Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

July 23, 2025

AlloyDB Omni

AlloyDB Omni version 16.8.0 is generally available (GA). Version 16.8.0 includes the following features and changes:

AlloyDB Omni version 15.12.0 is generally available (GA). Version 15.12.0 includes the following features and changes:

AlloyDB for PostgreSQL

AlloyDB Omni version 16.8.0 is generally available (GA). Version 16.8.0 includes the following features and changes:

AlloyDB Omni version 15.12.0 is generally available (GA). Version 15.12.0 includes the following features and changes:

Cloud Composer

If your environment uses dag-factory package version 0.22, then you might experience DAG failures in Cloud Composer versions that have apache-airflow-providers-cncf-kubernetes package version 10.4.2 or later. At the same time, upgrading the dag-factory package to version 0.23 might require you to update your DAG code to make it compatible.

If your environment uses dag-factory version 0.22, we recommend to do the following:

  • Temporarily postpone upgrading your environment until you're ready to switch to dag-factory version 0.23. Last versions of Cloud Composer that support version 0.22 are composer-3-airflow-2.10.5-build.3, composer-3-airflow-2.9.3-build.23, composer-2.13.1-airflow-2.10.5, and composer-2.13.1-airflow-2.9.3 released on May 14, 2025.
  • When you are ready to upgrade, update your DAGs for compatibility with 0.23. We recommend to do this in a development environment first. Install dag-factory version 0.23, then check that your DAGs are parsed and are working correctly, and update them if needed. After your DAGs are compatible, install dag-factory version 0.23 in your production environment and transfer the updated DAGs. Your environment can now be upgraded to a later version of Cloud Composer or Airflow.
  • If your environment is already upgraded to a later version of Cloud Composer and you experience problems, then update dag-factory to version 0.23 and update your DAGs for compatibility with 0.23.
Google SecOps Marketplace

Siemplify: Version 94.0

  • The following new actions have been added:

    • Get Custom Field Values

    • Resume Case SLA

    • Pause Case SLA

Sophos: Version 18.0

Added ability to work with new authentication method in the following action:

  • Get Events Log

July 22, 2025

Apigee API hub

API hub provisioning now enables Apigee API

When you provision API hub, it now enables the Apigee API (apigee.googleapis.com) in your Google Cloud project. If Apigee isn't already provisioned, an Apigee organization is also automatically created in your project as part of the provisioning process.

API hub remains a free service. Enabling the Apigee API has no additional pricing or billing implications for your project.

For more information, see Provision API hub in the Cloud console.

BigQuery

You can now use the VECTOR_INDEX.STATISTICS function to calculate how much an indexed table's data has drifted between when a vector index was created and the present. If table data has changed enough to require a vector index rebuild, you can use the ALTER VECTOR INDEX REBUILD statement to rebuild the vector index. This feature is in Preview.

The CREATE EXTERNAL TABLE and LOAD DATA statements now support the following options in Preview:

  • null_markers: define the strings that represent NULL values in CSV files.
  • source_column_match: specify how loaded columns are matched to the schema. You can match columns by position or by name.

You can now use the MATCH_RECOGNIZE clause in your SQL queries to filter and aggregate matches across rows in a table. This feature is in Preview.

Generative AI on Vertex AI

Gemini 2.5 Flash-Lite is now generally available and accessible using the API and Vertex AI Studio. This GA release includes support for explicit caching and batch prediction, as well as expanded region support.

See Gemini 2.5 Flash-Lite for more information.

Google Cloud Architecture Center

(New guide) Secure apps and resources by using context-aware access: Describes how you can use context-aware access to secure different types of apps and resources.

(New guide) Best practices for securing apps and resources by using context-aware access: Describes best practices for using context-aware access to secure apps and resources.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.31.700-gke.72 is now available for download. To upgrade, see Upgrade a cluster. Google Distributed Cloud 1.31.700-gke.72 runs on Kubernetes v1.31.10-gke.200.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issues were fixed in 1.31.700-gke.72:

Google Distributed Cloud (software only) for bare metal

Google Distributed Cloud for bare metal 1.31.700-gke.72 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.31.700-gke.72 runs on Kubernetes v1.31.10-gke.200.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following functional changes were made in 1.31.700-gke.72:

The following issues were fixed in 1.31.700-gke.72:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google SecOps

Silent Host Monitoring

New configuration options are now available for Silent Host Monitoring. You can now define detection rule-based Silent Host Monitoring in SecOps using UDM fields or labels, configurable within a specified time window.

For more information, see Silent host monitoring.

Google SecOps SIEM

Silent Host Monitoring

New configuration options are now available for Silent Host Monitoring. You can now define detection rule-based Silent Host Monitoring in SecOps using UDM fields or labels, configurable within a specified time window.

For more information, see Silent host monitoring.

Security Command Center

The Setup guide in Security Command Center Enterprise, used to monitor the activation progress and configure services, is now in General Availability.

The Impair Defenses: Two Step Verification Disabled finding type of Event Threat Detection was renamed to Persistence: Two Step Verification Disabled. For a complete list of Event Threat Detection finding types, see Event Threat Detection overview.

July 21, 2025

Access Transparency

Access Transparency supports BigQuery data preparation in the GA stage.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.53.0 (2025-07-14)

Features
  • bigquery: Add OpenTelemetry support to BigQuery rpcs (#3860) (e2d23c1)
  • bigquery: Add support for custom timezones and timestamps (#3859) (e5467c9)
  • Next release from main branch is 2.53.0 (#3879) (c47a062)
Bug Fixes
  • Load jobs preserve ascii control characters configuration (#3876) (5cfdf85)
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.69.0 (#3870) (a7f1007)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20250615-2.0.0 (#3872) (f081589)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.50.1 (#3878) (0e971b8)
Documentation

Python

Changes for google-cloud-bigquery

3.35.0 (2025-07-15)

Features
  • Add null_markers property to LoadJobConfig and CSVOptions (#2239) (289446d)
  • Add total slot ms to RowIterator (#2233) (d44bf02)
  • Add UpdateMode to update_dataset (#2204) (eb9c2af)
  • Adds dataset_view parameter to get_dataset method (#2198) (28a5750)
  • Adds date_format to load job and external config (#2231) (7d31828)
  • Adds datetime_format as an option (#2236) (54d3dc6)
  • Adds source_column_match and associated tests (#2227) (6d5d236)
  • Adds time_format and timestamp_format and associated tests (#2238) (371ad29)
  • Adds time_zone to external config and load job (#2229) (b2300d0)
Bug Fixes
  • Adds magics.context.project to eliminate issues with unit tests … (#2228) (27ff3a8)
  • Fix rows returned when both start_index and page_size are provided (#2181) (45643a2)
  • Make AccessEntry equality consistent with from_api_repr (#2218) (4941de4)
  • Update type hints for various BigQuery files (#2206) (b863291)
Documentation
  • Improve clarity of "Output Only" fields in Dataset class (#2201) (bd5aba8)

You can now use the DISTINCT pipe operator to select distinct rows from a table in your pipe syntax queries. This feature is generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.62.0 (2025-07-15)

Features
  • Add Idempotency to Cloud Bigtable MutateRowRequest API (b5acca6)
  • Add SchemaBundles API (b5acca6)
  • bigtable: Add schema bundle support (#2619) (7d7b9a9)
  • Next release from main branch is 2.62.0 (#2621) (202b211)
Dependencies
Cloud Service Mesh

Managed Cloud Service Mesh will start using proxy version csm_mesh_proxy.20250623b_RC00 for Gateway API on GKE clusters. This proxy version maps closest to Envoy version 1.35. This change is rolling out to all release channels.

Compute Engine

Generally available: The general-purpose C4D machine series offers the following bare metal machine types:

  • c4d-standard-384-metal
  • c4d-highcpu-384-metal
  • c4d-highmem-384-metal

This is the first machine series to offer AMD-based bare metal instances. Bare metal instances let you create an instance with direct access to the machine's CPU and memory, without a virtualization layer in the middle. C4D uses Titanium to deliver more compute and memory resources for your workloads by offloading network and I/O processing from the host hardware. To learn more, see C4D machine series. For information about bare metal instances, including regional availability, see Bare metal instances on Compute Engine.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.30.1100-gke.67 is now available for download. To upgrade, see Upgrade a cluster. Google Distributed Cloud 1.30.1100-gke.67 runs on Kubernetes v1.30.12-gke.800.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issues were fixed in 1.30.1100-gke.67:

Google Distributed Cloud (software only) for bare metal

Google Distributed Cloud for bare metal 1.30.1100-gke.67 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.1100-gke.67 runs on Kubernetes v1.30.12-gke.800.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following issues were fixed in 1.30.1100-gke.67:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

In GKE version 1.33.2-gke.1111000 and later, you can use compute classes to set Kubernetes labels on all nodes that are created for that compute class. These labels are applied to the corresponding Node objects in the Kubernetes API. For more information about setting node labels in compute classes, see the ComputeClass custom resource definition.

In GKE version 1.33.2-gke.1111000 and later, you can use compute classes to set Kubernetes labels on all nodes that are created for that compute class. These labels are applied to the corresponding Node objects in the Kubernetes API. For more information about setting node labels in compute classes, see the ComputeClass custom resource definition.

Google SecOps Google SecOps SIEM Identity and Access Management

You can ask Gemini for predefined role suggestions using the IAM role picker in the Google Cloud Console. This feature is in preview.

For more information, see Get predefined role suggestions with Gemini assistance.

Security Command Center

The Aggregations panel on the Findings page in Security Command Center Enterprise has been enhanced and is now called Quick Filters. For information about filtering results on the Findings page, see Review and manage findings.

Workload Manager

You can set up the Agent for Compute Workloads to collect metrics of your Oracle workloads running on Google Compute Engine instances. For more information, see Set up the agent for Oracle.

July 20, 2025

Google SecOps SOAR

Release 6.3.54 is being rolled out to the first phase of regions as listed here.

This release contains internal and customer bug fixes.

July 19, 2025

Google SecOps SOAR

Release 6.3.53 is now available for all regions.

July 18, 2025

AI Hypercomputer

Generally available: You can troubleshoot workloads with slow performance by using straggler detection metrics and logs.

Stragglers are single-point, non-crashing failures that eventually slow down your entire workload. Large-scale ML workloads are very susceptible to stragglers, and VMs with stragglers are often very difficult to notice and pinpoint without straggler detection.

For more information, see Monitor VMs and Slurm clusters and Troubleshoot slow performance.

Apigee API hub

Apigee and hybrid plugin instance management

You can now create and delete plugin instances for Apigee and Apigee Hybrid while associating the respective Apigee runtime projects to API hub.

For more information, see Auto-register Apigee proxies.

Apigee and Apigee hybrid plugin creation now requires source project ID

When creating new instances of the Apigee X and hybrid plugin, you must now provide a source project ID. This source project ID is the Google Cloud project from which the plugin will import data.

This is a breaking change and will affect any existing API calls that create these plugins without explicitly providing this ID.

Action Required: Update your API calls to include the appropriate source project ID when creating new Apigee X and hybrid plugins. Failing to do so will result in creation errors.

Edit plugin instances changes

You can now change or modify the name and curation logic of your plugin instance.

For more information, see Edit a plugin instance.

Resource URI format for Apigee deployments

To ensure optimal functionality and consistency while creating or updating Apigee deployments, we now recommend that the Resource URI conforms to the following format: organizations/([^/]+)/environments/([^/]+)/apis/([^/]+)$

For more information, see Introduction to deployments.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Service Management API
    • servicemanagement.googleapis.com/Service
Compute Engine

Generally available: You can create instant and standard snapshots from Hyperdisk volumes in multi-writer mode. You can also clone Hyperdisk volumes in multi-writer mode.

For more information, see Share disks between instances.

Contact Center AI Insights

Quality AI offers multiple scorecards in preview. With multiple scorecards, Quality AI can evaluate a single conversation against different criteria and provide multiple conversation scores. You can also choose which scorecard data to view on each page of the console.

Gemini Code Assist

Improved code completion speed

VS Code Gemini Code Assist 2.41.0

Code completion suggestion speed is improved with VS Code Extension 2.41.0.

SAP on Google Cloud

New SAP certification for operating system: SLES 15 SP7 for SAP

For use with SAP HANA and SAP NetWeaver on Google Cloud, SAP has certified the operating system SUSE Linux Enterprise Server (SLES) 15 SP7 for SAP.

For more information, see:

July 17, 2025

Assured Workloads

The Data Boundary for Impact Level 4 (IL4) now supports the following products:

  • Certificate Authority Service
  • Cloud Build
  • Cloud NAT
  • GKE Hub
  • Memorystore for Redis
  • Secret Manager
  • Sensitive Data Protection

The Data Boundary for Impact Level 5 (IL5) now supports the following products:

  • Certificate Authority Service
  • Cloud Build
  • Cloud NAT
  • Cloud VPN
  • GKE Hub
  • Memorystore for Redis
  • Secret Manager
  • Sensitive Data Protection

See Supported products by control package for more information.

BigQuery

You can now use the WITH pipe operator to define common table expressions in your pipe syntax queries. This feature is generally available (GA).

You can now use named windows in your pipe syntax queries. This feature is generally available (GA).

Cloud Composer

Highly resilient environments are now generally available (GA) in Cloud Composer 3.

Cloud Monitoring

Application-specific resource attributes are attached to your trace data when your App Hub applications use supported Google Cloud resources, or when you instrument an application with OpenTelemetry and use the Google Cloud Telemetry endpoint. To learn more, see the following:

Cloud Trace

Application-specific resource attributes are attached to your trace data when your App Hub applications use supported Google Cloud resources, or when you instrument an application with OpenTelemetry and use the Google Cloud Telemetry endpoint. You can use the Trace Explorer to filter by your application, your service, or your workload. To learn more, see the following:

Dialogflow

Conversational Agents: CMEK is now available in EU regions.

Conversational Agents: The conversational history flow analysis feature is now available.

Conversational Agents: The model gemini-2.5-flash is now available in all regions. This change applies to the following features:

  • Generators
  • Playbooks (Public Preview)
  • Data stores tools (Public Preview)
Gemini Code Assist

Checkpoints, selected code snippets and terminal output, and other features are now Generally Available (GA)

The following features, which launched in Preview in May and June 2025, are now Generally Available:

Generative AI on Vertex AI

Veo 3 preview models now support upscaling for 1080p resolution using the new resolution parameter. For more information, see Veo on Vertex AI.

Google Cloud Marketplace Partners

The Detailed Disbursements and Customer Incremental Insights ISV reports are now available in BigQuery. These reports leverage BigQuery's out-of-the-box connectors to aggregate your Google Cloud Marketplace data with other data sources for your analysis, reporting, and data visualization needs.

Learn how to enable these new reports from the Producer Portal.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.32.200-gke.104 is now available for download. To upgrade, see Upgrade a cluster. Google Distributed Cloud 1.32.200-gke.104 runs on Kubernetes v1.32.4-gke.1000.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issues were fixed in 1.32.200-gke.104:

Google Distributed Cloud (software only) for bare metal

Google Distributed Cloud for bare metal 1.32.200-gke.104 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.32.200-gke.104 runs on Kubernetes v1.32.4-gke.1000.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following issues were fixed in 1.32.200-gke.104:

  • Fixed a known issue where Keepalived failover is blocked when the corresponding HAProxy instance is unreachable. This issue prevented the control plane VIP from being made available on a new, healthy node.

  • Fixed an issue that caused nodes to get stuck in maintenance mode. Health checks have been updated so that the network check job skips connectivity checks for nodes that are in maintenance mode.

  • Fixed vulnerabilities listed in Vulnerability fixes.

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Looker Studio

Report abuse

Looker Studio report viewers can now report abusive content. Content is automatically reviewed, and content that is reported as abusive is hidden or deleted.

Performance improvement for BigQuery data sources

Report viewers may notice improved performance when the report uses a BigQuery data source.

The BigQuery connector supports short query optimized mode. In this mode, when BigQuery determines that it can finish a query quickly, BigQuery prioritizes returning immediate results instead of creating a BigQuery job. Short query optimized mode may apply in the following situations:

  • When the data source uses Viewer's Credentials
  • When the data source uses Owner's Credentials but you are not the credential owner

There is no change in user experience or report behavior for data source credential owners.

Security Command Center

The following Container Threat Detection detectors for file monitoring are in Preview:

  • Collection: Pam.d Modification
  • Credential Access: Access Sensitive Files on Nodes
  • Defense Evasion: Disable or modify Linux audit system
  • Defense Evasion: Root Certificate Installed
  • Execution: Suspicious Cron Modification
  • Persistence: Modify ld.so.preload

The following Security Command Center Enterprise pages in the Google Cloud console now fully replace equivalent pages that you accessed previously in the Google Security Operations console.

Left navigation links in the Google Security Operations console open the related Google Cloud console page. See the earlier release announcement about these pages.

July 16, 2025

BigQuery

You can now add comments to notebooks, data canvases, data preparation files, or saved queries. You can also reply to existing comments or get a link to them. This feature is in Preview.

Cloud Billing

Spend-based committed use discount (CUD) metadata export to BigQuery (public preview)

You can now access spend-based CUD metadata programmatically through a BigQuery export. This data provides a comprehensive, daily snapshot of spend-based CUDs, which you can join with other billing data exports for improved CUD reporting and management.

Learn more about the CUD metadata export.

Cloud Data Fusion

The Oracle plugin version 1.12.3 is available in Cloud Data Fusion (via Hub) versions 6.11.0 and later, and 1.11.8 is available in Cloud Data Fusion (via Hub) version 6.10.

This release provides backward compatibility for recent schema changes, including the following:

To address backward compatibility for these changes, two new hidden fields are introduced in Oracle batch source configurations: treatPrecisionlessNumAsDeci and treatAsOldTimestamp. Both flags default to false. To enable these flags, edit the respective values in your exported connection JSON (if using connections) or pipeline JSON (if not using connections) before re-importing or re-deploying (PLUGIN-1893).

Cloud Run

You can disable the built-in run.app URL of a Cloud Run service to ensure that traffic can only ingress through paths that you've explicitly configured (GA).

Cloud Service Mesh

1.26.0-asm.11 is now available for in-cluster Cloud Service Mesh.

You can now download 1.26.0-asm.11 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.26.0 subject to the list of supported features.

The following environment variables and annotations are not supported:

  • ENABLE_GATEWAY_API_MANUAL_DEPLOYMENT
  • RETRY_IGNORE_PREVIOUS_HOSTS
  • ENABLE_CLUSTER_TRUST_BUNDLE_API
  • OMIT_EMPTY_VALUES
  • PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY
  • MAX_CONNECTIONS_PER_SOCKET_EVENT_LOOP with the value 1
  • Referencing ConfigMaps in a DestinationRule with TLS mode set to SIMPLE mode is not supported

The ENABLE_AUTO_SNI flag is still supported to stay aligned with the legacy behavior.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh. Cloud Service Mesh version 1.26.0-asm.11 uses Envoy v1.34.2-dev.

In-cluster Cloud Service Mesh 1.23 is no longer supported. For more information and to view the earliest end-of-life dates for other versions, see Supported versions.

1.25.3-asm.11 is now available for in-cluster Cloud Service Mesh.

You can now download 1.25.3-asm.11 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.25.3 subject to the list of supported features. Cloud Service Mesh version 1.25.3-asm.11 uses envoy v1.33.4-dev.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

1.24.6-asm.9 is now available for in-cluster Cloud Service Mesh.

You can now download 1.24.6-asm.9 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.24.6 subject to the list of supported features. Cloud Service Mesh version 1.24.6-asm.9 uses envoy v1.32.7-dev.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

Generative AI on Vertex AI

Added Gemma 3 fine-tuning notebook using Axolotl docker with support for 1b, 4b, 12b, and 27b variants.

Google Kubernetes Engine

(2025-R30) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

Stable channel

Extended channel

No channel

To enable upcoming support for mTLS and client certificates, Google Front Ends (GFEs) that power GKE DNS-based control plane public endpoints will add client certificate requests during the TLS handshake. Requests are already incorporated into GKE DNS-based control plane public endpoints where hostnames end with us-central1.gke.goog. For all other GKE DNS-based control plane public endpoints, this will roll out between August 18, 2025 and August 22, 2025.

Until mTLS and client certificate configuration options are available, the following details apply:

  • A client certificate request in a TLS handshake doesn't mean that kubectl (or other compatible clients) must provide a client certificate. Client certificates are neither mandatory nor configurable.
  • TLS libraries in current operating systems send a "no client certificate" response to the public endpoint's client certificate request.
  • GKE DNS-based control plane public endpoints will not enforce client certificates or mTLS requirements until a future announcement about configuration options.

If you use an intermediate proxy between kubectl (or other compatible clients) and a GKE DNS-based control plane public endpoint, ensure that it fully adheres to Section 7.4.4 of RFC 5246, Section 4.4.2 of RFC 8446, or Section 4.4.2.4 of RFC 8446.

(2025-R30) Version updates

(2025-R30) Version updates

(2025-R30) Version updates

(2025-R30) Version updates

(2025-R30) Version updates

Google SecOps Marketplace

Google Chronicle: Version 62.0

  • The following new actions have been added:

    • Remove Rows From Data Table

    • Get Data Tables

    • Is Value In Data Table

    • Add Rows To Data Table

Azure Security Center: Version 11.0

  • Integration: Refactored the integration code to support the updated API.

Mandiant Threat Intelligence: Version 14.0

  • Improved entity processing logic in the following action:

    • Enrich Entities

Microsoft Azure Sentinel: Version 55.0

  • Updated logger initialization in the following connector:

    • Microsoft Azure Sentinel - Incident Connector v2

MySQL: Version 5.0

  • Refined query processing in the following action:

    • Run SQL Query
Memorystore for Valkey

You can now use Valkey GLIDE to connect your applications to Memorystore for Valkey instances.

Vertex AI

Added Gemma 3 fine-tuning notebook using Axolotl docker with support for 1b, 4b, 12b, and 27b variants.

July 15, 2025

App Engine flexible environment Go

Support for Go 1.24 runtime is in Preview.

App Engine standard environment Go

Support for Go 1.24 runtime is in Preview.

BigQuery

You can flatten JSON columns in BigQuery data preparation with a single operation. This feature is generally available (GA).

Cloud Run

Compute flexible committed use discounts (CUDs) have expanded to also cover your Cloud Billing account's spend across Cloud Run services with request-based billing and Cloud Run functions.

The improved spend-based CUD experience is available without requiring an opt-in for new users or users who don't have an active spend-based CUD.

To learn more about how opting into the new model affects your flexible CUDs, see Committed use discounts.

Support for the Go 1.24 runtime is in Preview.

Cloud Run functions

Support for the Go 1.24 runtime is in Preview.

Compute Engine

Compute flexible committed use discounts (CUDs) offer expanded coverage by supporting the following resources and services:

  • Memory-optimized M1, M2, M3, and M4 VMs
  • Compute-optimized H3 instances
  • Cloud Run services with request-based billing
  • Cloud Run Functions

To receive the expanded coverage for flexible CUDs, you must opt in to the new spend-based CUD model. Cloud Billing accounts that meet specific criteria are automatically opted into the new model. On January 21, 2026, all remaining accounts will automatically migrate to the new model. You can opt in before that date to start receiving the expanded coverage. To learn more about the new model and the opt-in details, see Spend-based CUDs program improvements.

To learn more about this change and how your flexible CUDs apply after you opt in, see Compute flexible CUDs.

Dataproc

Dataproc on Compute Engine: Starting August 18, 2025, the following diagnostic properties will be enabled by default for newly created Dataproc clusters:

Note: To disable any of these features, set the corresponding property to false during cluster creation.

New Dataproc on Compute Engine subminor image versions:

2.3.6-debian12, 2.3.6-ubuntu22, and 2.3.6-rocky9.

Dataproc now allows Dynamic update of multi-tenancy clusters.

Pub/Sub

General availability: The Go Pub/Sub client library has a new major version. For more information on how to migrate from v1 to v2, see the Migration guide.

July 14, 2025

AlloyDB for PostgreSQL

You can now create an AlloyDB instance with a specific IP address range using the Google Cloud CLI, Terraform, or REST API. You can also override IP address range allocations configured during cluster creation. For more information, see Create an instance with a specific IP address range. This feature is generally available GA.

Apigee Advanced API Security

On July 14, 2025 we released an updated version of Advanced API Security

Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.

Support for editing and deleting security actions

With this release you can edit and delete existing security actions using either the UI or the Apigee Management APIs.

For usage information, see the security actions documentation.

Cloud Composer

We're changing the way we provide support dates for Airflow builds in Cloud Composer 3. Before this change, some Airflow builds had their end of support date listed as "To be announced" until a later Airflow version became available. We're deprecating this approach for all builds that are released after July 01, 2025.

We are now providing support dates that depend on a date when a particular Airflow build was released:

  • We are introducing the standard support period of 12 months after the release date.
  • All Airflow builds that didn't have an end of support date when this change was introduced are supported until July 1, 2026. Because of this change, some Airflow builds released before July 1, 2025 are supported for longer than the standard support period.
  • All Airflow builds that had their support date shorter than 12 months are now supported for 12 months since the date of their initial release.
  • All builds released after July 1, 2025 will use the standard support period.
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.23.0 (2025-07-11)

Features
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.50.1 (#1828) (44c3094)
Confidential VM

As of June 20, 2025, Confidential VM instances using AMD SEV-SNP or Intel TDX do not support remote attestation when running the following guest OS images:

  • SLES 15 SP7

  • Ubuntu 25.04

To restore remote attestation, use an earlier guest OS version such as SLES 15 SP6 or Ubuntu 24.04.

Container Optimized OS

cos-117-18613-263-66

Kernel Docker Containerd GPU Drivers
COS-6.6.93 v24.0.9 v1.7.27 See List

Upgraded nvidia-container-toolkit to v1.17.8.

Updated google-guest-agent to v20250701.01.

Updated app-editors/nano to v8.5. This resolves CVE-2024-5742.

Upgraded vim, vim-core to version 9.1.1500. This fixes CVE-2025-26603, CVE-2025-27423, CVE-2025-29768, CVE-2025-1215, CVE-2025-24014, CVE-2025-22134.

Runtime sysctl changes:

  • Changed: fs.file-max: 811799 -> 811784

cos-109-17800-519-47

Kernel Docker Containerd GPU Drivers
COS-6.1.141 v24.0.9 v1.7.27 See List

Upgraded nvidia-container-toolkit to v1.17.8.

Upgraded sys-apps/less to v679.

Updated app-editors/nano to v8.5. This resolves CVE-2024-5742.

Upgraded vim, vim-core to version 9.1.1500. This fixes CVE-2025-26603, CVE-2025-27423, CVE-2025-29768, CVE-2025-1215, CVE-2025-24014, CVE-2025-22134.

Runtime sysctl changes:

  • Changed: fs.file-max: 812201 -> 812258

cos-121-18867-90-85

Kernel Docker Containerd GPU Drivers
COS-6.6.93 v27.5.1 v2.0.4 See List

Upgraded nvidia-container-toolkit to v1.17.8.

Updated google-guest-agent to v20250701.01.

Updated app-editors/nano to v8.5. This resolves CVE-2024-5742.

Upgraded vim, vim-core to version 9.1.1500. This fixes CVE-2025-26603, CVE-2025-27423, CVE-2025-29768, CVE-2025-1215, CVE-2025-24014, CVE-2025-22134.

cos-113-18244-382-60

Kernel Docker Containerd GPU Drivers
COS-6.1.141 v24.0.9 v1.7.27 See List

Upgraded nvidia-container-toolkit to v1.17.8.

Upgraded sys-apps/less to v679.

Updated app-editors/nano to v8.5. This resolves CVE-2024-5742.

Upgraded vim, vim-core to version 9.1.1500. This fixes CVE-2025-26603, CVE-2025-27423, CVE-2025-29768, CVE-2025-1215, CVE-2025-24014, CVE-2025-22134.

Dataform

Updates to the automatic cataloging of Dataform metadata in Dataplex improve the near real-time management and search capabilities for repository metadata. These features are generally available (GA).

Deep Learning VM Images

The following framework versions have reached their end of patch and support dates:

  • Base versions with CUDA 12.4 and earlier
  • Tensorflow versions 2.17 and earlier
  • PyTorch versions 2.3 and earlier

To view the end of patch and support dates, see Supported framework versions.

For more information on what the end of patch and support date means, see Support policy schedule.

If you must use an image after deprecation against Google security recommendations and at your own risk, see After deprecation.

Generative AI on Vertex AI

Multimodal MedGemma 27B IT, MedSigLIP, and T5Gemma models are available through Model Garden.

Google Cloud VMware Engine

VMware Engine ve2 nodes are now available in the São Paulo, Brazil (southamerica-east1-c) zone in the São Paulo region (southamerica-east1).

Google Kubernetes Engine

Windows NVMe attached disks are supported only in GKE version 1.33.2-gke.1240000 and later. In earlier GKE versions, creating PersistentVolumeClaims on Windows nodes that use NVMe volumes results in errors. For more information about the disk interface types that are used by machine families, see the Compute Engine Machine series comparison.

If you have Windows workloads that use machine families that support only NVMe, upgrade your clusters to version 1.33.2-gke.1240000 or later.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-pubsub

2.31.0 (2025-06-26)

Features
  • Add MessageTransformationFailureReason to IngestionFailureEvent (#1427) (8ab13e1)
Bug Fixes
  • Surface Fatal Stream Errors to Future; Adjust Retryable Error Codes (#1422) (e081beb)
Security Command Center

In the Google Kubernetes Engine (GKE) security posture dashboard, the software vulnerabilities pane is available in Preview, not General Availability.

Spanner

Spanner Data Boost supports data stored on hard disk drives (HDD). This feature is generally available (GA).

VPC Service Controls

Preview stage support for the following integration:

Vertex AI

Multimodal MedGemma 27B IT, MedSigLIP, and T5Gemma models are available through Model Garden.

July 13, 2025

Google SecOps SOAR

Release 6.3.53 is being rolled out to the first phase of regions as listed here.

This release contains internal and customer bug fixes.

July 12, 2025

Google SecOps SOAR

Release 6.3.52 is now available for all regions.

July 11, 2025

Agent Assist

Google Cloud provides quotas for using Agent Assist APIs. Each feature uses specific APIs, which have their own quotas.

Backup and DR

We're excited to announce the launch of Editable Backup Plans, a new feature designed to give you more flexibility and control over your data protection strategy. You can now modify your existing backup plans directly, eliminating the need to create new plans and reassign them when your requirements change. This makes it easier than ever to adapt to evolving business needs, optimize for cost, and correct configuration errors on the fly.

What's new:

  • Directly Edit Key Settings: You can now change the description, schedule, backup window, and retention periods of your existing backup plans. You can also add or remove backup rules as needed.

  • Automatic Updates: Once a plan is edited, the changes are automatically applied to all resources protected by that plan for all future backups. There's no need to manually detach and reattach the plan.

  • Backward Compatibility: This new capability is available for all backup plans, including those created before this update.

Important Note: While most settings in a backup plan are now editable, the assigned backup vault cannot be changed. To store backups in a different vault, a new backup plan must be created.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, and Feed APIs.

  • Parameter Manager
    • parametermanager.googleapis.com/Parameter
    • parametermanager.googleapis.com/ParameterVersion
Google Kubernetes Engine

(2025-R29) Version updates

(2025-R29) Version updates

(2025-R29) Version updates

(2025-R29) Version updates

(2025-R29) Version updates

(2025-R29) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

Stable channel

Extended channel

No channel

Security Command Center

Notebook Security Scanner is a built-in package vulnerability detection service of Security Command Center. This feature is available in Preview to the Security Command Center Premium or Enterprise tier.

You can enable and use Notebook Security Scanner to detect vulnerabilities in Python packages that are used in Colab Enterprise notebooks (files with the ipynb filename extension) and resolve those package vulnerability findings.

Vertex AI

To reduce the cost of running your inference jobs, you can now use flex-start VMs, which are powered by Dynamic Workload Scheduler. Flex-start VMs offer significant discounts and are well-suited for short-duration workloads. This feature is available in Preview.

For more information, see Use DWS flex-start VMs with inference.

July 10, 2025

AI Hypercomputer

Generally available: You can now manage the Collective Communication Analyzer (CoMMA), a library that uses the NVIDIA Collective Communication Library (NCCL) profiler plugin to collect detailed NCCL telemetry for GPU machine types. The collected performance metrics and operational events are used for analyzing and optimizing large-scale AI and ML training workloads.

