Google Cloud release notes

Access Approval supports Firestore in the Preview stage.

Access Transparency supports Certificate Authority Service in the GA stage.

Release 1.14.3

Anthos clusters on bare metal 1.14.3 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.3 runs on Kubernetes 1.25.

Backup and DR Service now supports archive snapshots for Compute Engine instance backups.

Simplified experience for updating backup/recovery appliances from the management console.

Google Cloud Managed Service for Prometheus: You can use the OpenTelemetry Collector to scrape standard Prometheus metrics and report them to Managed Service for Prometheus. For more information, see Get started with the OpenTelemetry Collector.

Workspace compilation overrides are available in Preview.

OR queries now available in Preview.

OR queries now available in Preview.

Alpha release of AssignImage mutator, which allows mutation of Docker image paths. For reference, see AssignImage under Mutation in the OPA Gatekeeper documentation.

The constraint template library includes a new template: VerifyDeprecatedAPI. For reference, see the Constraint template library.

Configuring Certificate Authority connectivity through a HTTP CONNECT-based proxy is now generally available (GA). For more information, see Configure Certificate Authority connectivity through a proxy.

Users are now able to enable the content security policy feature for their portal for Apigee and Apigee hybrid. Previously, this feature was available in Apigee Edge only.

See: Configure a content security policy

Public preview release of Advanced API Security abuse detection

Advanced API Security's new abuse detection feature lets you view security incidents involving your APIs. Abuse detection uses Google's machine learning algorithms to detect API traffic patterns that are a sign of malicious activity targeting your APIs.

Abuse detection includes two new types of detection rules powered by machine learning models:

• Advanced Anomaly Detection: Detects unusual patterns of API traffic.
• Advanced API scraper: Detects attempts to extract information from APIs for malicious purposes.

Go 1.18 and 1.19 are now generally available. These versions require you to specify an operating system version in your app.yaml. Learn more.

The immutable tags setting is now in Preview for Docker repositories. When tags are immutable, you cannot change the image digest that a tag references in the repository. You can configure this setting when you create a repository or change the setting on an existing repository.

Cloud Bigtable is now available in the europe-west12 (Turin) region. For more information, see Bigtable locations.

Cloud KMS is available in the following region:

• europe-west12

For more information, see Cloud KMS locations.

The following new region is now available: europe-west12.

Cloud SQL for MySQL now supports minor version 8.0.32. To upgrade your existing instance to the new version, see Upgrade the database minor version.

Support for europe-west12 (Turin) region.

Support for europe-west12 (Turin) region.

Support for europe-west12 (Turin) region.

You can create Cloud Spanner regional instances in Turin, Italy (europe-west12).

Cloud Storage is now available in Turin, Italy (europe-west12 region).

Cloud VPN is now available in region europe-west12 (Turin, Italy).

Pricing is available on the Cloud VPN pricing page.

Generally available: Turin, Italy, Europe europe-west12-a,b,c has launched with E2, N2, N2D, and T2D VMs available in all three zones. See VM instance pricing for details.

Dataflow is now available in Turin (europe-west12).

Dataproc is now available in the europe-west12 region (Turin).

The europe-west12 region in Turin, Italy is now available.

The ability to dismiss a recommendation is generally available via Recommender API

The export to BigQuery feature now supports custom pricing and non-project scoped recommendations.

The global Recommender Viewer role is now available to get view access to all insights and recommendations available.

Secret Manager is now available in the following region:

• europe-west12

For more information, see Secret Manager locations.

The March 20, 2023 release of the Google Cloud SCC content pack for sending Security Command Center data to Cortex XSOAR is generally available.

This version includes support for multiple Google Cloud organizations, bug fixes, and supportability improvements.

For information about downloading and installing the new content pack, see Upgrade the Google Cloud SCC content pack.

The version 3.0 release of the Google SCC App for QRadar, which lets you send Security Command Center data to QRadar v7.4.1FP2+, is generally available.

This version includes support for multiple Google Cloud organizations, bug fixes, and supportability improvements.

For information about downloading and installing the new application, see Upgrade the Google SCC app.

The version 3.0 release of the Google SCC App for ELK, which lets you send Security Command Center data to Elastic Stack, is generally available.

This version includes support for multiple Google Cloud organizations, bug fixes, and supportability improvements.

For information about downloading and installing the new application, see Upgrade the Docker container.

The version 2.0 release of the Google SCC Add-on For Splunk and the Google SCC App For Splunk, which let you send Security Command Center data to Splunk, is generally available.

This version includes support for multiple Google Cloud organizations, bug fixes, and supportability improvements.

For information about downloading and installing the new applications, see Upgrade Google SCC App for Splunk and Google SCC Add-on for Splunk.

For auto mode VPC networks, added a new subnet 10.210.0.0/20 for the Turin europe-west12 region. For more information, see Auto mode IP ranges.

Customize SSL certs for access routing when provisioning Apigee Pay-as-you-go organizations.

Users can now select existing self-managed SSL certs when customizing access routing during Apigee Pay-as-you-go provisioning. For more information, see Step 4: Customize access routing .

Receive Cloud console notifications when Pay-as-you-go provisioning completes.

While provisioning is in progress, users can navigate away from the Apigee provisioning page and monitor notifications in the Cloud console for updates when provisioning completes.

BigQuery now supports Unicode column naming using international character sets, alphanumeric and special characters. Existing columns can use these new capabilities using the RENAME command. This feature is now in preview.

Policy Engine:

• Modify RuleSet APIs logic to auto-populate RuleId field during create RuleSet call and allow Rules update using existing RuleId
• Publish action messages by default will include Schema name, Document name, RuleSet name, Rule Id, Action Id and trigger type information.

Model event management with Cloud Functions and Pub/Sub

The Vertex AI Vision event management feature lets you generate and send event notifications through Pub/Sub topics by:

• Enabling supported models* to output to Cloud Function for data processing and events generation.
• In-product support to send generated event to configured Pub/Sub topics.
• An easy configuration of the event management system in the Vertex AI Vision Studio.

* GA event management is available for the following models:

• Occupancy analytics pre-trained model
• Vertex AI custom-trained models imported into a Vertex AI Vision application

For more information, see the Enable model event notification with Cloud Functions and Pub/Sub.

Release 1.13.6

Anthos clusters on bare metal 1.13.6 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.6 runs on Kubernetes 1.24.

Network Load Balancing now supports user-specified weights on the backend service. This allows you to manage the backend load distribution of your load balancer and avoid overloading them.

For details, see:

• Weighted load balancing
• Configure weighted load balancing

This feature is in General Availability.

Smaller read replicas are now available for Cloud SQL. Read replicas no longer require the same or more CPUs and RAM than their primary instances.

The following functions and expressions have been added to the GoogleSQL dialect:

• ARRAY_FILTER function
• ARRAY_TRANSFORM function
• Lambda expressions

Dialogflow CX sentiment analysis now supports all regions supported by Dialogflow CX and over 70 new languages.

Support for triggering a workflow within a service perimeter using VPC Service Controls is generally available (GA).

Preview mode is now Generally Available for advanced network DDoS protection, allowing you to receive all the logging and telemetry about the detected attack without enforcing the mitigation.

Pub/Sub is now available in Turin, Italy (europe-west12).

Generally available: In projects protected by a service perimeter, and if using Eventarc to route events to Workflows destinations, you can create a new push subscription through Eventarc where the endpoint is set to a Workflows execution. To know more, see Set up a service perimeter using VPC Service Controls.

