<?xml version="1.0" encoding="UTF-8"?>
<!-- AUTOGENERATED FILE. DO NOT EDIT. -->
<feed xmlns="http://www.w3.org/2005/Atom">
  <id>tag:google.com,2016:cloudloadbalancing-release-notes</id>
  <title>Cloud Load Balancing - Release notes</title>
  <link rel="self" href="https://docs.cloud.google.com/feeds/cloudloadbalancing-release-notes.xml"/>
  <author>
    <name>Google Cloud Platform</name>
  </author>
  <updated>2026-06-02T00:00:00-07:00</updated>

  <entry>
    <title>June 02, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#June_02_2026</id>
    <updated>2026-06-02T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#June_02_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>TLS post-quantum key exchange support is now available for
Application Load Balancers and external proxy Network Load Balancers.
Post-quantum key exchange is
essential for protecting today's traffic from future quantum computing
decryption risks (<em>harvest now, decrypt later</em> attacks).
With post-quantum key exchange enabled, the
load balancer uses post-quantum key exchange with clients that support TLS
1.3 and <code>X25519MLKEM768</code> key exchange.</p>
<p>This feature is rolling out in three phases:</p>
<ul>
<li><p>Phase 1 (Until October 2026): Post-quantum key exchange is not enabled by
default. Customers can elect to opt in and enable it using their SSL policy.</p></li>
<li><p>Phase 2 (October 2026 through October 2027): The feature is enabled by
default. Customers can elect to defer (opt out) if required.</p></li>
<li><p>Phase 3 (After October 2027): The feature is enabled by default,
and options to defer are no longer effective.</p></li>
</ul>
<p>We strongly encourage you to enable post-quantum key exchange now, even before
it is turned on by default. The opportunity to test this today will help you
verify that clients and any intermediate network devices can properly negotiate
post-quantum key exchange.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/load-balancing/docs/post-quantum-tls#post-quantum-key-exchange">Post-quantum key exchange</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 01, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#June_01_2026</id>
    <updated>2026-06-01T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#June_01_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>A modernized, component-centric interface for Cloud Load Balancing is available
in <strong>Preview</strong>. This inaugural release provides an expanded perspective of load
balancing infrastructure, offering enhanced transparency into individual
component configurations.</p>
<p><a class="button button-primary" href="https://console.cloud.google.com/net-services/loadbalancing/advanced" target="console">Go to Cloud Console</a> </p>
<p>The key features of this release include the following:</p>
<ul>
<li><p><strong>Comprehensive resource inventory</strong>: A centralized, searchable, and sortable
management layer for granular resources—including forwarding rules,
target proxies, and TLSRoutes—facilitating detailed monitoring of
resource status and interdependencies.</p></li>
<li><p><strong>Interactive resource topology</strong>: A contextual visualization tool that maps
traffic flow from forwarding rules through proxies to backends, enabling
technical teams to efficiently analyze dependencies and accelerate issue
resolution.</p></li>
<li><p><strong>Integrated audit logging</strong>: Embedded audit logs within the console that
offer a unified module for monitoring and tracking
historical configuration changes.</p></li></ul>
]]>
    </content>
  </entry>

  <entry>
    <title>May 26, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#May_26_2026</id>
    <updated>2026-05-26T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#May_26_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>For global external Application Load Balancers, you can configure Cloud CDN cache policies at
various levels of a URL map. This provides granular control over caching
policies based on criteria like hostname, URL path, HTTP headers, and query
parameters. This feature is in <strong>General availability</strong>.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/load-balancing/docs/https/setting-up-global-traffic-mgmt#cdn-cache-policy">Configure a Cloud CDN cache policy</a>.</p>
<h3>Feature</h3>
<p>Frontend configuration for load balancing incoming IPv6 traffic is now supported
for the following load balancers:</p>
<ul>
<li>Regional external Application Load Balancer</li>
<li>Regional external proxy Network Load Balancer</li>
<li>Regional internal Application Load Balancer</li>
<li>Regional internal proxy Network Load Balancer</li>
<li>Cross-region internal Application Load Balancer</li>
<li>Cross-region internal proxy Network Load Balancer</li>
</ul>
<p>This feature is in <strong>Preview</strong>.</p>
<p>For more information, see the following documentation:</p>
<ul>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/forwarding-rule-concepts">Forwarding rules overview</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/ipv6">IPv6 for Application Load Balancers and proxy Network Load Balancers</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/https/convert-applb-dualstack">Convert Application Load Balancer to IPv6</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/tcp/convert-proxynetlb-dualstack">Convert Proxy Network Load Balancer to IPv6</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/proxy-only-subnets#proxy_only_subnet_create">Proxy-only subnets for Envoy-based load balancers</a></li>
