Google Cloud release notes

The limit for maximum result size (20 GiB logical bytes) when querying Azure or Amazon Simple Storage service (S3) data is now generally available (GA). Querying Azure and Amazon S3 data are now subject to the following quotas and limitations:

• The maximum row size is 10 MiB. For more information, see Quotas for query jobs.

• If your query uses the ORDER BY clause and has a result size larger than 256 MB, then your query fails. Previously, this limit was 2 MB. For more information, see Limitations.

Cloud Spanner integration with Data Catalog is now available in Preview in the europe-central2 region.

For more information, see Manage resources using Data Catalog.

Dataflow cost monitoring is now available in preview.

To help you understand and test the discovery service, Cloud DLP has made it easier for you to test profiling on a single table. You can profile up to 25 tables at no additional charge, one at a time. Only tables that are less than or equal to 1 TB in size can be profiled for free. For more information, see Profile a table in test mode.

Support for Identity-aware Proxy (IAP) with Cloud Run to use identity and context to guard access to your applications is now at general availability (GA).

Datetime properties filtering is supported in the Document AI Warehouse UI.

Support for Identity-aware Proxy (IAP) with Cloud Run to use identity and context to guard access to your applications is now at general availability (GA).

The following products are now supported. See Supported products for more information:

• Cloud DNS
• Cloud Interconnect
• Cloud Load Balancing
• Cloud NAT
• Cloud Router
• Cloud VPN
• Identity and Access Management (IAM)
• Identity-Aware Proxy
• Network Connectivity Center
• Virtual Private Cloud
• VPC Service Controls

The EU Regions and Support compliance regime now supports the following products. See Supported products for more information:

• Cloud DNS
• Cloud Interconnect
• Cloud Load Balancing
• Cloud NAT
• Cloud Router
• Cloud VPN
• Identity-Aware Proxy
• Network Connectivity Center
• Virtual Private Cloud
• VPC Service Controls

The EU Regions and Support with Sovereignty Controls compliance regime now supports the following products. See Supported products for more information:

• Cloud DNS
• Cloud Interconnect
• Cloud Load Balancing
• Cloud NAT
• Cloud Router
• Cloud VPN
• Identity-Aware Proxy
• Network Connectivity Center
• Virtual Private Cloud
• VPC Service Controls

The add data demo guide walks you through the process of adding data to BigQuery through popular sources and is now in preview.

You can now set up cascading read replicas after you migrate data to a Cloud SQL destination instance using Database Migration Service. To find out how to set up cascading read replicas for a Cloud SQL for MySQL instance, click here. To find out how to set up cascading read replicas for a Cloud SQL for PostgreSQL instance, click here.

Cloud Functions now supports the use of the Yarn 2 package manager with private Node.js modules.

Regional external and regional internal HTTP(S) load balancers now support using Cloud Run services as backends for the load balancer. This is configured using a serverless network endpoint group (NEG).

For details, see:

• Serverless NEG concepts
• Set up a regional external HTTP(S) load balancer with a Cloud Run backend
• Set up an internal HTTP(S) load balancer with a Cloud Run backend

This feature is available in General availability.

Forwarding rules for external TCP/UDP network load balancers can now be configured to direct traffic coming from a specific range of source IP addresses to a specific backend service (or target instance). This is called traffic steering.

For details, see:

• Network load balancer overview: Traffic steering
• Configure traffic steering

This capability is in General availability.

Regional external and regional internal HTTP(S) load balancers now support using Cloud Run services as backends for the load balancer. This is configured using a serverless network endpoint group (NEG).

For details, see:

• Serverless NEG concepts
• Setting up a regional external HTTP(S) load balancer with a Cloud Run backend
• Setting up an internal HTTP(S) load balancer with a Cloud Run backend

This feature is available in General availability.

Cascading Replicas is now generally available when migrating from external servers. You can now configure migrated replicas to have read replicas under them before promoting them to primary replica. To learn more, see External Server Cascading Replicas.

Cascading Replicas is now generally available when migrating from external servers. You can now configure migrated replicas to have read replicas under them before promoting them to primary replica. To learn more, see External Server Cascading Replicas.

M106 Release

• Miscellaneous software updates.

M106 Release

• Rolled back a previous change in which Jupyter dependencies were located in a separate Conda environment.
• Miscellaneous software updates.

Support for Manifest in Storage Transfer Service is now generally available (GA). You can use Manifest to transfer a specific list of objects, object versions, and files from cloud and on-premises sources. Programmatic users can use the output of an upstream operation generating a list of files and objects as an input for Storage Transfer Service to act upon.

Overlays can now be created using PNG images (with or without transparency).

M106 Release

The M106 release of Vertex AI Workbench user-managed notebooks includes the following:

• Rolled back a previous change in which Jupyter dependencies were located in a separate Conda environment.
• Fixed a bug in which kernels used by notebooks did not contain the specified machine learning frameworks.
• Miscellaneous software updates.

This release includes the following Anthos attached clusters platform versions:

• 1.21.0-gke.1
• 1.22.0-gke.1
• 1.23.0-gke.3
• 1.24.0-gke.2
• 1.25.0-gke.2

You can now launch clusters with the following Kubernetes versions:

• 1.23.16-gke.2800
• 1.24.10-gke.1200
• 1.25.6-gke.1600

You can now launch clusters with the following Kubernetes versions:

• 1.23.16-gke.2800
• 1.24.10-gke.1200
• 1.25.6-gke.1600

The Node.js runtime now supports the use of Yarn 2 for configuring private modules hosted in Artifact Registry.

Non-incremental materialized views support most SQL queries, including OUTER JOIN, UNION, and HAVING clauses, as well as analytic functions. This feature is in preview.

A new interface for creating charts with Metrics Explorer is in Public Preview. For more information, see Create charts with Metrics Explorer.

Cloud Storage FUSE is now available in Preview. You can use Cloud Storage FUSE to mount and access storage buckets as local file systems.

• Get started with mounting buckets using Cloud Storage FUSE.
• Learn about integrations between Cloud Storage FUSE and other Google Cloud products.

The g2-standard machine family with NVIDIA L4 is available in Preview for node pools in clusters running GKE version 1.22 and later. To select the machine family, use the --machine-type flag in your create command.

Workforce identity federation and workload identity federation can now accept encrypted SAML assertions. The feature is generally available (GA). To use the feature, locate the Create the workload identity pool and provider section in the configuration guide for your identity provider and follow the gcloud CLI instructions for the SAML workflow.

General Availability: Private Service Connect endpoints with consumer HTTP(S) controls support accessing regional Google APIs and published services using the following load balancers:

• Regional internal HTTP(S) load balancer
• Regional external HTTP(S) load balancer

Anthos Service Mesh now supports multi-cluster, multi-network meshes on Anthos clusters on Azure. See Install Anthos Service Mesh for more information.

Users can generate Supply chain Levels for Software Artifacts (SLSA) build provenance information for standalone Maven and Python packages when they upload artifacts to Artifact Registry using new fields available in the Cloud Build config file. This feature is generally available. For more information, see Build and test Java applications and Build and test Python applications.

Preview: Accelerator-optimized (G2) machine types are now available on Compute Engine. Each G2 machine type has a fixed number of NVIDIA® L4 GPUs attached to support your next generation graphics performance workloads. The G2 machine types are available in the following three regions:

• Iowa, North America: us-central1-a,b
• Netherlands, Europe: europe-west4-a
• Singapore, APAC: asia-southeast1-b

Datastream support for BigQuery as destination is now generally available (GA). For more information, click here.

Datastream support for PostgreSQL as source is now generally available (GA). For more information, click here.

Google Cloud Deploy now provides the ability to use a canary deployment strategy, supported in preview.

The Vertex AI Matching Engine service now offers Preview support for deploying an index to a public endpoint. For information about how to get started, see Matching Engine Setup.

Vertex AI Prediction

You can now view logs for Vertex AI Batch Prediction jobs in Cloud Logging.

Anthos clusters on VMware 1.14.3-gke.25 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.14.3-gke.25 runs on Kubernetes 1.25.5-gke.100.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

Secret Manager - Access task (Preview)

The Secret Manager - Access task lets you access secret versions that are stored in Cloud Secret Manager from your integration.

For more information, see Secret Manager - Access task.

The PHP 8.2 runtime for App Engine standard environment is now available in preview.

Secret Manager - Access task

The Secret Manager - Access task lets you access secret versions that are stored in Cloud Secret Manager from your integration.

For more information, see Secret Manager - Access task.

Google has added Australia (Sydney) as a new region for Chronicle customers. Chronicle can now store customer data in this region. This also adds a new regional endpoint for Chronicle APIs at https://australia-southeast1-backstory.googleapis.com/.

Cloud Functions has added support for a new runtime, PHP 8.2, at the Preview release level.

Internal HTTP(S) load balancers and internal TCP proxy load balancers now support global access. By default, clients for these load balancers must be in the same region as the load balancer. With global access enabled, clients can access the load balancer from any region. They still must be in the same VPC network as the load balancer or in a VPC network that's connected to the load balancer's VPC network by using VPC Network Peering.

