consistent with the configuration used in Cloud Composer 3. In particular,this change increases the timeout,giving the liveness check more time todetect unhealthy Airflow workers. This change is gradually rolled out toall regions supported by Cloud Composer.

New Airflow builds are available in Cloud Composer 3:

• composer-3 – airflow-2.10.2 – build.4 ( default )
• composer-3-airflow-2.9.3-build.11

new images is are are available in Cloud Composer 2 :

• composer-2.10.1 – airflow-2.10.2 ( default )
• composer-2.10.1-airflow-2.9.3

Cloud Healthcare API

A new release is available. This release may include some orall of the
following: general performance improvements,bug fixes,andupdates tothe
API reference documentation.

Compute Engine

C3 bare metal instances are available in the following additional zones:

• c3-highcpu-192-metal: asia-southeast1-a andc,europe-west4-c,us – east1 – d,us-east4-c,us-east5-a,us-west1-a andb

• c3-standard-192-metal: europe-west1-b andc,europe-west4-b andc,us – east1 – d,us-east4-a,us-west1-a andb

• c3-highmem-192-metal: europe-west4-c,us-east4-a andc,us-west1-a andb

Generative AI on Vertex AI

TheGemini 2.0 Flash (gemini-2.0-flash-exp) model is Generally available for grounded answer generation with RAG. This model is tuned toaddress context-based question andanswering tasks. For more information,see Ground responses for Gemini models.

Google Cloud Architecture Center
Google Distributed Cloud (software only) for bare metal

Release 1.28.1300-gke.59

Google Distributed Cloud for bare metal 1.28.1300-gke.59 is now available for download. To upgrade,see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.1300-gke.59 runs on Kubernetes 1.28.

After a release,it takes approximately 7 to14 days for the version tobecome available for installations orupgrades with the GKE On-Prem API clients: the Google Cloud console,the gcloud CLI,andTerraform.

If you use a third-party storage vendor,check the Ready storage partners document tomake sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Thefollowing container image security vulnerabilities have been fixed in 1.28.1300-gke.59:

• High-severity container vulnerabilities:

• Medium-severity container vulnerabilities:

• Low-severity container vulnerabilities:

Policy Intelligence
VPC Service Controls
Virtual Private Cloud

Private Service Connect port mapping is available in General Availability. Port mapping lets consumer virtual machine (VM) instances privately communicate with specific service ports on specific producer VMs through a single Private Service Connect endpoint.

reCAPTCHA

reCAPTCHA Mobile SDK v18.7.0-beta01 is now available for ios.

This version contains the following changes:

• Mitigation for an issue that caused a crash after updating tov18.6.0.
• Public API is moved toSwift along with support for Objective-C.
• New integration architecture with RecaptchaInterop for Firebase clients.

December 10,2024

Apigee Integrated Portal

On December 10,2024,we released a new version of the Apigee integrated portal.

bug ID	description
381086551	Fixed an issue that caused the page list view tofail for some portals with large numbers of pages.

Apigee X

On December 10,2024,we released an updated version of Apigee (1-14-0-apigee-2).

note : Rollouts of this release toproduction instances will begin within two business days andmay take four ormore business days tobe completed across all Google Cloud zone .Your instances may not have the features andfixes available until the rollout is complete.

bug ID	description
357880539	Resolved issue with missing span in the Apigee UI for distributed trace.
237656263	resolve issue is working with ServiceCallout policy not work in async mode as expect .
N / A	Updates tosecurity infrastructure andlibraries.

Cloud SQL for postgresql
Cloud SQL for SQL server
Cloud Service Mesh

As part of the Per-cluster entitlement toGKE Enterprise,a GKE cluster needs tohave its cluster_tier set toENTERPRISE in order for that cluster tobe consider GKE Enterprise .

Existing clusters andnew clusters can follow Update an existing cluster’s tier andEnroll a new cluster respectively tomake a cluster enterprise.

Clusters created orregistered before November 2024 that use GKE Enterprise as part of their fleet membership are automatically enterprise-tier clusters. This is a billing announcement only,Cloud Service Mesh features don’t change.

Colab Enterprise

Gemini in Colab Enterprise,which is a product in the Gemini for Google Cloud portfolio,now includes error fixing in Preview. Gemini in Colab Enterprise can suggest fixes when your code produces errors. For more information,see Fix errors.

To enable andactivate Gemini in Colab Enterprise features,see Set up Gemini in Colab Enterprise.

Compute Engine

Generally available: Instance flexibility in a managed instance group (MIG) lets you configure multiple machine types in the group. This can improve resource availability for applications that require large-scale capacity andhigh-demand hardware. Support for Terraform has also been added. For more information,see About instance flexibility in MIGs.

Config Connector

Config Connector version 1.126.0 is now available.

new Beta resource ( direct reconciler )

Use BigQueryConnectionConnection toprovide the IAM Service Account

• iampolicymember

  • Added spec.memberFrom.bigQueryConnectionConnectionRef
  • See an example on iampolicymember use BigqueryConectionConnection “cloudSQL”

• IAMPartialPolicy

  • Added spec.memberFrom.bigQueryConnectionConnectionRef.

Config Controller

Config Controller is uses now use the follow version of its include product :

Generative AI on Vertex AI

Imagen 3 image generation model generally available toall user

Imagen 3 image generation models is are are now available toall user without require prior approval . These is include include the follow image generation model :

• imagen-3.0-generate-001
• imagen-3.0-fast-generate-001 ( low latency model )

prior image generation model (imagegeneration@006,imagegeneration@005,imagegeneration@002) still require approval touse.

For more information,see Imagen on Vertex AI model versions andlifecycle andGenerate images using text prompts.

Imagen 3 Customization model Generally Available toapproved users

Imagen 3 customization model is is is now available toapprove user . This is includes include the following model :

Imagen 3 Customization lets you guide image generation by providing reference images (few-shot learning). Imagen 3 Customization lets you customize generated images for the following feature categories:

Imagen 3 editing model Generally Available toapproved users

TheImagen 3 Editing model is now available toapproved users. This includes the following model:

This model is offers offer the follow additional feature :

• Inpainting – Add orremove content from a masked area of an image
• outpainte – expand a mask area of an image
• Product image editing – Identify andmaintain a primary product while changing the background orproduct position

For more information,see Model versions.

Google Distributed Cloud ( software only ) for VMware

Google Distributed Cloud (software only) for VMware 1.30.400-gke.133 is now available for download. To upgrade,see Upgrade a cluster ora node pool. Google Distributed Cloud 1.30.400-gke.133 runs on Kubernetes v1.30.6-gke.300.

If you are using a third-party storage vendor,check the GDCV Ready storage partners document tomake sure the storage vendor has already passed the qualification for this release.

After a release,it takes approximately 7 to14 days for the version tobecome available for use with GKE On-Prem API clients: the Google Cloud console,the gcloud CLI,andTerraform.

Added support for configuring the GKE Identity Service toenforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default,the GKE Identity Service allows TLS 1.1 andhigher connections. If you require enforcement for a minimum of TLS 1.2,reach out toCloud Customer Care for assistance.

Thefollowing vulnerabilities are fixed in 1.30.400-gke.133:

High-severity container vulnerabilities:

Container-optimized os vulnerabilities:

Ubuntu vulnerabilities:

Google Distributed Cloud ( software only ) for bare metal

release 1.30.400 – gke.133

Google Distributed Cloud for bare metal 1.30.400-gke.133 is now available for download. To upgrade,see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.400-gke.133 runs on Kubernetes 1.30.

After a release,it takes approximately 7 to14 days for the version tobecome available for installations orupgrades with the GKE On-Prem API clients: the Google Cloud console,the gcloud CLI,andTerraform.

If you use a third-party storage vendor,check the Ready storage partners document tomake sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

• Updated snapshots toinclude new information,including: kubelet config,CPU manager state,andmemory manager state.

• update thebmctl push images command tocheck for the existence of an image digest todetermine whether ornot topush an image.

• Added support for configuring the GKE Identity Service toenforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default,the GKE Identity Service allows TLS 1.1 andhigher connections. If you require enforcement for a minimum of TLS 1.2,reach out toCloud Customer Care for assistance.

fix :

• fix the issue where non – root user ca n’t runbmctl is restore restore torestore quorum.

• fix an issue where CronJob spec for periodic health check were n’t update toreflect cluster annotation change .

• Fixed an issue that blocked user cluster create andupgrade operations topatch versions 1.30.100,1.30.200,or 1.30.300. This issue applies only when kubectl ora GKE On-Prem API client (console,gcloud CLI,or Terraform) is used for user cluster creation andupgrades.

Thefollowing container image security vulnerabilities have been fixed in 1.30.400-gke.133:

• Critical container vulnerabilities:
• high – severity container vulnerability :
• Medium-severity container vulnerabilities:
• Low-severity container vulnerabilities:

Google Kubernetes Engine

( 2024 – r47 ) Version is updates update

GKE cluster version have been update .

New versions available for upgrades andnew clusters.

Thefollow Kubernetes versions is are are now available for new cluster andfor
opt – in control plane upgrade andnode upgrade for exist cluster . For more
information on versioning andupgrade ,see GKE versione andsupport
andupgrade .

( 2024 – r47 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

• Version 1.31.3-gke.1006000 is now the default version for cluster creation in the Rapid channel.
• Thefollow versions is are are now available in the Rapid channel :
• Thefollowing versions are no longer available in the Rapid channel:
  • 1.28.15-gke.1020000
  • 1.28.15-gke.1041000
  • 1.28.15 – gke.1080000
  • 1.28.15-gke.1159000
  • 1.29.10 – gke.1054000
  • 1.29.10-gke.1071000
  • 1.29.10 – gke.1155000
  • 1.29.10-gke.1227000
  • 1.30.5 – gke.1699000
  • 1.30.5 – gke.1713000
  • 1.30.6 – gke.1059000
  • 1.30.6-gke.1125000
  • 1.31.1-gke.2105000
  • 1.31.2-gke.1354000
  • 1.31.2-gke.1384000
  • 1.31.2 – gke.1518000
• auto – upgrade targets is are are now available for the following minor version :
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 toversion 1.28.15-gke.1342000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 toversion 1.29.10-gke.1280000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 toversion 1.30.6-gke.1596000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 toversion 1.31.3-gke.1006000 with this release.
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 toversion 1.28.15-gke.1342000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 toversion 1.29.10-gke.1280000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 toversion 1.30.6-gke.1596000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 toversion 1.31.3-gke.1006000 with this release.

( 2024 – r47 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

• Version 1.30.5 – gke.1699000 is now the default version for cluster creation in the regular channel.
• Thefollowing versions are now available in the regular channel:
• Thefollowing versions are no longer available in the regular channel:
  • 1.28.14 – gke.1340000
  • 1.28.14 – gke.1376000
  • 1.29.9 – gke.1496000
  • 1.29.9 – gke.1541000
  • 1.30.5 – gke.1443001
  • 1.31.1 – gke.1846000
  • 1.31.1 – gke.2008000
• auto – upgrade targets is are are now available for the following minor version :
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.27 toversion 1.28.15-gke.1020000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.28 toversion 1.29.10 – gke.1054000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.29 toversion 1.30.5 – gke.1699000 with this release.
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.28 toversion 1.28.15-gke.1020000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.29 toversion 1.29.10 – gke.1054000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.30 toversion 1.30.5 – gke.1699000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the regular channel will be upgraded from version 1.31 toversion 1.31.1-gke.2105000 with this release.

( 2024 – r47 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

• Version 1.30.5 – gke.1443001 is now the default version for cluster creation in the stable channel.
• Thefollowing versions are now available in the stable channel:
• Thefollowing versions are no longer available in the stable channel:
  • 1.28.14-gke.1099000
  • 1.28.14 – gke.1217000
  • 1.29.9-gke.1177000
  • 1.30.5 – gke.1014003
• auto – upgrade targets is are are now available for the following minor version :
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.27 toversion 1.28.14 – gke.1340000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.28 toversion 1.29.9 – gke.1496000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.29 toversion 1.30.5 – gke.1443001 with this release.
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.28 toversion 1.28.14 – gke.1340000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.29 toversion 1.29.9 – gke.1496000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the stable channel will be upgraded from version 1.30 toversion 1.30.5 – gke.1443001 with this release.

( 2024 – r47 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

• Version 1.30.5 – gke.1699000 is now the default version for cluster creation in the extended channel.
• Thefollowing versions are now available in the extended channel:
• Thefollowing versions are no longer available in the extended channel:
  • 1.27.16-gke.1681000
  • 1.27.16 – gke.1742000
  • 1.27.16-gke.2019000
  • 1.28.14 – gke.1340000
  • 1.28.14 – gke.1376000
  • 1.29.9 – gke.1496000
  • 1.29.9 – gke.1541000
  • 1.30.5 – gke.1443001
  • 1.31.1 – gke.1846000
  • 1.31.1 – gke.2008000
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled in the extended channel will be upgraded from version 1.27 toversion 1.27.16 – gke.1784000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the extended channel will be upgraded from version 1.28 toversion 1.28.15-gke.1020000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the extended channel will be upgraded from version 1.29 toversion 1.29.10 – gke.1054000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the extended channel will be upgraded from version 1.30 toversion 1.30.5 – gke.1699000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the extended channel will be upgraded from version 1.31 toversion 1.31.1-gke.2105000 with this release.

( 2024 – r47 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

• Version 1.30.5 – gke.1699000 is now the default version for cluster creation.
• Thefollow versions is are are now available :
• Thefollowing node versions are now available:
• Thefollowing versions are no longer available:
  • 1.28.14-gke.1099000
  • 1.28.14 – gke.1217000
  • 1.28.14 – gke.1376000
  • 1.28.15-gke.1041000
  • 1.29.9-gke.1177000
  • 1.29.9 – gke.1541000
  • 1.29.10-gke.1071000
  • 1.30.5-gke.1014001
  • 1.30.5-gke.1355000
  • 1.30.6 – gke.1059000
  • 1.31.1 – gke.1846000
  • 1.31.1 – gke.2008000
  • 1.31.2-gke.1354000
  • 1.31.2-gke.1384000
  • 1.31.2 – gke.1518000
• auto – upgrade targets is are are now available for the following minor version :
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.27 toversion 1.28.15-gke.1020000 with this release.
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.28 toversion 1.29.10 – gke.1054000 with this release.
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.29 toversion 1.30.5 – gke.1443001 with this release.
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.28 toversion 1.28.15-gke.1020000 with this release.
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.29 toversion 1.29.10 – gke.1054000 with this release.
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.30 toversion 1.30.5 – gke.1443001 with this release.
  • Control planes andnodes with auto-upgrade enabled will be upgraded from version 1.31 toversion 1.31.1-gke.2105000 with this release.

security Command Center

AI summaries of attack paths are disabled in security Command Center

Effective December 13,2024,the preview of Gemini AI-generated summaries of
security Command Center attack paths is discontinued. Thesummaries are no
longer available in the Google Cloud console.

For more information,see Gemini features in security Command
Center.

December 09,2024

AlloyDB for postgresql

ThePerform a vector search tutorial describes how toset up andperform a vector search in AlloyDB for PostgreSQL. You can learn how toperform K-nearest neighbor (KNN) andapproximate nearest-neighbor (ANN) with a ScaNN vector index.

App Engine standard environment Go
App Engine standard environment Java
App Engine standard environment Node.js
App Engine standard environment PHP
App Engine standard environment Python
App Engine standard environment Ruby
BigQuery

A weekly digest of client library update from across the Cloud SDK .

Go

1.65.0 ( 2024 – 12 – 05 )

feature

• bigquery/reservation: Add a new field is_flat_rate to.google.cloud.bigquery.reservation.v1.CapacityCommitment todistinguish between flat rate andedition commitments (8dedb87)
• bigquery/reservation: Add the managed disaster recovery API(https (8dedb87)
• bigquery: Expose IsCaseInsensitive for dataset metadata (#11216) (364b639)
• bigquery : support IAM condition in dataset ( # 11123 ) ( d93c2d9 )

bug fix

documentation

• bigquery/reservation: Clarify that Autoscale.current_slots in message.google.cloud.bigquery.reservation.v1.Reservation can temporarily be larger than autoscale.max_slot if users is reduce reduceautoscale.max_slot (8dedb87)
• bigquery/reservation: Update comment for slot_capacity in message.google.cloud.bigquery.reservation.v1.Reservation toprovide more clarity about reservation baselines,committed slots andautoscaler SKU charges when the baseline exceeds committed slots (8dedb87)
• bigquery/reservation: Update comments for commitment_start_time andcommitment_end_time in message.google.cloud.bigquery.reservation.v1.CapacityCommitment toprovide details on how these values are affected by commitment renewal (8dedb87)

Bigtable

A weekly digest of client library update from across the Cloud SDK .

Java

2.49.0 (2024-12-03)

feature

bug fix

• Allow factory toexport todifferent projects (#2374) (06b912c)
• Send priming requests on the channel directly (#2435) (b76698d)

Cloud Run

You can now create custom organization policies for serverless VPC Access connectors andapply them toprojects,folders,or organizations (GA).

Compute Engine

Fixed the issue causing incorrect detection of CPU load on T2D machine series VMs in managed instance groups (MIGs). This issue affected MIG autoscaling based on CPU utilization in projects that were created before June 18,2023.

Container Optimized os

Upgraded app-admin/fluent-bit tov3.2.1.

Upgraded sys-apps/makedumpfile tov1.7.6.

