Google Cloud release notes

A new suite of client-side metrics for the Cloud Bigtable client for Java is generally available (GA) in versions 2.16.0 and later. To learn more about using the new monitoring metrics for performance optimization and troubleshooting, see the Client-side metrics overview.

(Cloud Composer 2) The Composer Local Development CLI tool is now available to help streamline testing and developing using local Airflow environments with Composer 2.

Cloud DNS per resource IAM permissions are available in GA.

Currently, health check probes for hybrid NEGs originate from Google's centralized health checking mechanism. If you cannot allow traffic that originates from the Google health check ranges to reach your hybrid endpoints and would prefer to have the health check probes originate from your own private IP addresses instead, speak to your Google account representative to get your project allowlisted for distributed Envoy health checks.

This feature is available in General availability for allowlisted projects only.

New SQL syntax, RETURNING in the PostgreSQL dialect and THEN RETURN in Google Standard SQL, selects and returns data from rows that were just updated as part of a DML statement. This is especially useful for getting values from default or generated columns and can reduce latency over equivalent multi-statement transactions. The preview supports the Java, JDBC, Python, and Go Spanner clients as well as PostgreSQL drivers that connect through PGAdapter.

Dataproc Metastore administrator interface is available in preview.

The administrator interface provides you with a centralized tool to inspect and manage the metadata stored in your Dataproc Metastore service.

The number of concurrent database restore operations per instance that Cloud Spanner supports has increased from five to ten. For more information, see Backup and restore limits.

Eventarc support for customer-managed encryption keys (CMEK) is generally available (GA).

The AlloyDB Clusters page of the Google Cloud console displays summary cards and a resource table that provide an overview on the overall health of your databases. This helps you monitor the real-time performance of your database fleet.

BigQuery now supports querying Apache Iceberg tables that are created by open source engines. This feature is in preview.

Google Cloud Platform Plugins version 0.20.4 is generally available (GA) in Cloud Data Fusion versions 6.7.1 and 6.7.2. This version includes Dataplex Source and Sink plugins in GA. For more information, see the CDAP Hub release log.

Google Cloud Platform Plugins version 0.19.3 is generally available (GA) in Cloud Data Fusion version 6.6.0. This version includes Dataplex Source and Sink plugins in GA. For more information, see the CDAP Hub release log.

The NEW_ZEALAND_IRD_NUMBER infoType detector is available in all regions.

The VAT_NUMBER infoType detector is available in all regions. Currently, this detector identifies VAT numbers from France, Germany, Hungary, Indonesia, Italy, and the Netherlands.

For more information about all built-in infoTypes, see InfoType detector reference.

Dataplex Source and Sink plugins are generally available (GA) in Cloud Data Fusion for ingesting and processing data.

Error Reporting is a Virtual Private Cloud (VPC) supported service.

The Agent Assist Smart Reply feature now supports French (Canada) in addition to English (United states). See the language support page for details.

Users can generate Supply chain Levels for Software Artifacts (SLSA) build provenance information for standalone Java and Python packages when they upload artifacts to Artifact Registry using new fields available in the Cloud Build config file. This feature is in public preview. For more information, see Build and test Java applications and Build and test Python applications.

AutoML image model updates

AutoML image classification and object detection now support a higher-accuracy model type. This model is available in Preview.

For information about how to train a model using the higher accuracy model type, see Begin AutoML model training.

Batch prediction is currently not supported for this model type.

Cloud Logging for Vertex AI Pipelines is now generally available (GA). For more information, see View pipeline job logs.

Support for an Application Integration connector is available in Preview.

Three new rate limiting keys are now Generally Available:

• HTTP-PATH
• SNI
• REGION-CODE

For more information about using rate limiting keys, see the Rate limiting overview.

Kubernetes control plane logs are now Generally Available. You can now configure GKE clusters with control plane version 1.22.0 or later to export to Cloud Logging logs emitted by the Kubernetes API server, Scheduler, and Controller Manager.

These logs are stored in Cloud Logging and can be queried in the Cloud Logging Log Explorer or Cloud Logging API. These logs can also be sent to Google Cloud Storage, BigQuery, or Pub/Sub using the Log Router.

You can now use deprecation insights to identify clusters on versions 1.23 and earlier that use Docker-based node images, which are unsupported on GKE version 1.24 and later.

BigQuery now supports the following features when you load data:

• ASCII control characters for CSV files.
• Reference file with the expected table schema for creating external tables with Avro, ORC, and Parquet files.

These features are generally available (GA).

View granular cost data from Cloud Run instances in Cloud Billing exports to BigQuery

You can now view granular Cloud Run cost data in the Google Cloud Billing detailed export. Use the resource.global_name field in the export to view and filter your Cloud Run instances.

Review the schema of the Detailed cost data export.

View granular cost data from Cloud Function instances in Cloud Billing exports to BigQuery

You can now view granular Cloud Function cost data in the Google Cloud Billing detailed export. Use the resource.global_name field in the export to view and filter your Cloud Function instances.

Review the schema of the Detailed cost data export.

Preview: VMware Engine private clouds support the addition of a Trusted Platform Module (TPM) 2.0 virtual cryptoprocessor to a virtual machine.

For details about this feature, see About Virtual Trusted Platform Module.

Release 1.13.2

Anthos clusters on bare metal 1.13.2 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.2 runs on Kubernetes 1.24.

Cloud Functions has added support for a new runtime, Node.js 18, at the Preview release level.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• Service Directory
  • servicedirectory.googleapis.com/Namespace

Dialogflow CX now integrates with GitHub. This integration makes it easy to export your agent to JSON for a push to GitHub, and to pull from GitHub for an agent restore.

The Logs tab available for each cluster on the Kubernetes Engine > Clusters page now includes suggested queries for your logs. For more information about using your GKE logs, see Viewing your GKE logs.

Release 1.11.8

Anthos clusters on bare metal 1.11.8 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.8 runs on Kubernetes 1.22.

You can now configure Cloud Build to continue executing a build even if specified steps fail. This feature is available as a preview release. To learn more, see the allowFailure and allowExitCodes topics in Build configuration file schema.

Airflow 2.3.4 is available in Cloud Composer images.

You can download private offers as PDFs. Offers can include notes from the vendor and the included EULA.

You can download private offers as PDFs. Offers can be saved at any point in the offer process and can include internal notes and the EULA for the offer.

GKE Autopilot clusters support compact placement policies in version 1.25 and later.

Policy Analyzer now offers organization policy analysis. Policy Analyzer helps you get more information about the resources affected by an organization policy constraint. This feature is available in Preview.

The Kafka Connector library for Pub/Sub and Pub/Sub Lite is now generally available.

The Kafka Connector library for Pub/Sub and Pub/Sub Lite is now generally available.

Policy Analyzer now offers organization policy analysis. Policy Analyzer helps you get more information about the resources affected by an organization policy constraint. This feature is available in Preview.

Vertex AI Prediction

You can now perform some simple filtering and transformation on the batch input in your BatchPredictionJob requests without having to write any code in the prediction container. This feature is in Preview. For more information, see Filter and transform input data.

Anthos clusters on VMware 1.13.2-gke.26 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.2-gke.26 runs on Kubernetes 1.24.7-gke.1400.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.13, 1.12, and 1.11.