CoMMA is automatically installed and enabled on A4X, A4 High, and A3 Ultra machine types when using specific images. You can manage this data collection by disabling the plugin, adjusting its data granularity levels, or manually installing it on other GPU machine types. For more information, see Enable, disable, and configure CoMMA.

Anthos Attached Clusters

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anti Money Laundering AI

A new major engine version is now available for Retail and Commercial lines of business, within the v4 tuning version. This includes a more reliable training performance when using optional enum input fields.

Google Cloud Contact Center as a Service

Portal version 3.37 pre-release notes

Here are the pre-release notes for portal version 3.37. When we release version 3.37, we expect the new capabilities to be as shown here.

Restrict email transfers

You can now configure your instance to prevent users with the agent role from transferring email sessions to other agents. Agents can still assign unassigned emails to themselves, and users with the manager role can still transfer email sessions from agent to agent.

Administrators: There's a new Transfer Restrictions pane at Settings > Queue > Email > Edit / View > [queue] > Transfer Restrictions > Configure.

Skip the connecting message playback

You can now configure your instance to skip playback of the connecting message when calls are connected to agents.

Administrators: The Settings > Call > Call Details pane contains a new Skip the Connecting Message playback checkbox.

Workforce Management terminology update

We've updated the terminology in the Workforce Management interface to align with Google Cloud CCaaS terminology. For example, we've changed "supervisor" to "manager", "employee" to "agent", and "Supervisor Portal" to "Manager Portal".

Generative knowledge assist is available in Agent Desktop

Generative knowledge assist is now available in Agent Desktop as a widget that you can drag into a desktop panel.

For more information, see Create desktop panels.

Generative knowledge assist is available in the agent adapter

Generative knowledge assist is now available in the agent adapter.

Web SDK version 3.37

Starting with version 3.37, web SDK releases align with portal releases and share the same version number.

Web SDK version 3.37 includes the following update: we've improved the accessibily of the web SDK to be in compliance with the European Accessibility Act.

The following issues were addressed in this release:

  • Fixed an issue where a blank error message box appeared in the agent adapter when a call connected.
  • Fixed an issue where the notification icon for a new message or event in the chat adapter didn't clear after the agent viewed the message or event.
  • Fixed a Conversational Insights issue where conversation recordings were split into a file for the human agent segment and a file for the virtual agent segment. Now all call segments are aggregated into a single recording file, which is more useful for conversational analysis.
  • Fixed an issue where a single call was being reported as two separate calls after the following occurred: (1) A call was escalated from a virtual agent to a queue, (2) An agent clicked Answer in the agent adapter, and (3) The end-user hung up before the countdown was complete.
  • Fixed an issue where agents were unsure whether their action of declining a call was taking effect. Now, after an agent declines a call, the Decline button changes to Declining..., the Answer button is deactivated, and a message displays indicating that the call was declined.
  • Fixed the message that appeared in the agent adapter when an agent left a multi-party session. Instead of saying that the session will be tranferred to the remaining agents(s), the message now says that the session will be transferred to the remaining participant(s). This is because the remaining participants might not be agents.
  • Fixed an issue where administators were unable to monitor or barge into calls.
  • Fixed an issue where the Decline button didn't display or didn't work correctly in the agent adapter when the following occurred: (1) An agent was in an active call, and (2) The agent received a second call on their direct number.
  • Fixed an issue where clearing the Play Call Recording Message checkbox in Settings > Call > Call Details pane didn't work if the queue was configured for human agents and virtual agents or virtual agents only.
  • Fixed an issue where the Transfer failed error message failed to appear in the call adapter after the following occured: a transferred call wasn't answered before the unanswered call expiration time expired.
  • Fixed an issue where an agent on a team that was assigned to a queue wasn't able to select their desired queue to make an outbound call. We also improved the text at Settings > Call > Call Details > Queue Selection for Outbound Call to better describe the call adapter behavior.
  • Fixed an issue where the missed chat message didn't appear after the missed chat threshold expired.
  • Fixed an issue where end-users were unable to download chat transcripts containing special characters, emoji, or redacted content.
  • Fixed an issue with the web SDK where configuring custom system messages with empty quotes or NULL values didn't fully suppress the messages.
  • Fixed an issue with the web SDK where some non-English characters in downloaded chat transcripts were appearing as question marks.
  • Fixed an issue in Hubspot where recordings of transferred calls were failing to save.
  • Fixed an issue in Salesforce where the Call button in the call adapter wasn't working for outbound calls to a phone number that was associated with a previous record.
Looker Studio

New alignment option for Cartesian charts

The new Align with grid setting lets you set the alignment of the chart legend with the position of the chart grid, instead of aligning with the chart title.

This setting is available for Cartesian charts in reports that have modern charts enabled.

Security Command Center

In the Google Cloud console, the Google Kubernetes Engine (GKE) security posture dashboard shows the top software vulnerabilities that affect your GKE workloads. This feature is in General Availability.

Vertex AI Workbench

M131 release

The M131 release of Vertex AI Workbench instances includes the following:

  • Updated the Dataproc JupyterLab plugin to version 0.1.89.

July 09, 2025

AI Applications

AI Applications: Quotas

AI Applications offers the following allocation quotas in the global region (global), the US multi-region (us), and the EU multi-region (eu) under the Discovery Engine API:

  • Number of data stores per project
  • Number of documents per project
  • Number of engines per project
  • Number of user events

The number of data stores, documents, user events, and engines across all locations can't exceed the total per-project quota for that resource.

For more information, see Quotas.

Apigee hybrid

hybrid v1.13.4

On July 9, 2025 we released an updated version of the Apigee hybrid software, 1.13.4.

Bug ID Description
420675540 Fixed Cassandra based replication for runtime contracts in synchronizer.
401746333 Fixed a java.lang.ClassCircularityError that could occur in Java Callouts due to an issue with the class loading mechanism.
382565315 A memory leak within the Security Policy has been addressed, improving system stability.
375360455 Updated apigee-runtime drain timeout to 300s to fix connection termination issue during pod termination.
Bug ID Description
396944778 Security fixes for apigee-synchronizer.
This addresses the following vulnerabilities:
392934392 Security fixes for apigee-logger.
N/A Security fixes for apigee-mart-server.
This addresses the following vulnerability:
N/A Security fixes for apigee-mint-task-scheduler.
This addresses the following vulnerability:
N/A Security fixes for apigee-redis.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-runtime.
This addresses the following vulnerability:
N/A Security fixes for apigee-synchronizer.
This addresses the following vulnerability:
N/A Security fixes for vault.
This addresses the following vulnerability:
Cloud Composer

A new Cloud Composer release has started on July 9, 2025. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.

We are gradually rolling out a change that switches the default version from Cloud Composer 2 to Cloud Composer 3 in the Cloud Composer API.

In regions where the change is rolled out, a Cloud Composer 3 environment is created by default when a version is not specified in Google Cloud CLI, Cloud Composer API, or Terraform. If you use automation scripts to provision Cloud Composer 2 environments, make sure that you explicitly specify a Cloud Composer 2 version.

In this release, the change is rolling out in the following regions: africa-south1, asia-northeast2, asia-south2, asia-southeast2, europe-southwest1, europe-west10, europe-west12, europe-west8, me-central1, me-central2, me-west1, southamerica-west1, and us-south1.

(Available without upgrading) During Cloud Composer 2 environment operations, a more informative error message is returned when an environment's web server has connectivity issues.

New images are available in Cloud Composer 2:

Cloud Composer versions 2.8.4 and 2.8.5 have reached their end of support period.

Cloud Load Balancing

Application Load Balancers and Proxy Network Load Balancers now support TLS certificates with large key sizes. Previously, these load balancers supported only certificates with RSA-2048 or ECDSA P-256 key types. With this update, you can now use self-managed certificates with RSA-3072, RSA-4096, and ECDSA P-384 keys.

Key details:

  • Supported key types (for self-managed certificates): RSA-2048, RSA-3072, RSA-4096, ECDSA P-256, and ECDSA P-384

  • Load balancing coverage for self managed certificates:

    • Certificate Manager SSL certificates: Global and regional load balancing

    • Compute Engine SSL Certificates: Regional load balancing

  • Pricing: An additional charge of $0.45 per 1 million connections applies with certificates that use RSA-3072 and RSA-4096 key types. There are no per-connection charges for certificates that use RSA-2048, ECDSA P-256, or ECDSA P-384 key types.

For more information, see the documentation for Supported key types.

This capability is now in General Availability.

Cloud Service Mesh

1.25.3-asm.8 is now available for in-cluster Cloud Service Mesh.

You can now download 1.25.3-asm.8 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.25.3 subject to the list of supported features. Cloud Service Mesh version 1.25.3-asm.8 uses envoy v1.33.4-dev.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

1.24.6-asm.4 is now available for in-cluster Cloud Service Mesh.

You can now download 1.24.6-asm.4 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.24.6 subject to the list of supported features. Cloud Service Mesh version 1.24.6-asm.4 uses envoy v1.32.7-dev.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

1.23.6-asm.11 is now available for in-cluster Cloud Service Mesh.

You can now download 1.23.6-asm.11 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.23.6 subject to the list of supported features. Cloud Service Mesh version 1.23.6-asm.11 uses envoy v1.31.9-dev.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

Google Cloud Managed Service for Apache Kafka

General availability: Metrics for all Google Cloud Managed Service for Apache Kafka resources are now available, with some exceptions. Exceptions include the request_count and topic_error_count metrics for Kafka clusters and Kafka Connect connectors. For a list of supported metrics, see Metrics for Cloud Managed Service for Apache Kafka.

Google SecOps Marketplace

BMC Remedy ITSM: Version 9.0

  • Updated input parameter processing in the following action:

    • Create Incident

ServiceNow: Version 58.0

  • Updated processing of record object in the following connector:

    • ServiceNow - ServiceNow Connector

Siemplify: Version 93.0

  • Updated action logic in the following actions:

    • Get Case Details

    • Get Similar Cases

Secret Manager

Enhanced tagging capabilities for Secret Manager: You can now add tags directly at the time of secret creation. This new feature lets you provide essential metadata for your resources and helps with better organization, cost tracking, and automated policy application from the time a secret is created. In addition to this, tagging for regional secrets is now fully supported, both during secret creation and for existing regional secrets. For more information, see the documentation on tags for global secrets and regional secrets.

Soft-enforced rate limits for modifying secrets and secret versions: We have introduced soft-enforced rate limits for the following operations in Secret Manager:

  • AddSecretVersion
  • UpdateSecret
  • EnableSecretVersion
  • DisableSecretVersion
  • DestroySecretVersion

Soft enforcement lets us continue serving requests beyond the defined quota as long as our backend systems can comfortably handle the increased load. For details, see the Quotas and limits documentation.

Virtual Private Cloud

Dynamic Private Service Connect interfaces are available in Preview. You can update VM instances to add or remove dynamic Private Service Connect interfaces without restarting or recreating the instance.

For more information, see Private Service Connect interface types.

VPC Network Peering supports peering connections in consensus mode. This feature is available in Preview. For more information, see Update strategy.

July 08, 2025

App Hub

Dataproc Metastore services are now generally available (GA).

BigQuery

Starting August 1, 2025, GoogleSQL will become the default dialect for queries run from the command line interface (CLI) or API. To use LegacySQL, you will need to explicitly specify it in your requests or set the configuration setting default_sql_dialect_option to 'default_legacy_sql' at the project or organization level.

Cloud Life Sciences

As of July 8, 2025, Cloud Life Sciences is beginning to shut down.

Batch is generally available and is a comprehensive successor that supports all use cases for Cloud Life Sciences. Learn how to migrate to Batch.

Cloud Load Balancing

Zonal affinity, configured on the backend service of an internal passthrough Network Load Balancer, lets you limit cross-zone traffic, reduce latency, and improve performance, all while maintaining the benefits of a multi-zonal architecture.

Internal passthrough Network Load Balancers support three zonal affinity options that offer varying degrees of preference for routing new connections to eligible backends that are in the same zone as a supported client.

For more information, see Zonal affinity for internal passthrough Network Load Balancers.

This feature is in Preview.

Cloud SQL for SQL Server

Cloud SQL for SQL Server now offers Active Directory support for write endpoints. For more information, see Write endpoints across forests.

Cloud Storage

You can now create caches with Anywhere Cache in the us-west3-a, us-west3-b, and us-west3-c zones. For more information about supported locations for Anywhere Cache, see Supported locations.

Generative AI on Vertex AI

Vertex AI Agent Engine

Vertex AI Agent Engine Memory Bank is now available in Preview. Memory Bank lets you dynamically generate long-term memories based on users' conversations with your agent.

Google Cloud Armor

Cloud Armor preconfigured WAF rules can now inspect up to the first 64kB (either 8kB, 16kB, 32kB, 48kB, or 64kB) of the POST or PATCH request body content in Preview.

Google Cloud Contact Center as a Service

Mobile SDK 2.13 is released

Mobile SDK 2.13 includes the following updates:

  • End-users can download chat transcripts to their devices during a session or after a session ends. For more information, see Download chat transcripts using the web SDK and mobile SDKs.

  • The user experience with post-session virtual assistants is improved in the following ways:

    • You can configure an opt-in banner to appear for the post-session virtual assistant experience.

    • The user interface makes it easier for an end-user to know whether they are speaking to a human agent or a post-session virtual agent.

  • End-users can navigate the user interface using keyboard shortcuts in conformance with the W3C Web Content Accessibility Guidelines.

  • You can configure your instance to let end-users skip customer satisfaction surveys.

The following issues were addressed in this release:

  • Android SDK:

    • Fixed an issue where system messages containing an empty space were being sent, even though the message strings were set to NULL.

  • iOS SDK:

    • Fixed an issue where the "Skip the human agent" button was displayed after an end-user was transferred to a virtual agent.

    • Fixed an issue where a notification sound played for new chat messages despite the end-user disabling notifications.

SAP on Google Cloud

BigQuery Connector for SAP version 2.9

Version 2.9 of the BigQuery Connector for SAP is generally available (GA). This version introduces Change Data Capture (CDC) replication of SAP data into BigQuery through Pub/Sub. This replication path keeps your BigQuery tables up-to-date with the latest changes from your SAP data sources, eliminating the need for custom deduplication.

For more information, see What's new with BigQuery Connector for SAP.

Secure Source Manager

Secure Source Manager is now available in the following regions:

  • australia-southeast1 (Sydney)
  • asia-northeast1 (Tokyo)
Virtual Private Cloud

The following features of policy-based routes are available in General Availability:

  • Applying policy-based routes to IPv6 traffic
  • Using a next hop that is in a peered VPC network

For more information, see Create policy-based routes.

July 07, 2025

AI Hypercomputer

Preview: You can use future reservations in calendar mode to obtain resources for up to 90 days. By creating a request in calendar mode, you can reserve up to 80 GPU VMs for a future date and time. Then, you can use that capacity to run the following workloads:

  • Model pre-training

  • Model fine-tuning

  • Simulations

  • Inference

For more information, see Choose a consumption option.

BigQuery

You can now use your Google Account user credentials to authorize the execution of a data preparation in development. For more information, see Manually run a data preparation in development. This feature is in preview.

Bigtable

When you undelete a table, Bigtable automatically enables deletion protection for that table.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-storage

3.2.0 (2025-07-04)

Features
Cloud Workstations

Cloud Workstations is available in the europe-central2 region (Warsaw). For more information, see Locations.

Container Optimized OS

cos-121-18867-90-77

Kernel Docker Containerd GPU Drivers
COS-6.6.93 v27.5.1 v2.0.4 See List

Upgraded app-admin/sudo to v1.9.17_p1. This resolves CVE-2025-32462 and CVE-2025-32463.

cos-117-18613-263-58

Kernel Docker Containerd GPU Drivers
COS-6.6.93 v24.0.9 v1.7.27 See List

Upgraded app-admin/sudo to v1.9.17_p1. This resolves CVE-2025-32462 and CVE-2025-32463.

cos-113-18244-382-54

Kernel Docker Containerd GPU Drivers
COS-6.1.141 v24.0.9 v1.7.27 See List

Upgraded app-admin/sudo to v1.9.17_p1. This resolves CVE-2025-32462 and CVE-2025-32463.

cos-109-17800-519-41

Kernel Docker Containerd GPU Drivers
COS-6.1.141 v24.0.9 v1.7.27 See List

Upgraded app-admin/sudo to v1.9.17_p1. This resolves CVE-2025-32462 and CVE-2025-32463.

Dataproc

The Cluster Scheduled Stop feature is available in preview. You can use this feature to stop clusters after a specified idle period, at a specified future time, or after a specified period from the cluster creation or update request.

Google Cloud Contact Center as a Service

Session metadata in Conversational Insights conversations is GA

The Google Cloud CCaaS capability of including session metadata when creating conversations in Conversational Insights is now generally available (GA). Metadata values are available for each conversation. For more information, see Conversational Insights and Quality AI.

Google Cloud VMware Engine

When upgrading to Windows Server 2022 or newer images on your GCVE private clouds, you can use a combination of Windows Server BYOL for Windows Server 2019 and earlier images and on-demand licensing for Google-provided Windows Server 2022. For more information, see Use a combination of BYOL and on-demand Windows Server licenses from Google.

Google SecOps

Dashboards for enhanced visualizations and threat hunting

You can now use the Google SecOps Dashboards to enhance data visualization, investigations, and threat hunting.

Key capabilities include:

  • SOAR data availability
  • Downloadable reports
  • Custom drilldowns
  • Markdown widgets
  • 51 curated dashboards covering a broad range of security categories and use cases.

For more information, see Dashboards.

Google SecOps SIEM

Dashboards for enhanced visualizations and threat hunting

You can now use the Google SecOps Dashboards to enhance data visualization, investigations, and threat hunting.

Key capabilities include:

  • SOAR data availability
  • Downloadable reports
  • Custom drilldowns
  • Markdown widgets
  • 51 curated dashboards covering a broad range of security categories and use cases.

For more information, see Dashboards.

Memorystore for Redis Cluster

You can now use the Google Cloud console to work with cross-region replication. This feature is Generally Available.

Memorystore for Valkey

The feature to create Memorystore for Valkey instances in Cluster Enabled and Cluster Disabled modes is now Generally Available.

July 06, 2025

Google SecOps SOAR

Release 6.3.52 is being rolled out to the first phase of regions as listed here.

This release contains the following feature:

Share Case Queue Filters

You can now share case queue filters with other users. These filters can be saved with specific criteria, such as assignee roles, and shared with individual users, SOC roles, or all users in your organization for quick access.

For more information, see Apply and save filters.

July 05, 2025

Google SecOps

Share Case Queue Filters

You can now share case queue filters with other users. These filters can be saved with specific criteria, such as assignee roles, and shared with individual users, SOC roles, or all users in your organization for quick access.

For more information, see Apply and save filters.

Google SecOps SOAR

Release 6.3.51 is now available for all regions.

July 04, 2025

Dataproc

New Dataproc on Compute Engine subminor image versions:

2.3.5-debian12, 2.3.5-ubuntu22, and 2.3.5-rocky9.

Serverless for Apache Spark (formerly known as Dataproc Serverless for Spark) now supports OS Login organization policy. Organizations, folders, and projects that enforce the OS Login policy can now use Serverless for Apache Spark.

Document AI

Document AI now supports Identity and Access Management (IAM) deny policies. These policies allow you to define deny rules that prevent certain principals from using certain permissions to access Google Cloud resources, regardless of the roles they're granted.

For more information, read Deny policy overview and Document AI security and compliance.

Document AI VPC service controls (VPC-SC) integration now supports identity groups.

For more information on setting up VPC-SC identity groups, read Configure identity groups and third-party identities in ingress and egress rules.

Sensitive Data Protection

Sensitive Data Protection can detect and redact the following object infoTypes in images:

  • OBJECT_TYPE/BARCODE
  • OBJECT_TYPE/LICENSE_PLATE
  • OBJECT_TYPE/PERSON
  • OBJECT_TYPE/WHITEBOARD

For more information, see the following:

July 03, 2025

Document AI

The Document AI CDE processor now supports merging the child entities of nested entities that extend across several pages. This is supported in custom extractor model pretrained-foundation-model-v1.5-2025-05-05.

This change is automatically present in existing and newly created processors.

For customers with existing v1.5 processors to make use of this feature, you must relabel the nested entities in different pages.

To learn more about the labeling process, refer to our Label documents documentation.

Generative AI on Vertex AI

Vertex AI Agent Garden

Vertex AI Agent Garden now supports filtering by tags.

SAP on Google Cloud

ABAP SDK for Google Cloud version 1.11 (On-premises or any cloud edition)

Version 1.11 of the on-premises or any cloud edition of the ABAP SDK for Google Cloud is generally available (GA). This version introduces support for Anthropic Claude models through the Vertex AI SDK for ABAP, integration with the Model Armor API for LLM prompt security, and the WIF authentication validation feature. In addition, this version includes minor enhancements and bug fixes.

For more information, see What's new with the on-premises or any cloud edition of the ABAP SDK for Google Cloud.

July 02, 2025

AI Applications

Vertex AI Search: Search for an exact match (GA)

To search for an exact match, you can enclose your search query in double quotes ("). For example, when you search for "Mary had a little lamb", Vertex AI Search looks for the phrase exactly as it is. It doesn't return search results that contain Mary had lamb, which has missing words; or a little lamb had Mary, which has the words in a different order.

This feature is Generally available when you use the engines.servingConfigs.search method to get search results for custom data, media data, and healthcare data.

Cloud Composer

Cloud Composer 1 and Cloud Composer 2 environments with version 2.0.x are approaching their end of life. We're planning to deprecate them in the following way:

  • Starting September 15, 2025, you will no longer be able to create new Cloud Composer 1 environments.
  • On September 15, 2026, all Cloud Composer 1 and Cloud Composer 2 version 2.0.x environments will reach their planned end of life, and you won't be able to use them.

Cloud Composer 2 environments with versions later than 2.1.0 and all Cloud Composer 3 environments are not affected by this deprecation.

We recommend planning migration to Cloud Composer 3 or upgrading your Cloud Composer 2 environments to a later version.

Cloud SQL for MySQL

The write endpoint feature for Cloud SQL Enterprise Plus edition instances is now generally available (GA). This endpoint is a global domain name service (DNS) name and resolves to the IP address of the current primary Cloud SQL instance that's enabled with private services access.

By using a write endpoint, you can avoid having to make application connection changes after performing a switchover or replica failover operation to test or mitigate a region failure.

For more information, see Connect to an instance using a write endpoint.

Cloud SQL for PostgreSQL

The write endpoint feature for Cloud SQL Enterprise Plus edition instances is now generally available (GA). This endpoint is a global domain name service (DNS) name and resolves to the IP address of the current primary Cloud SQL instance that's enabled with private services access.

By using a write endpoint, you can avoid having to make application connection changes after performing a switchover or replica failover operation to test or mitigate a region failure.

For more information, see Connect to an instance using a write endpoint.

Cloud Storage

Bucket IP filtering for Cloud Storage is now generally available (GA). Bucket IP filtering provides enhanced control over access to your data, allowing you to restrict incoming requests to your Cloud Storage buckets based on their source IP addresses or their Google Cloud Virtual Private Cloud.

Compute Engine

Preview: You can reserve GPU VMs that use A4 and A3 Ultra machine types by using future reservations in calendar mode. This feature lets you reserve up to 80 GPU VMs for up to 90 days to obtain capacity for the following workloads:

  • Model pre-training jobs

  • Model fine-tuning jobs

  • High performance computing (HPC) simulation workloads

  • Short-term expected increases in inference workloads

For more information, see About future reservation requests in calendar mode.

Generally available: You can create Z3 VMs using smaller machine types, ranging in size from 14 to 88 vCPUs. Also, Z3 now offers -standardlssd and -highlssd predefined machine types. These new machine types have different amounts of Local SSD capacity per vCPU.

When you use Local SSD disks with Z3 VMs, you can receive committed use discounts (CUDs) without needing to attach reservations to your commitments.

For more information, see Storage-optimized machines.

Preview: The general purpose C4 machine series now supports the following machine types on Intel's Xeon 6 processor (Granite Rapids):

  • C4 VMs with Titanium Local SSD attached using two new machine types:
    • c4-standard-*-lssd
    • c4-highmem-*-lssd
  • Three new bare metal machine types:
    • c4-standard-288-metal
    • c4-highcpu-288-metal
    • c4-highmem-288-metal
  • C4 standard, highmem, and highcpu VMs with 144 and 288 vCPUs

To learn more, see the C4 machine series.

For more information, about the attached Local SSD disks, see Machine types that automatically attach Local SSD disks.

Google Cloud Contact Center as a Service

Version 3.36 is released

All release notes published on this date are part of version 3.36.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Configure storage of Screen Share recordings

You can now configure how long to store Screen Share recordings in your external storage settings. You can also now store Screen Share recordings that originated from the Screen Share adapter.

Administrators: The CRM Comments Creation Details pane at Settings > Operation Management has new Post Cobrowse recording link to CRM record settings. You need to contact Google support to enable Screen Share recordings.

For more information, see Set up external storage for CRMs.

Restrict auto-assignment for email queues

You can now configure email queues so that incoming emails are auto-assigned only during queue operating hours or to agents who are signed in.

Administrators: The Auto assignment dialog at Settings > Queue > Email Edit/View > [queue name] > Automatic assignment > Configure has two new checkboxes.

For more information, see Email auto assignment.

Salesforce: New closed record options for scheduled calls

If you've integrated Google Cloud CCaaS with the Salesforce CRM, you can configure how your instance handles scheduled calls for closed records. Here are the configuration options that are available with Salesforce integrations:

  • Don't look up record status. Your instance doesn't look up record status and makes the scheduled call regardless of whether the record is open or closed.

  • Look up record status and reopen closed records. Your instance looks up record status before making a scheduled call and reopens records that are closed.

  • Look up record status and cancel scheduled calls for closed records. Your instance looks up record status before making a scheduled call and cancels scheduled calls for records that are closed.

Administrators: The CRM Record Creation Details pane at Settings > Operation Management has new settings at Closed record options when initiating an API-scheduled call.

For more information, see Schedule calls with Salesforce.

The following issues were addressed in this release:

  • Fixed an issue where calls weren't being assigned to the correct agent in Google Cloud CCaaS reporting.
  • Fixed an issue where calls weren't being assigned to the correct agent in the CRM.
  • Fixed an issue where the communication between a virtual task assistant and an end-user was not included in the Agent Assist live transcript in the agent adapter.
  • Fixed an issue where agent outbound calls generated incorrect URLs in reporting. URLs contained ticket instead of tickets.
  • Fixed an issue where newly created global contact list destinations were not available in the Overcapacity Deflection settings for IVR queues.
  • Fixed an issue where the on_email_thread_created event listener was mistakenly logging customer names and email addresses.
  • Fixed an issue where uploading a new overcapacity deflection message didn't replace the existing message.
  • Fixed an issue where agents were not being assigned chat sessions while routing was configured for deltacast.
  • Fixed an issue where attachments were lost when: (1) A chat session was transfered to another agent, or (2) After a chat auto-dismissed, an end-user restarted the chat with the same agent in the same queue.
  • Fixed an issue where chats didn't time out after being inactive for longer than the chat timeout setting for the queue.
  • Fixed an issue where agents who were removed from a chat session using the Connected Chats page were not fully disconnected from the session. These agents remained in the conversation tile, couldn't remove themselves from the session, and couldn't receive new chats.
  • Fixed an issue where chats initiated outside of working hours generated incorrect chat transcripts. Instead of indicating that the support center was closed, the transcipts indicated that customer support was experiencing high volume.
  • Fixed an issue where an external agent and an end-user couldn't communicate after an internal agent did the following: (1) Answered the call, (2) Put the end-user on hold, (3) tranferred the call to a queue with auto redirect to an external number, and (4) failed to release the hold before leaving the call.
  • Fixed an issue where end-users with a blocked phone number were able to contact support using chat.
  • Fixed an issue where the global disposition list appeared in the chat adapter during wrap-up instead of the disposition list for the agent's queue.
  • Fixed an issue where a barge-in event interrupted an agent's audio.
  • Fixed an issue where call session recordings were either not being sent to external storage or they were sent in the wrong file format.
  • Fixed an issue in advanced reporting dashboards where chats appeared in the chat waiting menu even after the chat sessions ended.
  • Fixed an issue where the agent desktop translations in French (Canada) and Japanese were not complete.
  • Fixed an issue where the system was generating duplicate After Call Work records for a single wrap-up.
  • Fixed an issue where bulk upload containing new users assigned to teams failed.
  • Fixed an issue where the chat adapter failed to appear after Nexmo VOIP initialization failed.
  • Fixed an issue where saving chat transcripts to a CRM failed.
Google Kubernetes Engine

(2025-R28) Version updates

(2025-R28) Version updates

(2025-R28) Version updates

(2025-R28) Version updates

(2025-R28) Version updates

(2025-R28) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

Stable channel

Extended channel

No channel

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have been updated. Each parser is listed by product name and log_type value, where applicable. This list includes both released default parsers and pending parser updates.

  • 1Password (ONEPASSWORD)
  • Apache (APACHE)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Aruba Switch (ARUBA_SWITCH)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS CloudWatch (AWS_CLOUDWATCH)
  • AWS GuardDuty (GUARDDUTY)
  • AWS Lambda Function (AWS_LAMBDA_FUNCTION)
  • AWS S3 Server Access (AWS_S3_SERVER_ACCESS)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • AWS VPC Flow (CSV) (AWS_VPC_FLOW_CSV)
  • Azure AD (AZURE_AD)
  • Azure Application Gateway (AZURE_GATEWAY)
  • Azure Firewall (AZURE_FIREWALL)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Azure VNET Flow (AZURE_VNET_FLOW)
  • BIND (BIND_DNS)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Brocade Switch (BROCADE_SWITCH)
  • Carbon Black (CB_EDR)
  • Carbon Black App Control (CB_APP_CONTROL)
  • Check Point (CHECKPOINT_FIREWALL)
  • Chronicle SOAR Audit (CHRONICLE_SOAR_AUDIT)
  • Cisco Application Centric Infrastructure (CISCO_ACI)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Email Security (CISCO_EMAIL_SECURITY)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco IronPort (CISCO_IRONPORT)
  • Cisco ISE (CISCO_ISE)
  • Cisco NX-OS (CISCO_NX_OS)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Umbrella Web Proxy (UMBRELLA_WEBPROXY)
  • Cisco vManage SD-WAN (CISCO_SDWAN)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Claroty Continuous Threat Detection (CLAROTY_CTD)
  • Cloudflare (CLOUDFLARE)
  • CrowdStrike Detection Monitoring (CS_DETECTS)
  • CrowdStrike Falcon (CS_EDR)
  • Crowdstrike IOC (CROWDSTRIKE_IOC)
  • Custom Security Data Analytics (CUSTOM_SECURITY_DATA_ANALYTICS)
  • CyberArk Endpoint Privilege Manager (EPM) (CYBERARK_EPM)
  • Cyberark Privilege Cloud (CYBERARK_PRIVILEGE_CLOUD)
  • Darktrace (DARKTRACE)
  • Datadog (DATADOG)
  • Dell Switch (DELL_SWITCH)
  • Elastic Defend (ELASTIC_DEFEND)
  • ESET AV (ESET_AV)
  • ExtraHop RevealX (EXTRAHOP)
  • F5 Advanced Firewall Management (F5_AFM)
  • F5 ASM (F5_ASM)
  • FireEye ETP (FIREEYE_ETP)
  • FireEye NX (FIREEYE_NX)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet Web Application Firewall (FORTINET_FORTIWEB)
  • GitHub (GITHUB)
  • Guardicore Centra (GUARDICORE_CENTRA)
  • H3C Comware Platform Switch (H3C_SWITCH)
  • IBM Cloud Activity Tracker (IBM_CLOUD_ACTIVITY_TRACKER)
  • IBM Security Verify Access (IBM_SVA)
  • IBM zSecure Alert (IBM_ZSECURE_ALERT)
  • Imperva (IMPERVA_WAF)
  • Infoblox (INFOBLOX)
  • Infoblox DHCP (INFOBLOX_DHCP)
  • KnowBe4 PhishER (KNOWBE4_PHISHER)
  • LastPass Password Management (LASTPASS)
  • Linux Auditing System (AuditD) (AUDITD)
  • Microsoft AD (WINDOWS_AD)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft IIS (IIS)
  • Netskope V2 (NETSKOPE_ALERT_V2)
  • NGINX (NGINX)
  • Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Openpath (OPENPATH)
  • Opnsense (OPNSENSE)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Cortex XDR Events (PAN_CORTEX_XDR_EVENTS)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Palo Alto Prisma Access (PAN_CASB)
  • Ping Federate (PING_FEDERATE)
  • Ping Identity (PING)
  • PostgreSQL (POSTGRESQL)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • Red Hat OpenShift (REDHAT_OPENSHIFT)
  • Remediant SecureONE (REMEDIANT_SECUREONE)
  • Riverbed Steelhead (STEELHEAD)
  • SailPoint IAM (SAILPOINT_IAM)
  • Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
  • Security Command Center Threat (N/A)
  • Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
  • Symantec DLP (SYMANTEC_DLP)
  • Sysdig (SYSDIG)
  • Teradata DB (TERADATA_DB)
  • Terraform Enterprise Audit (TERRAFORM_ENTERPRISE)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • Tripwire (TRIPWIRE_FIM)
  • Vectra Detect (VECTRA_DETECT)
  • Vectra Stream (VECTRA_STREAM)
  • Versa Firewall (VERSA_FIREWALL)
  • VMware AirWatch (AIRWATCH)
  • VMware ESXi (VMWARE_ESX)
  • Voltage (VOLTAGE)
  • WatchGuard (WATCHGUARD)
  • Windows DHCP (WINDOWS_DHCP)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Hyper-V (WINDOWS_HYPERV)
  • wiz.io (WIZ_IO)
  • Workday (WORKDAY)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Zscaler (ZSCALER_WEBPROXY)
  • Zscaler CASB (ZSCALER_CASB)
  • ZScaler Deception (ZSCALER_DECEPTION)
  • Zscaler DLP (ZSCALER_DLP)
  • Zscaler Tunnel (ZSCALER_TUNNEL)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, where applicable.

