<?xml version="1.0" encoding="UTF-8"?>
<!-- AUTOGENERATED FILE. DO NOT EDIT. -->
<feed xmlns="http://www.w3.org/2005/Atom">
  <id>tag:google.com,2016:gcp-release-notes</id>
  <title>Google Cloud Platform (GCP) - Release notes</title>
  <link rel="self" href="https://docs.cloud.google.com/feeds/gcp-release-notes.xml"/>
  <author>
    <name>Google Cloud Platform</name>
  </author>
  <updated>2026-07-10T00:00:00-07:00</updated>

  <entry>
    <title>July 10, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#July_10_2026</id>
    <updated>2026-07-10T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#July_10_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee Advanced API Security</h2>
<h3>Deprecated</h3>
<p><strong>Deprecation and shutdown of GenAI Incident Summary (generative AI Insights)</strong></p>
<p>The standalone <strong>GenAI Incident Summary</strong> (generative AI Insights) feature in
Apigee Advanced API Security Abuse Detection, currently in Preview, is
deprecated and shut down as of July 9, 2026. This feature used Google Cloud
generative AI large language models (LLMs) to provide automated summaries and
mitigation guidance for security incidents identified by the Abuse Detection
clustering tool.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/apigee/docs/deprecations/genai-incident-summary">GenAI Incident Summary deprecation</a>.</p>
<h2 class="release-note-product-title">Cloud Deploy</h2>
<h3>Change</h3>
<p>The Cloud Deploy image now uses a Google-specific fork of Skaffold. The
Skaffold version that you see if you run <code>gcloud deploy releases describe</code>, or
if you view the release in the Google Cloud Console, is now <code>cd-skaffold</code>
instead of a version number.</p>
<h2 class="release-note-product-title">Google Distributed Cloud (software only) for VMware</h2>
<h3>Announcement</h3>
<p>Google Distributed Cloud (software only) for VMware 1.33.1000-gke.59 is now available
for download. To upgrade, see <a href="https://docs.cloud.google.com/kubernetes-engine/distributed-cloud/vmware/docs/how-to/upgrading.md">Upgrade clusters</a>.
Google Distributed Cloud 1.33.1000-gke.59 runs on Kubernetes v1.33.11-gke.100.</p>
<p>If you use a third-party storage vendor, check the listing of our
previously-qualified <a href="https://docs.cloud.google.com/kubernetes-engine/enterprise/docs/resources/partner-storage">storage partners</a>.</p>
<p>After a release, it takes approximately 7 to 14 days for the version to become
available for use with GKE On-Prem API clients: the Google Cloud console, the
gcloud CLI, and Terraform.</p>
<p>The following patches were skipped:</p>
<ul>
<li>1.33.900</li>
<li>1.34.600</li>
<li>1.35.200</li>
</ul>
<h3>Fixed</h3>
<p>The following issues were fixed in 1.33.1000-gke.59:</p>
<ul>
<li>Fixed vulnerabilities listed in <a href="https://docs.cloud.google.com/kubernetes-engine/distributed-cloud/vmware/docs/vulnerabilities">Vulnerability fixes</a>.</li>
<li>Fixed the issue preventing patch releases for GDC software only for VMware.</li>
</ul>
<h2 class="release-note-product-title">Google Distributed Cloud (software only) for bare metal</h2>
<h3>Announcement</h3>
<p>Google Distributed Cloud (software only) for bare metal 1.33.1000-gke.59 is now available for
download. To upgrade, see <a href="how-to/upgrade">Upgrade clusters</a>.
Google Distributed Cloud for bare metal
1.33.1000-gke.59 runs on Kubernetes v1.33.11-gke.100.</p>
<p>After a release, it takes approximately 7 to 14 days for the version to become
available for installations or upgrades with the GKE On-Prem API clients: the
Google Cloud console, the gcloud CLI, and Terraform.</p>
<p>If you use a third-party storage vendor, check the listing of our
previously-qualified <a href="https://docs.cloud.google.com/kubernetes-engine/enterprise/docs/resources/partner-storage">storage partners</a>.</p>
<h3>Fixed</h3>
<p>The following issues were fixed in 1.33.1000-gke.59:</p>
<ul>
<li>Fixed vulnerabilities listed in <a href="https://docs.cloud.google.com/kubernetes-engine/distributed-cloud/bare-metal/docs/vulnerabilities">Vulnerability fixes</a>.</li>
<li>Fixed an issue where Certificate Authority (CA) rotation failed for
self-managing clusters (admin, hybrid, and standalone). The failure occurs
during the final phase of the rotation when attempting to move management
resources back from the temporary bootstrap cluster to the self-managing
cluster, which can leave the cluster in an unmanageable state. You must
upgrade your clusters to version 1.33.1000-gke.59 before you rotate your CAs.
Running a CA rotation on self-managing clusters in versions prior to
1.33.1000-gke.59 triggers this issue and can disrupt your ability to manage
the cluster.
</li>
</ul>
<h2 class="release-note-product-title">Network Connectivity Center</h2>
<h3>Feature</h3>
<p>Include and exclude <a href="https://docs.cloud.google.com/network-connectivity/docs/network-connectivity-center/concepts/spoke-filters-overview">spoke filters</a>
for hybrid spokes are <a href="https://cloud.google.com/products#product-launch-stages">generally available</a>.</p>
<p>You can use export filters to control which subnets or routes a spoke can
send to the hub. Import filters control which subnets or routes can be
accepted by a spoke from the hub.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>July 09, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#July_09_2026</id>
    <updated>2026-07-09T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#July_09_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">BigQuery</h2>
<h3>Feature</h3>
<p>You can use the BigQuery Data Transfer Service to transfer metadata from the
following data sources into Knowledge Catalog:</p>
<ul>
<li><a href="https://docs.cloud.google.com/bigquery/docs/postgresql-transfer#transfer_metadata">PostgreSQL</a></li>
<li><a href="https://docs.cloud.google.com/bigquery/docs/sqlserver-transfer#transfer_metadata">Microsoft SQL Server</a></li>
</ul>
<p>This feature is in
<a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<h3>Feature</h3>
<p><a href="https://docs.cloud.google.com/data-cloud-extension">The Data Agent Kit extension</a> is an extension for agent
coding tools, such as VS Code, Antigravity, and Cursor, that lets
you interact with BigQuery resources directly in your agent environment. You can
use this extension to browse datasets, manage pipelines, run queries, and prompt
your agent to perform other BigQuery tasks directly in your preferred IDE. This
feature is in
<a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<h3>Feature</h3>
<p>Support for hybrid search (using the <code>VECTOR_SEARCH</code> function to combine a
semantic search with a lexical (keyword) search) has been temporarily disabled.
We are working to restore this feature as soon as possible.</p>
<h2 class="release-note-product-title">Bigtable</h2>
<h3>Feature</h3>
<p>You can use the <a href="https://docs.cloud.google.com/bigtable/docs/reference/libraries">Bigtable client library for Go</a>
to execute read jobs and queries using <a href="https://docs.cloud.google.com/bigtable/docs/data-boost-overview">Data Boost</a>.</p>
<h2 class="release-note-product-title">Compute Engine</h2>
<h3>Feature</h3>
<p><strong>Preview</strong>: Advanced Compute Images provide high-performance images to support
your artificial intelligence (AI), machine learning (ML), and high-performance
computing (HPC) workloads on Google Cloud.</p>
<p>Advanced Compute Images provide a single source of trusted, performance-tuned
OS images that remove the need for manual image building for specialized
workloads. Each image version is pre-installed with the necessary drivers,
network fabrics, and Slurm agents to help you run your workloads.</p>
<h2 class="release-note-product-title">Container Optimized OS</h2>
<h3>Change</h3>
<h3 id="cos-117-18613-675-7_">cos-117-18613-675-7 <a id='"cos-arm64-117-18613-675-7"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/5aec657e051de42c4e591b15fcf30c82947bd22a
">COS-6.6.143</a></td>
<td>v24.0.9</td>
<td>v1.7.31</td>
<td><a href="https://storage.googleapis.com/cos-tools/18613.675.7/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Fixed</h3>
<p>Upgraded app-admin/oslogin to v20260626.00.</p>
<h3>Fixed</h3>
<p>Upgraded app-containers/docker-credential-helpers to v0.9.8.</p>
<h3>Fixed</h3>
<p>Upgraded dev-db/sqlite to v3.53.3.</p>
<h3>Fixed</h3>
<p>Upgraded dev-libs/expat to v2.8.2.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/acl to v2.4.0.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53359 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed KCTF-d82ba05 in the Linux kernel.</p>
<h3>Change</h3>
<h3 id="cos-125-19216-532-9_">cos-125-19216-532-9 <a id='"cos-arm64-125-19216-532-9"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/5576e06b230afb3a4f89d660421d5400b443d9bc
">COS-6.12.94</a></td>
<td>v27.5.1</td>
<td>v2.1.7</td>
<td><a href="https://storage.googleapis.com/cos-tools/19216.532.9/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Fixed</h3>
<p>Added support for NVIDIA GRID driver version 580.159.03.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-40225 in sys-apps/systemd.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53167 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53359 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed KCTF-d82ba05 in the Linux kernel.</p>
<h3>Change</h3>
<h3 id="cos-129-19506-299-8_">cos-129-19506-299-8 <a id='"cos-arm64-129-19506-299-8"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/528543b74575bd46e7fc7ccc61eabc1868789e84
">COS-6.12.94</a></td>
<td>v27.5.1</td>
<td>v2.2.3</td>
<td><a href="https://storage.googleapis.com/cos-tools/19506.299.8/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Fixed</h3>
<p>Added support for NVIDIA GRID driver version 580.159.03.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53359 in the Linux kernel.</p>
<h3>Change</h3>
<h3 id="cos-121-18867-528-7_">cos-121-18867-528-7 <a id='"cos-arm64-121-18867-528-7"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/973fc67ab8454c85a6f165680dbe1459a1520353
">COS-6.6.143</a></td>
<td>v27.5.1</td>
<td>v2.0.8</td>
<td><a href="https://storage.googleapis.com/cos-tools/18867.528.7/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Security</h3>
<p>Fixed CVE-2026-53359 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed KCTF-d82ba05 in the Linux kernel.</p>
<h2 class="release-note-product-title">Gemini Enterprise</h2>
<h3>Announcement</h3>
<p><strong>Gemini Enterprise: Enable skills feature management toggle is
not available</strong></p>
<p>The <strong>Enable skills</strong> feature management toggle is not available.
This feature is generally available (GA) with an allowlist in Gemini
Enterprise. After your organization is added to the allowlist, end users can
create and use skills directly in the app. To access this feature, contact your
Google account manager.</p>
<p>We will update the release notes when the <strong>Enable skills</strong> toggle for
administrators is available.</p>
<aside class="note"><strong>Note:</strong><span> This is a correction to the <a href="https://docs.cloud.google.com/gemini/enterprise/docs/release-notes#June_17_2026">June 17, 2026 release
note</a>.</span></aside>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: AlphaEvolve algorithm optimization agent (GA)</strong></p>
<p>The AlphaEvolve optimization service is generally available (GA) on the
Gemini Enterprise agent. AlphaEvolve is a code optimization
and discovery agent built on top of Gemini that helps solve the hardest algorithmic
problems for your business and research. It combines creative, server-side
LLM exploration with secure client-side code execution to autonomously
discover new, optimized solutions that surpass human-designed
baselines.</p>
<aside class="note"><strong>Note:</strong><span> AlphaEvolve does not support FedRAMP or DoD compliance
requirements. Access for environments requiring these standards is restricted
by default but can be requested through your account team.</span></aside>
<p>For more information, see <a href="https://docs.cloud.google.com/gemini/enterprise/docs/alphaevolve/developer-guide/overview">AlphaEvolve documentation</a>.</p>
<h2 class="release-note-product-title">Gemini Enterprise Agent Platform</h2>
<h3>Feature</h3>
<p><strong>Retirement for preview models for 2.5 Flash, 2.5 Flash-Lite, and 3.1
Flash-Lite</strong></p>
<p>The following preview model endpoints have been retired and are no longer
accessible:</p>
<ul>
<li><code>gemini-2.5-flash-lite-preview-09-2025</code></li>
<li><code>gemini-2.5-flash-preview-05-2025</code></li>
<li><code>gemini-3.1-flash-lite-preview</code></li>
</ul>
<p>See <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/models/migrate">Migrate to the latest Google
models</a> for information on how
to migrate your project.</p>
<h2 class="release-note-product-title">Google Kubernetes Engine</h2>
<h3>Change</h3>
<h4 id="2026-R27-version-updates">(2026-R27) Version updates</h4>
<p>There are no version updates for 2026-R27.</p>
<h3>Change</h3>
<h4 id="2026-R27-version-updates">(2026-R27) Version updates</h4>
<p>There are no version updates for 2026-R27.</p>
<h3>Change</h3>
<h4 id="2026-R27-version-updates">(2026-R27) Version updates</h4>
<p>There are no version updates for 2026-R27.</p>
<h3>Change</h3>
<h4 id="2026-R27-version-updates">(2026-R27) Version updates</h4>
<p>There are no version updates for 2026-R27.</p>
<h3>Change</h3>
<h4 id="2026-R27-version-updates">(2026-R27) Version updates</h4>
<p>There are no version updates for 2026-R27.</p>
<h3>Change</h3>
<h4 id="2026-R27-version-updates">(2026-R27) Version updates</h4>
<p>There are no version updates for 2026-R27.</p>
<h3>Change</h3>
<h4 id="2026-r28-version-updates">(2026-R28) Version updates</h4>
<p>GKE cluster versions have been updated.</p>
<p><strong>New versions available for upgrades and new clusters.</strong></p>
<p>The following versions are now available for new GKE clusters, and for
manual control plane upgrades and node upgrades for existing clusters. For more
information about versioning and upgrades, see <a href="https://cloud.google.com/kubernetes-engine/versioning">GKE versioning and
support</a> and <a href="https://cloud.google.com/kubernetes-engine/upgrades">About GKE
cluster upgrades</a>.</p>
<div>
<devsite-selector>
<section>
<h3>Rapid channel</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3712000</a> is now the default version for cluster creation in the Rapid channel.</li>
<li>The following versions are now available in the Rapid channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13313">1.33.13-gke.1011000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349">1.34.9-gke.1131000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356">1.35.6-gke.1127000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.4447000</a></li>
</ul></li>
<li>The following versions are no longer available in the Rapid channel:
<ul>
<li>1.33.12-gke.1208000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Rapid channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.8-gke.1284000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Rapid channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1324000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Rapid channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.36.0-gke.3302004</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1270000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349">1.34.9-gke.1065000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356">1.35.6-gke.1049000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3712000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1270000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349">1.34.9-gke.1065000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356">1.35.6-gke.1049000</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3712000</a></li>
</ul></li>
</ul></li>
</ul>
</section>
<section>
<h3>Regular channel</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a> is now the default version for cluster creation in the Regular channel.</li>
<li>The following versions are no longer available in the Regular channel:
<ul>
<li>1.33.12-gke.1116000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Regular channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.8-gke.1218000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Regular channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1163012</li>
<li>1.36.0-gke.2684000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Regular channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
</ul></li>
</ul>
</section>
<section>
<h3>Stable channel</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a> is now the default version for cluster creation in the Stable channel.</li>
<li>The following versions are no longer available in the Stable channel:
<ul>
<li>1.33.12-gke.1000000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Stable channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.8-gke.1000000</li>
<li>1.35.5-gke.1000004 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Stable channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
</ul></li>
</ul></li>
</ul>
</section>
<section>
<h3>Extended channel</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a> is now the default version for cluster creation in the Extended channel.</li>
<li>The following versions are now available in the Extended channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2767000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.2169000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1740000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1844000</a></li>
</ul></li>
<li>The following versions are no longer available in the Extended channel:
<ul>
<li>1.30.14-gke.2746000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.31.14-gke.2157000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.32.13-gke.1657000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.32.13-gke.1829000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.33.12-gke.1116000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.8-gke.1218000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1163012</li>
<li>1.36.0-gke.2684000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1729000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
</ul></li>
</ul>
</section>
<section>
<h3>No channel (deprecated)</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a> is now the default version for cluster creation.</li>
<li>The following versions are now available:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13313">1.33.13-gke.1011000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349">1.34.9-gke.1131000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356">1.35.6-gke.1127000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.4447000</a></li>
</ul></li>
<li>The following node versions are now available:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2767000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.2169000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1844000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13313">1.33.13-gke.1011000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349">1.34.9-gke.1131000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356">1.35.6-gke.1127000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.4447000</a></li>
</ul></li>
<li>The following versions are no longer available:
<ul>
<li>1.33.12-gke.1000000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.33.12-gke.1116000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.33.12-gke.1208000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.7-gke.1499000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.8-gke.1218000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.8-gke.1284000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1000004 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1324000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.36.0-gke.2684000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
</ul></li>
</ul>
</section>
</devsite-selector>
</div>
<h3>Change</h3>
<h4 id="2026-r28-version-updates">(2026-R28) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a> is now the default version for cluster creation in the Stable channel.</li>
<li>The following versions are no longer available in the Stable channel:
<ul>
<li>1.33.12-gke.1000000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Stable channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.8-gke.1000000</li>
<li>1.35.5-gke.1000004 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Stable channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
</ul></li>
</ul></li>
</ul>
<h3>Change</h3>
<h4 id="2026-r28-version-updates">(2026-R28) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a> is now the default version for cluster creation in the Regular channel.</li>
<li>The following versions are no longer available in the Regular channel:
<ul>
<li>1.33.12-gke.1116000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Regular channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.8-gke.1218000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Regular channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1163012</li>
<li>1.36.0-gke.2684000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Regular channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
</ul></li>
</ul>
<h3>Change</h3>
<h4 id="2026-r28-version-updates">(2026-R28) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3712000</a> is now the default version for cluster creation in the Rapid channel.</li>
<li>The following versions are now available in the Rapid channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13313">1.33.13-gke.1011000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349">1.34.9-gke.1131000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356">1.35.6-gke.1127000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.4447000</a></li>
</ul></li>
<li>The following versions are no longer available in the Rapid channel:
<ul>
<li>1.33.12-gke.1208000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Rapid channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.8-gke.1284000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Rapid channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1324000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Rapid channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.36.0-gke.3302004</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1270000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349">1.34.9-gke.1065000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356">1.35.6-gke.1049000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3712000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1270000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349">1.34.9-gke.1065000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356">1.35.6-gke.1049000</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3712000</a></li>
</ul></li>
</ul></li>
</ul>
<h3>Change</h3>
<h4 id="2026-r28-version-updates">(2026-R28) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a> is now the default version for cluster creation.</li>
<li>The following versions are now available:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13313">1.33.13-gke.1011000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349">1.34.9-gke.1131000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356">1.35.6-gke.1127000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.4447000</a></li>
</ul></li>
<li>The following node versions are now available:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2767000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.2169000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1844000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13313">1.33.13-gke.1011000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349">1.34.9-gke.1131000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356">1.35.6-gke.1127000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.4447000</a></li>
</ul></li>
<li>The following versions are no longer available:
<ul>
<li>1.33.12-gke.1000000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.33.12-gke.1116000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.33.12-gke.1208000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.7-gke.1499000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.8-gke.1218000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.8-gke.1284000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1000004 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1324000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.36.0-gke.2684000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
</ul></li>
</ul>
<h3>Change</h3>
<h4 id="2026-r28-version-updates">(2026-R28) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a> is now the default version for cluster creation in the Extended channel.</li>
<li>The following versions are now available in the Extended channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2767000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.2169000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1740000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1844000</a></li>
</ul></li>
<li>The following versions are no longer available in the Extended channel:
<ul>
<li>1.30.14-gke.2746000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.31.14-gke.2157000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.32.13-gke.1657000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.32.13-gke.1829000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.33.12-gke.1116000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.8-gke.1218000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1163012</li>
<li>1.36.0-gke.2684000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1729000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
</ul></li>
</ul>
<h2 class="release-note-product-title">Knowledge Catalog</h2>
<h3>Feature</h3>
<p>Knowledge Catalog connectors for importing metadata from SQL Server and
PostgreSQL data sources are available in <a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<p>Knowledge Catalog connectors automatically extract metadata (technical,
operational, and business) from external data sources and import it into
Knowledge Catalog entry groups. You can schedule metadata import runs on a set
schedule.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/dataplex/docs/connectors">About database connectors</a>
and <a href="https://docs.cloud.google.com/dataplex/docs/manage-connector-jobs">Manage connector jobs</a>.</p>
<h2 class="release-note-product-title">Looker</h2>
<h3>Announcement</h3>
<p><strong>Looker 26.12</strong> will roll out to Looker (original) instances on the following schedule:</p>
<ul>
<li>Expected deployment start: <strong>Sunday, July 12, 2026</strong></li>
<li>Expected final deployment and download available: <strong>Sunday, July 26, 2026</strong></li>
</ul>
<p>Looker 26.12 is expected to include the following changes, features, and fixes.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where accessing a folder that contained scheduled content that was configured for disabled integrations could cause Looker to crash with a <code>TypeError</code>. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where users with only the Admin via IAM role on Looker (Google Cloud Core) instances would incorrectly lack access to connections when Advanced Control Governance (ACG) was enabled. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>Layout spacing and column alignment issues have been fixed on the OIDC and SAML authentication Admin pages. These features now perform as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where clicking <strong>Reset Styles</strong> in the table visualization formatting panel would unexpectedly reset the table theme, color palette, and custom borders. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where the <strong>Workflows</strong> page was not visible to users with the <code>create_alerts</code> permission. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where the comparison value in a KPI visualization could be incorrectly centered when the sparkline was disabled. This feature now performs as expected.</p>
<h3>Feature</h3>
<p>The <a href="https://docs.cloud.google.com/looker/docs/admin-panel-general-preview-features#kpi_visualization"><strong>KPI Visualization</strong> preview feature</a> is now enabled by default.</p>
<h3>Feature</h3>
<p>The <a href="https://docs.cloud.google.com/looker/docs/admin-panel-performance-center-content-guardrails#visualization-limits"><strong>Increased Row Limit</strong></a> feature is now out of labs and generally available.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where the LookML validator used a stale cache for local project dependencies when the dependencies were updated in production. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where some custom visualizations could be cut off in PDF exports. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where, if a dashboard tile contained no results, the <code>row_total</code> table calculation function could return an error, which would prevent scheduled deliveries. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where the commit hash in the Deploy Manager displayed PENDING during compilation and didn't update upon refresh. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where drilling down on a value for which the custom value format contained the <code>#</code> character could cause the page to crash. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where inline button toggle filters on dashboards could be cut off or could overlap with adjacent filters. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where deleting a duplicated dashboard tab would incorrectly delete shared elements from other tabs. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where the column limit could fail to apply to an Explore that used pivots. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where <code>added_params</code> metadata in streaming JSON responses could be malformed or missing. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where OAuth connections would incorrectly fail connection tests on the <strong>Self-service Explores</strong> Admin page. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where the <strong>Run</strong> and <strong>Settings</strong> buttons were not correctly being displayed on embedded Explores with the <code>_theme</code> URL parameter. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where the Content Validator returned a generic error message instead of returning the specific models that were affected. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where drilling into a value while in Dev mode could return a <code>500 internal server</code> error. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where API calls that were made by service account users without a configured last name failed with a <code>500 internal server</code> error. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where <code>view.field</code> references in Liquid were not correctly rendered if the field name matched a built-in Liquid variable. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where autosizing table columns didn't work as expected in drill menus. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where drill modals could repeatedly render a visualization, which would present as constant flickering in the browser. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where invalid parameters in an embed URL could result in Looker displaying an unnecessarily verbose stack trace instead of a concise error. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where editing a workflow on the <strong>Workflow Management</strong> page could load indefinitely. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>An issue has been fixed where clearing the <strong>Totals Labels</strong> option for the <strong>Totals Color</strong> setting in the color picker resulted in black text in the chart. This feature now performs as expected.</p>
<h3>Fixed</h3>
<p>The OAuth interface now prohibits forward slashes in the OAuth Client ID field. Previously, the inclusion of one or more forward slashes would result in a 401 error. This feature now performs as expected.</p>
<h3>Change</h3>
<p>Looker CI Run Alert emails now include the Run ID in the subject line to prevent email threading. The email body now includes the Git branch and commit details.</p>
<h3>Feature</h3>
<p>Looker (Google Cloud core) now supports <a href="https://docs.cloud.google.com/looker/docs/looker-core-fips-mode">FIPS 140-3 level 1 compliance</a>. Existing FIPS 140-2 compliant instances will be automatically upgraded to the FIPS 140-3 standard when they're upgraded to Looker 26.12.</p>
<h3>Feature</h3>
<p>Now available in preview, the <a href="https://docs.cloud.google.com/looker/docs/admin-panel-general-preview-features#table-row-grouping"><strong>Table Row Grouping</strong> feature</a> option for table charts lets users display table chart data hierarchically in groups and customize the appearance with new <a href="https://docs.cloud.google.com/looker/docs/table-options#grouping-menu-options"><strong>Grouping</strong> menu options</a>.