Vertex AI supports running Explainable AI on certain types of BQML models when they are added to the Vertex AI Model Registry (GA). To learn more, see Explainable AI for BigQuery ML models.

Vertex AI Feature Store

The ability to delete feature values from an entity type is now generally available (GA). The following features are available:

• Delete feature values from specified entities
• Delete feature values from specified features within a time range

Links to additional resources:

• Learn more about the delete_feature_values method in the Vertex AI SDK for Python.
• View the Python code sample on GitHub
• View the Python (Async) code sample on GitHub

Support for triggering a workflow using Eventarc within a VPC Service Controls perimeter is generally available (GA).

The following AutoML Tables model features are now generally available:

• Availability in additional regions.
• CMEK support in available regions except multi-regions US and EU.
• OPTIMIZATION_OBJECTIVE now accepts two additional options:
  • MAXIMIZE_PRECISION_AT_RECALL
  • MAXIMIZE_RECALL_AT_PRECISION

General Availability: You can create resources such as certificate authorities (CA) and certificate authority pools with X.509 name constraints. Name constraints on CA resources are enforced when issuing certificates, which lets you control which names are permitted or excluded.

For more information, see CA certificate name constraints.

You now have the option to use default logs buckets stored within your own project in the same region as your build. You can enable this feature by setting the defaultLogsBucketBehavior option in your build config file. When you use this option, you gain more control over data residency. Using logs within your own project also allows you to fine-tune access permissions and object lifecycle settings for your build logs. This feature is generally available. For more information, see the Store and manage build logs page.

You can now use Google Cloud tags to group and organize your Cloud Spanner instances, and to condition Identity and Access Management (IAM) policies based on whether an instance has a specific tag. For more information, see Control access and organize instances with tags.

The following US regions are now available for dual-region storage:

• Los Angeles (us-west2)
• Salt Lake City (us-west3)

The following EU regions are now available for dual-region storage:

• Warsaw (europe-central2)
• Madrid (europe-southwest1)
• Frankfurt (europe-west3)
• Milan (europe-west8)
• Paris (europe-west9)

Newly-created clusters write vm_assignments and disk_assignments platform logs to Cloud Logging, indicating when VM instances and persistent disks are allocated to a workstation.

Vertex AI Prediction

You can now use N2, N2D, C2, and C2D machine types to serve predictions.

Managing Shared VPC with the Shared VPC Admin role at the folder level is available in General Availability.

5 new Airflow metrics are now available in Cloud Monitoring. For more information, see Monitor environments with Cloud Monitoring.

Anthos clusters on VMware 1.13.6-gke.32 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.6-gke.32 runs on Kubernetes 1.24.10-gke.2200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

You can now use the interactive serial console to access your Bare Metal Solution servers. This feature is generally available (GA).

Cloud Functions has added support for customer-managed encryption keys for 2nd gen functions at the Preview release level.

Support for the GoogleSQL-dialect THEN RETURN clause and the PostgreSQL-dialect RETURNING clause is now generally available. For more information, see THEN RETURN and RETURNING.

The following functions have been added to the GoogleSQL dialect:

• ARRAY_INCLUDES_ALL function
• ARRAY_INCLUDES_ANY function
• ARRAY_MIN function
• ARRAY_MAX function

Expanded Cloud Storage monitoring dashboards are now generally available (GA).

• Available metrics include server and client error rates, write request counts, network ingress rates, and network egress rates.
• Dashboards can be filtered by bucket location.
• Dashboards are customizable, including the ability to set up alerts.

Cloud Workstations is available in the following regions:

• europe-west6 (Zurich)
• europe-west9 (Paris)

For more information, see Locations.

Virtual Machine Threat Detection, a built-in service of Security Command Center, launched the following detectors to Preview.

• Defense Evasion: Unexpected kernel code modification
• Defense Evasion: Unexpected kernel read-only data modification
• Defense Evasion: Unexpected ftrace handler
• Defense Evasion: Unexpected interrupt handler
• Defense Evasion: Unexpected kernel modules
• Defense Evasion: Unexpected kprobe handler
• Defense Evasion: Unexpected processes in runqueue
• Defense Evasion: Unexpected system call handler

These modules analyze runtime Linux kernel integrity to detect common evasion techniques used by malware.

The following attributes were added to the Finding object of the Security Command Center API.

• cloudDlpInspection
• cloudDlpDataProfile

The cloudDlpInspection attribute provides details about the results of a Cloud Data Loss Prevention (Cloud DLP) inspection job. The cloudDlpDataProfile attribute provides the name of a Cloud DLP data profile that is associated with a finding.

For more information, see the Security Command Center API documentation for the Finding object.

Event Threat Detection, a built-in service of Security Command Center Premium, has launched the Initial Access: Excessive Permission Denied Actions rule to General Availability. This rule detects events where a principal repeatedly triggers permission denied errors across multiple methods and services.

For more information about Event Threat Detection findings, see Event Threat Detection rules.

M104 Release

• Added the following packages:
  • google-cloud-artifact-registry
  • google-cloud-bigquery-storage
  • google-cloud-language
  • keyring
  • keyrings.google-artifactregistry-auth
• Fixed a bug in which curl could not find the right SSL certificate path by default.

M104 Release

• Added the following packages:
  • google-cloud-artifact-registry
  • google-cloud-bigquery-storage
  • google-cloud-language
  • keyring
  • keyrings.google-artifactregistry-auth
• Fixed a bug in which curl could not find the right SSL certificate path by default.

Cloud Text-to-Speech now offers Long Audio Synthesis. This new API can be used to synthesize texts longer than 5 KB. For more information about API usage using the command line, see Create long audio from text by using the command line.

M104 Release

The M104 release of Vertex AI Workbench user-managed notebooks includes the following:

• Fixed a regression in which jupyter-user metadata was ignored.
• Enabled access to the Jupyter Gateway Client configuration by using the notebook-enable-gateway-client and gateway-client-url metadata tags.
• Added the following packages:
  • google-cloud-artifact-registry
  • google-cloud-bigquery-storage
  • google-cloud-language
  • keyring
  • keyrings.google-artifactregistry-auth
• Fixed a bug in which curl could not find the right SSL certificate path by default.

Support for a Transcoder API connector is available in Preview.

Python 3.8, 3.9, 3.10, and 3.11 are now generally available. These versions require you to specify an operating system version in your app.yaml. Learn more.

The Lineage tab in the table properties page lets you track how your data moves and transforms through BigQuery. This feature is now generally available (GA).

The Logging Query Language now supports a built-in SEARCH function that you can use to find strings in your log data. The SEARCH function is in preview. For more information, see SEARCH function.

Cloud SQL for MySQL now supports 106 new database flags. See supported flags for more information.

The CCAIP integration with Kustomer now offers the following new custom enhancement options:

• Call transfer information is now posted as a comment.
• Administrators can now create custom fields from CCAIP.
• Administrators can now create custom Account and Record fields by going to: Developer Settings > Custom fields for Account and Record. See the Kustomer documentation for details.