</ul>
]]>
    </content>
  </entry>

  <entry>
    <title>May 22, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#May_22_2026</id>
    <updated>2026-05-22T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#May_22_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>Application Load Balancers now support the configuration of a
<a href="https://docs.cloud.google.com/load-balancing/docs/backend-service#applb-csm-traffic-duration">traffic duration</a>
setting when you add backends to backend services. You can configure this
setting as <code>SHORT</code> or <code>LONG</code> based on the response time needed by backends to
complete HTTP requests.</p>
<p>Application Load Balancers also support the use of the
<a href="https://docs.cloud.google.com/load-balancing/docs/backend-service#bmtc-inflight"><em>in-flight</em> balancing mode</a>
that lets you configure the load balancer's traffic distribution to supported
backends when requests take more than a second to complete.</p>
<p>This feature is in <strong>General availability</strong>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>May 21, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#May_21_2026</id>
    <updated>2026-05-21T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#May_21_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>Zonal affinity, which was previously available in Preview,
is generally available (GA).</p>
<p>For more information, see <a href="https://docs.cloud.google.com/load-balancing/docs/internal/zonal-affinity">Zonal affinity for internal passthrough Network Load Balancers</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>May 19, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#May_19_2026</id>
    <updated>2026-05-19T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#May_19_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>Google tag gateway for advertisers lets website owners host and deploy Google
tags through Google Cloud. You can use a
global external Application Load Balancer to route measurement traffic on your website through your
domain for improved measurement data accuracy. This provides more reliable data
for advertising campaign optimization.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/load-balancing/docs/https#tag-gateway">Google tag gateway for advertisers</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>May 14, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#May_14_2026</id>
    <updated>2026-05-14T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#May_14_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>You can use three new variables in custom request and response headers for
Application Load Balancers:</p>
<ul>
<li><p><code>asn</code>: The Autonomous System Number (ASN) associated with the client's IP
address.</p></li>
<li><p><code>cloud_trace_id</code>: The trace ID extracted (or generated) from the HTTP request
header.</p></li>
<li><p><code>hostname</code>: The original hostname specified by the client in the <code>Host</code> HTTP
request header. This allows preservation of the original host header
(equivalent to <code>X-Forwarded-Host</code>).</p></li>
</ul>
<p>These variables are available for both global external Application Load Balancers
and classic Application Load Balancers.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/load-balancing/docs/https/custom-headers-global">Create custom headers in backend services</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>April 30, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#April_30_2026</id>
    <updated>2026-04-30T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#April_30_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>Backend Cloud Storage buckets are available for regional external Application Load Balancers and
regional internal Application Load Balancers.</p>
<p>For more information, see:</p>
<ul>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/https/setup-reg-ext-app-lb-backend-buckets">Set up a regional external Application Load Balancer with Cloud Storage buckets</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/l7-internal/setup-regional-internal-buckets">Set up a regional internal Application Load Balancer with Cloud Storage buckets</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/https/setting-up-reg-ext-shared-vpc-backend-buckets">Set up a regional external Application Load Balancer with Cloud Storage buckets in a Shared VPC environment</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/l7-internal/setup-regional-internal-shared-vpc-buckets">Set up a regional internal Application Load Balancer with Cloud Storage buckets in a Shared VPC environment</a></li>
</ul>
<p>This feature is in <strong>General availability</strong>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>April 27, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#April_27_2026</id>
    <updated>2026-04-27T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#April_27_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>A new quota system governing the configuration size of Application Load Balancer
is now available in <strong>Preview</strong>. This update increases the individual URL map
size limit from 64 KB and 128 KB to 1 MB. For more information,
see <a href="https://docs.cloud.google.com/load-balancing/docs/url-map-size-quota">URL map size and quota units</a>.</p>
<p>Key aspects of this feature include:</p>
<ul>
<li>Complexity-based quota: <em>Quota units</em> reflect URL map complexity (number of
