Google Cloud release notes

Observability for Google Kubernetes Engine: The Observability tab for each of your GKE clusters now includes metrics for ephemeral storage. For more information, see View observability metrics.

The Observability tab for each of your GKE clusters now includes metrics for ephemeral storage. For more information, see View observability metrics.

Image batch processing now available as a Preview feature

Vertex AI Vision now offers batch image processing as a Preview feature. This new processing mode lets you provide a Cloud Storage path with image files as input and Cloud Storage path to store output batch processing results.

For more information, see the image batch processing documentation.

Python SDK now available

A new Python SDK is now available for Vertex AI Vision. For more information, see the following documentation pages:

• Set up a project and a development environment
• Use the Face Blur model with the Python SDK

General Availibility: You can use the private.googleapis.com and restricted.googleapis.com virtual IP addresses (VIPs) to access Google APIs and services with IPv6 addresses. For more information, see the following pages:

• Use the VIPs from VMs with internal IPv6 addresses
• Use the VIPs from VMs with external IPv6 addresses
• Use the VIPs from on-premises hosts with IPv6 addresses
• Use the VIPs with VPC Service Controls

Private Service Connect backends support using an external regional TCP proxy load balancer to access published services. This feature is available in Preview.

Added a new field spec.helm.deployNamespace in the RootSync API to support specifying which namespace to deploy the rendered chart. For more information, see RootSync and RepoSync fields.

The constraint template library includes a new template: K8sHorizontalPodAutoscaler. For reference, see the Constraint template library.

The BigQuery partitioning and clustering recommender is now in preview. The recommender analyzes your BigQuery tables to identify partitioning or clustering opportunities for potential cost savings. You can view partition or cluster recommendations through the BigQuery UI or recommender API. You can also apply recommendations directly to your BigQuery tables.

Generally available: NVIDIA A100 80GB GPUs are now available in the following additional regions and zones:

• Netherlands, Europe: europe-west4-a
• Singapore, APAC: asia-southeast1-c

For more information about using GPUs on Compute Engine, see GPU platforms.

CCAI Platform now supports Agent Assist Session Summarization. This feature automatically provides a summary of the conversation transcript at the end of a chat or phone call. The summary includes brief overview of the conversation, key discussion points and resolutions or solutions agreed upon. For more information, see the Agent Assist voice or Agent Assist chat documentation.

Release 1.14.5

Anthos clusters on bare metal 1.14.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.5 runs on Kubernetes 1.25.

Chronicle has updated Rules Engine's YARA-L 2.0 language to support more functionality for handling arrays.

• A new arrays.length() function has been added. This function returns the number of elements in a repeated field. For more information, see YARA-L 2.0 language syntax.

• You can now perform array indexing on repeated fields using bracket notation. This lets you access an element of a repeated field at a specific index. For more information, see YARA-L 2.0 language syntax.

Cloud Load Balancing introduces the external regional TCP proxy load balancer. This is an Envoy proxy-based regional layer 4 load balancer that enables you to run and scale your TCP service traffic in a single region behind an external regional IP address. External regional TCP proxy load balancer will load-balance external TCP traffic from the internet to backends in the same region.

For details, see the External Regional TCP Proxy Load Balancing overview

To set up an external regional TCP proxy load balancer, see the following pages:

• Instance group backends

• Zonal NEG backends

• Hybrid connectivity NEG backends

This capability is in General Availability.

PostgreSQL version 15 is now generally available. To start using PostgreSQL 15, see Create instances.

Cloud Spanner lets you use a generated column in the primary key.

Cloud Spanner database deletion protection is now available in Preview. You can enable database deletion protection to prevent the accidental deletion of databases. For more information, see Prevent accidental database deletion.

New tasks for Google Cloud services

The following new integration tasks are available in preview:

• AI Platform - Prediction
• Cloud KMS - encrypt
• Cloud KMS - decrypt
• Dataflow - Create Job
• Drive - List
• Doc AI - Batch Process
• Doc AI - Process
• Doc AI - Operation
• Firestore - Batch Get
• Firestore - Batch Write
• Firestore - Document Get
• Language - Annotate Text
• Language - Classify Text
• Sheets - Append
• Sheets - Batch Get
• Sheets - Get
• Translate - Document
• Translate - Text
• Workflows - Execute

New tasks for Google Cloud services

The following new integration tasks are available in preview:

• AI Platform - Prediction
• Cloud KMS - encrypt
• Cloud KMS - decrypt
• Dataflow - Create Job
• Drive - List
• Doc AI - Batch Process
• Doc AI - Process
• Doc AI - Operation
• Firestore - Batch Get
• Firestore - Batch Write
• Firestore - Document Get
• Language - Annotate Text
• Language - Classify Text
• Sheets - Append
• Sheets - Batch Get
• Sheets - Get
• Translate - Document
• Translate - Text
• Workflows - Execute

Support for the asia-south2 (Delhi) region.

Support for the asia-south2 (Delhi) region.

Reserving static regional external IPv6 addresses is available in General Availability.

Reserving static regional internal IPv6 addresses is available in General Availability.

Internal ranges are available in Preview. Internal ranges let you allocate blocks of private IP addresses in VPC networks and specify how those addresses can be used.

Support for IPv6 extension headers is available in Preview.

Error catcher trigger

The Error Catcher trigger lets you invoke an error catcher that is defined or customized to handle the failure of an identified trigger, task, or edge condition in your integration.

For more information, see Error catcher trigger.

Return task

The Return task lets you customize the error messages corresponding to the HTTP response codes that are returned during an integration execution failure.

For more information, see Return task.

Node.js 20 is now available in preview. Note that Node.js 20 enters long-term support (LTS) in October and is the Node.js "Current" version until that time. We encourage you to explore the new features and benefits included in this release to evaluate their potential impact on your applications. For more information, see the Node.js 20 announcement .

Support for Google-managed encryption keys

Application Integration now uses Google-managed encryption keys as the default method of data encryption for your provisioned regions. You can optionally modify your encryption method with customer-managed encryption keys (CMEK).

For more information, see Encryption methods.

Error catcher trigger

The Error Catcher trigger lets you invoke an error catcher that is defined or customized to handle the failure of an identified trigger, task, or edge condition in your integration.

For more information, see Error catcher trigger.

Return task

The Return task lets you customize the error messages corresponding to the HTTP response codes that are returned during an integration execution failure.

For more information, see Return task.

The COUNTRY_DEMOGRAPHIC infoType detector, which identifies when countries are used for place of birth, residency, or citizenship, is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The Key Usage dashboard in the Google Cloud console and the new KMS Inventory REST API are now generally available.

For more information about the Key Usage dashboard, see View key usage.

For more information about the KMS Inventory REST API, see KMS Inventory API.

For example curl commands using the KMS Inventory REST API, see View key usage and View keys by project.

You can now use SQL JOIN and UNION operators in queries on the Log Analytics page. For more information, see Combine data from multiple sources.

Cloud SQL for MySQL now supports minor version 8.0.33. To upgrade your existing instance to the new version, see Upgrade the database minor version.

Cloud Spanner automatically increases the degree of parallelism on a query when the instance size allows. For more information on parallel execution of queries, see Life of a Spanner Query.

Generally available: General purpose C3 VMs are now generally available in the following regions:

• Council Bluffs, Iowa, North America : us-central1
• Moncks Corner, South Carolina, North America: us-east1
• Ashburn, Virginia, North America: us-east4
• St. Ghislain, Belgium, Europe: europe-west1
• Eemshaven, Netherlands, Europe : europe-west4
• Jurong West, Singapore, APAC: asia-southeast1

Added noexec, nodev, nosuid to /etc/resolv.conf bind mount. It fixes EPERM errors when running a pod in UserNS in COS.

Cloud EKM support for Filestore is now generally available.

The C3 machine family is generally available for GKE Standard clusters running on version 1.22 and later. You can select this family by using the --machine-type flag when creating a cluster or node pool.

The following features are not supported for this machine family:

• Node auto-provisioning.
• Confidential GKE nodes.
• Local SSD.
• Standard persistent disks (pd-standard).

For more information, refer to the C3 machine series documentation.

Secure Web Proxy is generally available (GA).

EXTERNAL_QUERY SQL pushdown optimizes data retrieval from external sources like Cloud SQL or Cloud Spanner databases. Transferring less data reduces execution time and cost. SQL pushdown encompasses both column pruning (SELECT clauses) and filter pushdowns (WHERE clauses). SQL pushdown applies to SELECT * FROM T queries, a significant percentage of all federated queries. Not all data types are supported for filter pushdowns. This feature is generally available (GA).

Cloud Composer API for Highly resilient environments is available. Cloud Console UI, gcloud CLI commands, and Terraform support for this feature will be gradually rolled out in the upcoming days.

Splitting Celery logs into stdout/stderr (#30485) is now possible with the [logging]celery_stdout_stderr_separation Airflow configuration option. The default value for this option is False.

Cloud SQL for MySQL has launched two database flags that impact the Cloud SQL SLA: innodb_flush_log_at_trx_commit and sync_binlog. For more information about these flags, see supported flags.

The following extensions, views, utilities, and flags are generally available:

Extensions

• postgresql_anonymizer: mask or replace personally identifiable information (PII) or sensitive data from a PostgreSQL database.
• pgtt: create, manage and use Oracle-style global temporary tables.
• rdkit: compare, manipulate, and identify molecular structures.