This feature is enabled by default.</p>
<h2 class="release-note-product-title">Security Command Center</h2>
<h3>Feature</h3>
<p>You can modify the <a href="https://docs.cloud.google.com/security-command-center/docs/data-residency-support">data residency</a>
and <a href="https://docs.cloud.google.com/security-command-center/docs/cmek">data encryption</a> configuration
on the Premium and Standard tiers after you activate Security Command Center for your
organization. For more information, see
<a href="https://docs.cloud.google.com/security-command-center/docs/modify-data-residency-encryption.md">Modify data residency or data encryption configuration</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>July 08, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#July_08_2026</id>
    <updated>2026-07-08T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#July_08_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">AlloyDB for PostgreSQL</h2>
<h3>Feature</h3>
<p>External search with AlloyDB now supports Apache <a href="https://docs.cloud.google.com/alloydb/docs/solr-search">Solr</a> in <a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.
You can use the <a href="https://docs.cloud.google.com/alloydb/docs/reference/extensions#external_search_fdw"><code>external_search_fdw</code></a> extension to connect to a Solr cluster and query its data directly from your database.</p>
<h2 class="release-note-product-title">Apigee X</h2>
<h3>Security</h3>
<p>An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allowed an authenticated attacker to exfiltrate cross-tenant data.</p>
<p>This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is needed. Apigee hybrid was not affected.</p>
<p>For more information, see <a href="http://cve.org/CVERecord?id=CVE-2026-12879">CVE-2026-12879</a>.</p>
<h2 class="release-note-product-title">BigQuery</h2>
<h3>Change</h3>
<p>An updated version of the
<a href="https://docs.cloud.google.com/bigquery/docs/reference/odbc-jdbc-drivers#current_odbc_driver">Simba ODBC driver for BigQuery</a>
is now available.</p>
<h3>Feature</h3>
<p>You can now perform
<a href="https://docs.cloud.google.com/bigquery/docs/reference/standard-sql/aggregate-function-calls#multi_level_aggregation">multi-level aggregation</a>
in GoogleSQL, which lets you use an aggregate function as an
argument to another aggregate function. This feature is in
<a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<h2 class="release-note-product-title">Cloud Run</h2>
<h3>Feature</h3>
<p>Cloud Run sandboxes provide a fast and secure isolated environment to execute untrusted code, such as code generated by AI agents. For more information, see <a href="https://docs.cloud.google.com/run/docs/configuring/services/sandboxes">Configure sandboxes for services</a> and <a href="https://docs.cloud.google.com/run/docs/code-execution">Code execution in Cloud Run</a> (<a href="https://cloud.google.com/products#product-launch-stages">Preview</a>).</p>
<h2 class="release-note-product-title">Cloud Workstations</h2>
<h3>Announcement</h3>
<p>The base VM for your workstation includes the Content-Addressable Storage File
System (CASFS) kernel module, which lets you run the Android Build File System
(ABFS). For more information about the introduction of this module, see the
<a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m129#February_20_2026">Container-Optimized OS Milestone 129 LTS release notes</a>.</p>
<h3>Feature</h3>
<p>The <a href="https://docs.cloud.google.com/data-cloud-extension">Data Agent Toolkit Extension</a> is installed by default in Code OSS for Cloud Workstations.</p>
<h2 class="release-note-product-title">Compute Engine</h2>
<h3>Feature</h3>
<p><strong>Generally available</strong>: The network-optimized C4N machine series is generally
available for Compute Engine and Google Kubernetes Engine (GKE) customers. Powered
by 5th generation Intel Xeon Scalable processors (Emerald Rapids), C4N instances
are purpose-built for network- and block storage-intensive workloads such as:</p>
<ul>
<li>Network and security appliances</li>
<li>High-performance databases</li>
<li>High-scale data analytics</li>
<li>Distributed filesystems</li>
</ul>
<p>The C4N machine series delivers the highest I/O performance available in
Compute Engine, supporting up to 400 Gbps of network bandwidth
and up to 95 million packets per second (Mpps) of sustained packet processing
performance. C4N also offers leading block storage performance with Hyperdisk Extreme that
scales up to 25 GiB/s of bandwidth and 1M IOPS. C4N instances are available
in predefined machine shapes with three different vCPU to memory ratios, ranging
in size from 2 to 192 vCPUs and up to 1,488 GB of DDR5 memory.</p>
<p>For C4N machine types with attached Local SSD disks, you can
<a href="https://forms.gle/ehRSqssSEavKt1Fh7">Request preview access</a>.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/compute/docs/network-optimized-machines#c4n_series">C4N machine series</a>.</p>
<h2 class="release-note-product-title">Gemini Enterprise Agent Platform</h2>
<h3>Deprecated</h3>
<p><strong>Grok 4.1 models deprecation</strong></p>
<p>The Grok 4.1 model family (including <code>xai/grok-4.1-fast-reasoning</code> and <code>xai/grok-4.1-fast-non-reasoning</code>) on the Gemini Enterprise Agent Platform is deprecated and will be shut down on August 20, 2026. After this date, Google Agent Platform Model as a Service (MaaS) will no longer serve these models. Specifically, API requests directed to the <code>https://aiplatform.googleapis.com/v1/projects/&lt;your-project&gt;/locations/global/endpoints/openapi/chat/completions</code> endpoint using the Grok 4.1 model IDs will fail and return a <code>400</code> error. To maintain service, migrate your applications to newer xAI models (such as Grok 4.2 or Grok 4.3) or choose an alternative model from the Google Cloud Model Garden.</p>
<h3>Feature</h3>
<p><strong>Memory Bank support for Gemini Embedding 2</strong></p>
<p>Memory Bank supports the <code>gemini-embedding-2</code> model for similarity search configurations.</p>
<p>When you configure <code>gemini-embedding-2</code> as the embedding model, you must use one of the <code>global</code>, <code>us</code>, or <code>eu</code> endpoints in the model's resource name (for example, <code>projects/{project}/locations/us/publishers/google/models/gemini-embedding-2</code>). Memory Bank does not support using regional locations (for example, <code>us-central1</code>) for <code>gemini-embedding-2</code>.</p>
<p>For details, see <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/scale/memory-bank/setup#similarity-search-config">Similarity search configuration</a>.</p>
<h3>Feature</h3>
<p><strong>Memory Bank IngestEvents is generally available (GA)</strong></p>
<p>The Memory Bank <code>IngestEvents</code> API is generally available. The <code>IngestEvents</code> API decouples event ingestion from memory generation, letting you continuously stream content to Memory Bank and configure when memory generation is triggered.</p>
<p>This GA release includes the following features:</p>
<ul>
<li><strong>Carry over context between generation windows:</strong> Use the <code>overlap_event_count</code> parameter to re-include already-processed events at the start of the next window to keep memories coherent.</li>
<li><strong>Configure memory revisions for ingested events:</strong> Use <code>revision_labels</code>, <code>revision_ttl</code>, or <code>disable_memory_revisions</code> to customize how generated revisions are managed.</li>
<li><strong>Attach metadata to memories:</strong> Use the <code>metadata</code> and <code>metadata_merge_strategy</code> configuration parameters to store structured information alongside generated memories.</li>
</ul>
<p>For details, see <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/scale/memory-bank/ingest-events">Ingest events</a>.</p>
<h2 class="release-note-product-title">Google Cloud Armor</h2>
<h3>Feature</h3>
<p>Cloud Armor preconfigured rules support <a class="external" href="https://github.com/coreruleset/coreruleset/releases/tag/v4.22.0" target="github">ModSecurity Core Rule Set (CRS)
4.22</a> 
 as a rule source. For more information, see <a href="https://docs.cloud.google.com/armor/docs/rule-tuning">Tuning Google Cloud Armor WAF
rules</a>. This feature is Generally Available.</p>
<h2 class="release-note-product-title">Google Cloud VMware Engine</h2>
<h3>Feature</h3>
<p><strong>Preview</strong>: You can configure disaster recovery for Google Cloud VMware Engine by using JetStream.
Disaster recovery options include the following:</p>
<ul>
<li>Set up a Google Cloud VMware Engine private cloud as a recovery site for your on-premises VMware applications.</li>
<li>Protect workloads on a primary private cloud by using a recovery site in another Google Cloud location or on-premises environment.</li>
</ul>
<p>For more information, see <a href="https://docs.cloud.google.com/vmware-engine/docs/vmware-ecosystem/howto-disaster-recovery-jetstream">Configure disaster recovery using JetStream</a>.</p>
<h3>Feature</h3>
<p><strong>Generally available</strong>: Google Cloud VMware Engine offers self-service management for
<a href="https://docs.cloud.google.com/vmware-engine/docs/vmware-ecosystem/howto-vsan-encryption">customer-managed encryption keys (CMEK)</a>
using the Google Cloud console and the VMware Engine API. You can enable CMEK for
your private clouds, using Cloud Key Management Service (Cloud KMS) to manage encryption keys for
vSAN and <a href="https://docs.cloud.google.com/vmware-engine/docs/vmware-ecosystem/howto-vtpm">vTPM</a>. Key features and considerations include:</p>
<ul>
<li>You can transition between CMEK and Google-owned and Google-managed encryption keys (GMEK) as
needed.</li>
<li>The "Auto-Rekey" feature integrates with Cloud KMS key rotation to perform automated key rotation
for the key encryption key (KEK), maintaining security without manual intervention or
service downtime.</li>
</ul>
<p><strong>Limitations</strong>: This self-service functionality is unavailable for private clouds
that use CMEK through service tickets.</p>
<h2 class="release-note-product-title">Google Kubernetes Engine</h2>
<h3>Feature</h3>
<p>The network-optimized
<a href="https://docs.cloud.google.com/compute/docs/network-optimized-machines#c4n_series">C4N machine series</a> is
available with GKE clusters running 1.36.0-gke.3009002 or later. You can use
C4N machine types in Standard or Autopilot mode.</p>
<h2 class="release-note-product-title">Google SecOps Marketplace</h2>
<h3>Change</h3>
<p><strong>FileUtilities</strong>: Version 27.0</p>
<ul>
<li><p>Added support for extracting files from .7z archives in the following action:</p>
<ul>
<li><strong>Extract Zip Files</strong></li>
</ul></li>
</ul>
<h3>Change</h3>
<p><strong>Google Threat Intelligence</strong>: Version 17.0</p>
<ul>
<li><p>Fixed widget rendering failures by escaping raw HTML script tags within
<code>extended_response_body</code> in the following action:</p>
<ul>
<li><strong>Get ASM Entity Details</strong></li>
</ul></li>
</ul>
<h3>Change</h3>
<p><strong>Google Chronicle</strong>: Version 87.0</p>
<ul>
<li><p>Improved case and alert synchronization logic by fixing the verification
handling of valid external ID values in the following job:</p>
<ul>
<li><strong>Google Chronicle Sync Job</strong></li>
</ul></li>
</ul>
<h2 class="release-note-product-title">Network Intelligence Center</h2>
<h3>Feature</h3>
<p><a href="https://docs.cloud.google.com/network-intelligence-center/docs/connectivity-tests/concepts/overview">Connectivity Tests</a>
analyzes Proxy Network Load Balancers that are configured with
Server Name Indication (SNI) routing for TLS traffic.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>July 07, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#July_07_2026</id>
    <updated>2026-07-07T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#July_07_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">App Engine standard environment Java</h2>
<h3>Feature</h3>
<p>To modernize image processing, <a href="https://docs.cloud.google.com/appengine/migration-center/standard/java/images-to-cloud-run">migrate from the App Engine Images service to
Cloud Run</a> by
routing calls to a Cloud Run image transformation service while your app
continues to run on App Engine (Preview).</p>
<h2 class="release-note-product-title">App Engine standard environment Python</h2>
<h3>Feature</h3>
<p>To modernize image processing, <a href="https://docs.cloud.google.com/appengine/migration-center/standard/python/images-to-cloud-run">migrate from the App Engine Images service to
Cloud Run</a> by
routing calls to a Cloud Run image transformation service while your app
continues to run on App Engine (Preview).</p>
<h2 class="release-note-product-title">Bigtable</h2>
<h3>Feature</h3>
<p>You can bind existing <a href="https://docs.cloud.google.com/bigtable/docs/tags">tags</a> to Bigtable instances when you
create an instance and use policies to enforce mandatory tag assignments. This
feature is <a href="https://cloud.google.com/products#product-launch-stages">generally available (GA)</a>.
For more information, see <a href="https://docs.cloud.google.com/bigtable/docs/creating-instance">Create an instance</a>.</p>
<h3>Feature</h3>
<p>The Bigtable agent skill (<code>bigtable-basics</code>) is
<a href="https://cloud.google.com/products#product-launch-stages">generally available (GA)</a>
in the public <a href="https://github.com/google/skills/tree/main/skills/cloud/bigtable-basics">Google Agent Skills repository</a>.
This skill lets you equip AI agents with capabilities for Bigtable tasks, such as
provisioning instances and tables, designing schemas, querying data using
GoogleSQL and key-value APIs, and diagnosing performance issues or hotspots.</p>
<h3>Feature</h3>
<p>You can use Organization Policy Service custom constraints to manage specific
operations on continuous materialized views. This feature is <a href="https://cloud.google.com/products#product-launch-stages">generally available
(GA)</a>.
For more information, see <a href="https://docs.cloud.google.com/bigtable/docs/custom-constraints">Use custom organization policies</a>.</p>
<h2 class="release-note-product-title">Cloud Key Management Service</h2>
<h3>Feature</h3>
<p>The Cloud KMS overview dashboard <strong>Asymmetric PQC insights</strong> chart is generally
available. You can use the <strong>Asymmetric PQC insights</strong> chart and details view to identify how many and which of your asymmetric keys are susceptible to attacks
from future quantum computers. This information is an important input into your
quantum computing modernization planning and process.</p>
<p>For more information about the <strong>Asymmetric PQC insights</strong> chart, see <a href="https://docs.cloud.google.com/kms/docs/view-pqc-insights">View
asymmetric post-quantum cryptography (PQC)
insights</a>.</p>
<h2 class="release-note-product-title">Gemini Enterprise</h2>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: Managed organization policy constraints for data connectors (GA)</strong></p>
<p>You can now use managed organization policy constraints to secure and control
your data connectors in Gemini Enterprise.</p>
<p>With this release, the following constraints are generally available (GA):</p>
<ul>
<li><strong>Restrict allowed data sources</strong>: Use this policy to control which
external data sources (such as Jira, Box, or Confluence) are permitted
when adding a data store. For more information, see <a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/configure-allowed-data-sources">Configure allowed data sources</a>.</li>
<li><strong>Restrict allowed egress FQDNs</strong>: Use this policy to control the egress
fully qualified domain names (FQDNs) that your data stores can connect
to. For more information, see <a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/configure-allowed-egress-fqdns">Configure allowed egress FQDNs for data stores</a>.</li>
</ul>
<p>For an overview of these policies and how they interact, see <a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/managed-policy-constraints-overview">Overview of managed policy constraints</a>.</p>
<h2 class="release-note-product-title">Google Cloud Contact Center as a Service</h2>
<h3>Announcement</h3>
<p><strong>Google Cloud CCaaS prerelease notes</strong></p>
<p>Here are the pre-release notes for the next version of Google Cloud CCaaS.
