Google Cloud release notes

AlloyDB Omni version alloydb-omni-0.2.0-preview-postgresql-14.4 is available. This version reduces the memory requirement of AlloyDB Omni to 2 GB of RAM, and applies various bug fixes and query performance improvements.

The INSERT INTO SELECT statement now lets you filter data from files in Amazon S3 and Azure Blob Storage and append it into BigQuery tables. This feature is in preview.

Cloud Workstations makes the following machine types available:

• n1-standard-64
• n1-standard-96

For more information, see Available machine types, REST workstationConfigs, or RPC google.cloud.workstations.v1beta GceInstance.

You can now perform deployment verification in the same cluster where your application is running (GKE and Anthos only).

The constraint template library includes a new template: K8sContainerEphemeralStorageLimit. For reference, see the Constraint template library.

The constraint template library includes a new template: K8sDisallowedRepos. For reference, see the Constraint template library.

The constraint template library includes a new template: K8sRestrictNfsUrls. For reference, see the Constraint template library.

Added new metric labels: commit and type. These tags make it easier to detect when an error has been resolved. If you have a custom otel-collector ConfigMap, you should update it to filter out these tags for the Kubernetes exporter. For more information, see Config Sync Metric Labels.

Added a --name flag to nomos status to support filtering status by RootSync or RepoSync names. For more information, see nomos status flags

• Updated OS image to Ubuntu 22.04. cgroupv2 is now used as the default control group configuration.

  • Ubuntu 22.04 uses cgroupv2 by default. We recommend that you check if any of your applications access the cgroup filesystem. If they do, they must be updated to use cgroupv2.

• Improved monitoring by exporting metrics for control plane components.

• Enabled sending Kubernetes resource metadata to Google Cloud Platform, improving both the user interface and cluster metrics. For the metadata to be ingested properly, customers need to enable the Config Monitoring for Ops API.

• Enabled kubelet graceful node shutdown. Non-system Pods are given 15 seconds to terminate, after which system Pods (with the system-cluster-critical or system-node-critical priority classes) have 15 seconds to gracefully terminate.

• Newly-created clusters now use etcd v3.4.21 for improved stability. Existing clusters of previous versions were already using etcd v3.5.x and will not be downgraded to v3.4.21 during cluster upgrade; these clusters will instead use v3.5.6.

• Clusters now have per-node-pool subnet security group rules instead of VPC-wide rules:

  • Previously, the control plane allowed inbound traffic from the entire primary IP range of the VPC on ports TCP/443 and TCP/8123, which are used by node pools.
  • Now, the control plane narrows the allowed inbound traffic to each IP range of the node pool subnets on ports TCP/443 and TCP/8123; multiple node pools can share one subnet.
  • This change supports node pools running outside of the VPC's primary IP range and improves the security of the control plane.
  • If you relied on the VPC-wide security group rule for allowing traffic from outside of the cluster (e.g. from a bastion host for kubectl), then as part of the upgrade you should create a security group, add a VPC-wide rule to it, and attach the security group to the control plane (via the AwsCluster.controlPlane.securityGroupIds field).

• Preview: Enabled node auto repair. This feature continuously monitors the health of each node in a node pool. Please contact your account team to opt into the preview.

• Preview: Added support for AWS spot instance node pools. Spot instance node pools are pools of Amazon EC2 Spot Instances that are available on AWS at a lower cost.

• GA: Enabled node pool creation with ARM-based (Graviton) instance types.

• Updated OS image to Ubuntu 22.04. cgroupv2 is now used as the default control group configuration.

  • Ubuntu 22.04 uses cgroupv2 by default. We recommend that you check if any of your applications access the cgroup filesystem. If they do, they must be updated to use cgroupv2.

• Improved monitoring by exporting metrics for control plane components.

• Enabled sending Kubernetes resource metadata to Google Cloud Platform, improving both the user interface and cluster metrics. For the metadata to be ingested properly, customers need to enable the Config Monitoring for Ops API.

• Newly-created clusters now use etcd v3.4.21 for improved stability. Existing clusters of previous versions were already using etcd v3.5.x and will not be downgraded to v3.4.21 during cluster upgrade; these clusters will instead use v3.5.6.

• Preview: Enabled node auto repair. This feature continuously monitors the health of each node in a node pool. Please contact your account team to opt into the preview.

You can now use configuration YAML files to transform SQL code when you translate SQL queries from your source database. Configuration YAML files can be used with the batch SQL translator, the interactive SQL translator, and the batch translation Python client. This feature is now in preview.

The discovery service can now generate the following observation finding types in Security Command Center:

• Data sensitivity
• Data risk

These findings provide the calculated sensitivity and data risk levels of the BigQuery tables that you profile. Use this information to inform your response plans when you investigate vulnerabilities and threats involving BigQuery tables.

For more information, see Publish data profiles to Security Command Center.

Dataform Release configurations are available.

Dataform Workflow configurations are available.

M108 release

• Miscellaneous software updates.

M108 release

• The image name common-container-experimental was changed to common-container. The related image family name wasn't changed.
• Miscellaneous software updates.

M108 release

The M108 release of Vertex AI Workbench user-managed notebooks includes the following:

• Miscellaneous software updates.

Users can now see how reCAPTCHA Enterprise works on the Google Cloud console. For more information, see Test reCAPTCHA Enterprise in a demo website.

The table clones feature of BigQuery is now generally available (GA).

Exclusions for Curated Detections

You can now configure exclusions to more finely tune the results of the Curated Detections provided by the Google Cloud Threat Intelligence (GCTI) team.

CPU allocation recommender now automatically recommends CPU allocation changes based on traffic received by your Cloud Run service over the past month. (In Preview)

Dialogflow CX now provides the ADD_DATE system function.

Anthos clusters on VMware 1.15.0-gke.581 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.15.0-gke.581 runs on Kubernetes 1.26.2-gke.1001.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.15, 1.14, and 1.13.

• Preview: Support for vSphere 8.0

• Preview: Support for VM-Host affinity for user cluster node pools

• Preview: Support for High availability control plane for admin clusters

• Preview: Support for system metrics collection using Google Cloud Managed Service for Prometheus

• Preview: You can now filter application logs by namespace, Pod labels and content regex.

• Preview: Support for storage policy in user clusters

• Preview: You can now use gkectl diagnose snapshot --upload=true to upload a snapshot. And gkectl helps generate the Cloud Storage bucket with the format gs://anthos-snapshot[uuid]/vmware/$snapshot-name.

• GA: Support for upgrade and rollback of node pool version

• GA: gkectl get-config is a new command that locally generates cluster configuration files from an existing admin or user cluster.

• GA: Support for multi-line parsing of Go and Java logs

• GA: Support for manual load balancing in user clusters that enable ControlplaneV2

• GA: Support for update of private registry credentials

• GA: Metrics and logs in the bootstrap cluster are now uploaded to Google Cloud through Google Cloud's operations suite to provide better observability on admin cluster operations.

• GA: vSphere CSI is now enabled for Windows node pools.

• Fully managed Cloud Monitoring Integration dashboards. The new Integration Dashboard is automatically installed. You cannot make changes to the following dashboards, because they are fully managed by Google. However, you can make a copy of a dashboard and customize the copied version:

  • Anthos Cluster Control Plane Uptime
  • Anthos Cluster Node Status
  • Anthos Cluster Pod Status
  • Anthos Cluster Utilization Metering
  • Anthos Cluster on VMware VM Status

Database Migration Service now supports faster migrations from PostgreSQL source databases to a destination Cloud SQL for PostgreSQL instance. The feature improves the performance of migrating data and constraints (including primary keys, foreign keys, and indexes).

Observability for Google Kubernetes Engine: You can now enable GKE control plane metrics from the Observability tab for your GKE cluster. You can also preview the available charts and metrics before you enable the metrics. For more information, see Configuring collection of control plane metrics.

Fast migration for Cloud SQL is now available. This feature improves the performance of data migrations from an external source to a destination Cloud SQL instance.

You can now disable simultaneous multithreading (SMT) while creating or editing instances and read replicas. This might reduce your SQL Server licensing fees. To understand the impact of disabling SMT on your instance's performance, we recommend that you perform load testing on your instance.

Cloud Spanner now supports new query capabilities for PostgreSQL dialect databases:

• Set operations (such as UNION and INTERSECT) with ORDER BY, LIMIT, or OFFSET, or in subqueries
• Parameterized LIMIT and OFFSET operations
• Statement hints for configuring the query optimizer (such as optimizer_version and optimizer_statistics_package)

Cloud Spanner sampled query plans are now available in Preview. You can view samples of historic query plans and compare the performance of a query over time. For more information, see Sampled query plans.

The managed Cloud Storage FUSE CSI driver for GKE is now available in Preview in GKE versions 1.26.3 and later. You can use this driver to consume Cloud Storage buckets for GKE workloads.

Anthos clusters on VMware 1.14.4-gke.54 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.14.4-gke.54 runs on Kubernetes 1.25.8-gke.1500.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

Apigee Integrations is now available in the following locations:

• Melbourne (australia-southeast2)
• Finland (europe-north1)
• Paris (europe-west9)
• Madrid (europe-southwest1)
• Doha (me-central1)
• Tel Aviv (me-west1)

For more information about the supported locations, see Apigee Integration supported regions.

Application Integration is now available in the following locations:

• Melbourne (australia-southeast2)
• Finland (europe-north1)
• Paris (europe-west9)
• Madrid (europe-southwest1)
• Doha (me-central1)
• Tel Aviv (me-west1)

For more information about the supported locations, see Application Integration locations.

You can now add descriptions to the columns of a view. To do this, use the CREATE VIEW or ALTER COLUMN DDL statements. This feature is in preview.

If you use query queues, then you can set the interactive and batch queue timeouts in your default configuration. This feature is in preview.

