Google Cloud release notes

Dynamic thread scaling is generally available (GA). Dynamic thread scaling is a part of Dataflow's suite of vertical scaling features.

FEATURE

Release 1.14.7

Anthos clusters on bare metal 1.14.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.7 runs on Kubernetes 1.25.

Cloud Composer 2 is now available in Paris (europe-west9).

The global external HTTP(S) load balancer now supports a configurable client HTTP Keepalive Timeout. The client HTTP keepalive timeout represents the maximum amount of time that a TCP connection can be idle between the (downstream) client and the target HTTP/S proxy.

For details, see

• Client HTTP keepalive timeout
• Update client HTTP keepalive timeout.

This capability is available in General Availability.

Generally available: You can modify the description, schedule frequency, retention policy, or labels for a snapshot schedule instead of creating a new snapshot schedule. For more information, see Change a snapshot schedule.

When you run multiple SDK processes on a shared Dataflow GPU, you can improve GPU efficiency and utilization by enabling the NVIDIA Multi-Process Service (MPS).

Kubernetes control plane logs and Kubernetes control plane metrics are now available for GKE Autopilot clusters with control plane version 1.22.0 and later and 1.22.13 and later, respectively. You can now configure Autopilot cluster to export logs and certain metrics emitted by the Kubernetes API server, scheduler, and controller manager to Cloud Logging and Cloud Monitoring.

Event-driven transfers are now generally available (GA).

Event-driven transfers provide serverless, real-time replication from AWS S3 to Cloud Storage, and between Cloud Storage buckets. With this new capability, you can accelerate your event-driven analytics pipeline, enable automatic replication across Cloud Storage buckets, create a backup copy of data in a different region or project, or perform live migration.

Learn more about Event-driven transfers.

Public preview of Apigee gRPC passthrough

Apigee's new gRPC proxy passthrough functionality provides the ability to create proxies which receive gRPC client requests and pass them through to a gRPC target server.

For information, see Creating gRPC API proxies.

The following Assured Workloads compliance programs now support Certificate Authority Service:

• Australia Regions with Assured Support
• Canada Regions and Support
• Canada Protected B
• Israel Regions and Support
• US Regions and Support

See supported products for more information.

Cloud Bigtable is available in the europe-west12 (Turin) and me-central1 (Doha) regions. For more information, see Bigtable locations.

Internal passthrough Network Load Balancer now supports load-balancing for TCP, UDP, ICMP, ICMPv6, SCTP, ESP, AH, and GRE protocols. To handle multiple protocol traffic, you set the load balancer's forwarding rule protocol to L3_DEFAULT and set the backend service protocol to UNSPECIFIED.

For details, see:

Set up an internal passthrough Network Load Balancer with VM instance group backends for multiple protocols

This feature is available in Preview.

Preview: You can now use SSH-in-browser to connect to TPU VMs.

Added a new Experimental Feature ConfigConnectorAlphaResources that manages the installation and upgrade of Config Connector v1alpha1 CRDs.

You can use the gcloud CLI version 438.0.0 or above to leverage this feature.

To create a Config Controller instance with the feature, run the following command:

gcloud alpha anthos config controller create ${NAME} \
    --location ${LOCATION} \
    --experimental-features ConfigConnectorAlphaResources

To update an existing Config Controller to enable the feature, run the following command:

gcloud alpha anthos config controller update ${NAME} \
    --location ${LOCATION} \
    --experimental-features ConfigConnectorAlphaResources

You can now create delivery pipelines, targets, and releases using the Google Cloud console.

You can now configure routeUpdateWaitTime for HTTPRoute resource propagation with GKE/Anthos Gateway API canary deployment.

GKE Autopilot supports extended duration Pods from 1.27 or later with the cluster-autoscaler.kubernetes.io/safe-to-evict=false annotation. To learn more, see how to extend the run time of Autopilot Pods.

Access Approval supports AlloyDB for PostgreSQL in the Preview stage.

Cloud Workstations is available in the europe-west12 region (Turin, Italy, Europe). For more information, see Locations.

Generally available: NVIDIA T4 GPUs are now available in the following additional regions and zones:

• Salt Lake City: us-west3-b

For more information about using GPUs on Compute Engine, see GPU platforms.

Anthos clusters on VMware 1.13.10-gke.42 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.10-gke.42 runs on Kubernetes 1.24.14-gke.2100.

Release 1.15.3

Anthos clusters on bare metal 1.15.3 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.15.3 runs on Kubernetes 1.26.

Anthos clusters on bare metal 1.15.3 supports adding the gkeOnPremAPI section to your admin and user cluster configuration files to enroll the clusters in the Anthos On-Prem API. Enrolling the clusters in the Anthos On-Prem API lets you upgrade admin and user clusters using the Google Cloud console or the Google Cloud CLI.

Connector Event triggers (Preview)

Application Integration introduces Connector Event triggers; specialized triggers that let you invoke an integration based on the event subscriptions created in various business applications using Integration Connectors.

The following Connector Event triggers are available in preview:

• Jira Cloud trigger
• ServiceNow trigger
• Zendesk trigger

For more information, see Connector Event triggers.

Multivariate time series forecasting with the ARIMA_PLUS_XREG model in BigQuery ML is now generally available (GA). This feature lets you perform time series forecasting with extra feature columns. For more information, see the ARIMA_PLUS_XREG information in the end-to-end user journey topic, and try the multivariate time-series forecasting from Seattle air quality data tutorial.

BigQuery ML has introduced new Explainable AI capabilities for better model explainability:

• You can now use the ML.EXPLAIN_FORECAST function with ARIMA_PLUS_XREG models.
• You can use the updated ML.EXPLAIN_FORECAST function to get explanations of the holiday effect for holidays in time series forecasting models (both ARIMA_PLUS and ARIMA_PLUS_XREG).
• You can now use the ML.GLOBAL_EXPLAIN function with AutoML Tables models for global model explainability.
• For Boosted Tree and Random Forest models, you can now use the approx_global_feature_contrib training option to use fast approximation for global feature contribution computation in model training, and the approx_feature_contrib option in the ML.EXPLAIN_PREDICT function to use the fast approximation for local feature contribution computation in model inference.

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• BigQuery Migration Service
  • bigquerymigration.googleapis.com/MigrationWorkflow

Cloud Build repositories (2nd gen) is now generally available. Cloud Build repositories (2nd gen) integrates directly with GitHub, GitHub Enterprise, GitLab, and GitLab Enterprise Edition and comes with end-to-end Terraform support. To learn more, see the Repositories overview page.

Workforce identity federation is generally available (GA) in Cloud Data Fusion.

The Cloud Data Fusion SAP ODP plugin supports extracting data through CDS views.

The Cloud Router custom learned routes feature is Generally Available (GA). For more information, see Custom learned routes.

Enterprise Search: Citations

Summary citations are now available in preview. Citations indicate from which search results specific sentences in the summary are taken.

For more information, see Get citations.

Enterprise Search: Ignore adverserial and non-summary seeking queries

You can now configure search requests so that adversarial queries and non-summary seeking queries do not include a summary in the response. This feature is in preview.

For more information, see Ignore adversarial queries and Ignore non-summary seeking queries.

Pro feature: Add a quick filter

Quick filters provide a flexible, ad hoc way to explore your data. Use quick filters to easily change how the data in the report is filtered without changing the report configuration for other users.

Learn more about quick filters.

Pro feature: Get a personal report link

A personal report link creates a copy of your report that is only accessible to the person who opens the link. Changes made to either the original or the private report will not affect the other report.

Learn more about personal report links.

Intervals for time series charts

You can add intervals to time series charts to show how much uncertainty there is in your data. Intervals can be represented as shaded bands (area intervals), boxes, lines, or other shapes, depending on the interval type you specify.

To add an interval to a time series chart, select the Add an interval option in the STYLE section of the properties panel.

Learn more about intervals

Lint result artifacts, or conformance reports, represent how conformant an API is with respect to the specified lint rules. Results in conformance report artifacts attached to an API spec revision are now displayed in the right pane of the API spec revision detail page. One of the following is displayed:

• No information to display.
  No style guide conformance information has been generated for this spec.
• No issues found.
  Style guide conformance scans found no issues with this spec.
• Warnings and Errors.
  Any errors or warnings are explained.
  An indicator also marks the corresponding line in the spec.

See also:

• How are lint results calculated?
• View a specification
• Manage revisions

BigQuery can now use search indexes to optimize some queries that contain the equal operator (=), IN operator, LIKE operator, or STARTS_WITH function to compare string literals with indexed data. This feature is in preview.

Release Notes 6.2.31

Added the ability to write comments on cases that have already been closed.