For instructions, see the following:

• Enable global access for internal HTTP(S) load balancers
• Enable global access for internal TCP proxy load balancers

This capability is in General availability.

You can now configure metric-based alerting policies to send repeated notifications for open and acknowledged incidents. For more information, see Send repeated notifications.

Support for specifying the encoding of the event payload data as either application/json or application/protobuf through an eventDataContentType field is available.

GKE now supports a streamlined Fleet registration process, allowing users to register their clusters to a Fleet directly when clusters are created using the gcloud command. For more information, see Register a GKE cluster to your fleet.

Secret Manager support for zone separation is now generally available.

Batch mode is now supported. You can use it to create thousands of jobs that will be processed on a first in, first out basis.

The Vertex AI Model Registry now offers Preview support for model copy between regions. For information about how to copy your model between regions, see Copy models in Model Registry.

Cluster lifecycle improvements 1.13.1 and later

Starting with Anthos clusters on bare metal release 1.13.1, you can use the Google Cloud console or the gcloud CLI to create admin clusters. For more information, see the documentation for your version of Anthos clusters on bare metal:

• 1.13: Create an admin cluster using Anthos On-Prem API clients

• 1.14: Create an admin cluster using Anthos On-Prem API clients

You can now view Bare Metal Solution infrastructure metrics in the Google Cloud console. This feature is generally available (GA).

Cloud Bigtable instance and table metadata is now automatically synced to Data Catalog, a feature of Dataplex, for improved data discovery and governance. Metadata is not synced for a project with an organization policy that restricts resource locations. To get started, see Manage data assets using Data Catalog. This feature is available in Preview.

Cloud Spanner integration with Data Catalog is now available in Preview. Data Catalog is a fully managed, scalable metadata management service within Dataplex. It automatically catalogs metadata about Cloud Spanner instances, databases, tables, columns, and views. For Preview, integration with Data Catalog is not available in the europe-central2 region.

For more information, see Manage resources using Data Catalog.

You can use a pre-customized snapshot as the source of a Persistent Disk in Cloud Workstations. For more information, see About disk snapshots. See also the sourceSnapshot within GceRegionalPersistentDisk field added to the following REST API resources: workstation configurations, and source_snapshot in the following RPC resources: workstations.v1beta.

Cloud Workstations is available in the following region:

• asia-northeast1 (Japan)

For more information, see Locations.

Generally available: You can use the Regional disk replica state metric in Cloud Monitoring to track the states of your regional Persistent Disk zonal replicas. You can also use the metric data to determine the replication state of your regional Persistent Disk volumes.

Learn more about zonal replication for regional Persistent Disk and how to monitor the states of regional Persistent Disk zonal replicas.

M105 Release

• The following Deep Learning Containers images are now available with Python 3.10 on Debian 11:

  • TensorFlow 2.11 CPU (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-cpu.2-11.py310:latest)
  • TensorFlow 2.11 GPU with Cuda 11.3 (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-gpu.2-11.py310:latest)
  • PyTorch 1.13 with Cuda 11.3 (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/pytorch-gpu.1-13.py310:latest)
  • Base CPU (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/base-cpu.py310:latest)
  • Base GPU with Cuda 11.3 (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/base-cu113.py310:latest)

• The following Deep Learning Containers images are now available with Python 3.9 on Debian 11:

  • TensorFlow 2.6 CPU (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-cpu.2-6.py39:latest)
  • TensorFlow 2.6 GPU with Cuda 11.3 (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-gpu.2-6.py39:latest)

• Miscellaneous bug fixes and improvements.

M105 Release

• The following Deep Learning VM images are now available with Python 3.10 on Debian 11:

  • TensorFlow 2.11 CPU (tf-2-11-cpu-debian-11-py310)
  • TensorFlow 2.11 GPU with Cuda 11.3 (tf-2-11-cu113-debian-11-py310)
  • PyTorch 1.13 with Cuda 11.3 (pytorch-1-13-cu113-debian-11-py310)
  • Base CPU (common-cpu-debian-11-py310)
  • Base GPU with Cuda 11.3 (common-cu113-debian11-py310)

• The following Deep Learning VM images are now available with Python 3.9 on Debian 11:

  • TensorFlow 2.6 CPU (tf-2-6-cpu-debian-11-py39)
  • TensorFlow 2.6 GPU with Cuda 11.3 (tf-2-6-cu113-debian-11-py39)

• Jupyter-related libraries have been moved to a different Conda environment, separate from the one containing machine learning frameworks and base software libraries.

• Miscellaneous bug fixes and improvements.

Security Command Center supports CIS Google Cloud Computing Foundations Benchmark v1.3.0.

The following detectors are new for v1.3.0:

• Access transparency disabled
• Cloud Asset API disabled
• Dataproc CMEK disabled
• Essential contacts not configured
• Flow logs settings not recommended

The following detectors have been updated:

• Audit logging disabled

For more information about Security Command Center support for standards and compliance, see the following:

• Detectors and compliance
• CIS Google Cloud Computing Platform Benchmarks

M105 Release

The M105 release of Vertex AI Workbench user-managed notebooks includes the following:

• The following user-managed notebooks images are now available with Python 3.10 on Debian 11:

  • TensorFlow 2.11 CPU (tf-2-11-cpu-notebooks-debian-11-py310)
  • TensorFlow 2.11 GPU with Cuda 11.3 (tf-2-11-cu113-notebooks-debian-11-py310)
  • PyTorch 1.13 with Cuda 11.3 (pytorch-1-13-cu113-notebooks-debian-11-py310)
  • Base CPU (common-cpu-notebooks-debian-11-py310)
  • Base GPU with Cuda 11.3 (common-cu113-notebooks-debian11-py310)

• The following user-managed notebooks images are now available with Python 3.9 on Debian 11:

  • TensorFlow 2.6 CPU (tf-2-6-cpu-notebooks-debian-11-py39)
  • TensorFlow 2.6 GPU with Cuda 11.3 (tf-2-6-cu113-notebooks-debian-11-py39)

• Jupyter-related libraries have been moved to a different Conda environment, separate from the one containing machine learning frameworks and base software libraries.

Artifact Registry is now available in the me-central1 region (Doha, Qatar).

The Australia Regions with Assured Support compliance regime is now generally available.

BigQuery Partner Center, which can be used to discover and try validated partner applications, is now generally available (GA). In addition, the Google Cloud Ready - BigQuery initiative has added 14 new partners.

UDM Search - Grouped fields

Grouped fields are aliases for groups of related UDM fields. You can use them to query multiple UDM fields at the same time without typing each field individually. For example, you can use the IP address grouped field to search for an IP address across most of the common UDM IP address fields.

You can match a grouped field using a regular expression and using the nocase operator. Reference lists are supported. Grouped fields can be used in combination with regular UDM fields. Grouped fields also have a separate section in Quick Filters.

Cloud KMS is available in the following region:

• me-central1

For more information, see Cloud KMS locations.

The following new region is now available: me-central1.

Support for me-central1 (Doha) region.

Support for me-central1 (Doha) region.

Support for me-central1 (Doha) region.

Cloud SQL supports the SqlPackage utility of SQL Server for importing and exporting data.

Cloud SQL supports the bcp utility of SQL Server for importing and exporting data.

You can create Cloud Spanner regional instances in Doha, Qatar (me-central1).

Cloud Storage is now available in Doha, Qatar (me-central1 region).

Cloud VPN is now available in region me-central1 (Doha, Qatar).

Pricing is available on the Cloud VPN pricing page.

You can use container output logging to view standard output and standard error logs generated by a workstation container.

Generally available: Doha, Qatar, Middle East me-central1-a,b,c has launched with E2 and N2 VMs available in all three zones.

See VM instance pricing for details.

Preview: Persistent Disk Asynchronous Replication (PD Async Replication) provides low recovery point objective (RPO) and low recovery time objective (RTO) block storage replication for cross-region active-passive disaster recovery. For more information, see About Persistent Disk Asynchronous Replication.

Added support for IAMAccessBoundaryPolicy resource.

Introduced configurable reconciliation interval feature.

Added mode, remoteRepositoryConfig, virtualRepositoryConfig fields to ArtifactRegistryRepository

Added scheduling.maintenanceInterval field to ComputeInstance.

Added scheduling.maintenanceInterval field to ComputeInstanceTemplate.

Added groupPlacementPolicy.maxDistance field to ComputeResourcePolicy.

Added deletionPolicy field to ComputeSharedVPCServiceProject.

Added protectConfig field to ContainerCluster.

Added transferSpec.sinkAgentPoolName, transferSpec.sourceAgentPoolName fields to StorageTransferJob.

Added spec.bitbucketServerTriggerConfig, spec.github.enterpriseConfigResourceNameRef fields to CloudBuildTrigger.

Added spec.diskEncryptionKey.rsaEncryptedKey field to ComputeDisk.

Added spec.rateLimitOptions.enforceOnKeyConfigs field to ComputeSecurityPolicy.

Added spec.kubeletConfig.podPidsLimit field to ContainerCluster.

Added spec.kubeletConfig.podPidsLimit field to ContainerNodePool.