UDM Search Pivot Table

The UDM Search Pivot Table enables you to further analyze your UDM search results, giving you the following capabilities:

• Group search results by up to five UDM fields.
• Perform aggregations (sum, count, count distinct, average, stddev, min, and max) on up to to five values within the UDM fields (for example, domains, users, and products).
• Sort results of the pivot table (ascending, descending)

This feature is being enabled for global customers in a phased manner and is expected to fully roll out over the next month.

Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.

Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.

Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.

The Cloud Workflows service agent has the ability to consume quota and billing for a project through the serviceusage.services.use permission. This allows workflows to count quota and apply billing to the correct project when making calls to other Google APIs.

Several updates to Migrate to Virtual Machines:

• Migrate to Virtual Machines is now available in regions europe-west12 and me-central1. For more information, see Migrate to Virtual Machines locations.
• Migrate to Virtual Machines now supports VMWare 8.0.
• Preview: Migrate to Virtual Machines introduces a new field, Estimated cut-over time, that gives an estimate of the time it takes to complete a cut-over job for a VM once the cut-over is triggered. This field is populated only for an active VM that has completed a few replication cycles.

.NET 6 is now available in preview. This version requires you to specify an operating system version in your app.yaml file. Learn more.

You can now specify version "1.20" in the runtime_version setting of your app.yaml file. Learn more.

Backup and DR agent is enhanced to support RHEL for SAP 8.6 operating system version. See Support matrix.

Importing a domain from Google Domains to Cloud Domains is available in GA.

General Availability: You can specify the source IP ranges for egress firewall rules and the destination IP ranges for ingress firewall rules.

Two new multi-region instance configurations are now available in North America: nam14 (Northern Virginia/Montréal/South Carolina) and nam15 (Dallas/Northern Virginia/Iowa).

The number of indexes per table that Cloud Spanner supports increased from 32 to 128. For more information, see Quotas & limits.

Release 1.15.0

Anthos clusters on bare metal 1.15.0 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.15.0 runs on Kubernetes 1.26.

Cluster lifecycle:

• Upgraded from Kubernetes version 1.25 to version 1.26.
• GA: Set in-place upgrade (without bootstrap cluster) as the default upgrade method for self-managed clusters.
• GA: Added support for configuring worker node pools for parallel node upgrades to significantly reduce upgrade times. Added a minimumAvailableNodes field to specify a minimum number of nodes to keep available for workloads throughout the upgrade.
• Preview: Added support for parallel upgrades of worker node pools.
• Added support for Red Hat Enterprise Linux (RHEL) version 8.7.
• Added support for Ubuntu 22.04 LTS.
• GA: Added support for increasing the number of IP addresses for Services after cluster creation. For more information, see Increase service network range.
• Preview: Added ability to configure kubelet image pull settings for node pools. For more information, see Configure kubelet image pull settings.
• Streamlined the snapshot uploading and sharing process.
• GA: Added support of Control group v2 (cgroup v2).
• Preview: Added a separate instance of etcd for the etcd-events object.
• Updated cert-manager to version 1.17.2.
• Updated automated API enablement when you run bmctl create config with the --enable-apis flag. The following APIs are added to the enablement list:
  • Enable storage.googleapis.com as a required API.
  • Enable gkeonprem.googleapis.com as a recommended API.
• Added a new field status.failures to the NodePool custom resource to aggregate failures across machines in the NodePool.
• Added a new condition type PreflightCheckSuccessful to the NodePool custom resource. This condition type summarizes the preflight check status across machines in the NodePool.

Networking:

• Added support for ClusterDNS to specify order for upstreamNameServers with an orderPolicy. Allowed values for orderPolicy are random, round_robin, or sequential. The default value is random.

Observability:

• Added support for filtering application logs. This feature can reduce application logging billing and network traffic from the cluster to Cloud Logging. For more information, see Filter application logs.

• GA: Fully managed Cloud Monitoring Integration dashboards:

  • In the next Anthos release (version 1.16), the following dashboards in Cloud Monitoring Sample Library are unavailable:
    • Anthos cluster control plane uptime
    • Anthos cluster node status
    • Anthos cluster pod status
    • Anthos utilization metering
    • GKE on-prem node status
    • GKE on-prem control plane uptime
    • GKE on-prem pod status
    • GKE on-prem vSphere vm health status
  • In the next Anthos release (version 1.16), the following customized dashboards aren't created when you create a new cluster:
    • Anthos cluster control plane uptime
    • Anthos cluster pod status
    • Anthos cluster node status
    • Anthos cluster VM status
  • An added Anthos integration page is available from the Cloud Monitoring Integration page. The Anthos integration includes descriptions and previews for the predefined Anthos dashboards:
    • Anthos Cluster Control Plane Uptime
    • Anthos Cluster Node Status
    • Anthos Cluster Pod Status
    • Anthos Cluster KubeVirt VM Status
    • Anthos Cluster Utilization Metering

  For more information, see Use predefined dashboards.

• Preview: Added support for system metrics when you use Google Cloud Managed Service for Prometheus.

Security and Identity:

• Preview: Added support for Binary Authorization, a service on Google Cloud that provides software supply-chain security for container-based applications. For more information, see Binary Authorization for Anthos clusters overview.
• Preview: Added support for VPC Service Controls, which provides additional security for your clusters to help mitigate the risk of data exfiltration.
• Improved security by disabling port 10255, the kubelet read-only port, by default. For more information, see Disable kubelet read-only port in Hardening your cluster's security.

Ruby 3.2 is now available in preview. This version requires you to specify an operating system version in your app.yaml file. Learn more.

The Search API is now available in the App Engine legacy bundled services for second-generation runtimes. Access this legacy bundled service through the App Engine services SDK for Go 1.12+.

The Search API is now available in the App Engine legacy bundled services for second-generation runtimes. Access this legacy bundled service through the App Engine API JAR.

The Search API is now available in the App Engine legacy bundled services for second-generation runtimes. Access this legacy bundled service through the App Engine services SDK for Python 3.

Backup and DR Service now supports archive snapshots for Compute Engine instance backups.

Simplified experience for updating backup/recovery appliances from the management console.

Backup and DR agent is enhanced to support RHEL 8.6, RHEL 8.7, and RHEL 9.0 operating system version. See Support matrix.

Backup and DR agent is enhanced to support Oracle Enterprise Linux 8.7 and 9.0 operating system version. See Support matrix.

JSON data type mapping is now available for Cloud Spanner federated queries. This feature is generally available (GA).

Campaign Management: You now have the option to add a Unique ID column to your campaign management CSV upload. This ID can be any identifier of your choice, such as a CRM identifier or a SKU. This field allows you to associate your CRM data with each dialer call, providing a comprehensive view of your call data. You can view the Unique ID data in Standard Reporting Campaign reports. For more information see the campaign management documentation.

Voice Virtual Agents now has the ability to transfer a call to a specific phone number or SIP endpoint, ensuring that the consumer is connected to the appropriate person or department. For more information, see the Virtual Agents custom payload documentation.

Custom CRM Virtual Agent transcripts: We have updated our Custom CRM to allow Virtual Agent transcripts to be sent to your external storage. To enable this, go to Developer Settings > External Storage and select Call Transcripts (currently only supported for Agent Assist and Virtual Agent transcripts). The transcripts will be sent to your external storage. This feature allows the team managing your virtual agent(s) to review and analyze the conversations your virtual agents are having with your consumers, identifying areas for improvement and helping you evolve your virtual agent(s). In addition, VA transcripts can help businesses comply with regulatory requirements by maintaining a secure record of all consumer interactions.

For more information on Custom CRM see the Custom CRM documentation.

New Manager API calls endpoint fields: We have added additional data to the /manager/api/v1/calls endpoint to provide more options for reviewing and analyzing campaign call status data. New fields include Machine Detected and Skipped information.

New Manager API endpoints: The following new endpoints have been added to access more data related to outbound dialer campaigns:

/manager/api/v1/outbound_dialer/campaigns

/manager/api/v1/outbound_dialer/campaigns/:campaign_id

/manager/api/v1/outbound_dialer/campaigns/:campaign_id/contacts

Added support for L4 GPU in cos-gpu-installer and fix cached driver installation for prebuilt driver modules.

Enabled INET_DIAG_DESTROY kernel configuration.

BigLake and non-BigLake external tables now support Cloud Storage custom dual-regions. This feature is generally available (GA).

You can now configure Cloud Build to continue executing a build even if specified steps fail. This feature is generally available. To learn more, see the allowFailure and allowExitCodes topics in Build configuration file schema.

Cloud Data Fusion version 6.8.2 is generally available (GA). This release is in parallel with the CDAP 6.8.2 release.

Version 2.31.0 of the Ops Agent introduces built-in support for log rotation. For more information, see Configure log rotation in the Ops Agent.

Version 2.31.0 of the Ops Agent introduces built-in support for log rotation. For more information, see Configure log rotation in the Ops Agent.

Cloud Run jobs are now generally available (GA).

Added support for manual installation in GKE Autopilot.

Resource ArtifactRegistryRepository(v1beta1):

• Added spec.dockerConfig field.

Resource BigQueryDataset(v1beta1):

• Added spec.defaultCollation field.
• Added spec.isCaseInsensitive field.

Resource ComputeInstance(v1beta1):

• Added spec.scratchDisk.items.size field.

Resource ComputeInstanceTemplate(v1beta1):

• Added status.selfLinkUnique field.

Resource ComputeNetwork(v1beta1):

• Added spec.networkFirewallPolicyEnforcementOrder field.

Resource ComputeVPNGateway(v1beta1):

• Added spec.stackType field.

Resource ContainerCluster(v1beta1):

• Added spec.ipAllocationPolicy.podCidrOverprovisionConfig field.
• Added spec.ipAllocationPolicy.stackType field.
• Added spec.nodeConfig.advancedMachineFeatures field.
• Added spec.nodeConfig.ephemeralStorageLocalSsdConfig field.
• Added spec.nodeConfig.localNvmeSsdBlockConfig field.