Views and utilities

• pg_authid: access this catalog table that contains hashed passwords and other properties for all database roles.
• pg_dumpall: extract all PostgreSQL databases of a cluster into a single script file.

Flags

• log_line_prefix: generate a printf-style string at the beginning of each line of a PostgreSQL log file.

The rollout of the following minor versions, extension versions, and plugin versions is currently underway:

Minor versions

• 10.21 is upgraded to 10.22.
• 11.16 is upgraded to 11.17.
• 12.11 is upgraded to 12.12.
• 13.7 is upgraded to 13.8.
• 14.4 is upgraded to 14.5.

Extension and plugin versions

• plv8 is upgraded from 3.1.2 to 3.1.4.
• wal2json is upgraded from 2.3 to 2.4.
• pgTAP is upgraded from 1.1.0 to 1.2.0.
• PostGIS is upgraded from 3.1.4 to 3.1.7.
• pg_partman is upgraded from 4.5.1 to 4.7.0.
• pg_wait_sampling is upgraded from 1.1.3 to 1.1.4.
• pg_hint_plan is upgraded from 1.3.7 to 1.4.
• pglogical is upgraded from 2.4.1 to 2.4.2.

This rollout also introduces the following:

• PostGIS GDAL driver support
• LZ4 TOAST compression for PostgreSQL versions 14 and later

Romanization and transliteration are now in Preview.

Preview: You can now use the discard-local-ssd=false flag to preserve the contents of a single attached Local SSD disk when suspending or stopping a VM. For more information, see the Local SSD Documentation.

The following features have been introduced in this release of Distributed Cloud Edge:

• Survivability mode. Distributed Cloud Edge now allows you to create clusters with the Kubernetes control plane running locally on your Distributed Cloud Edge hardware. This improves the reliability of Distributed Cloud Edge when your connection to Google Cloud is intermittent. This is a Public Preview feature. For more information, see Distributed Cloud Edge survivability mode.

• Symcloud Storage integration. You can now integrate Distributed Cloud Edge with Rakuten Symcloud Storage, a third-party storage abstraction solution that allows Pods to access local storage on different Distributed Cloud Edge nodes. This is a Public Preview feature. For more information, see Configure Distributed Cloud Edge for Symcloud Storage.

• Enhanced rNDC security. Distributed Cloud Edge has replaced the bond0 interface with the gdcenet0 interface that allows you to use the physical management network interface card for your application workloads while maintaining complete separation from Distributed Cloud Edge control and management traffic. You must manually reconfigure any existing network resources that reference the bond0 interface to use the gdcenet0 interface. For more information, see Upgrade CustomNetworkInterfaceConfig resources from Distributed Cloud Edge 1.3.0 to 1.4.0 and Upgrade NetworkAttachmentDefinition resources to Distributed Cloud Edge 1.4.0.

• Cloud Router reuse for VPN connections. When creating a VPN connection, Distributed Cloud Edge now automatically reuses any Cloud Router resource it has automatically created for a VPN connection. You can also specify a custom Cloud Router resource when creating a VPN connection. Existing VPN connections are not affected. For more information, see Manage VPN connections.

You can now sort your query results by using the sort menu next to a column name. This feature is in preview.

• Dataplex auto data quality (AutoDQ) and data profiling can be used on any BigQuery tables, including tables that aren't part of a Dataplex lake. You don't need to create a Dataplex lake to run Dataplex AutoDQ and data profiling.
• Dataplex AutoDQ and data profiling support BigQuery views, BigLake tables, and BigQuery external tables.
• Dataplex AutoDQ and data profiling support sampling your data to reduce time and cost.

Network Analyzer is now integrated with the Transparency and Control Center. Google Cloud users can now use this feature to opt out of analysis. For more information, see Opting out of data processing.

Vertex Prediction

You can now co-host models on the same VM from the Google Cloud Console. Previously, this capability was available only from the REST API. For more information, see Share resources across deployments.

Private Service Connect service connectivity automation is available in Preview. Service connectivity automation lets service producers automate deployment and service connectivity to eligible managed services on behalf of consumers.

The AlloyDB FORCE_APPLY update policy is available in Preview. Use this policy to modify database flags and apply updates faster (within 1-2 minutes) to an instance.

Preview: Integrate a job into a workflow using the Batch API connector for Workflows.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• BigqueryMigration
  • bigquerymigration.googleapis.com/MigrationWorkflow

Allocating up to 32 GiB of memory and up to 8 CPU to your Cloud Run services is now at general availability (GA).

Managed Microsoft AD is available in the following regions:

• europe-west12 (Turin)
• me-central1 (Doha)

For more information, see Deploy domain controllers in additional regions.

Global access for Private Service Connect endpoints for published services is available in General Availability. When global access is configured, clients in any region can send traffic to Private Service Connect endpoints.

Support for a Batch API connector is available in Preview.

You can now restrict new deployments by product generation (1st gen or 2nd gen). This feature is at the General Availability release level.

The Cloud SQL Proxy Operator is now generally available. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.

The Cloud SQL Proxy Operator is now generally available. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.

The Cloud SQL Proxy Operator is now generally available. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.

The image import tool now supports importing Rocky Linux 9 images to Google Cloud.

SIP URI Directory - Call Routing: With this release, you can now use the SIP Directory to configure SIP call routing and transfers in IVR queue settings. You can use this functionality to route incoming calls to appropriate destinations based on IVR menu selections or queue routing rules. You can set it up so that a customer calling a support line, for example, can select a department or agent from the IVR menu based on their inquiry. See the SIP URI documentation for details.

Security insights for container images are now available on the release details page.

VMware Aria Operations for Logs is now certified for Google Cloud VMware Engine. You can use VMware Aria Operations for Logs to collect and manage logs from VMware Engine and on-prem environments into a centralized solution.

VMware Aria Operations for Logs with VMware Engine enables more operational visibility and intelligent analytics for both troubleshooting and auditing purposes, making it easier for you to manage and operate your VMware Engine environment. See the VMware blog announcement for more information.

Vertex AI custom training now supports deep integration with Vertex AI Experiments. You can submit training jobs with autologging enabled to automatically log parameters and model performance metrics. For more information, see Run training job with experiment tracking

The scheduler API for Vertex AI Pipelines is now available in Preview. You can schedule recurring pipeline runs in Vertex AI by specifying a frequency, start time (optional), and end time (optional). For more information, see Schedule a pipeline run with scheduler API.

Anthos clusters on VMware 1.13.8-gke.42 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.8-gke.42 runs on Kubernetes 1.24.11-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.15, 1.14, and 1.13.

The PHP 8.2 runtime for App Engine standard environment is now generally available.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory) and Feed API.

• AI Platform
  • aiplatform.googleapis.com/NasJob

Cloud Functions has added support for a new runtime, PHP 8.2, at the General Availability release level. PHP 8.2 adds significant new functionality over PHP 8.1 and uses Ubuntu 22.04 for its base O/S image.

Cloud Functions now supports 2nd gen Firestore triggers through Eventarc at the Preview release level.

You can now customize the time range of your queries in the Log Analytics page by using the time-range selector. There are several time range options, such as preset times, custom start and end times, and relative time ranges. For more information, see Filter by time.

Version 2.31.0 of the Ops Agent introduces preview support for an OpenTelemetry Protocol (OTLP) receiver. You can use this receiver to collect custom metrics and traces from applications written by using OpenTelemetry SDKs. For more information, see Collect OTLP metrics and traces.

You can now use the point-in-time-recovery (PITR) feature and read replicas on the same primary instance. For more information, see Point-in-time Recovery.

Version 2.31.0 of the Ops Agent introduces preview support for an OpenTelemetry Protocol (OTLP) receiver. You can use this receiver to collect custom traces and metrics from applications written by using OpenTelemetry SDKs. For more information, see Collect OTLP traces.

Generally available: The local SSD quota per machine family (LOCAL_SSD_TOTAL_GB_PER_VM_FAMILY) is generally available. Use the quota metric compute.googleapis.com/local_ssd_total_storage_per_vm_family instead of compute.googleapis.com/local_ssd_total_storage to view the quota usage and limits for local SSD in your project. For more information, see View and manage local SSD quota per machine family.

BigQuery subscriptions now support the NUMERIC and BIGNUMERIC data types. For more information, see Schema compatibility.

The AlloyDB admin API now includes user-management methods. These let you use the gcloud command-line tool to manage the user roles of your AlloyDB clusters, in addition to the PostgreSQL functions already supported.

.NET 6 is now generally available. This version requires you to specify an operating system version in your app.yaml file. Learn more.

You can now deploy sidecar containers to your Cloud Run service. (In Preview.)

You can now configure in-memory volumes for your Cloud Run containers. (In Preview.)

Unified Session Types: The new session type variable, Session Type V2, is now available. This update introduces a range of new fields, variables, and columns that will provide you with access to valuable additional information such as the ability to distinguish between Inbound SMS, Outbound SMS, and Outbound SMS via API. For more information, see the session type terminology documentation.

To take advantage of the new fields and variables, you will need to update your scripts, code, automation triggers, and any third-party integrations. The legacy components will no longer be updated with new functionality and will be deprecated on October 6, 2023.

Holiday hours: With Holiday Hours, you now have the ability to create and manage your own set of holidays with complete control over the holiday name, time, and dates. Additionally, you can group your holidays together for easier management. See the holiday hours documentation for details.