  • Akamai Kona Edge Grid (AKAMAI_KONA_EDGE_GRID)
  • Azure Compute (AZURE_COMPUTE)
  • Bluecat Micetro IP Address Management (BLUECAT_MICETRO_IPAM)
  • Cloudera Ranger (CLOUDERA_RANGER)
  • Cyberark Identity (CYBERARK_IDENTITY)
  • Fortinet FortiDLP (FORTINET_FORTIDLP)
  • IBM Cognos Analytics (IBM_COGNOS)
  • IBM Planning Analytics (IBM_PA)
  • Ironclad (IRONCLAD)
  • Ivanti Endpoint Manager Mobile (IVANTI_ENDPOINT_MANAGER_MOBILE)
  • Mimecast Mail V2 (MIMECAST_MAIL_V2)
  • Minsait Sigefi (MINSAIT_SIGEFI)
  • Netskope One Secure SD-WAN (NETSKOPE_SDWAN)
  • Proxmox (PROXMOX)
  • Radware Bot (RADWARE_BOT)
  • ScaleFusion for Windows MDM (SCALEFUSION)
  • Titan SFTP Server (TITAN_SFTP)
  • ZoomInfo (ZOOMINFO)
  • Zscaler Email DLP Insights (ZSCALER_EMAIL_DLP_INSIGHTS)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps Marketplace

Okta: Version 9.0

  • The following new action has been added:

    • Send SSF to Okta

CrowdStrike Falcon: Version 62.0

  • Updated JSON Result structure in the following action:

    • List Hosts

Google Chronicle: Version 61.0

  • Updated action processing logic in the following action:

    • Execute UDM Query

Vertex AI: Version 3.0

  • Integration: Updated the handling of non-Google models.
Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have been updated. Each parser is listed by product name and log_type value, where applicable. This list includes both released default parsers and pending parser updates.

  • 1Password (ONEPASSWORD)
  • Apache (APACHE)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Aruba Switch (ARUBA_SWITCH)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS CloudWatch (AWS_CLOUDWATCH)
  • AWS GuardDuty (GUARDDUTY)
  • AWS Lambda Function (AWS_LAMBDA_FUNCTION)
  • AWS S3 Server Access (AWS_S3_SERVER_ACCESS)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • AWS VPC Flow (CSV) (AWS_VPC_FLOW_CSV)
  • Azure AD (AZURE_AD)
  • Azure Application Gateway (AZURE_GATEWAY)
  • Azure Firewall (AZURE_FIREWALL)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Azure VNET Flow (AZURE_VNET_FLOW)
  • BIND (BIND_DNS)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Brocade Switch (BROCADE_SWITCH)
  • Carbon Black (CB_EDR)
  • Carbon Black App Control (CB_APP_CONTROL)
  • Check Point (CHECKPOINT_FIREWALL)
  • Chronicle SOAR Audit (CHRONICLE_SOAR_AUDIT)
  • Cisco Application Centric Infrastructure (CISCO_ACI)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Email Security (CISCO_EMAIL_SECURITY)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco IronPort (CISCO_IRONPORT)
  • Cisco ISE (CISCO_ISE)
  • Cisco NX-OS (CISCO_NX_OS)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Umbrella Web Proxy (UMBRELLA_WEBPROXY)
  • Cisco vManage SD-WAN (CISCO_SDWAN)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Claroty Continuous Threat Detection (CLAROTY_CTD)
  • Cloudflare (CLOUDFLARE)
  • CrowdStrike Detection Monitoring (CS_DETECTS)
  • CrowdStrike Falcon (CS_EDR)
  • Crowdstrike IOC (CROWDSTRIKE_IOC)
  • Custom Security Data Analytics (CUSTOM_SECURITY_DATA_ANALYTICS)
  • CyberArk Endpoint Privilege Manager (EPM) (CYBERARK_EPM)
  • Cyberark Privilege Cloud (CYBERARK_PRIVILEGE_CLOUD)
  • Darktrace (DARKTRACE)
  • Datadog (DATADOG)
  • Dell Switch (DELL_SWITCH)
  • Elastic Defend (ELASTIC_DEFEND)
  • ESET AV (ESET_AV)
  • ExtraHop RevealX (EXTRAHOP)
  • F5 Advanced Firewall Management (F5_AFM)
  • F5 ASM (F5_ASM)
  • FireEye ETP (FIREEYE_ETP)
  • FireEye NX (FIREEYE_NX)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet Web Application Firewall (FORTINET_FORTIWEB)
  • GitHub (GITHUB)
  • Guardicore Centra (GUARDICORE_CENTRA)
  • H3C Comware Platform Switch (H3C_SWITCH)
  • IBM Cloud Activity Tracker (IBM_CLOUD_ACTIVITY_TRACKER)
  • IBM Security Verify Access (IBM_SVA)
  • IBM zSecure Alert (IBM_ZSECURE_ALERT)
  • Imperva (IMPERVA_WAF)
  • Infoblox (INFOBLOX)
  • Infoblox DHCP (INFOBLOX_DHCP)
  • KnowBe4 PhishER (KNOWBE4_PHISHER)
  • LastPass Password Management (LASTPASS)
  • Linux Auditing System (AuditD) (AUDITD)
  • Microsoft AD (WINDOWS_AD)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft IIS (IIS)
  • Netskope V2 (NETSKOPE_ALERT_V2)
  • NGINX (NGINX)
  • Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Openpath (OPENPATH)
  • Opnsense (OPNSENSE)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Cortex XDR Events (PAN_CORTEX_XDR_EVENTS)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Palo Alto Prisma Access (PAN_CASB)
  • Ping Federate (PING_FEDERATE)
  • Ping Identity (PING)
  • PostgreSQL (POSTGRESQL)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • Red Hat OpenShift (REDHAT_OPENSHIFT)
  • Remediant SecureONE (REMEDIANT_SECUREONE)
  • Riverbed Steelhead (STEELHEAD)
  • SailPoint IAM (SAILPOINT_IAM)
  • Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
  • Security Command Center Threat (N/A)
  • Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
  • Symantec DLP (SYMANTEC_DLP)
  • Sysdig (SYSDIG)
  • Teradata DB (TERADATA_DB)
  • Terraform Enterprise Audit (TERRAFORM_ENTERPRISE)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • Tripwire (TRIPWIRE_FIM)
  • Vectra Detect (VECTRA_DETECT)
  • Vectra Stream (VECTRA_STREAM)
  • Versa Firewall (VERSA_FIREWALL)
  • VMware AirWatch (AIRWATCH)
  • VMware ESXi (VMWARE_ESX)
  • Voltage (VOLTAGE)
  • WatchGuard (WATCHGUARD)
  • Windows DHCP (WINDOWS_DHCP)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Hyper-V (WINDOWS_HYPERV)
  • wiz.io (WIZ_IO)
  • Workday (WORKDAY)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Zscaler (ZSCALER_WEBPROXY)
  • Zscaler CASB (ZSCALER_CASB)
  • ZScaler Deception (ZSCALER_DECEPTION)
  • Zscaler DLP (ZSCALER_DLP)
  • Zscaler Tunnel (ZSCALER_TUNNEL)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, where applicable.

  • Akamai Kona Edge Grid (AKAMAI_KONA_EDGE_GRID)
  • Azure Compute (AZURE_COMPUTE)
  • Bluecat Micetro IP Address Management (BLUECAT_MICETRO_IPAM)
  • Cloudera Ranger (CLOUDERA_RANGER)
  • Cyberark Identity (CYBERARK_IDENTITY)
  • Fortinet FortiDLP (FORTINET_FORTIDLP)
  • IBM Cognos Analytics (IBM_COGNOS)
  • IBM Planning Analytics (IBM_PA)
  • Ironclad (IRONCLAD)
  • Ivanti Endpoint Manager Mobile (IVANTI_ENDPOINT_MANAGER_MOBILE)
  • Mimecast Mail V2 (MIMECAST_MAIL_V2)
  • Minsait Sigefi (MINSAIT_SIGEFI)
  • Netskope One Secure SD-WAN (NETSKOPE_SDWAN)
  • Proxmox (PROXMOX)
  • Radware Bot (RADWARE_BOT)
  • ScaleFusion for Windows MDM (SCALEFUSION)
  • Titan SFTP Server (TITAN_SFTP)
  • ZoomInfo (ZOOMINFO)
  • Zscaler Email DLP Insights (ZSCALER_EMAIL_DLP_INSIGHTS)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

reCAPTCHA

reCAPTCHA Mobile SDK 18.8.0-beta01 is now available for iOS.

This version contains the following changes:

July 01, 2025

Apigee Advanced API Security

On July 1, 2025 we released a new version of Advanced API Security Abuse Detection.

Support for AppGroups in Abuse Detection attributes

Abuse Detection incidents and detected traffic now show information on AppGroups and AppGroup apps when the AppGroup is part of the request or traffic.

Note: This functionality is not available in Apigee hybrid at this time.

For usage information, see the Abuse Detection documentation.

Backup for GKE

Backup for GKE now supports backing up and restoring Hyperdisk ML and Hyperdisk Balanced High Availability volumes. This feature is available for GKE clusters running version 1.33.1-gke.1959000 and later.

BigQuery

You can now update a Cloud KMS encryption key by updating the table with the same key. This feature is generally available (GA).

You can use the @@location system variable to set the location in which to run a query. This feature is generally available (GA).

BigQuery now supports the following Apache Hadoop migration features in Preview:

Cloud Composer

A new Cloud Composer release has started on July 1, 2025. This release is in progress at the moment. Listed changes might not be available in some regions yet.

This release includes internal infrastructure improvements to Cloud Composer. There are no user-visible changes.

New images are available in Cloud Composer 2:

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.110
  • 1.2.54
  • 2.2.54
  • 2.3.5
Gemini Code Assist

Gemini 2.5 Pro and Gemini 2.5 Flash models are Generally Available (GA)

Gemini 2.5 Pro and Gemini 2.5 Flash are Generally Available (GA). These models are used for Gemini Code Assist Standard and Enterprise, and power Gemini Code Assist's chat, code generation, and code transformation capabilities.

With the integration of these stable versions of Gemini 2.5 Pro and Gemini 2.5 Flash, you'll experience a boost in how Gemini Code Assist handles complex tasks. These models excel in areas like coding, mathematics, science, and intricate reasoning, leading to more accurate and helpful suggestions.

Gemini Code Assist 2.5 Flash and Pro comparison chart.

Google Cloud Architecture Center

(New guide) GraphRAG infrastructure for generative AI using Vertex AI and Spanner Graph: Shows how to design infrastructure for GraphRAG-capable generative AI applications in Google Cloud by using Vertex AI and Spanner Graph.

Google Cloud VMware Engine

VMware Engine single-node private clouds, created after June 4th 2025, will no longer delete after 60 days. All single-node private clouds will have no time limit. Single-node private clouds have limitations to SLA, patching, and upgrades.

Policy Intelligence Resource Manager Security Command Center

Security Command Center now supports the detection of Chokepoints for the following cloud service provider platforms:

  • Amazon Web Services (AWS)
  • Microsoft Azure

Support for Chokepoints with Microsoft Azure and AWS is in Preview.

Service Extensions

Plugins for Cloud Load Balancing help you insert WebAssembly (Wasm) code in a fully managed serverless environment directly into the data path of most Cloud Load Balancing Application Load Balancers. This feature is in General Availability.

Spanner

The performance of the ANY and the ANY SHORTEST algorithms have been improved. These algorithms are used to find Spanner Graph paths. For more information, see ANY and ANY SHORTEST paths.

Vertex AI

The global endpoint is generally available (GA) for Anthropic's Claude Opus 4. For details, see Global endpoint.

June 30, 2025

App Engine standard environment Java

For new deployments, the URL Fetch API validates the certificate of the host it contacts by default.

App Engine standard environment Python

For new deployments, the URL Fetch API validates the certificate of the host it contacts by default.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.52.0 (2025-06-25)

Features
  • bigquery: Integrate Otel in client lib (#3747) (6e3e07a)
  • bigquery: Integrate Otel into retries, jobs, and more (#3842) (4b28c47)
Bug Fixes
  • bigquery: Add MY_VIEW_DATASET_NAMETEST to resource clean up sample (#3838) (b1962a7)
Dependencies
  • Remove version declaration of open-telemetry-bom (#3855) (6f9f77d)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.66.0 (#3835) (69be5e7)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.68.0 (#3858) (d4ca353)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.49.2 (#3853) (cf864df)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.50.0 (#3861) (eb26dee)
  • Update dependency io.opentelemetry:opentelemetry-bom to v1.51.0 (#3840) (51321c2)
  • Update ossf/scorecard-action action to v2.4.2 (#3810) (414f61d)

You can now create and manage scheduled notebooks using the Schedule details pane in BigQuery Studio. This feature is generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.61.0 (2025-06-27)

Features
  • Add getter for universe domain in JwtCredentialsWithAudience (#2598) (9ad66b1)
Bug Fixes
  • Add name elements for the pom.xml files (a873719)
  • Populate table ID for materialized view (#2610) (50c3fe2)
Dependencies
Cloud DNS

Using a fully qualified domain name (FQDN) forwarding target is available for outbound DNS forwarding in GA.

Cloud Database Migration Service

Database Migration Service support for heterogeneous SQL Server to PostgreSQL migrations is now generally available (GA).

For more information, see:

Cloud Key Management Service

Cloud HSM for Google Workspace now lets you use Cloud HSM keys for client-side encryption (CSE) to protect sensitive workloads in Google Workspace. For more information about Cloud HSM for Google Workspace, including how to get started, see Onboard to Cloud HSM for Google Workspace.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.22.6 (2025-06-25)

Bug Fixes
  • Regenerate gapic yaml and service yaml for logging by augmentation configs (9023895)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.50.0 (#1821) (af4edc5)
  • Update googleapis/sdk-platform-java action to v2.60.0 (#1822) (0a96dd5)
Cloud Run

You can apply maximum instance configuration at the service level (in Preview).

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.53.2 (2025-06-25)

Bug Fixes
  • Fix Journaling BlobWriteSessionConfig to properly handle multiple consecutive retries (#3166) (895bfbd)
Dependencies
  • Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.36.0 (#3162) (41a1030)
  • Update sdk-platform-java dependencies (#3164) (c22a131)
Colab Enterprise

Preview: You can consume reservations with Colab Enterprise runtimes. Reservations of Compute Engine zonal resources help you gain a high level of assurance that your runtimes have the necessary resources to run. For more information, see Use reservations with Colab Enterprise.

Compute Engine

Generally available: You can now modify licenses attached to your disks. Previously, licenses on disk resources were immutable. You had to delete and recreate disks, or engage our support team to change licenses.

This feature provides greater flexibility for managing your disk licenses. You can now:

For more information on how to manage licenses, see Manage licenses.

Container Optimized OS

cos-dev-125-19126-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.94 v27.5.1 v2.0.4 See List

Updated nvidia-container-toolkit to v1.17.7.

Upgraded sys-apps/ethtool to version 6.11.

Upgraded app-admin/google-guest-configs to v20250605.00.

Added support for the Lustre 2.14.0_p212 drivers.

drop marvell-pcie-ep-octeon driver

Upgraded chromeos-base/shill-client to v0.0.1-r4872.

Upgraded chromeos-base/google-breakpad to v2025.06.12.121629-r242.

Upgraded chromeos-base/shill-client to v0.0.1-r4871.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r667.

Upgraded dev-lang/go to v1.23.10.

Upgraded app-admin/sudo to v1.9.17.

Upgraded sys-apps/less to v679.

Upgraded dev-db/sqlite to v3.50.1.

Upgraded sys-process/procps to v4.0.5-r2.

Upgraded sys-libs/libcap to v2.76.

Upgrade libarchive to version 3.8.1. This fixes CVE-2025-5914.

Runtime sysctl changes:

  • Changed: fs.file-max: 811773 -> 811755

cos-117-18613-263-56

Kernel Docker Containerd GPU Drivers
COS-6.6.93 v24.0.9 v1.7.27 See List

Added support for the Lustre 2.14.0_p212 drivers.

Upgraded sys-apps/less to v679.

Upgraded dev-libs/libusb to v1.0.29.

Upgrade libarchive to version 3.8.1. This fixes CVE-2025-5914.

Upgraded elfutils to version 0.193. This fixes CVE-2025-1365, CVE-2025-1371, CVE-2025-1372, and CVE-2025-1377.

Runtime sysctl changes:

  • Changed: fs.file-max: 811785 -> 811719

cos-121-18867-90-75

Kernel Docker Containerd GPU Drivers
COS-6.6.93 v27.5.1 v2.0.4 See List

Added support for the Lustre 2.14.0_p212 drivers.

Upgraded sys-apps/less to v679.

Upgrade libarchive to version 3.8.1. This fixes CVE-2025-5914.

Upgraded elfutils to version 0.193. This fixes CVE-2025-1365, CVE-2025-1371, CVE-2025-1372, and CVE-2025-1377.

Runtime sysctl changes:

  • Changed: fs.file-max: 811798 -> 811807

cos-113-18244-382-53

Kernel Docker Containerd GPU Drivers
COS-6.1.141 v24.0.9 v1.7.27 See List

Upgraded dev-libs/libusb to v1.0.29.

Upgrade libarchive to version 3.8.1. This fixes CVE-2025-5914.

Upgraded elfutils to version 0.193. This fixes CVE-2025-1365, CVE-2025-1371, CVE-2025-1372, and CVE-2025-1377.

Runtime sysctl changes:

  • Changed: fs.file-max: 812041 -> 812035

cos-109-17800-519-40

Kernel Docker Containerd GPU Drivers
COS-6.1.141 v24.0.9 v1.7.27 See List

Upgraded dev-libs/libusb to v1.0.29.

Upgrade libarchive to version 3.8.1. This fixes CVE-2025-5914.

Upgraded elfutils to version 0.193. This fixes CVE-2025-1365, CVE-2025-1371, CVE-2025-1372, and CVE-2025-1377.

Runtime sysctl changes:

  • Changed: fs.file-max: 812288 -> 812258

Datastream

Datastream is now available in the northamerica-south1 (Mexico) region. For the list of all available regions, see IP allowlists and regions.

Document AI

Custom Extractor model pretrained-foundation-model-v1.5-2025-05-05 is in General Availability (GA) and has fine-tuning available for the US and EU.

From version v1.4 and later, we will use a new quota for online processing called Number of online process document pages per minute per processor type and model version. This quota will be enforced at a per-page and per-foundation model level. There will be no change to the batch processing quota.

These can be enabled in the console when creating labels and by using the DocumentSchema.EntityType.

For more information, read Managing processor versions.

Google SecOps

Data tables are multicolumn constructs that let you input your own data into Google SecOps. You can create or import data tables to your Google SecOps account using the Google SecOps UI, the Data Tables API, or by using YARA-L queries in rules. This feature is now available to all customers.

What's new for this release:

  • Multiple web interface enhancements have been made, including a new default table view for data table management.
  • Support for the number data type is now available for data table columns.
  • Support for repeated fields in data table columns.
  • The Limitations section has additional details.
Google SecOps SIEM

Data tables are multicolumn constructs that let you input your own data into Google SecOps. You can create or import data tables to your Google SecOps account using the Google SecOps UI, the Data Tables API, or by using YARA-L queries in rules. This feature is now available to all customers.

What's new for this release:

  • Multiple web interface enhancements have been made, including a new default table view for data table management.
  • Support for the number data type is now available for data table columns.
  • Support for repeated fields in data table columns.
  • The Limitations section has additional details.
Looker

The Fast Dev Mode Transition feature is out of Labs and is now generally available. The Fast Dev Mode Transition feature improves the performance of Development Mode on your instance by loading LookML projects in read-only mode until a developer clicks the Create Developer Copy button for the project. Note: This item was added on July 8, 2025.

The Fast Dev Mode Transition feature is now available for Looker (Google Cloud core). The Fast Dev Mode Transition feature improves the performance of Development Mode on your instance by loading LookML projects in read-only mode until a developer clicks the Create Developer Copy button for the project. Note: This item was added on July 8, 2025.

Managed Lustre

Google Cloud Managed Lustre is now Generally Available (GA) to all customers with the following new features:

  • New performance tiers with maximum throughput speeds from 125 MBps per TiB to 1000 MBps per TiB.
  • Increased storage capacity, up to 7,632,000 GiB (~8 PiB).

Learn more about performance tiers and maximum capacities.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.140.2 (2025-06-25)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.51.0 (#2457) (d74215a)
  • Update dependency com.google.cloud:google-cloud-core to v2.58.0 (#2443) (d4599d9)
  • Update dependency com.google.cloud:google-cloud-storage to v2.53.1 (#2452) (b4af237)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.50.0 (#2461) (715916a)
  • Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.36.0 (#2440) (50a3eb9)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.31.1 (#2442) (a0be1bb)
  • Update dependency org.easymock:easymock to v5.6.0 (#2069) (5f144a4)
  • Update googleapis/sdk-platform-java action to v2.60.0 (#2462) (ee8e5c7)
  • Update googleapis/sdk-platform-java action to v2.60.0 (#2464) (7a0af37)
Security Command Center

You can download risk reports as PDFs. Risk reports help you understand the results of the attack path simulations (virtual red teaming) that Security Command Center runs. This feature is in Preview and is available for customers on the Enterprise or Premium service tiers. For more information, see Risk reports overview.

The following Virtual Machine Threat Detection detectors are in General Availability.

  • Defense Evasion: Unexpected ftrace handler
  • Defense Evasion: Unexpected interrupt handler
  • Defense Evasion: Unexpected kernel modules
  • Defense Evasion: Unexpected kernel read-only data modification
  • Defense Evasion: Unexpected kprobe handler
  • Defense Evasion: Unexpected processes in runqueue
  • Defense Evasion: Unexpected system call handler

The Defense Evasion: Unexpected kernel code modification detector of Virtual Machine Threat Detection is shut down. For more information, see Detector shutdowns.

Spanner

Spanner supports the following new client-side metrics to the Spanner API frontend (AFE) and Google frontend (GFE) for Java and Go applications:

  • AFE connectivity error count
  • AFE latencies
  • GFE connectivity error count
  • GFE latencies

These metrics can be used with server-side metrics to enable faster troubleshooting of performance and latency issues. For more information, see Client-side metrics descriptions.

To troubleshoot or understand your Spanner queries better, you can download and save your query execution plan as a JSON file. You can now use the content of this file to see a visualization of the query execution plan in Spanner Studio. For more information, see Take a tour of the query plan visualizer.

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.83.0 (2025-06-27)

Features
  • spanner/spansql: Add support for TOKENIZE_JSON. (#12338) (72225a5)
  • spanner/spansql: Support EXISTS in query parsing (#12439) (f5cb67b)
  • spanner: Add new change_stream.proto (40b60a4)
  • spanner: Add option for how to call BeginTransaction (#12436) (2cba13b)
  • spanner: Wrap proto mutation (#12497) (e655889)
Bug Fixes

Java

Changes for google-cloud-spanner

6.95.0 (2025-06-05)

Features
Bug Fixes
Dependencies
  • Update dependency io.opentelemetry:opentelemetry-bom to v1.50.0 (#3887) (94b879c)

6.95.1 (2025-06-06)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.49.0 (#3909) (3de8502)
  • Update googleapis/sdk-platform-java action to v2.59.0 (#3910) (aed8bd6)

6.96.0 (2025-06-27)

Features
  • Allow JDBC to configure directpath for connection (#3929) (d754f1f)
  • Support getOrNull and getOrDefault in Struct (#3914) (1dc5a3e)
  • Use multiplexed sessions for read-only transactions (#3917) (37fdc27)
Bug Fixes
  • Allow zero durations to be set for connections (#3916) (43ea4fa)
Documentation
  • Add snippet for Repeatable Read configuration at client and transaction (#3908) (ff3d212)
  • Update SpannerSample.java to align with best practices (#3625) (7bfc62d)
VPC Service Controls

Preview stage support for the following integration:

Vertex AI

Mistral Nemo, which is offered as a Model as a Service (MaaS) model in Model Garden, is deprecated. For details, see Model as a Service (MaaS) deprecations.

Anthropic's Claude 3 Opus, which is offered as a Model as a Service (MaaS) model in Model Garden, is deprecated. For details, see Model as a Service (MaaS) deprecations.

Vertex AI online inference now offers Preview support of PSC service automation that can automatically create PSC endpoints for dedicated private endpoints. For more information, see Create the online inference endpoint with PSC automation.

Vertex AI now offers GA support of Private Service Connect Interface and includes Private DNS Peering. For more information, see Use Private Service Connect interface for Vertex AI Training.

June 29, 2025

Google SecOps SOAR

Release 6.3.51 is being rolled out to the first phase of regions as listed here.

This release contains the following change.

Bulk Playbook Duplication Behavior Updated

When duplicating playbooks in bulk, the original selection is now preserved. Newly created copies are no longer automatically selected in the platform.

June 28, 2025

Google SecOps SOAR

Release 6.3.50 is now available for all regions.

June 27, 2025

Certificate Authority Service

You can backdate the not_before_time of certificates by specifying the backdate_duration field within the issuance policy of your CA Pool. This new optional field in the issuance policy allows you to control the not_before_time of all certificates issued from a given CA Pool.

If backdate_duration is not set: Certificates are issued with a not_before_time equal to the current issuance time.

If backdate_duration is set: Certificates are issued with a not_before_time equal to the issuance time minus the specified backdate_duration. The not_after_time automatically adjusts to maintain the requested certificate lifetime.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Cloud Spanner
    • spanner.googleapis.com/InstancePartition
Cloud Billing

New fields added to Cloud Billing data exports to BigQuery

To prepare for expanding the spend-based committed use discounts (CUD)s program, we added new data fields to the schema for Cloud Billing standard and detailed data exports to BigQuery. These new fields add more information about the prices charged for your Google Cloud usage and consumption models.

To learn more, see Billing data and SKU updates for spend-based CUDs.

Compute Engine

Generally available: You can specify a custom ephemeral external IPv6 address when creating an instance. For more information, see Create instances that use IPv6 addresses.

Contact Center AI Insights

Quality AI offers the agent engagement platform where contact center personnel can visualize agent performance data, including an AI-generated summary. The agent engagement platform also identifies areas where an agent excels and needs help compared to their peers.

Qualilty AI offers agent assessments based on individual conversations. Human evaluators can also add notes to these assessments with feedback for the agent.

Quality AI offers sampling rules that filter conversations to reduce the workload for human evaluators, saving contact centers time and money.

Add your own custom tags in Quality AI. In addition to the default Business, Compliance and Customer tags, you can apply custom tags to any question in any scorecard.

Conversational Insights offers a devkit to help developers and maintainers perform a wide range of actions, including the following:

  • Import one or more conversations with metadata.
  • Transcribe mono audio files.
  • Create recognizers with STT V2.
  • Transform transcript data formats from Genesys Cloud or AWS.
  • Change Conversational Insights global settings.
Generative AI on Vertex AI

Gemma 3n models are now available through Model Garden.

Multimodal datasets are now available in preview. For more information, see Multimodal datasets.

Google Cloud Armor

Cloud Armor's Hierarchical security policies facilitate centralized control, enhanced consistency, operational efficiency, and effective delegation of security policy management in Preview.

Google Kubernetes Engine

(2025-R27) Version updates

(2025-R27) Version updates

(2025-R27) Version updates

(2025-R27) Version updates

(2025-R27) Version updates

(2025-R27) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

Stable channel

Extended channel

No channel

Google SecOps Marketplace

Siemplify: Version 92.0

  • Updated action logic in the following actions:

    • Get Case Details

    • Get Similar Cases

    • Update Case Description

Security Command Center

The following Event Threat Detection detectors have been released to GA.

  • Exfiltration: Cloud SQL Data Exfiltration
  • Credential Access: CloudDB Failed login from Anonymizing Proxy IP
  • Initial Access: CloudDB Successful login from Anonymizing Proxy IP
Vertex AI

Gemma 3n models are now available through Model Garden.

Virtual Private Cloud

Private Service Connect service connectivity automation periodically retries endpoint create or delete operations that fail due to errors. This feature is available in General Availability. For more information, see Automatic retries for endpoint failures.

June 26, 2025

AI Applications

Vertex AI Search: gemini-2.5-flash/answer_gen/v1 model

You can generate answers with the Gemini 2.5 Flash (gemini-2.5-flash) model. This model is tuned to address context-based question and answering tasks.

For more information, see Answer generation model versions and lifecycle.

Anthos Config Management

Addressed multiple Common Vulnerabilities and Exposures (CVEs) by updating dependencies.

Fixed an issue with the nomos CLI which prevented setting up autocomplete by using the nomos completion command. For more information see Use the nomos command-line tool.

Fixed an issue which prevented a resource conflict metric from being recorded in rare cases.

Anti Money Laundering AI

New minor engine version released for retail line of business within the v004 tuning version. This extends support for the major version and includes no significant changes versus the previous minor version.

BigQuery

You can now use the use the PARTITION BY clause of the CREATE VECTOR INDEX statement to partition TreeAH vector indexes. Partitioning enables partition pruning and can decrease I/O costs. This feature is in preview.

BigQuery search indexes provide free index management until your organization reaches the limit in a given region. You can now use the INFORMATION_SCHEMA.SEARCH_INDEXES_BY_ORGANIZATION view to understand your current consumption towards that limit, broken down by projects and tables. This feature is generally available (GA).

Cloud Load Balancing

In typical HTTPS communication, neither the load balancer nor the backend verify each other's identity, assuming that they are within a secure perimeter and can be trusted. However, when perimeter security needs reinforcement or communication extends beyond the perimeter, backend mTLS becomes essential. Backend mTLS ensures secure communication by requiring both the load balancer and the backend to mutually verify their identities.

With backend authenticated TLS, the load balancer verifies the backend server's certificate by checking its chain of trust, thereby confirming the backend's identity. Conversely, with backend mTLS, the backend server verifies the client certificate presented by the load balancer. Together, these mechanisms enable backend mTLS, ensuring that both parties validate each other's identity.

Backend mTLS complements frontend mTLS, which is already generally available (GA).

For details, see the following:

This capability is in General Availability for global external Application Load Balancers.

Dataflow

Dataflow now supports an automated parallel update workflow for streaming jobs. This feature helps minimize disruption by launching a new replacement job that runs in parallel with the existing job. After a duration of time you specify, the old job is automatically drained.

For more information, see Run parallel pipelines.

Dialogflow

Conversational Agents data stores: Conversational Agents now supports AlloyDB, Bigtable, Firestore, Spanner and Cloud SQL data store sources as public GA features. Microsoft Entra ID source has now private GA support.