The Impact Level 4 (IL4) compliance regime is now generally available.

Object tables are now in preview. Object tables are read-only tables containing metadata for unstructured data stored in Cloud Storage. These tables enable you to analyze and perform inference on images, audio files, documents, and other file types by using BigQuery ML and BigQuery remote functions. Object tables extend structured data features such as data security and governance best practices to unstructured data.

Metadata caching is now in preview. Using cached metadata might improve query performance for BigLake tables and object tables that reference large numbers of objects, by allowing the query to avoid listing objects from Cloud Storage.

Internal HTTP(S) load balancers and internal TCP proxy load balancers now support global access. By default, clients for these load balancers must be in the same region as the load balancer. With global access enabled, clients can access the load balancer from any region. They still must be in the same VPC network as the load balancer or in a VPC network that's connected to the load balancer's VPC network by using VPC Network Peering.

For instructions, see the following:

• Enable global access for internal HTTP(S) load balancers
• Enable global access for internal TCP proxy load balancers

Logs from Cloud Run services can now be tailed or viewed in a command-line friendly format using gcloud beta run services logs tail and gcloud beta run services logs read

Preview: You can limit the runtime of a VM to automatically stop or delete it when a time limit is reached. Limiting VM runtimes can help you optimize temporary workloads by minimizing costs and releasing quota. For more information, see Limit the runtime of a VM.

Dataproc Serverless for Spark supports Spark and System metrics. These metrics are enabled by default. Spark driver and executor metrics can be customised using overrides.

Starting November 17, 2022, newly created private clouds will utilize IP address layout (IP Plan) version 2.0 subnet allocations. HCX addressing is now included in the management CIDR allocation, simplifying the process of starting data center VM migrations. IP Plan version 2.0 also enables additional scale and features delivered to your public cloud in upcoming releases.

Stretched private clouds are now available in the europe-west3 (Frankfurt) region. You can use stretched private clouds to stretch vSphere/vSAN clusters across zones and protect against zone level failures. This functionality enables high levels of availability for business critical applications.

GKE Autopilot clusters support signaling to GKE that a particular node is problematic in version 1.24 and later.

The Vertex AI Pipelines email notification component is now generally available (GA). This component enables you to configure your pipeline to send up to three emails upon success or failure of a pipeline run. For more information, see Configure email notifications and the Email notification component.

Preview: Connectivity to Private Service Connect endpoints used to access a managed service is supported over VLAN attachments for Cloud Interconnect

Generally available: You can double the default size limit for a managed instance group (MIG): Zonal MIGs support up to 2,000 VMs and regional MIGs support up to 4,000 VMs. For more information, see Increase the group's size limit.

The Identity Document Proofing Processor is designed to help predict the validity of ID documents with four different signals:

• is_identity_document detection: predict whether an image contains a recognized identity document.
• suspicious_words detection: predict whether words are present that aren't typical on IDs.
• image_manipulation detection: predict whether the image was altered or tampered via an image editing tool.
• online_duplicate detection: predict whether the image can be found online.

Filestore Backups for High Scale and Enterprise tier instances is available in Preview.

Filestore Multishares for GKE is now generally available.

Event Threat Detection, a built-in service of Security Command Center Premium, has launched the Initial Access: Excessive Permission Denied Actions rule to Preview. This rule detects events where a principal repeatedly triggers permission denied errors across multiple methods and services.

For more information about Event Threat Detection findings, see Event Threat Detection rules.

Preview: Private Service Connect endpoints with consumer HTTP(S) controls now support accessing regional Google APIs and managed services using the following load balancers:

• Regional internal HTTP(S) load balancer
• Regional external HTTP(S) load balancer

Agent Assist has launched backend modules as a GA feature. Backend modules is an out-of-the-box solution that provides an effective backend infrastructure, making integrating Agent Assist with your agent system faster and easier. See the backend modules basics and integration guide for details.

The Agent Assist Console is now GA. The Console now also includes built-in workflow tutorials that walk you through creating a dataset, training and testing a model, and creating a conversation profile. Sample datasets and demo models are now provided as well. To see the new Console tutorials, navigate to the Console and click the Get started button under the feature you'd like to test.

Agent Assist now supports sentiment analysis of voice data as a private Preview feature. For more information, see the Agent Assist private features documentation. To gain access to the private documentation, please contact your Google representative.

Agent Assist now supports CCAI Transcription as a GA feature. CCAI Transcription allows you to convert streaming audio data into text transcripts in real time, allowing you to implement Agent Assist features for use with voice data. See the documentation for details.

UDM Search

UDM Search is a new Chronicle search feature which enables you to find UDM events within your Chronicle instance. You can search both for individual UDM events and groups of UDM events tied to shared search terms. UDM search includes a number of search features, enabling you to navigate through your UDM data:

• Quick Filters—Fast access to saved searches and search history.
• Event Viewer—View the raw log and UDM for the event.
• Search Manager—Comprehensive view of your saved searches and search history.

There is also a new UDM search API method available for the Chronicle Search API.

Be sure to review Google's recommended best practices for conducting searches using UDM Search. UDM searches can require substantial computational resources to complete if they are not constructed carefully. Performance also varies depending on the size and complexity of the data in your Chronicle instance.

Cloud Bigtable now lets you retrieve metadata about a table, giving you greater observability when troubleshooting. This feature is generally available (GA). For more information, see Table stats.

Time to live (TTL) is now supported in PostgreSQL-dialect databases. With TTL, you can reduce storage costs, improve query performance, and simplify data retention by automatically removing unneeded data based on user-defined policies.

Added support for the JSONB data type in the Cloud Spanner PostgreSQL dialect. For more information, see Work with JSONB data.

For online document translations, you can increase the page limit for native PDF documents to 300 pages.

Generally available: Use the new distribution shape ANY SINGLE ZONE in a regional managed instance group (MIG) to automatically select a single zone that has available resources within your quota. Recommended for workloads that require low latency, high-bandwidth connections between VMs or when you want to avoid inter-zone network traffic costs.

Added spec.gcRules to BigtableGCPolicy (Issues #624, #542, #482, #345, #300).

Added spec.load.jsonExtension to BigQueryJob.

Added spec.externalDataConfiguration.avroOptions to BigQueryTable.

Added spec.compressionMode to ComputeBackendBucket.

Added spec.compressionMode to ComputeBackendService.

Added spec.advancedOptionsConfig.jsonCustomConfig to ComputeSecurityPolicy.

Added spec.managementConfig.fullManagementConfig to ConfigControllerInstance.

Added spec.nodeConfig.guestAccelerator[].gpuSharingConfig and spec.notificationConfig.pubsub.filter to ContainerCluster.

Added spec.nodeConfig.guestAccelerator[].gpuSharingConfig to ContainerNodePool.

Added spec.config.dataprocMetricConfig, spec.config.gceClusterConfig.confidentialInstanceConfig, spec.config.gceClusterConfig.shieldedInstanceConfig, spec.config.masterConfig.diskConfig.localSsdInterface, spec.config.metastoreConfig.dataprocMetastoreServiceRef, spec.config.secondaryWorkerConfig.diskConfig.localSsdInterface, spec.config.securityConfig, spec.config.workerConfig.diskConfig.localSsdInterface and spec.virtualClusterConfig to DataprocCluster.