Salesforce multi-number lookup: You can now configure CCAIP to look up an account across multiple phone number fields in Salesforce. This makes it easier to connect different support sessions to a single account for consumers who have multiple phone numbers, such as mobile, home, or work numbers. Additionally, you can now assign all phone numbers to one account rather than having to set up separate contacts for each number. The Account Lookup section now offers the following settings:

• Phone number lookup fields : This updated configuration enables you to select multiple phone numbers, such as mobile, account phone, account fax. You can then associate these numbers with the same account.
• Phone number primary fields: This field enables you to select the phone number field to be used when you create a new CRM account.

For more information, see the Salesforce CRM documentation.

Dialogflow (DF) Wrap-up events are now captured as custom events. Every time a customer ends their session with a Virtual Agent for any reason (for example, consumer abandon, call failure), a new DF Wrap-up custom event is sent to the Dialogflow CX (for example, handled by VA). This enables the VA to react to the event and perform any desired session wrap-up process(es). For more inforation, see the Dialogflow documentation.

New data parameters for Virtual Task Assistant: Virtual Task Assistant now has the ability to send parameters, supports multiple languages, and includes a dedicated settings panel. Admins can now specify the data parameters that can be gathered and sent to Virtual Task Assistants, including the new dynamic parameter Agent Form. See the data parameters documentation for details.

Twinning: Twinning is a new feature that allows a primary extension (for example, web adapter) and a secondary extension (for example, mobile phone number) to operate as a single phone.

Twinning is ideal for support agents who are frequently on the go, since it allows them to forward support calls to their preferred phone number while also allowing them to handle calls at their desk using their web adapter. Another example is a front desk phone set up as the office's primary extension; you can use Twinning to forward those calls to a mobile phone.

For details, see the Twinning documentation

Domain Based Access Control: You can configure CCAIP to restrict the set of domains able to frame the agent adapter and admin portal. This provides protection against clickjacking attacks.

An Admin can configure the domain allowlist by going to: Developer Settings > Domain Based Access Control. Configuration changes might take up to 1 minute to take effect.

Existing customers will have an empty allowlist by default. To enable this feature, the allowlist must be populated with each domain currently framing the agent adapter. Domains that are not configured will be blocked. New customers will have an allowlist containing the domain of the CCAIP instance itself to allow the agent adapter to be framed by the admin portal. Additional domains will be blocked from framing the agent adapter until they are configured in the allowlist.

See Domain based access control for details.

A new audio chime has been added to the Agent Adapter to indicate when an agent connects with a customer on a call. We also updated the existing audio chimes for these events:

• Agent joins
• Member joins
• Call Disconnects
• Member Leaves

DTMF Support Capability You can now select the DTMF checkbox during Virtual Task Assistant and Virtual Agent setup to ensure that DTMF tones are supported.

Custom CRM, Extended OAuth and nested parameter support: The following enhancements have been added to the Custom CRM integration offering:

• Extended OAuth Authentication support.
• Handling nested parameters in the API endpoints configuration.

MS Dynamics: Updated default user functionality and improved Virtual Agent record assignment: You can now assign a CRM Admin user as the default user for all CRM actions and events where no specific agent has been identified. After enabling this Default User option in Developer Settings, you can set the default user for all Customer Support Virtual Agent sessions as well. See the Virtual Agent documentation for details.

The Looker Studio Connector and Connected Sheets features are now available for all Looker-hosted instances, including those Looker-hosted on AWS and Azure. Previously, these features were available only for instances that were Looker-hosted on Google Cloud. A Looker admin must enable these features in the new BI Connectors Admin page.

The new logging feature allows Looker to collect metrics on the number of NFS read, write, open, and status operations.

The Performant Field Picker Labs feature offers more refined search options, which let users more quickly and efficiently search for fields in large Explore field pickers.

Cloud Secure Web Proxy supports TLS inspection, which helps you intercept the TLS traffic, inspect the encrypted request, and enforce security policies. This feature is supported in Preview.

Hybrid subnets are available in Preview. A hybrid subnet combines an on-premises subnet and a VPC subnet into a single logical subnet. You can migrate individual workloads and instances from the on-premises subnet to the VPC subnet over time without needing to change IP addresses.

FieldSet artifacts that are attached to an API are now displayed in the API overview page.

You can now specify translation configurations in the BigQuery Interactive SQL Translator and use it to debug Batch SQL translator jobs. This feature is now in preview.

Generally available: Hyperdisk provides the fastest block storage for Compute Engine for your high-end, memory intensive workloads. Hyperdisk volumes are durable network storage devices that your VMs can access, similar to Persistent Disk. For more information, see About Hyperdisk.

Filestore instance support for non-RFC 1918 IP addresses is now generally available.

Support for the europe-west4 (Netherlands) region.

Support for the europe-west4 (Netherlands) region.

Workforce identity federation now supports browser-based sign-in. The feature is generally available (GA). To use it, see Browser-based sign-in in Obtain short-lived tokens for workforce identity federation, or locate the Browser-based sign-in section in the configuration guide for your identity provider.

General availability: You can now update the schemas that you create in Pub/Sub. Before you do so, read the guidelines. The change is being rolled out in a phased manner over the rest of the week.

Disk related enhancements for automating SAP HANA deployments with Terraform

The Terraform configurations that Google Cloud provides for automating SAP HANA deployments, now support the following disk related enhancements:

• Using the argument disk_type, you can now specify the default disk type that you want to deploy for your SAP volumes. This argument also supports Hyperdisk Extreme.
• By default, all SAP volumes are now mounted on separate SSD-based persistent disks or Hyperdisks. Using the argument use_single_shared_data_log_disk, you can specify if you want to mount all SAP volumes on a single disk.
• For scale-up deployments, using the argument include_backup_disk, you can now specify if you want to deploy a disk for the SAP HANA backup volume.

These enhancements are available when you automate the deployment of SAP HANA on Google Cloud with Terraform configurations that use the module version 202303130717 or later.

For more information, see the deployment guide for your scenario.

Support for aliases in Secret Manager is now generally available. You can use an alias to get and access a version using a resource path name. A given alias string can only be bound to a single version. You can, however, assign multiple aliases to a secret version.

Access Approval supports Certificate Authority Service in the Preview stage.

The CREATE TABLE AS SELECT statement now lets you filter data from files in Amazon S3 and Azure Blob Storage before transferring results into BigQuery tables This feature is in preview.

Log-based metrics on log buckets are now generally available (GA). In addition to features available in the preview, the GA release includes the ability to create bucket-level log-based metrics in the Google Cloud console.

Starting with version 2.28.0, the Ops Agent limits the amount of disk space it can use to store buffer chunks. The Ops Agent creates buffer chunks when logging data can't be sent to the Logging API. Without a limit, these chunks might consume all available space, interrupting other services on the VM. When a network outage causes buffer chunks to be written to disk, the Ops Agent now uses a platform-specific amount of disk space to store the chunks.

You can now have Cloud Monitoring send an email that contains a dashboard URL to people or groups in your organization. For more information, see Share dashboards.

Support for Filestore as an NFS datastore for Google Cloud VMware Engine (GCVE) is now available in (Preview).

Cloud Functions minimum instances recommendations are now available in Preview.

Connectivity to Private Service Connect endpoints used to access a managed service is supported over VLAN attachments for Cloud Interconnect. This feature is available in General Availability.

Consumption of IP addresses in Private Service Connect NAT subnets is improved for service attachments that are created after March 1st, 2023. For more information, see NAT subnets. This improvement is available in General Availability.