Resource ContainerNodePool(v1beta1):

• Added spec.networkConfig.podCidrOverprovisionConfig field.
• Added spec.nodeConfig.advancedMachineFeatures field.
• Added spec.nodeConfig.ephemeralStorageLocalSsdConfig field.
• Added spec.nodeConfig.localNvmeSsdBlockConfig field.

Resource PrivateCACAPool(v1beta1):

• Added spec.issuancePolicy.baselineValues.caOptions.zeroMaxIssuerPathLength field.

Resource PrivateCACertificateAuthority(v1beta1):

• Added spec.config.x509Config.caOptions.zeroMaxIssuerPathLength field.

Resource StorageTransferJob(v1beta1):

• Added spec.transferSpec.objectConditions.lastModifiedBefore field.
• Added spec.transferSpec.objectConditions.lastModifiedSince field.

Added 136 v1alpha1 Google Cloud resource CRDs. See Install instructions for more information.

Dialogflow CX now supports intent import/export and training phrase import.

Google Cloud Armor now supports rate limiting based on multiple keys in General Availability. For more information, see Apply rate limiting.

Event Threat Detection, a built-in service of Security Command Center, launched the following new rules to Preview.

• Persistence: Impersonation Role Granted For Dormant Service Account
• Privilege Escalation: Dormant Service Account Granted Sensitive Role

The Persistence: Impersonation Role Granted For Dormant Service Account rule detects events where a principal is granted permissions to impersonate a dormant user-managed service account.

The Privilege Escalation: Dormant Service Account Granted Sensitive Role rule detects events where a dormant user-managed service account was granted one or more sensitive IAM roles.

For more information, see Event Threat Detection rules.

Release 1.13.7

Anthos clusters on bare metal 1.13.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.7 runs on Kubernetes 1.24.

Dynamic data masking has been updated to allow masking on RECORD columns that have been set to REPEATED mode. Previously, querying such columns when data masking had been applied would return internal errors. This feature is generally available (GA).

You can now install and configure Chronicle forwarder for Windows on Docker. This Docker installation provides better security through isolation and the container distribution mechanism can be private and separate for Google Cloud and customers. This release also includes the following updates:

• The forwarder signing key will be rotated every 6 months for security. You must update the Chronicle forwarder for Windows on Docker image every 6 months.

• The minimum batch size for forwarder is now increased to 200KB for better performance.

• Data compression is now enabled by default. It reduces the network bandwidth consumption by 80%.

• Hot config loading is now supported and applies configuration changes within 5 minutes without the need to restart the forwarder.

• Automatic buffering handles spikes in incoming traffic by efficiently using available memory on the host system. This feature is optional.

(Cloud Composer 2) Airflow 2.5.1 is available in Cloud Composer images.

The Observability tab on the VM instances page for Compute Engine has been enhanced. Disk and Network sections with additional charts have been added. The Integrations > Detected section lets you navigate to the dashboards for the third-party integrations, like Apache or NGINX, that you have configured. The page also includes a set of Recommended Alerts for setting up pre-configured alerting policies for CPU, memory, and disk utilization and for host errors.

In the Google Cloud console, the Observability tab on the VM instances page for Compute Engine has been enhanced. Disk and Network sections with additional charts have been added. The Integrations > Detected section lets you navigate to the dashboards for the third-party integrations that you have configured, like Apache or NGINX. The page also includes a set of recommended alerts for setting up pre-configured alerting policies for CPU, memory, and disk utilization and for host errors.

Queue-level wrap-up settings: You can now customize wrap-up times for different queues, to ensure that agents have adequate time to complete their tasks without compromising service level agreements or taking another call/chat before they are ready. This is particularly useful for queues that handle escalations or complex issues, which may require more time to handle. See the Queue and Menu Setup documentation for details.

Custom CRM background screen pop for embedded adapters: We have improved the screen pop capability for our Custom CRM to better support embedded adapters. We now provide a way to do a CRM screen pop in the background, allowing for a smoother experience when using embedded adapters. For details, see the Custom CRM documentation.

Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.

Launched the following features to improve the usability of the Document AI Workbench Custom Document Extractor (CDE):

• CDE now supports an additional 42 global languages.
• CDE lets you import processor versions across projects and processors to easily manage development and production environments.
• CDE can automatically label documents in a dataset by using a deployed processor version to help you quickly prepare training data.

Document AI Workbench Custom Document Extractor (CDE) has also made the following enhancements:

• The asynchronous prediction API can now extract data from documents up to 200 pages long.
• Improved the accuracy of extracting checkboxes.

VMware Engine adds a VPC Service Controls guided opt-in and policy export that enables you to attach VMware Engine services to a new or existing VPC Service Controls perimeter. For more information, see VPC Service Controls.

Added support for Committed use discounts for Memorystore.

Added support for Committed use discounts for Memorystore.

Storage Transfer Service now publishes the IP ranges from which it makes requests to your AWS or Azure storage resources when performing a transfer. This allows you to restrict your resources by IP, and still allow Storage Transfer Service access.

For details, see the IP restrictions section of the following documents:

• Configure access to a source: Amazon S3
• Configure access to a source: Microsoft Azure Storage

Three metrics tracking node health are available in Preview. These can help you monitor the activity of individual read pool nodes, and investigate and troubleshoot issues with read pool queries.

The BigQuery Data Transfer Service for Google Ads supports the new Google Ads API. The Google Ads connector supports PMax and Discovery campaigns, a limit of 8000 leaf accounts per transfer, the --table_filter flag, and backwards compatibility. This feature is now generally available (GA).

You can now set up a unified Google Cloud Billing exports for multiple Partner Sales Console accounts. This helps you export billing data directly to a single dataset for analysis.

The tables in the rebilling dataset support partitioning by Cloud Billing accounts, so you can still view data for specific Cloud Billing accounts independently without impact to query latency/costs.

Learn how to export your rebilling data to BigQuery.

You can now create regional Persistent Disk volumes when creating a new VM either directly, or through instance templates. For more information, see Create a VM instance with additional non-boot disks or Create a new instance template.

Autoscaler recommendation reasoning details are available now in Cloud Logging logs.

count() queries are now supported at the General Availability level.

count() queries are now supported at the General Availability level.

The Service dashboard now displays telemetry from external mesh services that have a canonical service label in the regular release channel. See Defining a Canonical Service for more information.

The MARITAL_STATUS infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The Cloud Healthcare API offers single-region support in the northamerica-northeast2 (Toronto, Canada) region.

Cloud Workstations makes the following machine types available:

• n1-standard-2
• n1-standard-8
• n1-standard-16
• n1-standard-32
• n2-standard-2
• n2-standard-4

For more information, see Available machine types, REST workstationConfigs, or RPC google.cloud.workstations.v1beta GceInstance.

Dataflow ML now supports the Automatic Model Refresh feature, which lets you update your machine learning model without stopping your Apache Beam pipeline.

This release contains a new Advanced API Security Detected Traffic view, which displays information about API traffic originating from detected bots. This information was previously displayed in the Abuse metrics section of the Security scores view.

The FedRAMP Moderate compliance regime now supports the following products. See Supported products for more information:

• Access Approval
• Cloud Asset Inventory
• GKE Hub
• Traffic Director

The following compliance regimes now support the list of products below:

• Australia Regions with Assured Support
• Canada Regions and Support
• Canada Protected B
• Israel Regions and Support
• US Regions and Support

The following products are now supported. See supported products for more information:

• Artifact Registry
• Cloud Bigtable
• Cloud DNS
• Cloud HSM
• Cloud Interconnect
• Cloud Key Management Service (KMS)
• Cloud Load Balancing
• Cloud Monitoring
• Cloud NAT
• Cloud Router
• Cloud Run
• Cloud VPN
• Firestore
• Identity and Access Management (IAM)
• Identity-Aware Proxy (IAP)
• Network Connectivity Center
• Pub/Sub
• Virtual Private Cloud
• VPC Service Controls

Cloud Run integrations (Preview) are now available in europe-west1.

Preview:

• The HPC Rocky Linux 8 image is now available for HPC workloads.
• The HPC VM Images now support Intel MPI 2021 with tools to easily installing the Intel MPI 2021 library, the net and psm3 libfabric providers.
• The HPC VM Images now support OpenMPI. For more details, see Open MPI best practice guides.

New Service limit (quota) recommender is now available in Preview. The recommendations help you identify resources that may be approaching their quota limits.

Private Service Connect backends support using an internal regional TCP proxy load balancer to access published services. This feature is available in Preview.

Release 1.14.4

Anthos clusters on bare metal 1.14.4 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.4 runs on Kubernetes 1.25.

Updates to preferred tables for existing BI engine reservations now take up to ten seconds to propagate, down from five minutes. This feature is generally available (GA).

Certificate Manager now supports Mutual TLS (mTLS) authentication. This is a public preview feature. For more information, see Trust configs.

Chronicle released the following additional data enrichment and precomputed analytic capabilities that can provide additional context during an investigation:

• Enriched entities with WHOIS data.
• Enriched entities with VirusTotal relationship data.
• Enriched events with VirusTotal file metadata.
• Data from Google Cloud Threat Intelligence curated threat feeds.
• Precomputed first-seen and last-seen occurrence for domains, IP addresses, and file hashes (SHA256, SHA1, MD5).
• Precomputed first-seen occurrence for assets and users.

For more information, see the following documents:

• How Chronicle enriches event and entity data
• Use context-enriched data in UDM Search
• Use context-enriched data in rules

Cloud SQL for MySQL now supports 40+ new database flags. See supported flags for more information.

Added the skip_ingested_documents flag in the Cloud Storage Ingest Pipelines to skip ingested documents.