Added spec.cloudLoggingConfig to DNSManagedZone.

Added spec.persistenceConfig to RedisInstance.

Added status.version to SecretManagerSecretVersion.

Added spec.maintenanceVersion and status.availableMaintenanceVersions to SQLInstance.

Added spec.passwordPolicy to SQLUser.

Added spec.customPlacementConfig to StorageBucket.

Added spec.notificationConfig to StorageTransferJob (Issue #303).

Added support for DLPJobTrigger resource.

Topic modeling is now a GA feature. Topic modeling helps you discover topics (call drivers) in conversations between contact center agents and end-users. For more information, see the documentation.

Dialogflow CX agents can now be exported to JSON.

BigQuery subscriptions now support the JSON type for all string fields, including data and attributes. For more information about JSON type compatibility, see Properties of a BigQuery subscription.

The Israel Regions and Support compliance regime is now in Preview.

The slot estimator helps you manage slot capacity based on historical performance metrics. This feature is now generally available (GA).

Support for internal ingress from Cloud Tasks to Cloud Run and Cloud Functions is now at General Availability.

The files attribute was added to the Finding object of the Security Command Center API.

The files attribute contains information about each file that triggered a finding, including the name of the file, the full path to the file, and the size of the file.

For more information, see the Security Command Center API documentation for the Finding object.

Access Approval lets you revoke active access requests using the Google Cloud console.

Airflow triggerer and Deferrable Operators are available in Preview in Cloud Composer 2.

Note: Minimum versions required by Airflow triggerer: Cloud Composer 2.0.31 and up, Apache Airflow 2.2.5 and up.

Cloud Monitoring now provides a GKE Clusters dashboard for enabling Managed Service for Prometheus on clusters in your project. For more information, see Get started with managed collection.

Anthos clusters on VMware 1.11.5-gke.14 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.11.5-gke.14 runs on Kubernetes 1.22.15-gke.2200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.13, 1.12, and 1.11.

Regional external and regional internal HTTP(S) load balancers now support regional SSL policies. SSL policies give you the ability to control the features of SSL that your Google Cloud load balancers negotiate with clients.

For details, see:

• SSL policies overview
• Use SSL policies

This feature is in General Availability.

You can now use the Google Cloud console to get role recommendations and policy insights for buckets. Role recommendations and policy insights help you understand and manage permission usage for your buckets.

Generally available: Share sole-tenant node groups with other projects or with your entire organization. For more information, see Share sole-tenant node groups.

Enable the validation check for Enum property values by default. Enum values that are not defined in the schema will not be allowed to be set to the corresponding document property Enum fields. The validationCheckDisabled flag in EnumTypeOptions disables the ENUM Validation.

Enable text extraction feature.

You can now use use compact placement for node auto-provisioning in Standard clusters with GKE version 1.25 and later. To learn more, see Use compact placement for node auto-provisioning.

Security Command Center added the ability to export findings to a CSV file from the Google Cloud console. For more information, see Export findings to a CSV file.

The CBSDs can now operate in the 3650–3700 MHz portion of the CBRS band in the 150 km area around fixed-satellite service (FSS) receive-only earth stations. The 150 km area around each FSS for 3650-3700 MHz that was considered an exclusion zone is now a protection zone. For more information on how to access the CBRS heatmaps, see CBRS heatmaps.

This feature is Generally Available (GA).

Users can now use SMB to transfer data by enabling SMB file share.

AutoML Image Classification Error Analysis

Error analysis allows you to examine error cases after training a model from within the model evaluation page. This feature is available in Preview.

For each image you can inspect similar images from the training set to help identify the following:

• Label inconsistencies between visually similar images
• Outliers if a test sample has no visually similar images in the training set

After fixing any data issues, you can retrain the model to improve model performance.

The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

Enhancements to Bare Metal Solution resource management–Adds the following self-service functionality:

• Manage networks–You can create, attach, detach, and delete networks. You can also add, update, and delete VLAN attachments.
• Manage boot volume snapshots–You can create, delete, and restore boot volume snapshots.
• Manage NFS file storage–You can create, update, and delete NFS storage volumes.
• Advanced networking–You can add connections to multiple networks on a single server. You can now view advanced networking information through the Google Cloud console too.
• Labels–You can organize your Bare Metal Solution resources by using labels. You can add labels to servers, networks, storage volumes, and NFS file storage.
• Manage the power state of servers–You can turn power on and off for your server and restart your server. You can also check the status of a server.

You can now transfer data from Amazon S3 and Azure Blob Storage to BigQuery using the LOAD DATA statement. This feature is generally available (GA) and includes support for the following features:

• Transfer files that are hive partitioned.
• Load semi-structured JSON source data into BigQuery without providing a schema by using JSON columns in the destination table.
• Encrypt destination tables using customer managed encryption keys.
• Transfer data to US multi-region and US-EAST-4 regions.

Alerts and IOC Matches

The Alerts and Indicators of Compromise (IOC) page displays all the alerts and IOCs currently impacting your enterprise. It provides tools that enable you to filter and view your alerts and IOCs.

• Alerts can be designated by your security infrastructure, by your security personnel, or by Chronicle Uppercase.

• IOCs are designated automatically by Chronicle. Chronicle is always absorbing data from both your own infrastructure and numerous other security data sources. It automatically correlates suspicious security indicators with your security data. If a match is found (for example, a suspicious domain is found within your enterprise), Chronicle labels the event as an IOC and displays it on the IOC matches tab.

You can also still navigate to the Enterprise Insights page using the link provided at the top of the Alerts and IOCS page. To view CBN alerts, you still need to use the Enterprise Insights page.

Alert view

Alert view shows a variety of information with regards to a specific alert, including:

• Alert Status

• Alert Details—Displays an alert's creation time, recent updates, and its associated rule.

• Decision States—Displays the verdict for the alert and if it is an indication of a security issue. History—Displays the history of changes made to the alert by your security team. For alerts originating from Chronicle SOAR, Alert view also includes the number and a link to the associated Chronicle SOAR case. You can pivot to your Chronicle SOAR account using this link.

Chronicle SOAR Authentication

You can authenticate with your Chronicle SOAR account from Chronicle. Once you have authenticated with your Chronicle SOAR account, you can pivot between your Chronicle account and your Chronicle SOAR account as needed.

Chronicle SOAR Cases

Chronicle SOAR ingests alerts from a variety of sources. You can conduct additional investigations of Chronicle SOAR cases from Chronicle or pivot to Chronicle SOAR. You can pivot to your Chronicle SOAR Cases from the Chronicle application menu. For more information on Chronicle SOAR cases, see the Chronicle SOAR documentation.

Chronicle SOAR Playbooks

Chronicle SOAR Playbooks define a series of automatic steps taken when triggered by an incoming alert and can be used to investigate and respond to security issues. You can pivot to your Chronicle SOAR Playbooks from the Chronicle application menu. For more information on Chronicle SOAR Playbooks, see the Chronicle SOAR documentation.

Expanded Cloud Storage monitoring dashboards are now available in Preview.