When we release this version, we expect the new capabilities to be as shown
here.</p>
<h3>Feature</h3>
<p><strong>Direct Access Points for chats</strong></p>
<p>You can use a Direct Access Point (DAP) to route a chat conversation directly to
a queue, based on the response from an API that you configure. This lets
API-initiated chats bypass default routing and enter the intended queue
immediately.</p>
<h3>Fixed</h3>
<ul>
<li><p>Fixed an issue where the inactive chat dismissal timer didn't reset after
a chat was transferred from a virtual agent to a human agent.</p></li>
<li><p>Fixed an issue where voicemails disappeared from the queue
immediately after being opened.</p></li>
<li><p>Fixed an issue where the reporting dashboard incorrectly displayed call and
agent status during a cold transfer to another queue.</p></li>
<li><p>Improved rendering performance in the agent desktop mini chat adapter.</p></li>
<li><p>Fixed an issue where the storage path for screen recordings didn't align
with the folder structure displayed in the user interface.</p></li>
<li><p>Fixed an issue where missing public files were incorrectly cached by the
CDN for up to seven days.</p></li>
<li><p>Fixed an issue where agents were automatically redirected to the <strong>Closed</strong>
inbox view after changing an interaction status to <strong>Closed</strong>.</p></li>
<li><p>Fixed an issue where the <strong>You cannot log out when in a chat</strong> notification
was truncated in the chat adapter.</p></li>
<li><p>Fixed an issue with Salesforce integrations where rapid, concurrent data
requests caused information to be lost.</p></li>
<li><p>Fixed an issue where duplicate call recording links were posted to Zendesk
tickets for multi-segment calls.</p></li>
<li><p>Fixed an issue with Salesforce integrations where the UI retained settings
from a previous Salesforce organization after switching to a new
organization.</p></li>
<li><p>Fixed an issue where duplicate customer satisfaction surveys were submitted
and recorded for a single live chat session.</p></li>
<li><p>Fixed an issue where the message field in the chat adapter was inactive
when an agent accepted a new chat.</p></li>
<li><p>Fixed an issue where task virtual agents were incorrectly identified as
<strong>Nobody</strong> when joining a conversation after a transfer from a human agent.</p></li>
<li><p>Fixed an issue that occurred when a chat entered a queue and the greeting
message was sent before an agent was assigned. In these cases, the
associated push notification crashed and logged an error, producing
excessive noise in logs.</p></li>
<li><p>Fixed an issue where the agent's final message in a chat session
appeared after <strong>This chat is ended</strong> in the chat adapter and the CRM
transcript.</p></li>
<li><p>Fixed an issue where agents using instances without a CRM configuration
received a <strong>No Account Detected</strong> warning when making outbound calls.</p></li>
<li><p>Fixed an issue where notification chimes played after an agent had connected
to an active call.</p></li>
<li><p>Fixed an issue where the country code list didn't automatically update the
country flag when a phone number was entered without the <code>+</code> prefix.</p></li>
<li><p>Fixed an issue where calls to an agent's personal queue didn't break through
if the agent was also assigned to an inbound queue with breakthrough
disabled.</p></li>
<li><p>Fixed an issue where outbound calls that were transferred to a queue didn't
adhere to the queue's deltacast configuration.</p></li>
<li><p>Fixed an issue where the agent desktop became unstable or didn't load.</p></li>
<li><p>Fixed an issue where wrap-up time was incorrectly reported when agents
exceeded the configured wrap-up time.</p></li>
<li><p>Fixed an issue where the IVR queues dashboard didn't load for instances with
a large volume of queues.</p></li>
<li><p>Fixed an issue where calls to the <code>manager/api/v1/agent_activity_logs</code>
endpoint timed out when <code>sort_direction</code> was turned off.</p></li>
</ul>
<h2 class="release-note-product-title">Google Cloud Managed Service for Apache Kafka</h2>
<h3>Feature</h3>
<p>Managed Service for Apache Kafka now supports topic compression with <code>zstd</code>.</p>
<h2 class="release-note-product-title">Google Cloud VMware Engine</h2>
<h3>Feature</h3>
<p>Custom organization policy constraints are generally available (GA) for Google Cloud VMware Engine.
You can use custom constraints to enforce security policies and restrict configuration of your VMware Engine resources.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/vmware-engine/docs/custom-constraints">Use custom organization policies</a>.</p>
<h2 class="release-note-product-title">Google Kubernetes Engine</h2>
<h3>Feature</h3>
<p>In GKE version 1.34 and later, you can configure Google Cloud Managed Service
for Prometheus to collect Pressure Stall Information (PSI) metrics from
cAdvisor. You can use PSI metrics to monitor CPU, memory, and I/O congestion and
stall times for your containers, Pods, and nodes. For more information, see
<a href="https://docs.cloud.google.com/kubernetes-engine/docs/how-to/collect-specific-prometheus-metrics">Collect specific Prometheus metrics from Kubernetes</a>.</p>
<h3>Feature</h3>
<p>In GKE version 1.35.3-gke.1389000 and later, you can run GPU workloads on
Confidential GKE Nodes with certain G4 machine types and NVIDIA RTX PRO 6000
GPUs. This feature is available in Preview. For more information, see
<a href="https://docs.cloud.google.com/kubernetes-engine/docs/how-to/gpus-confidential-nodes">Encrypt GPU workload data in use with Confidential GKE Nodes</a>.</p>
<h3>Feature</h3>
<p>In GKE version 1.36.0-gke.1601000 and later, you can enable the logging of
VerticalPodAutoscaler decisions in Cloud Logging. You can use these logs to
understand why specific vertical Pod autoscaling decisions were made. This
feature is available in Preview. For more information, see
<a href="https://docs.cloud.google.com/kubernetes-engine/docs/how-to/view-vertical-pod-autoscaling-events">Collect vertical Pod autoscaler event logs</a>.</p>
<h3>Feature</h3>
<p>GKE Gateway now supports backend mutual TLS (mTLS). In addition to backend authenticated TLS, backend mTLS allows the GKE Gateway load balancer to authenticate its identity to backend Pods by presenting a client certificate. GKE Gateway configures backend mTLS using the standard Gateway API <code>spec.tls.backend.clientCertificateRef</code> field.</p>
<p>This feature is supported for the following GatewayClasses:</p>
<ul>
<li><code>gke-l7-global-external-managed</code></li>
<li><code>gke-l7-regional-external-managed</code></li>
<li><code>gke-l7-rilb</code></li>
</ul>
<p>For more information, see <a href="https://docs.cloud.google.com/kubernetes-engine/docs/how-to/secure-gateway#configure-backend-mtls">Configure backend mutual TLS (mTLS) for a Gateway</a>.</p>
<h3>Change</h3>
<p>For GKE Standard clusters, the maximum number of nodes that you can upgrade
simultaneously by using surge upgrades (<code>maxSurge</code> + <code>maxUnavailable</code>) is now
100. Each of these settings can be set as high as 100, but their sum can be no
higher than 100. For more information, see
<a href="https://docs.cloud.google.com/kubernetes-engine/docs/concepts/node-pool-upgrade-strategies#surge">Surge upgrades</a>.</p>
<h2 class="release-note-product-title">Looker</h2>
<h3>Feature</h3>
<p>When you delete a Looker (Google Cloud core) instance, it is now <a href="https://docs.cloud.google.com/looker/docs/looker-core-delete#instance-delete">moved to the trash</a> for seven days before being permanently deleted. During this period, you can <a href="https://docs.cloud.google.com/looker/docs/looker-core-delete#restore">restore the instance</a> to its previous state. After seven days, the instance is permanently deleted from the trash and cannot be recovered.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>July 06, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#July_06_2026</id>
    <updated>2026-07-06T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#July_06_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee UI</h2>
<h3>Announcement</h3>
<p>On July 6, 2026, we released an updated version of the Apigee UI.</p>
<h3>Feature</h3>
<p><strong>ParsePayload policy and payload operations matching in the Apigee UI</strong></p>
<p>The Apigee UI now supports the new payload operations matching feature:</p>
<ul>
<li>The new <strong>ParsePayload</strong> policy is now available in the proxy editor for API
proxy authoring. You can use it to extract logical operations from
structured payloads at runtime.</li>
<li>The API Product page now displays payload-based operations, allowing you to
configure and manage access control and quotas based on request payload
content.</li>
</ul>
<p>For more information, see <a href="https://docs.cloud.google.com/apigee/docs/api-platform/apigee-mcp/manage-mcp-tool-access">Manage MCP tool access with API
products</a>.</p>
<h2 class="release-note-product-title">Apigee X</h2>
<h3>Feature</h3>
<p><strong>Support for payload operations matching in API Products</strong></p>
<p>Apigee now supports payload operations matching (<code>payloadOperationGroup</code>) in API
Products, powered by the new <strong>ParsePayload</strong> policy.</p>
<p>Payload operations matching allows you to define API Product operations that
match fields within request payloads, such as JSON-RPC requests used by the
Model Context Protocol (MCP). Apigee can then route, monetize, authorize, and
apply distinct quota limits to traffic based on the derived payload operation.</p>
<p>This feature is available to all Apigee X customers in all supported regions
with no additional charge. For more information, see <a href="https://docs.cloud.google.com/apigee/docs/api-platform/apigee-mcp/manage-mcp-tool-access">Manage MCP tool access
with API products</a>
and the <a href="https://docs.cloud.google.com/apigee/docs/api-platform/reference/policies/parse-payload-policy">ParsePayload policy
reference</a>.</p>
<h2 class="release-note-product-title">BigQuery</h2>
<h3>Change</h3>
<p>For <a href="https://docs.cloud.google.com/bigquery/docs/facebook-ads-transfer">data transfers from Facebook Ads</a>,
support for the <code>AdInsightsMMM</code> report has been temporarily disabled. Existing
data transfers from Facebook Ads that include the <code>AdInsightsMMM</code> report will
continue to run, but the transfer won't include data from the <code>AdInsightsMMM</code>
report.</p>
<p>This change is due to schema changes in the Facebook Ads API.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/bigquery/docs/transfer-changes#Jul06-fb-ads">July 06, 2026</a>.</p>
<h2 class="release-note-product-title">Bigtable</h2>
<h3>Feature</h3>
<p>Bigtable supports direct connectivity, which bypasses the Google frontend and
optimizes performance for application traffic that meets certain criteria. For
more information, see <a href="https://docs.cloud.google.com/bigtable/docs/performance#direct-connectivity">Direct connectivity</a>.</p>
<h2 class="release-note-product-title">Cloud Service Mesh</h2>
<h3>Feature</h3>
<p>The <a href="https://docs.cloud.google.com/service-mesh/docs/data-plane-extensibility#typegoogleapiscomenvoyextensionsfiltershttpcompressorv3compressor">Envoy Compressor Filter</a>
is now GA in the regular release channel.</p>
<h3>Feature</h3>
<p>The <a href="https://docs.cloud.google.com/service-mesh/docs/data-plane-extensibility#typegoogleapiscomenvoyextensionsfiltershttpluav3lua">Envoy Lua Filter</a>
is now available as a preview feature in the regular release channel.</p>
<h2 class="release-note-product-title">Container Optimized OS</h2>
<h3>Change</h3>
<h3 id="cos-125-19216-532-3_">cos-125-19216-532-3 <a id='"cos-arm64-125-19216-532-3"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/68df3c124b6c1b28325aae6b20030bd6d4e87f2c
">COS-6.12.94</a></td>
<td>v27.5.1</td>
<td>v2.1.7</td>
<td><a href="https://storage.googleapis.com/cos-tools/19216.532.3/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Fixed</h3>
<p>Upgraded app-admin/oslogin to v20260626.00.</p>
<h3>Fixed</h3>
<p>Upgraded app-containers/docker-credential-helpers to v0.9.8.</p>
<h3>Fixed</h3>
<p>Upgraded dev-db/sqlite to v3.53.3.</p>
<h3>Fixed</h3>
<p>Upgraded dev-libs/expat to v2.8.2.</p>
<h3>Fixed</h3>
<p>Upgraded net-misc/socat to v1.8.1.3.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-35388 in net-misc/openssh.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-40226 in sys-apps/systemd.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52921 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52927 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52930 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52942 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53033 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53122 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53131 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53134 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53154 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53156 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53168 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53180 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53181 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53184 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53185 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53189 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53191 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53199 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53207 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53212 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53214 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53218 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53219 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53220 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53223 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53229 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53230 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53232 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53233 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53236 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53239 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53249 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53264 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53265 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53266 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53267 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53268 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53269 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53270 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53275 in the Linux kernel.</p>
<h3>Change</h3>
<h3 id="cos-129-19506-299-3_">cos-129-19506-299-3 <a id='"cos-arm64-129-19506-299-3"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/a9a6e2d52bec1f807503b02b401205a67f642d04
">COS-6.12.94</a></td>
<td>v27.5.1</td>
<td>v2.2.3</td>
<td><a href="https://storage.googleapis.com/cos-tools/19506.299.3/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Change</h3>
<p>Updated the Linux kernel to v6.12.94.  It resolves CVE-2026-52908,CVE-2026-52910, CVE-2026-52912,CVE-2026-52920, CVE-2026-52921,CVE-2026-52923, CVE-2026-52925,CVE-2026-52927,CVE-2026-52928,CVE-2026-52930, CVE-2026-52933,CVE-2026-52936, CVE-2026-52942,CVE-2026-52943, CVE-2026-52946,CVE-2026-52967, CVE-2026-52969,CVE-2026-52970, CVE-2026-52972,CVE-2026-52974, CVE-2026-52977,CVE-2026-52980, CVE-2026-52981,CVE-2026-52984, CVE-2026-52986,CVE-2026-52989, CVE-2026-52990,CVE-2026-52998, CVE-2026-52999,CVE-2026-53001, CVE-2026-53002,CVE-2026-53003, CVE-2026-53006,CVE-2026-53012, CVE-2026-53013,CVE-2026-53014, CVE-2026-53021,CVE-2026-53023, CVE-2026-53031,CVE-2026-53032, CVE-2026-53033,CVE-2026-53034, CVE-2026-53035,CVE-2026-53036, CVE-2026-53038,CVE-2026-53050, CVE-2026-53053,CVE-2026-53060, CVE-2026-53061,CVE-2026-53062, CVE-2026-53063,CVE-2026-53064, CVE-2026-53069,CVE-2026-53074, CVE-2026-53075,CVE-2026-53076, CVE-2026-53080,CVE-2026-53081, CVE-2026-53083,CVE-2026-53084, CVE-2026-53085,CVE-2026-53094, CVE-2026-53096,CVE-2026-53111, CVE-2026-53115,CVE-2026-53120, CVE-2026-53122,CVE-2026-53123, CVE-2026-53126,CVE-2026-53129, CVE-2026-53132.</p>
<h3>Change</h3>
<p>Updated the Linux kernel to v6.12.94. It resolves CVE-2026-52908,CVE-2026-52910, CVE-2026-52912,CVE-2026-52920, CVE-2026-52921,CVE-2026-52923, CVE-2026-52925,CVE-2026-52927, CVE-2026-52928,CVE-2026-52930, CVE-2026-52933,CVE-2026-52936, CVE-2026-52942,CVE-2026-52943, CVE-2026-52945,CVE-2026-52946, CVE-2026-52967,CVE-2026-52969, CVE-2026-52970,CVE-2026-52972, CVE-2026-52974,CVE-2026-52977, CVE-2026-52980,CVE-2026-52981, CVE-2026-52984,CVE-2026-52986, CVE-2026-52989,CVE-2026-52990, CVE-2026-52998,CVE-2026-52999, CVE-2026-53001,CVE-2026-53002, CVE-2026-53003,CVE-2026-53006, CVE-2026-53012,CVE-2026-53013, CVE-2026-53014,CVE-2026-53021, CVE-2026-53023,CVE-2026-53031, CVE-2026-53032,CVE-2026-53033, CVE-2026-53034,CVE-2026-53035, CVE-2026-53036,CVE-2026-53038, CVE-2026-53050,CVE-2026-53053, CVE-2026-53060,CVE-2026-53061, CVE-2026-53062,CVE-2026-53063, CVE-2026-53064,CVE-2026-53069, CVE-2026-53074,CVE-2026-53075, CVE-2026-53076,CVE-2026-53080, CVE-2026-53081,CVE-2026-53083, CVE-2026-53084,CVE-2026-53085, CVE-2026-53094,CVE-2026-53096, CVE-2026-53111,CVE-2026-53115, CVE-2026-53120,CVE-2026-53122, CVE-2026-53123,CVE-2026-53126, CVE-2026-53129,CVE-2026-53132.</p>
<h3>Fixed</h3>
<p>Upgraded app-admin/oslogin to v20260626.00.</p>
<h3>Fixed</h3>
<p>Upgraded dev-db/sqlite to v3.53.3.</p>
<h3>Fixed</h3>
<p>Upgraded dev-libs/expat to v2.8.2.</p>
<h3>Fixed</h3>
<p>Upgraded net-misc/socat to v1.8.1.3.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/acl to v2.4.0.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-35388 in net-misc/openssh.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-40226 in sys-apps/systemd.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53122 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53131 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53134 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53154 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53156 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53168 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53180 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53181 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53184 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53185 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53189 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53191 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53199 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53212 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53214 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53218 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53219 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53220 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53223 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53229 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53230 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53232 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53235 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53236 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53239 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53249 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53261 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53264 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53265 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53266 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53267 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53268 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53269 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53270 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53275 in the Linux kernel.</p>
<h3>Change</h3>
<h3 id="cos-121-18867-528-3_">cos-121-18867-528-3 <a id='"cos-arm64-121-18867-528-3"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/3a060df9faaaa8e9287e2cd1687a14f35fd7b44a
">COS-6.6.143</a></td>
<td>v27.5.1</td>
<td>v2.0.8</td>
<td><a href="https://storage.googleapis.com/cos-tools/18867.528.3/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Change</h3>
<p>Upgraded net-misc/rsync to v3.4.4.</p>
<h3>Change</h3>
<p>Upgraded the Linux kernel to v6.6.143. Is resolves CVE-2026-52908,CVE-2026-52910, CVE-2026-52912,CVE-2026-52920, CVE-2026-52921,CVE-2026-52923, CVE-2026-52925,CVE-2026-52927, CVE-2026-52928,CVE-2026-52930, CVE-2026-52933,CVE-2026-52936, CVE-2026-52942,CVE-2026-52943, CVE-2026-52945,CVE-2026-52946, CVE-2026-52967,CVE-2026-52969, CVE-2026-52970,CVE-2026-52972, CVE-2026-52974,CVE-2026-52975, CVE-2026-52977,CVE-2026-52981, CVE-2026-52984,CVE-2026-52986, CVE-2026-52989,CVE-2026-52998, CVE-2026-52999,CVE-2026-53001, CVE-2026-53002,CVE-2026-53003, CVE-2026-53006,CVE-2026-53012, CVE-2026-53013,CVE-2026-53021, CVE-2026-53032,CVE-2026-53033, CVE-2026-53034,CVE-2026-53035, CVE-2026-53036,CVE-2026-53050, CVE-2026-53060,CVE-2026-53061, CVE-2026-53062,CVE-2026-53063, CVE-2026-53064,CVE-2026-53069, CVE-2026-53074,CVE-2026-53075, CVE-2026-53076,CVE-2026-53080, CVE-2026-53083,CVE-2026-53094, CVE-2026-53096,CVE-2026-53111, CVE-2026-53126.</p>
<h3>Fixed</h3>
<p>Upgraded app-containers/docker-credential-helpers to v0.9.8.</p>
<h3>Fixed</h3>
<p>Upgraded dev-db/sqlite to v3.53.3.</p>
<h3>Fixed</h3>
<p>Upgraded dev-libs/expat to v2.8.2.</p>
<h3>Fixed</h3>
<p>Upgraded net-libs/libtirpc to v1.3.7-r2.</p>
<h3>Fixed</h3>
<p>Upgraded net-misc/socat to v1.8.1.3.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/acl to v2.4.0.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-31419 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-35388 in net-misc/openssh.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-40226 in sys-apps/systemd.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52936 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53033 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53131 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53134 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53154 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53168 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53181 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53184 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53185 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53189 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53199 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53212 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53218 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53219 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53223 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53230 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53232 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53236 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53239 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53249 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53264 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53266 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53267 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53268 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53269 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53270 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53275 in the Linux kernel.</p>
<h3>Change</h3>
<h3 id="cos-117-18613-675-2_">cos-117-18613-675-2 <a id='"cos-arm64-117-18613-675-2"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/5fdd1e8b9c34a017086bbcb058f5532b3c0298d9
">COS-6.6.143</a></td>
<td>v24.0.9</td>
<td>v1.7.31</td>