Time-based one-time password (TOTP) as an additional multi-factor authentication option is available in Preview.

Private Service Connect endpoints for published services can be configured with global access. When global access is configured, clients in any region can send traffic to endpoints. Global access for endpoints is available in Preview.

Java 11 and 17 are now generally available. These versions require you to specify an operating system version in your app.yaml. Learn more.

Cloud Billing Reports and Cost Breakdown report now support CSV downloads

For Cloud Billing Reports and Cost Breakdown reports, we have added the ability to download the data in the report table to a comma-separated values (CSV) file. With this update, the Download CSV feature is now available on most reports in the Cloud Billing console, including: Cost Table, Pricing Table, Reports, Cost Breakdown, and the Committed Use Discounts (CUDs) dashboard.

(Composer 2 only) Cloud Composer is now available in Taiwan (asia-east1), Jakarta (asia-southeast2), and Netherlands (europe-west4).

Java Runtime in Airflow workers and schedulers is updated from version 11 to version 17.

Cloud Functions (2nd gen) has added support at the Preview release level for accepting requests from the Shared VPC network that a function is connected to, including when Ingress is configured as "Internal" or "Internal and Cloud Load Balancing."

Cloud HSM resources are now available in the following regions:

• europe-west12
• me-central1

For information about which locations are supported by Cloud KMS, Cloud HSM, and Cloud EKM, see Cloud KMS locations.

Typically with HTTPS communication, the authentication works only one way: the client verifies the identity of the server. For applications that require the load balancer to authenticate the identity of clients that connect to it, both a global external HTTP(S) load balancer and a global external HTTP(S) load balancer (classic) support mutual TLS (mTLS).

With mTLS, the load balancer requests that the client send a certificate to authenticate itself during the TLS handshake with the load balancer. You can configure a trust store that the load balancer uses to validate the client certificate's chain of trust.

For details, see the following:

• Mutual TLS authentication
• Set up mutual TLS with signed certificates
• Set up mutual TLS with a private CA
• Set up mutual TLS for a global external HTTP(S) load balancer (classic)
• Set up mutual TLS for a global external HTTP(S) load balancer

This capability is in Preview.

You can now configure Log Analytics on Cloud Logging buckets and BigQuery linked datasets by using the following Terraform modules:

• google_logging_project_bucket_config

• google_logging_linked_dataset

Session affinity for Cloud Run service revisions is now at general availability (GA).

A Cloud Run service revision will now accept requests from the Shared VPC network that it is connected to, including when Ingress is configured as "Internal" or "Internal and Cloud Load Balancing." (Preview)

You can now create tasks by sending an HTTP request to your queue. To learn more, read about the new BufferTask method to Create tasks.

This feature is in Preview.

For tasks that have HTTP targets (as opposed to App Engine targets), you can now set routing for tasks at the queue level. If you set routing at the queue level, you do not have to set routing for each individual task. To learn more, see Configure routing.

This feature is in Preview.

Cloud Logging is available for Dataform in Preview.

You can now create dry-run organization policies using the Google Cloud console.

You can assign a sensitivity level to a built-in or custom infoType. Cloud DLP uses the sensitivity levels of individual infoTypes to calculate the sensitivity levels of tables that you profile. For more information, see Manage infoTypes through the Google Cloud console.

Database Migration Service now supports Oracle multi-tenant (CDB/PDB) architecture. For information about configuring pluggable databases for use with Database Migration Service, click here.

Global external HTTP(S) load balancers now support proxying traffic to external backends outside Google Cloud. To define an external backend for a load balancer, you use a global resource called an internet network endpoint group (NEG).

For details, see the following:

• Internet NEG concepts
• Set up a global external HTTP(S) load balancer with an external backend

This capability is in Preview.

The Storage Insights inventory reports feature is now generally available. Inventory reports provide an overview of metadata for all objects in a bucket.

Datastream now supports Oracle multi-tenant (CDB/PDB) architecture. For information about configuring pluggable databases for use with Datastream, click here.

Support for creating triggers for direct events from Cloud Firestore is available in Preview.

Eventarc events and Firestore events for Cloud Functions (2nd gen) now available in Preview.

You can now create tags that are children of projects as well as organization resources. For more information, see Creating and managing tags.

The Ruby 3.2 runtime for App Engine standard environment is now generally available.

VPC Service Controls support for Cloud Scheduler jobs with the following targets is now in Preview:

• Cloud Functions
• Cloud Run
• Dataflow API
• Data Pipelines

To learn more, see the documentation on how to secure cron jobs with VPC Service Controls.

The Firestore documentation has been updated to include guidance on using regional endpoints. For details, see Regional endpoints.

The Firestore in Datastore mode documentation has been updated to include guidance on using regional endpoints. For details, see Regional endpoints.

Pods bound to Preemptible and Spot nodes are now automatically deleted from the Kubernetes API server after the Preemptible or Spot instance is preempted. This is available in GKE versions:

• 1.25.7-gke.1000 or later
• 1.26.2-gke.1000 or later

Looker now supports incremental PDTs for Databricks connections when Databricks version 12.1 or later is used.

Content thumbnails now support dark theme.

Customers can now set the position of pop-up dialogs in an embedded environment. Customers must make changes to their embedded applications to take advantage of this feature. Methods have been added to the Embed SDK, and an updated Embed SDK has been published. The Embed SDK repository has also been updated to provide examples of using this feature with the Embed Javascript (windows postMessage) API.

Recommendations can now be exported to non-US regions.

Storage Transfer Service can now optionally preserve UID, GID, and mode metadata for folders, and recreate empty folders, when transferring between file systems.

See Metadata preservation for details.

Vertex AI Prediction

You can now update some scaling and container logging configuration settings on a DeployedModel without undeploying and redeploying it to an endpoint.

For more information, see update the scaling configuration and container logging.

Workflows support for Customer-Managed Encryption Keys (CMEK) is available in Preview.

Use the Workflows JSON schema in your IDE to provide syntax support when creating a workflow. See the Google Cloud Blog post: Workflows gets an updated JSON Schema.

Anthos clusters on VMware 1.12.7-gke.20 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.12.7-gke.20 runs on Kubernetes 1.23.17-gke.900.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

• Added admin cluster CA certificate validation to the admin cluster upgrade preflight check.

• We now allow storage DRS to be enabled in manual mode.

New features now supported in Apigee in VS Code for local development

The following features are now supported with Apigee in VS Code for local development as part of the Insiders build (as of v1.22.1-insiders.3):

• Create multi-repository workspaces - Choose individual storage locations for artifacts, such as API proxies that are stored as individual SCMs, but develop them together using a single workspace. You no longer have to create a single repository that contains all of your API proxies. See Understanding the structure of an Apigee multi-repository workspace.
• Use keystore - Introduces a new environment-level setting for creating the required keystores in the Apigee Emulator by using locally available keys. See Configuring the keystrokes (keystores.json).
• Test API proxies that require service accounts (for example, calling a cloud logging process as part of an API proxy flow) - Set up your Apigee Emulators with a service account key to enable service accounts, add policies and targets that rely on service accounts, and deploy the API proxies to the Apigee Emulator to test them. See Customizing the Apigee Emulator to support service account-based authentication.

BigQuery supports setting the rounding mode to ROUND_HALF_EVEN or ROUND_HALF_AWAY_FROM_ZERO for parameterized NUMERIC or BIGNUMERIC columns at the column level. You can specify a default rounding mode at the table or dataset level that is automatically attached to any columns added within those entities. The ROUND() function also accepts the rounding mode as an optional argument. This feature is generally available GA.

The following resource type is now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• Cloud Spanner
  • spanner.googleapis.com/InstanceConfig

Startup CPU boost for Cloud Run services is now at general availability (GA).

M107 release

• Miscellaneous software updates.

M107 release

• Miscellaneous software updates.

Network Analyzer now includes an insight that gives a summary of the IP address utilization of all the subnet ranges in the analyzed project. For more information, see IP address utilization summary insights.

Event Threat Detection, a built-in service of Security Command Center, launched the following new rules to Preview.

• Defense Evasion: Breakglass Workload Deployment Created
• Defense Evasion: Breakglass Workload Deployment Updated

These rules detect when the break-glass flag is used to override Binary Authorization controls when deploying or updating workloads. For more information, see Event Threat Detection rules.

M107 release

The M107 release of Vertex AI Workbench user-managed notebooks includes the following:

• Fixed a bug that displayed the wrong version of the JupyterLab user interface.
• Fixed a bug where a cron job for the diagnostic tool was added at every restart.
• Miscellaneous software updates.

Dialogflow CX now supports flexible webhooks, where you can define the request HTTP method, request URL parameters, and fields of the request and response messages.

Advanced rule tuning features for preconfigured WAF rules are now Generally Available. For more information about the new tuning features, see Tune Google Cloud Armor preconfigured WAF rules.

The custom modules feature for Security Health Analytics is now generally available (GA). Custom modules allow you to define custom detectors for Security Health Analytics.

For more information, see Overview of custom modules for Security Health Analytics.

1.13.7 patch release

Anthos clusters on VMware 1.13.7-gke.29 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.7-gke.29 runs on Kubernetes 1.24.11-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

Node.js 18 is now generally available. This version requires you to specify an operating system version in your app.yaml. Learn more.

You can now skip the cooling-off period while deleting a LUN or a storage volume. This feature is generally available (GA). For more information, see Delete LUNs from a storage volume and Delete a storage volume.

Batch is available in the following regions:

• asia-northeast1 (Tokyo)
• europe-west4 (Netherlands)

For more information, see Locations.

View granular cost data from Cloud Spanner usage in Cloud Billing exports to BigQuery

You can now view granular Cloud Spanner cost data in the Google Cloud Billing detailed export. Use the resource.global_name field in the export to view and filter your detailed Cloud Spanner usage.

