Google Cloud release notes

Backup and DR Service is now integrated with Cloud Monitoring. You can analyze metrics and set custom email alerts. Learn more.

Backup and DR Service has added a new reporting system based on the built-in Google Cloud services: Cloud Monitoring, Cloud Logging, and BigQuery. Learn more.

You can now view prebuilt reports in BigQuery. Learn more.

You can now view comprehensive job related reporting data through backup and recovery job logs in Cloud Logging. Learn more.

Materialized views can now reference logical views. This feature is in preview.

The ability to perform anomaly detection with BigQuery ML multivariate time series (ARIMA_PLUS_XREG) models is now in preview. This feature enables you to detect anomalies in historical time series data or in new data with multiple feature columns. Try this new feature by using the Perform anomaly detection with a multivariate time-series forecasting model tutorial.

The Performance Compute Class, designed for running whole-machine CPU workloads, is available in Autopilot mode from versions 1.28.6-gke.1369000 and 1.29.1-gke.1575000 and later.

M117 release

The M117 release of Vertex AI Workbench instances includes the following:

• Removed the Cloud Storage browser in the left side pane in favor of the existing Mount shared storage button.

You can now use Automatic IAM Authentication with the AlloyDB Language Connectors (Preview) to connect to your cluster. For more information, see Connect using the AlloyDB Language Connectors.

You can now use time series and range functions to support time series analysis. This feature is in preview.

You can now use data manipulation language (DML) statements to efficiently delete entire partitions. If a DELETE statement targets all rows in a partition, then the entire partition is deleted without scanning bytes or consuming slots. This feature is now generally available (GA).

VPC Service Controls has general availability support in Colab Enterprise.

For more information, see Use VPC Service Controls.

Dataflow now supports at-least-once streaming mode. You can use this mode to achieve lower latency and reduced costs for workloads that can tolerate duplicate records. This feature is generally available (GA). For more information, see Set the pipeline streaming mode.

Generally available: Purchasing commitments for VMware Engine nodes. For more information, see Purchasing commitments for node types.

An improvement was made in the way Sensitive Data Protection calculates the predicted infoType of the data that it profiles. The service now considers correlations between the detected infoTypes, where one infoType is a subset of another. For more information, see Predicted infoType.

For more information about data profiling, see Data profiles.

Go 1.22 is now available in preview.

Java 21 is now generally available.

PHP 8.3 is now generally available.

Go 1.22 is now available in preview.

Java 21 is now generally available.

PHP 8.3 is now generally available.

The BigQuery Data Transfer Service can now transfer data from the following data sources:

• Facebook Ads
• Oracle
• Salesforce
• Salesforce Marketing Cloud
• ServiceNow

Transfers from these data sources are supported in preview.

The following SQL features are now generally available (GA):

• GROUP BY GROUPING SETS clause: Produces aggregated data for one or more grouping sets.
• GROUP BY CUBE clause: Produces aggregated data for all grouping set permutations.
• GROUPING function: Checks if a groupable value in the GROUP BY clause is aggregated.

The GROUP BY ALL clause, which groups rows by inferring grouping keys from the SELECT items, is now in preview.

Starting in Go version 1.22 and later, you can no longer use GOPATH for installing dependencies. To manage dependencies, you use a go.mod file. For more information about Go versions, and managing dependencies for vendor directories, see GOPATH and Modules in Go documentation.

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

• GKE Hub
  • gkehub.googleapis.com/Fleet
  • gkehub.googleapis.com/Scope
  • gkehub.googleapis.com/Namespace
  • gkehub.googleapis.com/MembershipBinding
  • gkehub.googleapis.com/RBACRoleBinding
• AI Platform
  • aiplatform.googleapis.com/NotebookRuntime
  • aiplatform.googleapis.com/NotebookRuntimeTemplate

Cloud Functions now supports the PHP 8.3 and Java 21 runtimes at the General Availability release level for 2nd gen functions.

Cloud Functions now supports the Go 1.22 runtime at the Preview release level.

GKE now supports Gemma (2B, 7B), Google's new state-of-the-art open models. To learn more, refer to the following guides:

• Serve Gemma on GKE with GPUs using Hugging Face TGI
• Serve Gemma on GKE with GPUs using vLLM
• Serve Gemma on GKE with GPUs using TensorRT-LLM
• Serve Gemma on GKE with TPUs using SaxML

Deployment to GKE is also supported via Vertex AI Model Garden as part of our Hugging Face, Vertex AI, and GKE integration.

Generally available: Migrate to Virtual Machines lets you migrate virtual machine (VM) disks to Persistent Disk volumes on Google Cloud. The migrated disks can be attached to a new VM during the migration process, or an existing VM after the migration is complete.

The IAM recommender offers role recommendations for BigQuery datasets. Role recommendations help you reduce excess permissions by suggesting role changes based on actual permission usage. This feature is available in Preview.

The following GoogleSQL JSON functions are now generally available (GA):

• LAX_BOOL: Attempts to convert a JSON value to a SQL BOOL value.
• LAX_FLOAT64: Attempts to convert a JSON value to a SQL FLOAT64 value.
• LAX_INT64: Attempts to convert a JSON value to a SQL INT64 value.
• LAX_STRING: Attempts to convert a JSON value to a SQL STRING value.
• BOOL: Converts a JSON boolean to a SQL BOOL value.
• FLOAT64: Converts a JSON number to a SQL FLOAT64 value.
• INT64: Converts a JSON number to a SQL INT64 value.
• STRING: Converts a JSON string to a SQL STRING value.
• JSON_TYPE: Gets the JSON type of the outermost JSON value and converts the name of this type to a SQL STRING value.

Ground Multimodal Models

Model grounding for gemini-pro is available in Preview. Use grounding to connect the gemini-pro model to unstructured text data stores in Vertex AI Search. Grounding lets models access and use the information in the data repositories to generate more enhanced and nuanced responses. For more information, see Ground multimodal models.

Vertex AI Search: Use Terraform to create search apps

You can use Terraform to create search apps for your Vertex AI Search.

For information, see Create a search app.

Application Integration now supports private triggers that enable you to break large flows into various subflows. This feature is in preview.

Chronicle now supports the timestamp.get_date() function. For more information and example usage, see YARA-L 2.0 language syntax.

Global external Application Load Balancers now let you customize your own error responses when an HTTP error status code (4xx and 5xx) is generated. You can customize error responses for errors generated by both the load balancer and the backend instances. You can also customize error responses for error response codes that are generated when traffic is denied by Cloud Armor.

For more information, see the following pages:

• Custom error responses overview
• Configure custom error responses

This feature is available in Preview.

You can now set an exact frame rate on the output video. For more information, see Frame rate conversion strategies.

The constraint template library includes a new template: K8sRestrictAdmissionController. For reference, see the Constraint template library.

The constraint template library includes a new template: K8sCronJobAllowedRepos. For reference, see the Constraint template library.

Added the authentication type k8sserviceaccount for syncing from OCI images and Helm charts hosted in Artifact Registry. For more details, see Grant Config Sync read-only access to OCI and Grant Config Sync read-only access to Helm.

Simplified the steps to export metrics to Cloud Monitoring. For more details, see Configure Cloud Monitoring with Workload Identity.