New API for Logs: Admin users can now retrieve raw python logs directly from the platform using the following API: POST/api/external/v1/logging/python

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Network Connectivity
  • networkconnectivity.googleapis.com/PolicyBasedRoute
• Database migration
  • datamigration.googleapis.com/PrivateConnection

Added support for Creating a Memcached instance that uses a specific IP address range.

Vertex AI Workbench instances are now available in Preview. Vertex AI Workbench instances combine features from managed notebooks and user-managed notebooks to provide a robust data science solution. Supported features include:

• Idle timeout
• BigQuery and Cloud Storage integrations
• End-user and service account authentication
• VPC Service Controls
• Customer managed encryption keys (CMEK)
• Health status monitoring
• Run notebooks on a schedule
• Dataproc integration

To get started, see Introduction to Vertex AI Workbench instances.

AlloyDB support for Data Residency is generally available (GA).

AlloyDB now supports setting up resource locations policies that can be used to constrain the location of new in-scope resources.

VPC Service Controls support for Batch is generally available (GA).

VPC Service Controls lets you create perimeters that protect the resources and data of Google Cloud services that you explicitly specify. For more information, see Overview of VPC Service Controls and Use VPC Service Controls with Batch.

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Service Directory
  • servicedirectory.googleapis.com/Endpoint
  • servicedirectory.googleapis.com/Service

Cloud Bigtable change streams are now generally available (GA). A change stream captures changes to data in a table as the changes happen, letting you stream them for processing or analysis. For more information, see Change streams overview.

Cloud SQL now supports default maintenance windows for your instances. With this release, an instance without a user-specified maintenance window is maintained outside of the typical business hours for the time zone that the instance is deployed in.

Cloud SQL now supports default maintenance windows for your instances. With this release, an instance without a user-specified maintenance window is maintained outside of the typical business hours for the time zone that the instance is deployed in.

Cloud SQL now supports default maintenance windows for your instances. With this release, an instance without a user-specified maintenance window is maintained outside of the typical business hours for the time zone that the instance is deployed in.

Spanner supports cascading deletes for foreign keys. For more information, see Foreign key actions.

Enabled TDX Guest support in the Linux Kernel.

Dialogflow CX has launched three new generative AI features. These features are generally available (GA), but access is limited and must be requested:

• Generative AI agent
• Generators
• Generative fallback

Also see the blog post announcing these features.

The following Form Parser (pretrained-form-parser-v2.0-2022-11-10) features are Generally Available (GA):

• General field extraction: You can extract 11 different types of entities from documents
• Enhanced checkbox detection
• Internationalization (i18n) support that covers over 200 languages
• Upgraded key-value pair (KVP) detection model

Form parser v2.1 (pretrained-form-parser-v2.1-2023-06-26) is in Public Preview, which uses our native PDF text extraction model on PDF documents.

Connectivity Tests now includes a feature that verifies connectivity from a VM to a Private Service Connect endpoint. For more information, see Create and run Connectivity Tests.

Connectivity Tests now includes a feature that verifies connectivity from a VM or an IP address to a load balancer. For more information, see Create and run Connectivity Tests.

Payload unwrapping for push subscriptions is now available. Payload unwrapping lets you deliver Pub/Sub messages stripped of all message metadata, except for the message data. With payload unwrapping enabled, message data is delivered directly as the HTTP body.

General availability support for the following integration:

• Batch

Model tuning updates for text-bison:

• Upgraded tuning pipeline now offers more efficient tuning and better performance on text-bison.
• New learning_rate parameter lets you adjust the step size at each iteration.

For details, see Tune language foundation models.

Primary and foreign key table constraints are now generally available. In addition to the features available in preview, you can now also manage constraints through the BigQuery API and view constraints in the BigQuery console.

You can now create synthetic monitors, which let you continuously test the availability, consistency, and performance of your services and application web pages and APIs, by using automated script based tests. Synthetic monitors periodically probe the endpoints of your application and they record whether or not a probe was successful, along with additional data about the request. For more information, see Synthetic monitoring overview.

You can now enable query insights for multiple instances at a time.

The Custom Document Splitter (CDS) within Document AI Workbench is now Generally Available (GA) for production use cases to split and classify multiple documents within a single file. With this release, all Workbench processors currently offered (Custom Document Extractor, Custom Document Classifier, and Custom Document Splitter) are available in GA.

Launched the following features for CDS:

• CDS now supports up to 1,000-page documents for async/batch prediction and up to 200-page documents when importing, labeling, training, or evaluating.
• CDS model evaluation for document split and classification
• Prepare a CDS training dataset faster by bulk labeling documents at import across multiple folders.

Released the the following enhancements for CDS:

• Improved labeling and evaluation experience with the ability to review overall document splits and classifications while viewing individual pages in a side-by-side view.
• Document names are now used in error messaging to improve troubleshooting.
• Hyphens are allowed in schema names.

Cloud Armor supports parsing of the GraphQL content-type in public preview. For more information, see POST body content parsing.

Cloud Armor allows you to filter using custom rules or apply Adaptive Protection based on originating client IP addresses in public preview. If you have an upstream proxy, you can use this feature to evaluate Cloud Armor rules against the original clients' IP addresses, rather than your upstream proxy's IP address. For more information, see the rules language reference.

Cloud Deploy now provides the ability to pass deploy parameters to your manifests, per delivery pipeline, per target, and per release (in preview).

Redis version 7.0 is now Generally Available for Memorystore for Redis.

Imagen on Vertex AI now offers the following Generally Available (GA) features:

• Image generation (text-to-image generation)*
• Image editing*
• Image visual captioning
• Visual Question Answering (VQA)

* Restricted access feature.

For more information about Imagen or how to get access to restricted GA or Preview features, see the Imagen on Vertex AI overview.

Imagen now supports human face generation for the following features:

• Image generation (text-to-image generation)*
• Image editing*

* Restricted access feature.

Human face generation is enabled by default, except for images with children and/or celebrities. For more information, see the usage guidelines.

The Vertex AI PaLM API has added support for the following languages:

• Spanish (es)
• Korean (ko)
• Hindi (hi)
• Chinese (zh)

For the complete list of supported languages, see Supported languages.

You can publish a service that is hosted on an internal passthrough Network Load Balancer that forwards traffic on all ports (--ports=all). This feature is available in General Availability.

Access Approval supports Cloud Tasks in the Preview stage.

Projects enrolled in the Security Command Center Premium tier now have access to SQL-like asset queries for that project. Previously asset queries were only available when an organization was enrolled in the Security Command Center Premium tier.

The PORTUGAL_SOCIAL_SECURITY_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Clusters that use a driver node group now configure YARN queues with user-limit-factor set to 2, allowing for a single user to burst to 2x utilization of capacity, which is set to 50. This achieves better resource utilization for workloads submitted by a single user.

Support for Firestore point-in-time recovery (PITR) feature that provides protection against accidental deletion or writes is now available in Preview.

Support for Firestore in Datastore mode point-in-time recovery (PITR) feature that provides protection against accidental deletion or writes is now available in Preview.

Enable GenAI search (private preview) to support large documents up to 25K words.

The managed Cloud Storage FUSE CSI driver for GKE is now GA in versions 1.26.5 and later. You can use this driver to consume Cloud Storage buckets for GKE workloads.

Pro feature: Scheduled delivery using Chat

Looker Studio Pro users can schedule reports to be delivered using Google Chat. You can send reports to individual recipients or to entire Chat spaces.

Pro feature: Filter by email address for scheduled reports

Looker Studio Pro users can add row-level security to the data in a report scheduled to be delivered through email.

Learn more about Chat delivery and filter by email address.

See report and data source location on the home page

The Location field on the Looker Studio home page shows where your Looker Studio assets live. For free Looker Studio users, you can see if a report or data source is owned by you or has been shared with you. For Looker Studio Pro users, you'll see whether the asset lives in your My Workspace, lives in a Team Workspace, or has been shared with you directly.

Recommendations from the IAM recommender are now available as findings in Security Command Center in a Preview release.

The following IAM recommender recommendations are now published as Vulnerability class findings in Security Command Center:

• IAM role has excessive permissions
• Service agent role replaced with basic role
• Service agent granted basic role
• Unused IAM role

For more information, see Security sources > IAM recommender.

Support for batch text (text-bison) requests is now available in (GA). You can review pricing for the chat-bison model at Vertex AI pricing page.

Added support for managing Anthos attached clusters in the Google Cloud console. You can now use a user-friendly graphical interface to manage your Amazon Elastic Kubernetes Service (EKS) and Azure Kubernetes Service (AKS) clusters on the Anthos platform. Using the Google Cloud console, you can view cluster status, update attached cluster components, and detach clusters.