• Available metrics include server and client error rates, write request counts, network ingress rates, and network egress rates.
• Dashboards can be filtered by bucket location.
• Dashboards are customizable, including the ability to set up alerts.

In addition to the project-wide dashboard, per-bucket dashboards are available in a new Observability tab in the Bucket Details for each bucket.

Support for VPC Service Controls is in Preview.

Curate which products are available for your Organization to use with Private Marketplace (Preview). You can add products to collections and share these collections with your organization, folders, or projects.

Learn more about Private Marketplace.

GKE Gateway for Single Cluster is now generally available in GKE version 1.24 and later. Use the Gateway API to express the intent of your inbound HTTP(S) traffic into your GKE cluster and the Gateway controller will instrument and fully manage the external and/or internal HTTP(S) load balancer(s) that forwards traffic to your applications. For complete details about the GKE Gateway controller, refer to the following documentation.

You can use the Google Cloud console to view authentication activities, which indicate when your service accounts and keys were last used to call a Google API.

Feature Transform Engine is available in Preview. For documentation, refer to Feature engineering.

Release 1.12.4

Anthos clusters on bare metal 1.12.4 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.4 runs on Kubernetes 1.23.

DNS Resolution is generally available (GA). You can use domain or hostnames for sources instead of IP addresses for pipeline design-time activities, such as getting schema, wrangling, and previewing pipelines.

Cloud Spanner now supports cross-region and cross-project backup use cases. You can copy a backup of your database from one instance to another instance in a different region or project to provide additional data protection and compliance capabilities.

The Autoclass feature is now available.

• When enabled, Autoclass transitions the storage classes of your objects automatically based on their access patterns.
• Currently, Autoclass can only be enabled at the time of bucket creation.

M100 Release

• Regular package updates.

M100 Release

• Migrated the Docker proxy agent to use a systemctl service.
• Regular package updates.

M100 Release

The M100 release of Vertex AI Workbench includes the following:

• Fixed a bug that prevented an instance with a GPU from starting.
• Regular package updates.
• Miscellaneous bug and display fixes.

Preview: You use the private.googleapis.com and restricted.googleapis.com VIPs to access Google APIs and services using IPv6 addresses. For more information, see the following pages:

• Use the VIPs from VMs with internal IPv6 addresses
• Use the VIPs from VMs with external IPv6 addresses
• Use the VIPs from on-premises hosts with IPv6 addresses
• Use restricted.googleapis.com with VPC Service Controls

In the Cloud console, the Add data feature lets you access popular ways to search for and ingest data sources that work with BigQuery. For an example, see viewing listings in Analytics Hub. This feature is now generally available (GA).

Users can now customize Slack notifications for their builds using notifier templates. To learn more, see Configure Slack notifications.

The ExcludeByHotword type was added as a type of ExclusionRule. With this new type, you can do the following:

• Exclude a column from inspect findings if the column name matches a regular expression.
• Exclude a finding from inspect findings if that finding is proximate to a string that matches a regular expression.

Previously, you could do these only by setting up a hotword rule that lowers the likelihood of the matching findings.

For more information on excluding findings, see Exclusion rules.

You can now dynamically include your log content in your alert notifications for easier troubleshooting. For more information about extracting log content into labels, see Create a log-based alert (Monitoring API).

You can now dynamically include your log content in your alert notifications for easier troubleshooting. For more information about extracting log content into labels, see Create a log-based alert (Monitoring API).

Generally available: Memory-optimized M3 virtual machine instances are available in the following regions and zones:

• Frankfurt, Germany (europe-west3-a,b)
• Eemshaven, Netherlands (europe-west4-a,b)
• Council Bluffs, Iowa, USA (us-central1-a,b)
• Las Vegas, Nevada, USA (us-west4-a,b)

See VM instance pricing for details.

If a Dataproc Metastore service uses the gRPC endpoint protocol, a Dataproc or self-managed cluster located in any region can attach to the service.

The following languages are now GA (generally available) for Dialogflow CX:

• Bulgarian (bg)
• Catalan (ca)
• Croatian (hr)
• Czech (cs)
• Greek (el)
• Hebrew (iw)
• Hmong (hmn)
• Hungarian (hu)
• Serbian (sr)
• Slovak (sk)
• Somali (so)

The following new features have been introduced in this release of Google Distributed Cloud Edge:

• Anthos VM Runtime replaces Kubevirt in Google Distributed Cloud Edge starting with this release. To continue using your existing virtual machines, you must shut them down and back them up before your Distributed Cloud Edge deployment is upgraded to release 1.2.0, and then re-create them as described in Manage virtual machines.
• A new Google Distributed Cloud Edge hardware configuration is available. This new configuration supports GPU-based workloads that run on NVIDIA Tesla T4 GPUs in both containers and virtual machines. To order a GPU-enabled configuration, see Order Google Distributed Cloud Edge. To learn more about running workloads on GPUs, see Manage GPU workloads.
• Google Distributed Cloud Edge now supports the following networking features:
  • (Preview) Cross-project VPN Connections. To learn more, see Manage cross-project VPN Connections.
  • (Preview) MacVLAN driver support for creating secondary network interfaces for Pods running containerized workloads. The MacVLAN driver is not supported on Pods running virtual machines. To learn more, see Configure a secondary network interface on a Pod using the MacVLAN driver.
  • (Preview) Multi-network support for creating secondary network interfaces for Pods. To learn more, see Configure a secondary network interface on a Pod using Distributed Cloud Edge multi-networking.
  • (Preview) ClusterDNS resource. To learn more, see ClusterDNS resource.

When you create a LoadBalancer service in GKE, the Google Cloud controllers automatically create the following firewall rules and apply them to the GKE nodes to allow inbound connections on the Service port:

• Internal load balancer with GKE subsetting or external load balancer with regional backend services (RBS): k8s2-[cluster-id]-[namespace]-[service-name]-[suffixhash]
• Internal load balancer without GKE subsetting or external load balancer with target pool: k8s-fw-[loadbalancer-hash]

These rules now include the load balancer IP address in the destination ranges field to further control the inbound connections to the nodes. You can use the gcloud compute firewall-rules describe command to check a relevant firewall. The new field in the output is similar to the following:

destinationRanges:
- [LOADBALANCER_VIRTUAL_IP_ADDRESS]

Support for schema extensions in Managed Microsoft AD is generally available. Learn how to extend the schema.

Support for the migration of users from an existing domain to Managed Microsoft AD is available in Preview. Learn how to enable permissions for migrating an on-premises domain with SID History.

Security Command Center released two new error detectors:

• KTD blocked by admission controller
• KTD image pull failure

These detectors report configuration errors that prevent the Container Threat Detection service from functioning properly.

Remediation guidance is provided for each finding type. For more information, see Security Command Center errors.

Beta stage support for the following integration:

• Config Controller

Apigee support for using Private Service Connect (PSC) for client-to-Apigee (northbound) traffic is now GA. In addition, we now support using PSC for northbound routing in multi-region configurations. For details, see Expanding Apigee to multiple regions. See also Northbound networking with Private Service Connect and Migrate northbound routing to Private Service Connect.

The Logs tab available for each cluster on the Kubernetes Engine > Clusters page now includes suggested queries for your logs. For more information about using your GKE logs, see Viewing your GKE logs.

