Google Cloud release notes

You can now use Bare Metal Solution's self-service functionality to order your resources after executing a one-time Order Form. This feature is generally available (GA). For more information, see Order Bare Metal Solution resources.

BigQuery native integration in Looker Studio enables monitoring features for Looker Studio queries, improves query performance, and supports many BigQuery features. This feature is in preview.

You can now import your Grafana dashboards into Cloud Monitoring. For more information, see Import Grafana dashboards into Cloud Monitoring.

You can now configure notifications for Google Chat spaces. For more information, see Create and manage notification channels.

If you use the latest preconfigured base images for JetBrains IDEs, the .vmoptions and .properties files persist across workstations. For more information, see Customize JetBrains IDE vmoptions and properties.

Dialogflow CX speech adaptation can now be configured manually.

GKE now delivers insights and recommendations if users have installed webhooks that intercept system resources or webhooks that have no available endpoints. To learn more, see Ensure control plane stability when using webhooks.

Private Service Connect service connectivity automation is available in General Availability. Service connectivity automation lets service producers automate deployment and service connectivity to eligible managed services on behalf of consumers.

Release 1.14.9

Anthos clusters on bare metal 1.14.9 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.9 runs on Kubernetes 1.25.

New attributes for Pay-as-you-go pricing are generally available (GA).

Apigee updated its Pay-as-you-go pricing model, making it possible for customers to onboard at a significantly reduced initial cost and right-size their ongoing expenses to usage.

To learn more about the updated Pay-as-you-go pricing experience, see Pay-as-you-go (updated attributes) pricing overview.

Standard and extensible API proxies are generally available (GA).

Standard and extensible API proxies are generally available for use with Apigee organizations.

For more information about standard and extensible API proxies, see API proxy types.

HTTPModifier and ReadPropertySet policies and templating support for message elements are generally available (GA).

The HTTPModifier policy can change an existing request or response message and provides a subset of the functionality already available in the AssignMessage policy. See HTTPModifier policy.

The ReadPropertySet policy reads property sets and populates flow variables with the results. See ReadPropertySet policy.

HTTPModifier and ReadPropertySet are standard policies. Proxies built exclusively with standard policies are called standard proxies and can be deployed to any environment type. See Pay-as-you-go (updated attributes) pricing overview.

With this release, template support for message elements is also generally available. See URL templating.

New environment types are generally available (GA).

With this release, Apigee introduces three distinct environments that have access to varying degrees of Apigee capabilities and costs: Base, Intermediate, and Comprehensive.

For more information, see Apigee Pay-as-you-go environment types.

Apigee API Analytics add-on for Pay-as-you-go organizations is generally available (GA).

With this release, Apigee API Analytics is available as a paid add-on capability for Pay-as-you-go organizations. The add-on can be enabled in any Apigee Intermediate or Comprehensive environment. For more information, see Manage the Apigee API Analytics add-on.

One click provisioning for Apigee Pay-as-you-go organizations is generally available (GA).

Simplify your onboarding experience with one click provisioning for new Pay-as-you-go organizations, using smart default configurations. To learn more, see Provision Apigee with one click.

Updated pricing attributes in Subscription plans are available.

To get started with subscription plans that include new pricing attributes (consistent with Pay-as-you-go pricing), contact your Google Cloud sales specialist.

For more information, see Apigee Subscription 2024 entitlements. Apigee hybrid is not available in the new subscription plan at this time.

As a BigQuery administrator, to monitor your organization's slots utilization and BigQuery jobs' performance over time, use can now use administrative query inspector. This feature is now generally available.

Airflow triggerer is now generally available (GA).

Cloud Load Balancing introduces the global external Proxy Network Load Balancer. The global external Proxy Network Load Balancer is implemented on globally distributed GFEs and supports advanced traffic management capabilities. This load balancer can be configured to handle either TCP or SSL traffic by using either a target TCP proxy or a target SSL proxy respectively. Global external proxy Network Load Balancers support backends such as instance groups, hybrid NEGs, and Private Service Connect NEGs.

Load balancers that are already deployed in the classic mode are renamed as classic Proxy Network Load Balancer in the console.

For details, see the External proxy Network Load Balancer overview.

To set up a global external Proxy Network Load Balancer, see the following pages:

• Instance group backends with SSL
• Instance group backends with TCP

This capability is in Preview.

With the launch of global external Proxy Network Load Balancer, we now support three deployment modes with the external Proxy Network Load Balancer—classic (General Availability), Regional (General Availability) and global (Preview). No changes have been made to the API.

For details, see the External proxy Network Load Balancer overview.

Typically with HTTPS communication, the authentication works only one way: the client verifies the identity of the server. For applications that require the load balancer to authenticate the identity of clients that connect to it, both a global external Application Load Balancer and a global external Application Load Balancer (classic) support mutual TLS (mTLS).

With mTLS, the load balancer requests that the client send a certificate to authenticate itself during the TLS handshake with the load balancer. You can configure a trust store that the load balancer uses to validate the client certificate's chain of trust.

For details, see the following:

• Mutual TLS authentication
• Set up mutual TLS with signed certificates
• Set up mutual TLS with a private CA
• Set up mutual TLS for a global external Application Load Balancer (classic)
• Set up mutual TLS for a global external Application Load Balancer

This capability is in General Availability.

Added MutatingWebhookConfigurationCustomization and ValidatingWebhookConfigurationCustomization to support the customization on webhook timeouts.

Added value validation for resource requests and limits in the customizable ControllerResource and NamespacedControllerResource CRDs.

Promoted CertificateManagerCertificate, CertificateManagerCertificateMap, CertificateManagerCertificateMapEntry and CertificateManagerDNSAuthorization from v1alpha1 to v1beta1.

Promoted RunService from alpha stability to stable stability.

• Renamed field spec.template.containerConcurrency to spec.template.maxInstanceRequestConcurrency.
• Fixed the IAM support by removing the support of "IAM conditions" on this resource.
• Removed field status.resourceGeneration.

Resource BigQueryTable(v1beta1):

• Added spec.tableConstraints field.
• Added spec.materializedView.allowNonIncrementalDefinition field.

Resource ComputeInstance(v1beta1):

• Added spec.networkInterface.items.internalIpv6PrefixLength field.
• Added spec.networkInterface.items.ipv6Address field.

Resource ComputeInstanceTemplate(v1beta1):

• Added spec.networkInterface.items.internalIpv6PrefixLength field.
• Added spec.networkInterface.items.ipv6Address field.

Resource ContainerCluster(v1beta1):

• Added spec.enableFqdnNetworkPolicy field.
• Added spec.nodeConfig.confidentialNodes field.

Resource ContainerNodePool(v1beta1):

• Added spec.nodeConfig.confidentialNodes field.

Resource DialogflowCXFlow(v1alpha1):

• Added spec.eventHandlers.items.triggerFulfillment.conditionalCases field.
• Added spec.eventHandlers.items.triggerFulfillment.setParameterActions field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.channel field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.conversationSuccess field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.liveAgentHandoff field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.outputAudioText field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.payload field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.playAudio field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.telephonyTransferCall field.
• Added spec.transitionRoutes.items.triggerFulfillment.conditionalCases field.
• Added spec.transitionRoutes.items.triggerFulfillment.setParameterActions field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.channel field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.conversationSuccess field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.liveAgentHandoff field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.outputAudioText field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.payload field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.playAudio field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.telephonyTransferCall field.

Resource DialogflowCXPage(v1alpha1):

• Added spec.entryFulfillment.conditionalCases field.
• Added spec.entryFulfillment.setParameterActions field.
• Added spec.entryFulfillment.messages.items.channel field.
• Added spec.entryFulfillment.messages.items.conversationSuccess field.
• Added spec.entryFulfillment.messages.items.liveAgentHandoff field.
• Added spec.entryFulfillment.messages.items.outputAudioText field.
• Added spec.entryFulfillment.messages.items.payload field.
• Added spec.entryFulfillment.messages.items.playAudio field.
• Added spec.entryFulfillment.messages.items.telephonyTransferCall field.
• Added spec.eventHandlers.items.triggerFulfillment.conditionalCases field.
• Added spec.eventHandlers.items.triggerFulfillment.setParameterActions field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.channel field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.conversationSuccess field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.liveAgentHandoff field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.outputAudioText field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.payload field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.playAudio field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.telephonyTransferCall field.
• Added spec.form.parameters.items.defaultValue field.
• Added spec.form.parameters.items.fillBehavior.repromptEventHandlers field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.conditionalCases field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.setParameterActions field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.channel field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.conversationSuccess field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.liveAgentHandoff field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.outputAudioText field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.payload field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.playAudio field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.telephonyTransferCall field.
• Added spec.transitionRoutes.items.triggerFulfillment.conditionalCases field.
• Added spec.transitionRoutes.items.triggerFulfillment.setParameterActions field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.channel field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.conversationSuccess field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.liveAgentHandoff field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.outputAudioText field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.payload field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.playAudio field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.telephonyTransferCall field.

Resource RunJob(v1beta1):

• spec.template.template.volumes[].secret.items[].mode is now optional.

Resource SecretManagerSecret(v1beta1):

• Added spec.replication.auto field.

Resource SecretManagerSecretVersion(v1beta1):

• Added spec.deletionPolicy field.

Resource VertexAIIndexEndpoint(v1alpha1):

• Added spec.publicEndpointEnabled field.
• Added status.publicEndpointDomainName field.

Dialogflow CX launched two new integrations in preview:

• Google Chat
• Slack

Vertex AI Search (Enterprise Search): Customer-managed encryption key integration

Customer-managed encryption keys (CMEK) is available as an allowlisted preview feature.

If you store your data in a US multi-region data store, you can provide your own encryption key to protect your data at rest.

For information, see Customer-managed encryption keys.

Vertex AI Search (Enterprise Search): Search tuning

Search tuning is available as an allowlisted preview feature. You provide additional training data in the form of query and segment pairs. We use this data to tune the model for your app.

For information, see Improve search results with search tuning.

Vertex AI Search (Enterprise Search): Data location

Vertex AI Search may be configured for data location pursuant to the "Data Location" section of the Service Specific Terms.

For information about data residency in Vertex AI Search, see Enterprise Search locations.

Vertex AI Search (Enterprise Search): Support for Access Transparency

Access Transparency supports Vertex AI Search in preview.

For more information, see Enable Access Transparency in Enterprise Search.

Vertex AI Search (Enterprise Search): Citations for search with follow-ups

Citations indicate from which search results specific sentences in the summary are taken.

For more information, see Configure the summary.

Vertex AI Search (Enterprise Search): Ignore adversarial queries and non-summary seeking queries for search with follow-ups

Ignore adversarial queries can stop generation of summaries that are unsafe or violate policy.

Non-summary seeking queries stop generation of summaries that aren't helpful for some queries.

For more information, see Configure the summary.