Campaign Management: Outbound Number: Outbound Number is a new feature for the Outbound Dialer that allows you to specify which outbound number to use when dialing out for each contact. With this new feature, you can rotate outbound phone numbers to have more control over the outbound phone numbers you use to make your outbound calls. For more information, see the Outbound Number documentation.

The g2-standard machine family with NVIDIA L4 is generally available for node pools in clusters running GKE version 1.22 and later. To select the machine family, use the --machine-type flag in your create command.

The storage per cluster limit has increased to 32 TiB.

This release includes new Permissions Pre-check functionality and UI messaging, which is available when provisioning Apigee with Pay-as-you-go pricing in the Google Cloud console. With the release of this feature, users are alerted when any permissions required to complete the provisioning operations are missing. The missing permissions and the steps to resolve are now identified in the UI messaging.

Ruby 3.2 is now generally available. This version requires you to specify an operating system version in your app.yaml file. Learn more.

Object tables are now generally available (GA).

Object tables are read-only tables containing metadata for unstructured data stored in Cloud Storage. They enable you to analyze and perform inference on images, audio files, documents and other file types by using BigQuery ML and BigQuery remote functions. Object tables extend the data security and governance best practices currently applied to structured data to unstructured data as well.

The GA release includes the following new and updated functions:

• ML.DECODE_IMAGE: Decodes image data so that it can be interpreted by the ML.PREDICT function.
• ML.CONVERT_COLOR_SPACE: Converts images with an RGB color space to a different color space.
• ML.CONVERT_IMAGE_TYPE: Converts the data type of the pixel values in an image.
• ML.RESIZE_IMAGE: Resizes images.
• ML.DISTANCE: Computes the distance between two vectors.
• ML.LP_NORM: Computes the Lᵖ norm for a vector, where ᵖ is the degree.

You can now create manual triggers, webhook triggers, or Pub/Sub triggers using Cloud Build repositories (2nd gen). This feature is available at the preview release stage. To learn more, see the Repositories overview page.

Custom audit logging for Cloud Storage is now available in Preview.

• JSON API requests now support user-defined headers that are prefixed with x-goog-custom-audit-.
• Cloud Audit Logs can subsequently include these headers as part of your request's audit log entry.

Datastream now supports backfill for PostgreSQL tables of any size. For more information, click here.

reCAPTCHA Enterprise Fraud Prevention is generally available.

You can use reCAPTCHA Enterprise Fraud Prevention to protect payment transactions against attacks such as carding, stolen instrument fraud, and account takeover payment fraud. For more information, see Protect payment transactions with Fraud Prevention.

The columnar engine now supports columns with json and jsonb data types.

The Cloud Router custom learned routes feature is in Preview. This feature lets you configure a Border Gateway Protocol (BGP) session to include learned routes that you manually specify. Cloud Router then behaves as if it learned the routes from the BGP peer.

Custom learned routes can be helpful if you want to avoid the limitations of static routes. For example:

• Static routes can't detect a loss of reachability in the next hop of a route. In contrast, custom learned routes can detect a loss of reachability, and they react accordingly to avoid dropping traffic without notification.

• Static routes do not support using HA VPN tunnels or Cloud Interconnect VLAN attachments as next hops. Custom learned routes do.

For more information, see Custom learned routes.

Cloud Run integrations (Preview) are now available in asia-east1, europe-west4, us-east1, and us-west1.

This release includes support for the following features:

• API and gcloud CLI support for the me-west1 region (Tel Aviv, Israel, Middle East).
• API support for GPUs is available in preview.
• Terraform support is available in preview.
• Posit Workbench (including RStudio Pro) integration is available in preview.
• BeyondCorp Enterprise integration for the Cloud Workstations API is available in preview.

Customers who do not have the oem_jar license feature enabled can now access the set_smtp_settings API endpoint.

The Looker IDE will now display an error when incompatible types are being compared in Liquid statements.

The Source column in the Admin > Queries panel now correctly displays the API version for queries that are initiated from the Looker API.

Cookieless embed API endpoints are now marked as stable.

When the filter definition for matches_filter is empty, 1=1 will be added to the WHERE clause so that there are no SQL errors and the query can run. This functionality mirrors the is equal to [empty] standard filter option.

When the Advanced Vis Config Labs feature is enabled, any user who has either the Looker Admin role or the can_override_vis_config permission can access the Advanced Visualization editor. This editor lets users modify HighCharts visualizations by exposing certain JSON parameters of the visualization to enable deep customization. These customizations will not dynamically interact with data.

Generative AI Support for Vertex AI

Generative AI Support for Vertex AI is now available in (Preview). With this feature launch, you can leverage the Vertex AI PaLM API to generate AI models that you can test, tune, and deploy in your AI-powered applications.

Features and models in this release include:

• PaLM 2 for Text: text-bison@001
• PaLM 2 for Chat: chat-bison@001
• Embedding for Text: textembedding-gecko@001
• Generative AI Studio for Language
• Tuning for PaLM 2
• Vertex AI SDK v1.25, which includes new features such as TextGenerationModel(text-bison@001), ChatModel(chat-bison@001), TextEmbeddingModel(textembedding-gecko@001)

You can interact with the generative AI features on Vertex AI by using Generative AI Studio in the Google Cloud console, the Vertex AI API, and the Vertex AI SDK for Python.

• Learn more about Generative AI Support for Vertex AI
• See an Introduction to Generative AI Studio
• Get started with a Generative AI Studio quickstart

Vertex AI Model Garden

The Vertex AI Model Garden is now available in (Preview). The Model Garden is a platform that helps you discover, test, customize, and deploy Vertex AI and select OSS models. These models range from tunable to task-specific - all available on the Model Garden page in the Google Cloud console.

• To get started, see Explore AI models and APIs in Model Garden.

Cloud logs support for Connectors tasks

You can now view the execution logs of a failed Connectors task in Apigee Integration.

For more information, see Execution Logs.

Cloud logs support for Connectors tasks

You can now view the execution logs of a failed Connectors task in Application Integration.

For more information, see Execution Logs.

You can now view BI Engine Top Tables Cached Bytes, BI Engine Query Fallback Count, and Query Execution Count as dashboard metrics for BigQuery. This feature is now generally available (GA).

EXTERNAL_QUERY SQL pushdown optimizes data retrieval from external sources like Cloud SQL or Cloud Spanner databases. Transferring less data reduces execution time and cost. SQL pushdown encompasses both column pruning (SELECT clauses) and filter pushdowns (WHERE clauses). SQL pushdown applies to SELECT * FROM T queries, a significant percentage of all federated queries. Pushdowns have limitations, for example not all data types are supported for filter pushdowns. This feature is generally available (GA).

You can now restrict the creation of Cloud Build builds, triggers, and repositories to a particular location using an Organization Policy Service constraint. This feature is generally available. To learn more, see Restricting Resource Locations.

Cloud Run services can now connect to Firebase Hosting for custom domains and CDN capabilities, using Integrations (Preview).

Support for logging the processing duration of your Cloud Spanner read and write requests is now available in Cloud Audit Logs. For more information, see Processing duration.

Resource ComputeFirewallPolicyRule(v1beta1):

• Added spec.match.destAddressGroups field.
• Added spec.match.destFqdns field.
• Added spec.match.destRegionCodes field.
• Added spec.match.destThreatIntelligences field.
• Added spec.match.srcAddressGroups field.
• Added spec.match.srcFqdns field.
• Added spec.match.srcRegionCodes field.
• Added spec.match.srcThreatIntelligences field.

Resource IAMWorkforcePoolProvider(v1beta1):

• Added spec.oidc.webSsoConfig field.

Added kernel support for nftables.

M108 update

This update of the M108 release includes the following:

• The following Deep Learning Containers images are now available:
  • Tensorflow 2.12 CPU with CUDA 11.8 and Python 3.10 (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-cpu.2-12.py310:latest)
  • Tensorflow 2.12 GPU with CUDA 11.8 and Python 3.10 (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-gpu.2-12.py310:latest)

M108 update

This update of the M108 release includes the following:

• The following Deep Learning VM images are now available:
  • Tensorflow 2.12 CPU with CUDA 11.8 and Python 3.10 (tf-2-12-cpu-debian-11-py310)
  • Tensorflow 2.12 GPU with CUDA 11.8 and Python 3.10 (tf-2-12-gpu-debian-11-py310)

Now in GA for both GKE Standard and Autopilot clusters with GKE version 1.26 and later, you can add more IPv4 secondary Pod ranges to a new or existing cluster with the --additional-pod-ipv4-ranges flag. To learn more, see Adding Pod IP addresses.

Vertex AI Prediction

You can now use G2 accelerator-optimized machine types to serve predictions. Each G2 machine has a fixed number of NVIDIA L4 GPUs attached.

The AlloyDB index advisor is now generally available (GA).

Differential privacy is now in preview and includes four differential privacy aggregate functions that can be used to anonymize data: AVG, COUNT, SUM, and PERCENTILE_CONT. To learn more, see the following topics:

• Use differential privacy
• Differential privacy clause
• Differentially private aggregate functions
• Extending differential privacy

INFORMATION_SCHEMA.MATERIALIZED_VIEW view and enhanced job statistics now let you monitor materialized view usage and refresh jobs. This feature is in preview.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• Network Connectivity
  • networkconnectivity.googleapis.com/PolicyBasedRoutes
• Workflows
  • workflows.googleapis.com/Workflow
• Database Migration Service
  • datamigration.googleapis.com/ConnectionProfile

Cloud Functions now supports the Node.js 20 runtime at the Preview release level.