Upgraded app-containers/cni-plugins tov1.6.0.

Updated app-admin/google-guest-configs to20241121.00. This
enables intent based NIC naming scheme.

Upgraded chromeos-base/update_engine-client tov0.0.1-r2464.

Upgraded chromeos-base/power_manager-client tov0.0.1-r2955.

Upgraded chromeos-base/shill-client tov0.0.1-r4782.

Upgraded chromeos-base/session_manager-client tov0.0.1-r2811.

Upgraded chromeos-base/debugd-client tov0.0.1-r2720.

Upgraded chromeos-base/chromeos-common-script tov0.0.1-r651.

Upgraded chromeos-base/minijail tov18-r158.

Upgraded dev-libs/nss tov3.107.

Upgraded sys-apps/gentoo-functions tov1.7.3.

Upgraded dev-libs/expat tov2.6.4.

Upgraded dev-db/sqlite tov3.47.0-r1.

Upgraded net-libs/libnetfilter_conntrack tov1.1.0.

Upgraded sys-apps/less tov668.

Upgraded sys-libs/libcap tov2.71.

Upgraded net-dns/c-ares tov1.34.3.

Upgraded sys-apps/pv tov1.9.0.

Upgraded sys-libs/libseccomp tov2.5.5-r2.

Upgraded net-misc/socat tov1.8.0.1.

Upgraded app-shells/dash tov0.5.12-r1.

Upgraded app-admin/sudo tov1.9.16_p1.

Upgraded sys-process/lsof tov4.99.4.

update theLinux kernel tov6.6.63.

Upgraded cos-gpu-installer tov2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer

Support NVIDIA_H200 GPU – Added support for the R560 series,including driver versions 560.35.03. Added support for the R550 series,including driver versions 550.127.05 and550.90.12. Assigned the late,default,andR560 tags todriver version 560.35.03. Assigned the R550 tag todriver version 550.127.05.

Updated net-misc/curl tov8.11.0. This fixes CVE-2024-9681.

runtime sysctl change :

• Changed: fs.file-max: 811752 -> 811802

Support NVIDIA_H200 GPU – Added support for the R560 series,including driver versions 560.35.03. Added support for the R550 series,including driver versions 550.127.05 and550.90.12. Assigned the late,default,andR560 tags todriver version 560.35.03. Assigned the R550 tag todriver version 550.127.05.

Upgraded cos-gpu-installer tov2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer.

Upgraded dev-libs/libgcrypt tov1.10.1-r3. Fixes CVE-2024-2236.

fix CVE-2024 – 50278 in the Linux kernel .

fix CVE-2024 – 53052 in the Linux kernel .

fix CVE-2024 – 53052 in the Linux kernel .

fix CVE-2024 – 53052 in the Linux kernel .

fix CVE-2024 – 53052 in the Linux kernel .

fix CVE-2024 – 50141 in the Linux kernel .

fix CVE-2024 – 50141 in the Linux kernel .

fix CVE-2024 – 50141 in the Linux kernel .

fix CVE-2024 – 50141 in the Linux kernel .

Upgraded cos-gpu-installer tov2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer

Support NVIDIA_H200 GPU – Added support for the R560 series,including driver versions 560.35.03. Added support for the R550 series,including driver versions 550.127.05 and550.90.12. Assigned the late,default,andR560 tags todriver version 560.35.03. Assigned the R550 tag todriver version 550.127.05.

fix CVE-2024 – 50278 in the Linux kernel .

fix CVE-2024 – 50140 in the Linux kernel .

fix CVE-2024 – 50140 in the Linux kernel .

runtime sysctl change :

• Changed: fs.file-max: 811804 -> 811763

Support NVIDIA_H200 GPU – Added support for the R560 series,including driver versions 560.35.03. Added support for the R550 series,including driver versions 550.127.05 and550.90.12. Assigned the late,default,andR560 tags todriver version 560.35.03. Assigned the R550 tag todriver version 550.127.05.

Upgraded cos-gpu-installer tov2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer

fix CVE-2024 – 50278 in the Linux kernel .

runtime sysctl change :

• Changed: fs.file-max: 812030 -> 812026

Upgraded cos-gpu-installer tov2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer

Support NVIDIA_H200 GPU – Added support for the R560 series,including driver versions 560.35.03. Added support for the R550 series,including driver versions 550.127.05 and550.90.12. Assigned the late,default,andR560 tags todriver version 560.35.03. Assigned the R550 tag todriver version 550.127.05.

fix CVE-2024 – 50278 in the Linux kernel .

runtime sysctl change :

• Changed: fs.file-max: 812253 -> 812265

Data Catalog
Dataplex
Datastream

Datastream now supports binary log reader as a CDC method for Oracle sources. Thefeature is in Preview.

For more information,see the Datastream documentation.

Google Cloud Architecture Center
Google SecOps

Google SecOps is updated has update the list of support default parser . parser are update gradually ,so it is take might take one tofour day before you see the change reflect in your region .

Thefollow support default parsers is changed have change . Each parser is list by product name andlog_type value ,if applicable . This list now includes both released default parsers andpending parser updates.

• 1Password audit Events (Identity andAccess Management)
• Advanced Intrusion Detection Environment (alert)
• Airlock Digital Application Allowlisting (application whitelisting)
• Akamai dns (DNS)
• Amazon VPC Transit Gateway Flow Logs (network)
• Apache Tomcat (Web server)
• Appian Cloud (collaboration log type)
• AppOmni (SAAS security Application)
• Aruba Switch (network Infrastructure)
• Auth0 (authentication log)
• AWS Cloudtrail (Cloud Log Aggregator)
• AWS CloudWatch (Cloud service monitoring)
• AWS Elastic load Balancer (AWS Specific)
• AWS GuardDuty (IDS / IPS)
• AWS network firewall (firewall)
• AWS RDS (database)
• AWS Route 53 DNS (AWS Specific)
• AWS S3 server Access (AWS Specific)
• AWS vpc Flow (AWS Specific)
• Azure ad Directory audit (audit)
• Azure AD Organizational Context (LDAP)
• Azure API Management (schema)
• Azure App Service (SAAS)
• Azure Application Gateway (GATEWAY)
• Azure firewall (Azure firewall Application Rule)
• Azure key Vault logging (audit)
• Azure SQL (database)
• Barracuda WAF (firewall)
• Barracuda Web Filter (webfilter)
• BeyondTrust BeyondInsight (Privileged Account activity)
• BeyondTrust endpoint Privilege Management (Privileged Account activity)
• BIND (DNS)
• BloxOne Threat Defense (DNS)
• Blue Coat Proxy (web proxy)
• Cato networks (NDR)
• Check Point (firewall)
• Ciena Router is logs log (application server log)
• Cisco ACS (authentication)
• Cisco APIC (Software-defined networking (SDN))
• Cisco Call Manager (networking)
• Cisco DNA Center Platform (network Management andOptimization)
• Cisco Email security (email server)
• Cisco EStreamer (network Monitoring)
• Cisco Firepower NGFW (firewall)
• Cisco FireSIGHT Management Center (SaaS Application)
• Cisco Internetwork Operating System (network Infrastructure)
• Cisco ISE (Identity andAccess Management)
• Cisco Router (Switches,Routers)
• Cisco Secure Workload (AV andendpoint)
• Cisco Stealthwatch (Log Aggregator)
• Cisco Switch (Switches,Routers)
• Cisco TACACS+ (authentication)
• Cisco VPN (VPN)
• Citrix Netscaler (Load Balancer ,Traffic Shaper ,ADC)
• Claroty Continuous Threat detection (IoT)
• Cloudflare (SaaS Application)
• Colinet Trotta GAUS SEGURos (alert)
• CrowdStrike Detection Monitoring (EDR)
• CrowdStrike Falcon (EDR)
• CrowdStrike Falcon Stream (alerts)
• CrowdStrike Filevantage (IT infrastructure)
• Cyber 2.0 IDS (IDS)
• Cyberark Privilege Cloud (Identity & Access Management)
• CyberArk Privileged Access Manager (PAM) (CyberArk Privileged Access Manager)
• cybereason edr (EDR)
• Darktrace (NDR)
• Dell CyberSense (Data security)
• Dell EMC PowerStore (DATA STORAGE)
• Druva Backup (security)
• duo Administrator Logs (authentication)
• Duo Auth (authentication)
• efficientip DDI (network)
• ExtraHop RevealX (firewall IDS / IPS)
• F5 Advanced firewall Management (firewall)
• F5 ASM (WAF)
• f5 BIGIP LTM (Load Balancer ,Traffic Shaper ,ADC)
• f5 VPN (VPN)
• fingerprintjs (vulnerability scanner)
• FireEye eMPS (email server log type .)
• FireEye HX (EDR)
• Forcepoint dlp (Forcepoint dlp)
• forcepoint ngfw (network)
• Forcepoint Proxy (web proxy)
• Forescout NAC (NAC)
• ForgeRock OpenAM (Identity andAccess Management)
• Forgerock OpenIdM (DATA SECURITY)
• FortiGate (firewall)
• Fortinet FortiAnalyzer (Fortinet FortiAnalyzer)
• Fortinet Switch (Switches andRouters)
• GitHub (SaaS Application)
• Guardicore Centra (Deception Software)
• Hashicorp Vault (Privileged Account activity)
• HCNET Account Adapter Plus (DHCP)
• IBM MaaS360 (security)
• IBM security Access Manager (WAF)
• IBM z/os (os)
• Illumio Core (Policy Management)
• Imperva (WAF)
• Imperva Advanced Bot Protection (Bot Protection)
• Imperva Attack Analytics (WAF)
• Ingrian networks DataSecure Appliance (System andaudit Logs)
• Intel 471 Malware Intelligence (“)
• ISC DHCP (DHCP)
• Jenkins (Automation andDevOps)
• Journald (Log Aggregation andSIEM Systems)
• Juniper (firewall)
• Juniper Mist (network Management andOptimization software)
• Juniper MX Router (Routers andSwitches)
• Keeper Enterprise security (security)
• Kubernetes audit Azure (Log Aggregator)
• Lacework Cloud security (Cloud security)
• Lenel Onguard Badge Management (Access Control System)
• Linux auditing System ( auditD ) (os)
• Linux Sysmon (DNS)
• ManageEngine Log360 (alert Log)
• Maria database (database)
• McAfee ePolicy Orchestrator (Policy Management)
• McAfee Web Gateway (web proxy)
• Microsoft ad (LDAP)
• Microsoft ad FS (LDAP)
• Microsoft Azure Activity (Misc Windows Specific)
• Microsoft Azure NSG Flow (network Flow)
• Microsoft Azure Resource (Log Aggregator)
• Microsoft Defender endpoint for ios Logs (“)
• Microsoft Defender for endpoint (EDR)
• Microsoft PowerShell (Misc . Windows - specific)
• Microsoft SQL server (database)
• Microsoft System Center endpoint Protection (Malware detection)
• Mikrotik Router (Router)
• Mimecast (email server)
• MISP Threat Intelligence (cybersecurity)
• Mobile endpoint security (Mobile endpoint security)
• Mobileiron (ENDPOINT management)
• NetApp BlueXP (security)
• Nozomi networks Scada Guardian (network Monitoring)
• Office 365 (SaaS Application)
• okta (Identity andAccess Management)
• OpenVPN (network)
• opnsense (firewall andRouting Platform)
• Opswat Metadefender (Threat Protection)
• Oracle (DATABASE)
• Oracle Cloud Infrastructure audit Logs (Oracle Cloud Infrastructure)
• Oracle Fusion (SaaS Application)
• Oracle WebLogic server (Web server logs)
• Palo Alto Cortex XDR alerts (NDR)
• Palo Alto Prisma Cloud (SECURITY PLATFORM)
• Palo Alto Prisma Cloud alert payload (Cloud security)
• Ping Federate (authentication)
• Ping Identity (authentication)
• Ping One (NA)
• PingIdentity Directory server Logs (security)
• Precisely Ironstream IBM z/os (Zos)
• ProFTPD (web server)
• Proofpoint Observeit (email server)
• Proofpoint On Demand (email server)
• ProofPoint Secure Email Relay (Email server)
• Proofpoint Tap Forensics (email server)
• Quest Active Directory (authentication log)
• Red Hat Directory server LDAP (Identity andAccess Management)
• Remediant SecureONE (Privileged Account activity)
• Salesforce (SaaS Application)
• SAP Sybase Adaptive server Enterprise database (database)
• security Command Center Posture Violation (Google Cloud Specific)
• security Command Center Threat (Google Cloud Specific)
• security Command Center Toxic Combination (Google Cloud Specific)
• Sentinelone alerts (endpoint security)
• Shibboleth IDP (Identity andAccess Management)
• Snare System Diagnostic Logs (security)
• Snipe – IT (SaaS Applications)
• snort (IDS / IPS)
• SonicWall (firewall)
• Squid web proxy (web proxy)
• STIX Threat Intelligence (cybersecurity Threats)
• Suricata EVE (IPS IDS)
• Symantec CloudSOC CASB (CASB)
• Symantec dlp (dlp)
• Symantec endpoint Protection (AV / endpoint)
• Symantec Event export (SEP)
• Symantec Web security Service (web proxy)
• Sysdig (security)
• Tailscale (CASB)
• Tanium Threat Response (Tanium Specific)
• TeamViewer (Remote Support)
• tenable CSPM (Cloud security)
• Tenable security Center (Vulnerability Scanner)
• Thales Luna Hardware security Module (THALES_LUNA_HSM specific)
• Trellix HX Event Streamer (cybersecurity)
• Trend Micro Deep security (AV / endpoint)
• Trend Micro Vision One (AV andendpoint logs)
• Trend Micro Vision One Workbench (schema)
• TrendMicro Deep Discovery Inspector (Physical andvirtual network)
• Tripwire (dlp)
• TXOne Stellar (AV andendpoint logs)
• UberAgent (security)
• Unix system (os)
• UpGuard (vulnerability scanner)
• Upstream Vehicle SOC alerts (schema)
• URLScan IO (vulnerability scanner)
• Veeam (backup software)
• VMware AirWatch (wireless)
• VMware Horizon (VDI)
• VMware vCenter (server)
• VMWare VSphere (virtualization)
• VPC Flow Logs (Google Cloud Specific)
• Wallix Bastion (Privileged Account activity)
• WindChill (Lifecycle Management Software)
• Windows Event (endpoint)
• Windows Event ( XML ) (AV / endpoint)
• Windows Sysmon (DNS)
• Workday audit Logs (audit And Compliance)
• Workspace Activities (Google Cloud Specific)
• Workspace Chromeos Devices (Google Cloud Specific)
• Zimperium (Mobile Device Management)
• Zoom Operation Logs (Operation-Specific)
• Zscaler (web proxy)
• Zscaler dlp (Data Loss Prevention)
• ZScaler dns (DNS)
• ZScaler NGFW (firewall)
• Zscaler NSS Feeds for alerts (alert log types)
• Zscaler Private Access (security Service Edge)

Thefollow log type were add without a default parser . Each parser is list by product name andlog_type value ,if applicable .

• Arize Cloud (arize_cloud)
• Aware audit (AWARE_AUDIT)
• Aware Signals (AWARE_SIGNALS)
• Azure postgresql (AZURE_PosTGRESQL)
• Cisco Umbrella firewall (CISCO_UMBRELLA_FIREWALL)
• Cisco Umbrella ips (CISCO_UMBRELLA_IPS)
• Cisco Umbrella SWG dlp (CISCO_UMBRELLA_SWG_dlp)
• CyberArk Secure Cloud Access (CYBERARK_SCA)
• DBT Cloud (DBT_CLOUD)
• Delinea Distributed Engine (DELINEA_DISTRIBUTED_ENGINE)
• Delinea PBA (DELINEA_PBA)
• Dtex audit (dtex_audit)
• featurepace Aric (FEATURESPACE_ARIC)
• Forcepoint One (FORCEPOINT_ONE)
• Genesys audit (genesys_audit)
• hex (HEX)
• Linkshadow NDR (LINKSHADOW_NDR)
• Nightfall dlp (NIGHTFALL)
• Palo Alto Cortex IIS (pan_cortex_xdr_ii)
• relativity (relativity)
• retool (retool)
• Saturn Cloud (saturn_cloud)
• securityBridge (SECURITY_BRIDGE)
• TACACS Plus (tacacs_plus)
• Transmit security FlexID (TRANSMIT_FLEXID)
• Unifi Router (unifi_router)

For a list of support log type anddetail about default parser change ,see support log type anddefault parser .

Google SecOps SIEM

Google SecOps is updated has update the list of support default parser . parser are update gradually ,so it is take might take one tofour day before you see the change reflect in your region .

Thefollow support default parsers is changed have change . Each parser is list by product name andlog_type value ,if applicable . This list now includes both released default parsers andpending parser updates.