Added spec.instanceType field to SQLInstance.

Dataflow is now available in Doha (me-central1).

Dataproc is now available in the me-central1 region (Doha).

The me-central1 region in Doha, Qatar is now available.

Secret Manager is now available in the following region:

• me-central1

For more information, see Secret Manager locations.

For auto mode VPC networks, added a new subnet 10.212.0.0/20 for the Doha me-central1 region. For more information, see Auto mode IP ranges.

AlloyDB Omni is available in Preview. AlloyDB Omni is a downloadable edition of AlloyDB for PostgreSQL that lets you run a containerized AlloyDB database engine in your own computing environment.

Artifact Registry is now available in the europe-west12 region (Turin, Italy).

Compute (analysis) is now generally available (GA) in three new BigQuery editions: Standard, Enterprise, and Enterprise Plus. These editions support the slots autoscaling model to meet your organizations' needs and budgets.

Autoscaling slots are now generally available (GA). Autoscaling slot reservations and commitments created during the feature's preview have been set to BigQuery Enterprise edition.

The rollout of the following PostgreSQL minor versions, extension versions, and plugin versions is currently underway:

Minor versions

• 10.21 is upgraded to 10.22.
• 11.16 is upgraded to 11.17.
• 12.11 is upgraded to 12.12.
• 13.7 is upgraded to 13.8.
• 14.4 is upgraded to 14.5.

Extension and plugin versions

• plv8 is upgraded from 3.1.2 to 3.1.4.
• wal2json is upgraded from 2.3 to 2.4.
• pgTAP is upgraded from 1.1.0 to 1.2.0.
• PostGIS is upgraded from 3.1.4 to 3.1.7.
• pg_partman is upgraded from 4.5.1 to 4.7.0.
• pg_wait_sampling is upgraded from 1.1.3 to 1.1.4.
• pg_hint_plan is upgraded from 1.3.7 to 1.4.
• pglogical is upgraded from 2.4.1 to 2.4.2.

If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

The new maintenance version is [PostgreSQL version].R20230316.02_02. To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

Cloud Workstations is available in the following regions:

• asia-south1 (India)
• us-east4 (Virginia, North America)

For more information, see Locations.

Allow users to upload and view TIFF file types in the UI.

Starting from GKE 1.26, cluster autoscaler can drain Pods from multiple nodes in parallel. The removal criteria are not changing, so the end state after scale down is going to be the same, but it will be achieved faster.

Release 1.12.9

Anthos clusters on bare metal 1.12.9 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.9 runs on Kubernetes 1.23.

Artifact Registry repositories with gcr.io domain support are now generally available. These repositories can host your existing Container Registry images and automatically redirect requests for gcr.io hosts to corresponding Artifact Registry repositories.

You can now use the tf_version training option to specify the Tensorflow (TF) version during model training. By default, tf_version is set as '1.15'. If you want to use TF2 with Keras API, you can add tf_version = '2.8.0' when creating the model.

You can now use the xgboost_version training option to specify the XGBoost version during model training. By default, xgboost_version is set as '0.9'. You can choose XGBoost version 1.1 by specifying xgboost_version = '1.1'.

You can now use the instance_weight_col training option to identify the column containing weights for each data point in the training dataset. Currently the instance_weight_col option is only available for boosted tree and random forest models with non-array feature types.

You can now import model artifacts saved in ONNX, XGBoost, and TensorFlow Lite formats into BigQuery for inference, allowing you to leverage models built in popular frameworks directly within the BigQuery ML inference engine.

You can also host models remotely on Vertex AI Prediction and do inference with BigQuery ML, removing the need to build data pipelines manually.

You can do inference with Google Cloud's state of the art pretrained models using Cloud AI service table-valued functions (TVFs) to get insights from your data. The TVFs work with Cloud Vision API, Cloud Natural Language API and Cloud Translation API.

These features are in preview. To enroll to use this feature, complete the enrollment form.

The changes in the September 15, 2022 Release Notes entry for read replica maintenance are now available. Cloud SQL read replicas follow the maintenance settings for the primary instance, including the maintenance window, rescheduling, and the deny maintenance period. During the maintenance event, Cloud SQL maintains the replicas before maintaining the primary instance. For more information, see How does maintenance affect read replicas?

The changes in the September 15, 2022 Release Notes entry for read replica maintenance are now available. Cloud SQL read replicas follow the maintenance settings for the primary instance, including the maintenance window, rescheduling, and the deny maintenance period. During the maintenance event, Cloud SQL maintains the replicas before maintaining the primary instance. For more information, see How does maintenance affect read replicas?

The changes in the September 15, 2022 Release Notes entry for read replica maintenance are now available. Cloud SQL read replicas follow the maintenance settings for the primary instance, including the maintenance window, rescheduling, and the deny maintenance period. During the maintenance event, Cloud SQL maintains the replicas before maintaining the primary instance. For more information, see How does maintenance affect read replicas?

Cloud SQL now exposes 38 new metrics. These metrics improve observability of Cloud SQL for SQL Server instances, helping you investigate performance issues and resource bottlenecks. You can find these metrics in the Metrics explorer within the Monitoring dashboard.

For more information about these metrics, see Cloud SQL Metrics.

Generally Available: You can test how workloads running on sole-tenant nodes behave during a host maintenance event, and see the effects of the sole-tenant VM's host maintenance policy on the applications running on the VMs.

For more information, see Simulate host maintenance events on sole-tenant nodes.

Vertical Autoscaling now supports batch jobs.

Dataproc cluster creation now supports the pd-extreme disk type.

DocAI Warehouse Pipelines (preview):

• Cloud-storage-ingest pipelines

• Export-to-Workbench pipeline

• Process-with-DocAI pipeline

BigQuery Connector (preview): Supports batch exports of document metadata into BigQuery, which enables users to do data analysis, create reports and dashboards. For example, data visualization using BI dashboards.

Eventarc support for creating triggers for direct events from Cloud Dataflow is available in Preview.

Self-service maintenance is now Generally Available for Memorystore for Redis.

Preview: Added support for refactoring WordPress Servers running on Apache2 Linux to containers, which lets you deploy WordPress sites as containers on GKE, GKE Autopilot clusters, Anthos clusters, and Cloud Run.

For more information, see Migrate a WordPress site.

Introduced the following features for JBoss migration:

• Support for JBoss versions has been extended and Migrate to Containers now supports migration of JBoss EAP versions 7.0 - 7.4 to equivalent Wildfly community based container images, besides migrations of Wildfly versions 8.1.0 - 26.1.1.
• Secrets are now automatically created from extracted security realms configuration and key-stores. This new feature fixes potential security risks and lets you update secrets without having to recreate images.
• The targetImageHome property has been added to the migration plan to allow users to specify an alternative container image with a different JBOSS_HOME location.
• The ExcludeFiles property has been added to the migration plan, which lets you explicitly exclude files and directories from the container image.
• The data migration feature now automates the creation and mounting of a Persistent Volume Claim (PVC) for the $JBOSS_HOME/standalone/data directory. This directory is available for use by services that require storing content in the file system.

Vertex AI Pipelines cost showback with billing labels is now generally available (GA). You can now use billing labels to review the cost of a pipeline run, along with the cost of individual resources generated from Google Cloud Pipeline Components in the pipeline run. For more information, see Understand pipeline run costs.

BigQuery now supports change data capture (CDC) by processing and applying streamed changes in real-time to existing data using the BigQuery Storage Write API. This feature is in preview.

Cloud Composer 2 now supports access with external identities through workforce identity federation.

Cloud Functions has added support for a new runtime, Go 1.20, at the General Availability release level.

The Cloud Healthcare API offers single-region support in the me-west1 (Tel Aviv, Israel) region.

The Cloud Logging API now supports the following region:

• Doha: me-central1

Cloud SQL now supports the Linked Servers functionality of SQL Server. You can use this capability to integrate data from multiple sources and distribute queries across multiple servers. To learn more, see About linked servers.

The Cloud SQL Active Directory (AD) Diagnosis tool helps you troubleshoot issues that you might face while connecting to AD-enabled Cloud SQL for SQL Server instances, using an on-premises AD domain.

Confidential Space. The assertion.submods.confidential_space.support_attributes assertion can be used to verify the support status of the Confidential Space image being used. It can be used, for example, to ensure that the workload is running on the latest version of the Confidential Space image.

Metadata federation now supports Dataplex lakes as a metadata source (in preview)

Dialogflow CX now provides the TO_NUMBER system function.

The Document AI OCR Processor (Doc OCR) now has the following features:

• The OCR Processor supports language hints. The OCR engine prefers your specified languages over inferred languages. To use this feature, set process_options.ocr_config.hints.language_hints with a list of BCP-47 language codes in your API request to the OCR Processor.
• The OCR Processor supports the option to populate symbol-level data in the document response. If enabled, the field document.pages.symbols is populated. To use this feature, set process_options.ocr_config.enable_symbol=true in your API request to the OCR Processor.
• A proto converter tool that converts a Document proto to an AnnotateFileResponse proto. This conversion lets you compare the responses between the Document AI OCR processor with the Vision API, which can help you migrate to the Document AI OCR processor from Vision API with minimal downstream changes. For details, see Document AI Toolbox.
• The OCR Processor supports a heuristics layout detection algorithm, which serves as an alternative to the current ML-based layout detection algorithm. You can choose the layout algorithm that best suits your needs. To use this feature, set process_options.ocr_config.advanced_ocr_options= legacy_layout in your API request to the OCR Processor.