Cluster lifecycle improvements 1.13.1 and later

Starting with Anthos clusters on bare metal release 1.13.1, you can use the Google Cloud console or the gcloud CLI to upgrade admin and user clusters managed by the Anthos On-Prem API. If your cluster is at version 1.13.0 or lower, you must use bmctl to upgrade the cluster.

For more information about using the console or the gcloud CLI for upgrades, see the documentation for your version of Anthos clusters on bare metal:

• 1.13: Upgrade an admin or user cluster using Anthos On-Prem API clients

• 1.14: Upgrade an admin or user cluster using Anthos On-Prem API clients

You can now route logs through the Log Router of another Google Cloud project. The logs can then be managed by the other Google Cloud project, which includes log-based metrics, log-based alerts, and other log sinks. For more information, see Route logs to supported destinations.

Cloud Spanner fine-grained access control is now generally available. Fine-grained access control combines the benefits of Identity and Access Management (IAM) with traditional SQL role-based access control. For more information, see About fine-grained access control.

Query preview in a workspace is available in Preview.

Dataproc Metastore 2 is now Generally Available (GA). Dataproc Metastore 2 provides horizontal scalability through fine grained scaling options. For more information, see Datproc Metastore versions.

The Spanner database type is generally available (GA).

Auxiliary versions is generally available (GA).

Network Topology now includes cross-project metrics for network traffic sent across Shared VPC or VPC Network Peering boundaries within the same organization. For more information, see Network Topology overview.

The Google APIs Explorer has been added to the Apigee Registry API documents. The Try this method panel acts on real data and lets you try Google API methods without writing code.

SAP BW OHD, SAP ODP, SAP OData, SAP SLT, and SAP Table plugins version 0.8 is generally available (GA) in Cloud Data Fusion versions 6.8.0 and later.

You can now use the gcloud CLI to configure a snooze, which prevents Cloud Monitoring from sending notifications or creating incidents during specific time periods. You can also configure a snooze by using the Google Cloud Console and the API. For more information see Create and manage snoozes.

You can now see allow rules that are no longer active based on usage patterns and trends. For more information, see Allow rules with no hits based on trend analysis.

You can now see shadowed rule insights for hierarchical firewall policies and global network firewall policies in Firewall Insights. For more information, see Firewall Insights categories and states.

You can now create dry-run organization policies to monitor how policy changes would impact your workflows before they are enforced.

Support for Annotations in Secret Manager is now generally available. Annotations are used to define custom metadata about a secret.

ta check is a command line tool to detect and help fix configuration issues with Transfer Appliance and Edge Appliance.

You can now launch clusters with the following Kubernetes versions:

• 1.23.16-gke.200
• 1.24.9-gke.2000
• 1.25.5-gke.2000

You can now launch clusters with the following Kubernetes versions:

• 1.23.16-gke.200
• 1.24.9-gke.2000
• 1.25.5-gke.2000

Anthos clusters on VMware 1.14.2-gke.37 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.14.2-gke.37 runs on Kubernetes 1.25.5-gke.100.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

Case-insensitive collation support is now generally available (GA). In addition to features available in the preview, the GA release includes:

• MIN, MAX, COUNT with DISTINCT, and PERCENTILE_DISC windows functions
• ORDER BY and PARTITION BY in the WINDOWS clause
• LIKE operator with limitations
• Views
• Materialized views with limitations
• Table functions with limitations
• BigQuery BI engine

The Cloud Load Balancing Console now allows you to see the equivalent API code for actions you take in the Console. When you create or update a load balancer, before you click Create or Update, you can click Equivalent Code to view the load balancer API resources that will be created, updated, or deleted.

This capability is in Preview.

You can now authenticate to a Cloud Run service by including a Google-signed OpenID Connect ID token in the X-Serverless-Authorization header if your application already uses the Authorization header for custom authorization.

Backend Service-based external Network load balancers are now generally available with GKE. Regional Backend Service is a foundational element of a Google Cloud Load Balancer and using it for your external LoadBalancer Services will unlock new capabilities going forward. To learn more, see how to deploy a backend service-based external network load balancer.

You can now set an expiry time for all newly created service account keys in your project, folder, or organization. This feature is generally available (GA).

Cloud Client libraries for the AlloyDB Admin API are in Preview. Supported languages include C++, C#, Go, and Java.

Cluster lifecycle improvements versions 1.13.1 and later

You can use the Google Cloud console or the gcloud CLI to upgrade user clusters managed by the Anthos On-Prem API. The upgrade steps differ depending on your admin cluster version. For more information, see the version of the documentation that corresponds to your admin cluster version:

• Upgrade user cluster when admin cluster is version 1.13.1+
• Upgrade user cluster when admin cluster is version 1.14.0+

1.12.6 patch release

Anthos clusters on VMware 1.12.6-gke.35 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.12.6-gke.35 runs on Kubernetes v1.23.16-gke.2400.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

The Ruby 3.20 runtime for App Engine standard environment is now available in preview.

Backup and DR Service now supports logging and alerting via Cloud Logging and Cloud Monitoring. It:

• Supports centralized logging of backup events.
• Enables users to view backup events in Cloud Logging with custom filters.
• Enables users to configure alerts for backup events via email, SMS, Slack, PagerDuty, and more – all within Cloud Monitoring.

Batch is available in the following regions:

• asia-south1 (Mumbai)
• asia-east1 (Taiwan)
• europe-west3 (Frankfurt)
• southamerica-west1 (Santiago)
• us-east4 (Northern Virginia)

For more information, see Locations.

You can now view and list incidents on your custom dashboards. For more information, see Display incidents on a dashboard.

Filestore data is compliant with at-rest and in-use data residency requirements pursuant with Google Cloud terms of service.

Google Cloud Deploy now provides the ability to deploy to multiple targets at the same time, supported in preview.

Added support for the JSONB array data type in the PostgreSQL dialect. For more information, see Work with JSONB data.

Dialogflow CX now provides a setting for choosing the voice for speech synthesis.

Release 1.12.8

Anthos clusters on bare metal 1.12.8 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.8 runs on Kubernetes 1.23.

The Java runtime versions 11 and 17 are now available in preview, and are built on modern and secure operating systems (Ubuntu 18 and 22). These new runtime versions use Google Cloud's buildpacks and require updates to your app.yaml. Learn more.

The WITH RECURSIVE clause is now generally available (GA). This clause lets you include one or more recursive common table expressions (CTEs) in a query.

You can now set the language code and display name for text and audio streams.

Support for limiting the maximum number of concurrent branches or iterations within a parallel step is generally available (GA).

Release 1.14.2

Anthos clusters on bare metal 1.14.2 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.2 runs on Kubernetes 1.25.

The following new connectors are available in preview:

• HTTP (includes SSL support)
• RabbitMQ

The IBM MQ connector now supports requestReply messages.

The Cloud Storage connector now supports the following actions for file operations:

• UploadObject
• DownloadObject
• MoveObject
• CopyObject
• DeleteObject

The MongoDB connector now supports the following actions:

• InsertDocument
• UpdateDocument
• DeleteDocument
• GetDocument

Public preview release of the Apigee UI in the Google Cloud console

This release includes a new version of the Apigee UI that is integrated with the Google Cloud console. The new UI makes it easier to perform Apigee tasks that are managed in the Cloud console. We welcome your feedback on the new UI: click Send Feedback at the top of the UI.

For now, you can continue to use the classic Apigee UI if you wish: just click Back to Classic Apigee in the new UI.