Review the schema of the Detailed cost data export.

View granular cost data from App Engine usage in Cloud Billing exports to BigQuery

You can now view granular App Engine cost data in the Google Cloud Billing detailed export. Use the resource.global_name field in the export to view and filter your detailed App Engine usage. Note that Firestore, App Engine Flex, and Datastore costs are not included in the granular App Engine instance costs.

Review the schema of the Detailed cost data export.

The new release of the GKE Gateway controller (2023-R01) is now generally available. With this release, the GKE Gateway controller will provide the following new capabilities:

• Gateway API on Autopilot clusters by default (GKE 1.26+)
• The Global External HTTP(S) Load Balancer GatewayClass graduates to GA
• Global Access for the gke-l7-rilb GatewayClass
• SSL Policies
• HTTP-to-HTTPS redirect
• Cloud Armor integration

You can check all the supported capabilities per GatewayClass in this page.

Event Threat Detection, a built-in service of Security Command Center, launched the following new rules to General Availability.

• Privilege Escalation: Anomalous Impersonation of Service Account for Admin Activity
• Privilege Escalation: Anomalous Multistep Service Account Delegation for Admin Activity
• Privilege Escalation: Anomalous Multistep Service Account Delegation for Data Access
• Privilege Escalation: Anomalous Service Account Impersonator for Admin Activity
• Privilege Escalation: Anomalous Service Account Impersonator for Data Access

These rules detect anomalous activities that are taken by someone who is using an impersonated service account to access Google Cloud. For more information, see Event Threat Detection rules.

Transfers from S3-compatible storage to Cloud Storage are now generally available (GA). This feature builds on support for Multipart upload and List Object V2, which makes Cloud Storage suitable for running applications written for the S3 API.

With this new feature, customers can seamlessly copy data from self-managed object storage to Google Cloud Storage. For customers moving data from AWS S3 to Cloud Storage, this feature provides an option to control network routes to Google Cloud, resulting in considerably lower egress charges.

See Transfer from S3-compatible sources for details.

The limit for maximum result size (20 GiB logical bytes) when querying Azure or Amazon Simple Storage service (S3) data is now generally available (GA). Querying Azure and Amazon S3 data are now subject to the following quotas and limitations:

• The maximum row size is 10 MiB. For more information, see Quotas for query jobs.

• If your query uses the ORDER BY clause and has a result size larger than 256 MB, then your query fails. Previously, this limit was 2 MB. For more information, see Limitations.

Cloud Spanner integration with Data Catalog is now available in Preview in the europe-central2 region.

For more information, see Manage resources using Data Catalog.

Dataflow cost monitoring is now available in preview.

The following resource types are now publicly available through the Search APIs (SearchAllResources, SearchAllIamPolicies).

• Cloud Dataplex

  • dataplex.googleapis.com/DataTaxonomy
  • dataplex.googleapis.com/DataAttribute
  • dataplex.googleapis.com/DataAttributeBinding

• AI Platform

  • aiplatform.googleapis.com/NasJob

To help you understand and test the discovery service, Cloud DLP has made it easier for you to test profiling on a single table. You can profile up to 25 tables at no additional charge, one at a time. Only tables that are less than or equal to 1 TB in size can be profiled for free. For more information, see Profile a table in test mode.

Support for Identity-aware Proxy (IAP) with Cloud Run to use identity and context to guard access to your applications is now at general availability (GA).

Datetime properties filtering is supported in the Document AI Warehouse UI.

Support for Identity-aware Proxy (IAP) with Cloud Run to use identity and context to guard access to your applications is now at general availability (GA).

The following products are now supported. See Supported products for more information:

• Cloud DNS
• Cloud Interconnect
• Cloud Load Balancing
• Cloud NAT
• Cloud Router
• Cloud VPN
• Identity and Access Management (IAM)
• Identity-Aware Proxy
• Network Connectivity Center
• Virtual Private Cloud
• VPC Service Controls

The EU Regions and Support compliance regime now supports the following products. See Supported products for more information:

• Cloud DNS
• Cloud Interconnect
• Cloud Load Balancing
• Cloud NAT
• Cloud Router
• Cloud VPN
• Identity-Aware Proxy
• Network Connectivity Center
• Virtual Private Cloud
• VPC Service Controls

The EU Regions and Support with Sovereignty Controls compliance regime now supports the following products. See Supported products for more information:

• Cloud DNS
• Cloud Interconnect
• Cloud Load Balancing
• Cloud NAT
• Cloud Router
• Cloud VPN
• Identity-Aware Proxy
• Network Connectivity Center
• Virtual Private Cloud
• VPC Service Controls

The add data demo guide walks you through the process of adding data to BigQuery through popular sources and is now in preview.

(Available without upgrading) Selected time ranges are now synchronized between the Monitoring tab and the Logs tab in Cloud Console.

You can now set up cascading read replicas after you migrate data to a Cloud SQL destination instance using Database Migration Service. To find out how to set up cascading read replicas for a Cloud SQL for MySQL instance, click here. To find out how to set up cascading read replicas for a Cloud SQL for PostgreSQL instance, click here.

Cloud Functions now supports the use of the Yarn 2 package manager with private Node.js modules.

Regional external and regional internal HTTP(S) load balancers now support using Cloud Run services as backends for the load balancer. This is configured using a serverless network endpoint group (NEG).

For details, see:

• Serverless NEG concepts
• Set up a regional external HTTP(S) load balancer with a Cloud Run backend
• Set up an internal HTTP(S) load balancer with a Cloud Run backend

This feature is available in General availability.

Forwarding rules for external TCP/UDP network load balancers can now be configured to direct traffic coming from a specific range of source IP addresses to a specific backend service (or target instance). This is called traffic steering.

For details, see:

• Network load balancer overview: Traffic steering
• Configure traffic steering

This capability is in General availability.

Regional external and regional internal HTTP(S) load balancers now support using Cloud Run services as backends for the load balancer. This is configured using a serverless network endpoint group (NEG).

For details, see:

• Serverless NEG concepts
• Setting up a regional external HTTP(S) load balancer with a Cloud Run backend
• Setting up an internal HTTP(S) load balancer with a Cloud Run backend

This feature is available in General availability.

Cascading Replicas is now generally available when migrating from external servers. You can now configure migrated replicas to have read replicas under them before promoting them to primary replica. To learn more, see External Server Cascading Replicas.

Cascading Replicas is now generally available when migrating from external servers. You can now configure migrated replicas to have read replicas under them before promoting them to primary replica. To learn more, see External Server Cascading Replicas.

Generally available: You can now use the gcloud command-line tool to import images from AWS into Google Cloud. For more information, see Importing images from AWS.

M106 release

• Miscellaneous software updates.

M106 release

• Rolled back a previous change in which Jupyter dependencies were located in a separate Conda environment.
• Miscellaneous software updates.

Support for Manifest in Storage Transfer Service is now generally available (GA). You can use Manifest to transfer a specific list of objects, object versions, and files from cloud and on-premises sources. Programmatic users can use the output of an upstream operation generating a list of files and objects as an input for Storage Transfer Service to act upon.

Overlays can now be created using PNG images (with or without transparency).

M106 release

The M106 release of Vertex AI Workbench user-managed notebooks includes the following:

• Rolled back a previous change in which Jupyter dependencies were located in a separate Conda environment.
• Fixed a bug in which kernels used by notebooks did not contain the specified machine learning frameworks.
• Miscellaneous software updates.

This release includes the following Anthos attached clusters platform versions:

• 1.21.0-gke.1
• 1.22.0-gke.1
• 1.23.0-gke.3
• 1.24.0-gke.2
• 1.25.0-gke.2

You can now launch clusters with the following Kubernetes versions:

• 1.23.16-gke.2800
• 1.24.10-gke.1200
• 1.25.6-gke.1600

You can now launch clusters with the following Kubernetes versions:

• 1.23.16-gke.2800
• 1.24.10-gke.1200
• 1.25.6-gke.1600

The Node.js runtime now supports the use of Yarn 2 for configuring private modules hosted in Artifact Registry.

Non-incremental materialized views support most SQL queries, including OUTER JOIN, UNION, and HAVING clauses, as well as analytic functions. This feature is in preview.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• Cloud Key Management Service
  • cloudkms.googleapis.com/EkmConfig

A new interface for creating charts with Metrics Explorer is in Public Preview. For more information, see Create charts with Metrics Explorer.

Cloud Storage FUSE is now available in Preview. You can use Cloud Storage FUSE to mount and access storage buckets as local file systems.

• Get started with mounting buckets using Cloud Storage FUSE.
• Learn about integrations between Cloud Storage FUSE and other Google Cloud products.

The g2-standard machine family with NVIDIA L4 is available in Preview for node pools in clusters running GKE version 1.22 and later. To select the machine family, use the --machine-type flag in your create command.

Workforce identity federation and workload identity federation can now accept encrypted SAML assertions. The feature is generally available (GA). To use the feature, locate the Create the workload identity pool and provider section in the configuration guide for your identity provider and follow the gcloud CLI instructions for the SAML workflow.

General Availability: Private Service Connect endpoints with consumer HTTP(S) controls support accessing regional Google APIs and published services using the following load balancers:

• Regional internal HTTP(S) load balancer
• Regional external HTTP(S) load balancer

Anthos Service Mesh now supports multi-cluster, multi-network meshes on Anthos clusters on Azure. See Install Anthos Service Mesh for more information.

Users can generate Supply chain Levels for Software Artifacts (SLSA) build provenance information for standalone Maven and Python packages when they upload artifacts to Artifact Registry using new fields available in the Cloud Build config file. This feature is generally available. For more information, see Build and test Java applications and Build and test Python applications.