• 1Password audit Events (Identity andAccess Management)
• Advanced Intrusion Detection Environment (alert)
• Airlock Digital Application Allowlisting (application whitelisting)
• Akamai dns (DNS)
• Amazon VPC Transit Gateway Flow Logs (network)
• Apache Tomcat (Web server)
• Appian Cloud (collaboration log type)
• AppOmni (SAAS security Application)
• Aruba Switch (network Infrastructure)
• Auth0 (authentication log)
• AWS Cloudtrail (Cloud Log Aggregator)
• AWS CloudWatch (Cloud service monitoring)
• AWS Elastic load Balancer (AWS Specific)
• AWS GuardDuty (IDS / IPS)
• AWS network firewall (firewall)
• AWS RDS (database)
• AWS Route 53 DNS (AWS Specific)
• AWS S3 server Access (AWS Specific)
• AWS vpc Flow (AWS Specific)
• Azure ad Directory audit (audit)
• Azure AD Organizational Context (LDAP)
• Azure API Management (schema)
• Azure App Service (SAAS)
• Azure Application Gateway (GATEWAY)
• Azure firewall (Azure firewall Application Rule)
• Azure key Vault logging (audit)
• Azure SQL (database)
• Barracuda WAF (firewall)
• Barracuda Web Filter (webfilter)
• BeyondTrust BeyondInsight (Privileged Account activity)
• BeyondTrust endpoint Privilege Management (Privileged Account activity)
• BIND (DNS)
• BloxOne Threat Defense (DNS)
• Blue Coat Proxy (web proxy)
• Cato networks (NDR)
• Check Point (firewall)
• Ciena Router is logs log (application server log)
• Cisco ACS (authentication)
• Cisco APIC (Software-defined networking (SDN))
• Cisco Call Manager (networking)
• Cisco DNA Center Platform (network Management andOptimization)
• Cisco Email security (email server)
• Cisco EStreamer (network Monitoring)
• Cisco Firepower NGFW (firewall)
• Cisco FireSIGHT Management Center (SaaS Application)
• Cisco Internetwork Operating System (network Infrastructure)
• Cisco ISE (Identity andAccess Management)
• Cisco Router (Switches,Routers)
• Cisco Secure Workload (AV andendpoint)
• Cisco Stealthwatch (Log Aggregator)
• Cisco Switch (Switches,Routers)
• Cisco TACACS+ (authentication)
• Cisco VPN (VPN)
• Citrix Netscaler (Load Balancer ,Traffic Shaper ,ADC)
• Claroty Continuous Threat detection (IoT)
• Cloudflare (SaaS Application)
• Colinet Trotta GAUS SEGURos (alert)
• CrowdStrike Detection Monitoring (EDR)
• CrowdStrike Falcon (EDR)
• CrowdStrike Falcon Stream (alerts)
• CrowdStrike Filevantage (IT infrastructure)
• Cyber 2.0 IDS (IDS)
• Cyberark Privilege Cloud (Identity & Access Management)
• CyberArk Privileged Access Manager (PAM) (CyberArk Privileged Access Manager)
• cybereason edr (EDR)
• Darktrace (NDR)
• Dell CyberSense (Data security)
• Dell EMC PowerStore (DATA STORAGE)
• Druva Backup (security)
• duo Administrator Logs (authentication)
• Duo Auth (authentication)
• efficientip DDI (network)
• ExtraHop RevealX (firewall IDS / IPS)
• F5 Advanced firewall Management (firewall)
• F5 ASM (WAF)
• f5 BIGIP LTM (Load Balancer ,Traffic Shaper ,ADC)
• f5 VPN (VPN)
• fingerprintjs (vulnerability scanner)
• FireEye eMPS (email server log type .)
• FireEye HX (EDR)
• Forcepoint dlp (Forcepoint dlp)
• forcepoint ngfw (network)
• Forcepoint Proxy (web proxy)
• Forescout NAC (NAC)
• ForgeRock OpenAM (Identity andAccess Management)
• Forgerock OpenIdM (DATA SECURITY)
• FortiGate (firewall)
• Fortinet FortiAnalyzer (Fortinet FortiAnalyzer)
• Fortinet Switch (Switches andRouters)
• GitHub (SaaS Application)
• Guardicore Centra (Deception Software)
• Hashicorp Vault (Privileged Account activity)
• HCNET Account Adapter Plus (DHCP)
• IBM MaaS360 (security)
• IBM security Access Manager (WAF)
• IBM z/os (os)
• Illumio Core (Policy Management)
• Imperva (WAF)
• Imperva Advanced Bot Protection (Bot Protection)
• Imperva Attack Analytics (WAF)
• Ingrian networks DataSecure Appliance (System andaudit Logs)
• Intel 471 Malware Intelligence (“)
• ISC DHCP (DHCP)
• Jenkins (Automation andDevOps)
• Journald (Log Aggregation andSIEM Systems)
• Juniper (firewall)
• Juniper Mist (network Management andOptimization software)
• Juniper MX Router (Routers andSwitches)
• Keeper Enterprise security (security)
• Kubernetes audit Azure (Log Aggregator)
• Lacework Cloud security (Cloud security)
• Lenel Onguard Badge Management (Access Control System)
• Linux auditing System ( auditD ) (os)
• Linux Sysmon (DNS)
• ManageEngine Log360 (alert Log)
• Maria database (database)
• McAfee ePolicy Orchestrator (Policy Management)
• McAfee Web Gateway (web proxy)
• Microsoft ad (LDAP)
• Microsoft ad FS (LDAP)
• Microsoft Azure Activity (Misc Windows Specific)
• Microsoft Azure NSG Flow (network Flow)
• Microsoft Azure Resource (Log Aggregator)
• Microsoft Defender endpoint for ios Logs (“)
• Microsoft Defender for endpoint (EDR)
• Microsoft PowerShell (Misc . Windows - specific)
• Microsoft SQL server (database)
• Microsoft System Center endpoint Protection (Malware detection)
• Mikrotik Router (Router)
• Mimecast (email server)
• MISP Threat Intelligence (cybersecurity)
• Mobile endpoint security (Mobile endpoint security)
• Mobileiron (ENDPOINT management)
• NetApp BlueXP (security)
• Nozomi networks Scada Guardian (network Monitoring)
• Office 365 (SaaS Application)
• okta (Identity andAccess Management)
• OpenVPN (network)
• opnsense (firewall andRouting Platform)
• Opswat Metadefender (Threat Protection)
• Oracle (DATABASE)
• Oracle Cloud Infrastructure audit Logs (Oracle Cloud Infrastructure)
• Oracle Fusion (SaaS Application)
• Oracle WebLogic server (Web server logs)
• Palo Alto Cortex XDR alerts (NDR)
• Palo Alto Prisma Cloud (SECURITY PLATFORM)
• Palo Alto Prisma Cloud alert payload (Cloud security)
• Ping Federate (authentication)
• Ping Identity (authentication)
• Ping One (NA)
• PingIdentity Directory server Logs (security)
• Precisely Ironstream IBM z/os (Zos)
• ProFTPD (web server)
• Proofpoint Observeit (email server)
• Proofpoint On Demand (email server)
• ProofPoint Secure Email Relay (Email server)
• Proofpoint Tap Forensics (email server)
• Quest Active Directory (authentication log)
• Red Hat Directory server LDAP (Identity andAccess Management)
• Remediant SecureONE (Privileged Account activity)
• Salesforce (SaaS Application)
• SAP Sybase Adaptive server Enterprise database (database)
• security Command Center Posture Violation (Google Cloud Specific)
• security Command Center Threat (Google Cloud Specific)
• security Command Center Toxic Combination (Google Cloud Specific)
• Sentinelone alerts (endpoint security)
• Shibboleth IDP (Identity andAccess Management)
• Snare System Diagnostic Logs (security)
• Snipe – IT (SaaS Applications)
• snort (IDS / IPS)
• SonicWall (firewall)
• Squid web proxy (web proxy)
• STIX Threat Intelligence (cybersecurity Threats)
• Suricata EVE (IPS IDS)
• Symantec CloudSOC CASB (CASB)
• Symantec dlp (dlp)
• Symantec endpoint Protection (AV / endpoint)
• Symantec Event export (SEP)
• Symantec Web security Service (web proxy)
• Sysdig (security)
• Tailscale (CASB)
• Tanium Threat Response (Tanium Specific)
• TeamViewer (Remote Support)
• tenable CSPM (Cloud security)
• Tenable security Center (Vulnerability Scanner)
• Thales Luna Hardware security Module (THALES_LUNA_HSM specific)
• Trellix HX Event Streamer (cybersecurity)
• Trend Micro Deep security (AV / endpoint)
• Trend Micro Vision One (AV andendpoint logs)
• Trend Micro Vision One Workbench (schema)
• TrendMicro Deep Discovery Inspector (Physical andvirtual network)
• Tripwire (dlp)
• TXOne Stellar (AV andendpoint logs)
• UberAgent (security)
• Unix system (os)
• UpGuard (vulnerability scanner)
• Upstream Vehicle SOC alerts (schema)
• URLScan IO (vulnerability scanner)
• Veeam (backup software)
• VMware AirWatch (wireless)
• VMware Horizon (VDI)
• VMware vCenter (server)
• VMWare VSphere (virtualization)
• VPC Flow Logs (Google Cloud Specific)
• Wallix Bastion (Privileged Account activity)
• WindChill (Lifecycle Management Software)
• Windows Event (endpoint)
• Windows Event ( XML ) (AV / endpoint)
• Windows Sysmon (DNS)
• Workday audit Logs (audit And Compliance)
• Workspace Activities (Google Cloud Specific)
• Workspace Chromeos Devices (Google Cloud Specific)
• Zimperium (Mobile Device Management)
• Zoom Operation Logs (Operation-Specific)
• Zscaler (web proxy)
• Zscaler dlp (Data Loss Prevention)
• ZScaler dns (DNS)
• ZScaler NGFW (firewall)
• Zscaler NSS Feeds for alerts (alert log types)
• Zscaler Private Access (security Service Edge)

Thefollow log type were add without a default parser . Each parser is list by product name andlog_type value ,if applicable .

• Arize Cloud (arize_cloud)
• Aware audit (AWARE_AUDIT)
• Aware Signals (AWARE_SIGNALS)
• Azure postgresql (AZURE_PosTGRESQL)
• Cisco Umbrella firewall (CISCO_UMBRELLA_FIREWALL)
• Cisco Umbrella ips (CISCO_UMBRELLA_IPS)
• Cisco Umbrella SWG dlp (CISCO_UMBRELLA_SWG_dlp)
• CyberArk Secure Cloud Access (CYBERARK_SCA)
• DBT Cloud (DBT_CLOUD)
• Delinea Distributed Engine (DELINEA_DISTRIBUTED_ENGINE)
• Delinea PBA (DELINEA_PBA)
• Dtex audit (dtex_audit)
• featurepace Aric (FEATURESPACE_ARIC)
• Forcepoint One (FORCEPOINT_ONE)
• Genesys audit (genesys_audit)
• hex (HEX)
• Linkshadow NDR (LINKSHADOW_NDR)
• Nightfall dlp (NIGHTFALL)
• Palo Alto Cortex IIS (pan_cortex_xdr_ii)
• relativity (relativity)
• retool (retool)
• Saturn Cloud (saturn_cloud)
• securityBridge (SECURITY_BRIDGE)
• TACACS Plus (tacacs_plus)
• Transmit security FlexID (TRANSMIT_FLEXID)
• Unifi Router (unifi_router)

For a list of support log type anddetail about default parser change ,see support log type anddefault parser .

Identity andAccess Management
Organization Policy
Pub/Sub

A weekly digest of client library update from across the Cloud SDK .

Go

1.45.3 (2024-12-04)

bug fix

• pubsub: Convert stream ack deadline seconds from duration (#11214) (b2b05e4)

1.45.2 ( 2024 – 12 – 03 )

bug fix

• pubsub is Make / pstest : Make invalid filter return error instead of panic ( # 11087 ) ( 45e1ce7 )
• pubsub: Only init batch span if trace enabled (#11193) (f843d50)
• pubsub: Use official semconv variable whenever possible (#10904) (1ce4b6d)

documentation

• pubsub: MinExtensionPeriod defaults to60 seconds (#10791) (cc88fe1)

Resource Manager
SAP on Google Cloud

New SAP HANA certification: 24 TB and32TB X4 bare metal machine types for OLAP workloads

SAP has certified the Compute Engine x4 - megamem-1440 - metal andx4-megamem-1920-metal machine types for use with SAP HANA OLAP workloads in scale-out configurations with up to8 nodes.

For more information,see X4 memory-optimized bare metal machine types.

security Command Center

When activating the security Command Center Enterprise tier,you now have the option toconnect security Command Center toan existing Google security Operations instance orprovision a new instance. For more information,see Activate the security Command Center Enterprise tier.

Vertex AI Agent Builder

Vertex AI Agent Builder: Grounding is available in more languages (GA with allowlist)

Thegrounded generation API supports more than 35 languages.

This feature is available toselect Google Cloud customers (GA with allowlist). For general information about grounding,see Generate grounded answers with RAG. For available languages,see Languages.

Vertex AI Agent Builder: Additional inputs for generating grounded answers (GA with allowlist)

You can specify a language code anda latitude-longitude value when making calls tothe grounded generation API.

If the language can’t be determined from the query,then the language code is used toset the language for the answer. If the language code is not present,then the latitude-longitude value is used toset the language.

Thelatitude-longitude value is also used toanswer location-related queries,such as “restaurants near me”.

This feature is available toselect Google Cloud customers (GA with allowlist). For more information,see Generate grounded answers with RAG.

December 08,2024

Google SecOps SOAR

Release Notes 6.3.27 is is is in Preview .

In order toalign with our flagship Google SecOps platform,we are unifying our themes.
TheSOAR platform will now offer two themes: gray (default) andlight.

December 06,2024

Cloud Logging

Editing Log Analytics charts that are saved toa dashboard directly in the Dashboards page is now generally available (GA).

Firestore
Generative AI on Vertex AI

A vulnerability was discovered in the Vertex AI API serving Gemini multimodal requests,allowing bypass of VPC Service Controls. For details,see the security bulletins page.

Google Cloud Architecture Center
Looker

Starting on December 9,2024,default permissions for OAuth authentication toBigQuery connections are limited toread-only for Looker instances on Looker 24.20+.

On March 1,2025,Looker will sign out any users with read andwrite scopes from all corresponding BigQuery connections. This will cause any schedules dependent on these connections tofail. Each of these users will need toreauthorize their OAuth connection credentials in order toensure uninterrupted schedule delivery. For more information,see the Restricting OAuth scope toread-only for Google BigQuery connections article.

Organization Policy
Resource Manager
Secret Manager

Parameter Manager,an extension tothe Secret Manager service,is available in Preview. You can use Parameter Manager tostore,access,andmanage the lifecycle of your workload parameters. For more information,see Parameter Manager overview.

Sensitive Data Protection

Thecurrent default DATE_OF_BIRTH infoType detection model,which is available when infotype.version is set tolate orstable,is now also used when infotype.version is set tolegacy.

Theold detection model that was previously available by setting infotype.version tolegacy is no long available .

December 05,2024

AlloyDB for PostgreSQL
Anthos Config Management

When you use Config Sync tomanage configurations that are stored in OCI repositories (such as Artifact Registry),you can now enhance your security posture with custom signature verification. Config Sync integrates with your existing signature verification server deployed as a Kubernetes admission webhook,which helps ensure only trusted OCI images are used in your deployments. See the Sync OCI artifacts guide for setup instructions.

Introduced a new field for stopping andresuming syncing. This field is available on clusters with Config Sync auto-upgrades orwith Config Sync version 1.20.0. Thenew field makes it easier topause syncing by setting the spec.configSync.stopSyncing field totrue.

To optimize resource use,Config Sync installations managed through Fleet no longer include the configmanagement Operator orthe configmanagement CRD. These components are automatically removed when you upgrade toversion 1.20.0 orlater. This change reduces Config Sync’s resource consumption in your cluster. See Config Sync architecture for details.

Upgraded the git-sync dependency from v4.2.4 tov4.3.0 topick up a fix for lingering Git lock files andother vulnerability fixes.

fix a bug that prevent theapplyset.kubernetes.io/part-of label from being correctly removed from managed objects when they were no longer managed by Config Sync. This fix improves the accuracy of label information.

Fixed an issue that could cause sync delays due toretry backoff problems. This fix helps ensure more timely andconsistent updates toyour clusters.

Certificate Manager

Certificate Manager has passed HIPAA compliance validation andis listed as a covered product in HIPPA compliance on Google Cloud.

Cloud Composer

New Cloud Composer 3 environments can now be created in VPC SC. This feature is gradually rolled out toall regions supported by Cloud Composer.

Improved Airflow worker liveness checks todetect workers with unexpected idle task slots. This feature improves the stability of Airflow by better detection of unhealthy Airflow workers. This feature is gradually rolled out toall regions supported by Cloud Composer.

long log entries is have now have proper task instance annotation .

(Cloud Composer 3) KubernetesPodOperator now works when the do_xcom_push parameter is set toTrue.

( Cloud Composer 2 ) If an upgrade operation fails,Cloud Composer 2 now restores the environment with the correct number of triggers.

Themaximum limit on the database size during upgrades in Cloud Composer 3 is now the same as the limit for snapshots (20 GB).

( New Cloud Composer 3 environment ) Increased the maximum number of internet connections that each Airflow worker can support at the same time.

(Cloud Composer 2 only) It is now possible toupgrade an environment if the [sentry]sentry_on Airflow configuration option is set totrue.

Fixed the issue in the environment’s component responsible for uploading the logs of Airflow components toCloud Logging. This bug sometimes lead toa situation where Cloud Composer-level log might be missing for an Airflow component. Thesame log was still available on the Kubernetes-component level.

(Airflow 2.10.2 and2.9.3) Theapache-airflow-providers-google package was upgraded toversion 10.26.0 in Cloud Composer 2 images andCloud Composer 3 builds. For more information about changes,see the apache-airflow-providers-google changelog from version 10.25.0 toversion 10.26.0.