For more information, including instructions, see the following documentation:

• View the status of your EKS attached cluster
• Update your EKS attached cluster
• Detach your EKS attached cluster
• View the status of your AKS attached cluster
• Update your AKS attached cluster
• Detach your AKS attached cluster

Preview release of non-VPC peering option for Apigee provisioning Apigee now supports a provisioning option that does not require VPC peering. With this approach, you are not required to provide networks and IP ranges during the Apigee provisioning process. Instead, you use Private Service Connect (PSC) for routing northbound traffic to Apigee and southbound traffic to target services running in your Google Cloud projects.

Non-VPC peering is supported for command-line (CLI) provisioning steps only. You can perform non-VPC provisioning for subscription, Pay-as-you-go, and evaluation installations of Apigee.

To learn more, see Apigee networking options.

The following BigQuery ML feature preprocessing functionality is now generally available (GA).

You can export models that use the TRANSFORM clause for feature preprocessing to the TensorFlow SavedModel format. There are 13 data types supported for TRANSFORM clause input, and 127 SQL functions supported for use within the TRANSFORM clause.

You can also now deploy a model trained with the TRANSFORM clause to Vertex AI and locally.

Use the following functions to perform feature preprocessing:

• ML.IMPUTER
• ML.LABEL_ENCODER
• ML.MAX_ABS_SCALER
• ML.MULTI_HOT_ENCODER
• ML.NORMALIZER
• ML.ONE_HOT_ENCODER
• ML.ROBUST_SCALER

Custom holiday modeling for time series forecasting is now in preview. This release offers the following features to improve the transparency, flexibility, and explainability of time series forecasting in BigQuery ML:

• New CREATE MODEL syntax to specify custom holiday modeling for time series models.
• The new ML.HOLIDAY_INFO function, which returns the list of holidays being modeled by an ARIMA_PLUS or ARIMA_PLUS_XREG time series forecasting model.
• An updated ML.EXPLAIN_FORECAST function, which includes an explanation of the holiday effect for each holiday included in the model.

A new public table, bigquery-public-data.ml_datasets.holidays_and_events_for_forecasting, has also been added to provide easy look-up of the built-in holidays used in time series forecasting models.

Try these features with the Use custom holidays in a time-series forecasting model tutorial.

Airflow 2.5.3 is available in Cloud Composer images.

Cloud SQL now offers two editions of Cloud SQL to support your various business and application needs: Cloud SQL Enterprise Plus edition and Cloud SQL Enterprise edition. Each edition provides different performance and availability characteristics to meet the needs of your applications.

Cloud SQL Editions are only available for Cloud SQL for MySQL and Cloud SQL for PostgreSQL.

For more information about Cloud SQL editions, see Introduction to Cloud SQL editions.

Cloud SQL now offers two editions of Cloud SQL to support your various business and application needs: Cloud SQL Enterprise Plus edition and Cloud SQL Enterprise edition. Each edition provides different performance and availability characteristics to meet the needs of your applications.

Cloud SQL Editions are only available for Cloud SQL for MySQL and Cloud SQL for PostgreSQL.

For more information about Cloud SQL editions, see Introduction to Cloud SQL editions.

Generally available: You can enable faster network packet processing by using the Data Plane Development Kit (DPDK). DPDK helps you to optimize VMs that run network-intensive workloads, such as video streaming or voice calls.

GKE Dataplane V2 observability is now available in Public Preview starting in GKE versions 1.26.4-gke.500 or later, or 1.27.1-gke.400 or later. You can now enable Dataplane V2 metrics and observability tools on your cluster. Dataplane V2 metrics are included in new Autopilot clusters and opt-in for new Standard clusters. You can opt-in to enable Dataplane V2 observability tools for Autopilot and Standard clusters. Existing clusters can also be updated to enable metrics and observability tooling.

For more information, check out GKE Dataplane V2 observability.

In GKE version 1.24 and later, new beta APIs are, by default, disabled in new clusters. Starting in version 1.27, which is the first new minor version since 1.24 where new beta APIs are introduced, you can enable new APIs on cluster creation or for an existing cluster.

For more information, see how to Use Kubernetes beta APIs with GKE clusters.

The new Border Radius option for custom embed themes lets you adjust how rounded the corners in dashboard tiles will appear.

The Lexp expression matches_filter now supports the tier, location, and zip code LookML field types.

BigQuery OAuth access for a user's Drive is now read-only.

Looker (Google Cloud core) now supports the following regions:

• us-east1 (South Carolina)
• europe-north1 (Finland)
• europe-west1 (Belgium)

Connecting VPC networks by using Network Connectivity Center is now available in Preview.

This feature lets you connect two or more VPC networks, represented as spokes, to a hub in the same or a different project for full mesh connectivity.

Cleanup policies for Artifact Registry are now in Preview. Cleanup policies help you manage artifacts by automatically deleting artifacts that you no longer need, while keeping artifacts that you want to store.

Deletions requested by Cleanup policies count against Artifact Registry delete request quota and limits.

When you create your first BackupPlan or RestorePlan resource for a cluster, the Backup for GKE agent is automatically installed in that cluster.

Backup for GKE agent now supports a blocklist for restoring cluster-scoped and namespaced resources. For more information, see the detail.

Global external Application Load Balancers now support Shared VPC configurations where the load balancer's forwarding rule, target proxy, and URL map, can be created in a host or service project, while the backend services and backends can be distributed across multiple service projects in the Shared VPC environment. This is referred to as cross-project service referencing.

Cross-project service referencing gives service developers and admins autonomy over the exposure of their services through the centrally managed load balancer.

For details, see:

• Shared VPC architectures
• Set up a global external Application Load Balancer with Shared VPC

This feature is available in Preview.

Cloud SQL now supports cancelling the import and export of data into Cloud SQL for MySQL instances.

MySQL 5.7.40 has been upgraded to 5.7.42. For more information, see MySQL 5.7 release notes.

Cloud SQL now supports cancelling the import and export of data into Cloud SQL for PostgreSQL instances.

Added support for customization on cnrm-webhook-manager pods resource requests/limits.

Added support for RunJob resource.

Added support for KMS key deletion when being orphaned.

Resource VPCAccessConnector(v1beta1):

• Added status.selfLink field.

Resource ComputeDisk(v1beta1):

• Added spec.guestOsFeatures field.
• Added spec.licenses field.

Resource ComputeImage(v1beta1):

• Added spec.storageLocations field.

Resource DataflowFlexTemplateJob(v1beta1):

• Added status.type field.

Resource DatastreamStream(v1alpha1):

• Added spec.sourceConfig.mysqlSourceConfig.maxConcurrentBackfillTasks field.

Resource GKEHubFeature(v1beta1):

• Added spec.spec.fleetobservability field.

Resource MonitoringAlertPolicy(v1beta1):

• Added spec.alertStrategy.notificationChannelStrategy field.
• Added spec.conditions.items.conditionThreshold.forecastOptions field.

Resource SQLInstance(v1beta1):

• Added spec.settings.advancedMachineFeatures field.

Resource StorageTransferJob(v1beta1):

• Added spec.transferSpec.awsS3DataSource.path field.

Dialogflow CX now supports speech recognition model selection.

Support for the northamerica-northeast2 (Toronto) region.

Support for the northamerica-northeast2 (Toronto) region.

You can now troubleshoot common GKE issues by using the new "interactive playbook" dashboards in Cloud Monitoring: unschedulable pods and crashlooping containers. You can also access the interactive playbooks from GKE UI insights and set alerts that will allow you to know once those issues occurs.

For information about using these dashboards, see the GKE troubleshooting documentation for unschedulable pods and crashlooping.

Starting in GKE version 1.27, cluster autoscaler always considers Compute Engine Reservations when making the scale-up decisions. The node pools with matching unused reservations are prioritized when choosing the node pool to scale up, even when the node pool is not the most efficient one. Additionally, unused reservations are always prioritized when balancing multi-zonal scale-ups.

For more information, see how to use cluster autoscaler.

Preview: Workload Manager now supports deploying SAP workloads on Google Cloud. You can configure and deploy a SAP S/4HANA system using the Guided Deployment Automation tool in Workload Manager. For more information, see About Guided Deployment Automation.

Anthos clusters on VMware 1.15.2-gke.44 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware. 1.15.2-gke.44 runs on Kubernetes 1.26.2-gke.1001.

PHP 7.4, 8.1, and 8.2 are now generally available. These versions require you to specify an operating system version in your app.yaml file. Learn more.