The following tabs in the classic Apigee UI have not yet been implemented in the Apigee UI in the Cloud console, but they will be available there soon:

• Develop > Integrations
• API Security
• Monetization
• Analyze > API Metrics > Cache Performance,
• Analyze > API Metrics > Target Performance
• Analyze > Developers
• Analyze > End Users
• Publish > Portals

If you need to use these features, you can do so by switching to the classic Apigee UI.

This release will be rolled out over the next week, so you might not be able to view the new Apgee UI until the rollout is complete.

Schedule Chronicle dashboard reports

You can schedule the delivery of Chronicle dashboard reports over email for both the default dashboards and custom dashboards. In addition to setting the time interval, email address, and format to deliver the report, you can also set the pagination details and test the delivery of the report. For more information, see Schedule Chronicle dashboard reports.

Change streams are now supported for PostgreSQL-dialect databases.

The Node.js 18 runtime is now available in preview, and is built on a modern and secure operating system (Ubuntu 22). This new runtime version uses Google Cloud's buildpacks and requires updates to your app.yaml. Learn more.

Cloud Data Fusion version 6.8.1 is generally available (GA). This release is in parallel with the CDAP 6.8.1 release.

Cloud Data Fusion version 6.7.3 is generally available (GA). This release is in parallel with the CDAP 6.7.3 release.

Cloud SQL now supports the ability to get details for a Cloud SQL user for a database instance using the API or gcloud. To learn more about the new method, see Cloud SQL Admin API REST Resource.

Cloud SQL now supports the ability to get details for a Cloud SQL user for a database instance using the API or gcloud. To learn more about the new method, see Cloud SQL Admin API REST Resource.

Cloud SQL now supports the ability to get details for a Cloud SQL user for a database instance using the API or gcloud. To learn more about the new method, see Cloud SQL Admin API REST Resource.

For document translations, added support for Microsoft DOC, PPT, and XLS files. For more information, see Supported formats.

Generally available: When creating a reservation, you can now include a compact placement policy to specify that VMs should be located as close to each other as possible to reduce network latency. Learn how to create a reservation that specifies a compact placement policy.

--properties=dataproc:agent.ha.enabled=true can now be used to enable the Dataproc Agent in high availability mode. This property is supported by Dataproc Image versions 2.0 and above.

High Scale and Enterprise tier instances now support overlapping permissions (GA).

The Python 3.11 runtime for App Engine standard environment is now generally available.

You can set default values on columns in your BigQuery tables. This feature is now generally available (GA).

Cloud Functions has added support for a new runtime, Ruby 3.2, at the Preview release level.

New performance recommendations are supported for Cloud Functions, which analyze cold starts and suggest setting up minimum instances to improve function performance. At the Preview release level.

The new System insights dashboard displays metrics and scorecards for the resources that your instance or database uses and helps you get a high-level view of your system's performance. For more information, see Monitor instances with system insights.

Terraform now supports Datastream private connectivity, connection profile, and stream resources. For more information, see Getting started with Terraform and Datastream.

Access Approval supports Cloud Composer in the Preview stage. For the complete list of supported services, see Supported services.

24 new Airflow metrics are now available in Cloud Monitoring. For more information, see Monitor environments with Cloud Monitoring.

The Cloud SQL Proxy Operator is now available in public preview. The Cloud SQL Proxy Operator is an open-source Kubernetes operator that automates connecting workloads in a GKE cluster to Cloud SQL databases. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.

The Cloud SQL Proxy Operator is now available in public preview. The Cloud SQL Proxy Operator is an open-source Kubernetes operator that automates connecting workloads in a GKE cluster to Cloud SQL databases. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.

The Cloud SQL Proxy Operator is now available in public preview. The Cloud SQL Proxy Operator is an open-source Kubernetes operator that automates connecting workloads in a GKE cluster to Cloud SQL databases. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.

Release 1.13.5

Anthos clusters on bare metal 1.13.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.5 runs on Kubernetes 1.24.

Authorized stored procedures are now in preview. This feature lets you share stored procedures with users or groups without giving them direct access to the underlying tables.

FTP Plugins versions 3.1.0 and 3.2.0 are generally available (GA) in Cloud Data Fusion versions 6.7.2+ and 6.8.0+, respectively. They include support for more file formats and properties. An issue was fixed in the FTP Batch Source that caused pipelines to fail when running with Dataproc 2.0. For more information, see the CDAP Hub release log.

Data profiles generated at the column level include the following metrics:

• Estimated null proportion: an approximate proportion of null values in a column, categorized as high, medium, low, or very low.
• Estimated uniqueness: an estimate of how much of the data in a column is unique, categorized as high, medium, or low.

For more information on these metrics, see the Metrics reference.

Network Load Balancing logging and Internal TCP/UDP Load Balancing logging are now available in General availability.

The time-range selector in the Logs Explorer has been updated to support a larger set of time range options, such as preset times, custom start and end times, and relative time ranges. For more information, see Use the time-range selector.

TIFF file UI rendering support: when calling GetDocument API for a TIFF file, the API will return a converted PNG image inside cloud_ai_document field.

Primary and foreign key table constraints are now available in preview. You can define table constraints using the CREATE TABLE statement, the ALTER TABLE ADD PRIMARY KEY statement, or the ALTER TABLE ADD CONSTRAINT statement.

Health checks for internal load balancers and automatic failovers in Cloud DNS routing policies are now available in GA.

HA VPN over Cloud Interconnect is generally available. With HA VPN over Cloud Interconnect, you can use Cloud VPN to encrypt your Cloud Interconnect traffic by deploying HA VPN tunnels over your VLAN attachments.

For more information, see the HA VPN over Cloud Interconnect overview.

HA VPN over Cloud Interconnect is generally available. With HA VPN over Cloud Interconnect, you can use Cloud VPN to encrypt your Cloud Interconnect traffic by deploying HA VPN tunnels over your VLAN attachments.

For more information, see the HA VPN over Cloud Interconnect overview.

Generally available: You can upgrade the term of your 1-year commitments and convert them into 3-year commitments to get a higher discount percentage for your committed resources and continue receiving the discounts for a longer time period.

For more information, see Upgrade the term of commitments.

VMware Engine private clouds support the addition of a Trusted Platform Module (TPM) 2.0 virtual cryptoprocessor to a virtual machine.

For details about this feature, see About Virtual Trusted Platform Module.

Anthos Service Mesh now supports Anthos Clusters on Azure as a preview feature.

The Go runtime versions 1.18 and 1.19 are now available in preview and are built on a modern and secure operating system (Ubuntu 22). These new runtime versions use Google Cloud's buildpacks and require updates to your app.yaml. Learn more.

The Python runtime versions 3.8, 3.9, 3.10, and 3.11 are now available in preview and are built on modern and secure operating systems (Ubuntu 18 and 22). These new runtime versions use Google Cloud's buildpacks and require updates to your app.yaml. Learn more.

The ALTER TABLE RENAME COLUMN statement and the ALTER TABLE DROP COLUMN statement are now generally available (GA).

Generally available: NVIDIA® T4 GPUs are now available in the following region and zones:

• Warsaw, Poland, Europe: europe-central2-b,c

For more information about using GPUs on Compute Engine, see GPU platforms.

Generally available: The image import tool now supports importing SUSE Linux Enterprise Server 15 SP4 and SUSE Linux Enterprise Server 15 SP4 for SAP images to Google Cloud.