Preview: Accelerator-optimized (G2) machine types are now available on Compute Engine. Each G2 machine type has a fixed number of NVIDIA® L4 GPUs attached to support your next generation graphics performance workloads. The G2 machine types are available in the following three regions:

• Iowa, North America: us-central1-a,b
• Netherlands, Europe: europe-west4-a
• Singapore, APAC: asia-southeast1-b

Datastream support for BigQuery as destination is now generally available (GA). For more information, click here.

Datastream support for PostgreSQL as source is now generally available (GA). For more information, click here.

Google Cloud Deploy now provides the ability to use a canary deployment strategy, supported in preview.

To simplify portal creation, you can have Translation Hub automatically enable the portal's service account. For more information, see Enable users to request translations.

The Vertex AI Matching Engine service now offers Preview support for deploying an index to a public endpoint. For information about how to get started, see Matching Engine Setup.

Vertex AI Prediction

You can now view logs for Vertex AI Batch Prediction jobs in Cloud Logging.

Anthos clusters on VMware 1.14.3-gke.25 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.14.3-gke.25 runs on Kubernetes 1.25.5-gke.100.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

Secret Manager - Access task (Preview)

The Secret Manager - Access task lets you access secret versions that are stored in Cloud Secret Manager from your integration.

For more information, see Secret Manager - Access task.

The PHP 8.2 runtime for App Engine standard environment is now available in preview.

Secret Manager - Access task

The Secret Manager - Access task lets you access secret versions that are stored in Cloud Secret Manager from your integration.

For more information, see Secret Manager - Access task.

Google has added Australia (Sydney) as a new region for Chronicle customers. Chronicle can now store customer data in this region. This also adds a new regional endpoint for Chronicle APIs at https://australia-southeast1-backstory.googleapis.com/.

Cloud Functions has added support for a new runtime, PHP 8.2, at the Preview release level.

Internal HTTP(S) load balancers and internal TCP proxy load balancers now support global access. By default, clients for these load balancers must be in the same region as the load balancer. With global access enabled, clients can access the load balancer from any region. They still must be in the same VPC network as the load balancer or in a VPC network that's connected to the load balancer's VPC network by using VPC Network Peering.

For instructions, see the following:

• Enable global access for internal HTTP(S) load balancers
• Enable global access for internal TCP proxy load balancers

This capability is in General availability.

You can now configure metric-based alerting policies to send repeated notifications for open and acknowledged incidents. For more information, see Send repeated notifications.

Support for specifying the encoding of the event payload data as either application/json or application/protobuf through an eventDataContentType field is available.

GKE now supports a streamlined Fleet registration process, allowing users to register their clusters to a Fleet directly when clusters are created using the gcloud command. For more information, see Register a GKE cluster to your fleet.

The moduleName attribute is added to the Finding object of the Security Command Center API.

The moduleName attribute, when included in a finding, identifies the full resource name of the specific detection module of the Security Command Center service that generated the finding.

For more information, see the Security Command Center API documentation for the Finding object.

Batch mode is now supported. You can use it to create thousands of jobs that will be processed on a first in, first out basis.

The Vertex AI Model Registry now offers Preview support for model copy between regions. For information about how to copy your model between regions, see Copy models in Model Registry.

Cluster lifecycle improvements 1.13.1 and later

Starting with Anthos clusters on bare metal release 1.13.1, you can use the Google Cloud console or the gcloud CLI to create admin clusters. For more information, see the documentation for your version of Anthos clusters on bare metal:

• 1.13: Create an admin cluster using Anthos On-Prem API clients

• 1.14: Create an admin cluster using Anthos On-Prem API clients

You can now view Bare Metal Solution infrastructure metrics in the Google Cloud console. This feature is generally available (GA).

Cloud Bigtable instance and table metadata is now automatically synced to Data Catalog, a feature of Dataplex, for improved data discovery and governance. Metadata is not synced for a project with an organization policy that restricts resource locations. To get started, see Manage data assets using Data Catalog. This feature is available in Preview.

Cloud Spanner integration with Data Catalog is now available in Preview. Data Catalog is a fully managed, scalable metadata management service within Dataplex. It automatically catalogs metadata about Cloud Spanner instances, databases, tables, columns, and views. For Preview, integration with Data Catalog is not available in the europe-central2 region.

For more information, see Manage resources using Data Catalog.

You can use a pre-customized snapshot as the source of a Persistent Disk in Cloud Workstations. For more information, see About disk snapshots. See also the sourceSnapshot within GceRegionalPersistentDisk field added to the following REST API resources: workstation configurations, and source_snapshot in the following RPC resources: workstations.v1beta.

Cloud Workstations is available in the following region:

• asia-northeast1 (Japan)

For more information, see Locations.

Generally available: You can use the Regional disk replica state metric in Cloud Monitoring to track the states of your regional Persistent Disk zonal replicas. You can also use the metric data to determine the replication state of your regional Persistent Disk volumes.

Learn more about zonal replication for regional Persistent Disk and how to monitor the states of regional Persistent Disk zonal replicas.

You can now use the CCAI Insights API to upload your audio conversation data from a Cloud Storage bucket. Optionally, you can apply redaction and analyses to your conversation prior to upload. See the documentation for details

M105 release

• The following Deep Learning Containers images are now available with Python 3.10 on Debian 11:

  • TensorFlow 2.11 CPU (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-cpu.2-11.py310:latest)
  • TensorFlow 2.11 GPU with Cuda 11.3 (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-gpu.2-11.py310:latest)
  • PyTorch 1.13 with Cuda 11.3 (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/pytorch-gpu.1-13.py310:latest)
  • Base CPU (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/base-cpu.py310:latest)
  • Base GPU with Cuda 11.3 (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/base-cu113.py310:latest)

• The following Deep Learning Containers images are now available with Python 3.9 on Debian 11:

  • TensorFlow 2.6 CPU (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-cpu.2-6.py39:latest)
  • TensorFlow 2.6 GPU with Cuda 11.3 (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-gpu.2-6.py39:latest)

• Miscellaneous bug fixes and improvements.

M105 release

• The following Deep Learning VM images are now available with Python 3.10 on Debian 11:

  • TensorFlow 2.11 CPU (tf-2-11-cpu-debian-11-py310)
  • TensorFlow 2.11 GPU with Cuda 11.3 (tf-2-11-cu113-debian-11-py310)
  • PyTorch 1.13 with Cuda 11.3 (pytorch-1-13-cu113-debian-11-py310)
  • Base CPU (common-cpu-debian-11-py310)
  • Base GPU with Cuda 11.3 (common-cu113-debian11-py310)

• The following Deep Learning VM images are now available with Python 3.9 on Debian 11:

  • TensorFlow 2.6 CPU (tf-2-6-cpu-debian-11-py39)
  • TensorFlow 2.6 GPU with Cuda 11.3 (tf-2-6-cu113-debian-11-py39)

• Jupyter-related libraries have been moved to a different Conda environment, separate from the one containing machine learning frameworks and base software libraries.

• Miscellaneous bug fixes and improvements.

Security Command Center supports CIS Google Cloud Computing Foundations Benchmark v1.3.0.

The following detectors are new for v1.3.0:

• Access transparency disabled
• Cloud Asset API disabled
• Dataproc CMEK disabled
• Essential contacts not configured
• Flow logs settings not recommended

The following detectors have been updated:

• Audit logging disabled

For more information about Security Command Center support for standards and compliance, see the following:

• Detectors and compliance
• CIS Google Cloud Computing Platform Benchmarks

M105 release

The M105 release of Vertex AI Workbench user-managed notebooks includes the following:

• The following user-managed notebooks images are now available with Python 3.10 on Debian 11:

  • TensorFlow 2.11 CPU (tf-2-11-cpu-notebooks-debian-11-py310)
  • TensorFlow 2.11 GPU with Cuda 11.3 (tf-2-11-cu113-notebooks-debian-11-py310)
  • PyTorch 1.13 with Cuda 11.3 (pytorch-1-13-cu113-notebooks-debian-11-py310)
  • Base CPU (common-cpu-notebooks-debian-11-py310)
  • Base GPU with Cuda 11.3 (common-cu113-notebooks-debian11-py310)

• The following user-managed notebooks images are now available with Python 3.9 on Debian 11:

  • TensorFlow 2.6 CPU (tf-2-6-cpu-notebooks-debian-11-py39)
  • TensorFlow 2.6 GPU with Cuda 11.3 (tf-2-6-cu113-notebooks-debian-11-py39)

• Jupyter-related libraries have been moved to a different Conda environment, separate from the one containing machine learning frameworks and base software libraries.

Artifact Registry is now available in the me-central1 region (Doha, Qatar).

The Australia Regions with Assured Support compliance regime is now generally available.

BigQuery Partner Center, which can be used to discover and try validated partner applications, is now generally available (GA). In addition, the Google Cloud Ready - BigQuery initiative has added 14 new partners.

UDM Search - Grouped fields

Grouped fields are aliases for groups of related UDM fields. You can use them to query multiple UDM fields at the same time without typing each field individually. For example, you can use the IP address grouped field to search for an IP address across most of the common UDM IP address fields.

You can match a grouped field using a regular expression and using the nocase operator. Reference lists are supported. Grouped fields can be used in combination with regular UDM fields. Grouped fields also have a separate section in Quick Filters.

Cloud KMS is available in the following region:

• me-central1

For more information, see Cloud KMS locations.

The following new region is now available: me-central1.

Support for me-central1 (Doha) region.

Support for me-central1 (Doha) region.

Support for me-central1 (Doha) region.

Cloud SQL supports the SqlPackage utility of SQL Server for importing and exporting data.

Cloud SQL supports the bcp utility of SQL Server for importing and exporting data.

You can create Cloud Spanner regional instances in Doha, Qatar (me-central1).

Cloud Storage is now available in Doha, Qatar (me-central1 region).

Added new fields to the document translation methods to handle translation and parsing issues:

• Shadow text removal for overlapping text (for native PDFs).
• Auto rotate document to the correct orientation (for scanned PDFs).