The following BigQuery text embedding features are now generally available (GA):

• Creating a BigQuery ML remote model that references a Vertex AI textembedding-gecko* text embedding model.
• Using the ML.GENERATE_EMBEDDING function with the remote model to embed text stored in BigQuery.
• Generating text embeddings with the NNLM, SWIVEL, and BERT TensorFlow models.

Certificate Manager supports the management of certificates independently in each project with separate authorization. You can also issue regional managed certificates with Certificate Manager. This is a public preview feature. For more information, see Certificate Manager overview.

Cloud Workstations supports Image Streaming, which provides faster workstations startup by reducing image pull time.

NFSv4.1 protocol support, integrated with Managed Service for Microsoft Active Directory, is now available in Preview for Filestore enterprise and zonal instances.

Show field descriptions in table chart headers

You can now let report viewers access field descriptions in tooltips when the Show field descriptions option is enabled for table charts. Show field descriptions is automatically enabled for charts that are connected to a Looker or Search Ads 360 data source. Field descriptions are sourced from the Description column in the data source.​

Learn more about table chart header options.

If you have filtering enabled, the backlog metrics only include data from messages that match the filter. To learn more, see How filters affect backlog metrics.

Storage Transfer Service has added preview support for transferring managed folders between Cloud Storage buckets. Permissions on managed folders are copied between buckets when using this option.

See Transfer Cloud Storage managed folders for details.

Preview: With managed workload identities for Compute Engine, you can implement mutually authenticated and encrypted communications between any two Compute Engine VMs. Workload applications running on the configured VMs can use the X.509 credentials for per-VM mTLS. These mTLS certificates are automatically rotated and managed for you by Certificate Authority Service.

For more information, see Authenticate workloads to other workloads over mTLS.

Cold chat transfer

Agents can do a "cold transfer" for a chat. With a cold chat transfer, the agent assigns a chat session to a new agent or a queue, and then immediately leaves the chat without waiting for the new agent to join. This helps agents efficiently transfer chats without being bound to them. For more information, see Transfer a Chat.

Support for partial response in Dialogflow

CCAI Platform supports the partial response option in Dialogflow. This is particularly useful when the virtual agent needs to call a webhook that will likely take a while to run. With partial response enabled, Dialogflow can immediately send an initial fulfillment message to the end-user, such as, "One moment while I look that up." This way, while the webhook runs and the final fulfillment message is generated, the end-user expects a short wait instead of assuming that there is a problem. For information about configuring this capability in Dialogflow, see Partial response for streaming API.

Added new response fields for indicating agent availability to the manager/api/v1/agents/current_status and apps/api/v1/wait_times APIs. These indicate the number of assigned agents, logged-in agents, available agents, and breakthrough agents.

You can now use Gemma models in your Apache Beam inference pipelines. For more information, see Use Gemma open models with Dataflow.

Support for VPC Service Controls is generally available (GA).

The GKE Stateful HA Operator is now available in GA starting in GKE versions 1.28.5-gke.1113000 and later, or 1.29.0-gke.1272000 and later. The GKE Stateful HA Operator is enabled in new Autopilot clusters and opt-in for new Standard clusters.

The OpenCensus libraries are archived. Spanner now supports OpenTelemetry, and we recommend all OpenCensus users to migrate to OpenTelemetry for your observability needs. For more information, see Examine latency in a Spanner component with OpenTelemetry.

General availability support for the following integration:

• Dataform

Gemma open models, based on Gemini models, are available

Gemma models are available to run on your hardware, mobile devices, or hosted services. To learn more, see Use Gemma open models and the Gemma Model Garden card.

You can now configure instances to use 128 vCPUs and 864 GB of RAM per node.

Google has added Tokyo (Japan) as a new region for Chronicle customers. Chronicle can now store customer data in this region. This also adds a new regional endpoint for Chronicle APIs at https://asia-northeast1-backstory.googleapis.com.

You can now configure and save a Log Analytics chart directly in Monitoring. For more information, see Add charts generated from a Log Analytics query.

Cloud SQL Enterprise Plus edition now supports versions 12 and 13 of PostgreSQL. For more information, see Introduction to Cloud SQL editions.

M117 release

• Fixed an issue wherein the latest container had a deprecation-public-image tag. In this release and future releases, this tag will only be on the deprecated containers.
• Fixed a problem wherein the user couldn't access the vulnerabilities result of each container.

You can now import and export Dialogflow CX custom entities.

Dialogflow CX channel-specific response messages are now available for the following integrations: Google Chat, LINE, Messenger from Meta, Workplace from Meta, Slack. See the integration documentation for details.

Release 1.16.6

GKE on Bare Metal 1.16.6 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.16.6 runs on Kubernetes 1.27.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

You can now use the GKE API to apply Resource Manager tags to your GKE nodes. GKE attaches these tags to the underlying Compute Engine VMs. You can use these tags to selectively enforce Cloud Firewall network firewall policies. This feature is generally available in GKE version 1.28 and later.

Kubernetes Engine best practice observability packages, including control plane logs, control plane metrics, and kube state metrics are now enabled by default for new managed GKE Enterprise clusters to ensure availability of necessary data when it's needed for troubleshooting or optimization. Control plane metrics and kube state metrics are included in GKE Enterprise Edition at no additional charge.

GKE now delivers insights and recommendations if your cluster's Certificate Authority (CA) is expired or will expire in the next 180 days. To learn more, see Find clusters with expiring or expired credentials.

Pane on Overview page that supports postures for Vertex AI released to Preview

A pane on the Overview page lets you monitor for vulnerabilities that were found by the Security Health Analytics custom modules that apply to Vertex AI, and lets you view any drift from the Vertex AI organization policies that are defined in a posture.

For more information, see Monitor posture drift.

Data masking in logs

You can now prevent sensitive data from appearing the integration execution logs. For more information, see Mask sensitive data in logs.

SAP HANA databases running in Compute Engine instances can now be backed up as Persistent Disk snapshots of the Compute Engine instance. For more information, see protect and recover an SAP HANA database running in a Compute Engine instance.

Backup and DR Service now supports Google Cloud VMware Engine Storage only nodes. Learn more.

Added basic connector support for the following OSes. See Support matrix.

• RHEL 8.9
• RHEL 9.3
• Rocky Linux 8.9
• Rocky Linux 9.3
• Rocky Linux Optimized for Google Cloud 8.9
• Rocky Linux Optimized for Google Cloud 9.3

Added Change Block Tracking (CBT) support for the following OSes. See Support matrix.

The HTTP_USER_AGENT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The following Generative AI features are now generally available (GA):

• Creating a remote model based on the gemini-pro Vertex AI large language model (LLM).
• Using the ML.GENERATE_TEXT function with a remote model based upon gemini-pro to perform generative natural language tasks on text stored in BigQuery tables.
• Use the BigQuery DataFrames GeminiTextGenerator class in the bigframes.ml.llm module to create estimator-like Gemini text generator models.

After you run a query in the query editor, in the Chart tab, you can now see a visualization of your query results. This feature is generally available (GA).

Playbook condition branch name field can now hold up to 150 characters (ID #48159735)

Partner Interconnect supports dual-stack IPv4 and IPv6 in Public Preview. For more information, see IPv6 support.

Preview: You can now use SSH-in-browser to connect to VMs using security keys with OS Login. For more information, see Enable security keys with OS Login.

You can now use a turnkey transform to enrich streaming data in your Dataflow pipeline. When you enrich data, you augment the raw data from one source by adding related data from a second source. For more information, see Enrich streaming data.