M105 Release

The M105 release of Vertex AI Workbench managed notebooks includes the following:

• Fixed an issue wherein a runtime with idle shutdown enabled doesn't detect activity and shuts down.
• Fixed an issue wherein the runtime data disk runs out of space and prevents access.
• Fixed an issue wherein end user credentials are not preserved after shutdown.
• Changed Health Agent logging levels from DEBUG to INFO.

Access Approval supports Firestore in the Preview stage.

Access Transparency supports Certificate Authority Service in the GA stage.

Release 1.14.3

Anthos clusters on bare metal 1.14.3 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.3 runs on Kubernetes 1.25.

You can now use ssh to log in to App Engine flexible environment instances that use only internal IP addresses.

You can now use ssh to log in to App Engine flexible environment instances that use only internal IP addresses.

You can now use ssh to log in to App Engine flexible environment instances that use only internal IP addresses.

You can now use ssh to log in to App Engine flexible environment instances that use only internal IP addresses.

You can now use ssh to log in to App Engine flexible environment instances that use only internal IP addresses.

You can now use ssh to log in to App Engine flexible environment instances that use only internal IP addresses.

You can now use ssh to log in to App Engine flexible environment instances that use only internal IP addresses.

You can now use ssh to log in to App Engine flexible environment instances that use only internal IP addresses.

The Go 1.20 runtime for App Engine standard environment is now generally available.

Backup and DR Service now supports archive snapshots for Compute Engine instance backups.

Simplified experience for updating backup/recovery appliances from the management console.

Cloud EKM now supports coordinated external keys.

Coordinated external keys let you create and manage keys in a compatible external key management system from Cloud KMS over a VPC network. For more information, see EKM key management from Cloud KMS.

Thales CipherTrust Cloud Key Manager is the first external key management partner system that is compatible with EKM key management from Cloud KMS.

Google Cloud Managed Service for Prometheus: You can use the OpenTelemetry Collector to scrape standard Prometheus metrics and report them to Managed Service for Prometheus. For more information, see Get started with the OpenTelemetry Collector.

Workspace compilation overrides are available in Preview.

OR queries now available in Preview.

OR queries now available in Preview.

Alpha release of AssignImage mutator, which allows mutation of Docker image paths. For reference, see AssignImage under Mutation in the OPA Gatekeeper documentation.

The constraint template library includes a new template: VerifyDeprecatedAPI. For reference, see the Constraint template library.

Configuring Certificate Authority connectivity through a HTTP CONNECT-based proxy is now generally available (GA). For more information, see Configure Certificate Authority connectivity through a proxy.

Users are now able to enable the content security policy feature for their portal for Apigee and Apigee hybrid. Previously, this feature was available in Apigee Edge only.

See: Configure a content security policy

Public preview release of Advanced API Security abuse detection

Advanced API Security's new abuse detection feature lets you view security incidents involving your APIs. Abuse detection uses Google's machine learning algorithms to detect API traffic patterns that are a sign of malicious activity targeting your APIs.

Abuse detection includes two new types of detection rules powered by machine learning models:

• Advanced Anomaly Detection: Detects unusual patterns of API traffic.
• Advanced API scraper: Detects attempts to extract information from APIs for malicious purposes.

Go 1.18 and 1.19 are now generally available. These versions require you to specify an operating system version in your app.yaml. Learn more.

The immutable tags setting is now in Preview for Docker repositories. When tags are immutable, you cannot change the image digest that a tag references in the repository. You can configure this setting when you create a repository or change the setting on an existing repository.

Cloud Bigtable is now available in the europe-west12 (Turin) region. For more information, see Bigtable locations.

Cloud KMS is available in the following region:

• europe-west12

For more information, see Cloud KMS locations.

The following new region is now available: europe-west12.

Cloud SQL for MySQL now supports minor version 8.0.32. To upgrade your existing instance to the new version, see Upgrade the database minor version.

Support for europe-west12 (Turin) region.

Support for europe-west12 (Turin) region.

Support for europe-west12 (Turin) region.

You can create Cloud Spanner regional instances in Turin, Italy (europe-west12).

Cloud Storage is now available in Turin, Italy (europe-west12 region).

Cloud VPN is now available in region europe-west12 (Turin, Italy).

Pricing is available on the Cloud VPN pricing page.

Generally available: Turin, Italy, Europe europe-west12-a,b,c has launched with E2, N2, N2D, and T2D VMs available in all three zones. See VM instance pricing for details.

Dataflow is now available in Turin (europe-west12).

Dataproc is now available in the europe-west12 region (Turin).

The europe-west12 region in Turin, Italy is now available.

The ability to dismiss a recommendation is generally available via Recommender API

The export to BigQuery feature now supports custom pricing and non-project scoped recommendations.

The global Recommender Viewer role is now available to get view access to all insights and recommendations available.

Secret Manager is now available in the following region:

• europe-west12

For more information, see Secret Manager locations.

The March 20, 2023 release of the Google Cloud SCC content pack for sending Security Command Center data to Cortex XSOAR is generally available.

This version includes support for multiple Google Cloud organizations, bug fixes, and supportability improvements.

For information about downloading and installing the new content pack, see Upgrade the Google Cloud SCC content pack.

The version 3.0 release of the Google SCC App for QRadar, which lets you send Security Command Center data to QRadar v7.4.1FP2+, is generally available.

This version includes support for multiple Google Cloud organizations, bug fixes, and supportability improvements.

For information about downloading and installing the new application, see Upgrade the Google SCC app.

The version 3.0 release of the Google SCC App for ELK, which lets you send Security Command Center data to Elastic Stack, is generally available.

This version includes support for multiple Google Cloud organizations, bug fixes, and supportability improvements.

For information about downloading and installing the new application, see Upgrade the Docker container.

The version 2.0 release of the Google SCC Add-on For Splunk and the Google SCC App For Splunk, which let you send Security Command Center data to Splunk, is generally available.

This version includes support for multiple Google Cloud organizations, bug fixes, and supportability improvements.

For information about downloading and installing the new applications, see Upgrade Google SCC App for Splunk and Google SCC Add-on for Splunk.

For auto mode VPC networks, added a new subnet 10.210.0.0/20 for the Turin europe-west12 region. For more information, see Auto mode IP ranges.

Customize SSL certs for access routing when provisioning Apigee Pay-as-you-go organizations.

Users can now select existing self-managed SSL certs when customizing access routing during Apigee Pay-as-you-go provisioning. For more information, see Step 4: Customize access routing .

Receive Cloud console notifications when Pay-as-you-go provisioning completes.

While provisioning is in progress, users can navigate away from the Apigee provisioning page and monitor notifications in the Cloud console for updates when provisioning completes.

BigQuery now supports Unicode column naming using international character sets, alphanumeric and special characters. Existing columns can use these new capabilities using the RENAME command. This feature is now in preview.

Policy Engine:

• Modify RuleSet APIs logic to auto-populate RuleId field during create RuleSet call and allow Rules update using existing RuleId
• Publish action messages by default will include Schema name, Document name, RuleSet name, Rule Id, Action Id and trigger type information.

Model event management with Cloud Functions and Pub/Sub

The Vertex AI Vision event management feature lets you generate and send event notifications through Pub/Sub topics by:

• Enabling supported models* to output to Cloud Function for data processing and events generation.
• In-product support to send generated event to configured Pub/Sub topics.
• An easy configuration of the event management system in the Vertex AI Vision Studio.

* GA event management is available for the following models:

• Occupancy analytics pre-trained model
• Vertex AI custom-trained models imported into a Vertex AI Vision application

For more information, see the Enable model event notification with Cloud Functions and Pub/Sub.

Release 1.13.6

Anthos clusters on bare metal 1.13.6 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.6 runs on Kubernetes 1.24.

Network Load Balancing now supports user-specified weights on the backend service. This allows you to manage the backend load distribution of your load balancer and avoid overloading them.

For details, see:

• Weighted load balancing
• Configure weighted load balancing

This feature is in General Availability.

Smaller read replicas are now available for Cloud SQL. Read replicas no longer require the same or more CPUs and RAM than their primary instances.

The following functions and expressions have been added to the GoogleSQL dialect:

• ARRAY_FILTER function
• ARRAY_TRANSFORM function
• Lambda expressions

Dialogflow CX sentiment analysis now supports all regions supported by Dialogflow CX and over 70 new languages.

Support for triggering a workflow within a service perimeter using VPC Service Controls is generally available (GA).

Preview mode is now Generally Available for advanced network DDoS protection, allowing you to receive all the logging and telemetry about the detected attack without enforcing the mitigation.

Pub/Sub is now available in Turin, Italy (europe-west12).