The following compliance programs now support the list of products below:

• Australia Regions with Assured Support
• Canada Regions and Support
• Canada Protected B
• Israel Regions and Support
• US Regions and Support

The following products are now supported. See supported products for more information:

• Cloud Data Loss Prevention
• Certificate Authority Service
• Cloud Composer

Backup and DR Service is now integrated with cloud Identity and Access Management (IAM). Refer to IAM roles and permissions to learn more.

Backup and DR Service is now integrated with cloud audit logging.

Backup and DR service now manages hotfixes on backup/recovery appliances.

Backup and DR Service significantly reduced recovery time objective (RTO) for Oracle databases by bringing up production workloads almost instantly, running from backup storage, and then migrating the database to production storage online—while applications are up and running.

Chronicle provides multiple methods to define how data in original raw logs are parsed and normalized to a Unified Data Model (UDM) record. Using the Self Service Parser Management feature, customers can now create and customize parsers. For more information, see Overview of log parsing and Manage prebuilt and custom parsers.

Committed use discounts are now generally available (GA) for Cloud Bigtable in exchange for a commitment to continuously spend a certain amount on Bigtable nodes for one year or three years. For details, see Committed use discounts.

Time ranges are now synchronized between select Logging and Monitoring pages.

Preview: You can use instant snapshots to take in-place disk backups that can be restored to new disks under a minute.

Instant snapshots are ideal for rapid data restoration within the same location as the source disk. For more information, see Instant snapshots.

Enterprise Search: Snippets with hit highlighting

Snippets in search responses are available with hit highlighting for rendering in UIs.

For more information, see Use snippets and extracted content.

Enterprise Search: Languages

Search and snippets results are supported in English (en-US), Spanish (es-ES), German (de-DE), and Italian (it-IT).

For more information, see Languages.

The new release of the GKE Gateway controller (2023-R2) is now generally available. With this release, the GKE Gateway controller will provide the following new capabilities:

• New GatewayClasses supporting the regional external Application Load Balancer
• Identity-aware Proxy (IAP) Integration
• Custom request and response headers
• URL Rewrites and Path Redirects

To learn more, see the supported capabilities per GatewayClass.

Content encryption (DRM) is now supported.

Job processing optimizations can now be disabled.

You can now set the priority of individual jobs in batch mode.

Support for PaLM 2 for Chat (chat-bison) is now available in (GA). You can review pricing for the chat-bison model at Vertex AI pricing page.

Batch is available in the following regions:

• asia-northeast2 (Osaka)
• asia-northeast3 (Seoul)
• australia-southeast1 (Sydney)
• europe-west1 (Belgium)
• europe-west9 (Paris)

For more information, see Locations.

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Cloud Spanner
  • spanner.googleapis.com/InstanceConfig

You can now troubleshoot common GKE issues like unschedulable pods and crashlooping containers by using the new "interactive playbook" dashboards in Cloud Monitoring. For information about using these dashboards, see the GKE troubleshooting documentation for unschedulable pods and crashlooping.

Cloud SQL for MySQL now supports up to 500,000 tables for instances that meet the minimum hardware requirements of 32+ cores and 200G+ memory. For more information, see table limit.

Custom audit logging for Cloud Storage is now generally available (GA). In addition to using the Cloud Storage JSON API, you can now attach custom information to audit logs for requests by using the following tools:

• The gcloud or gsutil command-line tools
• The Cloud Storage client libraries
• The Cloud Storage XML API
• Signed URLs

The goog-dataproc-batch-id, goog-dataproc-batch-uuid and goog-dataproc-location labels are now automatically applied to Dataproc Serverless batch resources.

Dataproc Serverless for Spark now supports updating the BigQuery connector using the dataproc.sparkBqConnector.version and dataproc.sparkBqConnector.uri properties see Use the BigQuery connector with Dataproc Serverless for Spark.

Multiple databases now available in Preview.

Multiple databases now available in Preview.

Anthos clusters on VMware 1.14.6-gke.23 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.14.6-gke.23 runs on Kubernetes 1.25.10-gke.1200.

Preview release of Pay-as-you-go pricing with updated attributes

Apigee is updating its Pay-as-you-go pricing model, making it possible to start using Apigee at a significantly reduced initial cost and right-size ongoing expenses to match precise usage.

To learn how to get started with the updated Pay-as-you-go pricing experience, see Pay-as-you-go (updated attributes) pricing overview.

Preview release of new environment types

Apigee announces the Preview release of three distinct environment types: Base, Intermediate, and Comprehensive. Each environment type offers varying degrees of capabilities and costs; you can tailor pricing to suit your needs.

For more information, see Apigee Pay-as-you-go environment types.

Preview release of standard and extensible API proxies

Apigee announces the Preview release of standard and extensible API proxies, available for use with preview organizations using Pay-as-you-go (updated attributes) pricing.

For more information about standard and extensible API proxies, see API proxy types.

Preview release of new HTTPModifier and ReadPropertySet policies and templating support for message <URL> elements

Apigee announces the Preview release of the HTTPModifier and ReadPropertySet policies.

The HTTPModifier policy can change an existing request or response message and provides a subset of the functionality already available in the AssignMessage policy. See HTTPModifier policy.

The ReadPropertySet policy reads property sets and populates flow variables with the results. See ReadPropertySet policy.

HTTPModifier and ReadPropertySet are standard policies. Proxies built exclusively with standard policies are called standard proxies and can be deployed to any environment type. See Pay-as-you-go (updated attributes) pricing overview.

This release also includes template support for message <URL> elements. See URL templating.

Spanner Data Boost lets you execute analytics queries and data exports with near-zero impact to existing workloads on your provisioned Spanner instance. This feature is now generally available (GA) in the following regions:

• asia-northeast1 (Tokyo)
• us-central1 (Iowa)
• southamerica-east1 (São Paulo)
• europe-west1 (Belgium)
• europe-west2 (London)
• europe-west3 (Frankfurt)

When you create dashboards, you can make use of the following enhancements to UDM Events Explore:

• Search and navigation improvements. When you navigate or search for events in UDM Events Explore, the results appear instantly and field names are easy to identify.
• Improvements to field names and descriptions. The field names and path are now consistent with the pattern used in Detection Engine rules and UDM search. For example, the field name Udm Events Principal Hostname now appears as UDM principal.hostname as in documentation. Also, in addition to online help, in-context descriptions are available for UDM fields. For example, deprecated fields are indicated by the suffix [D] in the field name.
• User experience improvements in UDM Events Explore. When you use UDM Events Explore, user experience is improved by removing unused and rarely used fields. Also, you can filter based on the grouped fields.
• Field conversion improvements. Added fields that automatically handle conversion of formats. Here are some examples:
  • Enum fields also contain human readable values. For example, the values for the UDM.network.ip_protocol enum also appear as ICMP, TCP, and UDP instead of 1, 2, and 3.
  • Timestamp fields are available in multiple date formats. Previously, timestamp fields were available only in nano and second formats.
  • Location fields are parsed accurately and can be used in maps.
• Report improvements. Made data in reports up-to-date by using the events table in BigQuery. Also, existing reports that previously used udm_events will use the events table.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• Dataplex
  • dataplex.googleapis.com/DataScan
  • dataplex.googleapis.com/Environment

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Cloud KMS
  • cloudkms.googleapis.com/EkmConfig

The Cloud Load Balancing Console now allows you to see the equivalent API code for actions you take in the Console. When you create or update a load balancer, before you click Create or Update, you can click Equivalent Code to view the load balancer API resources that will be created, updated, or deleted.

This capability is in General Availability.

The Google Cloud console can now automatically install the Ops Agent for you when you create a VM instance. During the installation process, the Compute Engine VM Manager creates an Ops Agent OS policy that installs the agent and reinstalls it when necessary. For more information, see Install the Ops Agent during VM creation.

The Google Cloud console can now automatically install the Ops Agent for you when you create a VM instance. During the installation process, the Compute Engine VM Manager creates an Ops Agent OS policy that installs the agent and reinstalls it when necessary. For more information, see Install the Ops Agent during VM creation.

Cloud SQL now supports non-RFC 1918 IP address ranges, including privately used public IP addresses. This enables you to create instances and replicas in a non-RFC 1918 IP address range. Additionally, you can connect to an instance from an application that is running in a non-RFC 1918 IP address range.

Cloud SQL now supports non-RFC 1918 IP address ranges, including privately used public IP addresses. This enables you to create instances and replicas in a non-RFC 1918 IP address range. Additionally, you can connect to an instance from an application that is running in a non-RFC 1918 IP address range.

Cloud SQL now supports non-RFC 1918 IP address ranges, including privately used public IP addresses. This enables you to create instances and replicas in a non-RFC 1918 IP address range. Additionally, you can connect to an instance from an application that is running in a non-RFC 1918 IP address range.