Managed workload identities let you bind strongly attested identities to your Compute Engine workloads. The feature is in Preview. Google Cloud provisions X.509 credentials, issued from Certificate Authority Service, that can be used to reliably authenticate your workload with other workloads over mutual TLS (mTLS) authentication. For more information, see Managed workload identities overview.

The BLOOD_TYPE infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Vertex AI Search: Stable Gemini Pro answer generation model

gemini-pro@001/answer_gen/v1 is available as a stable, generally available model for answer generation. For information about all available models for answer generation, see Answer generation model versions.

Cloud Interconnect supports VLAN attachments with a maximum transmission unit (MTU) up to 8896 bytes. For more information, see Cloud Interconnect MTU and Maximum transmission unit.

Adaptive translation is Generally Available and adds Portuguese support, raises the limit for input and output characters, and decreases latency in the API and console.

Cloud Workstations is available in the europe-west8 region (Milan, Italy, Europe). For more information, see Locations.

The Signed Embed URL generator can now include themes, current parameters, and external group IDs.

The following permissions are now generally available to use in permission sets: manage_groups, manage_roles, manage_user_attributes, manage_embed_settings, manage_themes, manage_privatelabel.

A new Dashboard Diagnostics System Activity dashboard is available for troubleshooting the performance of individual dashboards.

The looker_internal_email_domain_allowlist user attribute is now generally available. This lets admins configure the Email Domain Allowlist for Scheduled Content feature on a per-group basis.

The Chart Config Editor now supports customizing tooltip content and styles.

Looker now supports self-service migration from Looker (original) instances to Looker (Google Cloud core) instances. Looker (original) instances must meet certain prerequisites, and you must have a Looker (Google Cloud core) instance into which you can import.

The Login Consent Configuration option causes a consent screen with a configurable message to be displayed to all users who attempt to sign in to the Looker instance.

Support for VPC Service Controls released to General Availability

You can now protect Security Command Center using VPC Service Controls perimeters. For more information, see VPC Service Controls supported products.

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

• Cloud SQL
  • sqladmin.googleapis.com/Backup
• Cloud Monitoring
  • monitoring.googleapis.com/NotificationChannel
  • monitoring.googleapis.com/Snooze
• VPC Service Controls Policy
  • accesscontextmanager.googleapis.com/AuthorizedOrgsDesc

View granular cost data from Cloud Storage usage in Cloud Billing exports to BigQuery

You can now view granular Cloud Storage bucket-level cost data in the Cloud Billing Detailed cost export. Use the resource.global_name field in the export to view and filter your detailed Cloud Storage bucket usage.

Review the schema of the Detailed cost data export.

Copying log entries is now generally available (GA).

You can now set and override the deployment service account for Cloud Run integrations when creating, updating, or deleting integrations using the Google Cloud CLI.

Generally available: The following quotas and metrics are now available to help you monitor the usage and limits for Compute Engine concurrent operation quotas:

• Quotas for global concurrent operations (metric - compute.googleapis.com/global_concurrent_operations):
  • Concurrent global operations per project
  • Concurrent global operations per project operation type
• Quotas for regional concurrent operations (metric: compute.googleapis.com/regional_concurrent_operations):
  • Concurrent regional operations per project
  • Concurrent regional operations per project operation type

For more information, see Concurrent operation quotas.

Dialogflow CX text-to-speech settings now have an option for custom voices.

The following new NTI feeds are now available:

• iplist-vpn-providers
• iplist-anon-proxies
• iplist-crypto-miners

For more information about Network Threat Intelligence, see the overview.

Added new Memorystore for Memcached region: Johannesburg (africa-south1).

PHP 8.3 is now available in preview.

PHP 8.3 is now available in preview.

You can now also view the integration execution logs in Cloud Logging. For more information, see View logs in Cloud Logging.

You can now select the pod for your Bare Metal Solution resources through the Google Cloud console intake form. This feature is generally available (GA).

Risk Analytics

Google has introduced Risk Analytics to Chronicle. Risk Analytics looks for patterns of risk across your enterprise, assigning risk scores to all entities and activities. These scores are surfaced in the Risk Analytics dashboard which lets you better understand risk in your environment by visualizing entity risk trends. The dashboard helps you to identify unusual behavior and the potential risk that entities pose to your enterprise. You can specify watchlists of entities you suspect of having greater risk. The watchlists let you more easily monitor risk within your environment.

Risk Analytics also provides both predefined curated detections and YARA-L metric functions for authoring custom rules.

Risk Analytics is available with Enterprise and Enterprise+ licenses, or as an add-on to a SIEM standalone license.

Cloud Functions now supports the PHP 8.3 runtime at the Preview release level for 2nd gen functions.

Alerting policies with a PromQL-based condition are generally available (GA).

Changed default umask value for a user to 027.

Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation

Removed legacy logging agent (fluentd).

Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.

Enhanced integrity-fs with disk resize and dm-clone.

Removed deprecated R525 NVIDIA GPU drivers.

Added support for dm-zero and dm-clone.

Backported support for TCP RTO configuration in networkd.

Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.

Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.

Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.

Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.

Dataflow Streaming Engine now supports resource-based billing. When you enable resource-based billing with Streaming Engine, you're billed for the total resources consumed by your job.

Two new Dialogflow CX prebuilt components are available: retail authentication and order status.

You can now use public IP with the AlloyDB Language Connectors (Preview) to connect to your cluster. For more information, see Connect using the AlloyDB Language Connectors.

Cloud SQL now automatically updates your read replicas when you perform self-service maintenance on the primary instance. For more information, see Self-service maintenance.

Cloud SQL now automatically updates your read replicas when you perform self-service maintenance on the primary instance. For more information, see Self-service maintenance.

Cloud SQL now automatically updates your read replicas when you perform self-service maintenance on the primary instance. For more information, see Self-service maintenance.

Multimodal embeddings video support is Generally Available

Embeddings for video data is now Generally available using the multimodal embedding model (multimodalembedding). For more information, see the product documentation.

This features incurs pricing based on the mode you use. For more information, see pricing.

API support for update operations on KeyValueMap entries

Starting with this release, the Apigee APIs support update operations for KeyValueMap entries. See the API reference page for REST Resource: organizations.environments.keyvaluemaps.entries for information.

Custom data masking is now generally available (GA). You can define custom masking routines for custom masking capabilities such as salt based hash. The feature is available on the Enterprise Plus edition.

BigQuery now offers entity resolution. This feature lets users match records across datasets even when a common identifier is missing. It utilizes an identity provider for this process; BigQuery supports LiveRamp and provides a framework for other identity providers to offer similar services. This feature is generally available (GA).

Cloud SQL now supports near-zero downtime planned maintenance on HA-enabled Cloud SQL Enterprise Plus instances with all combinations of public IP connectivity.

Cloud SQL now supports near-zero downtime planned maintenance on HA-enabled Cloud SQL Enterprise Plus instances with all combinations of public IP connectivity.

Generally available: Hyperdisk Throughput is available with the following VMs:

• A3
• C3
• C3D
• G2
• H3
• M3

Hyperdisk Throughput support for Z3 VMs is also available in Preview.

Also, the maximum number of Hyperdisk Throughput volumes you can attach to a VM has been increased. See Hyperdisk capacity limits per VM for more information.