Administrator interface is generally available (GA). The GA release adds support for altering Hive table properties.

When you create or amend a prepay private offer with the committed use discounts (CUDs) pricing model, you can choose whether unused commitment expires or rolls over between installments of the offer. You can also choose to add one-time credits that you sponsor to specific installments. For more information, visit Set up your offer's pricing.

Firebase App Check is available in Preview.

AlloyDB Omni version alloydb-omni-0.2.0-preview-postgresql-14.4 is available. This version reduces the memory requirement of AlloyDB Omni to 2 GB of RAM, and applies various bug fixes and query performance improvements.

The Node.js 20 runtime for App Engine standard environment is now available in preview. Note that Node.js 20 enters long-term support (LTS) in October and is the Node.js "Current" version until that time. We encourage you to explore the new features and benefits included in this release to evaluate their potential impact on your applications. For more information, see the Node.js 20 announcement .

The INSERT INTO SELECT statement now lets you filter data from files in Amazon S3 and Azure Blob Storage and append it into BigQuery tables. This feature is in preview.

Cloud Workstations makes the following machine types available:

• n1-standard-64
• n1-standard-96

For more information, see Available machine types, REST workstationConfigs, or RPC google.cloud.workstations.v1beta GceInstance.

You can now perform deployment verification in the same cluster where your application is running (GKE and Anthos only).

• You can now view, update, and delete attached clusters via the Google Cloud console. For details, see the how-to guides for EKS and AKS.
• Starting with 1.26 clusters, customers can configure access to clusters for Google groups rather than access per user. For details, see Connect to your EKS attached cluster or Connect to your AKS attached cluster.
• Enabled sending Kubernetes resource metadata to Google Cloud Platform, improving both the user interface and cluster metrics. For the metadata to be ingested properly, customers need to enable the Config Monitoring for Ops API. (This feature is available for 1.25.0-gke.3 and 1.26.0-gke.1).

The constraint template library includes a new template: K8sContainerEphemeralStorageLimit. For reference, see the Constraint template library.

The constraint template library includes a new template: K8sDisallowedRepos. For reference, see the Constraint template library.

The constraint template library includes a new template: K8sRestrictNfsUrls. For reference, see the Constraint template library.

Added new metric labels: commit and type. These tags make it easier to detect when an error has been resolved. If you have a custom otel-collector ConfigMap, you should update it to filter out these tags for the Kubernetes exporter. For more information, see Config Sync Metric Labels.

Added a --name flag to nomos status to support filtering status by RootSync or RepoSync names. For more information, see nomos status flags

• Updated OS image to Ubuntu 22.04. cgroupv2 is now used as the default control group configuration.

  • Ubuntu 22.04 uses cgroupv2 by default. We recommend that you check if any of your applications access the cgroup filesystem. If they do, they must be updated to use cgroupv2.

• Improved monitoring by exporting metrics for control plane components.

• Enabled sending Kubernetes resource metadata to Google Cloud Platform, improving both the user interface and cluster metrics. For the metadata to be ingested properly, customers need to enable the Config Monitoring for Ops API.

• Newly-created clusters now use etcd v3.4.21 for improved stability. Existing clusters of previous versions were already using etcd v3.5.x and will not be downgraded to v3.4.21 during cluster upgrade; these clusters will instead use v3.5.6.

• Preview: Enabled node auto repair. This feature continuously monitors the health of each node in a node pool. Please contact your account team to opt into the preview.

You can now use configuration YAML files to transform SQL code when you translate SQL queries from your source database. Configuration YAML files can be used with the batch SQL translator, the interactive SQL translator, and the batch translation Python client. This feature is now in preview.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• Org Policies
  • orgpolicy.googleapis.com/CustomConstraint
• Service Directory
  • servicedirectory.googleapis.com/Endpoint
  • servicedirectory.googleapis.com/Service

The discovery service can now generate the following observation finding types in Security Command Center:

• Data sensitivity
• Data risk

These findings provide the calculated sensitivity and data risk levels of the BigQuery tables that you profile. Use this information to inform your response plans when you investigate vulnerabilities and threats involving BigQuery tables.

For more information, see Publish data profiles to Security Command Center.

Dataform release configurations are available. Release configurations let you configure execution environments, for example, staging and production.

Dataform workflow configurations are available. Workflow configurations let you execute SQL workflows on a schedule.

M108 release

• Miscellaneous software updates.

M108 release

• The image name common-container-experimental was changed to common-container. The related image family name wasn't changed.
• Miscellaneous software updates.

M108 release

The M108 release of Vertex AI Workbench user-managed notebooks includes the following:

• Miscellaneous software updates.

Users can now see how reCAPTCHA Enterprise works on the Google Cloud console. For more information, see Test reCAPTCHA Enterprise in a demo website.

The table clones feature of BigQuery is now generally available (GA).

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Compute
  • compute.googleapis.com/PublicDelegatedPrefix
• AI Platform
  • aiplatform.googleapis.com/NasJob

CPU allocation recommender now automatically recommends CPU allocation changes based on traffic received by your Cloud Run service over the past month. (In Preview)

Dialogflow CX now provides the ADD_DATE system function.

Anthos clusters on VMware 1.15.0-gke.581 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.15.0-gke.581 runs on Kubernetes 1.26.2-gke.1001.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.15, 1.14, and 1.13.

• Preview: Support for vSphere 8.0

• Preview: Support for VM-Host affinity for user cluster node pools

• Preview: Support for High availability control plane for admin clusters

• Preview: Support for system metrics collection using Google Cloud Managed Service for Prometheus

• Preview: You can now filter application logs by namespace, Pod labels and content regex.

• Preview: Support for storage policy in user clusters

• Preview: You can now use gkectl diagnose snapshot --upload=true to upload a snapshot. And gkectl helps generate the Cloud Storage bucket with the format gs://anthos-snapshot[uuid]/vmware/$snapshot-name.

• GA: Support for upgrade and rollback of node pool version

• GA: gkectl get-config is a new command that locally generates cluster configuration files from an existing admin or user cluster.

• GA: Support for multi-line parsing of Go and Java logs

• GA: Support for manual load balancing in user clusters that enable ControlplaneV2

• GA: Support for update of private registry credentials

• GA: Metrics and logs in the bootstrap cluster are now uploaded to Google Cloud through Google Cloud's operations suite to provide better observability on admin cluster operations.

• GA: vSphere CSI is now enabled for Windows node pools.

• Fully managed Cloud Monitoring Integration dashboards. The new Integration Dashboard is automatically installed. You cannot make changes to the following dashboards, because they are fully managed by Google. However, you can make a copy of a dashboard and customize the copied version:

  • Anthos Cluster Control Plane Uptime
  • Anthos Cluster Node Status
  • Anthos Cluster Pod Status
  • Anthos Cluster Utilization Metering
  • Anthos Cluster on VMware VM Status

Database Migration Service now supports faster migrations from PostgreSQL source databases to a destination Cloud SQL for PostgreSQL instance. The feature improves the performance of migrating data and constraints (including primary keys, foreign keys, and indexes).

Observability for Google Kubernetes Engine: You can now enable GKE control plane metrics from the Observability tab for your GKE cluster. You can also preview the available charts and metrics before you enable the metrics. For more information, see Configuring collection of control plane metrics.

Fast migration for Cloud SQL is now available. This feature improves the performance of data migrations from an external source to a destination Cloud SQL instance.

You can now disable simultaneous multithreading (SMT) while creating or editing instances and read replicas. This might reduce your SQL Server licensing fees. To understand the impact of disabling SMT on your instance's performance, we recommend that you perform load testing on your instance.

Cloud Spanner now supports new query capabilities for PostgreSQL dialect databases:

• Set operations (such as UNION and INTERSECT) with ORDER BY, LIMIT, or OFFSET, or in subqueries
• Parameterized LIMIT and OFFSET operations
• Statement hints for configuring the query optimizer (such as optimizer_version and optimizer_statistics_package)

Cloud Spanner sampled query plans are now available in Preview. You can view samples of historic query plans and compare the performance of a query over time. For more information, see Sampled query plans.

The managed Cloud Storage FUSE CSI driver for GKE is now available in Preview in GKE versions 1.26.3 and later. You can use this driver to consume Cloud Storage buckets for GKE workloads.

The managed Cloud Storage FUSE CSI driver for GKE is now available in Preview in GKE versions 1.26.3 and later. You can use this driver to consume Cloud Storage buckets for GKE workloads.

Anthos clusters on VMware 1.14.4-gke.54 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.14.4-gke.54 runs on Kubernetes 1.25.8-gke.1500.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

Apigee Integrations is now available in the following locations:

• Melbourne (australia-southeast2)
• Finland (europe-north1)
• Paris (europe-west9)
• Madrid (europe-southwest1)
• Doha (me-central1)
• Tel Aviv (me-west1)

For more information about the supported locations, see Apigee Integration supported regions.

Application Integration is now available in the following locations:

• Melbourne (australia-southeast2)
• Finland (europe-north1)
• Paris (europe-west9)
• Madrid (europe-southwest1)
• Doha (me-central1)
• Tel Aviv (me-west1)

For more information about the supported locations, see Application Integration locations.

You can now add descriptions to the columns of a view. To do this, use the CREATE VIEW or ALTER COLUMN DDL statements. This feature is in preview.

If you use query queues, then you can set the interactive and batch queue timeouts in your default configuration. This feature is in preview.