Vertex AI Prediction

You can now use A2 machine types to serve predictions.

Vertex ML Metadata

You can now filter contexts, executions, and artifacts by association and attribution.

Custom training on Vertex AI now supports NVIDIA A100 80GB GPUs on a2-ultragpu-1g/2g/4g/8g machines. For details, see Configure compute resources for custom training.

SQL functions for managing wrapped keysets are generally available (GA). You can now perform the following actions natively in BigQuery with fewer risks and steps:

• Create a wrapped keyset
• Rotate a wrapped keyset
• Rewrap a wrapped keyset
• Encrypt and decrypt a column with a wrapped keyset

Included with this release are the following new key management functions:

• KEYS.NEW_WRAPPED_KEYSET
• KEYS.ROTATE_WRAPPED_KEYSET
• KEYS.REWRAP_KEYSET

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Org Policies
  • orgpolicy.googleapis.com/Policy

You can now add table widgets to custom dashboards that let you limit the number of table rows, persiste specific columns, display only those rows with the highest, or lowest values, and that display a visual indicator of the value as compared to the range of possible values. For more information, see Display data in tabular form on a dashboard.

Support for the NHibernate ORM is now generally available, enabling you to use Cloud Spanner as a backend database for the NHibernate framework. For more information, see NHibernate Dialect for Cloud Spanner.

You can now easily identify clusters that use certificates incompatible with Kubernetes version 1.23. Kubernetes 1.23 deprecation insights are now available in Preview for clusters of at least version 1.22.6-gke.1000.

Vertex AI Prediction

Custom prediction routines (CPR) are now Generally Available. CPR lets you easily build custom containers for prediction with pre/post processing support.

VPC-SC for managed Anthos Service Mesh is generally available (GA) in the rapid channel.

The query execution graph is now in preview. You can use the query execution graph to diagnose query performance issues, and to receive query performance insights.

M99 Release

• Fixed a bug where Jupyter widgets through ipywidgets were causing errors and not displaying.
• Regular package updates.

M99 Release

• Fixed a bug where Jupyter widgets through ipywidgets were causing errors and not displaying.
• Updated TPU versions for TensorFlow 2.8, 2.9, and 2.10 Deep Learning VMs.
• Improved error messages for debugging custom container Deep Learning VMs that were instantiated with a GPU but without installing NVIDIA drivers.
• Regular package updates.

End-user authentication is being made available to managed Anthos Service Mesh in the rapid release channel. See the preceding release note for rollout timelines.

Anthos clusters on VMware 1.13.1-gke.35 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.1-gke.35 runs on Kubernetes 1.24.2-gke.1900.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.13, 1.12, and 1.11.

• Increased logging granularity for the cluster backup operation including indicating status for each step of the process.

Cluster lifecycle improvements in 1.13 and later

Preview: You can use the Google Cloud console to create user clusters, delete user clusters, and to add and remove node pools from a user cluster. To explore the new feature, try out the tutorial Create an Anthos on bare metal user cluster on Compute Engine VMs using the console.

Build environment variables support is now generally available.

Build environment variables support is now generally available.

Build environment variables support is now generally available.

Build environment variables support is now generally available.

Build environment variables support is now generally available.

Build environment variables support is now generally available.

The BigQuery migration assessment is now available for Amazon Redshift in preview. You can use this feature to assess the complexity of migrating from your Amazon Redshift data warehouse to BigQuery.

The Cloud Router BGP MD5 authentication feature is Generally Available (GA). For more information, see Use MD5 authentication.

The image import tool now supports importing Ubuntu 22.04 LTS images to Google Cloud.

BigQuery subscriptions now support the Avro logical types timestamp-micros, date, and time-micros. For more information about schema compatibility between a Pub/Sub topic and a BigQuery table, see Schema compatibility.

The feature for listing all tags that are attached to or inherited by your resources has entered general availability. For more information, see Creating and managing tags.

You can now use the Cloud Console UI to create and manage tags. For more information, see Creating and managing tags.

Beta stage support for the following integration:

• BigQuery Data Policy API

Private Service Connect supports internal regional TCP proxy load balancers as a service attachment target in General Availability. This lets you create hybrid TCP/UDP services where a clients in a VPC network can connect to an on-premise service by going through Private Service Connect and a TCP proxy with hybrid NEGs to reach a hybrid endpoint.

You can now launch clusters with the following Kubernetes versions:

• 1.22.15-gke.1400
• 1.23.12-gke.1400
• 1.24.6-gke.1300

Release 1.13.1

Anthos clusters on bare metal 1.13.1 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.1 runs on Kubernetes 1.24.

The max_staleness materialized view option helps you achieve consistently high performance with controlled costs when processing large, frequently changing datasets. This feature is now in preview.

Column-level data masking is now generally available (GA). You can use data masking to selectively obscure column data for groups of users, while still allowing access to the column.

Cloud HSM resources are now available in the following regions:

• europe-southwest1
• europe-west9
• me-west1

For information about which locations are supported by Cloud KMS, Cloud HSM, and Cloud EKM, see Cloud KMS locations.

Cloud Load Balancing introduces the internal regional TCP proxy load balancer. This is an Envoy proxy-based regional layer 4 load balancer that enables you to run and scale your TCP service traffic behind an internal regional IP address that is accessible only to clients in the same VPC network or clients connected to your VPC network.

The internal regional TCP proxy load balancer distributes TCP traffic to backends hosted on Google Cloud, on-premises, or other cloud environments.

For details, see the following:

• Internal TCP Proxy Load Balancing overview
• Set up an internal TCP proxy load balancer:
  • Instance group backends
  • Zonal NEG backends
  • Hybrid connectivity NEG backends

This capability is in General Availability.

Cloud SWG is available in Preview. Cloud SWG provides a secure web gateway that helps you secure egress web traffic (HTTP/S). Contact your sales representative to sign up and use Cloud SWG.

Dataproc Serverless for Spark now allows the customization of driver and executor memory using the following properties:

• spark.driver.memory
• spark.driver.memoryOverhead
• spark.executor.memory
• spark.executor.memoryOverhead

Dataproc Serverless for Spark now outputs approximate_usage after a workload finishes that shows the approximate DCU and shuffle storage resource consumption by the workload.

A new Release Candidate (RC) version of the Document OCR Processor, pretrained-ocr-v1.1-2022-09-12, is available in the US and EU. This RC can detect document defects.

• If the document is considered to be defective, the API now returns the same 5 document defect types supported by the Intelligent Document Quality Processor:
  • quality/defect_blurry
  • quality/defect_noisy
  • quality/defect_dark
  • quality/defect_faint
  • quality/defect_text_too_small
• In addition, it now supports 3 more defect types:
  • quality/defect_document_cutoff
  • quality/defect_text_cutoff
  • quality/defect_glare
• The defect detection results are in the image_quality_scores field on the Page object in the returned JSON. This additional feature adds latency comparable to OCR processing to the process call.

Anthos clusters on bare metal 1.11.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.7 runs on Kubernetes 1.22.