Added spec.externalDataConfiguration.referenceFileSchemaUri field to BigQueryTable.

Added spec.gitFileSource.githubEnterpriseConfigRef, spec.repositoryEventConfig and spec.sourceToBuild.githubEnterpriseConfigRef fields to CloudBuildTrigger.

Added spec.edgeSecurityPolicyRef and spec.localityLbPolicies fields to ComputeBackendService.

Added spec.scheduling.maxRunDuration field to ComputeInstance.

Added spec.resourcePolicies and spec.scheduling.maxRunDuration fields to ComputeInstanceTemplate.

Added spec.shareSettings field to ComputeNodeGroup.

Added spec.tcpTimeWaitTimeoutSec field to ComputeRouterNAT (#692).

Added spec.adaptiveProtectionConfig.autoDeployConfig field to ComputeSecurityPolicy.

Added spec.bindings.members.memberFrom.serviceIdentityRef field to IAMPartialPolicy (#722).

Added spec.memberFrom.serviceIdentityRef field to IAMPolicyMember (#722).

Added spec.ipConfiguration.enablePrivatePathForGoogleCloudServices field to SQLInstance.

You can now set the number of maximum concurrent backfill tasks for a stream using the Datastream API. To learn more, see Manage streams.

Discovery for Media

Preview recommendations is now available in Preview mode.

Use this feature to preview and evaluate what documents your serving configs will recommend to your users. This allows you to test models and serving configs quickly before you go into production.

For information about this feature, see Preview Recommendations.

Notable new Generally Available Custom Document Extractor (CDE) features include:

• Public APIs
• Automatic schema label creation from pre-labeled documents
• Schema label data type and occurrence editable pre-training
• New DocAI Toolkit with a labeled document converter

The following features have been upgraded:

• Processor Gallery
• Schema editor
• Labeling UI
• Training pipeline
• Manage versions table

The following new features have been introduced in this release of Google Distributed Cloud Edge:

• Distributed Cloud Edge now exposes the Edge Network API, which allows you to configure the networking components of Distributed Cloud Edge. For more information, see How it works and Distributed Cloud Edge networking features.

Added content encryption support

Added new channel events: mute, unmute, return to program, and switch input

Added audio loudness normalization and audio gain control

Added the timecode feature which supports synchronizing media workflows with live stream content

M104 Update

This update of the M104 release of Vertex AI Workbench managed notebooks includes the following:

• Fixed a bug where local and remote kernels are not displayed. This happens when remote kernels are not accessible.
• Minor bug fixes and improvements.

Preview: You can autoscale a regional managed instance group with a BALANCED target distribution shape. With the BALANCED shape, the autoscaler is aware of the capacity in each zone and creates VMs in zones that have resource availability. For more information, see Autoscaling a regional MIG.

Preview: Migrate to Virtual Machines from an Azure source lets you migrate Azure VM instances to Compute Engine.

The ability to add individual VPC networks to a perimeter is generally available (GA).

Previously, all VPC networks in a host project were added to a perimeter. You can now do the following:

• Add individual VPC networks as members of a perimeter.
• Create an ingress rule to authorize individual VPC networks to access a perimeter.

You can create log buckets that use Log Analytics and upgrade existing log buckets to use Log Analytics by using the Logging API. For more information, see Create a bucket.

You can now install pre-defined alerting policies for services integrated with Cloud Monitoring from the Monitoring Integrations page and from the Observability tab on the pages for Kubernetes Engine clusters and workloads. For more information about these installable policies, see Install alerting policies.

In Standard clusters with GKE version 1.26 and later, you can now audit workloads to validate if they are compatible with Autopilot clusters. Use kubectl get audit to see the cluster objects.

Connectivity Tests now include dual-stack instances with both IPv4 and IPv6 addresses, including instances with multiple network interfaces. For more information, see Create and run Connectivity Tests.

The ability to add individual VPC networks to a perimeter is generally available (GA).

Previously, all VPC networks in a host project were added to a perimeter. You can now do the following:

• Add individual VPC networks as members of a perimeter.
• Create an ingress rule to authorize individual VPC networks to access a perimeter.

Continuous backup and recovery is in Preview. This feature protects your clusters from data-loss events by letting you recover their data from any moment within a configurable window.

Version 2.25.1 of the Ops Agent introduces health checks. When the Ops Agent starts, it performs a series of checks for conditions that prevent the agent from running correctly. If the agent detects one of the conditions, it writes a message to its health-check log and exits. For more information, see Find Ops Agent troubleshooting information.

Version 2.25.1 of the Ops Agent introduces health checks. When the Ops Agent starts, it performs a series of checks for conditions that prevent the agent from running correctly. If the agent detects one of the conditions, it writes a message to its health-check log and exits. For more information, see Find Ops Agent troubleshooting information.

The Ops Agent now provides Preview support for NVIDIA GPU metrics, including metrics reported from the NVIDIA Management Library (NVML) and the Data Center GPU Manager (DCGM).

When you install the GPU-enabled version of the Ops Agent, NVML metrics are collected automatically. DGCM metrics are available as a third-party integration. For information about configuring the integration, see NVIDIA Data Center GPU Manager. The reference document for Ops Agent metrics includes tables for the NVML metrics and the DCGM metrics.

You can now deploy public container images from Docker Hub to Cloud Run.

Preview: C3 VMs are now available in the following regions:

• Council Bluffs, Iowa, North America : us-central1
• Ashburn, Virginia, North America: us-east4
• Eemshaven, Netherlands, Europe : europe-west4

Preview: You can now use a GPU-enabled Ops Agent to track GPU utilization and GPU memory usage rates for Linux virtual machine instances that have attached GPUs.

Through an available integration with NVIDIA's Data Center GPU Manager (DCGM), you can also track metrics such as Streaming Multiprocessor (SM) block utilization, SM occupancy, SM pipe utilization, PCIe traffic rate, and NVLink traffic rate.

For more information, see Monitoring GPU performance on Linux VMs.

The organization restrictions feature has entered General Availability. The organization restrictions feature helps security administrators to prevent data exfiltration due to phishing or insider attacks. The organization restrictions feature restricts access only to resources in authorized Google Cloud organizations. For more information, see Introduction to organization restrictions.

Text-to-Speech offers these new voices. See the supported voices page for a complete list of voices and audio samples.

• cloud-eu-ES-Standard-A
• cloud-gl-ES-Standard-A

You can now make a dataset and the tables in that dataset case-insensitive when you create a dataset or alter a dataset. This feature is generally available (GA).

You can now run bq commands using service account impersonation. This feature is generally available (GA).

In the Explorer pane, the resource corresponding to the focused tab is now selected. This feature is generally available (GA).

In the Explorer pane, you can now see all the resources in the searched resource's level by clicking Show more. This feature is generally available (GA).

The VAT_NUMBER infoType detector can identify Belgium VAT numbers.

For more information about VAT_NUMBER and other built-in infoType detectors, see InfoType detector reference.

reCAPTCHA Enterprise account defender is now generally available (GA).

You can use this feature to detect and prevent account-related fraudulent activities.

Artifact Registry remote repositories and virtual repositories are now in Preview. These features help you to optimize your build and deployment workflows.

• Remote repositories cache artifacts from external sources, including Docker Hub, Maven Central, PyPI, and the npm registry.
• Virtual repositories provide a single access point to download artifacts from multiple remote or standard repositories. Each upstream repository has a set priority to protect against issues with dependency confusion.