UDM Search Pivot Table

The UDM Search Pivot Table enables you to further analyze your UDM search results, giving you the following capabilities:

• Group search results by up to five UDM fields.
• Perform aggregations (sum, count, count distinct, average, stddev, min, and max) on up to to five values within the UDM fields (for example, domains, users, and products).
• Sort results of the pivot table (ascending, descending)

This feature is being enabled for global customers in a phased manner and is expected to fully roll out over the next month.

Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.

Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.

Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.

The Cloud Workflows service agent has the ability to consume quota and billing for a project through the serviceusage.services.use permission. This allows workflows to count quota and apply billing to the correct project when making calls to other Google APIs.

Several updates to Migrate to Virtual Machines:

• Migrate to Virtual Machines is now available in regions europe-west12 and me-central1. For more information, see Migrate to Virtual Machines locations.
• Migrate to Virtual Machines now supports VMWare 8.0.
• Preview: Migrate to Virtual Machines introduces a new field, Estimated cut-over time, that gives an estimate of the time it takes to complete a cut-over job for a VM once the cut-over is triggered. This field is populated only for an active VM that has completed a few replication cycles.

.NET 6 is now available in preview. This version requires you to specify an operating system version in your app.yaml file. Learn more.

You can now specify version "1.20" in the runtime_version setting of your app.yaml file. Learn more.

Backup and DR agent is enhanced to support RHEL for SAP 8.6 operating system version. See Support matrix.

Importing a domain from Google Domains to Cloud Domains is available in GA.

General Availability: You can specify the source IP ranges for egress firewall rules and the destination IP ranges for ingress firewall rules.

Two new multi-region instance configurations are now available in North America: nam14 (Northern Virginia/Montréal/South Carolina) and nam15 (Dallas/Northern Virginia/Iowa).

The number of indexes per table that Cloud Spanner supports increased from 32 to 128. For more information, see Quotas & limits.

Release 1.15.0

Anthos clusters on bare metal 1.15.0 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.15.0 runs on Kubernetes 1.26.

Cluster lifecycle:

• Upgraded from Kubernetes version 1.25 to version 1.26.
• GA: Set in-place upgrade (without bootstrap cluster) as the default upgrade method for self-managed clusters.
• GA: Added support for configuring worker node pools for parallel node upgrades to significantly reduce upgrade times. Added a minimumAvailableNodes field to specify a minimum number of nodes to keep available for workloads throughout the upgrade.
• Preview: Added support for parallel upgrades of worker node pools.
• Added support for Red Hat Enterprise Linux (RHEL) version 8.7.
• Added support for Ubuntu 22.04 LTS.
• GA: Added support for increasing the number of IP addresses for Services after cluster creation. For more information, see Increase service network range.
• Preview: Added ability to configure kubelet image pull settings for node pools. For more information, see Configure kubelet image pull settings.
• Streamlined the snapshot uploading and sharing process.
• GA: Added support of Control group v2 (cgroup v2).
• Preview: Added a separate instance of etcd for the etcd-events object.
• Updated cert-manager to version 1.17.2.
• Updated automated API enablement when you run bmctl create config with the --enable-apis flag. The following APIs are added to the enablement list:
  • Enable storage.googleapis.com as a required API.
  • Enable gkeonprem.googleapis.com as a recommended API.
• Added a new field status.failures to the NodePool custom resource to aggregate failures across machines in the NodePool.
• Added a new condition type PreflightCheckSuccessful to the NodePool custom resource. This condition type summarizes the preflight check status across machines in the NodePool.

Networking:

• Added support for ClusterDNS to specify order for upstreamNameServers with an orderPolicy. Allowed values for orderPolicy are random, round_robin, or sequential. The default value is random.

Observability:

• Added support for filtering application logs. This feature can reduce application logging billing and network traffic from the cluster to Cloud Logging. For more information, see Filter application logs.

• GA: Fully managed Cloud Monitoring Integration dashboards:

  • In the next Anthos release (version 1.16), the following dashboards in Cloud Monitoring Sample Library are unavailable:
    • Anthos cluster control plane uptime
    • Anthos cluster node status
    • Anthos cluster pod status
    • Anthos utilization metering
    • GKE on-prem node status
    • GKE on-prem control plane uptime
    • GKE on-prem pod status
    • GKE on-prem vSphere vm health status
  • In the next Anthos release (version 1.16), the following customized dashboards aren't created when you create a new cluster:
    • Anthos cluster control plane uptime
    • Anthos cluster pod status
    • Anthos cluster node status
    • Anthos cluster VM status
  • An added Anthos integration page is available from the Cloud Monitoring Integration page. The Anthos integration includes descriptions and previews for the predefined Anthos dashboards:
    • Anthos Cluster Control Plane Uptime
    • Anthos Cluster Node Status
    • Anthos Cluster Pod Status
    • Anthos Cluster KubeVirt VM Status
    • Anthos Cluster Utilization Metering

  For more information, see Use predefined dashboards.

• Preview: Added support for system metrics when you use Google Cloud Managed Service for Prometheus.

Security and Identity:

• Preview: Added support for Binary Authorization, a service on Google Cloud that provides software supply-chain security for container-based applications. For more information, see Binary Authorization for Anthos clusters overview.
• Preview: Added support for VPC Service Controls, which provides additional security for your clusters to help mitigate the risk of data exfiltration.
• Improved security by disabling port 10255, the kubelet read-only port, by default. For more information, see Disable kubelet read-only port in Hardening your cluster's security.

Ruby 3.2 is now available in preview. This version requires you to specify an operating system version in your app.yaml file. Learn more.

The Search API is now available in the App Engine legacy bundled services for second-generation runtimes. Access this legacy bundled service through the App Engine services SDK for Go 1.12+.

The Search API is now available in the App Engine legacy bundled services for second-generation runtimes. Access this legacy bundled service through the App Engine API JAR.

The Search API is now available in the App Engine legacy bundled services for second-generation runtimes. Access this legacy bundled service through the App Engine services SDK for Python 3.

Backup and DR Service now supports archive snapshots for Compute Engine instance backups.

Simplified experience for updating backup/recovery appliances from the management console.

Backup and DR agent is enhanced to support RHEL 8.6, RHEL 8.7, and RHEL 9.0 operating system version. See Support matrix.

Backup and DR agent is enhanced to support Oracle Enterprise Linux 8.7 and 9.0 operating system version. See Support matrix.

JSON data type mapping is now available for Cloud Spanner federated queries. This feature is generally available (GA).

Campaign Management: You now have the option to add a Unique ID column to your campaign management CSV upload. This ID can be any identifier of your choice, such as a CRM identifier or a SKU. This field allows you to associate your CRM data with each dialer call, providing a comprehensive view of your call data. You can view the Unique ID data in Standard Reporting Campaign reports. For more information see the campaign management documentation.

Voice Virtual Agents now has the ability to transfer a call to a specific phone number or SIP endpoint, ensuring that the consumer is connected to the appropriate person or department. For more information, see the Virtual Agents custom payload documentation.

Custom CRM Virtual Agent transcripts: We have updated our Custom CRM to allow Virtual Agent transcripts to be sent to your external storage. To enable this, go to Developer Settings > External Storage and select Call Transcripts (currently only supported for Agent Assist and Virtual Agent transcripts). The transcripts will be sent to your external storage. This feature allows the team managing your virtual agent(s) to review and analyze the conversations your virtual agents are having with your consumers, identifying areas for improvement and helping you evolve your virtual agent(s). In addition, VA transcripts can help businesses comply with regulatory requirements by maintaining a secure record of all consumer interactions.

For more information on Custom CRM see the Custom CRM documentation.

New Manager API calls endpoint fields: We have added additional data to the /manager/api/v1/calls endpoint to provide more options for reviewing and analyzing campaign call status data. New fields include Machine Detected and Skipped information.

New Manager API endpoints: The following new endpoints have been added to access more data related to outbound dialer campaigns:

/manager/api/v1/outbound_dialer/campaigns

/manager/api/v1/outbound_dialer/campaigns/:campaign_id

/manager/api/v1/outbound_dialer/campaigns/:campaign_id/contacts

Added support for L4 GPU in cos-gpu-installer and fix cached driver installation for prebuilt driver modules.

Enabled INET_DIAG_DESTROY kernel configuration.

BigLake and non-BigLake external tables now support Cloud Storage custom dual-regions. This feature is generally available (GA).

You can now configure Cloud Build to continue executing a build even if specified steps fail. This feature is generally available. To learn more, see the allowFailure and allowExitCodes topics in Build configuration file schema.

Cloud Data Fusion version 6.8.2 is generally available (GA). This release is in parallel with the CDAP 6.8.2 release.

Version 2.31.0 of the Ops Agent introduces built-in support for log rotation. For more information, see Configure log rotation in the Ops Agent.

Version 2.31.0 of the Ops Agent introduces built-in support for log rotation. For more information, see Configure log rotation in the Ops Agent.

Added support for manual installation in GKE Autopilot.

Resource ArtifactRegistryRepository(v1beta1):

• Added spec.dockerConfig field.

Resource BigQueryDataset(v1beta1):

• Added spec.defaultCollation field.
• Added spec.isCaseInsensitive field.

Resource ComputeInstance(v1beta1):

• Added spec.scratchDisk.items.size field.

Resource ComputeInstanceTemplate(v1beta1):

• Added status.selfLinkUnique field.