Vertex AI Search (Enterprise Search): Additional languages supported

Search, snippets, and other features are now supported in the following languages:

• Arabic
• Chinese (Simplified)
• Greek
• Hebrew
• Japanese
• Korean
• Polish
• Russian

See Languages.

containsOnly() function released to General Availability.

You can now use the containsOnly() function to query findings with an array-type attribute or subfield that only contains values that match the specified filter, and no other values.

For more information, see The containsOnly function.

Private Service Connect backends support using an external regional TCP proxy load balancer or an internal regional TCP proxy load balancer to access published services. These features are available in General Availability.

The IL2 compliance program is now generally available. For a list of IL2-compliant Google Cloud products, see the Supported products page.

The following BigQuery ML point-in-time lookup functions are now in preview. These functions let you specify a point-in-time cutoff when retrieving features for training a model or running inference, in order to avoid data leakage.

• Use the ML.FEATURES_AT_TIME function to use the same point-in-time cutoff for all entities when retrieving features.
• Use the ML.ENTITY_FEATURES_AT_TIME function to retrieve features from multiple points in time for multiple entities.

You can now use IAM conditions to control access to BigQuery resources. This feature is in preview.

Certificate Manager supports Mutual TLS (mTLS) authentication. This feature is generally available (GA).

The following pg_wait_sampling and rdkit flags are generally available:

pg_wait_sampling flags

• cloudsql.enable_pg_wait_sampling: enable the pg_wait_sampling extension for Cloud SQL for PostgreSQL instances.
• pg_wait_sampling.history_size: set the size of the in-memory ring buffer for history sampling, in terms of the number of samples.
• pg_wait_sampling.history_period: set the time interval for history sampling, in milliseconds.
• pg_wait_sampling.profile_period: set the time interval for profile sampling for wait events, in milliseconds.
• pg_wait_sampling.profile_pid: specify whether the wait profile that accumulates samples for each process and waits event is collected for each process or for all processes.
• pg_wait_sampling.profile_queries: specify whether the wait profile is collected for each query or for all queries.

rdkit flags

• rdkit.tanimoto_threshold: set the threshold value for the Tanimoto similarity operator.
• rdkit.dice_threshold: set the threshold value for the Dice similarity operator.
• rdkit.do_chiral_sss: specify whether stereochemistry is used in substructure matching.
• rdkit.do_enhanced_stereo_sss: specify whether enhanced stereo is used in substructure matching.
• rdkit.sss_fp_size: set the size of the fingerprint used for substructure screening, in bits.
• rdkit.morgan_fp_size: set the size of morgan fingerprints, in bits.
• rdkit.featmorgan_fp_size: set the size of featmorgan fingerprints, in bits.
• rdkit.layered_fp_size: set the size of layered fingerprints, in bits.
• rdkit.rdkit_fp_size: set the size of rdkit fingerprints, in bits.
• rdkit.hashed_torsion_fp_size: set the size of topological torsion bit vector fingerprints, in bits.
• rdkit.hashed_atompair_fp_size: set the size of atom pair bit vector fingerprints, in bits.
• rdkit.reaction_sss_fp_size: set the size of the structural chemical reaction fingerprint, in bits.
• rdkit.reaction_difference_fp_size: set the size of the difference chemical reaction fingerprint, in bits.
• rdkit.reaction_sss_fp_type: specify the type of structural chemical reaction fingerprint.
• rdkit.reaction_difference_fp_type: specify the type of difference chemical reaction fingerprint.
• rdkit.ignore_reaction_agents: specify whether agents of a chemical reaction are taken into account.
• rdkit.agent_FP_bit_ratio: specify the weight of the impact of agents contained in a chemical reaction fingerprint.
• rdkit.move_unmmapped_reactants_to_agents: specify whether unmapped reactant agents of a chemical reaction are taken into account.
• rdkit.threshold_unmapped_reactant_atoms: set the ratio of allowed unmapped reactant atoms.
• rdkit.init_reaction: specify whether the reaction is ready for use.
• rdkit.difference_FP_weight_agents: specify the weight factor for agents compared to reactants and products in reaction difference fingerprints.
• rdkit.difference_FP_weight_nonagents: specify the weight factor for reactants and products compared to agents in reaction difference fingerprints.
• rdkit.avalon_fp_size: set the size of avalon fingerprints, in bits.

SAP HANA Fast Restart enabled using Terraform

SAP HANA Fast Restart is enabled when you deploy SAP HANA on Google Cloud using the sap_hana or sap_hana_ha Terraform module, version 202309280828 or later. The fast restart option is enabled through the enable_fast_restart Terraform argument, which by default is set to true.

For more information, see the deployment guide for your SAP HANA scenario.

Public preview of Advanced API Security Alerting

Advanced API Security's new alerting feature lets you create alerts for events related to API security using Google Cloud Monitoring, such as changes to your security scores or incidents involving detected API abuse. You can configure alerts to send you notifications by email or other channels when these events occur, so you can take action to counteract them.

If you need to re-enable deployments for Java 8 apps past the legacy runtime end of support date (starting January 30, 2024), you can define a new organization policy with constraints/appengine.runtimeDeploymentExemption. This policy constraint can be used before the end of support date. Learn more about enabling deployments for runtimes reaching end of support.

If you need to re-enable deployments for PHP 5.5 apps during the legacy runtime end of support period (starting January 30, 2024), you can define a new organization policy with constraints/appengine.runtimeDeploymentExemption. This policy constraint can be used before the end of support date. Learn more about enabling deployments for runtimes reaching end of support.

If you need to re-enable deployments for Python 2.7 apps during the legacy runtime end of support period (starting January 30, 2024), you can define a new organization policy with constraints/appengine.runtimeDeploymentExemption. This policy constraint can be used before the end of support date. Learn more about enabling deployments for runtimes reaching end of support.

Release Notes 6.2.35

GA - 8th October

Risk Score and Severity added

Two new information fields have been added to the Alert Details widget which appears in the Alert overview tab. These are Risk score and Severity. These values will only be populated when using the Google Chronicle SIEM connector.

Export/Import for Advanced Reports (using Looker) now supported both in the platform and using new APIs.

This enables customers to create reports on their staging environment and then import the template without the data into their production environment.

In the platform, the import is at the top of the Reports queue while the export icon is inside the actual report itself. The report file is in yaml format.

New APIs are as follows:
/api/external/v1/looker/report/import

/api/external/v1/looker/export/{report_id}

Long running jobs greater than 1 hour are at general availability (GA).

Regional external HTTP(S), internal HTTP(S), and the regional internal TCP proxy load balancers now use distributed Envoy health checks instead of Google's centralized health checking mechanism. Envoy health check probes originate from the proxy-only subnet associated with the load balancer.

For more details, see the Hybrid NEG documentation: Distributed Envoy health checks.

This feature is available in General availability.

Cloud SQL supports the preview version of the enable-high-availability recommender. This service proactively generates recommendations that help you bring your important instances within SLA by providing data redundancy. This might be helpful during a zonal outage or when an instance runs out of memory. For more information, see Improve instance reliability by enabling high availability.

Cloud SQL supports the preview version of the enable-high-availability recommender. This service proactively generates recommendations that help you bring your important instances within SLA by providing data redundancy. This might be helpful during a zonal outage or when an instance runs out of memory. For more information, see Improve instance reliability by enabling high availability.

Cloud SQL supports the preview version of the enable-high-availability recommender. This service proactively generates recommendations that help you bring your important instances within SLA by providing data redundancy. This might be helpful during a zonal outage or when an instance runs out of memory. For more information, see Improve instance reliability by enabling high availability.

You can now control the mounting behavior of Cloud Storage FUSE by using a configuration file instead of global options.

Preview: c3d-standard, c3d-highmem, c3d-highcpu, and c3d-standard-lssd virtual machines are available in the following regions:

• Council Bluffs, Iowa, North America, us-central1
• Moncks Corner, South Carolina, North America, us-east1
• Ashburn, Virginia, North America , us-east4
• St. Ghislain, Belgium, Europe, europe-west1
• Eemshaven, Netherlands, Europe, europe-west4
• Jurong West, Singapore, Asia, asia-southeast1

See the General purpose machines document for details.

Preview: Migrate to Virtual Machines lets you migrate the disks of source virtual machine (VM) instances to Persistent Disk volumes on Google Cloud with the following options:

• Migrate the Persistent Disk volumes without attaching them to a VM instance
• Create a new VM instance and attach the migrated Persistent Disk volumes to it

Advisory Notifications lets you opt in to or out of optional notification types. For more information, see Opt in to or out of notifications.

Release 1.15.5

Anthos clusters on bare metal 1.15.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.15.5 runs on Kubernetes 1.26.

This release includes a new Overview page for Apigee API Management in the Google Cloud console.

From the Overview page, you can:

• Get started as a new Apigee user
• Test your Apigee runtime
• View key resource usage metrics
• Explore Apigee API management features

For more information, see UI overview.

Materialized views over BigLake metadata cache-enabled tables can reference structured data stored in Cloud Storage. These materialized views function like materialized views over BigQuery-managed storage tables, including the benefits of automatic refresh and smart tuning. This feature is now generally available (GA).

Authorized stored procedures are now generally available (GA). This feature lets you share stored procedures with users or groups without giving them direct access to the underlying tables.

All Cloud SQL for MySQL Enterprise Plus edition instances now support up to 35 days of retained transaction logs for point-in-time recovery.

The rollout of the following minor version is currently underway:

MySQL 5.7.42 is upgraded to MySQL 5.7.43. For more information, see MySQL 5.7 Release Notes.

If you use a maintenance window, then the updates to the minor versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks. The new maintenance version is [MySQL version].R20230909.02_00. The details of the security fixes applied as part of this release will be published in the MySQL maintenance changelog.

To learn how to check your maintenance version, see Self-service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

Mobile release 2.2

• iOS and Android SDK content cards: You can use content cards to deliver specific messages to end-users during virtual agent chats. Content cards have customizable components including titles, text, carousel messages, banners, and much more. You can also embed a link that the end-user accesses when they click on the card. For example, if you have a list of restaurant options, you might create a content card for each one with a deep link that brings the user to the restaurant's website when they click.

• iOS SDK, improved accessibility: The mobile iOS SDK now fulfills the following Web Content Accessibility Guidelines (WCAG) criteria for improved accessibility:

  • Identify Input Purpose: Ensure that each input field is programmatically determinable, allowing users to autofill inputs.
  • Identify Purpose: Ensure that the purpose of many elements on a page can be programmatically determined, making it easier for agents to extract and present the purpose to users using different modalities.
  • Parsing: Ensure that there are no major code errors that affect accessibility so that agents can accurately interpret and parse content using assistive technologies.
  • Name, Role, Value: Ensure that assistive technologies can gather information about, activate (or set), and keep up to date on the status of user interface controls in the content.
  • Status Messages: Ensure that users of assistive technologies are notified when content is updated dynamically without receiving visual focus.