Generally available: In projects protected by a service perimeter, and if using Eventarc to route events to Workflows destinations, you can create a new push subscription through Eventarc where the endpoint is set to a Workflows execution. To know more, see Set up a service perimeter using VPC Service Controls.

Vertex AI supports running Explainable AI on certain types of BQML models when they are added to the Vertex AI Model Registry (GA). To learn more, see Explainable AI for BigQuery ML models.

Vertex AI Feature Store

The ability to delete feature values from an entity type is now generally available (GA). The following features are available:

• Delete feature values from specified entities
• Delete feature values from specified features within a time range

Links to additional resources:

• Learn more about the delete_feature_values method in the Vertex AI SDK for Python.
• View the Python code sample on GitHub
• View the Python (Async) code sample on GitHub

Support for triggering a workflow using Eventarc within a VPC Service Controls perimeter is generally available (GA).

The following AutoML Tables model features are now generally available:

• Availability in additional regions.
• CMEK support in available regions except multi-regions US and EU.
• OPTIMIZATION_OBJECTIVE now accepts two additional options:
  • MAXIMIZE_PRECISION_AT_RECALL
  • MAXIMIZE_RECALL_AT_PRECISION

General Availability: You can create resources such as certificate authorities (CA) and certificate authority pools with X.509 name constraints. Name constraints on CA resources are enforced when issuing certificates, which lets you control which names are permitted or excluded.

For more information, see CA certificate name constraints.

You now have the option to use default logs buckets stored within your own project in the same region as your build. You can enable this feature by setting the defaultLogsBucketBehavior option in your build config file. When you use this option, you gain more control over data residency. Using logs within your own project also allows you to fine-tune access permissions and object lifecycle settings for your build logs. This feature is generally available. For more information, see the Store and manage build logs page.

You can now use Google Cloud tags to group and organize your Cloud Spanner instances, and to condition Identity and Access Management (IAM) policies based on whether an instance has a specific tag. For more information, see Control access and organize instances with tags.

The following US regions are now available for dual-region storage:

• Los Angeles (us-west2)
• Salt Lake City (us-west3)

The following EU regions are now available for dual-region storage:

• Warsaw (europe-central2)
• Madrid (europe-southwest1)
• Frankfurt (europe-west3)
• Milan (europe-west8)
• Paris (europe-west9)

Newly-created clusters write vm_assignments and disk_assignments platform logs to Cloud Logging, indicating when VM instances and persistent disks are allocated to a workstation.

Migrate to Containers now supports Workforce identity federation.

Vertex AI Prediction

You can now use N2, N2D, C2, and C2D machine types to serve predictions.

Managing Shared VPC with the Shared VPC Admin role at the folder level is available in General Availability.

5 new Airflow metrics are now available in Cloud Monitoring. For more information, see Monitor environments with Cloud Monitoring.

Anthos clusters on VMware 1.13.6-gke.32 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.6-gke.32 runs on Kubernetes 1.24.10-gke.2200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

You can now use the interactive serial console to access your Bare Metal Solution servers. This feature is generally available (GA).

Cloud Functions has added support for customer-managed encryption keys for 2nd gen functions at the Preview release level.

Support for the GoogleSQL-dialect THEN RETURN clause and the PostgreSQL-dialect RETURNING clause is now generally available. For more information, see THEN RETURN and RETURNING.

The following functions have been added to the GoogleSQL dialect:

• ARRAY_INCLUDES_ALL function
• ARRAY_INCLUDES_ANY function
• ARRAY_MIN function
• ARRAY_MAX function

Expanded Cloud Storage monitoring dashboards are now generally available (GA).

• Available metrics include server and client error rates, write request counts, network ingress rates, and network egress rates.
• Dashboards can be filtered by bucket location.
• Dashboards are customizable, including the ability to set up alerts.

Cloud Workstations is available in the following regions:

• europe-west6 (Switzerland)
• europe-west9 (France)

For more information, see Locations.

Virtual Machine Threat Detection, a built-in service of Security Command Center, launched the following detectors to Preview.

• Defense Evasion: Unexpected kernel code modification
• Defense Evasion: Unexpected kernel read-only data modification
• Defense Evasion: Unexpected ftrace handler
• Defense Evasion: Unexpected interrupt handler
• Defense Evasion: Unexpected kernel modules
• Defense Evasion: Unexpected kprobe handler
• Defense Evasion: Unexpected processes in runqueue
• Defense Evasion: Unexpected system call handler

These modules analyze runtime Linux kernel integrity to detect common evasion techniques used by malware.

The following attributes were added to the Finding object of the Security Command Center API.

• cloudDlpInspection
• cloudDlpDataProfile

The cloudDlpInspection attribute provides details about the results of a Cloud Data Loss Prevention (Cloud DLP) inspection job. The cloudDlpDataProfile attribute provides the name of a Cloud DLP data profile that is associated with a finding.

For more information, see the Security Command Center API documentation for the Finding object.

Event Threat Detection, a built-in service of Security Command Center Premium, has launched the Initial Access: Excessive Permission Denied Actions rule to General Availability. This rule detects events where a principal repeatedly triggers permission denied errors across multiple methods and services.

For more information about Event Threat Detection findings, see Event Threat Detection rules.

M104 Release

• Added the following packages:
  • google-cloud-artifact-registry
  • google-cloud-bigquery-storage
  • google-cloud-language
  • keyring
  • keyrings.google-artifactregistry-auth
• Fixed a bug in which curl could not find the right SSL certificate path by default.

M104 Release

• Added the following packages:
  • google-cloud-artifact-registry
  • google-cloud-bigquery-storage
  • google-cloud-language
  • keyring
  • keyrings.google-artifactregistry-auth
• Fixed a bug in which curl could not find the right SSL certificate path by default.

Cloud Text-to-Speech now offers Long Audio Synthesis. This new API can be used to synthesize texts longer than 5 KB. For more information about API usage using the command line, see Create long audio from text by using the command line.

M104 Release

The M104 release of Vertex AI Workbench user-managed notebooks includes the following:

• Fixed a regression in which jupyter-user metadata was ignored.
• Enabled access to the Jupyter Gateway Client configuration by using the notebook-enable-gateway-client and gateway-client-url metadata tags.
• Added the following packages:
  • google-cloud-artifact-registry
  • google-cloud-bigquery-storage
  • google-cloud-language
  • keyring
  • keyrings.google-artifactregistry-auth
• Fixed a bug in which curl could not find the right SSL certificate path by default.

Support for a Transcoder API connector is available in Preview.

Python 3.8, 3.9, 3.10, and 3.11 are now generally available. These versions require you to specify an operating system version in your app.yaml. Learn more.

The Lineage tab in the table properties page lets you track how your data moves and transforms through BigQuery. This feature is now generally available (GA).

The Logging Query Language now supports a built-in SEARCH function that you can use to find strings in your log data. The SEARCH function is in preview. For more information, see SEARCH function.

Cloud SQL for MySQL now supports 106 new database flags. See supported flags for more information.

The CCAIP integration with Kustomer now offers the following new custom enhancement options:

• Call transfer information is now posted as a comment.
• Administrators can now create custom fields from CCAIP.
• Administrators can now create custom Account and Record fields by going to: Developer Settings > Custom fields for Account and Record. See the Kustomer documentation for details.

Salesforce multi-number lookup: You can now configure CCAIP to look up an account across multiple phone number fields in Salesforce. This makes it easier to connect different support sessions to a single account for consumers who have multiple phone numbers, such as mobile, home, or work numbers. Additionally, you can now assign all phone numbers to one account rather than having to set up separate contacts for each number. The Account Lookup section now offers the following settings:

• Phone number lookup fields : This updated configuration enables you to select multiple phone numbers, such as mobile, account phone, account fax. You can then associate these numbers with the same account.
• Phone number primary fields: This field enables you to select the phone number field to be used when you create a new CRM account.

For more information, see the Salesforce CRM documentation.

Dialogflow (DF) Wrap-up events are now captured as custom events. Every time a customer ends their session with a Virtual Agent for any reason (for example, consumer abandon, call failure), a new DF Wrap-up custom event is sent to the Dialogflow CX (for example, handled by VA). This enables the VA to react to the event and perform any desired session wrap-up process(es). For more inforation, see the Dialogflow documentation.

New data parameters for Virtual Task Assistant: Virtual Task Assistant now has the ability to send parameters, supports multiple languages, and includes a dedicated settings panel. Admins can now specify the data parameters that can be gathered and sent to Virtual Task Assistants, including the new dynamic parameter Agent Form. See the data parameters documentation for details.

Twinning: Twinning is a new feature that allows a primary extension (for example, web adapter) and a secondary extension (for example, mobile phone number) to operate as a single phone.

Twinning is ideal for support agents who are frequently on the go, since it allows them to forward support calls to their preferred phone number while also allowing them to handle calls at their desk using their web adapter. Another example is a front desk phone set up as the office's primary extension; you can use Twinning to forward those calls to a mobile phone.

For details, see the Twinning documentation

Domain Based Access Control: You can configure CCAIP to restrict the set of domains able to frame the agent adapter and admin portal. This provides protection against clickjacking attacks.