The following language translation pairs have been added:

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• Cloud Domains
  • domains.googleapis.com/Registration
• Cloud Functions 2nd Gen
  • cloudfunctions.googleapis.com/Function

The translator workflow is in Preview:

• Administrators can invite translators to their project and add translators to post-editing groups. For more information, see Enable post-editing requests.
• Portal users can request post-edits from translators.
• Translators can review and edit translations.

Support for 24 new languages is Generally Available (GA). Glossaries aren't supported when translating to or from these languages.

• Assamese
• Aymara
• Bambara
• Bhojpuri
• Dhivehi
• Dogri
• Ewe
• Guarani
• Ilocano
• Konkani
• Krio
• Kurdish(Sorani)
• Lingala
• Luganda
• Maithili
• Meiteilon(Manipuri)
• Mizo
• Oromo
• Quechua
• Sanskrit
• Sepedi(Pedi)
• Tigrinya
• Tsonga
• Twi (Akan)

Added the spec.helm.values field in RootSync and RepoSync to allow overriding the default values that accompany the Helm chart.

The constraint template library includes a new template: K8sBlockLoadBalancer. For reference, see Constraint template library.

A link to the Settings page has been added to the APIs list page.

See: Discover APIs using APIs list

This release contains the General Acceptance (GA) release of Advanced API Security, which:

• Detects unwanted requests sent to your APIs, including attacks by bots or other malicious agents.
• Evaluates the security of your API configurations and provides recommendations for improvements.

Advanced API Security is a paid add-on to Apigee. You can try out Advanced API Security for free in any trial org—follow the procedure described in Enable Advanced API Security. Contact Apigee to learn more.

Search indexes and the SEARCH() function are now generally available (GA). These enable you to use Google Standard SQL to efficiently pinpoint specific data elements in unstructured text and semi-structured data.

Cloud Data Fusion version 6.7.2 is generally available (GA). This release is in parallel with the CDAP 6.7.2 release.

Bucket tags are now generally available (GA).

Generally available: Compute Engine flexible committed use discounts (flexible CUDs) are spend-based discounts that add flexibility to your spending capabilities by eliminating the need to restrict your commitments to a single project, region, or machine series. You can purchase flexible commitments and commit to a minimum hourly spend amount to use vCPUs and/or memory in any of the projects within your Cloud Billing account, across any region, and belonging to any eligible general-purpose and/or compute-optimized machine types.

Learn more about flexible CUDs and how to purchase flexible commitments.

Filestore is now available in Columbus (us-east5 region).

Filestore is now available in Dallas (us-south1 region).

Filestore is now available in Tel Aviv (me-west1 region).

Recording Google Analytics 4 user events to the Retail API is available in GA. If you have integrated Google Analytics 4 for your user events, you can record the user event data in Google Analytics 4 format directly to the Retail API.

To use this feature, see the Record user events with Google Analytics 4 documentation.

A/B experiment traffic monitoring for Retail Search is available in private preview. See the documentation for A/B experiment monitoring.

A/B experiments compare key metrics between the Retail API and your existing search implementation. After setting up an experiment and its traffic splitting, you can monitor experiment traffic using the Retail console. In the console, you create variant arms that map to each experiment group that you created for the A/B experiment. This allows you to check whether the actual traffic matches the intended traffic split of your experiment. Traffic monitoring can help you determine if differences in traffic are due to a quality gap between services or an incorrect experiment setup.

To use A/B experiment traffic monitoring in private preview, contact Retail Support.

Vertex AI Prediction

You can now use E2 machine types to serve predictions.

The following geography functions are now generally available (GA):

• ST_ISCLOSED: Returns TRUE for a non-empty geography, where each element in the geography has an empty boundary.
• ST_ISRING: Checks if a geography is a linestring and if the linestring is both closed and simple.

Added storageTarget to BigTableInstance (Issue #729).

Added location and BITBUCKET support to CloudBuildTrigger (Issue #672).

Added visibleCoreCount to ComputeInstance.

Added visibleCoreCount to ComputeInstanceTemplate.

Added snapshotProperties.chainName to ComputeResourcePolicies.

Added chainName to ComputeSnapshot.

Added certificateMapRef to ComputeTargetSSLProxy.

Added costManagementConfig, nodePoolDefaults, serviceExternalIpsConfig to ContainerCluster.

Added locationPolicy, totalMaxNodeCount, totalMinNodeCount to ContainerNodePool.

Added channelRef and resourceConditions to EventarcTrigger.

Added mesh to GKEHubFeatureMembership.

Added forceDelete to MonitoringNotificationChannel.

Released new controller unmanaged-detector. Now if there is no Config Connector controller for a resource's namespace, that resource's status will show as "Unmanaged".

Extended faster reconciliation of resources with dependencies to support IAMAuditConfig and IAMPolicy.

Added support for DLPInspectTemplate resource.

General availability for the following integration:

• Organization Policy Service

Anthos Service Mesh now supports configuring Mesh CA and Google CA Service connectivity through an HTTPS proxy when direct connectivity from the sidecar-injected workloads is not available (for example, due to firewalls or other restrictive features). See Configure Certificate Authority connectivity through a proxy for more information.

Anthos clusters on VMware 1.12.3-gke.23 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.12.3-gke.23 runs on Kubernetes 1.23.8-gke.1900.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.13, 1.12, and 1.11.

Some runtime error messages have been improved with a reason code. To display only the error codes with a reason code, scroll down to Search and type reason. The error catalog filters the view.

See: Runtime error catalog

You can now view BI Engine Top Tables Cached Bytes, BI Engine Query Fallback Count, and Query Execution Count as dashboard metrics for BigQuery. This feature is now in preview.

You can now instrument gRPC applications to use Microservices observability.

Pricing for Microservices observability is the same as Cloud Operations Pricing. There are no separate charges for using Cloud Trace, Cloud Monitoring, or Cloud Logging Microservices observability plugins.

You can now instrument gRPC applications to use Microservices observability.

Pricing for Microservices observability is the same as Cloud Operations Pricing. There are no separate charges for using Cloud Trace, Cloud Monitoring, or Cloud Logging Microservices observability plugins.

You can now instrument gRPC applications to use Microservices observability.

Pricing for Microservices observability is the same as Cloud Operations Pricing. There are no separate charges for using Cloud Trace, Cloud Monitoring, or Cloud Logging Microservices observability plugins.

Dataproc Serverless for Spark now supports spark.dataproc.diagnostics.enabled property that enables auto diagnostics on Batch failure. Note that enabling auto diagnostics will hold compute and storage quota after Batch is complete and until diagnostics is finished.

Default security policies are now Generally Available. You can configure a default rate-limiting security policy when you use the Google Cloud Console to set up your load balancer. For more information, see the Rate limiting overview.

Support for limiting the maximum number of concurrent branches or iterations within a parallel step is available in Preview.

Samples in Go are available for Batch. Documentation has been updated to include the following samples:

• Create a basic container job
• Create a basic script job
• List jobs
• Describe a job
• Delete a job

For more information, see All Batch code samples.

To show or hide log entries similar to a log entry displayed in the Logs Explorer, expand the log entry and use the Similar entries menu.

The Cloud Monitoring Integrations page now provides access to logs collected by logs-enabled integrations from the Details page for each integration.

New public dataset stored in Cloud Storage.

• Data for ERA5 are now hosted publicly in Cloud Storage.