<td><a href="https://storage.googleapis.com/cos-tools/18613.675.2/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Change</h3>
<p>Upgraded net-misc/rsync to v3.4.4.</p>
<h3>Change</h3>
<p>Upgraded the Linux kernel to v6.6.143. It resolves CVE-2026-52908,CVE-2026-52910, CVE-2026-52912,CVE-2026-52920, CVE-2026-52921,CVE-2026-52923, CVE-2026-52925,CVE-2026-52927, CVE-2026-52928,CVE-2026-52930, CVE-2026-52933,CVE-2026-52936, CVE-2026-52942,CVE-2026-52943, CVE-2026-52945,CVE-2026-52946, CVE-2026-52967,CVE-2026-52969, CVE-2026-52970,CVE-2026-52972, CVE-2026-52974,CVE-2026-52975, CVE-2026-52977,CVE-2026-52981, CVE-2026-52984,CVE-2026-52986, CVE-2026-52989,CVE-2026-52998, CVE-2026-52999,CVE-2026-53001, CVE-2026-53002,CVE-2026-53003, CVE-2026-53006,CVE-2026-53012, CVE-2026-53013,CVE-2026-53021, CVE-2026-53032,CVE-2026-53033, CVE-2026-53034,CVE-2026-53035, CVE-2026-53036,CVE-2026-53050, CVE-2026-53060,CVE-2026-53061, CVE-2026-53062,CVE-2026-53063, CVE-2026-53064,CVE-2026-53069, CVE-2026-53074,CVE-2026-53075, CVE-2026-53076,CVE-2026-53080, CVE-2026-53083,CVE-2026-53094, CVE-2026-53096,CVE-2026-53111, CVE-2026-53126.</p>
<h3>Fixed</h3>
<p>Upgraded app-shells/dash to v0.5.13.4-r2.</p>
<h3>Fixed</h3>
<p>Upgraded net-fs/cifs-utils to v7.6, Upgraded sys-libs/talloc to v2.4.4-r1.</p>
<h3>Fixed</h3>
<p>Upgraded net-misc/socat to v1.8.1.3.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-35388 in net-misc/openssh.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-40226 in sys-apps/systemd.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52930 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53033 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53131 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53134 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53154 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53168 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53181 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53184 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53185 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53189 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53199 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53212 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53218 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53219 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53223 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53230 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53232 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53236 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53249 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53264 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53265 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53266 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53267 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53268 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53269 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53270 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53275 in the Linux kernel.</p>
<h2 class="release-note-product-title">Gemini Enterprise</h2>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: Support for Japan and UK regions (GA with allowlist)</strong></p>
<p>You can use the Gemini Enterprise app in the Japan (<code>asia-northeast1</code>) and
United Kingdom (<code>europe-west2</code>) regions with at-rest data residency (DRZ)
and machine learning processing (MLP) in region. You can also use the
latest Gemini 3.5 Flash model in these regions with in-region at-rest DRZ
and MLP.</p>
<p>These locations are available in GA with allowlist. To get access to these
locations for use with Gemini Enterprise or NotebookLM Enterprise,
contact your Google account team.</p>
<p>Certain limitations apply when using these regions. For more information,
see <a href="https://docs.cloud.google.com/gemini/enterprise/docs/locations">Data residency for Gemini Enterprise Standard and Plus Editions</a>.</p>
<h2 class="release-note-product-title">Gemini Enterprise Agent Platform</h2>
<h3>Feature</h3>
<p><strong>AlphaGenome released for Gemini Enterprise Agent Platform</strong></p>
<p>AlphaGenome, Google DeepMind's state-of-the-art genomics foundation model, is
now available for deployment and use with Gemini Enterprise Agent Platform.</p>
<p>Designed to decipher the functional regulatory code of the human genome,
AlphaGenome analyzes large-scale DNA sequences at single-base resolution to
predict how genetic variations affect molecular and biological mechanisms like
gene expression, chromatin accessibility, and RNA splicing. For information on
how to use AlphaGenome in Agent Platform, see the
<a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/models/open-models/alphagenome">documentation</a>.</p>
<h2 class="release-note-product-title">Google SecOps</h2>
<h3>Feature</h3>
<p><strong>Data RBAC for first-party (1P) cases and alerts in public preview</strong></p>
<p><strong>Availability:</strong> This feature is available <strong>only in the following regions:</strong> europe-central2, asia-northeast1, asia-south1, australia-southeast1, northamerica-northeast2, europe-west3, europe-west6, southamerica-east1, asia-southeast1, me-central1, me-central2, me-west1, europe-west2, europe-west9, europe-west12, asia-southeast2, africa-south1, asia-east1, and asia-northeast3.</p>
<p>Google SecOps now supports data role-based access control (Data RBAC) for first-party (1P) cases and alerts in SOAR. This feature automatically applies SIEM data access scopes to alerts and cases ingested using the Chronicle connector, ensuring analysts only see data they are authorized to access.</p>
<p><strong>Key highlights</strong></p>
<ul>
<li><strong>SIEM-scope-to-SOAR inheritance:</strong> Ingested 1P SIEM alerts carry their assigned data access scopes, which are automatically inherited by their parent SOAR cases.</li>
<li><strong>Dual access enforcement:</strong> To view a case or alert, users must have access to both the assigned SOAR environment and all associated data access scopes. Global users maintain full visibility.</li>
<li><strong>Scope-to-environment mapping:</strong> Administrators can map SIEM data access scopes to SOAR environments (<strong>SOAR settings &gt; Environments</strong>) to manage alert routing and grouping. Alerts without mapped scopes are routed to a fallback environment.</li>
<li><strong>Enhanced UI visibility and filtering:</strong> Assigned data access scopes are visible next to the environment in the <strong>Case header</strong> and the <strong>List cases</strong> table, allowing for easy filtering.</li>
<li><strong>Manual case and grouping logic:</strong> When creating cases manually, analysts can only select from the intersection of their permitted data access scopes and environment mappings.</li>
</ul>
<p><strong>Prerequisites and enablement</strong></p>
<ul>
<li>Requires a unified Google SecOps instance with the <strong>Chronicle connector</strong> using the modern Chronicle API.</li>
<li>Administrators can enable this feature under <strong>SIEM settings &gt; Data access</strong> by selecting <strong>Enforce data access in SOAR</strong> (or <strong>Enforce data access</strong> if SIEM data access is not yet active).</li>
</ul>
<p>For more information, see <a href="https://docs.cloud.google.com/chronicle/docs/administration/datarbac-impact-cases">Control access to 1P cases and alerts</a>.</p>
<h2 class="release-note-product-title">Spanner</h2>
<h3>Feature</h3>
<p>You can use Gemini in Spanner Studio to fix errors in your SQL
queries. When you run a query that contains an error, you can click <strong>Fix</strong> to
view a line-by-line comparison of your query and a recommended correction, along
with an explanation of the change. This feature is available in
<a href="https://docs.cloud.google.com/products#product-launch-stages">Preview</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>July 05, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#July_05_2026</id>
    <updated>2026-07-05T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#July_05_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Google SecOps SOAR</h2>
<h3>Announcement</h3>
<p>Release 6.3.92 is being rolled out to the first phase of regions as listed 
<a href="https://docs.cloud.google.com/chronicle/docs/soar/overview-and-introduction/soar-gradual-release">here</a>.</p>
<p>This release contains internal and customer bug fixes.</p>
<h3>Feature</h3>
<p><strong>Publisher Agent Version 2.7.0</strong></p>
<p>Publisher Agent Version 2.7.0 is being rolled out to the first phase of regions.</p>
<p>This release includes the following updates for the remote agent:</p>
<ul>
<li><strong>High Availability support:</strong> Adds applicative support for Publisher high 
availability.</li>
<li><strong>File transfer support:</strong> You can now upload and download files using
playbooks and the SDK on agents that have been migrated to the GCOM
infrastructure.</li>
</ul>
]]>
    </content>
  </entry>

  <entry>
    <title>July 04, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#July_04_2026</id>
    <updated>2026-07-04T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#July_04_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Google SecOps SOAR</h2>
<h3>Announcement</h3>
<p><a href="https://docs.cloud.google.com/chronicle/docs/soar/release-notes#June_28_2026">Release 6.3.91</a> is now 
available for all regions.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>July 03, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#July_03_2026</id>
    <updated>2026-07-03T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#July_03_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee hybrid</h2>
<h3>Announcement</h3>
<h3 id="v1155">v1.15.5</h3>
<p>On July 3, 2026 we released an updated version of the Apigee hybrid software, v1.15.5.</p>
<ul>
<li>For information on upgrading, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.15/upgrade">Upgrading Apigee hybrid to version v1.15.5</a>.</li>
<li>For information on new installations, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.15/big-picture">The big picture</a>.</li>
</ul>
<aside class="note"><strong>Note:</strong><span> This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see <a href="https://docs.cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images">Apigee release process</a>.</span></aside>
<h3>Security</h3>
<p>Various security and CVE fixes are included in this release.</p>
<h2 class="release-note-product-title">Cloud CDN</h2>
<h3>Feature</h3>
<p>Cloud CDN and external Application Load Balancers support self-service
Private Bucket Access for Cloud Storage buckets. This feature allows you to
securely serve content without making your storage buckets public. The access
on the buckets is managed securely via IAM permissions on a Google-managed
service account. This feature is <strong>Generally Available</strong>.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/cdn/docs/setting-up-cdn-with-bucket#enable_private_bucket_access">Private bucket access</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>July 02, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#July_02_2026</id>
    <updated>2026-07-02T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#July_02_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Audit Manager</h2>
<h3>Feature</h3>
<p>Audit Manager now supports <a href="https://docs.cloud.google.com/audit-manager/docs/overview#supported_compliance">built-in frameworks and custom
frameworks</a> that you define
using Compliance Manager or Assured Workloads frameworks (preview).</p>
<h2 class="release-note-product-title">Cloud Database Migration Service</h2>
<h3>Change</h3>
<p>MySQL version 9.7 support for MySQL homogeneous migrations is being rolled out
across all regions. A new announcement will be published when MySQL version 9.7
for MySQL homogeneous migrations with Database Migration Service becomes available.</p>
<h2 class="release-note-product-title">NetApp Volumes</h2>
<h3>Feature</h3>
<p>The Flex Unified service level supports the optional feature <a href="https://docs.cloud.google.com/netapp/volumes/docs/configure-and-use/volumes/overview#block-volume-deletion">Block volume from deletion when clients are connected</a> for both block and file volumes. This option is
required for using NetApp Volumes with Google Cloud VMware Engine (GCVE)
datastores. When this option is enabled, it prevents the deletion of a volume if
the volume is mounted as a GCVE datastore.</p>
<h3>Feature</h3>
<p>The Flex Unified Default-mode service level supports the thick clone (thin clone
split) feature in Preview. For more information, see <a href="https://docs.cloud.google.com/netapp/volumes/docs/configure-and-use/volumes/manage-volume-clones">Manage volume clones</a>.</p>
<h2 class="release-note-product-title">Oracle Database@Google Cloud</h2>
<h3>Feature</h3>
<p>Oracle Database@Google Cloud supports Exascale Storage Vaults for Exadata on Dedicated Infrastructure and Exadata VM Clusters. For more information, see <a href="https://docs.cloud.google.com/oracle/database/docs/create-exadata-storage-vaults">Create an Exascale Storage Vault for an Exadata Infrastructure</a>, <a href="https://docs.cloud.google.com/oracle/database/docs/configure-exascale-storage">Configure Exascale Storage Vault for Exadata Infrastructure</a>, and <a href="https://docs.cloud.google.com/oracle/database/docs/create-clusters#create-cluster-using-vault">Create Exadata VM Clusters with Exascale Storage Vaults</a>.</p>
<p>This feature is <a href="https://cloud.google.com/products#product-launch-stages">Generally Available (GA)</a>.</p>
<h2 class="release-note-product-title">Secure Source Manager</h2>
<h3>Feature</h3>
<p>Secure Source Manager is now compliant with EU VPAT / WCAG 2.2.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>July 01, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#July_01_2026</id>
    <updated>2026-07-01T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#July_01_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">BigQuery</h2>
<h3>Feature</h3>
<p>You can now use pre-trained TimesFM models in BigQuery ML
directly from
<a href="https://docs.cloud.google.com/bigquery/docs/connected-sheets">Connected Sheets</a>.
These models let you create
forecasts and detect anomalies in your data by using the
<a href="https://docs.cloud.google.com/bigquery/docs/reference/standard-sql/bigqueryml-syntax-ai-forecast"><code>AI.FORECAST</code></a>
and
<a href="https://docs.cloud.google.com/bigquery/docs/reference/standard-sql/bigqueryml-syntax-ai-detect-anomalies"><code>AI.DETECT_ANOMALIES</code></a>
functions. This feature is
<a href="https://cloud.google.com/products#product-launch-stages">generally available</a>
(GA).</p>
<h2 class="release-note-product-title">Config Connector</h2>
<h3>Announcement</h3>
<p>Config Connector version 1.153.0 is now available.</p>
<h3>Feature</h3>
<p>New Beta Resources (Direct Reconciler):</p>
<ul>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/orgpolicy/orgpolicypolicy"><code>OrgPolicyPolicy</code></a>
<ul>
<li>Manage <a href="https://cloud.google.com/resource-manager/docs/organization-policy/overview">Organization Policies</a> to configure constraints across your Google Cloud resources.</li>
</ul></li>
</ul>
<p>New Alpha Resources (Direct Reconciler):</p>
<ul>
<li><code>AIStreamsCluster</code>
<ul>
<li>Manage <a href="https://cloud.google.com/ai-streams/docs">AI Streams</a> clusters to ingest and process real-time video streams.</li>
</ul></li>
<li><code>AutoMLDataset</code>
<ul>
<li>Manage <a href="https://cloud.google.com/vertex-ai/docs/datasets/overview">AutoML datasets</a> in Vertex AI.</li>
</ul></li>
<li><code>CloudBatchResourceAllowance</code>
<ul>
<li>Manage <a href="https://cloud.google.com/batch/docs">Batch resource allowances</a> to control resource usage and limits for batch jobs.</li>
</ul></li>
<li><code>BeyondCorpClientGateway</code>
<ul>
<li>Manage <a href="https://cloud.google.com/beyondcorp/docs">BeyondCorp client gateways</a> to secure access to private applications.</li>
</ul></li>
<li><code>BigLakeDatabase</code>
<ul>
<li>Manage <a href="https://cloud.google.com/bigquery/docs/biglake-intro">BigLake databases</a> for unified analytics over data lakes.</li>
</ul></li>
<li><code>BigtableAuthorizedView</code>
<ul>
<li>Manage <a href="https://cloud.google.com/bigtable/docs/authorized-views">Bigtable authorized views</a> to control access to specific subsets of data in a table.</li>
</ul></li>
<li><code>BigtableBackup</code>
<ul>
<li>Manage <a href="https://cloud.google.com/bigtable/docs/backups">Bigtable backups</a> to preserve table data.</li>
</ul></li>
<li><code>BillingAccount</code>
<ul>
<li>Manage <a href="https://cloud.google.com/billing/docs">Billing accounts</a> (read-only/reference representation).</li>
</ul></li>
<li><code>CertificateManagerCertificateIssuanceConfig</code>
<ul>
<li>Manage <a href="https://cloud.google.com/certificate-manager/docs/issuance-configs">Certificate Manager certificate issuance configurations</a> for automated certificate provisioning.</li>
</ul></li>
<li><code>CloudDeployDeployPolicy</code>
<ul>
<li>Manage <a href="https://cloud.google.com/deploy/docs">Cloud Deploy deploy policies</a> to define deployment constraints and approvals.</li>
</ul></li>
<li><code>FirestoreBackupSchedule</code>
<ul>
<li>Manage <a href="https://cloud.google.com/firestore/docs/backups">Firestore backup schedules</a> for automated database backups.</li>
</ul></li>
<li><code>IAMDenyPolicy</code>
<ul>
<li>Manage <a href="https://cloud.google.com/iam/docs/deny-overview">IAM deny policies</a> to explicitly deny permissions.</li>
</ul></li>
<li><code>NetworkSecurityMirroringDeployment</code>
<ul>
<li>Manage <a href="https://cloud.google.com/secure-web-proxy/docs">Network Security mirroring deployments</a> to mirror network traffic for inspection.</li>
</ul></li>
<li><code>NetworkSecurityMirroringEndpointGroup</code>
<ul>
<li>Manage <a href="https://cloud.google.com/secure-web-proxy/docs">Network Security mirroring endpoint groups</a> to associate mirroring endpoints.</li>
</ul></li>
<li><code>SecurityCenterBigQueryExport</code>
<ul>
<li>Manage <a href="https://cloud.google.com/security-command-center/docs/how-to-analyze-findings-in-bigquery">Security Command Center BigQuery exports</a> to automatically export findings to BigQuery.</li>
</ul></li>
<li><code>SecurityCenterMuteConfig</code>
<ul>
<li>Manage <a href="https://cloud.google.com/security-command-center/docs/how-to-mute-findings">Security Command Center mute configs</a> to control finding visibility.</li>
</ul></li>
<li><code>VertexAIExampleStore</code>
<ul>
<li>Manage <a href="https://cloud.google.com/vertex-ai/docs">Vertex AI example stores</a> for managing example data.</li>
</ul></li>
</ul>
<h3>Feature</h3>
<p>New Fields:</p>
<ul>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/container/containercluster"><code>ContainerCluster</code></a>
<ul>
<li>Added <code>spec.confidentialNodes.confidentialInstanceType</code> and <code>spec.nodeConfig.confidentialNodes.confidentialInstanceType</code> fields.</li>
</ul></li>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/container/containernodepool"><code>ContainerNodePool</code></a>
<ul>
<li>Added <code>spec.nodeConfig.confidentialNodes.confidentialInstanceType</code> field.</li>
<li>Added <code>spec.nodeConfig.windowsNodeConfig</code> field.</li>
</ul></li>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/redis/rediscluster"><code>RedisCluster</code></a>
<ul>
<li>Added <code>spec.automatedBackupConfig</code> field.</li>
<li>Added <code>spec.crossClusterReplicationConfig</code> field.</li>
<li>Added <code>spec.kmsKeyRef</code> field.</li>
<li>Added <code>spec.maintenancePolicy</code> and <code>status.observedState.maintenancePolicy</code> fields.</li>
<li>Added <code>status.observedState.pscServiceAttachments</code> field.</li>
</ul></li>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/memorystore/memorystoreinstance"><code>MemorystoreInstance</code></a>
<ul>
<li>Added <code>spec.maintenancePolicy</code> and <code>status.observedState.maintenancePolicy</code> fields.</li>
<li>Added <code>spec.kmsKeyRef</code> field.</li>
<li>Added <code>status.observedState.encryptionInfo</code> field.</li>
</ul></li>
</ul>
<h3>Change</h3>
<p>Reconciliation Improvements:</p>
<p>Added support for direct reconciliation to more resources, with opt-in behaviour. The API is unchanged. To use the direct reconciler, add the <code>cnrm.cloud.google.com/reconciler: direct</code> annotation to the corresponding Config Connector object. The following resources now have direct reconciliation support:</p>
<ul>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/artifactregistry/artifactregistryrepository"><code>ArtifactRegistryRepository</code></a></li>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/certificatemanager/certificatemanagercertificate"><code>CertificateManagerCertificate</code></a></li>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/dns/dnsmanagedzone"><code>DNSManagedZone</code></a></li>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/dns/dnspolicies"><code>DNSPolicy</code></a></li>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/logging/logginglogbucket"><code>LoggingLogBucket</code></a></li>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/logging/logginglogsink"><code>LoggingLogSink</code></a></li>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/logging/logginglogview"><code>LoggingLogView</code></a></li>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/pubsub/pubsubschema"><code>PubSubSchema</code></a></li>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/pubsub/pubsubtopic"><code>PubSubTopic</code></a></li>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/servicedirectory/servicedirectoryservice"><code>ServiceDirectoryService</code></a></li>
</ul>
<h3>Fixed</h3>
<p>Bug Fixes:</p>
<ul>
<li><a href="https://github.com/GoogleCloudPlatform/k8s-config-connector/pull/9114">#9114</a>: <code>ComposerEnvironment</code>: Support resource reference resolution and fix drift on private environment config.</li>
<li><a href="https://github.com/GoogleCloudPlatform/k8s-config-connector/pull/10414">#10414</a>: <code>ComputeBackendService</code>: Prevent the automatic injection of <code>subsetting: { policy: "NONE" }</code> for regional backend services with <code>INTERNAL_SELF_MANAGED</code> load balancing scheme.</li>
<li><a href="https://github.com/GoogleCloudPlatform/k8s-config-connector/pull/7222">#7222</a>: <code>DataprocCluster</code>: <code>userServiceAccountMapping</code> field in DataprocCluster resources is now mutable.</li>
<li><a href="https://github.com/GoogleCloudPlatform/k8s-config-connector/pull/9594">#9594</a>: <code>DNSPolicy</code>: Fixes to DNSPolicy for real GCP integration.</li>
<li><a href="https://github.com/GoogleCloudPlatform/k8s-config-connector/pull/10417">#10417</a>: <code>MemorystoreInstance</code>: Fix crossInstanceReplicationConfig field, allowing replication roles to be synced and updated correctly.</li>
<li><a href="https://github.com/GoogleCloudPlatform/k8s-config-connector/pull/8828">#8828</a>: <code>NetworkSecurity</code>: Fix UpdateAuthorizationPolicy panic with empty updateMask.</li>
<li><a href="https://github.com/GoogleCloudPlatform/k8s-config-connector/pull/7567">#7567</a>: <code>PrivilegedAccessManager</code>: Fix mock drift in PrivilegedAccessManager by correcting Delete LRO and array element retention.</li>
<li><a href="https://github.com/GoogleCloudPlatform/k8s-config-connector/pull/9602">#9602</a>: <code>RedisCluster</code>: Fix permanent diff caused by automated backup configuration default value.</li>
</ul>
<h2 class="release-note-product-title">Gemini Enterprise Agent Platform</h2>
<h3>Feature</h3>
<p><strong>Provisioned Throughput: Multiple pending new orders GA</strong></p>
<p>The ability to submit multiple pending orders is generally available. you can
submit up to seven Google model orders for the same model and region.