rules, hostnames, and path matchers).</li>
<li>Scoped measurement: Quota is measured and enforced on a per-project,
per-region, or per-VPC depending on Application Load Balancer type.</li>
<li>Active consumption: Only URL maps currently referenced by forwarding rules
contribute to quota usage.</li>
<li>New URL map size limit: Projects enabled for the new quota have a new URL map
size limit increased to 1 MB for global and regional external and internal
Application Load Balancers. Classic Application Load Balancer remain
restricted to 64 KB.</li>
</ul>
<p>For more information on increasing your limit or to participate in the preview,
please contact <a href="https://cloud.google.com/support">Google Cloud Support</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>April 22, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#April_22_2026</id>
    <updated>2026-04-22T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#April_22_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>Policy profiles in authorization policies let you define the type of
authorization being performed at the load balancer. This feature is
available in <strong>Preview</strong>.</p>
<p>You can choose from the following profile types:</p>
<ul>
<li><p>Request authorization profile (<code>REQUEST_AUTHZ</code>): Evaluates access based on
HTTP request headers. Authorization decisions can be made directly or
delegated to custom services. This is the default profile.</p></li>
<li><p>Content authorization profile (<code>CONTENT_AUTHZ</code>): Enables deep inspection of
application payloads (headers, body, and trailers). This is used for
content-based security, such as blocking prompt injection attacks and
preventing sensitive data leaks. Authorization decisions are always delegated.</p></li>
</ul>
<p>Policy profiles are supported for the following Google Cloud services:</p>
<ul>
<li>Regional external Application Load Balancers</li>
<li>Regional internal Application Load Balancers</li>
<li>Agent Gateway (<a href="https://cloud.google.com/products#product-launch-stages">Preview</a>)</li>
<li>Secure Web Proxy</li>
</ul>
<p>To learn more about policy profiles, see  <a href="https://docs.cloud.google.com/load-balancing/docs/auth-policy/auth-policy-overview">Authorization policy overview</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>April 10, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#April_10_2026</id>
    <updated>2026-04-10T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#April_10_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>Published service backends let you configure <a href="https://docs.cloud.google.com/vpc/docs/about-accessing-vpc-hosted-services-endpoints#published-service-backend-support">supported load balancers</a>
or <a href="https://docs.cloud.google.com/service-mesh/docs/regional-cloud-service-mesh#configuring-published-service-backends">regional Cloud Service Mesh</a> to route
traffic to published services through Private Service Connect endpoints.</p>
<p>For more information, see
<a href="https://docs.cloud.google.com/load-balancing/docs/backend-service#Published-service-backends">Published service backends</a>.</p>
<p>This feature is in <strong>Preview</strong>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>April 05, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#April_05_2026</id>
    <updated>2026-04-05T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#April_05_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>Certificate Manager certificates are available in Google Cloud console
while provisioning a load balancer.</p>
<p>You can select a certificate map for the following load balancers:</p>
<ul>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/https/setup-global-ext-https-compute#ssl-cert">Global external Application Load Balancers</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/https/ext-https-lb-simple#ssl-cert">Classic Application Load Balancers</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/tcp/set-up-global-ext-proxy-ssl#ssl-cert">Global external proxy Network Load Balancers</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/ssl/setting-up-ssl#ssl-cert">Classic proxy Network Load Balancers</a></li>
</ul>
<p>You can select a Certificate Manager certificate
for the following load balancers:</p>
<ul>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/https/setting-up-reg-ext-https-lb#lb-config">Regional external Application Load Balancers</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/l7-internal/setting-up-l7-internal#lb-config">Regional internal Application Load Balancers</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/l7-internal/setting-up-l7-cross-reg-internal#lb-config">Cross-region internal Application Load Balancers</a></li>
</ul>
<p>This feature is in <strong>General availability</strong>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>March 31, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#March_31_2026</id>
    <updated>2026-03-31T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#March_31_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>SNI-based routing for proxy Network Load Balancers is now available in
<strong>Preview</strong>.</p>
<p>You can now route TLS traffic based on Server Name Indication (SNI) hostnames
by using the new <code>TLSRoute</code> resource. The load balancer inspects the
initial unencrypted <code>ClientHello</code> message to extract the SNI hostname and
route connections to the appropriate backend service.