Hyperdisk volumes are durable network storage devices that your VMs can access, similar to Persistent Disk. Hyperdisk Throughput provides cost-effective and throughput-oriented storage with dynamically configurable capacity and throughput. For more information, see About Hyperdisk.

Dataproc on Compute Engine Ranger Cloud Storage enhancement:

• Enabled downscoping
• Added caching of tokens in local cache

Both settings are configurable and can be enabled by customers: see Use Ranger with caching and downscoping .

Dataproc on Compute Engine: The new Secret Manager credential provider feature is available in the latest in 2.2 image versions.

M116 release

• Added the CUDA version to the TensorFlow 2.15 image family name, for this release and future releases. For example, tf-2-15-gpu is renamed to tf-2-15-cu121.
• Deprecated the tf-2-15-gpu image family in favor of tf-2-15-cu121.

(New guide) Single-zone deployment on Compute Engine: Provides a reference architecture for a multi-tier application that runs on Compute Engine VMs in a single Google Cloud zone and describes the design factors to consider when you build a single-zone architecture.

M116 release

The M116 release of Vertex AI Workbench user-managed notebooks includes the following:

• Updated custom container user-managed notebooks to use NVIDIA driver version 535.104.05.
• Fixed bugs in custom container user-managed notebooks where GPUs either wouldn't attach to the container properly, or detached after some time.

The M116 release of Vertex AI Workbench managed notebooks includes the following:

• Fixed a bug (present in versions M113 through M115) that prevented new local kernels from being usable.

You can now view query plans to see details of SQL pushdowns in federated queries. This feature is now generally available.

The rollout of the following extensions and flags is underway:

Extensions

• autoinc (version 1.0): provides functions for incrementing fields automatically. This trigger stores the next value of a sequence into an integer field.
• bloom (version 1.0): provides a method to access indexes based on bloom filters. These filters are space-efficient data structures that you can use to test whether an element is a member of a set.
• insert_username (version 1.0): provides functions for storing the current user's name into a text field. You can use this to track who last modified a row in a database table.
• moddatetime (version 1.0): provides functions for storing the current time into a timestamp field. You can use this to track the last time that a row in a database table is modified.
• pg_background (version 1.2): lets you run arbitrary commands in a background worker.
• pg_squeeze (version 1.5): removes unused space from a table and lets you use an index to sort records or rows (tuples) of the table.
• tcn (version 1.0): provides a trigger function that notifies listeners of changes to the content of database tables.

Flags

• cloudsql.enable_pg_squeeze: enables the pg_squeeze extension for Cloud SQL for PostgreSQL
• squeeze.max_xlock_time: sets the time (in milliseconds) that the extension uses to finalize the processing for modifying a table
• squeeze.worker_autostart: starts a background worker automatically
• squeeze.worker_role: specifies the role for the background worker

The rollout of the following minor versions, extension versions, and plugin versions is underway:

Minor versions

• 11.21 is upgraded to 11.22.
• 12.16 is upgraded to 12.17.
• 13.12 is upgraded to 13.13.
• 14.9 is upgraded to 14.10.
• 15.4 is upgraded to 15.5.

Extension and plugin versions

• ipr4 is upgraded from 2.4.1 to 2.4.2.
• orafce is upgraded, as follows:
  • from 3.25.1 to 4.6.1 (for PostgreSQL versions 9.6 and 10)
  • from 4.6.1 to 4.7.0 (for PostgreSQL versions 11 and later)
• pg_cron is upgraded from 1.5.2 to 1.6.0.
• pgfincore is upgraded from 1.2.3 to 1.3.1.
• pg_partman is upgraded from 4.7.3 to 4.7.4.
• pg_repack is upgraded from 1.4.8 to 1.5.0.
• pgTAP is upgraded from 1.2.0 to 1.3.0.
• pgtt is upgraded from 2.9.0 to 3.0.
• pg_wait_sampling is upgraded from 1.1.4 to 1.1.5.
• PL/Proxy is upgraded from 2.10.0 to 2.11.0.
• plv8 is upgraded from 3.1.4 to 3.2.0.
• postgresql_hll is upgraded from 2.17 to 2.18.

If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

The new maintenance version is [PostgreSQL version].R20240130.00_00. To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

When you purchase a resource-based commitment for GPUs, Local SSD disks, or both, you can attach any of your existing on-demand or auto-created future reservations to that commitment. By attaching existing reservations, you can reserve resources in advance and minimize resource unavailability issues when you purchase commitments for GPU or Local SSD disk resources.

For more information, see Purchase commitments with attached reservations.

The following models have been added to Model Garden:

• Stable Diffusion XL LCM: The Latent Consistency Model (LCM) enhances text-to-image generation in Latent Diffusion Models by enabling faster and high-quality image creation with fewer steps.
• LLaVA 1.5: Deploy LLaVA 1.5 models.
• PyTorch-ZipNeRF: The Pytorch-ZipNeRF model is a state-of-the-art implementation of the ZipNeRF algorithm in the Pytorch framework, designed for efficient and accurate 3D reconstruction from 2D images.
• LLaMA 2 (Quantized): A quantized version of Meta's Llama 2 models.
• WizardLM: WizardLM is a large language model (LLM) developed by Microsoft, fine-tuned on complex instructions by adapting the Evol-Instruct method.
• WizardCoder: WizardCoder is a large language model (LLM) developed by Microsoft, fine-tuned on complex instructions by adapting the Evol-Instruct method to the domain of code.
• AutoGluon: With AutoGluon you can train and deploy high-accuracy machine learning and deep learning models for tabular data.
• Lama (Large mask inpainting): Use Large Mask Inpainting with fast Fourier convolutions (FFCs), a high receptive field perceptual loss, and large training masks for resolution-robust image inpainting.

You can now view the details of the OS of your Bare Metal Solution server. This feature is generally available (GA).

Cloud SQL for MySQL now supports minor version 8.0.36. To upgrade your existing instance to the new version, see Upgrade the database minor version.

You can use the Google Cloud console with Policy Simulator for Organization Policy to test organization policies. This feature is available in Preview.

New security posture service released to General Availability

The new security posture service is released to General Availability. This service lets you create and deploy postures so that you can define the policies for your Google Cloud organization and monitor for drift.

For more information, see Security posture overview.

Mandiant analyst CVE ratings added to vulnerability findings

The addition of CVE information, including ratings of the vulnerability by Mandiant Threat Intelligence analysts, to the details of Security Command Center vulnerability findings is released to Preview. You can now prioritize vulnerabilities based on the exploitability and impact ratings from Mandiant. For more information, see Prioritize vulnerability findings to reduce risk.

Improvements to compliance standards support now available

Improvements to the Security Command Center Compliance page in the Google Cloud console are released to General Availability. Your state of compliance with all supported standards is now presented more clearly and a new Compliance details page makes it easier to see failing controls. For more information, see Assess and report compliance.

Prioritize high-value resources automatically by data sensitivity

The optional integration of the Sensitive Data Protection discovery feature with the Security Command Center attack path simulation feature is released to Preview. If you use Sensitive Data Protection discovery, you can choose to have the priority value of supported high-value resources set automatically based on whether they contain medium-sensitivity or high-sensitivity data. For more information, see Set resource priority values automatically by data sensitivity.