Conversational Agents data stores: You can now create some data store types directly within the Conversational Agents console rather than needing to use AI Applications. See the data store creation documentation for details.

Google Cloud Contact Center as a Service

Web SDK version 3

We're pleased to announce that the web SDK v3 is now generally available (GA). The web SDK v3 is built on the headless web SDK, so all of the methods that are available on a headless SDK client are also available with the web SDK v3 widget.

Deprecation notice

Starting on December 31, 2025, the web SDK v2 will no longer function. Be sure to update your website to use the web SDK v3 before that date to avoid breaking your integration with the web SDK. We are no longer adding new features to the web SDK v2.

Capabilities

The web SDK v3 provides the following new capabilities:

  • View previous chats and download chat transcripts. End-users can view previous chats and download chat transcripts from the web SDK widget. For more information, see View previous chats and download chat transcripts.
  • Web forms. You can set up HTML web forms to collect data from end-users. For more information, see Use data collection forms.
  • Include conditional operators with proactive chat triggers. When configuring proactive chat triggers, you can include OR operators with keywords and AND operators with multiple conditions. For more information, see Proactive Web SDK Triggers.
  • Agents can attach files during chats. An agent can attach a wide variety of file types using the web SDK widget during a chat session. For more information, see Configure rich messaging and file attachments.
  • Disable chat audio. An end-user can disable chat audio using the web SDK widget.
  • System message categorization. System messages are categorized as standard, confirmation, or error types.
  • Post-session transfers when the end-user ends a session. Post-session transfers can be triggered when an end-user ends a call or chat session. For more information, see Post-session transfers.

Documentation

Here's the web SDK v3 documentation:

Upgrade

For help upgrading to web SDK v3, see Upgrade from web SDK version 2 to web SDK version 3. If you've been using the Private Preview version of web SDK v3, be sure to update your implementations to access widget.js from your Google Cloud CCaaS instance.

Looker Studio

Don't display data in comparison metrics when Group others is enabled

The Group others option could display incorrect data when used with comparison metrics. Comparison metric fields now display the string no data when the Group others option is enabled on a chart.

Looker connector enhancements

The Looker connector can now connect to a private IP (private services access) only Looker (Google Cloud core) instance or to a private IP (Private Service Connect) Looker (Google Cloud core) instance using the Looker instance ID.

Network Connectivity Center

Static routes for Network Connectivity Center are available in public preview.

You can use static routes to define the next hop along the path that network traffic takes to reach a given destination. For more information about using static routes with Network Connectivity Center, see the Static routes overview.

VPC Service Controls

General availability support for the following integration:

Vertex AI Workbench

M130 release

The M130 release of Vertex AI Workbench instances includes the following:

  • Updated the Dataproc JupyterLab plugin to version 0.1.87.
  • Added the BigQuery JupyterLab plugin, version 0.0.1.
  • The GOOGLE_CLOUD_REGION environment variable is now set by default.

June 25, 2025

Apigee UI

On June 25, 2025 we began redirecting the following Apigee Classic UI navigation items to Apigee UI in the Google Cloud console:

  • Publish > API products
  • Publish > Developers
  • Publish > Apps
  • Admin > Instances
  • Admin > Data collectors
  • Admin > Environments
  • Admin > Endpoint attachments

See Apigee UI in Cloud console navigation for a mapping of each Classic Apigee UI feature page to its location in the Apigee UI in Cloud console.

See Apigee Classic UI shutdown for details on shutdown dates.

If you require more time to transition to the Google Cloud console, submit the exception request form by Aug 15, 2025.

App Hub

App Hub supports resources from the following sources in Preview:

  • Dataproc Metastore Service
  • Vertex AI Dataset
  • Vertex AI Featurestore
  • Vertex AI MetadataStore
  • Vertex AI Model

Artifact Registry

Artifact Registry generic repositories are now generally available.

Generic repositories store versioned, immutable artifacts that don't have to adhere to any specific package format in Artifact Registry. You can store and manage arbitrary files such as archives, binaries, and media files with no package specifications or management clients.

To get started with generic repositories, see the quickstart.

Cloud Run

Cloud Run worker pools are now available (Preview). Worker pools are specifically designed for non-request workloads.

Gemini Code Assist

Use agent mode in Gemini Code Assist Standard and Enterprise insiders channel for VS Code (Preview)

Review and approve

Stay in control with interactive reviews and approvals.

You can use Gemini Code Assist chat in agent mode to complete complex, multi-step tasks and goals with complete control over every change. Before making any modifications, the agent will present a plan for your review. You can edit, ask for changes, approve, or deny any suggested changes. This collaborative approach combines the power of AI with your expertise, resulting in better code and a more efficient workflow.

To get started with agent mode, see Use agentic chat as a pair programmer.

Use multi file editing in Gemini Code Assist Standard and Enterprise insiders channel in agent mode for VS Code (Preview)

Multi-file edits

Say goodbye to single-file edits and hello to project-wide changes.

With multi-file edits in agent mode, the agent can make concurrent changes across your entire codebase in response to a single prompt. This powerful new capability streamlines large-scale refactoring, feature implementation, and bug fixes. Simply describe the changes you need, and the agent will intelligently identify and modify all relevant files, saving you time and effort. You will also have the option to undo changes to local files in case you want to revert the changes to an earlier state.

Use full project context in Gemini Code Assist Standard and Enterprise insiders channel in agent mode for VS Code (Preview)

Explain my codebase

Smarter, more accurate code suggestions with full project awareness.

Agent mode has a comprehensive understanding of your entire project. The agent analyzes your whole codebase and requests files and folders as needed based on your goals. Full project context lets the agent create more accurate and context-aware code completions, suggestions, and refactorings. This deeper understanding of your project's architecture, dependencies, and coding patterns means you get higher-quality, more consistent code with less effort.

Google Kubernetes Engine

The C4D machine series is generally available in GKE. The following version requirements apply:

  • Standard clusters:
    • Manual node creation: GKE version 1.30 and later.
    • Node auto-provisioning and cluster autoscaler with Confidential GKE Nodes and compact placement: GKE version 1.32.3-gke.1717000 and later.
  • Autopilot clusters, including compact placement:
    • C4D machine types without Titanium SSD: GKE version 1.33.0-gke.1439000 and later.
    • C4D machine types with Titanium SSD: GKE version 1.33.1-gke.1171000 and later.

You can use the C4D machine series with Confidential GKE Nodes and in compact placement policies in Autopilot and Standard clusters.

For more information, see C4D machine series.

The C4D machine series is generally available in GKE. The following version requirements apply:

  • Standard clusters:
    • Manual node creation: GKE version 1.30 and later.
    • Node auto-provisioning and cluster autoscaler with Confidential GKE Nodes and compact placement: GKE version 1.32.3-gke.1717000 and later.
  • Autopilot clusters, including compact placement:
    • C4D machine types without Titanium SSD: GKE version 1.33.0-gke.1439000 and later.
    • C4D machine types with Titanium SSD: GKE version 1.33.1-gke.1171000 and later.

You can use the C4D machine series with Confidential GKE Nodes and in compact placement policies in Autopilot and Standard clusters.

For more information, see C4D machine series.

Google SecOps Marketplace

Refactored the code to work with updated API in the following integrations:

  • Case Federation: Version 3.0

  • Siemplify: Version 91.0

Microsoft Azure Sentinel: Version 54.0

  • Added an ability to not process the alert until Scheduled/NRT alert objects are available from API in the following connectors:

    • Microsoft Azure Sentinel - Incident Connector v2

    • Microsoft Azure Sentinel - Incident Tracking Connector

SentinelOneV2: Version 39.0

  • Updated ontology mapping in the following connector:

    • SentinelOneV2 - Threats Connector

Siemplify: Version 91.0

  • Updated Predefined Widget in the following action:

    • Get Similar Cases
Media CDN

Flexible shielding helps you overcome some limitations of default origin shielding by letting you configure a single, specific geographic region for origin shielding, typically selected to be near your centralized origin. This feature is in Preview.

Memorystore for Valkey

The version upgrade feature for Memorystore for Valkey is now Generally Available (GA).

Sensitive Data Protection

The CZECHIA_PERSONAL_ID_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

June 24, 2025

Bigtable

You can use Data Boost to analyze your Bigtable data with BigQuery without impacting the performance of the clusters that handle your application traffic. This feature is generally available (GA).

Cloud Billing

New, enhanced forecasting model for increased accuracy in cost reports

Cloud Billing forecasts now better account for seasonality trends, data irregularities, and missing data, using an enhanced forecasting model that leverages AI to factor in various scenarios, such as the following:

  • Intelligent handling of transient effects caused by known business events - for example, a new workload migration causing a usage spike.
  • Deeper understanding of seasonality - for example, various recurring patterns, such as daily, weekly and monthly cycles in your cloud spend; or for retailers, increases in usage during holiday seasons.
  • Adapting to trends to remain relevant in changing environments - for example, new AI spend.

These enhancements, powered by our new machine learning engine, translate to increased forecasting accuracy. By capturing complex trends, multiple seasonalities, and handling data anomalies more intelligently, you'll see a marked improvement in the precision of your cost forecasts.

For more information about the forecasted costs in reports, see View you forecasted costs.

Cloud Run

A new region is now available for Cloud Run GPUs: us-east4.

Generative AI on Vertex AI

Starting on June 24, 2025, Imagen versions 1 and 2, image captioning, and visual question answering are deprecated.

On September 24, 2025, the following features and models will be removed:

  • image captioning
  • visual question answering
  • Imagen 1 model imagegeneration@002
  • Imagen 2 models imagegeneration@005 and imagegeneration@006

For more information, see Migrate to Imagen 3.

Google Cloud Armor

Cloud Armor supports organization-scoped address groups for security policies in Preview.

Google Kubernetes Engine

Starting on September 1, 2025, GKE version upgrades can proceed even if existing resources violate custom organization policy constraints. GKE allows upgrade-only operations to occur as long as the operation doesn't introduce new policy violations.

Looker

The following feature is generally available for Looker reports:

Spanner

You can directly connect and interact with your Spanner database using the Spanner CLI, an interactive shell for Spanner that is built into the Google Cloud CLI. You can use the Spanner CLI to start an interactive session and automate SQL executions from the shell or an input file. This feature is available in Preview. For more information, see Spanner CLI quickstart.

Vertex AI

The Generative AI module in the Vertex AI SDK is deprecated. For information about migrating to the Google Gen AI SDK, see the migration guide.

June 23, 2025

Apigee Analytics

On June 23, 2025 we released an updated version of Apigee.

Addition of AppGroup-specific Analytics dimensions for Custom Reports

This release introduces two new AppGroups Analytics dimensions: AppGroup Name and AppGroup App Name.

Use these dimensions with custom reports and report jobs to group metrics by a specific AppGroup or a specific app within an AppGroup.

For additional information see Analytics dimensions and Creating and managing custom reports.

Apigee Integrated Portal

On June 23, 2025 we released a new version of the Apigee integrated portal.

This release adds the Export feature to the Apigee UI in the Cloud console. You can now export publishing data for developers, apps, or API products as a comma-separated values (CSV) file or JSON file.

Documentation: Exporting publishing data

BigQuery

You can now use the Apache Iceberg REST catalog in BigLake metastore to create interoperability between your query engines by allowing your open source engines to access Iceberg data in Cloud Storage. This feature is in Preview.

Colab Enterprise notebooks in BigQuery let you do the following in Preview:

Cloud CDN

Cloud CDN lets you add custom code to the request processing path of global external Application Load Balancers by using Service Extensions edge extensions. These extensions help you implement customizations in the request path pre-cache, which can influence how content is cached and the backend service is selected on the Application Load Balancer. This feature is in Preview.

For more information, see Use Service Extensions for edge computing.

Cloud Composer

Improved the startup times of Airflow workers for environments that have a large number of custom PyPI packages installed.

This feature was announced previously and is gradually rolling out over several releases. In this release, it's available in asia-east2, asia-northeast3, europe-central2, europe-west9, me-central1, me-west1, northamerica-northeast1, northamerica-northeast2, northamerica-south1, and us-west1 re

(Available without upgrading) Fixed an issue where deleting a Cloud Composer 2 environment could fail when the environment's cluster was in the process of creating a node pool.

(Airflow 2.10.5) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 10.5.0 from version 10.4.2. For changes in other packages, see the preinstalled packages changelog.

New images are available in Cloud Composer 2:

Cloud Composer version 2.8.3 has reached its end of support period.

Cloud Interconnect

Interconnect connection groups and VLAN attachment groups are Generally available. You can use resource groups to communicate your intended level of reliability, and to receive feedback on how your Cloud Interconnect resources meet that intended level of reliability.

For more information, see Resiliency and SLA options.

Cloud NGFW

You can create a secure tag at the organization level and bind its value to all virtual machine (VM) instances across that organization, instead of applying tags to instances within a specific network. For more information, see Secure tags for firewalls. This feature is available in Preview.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.53.1 (2025-06-18)

Bug Fixes
  • Cancel the future in RemoteStorageHelper#forceDelete when TimeoutException happens (#3136) (e6007d5)
  • deps: Update the Java code generator (gapic-generator-java) to 2.59.0 (7dba9f0)
Dependencies
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20250605-2.0.0 (#3143) (17a80d8)
  • Update sdk-platform-java dependencies (#3152) (2f78192)

Python

Changes for google-cloud-storage

3.1.1 (2025-06-13)

Bug Fixes
  • Add a check for partial response data (#1487) (7e0412a)
  • Add trove classifier for Python 3.13 (0100916)
  • deps: Require google-crc32c >= 1.1.3 (0100916)
  • deps: Require protobuf >= 3.20.2, < 7.0.0 (0100916)
  • deps: Require requests >= 2.22.0 (0100916)
  • Remove setup.cfg configuration for creating universal wheels (#1448) (d3b6b3f)
  • Resolve issue where pre-release versions of dependencies are installed (0100916)
  • Segmentation fault in tink while writing data (#1490) (2a46c0b)
Documentation

The Cloud Storage Cloud Audit Logs have expanded support to include error scenario coverage and produce a more comprehensive error message with code, error messages, and details, in an easy to understand format. The Gemini Cloud Assist (GCA) service can then easily analyze the log and provide tailored recommendations on how to mitigate issues as they arise. Before this enhancement, error logs were generated for only a specific set of scenarios, and the status field solely contained the gRPC error code without any additional information. To learn more about Cloud Audit Logs, see Cloud Audit Logs overview.

Container Optimized OS

cos-125-19115-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.94 v27.5.1 v2.0.4 See List

Updated the Linux kernel to v6.6.94.

Added NVIDIA 570.133.20 vGPU driver.

Added a kernel patch to address bcache latency.

Upgraded elfutils to version 0.193. This fixes CVE-2025-1365, CVE-2025-1371, CVE-2025-1372, and CVE-2025-1377.

Runtime sysctl changes:

  • Changed: fs.file-max: 811736 -> 811773

cos-121-18867-90-67

Kernel Docker Containerd GPU Drivers
COS-6.6.93 v27.5.1 v2.0.4 See List

Updated the Linux kernel to v6.6.93. This includes mitigations for CVE-2024-28956, which may negatively impact the performance of Intel machine types.

Fixed KCTF-d35acc1 in the Linux kernel.

Added a kernel patch to address bcache latency.

Runtime sysctl changes:

  • Changed: fs.file-max: 811824 -> 811798

cos-117-18613-263-49

Kernel Docker Containerd GPU Drivers
COS-6.6.93 v24.0.9 v1.7.27 See List

Updated the Linux kernel to v6.6.93. This includes mitigations for CVE-2024-28956, which may negatively impact the performance of Intel machine types.

Fixed KCTF-d35acc1 in the Linux kernel.

Added a kernel patch to address bcache latency.

Runtime sysctl changes:

  • Changed: fs.file-max: 811766 -> 811785

cos-113-18244-382-49

Kernel Docker Containerd GPU Drivers
COS-6.1.141 v24.0.9 v1.7.27 See List

Updated the Linux kernel to v6.1.141. This includes mitigations for CVE-2024-28956, which may negatively impact the performance of Intel machine types.

Fixed KCTF-d35acc1 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812035 -> 812041

cos-109-17800-519-36

Kernel Docker Containerd GPU Drivers
COS-6.1.141 v24.0.9 v1.7.27 See List

Updated the Linux kernel to v6.1.141. This includes mitigations for CVE-2024-28956, which may negatively impact the performance of Intel machine types.

Fixed KCTF-d35acc1 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812276 -> 812288

Datastream

Datastream now supports BigLake Iceberg tables as a destination both in the Google Cloud console and the Datastream API.

For more information, see the Datastream documentation.

Generative AI on Vertex AI

Veo 2 support for advanced video controls is Generally Available. In addition to a providing a first frame of a video, you can specify the last frame of a video or a video to extend in length. For more information, see Veo on Vertex AI API.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.31.600-gke.85 is now available for download. To upgrade, see Upgrade a cluster. Google Distributed Cloud 1.31.600-gke.85 runs on Kubernetes v1.31.8-gke.100.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issues were fixed in 1.31.600-gke.85:

Google Distributed Cloud (software only) for bare metal

Google Distributed Cloud for bare metal 1.31.600-gke.85 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.31.600-gke.85 runs on Kubernetes v1.31.8-gke.100.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following issues were fixed in 1.31.600-gke.85:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google SecOps Google SecOps SIEM Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.15.0 (2025-06-17)

Features
  • secretmanager: Update secret manager protos for tags (#12406) (feb078b)
Service Extensions

Edge extensions help you manipulate request headers early in the request processing lifecycle of global external Application Load Balancers to influence caching and routing decisions. This feature is in Preview.

Learn how to configure an edge extension.

June 22, 2025

Google SecOps SOAR

Release 6.3.50 is being rolled out to the first phase of regions as listed here.

This release contains internal and customer bug fixes.

June 21, 2025

Google SecOps SOAR

Release 6.3.49 is now available for all regions.

June 20, 2025

Assured Workloads

The IRS 1075 control package now supports the following products:

  • Access Transparency
  • Backup for GKE
  • Cloud Healthcare API
  • Cloud OS Login API
  • Cloud Workstations
  • Conversational Agents
  • Conversational Insights
  • Dataplex Universal Catalog
  • Document AI
  • Essential Contacts
  • Eventarc
  • External passthrough Network Load Balancer
  • Generative AI on Vertex AI
  • Google Agentspace
  • Google Cloud Armor
  • Google Cloud NetApp Volumes
  • Google Security Operations SOAR
  • Identity and Access Management (IAM)
  • Infrastructure Manager
  • Integration Connectors
  • Internal passthrough Network Load balancer
  • Jurisdictional Cloud Console
  • Looker (Google Cloud core)
  • Organization Policy Service
  • Regional external Application Load Balancer
  • Regional external proxy Network Load Balancer
  • Regional internal Application Load Balancer
  • Regional internal proxy Network Load Balancer
  • Storage Transfer Service
  • VPC Service Controls
  • Virtual Private Cloud (VPC)

The names for some Assured Workloads control packages have changed. The new names are reflected in the Google Cloud console and the API, such as the ComplianceRegime enums that are used when creating a new workload using the Assured Workloads API. For information about the name change, see Control package renaming notice.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Security Command Center
    • websecurityscanner.googleapis.com/ScanConfig
Contact Center AI Insights

Conversational Insights offers sentiment analysis in GA. Sentiment analysis determines the mood within a conversation and assigns a score: positive, neutral, or negative.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.109
  • 1.2.53
  • 2.2.53
  • 2.3.4

Dataproc Serverless for Spark: Upgraded the Cloud Storage connector version to 2.2.28 in the 1.1 runtime.

Dataproc Serverless for Spark: The built-in Iceberg now supports the BigLake Iceberg REST catalog on the 2.2 runtime.

New Dataproc on Compute Engine subminor image versions:

  • 2.0.144-debian10, 2.0.144-rocky8, 2.0.144-ubuntu18
  • 2.1.92-debian11, 2.1.92-rocky8, 2.1.92-ubuntu20, 2.1.92-ubuntu20-arm
  • 2.2.60-debian12, 2.2.60-rocky9, 2.2.60-ubuntu22
  • 2.3.4-debian12, 2.3.4-rocky9, 2.3.4-ubuntu22

Dataproc on Compute Engine: Upgraded the Cloud Storage connector version to 2.2.28 in the latest 2.0 and 2.1 images.

Dataproc on Compute Engine: Dataproc now automatically configures Knox Gateway configuration properties gateway.dispatch.whitelist.services and gateway.dispatch.whitelist for component web UIs within the cluster.

Dataproc on Compute Engine: Fixed a bug in trino-jvm cluster properties. To configure Trino JVM options prefixed with trino-jvm, follow these guidelines:

  • Configure JVM options starting with -XX:, without :. For JVM flags without a value, add = at the end. For example, add trino-jvm:-XX+HeapDumpOnOutOfMemoryError= as -XX:+HeapDumpOnOutOfMemoryError in the jvm.config.
  • Specify JVM options system properties with a -D prefix the same way. For example, trino-jvm:-Dsystem.property.name=value.
  • Any value containing : cannot be provided as a cluster property.

Dataproc on Compute Engine & Dataproc Serverless: Backported GH-3198 in Parquet addressing CVE-2025-46762.

Migrate to Virtual Machines

Starting with version Migrate Connector 2.7, throttling is supported for a second NIC.

Security Command Center

The display name for the following Event Threat Detection rules have changed. Please update any artifacts that use these values, such as finding filters, finding queries, or mute rules.

Previous display name New display name
Defensive Evasion: Static Pod Created Defense Evasion: Static Pod Created
Data Destruction: Deleted Google Cloud Backup and DR Backup Impact: Deleted Google Cloud Backup and DR Backup
Inhibit System Recovery: Deleted Google Cloud Backup and DR host Impact: Deleted Google Cloud Backup and DR host
Inhibit System Recovery: Deleted Google Cloud Backup and DR plan association Impact: Deleted Google Cloud Backup and DR plan association
Inhibit System Recovery: Deleted Google Cloud Backup and DR Vault Impact: Deleted Google Cloud Backup and DR Vault
Inhibit System Recovery: Google Cloud Backup and DR delete policy Impact: Google Cloud Backup and DR delete policy
Inhibit System Recovery: Google Cloud Backup and DR delete profile Impact: Google Cloud Backup and DR delete profile
Inhibit System Recovery: Google Cloud Backup and DR delete storage pool Impact: Google Cloud Backup and DR delete storage pool
Inhibit System Recovery: Google Cloud Backup and DR delete template Impact: Google Cloud Backup and DR delete template
Data Destruction: Google Cloud Backup and DR expire image Impact: Google Cloud Backup and DR expire image
Data Destruction: Google Cloud Backup and DR remove appliance Impact: Google Cloud Backup and DR remove appliance
Inhibit System Recovery: Google Cloud Backup and DR remove plan Impact: Google Cloud Backup and DR remove plan
Impair Defenses: Strong Authentication Disabled Persistence: Strong Authentication Disabled
Credential Access: External Member Added To Privileged Group Privilege Escalation: External Member Added To Privileged Group
Persistence: Impersonation Role Granted For Dormant Service Account Privilege Escalation: Impersonation Role Granted For Dormant Service Account
Credential Access: Privileged Group Opened To Public Privilege Escalation: Privileged Group Opened To Public
Credential Access: Sensitive Role Granted To Hybrid Group Privilege Escalation: Sensitive Role Granted To Hybrid Group

Risk Engine includes the aiplatform.googleapis.com/Model resource type in the default high-value resource set. For more information, see the list of default resource types.

Spanner

A new free trial creation work flow makes it easier to start your Spanner free trial. With a free trial instance, you can learn and explore Spanner for 90 days at no cost. You can create relational (GoogleSQL and PostgreSQL) databases and deploy NoSQL models (Spanner Graph, Vector search, and Full-text search) in a single, fully managed database. For more information, see Spanner free trial instances overview.

June 19, 2025

Document AI

We've increased the maximum file size for online processing requests from 20 MB to 40 MB. This applies to all types of processors.

For more information, see the Document AI limits page.

Google SecOps

Content Hub

This feature is currently in Preview.

The new Content Hub page offers a centralized experience for managing all your Google SecOps content needs. On this page, you can do the following:

  • Onboard Google SecOps content using content packs for top data sources
  • View and manage native dashboards.
  • Access and configure search queries.
  • View, filter, and review curated detections rule logic.
  • Configure response integrations.
  • Install and run power ups.

For more information, see Google SecOps Content Hub.

Product Centric Feed Management

This feature is currently in Preview.

You can now configure multiple log-type feeds for the same product type on a single page. This new product-led experience simplifies the feed configuration flow and provides additional in-product guidance. For more information, see Configure feeds by product.

Google SecOps SIEM

Product Centric Feed Management

This feature is currently in Preview.

You can now configure multiple log-type feeds for the same product type on a single page. This new product-led experience simplifies the feed configuration flow and provides additional in-product guidance. For more information, see Configure feeds by product.

Security Command Center

The prompt injection and jailbreak detection filter in Model Armor flags more threats across various attack vectors, and offers an improved detection rate for high-confidence malicious prompts. This filter is available in us-east1.

CVEs with no known exploitation activity are not considered in attack path simulations

Vulnerability findings in Security Command Center are enriched by Mandiant Threat Intelligence. A CVE with wide exploitation activity is more likely to be used in an attack path compared to a CVE with only anticipated exploitation activity. Vulnerabilities with no known exploitation activity are not considered in attack path simulations. For more information, see Incorporation of CVE data.

June 18, 2025

Anthos Attached Clusters

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

BigQuery

You can now publish the results of a data quality scan as Dataplex Universal Catalog metadata. Previously, data quality scan results were published only to the Google Cloud console. The latest results are saved to the entry that represents the source table. You can view the results in the Google Cloud console. If you want to enable catalog publishing for an existing data quality scan, you must edit the scan and re-enable the publishing option. This feature is generally available (GA).

You can now use data insights to have Gemini generate table and column descriptions from table metadata. This feature is in Preview.

Container Optimized OS

cos-dev-125-19104-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.93 v27.5.1 v2.0.4 See List

Upgraded dpdk-kmods to 9b182be2ee4b

Updated the Linux kernel to v6.6.93.

Upgraded app-misc/jq to v1.8.0. This fixes CVE-2025-48060.

Runtime sysctl changes:

  • Changed: fs.file-max: 811779 -> 811736

cos-121-18867-90-62

Kernel Docker Containerd GPU Drivers
COS-6.6.87 v27.5.1 v2.0.4 See List

Upgraded app-misc/jq to v1.8.0. This fixes CVE-2025-48060.

Runtime sysctl changes:

  • Changed: fs.file-max: 811798 -> 811824

cos-117-18613-263-45

Kernel Docker Containerd GPU Drivers
COS-6.6.87 v24.0.9 v1.7.27 See List

Upgraded app-misc/jq to v1.8.0. This fixes CVE-2025-48060.

Runtime sysctl changes:

  • Changed: fs.file-max: 811775 -> 811766

cos-113-18244-382-47

Kernel Docker Containerd GPU Drivers
COS-6.1.134 v24.0.9 v1.7.27 See List

Upgraded app-misc/jq to v1.8.0. This fixes CVE-2025-48060.

Runtime sysctl changes:

  • Changed: fs.file-max: 812031 -> 812035

cos-109-17800-519-32

Kernel Docker Containerd GPU Drivers
COS-6.1.135 v24.0.9 v1.7.27 See List

Upgraded app-misc/jq to v1.8.0. This fixes CVE-2025-48060.

Runtime sysctl changes:

  • Changed: fs.file-max: 812266 -> 812276

Dataplex

Previously, data quality scan results were published only to the Google Cloud console. You can now publish the results of a data quality scan as Dataplex Universal Catalog metadata. The latest results are saved to the entry that represents the source table. You can view the results in the Google Cloud console.

If you want to enable catalog publishing for an existing data quality scan, you must edit the scan and re-enable the publishing option.

For more information, see Use auto data quality.

This feature is generally available (GA).

Gemini Code Assist

Chat code suggestion preview

Chat code suggestions are displayed in a preview block by default with VS Code Gemini Code Assist 2.37.0, improving the readability of generated chat responses. You can configure preview pane settings to alternatively display chat code suggestions as fully collapsed or expanded.

Preview pane in VS Code Gemini Code Assist.

Revert to a checkpoint (Preview)

You can revert to a checkpoint for chat code suggestions with VS Code Gemini Code Assist 2.37.0, in Preview. Reverting to a checkpoint enables you to revert affected source files to a point before any code suggestions were applied.

Preview pane in VS Code Gemini Code Assist.

Configure local codebase awareness

You can configure local codebase awareness with VS Code Gemini Code Assist 2.37.0.

Google Cloud Armor

Cloud Armor supports Network Threat Intelligence (NTI) in globally scoped edge security policies for Media CDN edge cache services in Preview.

Google Kubernetes Engine

(2025-R26) Version updates

  • Version 1.32.4-gke.1415000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2810000
    • 1.27.16-gke.2874000
    • 1.28.15-gke.2287000
    • 1.28.15-gke.2403000
    • 1.29.15-gke.1395000
    • 1.29.15-gke.1523000
    • 1.30.12-gke.1151000
    • 1.31.9-gke.1005000
    • 1.32.4-gke.1353003
    • 1.33.0-gke.2248000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2303000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2820000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2303000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.15-gke.1415000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.12-gke.1168000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.9-gke.1044001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.4-gke.1415000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.33 to version 1.33.1-gke.1107000 with this release.

(2025-R26) Version updates

(2025-R26) Version updates

  • Version 1.33.1-gke.1584000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.30.12-gke.1168000
    • 1.31.9-gke.1044001
    • 1.33.1-gke.1386000
    • 1.33.1-gke.1545000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.12-gke.1208000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.9-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.33.1-gke.1584000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.12-gke.1208000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.9-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.33 to version 1.33.1-gke.1584000 with this release.

(2025-R26) Version updates

  • Version 1.32.4-gke.1415000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.30.12-gke.1151000
    • 1.31.9-gke.1005000
    • 1.32.4-gke.1353003
    • 1.33.0-gke.2248000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.12-gke.1168000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.31.9-gke.1044001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.32.4-gke.1415000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.12-gke.1168000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.9-gke.1044001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.4-gke.1415000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.33 to version 1.33.1-gke.1107000 with this release.

(2025-R26) Version updates

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.30.12-gke.1033000
    • 1.31.8-gke.1045000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.12-gke.1086000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.31.8-gke.1113000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.12-gke.1086000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.8-gke.1113000 with this release.

(2025-R26) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.33.1-gke.1584000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.30.12-gke.1168000
    • 1.31.9-gke.1044001
    • 1.33.1-gke.1386000
    • 1.33.1-gke.1545000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.12-gke.1208000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.9-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.33.1-gke.1584000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.12-gke.1208000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.9-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.33 to version 1.33.1-gke.1584000 with this release.

Regular channel

  • Version 1.32.4-gke.1415000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.30.12-gke.1151000
    • 1.31.9-gke.1005000
    • 1.32.4-gke.1353003
    • 1.33.0-gke.2248000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.12-gke.1168000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.31.9-gke.1044001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.32.4-gke.1415000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.12-gke.1168000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.9-gke.1044001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.4-gke.1415000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.33 to version 1.33.1-gke.1107000 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.30.12-gke.1033000
    • 1.31.8-gke.1045000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.12-gke.1086000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.31.8-gke.1113000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.12-gke.1086000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.8-gke.1113000 with this release.

Extended channel

  • Version 1.32.4-gke.1415000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2810000
    • 1.27.16-gke.2874000
    • 1.28.15-gke.2287000
    • 1.28.15-gke.2403000
    • 1.29.15-gke.1395000
    • 1.29.15-gke.1523000
    • 1.30.12-gke.1151000
    • 1.31.9-gke.1005000
    • 1.32.4-gke.1353003
    • 1.33.0-gke.2248000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2303000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2820000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2303000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.15-gke.1415000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.12-gke.1168000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.9-gke.1044001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.4-gke.1415000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.33 to version 1.33.1-gke.1107000 with this release.

No channel

Google SecOps

You can now remove existing UDM field mappings by using parser extensions in Google SecOps.

For more information, see Remove UDM field mappings using parser extensions and Code snippet - Remove existing mappings

New data ingestion and health dashboard widgets are now available.