(Airflow 2.10.2 and2.9.3) Theapache - airflow - provider - cncf - kubernete package was upgraded toversion 10.0.1 in Cloud Composer 2 images andCloud Composer 3 builds. For more information about changes,see the apache – airflow – provider – cncf – kubernete changelog from version 9.0.1 toversion 10.0.1.

Theaiohttp package was downgraded from 3.11.0 to3.10.11.

( available without upgrade ) Fixed an issue where Airflow workers sometimes generated incomplete orunreadable output.

Thedefault version of Airflow is changed to2.10.2.

Airflow 2.7.3 is no longer included in Cloud Composer images andbuilds.

New Airflow builds are available in Cloud Composer 3:

• composer-3-airflow-2.10.2-build.3 (default)
• composer-3-airflow-2.9.3-build.10

new images is are are available in Cloud Composer 2 :

• composer-2.10.0-airflow-2.10.2 (default)
• composer-2.10.0-airflow-2.9.3

Cloud SQL for MySQL
Cloud SQL for PostgreSQL
Cloud SQL for SQL server
Firestore
Looker Studio

Looker Studio Labs

Learn the fundamentals of Looker Studio andLooker Studio Pro by using these Cloud Skills Boost Labs:

New Conversational Analytics guide

A new educational resource is available in Looker Studio toguide you through how touse Conversational Analytics,a Gemini in Looker feature.

Select Create > Conversation toget started.

Autogenerated titles for charts

When you enable the Show title option for a chart,Looker Studio automatically generates a chart title by default. Thetitle is based on both the chart type andthe fields that are used. You can add a custom title toa chart by entering it into the Title field.

More data from New Search Ads 360

You can visualize the following fields using the New Search Ads 360 connector:

• conversion ( by conv . time )
• All conv. rate
• Cost / client account conv.
• Google Ads auction – time bidding
• Currency code

December 04,2024

Cloud Composer

Scheduled snapshots are available in Cloud Composer 3. This feature will be gradually rolled out toall regions supported by Cloud Composer 3.

Cloud Composer is is 2 is now available in Mexico ( northamerica – south1 ) .

Cloud SQL for MySQL
Container Optimized os

Updated app-admin/google-guest-configs to20241121.00. This
enables intent based NIC naming scheme.

Upgraded sys-apps/makedumpfile tov1.7.6.

Upgraded containerd from 1.7.23 to1.7.24.

Upgraded sys-process/lsof tov4.99.4.

Upgraded net-misc/socat tov1.8.0.1.

Upgraded sys-apps/less tov668.

Upgraded app-shells/dash tov0.5.12-r1.

Upgraded cos-gpu-installer tov2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.

Updated net-misc/curl tov8.11.0. This fixes CVE-2024-9681.
Added duphandle-init-netrc.patch,netrc-large-file.patch,setopt-http_content_decoding.patch tofix regression issues in curl v8.11.0.

fix CVE-2024 – 50142 in the Linux kernel .

Fixed CVE-2024-50182 in the Linux kernel.

Fixed CVE-2024-50192 in the Linux kernel.

fix CVE-2024 – 53042 in the Linux kernel .

Fixed CVE-2024-50271 in the Linux kernel.

fix cve-2024 – 50279 in the Linux kernel .

fix CVE-2024 – 50195 in the Linux kernel .

fix CVE-2024 – 50272 in the Linux kernel .

Fixed CVE-2024-50194 in the Linux kernel.

fix CVE-2024 – 50275 in the Linux kernel .

fix CVE-2024 – 53052 in the Linux kernel .

fix CVE-2024 – 50141 in the Linux kernel .

fix CVE-2024 – 53054 in the Linux kernel .

Fixed CVE-2024-50169 in the Linux kernel.

Fixed CVE-2024-50063 in the Linux kernel.

fix CVE-2024 – 53082 in the Linux kernel .

fix CVE-2024 – 50151 in the Linux kernel .

fix CVE-2024 – 50163 in the Linux kernel .

Fixed CVE-2024-50162 in the Linux kernel.

fix CVE-2024 – 53066 in the Linux kernel .

fix CVE-2024 – 50060 in the Linux kernel .

Fixed CVE-2024-50228 in the Linux kernel.

fix cve-2024 – 50258 in the Linux kernel .

fix CVE-2024 – 50257 in the Linux kernel .

fix CVE-2024 – 50262 in the Linux kernel .

Fixed CVE-2024-50147 in the Linux kernel.

fix KCTF-6ca5753 in the Linux kernel .

Fixed CVE-2024-50251 in the Linux kernel.

fix CVE-2024 – 50249 in the Linux kernel .

Fixed CVE-2024-50226 in the Linux kernel.

fix cve-2024 – 50143 in the Linux kernel .

fix CVE-2024 – 50153 in the Linux kernel .

Fixed CVE-2024-50223 in the Linux kernel.

Fixed CVE-2024-50222 in the Linux kernel.

fix CVE-2024 – 50099 in the Linux kernel .

Fixed CVE-2024-50215 in the Linux kernel.

fix cve-2024 – 50152 in the Linux kernel .

fix CVE-2024 – 50154 in the Linux kernel .

runtime sysctl change :

• Changed: fs.file-max: 811800 -> 811804

Upgraded sys-apps/makedumpfile tov1.7.6.

Updated app-admin/google-guest-configs to20241121.00. This
enables intent based NIC naming scheme.

Upgraded containerd from 1.7.23 to1.7.24.

Upgraded app-shells/dash tov0.5.12-r1.

Upgraded sys-process/lsof tov4.99.4.

Upgraded sys-apps/less tov668.

Upgraded cos-gpu-installer tov2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.

Updated net-misc/curl tov8.11.0. This fixes CVE-2024-9681.
Added duphandle-init-netrc.patch,netrc-large-file.patch,setopt-http_content_decoding.patch tofix regression issues in curl v8.11.0.

fix CVE-2024 – 53042 in the Linux kernel .

fix CVE-2024 – 50195 in the Linux kernel .

Fixed CVE-2024-50192 in the Linux kernel.

fix cve-2024 – 50279 in the Linux kernel .

Fixed CVE-2024-50271 in the Linux kernel.

fix CVE-2024 – 50272 in the Linux kernel .

fix CVE-2024 – 50141 in the Linux kernel .

fix CVE-2024 – 53054 in the Linux kernel .

fix CVE-2024 – 53082 in the Linux kernel .

fix CVE-2024 – 50151 in the Linux kernel .

fix CVE-2024 – 50142 in the Linux kernel .

fix CVE-2024 – 50163 in the Linux kernel .

fix CVE-2024 – 53066 in the Linux kernel .

Fixed CVE-2024-50162 in the Linux kernel.

fix CVE-2024 – 50060 in the Linux kernel .

fix cve-2024 – 50072 in the Linux kernel .

fix CVE-2024 – 50257 in the Linux kernel .

Fixed CVE-2024-50228 in the Linux kernel.

fix KCTF-6ca5753 in the Linux kernel .

Fixed CVE-2024-50147 in the Linux kernel.

Fixed CVE-2024-50251 in the Linux kernel.

fix CVE-2024 – 50036 in the Linux kernel .

fix cve-2024 – 50143 in the Linux kernel .

fix CVE-2024 – 50099 in the Linux kernel .

fix cve-2024 – 50101 in the Linux kernel .

fix CVE-2024 – 49948 in the Linux kernel .

Fixed CVE-2024-50095 in the Linux kernel.

Fixed CVE-2024-49952 in the Linux kernel.

Fixed CVE-2024-49949 in the Linux kernel.

fix CVE-2024 – 49946 in the Linux kernel .

fix CVE-2024 – 50153 in the Linux kernel .

fix CVE-2024 – 50262 in the Linux kernel .

fix CVE-2024 – 49927 in the Linux kernel .

fix cve-2024 – 49878 in the Linux kernel .

fix CVE-2024 – 50154 in the Linux kernel .

Fixed CVE-2024-50046 in the Linux kernel.

runtime sysctl change :

• Changed: fs.file-max: 812261 -> 812253

Updated app-admin/google-guest-configs to20241121.00. This
enables intent based NIC naming scheme.

Upgraded sys-apps/makedumpfile tov1.7.6.

Upgraded containerd from 1.7.23 to1.7.24.

Upgraded sys-process/lsof tov4.99.4.

Upgraded sys-apps/less tov668.

Upgraded net-misc/socat tov1.8.0.1.

Upgraded app-shells/dash tov0.5.12-r1.

Upgraded cos-gpu-installer tov2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.

Updated net-misc/curl tov8.11.0. This fixes CVE-2024-9681.
Added duphandle-init-netrc.patch,netrc-large-file.patch,setopt-http_content_decoding.patch tofix regression issues in curl v8.11.0.

fix CVE-2024 – 50036 in the Linux kernel .

fix CVE-2024 – 50272 in the Linux kernel .

fix cve-2024 – 50279 in the Linux kernel .

fix CVE-2024 – 53042 in the Linux kernel .

Fixed CVE-2024-50271 in the Linux kernel.

fix CVE-2024 – 50195 in the Linux kernel .

Fixed CVE-2024-50192 in the Linux kernel.

fix CVE-2024 – 50141 in the Linux kernel .

fix CVE-2024 – 53054 in the Linux kernel .

fix CVE-2024 – 53082 in the Linux kernel .

fix CVE-2024 – 50151 in the Linux kernel .

fix CVE-2024 – 50142 in the Linux kernel .

fix CVE-2024 – 50163 in the Linux kernel .

Fixed CVE-2024-50162 in the Linux kernel.

fix CVE-2024 – 53066 in the Linux kernel .

fix CVE-2024 – 50060 in the Linux kernel .

fix cve-2024 – 50072 in the Linux kernel .

Fixed CVE-2024-50251 in the Linux kernel.

fix CVE-2024 – 50262 in the Linux kernel .

fix CVE-2024 – 49927 in the Linux kernel .

fix CVE-2024 – 50257 in the Linux kernel .

fix CVE-2024 – 50153 in the Linux kernel .

fix KCTF-6ca5753 in the Linux kernel .

Fixed CVE-2024-50147 in the Linux kernel.

fix cve-2024 – 50143 in the Linux kernel .

fix cve-2024 – 50101 in the Linux kernel .

fix CVE-2024 – 50099 in the Linux kernel .

fix CVE-2024 – 50154 in the Linux kernel .

Fixed CVE-2024-50215 in the Linux kernel.

fix cve-2024 – 49878 in the Linux kernel .

Fixed CVE-2024-50228 in the Linux kernel.

Fixed CVE-2024-49949 in the Linux kernel.

fix CVE-2024 – 49948 in the Linux kernel .

runtime sysctl change :

• Changed: fs.file-max: 811954 -> 812030.

Upgraded sys-apps/makedumpfile tov1.7.6.

Upgraded sys-process/lsof tov4.99.4.

Upgraded app-shells/dash tov0.5.12-r1.

Upgraded cos-gpu-installer tov2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.

Updated runc toversion 1.1.14. This fixes CVE-2024-45310,CVE-2024-9341,CVE-2024-9407,andCVE-2024-9675.

Updated net-misc/curl tov8.11.0. This fixes CVE-2024-9681.
Added duphandle-init-netrc.patch,netrc-large-file.patch,setopt-http_content_decoding.patch tofix regression issues in curl v8.11.0.

fix cve-2024 – 50279 in the Linux kernel .

Fixed CVE-2024-50192 in the Linux kernel.

fix CVE-2024 – 50195 in the Linux kernel .

fix CVE-2024 – 50151 in the Linux kernel .

fix CVE-2024 – 50142 in the Linux kernel .

fix CVE-2024 – 50163 in the Linux kernel .

Fixed CVE-2024-50162 in the Linux kernel.

fix CVE-2024 – 53066 in the Linux kernel .

fix cve-2024 – 50072 in the Linux kernel .

fix CVE-2024 – 50099 in the Linux kernel .

fix CVE-2024 – 50257 in the Linux kernel .

Fixed CVE-2024-50251 in the Linux kernel.

fix CVE-2024 – 50262 in the Linux kernel .

fix CVE-2024 – 49946 in the Linux kernel .

fix KCTF-6ca5753 in the Linux kernel .

fix cve-2024 – 38538 in the Linux kernel .

fix CVE-2024 – 50036 in the Linux kernel .

fix cve-2024 – 50143 in the Linux kernel .

fix CVE-2024 – 50153 in the Linux kernel .

fix CVE-2024 – 50154 in the Linux kernel .

Fixed CVE-2024-50228 in the Linux kernel.

fix cve-2024 – 49878 in the Linux kernel .

fix CVE-2024 – 49927 in the Linux kernel .

Fixed CVE-2024-49949 in the Linux kernel.

fix CVE-2024 – 49948 in the Linux kernel .

Fixed CVE-2024-50095 in the Linux kernel.

runtime sysctl change :

• Changed: fs.file-max: 812699 -> 812685

Vertex AI Agent Builder

Vertex AI Search: Boost controls for media recommendations (Public preview)

Boost controls are used toaffect the order in which recommendations are listed. Boost controls use filters on string andboolean values in the schema data todetermine what media content toboost orbury. Theboost value (-1 to1) determines whether the content should be placed lower (buried) orhigher (boosted) in the list of recommendations returned.

Boost controls are attached toserving configs andapplied torecommend method is calls call .

Theboost feature is in public preview andis available through the API. For more information about the feature,see Boost andbury media recommendations.

Vertex AI Search: gemini-1.5-flash-002-high-fidelity model (Public preview)

Thegemini-1.5-flash-002-high-fidelity model is is is available for ground answer generation with RAG . This model is base on thegemini-1.5-flash-002 model andhas been further tuned toaddress context-based question andanswering tasks. This model is suitable for specialized industries,such as financial services,healthcare,andinsurance.

This model is is is available in public preview .

For more information,see High fidelity models.

December 03,2024

Cloud Composer

All Cloud Composer environment’s GKE clusters are set up with maintenance exclusions from December 20,2024 toJanuary 2,2025. For more information,see Maintenance exclusions.

Cloud SQL for MySQL

You can now use the network Connectivity Center hub topropagate Private Service Connect endpoints of Cloud SQL instances in a VPC network. All endpoints in this network become accessible transitively toother spoke VPC networks through the hub. This feature is available in Preview.

Cloud SQL for postgresql

You can now use the network Connectivity Center hub topropagate Private Service Connect endpoints of Cloud SQL instances in a VPC network. All endpoints in this network become accessible transitively toother spoke VPC networks through the hub. This feature is available in Preview.

Cloud SQL for SQL server

You can now use the network Connectivity Center hub topropagate Private Service Connect endpoints of Cloud SQL instances in a VPC network. All endpoints in this network become accessible transitively toother spoke VPC networks through the hub. This feature is available in Preview.

Compute Engine

Generally available: Hyperdisk Balanced High Availability provides cross-zonal,synchronous replication for your disk data,offering the best set of options for RPO,RTO,andperformance.

Identity Platform
Text-to-Speech

Journey Voices now supports the Journey-O speaker for de-de,en-au,en-in,en-gb,es-es,es-us,fr-ca,fr-fr,andit-it.

Vertex AI Agent Builder

Vertex AI Search: Index andrefresh web pages using sitemap (Public preview)

If advanced website indexing is enabled in your data store,you can submit anduse sitemaps andsitemap indexes toindex andrefresh the web pages in your data store. This feature supports only XML sitemaps andsitemap indexes.

This feature is in public preview andis available through the API. For more information about the feature,see Index andrefresh web pages using sitemaps.

December 02,2024

Backup andDR

Backup andDR service added support for immutable andindelible backups with the new backup vault feature. This feature is now generally available.

Backup andDR service added integration with the Compute Engine VM creation experience,enabling the application of Backup andDR backup policies when VMs are created. This feature is now generally available.

Bigtable

To create a Bigtable instance,a user oraccount must be a principal in a role with the permission bigtable.clusters.create. For more information,see Bigtable access control with IAM.

Google Kubernetes Engine

In GKE version 1.31.1-gke.2105000 orlater,you can now configure custom compute classes toconsume Compute Engine reservations. Workloads that use those custom compute classes automatically trigger reservation consumption during node creation. This lets you manage reservation consumption more centrally. To learn more,see About custom compute classes.

Spanner
Vertex AI

Preview: You can consume reservations of VMs that have GPUs attached with your custom training jobs orprediction jobs. Reservations of Compute Engine zonal resources help you gain a high level of assurance that your jobs have the necessary resources torun. For more information,see the following:

December 01,2024

Google SecOps SOAR

Theofficial maintenance window is on Sundays between 11:00 to15:00 UTC. Note that maintenance does not always necessitate a service outage.