• Mobile bug fixes:

  • Fixed an intermittent issue where quick reply buttons could be pressed outside their boundaries.
  • Fixed an issue where a virtual agent's avatar icon sometimes was not displayed alongside their message.

ServiceNow enhanced capabilities: This release brings new capabilities to the ServiceNow integration, including support for:

• Default User: Reduced admin permission requirements.
• More flexible field mapping and property assignment configuration options.
• Support for new CRM features:
  • Surveys
  • Agent Status inheritance
  • Custom Callback number
  • Improved support for OAuth authentication, for example now including admin tokens.

Assign virtual agent transfers to the top-level queue: You can now assign a virtual agent to transfer to a top-level queue. The virtual agent will navigate consumers through any active sub and leaf queue options. If a top-level queue has no available leaf queues or is incorrectly configured, the IVR fallback will redirect the caller to the previous queue (if human agents are available) or provide an error message before disconnecting (if the top-level queue has no available agents).To enable this feature:

• Enter the top-level queue ID in the DialogFlow destination (you can find parent queue IDs in the Virtual Agent queue menu settings).
• Ensure all sub and leaf queues are active.

Chat API suite: A new set of APIs are now available that allow you to customize your chat experience. As a part of this feature, webhooks are available for receiving notifications about events that occur during the chat interaction. You can enable and manage them in Developer Settings > Webhooks. The new chat endpoints allow you to:

• Create a chat, send and receive plain text messages, and end the chat with both agents and virtual agents.
• Exchange messages with media attachments such as pictures, videos, and documents.

Apps API: Change agent status: Two new endpoints are now available to manage agent statuses:

• GET /apps/api/v1/agent_statuses: Retrieve current agent statuses.
• POST /apps/api/v1/agent_statuses: Update/change an agent status.

These endpoints allow you to modify agent statuses. You can change an agent's status from Available to any custom status and vice versa. Attempting to change an agent's status to a system status, such as In-Call, will result in an error. Similarly, attempting to change an agent's status from any system status will prompt an error message. These endpoints support bulk status updates, allowing you to update statuses for an entire team or selected agents simultaneously.

NICE QM integration: CCAI Platform now supports an out-of-the-box data export for NICE QM. You can enable this feature in Developer Settings > Session Data Export > NICE Integration. The following information is required to enable the NICE QM data export:

• NICE API Endpoint
• API Authentication credentials

After the integration is enabled, you can enable session data related to IVR call events and agent login/logout events in your NICE integration.

Missed chat / Unresponsive status (while in-chat): Improved handling of agent statuses when a session cast to an agent fails due to network issues.

• When a chat/call is cast to an agent but fails due to network or permission issues, the agent's next status will be moved to Unresponsive regardless of the status they're currently in.
• If a call/chat is cast to an agent but the agent fails to pick up, the agent's next status will be moved to Missed Chat status regardless of the status they're currently in.

ANI retention management: You can now use the admin API to turn ANI storage on and off. There is also a new setting for ANI retention period; the default is 120 days.

Permission for access to call recording/chat transcript files: A new role permission allows you to define whether users can have access to call recordings and/or chat transcripts when they are stored in external storage and without a CRM. When inactive, users won't be able to access these files from either the Completed Calls or Chats monitoring pages or associated downloadable reports. Shared links to these files fall under the same permissions.

Disable Whatsapp for CCAI Platform: The Whatsapp flag for CCAI Platform is disabled until we have OEM compatibility for Whatsapp.

CRM record autoload: A new setting is available to automatically update the CRM when an agent navigates between multiple active chats. This eliminates the need for the agent to manually search and load the corresponding CRM record each time they switch between chats. To enable this setting, go to Settings > Chat > Global Settings > Global Chat Settings and select the following checkbox: Automatically load CRM Record when switching between chat tabs.

POST events, chat message events: Two new events added to the existing agent chat adapter events:

• Chat Inbound Message: Event indicating that a new consumer message was received; includes the message content.
• Chat Outbound Message: Event indicating that a new agent message was sent; includes the message content.

Restrict international calling by area code, short code, phone number: The international calling configuration now includes the option to limit calls by area code, short code, and phone number. You can extend this configuration to a specific agent or have it applied as a rule to all agents.

MS Dynamics, object type Contact: You can now populate different fields on a "Case" object, when a "Contact" Object Type is used. The default action within MS Dynamics is to fill in the customer information only when a Case is created. This updated setting allows the contact field to be populated with the customer information from a Contact object at the same time. To enable this feature navigate to Developer Settings to access your MS Dynamics configuration. In the Account Lookup settings, select Contact under Object Type.

Call settings, post-call session transfers: You can now set up a cold transfer to a virtual agent at the end of a call. This configuration allows you to set up an automated workflow, such as a post-call survey. To enable this feature, go to Settings > Call Settings and toggle the Post-call session transfers to ON.

New permissions added to historical reports: You can now limit access to assigned teams only or assigned queues only. For example, if you apply the assigned teams only permission option, only data for agents on that user's team(s) will be downloaded. There is also a new permission that allows Admins to manage who has access to the Session Data report, in addition the assigned team only permission.

Dialogflow CX now provides the call companion feature in preview, which provides a mobile-based user interface that supplements a phone call with an agent.

Add the doc_ai_document_type and doc_ai_document_path fields to the Pipeline API Cloud Function request.

Support "store_document_metadata_only" boolean flag in the Pipeline API Cloud Function response.

Support for europe-west9 (Paris), me-central1 (Doha), and me-west1 (Tel Aviv).

Support for europe-west9 (Paris), me-central1 (Doha), and me-west1 (Tel Aviv).

Vertex AI Workbench instances are now generally available (GA). Vertex AI Workbench instances combine features from managed notebooks and user-managed notebooks to provide a robust data science solution. Supported features include:

• Idle timeout
• BigQuery and Cloud Storage integrations
• End-user and service account authentication
• VPC Service Controls
• Customer managed encryption keys (CMEK) and Cloud External Key Manager (Cloud EKM)
• Health status monitoring
• Scheduled notebook runs
• Dataproc integration

To get started, see Introduction to Vertex AI Workbench instances.

Vertex AI - Predict task

Starting with this release, Apigee Integration provides the Vertex AI - Predict task that lets you perform online predictions on your ML models.

Vertex AI - Predict task

Starting with this release, Application Integration provides the Vertex AI - Predict task that lets you perform online predictions on your ML models.

The CJIS compliance program now supports the following products. See Supported products for more information:

• Cloud Run
• Cloud Identity
• Google Workspace Admin Console

You can now view the pod for your Bare Metal Solution servers, networks, volumes, and NFS Shares. This feature is generally available (GA).

Preview: Compute Engine API now enforces the Filtered list cost overhead quota, which limits the number of resources to be filtered out from server-side *.list and *.aggregatedList methods.

The quota is charged against the following metrics:

• Global: compute.googleapis.com/filtered_list_cost_overhead
• Regional: compute.googleapis.com/filtered_list_cost_overhead_per_region

For more information, see Rate quotas and best practices for list filtering.

Preview: You can now view the organization-wide patch status dashboard and OS policy compliance reports by using VM Manager.

Vertex AI Search (Enterprise Search): Third-party data connectors

You can set up your Vertex AI Search data stores to sync with data from Jira, Confluence, or Salesforce.

This feature is in private preview. To try this feature, contact your Google account team to find out if you qualify.

For more about setting up a connection to third-party data, see Create an Enterprise Search data store.

Tag key and value short names can now have a maximum length of 256 characters. For more information, see Tags overview.

AlloyDB now offers basic instances, which are primary instances containing only one node, in one zone. Basic instances provide a lower-cost alternative to highly available instances, and are appropriate for use in non-production environments that don't require high availability.

Database server compatibility with PostgreSQL version 15 is now available in Preview. You can create a cluster with PostgreSQL 15 compatibility.

Release 1.16.1

Anthos clusters on bare metal 1.16.1 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.16 runs on Kubernetes 1.27.

Cloud Run integrations (Preview) are now available in the following regions:

• asia-northeast1
• asia-northeast2
• asia-south1
• asia-southeast2
• australia-southeast1
• europe-central2
• europe-north1
• europe-west2
• europe-west3
• northamerica-northeast1
• southamerica-east1
• us-east4
• us-west2
• us-west3

The oracle_fdw extension, version 1.2 is now available. This extension provides a foreign data wrapper for accessing Oracle databases easily and efficiently. For more information, see Configure PostgreSQL extensions.

The rollout of the following minor versions, extension versions, and plugin versions is currently underway:

Minor versions

• 11.19 is upgraded to 11.21.
• 12.14 is upgraded to 12.16.
• 13.10 is upgraded to 13.12.
• 14.7 is upgraded to 14.9.
• 15.2 is upgraded to 15.4.

Extension and plugin versions

• orafce is upgraded from 3.24.4 to 3.25.1.
• pglogical is upgraded from 2.4.2 to 2.4.3.
• pgvector is upgraded from 0.4.2 to 0.5.0.
• PostGIS is upgraded from 3.2.3 to 3.2.5.

If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

The new maintenance version is [PostgreSQL version].R20230830.01_00. To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

Generally available: Instance templates are available as both regional and global resources. To reduce cross-region dependency or to achieve data residency, use a regional instance template to create virtual machines (VM), managed instance groups (MIG), or reservations. For more information, see Regional and global instance templates.

Generally available: Autohealing in managed instance groups (MIG) supports regional health checks. To reduce cross-region dependency or to achieve data residency, use a regional health check. For more information, see Set up an application health check and autohealing.

Launched Document AI Enterprise Document OCR v2.0 and OCR add ons in Preview.

Enterprise Document OCR launched a Release Candidate, pretrained-ocr-v2.0-2023-06-02, which includes:

• Upgraded OCR model, optimized for various document use cases.
• Visual-element detector for boxed characters, which can increase quality up to 10% for documents with text boxes.

For more details, see the documentation, including the user guide.

OCR add ons are available from the Enterprise Document OCR processor when using pretrained-ocr-v2.0-2023-06-02. These include:

• Checkbox extraction: Detects and extracts status (marked/unmarked) in the Enterprise Document OCR response.
• Math OCR: Identifies, recognizes, and extracts formulas from documents in LaTeX output format.
• Font-style detection: Identifies word-level font properties, including type, style, handwriting, weight, and color.

For more details, see the documentation.

The Observability dashboards on the GKE Clusters List, Cluster Details, and Workload List pages are now customizable. Additionally, the Cluster Details dashboards can be customized across the entire project, or per-cluster for specific use cases.

Manually refresh your web pages

Call the recrawlUris method to manually refresh specific web pages in a data store with Advanced website indexing turned on. You can check the status of the recrawl operation by polling the operations.get method.