Attack exposure scores informed by Mandiant Threat Intelligence

The inclusion of CVE exploitability ratings in the calculation of attack exposure scores for vulnerability findings is released to Preview. The ratings, which are provided by Mandiant Threat Intelligence analysts, enables Security Command Center attack path simulations to provide more accurate scores for prioritizing vulnerability findings. For more information, see Incorporation of CVE data.

High-value resources now include attack exposure scores

The calculation of attack exposure scores for high-value resources by the Security Command Center Attack Path Simulations feature is released to Preview. Use attack exposure scores on resources to proactively secure the resources that are the most valuable to your business. For more information, see Attack exposure scores.

Data lineage is now generally available (GA) in Cloud Composer 2.

Python 3.11 is available in environments with Airflow 2.6.3:

• New environments with Airflow 2.6.3 use Python 3.11. Python 3.8 is no longer available in new environments with Airflow 2.6.3.

• Existing environments with Airflow 2.6.3 switch to Python 3.11 when upgraded. Before upgrading, make sure that custom PyPI packages in your environment are compatible with Python 3.11.

• New and upgraded environments with Airflow 2.5.3 keep using Python 3.8.

• Cloud Composer versions earlier than 2.6.0 keep using Python 3.8.

With the secure-by-default organization policy enforcements, insecure posture is addressed with a bundle of organization policies that are enforced at the time of creation of an organization resource. Enforcement of these policies will apply to organizations created early in 2024, as the feature is gradually rolled out.

You can now convert the input video in a transcoding job to a supported high dynamic range (HDR) format.

Query an index from the Vector Search console

Vector Search has launched an improved console experience for querying both private and public deployed indexes, now available in Preview. From the console, you can create an index and endpoint, deploy the index to the endpoint, and query the index for nearest neighbors. For more information, see Manage indexes.

Support for IPv6 extension headers is available in General Availability.

We modified or added these limits:

• Changed the maximum API proxy endpoints per API proxy from 5 to 10
• Specified the maximum API base paths per organization as 21,250

See the Limits page for details.

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

• Live Stream API
  • livestream.googleapis.com/Asset
  • livestream.googleapis.com/Channel
  • livestream.googleapis.com/Input
  • livestream.googleapis.com/Pool

Generally available: You can plan ahead for VM maintenance on C3, C3D, and Z3 Preview machine types by viewing their maintenance schedule notifications. For specific machine types within these families, you can also trigger VM maintenance ahead of schedule.

FQDN network policies are now generally available with the following GKE versions:

• 1.26.4-gke.500 and later.
• 1.27.1-gke.400 and later.
• 1.28 and later.

You can further control your GKE workloads' egress traffic to a public or private service or endpoint by using a network policy matching a fully-qualified domain name or a regular expression.

FQDN Network Policy is only available and supported with GKE Enterprise.

To learn more, read Control Pod egress traffic using FQDN network policies.

reCAPTCHA Enterprise mobile SDKs now support 11 levels of scores along with the reason codes. This enhancement requires a security review. To request access, contact our sales team.

You can configure custom status events, which describe important events for a job's runnables. By providing additional information about a job's progress, custom status events can help make a job easier to analyze and troubleshoot.

For more information, see Configure custom status events to describe runnables and View a job's history through status events.

You can write unstructured and structured task logs:

• An unstructured task log lets you define a log's message.
• A structured task log lets you define multiple details for a log such as the message, the severity, custom fields, and a custom status event.

By allowing you to surface custom information in Cloud Logging, task logs can help make a job easier to analyze and troubleshoot.

For more information, see Write task logs.

You can run Batch jobs as a non-root user to meet workload or security requirements. For more information, see Create and run jobs as a non-root user.

The Bigtable Studio query builder is generally available (GA). The query builder lets you create and run queries and view the results directly from the Google Cloud console. For details, see Build queries in the console.

The following log types were added to the Chronicle feed management API to create AWS data feeds. These feeds can be used to get context on AWS resources such as EC2 instances and users in identity and access management (IAM). Each is listed by product name and log_type value, if applicable.

• AWS EC2 Hosts (AWS_EC2_HOSTS)
• AWS EC2 Instances (AWS_EC2_INSTANCES)
• AWS EC2 VPCs (AWS_EC2_VPCS)
• AWS Identity and Access Management (AWS_IAM)

To view a list of log types that Chronicle supports for third-party APIs, see Configuration by log type.

New audit logs

The platform now captures audit logs when a playbook folder is deleted. (ID 48557086)

You can use the Google Cloud console to view DICOM store metrics.

You can use the Google Cloud console to view HL7v2 store metrics.

Private Service Connect now includes support for cross-region read replicas. You can also choose an availability type (REGIONAL or ZONAL) for Private Service Connect-enabled instances. Both features are in Preview.

For more information, see Connect to an instance using Private Service Connect.

Private Service Connect now includes support for cross-region read replicas. You can also choose an availability type (REGIONAL or ZONAL) for Private Service Connect-enabled instances. Both features are in Preview.

For more information, see Connect to an instance using Private Service Connect.

You can now use Private Service Connect to connect to a Cloud SQL for SQL Server instance. This solution allows you to connect to the instance from multiple VPC networks that belong to different groups, teams, projects, or organizations.

You can also choose an availability type (REGIONAL or ZONAL) for Private Service Connect-enabled instances.

All features are in Preview. For more information, see Connect to an instance using Private Service Connect.

Release 1.15.9

GKE on Bare Metal 1.15.9 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.15.9 runs on Kubernetes 1.26.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

You can now encrypt Pod-to-Pod traffic between nodes in the same cluster or in a multi-cluster environment natively with GKE. Inter-node transparent encryption is now generally available, only with GKE Enterprise, for GKE clusters in the following versions:

• 1.26.9-gke.1024000 and later.
• 1.27.6-gke.1506000 and later.
• 1.28.2-gke.1098000 and later.
• 1.29 and later.

To learn more, see Encrypt your data in-transit in GKE with user-managed encryption keys.

Pro feature: Folders in team workspaces

You can use folders and subfolders to organize assets (reports and data sources) in team workspaces.

Learn more about using folders to organize assets in team workspaces.

You can now configure your discovery scans to reprofile data when the inspection template changes. By default, inspection template changes do not cause the affected data to be reprofiled. For more information, see Frequency of data profile generation.

Artifact Registry is available in the africa-south1 region (Johannesburg, South Africa).

The following information schema views display the history of configuration changes to the options of your organization and projects:

• ORGANIZATION_OPTIONS_CHANGES view displays the configuration changes to an organization, including all organization and project-level changes.
• PROJECT_OPTIONS_CHANGES view displays the configuration changes to a project.

This feature is now in preview.

BigQuery now supports vector search and vector indexes. These features are in preview.

You can use the VECTOR_SEARCH function to search embeddings in order to identify semantically similar entities.

You can use vector indexes to make VECTOR_SEARCH more efficient, with the trade-off of returning more approximate results.

Try the new vector search and vector index capabilities with the Search embeddings with vector search tutorial.

Bigtable is available in the africa-south1 (Johannesburg) region. For more information, see Bigtable locations.

Cloud KMS is available in the following region:

• africa-south1

For more information, see Cloud KMS locations.

The following new region is now available: africa-south1.

Support for africa-south1 (Johannesburg) region.

Support for africa-south1 (Johannesburg) region.

Support for africa-south1 (Johannesburg) region.

Cloud Storage is now available in Johannesburg, South Africa (africa-south1 region).

Cloud VPN is now available in region africa-south1 (Johannesburg, South Africa).