Resource ComputeNetwork(v1beta1):

• Added spec.networkFirewallPolicyEnforcementOrder field.

Resource ComputeVPNGateway(v1beta1):

• Added spec.stackType field.

Resource ContainerCluster(v1beta1):

• Added spec.ipAllocationPolicy.podCidrOverprovisionConfig field.
• Added spec.ipAllocationPolicy.stackType field.
• Added spec.nodeConfig.advancedMachineFeatures field.
• Added spec.nodeConfig.ephemeralStorageLocalSsdConfig field.
• Added spec.nodeConfig.localNvmeSsdBlockConfig field.

Resource ContainerNodePool(v1beta1):

• Added spec.networkConfig.podCidrOverprovisionConfig field.
• Added spec.nodeConfig.advancedMachineFeatures field.
• Added spec.nodeConfig.ephemeralStorageLocalSsdConfig field.
• Added spec.nodeConfig.localNvmeSsdBlockConfig field.

Resource PrivateCACAPool(v1beta1):

• Added spec.issuancePolicy.baselineValues.caOptions.zeroMaxIssuerPathLength field.

Resource PrivateCACertificateAuthority(v1beta1):

• Added spec.config.x509Config.caOptions.zeroMaxIssuerPathLength field.

Resource StorageTransferJob(v1beta1):

• Added spec.transferSpec.objectConditions.lastModifiedBefore field.
• Added spec.transferSpec.objectConditions.lastModifiedSince field.

Added 136 v1alpha1 Google Cloud resource CRDs. See Install instructions for more information.

Dialogflow CX now supports intent import/export and training phrase import.

Google Cloud Armor now supports rate limiting based on multiple keys in General Availability. For more information, see Apply rate limiting.

Event Threat Detection, a built-in service of Security Command Center, launched the following new rules to Preview.

• Persistence: Impersonation Role Granted For Dormant Service Account
• Privilege Escalation: Dormant Service Account Granted Sensitive Role

The Persistence: Impersonation Role Granted For Dormant Service Account rule detects events where a principal is granted permissions to impersonate a dormant user-managed service account.

The Privilege Escalation: Dormant Service Account Granted Sensitive Role rule detects events where a dormant user-managed service account was granted one or more sensitive IAM roles.

For more information, see Event Threat Detection rules.

Release 1.13.7

Anthos clusters on bare metal 1.13.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.7 runs on Kubernetes 1.24.

Dynamic data masking has been updated to allow masking on RECORD columns that have been set to REPEATED mode. Previously, querying such columns when data masking had been applied would return internal errors. This feature is generally available (GA).

You can now install and configure Chronicle forwarder for Windows on Docker. This Docker installation provides better security through isolation and the container distribution mechanism can be private and separate for Google Cloud and customers. This release also includes the following updates:

• The forwarder signing key will be rotated every 6 months for security. You must update the Chronicle forwarder for Windows on Docker image every 6 months.

• The minimum batch size for forwarder is now increased to 200KB for better performance.

• Data compression is now enabled by default. It reduces the network bandwidth consumption by 80%.

• Hot config loading is now supported and applies configuration changes within 5 minutes without the need to restart the forwarder.

• Automatic buffering handles spikes in incoming traffic by efficiently using available memory on the host system. This feature is optional.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• Speech
  • speech.googleapis.com/Config
  • speech.googleapis.com/Recognizer
• Networkservices
  • networkservices.googleapis.com/EdgeCacheKeyset
  • networkservices.googleapis.com/EdgeCacheOrigin
  • networkservices.googleapis.com/EdgeCacheService

(Cloud Composer 2) Airflow 2.5.1 is available in Cloud Composer images.

The Observability tab on the VM instances page for Compute Engine has been enhanced. Disk and Network sections with additional charts have been added. The Integrations > Detected section lets you navigate to the dashboards for the third-party integrations, like Apache or NGINX, that you have configured. The page also includes a set of Recommended Alerts for setting up pre-configured alerting policies for CPU, memory, and disk utilization and for host errors.

In the Google Cloud console, the Observability tab on the VM instances page for Compute Engine has been enhanced. Disk and Network sections with additional charts have been added. The Integrations > Detected section lets you navigate to the dashboards for the third-party integrations that you have configured, like Apache or NGINX. The page also includes a set of recommended alerts for setting up pre-configured alerting policies for CPU, memory, and disk utilization and for host errors.

Queue-level wrap-up settings: You can now customize wrap-up times for different queues, to ensure that agents have adequate time to complete their tasks without compromising service level agreements or taking another call/chat before they are ready. This is particularly useful for queues that handle escalations or complex issues, which may require more time to handle. See the Queue and Menu Setup documentation for details.

Custom CRM background screen pop for embedded adapters: We have improved the screen pop capability for our Custom CRM to better support embedded adapters. We now provide a way to do a CRM screen pop in the background, allowing for a smoother experience when using embedded adapters. For details, see the Custom CRM documentation.

Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.

Launched the following features to improve the usability of the Document AI Workbench Custom Document Extractor (CDE):

• CDE now supports an additional 42 global languages.
• CDE lets you import processor versions across projects and processors to easily manage development and production environments.
• CDE can automatically label documents in a dataset by using a deployed processor version to help you quickly prepare training data.

Document AI Workbench Custom Document Extractor (CDE) has also made the following enhancements:

• The asynchronous prediction API can now extract data from documents up to 200 pages long.
• Improved the accuracy of extracting checkboxes.

VMware Engine adds a VPC Service Controls guided opt-in and policy export that enables you to attach VMware Engine services to a new or existing VPC Service Controls perimeter. For more information, see VPC Service Controls.

Added support for Committed use discounts for Memorystore.

Added support for Committed use discounts for Memorystore.

Storage Transfer Service now publishes the IP ranges from which it makes requests to your AWS or Azure storage resources when performing a transfer. This allows you to restrict your resources by IP, and still allow Storage Transfer Service access.

For details, see the IP restrictions section of the following documents:

• Configure access to a source: Amazon S3
• Configure access to a source: Microsoft Azure Storage

Three metrics tracking node health are available in Preview. These can help you monitor the activity of individual read pool nodes, and investigate and troubleshoot issues with read pool queries.

The BigQuery Data Transfer Service for Google Ads supports the new Google Ads API. The Google Ads connector supports PMax and Discovery campaigns, a limit of 8000 leaf accounts per transfer, the --table_filter flag, and backwards compatibility. This feature is now generally available (GA).

You can now set up a unified Google Cloud Billing exports for multiple Partner Sales Console accounts. This helps you export billing data directly to a single dataset for analysis.

The tables in the rebilling dataset support partitioning by Cloud Billing accounts, so you can still view data for specific Cloud Billing accounts independently without impact to query latency/costs.

Learn how to export your rebilling data to BigQuery.

You can now create regional Persistent Disk volumes when creating a new VM either directly, or through instance templates. For more information, see Create a VM instance with additional non-boot disks or Create a new instance template.

Autoscaler recommendation reasoning details are available now in Cloud Logging logs.

count() queries are now supported at the General Availability level.

count() queries are now supported at the General Availability level.

The Service dashboard now displays telemetry from external mesh services that have a canonical service label in the regular release channel. See Defining a Canonical Service for more information.

The MARITAL_STATUS infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The Cloud Healthcare API offers single-region support in the northamerica-northeast2 (Toronto, Canada) region.

Cloud Workstations makes the following machine types available:

• n1-standard-2
• n1-standard-8
• n1-standard-16
• n1-standard-32
• n2-standard-2
• n2-standard-4

For more information, see Available machine types, REST workstationConfigs, or RPC google.cloud.workstations.v1beta GceInstance.

Dataflow ML now supports the Automatic Model Refresh feature, which lets you update your machine learning model without stopping your Apache Beam pipeline.

This release contains a new Advanced API Security Detected Traffic view, which displays information about API traffic originating from detected bots. This information was previously displayed in the Abuse metrics section of the Security scores view.

The FedRAMP Moderate compliance regime now supports the following products. See Supported products for more information:

• Access Approval
• Cloud Asset Inventory
• GKE Hub
• Traffic Director

The following compliance regimes now support the list of products below:

• Australia Regions with Assured Support
• Canada Regions and Support
• Canada Protected B
• Israel Regions and Support
• US Regions and Support

The following products are now supported. See supported products for more information:

• Artifact Registry
• Cloud Bigtable
• Cloud DNS
• Cloud HSM
• Cloud Interconnect
• Cloud Key Management Service (KMS)
• Cloud Load Balancing
• Cloud Monitoring
• Cloud NAT
• Cloud Router
• Cloud Run
• Cloud VPN
• Firestore
• Identity and Access Management (IAM)
• Identity-Aware Proxy (IAP)
• Network Connectivity Center
• Pub/Sub
• Virtual Private Cloud
• VPC Service Controls

Cloud Run integrations (Preview) are now available in europe-west1.

Preview:

• The HPC Rocky Linux 8 image is now available for HPC workloads.
• The HPC VM Images now support Intel MPI 2021 with tools to easily installing the Intel MPI 2021 library, the net and psm3 libfabric providers.
• The HPC VM Images now support OpenMPI. For more details, see Open MPI best practice guides.

New Service limit (quota) recommender is now available in Preview. The recommendations help you identify resources that may be approaching their quota limits.

Private Service Connect backends support using an internal regional TCP proxy load balancer to access published services. This feature is available in Preview.