An Admin can configure the domain allowlist by going to: Developer Settings > Domain Based Access Control. Configuration changes might take up to 1 minute to take effect.

Existing customers will have an empty allowlist by default. To enable this feature, the allowlist must be populated with each domain currently framing the agent adapter. Domains that are not configured will be blocked. New customers will have an allowlist containing the domain of the CCAIP instance itself to allow the agent adapter to be framed by the admin portal. Additional domains will be blocked from framing the agent adapter until they are configured in the allowlist.

See Domain based access control for details.

A new audio chime has been added to the Agent Adapter to indicate when an agent connects with a customer on a call. We also updated the existing audio chimes for these events:

• Agent joins
• Member joins
• Call Disconnects
• Member Leaves

DTMF Support Capability You can now select the DTMF checkbox during Virtual Task Assistant and Virtual Agent setup to ensure that DTMF tones are supported.

Custom CRM, Extended OAuth and nested parameter support: The following enhancements have been added to the Custom CRM integration offering:

• Extended OAuth Authentication support.
• Handling nested parameters in the API endpoints configuration.

MS Dynamics: Updated default user functionality and improved Virtual Agent record assignment: You can now assign a CRM Admin user as the default user for all CRM actions and events where no specific agent has been identified. After enabling this Default User option in Developer Settings, you can set the default user for all Customer Support Virtual Agent sessions as well. See the Virtual Agent documentation for details.

The Looker Studio Connector and Connected Sheets features are now available for all Looker-hosted instances, including those Looker-hosted on AWS and Azure. Previously, these features were available only for instances that were Looker-hosted on Google Cloud. A Looker admin must enable these features in the new BI Connectors Admin page.

The new logging feature allows Looker to collect metrics on the number of NFS read, write, open, and status operations.

The Performant Field Picker Labs feature offers more refined search options, which let users more quickly and efficiently search for fields in large Explore field pickers.

Cloud Secure Web Proxy supports TLS inspection, which helps you intercept the TLS traffic, inspect the encrypted request, and enforce security policies. This feature is supported in Preview.

Hybrid subnets are available in Preview. A hybrid subnet combines an on-premises subnet and a VPC subnet into a single logical subnet. You can migrate individual workloads and instances from the on-premises subnet to the VPC subnet over time without needing to change IP addresses.

FieldSet artifacts that are attached to an API are now displayed in the API overview page.

You can now specify translation configurations in the BigQuery Interactive SQL Translator and use it to debug Batch SQL translator jobs. This feature is now in preview.

Generally available: Hyperdisk provides the fastest block storage for Compute Engine for your high-end, memory intensive workloads. Hyperdisk volumes are durable network storage devices that your VMs can access, similar to Persistent Disk. For more information, see About Hyperdisk.

Filestore instance support for non-RFC 1918 IP addresses is now generally available.

Support for the europe-west4 (Netherlands) region.

Support for the europe-west4 (Netherlands) region.

Workforce identity federation now supports browser-based sign-in. The feature is generally available (GA). To use it, see Browser-based sign-in in Obtain short-lived tokens for workforce identity federation, or locate the Browser-based sign-in section in the configuration guide for your identity provider.

General availability: You can now update the schemas that you create in Pub/Sub. Before you do so, read the guidelines. The change is being rolled out in a phased manner over the rest of the week.

Disk related enhancements for automating SAP HANA deployments with Terraform

The Terraform configurations that Google Cloud provides for automating SAP HANA deployments, now support the following disk related enhancements:

• Using the argument disk_type, you can now specify the default disk type that you want to deploy for your SAP volumes. This argument also supports Hyperdisk Extreme.
• By default, all SAP volumes are now mounted on separate SSD-based persistent disks or Hyperdisks. Using the argument use_single_shared_data_log_disk, you can specify if you want to mount all SAP volumes on a single disk.
• For scale-up deployments, using the argument include_backup_disk, you can now specify if you want to deploy a disk for the SAP HANA backup volume.

These enhancements are available when you automate the deployment of SAP HANA on Google Cloud with Terraform configurations that use the module version 202303130717 or later.

For more information, see the deployment guide for your scenario.

Support for aliases in Secret Manager is now generally available. You can use an alias to get and access a version using a resource path name. A given alias string can only be bound to a single version. You can, however, assign multiple aliases to a secret version.

Cloud Run healthcheck probes now support container port configuration.

Access Approval supports Certificate Authority Service in the Preview stage.

The CREATE TABLE AS SELECT statement now lets you filter data from files in Amazon S3 and Azure Blob Storage before transferring results into BigQuery tables This feature is in preview.

Log-based metrics on log buckets are now generally available (GA). In addition to features available in the preview, the GA release includes the ability to create bucket-level log-based metrics in the Google Cloud console.

Starting with version 2.28.0, the Ops Agent limits the amount of disk space it can use to store buffer chunks. The Ops Agent creates buffer chunks when logging data can't be sent to the Logging API. Without a limit, these chunks might consume all available space, interrupting other services on the VM. When a network outage causes buffer chunks to be written to disk, the Ops Agent now uses a platform-specific amount of disk space to store the chunks.

You can now have Cloud Monitoring send an email that contains a dashboard URL to people or groups in your organization. For more information, see Share dashboards.

Support for Filestore as an NFS datastore for Google Cloud VMware Engine (GCVE) is now available in (Preview).

Cloud Functions minimum instances recommendations are now available in Preview.

Connectivity to Private Service Connect endpoints used to access a managed service is supported over VLAN attachments for Cloud Interconnect. This feature is available in General Availability.

Consumption of IP addresses in Private Service Connect NAT subnets is improved for service attachments that are created after March 1st, 2023. For more information, see NAT subnets. This improvement is available in General Availability.

Cluster lifecycle improvements 1.13.1 and later

Starting with Anthos clusters on bare metal release 1.13.1, you can use the Google Cloud console or the gcloud CLI to upgrade admin and user clusters managed by the Anthos On-Prem API. If your cluster is at version 1.13.0 or lower, you must use bmctl to upgrade the cluster.

For more information about using the console or the gcloud CLI for upgrades, see the documentation for your version of Anthos clusters on bare metal:

• 1.13: Upgrade an admin or user cluster using Anthos On-Prem API clients

• 1.14: Upgrade an admin or user cluster using Anthos On-Prem API clients

You can now route logs through the Log Router of another Google Cloud project. The logs can then be managed by the other Google Cloud project, which includes log-based metrics, log-based alerts, and other log sinks. For more information, see Route logs to supported destinations.

Cloud Spanner fine-grained access control is now generally available. Fine-grained access control combines the benefits of Identity and Access Management (IAM) with traditional SQL role-based access control. For more information, see About fine-grained access control.

Query preview in a workspace is available in Preview.

Dataproc Metastore 2 is now Generally Available (GA). Dataproc Metastore 2 provides horizontal scalability through fine grained scaling options. For more information, see Datproc Metastore versions.

The Spanner database type is generally available (GA).

Auxiliary versions is generally available (GA).

Network Topology now includes cross-project metrics for network traffic sent across Shared VPC or VPC Network Peering boundaries within the same organization. For more information, see Network Topology overview.

The Google APIs Explorer has been added to the Apigee Registry API documents. The Try this method panel acts on real data and lets you try Google API methods without writing code.

SAP BW OHD, SAP ODP, SAP OData, SAP SLT, and SAP Table plugins version 0.8 is generally available (GA) in Cloud Data Fusion versions 6.8.0 and later.

You can now use the gcloud CLI to configure a snooze, which prevents Cloud Monitoring from sending notifications or creating incidents during specific time periods. You can also configure a snooze by using the Google Cloud Console and the API. For more information see Create and manage snoozes.

You can now see allow rules that are no longer active based on usage patterns and trends. For more information, see Allow rules with no hits based on trend analysis.

You can now see shadowed rule insights for hierarchical firewall policies and global network firewall policies in Firewall Insights. For more information, see Firewall Insights categories and states.

You can now create dry-run organization policies to monitor how policy changes would impact your workflows before they are enforced.

Support for Annotations in Secret Manager is now generally available. Annotations are used to define custom metadata about a secret.

ta check is a command line tool to detect and help fix configuration issues with Transfer Appliance and Edge Appliance.

You can now launch clusters with the following Kubernetes versions:

• 1.23.16-gke.200
• 1.24.9-gke.2000
• 1.25.5-gke.2000

You can now launch clusters with the following Kubernetes versions:

• 1.23.16-gke.200
• 1.24.9-gke.2000
• 1.25.5-gke.2000

Anthos clusters on VMware 1.14.2-gke.37 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.14.2-gke.37 runs on Kubernetes 1.25.5-gke.100.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

Case-insensitive collation support is now generally available (GA). In addition to features available in the preview, the GA release includes:

• MIN, MAX, COUNT with DISTINCT, and PERCENTILE_DISC windows functions
• ORDER BY and PARTITION BY in the WINDOWS clause
• LIKE operator with limitations
• Views
• Materialized views with limitations
• Table functions with limitations
• BigQuery BI engine

The Cloud Load Balancing Console now allows you to see the equivalent API code for actions you take in the Console. When you create or update a load balancer, before you click Create or Update, you can click Equivalent Code to view the load balancer API resources that will be created, updated, or deleted.