Generally available: You can now use a regional Persistent Disk as a VM boot disk.

Dialogflow CX conversation history has been promoted from Preview to GA (generally available).

Vertex AI model evaluation is now generally available (GA) with the following new Preview features:

• Model evaluation with sliced metrics.
• Model evaluation with fairness and bias metrics.
• Vision error analysis for AutoML image classification models.

Support to define environment variables at deployment time is available in Preview. See the blog post: Custom Environment Variables in Workflows.

The extension pgvector has been added to the extensions supported by AlloyDB. For more information, see Announcing vector support in PostgreSQL services to power AI-enabled applications.

You can use the LOAD DATA SQL statement to load data from Avro, CSV, newline delimited JSON, JSON, ORC, or Parquet files into a table. This feature is generally available (GA).

The slot estimator now provides cost-optimal commitment and autoscale recommendations based on editions pricing and historical performance metrics. This feature is in preview.

The fail-safe period is now generally available (GA). The fail-safe period offers an additional seven days of data storage after the time travel window, so that the data is available for emergency recovery. Billed costs won't include the bytes used for fail-safe storage until July 17th, 2023.

The ability to use physical bytes for storage billing is now generally available (GA). When you set your dataset's storage billing model to use physical bytes, the total active storage costs you are billed for includes the bytes used for time travel and fail-safe storage. For more information, see Dataset storage billing models.

The ability to configure the time travel window is now generally available (GA). You can specify the duration of the time travel window from a minimum of two days to a maximum of seven days.

You can now restrict data egress on Analytics Hub listings. This feature is now in preview.

Long running jobs greater than 1 hour are now supported (in Preview).

Dialogflow CX now provides prebuilt components, which are prebuilt flows that handle common scenarios and accelerate agent development.

The following Dialogflow CX features have been promoted from Preview to GA (generally available):

• GitHub export/restore
• Interaction logging export to BigQuery

You can use Policy Troubleshooter to troubleshoot deny policies. This feature is in Preview.

Moving a reserved external IPv4 address from one project to another is available in General Availability.

Certificate Authority Service now supports Workforce identity federation.

Cloud Composer 2 is now available in Tel Aviv (me-west1).

Cloud Workstations is available in the australia-southeast1 region (Sydney, Australia, APAC). For more information, see Locations.

Samples in C++ are available for Batch. Documentation has been updated to include the following samples:

• Create a basic container job
• Create a basic script job
• Create and run a job that uses storage volumes
• Define job resources using a VM instance template
• Delete a job
• View a list of your jobs
• View the details of a job
• View a list of a job's tasks
• View the details of a task
• View logs for a job

For more information, see All Batch code samples.

Access Approval supports Memorystore for Redis in the Preview stage.

Vectorized join is available in Preview. Part of the AlloyDB columnar engine, vectorized join can improve the performance of joins by applying vectorized processing to qualifying queries.

Fault injection lets you test the resilience of a cluster's primary instance by simulating a sudden outage of its active node. This triggers the AlloyDB high availability feature that automatically promotes the instance's standby node to become the new active node.

Pre-install Cluster Check Kubernetes job

Starting in version 1.10, Apigee hybrid offers a new tool that examines the hybrid cluster before you install the hybrid runtime. See Step 8: Check cluster readiness .

Automated Issue Surfacing (AIS)

Starting with Apigee hybrid 1.10, Apigee hybrid offers a new tool that examines the hybrid runtime and surfaces issues by running a kubectl command. If the tool detects errors in the cluster, it returns a detailed error message. The error message contains a link to the troubleshooting guide for that specific error. See Automated issue surfacing and Configuration property reference, watcher.

Support for AppGroups (preview)

Starting in version 1.10, Apigee hybrid supports AppGroups, which represent a relationship between one or more apps that are managed by the same set of people. For information, see Using AppGroups to organize app ownership.

AppGroups is in preview as of the Apigee hybrid 1.10 release. See the AppGroups preview launch announcement for details.

Support for environment-level scaling

Starting in version 1.9.3, Apigee hybrid added the following environment configuration properties that enable you to specify environment-specific scaling in the overrides.yaml file:

• envs[].runtime.replicaCountMax
• envs[].runtime.replicaCountMin
• envs[].synchronizer.replicaCountMax
• envs[].synchronizer.replicaCountMin
• envs[].udca.replicaCountMax
• envs[].udca.replicaCountMin

Documentation: Environment-based scaling

Go repositories are now generally available.

Storage and network egress charges apply to all formats that are generally available.

The EU Regions and Support with Sovereignty Controls compliance program now supports the following products. See Supported products for more information:

• Artifact Registry
• BigQuery
• Cloud Composer
• Dataproc

The IL5 compliance program is now generally available.

Metadata caching is now available for BigLake tables that reference Amazon S3 data. This feature is in preview. Using cached metadata might improve query performance for BigLake tables.

Reverse scans in Cloud Bigtable are now available in Preview. For details, see Reverse scans.

The maximum retention period for a Cloud Bigtable backup has been increased from 30 days to 90 days, giving you more robust data protection and data quality control. This feature is generally available (GA). For more information on how Bigtable backups work, see About backups.

You can use custom constraints to provide more granular and customizable control over specific fields for VPC firewall rule resources. For more information, see Manage firewall resources by using custom constraints. This feature is available in Preview.

For our preferred partners and allowlisted customers, Private Service Connect is now available. This solution allows you to connect to a Cloud SQL instance from multiple VPC networks that belong to different groups, teams, projects, or organizations. To use Private Service Connect, contact your Technical Account Manager.

For our preferred partners and allowlisted customers, Private Service Connect is now available. This solution allows you to connect to a Cloud SQL instance from multiple VPC networks that belong to different groups, teams, projects, or organizations. To use Private Service Connect, contact your Technical Account Manager.

You can suspend and resume E2 VMs.

ServiceNow is now available as a native, fully integrated CRM, providing a more efficient and streamlined configuration process that includes embedded agent adapters. Previously, ServiceNow could only be integrated using the Generic API Custom CRM solution. For details, see the ServiceNow integration documentation.

External Storage dynamic folder path and filename formats: CCAIP offers this new capability for the External Storage configuration feature. Dynamic folder path and filename formats offer more flexibility for storing your call recordings, chat transcripts, voicemails, photos, videos, and co-browsing files. You can now include run-time variables like {DATE}, {SESSION_ID}, and {SESSION_TYPE} in the path and configure custom filename formats with sub-paths. See the documentation for details.

Alvaria WFM integration is now available as an out-of-the box data export. You can enable it using Developer Settings > Session Data Export > Manage Data Export Settings. You have the option of exporting either a basic session data report at intervals of 15, 30 or 60 minutes, or a daily agent productivity report. The reports can be delivered to either a Google Cloud or Amazon S3 storage bucket.

Call recordings separated by segments: You can now choose to receive one recording per call segment instead of all call segments in a single recording. Separate call recordings allow more flexible call analysis and more efficient issue resolution. See the Queue and menu settings documentation for details.

Support for ENUM and CITEXT data types is now added for PostgreSQL sources.

Support for revert snapshot operations is now available for high scale SSD instances (Preview).

Enterprise Search: Image search

Search for images on your website. Provide an image (Base64 encoded PNG, JPG, or BMP) as the query and use an API method to return similar images.

For more information, see Search for images using a website search engine.

Enterprise Search: Extractive answers

Extractive answers are available in preview. An extractive answer is verbatim text that is returned with each search result. This text is extracted directly from the search result document and is typically displayed near the top of web pages to provide an end user with a brief answer that is contextually relevant to their query.

For more information, see Use snippets and extracted content.

Enterprise Search: Extractive segments


Extractive segments are available in preview. An extractive segment is verbatim text that is returned with each search result and is usually more verbose than an extractive answer. Extractive segments can be displayed as an answer to a query and be used in post-processing tasks and as input for large language models to generate answers or new text.

For more information, see Use snippets and extracted content.

Enterprise Search: OCR processing

Optical character recognition (OCR) processing is available, improving parsing and segmentation of PDF files at data ingestion. This enables Gen App Builder to take into account structures such as paragraphs and tables when ingesting your documents, providing more accurate search results, snippets, and summarizations. To request this functionality, contact your Google Cloud account team.

For more information, see OCR processing.

Improvements to bar and combo charts

You can configure the following options for bar charts and combo charts with bars from the STYLE tab of the properties panel:

• For stacked bar charts, 100% stacked bar charts, and combo charts with stacked bars, you can choose between the default Metric value label type and the Stacked label type. For stacked bar charts, you can also choose the Total label type.
• You can use the Bar label position setting to specify the position of the bar label relative to the bars or columns in the chart.
• In the Chart spacing section, you can define custom spacing between bars and groups of multiple bars.
• You can select the Bar border color icon to choose a custom color for bar or column borders.