This feature provides pure TLS passthrough without terminating the connection
at the load balancer. Key benefits include:</p>
<ul>
<li><strong>End-to-end encryption</strong>: Clients can establish secure mTLS or TLS sessions
directly with origin servers.</li>
<li><strong>Role-oriented management</strong>: The <code>TLSRoute</code> API lets platform administrators
to manage frontend infrastructure while service owners manage their own routes
and backends independently.</li>
<li><strong>Simplified IP management</strong>: Consolidate multiple services behind a single
<a href="https://docs.cloud.google.com/vpc/docs/about-accessing-vpc-hosted-services-endpoints">Private Service Connect (PSC) endpoint</a>,
reducing IPv4 address exhaustion.</li>
</ul>
<p>This feature is available for regional and cross-region proxy Network Load Balancers.</p>
<p>For more information, see:</p>
<ul>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/tcp/set-up-ext-reg-tcp-proxy-migs#configure-lb-tls-routes">Create a regional external proxy Network Load Balancer load balancer with TLS routes</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/tcp/set-up-int-tcp-proxy-migs#configure-lb-tls-routes">Create a regional internal proxy Network Load Balancer load balancer with TLS routes</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/tcp/setup-cross-reg-proxy-migs#configure-lb-tls-routes">Create a cross-region internal proxy Network Load Balancer load balancer with TLS routes</a></li>
</ul>
]]>
    </content>
  </entry>

  <entry>
    <title>February 24, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#February_24_2026</id>
    <updated>2026-02-24T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#February_24_2026"/>
    <content type="html"><![CDATA[<h3>Other</h3>
<p>Backend Cloud Storage buckets are available for
regional external Application Load Balancers, regional internal Application Load Balancers, and
cross-region internal Application Load Balancers in a Shared VPC environment.</p>
<p>Support for this feature is available in <strong>Preview</strong> for
regional external Application Load Balancers and regional internal Application Load Balancers and in
<strong>General availability</strong> for cross-region internal Application Load Balancers. For more information,
see:</p>
<ul>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/https/setting-up-reg-ext-shared-vpc-backend-buckets">Set up a regional external Application Load Balancer with Cloud Storage buckets in a Shared VPC environment</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/l7-internal/setup-regional-internal-shared-vpc-buckets">Set up a regional internal Application Load Balancer with Cloud Storage buckets in a Shared VPC environment</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/l7-internal/setup-crilb-shared-vpc-backend-buckets">Set up a cross-region internal Application Load Balancer with Cloud Storage buckets in a Shared VPC environment</a></li>
</ul>
]]>
    </content>
  </entry>

  <entry>
    <title>February 23, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#February_23_2026</id>
    <updated>2026-02-23T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#February_23_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>Backend mutual TLS (mTLS) and backend authenticated TLS is now
<strong>Generally available</strong> for cross-region internal Application Load Balancers.</p>
<p>This update complements existing support for global and regional
Application Load Balancers, allowing you to enforce bidirectional
identity verification across your regional deployments.</p>
<p>For details, see the following:</p>
<ul>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/backend-authenticated-tls-backend-mtls">Backend mTLS overview</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/backend-authenticated-tls-setup">Set up backend authenticated TLS</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/backend-mtls-setup">Set up backend mTLS</a></li>
</ul>
]]>
    </content>
  </entry>

  <entry>
    <title>January 28, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#January_28_2026</id>
    <updated>2026-01-28T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#January_28_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>To enhance security and help meet stringent compliance requirements like
FedRAMP, you can now apply a FIPS-compliant SSL policy to your
Application Load Balancers and proxy Network Load Balancers. This update also introduces
the ability to enforce TLS 1.3 as the minimum protocol version.</p>
<p><strong>New <code>FIPS_202205</code> profile</strong></p>
<p>The new <code>FIPS_202205</code> profile, available as a predefined SSL policy, restricts
the load balancer to use only FIPS 140-2/140-3 validated cryptographic modules
and ciphers.</p>
<p>When this profile is selected, the load balancer:</p>
<ul>
<li>Enforces strict TLS settings, negotiating connections
only using TLS 1.2 or TLS 1.3.</li>
<li>Uses a limited set of approved cipher suites for TLS 1.2,
such as the cipher suites in <code>ECDHE-RSA-AES-GCM</code>
and <code>ECDHE-ECDSA-AES-GCM</code> families.</li>
<li>Excludes non-FIPS ciphers for TLS 1.3, such as <code>TLS_CHACHA20_POLY1305_SHA256</code>.</li>
</ul>
<p><strong>Minimum TLS 1.3 Enforcement</strong></p>
<p>You can now specify TLS 1.3 as the minimum version for your SSL policy, which
must be paired with the <code>RESTRICTED</code> profile. If you mandate TLS 1.3 as the