Release 1.14.4

Anthos clusters on bare metal 1.14.4 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.4 runs on Kubernetes 1.25.

Updates to preferred tables for existing BI engine reservations now take up to ten seconds to propagate, down from five minutes. This feature is generally available (GA).

Certificate Manager now supports Mutual TLS (mTLS) authentication. This is a public preview feature. For more information, see Trust configs.

Chronicle released the following additional data enrichment and precomputed analytic capabilities that can provide additional context during an investigation:

• Enriched entities with WHOIS data.
• Enriched entities with VirusTotal relationship data.
• Enriched events with VirusTotal file metadata.
• Data from Google Cloud Threat Intelligence curated threat feeds.
• Precomputed first-seen and last-seen occurrence for domains, IP addresses, and file hashes (SHA256, SHA1, MD5).
• Precomputed first-seen occurrence for assets and users.

For more information, see the following documents:

• How Chronicle enriches event and entity data
• Use context-enriched data in UDM Search
• Use context-enriched data in rules

Cloud SQL for MySQL now supports 40+ new database flags. See supported flags for more information.

Added the skip_ingested_documents flag in the Cloud Storage Ingest Pipelines to skip ingested documents.

Time-based one-time password (TOTP) as an additional multi-factor authentication option is available in Preview.

Private Service Connect endpoints for published services can be configured with global access. When global access is configured, clients in any region can send traffic to endpoints. Global access for endpoints is available in Preview.

Java 11 and 17 are now generally available. These versions require you to specify an operating system version in your app.yaml. Learn more.

Cloud Billing Reports and Cost Breakdown report now support CSV downloads

For Cloud Billing Reports and Cost Breakdown reports, we have added the ability to download the data in the report table to a comma-separated values (CSV) file. With this update, the Download CSV feature is now available on most reports in the Cloud Billing console, including: Cost Table, Pricing Table, Reports, Cost Breakdown, and the Committed Use Discounts (CUDs) dashboard.

(Composer 2 only) Cloud Composer is now available in Taiwan (asia-east1), Jakarta (asia-southeast2), and Netherlands (europe-west4).

Java Runtime in Airflow workers and schedulers is updated from version 11 to version 17.

Cloud Functions (2nd gen) has added support at the Preview release level for accepting requests from the Shared VPC network that a function is connected to, including when Ingress is configured as "Internal" or "Internal and Cloud Load Balancing."

Cloud HSM resources are now available in the following regions:

• europe-west12
• me-central1

For information about which locations are supported by Cloud KMS, Cloud HSM, and Cloud EKM, see Cloud KMS locations.

Typically with HTTPS communication, the authentication works only one way: the client verifies the identity of the server. For applications that require the load balancer to authenticate the identity of clients that connect to it, both a global external HTTP(S) load balancer and a global external HTTP(S) load balancer (classic) support mutual TLS (mTLS).

With mTLS, the load balancer requests that the client send a certificate to authenticate itself during the TLS handshake with the load balancer. You can configure a trust store that the load balancer uses to validate the client certificate's chain of trust.

For details, see the following:

• Mutual TLS authentication
• Set up mutual TLS with signed certificates
• Set up mutual TLS with a private CA
• Set up mutual TLS for a global external HTTP(S) load balancer (classic)
• Set up mutual TLS for a global external HTTP(S) load balancer

This capability is in Preview.

You can now configure Log Analytics on Cloud Logging buckets and BigQuery linked datasets by using the following Terraform modules:

• google_logging_project_bucket_config

• google_logging_linked_dataset

Session affinity for Cloud Run service revisions is now at general availability (GA).

A Cloud Run service revision will now accept requests from the Shared VPC network that it is connected to, including when Ingress is configured as "Internal" or "Internal and Cloud Load Balancing." (Preview)

You can now create tasks by sending an HTTP request to your queue. To learn more, read about the new BufferTask method to Create tasks.

This feature is in Preview.

For tasks that have HTTP targets (as opposed to App Engine targets), you can now set routing for tasks at the queue level. If you set routing at the queue level, you do not have to set routing for each individual task. To learn more, see Configure routing.

This feature is in Preview.

Cloud Logging is available for Dataform in Preview.

You can now create dry-run organization policies using the Google Cloud console.

You can assign a sensitivity level to a built-in or custom infoType. Cloud DLP uses the sensitivity levels of individual infoTypes to calculate the sensitivity levels of tables that you profile. For more information, see Manage infoTypes through the Google Cloud console.

Database Migration Service now supports Oracle multi-tenant (CDB/PDB) architecture. For information about configuring pluggable databases for use with Database Migration Service, click here.

Global external HTTP(S) load balancers now support proxying traffic to external backends outside Google Cloud. To define an external backend for a load balancer, you use a global resource called an internet network endpoint group (NEG).

For details, see the following:

• Internet NEG concepts
• Set up a global external HTTP(S) load balancer with an external backend

This capability is in Preview.

The Storage Insights inventory reports feature is now generally available. Inventory reports provide an overview of metadata for all objects in a bucket.

Datastream now supports Oracle multi-tenant (CDB/PDB) architecture. For information about configuring pluggable databases for use with Datastream, click here.

Support for creating triggers for direct events from Cloud Firestore is available in Preview.

Support for Filestore as an NFS datastore for Google Cloud VMware Engine (GCVE) is now generally available.

Eventarc events and Firestore events for Cloud Functions (2nd gen) now available in Preview.

You can now create tags that are children of projects as well as organization resources. For more information, see Creating and managing tags.

The Ruby 3.2 runtime for App Engine standard environment is now generally available.

VPC Service Controls support for Cloud Scheduler jobs with the following targets is now in Preview:

• Cloud Functions
• Cloud Run
• Dataflow API
• Data Pipelines

To learn more, see the documentation on how to secure cron jobs with VPC Service Controls.

The Firestore documentation has been updated to include guidance on using regional endpoints. For details, see Regional endpoints.

The Firestore in Datastore mode documentation has been updated to include guidance on using regional endpoints. For details, see Regional endpoints.

Pods bound to Preemptible and Spot nodes are now automatically deleted from the Kubernetes API server after the Preemptible or Spot instance is preempted. This is available in GKE versions:

• 1.25.7-gke.1000 or later
• 1.26.2-gke.1000 or later

Looker now supports incremental PDTs for Databricks connections when Databricks version 12.1 or later is used.

Content thumbnails now support dark theme.

Customers can now set the position of pop-up dialogs in an embedded environment. Customers must make changes to their embedded applications to take advantage of this feature. Methods have been added to the Embed SDK, and an updated Embed SDK has been published. The Embed SDK repository has also been updated to provide examples of using this feature with the Embed Javascript (windows postMessage) API.

Recommendations can now be exported to non-US regions.

Storage Transfer Service can now optionally preserve UID, GID, and mode metadata for folders, and recreate empty folders, when transferring between file systems.

See Metadata preservation for details.

Vertex AI Prediction

You can now update some scaling and container logging configuration settings on a DeployedModel without undeploying and redeploying it to an endpoint.

For more information, see update the scaling configuration and container logging.

Workflows support for Customer-Managed Encryption Keys (CMEK) is available in Preview.

Use the Workflows JSON schema in your IDE to provide syntax support when creating a workflow. See the Google Cloud Blog post: Workflows gets an updated JSON Schema.

Anthos clusters on VMware 1.12.7-gke.20 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.12.7-gke.20 runs on Kubernetes 1.23.17-gke.900.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

• Added admin cluster CA certificate validation to the admin cluster upgrade preflight check.

• We now allow storage DRS to be enabled in manual mode.

New features now supported in Apigee in VS Code for local development

The following features are now supported with Apigee in VS Code for local development as part of the Insiders build (as of v1.22.1-insiders.3):

• Create multi-repository workspaces - Choose individual storage locations for artifacts, such as API proxies that are stored as individual SCMs, but develop them together using a single workspace. You no longer have to create a single repository that contains all of your API proxies. See Understanding the structure of an Apigee multi-repository workspace.
• Use keystore - Introduces a new environment-level setting for creating the required keystores in the Apigee Emulator by using locally available keys. See Configuring the keystrokes (keystores.json).
• Test API proxies that require service accounts (for example, calling a cloud logging process as part of an API proxy flow) - Set up your Apigee Emulators with a service account key to enable service accounts, add policies and targets that rely on service accounts, and deploy the API proxies to the Apigee Emulator to test them. See Customizing the Apigee Emulator to support service account-based authentication.

BigQuery supports setting the rounding mode to ROUND_HALF_EVEN or ROUND_HALF_AWAY_FROM_ZERO for parameterized NUMERIC or BIGNUMERIC columns at the column level. You can specify a default rounding mode at the table or dataset level that is automatically attached to any columns added within those entities. The ROUND() function also accepts the rounding mode as an optional argument. This feature is generally available GA.

The following resource type is now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• Cloud Spanner
  • spanner.googleapis.com/InstanceConfig

Startup CPU boost for Cloud Run services is now at general availability (GA).

M107 release

• Miscellaneous software updates.

M107 release

• Miscellaneous software updates.

High Scale tier snapshots are now generally available.

Network Analyzer now includes an insight that gives a summary of the IP address utilization of all the subnet ranges in the analyzed project. For more information, see IP address utilization summary insights.

Event Threat Detection, a built-in service of Security Command Center, launched the following new rules to Preview.

• Defense Evasion: Breakglass Workload Deployment Created
• Defense Evasion: Breakglass Workload Deployment Updated

These rules detect when the break-glass flag is used to override Binary Authorization controls when deploying or updating workloads. For more information, see Event Threat Detection rules.