See <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/models/provisioned-throughput/purchase-provisioned-throughput#multiple">Multiple pending
orders</a>.</p>
<h2 class="release-note-product-title">Google Cloud Contact Center as a Service</h2>
<h3>Announcement</h3>
<p><strong>Google Cloud CCaaS 4.45</strong></p>
<p>We've released version 4.45 of Google Cloud CCaaS.</p>
<p>The timing of the update to your instance depends on the deployment schedule
that you have chosen. For more information, see <a href="https://cloud.google.com/contact-center/ccai-platform/docs/deployment-schedules">Deployment
schedules</a>.</p>
<h3>Feature</h3>
<p><strong>Do Not Call capability in HubSpot</strong></p>
<p>You can configure your HubSpot integration to display <strong>This number is on the Do
Not Call list</strong> in the call adapter when an agent initiates a call to a contact
configured for Do Not Call (DNC). The agent can proceed with the DNC call if
needed. If the agent proceeds with the call, the following comment is logged in
the CRM: "The contact is in TPS, the agent chose to proceed with the call."</p>
<p>This capability is for non-campaign outbound calls. It doesn't affect outbound
campaign calls.</p>
<p>Administrators: In the <strong>Settings <span aria-label="and then">&gt;</span> Developer Settings <span aria-label="and then">&gt;</span>
Agent Platform <span aria-label="and then">&gt;</span> HubSpot <span aria-label="and then">&gt;</span> Account Lookup</strong> section,
there's a new <strong>Do-Not-Call CRM Field</strong> section.</p>
<p>User experience update: The call adapter displays <strong>This number is on the Do Not
Call list</strong> when an agent initiates a call to a contact configured for DNC.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/contact-center/ccai-platform/docs/hubspot-do-not-call">Do Not Call for
HubSpot</a>.</p>
<h3>Feature</h3>
<p><strong>Return to queue after disconnection</strong></p>
<p>You can configure CCAI Platform to offer a disconnected caller the
option to return to their queue. If they accept, they're returned to the top of
the queue. Virtual agents in the queue are skipped. This capability is for IVR
calls only.</p>
<p>Administrators: We've made the following updates to the CCAI Platform portal:</p>
<ul>
<li><p>In the <strong>Settings <span aria-label="and then">&gt;</span> Call <span aria-label="and then">&gt;</span> Call Details</strong> pane,
there's a new <strong>Return to Queue After Disconnection</strong> section.</p></li>
<li><p>In the <strong>Settings <span aria-label="and then">&gt;</span> Queue <span aria-label="and then">&gt;</span> IVR (Interactive Voice
Response) <span aria-label="and then">&gt;</span> Edit / View <span aria-label="and then">&gt;</span> MENU_NAME <span aria-label="and then">&gt;</span>
Settings</strong> pane, there's a new <strong>Return to Queue after disconnection</strong>
section.</p></li>
<li><p>In the <strong>Settings <span aria-label="and then">&gt;</span> Languages &amp; Messages <span aria-label="and then">&gt;</span> Audible
Messages</strong> pane, there's a new <strong>Return to Queue After Disconnection
Messages</strong> section.</p></li>
</ul>
<p>For more information, see <a href="https://docs.cloud.google.com/contact-center/ccai-platform/docs/return-to-queue">Return to
queue</a>.</p>
<h3>Fixed</h3>
<ul>
<li><p>Fixed an issue where campaigns that didn't complete prevented subsequent
campaigns from starting.</p></li>
<li><p>Fixed an issue where callers weren't correctly connected to voicemail during
a warm transfer to an agent's direct number.</p></li>
<li><p>Fixed an issue where incoming calls were assigned to agents but
didn't appear in the agent adapter, resulting in "ghost assignments" and
abandoned calls.</p></li>
<li><p>Fixed an issue where cold-transferring a call from a queue while the
transferring agent was in a wrap-up state caused the connection to become
unresponsive and silent.</p></li>
<li><p>Fixed an issue where calls that disconnected before entering a queue were
incorrectly displayed in the <strong>Queued Calls</strong> dashboard.</p></li>
<li><p>Fixed an issue in the agent desktop where the call disposition panel failed
to load for queues with forced disposition enabled, leaving agents stuck and
unable to proceed without logging out.</p></li>
<li><p>Fixed an issue where streaming conversations failed due to connection
errors.</p></li>
<li><p>Fixed an issue where outbound calls initiated from a HubSpot company profile
created duplicate anonymous contacts instead of matching existing records by
phone number.</p></li>
<li><p>Fixed an issue where the <strong>Session Data</strong> report incorrectly calculated the
after call work (ACW) duration for manual wrap-ups.</p></li>
<li><p>Fixed an issue where the <strong>Start Call</strong> button didn't display in the call
adapter.</p></li>
<li><p>Fixed an issue where voicemails from cold transfers were lost or routed to
the wrong queue.</p></li>
<li><p>Fixed an issue in the agent desktop where active calls appeared to be on
hold while the agent was in a "wrap-up exceeded" state.</p></li>
</ul>
<h2 class="release-note-product-title">Google SecOps</h2>
<h3>Announcement</h3>
<p><strong>[Spotlight Feature] Security Tokens</strong></p>
<p>Security Tokens are now available for metering agentic consumption within Google
SecOps. Tokens are consumed by generally available security agents only. These
agents are invoked automatically or manually using the web interface, CLI, chat,
or Model Context Protocol (MCP). Assistive features, such as standard chat
panels and automated summaries, along with preview agents, won't consume
Security Tokens.</p>
<p>Security Tokens will start rolling out across all regions starting July 1. For
more information, see <a href="https://docs.cloud.google.com/chronicle/docs/agentic-soc/security-tokens">Google SecOps Agentic SOC Security Tokens pricing and
billing</a>.</p>
<h3>Feature</h3>
<p><strong>[Spotlight Feature] Enhanced security and compliance for the Advanced BigQuery Export feature</strong></p>
<p>The <a href="https://docs.cloud.google.com/chronicle/docs/reports/bigquery-export">Advanced BigQuery Export feature</a> is in Preview and is available for Google SecOps Enterprise Plus customers only. </p>
<p><strong>Here's what's new:</strong> We're excited to announce significant performance and coverage enhancements to Advanced BigQuery Export for Google SecOps Enterprise Plus customers.</p>
<ul>
<li><strong>Expanded dataset support</strong>: In addition to UDM events, rule detections, and IoC matches, we now support the export of Entity Graph and Ingestion Metrics.</li>
<li><strong>Enhanced security &amp; compliance</strong>: The offering natively supports <a href="https://docs.cloud.google.com/chronicle/docs/secops/vpcsc-for-secops">VPC Service Controls (VPC-SC)</a>, <a href="https://docs.cloud.google.com/chronicle/docs/secops/cmek_for_secops">Customer-Managed Encryption Keys (CMEK)</a>, and Data Residency (DRZ). Furthermore, customer-facing audit logs (Access Transparency) are delivered directly to your Cloud Logging workspace using the Federated Resource Identification Service.</li>
<li><strong>Data integrity and deduplication</strong>: The system now uses Fine-Grained DML merges to update records in place behind the scenes. This ensures that you receive clean, deduplicated data without needing to write complex SQL routines.</li>
<li><strong>Seamless MSSP support (hub and spoke)</strong>: Managed Security Service Providers (MSSPs) can now efficiently manage analytics across multiple customer tenants. This is achieved by programmatically subscribing to customers' linked datasets from a single centralized "Hub" project.</li>
<li><strong>Enum mapping tables</strong>: Advanced BigQuery Export now includes <code>entity_enum_value_to_name_mapping</code> and <code>udm_enum_value_to_name_mapping</code> tables. These allow you to easily join against your events to translate numerical enum values into human-readable strings.</li>
</ul>
<p><strong>Key reminders</strong></p>
<ul>
<li><strong>Public preview &amp; feature activation</strong>: This feature is currently in Public Preview, is enabled only upon request, and may require initial configuration in your organization's Google SecOps instance. Contact your Google SecOps representative to confirm feature enablement.</li>
<li><strong>Enterprise Plus only</strong>: This feature is exclusive to the Enterprise Plus tier.</li>
<li><strong>Zero-maintenance</strong>: Your security data remains in a Google-managed project, appearing as a read-only linked dataset directly in your own Google Cloud project. This lets you query the data locally without the overhead of managing the pipeline or paying for storage.</li>
<li><strong>Migration and dual operation</strong>: To support a smooth transition without disruption during the Public Preview, your data will be exported to the new BigQuery tenant project in addition to your existing Google-managed BigQuery project. You'll be notified before the old export pipeline is disabled for your account.</li>
</ul>
<h2 class="release-note-product-title">Google SecOps Marketplace</h2>
<h3>Feature</h3>
<p><strong>Proofpoint Email Protection</strong>: Version 8.0</p>
<ul>
<li><p>The following new actions have been added to support searching and 
programmatically managing quarantined emails:</p>
<ul>
<li><p><strong>Search Quarantined Emails</strong></p></li>
<li><p><strong>Delete Quarantined Email</strong></p></li>
<li><p><strong>Resubmit Quarantined Email</strong></p></li>
<li><p><strong>Move Quarantined Email</strong></p></li>
</ul></li>
</ul>
<h3>Change</h3>
<p><strong>Proofpoint Email Protection</strong>: Version 8.0</p>
<ul>
<li><p>Updated backend script implementation to support the new framework for the 
following actions:</p>
<ul>
<li><p><strong>Enrich Entities</strong></p></li>
<li><p><strong>Ping</strong></p></li>
</ul></li>
</ul>
<h2 class="release-note-product-title">Google SecOps SIEM</h2>
<h3>Announcement</h3>
<p><strong>[Spotlight Feature] Security Tokens</strong></p>
<p>Security Tokens are now available for metering agentic consumption within Google
SecOps. Tokens are consumed by generally available security agents only. These
agents are invoked automatically or manually using the web interface, CLI, chat,
or Model Context Protocol (MCP). Assistive features, such as standard chat
panels and automated summaries, along with preview agents, won't consume
Security Tokens.</p>
<p>Security Tokens will start rolling out across all regions starting July 1. For
more information, see <a href="https://docs.cloud.google.com/chronicle/docs/agentic-soc/security-tokens">Google SecOps Agentic SOC Security Tokens pricing and
billing</a>.</p>
<h2 class="release-note-product-title">Looker</h2>
<h3>Announcement</h3>
<p>The latest versions in the Looker (Google Cloud core) <a href="https://docs.cloud.google.com/looker/docs/looker-core-release-process#release_channels">release channels</a> are beginning deployment as follows:</p>
<ul>
<li>Latest version in the Rapid channel: <strong>26.10</strong></li>
<li>Latest version in the Regular channel: <strong>26.10</strong></li>
<li>Latest version in the No Channel channel: <strong>26.10</strong></li>
</ul>
<h3>Feature</h3>
<p>Looker (Google Cloud core) has introduced <a href="https://docs.cloud.google.com/looker/docs/looker-core-release-process#release_channels">release channels</a> in preview, allowing users to choose between Rapid, Regular, and "No channel" options to manage the cadence of version updates. The Rapid channel provides early access to new capabilities but is excluded from the Service Level Agreement (SLA), while the Regular channel offers balanced stability with an optional Accelerated Security Patching flag.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 30, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_30_2026</id>
    <updated>2026-06-30T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_30_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Agent Platform Workbench</h2>
<h3>Feature</h3>
<p><strong>Python 3.12 base containers for Agent Platform Workbench custom containers</strong></p>
<p>You can build <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/notebooks/workbench/instances/create-custom-container">custom containers</a>
for Agent Platform Workbench instances using Python 3.12 base containers, in addition
to the default Python 3.10 base containers. The Python 3.12 standard and slim
base containers are available at the following URIs:</p>
<ul>
<li><code>us-docker.pkg.dev/workbench-images/gcr.io/workbench-container-2606:latest</code></li>
<li><code>us-docker.pkg.dev/workbench-images/gcr.io/workbench-container-slim-2606:latest</code></li>
</ul>
<h2 class="release-note-product-title">BigQuery</h2>
<h3>Feature</h3>
<p>You can specify an optional <code>principal</code> property on
<a href="https://docs.cloud.google.com/bigquery/docs/reservations-assignments">BigQuery reservation assignments</a> to
route queries to specific reservations based on the identity of the user,
service account, or third-party identity executing the job.</p>
<h2 class="release-note-product-title">Cloud NAT</h2>
<h3>Feature</h3>
<p><strong>Preview</strong>: Cloud NAT gateways for Private NAT support IPv6 to IPv4 network
address translation. For more information, see
<a href="https://docs.cloud.google.com/nat/docs/private-nat#nat64">NAT64 in Private NAT</a>.</p>
<h2 class="release-note-product-title">Cloud NGFW</h2>
<h3>Feature</h3>
<p>You can now create and configure project-level resources for application layer
inspection in Cloud NGFW, including project-level firewall endpoints, security
profile groups, and security profiles. For more information, see
<a href="https://docs.cloud.google.com/firewall/docs/about-app-layer-inspection#org-project-resources">Organization-level and project-level
resources</a>,
<a href="https://docs.cloud.google.com/firewall/docs/about-firewall-endpoints">Firewall endpoints overview</a>,
<a href="https://docs.cloud.google.com/firewall/docs/about-security-profile-groups">Security profile groups overview</a>,
and <a href="https://docs.cloud.google.com/firewall/docs/about-security-profiles">Security profiles overview</a>. This
feature is available in <strong>General Availability</strong>.</p>
<h3>Feature</h3>
<p>To restrict traffic to the managed Envoy proxies in a
<a href="https://docs.cloud.google.com/load-balancing/docs/proxy-only-subnets">proxy-only subnet</a>, you can configure
global network firewall policies and regional network firewall policies to
protect internal Application Load Balancers and internal proxy Network Load
Balancers. For more information, see <a href="https://docs.cloud.google.com/firewall/docs/global-network-app-lb">Use global network firewall policies to
protect Envoy-based load balancers</a> and
<a href="https://docs.cloud.google.com/firewall/docs/regional-network-app-lb">Use regional network firewall policies to protect internal Application Load
Balancers and internal proxy Network Load
Balancers</a>. This feature is available in
<strong>General Availability</strong>.</p>
<h2 class="release-note-product-title">Gemini Enterprise</h2>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: Filters for Microsoft SharePoint data stores are generally available (GA)</strong></p>
<p>Filters for Microsoft SharePoint federated data stores are now generally
available (GA).</p>
<p>For more information, see
<a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/ms-sharepoint/add-filters-to-sharepoint-data-store">Add filters to a Microsoft SharePoint data store</a>.</p>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: Support for India and Singapore regions (GA with
allowlist)</strong></p>
<p>You can use the Gemini Enterprise app in the India (<code>IN</code>) and Singapore
(<code>SG</code>) regions with at-rest data
residency (DRZ) and machine learning processing (MLP) in region. You can
also use the latest Gemini 3.5 Flash model in these regions with
in-region at-rest DRZ and MLP.</p>
<p>These locations are available in GA with allowlist. To get access to these
locations for use with Gemini Enterprise or NotebookLM Enterprise,
contact your Google account team.</p>
<p>Certain limitations apply when using these regions. For more information,
see <a href="https://docs.cloud.google.com/gemini/enterprise/docs/locations">Data residency for Gemini Enterprise Standard and Plus
Editions</a>.</p>
<h2 class="release-note-product-title">Gemini Enterprise Agent Platform</h2>
<h3>Feature</h3>
<p><strong>Anthropic's Claude Sonnet 5</strong></p>
<p><a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/models/partner-models/claude/sonnet-5">Claude Sonnet 5</a>
is available in Model Garden.</p>
<h2 class="release-note-product-title">Google Cloud Contact Center as a Service</h2>
<h3>Announcement</h3>
<p><strong>In the Agent Desktop, the Knowledge Assist panel is being replaced with a new
Agent Assist Hub panel</strong></p>
<p><strong>Who's affected?</strong></p>
<p>Customers who use the Agent Desktop and the Knowledge Assist panel in a desktop
layout are affected. If you don't use Agent Desktop and the Knowledge Assist
panel, you can ignore this announcement.</p>
<p><strong>What's changing?</strong></p>
<p>We're replacing the Knowledge Assist panel in Agent Desktop with a new Agent
Assist Hub panel. The Agent Assist Hub panel contains a Knowledge Assist module
that is a 1:1 functional replacement of the Knowledge Assist panel.</p>
<p><strong>How does this affect my contact center?</strong></p>
<p>For any agents that are signed into your contact center at the moment we update
it, the new Knowledge Assist module will stop working. To fix this problem, the
agent needs to sign out of the contact center and sign in again. The Knowledge
Assist module will begin working. Agents who sign into your contact center after
we update it won't be affected by this issue.</p>
<p><strong>What do I need to do?</strong></p>
<p>When we roll out this change, your Google Cloud CCaaS instance will be updated
automatically - you don't need to change any configurations. However, you
should tell your agents to sign out of your contact center and sign in again if
the Knowledge Assist module within the Agent Assist Hub panel isn't working for
them. Your agents do not need to take action If your instance is configured as a
Critical deployment and is updated outside of the contact center hours of
operation.</p>
<p><strong>When is this happening?</strong></p>
<p>We expect to make this change in early Q3 of 2026, around mid to late July.
We'll publish prerelease notes and release notes to keep you informed of this
change.</p>
<h2 class="release-note-product-title">Google SecOps</h2>
<h3>Announcement</h3>
<p><strong>Increased multiple event limits</strong></p>
<p>Multiple event rule limits have been increased to 200 for Enterprise customers and 400 for Enterprise+ customers.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/chronicle/docs/secops/secops-packages#package_comparison">Package comparison</a></p>
<h3>Announcement</h3>
<p><strong>[Spotlight Feature] Unified rules interface</strong></p>
<p>The new rules interface is now available in public preview. The Google SecOps unified rules interface brings custom and curated rule management into a single, cohesive workflow. This optimizes detection engineering with a redesigned dashboard, an advanced rule editor, and expanded API capabilities to streamline rule deployment and troubleshooting.</p>
<p>You can still revert to the legacy experience. At the top right of the screen, click <strong>Switch to the legacy experience</strong>.</p>
<p>For more information about the Unified rules interface, see <a href="https://docs.cloud.google.com/chronicle/docs/detection/unified-rules/manage-unified-rules">Manage unified rules</a>.</p>
<h2 class="release-note-product-title">Google SecOps SIEM</h2>
<h3>Announcement</h3>
<p><strong>Increased multiple event limits</strong></p>
<p>Multiple event rule limits have been increased to 200 for Enterprise customers and 400 for Enterprise+ customers.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/chronicle/docs/secops/secops-packages#package_comparison">Package comparison</a></p>
<h3>Announcement</h3>
<p><strong>Unified rules interface</strong></p>
<p>The new rules interface is now available in public preview.</p>
<p>The Google SecOps unified rules interface brings custom and curated rule management into a single, cohesive workflow. This optimizes detection engineering with a redesigned dashboard, an advanced rule editor, and expanded API capabilities to streamline rule deployment and troubleshooting.</p>
<p>You can still revert to the legacy experience. At the top right of the screen, click <strong>Switch to the legacy experience</strong>.</p>
<p>For more information about the Unified rules interface, see <a href="https://docs.cloud.google.com/chronicle/docs/detection/unified-rules/manage-unified-rules">Manage unified rules</a>.</p>
<h2 class="release-note-product-title">Managed Service for Apache Spark</h2>
<h3>Announcement</h3>
<p>New <a href="https://docs.cloud.google.com/managed-spark/docs/concepts/versioning/image-version-lists#supported-dataproc-image-versions"><strong>Managed Service for Apache Spark</strong> (formerly Dataproc on Compute Engine) subminor cluster image versions</a>:</p>
<ul>
<li>2.1.117-debian11, 2.1.117-rocky8, 2.1.117-ubuntu20, 2.1.117-ubuntu20-arm</li>
<li>2.2.85-debian12, 2.2.85-rocky9, 2.2.85-ubuntu22, 2.2.85-ubuntu22-arm</li>
<li>2.3.33-debian12, 2.3.33-ml-ubuntu22, 2.3.33-rocky9, 2.3.33-ubuntu22, 2.3.33-ubuntu22-arm</li>
</ul>
<p>Key updates in these image versions include:</p>
<ul>
<li><strong>Conda channels</strong>: The new <code>2.1.117</code> and <code>2.2.85</code> subminor image versions don't have preconfigured Conda channels, and are not mapped to default aliases (such as <code>2.1-debian11</code> and <code>2.2-debian12</code>) until August 25, 2026.