minimum version, any clients attempting to connect via TLS 1.2 or lower will be
rejected. Ensure your client ecosystem supports TLS 1.3 before enforcing this
minimum TLS version.</p>
<p>For more information, see the following:</p>
<ul>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/ssl-policies-concepts">SSL policies overview</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/use-ssl-policies">Use SSL policies</a></li>
</ul>
<p>This feature is in <strong>General availability</strong>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>January 23, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#January_23_2026</id>
    <updated>2026-01-23T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#January_23_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>Application Load Balancers now support the configuration of a
<a href="https://docs.cloud.google.com/load-balancing/docs/backend-service#applb-csm-traffic-duration">traffic duration</a>
setting when you add backends to the backend services. You can configure this
setting as <code>SHORT</code> or <code>LONG</code> based on the response time needed by backends to
complete HTTP requests.</p>
<p>Application Load Balancers also support the use of a new
<a href="https://docs.cloud.google.com/load-balancing/docs/backend-service#bmtc-inflight"><em>in-flight</em> balancing mode</a>
that lets you configure the load balancer's traffic distribution to supported
backends when requests take more than a second to complete.</p>
<p>This feature is available in <strong>Preview</strong>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>January 19, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#January_19_2026</id>
    <updated>2026-01-19T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#January_19_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>Backend buckets are available for
regional external Application Load Balancers and regional internal Application Load Balancers.</p>
<p>This feature enables to serve static content (such as images, video, and CSS)
confined to a specific region, helping you meet strict data residency and
compliance requirements for regulated workloads. This update ensures backend
bucket availability across the entire Application Load Balancers portfolio.</p>
<p>For more information, see the following:</p>
<ul>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/https/setup-reg-ext-app-lb-backend-buckets">Set up a regional external Application Load Balancer with Cloud Storage buckets</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/l7-internal/setup-regional-internal-buckets">Set up a regional internal Application Load Balancer with Cloud Storage buckets</a></li>
</ul>
<p>This feature is in <strong>Preview</strong>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>January 16, 2026</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#January_16_2026</id>
    <updated>2026-01-16T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#January_16_2026"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p><strong>Managed workload identity</strong> is available for <strong>backend mutual TLS (mTLS)</strong> in
global external Application Load Balancers.</p>
<p>This feature allows to:</p>
<ul>
<li><p><strong>Streamline certificate management</strong>: Managed workload identity enables
automated certificate and trust management for backend mTLS through seamless
integration with Certificate Authority Service and Certificate Manager.</p></li>
<li><p><strong>Eliminate operational toil</strong>: Certificates are automatically rotated based
on the workload identity pool's configuration, removing the complexity and
manual bottleneck of private key provisioning and maintenance.</p></li>
<li><p><strong>Improve visibility and governance</strong>: Gain visibility into communication
between distributed services and proactively apply governance to workloads
across environments.</p></li>
</ul>
<p>For more information, see
<a href="https://docs.cloud.google.com/load-balancing/docs/managed-workload-identities-load-balancers-overview">Backend mTLS with managed workload identity overview</a></p>
<p>This feature is in <strong>Preview</strong>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>December 17, 2025</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#December_17_2025</id>
    <updated>2025-12-17T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#December_17_2025"/>
    <content type="html"><![CDATA[<h3>Security</h3>
<p>Starting <em>December 17, 2025</em>, requests with request methods that aren't
compliant with <a href="https://datatracker.ietf.org/doc/html/rfc9110#section-5.6.2">RFC 9110, Section
5.6.2</a> will be
rejected by a first-layer Google Front End (GFE) before reaching your load
balancer or its backends. Previously, such non-compliant requests would have
been rejected by the load balancer or its backends with a variety of error
codes. With the GFE now handling such requests, you might observe a small
decrease in error rates.</p>
<p>This change applies only to global external Application Load Balancers and classic Application Load Balancers.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>December 03, 2025</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#December_03_2025</id>
    <updated>2025-12-03T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#December_03_2025"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p><strong>Regular expressions matchers in host and route rules in URL maps</strong></p>