This capability is in Preview.

You can now authenticate to a Cloud Run service by including a Google-signed OpenID Connect ID token in the X-Serverless-Authorization header if your application already uses the Authorization header for custom authorization.

Backend Service-based external Network load balancers are now generally available with GKE. Regional Backend Service is a foundational element of a Google Cloud Load Balancer and using it for your external LoadBalancer Services will unlock new capabilities going forward. To learn more, see how to deploy a backend service-based external network load balancer.

You can now set an expiry time for all newly created service account keys in your project, folder, or organization. This feature is generally available (GA).

Cloud Client libraries for the AlloyDB Admin API are in Preview. Supported languages include C++, C#, Go, and Java.

Cluster lifecycle improvements versions 1.13.1 and later

You can use the Google Cloud console or the gcloud CLI to upgrade user clusters managed by the Anthos On-Prem API. The upgrade steps differ depending on your admin cluster version. For more information, see the version of the documentation that corresponds to your admin cluster version:

• Upgrade user cluster when admin cluster is version 1.13.1+
• Upgrade user cluster when admin cluster is version 1.14.0+

1.12.6 patch release

Anthos clusters on VMware 1.12.6-gke.35 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.12.6-gke.35 runs on Kubernetes v1.23.16-gke.2400.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

The Ruby 3.20 runtime for App Engine standard environment is now available in preview.

Backup and DR Service now supports logging and alerting via Cloud Logging and Cloud Monitoring. It:

• Supports centralized logging of backup events.
• Enables users to view backup events in Cloud Logging with custom filters.
• Enables users to configure alerts for backup events via email, SMS, Slack, PagerDuty, and more – all within Cloud Monitoring.

Batch is available in the following regions:

• asia-south1 (Mumbai)
• asia-east1 (Taiwan)
• europe-west3 (Frankfurt)
• southamerica-west1 (Santiago)
• us-east4 (Northern Virginia)

For more information, see Locations.

You can now view and list incidents on your custom dashboards. For more information, see Display incidents on a dashboard.

Filestore data is compliant with at-rest and in-use data residency requirements pursuant with Google Cloud terms of service.

Google Cloud Deploy now provides the ability to deploy to multiple targets at the same time, supported in preview.

Added support for the JSONB array data type in the PostgreSQL dialect. For more information, see Work with JSONB data.

Dialogflow CX now provides a setting for choosing the voice for speech synthesis.

Release 1.12.8

Anthos clusters on bare metal 1.12.8 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.8 runs on Kubernetes 1.23.

The Java runtime versions 11 and 17 are now available in preview, and are built on modern and secure operating systems (Ubuntu 18 and 22). These new runtime versions use Google Cloud's buildpacks and require updates to your app.yaml. Learn more.

The WITH RECURSIVE clause is now generally available (GA). This clause lets you include one or more recursive common table expressions (CTEs) in a query.

You can now set the language code and display name for text and audio streams.

Support for limiting the maximum number of concurrent branches or iterations within a parallel step is generally available (GA).

Release 1.14.2

Anthos clusters on bare metal 1.14.2 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.2 runs on Kubernetes 1.25.

The following new connectors are available in preview:

• HTTP (includes SSL support)
• RabbitMQ

The IBM MQ connector now supports requestReply messages.

The Cloud Storage connector now supports the following actions for file operations:

• UploadObject
• DownloadObject
• MoveObject
• CopyObject
• DeleteObject

The MongoDB connector now supports the following actions:

• InsertDocument
• UpdateDocument
• DeleteDocument
• GetDocument

Public preview release of the Apigee UI in the Google Cloud console

This release includes a new version of the Apigee UI that is integrated with the Google Cloud console. The new UI makes it easier to perform Apigee tasks that are managed in the Cloud console. We welcome your feedback on the new UI: click Send Feedback at the top of the UI.

For now, you can continue to use the classic Apigee UI if you wish: just click Back to Classic Apigee in the new UI.

The following tabs in the classic Apigee UI have not yet been implemented in the Apigee UI in the Cloud console, but they will be available there soon:

• Develop > Integrations
• API Security
• Monetization
• Analyze > API Metrics > Cache Performance,
• Analyze > API Metrics > Target Performance
• Analyze > Developers
• Analyze > End Users
• Publish > Portals

If you need to use these features, you can do so by switching to the classic Apigee UI.

This release will be rolled out over the next week, so you might not be able to view the new Apgee UI until the rollout is complete.

Schedule Chronicle dashboard reports

You can schedule the delivery of Chronicle dashboard reports over email for both the default dashboards and custom dashboards. In addition to setting the time interval, email address, and format to deliver the report, you can also set the pagination details and test the delivery of the report. For more information, see Schedule Chronicle dashboard reports.

Change streams are now supported for PostgreSQL-dialect databases.

The Node.js 18 runtime is now available in preview, and is built on a modern and secure operating system (Ubuntu 22). This new runtime version uses Google Cloud's buildpacks and requires updates to your app.yaml. Learn more.

Cloud Data Fusion version 6.8.1 is generally available (GA). This release is in parallel with the CDAP 6.8.1 release.

Cloud Data Fusion version 6.7.3 is generally available (GA). This release is in parallel with the CDAP 6.7.3 release.

Cloud SQL now supports the ability to get details for a Cloud SQL user for a database instance using the API or gcloud. To learn more about the new method, see Cloud SQL Admin API REST Resource.

Cloud SQL now supports the ability to get details for a Cloud SQL user for a database instance using the API or gcloud. To learn more about the new method, see Cloud SQL Admin API REST Resource.

Cloud SQL now supports the ability to get details for a Cloud SQL user for a database instance using the API or gcloud. To learn more about the new method, see Cloud SQL Admin API REST Resource.

For document translations, added support for Microsoft DOC, PPT, and XLS files. For more information, see Supported formats.

Generally available: When creating a reservation, you can now include a compact placement policy to specify that VMs should be located as close to each other as possible to reduce network latency. Learn how to create a reservation that specifies a compact placement policy.

--properties=dataproc:agent.ha.enabled=true can now be used to enable the Dataproc Agent in high availability mode. This property is supported by Dataproc Image versions 2.0 and above.

High Scale and Enterprise tier instances now support overlapping permissions (GA).

The Python 3.11 runtime for App Engine standard environment is now generally available.

You can set default values on columns in your BigQuery tables. This feature is now generally available (GA).

Cloud Functions has added support for a new runtime, Ruby 3.2, at the Preview release level.

New performance recommendations are supported for Cloud Functions, which analyze cold starts and suggest setting up minimum instances to improve function performance. At the Preview release level.

The new System insights dashboard displays metrics and scorecards for the resources that your instance or database uses and helps you get a high-level view of your system's performance. For more information, see Monitor instances with system insights.

Terraform now supports Datastream private connectivity, connection profile, and stream resources. For more information, see Getting started with Terraform and Datastream.

Access Approval supports Cloud Composer in the Preview stage. For the complete list of supported services, see Supported services.

24 new Airflow metrics are now available in Cloud Monitoring. For more information, see Monitor environments with Cloud Monitoring.

The Cloud SQL Proxy Operator is now available in public preview. The Cloud SQL Proxy Operator is an open-source Kubernetes operator that automates connecting workloads in a GKE cluster to Cloud SQL databases. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.

The Cloud SQL Proxy Operator is now available in public preview. The Cloud SQL Proxy Operator is an open-source Kubernetes operator that automates connecting workloads in a GKE cluster to Cloud SQL databases. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.

The Cloud SQL Proxy Operator is now available in public preview. The Cloud SQL Proxy Operator is an open-source Kubernetes operator that automates connecting workloads in a GKE cluster to Cloud SQL databases. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.

Release 1.13.5

Anthos clusters on bare metal 1.13.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.5 runs on Kubernetes 1.24.

Authorized stored procedures are now in preview. This feature lets you share stored procedures with users or groups without giving them direct access to the underlying tables.

FTP Plugins versions 3.1.0 and 3.2.0 are generally available (GA) in Cloud Data Fusion versions 6.7.2+ and 6.8.0+, respectively. They include support for more file formats and properties. An issue was fixed in the FTP Batch Source that caused pipelines to fail when running with Dataproc 2.0. For more information, see the CDAP Hub release log.

Data profiles generated at the column level include the following metrics:

• Estimated null proportion: an approximate proportion of null values in a column, categorized as high, medium, low, or very low.
• Estimated uniqueness: an estimate of how much of the data in a column is unique, categorized as high, medium, or low.

For more information on these metrics, see the Metrics reference.

Network Load Balancing logging and Internal TCP/UDP Load Balancing logging are now available in General availability.

The time-range selector in the Logs Explorer has been updated to support a larger set of time range options, such as preset times, custom start and end times, and relative time ranges. For more information, see Use the time-range selector.

TIFF file UI rendering support: when calling GetDocument API for a TIFF file, the API will return a converted PNG image inside cloud_ai_document field.

Primary and foreign key table constraints are now available in preview. You can define table constraints using the CREATE TABLE statement, the ALTER TABLE ADD PRIMARY KEY statement, or the ALTER TABLE ADD CONSTRAINT statement.