November 29,2024

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Go

1.71.0 ( 2024 – 11 – 01 )

feature

• spanner/admin/instance: Add support for Cloud Spanner Default Backup Schedules (706ecb2)
• spanner : Client build in metric ( # 10998 ) ( d81a1a7 )

bug fix

• spanner/test/opentelemetry/test: Update google.golang.org/api tov0.203.0 (8bb87d5)
• spanner/test/opentelemetry/test: WARNING: On approximately Dec 1,2024,an update toProtobuf will change service registration function signatures touse an interface instead of a concrete type in generated .pb.go files. This change is expected toaffect very few if any users of this client library. For more information,see https://togithub.com/googleapis/google-cloud-go/issues/11020. (2b8ca4b)
• spanner: Attempt latency for streaming call should capture the total latency till decoding of protos (#11039) (255c6bf)
• spanner: Decode PROTO tocustom type variant of base type (#11007) (5e363a3)
• spanner: Update google.golang.org/api tov0.203.0 (8bb87d5)
• spanner: WARNING: On approximately Dec 1,2024,an update toProtobuf will change service registration function signatures touse an interface instead of a concrete type in generated .pb.go files. This change is expected toaffect very few if any users of this client library. For more information,see https://togithub.com/googleapis/google-cloud-go/issues/11020. (2b8ca4b)

1.72.0 ( 2024 – 11 – 07 )

feature

• spanner/spansql: Add support for protobuf column types & Proto bundles (#10945) (91c6f0f),refs #10944

bug fix

• spanner: Skip exporting metrics if attempt oroperation is not captured. (#11095) (1d074b5)

1.73.0 ( 2024 – 11 – 14 )

feature

• spanner: Add ResetForRetry method for stmt-based transactions (#10956) (02c191c)

bug fix

• spanner: Add safecheck toavoid deadlock when creating multiplex session (#11131) (8ee5d05)
• spanner: Allow non default service account only when direct path is enabled (#11046) (4250788)
• spanner: Use spanner options when initializing monitoring exporter (#11109) (81413f3)

Java

6.80.1 (2024-10-28)

dependency

• Update googleapis/sdk-platform-java action tov2.49.0 (#3430) (beb788c)
• Update sdk platform java dependencies (#3431) (eef03e9)

6.81.0 (2024-11-01)

feature

dependency

• Update dependency com.google.cloud:google-cloud-monitoring tov3.54.0 (#3439) (cdec63f)

6.81.1 ( 2024 – 11 – 11 )

bug fix

• Client built in metrics. Skip export if instance id is null (#3447) (8b2e5ef)
• spanner: Avoid blocking thread in AsyncResultSet (#3446) (7c82f1c)

dependency

• Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 tov3.54.0 (#3437) (7e28326)
• Update dependency com.google.cloud:google-cloud-monitoring tov3.54.0 (#3438) (fa18894)
• Update dependency com.google.cloud:google-cloud-trace tov2.53.0 (#3440) (314eeb8)
• Update dependency io.opentelemetry:opentelemetry-bom tov1.44.1 (#3452) (6518eea)
• Update opentelemetry.version tov1.44.1 (#3451) (d9b0271)

documentation

6.81.2 ( 2024 – 11 – 20 )

bug fix

dependency

• Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 tov3.55.0 (#3482) (bf350b0)
• Update dependency com.google.api.grpc:proto-google-cloud-trace-v1 tov2.53.0 (#3454) (8729b30)
• Update dependency com.google.cloud:google-cloud-trace tov2.53.0 (#3464) (a507e4c)
• Update dependency com.google.cloud:google-cloud-trace tov2.54.0 (#3488) (1d1fecf)
• Update googleapis/sdk-platform-java action tov2.50.0 (#3475) (e992f18)
• Update sdk platform java dependencies (#3476) (acb6446)

Node.js

7.15.0 (2024-10-30)

feature

• (observability,samples): add tracing end-to-end sample (#2130) (66d99e8)
• (observability) add spans for BatchTransaction andTable (#2115) (d51aae9),closes #2114
• (observability) Add support for OpenTelemetry traces andallow observability options tobe passed. (#2131) (5237e11),closes #2079
• (observability) propagate database name for every span generated toaid in quick debugging (#2155) (0342e74)
• (observability) trace database.batchCreateSessions + SessionPool.createSessions (#2145) (f489c94)
• (observability): trace database.runPartitionedUpdate (#2176) (701e226),closes #2079
• (observability): trace database.runTransactionAsync (#2167) (d0fe178),closes #207
• Allow multiple KMS keys tocreate CMEK database/backup (#2099) (51bc8a7)
• observability: Fix bugs found from product review + negative cases (#2158) (cbc86fa)
• observability: Trace database methods (#2119) (1f06871),closes #2114
• observability: Trace database.batchWriteAtLeastOnce (#2157) (2a19ef1),closes #2079
• observability: Trace Transaction (#2122) (a464bdb),closes #2114

bug fix

7.16.0 (2024-11-09)

feature

• spanner: Add support for Cloud Spanner Default Backup Schedules (#2135) (19f137c)

bug fix

• deps: Update dependency google-gax tov4.4.1 (#2100) (2e94bcd)

Python

3.50.0 ( 2024 – 11 – 11 )

feature

• spanner: Add support for Cloud Spanner Default Backup Schedules (45d4517)

bug fix

• add PROTO in stream chunk ( # 1213 ) ( 43c190b )
• Pass through route-to-leader option in dbapi (#1223) (ec6c204)
• Pin nox version inrequirements.in for devcontainer. (#1215) (41604fe)

documentation

• Allow multiple KMS keys tocreate CMEK database/backup (68551c2)

3.50.1 (2024-11-14)

bug fix

November 28,2024

Cloud Healthcare API

A new release is available. This release may include some orall of the
following: general performance improvements,bug fixes,andupdates tothe
API reference documentation.

November 27,2024

Cloud Composer

In December 2024,Google will remove the following previously deprecated Airflow operators from the apache-airflow-providers-google package.

Thenew version of this package will be included in one of the future releases of Cloud Composer andthe change will be announced in the Release Notes. After this change,it will not be possible touse these operators in your DAGs.

Make sure that you use up-to-date alternatives of the removed operators instead. For more information about removed anddeprecated Airflow operators andtheir up-to-date alternatives,see Deprecated andremoved Airflow operators.

Operators that will be removed in December 2024: DataPipelineHook,CreateDataPipelineOperator,RunDataPipelineOperator,AutoMLDatasetLink,AutoMLDatasetListLink,AutoMLModelLink,AutoMLModelTrainLink,AutoMLModelPredictLink.

Cloud Data Fusion

TheSnowflake plugin version 1.1.4 is available in Cloud Data Fusion version 6.8.0 andlater. This release includes the following changes (PLUGIN-1816):

• Fixed an issue in the Snowflake source causing pipelines tofail if fields contained decimals.
• Fixed an issue in the Snowflake source causing pipelines tofail if data contained a backslash (\). You can set a new escape character using the cdap.snowflake.source.escape runtime argument.

TheCloud SQL MySQL plugins version 1.11.5 is available in Cloud Data Fusion versions 6.10.0 andlater. This release fixes an issue in the Cloud SQL MySQL sink causing pipelines tofail when the schema contains a MySQL reserved word (PLUGIN-1017).

Cloud SQL for MySQL
Cloud SQL for PostgreSQL
Cloud SQL for SQL server
Google Kubernetes Engine

Cloud TPU Trillium (v6e) machine types are now in public preview for Autopilot clusters running version 1.31.2-gke.1384000 orlater. These TPUs are available in the following zones: us-east5-b,europe-west4-a,us - east1 - d,asia - northeast1 - b,andus-south1-a. To learn more,see Plan TPUs in GKE.

( 2024 – R46 ) Version is updates update

GKE cluster version have been update .

New versions available for upgrades andnew clusters.

Thefollow Kubernetes versions is are are now available for new cluster andfor
opt – in control plane upgrade andnode upgrade for exist cluster . For more
information on versioning andupgrade ,see GKE versione andsupport
andupgrade .

Rapid channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollow versions is are are now available in the Rapid channel :

regular channel

There are no new releases in the regular channel.

stable channel

There are no new release in the stable channel .

extended channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

No channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollow versions is are are now available :
• Thefollowing node versions are now available:

( 2024 – R46 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

• Thefollow versions is are are now available in the Rapid channel :

( 2024 – R46 ) Version is updates update

There are no new releases in the regular channel.

( 2024 – R46 ) Version is updates update

There are no new release in the stable channel .

( 2024 – R46 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

( 2024 – R46 ) Version is updates update

note : Your clusters might not have these versions available. Rollouts are already in progress
when we publish the release notes,andcan take multiple days tocomplete across all Google Cloud
zones.

• Thefollow versions is are are now available :
• Thefollowing node versions are now available:

November 26,2024

Compute Engine

Preview: Use the disk performance status metric tomonitor the health of your Hyperdisk orPersistent Disk volumes. This metric indicates whether your disks might be affected by adverse events within Compute Engine.

To learn more,see Monitor disk health.

Google Kubernetes Engine

Cluster autoscaler andnode auto-provisioning support the C4 machine family in GKE version 1.28.15-gke.1159000,1.29.10-gke.1227000 orlater.

Vertex AI Agent Builder

Vertex AI Search is Check : check ingest datum quality for medium recommendation ( GA )

You can check the quality of your ingested data for media recommendations through the Google Cloud console. These checks are not blocking but can suggest ways that your data can be improved.
This feature is Generally available (GA).

Previously,this check was only available through API method is calls call .

For more information,see Check data quality for media recommendations.

November 25,2024

Anti Money Laundering AI

A new major engine version is available for Retail andCommercial lines of business,within the v4 tuning version. This includes technical improvements andsimplifications for tuning andtraining.

BigQuery

A weekly digest of client library update from across the Cloud SDK .

Java

2.44.0 (2024-11-17)

feature

• Enable maxTimeTravelHours in BigQuery java client library (#3555) (bd24fd8)

bug fix

dependency

• Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 tov2.55.0 (#3559) (950ad0c)
• Update dependency com.google.apis:google-api-services-bigquery tov2-rev20241027-2.0.0 (#3568) (b5ccfcc)
• Update dependency com.google.cloud:google-cloud-datacatalog-bom tov1.59.0 (#3561) (1bd24a1)
• Update dependency com.google.cloud:sdk-platform-java-config tov3.40.0 (#3576) (d5fa951)
• Update github/codeql-action action tov2.27.1 (#3567) (e154ee3)
• Update github/codeql-action action tov2.27.3 (#3569) (3707a40)
• Update github/codeql-action action tov2.27.4 (#3572) (2c7b4f7)

documentation

Bigtable

A weekly digest of client library update from across the Cloud SDK .

Java

2.48.0 (2024-11-19)

feature

bug fix

• deps: Update the Java code generator (gapic-generator-java) to2.50.0 (6b35b47)
• Make client side metric tag in sync with server ( # 2401 ) ( bba4183 )

dependency

Cloud Asset Inventory

Thefollowing resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy andAnalyzeIamPolicyLongrunning).

• Conversational Insights
  • contactcenterinsights.googleapis.com/IssueModel
  • contactcenterinsights.googleapis.com/PhraseMatcher
  • contactcenterinsights.googleapis.com/View
• Google Kubernetes Engine
  • admissionregistration.k8s.io/MutatingWebhookConfiguration
  • apps.k8s.io/DaemonSet
  • apps.k8s.io/StatefulSet
  • batch.k8s.io/CronJob
  • k8s.io/PersistentVolume
  • k8s.io/PersistentVolumeClaim
  • k8s.io/podtemplate
  • k8s.io/ReplicationController
  • k8s.io/ResourceQuota
  • policy.k8s.io/PodDisruptionBudget
  • storage.k8s.io/StorageClass

Cloud Logging

A weekly digest of client library update from across the Cloud SDK .

Java

3.20.7 (2024-11-18)

bug fix

• deps: Update the Java code generator (gapic-generator-java) to2.49.0 (a1ec68d)
• deps: Update the Java code generator (gapic-generator-java) to2.50.0 (afcf63c)
• Fixed outdated link toX-Cloud-Trace-Context header description (#1713) (d474313)

dependency

Cloud Run

You can now set a task timeout up to168 hours (7 days) for Cloud Run jobs. (Preview)

Cloud Storage

A weekly digest of client library update from across the Cloud SDK .

Java

2.45.0 (2024-11-18)

feature

bug fix

• deps: Update the Java code generator (gapic-generator-java) to2.49.0 (aef367d)
• deps: Update the Java code generator (gapic-generator-java) to2.50.0 (281cccb)
• Set default values for monitored resource (#2809) (27829a4)

dependency

Firestore in datastore mode

A weekly digest of client library update from across the Cloud SDK .

Java

2.24.3 ( 2024 – 11 – 18 )

dependency

Google SecOps

Curated Detections has been enhanced with a new detection category,Macos Threats. Thecategory includes a Mandiant Intel Emerging Threats rulepack.

Google SecOps SIEM

Curated Detections has been enhanced with a new detection category,Macos Threats. Thecategory includes a Mandiant Intel Emerging Threats rulepack.

Pub / sub

A weekly digest of client library update from across the Cloud SDK .

Java

bug fix

• deps: Update the Java code generator (gapic-generator-java) to2.49.0 (77546e0)
• deps: Update the Java code generator (gapic-generator-java) to2.50.0 (3f21af3)

dependency

• Update dependency com.google.cloud:google-cloud-bigquery tov2.43.3 (#2256) (f7fbc6c)
• Update dependency com.google.cloud:google-cloud-core tov2.47.0 (#2249) (3df5729)
• Update dependency com.google.cloud:google-cloud-storage tov2.44.1 (#2240) (f8dae4d)
• Update googleapis/sdk-platform-java action tov2.50.0 (#2261) (d0aab7d)
• Update sdk platform java dependencies (#2262) (b689fe2)

Sensitive Data Protection

ThePHONE_NUMBER infoType functionality that was previously only available by setting infotype.version tolate orstable is now also used when infotype.version is set tolegacy. Thenew model includes US_TOLLFREE_PHONE_NUMBER finding as typePHONE_NUMBER in the scan results.

Theold detection model that was previously available by setting infotype.version tolegacy is no long available .

Spanner

Default backup schedules are now available andautomatically enabled for all new instances. You can enable ordisable default backup schedules in an instance when creating the instance orby editing the instance later. You can also enable default backup schedules for new databases in existing instances. You can edit ordelete the default backup schedule once it’s created.

When enabled,Spanner creates a default backup schedule for every new database created in the instance. Thedefault backup schedule creates a full backup every 24 hours. These backups have a retention period of 7 days.

For more information,see Default backup schedules.

November 24,2024

Google SecOps

New options for closing a case

New custom field options have been added tothe admin settings close case page.
Using these fields,you can ask the analyst toenter different types of information when closing a case.

For more information,refer toCustomize the Close Case dialog.

Google SecOps SOAR

Release is is 6.3.26 is currently in Preview .

New options for closing a case

New custom field options have been added tothe admin settings close case page.
Using these fields,you can ask the analyst toenter different types of information when closing a case.

For more information,refer toCustomize the Close Case dialog

November 22,2024

Anthos is Attached Attached Clusters

GKE is attached attach cluster now support cluster in theus - central1 region. For more information,see:

Apigee UI

On November 22,2024,we released an updated version of the Apigee UI.

This release includes an improved Apps page for Apigee API Management in the Google Cloud console,making it easier tomanage API products that are assigned toapp
credentials.

With this release:

• Products can be added toan app from a single
  multi-select list box.
• Products can be approved,revoked,andremoved from a
  credential by selecting products in the credential product
  table andusing one of the available action buttons.
• Clicking the Add Credential button adds an empty credential tothe list.
• Credential approval andexpiry configuration fields are located in the credential card.
• A warning appears tousers if they attempt toleave the Apps page when un-saved changes are present.

bug ID	description
357165778	refactored app credential management experience Resolved issue causing the Apps page in the Apigee UI in Cloud console tocrash when working with apps that have a large amount of products assigned toapp credentials.

Assured Workloads
Cloud Asset Inventory
Firestore

You can now use Active Assist toprovide recommendations
and insights that improve the reliability of your databases. This feature is generally available (GA).

For more information,see Reliability recommender.

Firestore in datastore mode

You can now use Active Assist toprovide recommendations
and insights that improve the reliability of your databases. This feature is generally available (GA).

For more information,see Reliability recommender.

Google Distributed Cloud ( software only ) for VMware

Google Distributed Cloud (software only) for VMware 1.30.300-gke.84 is now available for download. To upgrade,see Upgrade a cluster ora node pool. Google Distributed Cloud 1.30.300-gke.84 runs on Kubernetes v1.30.5-gke.600.

If you are using a third-party storage vendor,check the GDCV Ready storage partners document tomake sure the storage vendor has already passed the qualification for this release.

After a release,it takes approximately 7 to14 days for the version tobecome available for use with GKE On-Prem API clients: the Google Cloud console,the gcloud CLI,andTerraform.

Thefollowing issues are fixed in 1.30.300-gke.84:

• fix the issue that additional manual step are need after disable always – on secret encryption withgkectl update cluster.
• Fixed the known issue that caused gkectl todisplay false warnings on admin cluster version skew.

Thefollowing vulnerabilities are fixed in 1.30.300-gke.84:

High-severity container vulnerabilities:

Container-optimized os vulnerabilities:

Google Distributed Cloud ( software only ) for bare metal

release 1.30.300 – gke.84

Google Distributed Cloud for bare metal 1.30.300-gke.84 is now available for download. To upgrade,see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.300-gke.84 runs on Kubernetes 1.30.

After a release,it takes approximately 7 to14 days for the version tobecome available for installations orupgrades with the GKE On-Prem API clients: the Google Cloud console,the gcloud CLI,andTerraform.

If you use a third-party storage vendor,check the Ready storage partners document tomake sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

fix :

• Fixed an issue where the control plane VIP might become unavailable because Keepalived didn’t check correctly that the VIP is on a node with a responsive HAProxy.