New Version Release

• Bring Your Own Carrier (BYOC) - Customers can now bring their own numbers through their carrier.

• Dual Channel Recording - Customers can enable dual channel audio recordings (e.g. agent channel and consumer channel)

• Virtual Agent Enhancements: Dialogflow CX agents configured for Global Region enabled, barge-in for Dialogflow CX (Voice), and passing parameters (either static or dynamic data) to Virtual Agents via Web SDK.

• Agent Assist Enhancements: Agent Assist profiles configurable via Developer Settings & enabled at a queue level.

• Secure Payment: Braintree supported as a payment provider and additional currencies (GBP, EUR, CAD) supported on Stripe and Braintree.

Dialogflow CX now provides a telephony integration with Twilio

As of October 21, 2022, we have promoted our v1.3 Release Candidate version to a Stable version of the Invoice processor.

Features in the new Stable Invoice processor, version pretrained-invoice-v1.3-2022-07-15.

• Out of the box support for 7 new languages: Italian, Portuguese, Romanian, Swedish, Estonian, Lativian, Lithuanian

• Support for uptraining using the newly launched Document AI Workbench. See Uptrain a specialized processor.

• Improvements to Currency and Date Normalization.

• Improvements to Line Items extraction.

• Quotas and limits

  • Maximum pages (online/synchronous requests): 15
  • Maximum pages (batch/offline/asynchronous requests): 200
  • Regional availability
    • US (Multi-region), Europe (Multi-region)

Alongside this stable version, we are launching a new release candidate version, pretrained-invoice-v1.4-2022-10-21, to which new features will be added.

count() queries are now available in Preview.

Connectivity Tests now includes a feature that verifies connectivity from a VM or an IP address to a Private Service Connect endpoint. For more information, see Create and run Connectivity Tests.

Event Threat Detection, a built-in service of Security Command Center, launched the following rules to general availability (GA).

• Discovery: Can get sensitive Kubernetes object check
• Privilege Escalation: Changes to sensitive Kubernetes RBAC objects
• Privilege Escalation: Create Kubernetes CSR for master cert
• Privilege Escalation: Creation of sensitive Kubernetes bindings
• Privilege Escalation: Get Kubernetes CSR with compromised bootstrap credentials
• Privilege Escalation: Launch of privileged Kubernetes container

These rules detect scenarios where a potentially malicious actor attempted to query or escalate privileges in Google Kubernetes Engine. For more information, see Event Threat Detection rules.

You can specify the source IP ranges for egress rules and the destination IP ranges for ingress rules. This feature is available in Preview.

The Australian Regions and US Support compliance regime is now in Preview.

Data exploration workbench (Explore) is generally available (GA). Explore provides a fully-managed, serverless data exploration experience powered by fully-governed collaboration, one-click scheduling, and interactive querying using Spark SQL scripts and Jupyter notebooks.

The OAUTH_CLIENT_SECRET infoType detector is available in all regions.

The rollout of the following PostgreSQL minor versions, extension versions, and plugin versions is currently underway:

Minor versions

• 10.21 is upgraded to 10.22.
• 11.16 is upgraded to 11.17.
• 12.11 is upgraded to 12.12.
• 13.7 is upgraded to 13.8.
• 14.4 is upgraded to 14.5.

Extension and plugin versions

• plv8 is upgraded from 3.1.2 to 3.1.4.
• wal2json is upgraded from 2.3 to 2.4.
• pgTAP is upgraded from 1.1.0 to 1.2.0.
• PostGIS is upgraded from 3.1.4 to 3.1.7.

In addition, this rollout introduces the following changes to collation support:

1. The C.UTF-8 collation is renamed to C.utf8. The original name is supported as an alias of the new name.

2. The following collations aren't supported anymore:

   • as_IN.utf8
   • az_AZ.utf8
   • ca_ES.utf8@valencia
   • eo.utf8
   • ia
   • iw_IL
   • iw_IL.utf8
   • pap_AN
   • tt_RU.utf8
   • tt_RU.utf8@iqtelif

If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

The new maintenance version is [PostgreSQL version].R20221017.01_00. To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

The number of concurrent database restore operations per instance that Cloud Spanner supports has increased from one to five. For more information, see Backup and restore limits.

Generally available: You can resize an existing hardware resource commitment and split it into smaller commitments to closely monitor and manage portions of one large commitment in the form of smaller individual commitments. You can now also split your commitments by using the Google Cloud Console. For more information, see Splitting commitments.

Generally available: Accelerator-optimized (A2 ultraGPU) machine types with their attached A100 80GB GPUs are now available in the following regions and zones:

• Iowa, North America: us-central1-c
• Ashburn, Virginia, North America: us-east4-c

Rapid Vulnerability Detection, a built-in service of Security Command Center Premium, is now available in Preview.

Rapid Vulnerability Detection is a zero-configuration network and web application scanner that detects weak credentials, incomplete software installations, and other critical vulnerabilities that have a high likelihood of being exploited.

For more information, see Rapid Vulnerability Detection conceptual overview.

Remote functions, which let you invoke functions from Cloud Functions or Cloud Run in your Google Standard SQL queries, are now generally available (GA).

Natural Language Content Classification v2 model is now in Public Preview. This model supports an expanded taxonomy with 1091 content categories and 11 languages. The model is distilled from a Large Language Model with improved performance over the v1 offering.

The following new generally available features help you identify and troubleshoot high latencies in specific databases:

• The Lock insights dashboard helps you identify latency spikes that are due to lock contentions.

• The Transaction insights dashboard helps you identify the transactions that cause lock contentions and, possibly, high latencies.

M98 Release

• Upgraded JupyterLab from 3.2 to 3.4.
• Upgraded R from 4.1 to 4.2.
• Miscellaneous bug and display fixes.
• Regular package updates.

M98 Release

• Upgraded JupyterLab from 3.2 to 3.4.
• Upgraded R from 4.1 to 4.2.
• Removed the requirement to have the compute.instances.get permission in the Service Account attached to the VM introduced in m97.
• Added support for the notebook-enable-debug metadata flag for JupyterLab low level debugging, which sets: c.Application.log_level = 0. The default value is 30.
• Added support for the disable-check-xsrf metadata flag, which sets: c.ServerApp.disable_check_xsrf = True. The default value is false.
• Fixed a bug in which Cloud Marketplace was deploying an older version of Deep Learning VM images.
• Miscellaneous bug and display fixes.
• Regular package updates.

M98 Release

The M98 release of Vertex AI Workbench managed notebooks includes the following:

• Upgraded Go from 1.16.5 to 1.19.2.
• Upgraded R from 4.1 to 4.2.
• Upgraded JupyterLab from 3.2 to 3.4.
• Miscellaneous bug and display fixes.
• Added a fix for the BigQuery SQL editor to run queries correctly in non-US locations.
• Regular package updates.

Learn more about managed notebooks versions.

New UI provisioning wizard

Added a wizard to the API hub UI to provide a simpler provisioning process.

See: Provision API hub using the UI

Updated the layout of the score card display in the API overview tab.

See: Scorecard

The Canada Regions and Support compliance regime is now generally available.

Add a validationCheckDisabled flag in EnumTypeOptions to disable ENUM Validation. The default behavior is unchanged (no validation on ENUM values is enforced).