Dialogflow CX added regional support for some system entities. The following system entities:

• @sys.person
• @sys.address
• @sys.geo-city
• @sys.geo-country
• @sys.geo-state

are now available in the following regions for English (en), French (fr), Italian (it), German (de), and Spanish (es) languages:

• europe-west1
• europe-west2
• europe-west3
• northamerica-northeast1

Vertex AI Prediction

Pre-built PyTorch containers for serving predictions from PyTorch models is generally available (GA).

Vertex AI Matching Engine now supports Private Service Connect in Preview. To learn how to set up a a Private Service Connect instance, see Using Private Service Connect.

Video Stitcher API can now insert ads served by Google Ad Manager (GAM) into live streams and VOD assets.

Anthos clusters on VMware 1.13.5-gke.27 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.5-gke.27 runs on Kubernetes 1.24.9-gke.2500.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

The Go 1.20 runtime for App Engine standard environment is now available in preview.

You can now create materialized views over BigLake metadata cache-enabled tables to reference structured data stored in Cloud Storage. This feature is in preview.

Cloud Functions has added support for a new runtime, Go 1.20, at the Preview release level.

Support for resource-level IAM policies for Vertex AI featurestore and entityType resources is generally available (GA). For more information, see Control access to resources.

Dataproc Serverless for Spark now supports unconditional TTL to batches. The workload will be terminated after the TTL without waiting for work to complete.

Dataproc Serverless for Spark now supports statically-sized Dataproc Serverless for Spark batch workloads with more than 500 executors.

Add support for filters when listing batches. Batches may be filtered on one or more of batch_id, batch_uuid, state, or create_time (for example, state = RUNNING AND create_time < "2023-01-01T00:00:0Z"). See Filter expressions for more information.

Error logging for cookieless embed has been improved. Additional error details are logged if an issue is detected while Looker is processing a cookieless embed request.

The Presto and Trino dialects now support the approximate parameter.

A new Center Dashboard Title dashboard control on the Admin > Themes page lets you center dashboard titles on embedded dashboards.

A new parameter, Email Domain Allowlist, has been added to the external settings API. This parameter takes an array of email domains of type: string as input. Email Domain Allowlist validates these email domains and saves them to the email domain allowlist if the domains are valid.

Looker has added merged_queries and join_fields as legal types for extending dashboards.

Preview stage support for the following integration:

• Policy Simulator

Container Analysis automatic scanning for Java and Go vulnerabilities in container images is now generally available. If the Container Scanning API is enabled, it scans container images pushed to Artifact Registry for Java and Go vulnerabilities, in addition to operating system vulnerabilities.

Container Analysis returns Java and Go vulnerability results for images that have a supported or unsupported operating system. When you push new versions of images to the registry, you might see more successful vulnerability scans and corresponding charges against images without a supported operating system.

For more information, see the Types of scanning in the Container Analysis documentation

You can now apply four new types of dynamic data masking to table columns in BigQuery. These new data masking types include date year, email, first four characters, and last four characters masks. This feature is generally available (GA).

Cloud console updates: In the Explorer pane, you can now refresh the contents of a resource (project or dataset). To refresh the contents of a resource, click more_vert View actions, and then click Refresh contents.

The Google Cloud console for Spanner now displays the status and progress of copy backup long-running operations that you have initiated in the console. The operation is visible for 7 days.

Preview: You can modify the description, schedule frequency, or labels for a snapshot schedule instead of creating a new snapshot schedule. For more information, see Change a snapshot schedule.

M104 Release

The M104 release of Vertex AI Workbench managed notebooks includes the following:

• Added a fix for a security vulnerability in single-user managed notebooks instances.
• Made enhancements to the network selection user experience in the managed notebooks executor.
• Minor bug fixes and improvements.

The VerifyAPIKey policy and the VerifyAccessToken action of the OAuth2 policy now support CacheExpiryInSeconds. Setting this variable enforces TTL on the cache and enables customization of the time period for cached token expiry.

You can now create and manage repository connections using Terraform when using Cloud Build repositories (2nd gen). Cloud Build repositories (2nd gen) is available for GitHub and GitHub Enterprise repositories at the preview release stage. To learn more, see the Repositories overview page.

The Cloud SQL Auth proxy is a utility for ensuring secure connections to your Cloud SQL instances. The v2 release offers improvements in performance, stability, and telemetry. Among the new features, there's support for:

• Metrics and tracing with Cloud Monitoring and Cloud Trace
• Support for Prometheus
• Service account impersonation
• Separate Dialer functionality released as the Cloud SQL Go Connector
• Configuration with environment variables
• Fully POSIX-compliant flags

We recommend all customers upgrade to v2 and have released a migration guide. For more information, see Cloud SQL Auth proxy.

The Cloud SQL Auth proxy is a utility for ensuring secure connections to your Cloud SQL instances. The v2 release offers improvements in performance, stability, and telemetry. Among the new features, there's support for:

• Metrics and tracing with Cloud Monitoring and Cloud Trace
• Support for Prometheus
• Service account impersonation
• Separate Dialer functionality released as the Cloud SQL Go Connector
• Configuration with environment variables
• Fully POSIX-compliant flags

We recommend all customers upgrade to v2 and have released a migration guide. For more information, see Cloud SQL Auth proxy.

The Cloud SQL Auth proxy is a utility for ensuring secure connections to your Cloud SQL instances. The v2 release offers improvements in performance, stability, and telemetry. Among the new features, there's support for:

• Metrics and tracing with Cloud Monitoring and Cloud Trace
• Support for Prometheus
• Service account impersonation
• Separate Dialer functionality released as the Cloud SQL Go Connector
• Configuration with environment variables
• Fully POSIX-compliant flags

We recommend all customers upgrade to v2 and have released a migration guide. For more information, see Cloud SQL Auth proxy.

Release 1.12.7

Anthos clusters on bare metal 1.12.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.7 runs on Kubernetes 1.23.

Cloud Spanner now autocompletes and validates the syntax of your DDL statements when you use the Google Cloud console to write DDL statements for your PostgreSQL-dialect databases.

You can now use customer-managed encryption keys (CMEK) to protect Persistent Disks in Cloud Workstations. CMEK in Cloud Workstations is available in Beta. For more information, see Encrypt workstation resources using customer-managed encryption keys.

JavaScript task (Preview)

The JavaScript task lets you write custom JavaScript code snippets for your integration.

Using the JavaScript Editor, you can code complex data mapping logic for your integration, perform variable assignments, and add or modify integration variables.

For more information, see JavaScript task.

Delete integration

You can now delete an entire integration without the need to individually delete all the respective integration versions.

When you delete an integration, you permanently delete all the versions of that integration, including all the integration variables, configured triggers, tasks, and data mappings.

For more information, see Delete integrations.

JavaScript task

The JavaScript task lets you write custom JavaScript code snippets for your integration.

Using the JavaScript Editor, you can code complex data mapping logic for your integration, perform variable assignments, and add or modify integration variables.

For more information, see JavaScript task.

Delete integration

You can now delete an entire integration without the need to individually delete all the respective integration versions.

When you delete an integration, you permanently delete all the versions of that integration, including all the integration variables, configured triggers, tasks, and data mappings.

For more information, see Delete integrations.