  • Silent host monitoring: displays hosts that were active in the last 7 days, but haven't reported recently, including a count of days since their last ingestion.
  • BindPlane agent logging and health: visualizes logging activity and agent health. Requires Bindplane agent logs to be ingested into Google SecOps.
  • Throughput in bytes: shows ingestion volume over time.
  • Improved log type distribution charts: updates charts for better readability and usability.
Google SecOps Marketplace

Google Chronicle: Version 60.0

  • Updated risk score handling in the following connector:

    • Google Chronicle - Alerts Connector

Microsoft Teams: Version 27.0

  • Integration: Refactored the code to work with updated API.
Google SecOps SIEM

You can now remove existing UDM field mappings by using parser extensions in Google SecOps.

For more information, see Remove UDM field mappings using parser extensions and Code snippet - Remove existing mappings

New data ingestion and health dashboard widgets are now available.

  • Silent host monitoring: displays hosts that were active in the last 7 days, but haven't reported recently, including a count of days since their last ingestion.
  • BindPlane agent logging and health: visualizes logging activity and agent health. Requires Bindplane agent logs to be ingested into Google SecOps.
  • Throughput in bytes: shows ingestion volume over time.
  • Improved log type distribution charts: updates charts for better readability and usability.
Looker Studio

Updates to Assets: search API endpoint

The Assets: search API endpoint now includes a previousPageToken attribute in its response. This token allows API users to paginate forwards and backwards through the result set.

Media CDN

You can use Network Threat Intelligence (NTI) from Cloud Armor in Edge Security Policies for Media CDN edge cache services for Enterprise users. NTI helps identify and block requests originating from known malicious IP addresses and networks. This feature is in Preview.

For an example, see Example: Block traffic from known malicious IPs.

Security Command Center

The Set security marks option in the new Security Command Center Enterprise Findings and Assets pages is temporarily unavailable. You can opt-out of the new Security Command Center Enterprise experience to manage security marks using the Cloud console. Or, you can manage security marks using the Security Command Center API.

Text-to-Speech

Chirp 3: Instant Custom Voice now extends support to ja-JP, now supporting more than 30 locales. For more information, check the Chirp 3: Instant Custom Voice documentation.

Virtual Private Cloud

The following features of VPC Flow Logs are available in Preview through the Network Management API:

For more information, see Supported configurations.

June 17, 2025

AlloyDB for PostgreSQL

You can use the columnar engine to improve the performance of vector similarity searches, specifically K-Nearest Neighbor (KNN) searches, when combined with highly-selective predicate filtering. For more information, see Accelerate your filtered vector search. This feature is in Preview.

Apigee UI

On June 17, 2025 we began redirecting the following Apigee Classic UI navigation items to Apigee UI in the Google Cloud console:

  • Publish > Monetization
  • Analyze > API monitoring
  • Analyze > API metrics
  • Analyze > Developers > Developer Engagement
  • Analyze > Developers > Traffic Composition
  • Analyze > End Users > Devices
  • Analyze > End Users > Geomap
  • Analyze > Custom reports

See Apigee UI in Cloud console navigation for a mapping of each Classic Apigee UI feature page to its location in the Apigee UI in Cloud console.

See Apigee Classic UI shutdown for details on shutdown dates.

If you require more time to transition to the Google Cloud console, submit the exception request form by Aug 15, 2025.

App Engine flexible environment PHP App Engine flexible environment Ruby App Engine standard environment PHP App Engine standard environment Ruby Cloud Run Cloud Run functions Cloud SQL for MySQL

You no longer have to upgrade your instance to MySQL 8.0.37 before you upgrade to Cloud SQL for MySQL 8.4. You can upgrade to Cloud SQL for MySQL 8.4 from any minor version of Cloud SQL for MySQL 8.0. For more information about upgrading the major version of a Cloud SQL instance, see Upgrade the database major version-place.

Container Optimized OS

cos-117-18613-263-42

Kernel Docker Containerd GPU Drivers
COS-6.6.87 v24.0.9 v1.7.27 See List

Updated cos-gpu-installer to v2.5.3.

Added support for the Lustre 2.14.0_p198 drivers.

Added support for Nvidia driver version 575.57.08.

Fixed CVE-2024-41110 in Docker.

Fixed CVE-2025-47273 in dev-python/setuptools.

Updated systemd to v254.26. This resolves CVE-2025-4598.

Fixed CVE-2025-37800 in the Linux kernel.

Fixed CVE-2025-37800 in the Linux kernel.

Fixed CVE-2025-37803 in the Linux kernel.

Fixed KCTF-ac9fe7d in the kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811818 -> 811775

cos-121-18867-90-59

Kernel Docker Containerd GPU Drivers
COS-6.6.87 v27.5.1 v2.0.4 See List

Updated cos-gpu-installer to v2.5.3.

Added support for the Lustre 2.14.0_p198 drivers.

Added support for Nvidia driver version 575.57.08.

Fixed CVE-2025-47273 in dev-python/setuptools.

Updated systemd to v254.26. This resolves CVE-2025-4598.

Fixed CVE-2025-37800 in the Linux kernel.

Fixed CVE-2025-37803 in the Linux kernel.

Fixed KCTF-ac9fe7d in the kernel.

Fixed CVE-2024-43840 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811741 -> 811798

cos-113-18244-382-43

Kernel Docker Containerd GPU Drivers
COS-6.1.134 v24.0.9 v1.7.27 See List

Updated cos-gpu-installer to v2.5.3.

Added support for Nvidia driver version 575.57.08.

Fixed CVE-2024-41110 in Docker.

Fixed CVE-2025-47273 in dev-python/setuptools.

Updated systemd to v254.26. This resolves CVE-2025-4598.

Fixed KCTF-ac9fe7d in the kernel.

Fixed CVE-2024-26783 in the Linux kernel.

Fixed CVE-2024-36903 in the Linux kernel.

Fixed CVE-2024-43840 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812017 -> 812031

cos-109-17800-519-30

Kernel Docker Containerd GPU Drivers
COS-6.1.135 v24.0.9 v1.7.27 See List

Updated cos-gpu-installer to v2.5.3.

Added support for Nvidia driver version 575.57.08.

Fixed CVE-2024-41110 in Docker.

Updated systemd to v253.33. This resolves CVE-2025-4598.

Fixed CVE-2025-47273 in dev-python/setuptools.

Fixed KCTF-ac9fe7d in the kernel.

Fixed CVE-2024-36927 in the Linux kernel.

Fixed CVE-2024-43840 in the Linux kernel.

Fixed CVE-2024-36903 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812283 -> 812266

cos-dev-125-19094-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.92 v27.5.1 v2.0.4 See List

Updated cos-gpu-installer to v2.5.3.

Added support for the Lustre 2.14.0_p198 drivers.

Added support for Nvidia driver version 575.57.08.

Upgraded chromeos-base/shill-client to v0.0.1-r4869.

Upgraded dev-db/sqlite to v3.50.0.

Fixed CVE-2025-47273 in dev-python/setuptools.

Updated systemd to v254.26. This resolves CVE-2025-4598.

Fixed KCTF-ac9fe7d in the kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811798 -> 811779

Generative AI on Vertex AI

Gemini 2.5 Flash and Gemini 2.5 Pro are now generally available and accessible using the API and Vertex AI Studio.

See Gemini 2.5 Flash and Gemini 2.5 Pro for more information.

Gemini 2.5 Flash-Lite is now available as a preview offering in both the API and Vertex AI Studio.

See Gemini 2.5 Flash-Lite for more information.

Live API is now available as a private general availability offering in the API and Vertex AI Studio. Reach out to your Google account team representative to request access.

See Live API for more information.

Preview endpoint availability and removal: All existing Gemini 2.5 Flash and Pro preview endpoints (listed below) will continue to be available with their current preview pricing until July 15, 2025. After this date, these preview endpoints will be shut down.

  • gemini-2.5-flash-preview-04-17
  • gemini-2.5-flash-preview-05-20
  • gemini-2.5-pro-preview-03-25
  • gemini-2.5-pro-preview-05-06
  • gemini-2.5-pro-preview-06-05

Updated pricing for Gemini 2.5 Flash GA: The price for Gemini 2.5 Flash in GA will be adjusted to reflect its quality and unified output token pricing. This includes lower prices for thinking output, higher prices for non-thinking output. These pricing changes will take effect on the new GA endpoint as shared above. Preview pricing will only continue on existing preview endpoints for 30 days post-GA on July 15, 2025.

Provisioned Throughput (PT): Once a model is GA, all new PT purchases will be for GA endpoints only. If you've purchased PT for a specific preview version, it will still work for that specific preview. However, you must migrate the existing PT to the GA endpoint or purchase new PT for the GA endpoint by July 15, 2025.

Updated preview endpoints: Effective June 19, 2025, gemini-2.5-flash-preview-04-17 endpoint will serve the Gemini 2.5 Flash model version released on 05-20, which has been promoted to GA. Similarly, the gemini-2.5-pro-preview-05-06 and 03-25 endpoints will serve the Gemini 2.5 Pro model version released on 06-05, also promoted to GA. This update ensures continuity during your transition.

June 16, 2025

AI Applications

AI Applications: Custom search and recommendations

The vertical-agnostic apps, formerly known as generic search and recommendations, are renamed to custom search and recommendations. You'll see this new name in the product console and the documentation set. The functionality and the endpoints remain the same.

Apigee Advanced API Security

On June 16, 2025 we released a new version of Advanced API Security Abuse Detection.

API address drill down details are now available in the preview release of Advanced API Security Abuse Detection incidents in the detected traffic tab.

This new functionality shows details related to specific API addresses when viewing detected abuse in detected traffic.

For usage information, see the Abuse Detection customer documentation for incident details.

Apigee Analytics

On June 16, 2025 we released an updated version of Apigee Analytics and the Apigee UI.

Starting with this release, the API proxy performance dashboard includes aggregate metrics such as the average TPS (transactions per second) with each chart.

For information and usage instructions for the API proxy performance dashboard, see the API proxy performance dashboard customer documentation.

BigQuery

In BigQuery ML, you can now forecast multiple time series at once by using the TIME_SERIES_ID_COL option that is available in ARIMA_PLUS_XREG multivariate time series models. Try this feature with the Forecast multiple time series with a multivariate model tutorial. This feature is generally available (GA).

You can now manage IAM tags on BigQuery datasets and tables using SQL. This feature is generally available (GA).

The BigQuery migration assessment is now available for workflows that use Cloudera and Apache Hadoop. This feature is in Preview.

The Merchant Center best sellers report supports multi-client accounts (MCAs). If you have an MCA, you can use the aggregator_id to query the tables. The BestSellersEntityProductMapping table maps the best-selling entities to the products in the sub-accounts' inventory. This provides a consolidated view of best-selling products, which you can then join with product data for more detailed insights. This feature is generally available (GA).

BigQuery now offers the following Gemini-enhanced SQL translation features:

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, and Feed APIs.

  • Firebase Data Connect
    • firebasedataconnect.googleapis.com/Connector
    • firebasedataconnect.googleapis.com/Schema
    • firebasedataconnect.googleapis.com/Service
  • Integration Connectors
    • connectors.googleapis.com/RegionalSetting
    • connectors.googleapis.com/Setting
  • Network Connectivity
    • networkconnectivity.googleapis.com/Group
Cloud Composer

We're planning to phase out the APIs that aren't required by Cloud Composer 3.

  • Starting February 27, 2026, the following APIs will become fully detachable. Deactivating these APIs won't cause the deactivation of the Cloud Composer API:

    • artifactregistry.googleapis.com
    • cloudbuild.googleapis.com
    • container.googleapis.com
    • pubsub.googleapis.com
    • sqladmin.googleapis.com

  • Starting May 27, 2026, these APIs will no longer be enabled automatically when you enable the Cloud Composer API. To create Cloud Composer 2 environments in new projects, the group of detached APIs must be enabled manually.

Existing Cloud Composer 3 and Cloud Composer 2 environments in projects where the Cloud Composer API is already enabled will not be impacted. You can do the following:

  • After February 27, 2026, if your project has only Cloud Composer 3 environments, then you can manually disable the detached APIs.
  • After February 27, 2026, if your project has Cloud Composer 2 environments, then we recommend keeping these APIs enabled because disabling them might lead to environment's malfunction.
  • After May 27, 2026, if you use automation scripts to provision Cloud Composer 2 environments, then make sure that the listed APIs are enabled in addition to the Cloud Composer API.
Cloud Database Migration Service

Heterogeneous Oracle and SQL Server migrations now provide an improved experience with conversion overview dashboards and streamlined conversion issue grouping. To learn more about Database Migration Service conversion workspaces with Gemini-powered conversion features, see Convert SQL with Database Migration Service .

Cloud Run

You can configure GPU in your Cloud Run job (Preview).

Cloud Storage

Cloud Storage FUSE version 3.0 is now available with new features and enhancements designed to improve performance and simplify configuration. Improvements include automated configurations for high-performance machines, a comprehensive performance tuning guide to help optimize performance, and the new global-max-blocks configuration option, which gives you granular control over streaming write operations.

Generative AI on Vertex AI

The DeepSeek API service on Vertex AI is in Preview. For more information, see the DeepSeek model card in Model Garden.

Google Kubernetes Engine

For clusters running GKE version 1.32.4-gke.1236000 or later, the cluster autoscaler can scale down nodes by evicting Pods in the kube-system namespace that have no Pod Disruption Budget (PDB) set and have been running for at least one hour.

For clusters running GKE version 1.32.4-gke.1236000 or later, the cluster autoscaler can scale down nodes by evicting Pods in the kube-system namespace that have no Pod Disruption Budget (PDB) set and have been running for at least one hour.

Google SecOps

The Release Candidate period of the following premium parsers has been extended from the end of May to the week of July 21, 2025:

  • Crowdstrike Detection Monitoring (CS_DETECTS)
  • Crowdstrike Falcon (CS_EDR)
  • Microsoft Defender for Endpoint

We recommend that you opt-in early and make any necessary adjustments before these updates become the default.

Google SecOps SIEM

The Release Candidate period of the following premium parsers has been extended from the end of May to the week of July 21, 2025:

  • Crowdstrike Detection Monitoring (CS_DETECTS)
  • Crowdstrike Falcon (CS_EDR)
  • Microsoft Defender for Endpoint

We recommend that you opt-in early and make any necessary adjustments before these updates become the default.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

5.1.0 (2025-06-04)

Features
  • Add SchemaViolationReason to IngestionFailureEvent (#2045) (3348e3e)
  • Use specific W3CTraceContextPropagator for OTel (#2036) (c9a9656)
Bug Fixes
  • deps: Update dependency @opentelemetry/semantic-conventions to ~1.33.0 (#2038) (4eb46c5)
  • deps: Update dependency @opentelemetry/semantic-conventions to ~1.34.0 (#2048) (1072c2d)
  • deps: Update dependency protobufjs to ~7.5.0 (#2041) (b65eaeb)
  • Set messaging.operation in createAttributes (#2030) (b8d513a)

Python

Changes for google-cloud-pubsub

2.30.0 (2025-06-07)

Features
  • Add SchemaViolationReason to IngestionFailureEvent (#1411) (c046ca2)
Virtual Private Cloud

VPC Flow Logs annotates RDMA traffic that is reported from A3 Mega VMs. This feature is available in General Availability. For more information, see About VPC Flow Logs records.

June 14, 2025

Google SecOps SOAR

Release 6.3.49 is being rolled out to the first phase of regions as listed here.

This release contains internal and customer bug fixes.

June 13, 2025

Agent Assist

Agent Assist offers Summarization with custom sections V4.0 in GA. V4.0 uses gemini-2.0-flash and supports a concise summary for situation and action.

Cloud Composer

Cloud Composer pages in the Cloud Console now support the dark color theme. You can switch to the dark theme on the Appearance page in the Cloud Console.

Cloud Load Balancing

Cloud Load Balancing supports load balancing to multi-NIC instances that use Dynamic NICs.

This capability is in Preview.

Cloud Trace

The Analysis reports page has been removed. To analyze your trace data, use the Trace explorer page. You can use filters and the time-range selector to view and analyze historical data.

Compute Engine

Generally available: General purpose C4D machine types, powered by the fifth generation AMD EPYC processors (Turin) and Google Titanium, are generally available.

C4D is designed to run mission-critical workloads including web app and game servers, AI inference, web serving, video streaming, and data centric applications like analytics, relational, and in-memory databases.

C4D is available in standard, highmem, and highcpu machine types and supports only Google Cloud Hyperdisk storage and Titanium SSD. To learn more about C4D, refer to the C4D release blog. For details about where you can create C4D instances, see the Regions and zones page.

Preview: Dynamic NICs let you add or remove network interfaces to or from an instance without having to restart or recreate the instance.

You can also use Dynamic NICs when you need more network interfaces. The maximum number of vNICs for most machine types in Google Cloud is 10; however, you can configure up to 16 total interfaces by using Dynamic NICs.

For more information, see the following:

Confidential VM

Support for general purpose C4D machine types is now generally available, featuring:

Google SecOps SOAR

Release 6.3.48 is now available for all regions.

Identity and Access Management

Conditions that check the tags for a resource can also check other attributes, such as the resource name of the timestamp of the request. This feature is available in Preview. For more information, see Resource tags.

Resource Manager

Custom organization policies are now generally available for some API Keys. For more information, see Creating and managing custom constraints.

SAP on Google Cloud

New SAP NetWeaver certification: C4D series of general-purpose machine types

For use with SAP NetWeaver, SAP has certified the Compute Engine general purpose machine types c4d-standard and c4d-highmem.

For more information, see Certified C4D general-purpose machine types.

Security Command Center

The following Event Threat Detection detectors for Vertex AI have been released to Preview:

  • Persistence: New Geography for AI Service
  • Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Admin Activity
  • Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Data Access
  • Privilege Escalation: Anomalous Service Account Impersonator for AI Admin Activity
  • Privilege Escalation: Anomalous Service Account Impersonator for AI Data Access
  • Privilege Escalation: Anomalous Impersonation of Service Account for AI Admin Activity
  • Persistence: New AI API Method
  • Initial Access: Dormant Service Account Activity in AI Service
Virtual Private Cloud

Dynamic Network Interfaces (NICs) are available in Preview.

Dynamic NICs let you update an instance to add or remove network interfaces without having to restart or recreate the instance.

You can also use Dynamic NICs when you need more network interfaces. The maximum number of vNICs for most machine types in Google Cloud is 10; however, you can configure up to 16 total interfaces by using Dynamic NICs.

For more information, see the following:

June 12, 2025

BigQuery

Dark theme is now available for BigQuery in Preview. To enable the dark theme, in the Google Cloud console, click Settings and utilities > Preferences. In the navigation menu, click Appearance, and then select your color theme and click Save.

Cloud Data Fusion

The Elasticsearch plugin version 1.11.0 is available in Cloud Data Fusion version 6.11.0. This release includes the following change:

  • Upgraded Hadoop version for Elasticsearch plugin compatibility (PLUGIN-1881).
Cloud VPN

Cloud VPN supports customizable cipher options for your VPN tunnels. You can configure ciphers as per your security requirements. This feature is available in Public Preview.

For more information, see Configure ciphers in Cloud VPN tunnel.

Dataform

Dark theme is now available for BigQuery and Dataform. To turn on the dark theme, go to the Console, open the Settings and utilities menu next to your avatar, and select Preferences. On the User preferences page, select Appearance in the navigation, select your color theme, and save your selection.

Dialogflow

Conversational Agents: New Chirp 3 HD Cloud Text-to-Speech voice Autonoe is now available.

Conversational Agents: Conversational Agents console now supports test cases.

Conversational Agents: Service agent access tokens used for authentication by both webhooks and tools are now discontinued as mentioned in notification emails to customers earlier this year. Most customers can use service accounts instead.

Data store handlers: Data store handler use tracking for billing purposes has been corrected.

Gemini Code Assist

Configure AI exclusion files

You can now configure the use of .aiexclude and .gitignore files to exclude files from the local context with VS Code Gemini Code Assist (version 2.36.0).

Add code snippets to the chat context

You can now select, attach, and direct Gemini to focus on code snippets with VS Code Gemini Code Assist (version 2.36.0). Code snippet selection enables discrete analysis of smaller code blocks instead of entire files, as Preview.

Selected code snippets in VS Code Gemini Code Assist

Add terminal output to the chat context

Terminal output can now be attached to the chat context with VS Code Gemini Code Assist (version 2.36.0). You can now ask Gemini Code Assist questions about terminal commands and output, as Preview.

Selected terminal output in VS Code Gemini Code Assist

Google Kubernetes Engine

(2025-R25) Version updates

  • Version 1.32.4-gke.1353003 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2771000
    • 1.27.16-gke.2853000
    • 1.28.15-gke.2239000
    • 1.28.15-gke.2380000
    • 1.29.15-gke.1325000
    • 1.29.15-gke.1493000
    • 1.30.12-gke.1086000
    • 1.31.8-gke.1113000
    • 1.32.4-gke.1236007
    • 1.32.4-gke.1353001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2287000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2810000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.15-gke.1395000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.12-gke.1151000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.9-gke.1005000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.4-gke.1353003 with this release.

(2025-R25) Version updates

(2025-R25) Version updates

  • Version 1.33.1-gke.1386000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.30.12-gke.1151000
    • 1.31.9-gke.1005000
    • 1.32.4-gke.1353001
    • 1.32.4-gke.1415001
    • 1.32.4-gke.1533000
    • 1.33.0-gke.2248000
    • 1.33.1-gke.1107000
    • 1.33.1-gke.1375000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.12-gke.1168000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.9-gke.1044001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.32.4-gke.1415000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.33.1-gke.1386000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.12-gke.1168000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.9-gke.1044001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.4-gke.1415000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.33 to version 1.33.1-gke.1386000 with this release.

(2025-R25) Version updates

  • Version 1.32.4-gke.1353003 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.30.12-gke.1086000
    • 1.31.8-gke.1113000
    • 1.32.4-gke.1236007
    • 1.32.4-gke.1353001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.12-gke.1151000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.31.9-gke.1005000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.32.4-gke.1353003 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.12-gke.1151000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.9-gke.1005000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.4-gke.1353003 with this release.

(2025-R25) Version updates

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.30.11-gke.1217000
    • 1.31.7-gke.1390000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.12-gke.1033000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.31.8-gke.1045000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.12-gke.1033000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.8-gke.1045000 with this release.

(2025-R25) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.33.1-gke.1386000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.30.12-gke.1151000
    • 1.31.9-gke.1005000
    • 1.32.4-gke.1353001
    • 1.32.4-gke.1415001
    • 1.32.4-gke.1533000
    • 1.33.0-gke.2248000
    • 1.33.1-gke.1107000
    • 1.33.1-gke.1375000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.12-gke.1168000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.9-gke.1044001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.32.4-gke.1415000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.33.1-gke.1386000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.12-gke.1168000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.9-gke.1044001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.4-gke.1415000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.33 to version 1.33.1-gke.1386000 with this release.

Regular channel

  • Version 1.32.4-gke.1353003 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.30.12-gke.1086000
    • 1.31.8-gke.1113000
    • 1.32.4-gke.1236007
    • 1.32.4-gke.1353001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.12-gke.1151000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.31.9-gke.1005000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.32.4-gke.1353003 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.12-gke.1151000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.9-gke.1005000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.4-gke.1353003 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.30.11-gke.1217000
    • 1.31.7-gke.1390000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.12-gke.1033000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.31.8-gke.1045000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.12-gke.1033000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.8-gke.1045000 with this release.

Extended channel

  • Version 1.32.4-gke.1353003 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2771000
    • 1.27.16-gke.2853000
    • 1.28.15-gke.2239000
    • 1.28.15-gke.2380000
    • 1.29.15-gke.1325000
    • 1.29.15-gke.1493000
    • 1.30.12-gke.1086000
    • 1.31.8-gke.1113000
    • 1.32.4-gke.1236007
    • 1.32.4-gke.1353001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2287000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2810000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.15-gke.1395000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.12-gke.1151000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.9-gke.1005000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.4-gke.1353003 with this release.

No channel

June 11, 2025

AI Hypercomputer

Generally available: You can apply a workload policy in a managed instance group (MIG) to specify the type of the workload to run on the MIG. Workload policies help improve the workload performance by optimizing the underlying infrastructure. The supported type, high-throughput, is ideal for workloads that require high networking performance. For more information, see Workload policy for MIGs.

BigQuery

The following GoogleSQL functions are now available in preview:

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Dataplex Universal Catalog
    • dataplex.googleapis.com/Glossary
Cloud Data Fusion

The HTTP plugin version 1.4.4 is available in Cloud Data Fusion version 6.10.1. This release includes the following changes:

  • Implemented the Client Credentials Grant flow for HTTP OAuth2, enabling authorized clients to securely access data using the client_credentials grant type. Client credentials can be passed through Basic Authentication header, in the request body, or as query parameters (PLUGIN-1872).

  • Fixed an issue causing the HTTP Source plugin to throw a NullPointerException when the BasePageIterator received a null response (PLUGIN-1894).

Cloud Location Finder

Cloud Location Finder public preview release.

Cloud Location Finder lets you identify and filter cloud locations in regions and zones across Google Cloud, Microsoft Azure, Amazon Web Services, and Oracle Cloud Infrastructure based on proximity, geographic location, and carbon energy usage.

Google Cloud CLI commands for Cloud Location Finder are available. For more information, see the gcloud cloudlocationfinder help text.

A REST API for Cloud Location Finder is available. For more information, see the API Reference.

Compute Engine

Preview: The storage-optimized Z3 machine series offers a bare metal (-metal) machine type with 192 vCPUs. Bare metal instances let you create an instance with direct access to the machine's CPU and memory, without a virtualization layer in the middle. To learn more, see Z3 machine series. For information about bare metal instances, including regional availability, see Bare metal instances on Compute Engine.

Generative AI on Vertex AI

Imagen 4's public preview models are updated to the following:

  • imagen-4.0-generate-preview-06-06
  • imagen-4.0-fast-generate-preview-06-06
  • imagen-4.0-ultra-generate-preview-06-06

For more information about each model, see Preview Imagen models.

To avoid service interruption, migrate from imagen-4.0-ultra-generate-exp-05-20 and imagen-4.0-generate-preview-05-20 before 2025-07-07.

Google Cloud VMware Engine

VMware Engine ve2 nodes are now available in Toronto, Canada (northamerica-northeast2).

Google SecOps Marketplace

New Akamai integration

New Google Threat Intelligence integration

Darktrace: Version 18.0

  • Added ability to filter model breaches by priority in the following connector:

    • Darktrace - Model Breaches Connector

Refactored the code to work with updated API in the following integrations:

  • Exchange: Version 113.0
  • ServiceNow: Version 57.0
  • Microsoft Graph Mail Delegated: Version 5.0

Refactored the code in the following integrations:

  • Gmail: Version 4.0
  • Google Cloud API: Version 6.0
  • HTTP v2: Version 9.0
  • Microsoft Graph Mail: Version 28.0
  • Tor: Version 7.0
Looker

Looker 25.10 is expected to include the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Tuesday, June 17, 2025

  • Expected Looker (original) final deployment and download available: Thursday, June 26, 2025

  • Expected Looker (Google Cloud core) deployment start: Monday, June 16, 2025

  • Expected Looker (Google Cloud core) final deployment: Monday, June 30, 2025

The Embed SDK has been upgraded to release 2.0.0. While the 2.0.0 API is backwards-compatible with Embed SDK 1.8.x, the underlying implementation has changed for some functionality. SDK 1.8.x exported a number of classes. SDK 2.0.0 replaces these classes with interfaces that are marked as deprecated (alternative interfaces are identified). We recommend that applications use the interfaces that have an 'I' prefix (the interfaces that have prefixes are identical to the interfaces that don't have them). Applications that are upgraded to SDK 2.0.0 should continue to work and behave as they did previously. To take advantage of the API improvements, some refactoring will be required. The following major changes are included in Embed SDK 2.0.0:

  • Navigating between dashboards, Explores, and Looks no longer requires that an iframe be recreated. Instead, the loadDashboard, loadLook, loadExplore, and loadUrl methods can be used to navigate within the Looker iframe.

  • connect now returns a unified connection rather than a connection that is related only to a dashboard, a Look, or an Explore. The unified connection allows embedding applications to detect a user navigating inside the iframe.

  • Support for additional Looker embedded content has been added for Looker reports and query visualizations.

Note: This item was added on June 13, 2025.

For period-over-period (PoP) measures, a new subparameter, value_to_date, is available. When a PoP measure is defined with value_to_date:yes, Looker will calculate the amount of time in the current timeframe at the time that the query is run and apply that amount of time when it calculates the values for previous periods.

The Firebolt JDBC driver has been updated to version 3.5.0.

The Hive JDBC driver has been updated to version 4.0.1.

The MS SQL JDBC driver has been updated to version 12.10.0.

The Teradata JDBC driver has been updated to version 20.00.00.45.

The Vertica JDBC driver has been updated to version 24.2.0-1.

The new Content Guardrails admin panel lets Looker admins limit both the ability for users to add or execute merged results queries on dashboards and the use of the dashboard auto-refresh option. Limiting merged results queries and dashboard auto-refreshes can reduce the number of queries that are sent to the database and improve dashboard performance. Note: This item was added on June 12, 2025.

The Looker Continuous Integration (CI) features let you run tests on your LookML project to deliver more reliable, efficient, and user-friendly data experiences. You can use the CI validators to catch issues with SQL, data test, content, and LookML before they hit production to verify your LookML and prevent query errors for your users. You can also configure the CI validators to run automatically when a pull request is submitted to your LookML repository. Note: This item was added on June 23, 2025.

This release contains the following accessibility improvements:

  • Increased contrast ratio for graphic elements, including icon bullets

  • Improved contrast for download links and unemphasized text to comply with Web Content Accessibility Guidelines (WCAG) Level AA

The Tile Actions kebab menu now includes the name of the dashboard tile in its aria-label value.

An issue has been fixed where SDK API calls could return a 500 error if optional headers were not specified. The API calls now work as expected even if optional headers are not included.

An issue has been fixed where the PDT Override Service Account field was not available for connections that use OAuth credentials. This feature now performs as expected.

An issue has been fixed where the Manage Access dialog on a folder could load slowly if the Looker instance has a large number of groups. This feature now performs as expected.

An issue has been fixed where, previously, testing a new OAuth connection before saving would run connection tests on an empty connection. OAuth settings must now be saved before running connection tests. This feature now performs as expected.

The OAuth Tenant ID field will no longer appear in connections for which it is not relevant. The only connection type that supports this field is Trino.

An issue has been fixed where the API calls to run git connection tests would fail unless the user was in dev mode. These calls now work as expected whether the user is in production or development mode.

An issue has been fixed where drill downs wouldn't be displayed for a field if the first field value had null values. This feature now performs as expected.

An issue has been fixed where assigning the user attribute looker_internal_email_domain_allowlist on the SAML config page would return a 500 error. This user attribute is not designed to be assigned at the user level, so the option to assign it has been removed from the SAML config page.

An issue has been fixed where restarting the Looker instance during a folder sync could cause the instance to fail to start.

An issue has been fixed where selecting fields from the Session view in the System Activity User Explore could cause fanout. This feature now performs as expected.

An issue has been fixed where the count table calculation function could return incorrect values if its inputs included a list with null values. This feature now performs as expected.

An issue has been fixed where the drill menu did not properly translate some entries when the locale was set to Swedish (sv_SE). This feature now performs as expected.

An issue has been fixed where drilling on a query with subtotals could display incorrect values. This feature now performs as expected.

An issue has been fixed where filtering on a custom dimension that references a datetime type field could return the following error message: No matching signature. This feature now performs as expected.

An issue has been fixed where the LookML validator would return a 500 error if a LookML file contained a sum_distinct measure for a database that doesn't support sum_distinct measures. The LookML validator now returns a more descriptive error message.

An issue has been fixed where entering the value 12:00 in the Time field of an alert schedule dialog would input 00:00 instead.

An issue has been fixed where changes to PDT override settings would not be saved. This feature now performs as expected.

An issue has been fixed where PDTs could fail to rebuild with the following error message: undefined method trace_id_hex. This feature now performs as expected.

You can now embed Looker reports on Looker (original) instances when Looker reports and the Embed Looker reports Labs features are enabled for your instance. Looker reports are available in preview.

An issue has been fixed where LDAP authentication could fail with the following error message: no implicit conversion of Hash into String. This feature now performs as expected.

The Code Interpreter in Conversational Analytics is now available in Preview. The Code Interpreter translates your natural language questions into Python code and executes that code to provide advanced analysis and visualizations. The Code Interpreter is disabled by default. Admins of Looker (Google Cloud core) instances can manage enablement for the Code Interpreter on the Gemini in Looker admin page. Note: This item was added on June 23, 2025.