Add "LIKE" support in search conditions against text properties. Support search word stemming, semantic search and shuffled ordering of search query strings that run against a text property.

Eventarc triggers for Workflows is generally available (GA).

count() queries now available in Preview.

Support for Eventarc triggers for Workflows is generally available (GA).

Generally available: View your Google Kubernetes Engine (GKE) costs in Cloud Billing reports and cost data export to BigQuery

You can view your GKE costs by cluster, namespace, and pod labels in the Detailed cost export, and the built-in reports in the Google Cloud console.

Cloud Billing export to BigQuery

In the Detailed cost export to BigQuery, you can use the labels.key column to filter the data by these label keys:

• goog-k8s-cluster-name: Filter your GKE resources by cluster.
• k8s-namespace: Filter your GKE resources by namespace.
• k8s-label: View all your GKE resources.

Cloud Billing reports

In the Cloud Billing report, Cost breakdown report, and Cost Table report, you can use the Label selector to filter and group your data by cluster or namespace, using one of these label keys:

• goog-k8s-cluster-name: Filter or group your GKE resources by cluster.
• k8s-namespace: Filter or group your GKE resources by namespace.

To start viewing and analyzing your GKE cost data, see these pages:

• Enable cost allocation for your GKE clusters
• Enable the Detailed cost data export
• Review the schema of the Detailed cost data export
• View your Cloud Billing reports

GKE Cost Allocation has been released for general availability. With GKE Cost Allocation, you can see cost breakdowns in clusters for namespaces, and pod labels for utilized CPU and MEM. For complete details, refer to View detailed breakdown of cluster costs.

Moving a reserved external IPv4 address from one project to another is available in Preview.

Anthos clusters on VMware 1.11.4-gke.32 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.11.4-gke.32 runs on Kubernetes 1.22.8-gke.204.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.13, 1.12, and 1.11.

Chronicle CLI provides a text-based interface to initiate all Chronicle user workflows, acting as an alternative to the graphical user interface for advanced users.

For new data profiles, infoTypes other than the predicted infoType will include the approximate percentage of non-null rows in which the infoType was detected.

The organization restrictions feature has launched into public preview. The organization restrictions feature enables you to prevent data exfiltration through phishing or insider attacks. For managed devices in an organization, the organization restrictions feature restricts access only to resources in authorized Google Cloud organizations. For more information, see Introduction to organization restrictions.

Samples in Java, Node.js, and Python are available for Batch. Documentation has been updated to include the following samples:

• Create a basic container job
• Create a basic script job
• List jobs
• Describe a job
• Delete a job

For more information, see All Batch code samples.

Auto-completion for Retail Search is now GA.

Auto-completion predicts the rest of a query a user is typing, which can improve the user search experience and accelerate the shopping process before checkout.

For more about auto-completion for Retail Search, see the Auto-completion documentation.

Recommendations AI now provides a Buy It Again model.

The Buy it Again model encourages purchasing items again based on previous recurring purchases.This personalized model predicts products that have been previously bought at least once and that are typically bought on a regular cadence.

For more information about the Buy It Again model, see the Buy It Again documentation. For how to create this model, see Create models.

Recommendations AI now provides a revenue per session optimization objective for the Others You May Like and Frequently Bought Together model types.

This objective works differently for each model type, but always optimizes for revenue by recommending items that have a higher probability of being added to carts.

For more about the revenue per session optimization objective, see the Revenue per session documentation.

Recommendations AI now provides two diversification options when you create serving configs for recommendations.

• Ruled-based diversification affects whether results returned from a single prediction request are from different categories of your product catalog.
• Data-driven diversification uses machine learning to balance category diversity and relevance in your prediction results.

For more about diversification types, see the Diversification documentation.

Tabular Workflow for TabNet Training is available in Preview. For documentation, refer to Tabular Workflows for TabNet Training.

Tabular Workflow for Wide & Deep Training is available in Preview. For documentation, refer to Tabular Workflow for Wide & Deep Training.

When users enable the Container Scanning API and push container images to Artifact Registry, automatic container scanning now generates metadata including a software bill of materials (SBOM) dependency list. Users can analyze the metadata to gain insights into software dependencies and vulnerabilities. For more information, see Examine dependencies. This feature is in private preview.

Analytics Hub is now generally available. As an Analytics Hub publisher, you can now view all subscriptions to your listing and remove a subscription from your listing.

You can now use stored procedures for Apache Spark. This feature is in preview.

Cloud Build now displays build security information for artifacts stored in Artifact Registry in the Google Cloud console. The new Security insights panel is part of Build History in the console. Users can access information such as Supply chain Levels for Software Artifacts (SLSA) level for built artifacts, vulnerabilities and provenance in the panel. To learn more, see View build security insights. This feature is in public preview.

Cloud SQL supports the preview version of the following recommenders that help you optimize your instance's performance:

• High number of open tables recommender: Optimize the performance of your instance by increasing the size of table open cache for the Cloud SQL instances that have the number of open tables equal to the table open cache and keep opening too many tables concurrently
• High number of tables recommender: Optimize the performance of your instance by reducing the number of tables for the Cloud SQL instances whose table count is too high and close to the SLA limit.

Cloud SQL supports the preview version of the high transaction ID utilization recommender that helps you avoid potential transaction ID wraparound for Cloud SQL for PostgreSQL instances.

Spanner Vertex AI integration is now available in public preview. You can now enhance your Spanner applications with machine learning capabilities by using Google Standard SQL. For more information, see About Spanner Vertex AI integration.

Data Catalog integration with Analytics Hub is now generally available (GA). For more information, see Analytics Hub documentation and Search syntax.

Dialogflow CX Advanced NLU now supports automatic training.

Time-to-live (TTL) policies are now supported at the General Availability level.

Time-to-live (TTL) policies are now supported at the General Availability level.

Software Delivery Shield, a fully-managed, end-to-end software supply chain security solution, has launched. It provides a comprehensive and modular set of capabilities and tools across Google Cloud services that developers, DevOps, and security teams can use to improve the security posture of the software supply chain. For more information on the features of Software Delivery Shield, see Software Delivery Shield overview.

Vertex AI Feature Store streaming ingestion is available in Preview.

Preview: Workload Manager is now available for SAP workloads. For more information, see the Product overview.

Multi-statement transactions are now generally available (GA).

The ability to use physical bytes for storage billing is now in Preview. For more information, see Dataset storage billing models.

Launched Document AI Warehouse V1 APIs.

Enterprise Knowledge Graph API has been updated with the following features:

• Support to cancel and delete an entity reconciliation job
• Support for three entity types: Organization, LocalBusiness, and Person.
• Entity linking to Google Knowledge Graph is available for Organization and LocalBusiness entity types.

The Vertex AI Model Registry is generally available (GA). Vertex AI Model Registry is a searchable repository where you can manage the lifecycle of your ML models. From the Vertex AI Model Registry, you can better organize your models, train new versions, and deploy directly to endpoints.

The Vertex AI Model Registry and BigQuery ML integration is generally available (GA). With this integration, BigQuery ML models can be managed alongside other ML models in Vertex AI to easily version, evaluate, and deploy for prediction.