Pricing is available on the Cloud VPN pricing page.

Preview: You can create GPU VMs in a MIG by using resize requests. Resize requests help you create VMs all at once and give you higher chances to obtain highly demanded resources such as GPUs.

For more information, see About resize requests in a MIG.

Generally available: Johannesburg, South Africa africa-south1-a,b,c has launched with E2, N2, N2D, and T2D general-purpose VMs in all three zones.

Backported support for TCP RTO configuration in networkd.

Added kernel compatibility with iptables-nft.

Added kernel compatibility with iptables-nft.

Dataflow is available in Johannesburg, South Africa (africa-south1).

Dataproc is now available in the africa-south1 region (Johannesburg, South Africa).

(New guide) Regional deployment on Compute Engine: Architect a multi-tier application that runs on Compute Engine VMs in multiple zones within a Google Cloud region.

Release 1.28.100-gke.146

GKE on Bare Metal 1.28.100-gke.146 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.28.100-gke.146 runs on Kubernetes 1.28.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

The africa-south1 region in Johannesburg, South Africa is now available.

Managed Microsoft AD is available in the africa-south1 (Johannesburg) region. For more information, see Deploy domain controllers in additional regions.

Added new Memorystore for Redis region: Johannesburg (africa-south1).

Pub/Sub is available in Johannesburg, South Africa (africa-south1).

Secret Manager is now available in the following region:

• africa-south1

For more information, see Secret Manager locations.

Virtual Machine Threat Detection, a built-in service of Security Command Center, launched the Malware: Malicious file on disk (YARA) detector to Preview. This detector generates a finding if an executable file in a virtual machine matches known malware signatures.

Sensitive Data Protection is now available in Johannesburg, South Africa (africa-south1 region).

For more information, see Sensitive Data Protection locations.

You can create Spanner regional instances in Johannesburg, South Africa (africa-south1).

Vertex AI Search: CMEK for US and EU is GA

Customer-managed encryption keys (CMEK) are available in the US and the EU as GA with allowlist.

If you store your data in a US or EU multi-region data store, you can provide your own encryption key to protect your data at rest.

For information, see Customer-managed encryption keys.

Vertex AI Search: Check grounding in Preview with allowlist

The CheckGrounding API determines how grounded a piece of text is in a given set of facts. Perfect grounding requires that every statement in the text can be attributed to one or more of the given facts. The API returns an overall score of 0 to 1, indicating how grounded the text is, along with citations to the appropriate given facts for each statement.

See Check grounding.

Vertex AI Search and Conversation: Use Terraform to create data stores

You can use Terraform to create data stores for your Vertex AI Search and Conversation apps. The data stores are created empty; you then ingest the data through the console or an API call.

For information, see, for example, Create a search data store.

Vertex AI Search: Gemini Pro for search summaries

You can now choose Gemini Pro as a model for generating search summaries.

For more information, see Specify the summarization model.

Vertex AI Search: Updates to autocomplete

• Autocomplete is available for your search apps in the US and EU multi-regions as Public preview.

  See Configure autocomplete.

• Autocomplete removes unsafe and offensive terms in eight languages in addition to English (en).

  For more information, see Autocomplete features.

Private Service Connect interfaces are available in General Availability. Private Service Connect interfaces let service producers initiate connections to consumer VPC networks.

For auto mode VPC networks, added a new subnet 10.218.0.0/20 for the Johannesburg africa-south1 region. For more information, see Auto mode IP ranges.

You can now use the MySQL Shell dumpInstance and loadDump utilities to export and import data for multiple files in parallel. For more information, see Export and import files in parallel.

You can now use the pg_dump and pg_restore utilities to export and import data for multiple files in parallel. For more information, see Export and import files in parallel.

Cloud VPN support for IPv6-only HA VPN gateways is in Preview. For more information, see IPv6 support.

Generally available: Persistent Disk Asynchronous Replication is available between the following region pairs:

• europe-west3 (Frankfurt, Germany) and europe-west8 (Milan, Italy)
• europe-west3 (Frankfurt, Germany) and europe-west10 (Berlin, Germany)
• us-east1 (Moncks Corner, South Carolina) and northamerica-northeast1 (Montréal, Québec)

For the full list of available regions, see Supported region pairs.

Preview: Z3 VMs, which offer the latest compute, networking, and storage innovations in one platform with a particular focus on high density, high performing Local SSD are now in Preview. For more information, see Storage-optimized machine family for Compute Engine.

Generally available: Snapshot settings are centralized configuration parameters for all snapshots in a project. You can use snapshot settings to customize the default storage location for all future snapshots in your project. By enabling you to do this, snapshot settings remove the need for you to manually specify a storage location during each individual snapshot creation.

For information about how to use snapshot settings and set your project's default snapshot storage location, see the snapshot settings documentation.

Generally available: NVIDIA L4 GPUs are now available in the following additional region and zone:

• Zurich, Switzerland (europe-west6-b)

For more information about using GPUs on Compute Engine, see GPU platforms.

Release 1.16.5

GKE on Bare Metal 1.16.5 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.16.5 runs on Kubernetes 1.27.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

Cloud Spanner directed reads is now available in Preview. Directed reads provides the flexibility to route read-only transactions and single reads to a specific replica type or region in a multi-region instance configuration. For more information, see Directed reads.

AlloyDB Public IP is now available in Preview. You can configure an AlloyDB instance to have a public IP address and accept connections from authorized external IP addresses.

You can now use tags on BigQuery tables to conditionally grant or deny access with Identity and Access Management (IAM) policies. This feature is in preview.

Cloud console updates: You can now sort query results by column. Click arrow_drop_down Open sort menu next to the column name and select a sort order. This feature is generally available (GA).

OAuth for Email Channel: Email channel authentication now supports Microsoft OAuth.

Deltacast and Multicast, queue-level configuration: Admins can now designate a cast type (Multicast or Deltacast) at the queue level. The following updates are included:

• Updated queue and global settings in the CCAP Platform Portal, featuring a dedicated Routing section to configure call or chat routing.
• A new Deltacast Attempt Count setting that lets you configure how many times to attempt to Deltacast to a single agent before Multicasting.

Chat translations: CCAI Platform now supports automatic translations in the Agent Chat Adapter. The end-user's message is automatically translated into the Agent Adapter's default language. Incoming messages are translated according to settings on the incoming queue. Responses from the agent are then automatically translated back into the end-user's language.

Agent Call Adapter, answer button: The answer button has been updated to be more visible to agents.

Email Chrome notification: CCAI Platform now offers Chrome push notifications to notify agents when they are assigned new emails.

Pass CCAI Platform metadata to web chat Virtual Agent: You can now pass CCAIP metadata parameters to a Virtual Agent for web queues. For more information on adding a dynamic parameter see Pass Data Parameters.

Support for VPC Service Controls is available in preview.

Eventarc support for creating triggers for direct events from Cloud Firestore is generally available (GA).

Eventarc events and Firestore events for Cloud Functions (2nd gen) are now supported at the General Availability (GA) level.

Eventarc events and Firestore events for Cloud Functions (2nd gen) are now supported at the General Availability (GA) level.

Mode and GPU class selection are available when creating new instances.

• NVIDIA L4 GPUs are supported in certain regions.
• 3D-only mode is available.