Spanner

Column operations statistics are generally available. They help you get insights into and monitor the usage of columns in your database. For more information, see Column operations statistics.

June 10, 2025

BigQuery

An updated version of the ODBC driver for BigQuery is now available.

For supported Gemini models, you can now use Vertex AI Provisioned Throughput with the ML.GENERATE_TEXTand AI.GENERATE functions to provide consistent high throughput for requests.

This feature is generally available (GA).

Cloud Composer

A new Cloud Composer release has started on June 10, 2025. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.

Fixed an issue that caused Airflow worker and scheduler Pods to be evicted when a large number of tasks was executed.

New images are available in Cloud Composer 2:

Cloud Composer version 2.8.2 has reached its end of support period.

Compute Engine

A vulnerability (CVE-2025-2884) affecting Shielded VMs using virtual Trusted Platform Module (vTPM) was discovered and is being addressed. For more information, see the GCP-2025-031 security bulletin.

Config Connector

Config Connector version 1.132.0 is now available.

New Alpha Resources (Direct Reconciler):

  • OrgPolicyPolicy
  • OrgPolicyCustomConstraint
  • SpeechRecognizer
  • StorageAnywhereCache

New Fields:

  • SpannerInstance For opt-in direct controller,
    • Added spec.labels field.
    • Added spec.defaultBackupScheduleType field.
  • SecretManagerSecret For opt-in direct controller,
    • Added spec.labels field.
Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.108
  • 1.2.52
  • 2.2.52
  • 2.3.3
Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.30.1000-gke.83 is now available for download. To upgrade, see Upgrade a cluster. Google Distributed Cloud 1.30.1000-gke.83 runs on Kubernetes v1.30.12-gke.100.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issues were fixed in 1.30.1000-gke.83:

Google Distributed Cloud (software only) for bare metal

Google Distributed Cloud for bare metal 1.30.1000-gke.85 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.1000-gke.85 runs on Kubernetes v1.30.12-gke.100.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following issues were fixed in 1.30.1000-gke.85:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

GKE now reports CPU and memory requests and limits metrics for Kubernetes-native sidecar containers starting from GKE version 1.32.4-gke.1106006.

Flex-start provisioning mode on GKE now supports TPUs in single-host node pools. Flex-start makes accessing highly-demanded accelerators, like TPU v5e, v5p, and Trillium easier while optimizing their utilization. To learn more, see About GPU and TPU provisioning with flex-start provisioning mode.

GKE now reports CPU and memory requests and limits metrics for Kubernetes-native sidecar containers starting from GKE version 1.32.4-gke.1106006.

Flex-start provisioning mode on GKE now supports TPUs in single-host node pools. Flex-start makes accessing highly-demanded accelerators, like TPU v5e, v5p, and Trillium easier while optimizing their utilization. To learn more, see About GPU and TPU provisioning with flex-start provisioning mode.

Resource Manager

You can use custom constraints with Organization Policy to provide more granular control over specific fields for indexes and index endpoints in Vector Search. For more information, see Create custom constraints for Vector Search.

Vertex AI

Vector Search custom constraints with Organization Policy

You can use custom constraints with the Organization Policy Service to provide more granular control over specific fields for indexes and index endpoints in Vector Search.

For more information, see Create custom constraints for Vector Search.

Vertex AI Workbench

Available in Preview: You can consume reservations with Vertex AI Workbench instances. Reservations of Compute Engine zonal resources help you gain a high level of assurance that your jobs have the necessary resources to run. For more information, see Use reservations with Vertex AI Workbench instances.

June 09, 2025

API Gateway

On June 9, 2025, we released an updated version of API Gateway.

With this release, the limit on the number of API gateways that can be created per region is increased to 50.

For more information, see Quotas and limits

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.51.0 (2025-06-06)

Features
Dependencies
  • Rollback netty.version to v4.1.119.Final (#3827) (94c71a0)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.65.0 (#3787) (0574ecc)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20250511-2.0.0 (#3794) (d3bf724)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.49.0 (#3811) (2c5ede4)

You can reference Iceberg external tables in materialized views instead of migrating that data to BigQuery-managed storage. This feature is generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.60.0 (2025-06-06)

Features
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.59.0 (65782aa)
  • Ensure that multiple instances of a client in the same process don't clobber each other (#2590) (8d3dca4)
Dependencies
Cloud Data Fusion

Cloud Data Fusion is available in the northamerica-south1 (Mexico) region. For more information, see Pricing.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.22.5 (2025-06-05)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.59.0 (f2362fb)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.49.0 (#1813) (c15da84)
Cloud Run

You can use request host and request path in IAM Conditions when defining access control for invoking Cloud Run services.

Cloud Service Mesh

You can now enforce cluster-local traffic for an individual service, all services in a particular namespace, or globally for all services in the mesh. For more information, see Keeping traffic in-cluster.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.53.0 (2025-06-04)

Features
  • Expose BucketInfo.getProject as a BigInteger (#3119) (64bbb60), closes #3023
  • storagecontrol: Add Anywhere cache control APIs (06572b7)
  • storagecontrol: Add Client Libraries Storage IntelligenceConfig (06572b7)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.58.0 (06572b7)
Dependencies
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20250521-2.0.0 (#3118) (e1be49e)
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20250524-2.0.0 (#3127) (2a4499d)
  • Update sdk-platform-java dependencies (#3129) (31cd058)
Documentation
  • Add explicit Optional annotations to fields that have always been treated as optional (53b6927)
  • Add note that Bucket.project output format is always project number format (53b6927)
  • Add note that managedFolders are supported for GetIamPolicy and SetIamPolicy (53b6927)
Cloud Workstations

The JetBrains readiness server lets you configure the port it listens on and the timeout when you specify the JETBRAINS_READY_SERVER_PORT and JETBRAINS_READY_SERVER_TIMEOUT environment variables in your workstation environment. For more information about setting environment variables, see Customizing your environment.

Dataflow

Dataflow now supports right fitting for streaming jobs. Right fitting lets you specify resource requirements for an entire pipeline or for specific pipeline steps. Previously, right fitting was only supported for batch pipelines. For more information, see Streaming right fitting.

Dataproc

Announcing the GA release of Dataproc on Compute Engine image version 2.3:

Image Version 2.3 is a lightweight image that contains only core components, reducing exposure to Common Vulnerabilities and Exposures (CVEs). For higher security compliance requirements, use the image version 2.3 or later when creating a Dataproc cluster. Optional components can still be deployed on-demand.

The following images are the latest available 2.3 subminor image versions:

  • 2.3.3-debian12, 2.3.3-rocky9, and 2.3.3-ubuntu22

2.3 images include the components listed in 2.3.x release versions.

Generative AI on Vertex AI

Gemini API

The logprobs and response_logprobs parameters for the Gemini API are now generally available. For more information, see Generate content with Gemini API.

Google Cloud Armor

Cloud Armor support for JA4 rate limiting key is Generally Available. For more information, see Configure rate limiting.

Google Cloud Contact Center as a Service

Salesforce ICU Update

This is for Google Contact Center as a Service (CCaaS) customers that use Salesforce integration with CCaaS.

On June 15th, 2025, Salesforce is rolling out an automatic upgrade to its International Components for Unicode (ICU) locale data. This affects how date, time, number, and currency formatting are handled across Apex, Visualforce, and Lightning components.

This change affects Salesforce integrations that are using Apex API versions earlier than 45.0. These integrations use the legacy Java locale behavior, which could cause formatting discrepancies, incorrect parsing, or runtime errors.

Solution

Google has reviewed the CCaaS managed package and has updated the impacted classes to use safe, ICU-compatible parsing and formatting methods. This includes cleaning up legacy code that uses older API versions, which might affect this transition.

The following table shows the affected classes:

Affected classes

Name API version
UJETUtilsController 35.0
UJETUtilsControllerTests 35.0
UJETJWT 43.0
UJETJWTTests 43.0
UJETPageController 43.0

Required action

To ensure compatibility with the Salesforce ICU update and prevent any operational impact, you must complete the following action before June 15th, 2025:

This installation updates the affected classes. No further action is required.

What happens if you don't upgrade?

If any part of your integration or Apex code uses versions earlier than 45.0 after June 15th, Salesforce will not apply the ICU formatting to those sections. This could potentially lead to issues, including the following:

  • Incorrect date and time parsing

  • Unexpected errors in workflows or automations

  • Mismatch between Lightning and Classic behavior

  • Breakage in integrations expecting consistent locale handling

Google considers the affected classes in CC_AGENT_APP v1.38 to be safe. While some of the affected classes have legacy methods that are affected by this update, they are not being actively used and will be deprecated in version 1.40. Regardless, Google still recommends installing the v1.40 update. Not upgrading can potentially impact other solutions that are installed on the environment, as described in this communication.

Defer the update

As described in Enable the ICU Locale Formats, you can defer the automatic rollout of this update.

To defer this update, follow these steps:

  1. From the Quick Find search box in Setup, enter User Interface.

  2. On the User Interface page, deselect the Enable ICU locale formats as part of the scheduled rollout checkbox.

Important: This will only be effective if completed before June 15th 2025.

Google Cloud VMware Engine

VMware Engine ve2 nodes are now available in the following additional region:

  • Melbourne, Australia (australia-southeast2-a)
Looker

Gemini in Looker will be enabled by default for Looker (original) instances that meet at least one of the following criteria:

  • The Automated Gemini in Looker enablement and user management setting on the Settings page in the Looker Admin panel was previously enabled.

  • The instance is updated to Looker 25.6 or later after June 9, 2025.

Instances that are hosted in the EMEA region and those that are enrolled in Looker's Extended Support Release (ESR) program are exempt from automatic enablement.

Looker admins can still manage Gemini in Looker enablement manually on the Gemini in Looker page in the Admin panel.

When the Automated Gemini in Looker enablement and user management setting is enabled, the Gemini Default Users group is created automatically for instances that use an open system configuration. The Gemini Default Users group is populated automatically with all existing users and any new users who are added to the instance.

Network Connectivity Center

Routes that NCC Gateway advertises don't show up in the list of a VPC network's effective routes.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

Java

Changes for google-cloud-pubsub

1.140.1 (2025-06-05)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.59.0 (0eece50)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.49.0 (#2448) (d89a14d)

1.140.0 (2025-06-03)

Features
  • Add SchemaViolationReason to IngestionFailureEvent (21cc376)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.50.1 (#2435) (b37c557)
  • Update dependency com.google.cloud:google-cloud-storage to v2.52.3 (#2436) (4f309d1)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.49.0 (#2444) (a59135c)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.49.0 (#2446) (6434be1)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.31.0 (#2430) (232fac1)
  • Update googleapis/sdk-platform-java action to v2.59.0 (#2445) (12d4cfb)
Documentation
  • sample: Update the subscribe with error listener and subscribe with exactly-once samples (#2437) (17c142b)
SAP on Google Cloud

Google Cloud's Agent for SAP version 3.8

Version 3.8 of Google Cloud's Agent for SAP is generally available (GA). This version introduces monitoring and supportability enhancements.

For more information, see What's new with Google Cloud's Agent for SAP.

June 08, 2025

Google SecOps

Playbook Permissions: Support for API Key Roles

The platform has been updated to extend playbook permissions to also support the SOC Roles associated with API keys, in addition to the user SOC Roles.

This enhancement affects how integrations using API keys interact with playbooks that have specific permission configurations. For example, GitSync now uses this capability to synchronize playbooks with restricted permissions.

For more information on how playbook permissions work with users and API keys, see Playbook permissions.

For specific instructions on configuring GitSync with restricted playbooks, see GitSync - Work with playbook permissions.

Advanced Reports: Case Custom Fields

Advanced Reports (Looker) has been enhanced to include support for custom fields created for Cases.

This enhancement allows users to leverage organization-specific data captured in custom fields to gain deeper insights and create tailored visualizations within Looker reports. Specific LookML formulas and filtering guidance are now available.

For more information on how to use custom fields in Advanced Reports, see Use Custom Fields in Advanced Reports.

Google SecOps SOAR

Release 6.3.47 is now available for all regions.

Security Command Center

Model Armor supports screening text in the following document types for malicious content.

  • DOCX, DOCM, DOTX, DOTM documents
  • PPTX, PPTM, POTX, POT presentations
  • XLSX, XLSM, XLTX, XLTM spreadsheets

Multi-language support for Model Armor filters

The Responsible AI and prompt injection and jailbreak detection filters are tested in English, Spanish, French, Italian, Portuguese, German, Chinese (Mandarin), Japanese, and Korean. These filters can work in other languages, but the quality of results might vary.

For more information, see Languages supported.

June 07, 2025

Google SecOps SOAR

Release 6.3.48 is being rolled out to the first phase of regions.

Playbook Permissions: Support for API Key Roles

The platform has been updated to extend playbook permissions to also support the SOC Roles associated with API keys, in addition to the user SOC Roles.

This enhancement affects how integrations using API keys interact with playbooks that have specific permission configurations. For example, GitSync now uses this capability to synchronize playbooks with restricted permissions.

For more information on how playbook permissions work with users and API keys, see Playbook permissions.

For specific instructions on configuring GitSync with restricted playbooks, see GitSync - Work with playbook permissions.

Advanced Reports: Case Custom Fields

Advanced Reports (Looker) has been enhanced to include support for custom fields created for Cases.

This enhancement allows users to leverage organization-specific data captured in custom fields to gain deeper insights and create tailored visualizations within Looker reports. Specific LookML formulas and filtering guidance are now available.

For more information on how to use custom fields in Advanced Reports, see Use Custom Fields in Advanced Reports.

June 06, 2025

AI Applications

Vertex AI Search: Skip layout parsing for types of HTML content (GA)

The layout parser can skip parsing specific types of HTML content. By excluding less relevant content such as boilerplate, you can improve data quality. The layout parser can exclude based on HTML tags and IDs and on CSS classes.

This feature is generally available (GA) and accessible only through the API. For more information, see Exclude HTML content.

Assured Workloads

The FedRAMP Moderate and FedRAMP High control packages now support the following products:

  • Agent Assist
  • Looker (Google Cloud core)
  • Vertex AI Vector Search

The IL2 control package now supports the following products:

  • Agent Assist
  • Binary Authorization
  • Certificate Authority
  • Conversational Agents (Dialogflow CX)
  • Identity-Aware Proxy (IAP)
  • Looker (Google Cloud core)
  • Vertex AI Vector Search
Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Backup and DR Service
    • backupdr.googleapis.com/Backup
    • backupdr.googleapis.com/BackupVault
    • backupdr.googleapis.com/DataSource
  • Discovery Engine
    • discoveryengine.googleapis.com/Notebook
  • Migrate to Virtual Machines
    • vmmigration.googleapis.com/ImageImport
Cloud Interconnect

Cross-Site Interconnect (Preview) support is available in the following colocation facilities:

  • Melbourne, Australia

For more information, see the Locations table and Global Locations.

Cloud Logging

Cloud Logging begins enforcement of the new volume-based regional quotas. For more information, see Logging API quotas and limits.

Cloud Service Mesh

DNS Proxy feature is now available in the Rapid release channel. This feature requires sidecar version 1.21.5-asm.39 or later.

This change affects clusters using both the TRAFFIC_DIRECTOR and ISTIOD control plane implementations.

When using Cloud Service Mesh with Istio APIs, configuring an unsupported field or value in an Istio Custom Resources will be reflected as an error in the Mesh status API.

In some cases, the validation webhook will also reject unsupported API usage with an error message indicating the specific unsupported API. For more information, see Common webhook error messages. You can mitigate these issues by amending the Istio Custom Resource to remove the specified unsupported API configuration.

Isolation support to prevent cross-region overflow is now available as a preview feature for TRAFFIC_DIRECTOR implementations of Cloud Service Mesh. For more information, see Isolation for Cloud Service Mesh.

Compute Engine

Generally available: The Security Risk Overview dashboard for Compute Engine is generally available. In addition, it provides a Top CVE findings table that lists the most severe CVEs that affect your Compute Engine instances.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.107
  • 1.2.51
  • 2.2.51
  • 2.3.2

Dataproc Serverless for Spark: Fixed a bug that prevented the spark.executorEnv property from correctly setting specific executor environment variables across all runtimes.

Security Command Center

The Security Risk Overview dashboard for Compute Engine is in General Availability. In addition, it provides a Top CVE findings table that lists the most severe CVEs that affect your Compute Engine instances.

June 05, 2025

Cloud Storage

The limit for the maximum number of prefixes and suffixes when using matchesPrefix and matchesSuffix lifecycle conditions across all rules on a bucket is increased from 50 to 1,000. For more information, see Quotas and limits.

Gemini Code Assist

Stop in-progress chat responses

You can now stop chat responses with VS Code Gemini Code Assist (version 2.35.0). Undesired long running or errant chat responses are immediately halted.

Stop chat responses in VS Code.

Clickable filenames in chat (Preview)

You can now click filenames referenced in a chat response to open the file in the IDE with VS Code Gemini Code Assist (2.35.0), as Preview.

Clickable filenames in VS Code.

Exclude files from local context (Preview)

Context exclusion of files using .gitIgnore is now enforced. Files present in .gitignore are now excluded from the local context with chat, code generation, code completion, and code transformation, as Preview.

Automatic scrolling

VS Code Gemini Code Assist (version 2.35.0) now automatically scrolls through chat responses, enabling easier and faster readability. You can disable automatic scrolling in the Gemini Code Assist settings.

Automatic scrolling in VS Code Gemini Code Assist.

Generative AI on Vertex AI

Gemini 2.5 Pro's public preview version has been updated to gemini-2.5-pro-preview-06-05 and includes expanded support for thinking. This model version is available in the API and Vertex AI Studio.

See Gemini 2.5 Pro for model details.

Google Cloud Contact Center as a Service

Patch 3.35.15 is released

This patch does the following:

  • Fixes an issue in agent desktop. When an agent had active chat sessions with two end-users simultaneously, the chat history was missing for one of the chats.

  • Fixes an issue where bulk user upload jobs on the Bulk User Management page got stuck and didn't complete.

  • Fixes an issue in agent desktop where the chat adapter was unavailable when a chat was received.

Google Kubernetes Engine

(2025-R24) Version updates

  • Version 1.32.4-gke.1236007 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2732000
    • 1.27.16-gke.2820000
    • 1.28.15-gke.2192000
    • 1.28.15-gke.2303000
    • 1.29.15-gke.1274000
    • 1.29.15-gke.1415000
    • 1.30.12-gke.1033000
    • 1.31.8-gke.1045000
    • 1.32.4-gke.1106006
    • 1.32.4-gke.1236006
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2239000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2771000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2239000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.15-gke.1325000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.12-gke.1086000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.8-gke.1113000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.4-gke.1236007 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.33 to version 1.33.0-gke.2248000 with this release.

(2025-R23) Version updates

There are no version updates for 2025-R23.

(2025-R24) Version updates

(2025-R23) Version updates

There are no version updates for 2025-R23.

(2025-R24) Version updates

(2025-R23) Version updates

There are no version updates for 2025-R23.

(2025-R24) Version updates

  • Version 1.32.4-gke.1236007 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.30.12-gke.1033000
    • 1.31.8-gke.1045000
    • 1.32.4-gke.1106006
    • 1.32.4-gke.1236006
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.12-gke.1086000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.31.8-gke.1113000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.32.4-gke.1236007 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.12-gke.1086000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.8-gke.1113000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.4-gke.1236007 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.33 to version 1.33.0-gke.2248000 with this release.

(2025-R23) Version updates

There are no version updates for 2025-R23.

(2025-R24) Version updates

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.30.11-gke.1157000
    • 1.31.7-gke.1265000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.11-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.31.7-gke.1390000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.11-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.7-gke.1390000 with this release.

(2025-R23) Version updates

There are no version updates for 2025-R23.

(2025-R24) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

  • Version 1.32.4-gke.1236007 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.30.12-gke.1033000
    • 1.31.8-gke.1045000
    • 1.32.4-gke.1106006
    • 1.32.4-gke.1236006
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.12-gke.1086000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.31.8-gke.1113000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.32.4-gke.1236007 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.12-gke.1086000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.8-gke.1113000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.4-gke.1236007 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.33 to version 1.33.0-gke.2248000 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.30.11-gke.1157000
    • 1.31.7-gke.1265000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.11-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.31.7-gke.1390000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.11-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.7-gke.1390000 with this release.

Extended channel

  • Version 1.32.4-gke.1236007 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2732000
    • 1.27.16-gke.2820000
    • 1.28.15-gke.2192000
    • 1.28.15-gke.2303000
    • 1.29.15-gke.1274000
    • 1.29.15-gke.1415000
    • 1.30.12-gke.1033000
    • 1.31.8-gke.1045000
    • 1.32.4-gke.1106006
    • 1.32.4-gke.1236006
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2239000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2771000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2239000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.15-gke.1325000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.12-gke.1086000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.8-gke.1113000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.4-gke.1236007 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.33 to version 1.33.0-gke.2248000 with this release.

No channel

(2025-R23) Version updates

There are no version updates for 2025-R23.

Network Security Integration

Network Security integration now retains 396 bytes for the GENEVE encapsulation overhead. Consumer networks must use the maximum transmission unit (MTU) size of 8500 bytes or less. Producer networks must use an MTU at least 396 bytes more than the consumer network. For more information, see GENEVE encapsulation and MTU requirements.

Oracle Database@Google Cloud

Oracle Database@Google Cloud supports region asia-northeast1 (Tokyo, Japan).

For a full list of supported locations, see Regional availability

Security Command Center

Vulnerability Assessment for Google Cloud supports scanning on Google Kubernetes Engine (GKE) nodes and containers. This feature has been released to Preview.

Muted findings are no longer considered in the Security Command Center Risk Engine. As a result, they no longer get attack exposure scores.

Virtual Private Cloud

You can publish a Secure Web Proxy instance as a Private Service Connect service. Making Secure Web Proxy available as a published service lets you centralize egress traffic management across multiple VPC networks. This feature is available in General Availability.

June 04, 2025

Apigee Advanced API Security

On June 4, 2025 we released an update to the Anomaly Detection model in Advanced API Security Abuse Detection.

New model for Abuse Detection's Advanced Anomaly Detection rule

With this release, we introduced a new and improved machine learning model for anomaly detection in Advanced API Security. This new model includes the following improvements:

  • Trained on customer-specific traffic patterns. The new model is trained exclusively on your organization's historical API traffic data. It continues to learn from your API traffic patterns over time to increase accuracy.
  • Engineered by Google for anomaly detection. The new model is a custom Vertex AI-based machine learning model, engineered and also used internally by Google specifically to detect anomalies in traffic patterns.

Usage requirements:

  • In order to use this new model, you must explicitly opt in to allow the model to use your traffic and other data to train for anomaly detection. Note that your data is never shared with other customers for training purposes.
  • The new model is not available for VPC-SC customers at this time.

The new anomaly detection model replaces the old model, with no customer-facing changes to the API or UI. Upon opting in for model training, you can expect to start seeing detected anomalies within 6 hours. If you have already opted in to allow the older version of our anomaly detection model to use your traffic data for training, you will not need to opt in again.

For more information on this model and on Abuse Detection, see Abuse Detection customer documentation, including Detection rules.

Apigee hybrid

hybrid v1.15.0

On June 4, 2025 we released an updated version of the Apigee hybrid software, 1.15.0.

Large message payload support in Apigee hybrid

Apigee now supports message payloads up to 30MB. You configure support for large message payloads in Apigee hybrid for individual environments or for your whole installation. See Configure large message payload support in Apigee hybrid.

Bug ID Description
412324617 Fixed issue where Runtime container could spin at 100% cpu limit. (Fixed in v1.14.2)
399447688 API proxy deployment could become stuck in PROGRESSING state. (Fixed in v1.14.2)
396886110 Fixed a bug where the HPA max replicas could be lower than min. (Fixed in v1.14.1)
413708061, 396571537 Rotating Cassandra credentials in Kubernetes secrets fixed for Multi-region deployments. (Fixed in v1.14.2)
392547038 Add Helm chart template checks for non-existent environments and virtualhosts. (Fixed in v1.14.1)
391861216 Restore for Google Cloud Platform and HYBRID Cloud Providers no longer affects system keyspaces. This fixes Known Issue 391861216. (Fixed in v1.14.1)
390258745, 388608440 Any left over Cassandra snapshots are automatically removed. This fixes known issue 388608440. (Fixed in v1.14.1)
384937220 Fixed ApigeeRoute name collision on internal chaining gateway for Enhanced Proxy Limits. (Fixed in v1.14.2)
383441226 Added the following metrics configuration properties: (Fixed in v1.14.1)
368155212 Auto Cassandra secret rotation could fail when Enhanced per-environment proxy limits are enabled. (Fixed in v1.14.2)
367681534 Tagging apigee-stackdriver-prometheus-sidecar to prevent removal from customer repos after 2 years due to infrequent updates. (Fixed in 1.14.0-hotfix.1)

Fixed in this release

Bug ID Description
N/A Security fixes for apigee-asm-ingress.
This addresses the following vulnerability:
N/A Security fixes for apigee-asm-istiod.
This addresses the following vulnerability:
N/A Security fixes for apigee-connect-agent.
This addresses the following vulnerability:
N/A Security fixes for apigee-envoy.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-fluent-bit.
This addresses the following vulnerability:
N/A Security fixes for apigee-hybrid-cassandra.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra-client.
This addresses the following vulnerability:
N/A Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerability:
N/A Security fixes for apigee-mart-server.
This addresses the following vulnerability:
N/A Security fixes for apigee-operators.
This addresses the following vulnerability:
N/A Security fixes for apigee-prom-prometheus.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prometheus-adapter.
This addresses the following vulnerability:
N/A Security fixes for apigee-redis.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-runtime.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-stackdriver-logging-agent.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-synchronizer.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-watcher.
This addresses the following vulnerability:
N/A Security fixes for cert-manager-cainjector.
This addresses the following vulnerabilities:
N/A Security fixes for cert-manager-controller.
This addresses the following vulnerabilities:
N/A Security fixes for cert-manager-webhook.
This addresses the following vulnerabilities:
N/A Security fixes for vault.
This addresses the following vulnerability:

Fixed since last minor release

Bug ID Description
391923260 Security fixes for apigee-watcher. (Fixed in v1.14.1)
This addresses the following vulnerabilities:
391923260 Security fixes for apigee-udca. (Fixed in v1.14.2)
This addresses the following vulnerabilities:
385394193, 383850393, 383778273 Security fixes for apigee-cassandra-backup-utility, apigee-cassandra-client, and apigee-hybrid-cassandra. (Fixed in v1.14.1)
This addresses the following vulnerabilities:
385394193, 383850393, 383778273 Security fixes for apigee-cassandra-backup-utility, apigee-cassandra-client, and apigee-hybrid-cassandra. (Fixed in v1.13.3)
This addresses the following vulnerabilities:
383113773, 382967738 Fixed a vulnerability in PythonScript policy. (Fixed in v1.14.1)
365178914 Security fixes for apigee-cassandra-backup-utility and apigee-hybrid-cassandra. (Fixed in v1.14.1)
This addresses the following vulnerability:
N/A Security fixes for apigee-watcher. (Fixed in v1.14.2)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-udca. (Fixed in v1.13.3)
This addresses the following vulnerability:
N/A Security fixes for apigee-stackdriver-logging-agent. (Fixed in v1.14.2)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-redis. (Fixed in v1.14.2)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prometheus-adapter. (Fixed in v1.14.2)
This addresses the following vulnerability:
N/A Security fixes for apigee-prometheus-adapter. (Fixed in v1.14.1)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-operators. (Fixed in v1.14.2)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-open-telemetry-collector. (Fixed in v1.14.2)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-open-telemetry-collector. (Fixed in v1.14.1)
This addresses the following vulnerability:
N/A Security fixes for apigee-mint-task-scheduler. (Fixed in v1.14.2)
This addresses the following vulnerability:
N/A Security fixes for apigee-mint-task-scheduler. (Fixed in v1.14.1)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-mint-task-scheduler. (Fixed in v1.13.3)
This addresses the following vulnerability:
N/A Security fixes for apigee-kube-rbac-proxy. (Fixed in v1.13.3)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra. (Fixed in v1.14.2)
This addresses the following vulnerability:
N/A Security fixes for apigee-hybrid-cassandra. (Fixed in v1.14.1)
This addresses the following vulnerability:
N/A Security fixes for apigee-hybrid-cassandra. (Fixed in v1.13.3)
This addresses the following vulnerability:
N/A Security fixes for apigee-hybrid-cassandra-client. (Fixed in v1.14.2)
This addresses the following vulnerability:
N/A Security fixes for apigee-fluent-bit. (Fixed in v1.14.2)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-fluent-bit. (Fixed in v1.13.3)
This addresses the following vulnerability:
N/A Security fixes for apigee-asm-istiod. (Fixed in v1.14.1)
This addresses the following vulnerability:
BigQuery

The organization-level configuration settings for default_sql_dialect_option and query_runtime are unsupported.

Cloud Logging

You can now cancel a running query in the Logs Explorer by clicking the Stop query button.

Compute Engine

Preview: OS Login now supports connections from SSH certificates in addition to SSH keys. For more information, see Set up OS Login to require SSH certificates for SSH connections.

Filestore

The promoteReplica API is available for promoting replicas to regular instances. For more information, see About instance replication.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.32.100-gke.106 is now available for download. To upgrade, see Upgrade a cluster. Google Distributed Cloud 1.32.100-gke.106 runs on Kubernetes v1.32.4-gke.200.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

For clusters configured with advanced clusters, introduced an Envoy sidecar into the GKE Identity Service to increase security, reliability, and performance.

Google Distributed Cloud (software only) for bare metal

Google Distributed Cloud for bare metal 1.32.100-gke.106 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.32.100-gke.106 runs on Kubernetes v1.32.4-gke.200.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Introduced an Envoy sidecar into the GKE Identity Service to increase security, reliability, and performance.

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google SecOps Google SecOps Marketplace

Refactored the code to work with updated API in the following integrations:

  • BMC Remedy ITSM: Version 8.0
  • Gmail: Version 3.0
  • Google Cloud API: Version 5.0
  • Microsoft Graph Mail: Version 27.0
  • Service Desk Plus V3: Version 6.0
  • Vertex AI: Version 2.0

Google Chronicle: Version 59.0

  • Updated the API root to be configurable in IDE in the following connector:
    • Google Chronicle - Chronicle Alerts Connector

Nmap: Version 2.0

  • Updated JSON Result structure in the following action:
    • Scan Entities

Vertex AI: Version 2.0

  • Fixed non-Google models that weren't working
Google SecOps SIEM Network Connectivity Center

NCC Gateway is available in public preview.

NCC Gateway is a regional product that enables security functions such as third-party Security Service Edge (SSE) for Cross-Cloud Network traffic. You can use Secure Access Connect with NCC Gateway to securely connect remote workforces to private applications in Google Cloud, on-premises, or other cloud providers and to public applications, like Palo Alto Networks Prisma Access and Symantec Cloud Secure Web Gateway.

Security Command Center

Security Command Center Premium customers can now access toxic combinations, which are in General Availability, and chokepoints, which are in Preview. These are available at the organization level. For more information, see Toxic combinations and chokepoints overview.

reCAPTCHA

reCAPTCHA Mobile SDK v18.8.0-beta01 is now available for Android

This version contains reliability improvements and bug fixes.

June 03, 2025

Apigee API hub

On June 3, 2025, we released an updated version of Apigee.

Apigee API hub is enabled for new Apigee organizations in supported regions.

With this release, we are enabling Apigee API hub for new Apigee organizations in regions where API hub is supported. All new Apigee organizations, including hybrid organizations, that select an API hub-supported region for their Apigee Analytics region during provisioning will have access to API hub features at no additional cost.

API hub allows you to view, organize, and manage all of the APIs in your Apigee organization in one central location. To learn more, see What is Apigee API hub?

No action on your part is required to provision API hub for your organization, with the following exceptions:

Contact Google Cloud Support for questions or assistance.

Apigee X

On June 3, 2025, we released an updated version of Apigee.

Apigee API hub is enabled for new Apigee organizations in supported regions.

With this release, we are enabling Apigee API hub for new Apigee organizations in regions where API hub is supported. All new Apigee organizations, including hybrid organizations, that select an API hub-supported region for their Apigee Analytics region during provisioning will have access to API hub features at no additional cost.