Learn more about bar charts and combo charts.

Audit logging for team workspaces

You can now view Team Workspace log events in the Admin Console (Security Investigation Tool). To see these events, filter the log by choosing Team Workspace as the asset type.

Learn more about Looker Studio log events.

The following products are now supported. See Supported products for more information:

• Artifact Registry
• BigQuery
• Cloud Composer
• Dataproc

Vertex Explainable AI

Support for example-based explanations is now generally available (GA).

You can use custom constraints to provide more granular and customizable control over specific fields for some VPC resources. For more information, see Manage VPC resources by using custom constraints. This feature is available in Preview.

Support for invoking a VPC Service Controls-compliant private endpoint is available in Preview.

Three functions are available: map.merge takes two maps, creates a copy of the first map, and adds items from the second map to the copy; map.merge_nested recursively adds items from a map to a copy of another map; uuid.generate returns a random universally unique identifier.

Access Approval supports Application Integration in the Preview stage.

Release 1.13.9

Anthos clusters on bare metal 1.13.9 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.9 runs on Kubernetes 1.24.

The API supports the following capabilities:

• Model tuning through engineConfig resources
• Backtesting and prediction using a model
• Exporting metadata from an engine config, model, backtest, or prediction resource

The ITAR compliance program now supports BigQuery. See Supported products for more information.

Support for the following compliance programs is now generally available (GA):

• EU Regions and Support with Sovereignty Controls
• Sovereign Controls by Partners
• International Traffic in Arms Regulation (ITAR)

Google has added Israel (Tel Aviv) as a new region for Chronicle customers. Chronicle can now store customer data in this region. This also adds a new regional endpoint for Chronicle APIs at https://me-west1-backstory.googleapis.com.

A new metric was added to monitor exit_codes of task runners: composer.googleapis.com/workflow/task_runner/terminated_count.

(Airflow 2.4.3) Logs produced in Airflow DAG callbacks are now visible in Cloud Logging under the "DAG processor manager" logs section. This feature was previously available only in images with Airflow 2.5.1.

(Airflow 2.4.3) Changed the severity of triggerer watchdog messages from error to warning and updated the message's content to be more informative. This feature was previously available only in images with Airflow 2.5.1.

Preview: c3-standard and c3-highmem machine types are now available for general-purpose C3 VMs.

Added support for GPUDirect-TCPX.

Added support for Premium compute and storage pricing tiers for Dataproc Serverless Spark workloads. Premium compute offers higher performance per core, and Premium storage offers higher throughput and IOPs. To use Premium compute and storage, set the following Spark runtime environment properties:

• spark.dataproc.(driver|executor).compute.tier=premium
• spark.dataproc.(driver|executor).storage.tier=premium.

Identity Document AI (IDAI) photo copy detection in ID proofing (Preview)

Updated the pretrained-id-proofing-v1.1-2023-05-18 ID proofing processor for all Document AI users.

This processor includes a new output entity fraud_signals_photocopy_detection that signals if an attached image might be a photocopy. The entity can be one of the following values: POSSIBLE_PHOTOCOPY, PASS, or INCONCLUSIVE.

Generally Available: Migrate to Virtual Machines lets you migrate your VM instances running on Google Cloud VMware Engine to VM instances running on Compute Engine.

Vertex AI Codey APIs

The Vertex AI Codey APIs are now generally available (GA). Use the Codey APIs to create solutions with code generation, code completion, and code chat. Because the Vertex AI Codey APIs are GA, you incur usage costs if you use them. To learn about pricing, see the Generative AI support on Vertex AI pricing page.

The models in this release include:

• code-bison (code generation)
• codechat-bison (multi-turn code chat)
• code-gecko (code completion)

The maximum tokens for input was increased from 4,096 to 6,144 tokens for code-bison and codechat-bison to allow longer prompts and chat history. The maximum tokens for output was increased from 1,024 to 2,048 for code-bison and codechat-bison to allow for longer responses.

Additional programming languages are supported. For more information, see Supported coding languages.

Several fine-tuning datasets were removed from the code-bison and codechat-bison models to implement the following improvements:

• Excessive chattiness.
• Artifacting, such as NBSP (non-breaking space) characters.
• Low quality code responses.

To learn about cloud horizontals, please see Vertex AI certifications.

Vertex AI Pipeline task-level logs are now generally available (GA) in Cloud Logging. Additionally, from Cloud Logging you can route pipeline logs to a Pub/Sub sink to power your event-driven architecture. For more information, see View pipeline job logs.

The constraint template library includes a new template: K8sRequireBinAuthZ. For reference, see the Constraint template library.

The constraint template library includes a new template: K8sRestrictAutomountServiceAccountTokens. For reference, see the Constraint template library.

The constraint template library includes a new template: K8sRestrictRoleRules. For reference, see the Constraint template library.

The Cloud Bigtable metric Five-second maximum requests per minute is now generally available (GA). This metric measures the maximum number of requests received in a five-second span per minute to help you identify short bursts of traffic. For a full description, see Metrics.

Global external Application Load Balancers now support outlier detection for serverless NEG backends. Outlier detection analysis identifies unhealthy serverless NEGs based on their HTTP response patterns, and reduces the error rate by routing some of the new requests from unhealthy services to healthy services. For more details, see the following topics:

• Serverless NEG concepts: Outlier detection
• Enable outlier detection

Generally Available: Persistent Disk Asynchronous Replication (PD Async Replication) is now generally available. For more information, see About Persistent Disk Asynchronous Replication.

Dialogflow CX now supports flow scoped parameters.

The following document OCR features are Generally Available (GA). Use document OCR's configurations to optimize for stability, quality, and specific response requirements.

• Intelligent Document Quality Analysis
• Native Text from Digital PDF
• Symbol level extraction
• Language hints

Support for DOCX is in Preview. You can synchronously process DOCX files that are up to 15 pages, or asynchronously process DOCX files that are up to 30. For access, send us a request.

Added fixes to our doc.proto-to-vision.proto conversion tool, which facilitates migration from Vision API Text Detection to document OCR

Google Cloud VMware Engine now supports ESXi syslog forwarding, including distributed firewall logs, which provides more visibility into security events on VMware Engine instances. VMware Engine is also releasing additional security controls that will enable you to manage permissions elevation.

This enhanced security model gives you more granular control over how Google support staff access your VMware Engine instances for workloads that require additional controls due to regulatory or compliance reasons. Please contact support for assistance with configuring these services.

Google Cloud VMware Engine now supports Terraform for private cloud, cluster, and network management. This release covers Create, Update, and Delete commands for private cloud resources. The VMware Engine Terraform provider enables Infrastructure-as-Code for your VMware Engine Environment.

To learn more about these new features and how to get started, please visit the VMware Engine documentation on the Hashicorp site and review the IaC Foundations blueprint.

IAM authentication for AlloyDB is available in Preview. You can add a role to Identity and Access Management (IAM) user or service accounts that lets them log into AlloyDB instances as database users.

The columnar engine now supports columns with the following data types:

• boolean
• bytea
• enum
• uuid

Public preview of AppGroups

Introduces the concept of AppGroups, which represent a relationship between one or more apps that are managed by the same set of people. For information, see Using AppGroups to organize app ownership.

Note that the purpose of this release is to support upgrades from Apigee Edge customers who used company-apps without monetization; however, it is available to any Apigee X/hybrid customer during the public preview stage.

You can now enable batch write flow control when you use Dataflow to send batch writes to Cloud Bigtable. This generally available (GA) feature automatically rate-limits traffic to avoid cluster overload and works with Bigtable autoscaling to ensure the optimal number of nodes is available to handle the batch write. For more information, see Batch write flow control.

Generally available: NVIDIA A100 80GB GPUs are now available in the following additional regions and zones:

• Ohio, North America: us-east5-b

For more information about using GPUs on Compute Engine, see GPU platforms.

Dialogflow CX has added the following system functions:

• IS_CREDIT_CARD_NUMBER
• IS_DATE
• IS_FUTURE_DATE
• IS_PAST_DATE
• IS_PHONE_NUMBER
• NESTED_FIELD
• ROUND
• TO_OBJECT
• TO_PHONE_NUMBER
• UPPER

Eventarc events and Firestore in Datastore mode events for Cloud Functions (2nd gen) now available in Preview.

Access Approval supports Eventarc in the GA stage.