<p>You can now use regular expressions to configure more flexible and precise
traffic routing rules within URL maps for Application Load Balancer. This feature
lets you leverage the power of RE2 syntax for matching on:</p>
<ul>
<li><strong>Route rules</strong>: Within <code>pathMatchers</code>, the <code>matchRules</code> array now supports a
<code>regexMatch</code> field to validate the URL path against a specified regex pattern.</li>
<li><strong>Header matches</strong>: Within <code>matchRules</code>, the <code>headerMatches</code> array now
supports a <code>regexMatch</code> field for pattern matching against HTTP header values.</li>
<li><strong>Query parameter matches</strong>: Within <code>matchRules</code>, the <code>queryParameterMatches</code>
array now supports a <code>regexMatch</code> field for pattern matching against HTTP
query parameters values.</li>
</ul>
<p>This feature is available for the following load balancers:</p>
<ul>
<li>Regional internal Application Load Balancer</li>
<li>Cross-region internal Application Load Balancer</li>
<li>Regional external Application Load Balancer</li>
</ul>
<p>For more details on usage and syntax, see <a href="https://docs.cloud.google.com/load-balancing/docs/url-map-concepts#regex-support">URL map concepts: Regular expressions
matchers in host and route
rules</a>.</p>
<p>This feature is in <strong>Preview.</strong></p>
]]>
    </content>
  </entry>

  <entry>
    <title>December 02, 2025</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#December_02_2025</id>
    <updated>2025-12-02T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#December_02_2025"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>Backend mutual TLS (mTLS) and backend authenticated TLS are now
<strong>Generally available</strong> for the following regional Application Load Balancers:</p>
<ul>
<li>Regional external Application Load Balancers</li>
<li>Regional internal Application Load Balancers</li>
</ul>
<p>This update complements existing support for global external Application Load Balancers,
allowing you to enforce bidirectional identity verification
across your regional deployments.</p>
<p>For details, see the following:</p>
<ul>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/backend-authenticated-tls-backend-mtls">Backend mTLS overview</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/backend-authenticated-tls-setup">Set up backend authenticated TLS</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/backend-mtls-setup">Set up backend mTLS</a></li>
</ul>
]]>
    </content>
  </entry>

  <entry>
    <title>November 04, 2025</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#November_04_2025</id>
    <updated>2025-11-04T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#November_04_2025"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p><code>GRPC_WITH_TLS</code> health checks are used for health checking gRPC backends
with TLS enabled. For more information, see the following:</p>
<ul>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/health-check-concepts#criteria-protocol-grpc">Success criteria for gRPC</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/health-checks#create-hc">Create health checks</a></li>
</ul>
<p>This feature is in <strong>General availability</strong>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>October 31, 2025</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#October_31_2025</id>
    <updated>2025-10-31T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#October_31_2025"/>
    <content type="html"><![CDATA[<h3>Change</h3>
<p>The global and classic external Application Load Balancers implemented on
Google Front-Ends (GFEs) now reject TLS connections when the client and the load
balancer support ALPN (Application-Layer Protocol Negotiation), but don't share
common ALPN protocols.</p>
<p>Previously, if a client proposed a list of application protocols during the TLS
handshake using the ALPN extension and none were supported by the load balancer,
ALPN would be deactivated and the connection would default to using HTTP/1 as
the default application protocol. After this update, the GFE instead returns
an <code>SSL_TLSEXT_ERR_ALERT_FATAL</code> response which causes the load balancer to
terminate the TLS handshake, and the connection to close. This change ensures
that an application-layer protocol is always explicitly negotiated between the
clients and the load balancers that support ALPN.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>October 29, 2025</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#October_29_2025</id>
    <updated>2025-10-29T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#October_29_2025"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>You can specify a custom ephemeral <code>/96</code> IPv6 address range when creating a
regional IPv6 forwarding rule. For more information, see the following:</p>
<ul>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/internal">Internal passthrough Network Load Balancer overview</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/network/networklb-backend-service">Backend service-based external passthrough Network Load Balancer overview</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/protocol-forwarding">Protocol forwarding overview</a></li>
</ul>
<p>This feature is in <strong>General availability</strong>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>October 28, 2025</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#October_28_2025</id>