API hub allows you to view, organize, and manage all of the APIs in your Apigee organization in one central location. To learn more, see What is Apigee API hub?

No action on your part is required to provision API hub for your organization, with the following exceptions:

Contact Google Cloud Support for questions or assistance.

BigQuery

You can now use the BigQuery advanced runtime to improve query execution time and slot usage. This feature is in Preview.

BigQuery tables for Apache Iceberg have been renamed BigLake tables for Apache Iceberg in BigQuery. This feature is now generally available (GA).

BigQuery metastore has been renamed BigLake metastore and is now generally available (GA). The feature formerly known as BigLake metastore has been renamed BigLake metastore (classic).

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Cloud Deploy
    • clouddeploy.googleapis.com/Automation
    • clouddeploy.googleapis.com/AutomationRun
    • clouddeploy.googleapis.com/CustomTargetType
    • clouddeploy.googleapis.com/DeployPolicy
    • clouddeploy.googleapis.com/JobRun
  • Dataproc Metastore
    • metastore.googleapis.com/Federation
Cloud Load Balancing

Application Load Balancers now support the use of custom metrics that let you configure your load balancer's traffic distribution behavior to be based on metrics specific to your application or infrastructure requirements, rather than Google Cloud's standard utilization or rate-based metrics. Defining custom metrics for your load balancer gives you the flexibility to route application requests to the backend instances and endpoints that are most optimal for your workload.

For more information, see Custom metrics for Application Load Balancers.

This capability is in General availability.

Cleartext HTTP/2 over TCP, also known as H2C, lets you use HTTP/2 without TLS. H2C is supported by internal and external Application Load Balancers for both of the following connections:

  • Connections between clients and the load balancer. No special configuration is required. Support for this capability is already in General Availability.

  • Connections between the load balancer and its backends. Support for this capability is now in General Availability.

    To configure H2C for connections between the load balancer and its backends, you set the backend service protocol to H2C.

Cloud Workstations Compute Engine

Preview: You can enable your project to send HTTP requests to a Compute Engine feature alpha URI. This action lets you test and develop with experimental features in the alpha stage using REST. For more information, see Use the Compute Engine API in alpha.

Generative AI on Vertex AI

Model Garden now includes DeepSeek-R1-0528 variants.

In Model Garden, the following fine tuning features have been added:

Google SecOps

User interface fixes

There was an issue with highlighting regular expressions in Search and Rules Editor. Once you entered a regular expression, all subsequent text on the line would be highlighted as if it was also a regular expression (whether it was or wasn't). This issue has been fixed. Note that both string literals (specified with back ticks) and regular expressions are highlighted in the same color.

There was an issue with uppercase keywords in Search and Rules Editor. They weren't being highlighted correctly. This issue has been fixed.

Google SecOps SIEM

User interface fixes

There was an issue with highlighting regular expressions in Search and Rules Editor. Once you entered a regular expression, all subsequent text on the line would be highlighted as if it was also a regular expression (whether it was or wasn't). This issue has been fixed. Note that both string literals (specified with back ticks) and regular expressions are highlighted in the same color.

There was an issue with uppercase keywords in Search and Rules Editor. They weren't being highlighted correctly. This issue has been fixed.

Looker Studio

Pro feature: Gemini in Looker is enabled by default

For Looker Studio Pro subscriptions that are created on or after June 3, 2025, Gemini in Looker is enabled automatically. Looker Studio users with the appropriate permissions can manage enablement on the Gemini in Looker page under User Settings.

Security Command Center

The following Container Threat Detection detectors for Google Kubernetes Engine have been released to General Availability:

  • Credential Access: Find Google Cloud Credentials
  • Credential Access: GPG Key Reconnaissance
  • Defense Evasion: Base64 ELF File Command Line
  • Defense Evasion: Base64 Encoded Python Script Executed
  • Defense Evasion: Base64 Encoded Shell Script Executed
  • Execution: Fileless Execution in /memfd:
  • Execution: Suspicious OpenSSL Shared Object Loaded
  • Privilege Escalation: Fileless Execution in /dev/shm

June 02, 2025

AlloyDB for PostgreSQL

You can let AlloyDB automatically create Private Service Connect endpoints for authorized projects when you create Private Service Connect-enabled instances, based on your defined service connection policy. This feature is generally available (GA).

You can create AlloyDB clusters with Private Services Connect through the Google Cloud console.

Apigee Integrated Portal

On June 2, 2025 we released a new version of the Apigee integrated portal.

Bug ID Description
404509044 When configuring an SMTP server, and the portal is first provisioned, email notifications are sent to portal users from a generic sender address. This release updates that generic address to noreply-apigee-portals@google.com.

This approach is suitable for evaluation, but you should configure your own SMTP server before launching your portal to users. When you configure the SMTP server, you can also configure the sender address, for example, no-reply@mycompany.com.

Apigee X

On June 2, 2025, we released an updated version of Apigee (1-15-0-apigee-5).

New flow variables available for VerifyAPIKey policy

Two new flow variables have been added to the VerifyAPIKey policy.

  • app_group_app
  • app_group_name

To learn more, see Using flow variables.

Bug ID Description
410670597 Fixed the proxy response count metric (proxy/response_count) for EventFlow-enabled streaming proxies.
375360455 Resolved issues with connection termination when using HTTP streaming

Added automatic retries for connection reset due to upstream services.
N/A Updates to security infrastructure and libraries.
N/A x-b3 trace headers will be sent only when distributed tracing is enabled. In previous releases Apigee was sending x-b3 trace headers even when distributed tracing was disabled. This was an unexpected behavior which is fixed in this release.
BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

8.1.0 (2025-05-29)

Features

Go

Changes for bigquery/storage/apiv1beta1

1.69.0 (2025-05-27)

Features
  • bigquery/analyticshub: Add support for Analytics Hub & Marketplace Integration (2aaada3)
  • bigquery/analyticshub: Adding allow_only_metadata_sharing to Listing resource (2aaada3)
  • bigquery/analyticshub: Adding CommercialInfo message to the Listing and Subscription resources (2aaada3)
  • bigquery/analyticshub: Adding delete_commercial and revoke_commercial to DeleteListingRequest and RevokeSubscriptionRequest (2aaada3)
  • bigquery/analyticshub: Adding DestinationDataset to the Subscription resource (2aaada3)
  • bigquery/analyticshub: Adding routine field to the SharedResource message (2aaada3)
  • bigquery: Add support for dataset view and update modes (#12290) (7c1f961)
  • bigquery: Job creation mode GA (#12225) (1d8990d)

Python

Changes for google-cloud-bigquery

3.34.0 (2025-05-27)

Features
Bug Fixes
Documentation

In the navigation menu, you can now go to Settings and select Configuration settings to customize the BigQuery Studio experience for users within the selected project or organization. This is achieved by showing or hiding user interface elements. This feature is in preview.

The CREATE EXTERNAL TABLE and LOAD DATA statements now support the following options in preview:

  • time_zone: specify a time zone to use when loading data
  • date_format, datetime_format, time_format, and timestamp_format: define how date and time values are formatted in your source files

In the BigQuery console, in the Welcome tab, you can now try the Apache Spark demo notebook that walks you through the basics of Spark notebook and showcases serverless Spark in BigQuery. This feature is generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigtable

6.1.0 (2025-05-30)

Features
  • Add full support for the universe domain (#1604) (4562e23)
Cloud Composer

Improved the startup times of Airflow workers for environments that have a large number of custom PyPI packages installed.

This change rolls out gradually. In this release, it's available in asia-east1, asia-northeast2, asia-south1, europe-north1, europe-west3, us-east1, us-south1, and us-west2 regions.

(Cloud Composer 3) If a VPC network is attached to an environment, then all DNS addresses accessed by the Airflow components of the environment are resolved using the Cloud DNS configuration of the VPC network. In particular, Airflow workers that execute DAGs will resolve DNS addresses in this way.

(Cloud Composer 3) All newly created private DNS zones are immediately visible to a Cloud Composer environment. Previously, re-attaching a VPC network was required.

(Cloud Composer 3) It's now possible to use zones with cross-project binding. Before this change, cross-project bound zones weren't supported in Cloud Composer 3.

(Cloud Composer 2) In Cloud Composer versions 2.11.5 and later, log processing is switching to using OpenTelemetry instead of Fluentd.

This change was announced previously and is gradually rolling out over several releases. In this release, it's available in the following regions: asia-east1, asia-east2, asia-northeast2, asia-northeast3, asia-south2, asia-southeast2, australia-southeast1, australia-southeast2, europe-central2, europe-north1, europe-north2, europe-southwest1, europe-west, europe-west10, europe-west12, europe-west6, europe-west8, europe-west9, me-central1, me-central2, me-west1, northamerica-northeast2, northamerica-south1, southamerica-east1, southamerica-west1, us-east5, us-south1, us-west, and us-west3.

New images are available in Cloud Composer 2:

Cloud Composer version 2.8.1 has reached its end of support period.

Cloud Data Fusion

The Salesforce plugin version 1.6.10 is available in Cloud Data Fusion versions 6.10.1 and 6.11.0. This release includes the following changes:

  • Upgraded Salesforce API version from 53.0 to 62.0 (PLUGIN-1891).
  • Added a retry mechanism for all Salesforce API calls from the Salesforce plugin (PLUGIN-1892).
Cloud Monitoring

You can now add treemap widgets to your custom dashboards. Treemaps display the most recent value of aggregated data as a series of nested rectangles, the color saturation of a rectangle is proportional to the represented value. For more information, see the following:

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.55.0 (2025-05-29)

Features
  • storage/control: Add Client Libraries Storage IntelligenceConfig (2aaada3)
  • storage/internal: Add IpFilter to Bucket (#12309) (d8ae687)
  • storage/internal: Add Object.Retention message (d8ae687)
Bug Fixes
  • storage: Add EnableNewAuthLibrary internalOption to HTTP newClient (#12320) (0036073)
  • storage: Migrate oauth2/google usages to cloud.google.com/go/auth (#11191) (3a22349)
  • storage: Omit check on MultiRangeDownloader (#12342) (774621c)
  • storage: Retry url.Error and net.OpErrors when they wrap an io.EOF (#12289) (080f6b0)
Documentation
  • storage/internal: Add explicit Optional annotations to fields that have always been treated as optional (d8ae687)
  • storage/internal: Add note that Bucket.project output format is always project number format (d8ae687)
  • storage/internal: Add note that managedFolders are supported for GetIamPolicy and SetIamPolicy (d8ae687)
Compute Engine

Preview: The general-purpose C4D machine series offers bare metal (-metal) machine types with 384 vCPUs. Bare metal instances let you create an instance with direct access to the machine's CPU and memory, without a virtualization layer in the middle. To learn more, see C4D machine series. For information about bare metal instances, including regional availability, see Bare metal instances on Compute Engine.

Container Optimized OS

cos-dev-125-19071-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.92 v27.5.1 v2.0.4 See List

Upgraded google-guest-agent to 20250327.00. This included new services like google-guest-compat-manager.service and google-guest-agent-manager.service and new binaries like google_guest_compat_manager, gce_metadata_script_runner, google_guest_agent_manager, ggactl_plugin_cleanup and gce_compat_metadata_script_runner.

Updated the Linux kernel to v6.6.92.

Supported NVIDIA MFT Tools.

Injected IMEX channel char device for GB200 GPUs.

Updated cos-gpu-installer to v2.5.2: Added support for OTHER/NO_GPU cases to enable GPU driver preloading on the ARM64 architecture and added support for IMEX Driver configuration installation for NVIDIA_GB200 machine.

Upgraded app-admin/google-guest-configs to v20250516.00.

Fixed docker MTU mismatch.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r665.

Upgraded chromeos-base/google-breakpad to v2025.05.22.184901-r240.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2830.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2969.

Upgraded chromeos-base/shill-client to v0.0.1-r4866.

Upgraded chromeos-base/debugd-client to v0.0.1-r2734.

Upgraded sys-apps/rootdev to v0.0.1-r51.

Upgraded dev-lang/go to v1.23.9.

Upgraded sys-apps/dbus to v1.16.2-r197.

Upgraded sys-apps/less to v678.

Upgraded dev-db/sqlite to v3.49.2.

Fixed CVE-2024-23337 in app-misc/jq.

Upgraded net-misc/curl to version 8.12.1. This fixes CVE-2025-0167.

Fixed CVE-2025-46836 in sys-apps/net-tools

Fixed CVE-20250-3198 in sys-libs/bintuils-libs.

Fixed KCTF-3f98113 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811729 -> 811798
  • Changed: net.ipv6.conf.docker0.mtu: 1500 -> 1460

cos-117-18613-263-24

Kernel Docker Containerd GPU Drivers
COS-6.6.87 v24.0.9 v1.7.27 See List

Updated cos-gpu-installer to v2.5.2: Added support for OTHER/NO_GPU cases to enable GPU driver preloading on the ARM64 architecture and added support for IMEX Driver configuration installation for NVIDIA_GB200 machine.

Upgraded sys-apps/less to v678.

Fixed CVE-2024-23337 in app-misc/jq.

Fixed CVE-2024-43840 in the Linux kernel.

Fixed KCTF-3f98113 in the Linux kernel.

Fixed KCTF-8478a72 in the Linux kernel.

cos-113-18244-382-29

Kernel Docker Containerd GPU Drivers
COS-6.1.134 v24.0.9 v1.7.27 See List

Updated cos-gpu-installer to v2.5.2: Added support for OTHER/NO_GPU cases to enable GPU driver preloading on the ARM64 architecture and added support for IMEX Driver configuration installation for NVIDIA_GB200 machine.

Upgraded sys-apps/less to v678.

Fixed CVE-2024-23337 in app-misc/jq.

Fixed CVE-2024-36927 in the Linux kernel.

Fixed KCTF-3f98113 in the Linux kernel.

Fixed KCTF-8478a72 in the Linux kernel.

cos-121-18867-90-38

Kernel Docker Containerd GPU Drivers
COS-6.6.87 v27.5.1 v2.0.4 See List

Updated cos-gpu-installer to v2.5.2: Added support for OTHER/NO_GPU cases to enable GPU driver preloading on the ARM64 architecture and added support for IMEX Driver configuration installation for NVIDIA_GB200 machine.

Upgraded sys-apps/less to v678.

Fixed CVE-2024-23337 in app-misc/jq.

Fixed KCTF-3f98113 in the Linux kernel.

Fixed KCTF-8478a72 in the Linux kernel.

cos-109-17800-519-18

Kernel Docker Containerd GPU Drivers
COS-6.1.135 v24.0.9 v1.7.27 See List

Updated cos-gpu-installer to v2.5.2: Added support for OTHER/NO_GPU cases to enable GPU driver preloading on the ARM64 architecture and added support for IMEX Driver configuration installation for NVIDIA_GB200 machine.

Upgraded sys-apps/less to v678.

Fixed CVE-2024-26783 in the Linux kernel.

Fixed KCTF-3f98113 in the Linux kernel.

Fixed KCTF-8478a72 in the Linux kernel.

Google Cloud Architecture Center

(New guide) Optimize AI and ML workloads with Google Cloud Managed Lustre: Shows how to use Managed Lustre to optimize the performance of AI and ML workloads.

Policy Controller

Policy Controller version 1.20.4 is now available.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-pubsub

2.29.1 (2025-05-23)

Bug Fixes
  • Remove setup.cfg configuration for creating universal wheels (#1376) (60639c4)
Documentation
  • sample: Add samples for topic and subscription SMTs (#1386) (4d072e0)
  • Update documentation for JavaScriptUDF to indicate that the message_id metadata field is optional instead of required (#1380) (be90054)
  • Update readme links (#1409) (77ba05d)

General availability: Pub/Sub now offers Single Message Transforms (SMTs) that enable lightweight modifications to message data and attributes directly within Pub/Sub. SMTs can be set as properties of topics or subscriptions. The change is being rolled out in a phased manner over the rest of the week. For more information about SMTs, see Single Message Transforms (SMTs) overview.

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.81.0 (2025-05-09)

Features
  • spanner/spansql: Add support for DROP SEARCH INDEX and ALTER SEARCH INDEX (#11961) (952cd7f)
Bug Fixes
  • spanner: Row mismatch in SelectAll using custom type (#12222) (ce6a23a)

1.81.1 (2025-05-15)

Features
  • spanner: Add support of AFE and GRPC metrics in client-side metrics (#12067) (7b77038)

1.82.0 (2025-05-20)

Features
  • spanner/admin/database: Add throughput_mode to UpdateDatabaseDdlRequest to be used by Spanner Migration Tool. See https (#12287) (2a9d8ee)

Java

Changes for google-cloud-spanner

6.92.0 (2025-04-29)

Features
  • [Internal] client-side metrics for afe latency and connectivity error (#3819) (a8dba0a)
  • Support begin with AbortedException for manager interface (#3835) (5783116)
  • Add throughput_mode to UpdateDatabaseDdlRequest to be used by Spanner Migration Tool. See https://github.com/GoogleCloudPlatform/spanner-migration-tool (3070f1d)
  • Enable AFE and gRPC metrics for DP (#3852) (203baae)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.56.2 (11bfd90)
  • deps: Update the Java code generator (gapic-generator-java) to 2.58.0 (3070f1d)
  • Remove trailing semicolons in DDL (#3879) (ca3a67d)
  • Change server timing duration attribute to float as per w3c (#3851) (da8dd8d)
  • deps: Update the Java code generator (gapic-generator-java) to 2.57.0 (23b985c)
  • Non-ASCII Unicode characters in code (#3844) (85a0820)
  • Only close and return sessions once (#3846) (32b2373)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.46.2 (#3836) (2ee7f97)

6.93.0 (2025-05-09)

  • Update dependency com.google.cloud:sdk-platform-java-config to v3.48.0 (#3869) (afa17f7)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.48.0 (#3880) (f3b00b6)
  • Update dependency com.google.cloud.opentelemetry:exporter-metrics to v0.34.0 (#3861) (676b14f)
  • Update dependency commons-io:commons-io to v2.19.0 (#3863) (80a6af8)
  • Update dependency io.opentelemetry:opentelemetry-bom to v1.50.0 (#3865) (ae63050)
  • Update googleapis/sdk-platform-java action to v2.58.0 (#3870) (d1e45fa)
  • Update opentelemetry.version to v1.50.0 (#3866) (f7e09b8)
Documentation
  • Add samples for unnamed (positional) parameters (#3849) (035cadd)

Node.js

Changes for @google-cloud/spanner

8.0.0 (2025-05-12)

⚠ BREAKING CHANGES
  • remove the arrify package (#2292)
  • migrate to Node 18 (#2271)
Features
  • Add promise based signatures for createQueryPartitions (#2284) (255d8a6)
  • Add promise based signatures on createReadPartitions (#2300) (7b8a1f7)
  • Support promise based signatures for execute method (#2301) (bb857e1)
Bug Fixes
  • deps: Update dependency @google-cloud/kms to v5 (#2289) (1ccb505)
  • deps: Update dependency @google-cloud/precise-date to v5 (#2290) (44f7575)
  • deps: Update dependency big.js to v7 (#2286) (0911297)
Miscellaneous Chores

Python

Changes for google-cloud-spanner

3.54.0 (2025-04-28)

Features
Bug Fixes
  • Improve client-side regex statement parser (#1328) (b3c259d)

3.55.0 (2025-05-28)

Features
  • Add a last field in the PartialResultSet (d532d57)
  • Add support for multiplexed sessions (#1381) (97d7268)
  • Add throughput_mode to UpdateDatabaseDdlRequest to be used by Spanner Migration Tool. See https://github.com/GoogleCloudPlatform/spanner-migration-tool (d532d57)
  • Support fine-grained permissions database roles in connect (#1338) (064d9dc)
Bug Fixes
  • E2E tracing metadata append issue (#1357) (3943885)
  • Pass through kwargs in dbapi connect (#1368) (aae8d61)
  • Remove setup.cfg configuration for creating universal wheels (#1324) (e064474)
Documentation
  • A comment for field chunked_value in message .google.spanner.v1.PartialResultSet is changed (d532d57)
  • A comment for field precommit_token in message .google.spanner.v1.PartialResultSet is changed (d532d57)
  • A comment for field precommit_token in message .google.spanner.v1.ResultSet is changed (d532d57)
  • A comment for field query_plan in message .google.spanner.v1.ResultSetStats is changed (d532d57)
  • A comment for field row_count_lower_bound in message .google.spanner.v1.ResultSetStats is changed (d532d57)
  • A comment for field row_type in message .google.spanner.v1.ResultSetMetadata is changed (d532d57)
  • A comment for field rows in message .google.spanner.v1.ResultSet is changed (d532d57)
  • A comment for field stats in message .google.spanner.v1.PartialResultSet is changed (d532d57)
  • A comment for field stats in message .google.spanner.v1.ResultSet is changed (d532d57)
  • A comment for field values in message .google.spanner.v1.PartialResultSet is changed (d532d57)
  • A comment for message ResultSetMetadata is changed (d532d57)
  • A comment for message ResultSetStats is changed (d532d57)
  • Fix markdown formatting in transactions page (#1377) (de322f8)

June 01, 2025

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.143-debian10, 2.0.143-rocky8, 2.0.143-ubuntu18
  • 2.1.91-debian11, 2.1.90-rocky8, 2.1.91-ubuntu20, 2.1.91-ubuntu20-arm
  • 2.2.59-debian12, 2.2.59-rocky9, 2.2.59-ubuntu22

Dataproc on Compute Engine: Fixed the ordering of log entries generated from clusters created with 2.2+ image versions by assigning timestamps closer to the log generation time.

May 30, 2025

Apigee X

On May 30, 2025 we released an updated version of Apigee.

Announcing the general availability of Gemini Code Assist API development features in Apigee

With this functionality, you can accelerate your API development lifecycle within VS Code using Gemini Code Assist in Apigee. This feature allows you to use natural language prompts to design, create, iterate, and manage OpenAPI specifications with the following capabilities:

  • AI-Powered API Design: Generate high-quality OpenAPI specifications from natural language prompts to the Apigee tool in Gemini Code Assist Chat, leveraging the Gemini model and the enterprise context of your API hub.
  • Effortless Iteration: Refine existing or newly generated specifications using the intuitive Gemini chat interface.
  • Integrated Testing: Quickly validate your APIs by deploying them to a local or Google Cloud-hosted mock server.
  • Streamlined Workflow: Publish your completed API specifications directly to Apigee API hub and kick-start proxy development by creating Apigee proxy bundles from your API specifications.
  • Duplicate Endpoint Detection: Proactively identify and prevent the creation of duplicate API endpoints already registered in your API hub.

For more information and usage instructions, see Designing and editing APIs, Tutorial: Use Gemini Code Assist to design, develop, and test APIs in Apigee, and Setting up Apigee API Management in Cloud Code for VS Code.

Cloud Run

For Java Cloud Run functions that use functions-framework version 1.4.0 or later, you can now use the logging class java.util.logging.Logger to add a unique execution ID to log outputs.

Cloud Run functions

For Java functions that use functions-framework version 1.4.0 or later, you can now use the logging class java.util.logging.Logger to add a unique execution ID to log outputs.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.106
  • 1.2.50
  • 2.2.50
  • 2.3.1

The support dates for Dataproc on Compute Engine image versions 2.0, 2.1, and 2.2 have been extended, as follows:

  • Image version 2.2: Supported until 03/31/2027
  • Image version 2.1: Supported until 03/31/2026
  • Image version 2.0 Supported until 09/30/2025
Google Cloud Architecture Center

Patterns for connecting other cloud service providers with Google Cloud: Added Network Connectivity Center and Hybrid NAT where relevant. Updated VPN references to only refer to HA VPN.

Google Kubernetes Engine

(2025-R22) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.33.0-gke.2248000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.30.12-gke.1086000
    • 1.31.9-gke.1005000
    • 1.33.0-gke.1868000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.12-gke.1151000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.12-gke.1151000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.33 to version 1.33.0-gke.2248000 with this release.

Regular channel

  • Version 1.32.4-gke.1106006 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.30.11-gke.1217000
    • 1.31.7-gke.1390000
    • 1.32.3-gke.1927009
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.12-gke.1033000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.31.8-gke.1045000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.32.4-gke.1106006 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.12-gke.1033000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.8-gke.1045000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.4-gke.1106006 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.30.11-gke.1131000
    • 1.31.7-gke.1212000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.11-gke.1157000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.31.7-gke.1265000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.11-gke.1157000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.7-gke.1265000 with this release.

Extended channel

  • Version 1.32.4-gke.1106006 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2703000
    • 1.27.16-gke.2810000
    • 1.28.15-gke.2169000
    • 1.28.15-gke.2287000
    • 1.29.15-gke.1240000
    • 1.29.15-gke.1395000
    • 1.30.11-gke.1217000
    • 1.31.7-gke.1390000
    • 1.32.3-gke.1927009
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2192000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2732000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2192000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.15-gke.1274000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.12-gke.1033000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.8-gke.1045000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.4-gke.1106006 with this release.

No channel

(2025-R21) Version updates

There are no version updates for 2025-R21.

The insecure kubelet read-only port (10255) is disabled by default in all new clusters that run GKE version 1.32 and later. If you created your cluster using a GKE version earlier than 1.32, we recommend that you disable the insecure kubelet read-only port. For more information see Disable the kubelet read-only port in GKE clusters.

GKE now provides insights and recommendations that help you to identify and remediate clusters where the etcd cluster state database size is approaching the limit. Implementing the recommendation helps you to keep your clusters stable and performant.

(2025-R22) Version updates

  • Version 1.32.4-gke.1106006 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2703000
    • 1.27.16-gke.2810000
    • 1.28.15-gke.2169000
    • 1.28.15-gke.2287000
    • 1.29.15-gke.1240000
    • 1.29.15-gke.1395000
    • 1.30.11-gke.1217000
    • 1.31.7-gke.1390000
    • 1.32.3-gke.1927009
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2192000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2732000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2192000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.15-gke.1274000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.12-gke.1033000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.8-gke.1045000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.4-gke.1106006 with this release.

(2025-R21) Version updates

There are no version updates for 2025-R21.

(2025-R22) Version updates

(2025-R21) Version updates

There are no version updates for 2025-R21.

(2025-R22) Version updates

  • Version 1.33.0-gke.2248000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.30.12-gke.1086000
    • 1.31.9-gke.1005000
    • 1.33.0-gke.1868000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.12-gke.1151000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.12-gke.1151000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.33 to version 1.33.0-gke.2248000 with this release.

(2025-R21) Version updates

There are no version updates for 2025-R21.

(2025-R22) Version updates

  • Version 1.32.4-gke.1106006 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.30.11-gke.1217000
    • 1.31.7-gke.1390000
    • 1.32.3-gke.1927009
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.12-gke.1033000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.31.8-gke.1045000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.32.4-gke.1106006 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.12-gke.1033000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.8-gke.1045000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.4-gke.1106006 with this release.

(2025-R21) Version updates

There are no version updates for 2025-R21.

(2025-R22) Version updates

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.30.11-gke.1131000
    • 1.31.7-gke.1212000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.11-gke.1157000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.31.7-gke.1265000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.11-gke.1157000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.7-gke.1265000 with this release.

(2025-R21) Version updates

There are no version updates for 2025-R21.

GKE now provides insights and recommendations that help you to identify and remediate clusters where the etcd cluster state database size is approaching the limit. Implementing the recommendation helps you to keep your clusters stable and performant.

May 29, 2025

AI Applications

Vertex AI Search: Adjust autocomplete settings to reduce risk of PII leaks (Public preview)

If you use either the search history or user events model for autocomplete suggestions and you have concerns about your users entering their personally identifiable information (PII) as search queries, then see Reduce the risk of returning suggestions that contain PII.

This feature is in Public preview.

AlloyDB for PostgreSQL

You can now start, stop, and restart your primary and read pool AlloyDB instances using the Google Cloud console and the Google Cloud CLI. This feature is generally available (GA).

Anthos Config Management

Addressed multiple Common Vulnerabilities and Exposures (CVEs) by updating dependencies.

Apigee Integrated Portal

On May 29, 2025 we released a new version of the Apigee integrated portal.

GA: Apigee Integrated Developer Portal Admin UI in the Google Cloud console.

This release adds the Apigee Integrated Developer Portal Admin UI from the Classic Apigee UI into the Google Cloud console.

Leveraging Google Cloud console components provides API providers and Portal Admins with a centralized platform to efficiently configure, publish, and manage your API consumer portals, eliminating the need to switch between different UIs.

No new APIs have been introduced in this release.

See Publishing overview to get started.

Apigee UI

On May 29, 2025 we announced the shutdown schedule for the Apigee Classic UI.

The Apigee Classic UI will be shutdown as of August 29, 2025.

This is the final phase of moving Apigee to the Google Cloud console. Apigee in the Google Cloud console gives you the ability to manage all of your Apigee functionality in one place.

To prepare for the shutdown of the Apigee Classic UI, familiarize yourself with the new Apigee UI in Google Cloud console by reviewing UI overview.

See Apigee Classic UI shutdown for details on shutdown dates and exception request.

Apigee X

On May 29, 2025 we announced the shutdown schedule for the Apigee Classic UI.

On May 29, 2025, we released an updated version of Apigee.

Public Preview: Apigee Extension Processor support for request and response body processing

When creating a load balancer service extension, you can customize the behavior of the extension processor proxy to support request body processing, response body processing, or a combination of the two.

For more information, see Get started with the Apigee Extension Processor.

The Apigee Classic UI will be shutdown as of August 29, 2025.

This is the final phase of moving Apigee to the Google Cloud console. Apigee in the Google Cloud console gives you the ability to manage all of your Apigee functionality in one place.

To prepare for the shutdown of the Apigee Classic UI, familiarize yourself with the new Apigee UI in Google Cloud console by reviewing UI overview.

See Apigee Classic UI shutdown for details on shutdown dates and exception request.

Apigee hybrid

On May 29, 2025 we announced the shutdown schedule for the Apigee Classic UI.

The Apigee Classic UI will be shutdown as of August 29, 2025.

This is the final phase of moving Apigee to the Google Cloud console. Apigee in the Google Cloud console gives you the ability to manage all of your Apigee functionality in one place.

To prepare for the shutdown of the Apigee Classic UI, familiarize yourself with the new Apigee UI in Google Cloud console by reviewing UI overview.

See Apigee Classic UI shutdown for details on shutdown dates and exception request.

BigQuery

You can now use the dbt-bigquery adapter to run Python code that's defined in BigQuery DataFrames. For more information, see Use BigQuery DataFrames in dbt. This feature is in preview.

You can now use your Google Account user credentials to authorize the creation, scheduling, and running of pipelines as well as the scheduling of notebooks and data preparations. For more information, see Create a pipeline schedule. This feature is in preview.

You can now create event-driven transfers when transferring data from Cloud Storage to BigQuery. Event-driven transfers can automatically trigger transfer runs when data in your Cloud Storage bucket has been modified or added. This feature is generally available (GA).

Bigtable

The Bigtable Spark connector supports Scala versions 2.12 and 2.13 in all connector versions and has been updated as follows:

Cloud Composer

The Composer Local Development CLI tool is now available in Cloud Composer 3. This tool helps to streamline testing and developing by providing local Airflow environments based on Airflow builds used by Cloud Composer 3.

Cloud Logging

You can now configure the observability scope or set the default log scope by using the Google Cloud CLI. You must use version 254.0 or higher. For more information, see Configure observability scopes and Set the default log scope.

Contact Center AI Insights

Conversational Insights offers a merged analysis, which displays the previous results of each analysis type alongside your most recent analysis result. Merged analysis eliminates the need to run every analysis multiple times.

Dataform

You can now use your Google Account user credentials to authorize the creation, scheduling, and running of pipelines, the scheduling of notebooks and data preparations, and the creation of workflow configurations. For more information, see Schedule runs. This feature is in preview.

Google Cloud Managed Service for Apache Kafka

Public preview: Google Managed Service for Apache Kafka now offers schema registry support. For more information about the feature, see the schema registry overview or get started with an Avro producer in Java.