Vertex Prediction

You can now customize more deployment parameters when uploading your models, such as shared memory allocation and custom startup and readiness probes. These parameters may be useful when deploying LLMs.

For more information, see Deploy generative AI models, Custom container requirements for prediction, and ModelContainerSpec.

Recommendations for Compute Engine Flexible committed use discounts are now Generally Available

Flexible CUDs add flexibility to your spending capabilities by eliminating the need to restrict your commitments to a single project, region, or machine series. Flexible CUDs recommendations in the FinOps Hub help you optimize costs by analyzing your spending trends and existing commitments to suggest purchase amounts for Flexible CUDs.

• Learn more about Flexible CUDs
• Learn more about the FinOps Hub

You can now recover a stream for an Oracle source. You can also start your Oracle source stream from a specific position. For more information, see Recover a stream and Manage streams.

Security Command Center Management API released to General Availability

The Security Command Center Management API, which provides API support for managing settings and custom modules, is released to General Availability.

For more information, see Security Center Management API.

AlloyDB Language Connectors are now available in Preview. These language connectors are libraries that provide automated mutual TLS connections, IAM-based authorization, and Automated IAM Authentication when connecting to an AlloyDB instance. For more information about language connectors, see AlloyDB Language Connectors overview.

The constraint template library includes a new template: K8sDisallowInteractiveTTY. For reference, see the Constraint template library.

The Detection Engine added support for event variable joins on or expressions and function calls. For examples, see Event variable join requirements.

The Logs in Cloud Logging Only feature is now generally available (GA):

• New Cloud Composer environments now save Airflow task logs only in Cloud Logging by default.
• Existing environments are not changed. If you upgrade an existing environment to Cloud Composer 2.5.5, it keeps saving logs to the environment's bucket.
• You can enable and disable saving logs to the environment's bucket for an existing environment.

Increased the amount of memory available to the Redis component in environments with Medium and Large environment sizes. This change improves the performance of Cloud Composer environments.

Cloud SQL Enterprise Plus edition now supports the following regions:

• asia-northeast2 (Osaka)
• asia-south2 (Delhi)
• europe-north1 (Finland)
• europe-southwest1 (Madrid)
• us-east5 (Columbus)
• us-south1 (Dallas)

Cloud SQL Enterprise Plus edition now supports the following regions:

• asia-northeast2 (Osaka)
• asia-south2 (Delhi)
• europe-north1 (Finland)
• europe-southwest1 (Madrid)
• us-east5 (Columbus)
• us-south1 (Dallas)

Generally available: Hyperdisk Balanced is available with M3 VMs. Hyperdisk Balanced is a good fit for a wide range of use cases such as LOB applications, web applications, and medium-tier databases that don't require the performance of Hyperdisk Extreme. For more information, see About Hyperdisk.

Vertex AI Conversation data stores now support unstructured CSV.

Eventarc support for creating triggers for direct events from Cloud Firestore with authentication context, is available in Preview.

(New guide) Use RIOT Live Migration to migrate to Redis Enterprise Cloud: Migrate from Redis compatible sources like Redis Open Source (Redis OSS), AWS ElastiCache, and Azure Cache for Redis to a fully managed Redis Enterprise Cloud instance in Google Cloud using the Redis Input and Output Tool (RIOT) Live Migration service. This architecture is accompanied by a deployment guide and an assessment guide.

The following features are now Generally Available:

• Parsing of the GraphQL content-type
• Support for User IP request headers
• Support for JA3 fingerprints

For more information about parsing GraphQL content, see Apply parsing on custom Content-Type header values. For more information about User IP request headers and JA3, see Configure custom rules language attributes.

Custom value formatting

Custom value formatting lets you specify how dimension, metric, and calculated field values appear in charts without sending additional SQL queries to your database. Custom value formatting also includes the option for report creators and editors to specify a value format by using Google Sheets style notation.

Download and third-party access controls in Workspace admin console

As a Google Workspace or Cloud Identity administrator, you can control whether viewers in your organization can download Looker Studio content. You can also restrict users from enabling data sources that use third-party connectors or from adding third-party visualizations to Looker Studio reports.

AlloyDB support for Cloud regions in the events timeline is now Generally available.

Custom connectors [Preview]

Application Integration now supports custom connectors. The custom connectors feature (based on the Open API specification) lets you create your own connectors that aren't a part of the standard connectors provided by Integration Connectors. You can use these connectors in your integrations. For more information, see Custom connectors.

BigQuery now natively supports the Delta Lake format for Amazon S3 and Azure tables. This feature is now in preview.

BigQuery ML has added a new residual column to the output of the ML.EXPLAIN_FORECAST function for ARIMA_PLUS and ARIMA_PLUS_XREG models. The residual column contains the difference between the actual time series and the fitted time series for the historical data. This lets you compare the modeled historical data that is returned in the other output columns of ML.EXPLAIN_FORECAST with the actual historical data.

BigQuery now supports the ST_LINEINTERPOLATEPOINT geography function, which gets a point at a specific fraction in a linestring. This feature is generally available (GA).

Chronicle has expanded Cloud Threat Detections to alert on findings from GCP Security Command Center Event Threat Detections, Virtual Machine Threat Detections, and Container Threat Detections. These passthrough detections are available through the following packs: CDIR SCC Enhanced Exfiltration, CDIR SCC Enhanced Defense Evasion, CDIR SCC Enhanced Malware, CDIR SCC Enhanced Persistence, CDIR SCC Enhanced Privilege Escalation, CDIR SCC Credential Access, CDIR SCC Enhanced Discovery, CDIR SCC Brute Force, CDIR SCC Data Destruction, CDIR SCC Inhibit System Recovery, CDIR SCC Execution, CDIR SCC Initial Access, CDIR SCC Impair Defenses.

External passthrough Network Load balancers now support zonal NEGs with GCE_VM_IP endpoints. This also lets you add any network interface of a VM as an endpoint for a zonal NEG backend, as long as the network interface belongs to the same subnetwork as the NEG. In comparison, you can only attach the nic0 of a VM to an instance group backend.

For more details, see the following pages:

• External passthrough Network Load Balancer overview: Backends
• Zonal NEGs overview
• Set up an external passthrough Network Load Balancer with a GCE_VM_IP zonal NEG

With data store agents, you can now provide a custom summarization prompt.

Dialogflow CX generators has added support for text-bison@002 and gemini-pro models.

The option to update a Serverless VPC Access connector is now available at general availability (GA). This feature allows you to edit the machine (instance) type, as well as the minimum and maximum number of instances.

The option to update a Serverless VPC Access connector is now available at general availability (GA). This feature allows you to edit the machine (instance) type, as well as the minimum and maximum number of instances.

The option to update a Serverless VPC Access connector is now available at general availability (GA). This feature allows you to edit the machine (instance) type, as well as the minimum and maximum number of instances.

The option to update a Serverless VPC Access connector is now available at general availability (GA). This feature allows you to edit the machine (instance) type, as well as the minimum and maximum number of instances.

The option to update a Serverless VPC Access connector is now available at general availability (GA). This feature allows you to edit the machine (instance) type, as well as the minimum and maximum number of instances.

The option to update a Serverless VPC Access connector is now available at general availability (GA). This feature allows you to edit the machine (instance) type, as well as the minimum and maximum number of instances.

The following new data transformer functions are available:

• getIntegrationVersionId (): Get the integration version ID of the current integration.