API hub has been upgraded to use a later version of the Registry API open-sourced project. See v0.6.13 on GitHub for changes and links to previous revisions that are also included in this update. Note that this update (like all previous updates), overwrites project-level artifacts that configure API hub displays including display settings, taxonomies, and lifecycles. In future releases, we will no longer overwrite project-level artifacts.

Node.js 20 is now generally available. Note that Node.js 20 enters long-term support (LTS) in October and is the Node.js "Current" version until that time. We encourage you to explore the new features and benefits included in this release to evaluate their potential impact on your applications. For more information, see the Node.js 20 announcement .

PHP 7.4, 8.1, and 8.2 are now available in preview. These versions require you to specify an operating system version in your app.yaml file. Learn more.

The Node.js 20 runtime for App Engine standard environment is now generally available. Note that Node.js 20 enters long-term support (LTS) in October and is the Node.js "Current" version until that time. We encourage you to explore the new features and benefits included in this release to evaluate their potential impact on your applications. For more information, see the Node.js 20 announcement .

Data Transformer Script task (Preview)

The Data Transformer Script task is a template engine based data mapping feature available in Application Integration. With the Data Transformer Script task and the supported Data Transformer functions, you can create and evaluate custom Jsonnet templates in order to perform data mapping in your integration.

For more information, see Data Transformer Script task.

You can now create stored procedures for Apache Spark using Java or Scala. You can also use the Google Cloud console PySpark editor to add options for stored Python procedures for Apache Spark. This feature is in Preview.

Address groups are a logical collection of either IPv4 address ranges or IPv6 address ranges in CIDR format. You can use address groups to define consistent sources or destinations referenced across multiple rules in the same or different firewall policies. This feature is available in General Availability.

Cloud SQL now supports SQL Server 2022. The default version continues to be SQL Server 2019 Standard. For more information, see Database versions and version policies.

Cloud Storage FUSE is now generally available.

Generally available: For managed instance groups (MIGs), Google Cloud Console provides you with an improved way to configure autoscaling based on Cloud Monitoring metrics. The redesigned user interface enables you to explore available metrics and filters. You can visualize the metric values in a chart, which also displays the aggregated value used for autoscaling.

M109 release

• Pytorch 2.0 with Python 3.10 and CUDA 11.8 container images are now available.
• Miscellaneous software updates.

M109 release

• Pytorch 2.0 on Debian 11 with Python 3.10 and CUDA 11.8 images are now available.
• GPU-based Deep Learning VM Images now installs Nvidia drivers with the new open kernel modules if started on an A2 or G2 machine instead of the proprietary kernel modules.
• Miscellaneous software updates.

Managed Service for Prometheus is enabled by default in new GKE Standard clusters running version 1.27 and later. Existing clusters that upgrade to 1.27 will not automatically enable this feature. For more information, see Enable managed collection: GKE.

Entities are available as a way to subdivide your retail organization into more than one segment. For example, entities can represent different regions where stores are located or differently branded stores, such as acquisitions. Recommendations, search results, and autocomplete can give results tailored specifically for an entity.

For more information, see Entities.

The Data quality page assesses the quality of your product catalog and user event data and shows you which search performance tiers you have unlocked for Retail Search.

For more information, see Unlock search performance tiers.

The Data quality page replaces the Data Quality panel which was on the Retail console Data page.

M109 release

The M109 release of Vertex AI Workbench user-managed notebooks includes the following:

• Pytorch 2.0 with Python 3.10 and CUDA 11.8 user-managed notebooks instances are now available.
• Miscellaneous software updates.

The M109 release of Vertex AI Workbench managed notebooks includes the following:

• Fixed a bug that caused high cpu utilization due to excessive internal diagnostic tool processes.
• Fixed a bug that was showing incorrect kernel image icons in the Jupyterlab launcher.

Support for Customer-Managed Encryption Keys (CMEK) is generally available (GA).

Release 1.14.6

Anthos clusters on bare metal 1.14.6 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.6 runs on Kubernetes 1.25.

The Chronicle Data in BigQuery feature, including the export pipeline and events table, has been improved. Data for the events table is stored as parquet files in Google Cloud Storage which provides more flexibility for users who want to export data. See Chronicle documentation for more information about data export to BigQuery, the events table, and the BigQuery Access API.

The Cloud Build Security insights panel that displays security metrics such as Supply-chain Levels for Software Artifacts (SLSA) level for built artifacts, vulnerabilities, and build details is now generally available.

Cloud Build now provides the ability to upload npm packages to Artifact Registry automatically and generate Supply-chain Levels for Software Artifacts (SLSA) Level 3 build provenance. This feature is generally available. For more information, see Build and test Node.js applications.

The Java runtime now supports projects that use Maven wrappers.

Cloud Spanner Data Boost lets you execute analytics queries and data exports with near-zero impact to existing workloads on your provisioned Spanner instance. This feature is now generally available (GA) in the following regions:

• asia-northeast1 (Tokyo)
• asia-south1 (Mumbai)
• us-central1 (Iowa)
• nam3 (North America)
• southamerica-east1 (São Paulo)
• europe-west-1 (Belgium)
• europe-west2 (London)
• europe-west3 (Frankfurt)

For more information, see Data Boost overview.

Preview: You can now use custom constraints to provide more granular and customizable control over specific fields for some Compute resources. For more information, see Manage Compute Engine resources using custom constraints.

Eventarc support for creating triggers for direct events from the following sources is available in Preview:

• AlloyDB for PostgreSQL
• Backup for GKE
• Cloud Dataplex
• Dataproc Metastore
• GKE Hub
• Google Cloud Memorystore for Redis
• Network Connectivity
• Network Management
• User-managed notebooks (Notebooks)
• Vision AI
• VM Migration

Automatic GPU driver installation is available in version 1.27.2-gke.1200 and later, which enables you to install NVIDIA GPU drivers on nodes without manually applying a DaemonSet.

For instructions, see Running GPUs.

Release 1.15.2

Anthos clusters on bare metal 1.15.2 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.15.2 runs on Kubernetes 1.26.

The Java runtime now supports using Maven wrappers for managing your project's dependency on Maven.

The Java runtime now supports using Maven wrappers for managing your project's dependency on Maven.

The Java runtime now supports using Maven wrappers for managing your project's dependency on Maven.

You can now share a dashboard file between instances or within an instance between different users. The dashboard can be shared without manually creating copies.

Spanner Vertex AI integration is now generally available. You can use Vertex AI with GoogleSQL to enhance your Spanner applications with machine learning capabilities. For more information, see About Spanner Vertex AI integration.

You can now prevent Cloud Deploy from overprovisioning GKE and Anthos pods during a canary deployment.

GKE Autopilot now supports the ability to deploy your own service mesh. Many service meshes, such as Istio or LinkerD, require CAP_NET_ADMIN Linux capability to function, which is disabled on Autopilot clusters by default to reduce the size of the security attack surface. You can now optionally enable NET_ADMIN on your Autopilot clusters if you need this capability for your service meshes or other opt-in use cases. See Autopilot Security for more information for how to enable NET_ADMIN.

You can trigger service agent creation instead of waiting for service agents to be created automatically. This feature is in Preview.

AlloyDB cross-region replication is generally available (GA).

TRUNCATE TABLE is now supported for multi-statement transactions. This feature is now generally available (GA).

Certificate Authority Service is now available in the following regions:

• me-central1
• europe-west12

For more information, see Certificate Authority Service locations.

The following Google Cloud CLI commands are generally available (GA):

• gcloud workstations
• gcloud workstations configs
• gcloud workstations clusters

GKE support for Hyperdisk Throughput and Hyperdisk Extreme as an attached persistent disk option is now generally available. Support is available for both Autopilot and Standard clusters running GKE versions 1.26 and later.

Event Threat Detection, a built-in service of Security Command Center, released the following new rules to General Availability.

• Initial Access: Dormant Service Account Action
• Privilege Escalation: Dormant Service Account Granted Sensitive Role
• Persistence: Impersonation Role Granted For Dormant Service Account
• Initial Access: Dormant Service Account Key Created

For more information, see Event Threat Detection rules.

Access Approval supports Cloud Run in the Preview stage.

You can now view storage volume and LUN metrics in the Google Cloud console. This feature is in preview.

You can now rename your Bare Metal Solution resources, including servers, networks, storage volumes, and NFS shares. This feature is generally available (GA).

Cloud Client Libraries for C++ are available for the Batch API. For more information, see the reference documentation.

Metadata caching is now generally available (GA). Using cached metadata might improve query performance for BigLake tables and object tables that reference large numbers of objects, by allowing the query to avoid listing objects from Cloud Storage.

This release includes support for the following new features:

• Protecting metadata cache data with customer-managed encryption keys.
• Statistics on metadata cache usage.
• Table statistics for better query plan performance.