M107 release

The M107 release of Vertex AI Workbench user-managed notebooks includes the following:

• Fixed a bug that displayed the wrong version of the JupyterLab user interface.
• Fixed a bug where a cron job for the diagnostic tool was added at every restart.
• Miscellaneous software updates.

Dialogflow CX now supports flexible webhooks, where you can define the request HTTP method, request URL parameters, and fields of the request and response messages.

Advanced rule tuning features for preconfigured WAF rules are now Generally Available. For more information about the new tuning features, see Tune Google Cloud Armor preconfigured WAF rules.

The custom modules feature for Security Health Analytics is now generally available (GA). Custom modules allow you to define custom detectors for Security Health Analytics.

For more information, see Overview of custom modules for Security Health Analytics.

1.13.7 patch release

Anthos clusters on VMware 1.13.7-gke.29 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.7-gke.29 runs on Kubernetes 1.24.11-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

Node.js 18 is now generally available. This version requires you to specify an operating system version in your app.yaml. Learn more.

You can now skip the cooling-off period while deleting a LUN or a storage volume. This feature is generally available (GA). For more information, see Delete LUNs from a storage volume and Delete a storage volume.

Batch is available in the following regions:

• asia-northeast1 (Tokyo)
• europe-west4 (Netherlands)

For more information, see Locations.

View granular cost data from Cloud Spanner usage in Cloud Billing exports to BigQuery

You can now view granular Cloud Spanner cost data in the Google Cloud Billing detailed export. Use the resource.global_name field in the export to view and filter your detailed Cloud Spanner usage.

Review the schema of the Detailed cost data export.

View granular cost data from App Engine usage in Cloud Billing exports to BigQuery

You can now view granular App Engine cost data in the Google Cloud Billing detailed export. Use the resource.global_name field in the export to view and filter your detailed App Engine usage. Note that Firestore, App Engine Flex, and Datastore costs are not included in the granular App Engine instance costs.

Review the schema of the Detailed cost data export.

The new release of the GKE Gateway controller (2023-R01) is now generally available. With this release, the GKE Gateway controller will provide the following new capabilities:

• Gateway API on Autopilot clusters by default (GKE 1.26+)
• The Global External HTTP(S) Load Balancer GatewayClass graduates to GA
• Global Access for the gke-l7-rilb GatewayClass
• SSL Policies
• HTTP-to-HTTPS redirect
• Cloud Armor integration

You can check all the supported capabilities per GatewayClass in this page.

Event Threat Detection, a built-in service of Security Command Center, launched the following new rules to General Availability.

• Privilege Escalation: Anomalous Impersonation of Service Account for Admin Activity
• Privilege Escalation: Anomalous Multistep Service Account Delegation for Admin Activity
• Privilege Escalation: Anomalous Multistep Service Account Delegation for Data Access
• Privilege Escalation: Anomalous Service Account Impersonator for Admin Activity
• Privilege Escalation: Anomalous Service Account Impersonator for Data Access

These rules detect anomalous activities that are taken by someone who is using an impersonated service account to access Google Cloud. For more information, see Event Threat Detection rules.

Transfers from S3-compatible storage to Cloud Storage are now generally available (GA). This feature builds on support for Multipart upload and List Object V2, which makes Cloud Storage suitable for running applications written for the S3 API.

With this new feature, customers can seamlessly copy data from self-managed object storage to Google Cloud Storage. For customers moving data from AWS S3 to Cloud Storage, this feature provides an option to control network routes to Google Cloud, resulting in considerably lower egress charges.

See Transfer from S3-compatible sources for details.

The limit for maximum result size (20 GiB logical bytes) when querying Azure or Amazon Simple Storage service (S3) data is now generally available (GA). Querying Azure and Amazon S3 data are now subject to the following quotas and limitations:

• The maximum row size is 10 MiB. For more information, see Quotas for query jobs.

• If your query uses the ORDER BY clause and has a result size larger than 256 MB, then your query fails. Previously, this limit was 2 MB. For more information, see Limitations.

Cloud Spanner integration with Data Catalog is now available in Preview in the europe-central2 region.

For more information, see Manage resources using Data Catalog.

Dataflow cost monitoring is now available in preview.

The following resource types are now publicly available through the Search APIs (SearchAllResources, SearchAllIamPolicies).

• Cloud Dataplex

  • dataplex.googleapis.com/DataTaxonomy
  • dataplex.googleapis.com/DataAttribute
  • dataplex.googleapis.com/DataAttributeBinding

• AI Platform

  • aiplatform.googleapis.com/NasJob

To help you understand and test the discovery service, Cloud DLP has made it easier for you to test profiling on a single table. You can profile up to 25 tables at no additional charge, one at a time. Only tables that are less than or equal to 1 TB in size can be profiled for free. For more information, see Profile a table in test mode.

Support for Identity-aware Proxy (IAP) with Cloud Run to use identity and context to guard access to your applications is now at general availability (GA).

Datetime properties filtering is supported in the Document AI Warehouse UI.

Support for Identity-aware Proxy (IAP) with Cloud Run to use identity and context to guard access to your applications is now at general availability (GA).

The following products are now supported. See Supported products for more information:

• Cloud DNS
• Cloud Interconnect
• Cloud Load Balancing
• Cloud NAT
• Cloud Router
• Cloud VPN
• Identity and Access Management (IAM)
• Identity-Aware Proxy
• Network Connectivity Center
• Virtual Private Cloud
• VPC Service Controls

The EU Regions and Support compliance regime now supports the following products. See Supported products for more information:

• Cloud DNS
• Cloud Interconnect
• Cloud Load Balancing
• Cloud NAT
• Cloud Router
• Cloud VPN
• Identity-Aware Proxy
• Network Connectivity Center
• Virtual Private Cloud
• VPC Service Controls

The EU Regions and Support with Sovereignty Controls compliance regime now supports the following products. See Supported products for more information:

• Cloud DNS
• Cloud Interconnect
• Cloud Load Balancing
• Cloud NAT
• Cloud Router
• Cloud VPN
• Identity-Aware Proxy
• Network Connectivity Center
• Virtual Private Cloud
• VPC Service Controls

The add data demo guide walks you through the process of adding data to BigQuery through popular sources and is now in preview.

(Available without upgrading) Selected time ranges are now synchronized between the Monitoring tab and the Logs tab in Cloud Console.

You can now set up cascading read replicas after you migrate data to a Cloud SQL destination instance using Database Migration Service. To find out how to set up cascading read replicas for a Cloud SQL for MySQL instance, click here. To find out how to set up cascading read replicas for a Cloud SQL for PostgreSQL instance, click here.

Cloud Functions now supports the use of the Yarn 2 package manager with private Node.js modules.

Regional external and regional internal HTTP(S) load balancers now support using Cloud Run services as backends for the load balancer. This is configured using a serverless network endpoint group (NEG).

For details, see:

• Serverless NEG concepts
• Set up a regional external HTTP(S) load balancer with a Cloud Run backend
• Set up an internal HTTP(S) load balancer with a Cloud Run backend

This feature is available in General availability.

Forwarding rules for external TCP/UDP network load balancers can now be configured to direct traffic coming from a specific range of source IP addresses to a specific backend service (or target instance). This is called traffic steering.

For details, see:

• Network load balancer overview: Traffic steering
• Configure traffic steering

This capability is in General availability.

Regional external and regional internal HTTP(S) load balancers now support using Cloud Run services as backends for the load balancer. This is configured using a serverless network endpoint group (NEG).

For details, see:

• Serverless NEG concepts
• Setting up a regional external HTTP(S) load balancer with a Cloud Run backend
• Setting up an internal HTTP(S) load balancer with a Cloud Run backend

This feature is available in General availability.

Cascading Replicas is now generally available when migrating from external servers. You can now configure migrated replicas to have read replicas under them before promoting them to primary replica. To learn more, see External Server Cascading Replicas.

Cascading Replicas is now generally available when migrating from external servers. You can now configure migrated replicas to have read replicas under them before promoting them to primary replica. To learn more, see External Server Cascading Replicas.

Generally available: You can now use the gcloud command-line tool to import images from AWS into Google Cloud. For more information, see Importing images from AWS.

M106 release

• Miscellaneous software updates.

M106 release

• Rolled back a previous change in which Jupyter dependencies were located in a separate Conda environment.
• Miscellaneous software updates.

Support for Manifest in Storage Transfer Service is now generally available (GA). You can use Manifest to transfer a specific list of objects, object versions, and files from cloud and on-premises sources. Programmatic users can use the output of an upstream operation generating a list of files and objects as an input for Storage Transfer Service to act upon.

Overlays can now be created using PNG images (with or without transparency).

M106 release

The M106 release of Vertex AI Workbench user-managed notebooks includes the following:

• Rolled back a previous change in which Jupyter dependencies were located in a separate Conda environment.
• Fixed a bug in which kernels used by notebooks did not contain the specified machine learning frameworks.
• Miscellaneous software updates.

This release includes the following Anthos attached clusters platform versions:

• 1.21.0-gke.1
• 1.22.0-gke.1
• 1.23.0-gke.3
• 1.24.0-gke.2
• 1.25.0-gke.2

You can now launch clusters with the following Kubernetes versions:

• 1.23.16-gke.2800
• 1.24.10-gke.1200
• 1.25.6-gke.1600