See Manually refresh your web pages.

Secret Manager is now available in the following region:

• me-central2

For more information, see Secret Manager locations.

Attack path simulations support additional resources

The attack path simulation feature that generates attack exposure scores and attack paths for your high-value resources now supports the following additional Google Cloud resources:

• aiplatform.googleapis.com/Dataset
• aiplatform.googleapis.com/Featurestore
• aiplatform.googleapis.com/MetadataStore
• aiplatform.googleapis.com/Model
• aiplatform.googleapis.com/TrainingPipeline
• container.googleapis.com/Cluster

For more information, see Resource types supported in high-value resource sets.

GA release of the Apigee UI in Cloud console

This is the GA release of the Apigee UI in Cloud console, a new version of the Apigee UI that is integrated with the Google Cloud console. The new UI makes it easier to use Apigee, while also performing related tasks in the Cloud console.

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Cloud Tasks

  • cloudtasks.googleapis.com/Queue

• Organization Policy

  • orgpolicy.googleapis.com/CustomConstraint

Cloud Bigtable is available in the me-central2 (Dammam) region. For more information, see Bigtable locations.

Sensitive Data Protection is available in me-central2 (Dammam). For more information, see Sensitive Data Protection locations.

The following new region is now available: me-central2.

Support for me-central2 (Dammam) region.

Support for me-central2 (Dammam) region.

Support for me-central2 (Dammam) region.

You can create Cloud Spanner regional instances in Dammam, Saudi Arabia (me-central2).

Cloud Storage is now available in Dammam, Saudi Arabia (me-central2 region).

Cloud VPN is now available in region me-central2 (Dammam, Saudi Arabia).

Pricing is available on the Cloud VPN pricing page.

Generally available: Dammam, Kingdom of Saudi Arabia, Middle East me-central2-a,b,c has launched with E2, N2, N2D, and T2D VMs in all three zones. See the Dammam region access document to learn more.

Data Catalog is available in the me-central2 (Dammam) region.

For more information, see Regions.

Dataflow is now available in Dammam, Saudi Arabia (me-central2).

Dataproc is now available in the me-central2 region (Dammam, Saudi Arabia).

Dialogflow CX intent import/export and training phrase import/export are now generally available.

The me-central2 region in Dammam, Saudi Arabia is now available.

Added new Memorystore for Memcached region: Dammam (me-central2).

The Version Upgrade feature is now Generally Available on Memorystore for Memcached.

Added new Memorystore for Redis region: Dammam (me-central2).

Pub/Sub is now available in Dammam, Saudi Arabia (me-central2).

Messages written to a dead letter topic configured for a BigQuery subscription contain an attribute with the reason the message could not be written to BigQuery. For more information, see Handle message failures.

For auto mode VPC networks, added a new subnet 10.216.0.0/20 for the Dammam me-central2 region. For more information, see Auto mode IP ranges.

Access Approval supports Cloud Monitoring in the Preview stage.

This release includes improvements to the Create Environment experience in the Apigee UI in the Cloud console.

With this release, users can create a new environment, attach the environment to an Apigee instance, and assign the environment to an environment group within the same creation flow.

In addition, users can edit or remove environment group assignments from the environment detail page in the Apigee UI, simplifying management of their Apigee implementation.

For more information, see Working with environments.

The BigQuery Data Transfer Service now supports transfers from Search Ads 360 using the new Search Ads 360 reporting API. This feature is in preview. Customers with existing Search Ads 360 transfers should migrate their workflows to be compatible with the new Search Ads 360. The BigQuery Data Transfer Service will stop its support for the old Search Ads 360 reporting API on May 31st, 2024.

Database Migration Service now supports customer-managed encryption keys (CMEK) that are externally managed with Cloud External Key Manager. For more details on CMEK support for each migration scenario, see CMEK integrations.

You can now save charts generated from a Log Analytics SQL query to a custom dashboard. For more information, see Save a chart to a custom dashboard.

Cloud Run Operators are available in Cloud Composer.

Preview: Snapshot settings are centralized configuration parameters for all snapshots in a project. You can use snapshot settings to customize the default storage location for all future snapshots in your project. By enabling you to do this, snapshot settings remove the need for you to manually specify a storage location during each individual snapshot creation.

Learn more about snapshot settings and how to set the default storage location for a project using snapshot settings.

The backlog metrics of subscriptions with filtering enabled only include messages that match the filter. The change is being rolled out in a phased manner.

Access Approval supports Access Context Manager in the Preview stage.

Maintenance operations on highly available primary instances now occur with less than one second of downtime for most workloads.

The ability to analyze a project for compliance before migrating it to an Assured Workloads folder is now generally available. See the Migrate a workload page for more information.

The CJIS compliance program now supports the following products. See Supported products for more information:

• Cloud Composer
• Cloud Dataflow
• Cloud DNS
• Cloud HSM
• Cloud Logging
• Cloud NAT
• Cloud Router
• Cloud SQL
• Network Connectivity Center

The IL5 compliance program now supports the following products. See Supported products for more information:

• Cloud Logging
• Dataflow
• Google Kubernetes Engine

Certificate Authority Service now supports data residency.

Cloud KMS is available in the following region:

• me-central2

For more information, see Cloud KMS locations.

Manifest files are now available in Storage Insights. A manifest file is generated when an inventory report is split into shards. You can use the manifest file to easily locate the shards you want to download.

Generally available: The Red Hat Knowledgebase provides you with access to articles, solutions, product documentation, and community discussions for Red Hat products.

You can now access the Red Hat Knowledgebase by using single-sign-on (SSO) through the Google Cloud console from your Red Hat Enterprise Linux (RHEL) VMs. For more information, see Access Red Hat Knowledgebase.

Dialogflow CX has added the FILTER system function.

Dialogflow CX flow export now exports flows recursively.

Vertex AI Search (Enterprise Search): Languages for summarization

Summarization is supported in the following languages in addition to English:

• German (de-DE)
• Spanish (es-ES)
• Italian (it-IT)
• French (fr-FR)
• Dutch (nl-NL)
• Portuguese (pt-BR)
• Swedish (sv-SE)

See Languages.

Vertex AI Search (Enterprise Search): Adjacent segments for preview with allowlist

When getting extractive segments, you can also get up to 3 segments from immediately before and after the relevant segment. Adjacent segments can add context and accuracy to the relevant segment. Turning on adjacent segments can increase latency.

Adjacent segments is in preview with allowlist. Contact your Google account team to try out adjacent segments.

See Extractive segments.

Vertex AI Search (Enterprise Search): Customizable summaries for preview with allowlist

When you request summaries, you can customize them by providing natural-language instructions. You can request customizations such as such as the length and level of detail, style of output (such as "simple"), language of output, focus of answer, and format (such as tables, bullets, and XML).

Customizable summaries are in preview with allowlist. Contact your Google account team if you're interested in trying this feature.

See Get customizable summaries.

Event Threat Detection, a built-in service of Security Command Center, released a new rule, Initial Access: Leaked Service Account Key Used, to General Availability.

For more information, see Event Threat Detection rules.

Go 1.21 is now generally available.

You can now view the status of your server activity in the Google Cloud console. it informs you if there's an issue with your Bare Metal Solution infrastructure. This feature is generally available (GA).

Observability for storage volumes is generally available (GA).

You can now change the type of a Chronicle reference list. For more details, see reference lists.

You can now create and manage forwarder configurations using the Chronicle user interface and also through the Chronicle Forwarder Management API.

The Cloud CDN private origin authentication capability for Amazon Simple Storage Service (Amazon S3) and compatible object stores is now Generally Available.

Ops Agent version 2.40.0 introduces support for Compute Engine Arm VMs that are running RHEL 9 or Rocky Linux 9. For more information, see Support for Compute Engine Arm VMs.

Generally available: You can create C3-standard VMs with Local SSD attached using new machine types, for example c3-standard-44-lssd. For more information, see Choosing a valid number of Local SSDs.

Dataflow now supports the Tau T2A Arm machine series as a worker machine type. This feature is generally available (GA). For more information, see Use Arm VMs on Dataflow.

M111 release

• PyTorch 2.0 container images now include PyTorch XLA 2.0.
• Miscellaneous software updates.

M111 release

• PyTorch 2.0 images now include PyTorch XLA 2.0.
• Miscellaneous software updates.

Preview: Migrate to Virtual Machines from an Azure source is now open to all users. Migrate to Virtual Machines from an Azure source lets you migrate Azure VM instances to Compute Engine.

M111 release

The M111 release of Vertex AI Workbench instances includes the following:

• Miscellaneous software updates.

The M111 release of Vertex AI Workbench user-managed notebooks includes the following:

• PyTorch 2.0 user-managed notebooks instances now include PyTorch XLA 2.0.
• Miscellaneous software updates.

The M111 release of Vertex AI Workbench managed notebooks includes the following:

• Miscellaneous software updates.

Policy-based routing is available in General Availability. You can select a next hop based on more than a packet's destination IP address. You can match traffic by protocol and source IP address as well.

AlloyDB now lets you use and manage data-encryption keys residing outside of Google Cloud using Cloud External Key Manager.

Artifact Registry now supports HTTP access to Apt repositories. For more information, see Configure HTTP access to an Apt repository.

You can now create a federated dataset in BigQuery that federates to an existing database in AWS Glue. This feature is in preview.

You can now create definer's rights views in Cloud Spanner. A definer's rights view adds additional security functionality by providing different privileges on the view and the underlying schema objects. Users with access to a definer's rights view can see and query its contents even if they don't have access to the view's underlying schema objects. For more information, see About views.

You can now configure IAM workforce identity federation using the Google Cloud console. To learn more, see the configuration guides for Azure AD, Okta, or other OIDC and SAML 2.0 providers. The feature is in Preview.

The create_dashboard_render_task now takes in an optional theme property to specify the theme to apply to the rendered dashboard.

For SFTP and S3 destinations, the timestamp in the filename of the scheduled delivery will respect the Delivery time zone.

When the Email Allowlist for Scheduled Content Labs feature is enabled, admin users can use the looker_internal_email_domain_allowlist user attribute to define email allowlist domains at a group level.

When the Advanced Granular Permissions Labs feature is enabled, admin users can use six new permissions to delegate management of user attributes, groups, roles, private labels, themes, and embed settings to non-admin users.

When you set up SAML authentication, merging users from OIDC into SAML is now supported.

The AND/OR Filters in Explores Labs feature is now enabled by default. When this feature is enabled, Looker Explores contain a new experience for creating and editing filters with AND/OR filter logic without the need to create custom filter expressions.

Administrators can set a data retention policy (Preview) on a project, on a new portal, or both. For more information, see Configure data retention policy.

The array subscript operator now returns a value in an array directly by index. Previously, only offset and ordinal were available. This feature is generally available (GA).

The struct subscript operator has been added. With this operator, you can access a STRUCT field by index, offset, or ordinal. This feature is generally available (GA).