    <updated>2025-10-28T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#October_28_2025"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>Both internal passthrough Network Load Balancers and external passthrough Network Load Balancers support load balancing to managed
instance groups (MIGs) comprised of IPv6-only VM instances.</p>
<p>For more details, see the following pages:</p>
<ul>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/network/setting-up-network-backend-service">Set up an external passthrough Network Load Balancer with a backend service</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/internal/setting-up-internal">Set up an internal passthrough Network Load Balancer with VM instance group backends</a></li>
</ul>
<p>This feature is in <strong>General availability</strong>.</p>
<h3>Feature</h3>
<p>Application Load Balancers support authorization policies that let you
establish access control checks for incoming traffic.</p>
<p>For details, see
<a href="https://docs.cloud.google.com/load-balancing/docs/auth-policy/auth-policy-overview">Authorization policy overview</a>.</p>
<p>This feature is in <strong>General availability</strong>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>October 06, 2025</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#October_06_2025</id>
    <updated>2025-10-06T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#October_06_2025"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>Percentage-based request mirroring is now supported for the global and regional external Application Load Balancers (classic is not supported). By default, the mirrored backend service receives all requests, even if the original traffic is being split between multiple weighted backend services. You
can now configure the mirrored backend service to receive only a percentage of the
requests by using the <code>mirrorPercent</code> flag to specify the percentage of
requests to be mirrored, expressed as a value between 0 and 100.0.</p>
<p>For an example, see <a href="https://docs.cloud.google.com/load-balancing/docs/https/setting-up-reg-traffic-mgmt#mirror_traffic">Set up traffic management for regional external Application Load Balancers</a>.</p>
<p>This feature is available in <strong>General availability</strong>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>September 17, 2025</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#September_17_2025</id>
    <updated>2025-09-17T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#September_17_2025"/>
    <content type="html"><![CDATA[<h3>Security</h3>
<p>A security fix was made which changes the behavior of requests and responses sent with the <code>Transfer-Encoding: Chunked</code> header to be more RFC 9112 compliant. The <a href="https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding">RFC states</a> that both the <code>chunked_body</code> and the <code>last-chunk</code> fields must end in <code>CRLF</code>. This is now enforced.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>September 12, 2025</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#September_12_2025</id>
    <updated>2025-09-12T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#September_12_2025"/>
    <content type="html"><![CDATA[<h3>Change</h3>
<p>The global and classic external Application Load Balancers implemented on Google Front-Ends (GFEs) now support HTTP/1.0 explicitly as a protocol during ALPN (Application-Layer Protocol Negotiation) negotiation.</p>
<p>Previously, when the GFEs didn't support HTTP/1.0 explicitly, the GFE would return an <code>SSL_TLSEXT_ERR_NOACK</code> response, disable ALPN, and fall back to using HTTP/1 (which includes HTTP/1.0 and HTTP/1.1)  as the default application protocol. After this change, GFEs will instead return <code>HTTP/1.0</code>, which provides clients with positive confirmation that their advertised <code>HTTP/1.0</code> was accepted.
<p>You are not expected to make any changes with this update. If a TLS handshake with HTTP/1.0 is unsuccessful, please contact <a href="https://docs.cloud.google.com/load-balancing/docs/getting-support">support</a>.</p></p>
]]>
    </content>
  </entry>

  <entry>
    <title>August 26, 2025</title>
    <id>tag:google.com,2016:cloudloadbalancing-release-notes#August_26_2025</id>
    <updated>2025-08-26T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/load-balancing/docs/release-notes#August_26_2025"/>
    <content type="html"><![CDATA[<h3>Feature</h3>
<p>The internal and external passthrough Network Load Balancers now support load balancing to unmanaged instance groups comprised of IPv6-only VM instances. </p>
<p>Protocol forwarding also supports IPv6-only target instances. </p>
<p>For more details, see the following pages:</p>
<ul>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/protocol-forwarding">Protocol forwarding overview</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/network/networklb-backend-service">Backend service-based external passthrough Network Load Balancer overview</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/internal">Internal passthrough Network Load Balancer overview</a></li>
<li><a href="https://docs.cloud.google.com/load-balancing/docs/internal/setting-up-internal#configure-ipv6-only">Set up an internal passthrough Network Load Balancer with IPv6-only subnets and backends</a></li>
</ul>
<p>This feature is available in <strong>General Availability</strong>.</p>
]]>
    </content>
  </entry>

</feed>