Cloud VPN is now available in region me-central1 (Doha, Qatar).

Pricing is available on the Cloud VPN pricing page.

You can use container output logging to view standard output and standard error logs generated by a workstation container.

Generally available: Doha, Qatar, Middle East me-central1-a,b,c has launched with E2 and N2 VMs available in all three zones.

See VM instance pricing for details.

Preview: Persistent Disk Asynchronous Replication (PD Async Replication) provides low recovery point objective (RPO) and low recovery time objective (RTO) block storage replication for cross-region active-passive disaster recovery. For more information, see About Persistent Disk Asynchronous Replication.

Added support for IAMAccessBoundaryPolicy resource.

Introduced configurable reconciliation interval feature.

Added mode, remoteRepositoryConfig, virtualRepositoryConfig fields to ArtifactRegistryRepository

Added scheduling.maintenanceInterval field to ComputeInstance.

Added scheduling.maintenanceInterval field to ComputeInstanceTemplate.

Added groupPlacementPolicy.maxDistance field to ComputeResourcePolicy.

Added deletionPolicy field to ComputeSharedVPCServiceProject.

Added protectConfig field to ContainerCluster.

Added transferSpec.sinkAgentPoolName, transferSpec.sourceAgentPoolName fields to StorageTransferJob.

Added spec.bitbucketServerTriggerConfig, spec.github.enterpriseConfigResourceNameRef fields to CloudBuildTrigger.

Added spec.diskEncryptionKey.rsaEncryptedKey field to ComputeDisk.

Added spec.rateLimitOptions.enforceOnKeyConfigs field to ComputeSecurityPolicy.

Added spec.kubeletConfig.podPidsLimit field to ContainerCluster.

Added spec.kubeletConfig.podPidsLimit field to ContainerNodePool.

Added spec.instanceType field to SQLInstance.

Dataflow is now available in Doha (me-central1).

Dataproc is now available in the me-central1 region (Doha).

The me-central1 region in Doha, Qatar is now available.

Secret Manager is now available in the following region:

• me-central1

For more information, see Secret Manager locations.

For auto mode VPC networks, added a new subnet 10.212.0.0/20 for the Doha me-central1 region. For more information, see Auto mode IP ranges.

AlloyDB Omni is available in Preview. AlloyDB Omni is a downloadable edition of AlloyDB for PostgreSQL that lets you run a containerized AlloyDB database engine in your own computing environment.

Artifact Registry is now available in the europe-west12 region (Turin, Italy).

Compute (analysis) is now generally available (GA) in three new BigQuery editions: Standard, Enterprise, and Enterprise Plus. These editions support the slots autoscaling model to meet your organizations' needs and budgets.

Autoscaling slots are now generally available (GA). Autoscaling slot reservations and commitments created during the feature's preview have been set to BigQuery Enterprise edition.

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Cloud Deploy
  • clouddeploy.googleapis.com/Release
  • clouddeploy.googleapis.com/Rollout

The rollout of the following PostgreSQL minor versions, extension versions, and plugin versions is currently underway:

Minor versions

• 10.21 is upgraded to 10.22.
• 11.16 is upgraded to 11.17.
• 12.11 is upgraded to 12.12.
• 13.7 is upgraded to 13.8.
• 14.4 is upgraded to 14.5.

Extension and plugin versions

• plv8 is upgraded from 3.1.2 to 3.1.4.
• wal2json is upgraded from 2.3 to 2.4.
• pgTAP is upgraded from 1.1.0 to 1.2.0.
• PostGIS is upgraded from 3.1.4 to 3.1.7.
• pg_partman is upgraded from 4.5.1 to 4.7.0.
• pg_wait_sampling is upgraded from 1.1.3 to 1.1.4.
• pg_hint_plan is upgraded from 1.3.7 to 1.4.
• pglogical is upgraded from 2.4.1 to 2.4.2.

If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

The new maintenance version is [PostgreSQL version].R20230316.02_02. To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

Cloud Workstations is available in the following regions:

• asia-south1 (India)
• us-east4 (Virginia, North America)

For more information, see Locations.

Allow users to upload and view TIFF file types in the UI.

Starting from GKE 1.26, cluster autoscaler can drain Pods from multiple nodes in parallel. The removal criteria are not changing, so the end state after scale down is going to be the same, but it will be achieved faster.

Release 1.12.9

Anthos clusters on bare metal 1.12.9 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.9 runs on Kubernetes 1.23.

Artifact Registry repositories with gcr.io domain support are now generally available. These repositories can host your existing Container Registry images and automatically redirect requests for gcr.io hosts to corresponding Artifact Registry repositories.

You can now use the tf_version training option to specify the Tensorflow (TF) version during model training. By default, tf_version is set as '1.15'. If you want to use TF2 with Keras API, you can add tf_version = '2.8.0' when creating the model.

You can now use the xgboost_version training option to specify the XGBoost version during model training. By default, xgboost_version is set as '0.9'. You can choose XGBoost version 1.1 by specifying xgboost_version = '1.1'.

You can now use the instance_weight_col training option to identify the column containing weights for each data point in the training dataset. Currently the instance_weight_col option is only available for boosted tree and random forest models with non-array feature types.

You can now import model artifacts saved in ONNX, XGBoost, and TensorFlow Lite formats into BigQuery for inference, allowing you to leverage models built in popular frameworks directly within the BigQuery ML inference engine.

You can also host models remotely on Vertex AI Prediction and do inference with BigQuery ML, removing the need to build data pipelines manually.

You can do inference with Google Cloud's state of the art pretrained models using Cloud AI service table-valued functions (TVFs) to get insights from your data. The TVFs work with Cloud Vision API, Cloud Natural Language API and Cloud Translation API.

These features are in preview. To enroll to use this feature, complete the enrollment form.

The changes in the September 15, 2022 Release Notes entry for read replica maintenance are now available. Cloud SQL read replicas follow the maintenance settings for the primary instance, including the maintenance window, rescheduling, and the deny maintenance period. During the maintenance event, Cloud SQL maintains the replicas before maintaining the primary instance. For more information, see How does maintenance affect read replicas?

The changes in the September 15, 2022 Release Notes entry for read replica maintenance are now available. Cloud SQL read replicas follow the maintenance settings for the primary instance, including the maintenance window, rescheduling, and the deny maintenance period. During the maintenance event, Cloud SQL maintains the replicas before maintaining the primary instance. For more information, see How does maintenance affect read replicas?

The changes in the September 15, 2022 Release Notes entry for read replica maintenance are now available. Cloud SQL read replicas follow the maintenance settings for the primary instance, including the maintenance window, rescheduling, and the deny maintenance period. During the maintenance event, Cloud SQL maintains the replicas before maintaining the primary instance. For more information, see How does maintenance affect read replicas?

Cloud SQL now exposes 38 new metrics. These metrics improve observability of Cloud SQL for SQL Server instances, helping you investigate performance issues and resource bottlenecks. You can find these metrics in the Metrics explorer within the Monitoring dashboard.

For more information about these metrics, see Cloud SQL Metrics.

Generally Available: You can test how workloads running on sole-tenant nodes behave during a host maintenance event, and see the effects of the sole-tenant VM's host maintenance policy on the applications running on the VMs.

For more information, see Simulate host maintenance events on sole-tenant nodes.

Vertical Autoscaling now supports batch jobs.

Dataproc cluster creation now supports the pd-extreme disk type.

DocAI Warehouse Pipelines (preview):

• Cloud-storage-ingest pipelines

• Export-to-Workbench pipeline

• Process-with-DocAI pipeline

BigQuery Connector (preview): Supports batch exports of document metadata into BigQuery, which enables users to do data analysis, create reports and dashboards. For example, data visualization using BI dashboards.

Eventarc support for creating triggers for direct events from Cloud Dataflow is available in Preview.

Self-service maintenance is now Generally Available for Memorystore for Redis.

Preview: Added support for refactoring WordPress Servers running on Apache2 Linux to containers, which lets you deploy WordPress sites as containers on GKE, GKE Autopilot clusters, Anthos clusters, and Cloud Run.

For more information, see Migrate a WordPress site.

Introduced the following features for JBoss migration:

• Support for JBoss versions has been extended and Migrate to Containers now supports migration of JBoss EAP versions 7.0 - 7.4 to equivalent Wildfly community based container images, besides migrations of Wildfly versions 8.1.0 - 26.1.1.
• Secrets are now automatically created from extracted security realms configuration and key-stores. This new feature fixes potential security risks and lets you update secrets without having to recreate images.
• The targetImageHome property has been added to the migration plan to allow users to specify an alternative container image with a different JBOSS_HOME location.
• The ExcludeFiles property has been added to the migration plan, which lets you explicitly exclude files and directories from the container image.
• The data migration feature now automates the creation and mounting of a Persistent Volume Claim (PVC) for the $JBOSS_HOME/standalone/data directory. This directory is available for use by services that require storing content in the file system.

Vertex AI Pipelines cost showback with billing labels is now generally available (GA). You can now use billing labels to review the cost of a pipeline run, along with the cost of individual resources generated from Google Cloud Pipeline Components in the pipeline run. For more information, see Understand pipeline run costs.

BigQuery now supports change data capture (CDC) by processing and applying streamed changes in real-time to existing data using the BigQuery Storage Write API. This feature is in preview.

Cloud Composer 2 now supports access with external identities through workforce identity federation.

Cloud Functions has added support for a new runtime, Go 1.20, at the General Availability release level.

The Cloud Healthcare API offers single-region support in the me-west1 (Tel Aviv, Israel) region.

The Cloud Logging API now supports the following region:

• Doha: me-central1

Cloud SQL now supports the Linked Servers functionality of SQL Server. You can use this capability to integrate data from multiple sources and distribute queries across multiple servers. To learn more, see About linked servers.