Cloud Composer 2 is now available in Doha (me-central1).

You can now use node auto-provisioning for TPU slices. With this feature, Standard clusters with GKE version 1.28 and later provision TPU node pools and multi-host TPU accelerators automatically to ensure the capacity required to schedule AI/ML workloads. To learn more, see Configuring TPU node auto-provisioning.

The following resource types are now publicly available through the Search APIs (SearchAllResources, SearchAllIamPolicies).

• Financial Services
  • financialservices.googleapis.com/Instance
• Discovery Engine
  • discoveryengine.googleapis.com/Collection
  • discoveryengine.googleapis.com/DataStore

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Speaker ID
  • speakerid.googleapis.com/Settings

You can now choose not to specify the number of nodes when creating a Cloud Bigtable cluster using the gcloud CLI. This configuration lets Bigtable automatically calculate the number of nodes based on your data footprint and optimize for 50% storage utilization. To learn more, see Create an instance. This feature is generally available (GA).

Query Optimizer version 6 is generally available. Version 5 remains the default optimizer version in production.

Validate the resource locations for all Document Warehouse API requests.

The Google Cloud console now supports a usage dashboard for each database.

Security Command Center now supports CIS Google Cloud Computing Foundations Benchmark v2.0.0.

The support for v2.0.0 includes the following new vulnerability detector:

• Load balancer logging disabled

For more information, see the following:

• Detectors and compliance
• CIS Google Cloud Foundation 2.0.0

Datastream now supports SSL/TLS encryption for Oracle sources. For more information, see the Datastream API reference documentation.

Access Approval supports Firebase Security Rules in the Preview stage.

When creating an AlloyDB cluster, you can now specify an IP range for private services access. This is optional; if you do not specify an IP range, then AlloyDB selects one for you.

Go 1.21 is now generally available.

Dataproc Auto zone placement for clusters is now available in the Google Cloud console by selecting the "Any" option for the cluster zone.

Vertex AI Search (Enterprise Search): Page numbers for extractive segments

Page numbers can be returned with extractive segments. Page numbers indicate where an answer was extracted from in a document.

For more about extractive segments, see Get snippets and extracted content.

Vertex AI Prediction

You can now use A2 Ultra machines to serve predictions in us-central1, us-east4, europe-west4, and asia-southeast1. Each A2 Ultra machine has a fixed number of NVIDIA A100 80GB GPUs attached.

Access Transparency logs are enhanced with an eventID that signifies the incident that resulted in the access by Google personnel. For example, a support case that results in several accesses from the support and engineering teams in order to resolve the case. Accesses related to the same support case share the same eventID in Access Transparency logs.

For more information about this field, see Log field descriptions.

Preview: You can view the following when using Capacity Planner:

• The 50th and 75th percentile usage and forecast of your VMs.

• The historical usage of your VMs up to 2 years in the past.

• The usage and forecast of all machine families in a project.

For more information, see About Capacity Planner.

Preview: You can generate gcloud CLI commands to create future reservation requests of Compute Engine zonal resources based on the actual or forecasted usage of your VMs. Future reservations are useful to secure capacity up to 1 year in advance for forecasted spikes.

For more information, see Reserve capacity from actual or forecasted usage.

Users can now use manual triggers, webhook triggers, and Pub/Sub triggers to build Bitbucket Server and Bitbucket Data Center repositories through Cloud Build repositories (1st gen). This feature is generally available. To learn more, see Build repositories from Bitbucket Server and Build repositories from Bitbucket Data Center.

Maintenance windows configuration is now generally available (GA).

Cloud Data Fusion version 6.9.2 is generally available (GA). This release is in parallel with the CDAP 6.9.2 release.

Features in Cloud Data Fusion 6.9.2:

• Editing deployed batch pipelines is generally available (GA).
• Using Pub/Sub sources in streaming data pipelines is GA.
• Wrangler Filter Pushdown is GA.
• Pushdown for window aggregations is GA.

Ops Agent version 2.39.0 introduces support for Compute Engine Arm VMs that are running Ubuntu 20.04 LTS (Focal Fossa). For more information, see Support for Compute Engine Arm VMs.

Enabled trusted IMA certificate loading from /etc/ima/pubkey.x509.

Enabled trusted IMA certificate loading from /etc/ima/pubkey.x509.

Service account delegation for workflow execution is now available. You can configure service account delegation for whole repositories, or for individual workflow configurations.

The following features have been introduced in this release of Distributed Cloud Edge:

• Bastion host support. Distributed Cloud Edge now allows you to set up one or more bastion host virtual machines. The bastion host feature allows Google support engineers to connect to your Distributed Cloud Edge deployment and work with you to diagnose and resolve issues. For more information, see Configure a bastion host. This is a preview-level feature.

• Selectable cluster software versions. You now have the option to create a cluster running a specific version of Distributed Cloud Edge software, starting with version 1.5.0. For more information, see Create and manage clusters. This is a preview-level feature.

• Container image registry access over secondary networks. Distributed Cloud Edge now allows you to specify the network interface in the spec.containerRuntimeDNSConfig field of the NodeSystemConfigUpdate resource. This allows you to specify a container image registry IP/domain pair for a network interface other than the primary. For more information, see NodeSystemConfigUpdate resource. This is a preview-level feature.

• CMEK support for local control plane nodes. You can now configure Cloud KMS integration for storage on nodes running local control planes for Distributed Cloud Edge clusters. For more information, see Enable support for customer-managed encryption keys (CMEK) for local storage.

1.27.0-gke.1

• Added Binary Authorization support which is a deploy-time security control that ensures only trusted container images are deployed. With Binary Authorization, you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying. By enforcing validation, you can gain tighter control over your container environment by ensuring only verified images are integrated into the build-and-release process. For details about how to enable Binary Authorization on your clusters, see How to enable Binary Authorization.

• Added the authorization.admin_groups field. This allows users to specify Google groups as cluster-admins through the management plane.

• Enabled gzip compression for fluent-bit's ingestion of logs into Cloud Logging. This improves the efficiency of log transfer for both the control plane and workloads.

• Added proxy support for attaching AKS/EKS clusters. For details, see Connect to your EKS cluster and Connect to your AKS cluster.

1.27

• Preview: Enabled surge updates. Surge updates allow you to configure the speed and disruption of node pool updates. Please contact your account team to opt into the preview.

• GA: Added support for AWS spot instance node pools. Creating AWS spot node pools is now GA. Spot instance node pools are pools of Amazon EC2 Spot Instances that are available on AWS at a lower cost.

• GA: Enabled node auto repair. This feature continuously monitors the health of each node in a node pool.

• Added Binary Authorization support which is a deploy-time security control that ensures only trusted container images are deployed. With Binary Authorization, you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying. By enforcing validation, you can gain tighter control over your container environment by ensuring only verified images are integrated into the build-and-release process. For details about how to enable Binary Authorization on your clusters, see How to enable Binary Authorization.

• Added support for a new admin-groups flag in the create and update APIs. This flag allows customers to quickly and easily authenticate listed groups as cluster administrators, eliminating the need to manually create and apply RBAC policies.

• Added an ignore_errors option to the delete API to handle cases where accidentally deleted IAM roles or manual removal of resources prevent the deletion of clusters or node pools. By appending ?ignore_errors=true to the DELETE request URL, users can now forcibly remove clusters or node pools. However, this approach might result in orphaned resources in AWS or Azure, requiring manual cleanup.

• Upgraded the snapshot-controller and csi-snapshot-validation-webhook to v6.2.2. This new version introduces an important change to the API. Specifically, the VolumeSnapshot, VolumeSnapshotContents, and VolumeSnapshotClass v1beta1 APIs are no longer available.

• Disabled the unauthenticated kubelet read-only port 10255. Once a node pool is upgraded to version 1.27, workloads running on it will no longer be able to connect to port 10255.

• Enabled gzip compression for fluent-bit's ingestion of logs into Cloud Logging. This improves the efficiency of log transfer for both the control plane and workloads.

• Optimized audit-proxy's audit Logging ingestion by enabling gzip compression.

• Improved security by adding file-integrity checks and fingerprint validation for Google-managed binary artifacts downloaded from Cloud Storage.

• Added support for automatic periodic defragmentation of etcd and etcd-events on the control plane. This feature reduces unnecessary disk storage and helps to prevent etcd and the control plane from becoming unavailable due to disk storage issues.

• Changed the metrics names for Kubernetes resource metrics to use a metrics prefix of kubernetes.io/anthos/ rather than kubernetes.io/. For details refer to the metrics reference documentation.

• Changed default etcd version to v3.4.21 on new clusters for improved stability. Existing clusters upgraded to this version will use etcd v3.5.6.

• Improved node resource management by reserving resources for the kubelet. While this feature is crucial for preventing Out of Memory (OOM) errors by ensuring system and Kubernetes processes have the resources they need, it may lead to workload disruptions. The reservation of resources for the kubelet may affect the available resources for Pods, potentially affecting the capacity of smaller nodes to handle existing workloads. Customers should verify that smaller nodes can still support their workloads with this new feature activated.

  • The reserved memory percentages are as follows:
    • 255 MiB for machines with less than 1GB of memory
    • 25% of the first 4GB of memory
    • 20% of the next 4GB
    • 10% of the next 8GB
    • 6% of the next 112GB
    • 2% of any memory above 128GB
  • The reserved CPU percentages are as follows:
    • 6% of the first core
    • 1% of the next core
    • 0.5% of the next 2 cores
    • 0.25% of any cores above 4 cores

1.25

Expanded the list of metrics collected from node pools to include gke-metrics-agent, cilium-agent, cilium-operator, coredns, fluentbit-gke, kubelet, and konnectivity-agent.

1.27

• GA: Enabled node auto repair. This feature continuously monitors the health of each node in a node pool. Added support for a new admin-groups flag in the create and update APIs. This flag allows customers to quickly and easily authenticate listed groups as cluster administrators, eliminating the need to manually create and apply RBAC policies.

• Upgraded the snapshot-controller and csi-snapshot-validation-webhook to v6.2.2. This new version introduces an important change to the API. Specifically, the VolumeSnapshot, VolumeSnapshotContents, and VolumeSnapshotClass v1beta1 APIs are no longer available.

• Disabled the unauthenticated kubelet read-only port 10255. Once a node pool is upgraded to version 1.27, workloads running on it will no longer be able to connect to port 10255.

• Enabled gzip compression for fluent-bit's ingestion of logs into Cloud Logging. This improves the efficiency of log transfer for both the control plane and workloads.

• Optimized audit-proxy's audit logging ingestion by enabling gzip compression.

• Improved security by adding file-integrity checks and fingerprint validation for Google-managed binary artifacts downloaded from Cloud Storage.