• getIntegrationVersionNumber(): Get the version number of the current integration.

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

• Network Connectivity Center
  • networkconnectivity.googleapis.com/RouteTable
  • networkconnectivity.googleapis.com/HubRoute

Subscription IDs for your committed use discounts are now available in the Detailed cost data export

You can now view a subscription ID associated with your resource-based and spend based Committed Use Discount (CUD) fees. This enables you to connect CUD fees to the corresponding CUD (subscription instance) to improve traceability of costs and savings calculations. Use the subscription.instance_id column in the Detailed cost data export to see your subscription ID.

• Learn about exporting your billing data to BigQuery
• View the schema of the Detailed cost data export

The option to update a Serverless VPC Access connector is now available at the General Availability release level. This feature allows you to edit the machine (instance) type, as well as the minimum and maximum number of instances.

The option to update a Serverless VPC Access connector is now available at general availability (GA). This feature allows you to edit the machine (instance) type, as well as the minimum and maximum number of instances.

Datastream now supports the JA16SJIS character encoding for Oracle sources.

Cloud Spanner now supports the GoogleSQL INSERT OR IGNORE and INSERT OR UPDATE clauses.

Cloud Spanner now supports the PostgreSQL ON CONFLICT DO NOTHING and ON CONFLICT DO UPDATE SET clauses.

AlloyDB now supports cross-project restoration. You can restore an AlloyDB cluster to a new cluster in a different Google Cloud Project.

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Blockchain Node Engine
  • blockchainnodeengine.googleapis.com/BlockchainNode

You can now create and manage your uptime checks and synthetic monitors by using the Google Cloud CLI. For more information, see Create public uptime checks and Create a synthetic monitor.

Generally available: In the Google Cloud console, in the Observability tab on the VM instances page, you can customize the predefined dashboard to monitor specific VM metrics that you want. For more information, see Create a customized dashboard to view specific metrics.

BigQuery subscriptions now support the ability to parse JSON messages by using the schema of a BigQuery table. For more information, see use table schema. The change is being rolled out in a phased manner over the rest of the week.

Cloud Spanner now supports COSINE_DISTANCE() and EUCLIDEAN_DISTANCE() functions (in Preview). You can use these vector distance functions to perform similarity vector search. For more information, see Perform similarity vector search in Spanner by finding the K-nearest neighbors.

Ops Agent version 2.46.0 introduces a new health check, LogPingOpsAgent, an informational payload message written every 10 minutes to the ops-agent-health log. You can use the resulting log entries to verify that the agent is sending logs. For more information, see Agent health checks.

You can now mount a Cloud Storage bucket as a storage volume for services, and also for Cloud Run jobs.

M115 release

• TensorFlow 2.15 with CUDA 12.1 and Python 3.10 container images are now available.
• TensorFlow 2.14 with CUDA 11.8 and Python 3.10 container images are now available.

M115 release

• TensorFlow 2.15 with CUDA 12.1 and Python 3.10 images are now available.
• TensorFlow 2.14 with CUDA 11.8 and Python 3.10 images are now available.

M115 release

The M115 release of Vertex AI Workbench user-managed notebooks includes the following:

• Added support for TensorFlow 2.15 with Python 3.10 on Debian 11.
• Added support for TensorFlow 2.14 with Python 3.10 on Debian 11.

The M115 release of Vertex AI Workbench managed notebooks includes the following:

• Fixed the BigQuery connector within PySpark containers.

M115 release

The M115 release of Vertex AI Workbench instances includes the following:

• Added support for venv kernels.

Bare Metal HSM is generally available for customers with specific business and technical requirements in limited regions.

Bare Metal HSM is an infrastructure-as-a-service offering that lets you deploy customer-owned hardware security modules (HSMs) in PCI-compliant facilities next to your Google Cloud workloads. This product helps to accelerate migration of your payment applications to Google Cloud.

For more information, see Bare Metal HSM.

Direct VPC egress (Preview) is now available in the following additional regions:

• asia-east1
• asia-east2
• asia-northeast2
• asia-south2
• australia-southeast1
• europe-north1
• europe-southwest1
• europe-west12
• europe-west4
• me-west1
• northamerica-northeast1
• northamerica-northeast2
• southamerica-east1
• us-east4
• us-south1
• us-west1
• us-west4

Dialogflow CX now allows cancellation of partial response playback.

Preview: Migrate to Virtual Machines lets you convert the OS boot type of a VM instance from Basic Input/Output System (BIOS) to Unified Extensible Firmware Interface (UEFI). This option is useful when you want to securely boot your VM instance, as secure boot is only supported by UEFI. For more information, see the table in Configure the target for a migrated VM.

To participate in the preview of this feature, send a request to the email address: [email protected].

Preview stage support for the following integration:

• Personalized Service Health

Training machine learning models for abuse detection on your data

You now have the option to allow Apigee to train your organization's machine learning models for abuse detection on your data. Training the models on your data helps improve their accuracy for detecting security incidents.

Webhook triggers are now supported in preview. With webhook triggers, you can build integrations for your data sources that don't have specific triggers but support webhook for event listening.

You can now use cross-cloud joins to run queries that span both Google Cloud and BigQuery Omni regions. This feature is in preview.

UDM Search for entity investigation

UDM Search now includes a feature that lets you investigate entities (for example, an IP address, user, or asset) in addition to the events and alerts that match the search query terms. UDM Search query conditions can include both UDM fields (for example, principal.hostname="alice") and grouped fields (for example, hostname="alice"). When a search query includes a condition that identifies a specific entity, the search results include details about that entity in addition to UDM events that match the entire search query.

UDM Search for entity investigation

UDM Search now includes a feature that lets you investigate entities (for example, an IP address, user, or asset) in addition to the events and alerts that match the search query terms. UDM Search query conditions can include both UDM fields (for example, principal.hostname="alice") and grouped fields (for example, hostname="alice"). When a search query includes a condition that identifies a specific entity, the search results include details about that entity in addition to UDM events that match the entire search query.

Cloud Data Fusion version 6.10.0 is available in Preview. This release is in parallel with the CDAP 6.10.0 release.

Source control management using Github is generally available (GA) in Cloud Data Fusion version 6.10.0. With this feature, you can use GitHub to maintain version histories of your ETL and ELT pipelines.

To simplify the experience of synchronizing pipelines between Cloud Data Fusion and GitHub in bulk, pushing and pulling multiple pipelines is available in Preview.

In versions before 6.10.0, you can only establish connectivity between private Cloud Data Fusion instances and customer resources with VPC Peering. Starting in version 6.10.0, you can use Private Service Connect interfaces to establish connectivity using internal IP addresses. Private Service Connect interfaces are easier to set up, use fewer internal IP addresses, and don't require the use of proxies to reach customer resources in peered VPCs, the internet, or on-premises.

You can control access to Google Cloud resources at the Cloud Data Fusion namespace level using an IAM service account. Per Namespace Service Accounts are available in Preview in Cloud Data Fusion version 6.10.0. For more information, see Access control with namespace service accounts.

You can now edit Log Analytics charts that are saved to a dashboard directly in the Dashboards page. For more information, see Edit a chart saved to a custom dashboard.

Observability for Google Kubernetes Engine: You can now enable the package of kube state metrics from the Observability tab of a GKE deployment. For more information, see Package: Kube state metrics.

Cloud NAT support for Inter-VPC communications is available in General Availability.