• fix an issue where the registry mirror reachability check fail for a single unreachable registry mirror . Now the reachability check is applies apply toconfigured registry mirror only ,instead of all registry mirror .

Thefollowing container image security vulnerabilities have been fixed in 1.30.300-gke.84:

Text – to- speech

Cloud TTS Journey voices have been updated toimprove the accuracy of generated speech. This means you should notice fewer instances of dropped words.

November 21,2024

Agent Assist
AlloyDB for PostgreSQL
Backup andDR

This release fixes an issue with OnVault pool jobs leaving behind inactive cloudbacker mountpoints. It does this by retrying the unmount process a set number of times,including forced unmounts. Due tothe increased number of retries andthe wait time between them,job durations may be slightly longer.

This release deprecates support for ssh-rsa as the ssh Host Key algorithm.

This release fixes the synchronization between database andlog backup states. Log backups should not copy the logs tothe database staging after the database staging disk is unmounted andthe state DBBACKUP_DONE is set.

This release fixes an issue where SAP HANA database andlog backup jobs using Persistent Disk snapshots would complete with a warning status due tometadata upload failures toGoogle Cloud Storage for disaster recovery.

This release removes the 700 thread hard limit andpsrv restarts at 800 threads when the psrv is at high usage.

This release fixes the Tomcat vulnerability CVE-2024-38286.

This release fixes the following Kernel vulnerabilities:

critical Kernel issue : CVE-2023 – 25775 CVE-2019 – 15505

MEDIUM Kernel issues CVE-2019-13631 CVE-2020-25656 CVE-2020-26555 CVE-2020-36777 CVE-2021-3753 CVE-2021-46909 CVE-2021-46939 CVE-2021-47171 CVE-2022-38096 CVE-2022-48743 CVE-2023-1192 CVE-2023-4133 CVE-2023-5090 CVE-2023-6121 CVE-2023-6176 CVE-2023-6240 CVE-2023-6622 CVE-2023-6915 CVE-2023-24023 CVE-2023-31083 CVE-2023-37453 CVE-2023-38409 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-39198 CVE-2023-42754 CVE-2023-42755 CVE-2023-45863 CVE-2023-52448 CVE-2023-52463 CVE-2023-52471 CVE-2024-0340 CVE-2024-21140 CVE-2024-21145 CVE-2024-25739 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26586 CVE-2024-26602 CVE-2024-26603 CVE-2024-26901 CVE-2024-26908 CVE-2024-27014 CVE-2024-27019 CVE-2024-36270 CVE-2024-36489 CVE-2024-38598 CVE-2024-39472 CVE-2024-39476

HIGH Kernel issues: CVE-2019-25162 CVE-2021-4204 CVE-2021-33631 CVE-2021-47624 CVE-2022-0500 CVE-2022-3565 CVE-2022-23222 CVE-2022-45884 CVE-2022-45886 CVE-2022-45919 CVE-2022-45934 CVE-2023-2163 CVE-2023-3567 CVE-2023-3812 CVE-2023-4244 CVE-2023-5178 CVE-2023-6546 CVE-2023-6931 CVE-2023-6932 CVE-2023-28464 CVE-2023-51042 CVE-2023-51780 CVE-2023-52340 CVE-2023-52434 CVE-2023-52439 CVE-2023-52445 CVE-2023-52451 CVE-2023-52464 CVE-2023-52469 CVE-2024-0565 CVE-2024-0841 CVE-2024-1086 CVE-2024-21147 CVE-2024-23307 CVE-2024-25744 CVE-2024-26593 CVE-2024-26907 CVE-2024-26933 CVE-2024-26934 CVE-2024-27020 CVE-2024-36971 CVE-2024-36978 CVE-2024-36979 CVE-2024-38538 CVE-2024-38555 CVE-2024-38627 CVE-2024-39487

Cloud Asset Inventory
Cloud Data Fusion

TheHTTP plugin version 1.4.3 is available in Cloud Data Fusion version 6.8.0 andlater. This release includes the following changes (PLUGIN-1810):

• In theHTTP streaming source,batch source,andbatch sink,a PATCH option was added tothe HTTP Method field.
• fix an issue in the HTTP sink cause data loss when a pipeline did n’t fail by default when a non-2xx response code was receive .
• Fixed an issue in the HTTP source causing a pipeline not tofail when the get_schema method was called anda non-2xx response code was received.

Cloud SQL for PostgreSQL
Generative AI on Vertex AI

TheGen AI evaluation service can now help you evaluate your translation models using MetricX,COMET,andBLEU metrics.
To learn more about evaluating your translation models,see Evaluate translation models.

Google Cloud VMware Engine

VMware Engine ve1 nodes is are are now available in the follow additional region :

• Dallas,Texas,North America (us-south1-b).

Google Distributed Cloud ( software only ) for bare metal

release 1.29.800 – gke.111

Google Distributed Cloud for bare metal 1.29.800-gke.111 is now available for download. To upgrade,see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.800-gke.111 runs on Kubernetes 1.29.

After a release,it takes approximately 7 to14 days for the version tobecome available for installations orupgrades with the GKE On-Prem API clients: the Google Cloud console,the gcloud CLI,andTerraform.

If you use a third-party storage vendor,check the Ready storage partners document tomake sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

• Added support for configuring the GKE Identity Service toenforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default,the GKE Identity Service allows TLS 1.1 andhigher connections. If you require enforcement for a minimum of TLS 1.2,reach out toCloud Customer Care for assistance.

fix :

• fix the issue where non – root user ca n’t runbmctl is restore restore torestore quorum.

Thefollowing container image security vulnerabilities have been fixed in 1.29.800-gke.111:

Google Kubernetes Engine
Google SecOps SIEM

TheGoogle SecOps team identified that a cloud threat detection rule pack (azure-defender-for-cloud-vm-extensions) was inadvertently made available toall customers. Thelicensing requirements restrict the availability of this rule pack toonly Enterprise andEnterprise+ customers andthis has been corrected.

This change should not remove any prior detections for customers who have enabled this rule pack anddo not meet the licensing requirements but the rules themselves will now be unavailable andno new detections will generate.

Looker Studio

filter value suggestion

When defining filters on charts,pages,or reports that use Equal to(=) orIn conditions,report editors can select from a list of possible filter values that are provided from the underlying data. Filter suggestions are supported for all data connectors andcan be disabled during filter creation.

learn more about filter property .

Looker connector filter enhancement

Thefollowing features are now available for use with the Looker connector:

• Filter-only fields can be set as a report control anda quick filter.
• Looker Studio displays suggestions for filter values based on the data source’s LookML suggest_dimension andsuggest_explore definitions when Equal to(=) andIn conditions are used.

Secure Source Manager
security Command Center

As of November 13,2024,security Command Center can produce Cloud Entitlement Infrastructure Management (CIEM) findings for the following identity andaccess issues in AWS environments:

• Users,groups,or assumed IAM roles that are inactive andhave one ormore permissions.
• Overly permissive trust policies that are enforced on an AWS IAM role.
• identity that can move laterally through impersonation .

November 20,2024

Artifact Registry

Artifact Registry is available in the northamerica - south1 region (Querétaro,Mexico,North America). For more information,see Global locations.

Cloud Load Balancing

Regional external Application Load Balancers,cross-region internal Application Load Balancers,regional internal Application Load Balancers,regional internal proxy network Load Balancers,cross-region internal proxy network Load Balancers,andregional external proxy network Load Balancers now support IPv4 andIPv6 (dual-stack) backends.

Thefollowing backends have dual-stack support:

• VM instance groups
• Zonal NEGs (GCE_VM_IP_PORT endpoint )

You can also convert your existing single-stack load balancers from IPv4-only todual stack (IPv4 andIPv6) deployments.

For details,see the following pages:

This feature is available in General Availability.

Cloud SQL for MySQL
Cloud SQL for PostgreSQL
Dataproc
Deep Learning Containers

M126 release

• Base CUDA is are 12.3 container images is are are now available .
• Base CUDA 12.4 container images are now available.
• PyTorch 2.4.0 with CUDA 12.4 andPython 3.10 container images are now available.
• Upgraded R from 4.4.1 to4.4.2 for R container images.

Deep Learning VM Images

M126 release

• CUDA is are 12.4 VM images is are are now available .
• PyTorch 2.4.0 with CUDA 12.4 andPython 3.10 VM images are now available.
• Upgraded R from 4.4.1 to4.4.2 for R VM images.
• One ormore framework versions have reached their end of patch andsupport dates. To view end of patch andsupport dates,see Supported framework versions. To create a VM instance using an image family that has reached its end of patch andsupport date,you must specify an image from the image family when you create the VM instance. To list images from an image family name after its end of patch andsupport date,include the --show-deprecated flag in your gcloud compute images list command,or select Show deprecated images when creating an instance in the Google Cloud console.

Google Cloud Deploy
Google Cloud VMware Engine

VMware Engine ve2 nodes are now available in the following regions:

• São Paulo,Brazil (southamerica-east1)
• Santiago,Chile (southamerica-west1)

Google Kubernetes Engine
VPC Service Controls

VPC Service Controls feature: VPC Service Controls extends support for etags in the service perimeter resources. For example,you can use the --etag flag with the gcloud CLI commands such as gcloud access-context-manager perimeters update andgcloud access-context-manager perimeters describe. This feature is generally available.

Vertex AI Workbench

M126 release

TheM126 release of Vertex AI Workbench user-managed notebooks includes the following:

TheM126 release of Vertex AI Workbench managed notebooks includes the following:

• Upgraded JupyterLab to3.6.8.

M126 release

TheM126 release of Vertex AI Workbench instances includes the following:

• Preview: JupyterLab 4+ is available on new Vertex AI Workbench instances. To try it,select JupyterLab 4 when you create your instance.
• Upgraded JupyterLab to3.6.8.

November 19,2024

App Engine flexible environment is Go Go
App Engine flexible environment Node.js
App Engine standard environment Go
App Engine standard environment Node.js
Artifact Registry

Artifact Registry now provides the option toenable ordisable vulnerability scanning on individual repositories. By giving you more granular control over the number of images scanned,this feature can help you manage scanning costs andreduce noise in vulnerability scanning results.

This feature is Generally Available.

For more information,see Enable ordisable automatic scanning.

BigQuery
Cloud Load Balancing

Percentage-based request mirroring is now supported for the cross-region andregional internal Application Load Balancers. By default,the mirrored backend service receives all requests,even if the
original traffic is being split between multiple weighted backend services. You
can now configure the mirrored backend service toreceive only a percentage of the
requests by using the mirrorPercent flag tospecify the percentage of
requests tobe mirrored expressed as a value between 0 and100.0.

For an example,see Set up traffic management for regional internal Application Load Balancers.

This capability is is is available in Preview .

Cloud Run
Cloud Run function
Cloud SQL for mysql

Thewrite endpoint feature is now available in Preview. This endpoint is a global domain name service (DNS) name. This name resolves tothe IP address of the current primary Cloud SQL instance that’s enabled with private services access.

By using a write endpoint,you can avoid having tomake application connection changes after performing a switchover orreplica failover operation totest ormitigate a regional failure. For more information,see Configure private IP.

Cloud SQL for postgresql

For Cloud SQL Enterprise Plus edition instances,you can now use advanced disaster recovery (DR) tosimplify recovery andfallback processes after you perform a cross-regional failover. With advanced DR,you can:

• Designate a cross-region disaster recovery (DR) replica
• perform a cross – region replica failover for disaster recovery
• Restore your original deployment by using zero-data loss switchover

You can also use switchover tosimulate disaster recovery without data loss. You can use advanced DR on Cloud SQL for PostgreSQL version 12,13,14,15,or 16.

For more information,see Advanced disaster recovery (DR) andUse advanced disaster recovery (DR). This feature is generally available (GA).

Thewrite endpoint feature is now available in Preview. This endpoint is a global domain name service (DNS) name. This name resolves tothe IP address of the current primary Cloud SQL instance that’s enabled with private services access.

By using a write endpoint,you can avoid having tomake application connection changes after performing a switchover orreplica failover operation totest ormitigate a regional failure. For more information,see Configure private IP.

Cloud Service Mesh

Therollout of managed Cloud Service Mesh version 1.19 toall channels has completed.

Compute Engine

Thedocumentation has been updated toclarify that future reservation requests don’t support E2 machine types. To reserve VMs that use E2 machine types,use on-demand reservations instead.

For more information,see Restrictions on creation.

Google Cloud Architecture Center
Google Kubernetes Engine

( 2024 – r45 ) Version is updates update

GKE cluster version have been update .

New versions available for upgrades andnew clusters.

Thefollow Kubernetes versions is are are now available for new cluster andfor
opt – in control plane upgrade andnode upgrade for exist cluster . For more
information on versioning andupgrade ,see GKE versione andsupport
andupgrade .

Rapid channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollow versions is are are now available in the Rapid channel :

regular channel

There are no new releases in the regular channel.

stable channel

There are no new release in the stable channel .

extended channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

No channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollow versions is are are now available :
• Thefollowing node versions are now available:

( 2024 – r45 ) Version is updates update

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollow versions is are are now available in the Rapid channel :

( 2024 – r45 ) Version is updates update

There are no new releases in the regular channel.

( 2024 – r45 ) Version is updates update

There are no new release in the stable channel .

( 2024 – r45 ) Version is updates update

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

( 2024 – r45 ) Version is updates update

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollow versions is are are now available :
• Thefollowing node versions are now available:

GKE version 1.31 introduces increased scalability,allowing users tocreate clusters with up to65,000 nodes. For clusters exceeding 5,000 nodes,a quota increase is required. Contact Google Cloud support torequest this increase.

Kf

Upgraded server-side dependencies – Tekton Pipelines,ASM

Updated Go version used tobuild images andCLI tools

Changed version of php-buildpack toaddress build issue.

Secret Manager

Creating custom organization policies with Secret Manager resources is now in General Availability (GA). You can use custom organization policies toenhance secret security by enforcing rotation schedules,annotations,andexpirations for secrets. You can also use custom organization policies torestrict secret types tomanage costs. To learn more about using custom organization policies in Secret Manager,see Use custom organization policies.

Sensitive Data Protection

TheNovember 4 release note announcing the release of sample discovery findings was published in error. This feature is not available.

Spanner

Spanner is supports support theALL_DIFFERENT graph predicate in GoogleSQL-dialect databases. You can use this predicate tosee if the graph elements in a list are mutually distinct.

November 18,2024

Access Approval

Access Approval now supports Cloud Healthcare API in the Preview stage.

AlloyDB for postgresql

AlloyDB for PostgreSQL is now available in the following region: northamerica - south1 (Mexico). For more information,see AlloyDB Locations.

Anti Money Laundering AI

Two major engine versions within the v4 tuning version are no longer used by customers andare deprecated as of today. We recommend customers use the most recent engine versions instead. Deprecation overrides the support timeline for all minor versions within these major engine versions.

App Hub
Application Integration

JavaScript task using Gemini

If your integration flow requires any complex data mapping logic,Gemini can now recommend a JavaScript task. For more information,see Create an integration using Gemini.

You can add a JavaScript task,edit an existing task,or use Gemini tohelp understand the JavaScript code. For more information,see Configure JavaScript tasks.

Assured Workloads
Bigtable

You can now create a Data Boost app profile andview Data Boost metrics in the Google Cloud console. Data Boost for Bigtable is in Preview. For more information,see Create andconfigure app profiles.

A weekly digest of client library update from across the Cloud SDK .

Java

2.47.0 (2024-11-13)

feature

• Add an experimental feature toskip waiting for trailers for unary ops (#2404) (cf58f26)
• Add internal “deadline remaining” client side metric #2341 (#2370) (75d4105)

bug fix

Python

2.27.0 ( 2024 – 11 – 12 )

feature

• Add support for Cloud Bigtable Node Scaling Factor for CBT Clusters (#1023) (0809c6a)
• Surface retry param toTable.read_row api (#982) (a8286d2)

bug fix

Bigtable is now available in the northamerica - south1 (Mexico) region. For more information,see Bigtable locations.

Cloud Data Fusion

TheCloud SQL MySQL plugins version 1.11.5 is available in Cloud Data Fusion versions 6.8.0 andlater. This release fixes an issue in the Cloud SQL MySQL sink causing pipelines tofail when the schema contains a MySQL reserved word (PLUGIN-1017).
This note is incorrect; see entry for November 27,2024.

TheSAP table batch source plugin version 0.11.5 is available in Cloud Data Fusion version 6.8.0 andlater. This release fixes an issue causing the following error: Error encountered while configuring the stage: Unable toaccess Cloud Storage ordownload JCo libraries from Cloud Storage.

Cloud database Migration Service

database Migration Service now lets you select if a connection profile is for a source ora destination database,based on your migration scenario. database Migration Service shows configuration options applicable toyour choice.

Cloud Interconnect

Dedicated Cloud Interconnect support is available in the following colocation facilities:

• Queretaro,Mexico,North America

For more information,see the Locations table andGlobal Locations.

Cloud Key Management Service
Cloud Run
Cloud Run functions
Cloud SQL for MySQL

Cloud SQL now supports near-zero downtime when you enable ordisable data cache for Cloud SQL Enterprise Plus edition primary instances. For more information,see Availability in Cloud SQL.

Cloud SQL now supports near-zero downtime for infrequent scale downs (once every three hours) of the compute size (vCPU,memory) of your Cloud SQL Enterprise Plus edition primary instance.

For more information,see Availability in Cloud SQL.