• Added support for automatic periodic defragmentation of etcd and etcd-events on the control plane. This feature reduces unnecessary disk storage and helps to prevent etcd and the control plane from becoming unavailable due to disk storage issues.

• Changed the metrics names for Kubernetes resource metrics to use a metrics prefix of kubernetes.io/anthos/ rather than kubernetes.io/. For details refer to the metrics reference documentation.

• Changed default etcd version to v3.4.21 on new clusters for improved stability. Existing clusters upgraded to this version will use etcd v3.5.6.

• Improved node resource management by reserving resources for the kubelet. While this feature is crucial for preventing Out of Memory (OOM) errors by ensuring system and Kubernetes processes have the resources they need, it may lead to workload disruptions. The reservation of resources for the kubelet may affect the available resources for Pods, potentially affecting the capacity of smaller nodes to handle existing workloads. Customers should verify that smaller nodes can still support their workloads with this new feature activated.

  • The reserved memory percentages are as follows:
    • 255 MiB for machines with less than 1GB of memory
    • 25% of the first 4GB of memory
    • 20% of the next 4GB
    • 10% of the next 8GB
    • 6% of the next 112GB
    • 2% of any memory above 128GB
  • The reserved CPU percentages are as follows:
    • 6% of the first core
    • 1% of the next core
    • 0.5% of the next 2 cores
    • 0.25% of any cores above 4 cores

1.25

Expanded the list of metrics collected from node pools to include gke-metrics-agent, cilium-agent, cilium-operator, coredns, fluentbit-gke, kubelet, and konnectivity-agent.

Application Integration Quick setup (GA)

Application Integration Quick setup is now generally available in all the supported Google Cloud locations.

Quick setup is a single-click operation that automatically provisions Application Integration with the default configurations needed to get you started with the product.

For more information, see Set up Application Integration.

Cloud Load Balancing is introducing new advanced cost, latency, and resiliency optimizations for your global external Application Load Balancer. These include the following capabilities:

• You can use a service load balancing policy to customize the parameters that influence how traffic is distributed within the backends associated with a backend service (for example, load balancing algorithm and auto-capacity draining).
• You can designate specific backends as preferred backends.

For details, see Advanced load balancing optimizations.

A Cloud Spanner multi-region instance configuration is now available in Asia - asia2 (Mumbai/Delhi/Singapore).

Added name validation for the customizable ControllerResource CRDs.

• Added support for CloudIOTDeviceRegistry (v1alpha1) resource.

Added support for ComputeRegionSSLPolicy (v1alpha1) resource.

Added support for VertexAIIndexEndpoint (v1alpha1) resource.

Resource AlloyDBCluster(v1alpha1):

• Added spec.continuousBackupConfig field.
• Added spec.restoreBackupSource field.
• Added spec.restoreContinuousBackupSource field.
• Added status.continuousBackupInfo field.

Resource ArtifactRegistryRepository(v1beta1):

• Added spec.cleanupPolicies field.
• Added spec.cleanupPolicyDryRun field.

Resource BigQueryTable(v1beta1):

• Added spec.maxStaleness field.
• Added spec.externalDataConfiguration.fileSetSpecType field.

Resource CloudBuildTrigger(v1beta1):

• Added spec.gitFileSource.bitbucketServerConfigRef field.
• Added spec.sourceToBuild.bitbucketServerConfigRef field.

Resource CloudFunctions2Function(v1alpha1):

• Added spec.kmsKeyName field.

Resource ComputeAddress(v1beta1):

• Added spec.ipv6EndpointType field.

Resource ComputeBackendService(v1beta1):

• Added spec.securityPolicy field.
• Added spec.connectionTrackingPolicy.enableStrongAffinity field.

Resource ComputeInstance(v1beta1):

• Added spec.networkInterface.items.ipv6AccessConfig.items.name field.
• Added spec.scheduling.localSsdRecoveryTimeout field.

Resource ComputeInstanceTemplate(v1beta1):

• Added spec.disk.items.provisionedIops field.
• Added spec.networkInterface.items.ipv6AccessConfig.items.name field.
• Added spec.scheduling.localSsdRecoveryTimeout field.

Resource ComputeSecurityPolicy(v1beta1):

• Added spec.advancedOptionsConfig.userIpRequestHeaders field.

Resource ComputeTargetInstance(v1beta1):

• Added spec.securityPolicyRef field.

Resource ComputeTargetPool(v1beta1):

• Added spec.securityPolicyRef field.

Resource ContainerCluster(v1beta1):

• Added spec.allowNetAdmin field.
• Added spec.enableK8sBetaApis field.
• Added spec.enableMultiNetworking field.
• Added spec.ipAllocationPolicy.additionalPodRangesConfig field.
• Added spec.monitoringConfig.advancedDatapathObservabilityConfig field.
• Added spec.nodeConfig.hostMaintenancePolicy field.

Resource ContainerNodePool(v1beta1):

• Added spec.networkConfig.additionalNodeNetworkConfigs field.
• Added spec.networkConfig.additionalPodNetworkConfigs field.
• Added spec.nodeConfig.hostMaintenancePolicy field.
• Added spec.placementPolicy.policyNameRef field.

Resource DNSManagedZone(v1beta1):

• Removed spec.privateVisibilityConfig.required field.

Resource EventarcTrigger(v1beta1):

• Added spec.eventDataContentType field.

Resource FirebaseAndroidApp(v1alpha1):

• Added spec.apiKeyId field.

Resource FirebaseWebApp(v1alpha1):

• Added spec.apiKeyId field.

Resource HealthcareFHIRStore(v1alpha1):

• Added spec.defaultSearchHandlingStrict field.
• Added spec.notificationConfigs.items.sendPreviousResourceOnDelete field.
• Added spec.streamConfigs.items.bigqueryDestination.schemaConfig.lastUpdatedPartitionConfig field.

Resource IAMWorkforcePoolProvider(v1beta1):

• Added spec.oidc.clientSecret field.
• Added spec.oidc.jwksJson field.
• Added spec.oidc.webSsoConfig.additionalScopes field.
• Added status.oidc field.

Resource MonitoringAlertPolicy(v1beta1):

• Added spec.conditions.items.conditionPrometheusQueryLanguage field.

Resource PubSubSubscription(v1beta1):

• Added spec.cloudStorageConfig field.
• Added spec.pushConfig.noWrapper field.

Resource RunJob(v1beta1):

• Added status.createTime field.
• Added status.creator field.
• Added status.deleteTime field.
• Added status.expireTime field.
• Added status.lastModifier field.
• Added status.updateTime field.

Resource SecretManagerSecret(v1beta1):

• Added spec.annotations field.
• Added spec.versionAliases field.

Resource SpannerDatabase(v1beta1):

• Added spec.enableDropProtection field.

Resource SQLInstance(v1beta1):

• Added spec.settings.ipConfiguration.pscConfig field.
• Added status.dnsName field.
• Added status.pscServiceAttachmentLink field.

Resource WorkstationsWorkstationCluster(v1alpha1):

• Added spec.privateClusterConfig.allowedProjects field.

The following Dataflow templates are generally available (GA):

• BigQuery to Bigtable
• Pub/Sub to Splunk

Organizational policy for restricting remote repositories is available.

Looker (Google Cloud core) now supports the following regions:

• asia-southeast1 (Singapore)
• australia-southeast1 (Sydney)
• europe-west2 (London)
• europe-west3 (Frankfurt)
• me-west1 (Tel Aviv)
• us-east4 (Northern Virginia)

The following resource types are now publicly available through the Search APIs (SearchAllResources, SearchAllIamPolicies).

• IAM

  • iam.googleapis.com/PolicyV2

• Anthos Multi-Cloud (previously GKE Multi-Cloud)

  • gkemulticloud.googleapis.com/AwsCluster
  • gkemulticloud.googleapis.com/AzureCluster
  • gkemulticloud.googleapis.com/AzureClient
  • gkemulticloud.googleapis.com/AwsNodePool
  • gkemulticloud.googleapis.com/AttachedCluster
  • gkemulticloud.googleapis.com/AzureNodePool

Troubleshooting errors with Duet AI assistance is now available in Preview.

Support for IPv6 static routes with the following next hops is generally available (GA):

• next-hop-gateway
• next-hop-instance

Preview: Workload Manager is now available for SQL Server workloads. For more information, see the Product overview.

Dataproc Serverless Interactive sessions detail and list pages are now available in the Google Cloud console.

The Japan Regions compliance program is now in Preview.

You can now use EXPORT DATA statements to directly export BigQuery data to Cloud Bigtable. This feature is in Preview.

The pgvector extension, version 0.4.2 is generally available. Use this extension to store and search for vector embeddings in PostgreSQL databases.

Dialogflow CX generative features are now GA and publicly available:

• Generative AI agents
• Generators
• Generative fallback
• Generative personalization

Dialogflow CX answer feedback is now GA, but access is limited and must be requested.

Dialogflow CX Messenger has been redesigned and is now GA. This new version of the integration replaces the old version, which has been renamed Legacy Dialogflow Messenger. The old version is now deprecated, and it is recommended that all users of the old version migrate to the new version.

Eventarc support for creating triggers for direct events from the following sources is generally available (GA):

• AlloyDB for PostgreSQL
• API Gateway
• Apigee Registry
• Backup for GKE
• BeyondCorp
• Certificate Manager
• Cloud Data Fusion
• Cloud Dataplex
• Cloud Functions
• Cloud Memorystore for Memcached
• Database Migration
• Dataflow
• Dataproc Metastore
• Datastream
• Firebase Alerts
• Firebase Remote Config
• Firebase Test Lab
• GKE Hub
• Google Cloud Memorystore for Redis
• Network Connectivity
• Network Management
• Transcoder
• User-managed notebooks (Notebooks)
• Vision AI
• VM Migration
• Workflows

Experiment management: Google Cloud console now supports visualization of your model's performance changes over steps during training, and shows advanced run comparisons. To learn more, see Compare and analyze runs: Google Cloud console.

reCAPTCHA Enterprise for WAF and Google Cloud Armor integration is now available for mobile applications in Public Preview. For more information, see Integrate with Google Cloud Armor for mobile applications.

You can now view and respond to maintenance events through Google Cloud console. This feature is generally available (GA). For more information, see Manage maintenance events.

You can now use EXPORT DATA statements to directly export BigQuery data to Bigtable. This feature is in preview.

Integrated code and schema conversion for Oracle to Cloud SQL for PostgreSQL migrations is now available in Preview. With this feature, Database Migration Service conversion workspaces provide an inline editor to help make your schema conversions simple and seamless.

Generally available: NVIDIA L4 GPUs are now available in the following additional regions and zones:

• APAC
  • Taiwan (asia-east1-a,c)
  • Tokyo (asia-northeast1-a,c)
  • Singapore(asia-southeast1-c)
• Europe
  • Belgium (europe-west1-c)
  • London (europe-west2-a,b)
• North America
  • Northern virginia (us-east4-c)
  • Dalles (us-west1-c)

For more information about using GPUs on Compute Engine, see GPU platforms.