<ul>
<li><strong>Impact:</strong> When creating clusters with these image versions, specify the exact subminor version (for example, <code>2.1.117-debian11</code> or <code>2.2.85-debian12</code>). Packages cannot be installed using Conda unless channels are manually configured during cluster initialization.</li>
<li><strong>Mitigation:</strong> If your workloads require preconfigured Conda channels or default aliases, pin your clusters to the previous image versions (for example, <code>2.1.116-debian11</code> or <code>2.2.84-debian12</code>).</li>
<li><strong>Default change schedule:</strong> After August 25, 2026, the default aliases for <code>2.1</code> and <code>2.2</code> will point to image versions without preconfigured Conda channels (the latest subminor versions). All workloads must transition to these new images after August 25, 2026 since the use of prior subminor versions with preconfigured Conda channels will be disallowed.</li>
</ul></li>
</ul>
<p><strong>You may need to delete and replace existing clusters</strong> After August 25, 2026,
existing clusters created with images that have preconfigured Conda channels
(even if cluster jobs don't use Conda to install packages) need to be deleted
and replaced with new
<a href="https://docs.cloud.google.com/managed-spark/docs/guides/create-cluster#creating_a_cloud_dataproc_cluster">clusters created</a>
or <a href="https://docs.cloud.google.com/managed-spark/docs/guides/recreate-cluster#recreate_and_update_a_cluster_2">recreated</a>
with images that don't have preconfigured Conda channels.</p>
<h2 class="release-note-product-title">Network Security Integration</h2>
<h3>Feature</h3>
<p>The broker mode for out-of-band Network Security Integration (also known as
packet broker) is now available in <strong>General Availability (GA) with allowlist</strong>.
Broker mode lets you mirror GENEVE-encapsulated network packets from a consumer
network to multiple producer networks for analysis, and adds additional GENEVE
metadata (such as timestamp and network stable ID).
This feature is not available to all users. To access this feature, contact your
Google account team.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/network-security-integration/docs/out-of-band/out-of-band-integration-overview#oob-modes">Out-of-band integration
overview</a>
and <a href="https://docs.cloud.google.com/network-security-integration/docs/understand-geneve">Understand GENEVE
format</a>.</p>
<h3>Feature</h3>
<p>Project-level security profiles and security profile groups for Network Security
Integration are now available in <strong>General Availability (GA)</strong>.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/network-security-integration/docs/security-profiles-overview">Security profiles
overview</a> and
<a href="https://docs.cloud.google.com/network-security-integration/docs/security-profile-groups-overview">Security profile groups
overview</a>.</p>
<h2 class="release-note-product-title">Virtual Private Cloud</h2>
<h3>Feature</h3>
<p><strong>General Availability</strong>: If a consumer VPC network uses an
<a href="https://docs.cloud.google.com/vpc/docs/rdma-network-profiles#falcon-supported-features">RDMA network profile for Falcon VPC networks</a>,
a single Compute Engine instance can connect to it by using multiple virtual
Private Service Connect interfaces.</p>
<p>For more information, see
<a href="https://docs.cloud.google.com/vpc/docs/create-manage-private-service-connect-interfaces#create">Create VMs with Private Service Connect interfaces</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 29, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_29_2026</id>
    <updated>2026-06-29T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_29_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">App Engine flexible environment .NET</h2>
<h3>Feature</h3>
<p>Support for deploying your existing apps in the flexible environment to Cloud Run using
the <code>gcloud beta app migrate-to-run</code> command is in <a href="https://cloud.google.com/products/#product-launch-stages">Preview</a>. For more information, see <a href="https://docs.cloud.google.com/appengine/migration-center/run/migrate-app-engine-flexible-to-run">Deploy an App Engine app in the flexible environment to Cloud Run</a>.</p>
<h2 class="release-note-product-title">App Engine flexible environment Go</h2>
<h3>Feature</h3>
<p>Support for deploying your existing apps in the flexible environment to Cloud Run using
the <code>gcloud beta app migrate-to-run</code> command is in <a href="https://cloud.google.com/products/#product-launch-stages">Preview</a>. For more information, see <a href="https://docs.cloud.google.com/appengine/migration-center/run/migrate-app-engine-flexible-to-run">Deploy an App Engine app in the flexible environment to Cloud Run</a>.</p>
<h2 class="release-note-product-title">App Engine flexible environment Java</h2>
<h3>Feature</h3>
<p>Support for deploying your existing apps in the flexible environment to Cloud Run using
the <code>gcloud beta app migrate-to-run</code> command is in <a href="https://cloud.google.com/products/#product-launch-stages">Preview</a>. For more information, see <a href="https://docs.cloud.google.com/appengine/migration-center/run/migrate-app-engine-flexible-to-run">Deploy an App Engine app in the flexible environment to Cloud Run</a>.</p>
<h2 class="release-note-product-title">App Engine flexible environment Node.js</h2>
<h3>Feature</h3>
<p>Support for deploying your existing apps in the flexible environment to Cloud Run using
the <code>gcloud beta app migrate-to-run</code> command is in <a href="https://cloud.google.com/products/#product-launch-stages">Preview</a>. For more information, see <a href="https://docs.cloud.google.com/appengine/migration-center/run/migrate-app-engine-flexible-to-run">Deploy an App Engine app in the flexible environment to Cloud Run</a>.</p>
<h2 class="release-note-product-title">App Engine flexible environment PHP</h2>
<h3>Feature</h3>
<p>Support for deploying your existing apps in the flexible environment to Cloud Run using
the <code>gcloud beta app migrate-to-run</code> command is in <a href="https://cloud.google.com/products/#product-launch-stages">Preview</a>. For more information, see <a href="https://docs.cloud.google.com/appengine/migration-center/run/migrate-app-engine-flexible-to-run">Deploy an App Engine app in the flexible environment to Cloud Run</a>.</p>
<h2 class="release-note-product-title">App Engine flexible environment Python</h2>
<h3>Feature</h3>
<p>Support for deploying your existing apps in the flexible environment to Cloud Run using
the <code>gcloud beta app migrate-to-run</code> command is in <a href="https://cloud.google.com/products/#product-launch-stages">Preview</a>. For more information, see <a href="https://docs.cloud.google.com/appengine/migration-center/run/migrate-app-engine-flexible-to-run">Deploy an App Engine app in the flexible environment to Cloud Run</a>.</p>
<h2 class="release-note-product-title">App Engine flexible environment Ruby</h2>
<h3>Feature</h3>
<p>Support for deploying your existing apps in the flexible environment to Cloud Run using
the <code>gcloud beta app migrate-to-run</code> command is in <a href="https://cloud.google.com/products/#product-launch-stages">Preview</a>. For more information, see <a href="https://docs.cloud.google.com/appengine/migration-center/run/migrate-app-engine-flexible-to-run">Deploy an App Engine app in the flexible environment to Cloud Run</a>.</p>
<h2 class="release-note-product-title">App Engine flexible environment custom runtimes</h2>
<h3>Feature</h3>
<p>Support for deploying your existing apps in the flexible environment to Cloud Run using
the <code>gcloud beta app migrate-to-run</code> command is in <a href="https://cloud.google.com/products/#product-launch-stages">Preview</a>. For more information, see <a href="https://docs.cloud.google.com/appengine/migration-center/run/migrate-app-engine-flexible-to-run">Deploy an App Engine app in the flexible environment to Cloud Run</a>.</p>
<h2 class="release-note-product-title">BigQuery</h2>
<h3>Change</h3>
<p>Effective <em>March 9, 2026</em>, new users are required to have a Cloud Billing
account to use the <a href="https://docs.cloud.google.com/bigquery/docs/migration-intro">BigQuery Migration Service</a>.
This change applies to users starting new projects using BigQuery Migration
Service features, such as SQL translation and migration assessment.</p>
<p>After <em>May 18, 2026</em>, all users are required to have a Cloud Billing account to
use the BigQuery Migration Service.</p>
<p><a href="https://docs.cloud.google.com/bigquery/docs/migration-intro#pricing">Pricing for the BigQuery Migration Service</a>
remains without charge.</p>
<h3>Feature</h3>
<p>You can now grant data preparations and pipelines access to additional
services when running or scheduling them with user credentials
for a Google Account. You can grant <a href="https://docs.cloud.google.com/bigquery/docs/orchestrate-data-preparations">data preparations access to Google Drive</a>,
and <a href="https://docs.cloud.google.com/bigquery/docs/schedule-pipelines">grant pipelines access to Google Drive, Bigtable, and Knowledge Catalog</a>.
Extended access options are available in
<a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<h2 class="release-note-product-title">Cloud Monitoring</h2>
<h3>Feature</h3>
<p>Alerting policies based on PromQL queries can now operate over more than
25 hours of data. For more information, see
<a href="https://docs.cloud.google.com/monitoring/alerts/using-promql#promql-2years">Query over 2 years of metric data</a>
and <a href="https://docs.cloud.google.com/monitoring/quotas#alerting_uptime_limits">Limits for alerting</a>.</p>
<h2 class="release-note-product-title">Cloud Run</h2>
<h3>Feature</h3>
<p>Deploy a highly available, multi-region Cloud Run service with automated failover and failback for internal and external traffic using <a href="https://docs.cloud.google.com/run/docs/configuring/configure-service-health">Cloud Run service health</a> in <a href="https://cloud.google.com/products#product-launch-stages">General Availability (GA)</a>.</p>
<h3>Feature</h3>
<p><a href="https://docs.cloud.google.com/run/docs/configuring/configure-service-health">Configure HTTP and gRPC readiness probes</a> for your Cloud Run services is in <a href="https://cloud.google.com/products#product-launch-stages">General Availability (GA)</a>.</p>
<h2 class="release-note-product-title">Cloud SQL for MySQL</h2>
<h3>Feature</h3>
<p>MySQL 8.0.45 is now the <a href="https://docs.cloud.google.com/sql/docs/mysql/db-versions#database-version-support">default minor version</a> for Cloud SQL for MySQL 8.0.</p>
<p>For more information about minor version support in Cloud SQL for MySQL,
see <a href="https://docs.cloud.google.com/sql/docs/mysql/db-versions#mysql-8.0">MySQL 8.0</a>.</p>
<h2 class="release-note-product-title">Cloud Service Mesh</h2>
<h3>Security</h3>
<p><strong>1.29.5-asm.5 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains the fix for the security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-045">GCP-2026-045</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.29.5-asm.5 uses Envoy v1.37.5.</p>
<h3>Security</h3>
<p><strong>1.28.9-asm.4 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains the fix for the security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-045">GCP-2026-045</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.28.9-asm.4 uses Envoy v1.36.9.</p>
<h3>Security</h3>
<p><strong>1.27.9-asm.9 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains the fix for the security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-045">GCP-2026-045</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.27.9-asm.9 uses Envoy v1.35.13.</p>
<h3>Security</h3>
<p>Proxy version csm_mesh_proxy.csm_mesh_proxy.20260624e_RC01 for Gateway API on
GKE clusters is rolling out to all Managed Cloud Service Mesh release channels
over the next week.</p>
<p>This patch release contains the fixes for the security vulnerabilities listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-040">GCP-2026-040</a>.</p>
<h2 class="release-note-product-title">Cloud Trace</h2>
<h3>Feature</h3>
<p>Google Cloud Observability has expanded the supported locations for observability buckets,
which store your trace data, to include the following:</p>
<ul>
<li>europe-west9</li>
</ul>
<p>For a list of supported locations, see
<a href="https://docs.cloud.google.com/stackdriver/docs/observability/observability-bucket-locations">Locations for observability buckets</a>.</p>
<h2 class="release-note-product-title">Container Optimized OS</h2>
<h3>Change</h3>
<h3 id="cos-129-19506-224-80_">cos-129-19506-224-80 <a id='"cos-arm64-129-19506-224-80"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/ebd6b5eac866f903f1cc7586ae6291004984e702
">COS-6.12.90</a></td>
<td>v27.5.1</td>
<td>v2.2.3</td>
<td><a href="https://storage.googleapis.com/cos-tools/19506.224.80/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Change</h3>
<h3 id="cos-dev-133-19907-0-0_">cos-dev-133-19907-0-0 <a id='"cos-arm64-dev-133-19907-0-0"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/3b8b0b32fb46c4ac9a0174e54d556700fcf584c7
">COS-6.18.36</a></td>
<td>v29.4.3</td>
<td>v2.2.3</td>
<td><a href="https://storage.googleapis.com/cos-tools/19907.0.0/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Change</h3>
<p>Updated cloud-provider-gcp to v35.0.8, docker-credential-gcr to v2.1.32, docker-credential-helpers to v0.9.7, nvidia-container-toolkit to v1.17.9, isa-l to v2.31.1, oauthlib to v3.0.2, apparmor-profiles to v3.1.7, apparmor to v3.1.7, ek-cpu-balloon to v1.2.3, libapparmor to v3.1.7.</p>
<h3>Change</h3>
<p>Updated app-arch/gzip to v1.14_p20260502, app-arch/xz-utils to v5.4.7, app-arch/zstd to v1.5.7, app-crypt/mit-krb5 to v1.22.2, app-editors/vim and app-editors/vim-core to v9.1.2148, dev-libs/libaio to v0.3.113-r2, dev-libs/xxhash to v0.8.3, dev-python/PySocks to v1.6.8, dev-python/cryptography to v39.0.2, dev-python/markupsafe to v2.1.5, dev-python/pyrsistent to v0.14.11, dev-python/python-magic to v0.4.27, dev-python/pyyaml to v6.0.3, dev-python/rfc3339-validator to v0.1.4-r1, net-misc/rsync to v3.4.4, sys-apps/mawk to v1.3.4_p20260302, sys-libs/libxcrypt to v4.4.38, sys-libs/talloc to v2.4.4, sys-fs/lvm2 to v2.03.39, sys-libs/binutils-libs to v2.46.1.</p>
<h3>Change</h3>
<p>Updated gzip to v1.14_p20260502, xz-utils to v5.4.7, zstd to v1.5.7, mit-krb5 to v1.22.2, vim to v9.1.2148, vim-core to v9.1.2148, python-exec-conf to v2.4.10, libaio to v0.3.113, xxhash to v0.8.3, PySocks to v1.6.8, cryptography to v39.0.2, markupsafe to v2.1.5, pyrsistent to v0.14.11, python-magic to v0.4.27, pyyaml to v6.0.3, rfc3339-validator to v0.1.4, iptables to v1.8.13, mawk to v1.3.4_p20260302, lvm2 to v2.03.39, binutils-libs to v2.46.1, libxcrypt to v4.4.38, talloc to v2.4.4.</p>
<h3>Change</h3>
<p>Updated app-containers/cloud-provider-gcp to v35.0.8, app-containers/docker-credential-gcr to v2.1.32, app-containers/nvidia-container-toolkit to v1.17.9, dev-libs/isa-l to v2.31.1, dev-python/oauthlib to v3.0.2, net-fs/nfs-utils to v2.6.4, sec-policy/apparmor-profiles, sys-apps/apparmor, and sys-libs/libapparmor to v3.1.7.</p>
<h3>Change</h3>
<p>Updated libtraceevent to v1.7.3, libtracefs to v1.6.4, conntrack-tools to v1.4.9, fuse to v2.9.9, fuse-common to v3.10.5.</p>
<h3>Change</h3>
<p>Updated dev-libs/libtraceevent to v1.7.3, dev-libs/libtracefs to v1.6.4, net-firewall/conntrack-tools to v1.4.9, sys-fs/fuse to v2.9.9, sys-fs/fuse-common to v3.10.5.</p>
<h3>Change</h3>
<p>Updated sys-apps/casfs to v0.1.14.</p>
<h3>Change</h3>
<p>Updated sys-apps/casfs to v0.1.14.</p>
<h3>Feature</h3>
<p>Added cos-dkms support for vast client
drivers v4.5.7.</p>
<h3>Change</h3>
<p>Updated the Linux kernel to v6.18.36.</p>
<h3>Feature</h3>
<p>Support nvidia-fs for COS GPU installer</p>
<h3>Feature</h3>
<p>Added support for loading the ublk kernel module.</p>
<h3>Fixed</h3>
<p>Upgraded app-admin/sosreport to v4.11.2.</p>
<h3>Fixed</h3>
<p>Upgraded app-admin/sosreport to v4.11.2.</p>
<h3>Fixed</h3>
<p>Upgraded app-containers/docker-credential-helpers to v0.9.8.</p>
<h3>Fixed</h3>
<p>Upgraded app-shells/dash to v0.5.13.4-r2.</p>
<h3>Fixed</h3>
<p>Upgraded app-emulation/cloud-init to v26.1.</p>
<h3>Fixed</h3>
<p>Upgraded dev-libs/expat to v2.8.1.</p>
<h3>Fixed</h3>
<p>Upgraded net-misc/curl to v8.20.0-r1.</p>
<h3>Fixed</h3>
<p>Upgraded app-shells/dash to v0.5.13.4-r2.</p>
<h3>Fixed</h3>
<p>Upgraded net-misc/rsync to v3.4.4.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/gentoo-functions to v1.7.7.</p>
<h3>Fixed</h3>
<p>Upgraded chromeos-base/google-breakpad to v2026.06.22.165940-r278.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-11822, CVE-2026-11824 in dev-db/sqlite.</p>
<h3>Fixed</h3>
<p>Upgraded net-misc/curl to v8.20.0-r1.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-43116 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-40226 in sys-apps/systemd.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-45850 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-5928 in sys-libs/glibc.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52908 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-6238 in sys-libs/glibc.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52910 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-7210 in dev-lang/python.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52912 in the Linux kernel.</p>
<h3>Security</h3>
<p>Upgraded dev-libs/openssl to v3.5.7 to fix CVE-2026-9076,
CVE-2026-34183,CVE-2026-45445,CVE-2026-42764,CVE-2026-7383,CVE-2026-45447,
CVE-2026-34182,CVE-2026-34181,CVE-2026-34180.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52920 in the Linux kernel.</p>
<h3>Change</h3>
<p>Runtime sysctl changes:
<ul>
<li>Changed: kernel.threads-max: 63459 -&gt; 63460</li>
<li>Changed: net.ipv4.udp_mem: 187989   250654  375978 -&gt; 187989    250655  375978</li>
<li>Changed: user.max_cgroup_namespaces: 31729 -&gt; 31730</li>
<li>Changed: user.max_ipc_namespaces: 31729 -&gt; 31730</li>
<li>Changed: user.max_mnt_namespaces: 31729 -&gt; 31730</li>
<li>Changed: user.max_net_namespaces: 31729 -&gt; 31730</li>
<li>Changed: user.max_pid_namespaces: 31729 -&gt; 31730</li>
<li>Changed: user.max_time_namespaces: 31729 -&gt; 31730</li>
<li>Changed: user.max_user_namespaces: 31729 -&gt; 31730</li>
<li>Changed: user.max_uts_namespaces: 31729 -&gt; 31730</li>
</ul></p>
<h3>Security</h3>
<p>Fixed CVE-2026-52921 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52923 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52925 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52927 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52930 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52936 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52942 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52943 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52969 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52970 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52974 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52977 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52980 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52981 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52984 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52986 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52989 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52990 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52998 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52999 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53001 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53002 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53003 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53006 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53012 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53013 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53014 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53021 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53023 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53031 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53032 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53034 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53035 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53036 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53050 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53060 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53062 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53063 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53064 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53069 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53074 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53075 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53076 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53080 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53083 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53085 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53094 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53096 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53111 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53115 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53120 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53123 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53126 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53129 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-7210 in dev-lang/python.</p>
<h3>Security</h3>
<p>Upgraded dev-libs/openssl to v3.5.7 to fix CVE-2026-45447,
CVE-2026-45445,CVE-2026-34183,CVE-2026-42764,CVE-2026-7383,CVE-2026-34180,
CVE-2026-34182,CVE-2026-34181,CVE-2026-9076.</p>
<h3>Change</h3>
<h3 id="cos-125-19216-395-138_">cos-125-19216-395-138 <a id='"cos-arm64-125-19216-395-138"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/97bb848ad07a5d645a2ca2193f223dbb01908690
">COS-6.12.85</a></td>
<td>v27.5.1</td>
<td>v2.1.7</td>
<td><a href="https://storage.googleapis.com/cos-tools/19216.395.138/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Change</h3>
<p>Updated app-containers/docker-credential-gcr to v2.1.32, app-containers/docker-credential-helpers to v0.9.7, app-containers/nvidia-container-toolkit to v1.17.9, dev-libs/isa-l to v2.31.1, dev-python/oauthlib to v3.0.2, net-fs/nfs-utils to v2.6.4, sec-policy/apparmor-profiles to v3.1.7, sys-apps/apparmor to v3.1.7, sys-libs/libapparmor to v3.1.7.</p>
<h3>Change</h3>
<p>Updated app-editors/vim to v9.1.2148, app-editors/vim-core to v9.1.2148, dev-libs/libtraceevent to v1.7.3, dev-libs/libtracefs to v1.6.4, net-firewall/conntrack-tools to v1.4.9, sys-fs/fuse to v2.9.9, sys-fs/fuse-common to v3.10.5.</p>
<h3>Change</h3>
<p>Updated gzip to v1.14_p20260502, xz-utils to v5.4.7, zstd to v1.5.7, python-exec-conf to v2.4.10, expat to v2.8.1, json-c to v0.16.20220414, libaio to v0.3.113, xxhash to v0.8.3, PySocks to v1.6.8, cryptography to v39.0.2, markupsafe to v2.1.5, pyrsistent to v0.14.11, python-magic to v0.4.27, pyyaml to v6.0.3, rfc3339-validator to v0.1.4, urllib3 to v1.26.20, c-ares to v1.34.6, iptables to v1.8.13, gentoo-functions to v1.7.7, mawk to v1.3.4_p20260302, lvm2 to v2.03.39, binutils-libs to v2.46.1, libxcrypt to v4.4.38, talloc to v2.4.4.</p>
<h3>Feature</h3>
<p>Added cos-dkms support for vast client
drivers v4.5.7.</p>
<h3>Feature</h3>
<p>Support nvidia-fs for COS GPU installer</p>
<h3>Fixed</h3>
<p>Upgraded app-admin/logrotate to v3.22.0-r1.</p>
<h3>Fixed</h3>
<p>Upgraded app-admin/sosreport to v4.11.2.</p>
<h3>Fixed</h3>
<p>Upgraded app-shells/dash to v0.5.13.4-r2.</p>
<h3>Fixed</h3>
<p>Upgraded dev-db/sqlite to v3.53.1.</p>
<h3>Fixed</h3>
<p>Upgraded net-misc/curl to v8.20.0-r1.</p>
<h3>Fixed</h3>
<p>Upgraded net-misc/rsync to v3.4.4.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/gentoo-functions to v1.7.6.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/less to v704.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-11822, CVE-2026-11824 in dev-db/sqlite.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-43116 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-45850 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52908 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52910 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52912 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52920 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52923 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52925 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52928 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52933 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52936 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52943 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52969 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52970 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52974 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52977 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52980 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52981 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52984 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52986 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52989 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52990 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52998 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52999 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53001 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53002 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53003 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53006 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53012 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53013 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53014 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53021 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53023 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53031 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53032 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53034 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53035 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53036 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53050 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53060 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53062 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53063 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53064 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53069 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53074 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53075 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53076 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53080 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53083 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53085 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53094 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53096 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53111 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53115 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53120 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53123 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53126 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53129 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-7210 in dev-lang/python.</p>
<h3>Security</h3>
<p>Upgraded dev-libs/openssl to v3.5.7 to fix CVE-2026-45445,
CVE-2026-34180,CVE-2026-9076,CVE-2026-34181,CVE-2026-42764,CVE-2026-34183,
CVE-2026-34182,CVE-2026-45447,CVE-2026-7383.</p>
<h3>Change</h3>
<h3 id="cos-121-18867-381-201_">cos-121-18867-381-201 <a id='"cos-arm64-121-18867-381-201"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/4a8a5b51fdf34070ff4e32703516ae6e2dbb3a1e
">COS-6.6.137</a></td>
<td>v27.5.1</td>
<td>v2.0.8</td>
<td><a href="https://storage.googleapis.com/cos-tools/18867.381.201/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Change</h3>
<p>Updated app-containers/docker-credential-gcr to v2.1.32, app-containers/docker-credential-helpers to v0.9.7, app-containers/nvidia-container-toolkit to v1.17.9, dev-libs/isa-l to v2.31.1, dev-python/oauthlib to v3.0.2, net-fs/nfs-utils to v2.6.4, sec-policy/apparmor-profiles to v3.1.7, sys-apps/apparmor to v3.1.7, sys-libs/libapparmor to v3.1.7.</p>
<h3>Change</h3>
<p>Updated app-editors/vim to v9.1.2148, app-editors/vim-core to v9.1.2148, dev-libs/libtraceevent to v1.7.3, dev-libs/libtracefs to v1.6.4, net-firewall/conntrack-tools to v1.4.9, sys-fs/fuse to v2.9.9, sys-fs/fuse-common to v3.10.5.</p>
<h3>Change</h3>
<p>Updated gzip to v1.14_p20260502, xz-utils to v5.4.7, zstd to v1.5.7, python-exec-conf to v2.4.10, expat to v2.8.1, json-c to v0.16.20220414, libaio to v0.3.113, xxhash to v0.8.3, PySocks to v1.6.8, cryptography to v39.0.2, markupsafe to v2.1.5, pyrsistent to v0.14.11, python-magic to v0.4.27, pyyaml to v6.0.3, rfc3339-validator to v0.1.4, urllib3 to v1.26.20, c-ares to v1.34.6, iptables to v1.8.13, gentoo-functions to v1.7.7, mawk to v1.3.4_p20260302, lvm2 to v2.03.39, binutils-libs to v2.46.1, libxcrypt to v4.4.38, talloc to v2.4.4, procps to v4.0.6.</p>