Cloud SQL for postgresql

Thepgvector extension is now upgraded from version 0.7.4 toversion 0.8.0. Use this extension tostore andsearch for vector embeddings in PostgreSQL databases. For more information,see Configure PostgreSQL extensions.

To use this version of the extension,update your instance toone of the following:

• PosTGRES_17_0.R20241011.00_03 (for PostgreSQL instances,version 17)
• [ postgresql version].R20240910.01_17 (for PostgreSQL instances,versions 13 to16)

For more information,see Self-service maintenance.

Cloud SQL now supports near-zero downtime when you enable ordisable data cache for Cloud SQL Enterprise Plus edition primary instances. For more information,see Availability in Cloud SQL.

Cloud SQL now supports near-zero downtime for infrequent scale downs (once every three hours) of the compute size (vCPU,memory) of your Cloud SQL Enterprise Plus edition primary instance.

For more information,see Availability in Cloud SQL.

Cloud SQL for SQL server
Cloud Storage

A weekly digest of client library update from across the Cloud SDK .

Go

1.47.0 ( 2024 – 11 – 14 )

feature

• storage: Introduce dp detector based on grpc metrics (#11100) (60c2323)

bug fix

Cloud Storage is now available in Querétaro,Mexico (northamerica - south1 region). For more information,see Cloud Storage regions.

Cloud VPN
Cloud Workstations
Compute Engine
Container Optimized os

fix cve-2024 – 50101 in the Linux kernel .

Fixed CVE-2024-50095 in the Linux kernel.

Fixed CVE-2024-50066 in the Linux kernel.

fix CVE-2024 – 50010 in the Linux kernel .

fix CVE-2024 – 50110 in the Linux kernel .

Fixed CVE-2024-50120 in the Linux kernel.

Fixed CVE-2024-50121 in the Linux kernel.

fix CVE-2024 – 50115 in the Linux kernel .

Fixed CVE-2024-50130 in the Linux kernel.

fix CVE-2024 – 50131 in the Linux kernel .

Fixed CVE-2024-49952 in the Linux kernel.

Fixed CVE-2024-50095 in the Linux kernel.

fix CVE-2024 – 49946 in the Linux kernel .

fix CVE-2024 – 50010 in the Linux kernel .

Fixed CVE-2024-50138 in the Linux kernel.

fix cve-2024 – 49959 in the Linux kernel .

fix cve-2024 – 49954 in the Linux kernel .

fix CVE-2024 – 50110 in the Linux kernel .

fix CVE-2024 – 50115 in the Linux kernel .

fix CVE-2024 – 50131 in the Linux kernel .

Fixed CVE-2024-45310 in app-containers/runc.

fix CVE-2024 – 50010 in the Linux kernel .

fix cve-2024 – 49959 in the Linux kernel .

fix cve-2024 – 49954 in the Linux kernel .

fix CVE-2024 – 50110 in the Linux kernel .

Fixed CVE-2024-50138 in the Linux kernel.

fix CVE-2024 – 50115 in the Linux kernel .

fix CVE-2024 – 50131 in the Linux kernel .

Fixed CVE-2024-49952 in the Linux kernel.

fix CVE-2024 – 50110 in the Linux kernel .

fix cve-2024 – 49959 in the Linux kernel .

fix cve-2024 – 49954 in the Linux kernel .

fix CVE-2024 – 50010 in the Linux kernel .

fix CVE-2024 – 50131 in the Linux kernel .

fix cve-2024 – 46855 in the Linux kernel .

Updated app-admin/google-guest-configs tov20241112.00.

Updated app-containers/containerd tov2.0.0.

update theLinux kernel tov6.6.61.

Upgraded cos-gpu-installer tov2.4.4: Relax precise GPU driver version check toallow version with two numeric segments pass.

Data Catalog

Data Catalog is now available in the Mexico (northamerica - south1) region. For more information,see Global locations andpricing.

Dataflow

Dataflow is available in Queretaro,Mexico (northamerica – south1). Learn more about Google Cloud locations.

Dataproc

Dataproc is now available in the northamerica - south1 region (Queretaro,Mexico).

Filestore
Firestore

Firestore is supports now support thenorthamerica - south1 Queretaro region .

For a full list of supported locations,see Locations.

Firestore in datastore mode

Firestore in Datastore mode now supports the northamerica - south1 Queretaro region .

For a full list of supported locations,see Locations.

A weekly digest of client library update from across the Cloud SDK .

Java

2.24.2 (2024-11-06)

bug fix

• doc: Add discriptions for TransactionCallable interface (#1644) (173a883)
• doc: Fix return types for batch interface (#1645) (1189211)

Google Kubernetes Engine

Performance horizontal Pod autoscaling (HPA) profile is now available in Preview for new andexisting GKE clusters running version 1.31.2-gke.1138000 orlater. This feature speeds up HPA reaction time andenables quick recalculation of up to1,000 HPA objects. To learn more,see Configuring Performance HPA profile.

Live Stream API
Memorystore for Memcached

Added new Memorystore for Memcached region: Querétaro (northamerica - south1).

Pub / sub

Pub/Sub is now available in the northamerica - south1 region (Querétaro,Mexico,North America). For more information,see Cloud locations.

A weekly digest of client library update from across the Cloud SDK .

Node.js

4.9.0 ( 2024 – 11 – 12 )

feature

• Add IngestionFailureEvent tothe external proto (#1984) (7075430)

bug fix

Sovereign Controls by Partners

Thefollowing control packages now support the following products. See Supported products by control package for more information:

Control package :

new support product :

• BigQuery Data Transfer Service
• GKE Identity Service
• Google Cloud Armor
• Secret Manager
• Sensitive Data Protection

Spanner
Virtual Private Cloud

November 17,2024

Google SecOps SOAR

Release 6.3.25 is now in General Availability.

From now on,only new features andchanges will be written up for the Release Notes. Please use the customer portal totrack progress of your support tickets orreach out toCustomer Support for more information.

Secret Manager

November 15,2024

AlloyDB for postgresql

Theextension vector,which includes pgvector functions andoperators,is updated toversion 0.7.4.

Apigee UI

On November 15,2024,we released an updated version of the Apigee UI.

bug ID	description
376257906	Fixed issue with custom report editing Resolved issue where customer reports without properties that were created using the API could not be rendered with the Edit option.

Assured Workloads

TheCJIS control package now supports the following products. See Supported products by control package for more information:

• Access Context Manager
• Apigee
• Cloud Build
• Cloud EKM
• Cloud Interconnect
• Cloud NAT
• Cloud Router
• Cloud Service Mesh
• Cloud VPN
• Resource Manager
• Firestore
• Identity-Aware Proxy (IAP)
• Memorystore for Redis
• Sensitive Data Protection

Backup for GKE

Backup for GKE now supports backing up andrestoring Hyperdisk throughput,extreme,andbalanced types volumes.

Capacity Planner

Preview: You can view andexport historical utilization of on-demand andfuture reservations in your project,folder,or organization. This data helps you analyze usage trends for your VMs orGPUs,as well as plan for future capacity needs. For more information,see the following:

Cloud Run
Cloud SQL for PostgreSQL
Cloud Storage
security Command Center

Manage security postures using the Google Cloud console is generally available.

You can now create,deploy,update,anddelete security postures using the Google Cloud console. For more information,see Manage a security posture.

Sensitive Data Protection
VPC Service Controls

November 14,2024

Apigee Advanced API security

On November 14,2024 we released a new version of Advanced API security

IP address drill down details are now available in the preview release of Advanced API security Abuse Detection Incidents.

This new functionality allows viewing details of detected abuse by source IP.

For usage information,see the Abuse Detection customer documentation.

Batch

Dependent jobs are available in Preview. Dependent jobs let you schedule an automated chain of jobs,which can help you optimize resource consumption—for example,separate the types of VMs used for data preparation andcompute-intensive data processing.

BigQuery

You can try Gemini in BigQuery at no charge until January 27,2025. After that date,to continue touse Gemini in BigQuery you must do one of the following:

• Purchase andassign BigQuery Enterprise Plus edition reservations toprojects that use Gemini in BigQuery.
• Purchase Gemini Code Assist Enterprise.

To learn more,see

Purchase Gemini in BigQuery

. These purchase options are now

generally available

(GA).

Cloud Asset Inventory
Cloud SQL for mysql

You is create can now create custom organization policy for theBackupRun resource in Cloud SQL instances. In addition,more fields in the instance resource are available tocreate custom organization policies. For more information,see Add custom organization policies.

Cloud SQL for postgresql

You is create can now create custom organization policy for theBackupRun resource in Cloud SQL instances. In addition,more fields in the instance resource are available tocreate custom organization policies. For more information,see Add custom organization policies.

Cloud SQL for SQL server

You is create can now create custom organization policy for theBackupRun resource in Cloud SQL instances. In addition,more fields in the instance resource are available tocreate custom organization policies. For more information,see Add custom organization policies.

Cloud Storage

Bucket IP filtering for Cloud Storage is now available in Preview. With bucket IP filtering,you can restrict access toa bucket based on the source IP address of the request andsecure your data from unauthorized access.

Contact Center AI Insights

Conversational Insights offers Rule-based analysis as a preview feature tocustomize your conversation analyses. Rule-based analysis provides the following customizations for your conversation analyses:

• Filter conversations.
• select a percentage of your dataset .
• Designate different types of analysis.

Dialogflow

Data store tools: You can now optimize the RAG performance of data store tools used by Playbooks. See the documentation for details.

Dialogflow CX: New feature Context token limits has been added toAgent Settings > Generative AI. You can use this feature toset a percentage of the token budget tobe reserved for conversation history,as a maximum. See the Agent Settings documentation for details.

Generators anddata store handlers: Themodel gemini-1.5-flash-002 is now GA .

Data store handlers: Thedefault generative model has been changed togemini-1.5 - flash-001.

Google Distributed Cloud ( software only ) for VMware

Google Distributed Cloud (software only) for VMware 1.29.800-gke.108 is now available for download. To upgrade,see Upgrade a cluster ora node pool. Google Distributed Cloud 1.29.800-gke.108 runs on Kubernetes 1.29.10-gke.100.

If you are using a third-party storage vendor,check the GDC Ready storage partners document tomake sure the storage vendor has already passed the qualification for this release.

After a release,it takes approximately 7 to14 days for the version tobecome available for use with GKE On-Prem API clients: the Google Cloud console,the gcloud CLI,andTerraform.

Added support for configuring the GKE Identity Service toenforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default,the GKE Identity Service allows TLS 1.1 andhigher connections. If you require enforcement for a minimum of TLS 1.2,reach out toCloud Customer Care for assistance.

Thefollowing issue is fixed in 1.29.800-gke.108:

fix the issue that additional manual step are need after disable always – on secret encryption withgkectl update cluster.

Thefollowing vulnerabilities are fixed in 1.29.800-gke.108:

Container-optimized os vulnerabilities:

Ubuntu vulnerabilities:

Looker
Migrate toVirtual Machines
Secure Source Manager
security Command Center
Sensitive Data Protection

Thecurrent default STREET_ADDRESS infoType detection model,which is available when infotype.version is set tolate orstable,is now also used when infotype.version is set tolegacy.

Theold detection model that was previously available by setting infotype.version tolegacy is no long available .

November 13,2024

Agent Assist
Cloud Composer

Airflow is is 2.10.2 is available in Cloud Composer .

(Airflow 2.7.3) Backported #35887 tofix an issue that occurred during the DST transition. Theissue affected DAGs with timezone-aware cron schedule andcaused infinite loops in the Airflow scheduler.

improve the error message generate when a Cloud Composer 3 environment creation fail because of miss permission .

(Airflow 2.10.2 and2.9.3) Theapache-airflow-providers-google package was upgraded toversion 10.25.0 in Cloud Composer 2 images andCloud Composer 3 builds. For more information about changes,see the apache-airflow-providers-google changelog from version 10.24.0 toversion 10.25.0.

(Airflow 2.10.2 and2.9.3) Theapache - airflow - provider - cncf - kubernete package was upgraded toversion 9.0.1 in Cloud Composer 2 images andCloud Composer 3 builds. For more information about changes,see the apache – airflow – provider – cncf – kubernete changelog from version 9.0.0 toversion 9.0.1.

New Airflow builds are available in Cloud Composer 3:

• composer-3-airflow-2.10.2-build.0
• composer-3-airflow-2.9.3-build.7 (default)
• composer-3-airflow-2.7.3-build.23

new images is are are available in Cloud Composer 2 :

• composer-2.9.11-airflow-2.10.2
• composer-2.9.11 – airflow-2.9.3 ( default )
• composer-2.9.11-airflow-2.7.3

Support dates for previous Cloud Composer 3 builds are available. All Cloud Composer 3 builds with Airflow 2.9.3 are supported until November 13,2025.

Cloud Healthcare API

A new release is available. This release may include some orall of the
following: general performance improvements,bug fixes,andupdates tothe
API reference documentation.

Compute Engine

Preview: Theos policy orchestrator feature in VM Manager lets you manage os policy assignments across projects andzones at scale in large organizations. os policy assignment was previously available only for zonal resources in a project. For more information,see About os Policy Orchestrator.

Config Connector

Config Connector version 1.125.0 is now available.

new Beta resource ( direct reconciler )

Added cluster mode tomanage the rate-limit for the Config Connector requests

sqlinstance Reconciliation Improvements

• You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on thesqlinstance CR object toopt-in the direct controller.
• Thedirect reconciler contains 2 fix andimprovement:
  • Fix the upgrade anddowngrade issue between ENTERPRISE andENTERPRISE_PLUS.
  • support create from clone functionality viaspec. cloneSource
• Migrated the sqlinstance from the Terraform-based orDCL-based controller tothe new Direct Controller toenhance the reliability andperformance. TheCRD is unchanged.

ComputefirewallPolicyRule Reconciliation Improvements

• You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on theComputefirewallPolicyRule CR object toopt-in the direct controller,which fixes the targetResources error “required value priority could not be found”.
• Migrated this resource from the Terraform-based controller tothe new Direct Controller toenhance the reliability andperformance. Theresource CRD is unchanged.

AlloyDBInstance

• Added spec.networkConfig.enableOutboundPublicIp field.
• Added status.outboundPublicIpAddresses field.

issue 3007ComputeBackendService cannot refer clientTLSPolicy due toinvalid format

Issue 2973 kubelet_config has insecure_kubelet_readonly_port_enabled: true set even if not configured in the ContainerNodePool object .

Google Cloud Contact Center as a Service

Flutter for the Mobile SDKs

You can now use Flutter tohelp you integrate the Mobile SDKs (the Android SDK andthe ios SDK) into your Android orios app. For more information,see Integrate using Flutter.

Google Kubernetes Engine

(2024-R44) Version updates

GKE cluster version have been update .

New versions available for upgrades andnew clusters.

Thefollow Kubernetes versions is are are now available for new cluster andfor
opt – in control plane upgrade andnode upgrade for exist cluster . For more
information on versioning andupgrade ,see GKE versione andsupport
andupgrade .

Rapid channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Version is is 1.31.1 – gke.2105000 is now the default version for cluster creation in the Rapid channel .
• Thefollow versions is are are now available in the Rapid channel :
• Thefollowing versions are no longer available in the Rapid channel:
  • 1.28.14 – gke.1376000
  • 1.29.9 – gke.1541000
  • 1.30.5 – gke.1628000
  • 1.31.1 – gke.1846000
  • 1.31.2 – gke.1115000
• auto – upgrade targets is are are now available for the following minor version :
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 toversion 1.28.15-gke.1020000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 toversion 1.29.10 – gke.1054000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 toversion 1.30.5 – gke.1699000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 toversion 1.31.1-gke.2105000 with this release.
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 toversion 1.28.15-gke.1020000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 toversion 1.29.10 – gke.1054000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 toversion 1.30.5 – gke.1699000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 toversion 1.31.1-gke.2105000 with this release.

regular channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollowing versions are now available in the regular channel:

stable channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollowing versions are now available in the stable channel:

extended channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollowing versions are now available in the extended channel:
• Version 1.27.16-gke.1373000 is no longer available in the extended channel.
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled in the extended channel will be upgraded from version 1.27 toversion 1.27.16-gke.1681000 with this release.

No channel

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollow versions is are are now available :
• Thefollowing node versions are now available:
• Thefollowing versions are no longer available:
  • 1.30.5 – gke.1628000
  • 1.31.1 – gke.1678000
  • 1.31.2 – gke.1115000

(2024-R44) Version updates

GKE cluster version have been update .

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Version is is 1.31.1 – gke.2105000 is now the default version for cluster creation in the Rapid channel .
• Thefollow versions is are are now available in the Rapid channel :
• Thefollowing versions are no longer available in the Rapid channel:
  • 1.28.14 – gke.1376000
  • 1.29.9 – gke.1541000
  • 1.30.5 – gke.1628000
  • 1.31.1 – gke.1846000
  • 1.31.2 – gke.1115000
• auto – upgrade targets is are are now available for the following minor version :
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 toversion 1.28.15-gke.1020000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 toversion 1.29.10 – gke.1054000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 toversion 1.30.5 – gke.1699000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 toversion 1.31.1-gke.2105000 with this release.
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 toversion 1.28.15-gke.1020000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 toversion 1.29.10 – gke.1054000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 toversion 1.30.5 – gke.1699000 with this release.
  • Control planes andnodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 toversion 1.31.1-gke.2105000 with this release.