GKE now supports the ability to create nodes and workloads with multiple network interfaces. You can create new clusters with version 1.27 and later with multi networking enabled. The additional network interfaces on the Pods can be regular interfaces or high performance interfaces where the network interface is directly attached to the Pod. For more information, see Setup multi-network support for Pods.

Your clusters can now perform operations, such as node auto-provisioning or version upgrades, on multiple node pools in parallel. You no longer have to wait for an operation to complete before you initiate another operation. This feature is enabled for all GKE versions. This change provides you with benefits like the following:

• More efficient scaling, which results in improved savings and faster workload deployment
• Faster, less disruptive node pool upgrades
• Fewer "operation already in progress" messages that could delay subsequent planned operations
• More reliable rollback behavior to fix upgrade-related disruptions in production
• Automatic control plane resize operations won't block other operations on the cluster

The Google Cloud Platform Terraform provider has also been updated to take advantage of this change.

You can add Resource Manager tags to supported VPC resources. For more information, see Create and manage tags for VPC resources.

Access Transparency supports GKE Connect and GKE Hub in the GA stage.

AlloyDB Omni version 15.2.0 is available in Preview. This version includes the following:

• Compatibility with PostgreSQL server version 15
• A command-line interface for easier installation and maintenance of AlloyDB Omni
• Integration with Vertex AI
• Guides for data protection using Barman and pglogical
• Various bug fixes and query performance improvements

A separate Technology Preview edition of AlloyDB Omni is available. It lets you experiment with AlloyDB AI functionality using two included machine learning models trained on Google News text.

Artifact Analysis automatic scanning for Python and Node.js (npm) vulnerabilities in container images is now generally available. If the Container Scanning API is enabled, it scans container images pushed to Artifact Registry for Python and Node.js vulnerabilities, in addition to operating system vulnerabilities.

Artifact Analysis returns Python and Node.js vulnerability results for images that have a supported or unsupported operating system. When you push new versions of images to the registry, you might see more successful vulnerability scans and corresponding charges against images without a supported operating system.

For more information, see Python overview and Node.js overview.

Artifact Analysis now offers support for Vulnerability Exploitability eXchange (VEX). VEX is a type of security advisory that indicates whether a product is affected by a known vulnerability. For every container image pushed to Artifact Registry, Artifact Analysis can store an associated VEX statement.

You can upload VEX files to describe any vulnerabilities discovered in specific artifacts and provide context about their impact. VEX statuses can be used to assist your organization in triaging vulnerabilities.

This feature is in Preview. To learn more, see Upload and view VEX statements.

Artifact Analysis now offers the ability to export a consolidated software bill of materials (SBOM) for scanned containers in Artifact Registry. SBOMs are generated in the Software Package Data Exchange (SPDX) format; however, you can also ingest externally created SBOMs in either SPDX or CycloneDx formats. With this new capability, you can centrally manage SBOMs to gain visibility into key information about your software supply chain.

This feature is in Preview. To learn more about our SBOM capabilities, see SBOM overview.

Data clean rooms is now in preview. Data clean rooms provide a secure environment in which multiple parties can share, join, and analyze their data assets without moving or revealing the underlying data. To learn more, see the following topics:

• Use data clean rooms
• Aggregation threshold for queries and views
• Aggregation threshold clause

Duet AI in BigQuery, an AI-powered collaborator in Google Cloud, can help you complete, generate, and explain SQL queries. This feature is in preview.

BigQuery Studio is now in preview. BigQuery Studio offers features to make it easier for you to discover, explore, analyze, and run inference on data in BigQuery, including:

• Python notebooks, powered by Colab Enterprise. Notebooks provide one-click Python development runtimes, and built-in support for BigQuery DataFrames.
• Asset management and version history for notebooks and saved queries, powered by Dataform.

BigQuery DataFrames is now in preview. BigQuery DataFrames is a Python API that you can use to analyze data and perform machine learning tasks in BigQuery. BigQuery DataFrames consists of the following parts:

• bigframes.pandas implements a DataFrame API (with partial Pandas compatibility) on top of BigQuery.
• bigframes.ml implements a Python API for BigQuery ML (with partial scikit-learn compatibility).

Get started with BigQuery DataFrames by using the BigQuery DataFrames quickstart.

The following Generative AI features are now generally available (GA) in BigQuery ML:

• Creating a remote model based on the Vertex AI large language model (LLM) text-bison.
• Using the ML.GENERATE_TEXT function with an LLM-based remote model to perform generative natural language tasks on text stored in BigQuery tables.

Try these features with the Generate text by using a remote model and the ML.GENERATE_TEXT function tutorial.

You can now configure Cloud Build to generate Google-signed identity tokens for user-specified service accounts during a build. Leveraging identity tokens with Cloud Build, you can:

• Authorize service-to-service access from Cloud Build
• Sign your builds

Identity tokens that you generate with Cloud Build conform to the OpenID Connect (OIDC) specification.

This feature is generally available.

You can use intrusion prevention service to safeguard your workload traffic from threats such as malware, spyware, and command-and-control attacks. This feature is available in Preview.

Summarizing log entries with Duet AI assistance is now available in Preview.

Spanner Studio includes Duet AI (in Preview), an AI-powered collaborator in Google Cloud that accelerates SQL development by helping you write SQL statements. For more information, see Write SQL with Duet AI assistance.

Duet AI for Cloud Workstations is available in Preview. Use Duet AI, your AI-powered collaborator, to accomplish tasks more effectively and efficiently. Duet AI provides contextualized responses to your prompts to help guide you on what you're trying to do with your code. It also shares source citations regarding which documentation and code samples the assistant used to generate its responses. You can do this in the Cloud Workstations base editor. For more information, see the Duet AI in Google Cloud overview and Code with Duet AI assistance.

Colab Enterprise is now available in Preview. Colab Enterprise combines the popular collaborative features of Colaboratory with the security and compliance capabilities of Google Cloud. Colab Enterprise includes:

• Sharing and collaborating functionality, with IAM access control.
• Google-managed compute and runtime provisioning, with configurable runtime templates.
• Integrations with Vertex AI and BigQuery.
• Inline code completion with Duet AI assistance.
• End-user credential authentication for running your notebook code.

To get started, see Introduction to Colab Enterprise or create a notebook and start coding.

Preview: You can use future reservations to reserve resources at a specific date and time in the near future.

Future reservations are useful for obtaining capacity for future peak-demand events or highly-demanded resources. For more information, see About future reservation requests.

Enterprise Search: Search with follow-ups is GA

Previously, the search with follow-ups feature was called multi-turn search.

Search with follow-ups is now generally available (GA).

Search with follow-ups can be applied to websites if advanced website indexing is enabled and to unstructured data.

In addition, to improve consistency between search with an answer and search with follow-ups, the response from the conversations.converse method v1 provides the summary object and no longer provides the reply and references objects. The response from the v1beta version of the method remains unchanged.

SafeSearch is available with the search with follow-ups feature.

For general information about search with follow-ups, see Search with follow-ups.

Enterprise Search: Improvements to snippets, extractive answers, and extractive segments

• Snippet status is now returned along with the snippet.

• Extractive answers include the document page number where the answer was found.

• Up to 10 extractive segments can be returned for a search result.

See Get snippets and extracted content.

Enterprise Search: Multi-region support for US and EU locations

When you create a data store, you can specify global, the US multi-region, or the EU multi-region.

For more information including limitations associated with multi-region use, see Enterprise Search locations.

Enterprise Search: Languages

More features in more languages are supported for Enterprise Search.

See Languages.

Enterprise Search: Verify website domains

New requirement to verify your domain ownership for any websites in your data stores with advanced website indexing turned on.

See Verify website domains.

Enterprise Search: Confidence scores

Confidence scores for extractive segments are available in preview with allowlist. Scores are based on the similarity of the query to the extracted segment.

See Extractive segments.

Enterprise Search: Serving controls using the API are allowlisted GA

Boost, filter, synonym, and redirect serving controls affect search results returned through API method calls.

For more information, see Configure serving controls.

Enterprise Search: Related questions

Related questions are available as an allowlisted, preview feature for search with follow-ups.

For information, see Related questions.

You can now create Cloud Tensor Processing Unit (TPU) nodes in GKE to run AI workloads, from training to inference models. GKE manages your cluster by automating TPU resource provisioning, scaling, scheduling, repairing, and upgrading. GKE provides TPU infrastructure metrics in Cloud Monitoring, TPU logs, and error reports for better visibility and monitoring of TPU node pools in GKE clusters. TPUs are available with GKE Standard clusters. GKE supports TPU v4 in version 1.26.1.gke-1500 and later, and supports TPU v5e in version 1.27.2-gke.1500 and later. To learn more, see About TPUs in GKE.

You can now sequence the rollout of cluster upgrades across fleets or across scopes. To learn more, see About cluster upgrades with rollout sequencing.

Imagen on Vertex AI now offers the following Generally Available (GA) features:

• Subject model tuning (standard)*
• Style model tuning*

* Restricted access feature.

For more information about Imagen or how to get access to restricted GA features, see the Imagen on Vertex AI overview.

Stream responses from Generative AI models

Generative AI model streaming support is now Generally Available (GA). After you send a prompt, the model returns response tokens as they're generated instead of waiting for the entire output to be available.

Supported models are:

• text-bison
• chat-bison
• code-bison
• codechat-bison

To learn more, see Stream responses from Generative AI models.

New Generative AI support on Vertex AI models and expanded language support

Generative AI support on Vertex AI has been updated to include new language model candidates (latest models), language models that support input and output tokens up to 32k, and more supported languages.

For details, see Available models and Model versions and lifecycle.

Model tuning for the text-bison model is now Generally Available (GA)

Tuning the text-bison model with supervised fine-tuning (SFT) is now Generally Available (GA) . For more information, see Tune text models.

Model tuning for the chat-bison model is now available in Preview

You can now use supervised fine-tuning to tune the chat-bison model. This feature is in (Preview). For more information, see Tune text models.

New embedding model now available in Preview

Generative AI support on Vertex AI users can now create embeddings using a new model trained on a wide range of non-English languages in (Preview).

• textembedding-gecko-multilingual

To learn more, see Get text embeddings.

Reinforcement learning from human feedback (RLHF) tuning for text-bison The Generative AI text generation foundation model (text-bison) now supports RLHF tuning. The RLHF tuning feature is in (Preview). For more information, see Use RLHF model tuning.

Vertex AI Codey APIs language support

Vertex AI Codey APIs now support additional programming languages. For more information, see Supported coding languages

Vertex AI Codey APIs now support supervised fine-tuning (SFT)

The code chat (codechat-bison) and code generation (code-bison) Vertex AI Codey APIs models now support supervised fine-tuning (SFT). The supervised-fine tuning for Vertex AI Codey APIs models feature is in (Preview). For more information, see Tune code models.