The Cloud SQL Active Directory (AD) Diagnosis tool helps you troubleshoot issues that you might face while connecting to AD-enabled Cloud SQL for SQL Server instances, using an on-premises AD domain.

Confidential Space. The assertion.submods.confidential_space.support_attributes assertion can be used to verify the support status of the Confidential Space image being used. It can be used, for example, to ensure that the workload is running on the latest version of the Confidential Space image.

Metadata federation now supports Dataplex lakes as a metadata source (in preview)

Dialogflow CX now provides the TO_NUMBER system function.

The Document AI OCR Processor (Doc OCR) now has the following features:

• The OCR Processor supports language hints. The OCR engine prefers your specified languages over inferred languages. To use this feature, set process_options.ocr_config.hints.language_hints with a list of BCP-47 language codes in your API request to the OCR Processor.
• The OCR Processor supports the option to populate symbol-level data in the document response. If enabled, the field document.pages.symbols is populated. To use this feature, set process_options.ocr_config.enable_symbol=true in your API request to the OCR Processor.
• A proto converter tool that converts a Document proto to an AnnotateFileResponse proto. This conversion lets you compare the responses between the Document AI OCR processor with the Vision API, which can help you migrate to the Document AI OCR processor from Vision API with minimal downstream changes. For details, see Document AI Toolbox.
• The OCR Processor supports a heuristics layout detection algorithm, which serves as an alternative to the current ML-based layout detection algorithm. You can choose the layout algorithm that best suits your needs. To use this feature, set process_options.ocr_config.advanced_ocr_options= legacy_layout in your API request to the OCR Processor.

M105 release

The M105 release of Vertex AI Workbench managed notebooks includes the following:

• Fixed an issue wherein a runtime with idle shutdown enabled doesn't detect activity and shuts down.
• Fixed an issue wherein the runtime data disk runs out of space and prevents access.
• Fixed an issue wherein end user credentials are not preserved after shutdown.
• Changed Health Agent logging levels from DEBUG to INFO.

Access Approval supports Firestore in the Preview stage.

Access Transparency supports Certificate Authority Service in the GA stage.

Release 1.14.3

Anthos clusters on bare metal 1.14.3 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.3 runs on Kubernetes 1.25.

You can now use ssh to log in to App Engine flexible environment instances that use only internal IP addresses.

You can now use ssh to log in to App Engine flexible environment instances that use only internal IP addresses.

You can now use ssh to log in to App Engine flexible environment instances that use only internal IP addresses.

You can now use ssh to log in to App Engine flexible environment instances that use only internal IP addresses.

You can now use ssh to log in to App Engine flexible environment instances that use only internal IP addresses.

You can now use ssh to log in to App Engine flexible environment instances that use only internal IP addresses.

You can now use ssh to log in to App Engine flexible environment instances that use only internal IP addresses.

You can now use ssh to log in to App Engine flexible environment instances that use only internal IP addresses.

The Go 1.20 runtime for App Engine standard environment is now generally available.

Cloud EKM now supports coordinated external keys.

Coordinated external keys let you create and manage keys in a compatible external key management system from Cloud KMS over a VPC network. For more information, see EKM key management from Cloud KMS.

Thales CipherTrust Cloud Key Manager is the first external key management partner system that is compatible with EKM key management from Cloud KMS.

Google Cloud Managed Service for Prometheus: You can use the OpenTelemetry Collector to scrape standard Prometheus metrics and report them to Managed Service for Prometheus. For more information, see Get started with the OpenTelemetry Collector.

Workspace compilation overrides are available in Preview.

OR queries now available in Preview.

OR queries now available in Preview.

Alpha release of AssignImage mutator, which allows mutation of Docker image paths. For reference, see AssignImage under Mutation in the OPA Gatekeeper documentation.

The constraint template library includes a new template: VerifyDeprecatedAPI. For reference, see the Constraint template library.

Configuring Certificate Authority connectivity through a HTTP CONNECT-based proxy is now generally available (GA). For more information, see Configure Certificate Authority connectivity through a proxy.

Users are now able to enable the content security policy feature for their portal for Apigee and Apigee hybrid. Previously, this feature was available in Apigee Edge only.

See: Configure a content security policy

Public preview release of Advanced API Security abuse detection

Advanced API Security's new abuse detection feature lets you view security incidents involving your APIs. Abuse detection uses Google's machine learning algorithms to detect API traffic patterns that are a sign of malicious activity targeting your APIs.

Abuse detection includes two new types of detection rules powered by machine learning models:

• Advanced Anomaly Detection: Detects unusual patterns of API traffic.
• Advanced API scraper: Detects attempts to extract information from APIs for malicious purposes.

Go 1.18 and 1.19 are now generally available. These versions require you to specify an operating system version in your app.yaml. Learn more.

The immutable tags setting is now in Preview for Docker repositories. When tags are immutable, you cannot change the image digest that a tag references in the repository. You can configure this setting when you create a repository or change the setting on an existing repository.

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Service Directory
  • servicedirectory.googleapis.com/Namespace

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• Compute
  • compute.googleapis.com/PublicDelegatedPrefix

Cloud Bigtable is now available in the europe-west12 (Turin) region. This note is incorrect; see entry for April 24, 2023.

Cloud KMS is available in the following region:

• europe-west12

For more information, see Cloud KMS locations.

The following new region is now available: europe-west12.

Cloud SQL for MySQL now supports minor version 8.0.32. To upgrade your existing instance to the new version, see Upgrade the database minor version.

Support for europe-west12 (Turin) region.

Support for europe-west12 (Turin) region.

Support for europe-west12 (Turin) region.

You can create Cloud Spanner regional instances in Turin, Italy (europe-west12).

Cloud Storage is now available in Turin, Italy (europe-west12 region).

Cloud VPN is now available in region europe-west12 (Turin, Italy).

Pricing is available on the Cloud VPN pricing page.

Generally available: Turin, Italy, Europe europe-west12-a,b,c has launched with E2, N2, N2D, and T2D VMs available in all three zones. See VM instance pricing for details.

Dataflow is now available in Turin (europe-west12).

Dataproc is now available in the europe-west12 region (Turin).

The europe-west12 region in Turin, Italy is now available.

The ability to dismiss a recommendation is generally available via Recommender API

The export to BigQuery feature now supports custom pricing and non-project scoped recommendations.

The global Recommender Viewer role is now available to get view access to all insights and recommendations available.

Secret Manager is now available in the following region:

• europe-west12

For more information, see Secret Manager locations.

The March 20, 2023 release of the Google Cloud SCC content pack for sending Security Command Center data to Cortex XSOAR is generally available.

This version includes support for multiple Google Cloud organizations, bug fixes, and supportability improvements.

For information about downloading and installing the new content pack, see Upgrade the Google Cloud SCC content pack.

The version 3.0 release of the Google SCC App for QRadar, which lets you send Security Command Center data to QRadar v7.4.1FP2+, is generally available.

This version includes support for multiple Google Cloud organizations, bug fixes, and supportability improvements.

For information about downloading and installing the new application, see Upgrade the Google SCC app.

The version 3.0 release of the Google SCC App for ELK, which lets you send Security Command Center data to Elastic Stack, is generally available.

This version includes support for multiple Google Cloud organizations, bug fixes, and supportability improvements.

For information about downloading and installing the new application, see Upgrade the Docker container.

The version 2.0 release of the Google SCC Add-on For Splunk and the Google SCC App For Splunk, which let you send Security Command Center data to Splunk, is generally available.

This version includes support for multiple Google Cloud organizations, bug fixes, and supportability improvements.

For information about downloading and installing the new applications, see Upgrade Google SCC App for Splunk and Google SCC Add-on for Splunk.

For auto mode VPC networks, added a new subnet 10.210.0.0/20 for the Turin europe-west12 region. For more information, see Auto mode IP ranges.

Customize SSL certs for access routing when provisioning Apigee Pay-as-you-go organizations.

Users can now select existing self-managed SSL certs when customizing access routing during Apigee Pay-as-you-go provisioning. For more information, see Step 4: Customize access routing .

Receive Cloud console notifications when Pay-as-you-go provisioning completes.

While provisioning is in progress, users can navigate away from the Apigee provisioning page and monitor notifications in the Cloud console for updates when provisioning completes.

BigQuery now supports Unicode column naming using international character sets, alphanumeric and special characters. Existing columns can use these new capabilities using the RENAME command. This feature is now in preview.

Policy Engine:

• Modify RuleSet APIs logic to auto-populate RuleId field during create RuleSet call and allow Rules update using existing RuleId
• Publish action messages by default will include Schema name, Document name, RuleSet name, Rule Id, Action Id and trigger type information.

Model event management with Cloud Functions and Pub/Sub

The Vertex AI Vision event management feature lets you generate and send event notifications through Pub/Sub topics by:

• Enabling supported models* to output to Cloud Function for data processing and events generation.
• In-product support to send generated event to configured Pub/Sub topics.
• An easy configuration of the event management system in the Vertex AI Vision Studio.

* GA event management is available for the following models:

• Occupancy analytics pre-trained model
• Vertex AI custom-trained models imported into a Vertex AI Vision application

For more information, see the Enable model event notification with Cloud Functions and Pub/Sub.

Release 1.13.6

Anthos clusters on bare metal 1.13.6 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.6 runs on Kubernetes 1.24.

Network Load Balancing now supports user-specified weights on the backend service. This allows you to manage the backend load distribution of your load balancer and avoid overloading them.

For details, see:

• Weighted load balancing
• Configure weighted load balancing

This feature is in General Availability.

Smaller read replicas are now available for Cloud SQL. Read replicas no longer require the same or more CPUs and RAM than their primary instances.

The following functions and expressions have been added to the GoogleSQL dialect:

• ARRAY_FILTER function
• ARRAY_TRANSFORM function
• Lambda expressions