Health checks for internal load balancers and automatic failovers in Cloud DNS routing policies are now available in GA.

HA VPN over Cloud Interconnect is generally available. With HA VPN over Cloud Interconnect, you can use Cloud VPN to encrypt your Cloud Interconnect traffic by deploying HA VPN tunnels over your VLAN attachments.

For more information, see the HA VPN over Cloud Interconnect overview.

HA VPN over Cloud Interconnect is generally available. With HA VPN over Cloud Interconnect, you can use Cloud VPN to encrypt your Cloud Interconnect traffic by deploying HA VPN tunnels over your VLAN attachments.

For more information, see the HA VPN over Cloud Interconnect overview.

Generally available: You can upgrade the term of your 1-year commitments and convert them into 3-year commitments to get a higher discount percentage for your committed resources and continue receiving the discounts for a longer time period.

For more information, see Upgrade the term of commitments.

VMware Engine private clouds support the addition of a Trusted Platform Module (TPM) 2.0 virtual cryptoprocessor to a virtual machine.

For details about this feature, see About Virtual Trusted Platform Module.

Anthos Service Mesh now supports Anthos Clusters on Azure as a preview feature.

The Go runtime versions 1.18 and 1.19 are now available in preview and are built on a modern and secure operating system (Ubuntu 22). These new runtime versions use Google Cloud's buildpacks and require updates to your app.yaml. Learn more.

The Python runtime versions 3.8, 3.9, 3.10, and 3.11 are now available in preview and are built on modern and secure operating systems (Ubuntu 18 and 22). These new runtime versions use Google Cloud's buildpacks and require updates to your app.yaml. Learn more.

The ALTER TABLE RENAME COLUMN statement and the ALTER TABLE DROP COLUMN statement are now generally available (GA).

Generally available: NVIDIA® T4 GPUs are now available in the following region and zones:

• Warsaw, Poland, Europe: europe-central2-b,c

For more information about using GPUs on Compute Engine, see GPU platforms.

Generally available: The image import tool now supports importing SUSE Linux Enterprise Server 15 SP4 and SUSE Linux Enterprise Server 15 SP4 for SAP images to Google Cloud.

Added spec.externalDataConfiguration.referenceFileSchemaUri field to BigQueryTable.

Added spec.gitFileSource.githubEnterpriseConfigRef, spec.repositoryEventConfig and spec.sourceToBuild.githubEnterpriseConfigRef fields to CloudBuildTrigger.

Added spec.edgeSecurityPolicyRef and spec.localityLbPolicies fields to ComputeBackendService.

Added spec.scheduling.maxRunDuration field to ComputeInstance.

Added spec.resourcePolicies and spec.scheduling.maxRunDuration fields to ComputeInstanceTemplate.

Added spec.shareSettings field to ComputeNodeGroup.

Added spec.tcpTimeWaitTimeoutSec field to ComputeRouterNAT (#692).

Added spec.adaptiveProtectionConfig.autoDeployConfig field to ComputeSecurityPolicy.

Added spec.bindings.members.memberFrom.serviceIdentityRef field to IAMPartialPolicy (#722).

Added spec.memberFrom.serviceIdentityRef field to IAMPolicyMember (#722).

Added spec.ipConfiguration.enablePrivatePathForGoogleCloudServices field to SQLInstance.

You can now set the number of maximum concurrent backfill tasks for a stream using the Datastream API. To learn more, see Manage streams.

Discovery for Media

Preview recommendations is now available in Preview mode.

Use this feature to preview and evaluate what documents your serving configs will recommend to your users. This allows you to test models and serving configs quickly before you go into production.

For information about this feature, see Preview Recommendations.

Notable new Generally Available Custom Document Extractor (CDE) features include:

• Public APIs
• Automatic schema label creation from pre-labeled documents
• Schema label data type and occurrence editable pre-training
• New DocAI Toolkit with a labeled document converter

The following features have been upgraded:

• Processor Gallery
• Schema editor
• Labeling UI
• Training pipeline
• Manage versions table

The following new features have been introduced in this release of Google Distributed Cloud Edge:

• Distributed Cloud Edge now exposes the Edge Network API, which allows you to configure the networking components of Distributed Cloud Edge. For more information, see How it works and Distributed Cloud Edge networking features.

Added content encryption support

Added new channel events: mute, unmute, return to program, and switch input

Added audio loudness normalization and audio gain control

Added the timecode feature which supports synchronizing media workflows with live stream content

M104 Update

This update of the M104 release of Vertex AI Workbench managed notebooks includes the following:

• Fixed a bug where local and remote kernels are not displayed. This happens when remote kernels are not accessible.
• Minor bug fixes and improvements.

Preview: You can autoscale a regional managed instance group with a BALANCED target distribution shape. With the BALANCED shape, the autoscaler is aware of the capacity in each zone and creates VMs in zones that have resource availability. For more information, see Autoscaling a regional MIG.

Preview: Migrate to Virtual Machines from an Azure source lets you migrate Azure VM instances to Compute Engine.

The ability to add individual VPC networks to a perimeter is generally available (GA).

Previously, all VPC networks in a host project were added to a perimeter. You can now do the following:

• Add individual VPC networks as members of a perimeter.
• Create an ingress rule to authorize individual VPC networks to access a perimeter.

You can create log buckets that use Log Analytics and upgrade existing log buckets to use Log Analytics by using the Logging API. For more information, see Create a bucket.

You can now install pre-defined alerting policies for services integrated with Cloud Monitoring from the Monitoring Integrations page and from the Observability tab on the pages for Kubernetes Engine clusters and workloads. For more information about these installable policies, see Install alerting policies.

In Standard clusters with GKE version 1.26 and later, you can now audit workloads to validate if they are compatible with Autopilot clusters. Use kubectl get audit to see the cluster objects.

Connectivity Tests now include dual-stack instances with both IPv4 and IPv6 addresses, including instances with multiple network interfaces. For more information, see Create and run Connectivity Tests.

The ability to add individual VPC networks to a perimeter is generally available (GA).

Previously, all VPC networks in a host project were added to a perimeter. You can now do the following:

• Add individual VPC networks as members of a perimeter.
• Create an ingress rule to authorize individual VPC networks to access a perimeter.

Continuous backup and recovery is in Preview. This feature protects your clusters from data-loss events by letting you recover their data from any moment within a configurable window.

Version 2.25.1 of the Ops Agent introduces health checks. When the Ops Agent starts, it performs a series of checks for conditions that prevent the agent from running correctly. If the agent detects one of the conditions, it writes a message to its health-check log and exits. For more information, see Find Ops Agent troubleshooting information.

Version 2.25.1 of the Ops Agent introduces health checks. When the Ops Agent starts, it performs a series of checks for conditions that prevent the agent from running correctly. If the agent detects one of the conditions, it writes a message to its health-check log and exits. For more information, see Find Ops Agent troubleshooting information.

The Ops Agent now provides Preview support for NVIDIA GPU metrics, including metrics reported from the NVIDIA Management Library (NVML) and the Data Center GPU Manager (DCGM).

When you install the GPU-enabled version of the Ops Agent, NVML metrics are collected automatically. DGCM metrics are available as a third-party integration. For information about configuring the integration, see NVIDIA Data Center GPU Manager. The reference document for Ops Agent metrics includes tables for the NVML metrics and the DCGM metrics.

You can now deploy public container images from Docker Hub to Cloud Run.

Preview: C3 VMs are now available in the following regions:

• Council Bluffs, Iowa, North America : us-central1
• Ashburn, Virginia, North America: us-east4
• Eemshaven, Netherlands, Europe : europe-west4

Preview: You can now use a GPU-enabled Ops Agent to track GPU utilization and GPU memory usage rates for Linux virtual machine instances that have attached GPUs.

Through an available integration with NVIDIA's Data Center GPU Manager (DCGM), you can also track metrics such as Streaming Multiprocessor (SM) block utilization, SM occupancy, SM pipe utilization, PCIe traffic rate, and NVLink traffic rate.

For more information, see Monitoring GPU performance on Linux VMs.

The organization restrictions feature has entered General Availability. The organization restrictions feature helps security administrators to prevent data exfiltration due to phishing or insider attacks. The organization restrictions feature restricts access only to resources in authorized Google Cloud organizations. For more information, see Introduction to organization restrictions.

Text-to-Speech offers these new voices. See the supported voices page for a complete list of voices and audio samples.

• cloud-eu-ES-Standard-A
• cloud-gl-ES-Standard-A

You can now make a dataset and the tables in that dataset case-insensitive when you create a dataset or alter a dataset. This feature is generally available (GA).

You can now run bq commands using service account impersonation. This feature is generally available (GA).

In the Explorer pane, the resource corresponding to the focused tab is now selected. This feature is generally available (GA).

In the Explorer pane, you can now see all the resources in the searched resource's level by clicking Show more. This feature is generally available (GA).

The VAT_NUMBER infoType detector can identify Belgium VAT numbers.

For more information about VAT_NUMBER and other built-in infoType detectors, see InfoType detector reference.