Metrics-based model evaluation

You can evaluate the performance of foundation models and tuned models against an evaluation dataset for classification, summarization, question answering, and general text generation. This feature is available in (Preview).

To learn more, see Evaluate model performance.

Vertex AI Model Registry Models and Vertex AI Datasets are now synced to Dataplex's Data Catalog. Data Catalog enables organization-wide search and discovery of data artifacts, while still maintaining IAM boundaries. The sync and search of these assets is available in Preview. For more information, see Data Catalog documentation.

CountToken API now available in Preview

The CountToken API is now available in (Preview). You can use this API to get the token count and the number of billable characters for a prompt. To learn more, see Get token count.

The Vertex AI Pipelines Template Gallery is now generally available (GA). The Template Gallery contains Google-authored pipeline and component templates to bootstrap your MLOps practice. Customize and run the templates as-is or embed them into your own pipelines. For more information, see Use a prebuilt template from the Template Gallery.

You can now use Cloud Monitoring to customize and receive notifications about ingestion health metrics. For more information, see Ingestion notifications for health metrics.

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, and Feed APIs.

• Financial Services
  • financialservices.googleapis.com/Instance
• Discovery Engine
  • discoveryengine.googleapis.com/Collection
  • discoveryengine.googleapis.com/DataStore

Cloud Bigtable is available in the europe-west10 (Berlin) region. For more information, see Bigtable locations.

The Natural Language API v2 is now available in Public Preview. This new version of the API supports Sentiment Analysis, Entity Analysis, Text Moderation, and Content Classification. This version has major updates for Sentiment Analysis and Entity Analysis, which include performance upgrades and general improvements. All API calls now return language_code .

You can now set password policies for local database users of Cloud SQL for PostgreSQL instances.

The sum() and avg() aggregation functions are now available for Firestore in Datastore mode.

Tabular Workflow for Forecasting is available in Preview. For documentation, refer to Tabular Workflow for Forecasting.

Posit Workbench (including RStudio Pro) integration is generally available (GA). For more information, see Develop code using Posit Workbench.

Release 1.16.0

Anthos clusters on bare metal 1.16.0 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.16.0 runs on Kubernetes 1.27.

Cluster lifecycle:

• Upgraded to Kubernetes version 1.27.4.

• Added support for Red Hat Enterprise Linux (RHEL) version 8.8.

• GA: Added support for parallel upgrades of worker node pools.

• GA: Added support to upgrade specific worker node pools separately from the rest of the cluster.

• GA: Added a separate instance of etcd for the etcd-events object. This new etcd instance is always on and requires ports 2382 and 2383 to be open on control plane nodes for inbound TCP traffic. If these ports aren't opened, cluster creation and cluster upgrades are blocked.

• GA: Updated preflight checks for cluster installation and upgrades to use changes from the latest Anthos clusters on bare metal patch version to address known issues and provide more useful checks.

• GA: Support enrolling admin and user clusters in the Anthos On-Prem API automatically to enable cluster lifecycle management from the Google Cloud CLI, the Google Cloud console, and Terraform when the Anthos On-Prem API is enabled. If needed, you have the option to disable enrollment. For more information, see the description for the gkeOnPremAPI field in the cluster configuration file.

• GA: Added ability to configure kubelet image pull settings for node pools. For more information, see Configure kubelet image pull settings.

• Added new health check to detect any unsupported drift in the custom resources managed by Anthos clusters on bare metal. Unsupported resource changes can lead to cluster problems.

• Added a new flag, --target-cluster-name, that is supported by the bmctl register bootstrap command.

Networking:

• GA: Added support for Services of type LoadBalancer to use externalTrafficPolicy=Local with bundled load balancing with BGP.

• Preview: Added support for enabling Direct Server Return (DSR) load balancing for clusters configured with flat-mode networking. DSR load balancing is enabled with an annotation, preview.baremetal.cluster.gke.io/dpv2-lbmode-dsr: enable.

• Preview: Upgraded wherabouts to v0.6.1-gke.1 to support dual-stack networking.

• Added support for multiple BGP load balancer (BGPLoadBalancer) resources and BGP Community. Multiple BGP load balancer resources provide more flexibility to define which peers advertise specific load balancer nodes and Services. BGP Community support helps you to distinguish routes coming from BGP load balancers from other routes in your network.

Observability:

• GA: Added support for system metrics when you use Google Cloud Managed Service for Prometheus.

Security and Identity:

• GA: Added support for Binary Authorization, a service on Google Cloud that provides software supply-chain security for container-based applications. For more information, see Set up Binary Authorization policy enforcement.

• GA: Added support for VPC Service Controls, which provides additional security for your clusters to help mitigate the risk of data exfiltration.

• Preview: Added support for using custom cluster certificate authorities (CAs) to enable secure authentication and encryption between cluster components.

• Preview: Added support for configuring the Subject Alternative Names (SANs) of the kubeadm generated certificate for the kube-apiserver.

• Added support to run keepalived as a non-root user.

This release includes custom profiles for Advanced API Security scores. Custom profiles let you specify the security categories you want your security scores to be based on. In this release, you must create a security profile in the security scores API. However, you can view scores for the profile in the security scores UI.

Batch is available in the europe-west10 (Berlin) region.

For more information, see Locations.

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Speaker ID
  • speakerid.googleapis.com/Speaker
  • speakerid.googleapis.com/Phrase

You can now cancel a currently running job execution. (In Preview.)

Preview: You can reduce network latency between VMs by using compact placement policies to specify the maximum distance between VMs. Use compact placement policies to optimize workloads with frequent communication across VMs—for example, high-performance computing (HPC), machine learning (ML), or database server workloads. You can keep VMs in the same rack, across adjacent racks within the same cluster, or across adjacent clusters.

For more information, see Reduce latency by using compact placement policies.

Document AI Workbench is now powered by generative AI with two feature launches:

Document AI Workbench Summarizer is in Preview:

• The Summarizer provides summaries for documents up to 250 pages long.
• You can customize summaries based on your preferences for length (brief, moderate, comprehensive) and format (paragraph, bullet points).
• See the user guide for more information.

Document AI Workbench custom extractor is in preview:

• Custom extractor with generative AI can help extract data from documents with free-form text (e.g., contracts) and complex layouts (e.g., invoices, W2s, bills of lading).
• The pretrained processor version, which uses generative AI, can be used out of the box without any training. Post a document to the endpoint with a list of fields to get structured data.
• Customize results by confirming content in about five documents. Workbench leverages the examples to improve accuracy using few-shot prediction.
• Extract information from documents up to 200 pages long through the asynchronous API.
• To get started, create or use an existing custom extractor to leverage a processor version.
• See the how-to guide, labeling best practices, and training use cases.
• Current limitations of generative AI extraction within the custom extractor:
  • Only the English language is supported.
  • Region availability is currently only in the US.
  • While in preview, we recommend that you only extract up to 50 entities per endpoint with generative AI.
  • When uploading a sample document to define fields and preview results on the Get started page, there can be long latencies. We're working to reduce this latency.

In addition, template-based training is available in GA within the custom extractor:

• Template-based training provides accurate predictions for documents with no layout variation (such as an application form).
• Only six labeled documents are needed to train and use a template-based processor version.
• See the user guide and training use cases.

Scheduled backups now available in Preview.

You can now view and list multiple databases using the Google Cloud console. This feature is in Preview.

You can now view and list multiple databases using the Google Cloud console. This feature is in Preview.

Scheduled backups now available in Preview.

GKE now delivers insights and recommendations to ensure your workloads are ready for disruption using features such as Pod Disruption Budgets. To learn more, see Ensure stateful workloads are disruption-ready.

The following text embedding features are now available in preview:

• Creating a BigQuery ML remote model that references the Vertex AI PaLM APIs for embeddings (textembedding-gecko).
• Using the ML.GENERATE_TEXT_EMBEDDING function with the remote embedding model to embed text stored in BigQuery.
• Using the ARRAY<NUMERIC> type as an input feature type to other models.
• Generating text embeddings with the NNLM, SWIVEL, and BERT TensorFlow models.

For more information, see the tutorial for performing basic semantic search with text embeddings.

The following BigQuery ML inference features are now generally available (GA):

• Importing ONNX, XGBoost, and TensorFlow Lite models so that you can run them within the BigQuery ML inference engine.
• Hosting models remotely on Vertex AI Prediction so you can do inference with BigQuery ML, removing the need to build data pipelines manually.
• Using BigQuery ML functions to perform inference on Vertex AI pretrained models so that you can accomplish natural language processing, translation, and computer vision tasks in BigQuery. These functions work with the Cloud Vision, Cloud Natural Language, and Cloud Translation APIs.

Cloud Spanner has added 13 new PostgreSQL functions and operators:

• ARRAY_UPPER(anyarray, dimension) function
• QUOTE_IDENT(string) function
• SUBSTRING(string, pattern) function
• DATE - DATE operator
• DATE - INTEGER operator
• DATE + INTEGER operator
• REGEXP_MATCH(string, pattern [, flags]) function
• REGEXP_SPLIT_TO_ARRAY(string, pattern [, flags]) function
• STRING !~ PATTERN operator
• TO_CHAR(timestamptz, format), TO_CHAR(double, format), TO_CHAR(bigint, format), TO_CHAR(numeric, format) function
• TO_NUMBER(string, format) function
• TO_DATE(string, format) function
• TO_TIMESTAMP(string, format) function

For more information, see Supported PostgreSQL functions.

• Preview: You can migrate from the Seesaw load balancer to MetalLB.
• Preview: Support the direct server return (DSR) load balancing mode for a cluster that has Dataplane V2 enabled.
• Preview: Support user-managed admin workstations.
• Preview: Support preparing credentials as Kubernetes secrets for admin clusters. See also the Secrets configuration file reference.
• GA: Support for vSphere 8.0.
• GA: Support enrolling admin and user clusters in the Anthos On-Prem API automatically to enable cluster lifecycle management from the Google Cloud CLI, the Google Cloud console, and Terraform when the Anthos On-Prem API is enabled. If needed, you have the option to disable enrollment. For more information, see Admin cluster configuration file and User cluster configuration file.
• GA: Logging and monitoring agents on each cluster now include kube-state-metrics and node-exporter.
• GA: Support for high-availability control plane for admin clusters.
• GA: Support for VM-Host affinity for user cluster node pools.
• GA: Support for user cluster storage policy based management (SPBM) .
• GA: Google managed service for Prometheus supports system metrics.
• GA: Support disabling bundled Istio ingress controller in the user cluster configuration.
• GA: Enforce the same project ID and location for new cluster creation.
• GA: Support for using gkectl to update secret encryption.
• GA: Support for enabling or disabling antiAffinityGroups.