The HAVING MAX and HAVING MIN clause for the ANY_VALUE function is now in preview.

You can now view information related to query processing to monitor and optimize queries with the query_info column in INFORMATION_SCHEMA.JOBS, JOBS_BY_FOLDER and JOBS_BY_ORGANIZATION views. This feature is generally available (GA).

To better understand the size and shape of your BigQuery data that's in scope for data profiling, you can run an estimation. Each estimate provides the approximate table count, data size, and profiling cost. For more information on running an estimation, see the following:

• Estimate data profiling cost for an organization or folder
• Estimate data profiling cost for a single project

For more information on data profiling, see Data profiles for BigQuery data.

Cloud Spanner now supports regional endpoints. You can use regional endpoints if your data location must be restricted and controlled to comply with regulatory requirements.

Dialogflow CX now provides flow import options for resolving resource conflicts.

As part of a limited Preview program, you can turn on automatic offer approval for software as a service (SaaS) products. This enables you to schedule specific start dates for new private offers, or amendments to existing private offers.

Retail Search catalog support for Korean, Polish, and Turkish is now generally available (GA). For a list of all languages supported by the Retail Search catalog, see the FAQ.

Network interface support for automating SAP HANA deployments

You can now specify if you want to use Google Virtual NIC (gVNIC) with your VM instance using the new argument nic_type. This argument is available when you automate the deployment of SAP HANA on Google Cloud using the following files:

• Terraform configurations using the module version 202302060649 or later
• Deployment Manager template versions 202302060649 or later

For more information, see the deployment guide for your SAP HANA scenario:

• Automating SAP deployments on Google Cloud with Terraform
• Automating SAP deployments on Google Cloud with Deployment Manager

The version 1.0 release of the Google SCC ITSM app and the Google SCC SIR app, which let you send data, such as findings, sources, assets, and audit logs, from Security Command Center to ServiceNow, is generally available. For information about downloading and installing the new applications, see Sending Security Command Center data to ServiceNow.

The Vertex AI Pipelines Template Gallery is now available in Preview. You can bootstrap your MLOps workflows with Google-authored pipeline and component templates. For more information, see Use a prebuilt template from the Template Gallery.

Preview: While creating a new evaluation, you can now choose how frequently you want to run the evaluation.

You can now deploy multi-architecture container images to Cloud Run if their manifest list includes amd64/linux.

Error Reporting now reports recent application errors for Google Kubernetes Engine workloads of type Deployment or Pod. Go to Kubernetes Engine in the Google Cloud console, and select Workloads. From the overview list, select an entry with type "Deployment" or "Pod" to see details about the workload, including recent application errors.

The SSL_CERTIFICATE infoType detector is available in all regions.

Cloud SQL supports the preview version of the Underprovisioned instance recommender. This service helps you avoid bottlenecks from high CPU and memory usage and minimize the likelihood of out-of-memory events. It gives you recommendations to resize your instances to a machine tier that better suits your workload.

Cloud SQL supports the preview version of the Underprovisioned instance recommender. This service helps you avoid bottlenecks from high CPU and memory usage and minimize the likelihood of out-of-memory events. It gives you recommendations to resize your instances to a machine tier that better suits your workload.

Cloud SQL supports the preview version of the Underprovisioned instance recommender. This service helps you avoid bottlenecks from high CPU and memory usage and minimize the likelihood of out-of-memory events. It gives you recommendations to resize your instances to a machine tier that better suits your workload.

You can now launch clusters with the following Kubernetes versions:

• 1.23.14-gke.1800
• 1.24.9-gke.1500
• 1.25.5-gke.1500

• Upgraded containerd to version 1.6.12.
• Upgraded storage drivers.

You can now launch clusters with the following Kubernetes versions:

• 1.23.14-gke.1800
• 1.24.9-gke.1500
• 1.25.5-gke.1500

• Upgraded containerd to version 1.6.12.
• Upgraded storage drivers.

Kubernetes network policies

Starting in version 1.9, Apigee hybrid offers new Kubernetes network policies to secure Cassandra and Redis pods within an Apigee Hybrid cluster. See Configuring Kubernetes network policies.

CSI Backup and Restore

Starting with Apigee hybrid 1.9, you can back up and restore your hybrid data using CSI (Container Storage Interface) snapshots. CSI backup generates disk snapshots and stores them as encrypted data in cloud storage. See Cassandra CSI backup and restore.

Custom ingress access logs

Starting in version 1.9, Apigee hybrid offers custom log formats for the Apigee Ingress gateway. See Customize Ingress access logs.

Target separate ingress gateways to virtual hosts

Starting in version 1.9, Apigee hybrid you can control how separate Apigee Ingress gateways map to specific virtual hosts. See Targeting an Apigee ingress to a virtual host.

The BigQuery Data Transfer Service can now transfer data from Azure Blob Storage into BigQuery. This feature is now in preview.

The Alerts in Search feature is the newest addition to the UDM Search capability. This new feature allows you to do the following:

• View and investigate all alerts associated with the search query criteria
• See which events are associated with one or more alerts
• See details about alerts in Alert viewer and Alert details
• Pivot to the new Alert view

This feature is being enabled for global customers in a phased manner and is expected to fully roll out over the next month.

Anthos clusters on VMware 1.14.1-gke.39 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.14.1-gke.39 runs on Kubernetes 1.25.5-gke.100.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

The Israel Regions and Support compliance regime is now generally available.

Adds project cleanup guidance where Backup and DR components are deleted or disabled.

Improves metrics reporting for ongoing management console and backup/recovery appliance supportability.

Azure workload identity federation is now generally available (GA) for BigQuery Omni connections. You can now create a connection for federated identity using Google Cloud console.

Cloud CDN supports advanced traffic management using flexible pattern matching with Global External HTTP(S) Load Balancer. This capability allows you to use wildcards anywhere in your path matcher and customize origin routing for different types of traffic, request and response behaviors, and caching policies. In addition, you can use results from your pattern matching to rewrite the path that's sent to the origin. This feature is supported in Preview.

The global external HTTP(S) load balancer now supports advanced traffic management using flexible pattern matching. This allows you to use wildcards anywhere in your path matcher. You can use this to customize origin routing for different types of traffic, request and response behaviors, and caching policies. In addition, you can now use results from your pattern matching to rewrite the path that is sent to the origin.

For details, see URL maps overview: Wildcards and pattern matching operators in path templates for route rules.

This capability is available in Preview.

Natural Language Content Classification v2 model is now Generally Available. This model supports an expanded taxonomy with 1091 content categories and 11 languages. The model is distilled from a Large Language Model with improved performance over the v1 offering.

Table sizes statistics are now generally available. They help you get insights into the size of individual tables in your database. For more information, see Table sizes statistics.

Support for resource location organization policies for Cloud Tasks is now at General Availability. To learn more, see the Resource Manager entry for Cloud Tasks.

Generally available: You can now use an instance template to define the properties of a reservation and the VMs that can consume the reservation in the same place. Learn how to create a reservation by specifying an instance template.

Add field to mark raw document file type as TIFF

Document table filter and text search state are synced with the URL to allow users to easily save and share filter settings.

The following Media CDN features are now Generally Available:

• Configuring Media CDN to follow origin redirects
• Manipulating headers on a per-origin basis

For more information, see Failover and timeouts and Example: Failover with redirect following.

You can search for BigQuery partners in the BigQuery Partner Center. This feature is in Preview.