<h3>Fixed</h3>
<p>Upgraded app-admin/logrotate to v3.22.0-r1.</p>
<h3>Fixed</h3>
<p>Upgraded app-admin/sosreport to v4.11.2.</p>
<h3>Fixed</h3>
<p>Upgraded app-shells/dash to v0.5.13.4-r2.</p>
<h3>Fixed</h3>
<p>Upgraded dev-db/sqlite to v3.53.1.</p>
<h3>Fixed</h3>
<p>Upgraded net-misc/curl to v8.20.0-r1.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/less to v704.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-41567 in app-containers/docker.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-41568 in app-containers/docker.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-42306 in app-containers/docker.</p>
<h3>Security</h3>
<p>Fixed CVE-2024-56647 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2025-38584 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-11822, CVE-2026-11824 in dev-db/sqlite.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-43088 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-43116 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-45850 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46321 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46322 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52908 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52910 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52912 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52920 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52921 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52923 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52925 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52927 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52928 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52930 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52933 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52942 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52943 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52969 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52970 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52974 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52977 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52984 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52986 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52989 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52998 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52999 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53001 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53002 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53003 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53006 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53012 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53013 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53021 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53032 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53034 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53035 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53036 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53050 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53060 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53062 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53063 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53064 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53069 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53074 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53075 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53076 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53080 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53083 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53094 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53126 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-7210 in dev-lang/python.</p>
<h3>Security</h3>
<p>Upgraded dev-libs/openssl to v3.0.21 to fix CVE-2026-9076,
CVE-2026-45447,CVE-2026-34182,CVE-2026-34180,CVE-2026-45445,CVE-2026-7383.</p>
<h3>Change</h3>
<h3 id="cos-117-18613-613-77_">cos-117-18613-613-77 <a id='"cos-arm64-117-18613-613-77"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/6112fa0f1e427bf98fe4d7f096d82f5036a20dd1
">COS-6.6.137</a></td>
<td>v24.0.9</td>
<td>v1.7.31</td>
<td><a href="https://storage.googleapis.com/cos-tools/18613.613.77/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Change</h3>
<p>Updated app-admin/sosreport to v4.10.2, app-containers/docker-credential-gcr to v2.1.32, app-containers/docker-credential-helpers to v0.9.7, app-containers/nvidia-container-toolkit to v1.17.9, dev-libs/isa-l to v2.31.1, dev-python/oauthlib to v3.0.2, net-fs/nfs-utils to v2.6.4, sec-policy/apparmor-profiles to v3.1.7, sys-apps/apparmor to v3.1.7, sys-libs/libapparmor to v3.1.7.</p>
<h3>Change</h3>
<p>Updated app-editors/vim to v9.1.2148, app-editors/vim-core to v9.1.2148, dev-libs/libtraceevent to v1.7.3, dev-libs/libtracefs to v1.6.4, net-firewall/conntrack-tools to v1.4.9, sys-fs/fuse to v2.9.9, sys-fs/fuse-common to v3.10.5.</p>
<h3>Change</h3>
<p>Updated gzip to v1.14_p20260502, xz-utils to v5.4.7, zstd to v1.5.7, python-exec-conf to v2.4.10, expat to v2.8.1, json-c to v0.16.20220414, libaio to v0.3.113, xxhash to v0.8.3, PySocks to v1.6.8, cryptography to v39.0.2, markupsafe to v2.1.5, ptyprocess to v0.5.2, pyrsistent to v0.14.11, python-magic to v0.4.27, pyyaml to v6.0.3, rfc3339-validator to v0.1.4, rfc3987 to v1.3.8, urllib3 to v1.26.20, iptables to v1.8.13, mawk to v1.3.4_p20260302, lvm2 to v2.03.39, binutils-libs to v2.46.1, libxcrypt to v4.4.38.</p>
<h3>Fixed</h3>
<p>Upgraded app-admin/logrotate to v3.22.0-r1.</p>
<h3>Fixed</h3>
<p>Upgraded app-shells/dash to v0.5.13.4-r1.</p>
<h3>Fixed</h3>
<p>Upgraded dev-db/sqlite to v3.53.1.</p>
<h3>Fixed</h3>
<p>Upgraded net-misc/curl to v8.20.0-r1.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/gentoo-functions to v1.7.7.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/less to v704.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-11822, CVE-2026-11824 in dev-db/sqlite.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-43088 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-43116 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-43129 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-45850 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46321 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46322 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52908 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52910 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52912 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52920 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52921 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52923 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52925 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52927 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52928 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52933 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52936 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52942 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52943 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52969 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52970 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52974 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52977 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52984 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52986 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52989 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52998 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-52999 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53001 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53002 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53003 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53006 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53012 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53013 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53021 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53032 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53034 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53035 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53036 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53050 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53060 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53062 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53063 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53064 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53069 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53074 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53075 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53076 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53080 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53083 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53094 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-53126 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-7210 in dev-lang/python.</p>
<h3>Security</h3>
<p>Upgraded dev-libs/openssl to v3.0.21 to fix CVE-2026-34180,
CVE-2026-45447,CVE-2026-45445,CVE-2026-9076,CVE-2026-7383,CVE-2026-34182.</p>
<h2 class="release-note-product-title">Dataform</h2>
<h3>Feature</h3>
<p>You can grant workflows
<a href="https://docs.cloud.google.com/dataform/docs/schedule-runs">access to Bigtable, Google Drive, and Knowledge Catalog</a>
when running or scheduling them with your Google Account user credentials.
Extended access options are available in
<a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<h2 class="release-note-product-title">Gemini Enterprise</h2>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: Jira Data Center federated data store</strong></p>
<p>The Jira Data Center federated data store is generally available (GA) in
Gemini Enterprise.</p>
<p>For more information, see
<a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/jira-dc">Jira Data Center</a>.</p>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: Action-filtering support for Microsoft SharePoint and OneDrive data stores (Preview)</strong></p>
<p>Filters configured on Microsoft SharePoint and Microsoft OneDrive federated data stores apply to both search queries and action execution. These filters let you specify which SharePoint sites and OneDrive paths are accessible to the Assistant; mutations or retrievals on out-of-scope data fail or return no results.</p>
<p>This feature is in Public Preview. For more information, see:</p>
<ul>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/ms-sharepoint/set-up-data-store">Set up a Microsoft SharePoint data store</a> and <a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/ms-sharepoint/add-filters-to-sharepoint-data-store">Add filters to a Microsoft SharePoint data store</a></li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/ms-onedrive/set-up-data-store">Set up a Microsoft OneDrive data store</a> and <a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/ms-onedrive/add-filters-to-onedrive-data-store">Add filters to a Microsoft OneDrive data store</a></li>
</ul>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: HubSpot federated data store</strong></p>
<p>The HubSpot federated data store is generally available (GA) in Gemini
Enterprise.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/hubspot/set-up-data-store">Set up a HubSpot data
store</a>.</p>
<h2 class="release-note-product-title">Gemini Enterprise Agent Platform</h2>
<h3>Feature</h3>
<p><strong>Gemini 3.5 Flash default model for Memory Bank</strong></p>
<p>The default model used for Memory Bank generation is now Gemini 3.5 Flash
instead of Gemini 2.5 Flash. For information, see
<a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/scale/memory-bank/setup">Set up Memory Bank</a>.</p>
<h3>Feature</h3>
<p><strong>Semantic Governance Policies available in Public Preview</strong></p>
<p>Semantic Governance Policies (SGP) and the SGP engine are now available in <a href="https://cloud.google.com/products#product-launch-stages">Preview</a>. SGP provides an intelligent security and compliance layer that evaluates an AI agent's proposed tool calls against user intent and organizational business rules at runtime.</p>
<p>Key capabilities include:</p>
<ul>
<li><strong>Natural Language Constraints (NLC):</strong> Author declarative business rules and security guardrails in plain English without needing to write code or redeploy agent applications.</li>
<li><strong>Layered Intent Gating:</strong> Intercepts agent tool calls at runtime to verify alignment with trusted user intent and prevent unauthorized actions, rogue tool use, and data exfiltration.</li>
<li><strong>Granular Scoping:</strong> Apply constraints globally across all tools for an agent or target specific tools and parameters (e.g., enforcing strict financial limits or geographic restrictions).</li>
<li><strong>Agent Skills Lifecycle Governance:</strong> Protects agents from context poisoning and supply-chain exploits by governing the dynamic loading of Agent Skills (tool packages) during sessions.</li>
<li><strong>Dry Run Mode:</strong> Test and observe policy verdicts in Log Explorer before enforcing them on active traffic.</li>
</ul>
<p>For more information, see <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/govern/policies/semantic-governance-overview">Semantic governance policies overview</a>.</p>
<h3>Feature</h3>
<p><strong>Provisioned Throughput: Email notifications GA</strong></p>
<p>The ability to get email notifications for Provisioned Throughput
events is generally available. See <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/models/provisioned-throughput/use-provisioned-throughput#email-notifications">Get email
notifications</a>.</p>
<h2 class="release-note-product-title">Google Kubernetes Engine</h2>
<h3>Change</h3>
<h4 id="2026-r26-version-updates">(2026-R26) Version updates</h4>
<p>GKE cluster versions have been updated.</p>
<p><strong>New versions available for upgrades and new clusters.</strong></p>
<p>The following versions are now available for new GKE clusters, and for
manual control plane upgrades and node upgrades for existing clusters. For more
information about versioning and upgrades, see <a href="https://cloud.google.com/kubernetes-engine/versioning">GKE versioning and
support</a> and <a href="https://cloud.google.com/kubernetes-engine/upgrades">About GKE
cluster upgrades</a>.</p>
<div>
<devsite-selector>
<section>
<h3>Rapid channel</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302004</a> is now the default version for cluster creation in the Rapid channel.</li>
<li>The following versions are now available in the Rapid channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1270000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349">1.34.9-gke.1065000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356">1.35.6-gke.1049000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3712000</a></li>
</ul></li>
<li>The following versions are no longer available in the Rapid channel:
<ul>
<li>1.33.12-gke.1165000</li>
<li>1.34.8-gke.1278000</li>
<li>1.35.5-gke.1241004</li>
<li>1.36.0-gke.3070003</li>
<li>1.36.0-gke.3302001 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Rapid channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1208000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1284000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1324000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302004</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1208000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1284000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1324000</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302004</a></li>
</ul></li>
</ul></li>
</ul>
</section>
<section>
<h3>Regular channel</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a> is now the default version for cluster creation in the Regular channel.</li>
<li>The following versions are now available in the Regular channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
<li>The following versions are no longer available in the Regular channel:
<ul>
<li>1.33.12-gke.1059000</li>
<li>1.34.8-gke.1126000</li>
<li>1.35.5-gke.1057002</li>
<li>1.36.0-gke.2459000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Regular channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1218000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1218000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a></li>
</ul></li>
</ul></li>
</ul>
</section>
<section>
<h3>Stable channel</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a> is now the default version for cluster creation in the Stable channel.</li>
<li>The following versions are now available in the Stable channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
</ul></li>
<li>The following versions are no longer available in the Stable channel:
<ul>
<li>1.33.11-gke.1197000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Stable channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.7-gke.1499000</li>
<li>1.35.3-gke.2190000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Stable channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1000000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1000000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000004</a></li>
</ul></li>
</ul></li>
</ul>
</section>
<section>
<h3>Extended channel</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a> is now the default version for cluster creation in the Extended channel.</li>
<li>The following versions are now available in the Extended channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2746000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.2157000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1729000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1829000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
<li>The following versions are no longer available in the Extended channel:
<ul>
<li>1.30.14-gke.2558000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.31.14-gke.1967000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.32.13-gke.1592000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.32.13-gke.1740000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.33.12-gke.1059000</li>
<li>1.34.8-gke.1126000</li>
<li>1.35.5-gke.1057002</li>
<li>1.36.0-gke.2459000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.29 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2608000</a></li>
<li>1.30 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.1986000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.30 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2608000</a></li>
<li>1.31 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.1986000</a></li>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1657000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1218000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a></li>
</ul></li>
</ul></li>
</ul>
</section>
<section>
<h3>No channel (deprecated)</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a> is now the default version for cluster creation.</li>
<li>The following versions are now available:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1270000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349">1.34.9-gke.1065000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356">1.35.6-gke.1049000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3712000</a></li>
</ul></li>
<li>The following node versions are now available:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2746000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.2157000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1829000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1270000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349">1.34.9-gke.1065000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356">1.35.6-gke.1049000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3712000</a></li>
</ul></li>
<li>The following versions are no longer available:
<ul>
<li>1.33.11-gke.1197000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.7-gke.1055000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.3-gke.2190000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1000000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.36.0-gke.2459000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.36.0-gke.3302001 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a></li>
</ul></li>
</ul></li>
</ul>
</section>
</devsite-selector>
</div>
<h3>Security</h3>
<h4 id="2026-r26-security-updates">(2026-R26) Security updates</h4>
<p>This release includes new GKE versions that use updated
Container-Optimized OS images. These updated images are cumulative,
incorporating security fixes from all Container-Optimized OS
versions released since the previous GKE release.</p>
<p>To identify the specific vulnerabilities that were resolved in each updated
Container-Optimized OS image, see the <strong>Security</strong> release notes
for that image. The following table includes links to the release notes for
each updated Container-Optimized OS image:</p>
<p>
<table>
<tbody>
<tr>
<th>GKE version</th>
<th>Container-Optimized OS version</th>
<th>Details</th>
</tr>
<tr>
<td>1.30.14-gke.2746000</td>
<td>cos-117-18613-613-61</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m117#cos-117-18613-613-61_">cos-117-18613-613-61 release notes</a></td>
</tr>
<tr>
<td>1.31.14-gke.2157000</td>
<td>cos-117-18613-613-61</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m117#cos-117-18613-613-61_">cos-117-18613-613-61 release notes</a></td>
</tr>
<tr>
<td>1.32.13-gke.1829000</td>
<td>cos-117-18613-613-61</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m117#cos-117-18613-613-61_">cos-117-18613-613-61 release notes</a></td>
</tr>
<tr>
<td>1.33.12-gke.1270000</td>
<td>cos-121-18867-381-183</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m121#cos-121-18867-381-183_">cos-121-18867-381-183 release notes</a></td>
</tr>
<tr>
<td>1.34.9-gke.1065000</td>
<td>cos-125-19216-395-109</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m125#cos-125-19216-395-109_">cos-125-19216-395-109 release notes</a></td>
</tr>
<tr>
<td>1.35.6-gke.1049000</td>
<td>cos-125-19216-395-109</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m125#cos-125-19216-395-109_">cos-125-19216-395-109 release notes</a></td>
</tr>
<tr>
<td>1.36.0-gke.3712000</td>
<td>cos-129-19506-224-49</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m129#cos-129-19506-224-49_">cos-129-19506-224-49 release notes</a></td>
</tr>
</tbody>
</table>
</p>
<h3>Change</h3>
<h4 id="2026-r26-version-updates">(2026-R26) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a> is now the default version for cluster creation in the Stable channel.</li>
<li>The following versions are now available in the Stable channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
</ul></li>
<li>The following versions are no longer available in the Stable channel:
<ul>
<li>1.33.11-gke.1197000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Stable channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.7-gke.1499000</li>
<li>1.35.3-gke.2190000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Stable channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1000000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1000000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000004</a></li>
</ul></li>
</ul></li>
</ul>
<h3>Change</h3>
<h4 id="2026-r26-version-updates">(2026-R26) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a> is now the default version for cluster creation in the Regular channel.</li>
<li>The following versions are now available in the Regular channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
<li>The following versions are no longer available in the Regular channel:
<ul>
<li>1.33.12-gke.1059000</li>
<li>1.34.8-gke.1126000</li>
<li>1.35.5-gke.1057002</li>
<li>1.36.0-gke.2459000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Regular channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1218000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1218000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a></li>
</ul></li>
</ul></li>
</ul>
<h3>Change</h3>
<h4 id="2026-r26-version-updates">(2026-R26) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302004</a> is now the default version for cluster creation in the Rapid channel.</li>
<li>The following versions are now available in the Rapid channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1270000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349">1.34.9-gke.1065000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356">1.35.6-gke.1049000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3712000</a></li>
</ul></li>
<li>The following versions are no longer available in the Rapid channel:
<ul>
<li>1.33.12-gke.1165000</li>
<li>1.34.8-gke.1278000</li>
<li>1.35.5-gke.1241004</li>
<li>1.36.0-gke.3070003</li>
<li>1.36.0-gke.3302001 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Rapid channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1208000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1284000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1324000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302004</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1208000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1284000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1324000</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302004</a></li>
</ul></li>
</ul></li>
</ul>
<h3>Change</h3>
<h4 id="2026-r26-version-updates">(2026-R26) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a> is now the default version for cluster creation.</li>
<li>The following versions are now available:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1270000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349">1.34.9-gke.1065000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356">1.35.6-gke.1049000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3712000</a></li>
</ul></li>
<li>The following node versions are now available:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2746000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.2157000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1829000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1270000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349">1.34.9-gke.1065000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356">1.35.6-gke.1049000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3712000</a></li>
</ul></li>
<li>The following versions are no longer available:
<ul>
<li>1.33.11-gke.1197000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.7-gke.1055000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.3-gke.2190000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1000000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.36.0-gke.2459000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.36.0-gke.3302001 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a></li>
</ul></li>
</ul></li>
</ul>
<h3>Change</h3>
<h4 id="2026-r26-version-updates">(2026-R26) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a> is now the default version for cluster creation in the Extended channel.</li>
<li>The following versions are now available in the Extended channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2746000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.2157000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1729000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1829000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
<li>The following versions are no longer available in the Extended channel:
<ul>
<li>1.30.14-gke.2558000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.31.14-gke.1967000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.32.13-gke.1592000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.32.13-gke.1740000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.33.12-gke.1059000</li>
<li>1.34.8-gke.1126000</li>
<li>1.35.5-gke.1057002</li>
<li>1.36.0-gke.2459000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.29 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2608000</a></li>
<li>1.30 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.1986000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.30 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2608000</a></li>
<li>1.31 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.1986000</a></li>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1657000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1218000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a></li>
</ul></li>
</ul></li>
</ul>
<h2 class="release-note-product-title">Managed Service for Apache Airflow</h2>
<h3>Announcement</h3>
<p>A new Managed Service for Apache Airflow release has started on <strong>June 29, 2026</strong>. Get ready
for upcoming changes and features as we roll out the new release to all regions.