(2024-R44) Version updates

GKE cluster version have been update .

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollowing versions are now available in the regular channel:

(2024-R44) Version updates

GKE cluster version have been update .

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollowing versions are now available in the stable channel:

(2024-R44) Version updates

GKE cluster version have been update .

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollowing versions are now available in the extended channel:
• Version 1.27.16-gke.1373000 is no longer available in the extended channel.
• Thefollowing patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions orother factors preventing minor version upgrades:
  • Control planes andnodes with auto-upgrade enabled in the extended channel will be upgraded from version 1.27 toversion 1.27.16-gke.1681000 with this release.

(2024-R44) Version updates

GKE cluster version have been update .

note : Your clusters is have might not have these version available . Rollouts is are are already in progress
when we publish the release note ,andcan take multiple day tocomplete across all Google Cloud
zone .

• Thefollow versions is are are now available :
• Thefollowing node versions are now available:
• Thefollowing versions are no longer available:
  • 1.30.5 – gke.1628000
  • 1.31.1 – gke.1678000
  • 1.31.2 – gke.1115000

November 12,2024

AlloyDB for postgresql

If you are dropping an AlloyDB database that is larger than 64 TiB,then any write operations on other AlloyDB databases are paused until the drop operation is completed.

Apigee hybrid

hybrid v1.13.2

On November 12,2024 we released an updated version of the Apigee hybrid software,1.13.2.

bug ID	description
373722434	Fixed support for backups toGCS buckets with retention policies.
361044374	Fixes is assign assign message not correctly highlight the set payload action in the debug trace .
355122464	This release contains a few error-handling fixes for CSI backup andrestore.
237656263	Fix added tomake use of asynchronous ServiceCallout execution when the ServiceCallout policy <Response> element is not present. Procedure: In theapigee - env / values.yaml file set conf_system_servicecallout.expects.response tofalse under runtime:cwcAppend:. For example : # Apigee Runtime. runtime: cwcAppend: conf_system_servicecallout.expects.response: false upgrade theapigee-env chart for each environment toapply the change. For example: helm upgrade apigee-env/ \ --install \ --namespace \ --set env= \ -f

App Engine flexible environment .NET
Cloud Load Balancing

Cloud Load Balancing resources now let you use custom constraints todefine your own restrictions on Google Cloud services. To learn about which load balancing resources support custom constraints,andsome sample use cases,see Manage Cloud Load Balancing resources using custom constraints.

For more information about custom constraints,see the following:

This feature is available in General Availability.

Cloud Run

Thein – memory volume type is now generally available (GA) for Cloud Run services andjobs.

Cloud SQL for MySQL

You can now have Cloud SQL create a Private Service Connect endpoint automatically instead of creating the endpoint manually after the instance is created. You use this endpoint toaccess a Cloud SQL instance through a VPC network. For more information,see Connect toan instance using Private Service Connect. This feature is available in Preview.

Cloud SQL for postgresql

You can now have Cloud SQL create a Private Service Connect endpoint automatically instead of creating the endpoint manually after the instance is created. You use this endpoint toaccess a Cloud SQL instance through a VPC network. For more information,see Connect toan instance using Private Service Connect. This feature is available in Preview.

Cloud SQL for SQL server

You can now have Cloud SQL create a Private Service Connect endpoint automatically instead of creating the endpoint manually after the instance is created. You use this endpoint toaccess a Cloud SQL instance through a VPC network. For more information,see Connect toan instance using Private Service Connect. This feature is available in Preview.

Cloud Service Mesh

In-cluster Cloud Service Mesh 1.20 is no longer supported. For more information,see Supported versions.

1.20.8-asm.10 is now available for in-cluster Cloud Service Mesh.

1.20 is no longer supported. While the fix for the bug in the distroless proxy container has been backported to1.20,you should upgrade to1.21 orlater.

You can now download 1.20.8-asm.10 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.20.8 subject tothe list of supported features. Cloud Service Mesh version 1.20.8-asm.10 uses envoy v1.28.6.

For details on upgrading Cloud Service Mesh,see Upgrade Cloud Service Mesh.

1.23.3 – asm.2 is is is now available for in – cluster Cloud Service Mesh .

You can now download 1.23.3 – asm.2 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.23.3 subject tothe list of supported features. Cloud Service Mesh version 1.23.3 – asm.2 uses envoy v1.31.2.

For details on upgrading Cloud Service Mesh,see Upgrade Cloud Service Mesh.

1.22.6-asm.2 is now available for in-cluster Cloud Service Mesh.

You can now download 1.22.6-asm.2 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.22.6 subject tothe list of supported features. Cloud Service Mesh version 1.22.6-asm.2 uses envoy v1.30.6.

For details on upgrading Cloud Service Mesh,see Upgrade Cloud Service Mesh.

1.21.5-asm.12 is now available for in-cluster Cloud Service Mesh.

You can now download 1.21.5-asm.12 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.21.5 subject tothe list of supported features. Cloud Service Mesh version 1.21.5-asm.12 uses envoy v1.29.8.

For details on upgrading Cloud Service Mesh,see Upgrade Cloud Service Mesh.

This release fixes a bug in the distroless proxy container. Before this fix,the distroless proxy
produced errors similar tothe following when deployed in a Kubernetes cluster with in-cluster
control plane that did not have Container network Interface (CNI) installed.

xtables resource problem: can't open lock file /run/xtables.lock: No such file  ordirectory

This fix applies tothe following new versions:

• 1.20.8-asm.10
• 1.21.5-asm.12
• 1.22.6-asm.2
• 1.23.3 – asm.2

Config Controller

Config Controller is uses now use the follow version of its include product :

Datastream

Datastream now supports global transaction identifier (GTID)-based replication for MySQL sources. Thefeature is in Preview.

GTID-based replication supports failovers andmanaged database clusters,such as Cloud SQL Enterprise Plus edition. For more information,see the Datastream documentation.

Google Cloud Contact Center as a Service

Mobile SDK 2.10 is release

Mobile SDK 2.10 includes the following updates:

• ios SDK:
  • Text resizing. End-users can increase text size up to200%. Text is resized using the device settings.
• Android SDK :
  • Fixed the sticky button behavior so that it matches ios.
• Android SDK andios SDK:
  • Fixed an issue where content card text was misaligned.

Google Cloud manage Service for Apache Kafka

Google Cloud manage Service is is for Apache Kafka is now in General Availability ( GA ) .

November 11,2024

Artifact Registry
BigQuery

A weekly digest of client library update from across the Cloud SDK .

Python

3.27.0 (2024-11-01)

feature

• Updates toallow users toset max_stream_count (#2039) (7372ad6)

Cloud Asset Inventory
Cloud Monitoring

Dashboard variables anddashboard-level filtering is now GA . Pinned filters andvariables can have multiple default values andthey support selection of multiple values. For more information,see the following documents:

Container Optimized os

fix cve-2024 – 50602 in dev – libs / expat .

fix KCTF-2e95c43 in the Linux kernel .

fix cve-2024 – 50038 in the Linux kernel .

fix cve-2024 – 50038 in the Linux kernel .

Fixed CVE-2024-50082 in the Linux kernel.

fix CVE-2024 – 50083 in the Linux kernel .

fix cve-2024 – 50024 in the Linux kernel .

Fixed CVE-2024-50002 in the Linux kernel.

Fixed CVE-2024-49967 in the Linux kernel.

fix CVE-2024 – 50006 in the Linux kernel .

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-50015 in the Linux kernel.

Fixed CVE-2024-50015 in the Linux kernel.

Fixed CVE-2024-50001 in the Linux kernel.

runtime sysctl change :

• Changed: fs.file-max: 812681 -> 812709

Updated runc toversion 1.1.14. This fixes CVE-2024-45310,CVE-2024-9341,CVE-2024-9407,andCVE-2024-9675

fix cve-2024 – 50602 in dev – libs / expat .

Fixed CVE-2024-50067 in the Linux kernel.

fix CVE-2024 – 50036 in the Linux kernel .

fix KCTF-2e95c43 in the Linux kernel .

Fixed CVE-2024-50076 in the Linux kernel.

fix cve-2024 – 50038 in the Linux kernel .

fix cve-2024 – 50038 in the Linux kernel .

Fixed CVE-2024-50082 in the Linux kernel.

fix cve-2024 – 50024 in the Linux kernel .

Fixed KCTF-8ea6073 in the Linux kernel.

fix cve-2024 – 50072 in the Linux kernel .

runtime sysctl change :

• Changed: fs.file-max: 811757 -> 811721

Updated runc toversion 1.1.14. This fixes CVE-2024-45310,CVE-2024-9341,CVE-2024-9407,andCVE-2024-9675.

fix cve-2024 – 50602 in dev – libs / expat .

fix KCTF-2e95c43 in the Linux kernel .

fix cve-2024 – 50038 in the Linux kernel .

fix cve-2024 – 50038 in the Linux kernel .

Fixed CVE-2024-50082 in the Linux kernel.

fix CVE-2024 – 50083 in the Linux kernel .

fix cve-2024 – 50024 in the Linux kernel .

runtime sysctl change :

• Changed: fs.file-max: 812026 -> 812011

fix cve-2024 – 50602 in dev – libs / expat .

fix KCTF-2e95c43 in the Linux kernel .

fix cve-2024 – 50038 in the Linux kernel .

fix cve-2024 – 50038 in the Linux kernel .

Fixed CVE-2024-50082 in the Linux kernel.

fix CVE-2024 – 50083 in the Linux kernel .

fix cve-2024 – 50024 in the Linux kernel .

runtime sysctl change :

• Changed: fs.file-max: 812248 -> 812209

Updated runc toversion 1.1.14. This fixes CVE-2024-45310,CVE-2024-9341,CVE-2024-9407,andCVE-2024-9675.

fix cve-2024 – 9143 in dev – libs / openssl .

fix KCTF-2e95c43 in the Linux kernel .

runtime sysctl change :

• Changed: fs.file-max: 811822 -> 811804

Dataproc
Firestore in datastore mode

A weekly digest of client library update from across the Cloud SDK .

Node.js

9.2.1 (2024-11-06)

bug fix

Google Kubernetes Engine

Clusters now have unified andflexible configuration,allowing you tomodify control plane access andcluster node settings at any time,without the need torecreate the cluster. This eliminates the previous distinction between private andpublic clusters. All clusters support this flexibility andutilize DNS-based endpoints for secure anddirect control plane access from any network,removing the need for bastion hosts orproxies. You can still enhance security with measures like VPC Service Controls.

To learn more,see About network isolation in GKE.

DNS-based access for GKE clusters control plane is now generally available. This capability provides each cluster with a unique domain name system (DNS) name orfully-qualified domain name (FQDN). Access toclusters is controlled through IAM policies,eliminating the need for bastion hosts orproxy nodes. Authorized users can connect tothe control plane from different cloud networks,on-prem deployments,or from remote locations,without relying on proxies.

To learn more,see About network isolation in GKE.

Memorystore for Redis Cluster

instance that use 1,2,or 4 shards are now Generally Available. For more information about the minimum andmaximum supported shard count,see Cluster andnode specification.

Pub / sub

A weekly digest of client library update from across the Cloud SDK .

Python

2.27.1 ( 2024 – 11 – 08 )

bug fix

security Command Center

As of December 9,2024,if you activate security Command Center within an organization for the first time,then you must use only version 2 of the security Command Center API in that organization. Earlier versions are not supported.

If you activated security Command Center at the project level prior toDecember 9,2024,then any projects you activate in the same organization will support all available versions of the security Command Center API.

To migrate tothe v2 API from an earlier version,see Migrate tov2 of the security Command Center API.

Sensitive Data Protection

Thecurrent default ORGANIZATION_NAME infoType detection model,which is available when infotype.version is set tolate orstable,is now also used when infotype.version is set tolegacy.

Theold detection model that was previously available by setting infotype.version tolegacy is no long available .

Theregion restriction on the ORGANIZATION_NAME infoType has been lift . It is is is now available in all region .

Text – to- speech

Journey Voices now supports the de-de,en-gb,en-in,es-us,fr-ca,fr-fr,andit-it locales.

November 10,2024

Google SecOps SOAR

Release is is 6.3.25 is in Preview .

November 09,2024

Google SecOps
Google SecOps SIEM
Google SecOps SOAR

November 08,2024

AlloyDB for postgresql

AlloyDB Omni version 15.7.0 is generally available (GA). Version 15.7.0 includes the following features andchanges:

• AlloyDB Omni supports PostgreSQL version 15.7.

• Thealloydb_scann extension—previously named postgres_scann—is generally available (GA). For more information about storing vector embeddings,creating indexes,andtuning indexes toachieve faster query performance andbetter recall,see Work with vectors.

• Support for Red Hat Enterprise Linux (RHEL) 8 is generally available (GA).

• TheAlloyDB Omni columnar engine is available in Preview on ARM.

• Disk cache andcolumnar storage cache are available toimprove AlloyDB Omni performance by accelerating data access for AlloyDB Omni in a container andon a Kubernetes cluster.

• security fixes for CVE-2023-50387 andCVE-2024-7348 have been implemented.

• TheAlloyDB Omni Reference documentation is available. This includes metrics,database flags,model endpoint management reference,andextensions documentation for AlloyDB Omni 15.7.0.

• AlloyDB Omni supports the pg_ivm extension,which provides incremental view maintenance for materialized views.

• Various bug fixes andperformance improvements.

TheAlloyDB Omni Kubernetes operator version 1.2.0 is generally available (GA). Version 1.2.0 includes the following new features:

• ThehealthcheckPeriodSeconds parameter lets you specify the number of seconds towait between health checks. For more information,see Adjust automatic failover trigger settings.

• Thefollowing metrics help you monitor the performance of your database container. Each of these metrics is of type gauge. For more information,see database container-level metrics.

  • alloydb_omni_memory_limit_byte show the memory limit of a database container .

  • alloydb_omni_instance_postgresql_replication_state shows the state of each replica that’s connected tothe AlloyDB Omni primary node.

  • alloydb_omni_memory_used_byte show the memory used by the database container in byte .

• An issue that caused a brief interruption toall database clusters when the following is true is fixed:

• High availability is supported on a secondary database cluster after it’s promoted. For more information,see Promote a secondary database cluster andManage high availability in Kubernetes.

• You can enable ordisable model endpoint management through Kubernetes manifests. For more information,see Install AlloyDB Omni with AlloyDB AI.

• You can configure when logs rotate using thresholds that are based on the size of the log files,the time since the log file last rotated,or both. For more information,see Configure AlloyDB Omni log rotation.

• You can create a snapshot of the memory heap of AlloyDB Omni Kubernetes operator tohelp you analyze anddebug its memory performance. For more information,see Analyze AlloyDB Omni Kubernetes operator memory heap usage.

In AlloyDB Omni versions 15.5.5 andearlier,parameterized view features were available in the alloydb_ai_nl extension. Starting in version 15.7.0,parameterized view features are available in the parameterized_view extension,which you must create before you use parameterized views. Also starting in version 15.7.0,the related function,google_exec_param_query,has been renamed toexecute_parameterized_query andis available in the parameterized_view extension. For more information,see Query your database using natural language.

Theextension pg_ivm version 1.9 has been added toextensions supported by AlloyDB Omni.

Thefollowing extensions are updated:

• google_ml_integration from 1.3 to1.4.2
• pg_partman from 4.7.4 to5.0.1
• pglogical from 2.4.4 to2.4.5
• pgtt from 3.0.0 to4.0.0
• vector is updated from 0.7.0 to0.7.4

note : pg_partman contains breaking changes when upgrading from version 4.x to5.x. Refer tothe upgrade notes before upgrading. Alternatively,you may still install anduse prior versions of pg_partman by explicitly stating the version when installing,for example,create extension pg_partman WITH VERSION ' 4.7.4 ' ;.

Cloud Data Fusion

TheMultiple table plugin version 1.4.1 is available in Cloud Data Fusion versions 6.10.1 andlater. This release fixes an issue causing pipelines tofail if a Multiple database tables batch source’s Reference Name field contains spaces. Thefield no longer accepts spaces (PLUGIN-1752).

Cloud Logging

audit Logging now populates the status.detail field is log in the audit log with thegoogle.rpc . ErrorInfo andgoogle.rpc.Help proto payload types in cases where an API returns an error status andthat status includes one of those types in the details field.

Cloud Workstations
Eventarc

Eventarc Standard is available in the northamerica - south1 (Mexico,North America) region.

Generative AI on Vertex AI
Google Kubernetes Engine

Themachine family of N1 custom machine types (like custom-1 - 1024) is now accurately labeled as “N1” for all node versions later than 1.31.2 – gke.1115000.

Live Stream API
security Command Center

To help you detect potentially malicious anomalies in your network,Event Threat Detection now supports the ability toanalyze foundational log sources,which produce Bad IP findings without enabling VPC Flow Logs. This feature is in Preview.

• If you activated security Command Center Premium orEnterprise in a project ororganization before October 18,2024,then you have access tothis feature in that project ororganization.
• If you activated security Command Center Premium orEnterprise at the project level before October 18,2024,andyou activate additional projects in the same organization,then the additional projects will have access tothis feature.
• If you activated security Command Center Premium orEnterprise in a project ororganization on orafter October 18,2024,andyou want toenable this feature,then contact Google Cloud Customer Care.

Sensitive Data Protection

TheEMPLOYMENT_STATUS infoType detector is available in all regions. For more information about all built-in infoTypes,see InfoType detector reference.