Metadata cache usage is billed going forward. For more information, see Costs.

BigQuery now supports querying Apache Iceberg tables that are created by open source engines. This feature is now generally available (GA).

(Airflow 2.5.1 only) Logs produced in Airflow DAG callbacks are now visible in Cloud Logging in the "DAG processor manager" logs section.

DataprocSubmitJobOperator now supports data lineage for Hive, SparkSQL, Presto, and Trino jobs.

DDoS attack visibility is now available in public preview. For more information, see Access DDoS attack visibility telemetry.

Network edge security polices are now available in public preview to allowlisted users. For more information about network edge policies, see Types of security policies. In addition, you can learn how to Configure network edge security policies.

You can now use VPC Service Controls to secure your live streams.

A100 80GB accelerators are now generally available (GA) for custom training jobs in the following regions:

• asia-southeast1
• europe-west4
• us-central1
• us-east4

For more information, see Locations.

The connection preference for a Private Service Connect published service can be configured on the VPC network level in addition to project level. For more information, see Publish a service with explicit approval. This feature is available in General Availability.

Service consumers can use organization policies with the compute.restrictPrivateServiceConnectProducer list constraint to block Private Service Connect endpoints and backends from connecting to service attachments in other organizations. For more information, see Block endpoints and backends from connecting to unauthorized service attachments.

Service producers can use organization policies with the compute.restrictPrivateServiceConnectConsumer list constraint to control which endpoints and backends can connect to Private Service Connect service attachments within a producer organization or project. For more information, see Block unauthorized endpoints and backends from connecting to service attachments.

These constraints are available in General Availability.

Filtering the compiled graph in a workspace is available.

API hub has been upgraded to use a later version of the Registry API open-sourced project. See v0.6.12 on GitHub for changes and links to previous revisions that are also included in this update.

Note that artifacts associated with API spec and deployment resources are now associated with the revisions of those resources. This allows artifacts that represent lint results and other revision-specific characteristics to be associated with those revisions. When artifacts are applied directly to the parent resource (spec or deployment), these artifacts are associated with the latest revisions of these resources. For more details, see this GitHub issue.

Migration of pre-existing spec- and deployment-related artifacts is not guaranteed in this update. In most cases, these artifacts are generated automatically by the registry controller and will be automatically recreated. If you find that manually-added artifacts are missing after the update, those will need to be reapplied with the same mechanisms that were available previously.

Cloud Functions 2nd gen now supports deterministic URLs (similar to 1st gen), at the General Availability release level. This change will not just affect new 2nd gen functions. Previously deployed 2nd gen functions will be retroactively assigned a deterministic cloudfunctions.net URL. The function's previous run.app URL will continue to work also. If your 2nd gen function was last deployed before June 15th, 2023, be sure to redeploy it before using cloudfunctions.net URL as an auth token audience.

CCAI Platform now supports the CCAI Insights feature. You can use CCAI Insights to detect and visualize patterns in your contact center data. See the documentation for details.

Add support to filter for empty integer and float typed properties.

GA4 API dimensions/metrics

New Google Analytics 4 data sources that you create get their fields directly from the GA4 API. Previously, GA4 data sources were based on a fixed schema with a predefined list of fields. To see new fields from the GA4 API in an existing data source, refresh the fields.

Learn how connect to Google Analytics.

You can now monitor how custom constraints would impact your organization's workflows by setting custom constraints in dry-run mode.

The following Generative AI features are now in preview with allowlist:

• Creating a remote model based on the Vertex AI large language model (LLM) text-bison.
• Using the ML.GENERATE_TEXT function with an LLM-based remote model to perform generative natural language tasks on text stored in BigQuery tables.

Try these features with the Generate text by using a remote model and the ML.GENERATE_TEXT function tutorial.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• CloudTasks
  • cloudtasks.googleapis.com/Queue

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Workflows
  • workflows.googleapis.com/Workflow

Cloud Composer 2 is now available in Columbus (us-east5).

The Cloud SQL System insights dashboard helps you detect and analyze system performance problems.

The Cloud SQL System insights dashboard is now generally available and includes more metrics. You can also use the Customize dashboard option to personalize the dashboard and choose the metrics you want to see on it.

Cloud Asset Inventory support for Cloud Tasks is now in Preview. For details, see the Cloud Asset Inventory release note.

The chat-bison@001 model has been updated to better follow instructions in the context field. For details, on how to create chat prompts for chat-bison@001, see Design chat prompts.

Cloud Asset Inventory support for Workflows is now publicly available. For details, see the Cloud Asset Inventory release note.

Anthos clusters on VMware 1.14.5-gke.41 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.14.5-gke.41 runs on Kubernetes 1.25.8-gke.1500.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.15, 1.14, and 1.13.

The component access service account key for an admin cluster using a private registry can be updated in 1.14.5 and later. See
Rotating service account keys for details.

Anthos clusters on VMware 1.13.9-gke.29 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.9-gke.29 runs on Kubernetes 1.24.11-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.15, 1.14, and 1.13.

BigQuery now provides information about the fail-safe period. The fail-safe period offers an additional seven days of data storage after the time travel window, so that the data is available for emergency recovery. This feature is in preview.

The INFORMATION_SCHEMA views that show table storage metadata are now generally available (GA):

• Use the TABLE_STORAGE view to get a snapshot of current storage usage for tables at the project level.
• Use the TABLE_STORAGE_BY_ORGANIZATION view to get a snapshot of current storage usage for tables at the organization level.

BigLake Metastore is now generally available (GA). You can use BigLake Metastore to access and manage Iceberg table metadata from multiple sources.

Cloud Composer 2 is now available in Finland (europe-north1), Toronto (northamerica-northeast2), and Delhi (asia-south2).

Cloud Data Fusion version 6.9.1 is in Preview. This release is in parallel with the CDAP 6.9.1 release.

Features in Cloud Data Fusion 6.9.1:

• Cloud Data Fusion supports using Source Control Management to manage pipeline versions through GitHub repositories. Source Control Management is available in Preview (CDAP-20228).

• Data Catalog Asset Lineage Integration is in GA in versions 6.8.0 and later. In version 6.9.1, it supports the Multiple Database Tables source and the BigQuery Multi Table sink.

• Cloud Data Fusion supports editing deployed pipelines (CDAP-19425).

• Cloud Data Fusion supports Window Aggregation operations in Transformation Pushdown to reduce the pipeline execution time by performing SQL operations in BigQuery instead of Spark (CDAP-19628).

• Cloud Data Fusion supports specifying filters in SQL in Wrangler and the pushdown of SQL filters in Wrangler to BigQuery. In the Wrangler transformation, added support for specifying preconditions in SQL, and added support for transformation pushdown for SQL preconditions. For more information, see Wrangler Filter Pushdown (CDAP-20454).

• Cloud Data Fusion supports Dataproc driver node groups. To use Dataproc driver node groups, when you create the Dataproc cluster, configure the following properties:

  • yarn:yarn.nodemanager.resource.memory.enforced=false
  • yarn:yarn.nodemanager.admin-env.SPARK_HOME=$SPARK_HOME

• For the Multiple Database Tables Batch Source, added field-level lineage support (CDAP-20440).

• Cloud Data Fusion version 6.9.1 supports the Dataproc image 2.1 compute engine, which runs in Java11. If you change the Dataproc image to 2.1, the JDBC drivers that the database plugins use in those instances must be compatible with Java11 (CDAP-20543).

• Cloud Data Fusion supports the following improvements and changes for real time pipelines with a single Pub/Sub streaming source and no Windower plugins:

  • The Pub/Sub streaming source has built-in support—data is processed at least once.
  • Enabling Spark checkpointing isn't required. Pub/Sub streaming source creates a Pub/Sub snapshot at the beginning of each batch and removes it at the end of each batch.
  • The Pub/Sub Snapshot creation has a cost associated with it. For more information, see Pub/Sub pricing.
  • The snapshot creations can be monitored using Cloud Audit logs.

  For more information, see Read from a Pub/Sub streaming source (PLUGIN-1537).

The subscription pricing mode for the discovery service is now generally available. This pricing mode offers predictable and consistent costs, regardless of your data growth. In subscription mode, you choose how much compute time (capacity) to reserve for profiling. There is no charge for bytes profiled in this pricing mode. For more information, see Discovery pricing.

Google Cloud VMware Engine now supports the provisioning of Single Node Private Clouds, configuration of Management Subnets (HCX and Service Subnets), as well as CRUD of Private Connections using the GCloud CLI and VMware Engine API. These features streamline your VMware Engine process flows by using higher degrees of automation.

Clusters with low or no utilization can be identified by Idle Cluster insights.