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • AIX system (AIX_SYSTEM)
  • Akamai WAF (AKAMAI_WAF)
  • Apache (APACHE)
  • Appian Cloud (APPIAN_CLOUD)
  • Auth0 (AUTH_ZERO)
  • AWS CloudFront (AWS_CLOUDFRONT)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS GuardDuty (GUARDDUTY)
  • AWS Macie (AWS_MACIE)
  • AWS Session Manager (AWS_SESSION_MANAGER)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • AWS VPC Flow (CSV) (AWS_VPC_FLOW_CSV)
  • Azure AD (AZURE_AD)
  • Azure AD Organizational Context (AZURE_AD_CONTEXT)
  • Azure Firewall (AZURE_FIREWALL)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Barracuda Firewall (BARRACUDA_FIREWALL)
  • BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
  • BIND (BIND_DNS)
  • Bitdefender (BITDEFENDER)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Brocade Switch (BROCADE_SWITCH)
  • Carbon Black (CB_EDR)
  • CircleCI (CIRCLECI)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco ISE (CISCO_ISE)
  • Cisco NX-OS (CISCO_NX_OS)
  • Cisco Prime (CISCO_PRIME)
  • Cisco Switch (CISCO_SWITCH)
  • Cisco Unity Connection (CISCO_UNITY_CONNECTION)
  • Cloud Audit Logs (N/A)
  • CrowdStrike Alerts API (CS_ALERTS)
  • CrowdStrike Falcon (CS_EDR)
  • CyberArk Endpoint Privilege Manager (EPM) (CYBERARK_EPM)
  • CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
  • Cylance Protect (CYLANCE_PROTECT)
  • Darktrace (DARKTRACE)
  • Dell OpenManage (DELL_OPENMANAGE)
  • EfficientIP DDI (EFFICIENTIP_DDI)
  • Elastic Defend (ELASTIC_DEFEND)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • ExtraHop RevealX (EXTRAHOP)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • F5 DNS (F5_DNS)
  • Fastly WAF (FASTLY_WAF)
  • FireEye HX (FIREEYE_HX)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet FortiAuthenticator (FORTINET_FORTIAUTHENTICATOR)
  • Fortinet FortiNAC (FORTINET_FORTINAC)
  • Fortinet Web Application Firewall (FORTINET_FORTIWEB)
  • GitHub (GITHUB)
  • Gitlab (GITLAB)
  • HP Aruba (ClearPass) (CLEARPASS)
  • Ipswitch SFTP (IPSWITCH_SFTP)
  • Juniper (JUNIPER_FIREWALL)
  • Linux Auditing System (AuditD) (AUDITD)
  • ManageEngine ADManager Plus (ADMANAGER_PLUS)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • Microsoft AD FS (ADFS)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY)
  • Microsoft IIS (IIS)
  • Microsoft PowerShell (POWERSHELL)
  • Netskope Web Proxy (NETSKOPE_WEBPROXY)
  • Nokia Router (NOKIA_ROUTER)
  • Office 365 (OFFICE_365)
  • Oracle (ORACLE_DB)
  • Palo Alto Cortex XDR Events (PAN_CORTEX_XDR_EVENTS)
  • Palo Alto Prisma Access (PAN_CASB)
  • Ping Federate (PING_FEDERATE)
  • Ping Identity (PING)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • ServiceNow Audit (SERVICENOW_AUDIT)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Symantec DLP (SYMANTEC_DLP)
  • Symantec Security Analytics (SYMANTEC_SA)
  • Sysdig (SYSDIG)
  • Tanium Question (TANIUM_QUESTION)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • Trend Micro Vision One Workbench (TRENDMICRO_VISION_ONE_WORKBENCH)
  • TrendMicro Deep Discovery Inspector (TRENDMICRO_DDI)
  • VanDyke SFTP (VANDYKE_SFTP)
  • Vectra Detect (VECTRA_DETECT)
  • Vectra Stream (VECTRA_STREAM)
  • Vectra XDR (VECTRA_XDR)
  • VMware ESXi (VMWARE_ESX)
  • VMWare VSphere (VMWARE_VSPHERE)
  • WatchGuard (WATCHGUARD)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Zscaler (ZSCALER_WEBPROXY)
  • Zscaler CASB (ZSCALER_CASB)
  • Zscaler DLP (ZSCALER_DLP)
  • ZScaler DNS (ZSCALER_DNS)
  • Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
  • ZScaler NGFW (ZSCALER_FIREWALL)
  • Zscaler Private Access (ZSCALER_ZPA)
  • Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)
  • Zscaler Tunnel (ZSCALER_TUNNEL)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Azure App Configuration (AZURE_APPCONFIGURATION)
  • Azure App Platform (AZURE_APPPLATFORM)
  • Azure ArcData (AZURE_ARCDATA)
  • Azure Authorization (AZURE_AUTHORIZATION)
  • Azure Change Analysis (AZURE_CHANGEANALYSIS)
  • Azure DataFactory (AZURE_DATAFACTORY)
  • Doppel (DOPPEL)
  • Genian NAC (GENIAN_NAC)
  • Penta Security Wapples (PENTA_WAPPLES)
  • Redmine (REDMINE)
  • S2W Quaxar (S2W_QUAXAR)
  • SecurityBridge Dev (SECURITYBRIDGE_DEV)
  • TeamT5 ThreatSonar EDR (TEAMT5_THREATSONAR_EDR)
  • WorkDay User Sign In (WORKDAY_USER_SIGNIN)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • AIX system (AIX_SYSTEM)
  • Akamai WAF (AKAMAI_WAF)
  • Apache (APACHE)
  • Appian Cloud (APPIAN_CLOUD)
  • Auth0 (AUTH_ZERO)
  • AWS CloudFront (AWS_CLOUDFRONT)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS GuardDuty (GUARDDUTY)
  • AWS Macie (AWS_MACIE)
  • AWS Session Manager (AWS_SESSION_MANAGER)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • AWS VPC Flow (CSV) (AWS_VPC_FLOW_CSV)
  • Azure AD (AZURE_AD)
  • Azure AD Organizational Context (AZURE_AD_CONTEXT)
  • Azure Firewall (AZURE_FIREWALL)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Barracuda Firewall (BARRACUDA_FIREWALL)
  • BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
  • BIND (BIND_DNS)
  • Bitdefender (BITDEFENDER)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Brocade Switch (BROCADE_SWITCH)
  • Carbon Black (CB_EDR)
  • CircleCI (CIRCLECI)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco ISE (CISCO_ISE)
  • Cisco NX-OS (CISCO_NX_OS)
  • Cisco Prime (CISCO_PRIME)
  • Cisco Switch (CISCO_SWITCH)
  • Cisco Unity Connection (CISCO_UNITY_CONNECTION)
  • Cloud Audit Logs (N/A)
  • CrowdStrike Alerts API (CS_ALERTS)
  • CrowdStrike Falcon (CS_EDR)
  • CyberArk Endpoint Privilege Manager (EPM) (CYBERARK_EPM)
  • CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
  • Cylance Protect (CYLANCE_PROTECT)
  • Darktrace (DARKTRACE)
  • Dell OpenManage (DELL_OPENMANAGE)
  • EfficientIP DDI (EFFICIENTIP_DDI)
  • Elastic Defend (ELASTIC_DEFEND)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • ExtraHop RevealX (EXTRAHOP)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • F5 DNS (F5_DNS)
  • Fastly WAF (FASTLY_WAF)
  • FireEye HX (FIREEYE_HX)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet FortiAuthenticator (FORTINET_FORTIAUTHENTICATOR)
  • Fortinet FortiNAC (FORTINET_FORTINAC)
  • Fortinet Web Application Firewall (FORTINET_FORTIWEB)
  • GitHub (GITHUB)
  • Gitlab (GITLAB)
  • HP Aruba (ClearPass) (CLEARPASS)
  • Ipswitch SFTP (IPSWITCH_SFTP)
  • Juniper (JUNIPER_FIREWALL)
  • Linux Auditing System (AuditD) (AUDITD)
  • ManageEngine ADManager Plus (ADMANAGER_PLUS)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • Microsoft AD FS (ADFS)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY)
  • Microsoft IIS (IIS)
  • Microsoft PowerShell (POWERSHELL)
  • Netskope Web Proxy (NETSKOPE_WEBPROXY)
  • Nokia Router (NOKIA_ROUTER)
  • Office 365 (OFFICE_365)
  • Oracle (ORACLE_DB)
  • Palo Alto Cortex XDR Events (PAN_CORTEX_XDR_EVENTS)
  • Palo Alto Prisma Access (PAN_CASB)
  • Ping Federate (PING_FEDERATE)
  • Ping Identity (PING)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • ServiceNow Audit (SERVICENOW_AUDIT)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Symantec DLP (SYMANTEC_DLP)
  • Symantec Security Analytics (SYMANTEC_SA)
  • Sysdig (SYSDIG)
  • Tanium Question (TANIUM_QUESTION)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • Trend Micro Vision One Workbench (TRENDMICRO_VISION_ONE_WORKBENCH)
  • TrendMicro Deep Discovery Inspector (TRENDMICRO_DDI)
  • VanDyke SFTP (VANDYKE_SFTP)
  • Vectra Detect (VECTRA_DETECT)
  • Vectra Stream (VECTRA_STREAM)
  • Vectra XDR (VECTRA_XDR)
  • VMware ESXi (VMWARE_ESX)
  • VMWare VSphere (VMWARE_VSPHERE)
  • WatchGuard (WATCHGUARD)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Zscaler (ZSCALER_WEBPROXY)
  • Zscaler CASB (ZSCALER_CASB)
  • Zscaler DLP (ZSCALER_DLP)
  • ZScaler DNS (ZSCALER_DNS)
  • Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
  • ZScaler NGFW (ZSCALER_FIREWALL)
  • Zscaler Private Access (ZSCALER_ZPA)
  • Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)
  • Zscaler Tunnel (ZSCALER_TUNNEL)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Azure App Configuration (AZURE_APPCONFIGURATION)
  • Azure App Platform (AZURE_APPPLATFORM)
  • Azure ArcData (AZURE_ARCDATA)
  • Azure Authorization (AZURE_AUTHORIZATION)
  • Azure Change Analysis (AZURE_CHANGEANALYSIS)
  • Azure DataFactory (AZURE_DATAFACTORY)
  • Doppel (DOPPEL)
  • Genian NAC (GENIAN_NAC)
  • Penta Security Wapples (PENTA_WAPPLES)
  • Redmine (REDMINE)
  • S2W Quaxar (S2W_QUAXAR)
  • SecurityBridge Dev (SECURITYBRIDGE_DEV)
  • TeamT5 ThreatSonar EDR (TEAMT5_THREATSONAR_EDR)
  • WorkDay User Sign In (WORKDAY_USER_SIGNIN)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Looker Studio

Pro feature: Code Interpreter is enabled by default

The Code Interpreter for Conversational Analytics is now enabled by default when the Gemini in Looker and Trusted Tester features settings are enabled for the Google Cloud project that is associated with a Looker Studio Pro subscription. The Code Interpreter in Conversational Analytics is a Preview feature that translates your natural language questions into Python code and executes that code to provide advanced analysis and visualizations.

Looker Studio users with the appropriate permissions can manage enablement on the Gemini in Looker page under User Settings.

Security Command Center

Domain tagging for toxic combinations and chokepoints has been improved to be more precise. The following filters are available for issues:

  • CVE Vulnerabilities
  • Identity
  • Data
  • AI Security

May 28, 2025

Anti Money Laundering AI

A new minor engine version is available for Retail and Commercial lines of business, within the v3 tuning version and first v4 major version. These engine versions fix a known issue where prediction results may occasionally contain duplicate entries.

BigQuery

Column metadata indexing is now available for both BigQuery tables and external tables. This feature is generally available (GA).

Cloud Run

Multiple regions now benefit from enhanced responsiveness for latency-sensitive applications for Cloud Run service URLs.

Cloud SQL for SQL Server

Cloud SQL for SQL Server now offers the maximum server memory recommender.

Database instances running with an allocation of memory that's either too low or too high might experience performance issues.

The max server memory (mb) flag limits the amount of memory that Cloud SQL can allocate for its internal pools. You can manually set a value for this flag, or omit the flag and let Cloud SQL manage memory limits for you automatically.

For more information, see Optimize maximum server memory usage.

Colab Enterprise

Python 3.11 is now available in Colab Enterprise. Existing runtimes and runtime templates will remain using Python 3.10. For more information, see Python versions.

When you create a runtime template, you can now configure it to use the latest Python version available to Colab Enterprise, or you can specify the Python version. Using Latest is a new option that means when a new version of Python is introduced to Colab Enterprise, runtimes that you create will use the latest Python version.

Existing runtime templates and runtimes remain using their current Python version (Python 3.10). This includes existing auto-generated default runtime templates. To create default runtime templates that use Latest, you must do one of the following:

  • Delete the existing default runtime templates. Then, when a new default runtime template is created, the Python version will be set to Latest.
  • Change a runtime template's Python version by using the REST API.
Dataform

You can now use strict act-as mode to enable an additional security check for certain user actions in Dataform. For more information, see Use strict act-as mode. This feature is in preview.

Dataproc

Announcing the General Availability release of Spark on BigQuery, which lets you create a serverless Spark session in a BigQuery Studio notebook. Use this feature to create, run, and test Spark jobs quickly and easily. For more information, see Run PySpark code in BigQuery Studio notebooks.

New Dataproc Serverless for Spark runtime versions:

  • 1.1.105
  • 1.2.49
  • 2.2.49
  • 2.3.0

Announcing the General Availability (GA) release of Dataproc Serverless for Spark runtime versions 2.3, which include the following components:

  • Spark 3.5.1
  • BigQuery Spark Connector 0.42.3
  • Cloud Storage Connector 3.1.2
  • Java 17
  • Python 3.11
  • R 4.3
  • Scala 2.13
Gemini Code Assist

Manage files and folders in the Context Drawer

You can now view and manage files and folders requested to be included in Gemini Code Assist's context, using the Context Drawer. After you specify a file or folder to be used as context for your Gemini Code Assist prompts, these files and folders are placed in the Context Drawer, where you can review and remove them from the prompt context.

This gives you more control over which information Gemini Code Assist considers when responding to your prompts.

Context Drawer for Gemini Code Assist for VS Code

Google Cloud Architecture Center

AI and ML perspective: Cost optimization: Major update to expand the cost optimization recommendations in the AI and ML perspective.

Google Cloud Contact Center as a Service

Headless web SDK 3.6.5 is released

This release does the following:

  • Fixes an issue where duplicate messages from the virtual assistant appeared in the end-user's chat pane.

  • Fixes an issue where end-users were able to reactivate inactive chats outside of operating hours.

  • Fixes an issue with data collection forms, where the SDK timed out during the form server's first load attempt, causing a delay in the appearance of the form in the end-user's chat pane.

Google SecOps Marketplace

New Nmap integration

Mandiant Threat Intelligence: Version 13.0

  • Updated entity processing in the following action:

    • Enrich Entities

Microsoft 365 Defender: Version 21.0

  • Added more transparency around Microsoft Sentinel and Microsoft Defender For Cloud alerts. You can now provide microsoftSentinel and microsoftDefenderForCloud as the Service Source in the following connector:
    • Microsoft 365 Defender - Incidents Connector

Office 365 CloudApp Security: Version 22.0

  • Updated processing of the input parameters in the following actions:

    • Bulk Resolve Alert
    • Close Alert
    • Dismiss Alert

Sophos: Version 17.0

  • Updated the logic of entity processing in the following actions:
    • Isolate Endpoint
    • Unisolate Endpoint

Trend Vision One: Version 5.0

  • Updated the logic for processing alerts in the following connector:
    • Trend Vision One - Workbench Alerts
Identity and Access Management

Workforce Identity Federation supports detailed audit logging, which you can use to troubleshoot attribute mapping issues. This feature is generally available.

Security Command Center

Model Armor enhancements

Virtual Private Cloud

You can assign IPv6 bring your own IP (BYOIP) addresses to a subnet's external address range. These subnet ranges can only be used by VM instances, either as ephemeral or reserved addresses. To reserve addresses from these ranges, create a static regional external IPv6 address with the VM endpoint type. This feature is available in General Availability.

For more information, see Create and use IPv6 sub-prefixes.

May 27, 2025

AlloyDB Omni

The AlloyDB Omni Kubernetes operator version 1.4.1 is generally available (GA) and includes the following bug fixes:

  • Fix for overriding replication related parameters. This fix lets you override the wal_keep_size value. For more information, see Work with cross-data-center replication. This fix requires database version 15.7.1 or later.
  • 63-character DBCluster names are supported, which lets you define clearer and more descriptive cluster names.
  • Various bug fixes are implemented to enhance stability and the user experience.
AlloyDB for PostgreSQL

The AlloyDB Omni Kubernetes operator version 1.4.1 is generally available (GA) and includes the following bug fixes:

  • Fix for overriding replication related parameters. This fix lets you override the wal_keep_size value. For more information, see Work with cross-data-center replication. This fix requires database version 15.7.1 or later.
  • 63-character DBCluster names are supported, which lets you define clearer and more descriptive cluster names.
  • Various bug fixes are implemented to enhance stability and the user experience.
Apigee Advanced API Security

On May 27, 2025 we released an updated version of Apigee Advanced API Security.

With this release, Advanced API Security expands its runtime region support to include africa-south1 (Johannesburg).

For a list of supported regions, see Apigee locations.

BigQuery

You can now share Pub/Sub streaming data through BigQuery sharing with additional client libraries support and provider usage metrics. This feature is generally available (GA).

BigQuery offers optional job creation mode to speed up small queries that you use in your dashboards, data exploration, and other workflows. This mode automatically optimizes eligible queries and uses a cache to improve latency. This feature is generally available (GA).

Bigtable

You can delete logical and continuous materialized views in the Google Cloud console. For more information, see Delete a logical view or Delete a continuous materialized view.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Cloud DNS
    • dns.googleapis.com/ResourceRecordSet
    • dns.googleapis.com/ResponsePolicy
    • dns.googleapis.com/ResponsePolicyRule

The following resource types are now publicly available through the Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Eventarc
    • eventarc.googleapis.com/Enrollment
    • eventarc.googleapis.com/GoogleApiSource
    • eventarc.googleapis.com/MessageBus
    • eventarc.googleapis.com/Pipeline
Cloud Build

You can now create build triggers that build from repositories connected to Developer Connect.

Cloud Healthcare API

The Healthcare Natural Language API is deprecated and will be shut down on May 27, 2026. For more information, see Deprecations.

Cloud Trace

Learn how to instrument your generative AI applications by using OpenTelemetry and the LangGraph framework to collect information about the actions taken by your AI agent. You can view generative AI events by using the Trace Explorer:

Container Optimized OS

cos-121-18867-90-32

Kernel Docker Containerd GPU Drivers
COS-6.6.87 v27.5.1 v2.0.4 See List

Support NVIDIA MFT Tools on COS.

Inject IMEX channel char device for GB200 GPUs.

Fixed CVE-2025-46836 in sys-apps/net-tools.

Fixed CVE-20250-3198 in sys-libs/bintuils-libs.

Fixed KCTF-b3bf8f6 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811834 -> 811792

cos-117-18613-263-19

Kernel Docker Containerd GPU Drivers
COS-6.6.87 v24.0.9 v1.7.27 See List

Support NVIDIA MFT Tools on COS.

Inject IMEX channel char device for GB200 GPUs.

Fixed CVE-2025-46836 in sys-apps/net-tools.

Fixed CVE-20250-3198 in sys-libs/bintuils-libs.

Fixed KCTF-b3bf8f6 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811793 -> 811830

cos-113-18244-382-22

Kernel Docker Containerd GPU Drivers
COS-6.1.134 v24.0.9 v1.7.27 See List

Support NVIDIA MFT Tools on COS.

Fixed CVE-2025-46836 in sys-apps/net-tools.

Fixed CVE-20250-3198 in sys-libs/bintuils-libs.

Fixed KCTF-b3bf8f6 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812054 -> 812045

cos-109-17800-519-12

Kernel Docker Containerd GPU Drivers
COS-6.1.135 v24.0.9 v1.7.27 See List

Support NVIDIA MFT Tools on COS.

Fixed CVE-2025-46836 in sys-apps/net-tools.

Fixed CVE-20250-3198 in sys-libs/bintuils-libs.

Runtime sysctl changes:

  • Changed: fs.file-max: 812270 -> 812274

Filestore

You can now use the Filestore CSI driver to create Filestore instances with the NFSv4.1 protocol from the Google Kubernetes Engine (GKE) cluster. This feature is available for zonal, regional, and enterprise service tiers.

Google Cloud Contact Center as a Service

Version 3.35 is released

All release notes published on this date are part of version 3.35.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

QM integration now includes chat session events

You can now export chat session events to an external quality management (QM) system. After you configure the endpoint of your QM system in Google Cloud CCaaS, your chat session events can be streamed to the endpoint in real time.

User experience change:

  • The QM Integration dialog at Settings > Developer Settings > Session Data Export > QM Integration has a new QM Chat Events - send chat sessions events checkbox.

For more information, see QM, SIPREC, and WFM integration.

Remove email subject lines from interaction data

We now support removing email subject lines when you delete interaction data from your instance for specified end-users. The email subjects are removed when you delete data for an end-user in the Consumer Privacy dialog at Settings > Consumer Management > Consumer Privacy. To completely remove an end-user's data, you must also delete their emails from your mail server. You must also delete chat transcripts, call recordings, and other session-related files from your CRM or external storage, depending on your configuration.

For more information, see Remove subject lines from end-user email interactions.

New sender email with auto-response emails

You can now configure an outbound-only email address and use it as the sender address for auto-response emails. The outbound-only address is a "no-reply" email address that prevents the receiver from responding.

User experience changes:

  • The Auto-response dialog at Settings > Queue > Email > [your-email-queue] > Auto-response has a new Sender email field.
  • The Add an email dialog at Settings > Developer Settings > Email Account Management > Email account list > Add email account has a new This is an outbound only email account checkbox.

For more information, see Configure an outbound-only email account and Configure an auto-response email.

Include images in outbound emails

You can now include images in outbound emails. This includes emails from an agent in an email session and outbound auto-response emails.

User experience change:

  • The Auto-response dialog at Settings > Queue > Email > [your-email-queue] > Auto-response has a new Insert Image button.
  • The email adapter has a new Insert Image button.

For more information, see Agent email adapter and Configure an auto-response email.

The following issues were addressed in this release:

  • Fixed an issue where calls were were being logged as Call with unknown contact in HubSpot instead of under the correct contact name.
  • Fixed an issue where the client secret couldn't be saved when a user attempted to set up authentication (using either basic authentication or OAuth) for a custom CRM with the Generic API CRM lookup method.
  • Fixed an issue where the setup dialog for Find an account by query endpoint could not be reached due to an authentication error when configuring OAuth for a custom CRM.
  • Fixed an issue where calls were being passed to a custom CRM with the incorrect phone number format.
  • Fixed an issue for ServiceNow users where records were created for outbound calls despite the agent selecting Do not create a record in the call adapter.
  • Fixed an issue where a queue did not have access to the global contact list even though it was configured to have access to it.
  • Fixed an issue where the Directory tab didn't appear when an agent was transferring a call.
  • Fixed an issue where the Voice Campaign checkbox didn't appear for Select Call Types in the Create Reports pane, despite the user having the appropriate report access permissions.
  • Fixed an issue where agent extension deflection recordings didn't upload after appearing to be successfully uploaded.
  • Fixed an issue that occurred when the @{NEXT_REOPEN_HOUR} dynamic variable was put in the Message field for After Hour Messaging in the Web & Mobile Messages pane. The variable always resolved as the next time the chat queue opened on the following day. This happened even when the next time the chat queue opened was on the current day.
  • Fixed an issue that occurred when an end-user on the global contact list placed an inbound call to a queue with access to the global contact list turned off. The agent adapter displayed the destination name of the caller, despite access to the global contact list being turned off.
  • Extended the search conditions for the Directory tab in the agent adapter to include search by an extension number.
  • Fixed an issue where the "next open hours" message was incorrect when a chat ended after midnight.
  • Fixed an issue where the call transcript failed to continue after an agent returned from hold.
  • Fixed an issue where the default disposition list appeared in the agent adapter instead of the custom disposition list, which was configured to appear.
  • Fixed an issue where a user with a manager role received a "Not Authorized" error when attempting to use the Operation Management and Disposition Codes pages.
  • Fixed an issue where the failReason and afterHours fields in the session metadata file were incorrect for chats that failed because they were attempted after hours.
  • Fixed an issue where the Assign agents button wasn't working for custom after hours deflection and automatic redirection.
  • Fixed an issue where the client secret was not saved when configuring OAuth for a custom CRM.
  • Fixed an issue where calling the current queue status endpoint of the Manager API intermittently returned a 404 error.
  • Fixed an issue where the wrong disposition code list appeared for an agent after transferring a chat to an agent in a different queue.
  • Fixed an issue where chat shortcuts were not working in the agent adapter for mobile chats.
  • Fixed issues where agents were unable to successfully move beyond the wrap-up state to handle the next call.
Google Kubernetes Engine

In GKE version 1.32.2-gke.1297000 and later, you can run GPU workloads on Confidential GKE Nodes with the A3 High machine type and NVIDIA H100 GPUs. This enables stronger data protection and integrity for GPU-accelerated computations running within GKE clusters and nodes. This feature is available in Preview. For more information, see Encrypt GPU workload data in use with Confidential GKE Nodes.

In GKE version 1.32.2-gke.1297000 and later, you can use the Intel TDX and AMD SEV-SNP Confidential Computing technologies with Confidential GKE Nodes. This feature is in General Availability. Use Confidential GKE Nodes to encrypt your workload data in-use through Compute Engine Confidential VMs for data and code confidentiality and integrity. For more information, see Encrypt workload data in-use with Confidential GKE Nodes.

In GKE version 1.32.2-gke.1297000 and later, you can run GPU workloads on Confidential GKE Nodes with the A3 High machine type and NVIDIA H100 GPUs. This enables stronger data protection and integrity for GPU-accelerated computations running within GKE clusters and nodes. This feature is available in Preview. For more information, see Encrypt GPU workload data in use with Confidential GKE Nodes.

In GKE version 1.32.2-gke.1297000 and later, you can use the Intel TDX and AMD SEV-SNP Confidential Computing technologies with Confidential GKE Nodes. This feature is in General Availability. Use Confidential GKE Nodes to encrypt your workload data in-use through Compute Engine Confidential VMs for data and code confidentiality and integrity. For more information, see Encrypt workload data in-use with Confidential GKE Nodes.

Policy Controller

Policy Controller version 1.20.3 is now available.

Security Command Center

Enhanced data residency support in the European Union and United States is in General Availability.

Spanner

Spanner now supports cross regional federated queries from BigQuery, which allows BigQuery users to query Spanner tables from regions other than their BigQuery region. Users will not incur any Spanner network egress charges during the preview period. This feature is in Preview.

May 26, 2025

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.50.1 (2025-05-16)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.48.0 (#3790) (206f06d)
  • Update netty.version to v4.2.1.final (#3780) (6dcd858)
Documentation
  • bigquery: Update TableResult.getTotalRows() docstring (#3785) (6483588)

Python

Changes for google-cloud-bigquery

3.33.0 (2025-05-19)

Features
  • Add ability to set autodetect_schema query param in update_table (#2171) (57f940d)
  • Add dtype parameters to to_geodataframe functions (#2176) (ebfd0a8)
  • Support job reservation (#2186) (cb646ce)
Bug Fixes
  • Ensure AccessEntry equality and repr uses the correct entity_type (#2182) (0217637)
  • Ensure SchemaField.field_dtype returns a string (#2188) (7ec2848)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigtable

2.31.0 (2025-05-22)

Features
  • Add deletion_protection support for logical views (#1108) (c6d384d)
  • Support authorized views (#1034) (97a0198)
  • Return an updated error on invalid metadata response (#1107) (2642317)
Bug Fixes
  • Re-add py-typed file for the Bigtable package (#1085) (0c322c7)
Cloud Composer

(Cloud Composer 3) New metrics that show the number of active Airflow components are now available for Cloud Composer 3 environments:

  • The number of active schedulers
  • The number of active DAG processors
  • The number of active triggerers
  • The number of active web servers

(Cloud Composer 3) It's now possible to override the default scopes of access tokens in all regions supported by Cloud Composer 3. This fix was announced previously and has finished gradually rolling out.

(Airflow 2.10.5 and 2.9.3) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 10.4.2 from version 10.1.0.

New images are available in Cloud Composer 2:

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.22.4 (2025-05-20)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.58.0 (45b4878)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.48.0 (#1808) (6327c51)
  • Update googleapis/sdk-platform-java action to v2.58.0 (#1806) (b94da77)
Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.52.3 (2025-05-19)

Bug Fixes
  • Update grpc client side metrics detection to be graceful when not running on gcp (#3097) (10cd32d)
Dependencies
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20250509-2.0.0 (#3103) (1fd1090)
  • Update sdk-platform-java dependencies (#3102) (3b53b94)
Compute Engine

Generally Available: A3 Ultra accelerator-optimized machine types are now available in the following additional regions and zones:

APAC

  • Mumbai, India: asia-south1-b
  • Delhi, India: asia-south2-c

Europe:

  • St. Ghislain, Belgium: europe-west1-b
  • Eemshaven, Netherlands: europe-west4-b

North America:

  • Council Bluffs, Iowa: us-central1-b
  • Moncks Corner, South Carolina: us-east1-d
  • Ashburn, Virginia,: us-east4-b
  • The Dalles, Oregon: us-west1-c
  • Dallas, Texas: us-south1-b

For a complete list of A3 Ultra regions and zones, see GPU regions and zones.

Datastream

Datastream now supports MongoDB as a source. The feature is in Preview.

For more information, see the Datastream documentation.

Google SecOps

New Storage Transfer Service (STS) based feeds

This feature is currently in Preview.

Existing tenants are now able to create new feeds using STS, whereas existing feeds will remain unaffected. Customers will be separately notified about the required steps and timelines for the migration of existing feeds to STS. The following new feeds are available:

  • GOOGLE_CLOUD_STORAGE_V2
  • GOOGLE_CLOUD_STORAGE_EVENT_DRIVEN
  • AMAZON_S3_V2
  • AMAZON_SQS_V2
  • AZURE_BLOBSTORE_V2

The following feed types are replaced by the new STS-based feeds:

  • GOOGLE_CLOUD_STORAGE replaced by GOOGLE_CLOUD_STORAGE_V2
  • AMAZON_S3 replaced by AMAZON_S3_V2
  • AMAZON_SQS replaced by AMAZON_SQS_V2
  • AZURE_BLOBSTORE replaced by AZURE_BLOBSTORE_V2

For more information, see Storage Transfer Service and its benefits and Configuration by source type.

Google SecOps SIEM

New Storage Transfer Service (STS) based feeds

This feature is currently in Preview.

Existing tenants are now able to create new feeds using STS, whereas existing feeds will remain unaffected. Customers will be separately notified about the required steps and timelines for the migration of existing feeds to STS. The following new feeds are available:

  • GOOGLE_CLOUD_STORAGE_V2
  • GOOGLE_CLOUD_STORAGE_EVENT_DRIVEN
  • AMAZON_S3_V2
  • AMAZON_SQS_V2
  • AZURE_BLOBSTORE_V2

The following feed types are replaced by the new STS-based feeds:

  • GOOGLE_CLOUD_STORAGE replaced by GOOGLE_CLOUD_STORAGE_V2
  • AMAZON_S3 replaced by AMAZON_S3_V2
  • AMAZON_SQS replaced by AMAZON_SQS_V2
  • AZURE_BLOBSTORE replaced by AZURE_BLOBSTORE_V2

For more information, see Storage Transfer Service and its benefits and Configuration by source type.

NetApp Volumes

The Flex service level now supports auto-tiering feature in Preview, and available only for custom-performance Flex zonal pools. For more information, see Manage auto-tiering.

The cross-region backup vaults feature is now generally available. For more information, see Backup vaults.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

{: track-name='go'} ### Changes for pubsub/apiv1 This is an alpha release for the Pub/Sub v2 library and should not be used for production.
Spanner

Efficient backup copying is now enabled for incremental backups. When you copy an incremental backup, Spanner also copies all the older backups in the chain required to restore the copied backup. If the destination instance already contains a backup chain that ends with an older backup copied from the same source chain, Spanner now avoids creating redundant copies of existing backups to save storage and network costs. Spanner copies only the incremental backup and any older backups not present in the destination chain, and appends these backups to the existing chain.

While Spanner aims to avoid redundant copies, in rare situations, Spanner might need to copy all the older backups in the chain, even if previously copied backups already exist in the destination instance.

For more information, see Incremental backups.

May 25, 2025

Google SecOps SOAR

Release 6.3.46 is now available for all regions.