This release is in progress at the moment. Listed changes and features might
not be available in some regions yet.</p>
<h3>Change</h3>
<p>New <a href="https://docs.cloud.google.com/composer/docs/composer-versions#images-composer-3">Airflow builds</a>
are available in Managed Airflow (Gen 3):</p>
<ul>
<li><a href="https://docs.cloud.google.com/composer/docs/versions-packages#composer-3-airflow-3-1-7-build-12">composer-3-airflow-3.1.7-build.12</a></li>
<li><a href="https://docs.cloud.google.com/composer/docs/versions-packages#composer-3-airflow-2-11-1-build-8">composer-3-airflow-2.11.1-build.8</a> (default)</li>
<li><a href="https://docs.cloud.google.com/composer/docs/versions-packages#composer-3-airflow-2-10-5-build-41">composer-3-airflow-2.10.5-build.41</a></li>
</ul>
<h3>Change</h3>
<p>New <a href="https://docs.cloud.google.com/composer/docs/composer-versions#images-composer-2">images</a>
are available in Managed Airflow (Gen 2):</p>
<ul>
<li><a href="https://docs.cloud.google.com/composer/docs/versions-packages#composer-2-17-5-airflow-2-11-1">composer-2.17.5-airflow-2.11.1</a> (default)</li>
<li><a href="https://docs.cloud.google.com/composer/docs/versions-packages#composer-2-17-5-airflow-2-10-5">composer-2.17.5-airflow-2.10.5</a></li>
</ul>
<h2 class="release-note-product-title">Retail API</h2>
<h3>Feature</h3>
<p>Vertex AI Search for commerce, which has been previously known under the mame Retail Search, has been rebranded to AI Commerce Search in Gemini Enterprise for Customer Experience.</p>
<p>An intelligent AI search platform customized for ecommerce use cases, AI Commerce Search now belongs to the Gemini Enterprise for Customer Experience product suite.</p>
<p>For general product information, see <a href="https://cloud.google.com/gemini-enterprise-cx/commerce?e=48754805">AI Commerce Search on Gemini Enterprise for Customer Experience</a>.</p>
<h2 class="release-note-product-title">Sensitive Data Protection</h2>
<h3>Feature</h3>
<p>You can configure Sensitive Data Protection to detect specific file labels,
which can represent Google Drive labels or Microsoft sensitivity labels. For
more information, see <a href="https://docs.cloud.google.com/sensitive-data-protection/docs/create-custom-infotypes-metadata-labels">Create a custom metadata label
detector</a>.</p>
<h2 class="release-note-product-title">VPC Service Controls</h2>
<h3>Feature</h3>
<p><strong>VPC Service Controls feature:</strong> Support for using the following identities in
ingress and egress rules to allow access to resources protected by a service
perimeter is <a href="https://cloud.google.com/products#product-launch-stages">generally available</a>:</p>
<ul>
<li>Agent identities</li>
<li>SPIFFE formats for third-party workforce and workload identities</li>
</ul>
<p>For more information, see <a href="https://docs.cloud.google.com/vpc-service-controls/docs/configure-identity-groups">Configure identity groups and third-party identities in ingress and egress rules</a> and <a href="https://docs.cloud.google.com/vpc-service-controls/docs/supported-identities">Supported identities for ingress and egress rules</a>.</p>
<h2 class="release-note-product-title">reCAPTCHA</h2>
<h3>Change</h3>
<p>reCAPTCHA Mobile SDK v18.9.2 is available for Android. This version
includes minor bug fixes.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 28, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_28_2026</id>
    <updated>2026-06-28T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_28_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Google SecOps</h2>
<h3>Change</h3>
<p>Google SecOps has updated the list of <a href="https://docs.cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers">supported default parsers</a>. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.</p>
<p>The following supported default parsers have been updated. Each parser is listed by product name and <code>log_type</code> value, where applicable. This list includes both released default parsers and pending parser updates.</p>
<ul>
<li>AIX system (<code>AIX_SYSTEM</code>)</li>
<li>Amazon API Gateway (<code>AWS_API_GATEWAY</code>)</li>
<li>Apache (<code>APACHE</code>)</li>
<li>Appian Cloud (<code>APPIAN_CLOUD</code>)</li>
<li>Aruba Switch (<code>ARUBA_SWITCH</code>)</li>
<li>Atlassian Bitbucket (<code>ATLASSIAN_BITBUCKET</code>)</li>
<li>Avaya Aura Experience Portal (<code>AVAYA_AURA</code>)</li>
<li>AWS CloudWatch (<code>AWS_CLOUDWATCH</code>)</li>
<li>AWS GuardDuty (<code>GUARDDUTY</code>)</li>
<li>AWS Network Firewall (<code>AWS_NETWORK_FIREWALL</code>)</li>
<li>AWS RDS (<code>AWS_RDS</code>)</li>
<li>AWS Security Hub (<code>AWS_SECURITY_HUB</code>)</li>
<li>AWS VPC Flow (<code>AWS_VPC_FLOW</code>)</li>
<li>AWS VPC Flow (CSV) (<code>AWS_VPC_FLOW_CSV</code>)</li>
<li>AWS WAF (<code>AWS_WAF</code>)</li>
<li>Azure AD (<code>AZURE_AD</code>)</li>
<li>Barracuda WAF (<code>BARRACUDA_WAF</code>)</li>
<li>Blue Coat Proxy (<code>BLUECOAT_WEBPROXY</code>)</li>
<li>Cato Networks (<code>CATO_NETWORKS</code>)</li>
<li>Check Point Harmony (<code>CHECKPOINT_HARMONY</code>)</li>
<li>Chrome Management (<code>CHROME_MANAGEMENT</code>)</li>
<li>CircleCI (<code>CIRCLECI</code>)</li>
<li>Cisco ACS (<code>CISCO_ACS</code>)</li>
<li>Cisco ASA (<code>CISCO_ASA_FIREWALL</code>)</li>
<li>Cisco Email Security (<code>CISCO_EMAIL_SECURITY</code>)</li>
<li>Cisco Firepower NGFW (<code>CISCO_FIREPOWER_FIREWALL</code>)</li>
<li>Cisco IronPort (<code>CISCO_IRONPORT</code>)</li>
<li>Cisco ISE (<code>CISCO_ISE</code>)</li>
<li>Cisco Meraki (<code>CISCO_MERAKI</code>)</li>
<li>Cisco Router (<code>CISCO_ROUTER</code>)</li>
<li>Cisco Secure Access (<code>CISCO_SECURE_ACCESS</code>)</li>
<li>Cisco Switch (<code>CISCO_SWITCH</code>)</li>
<li>Cisco Umbrella Audit (<code>CISCO_UMBRELLA_AUDIT</code>)</li>
<li>Cisco Umbrella Cloud Firewall (<code>UMBRELLA_FIREWALL</code>)</li>
<li>Cisco Umbrella Web Proxy (<code>UMBRELLA_WEBPROXY</code>)</li>
<li>Cisco vManage SD-WAN (<code>CISCO_SDWAN</code>)</li>
<li>Cisco WLC/WCS (<code>CISCO_WIRELESS</code>)</li>
<li>Citrix Netscaler (<code>CITRIX_NETSCALER</code>)</li>
<li>Claroty Xdome (<code>CLAROTY_XDOME</code>)</li>
<li>Cloudflare (<code>CLOUDFLARE</code>)</li>
<li>Corelight (<code>CORELIGHT</code>)</li>
<li>CrowdStrike Alerts API (<code>CS_ALERTS</code>)</li>
<li>CrowdStrike Falcon (<code>CS_EDR</code>)</li>
<li>CyberArk PTA Privileged Threat Analytics (<code>CYBERARK_PTA</code>)</li>
<li>Cynet 360 AutoXDR (<code>CYNET_360_AUTOXDR</code>)</li>
<li>Dell Switch (<code>DELL_SWITCH</code>)</li>
<li>Elastic Windows Event Log Beats (<code>ELASTIC_WINLOGBEAT</code>)</li>
<li>F5 ASM (<code>F5_ASM</code>)</li>
<li>F5 BIGIP LTM (<code>F5_BIGIP_LTM</code>)</li>
<li>FireEye ETP (<code>FIREEYE_ETP</code>)</li>
<li>FireEye NX (<code>FIREEYE_NX</code>)</li>
<li>Forcepoint Proxy (<code>FORCEPOINT_WEBPROXY</code>)</li>
<li>FortiGate (<code>FORTINET_FIREWALL</code>)</li>
<li>FortiMail Email Security (<code>FORTINET_FORTIMAIL</code>)</li>
<li>Fortinet FortiAnalyzer (<code>FORTINET_FORTIANALYZER</code>)</li>
<li>Fortinet Web Application Firewall (<code>FORTINET_FORTIWEB</code>)</li>
<li>GitHub (<code>GITHUB</code>)</li>
<li>Google Cloud Audit (<code>GCP_CLOUDAUDIT</code>)</li>
<li>Google Cloud DNS (<code>GCP_DNS</code>)</li>
<li>HAProxy (<code>HAPROXY</code>)</li>
<li>IBM Tape Storages (<code>IBM_LTO</code>)</li>
<li>Imperva CEF (<code>IMPERVA_CEF</code>)</li>
<li>Imperva SecureSphere Management (<code>IMPERVA_SECURESPHERE</code>)</li>
<li>Infoblox DNS (<code>INFOBLOX_DNS</code>)</li>
<li>Island Browser logs (<code>ISLAND_BROWSER</code>)</li>
<li>JumpCloud Directory Insights (<code>JUMPCLOUD_DIRECTORY_INSIGHTS</code>)</li>
<li>Kemp Load Balancer (<code>KEMP_LOADBALANCER</code>)</li>
<li>Kubernetes Node (<code>KUBERNETES_NODE</code>)</li>
<li>ManageEngine ADAudit Plus (<code>ADAUDIT_PLUS</code>)</li>
<li>Microsoft Defender for Endpoint (<code>MICROSOFT_DEFENDER_ENDPOINT</code>)</li>
<li>Microsoft Defender for Office 365 (<code>MICROSOFT_DEFENDER_MAIL</code>)</li>
<li>Microsoft Graph API Alerts (<code>MICROSOFT_GRAPH_ALERT</code>)</li>
<li>Microsoft IIS (<code>IIS</code>)</li>
<li>Microsoft SQL Server (<code>MICROSOFT_SQL</code>)</li>
<li>MISP Threat Intelligence (<code>MISP_IOC</code>)</li>
<li>NetApp ONTAP (<code>NETAPP_ONTAP</code>)</li>
<li>NetIQ eDirectory (<code>NETIQ_EDIRECTORY</code>)</li>
<li>Netskope V2 (<code>NETSKOPE_ALERT_V2</code>)</li>
<li>Netskope Web Proxy (<code>NETSKOPE_WEBPROXY</code>)</li>
<li>NGINX (<code>NGINX</code>)</li>
<li>Noname API Security (<code>NONAME_API_SECURITY</code>)</li>
<li>Office 365 (<code>OFFICE_365</code>)</li>
<li>Okta (<code>OKTA</code>)</li>
<li>Oracle (<code>ORACLE_DB</code>)</li>
<li>Oracle Cloud Infrastructure VCN Flow Logs (<code>OCI_FLOW</code>)</li>
<li>Oracle NetSuite (<code>ORACLE_NETSUITE</code>)</li>
<li>Palo Alto Networks Firewall (<code>PAN_FIREWALL</code>)</li>
<li>Palo Alto Panorama (<code>PAN_PANORAMA</code>)</li>
<li>Palo Alto Prisma Access (<code>PAN_CASB</code>)</li>
<li>Palo Alto Prisma Cloud Alert payload (<code>PAN_PRISMA_CA</code>)</li>
<li>Ping Identity (<code>PING</code>)</li>
<li>Proofpoint On Demand (<code>PROOFPOINT_ON_DEMAND</code>)</li>
<li>RSA (<code>RSA_AUTH_MANAGER</code>)</li>
<li>Salesforce (<code>SALESFORCE</code>)</li>
<li>Security Command Center Error (<code>GCP_SECURITYCENTER_ERROR</code>)</li>
<li>Security Command Center Misconfiguration (<code>GCP_SECURITYCENTER_MISCONFIGURATION</code>)</li>
<li>Security Command Center Observation (<code>GCP_SECURITYCENTER_OBSERVATION</code>)</li>
<li>Security Command Center Posture Violation (<code>GCP_SECURITYCENTER_POSTURE_VIOLATION</code>)</li>
<li>Security Command Center Threat (<code>GCP_SECURITYCENTER_THREAT</code>)</li>
<li>Security Command Center Toxic Combination (<code>GCP_SECURITYCENTER_TOXIC_COMBINATION</code>)</li>
<li>Security Command Center Unspecified (<code>GCP_SECURITYCENTER_UNSPECIFIED</code>)</li>
<li>Security Command Center Vulnerability (<code>GCP_SECURITYCENTER_VULNERABILITY</code>)</li>
<li>Sendmail (<code>SENDMAIL</code>)</li>
<li>Sentinelone Activity (<code>SENTINELONE_ACTIVITY</code>)</li>
<li>ServiceNow CMDB (<code>SERVICENOW_CMDB</code>)</li>
<li>Sophos Firewall (Next Gen) (<code>SOPHOS_FIREWALL</code>)</li>
<li>Squid Web Proxy (<code>SQUID_WEBPROXY</code>)</li>
<li>Symantec EDR (<code>SYMANTEC_EDR</code>)</li>
<li>Symantec Endpoint Protection (<code>SEP</code>)</li>
<li>Sysdig (<code>SYSDIG</code>)</li>
<li>Thinkst Canary (<code>THINKST_CANARY</code>)</li>
<li>Trellix EDRF Trace Data and Telemetry (<code>TRELLIX_EDRF</code>)</li>
<li>Trend Micro Vision One Detections (<code>TRENDMICRO_VISION_ONE_DETECTIONS</code>)</li>
<li>Trend Micro Vision One Workbench (<code>TRENDMICRO_VISION_ONE_WORKBENCH</code>)</li>
<li>Unix system (<code>NIX_SYSTEM</code>)</li>
<li>Varonis (<code>VARONIS</code>)</li>
<li>Veeam (<code>VEEAM</code>)</li>
<li>VMware vCenter (<code>VMWARE_VCENTER</code>)</li>
<li>VMWare VSphere (<code>VMWARE_VSPHERE</code>)</li>
<li>Windows DNS (<code>WINDOWS_DNS</code>)</li>
<li>Windows Event (<code>WINEVTLOG</code>)</li>
<li>Windows Event (XML) (<code>WINEVTLOG_XML</code>)</li>
<li>Windows Sysmon (<code>WINDOWS_SYSMON</code>)</li>
<li>wiz.io (<code>WIZ_IO</code>)</li>
<li>Workday User Activity (<code>WORKDAY_USER_ACTIVITY</code>)</li>
<li>Zeek JSON (<code>BRO_JSON</code>)</li>
<li>Zscaler (<code>ZSCALER_WEBPROXY</code>)</li>
<li>ZScaler NGFW (<code>ZSCALER_FIREWALL</code>)</li>
</ul>
<p>The following log types were added without a default parser. Each parser is listed by product name and <code>log_type</code> value, where applicable.</p>
<ul>
<li>Cisco Secure Access Enrollment (<code>CISCO_SECURE_ACCESS_ENROLLMENT</code>)</li>
<li>Cisco Secure Access Network (<code>CISCO_SECURE_ACCESS_NETWORK</code>)</li>
<li>CyberArk Certificate Manager SaaS (<code>CYBERARK_CERTIFICATE_MANAGER_SAAS</code>)</li>
<li>Gemini Enterprise Agent Platform (<code>GEMINI_ENTERPRISE_AGENT_PLATFORM</code>)</li>
<li>Schneider Electric GeoScada OT (<code>GEOSCADA_OT</code>)</li>
<li>Model Context Protocol Dev (<code>MCPDEV</code>)</li>
<li>Model Context Protocol Modify (<code>MCPMODIFY</code>)</li>
<li>Model Context Protocol View (<code>MCPVIEW</code>)</li>
<li>NetApp Ransomware Resilience (<code>NETAPP_RANSOMWARE_RESILIENCE</code>)</li>
<li>Netskope Log Streaming (<code>NETSKOPE_LOG_STREAMING</code>)</li>
<li>Pylon Audit Logs (<code>PYLON_LOGS</code>)</li>
<li>Reco AI CSPM (<code>RECO_CSPM</code>)</li>
<li>Salt Security API Protection Platform (<code>SALT_SECURITY</code>)</li>
<li>SentinelOne Application (<code>SENTINELONE_APPLICATION</code>)</li>
<li>Wiz Vulnerabilities (<code>WIZ_VULNERABILITIES</code>)</li>
</ul>
<h2 class="release-note-product-title">Google SecOps SIEM</h2>
<h3>Change</h3>
<p>Google SecOps has updated the list of <a href="https://docs.cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers">supported default parsers</a>. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.</p>
<p>The following supported default parsers have been updated. Each parser is listed by product name and <code>log_type</code> value, where applicable. This list includes both released default parsers and pending parser updates.</p>
<ul>
<li>AIX system (<code>AIX_SYSTEM</code>)</li>
<li>Amazon API Gateway (<code>AWS_API_GATEWAY</code>)</li>
<li>Apache (<code>APACHE</code>)</li>
<li>Appian Cloud (<code>APPIAN_CLOUD</code>)</li>
<li>Aruba Switch (<code>ARUBA_SWITCH</code>)</li>
<li>Atlassian Bitbucket (<code>ATLASSIAN_BITBUCKET</code>)</li>
<li>Avaya Aura Experience Portal (<code>AVAYA_AURA</code>)</li>
<li>AWS CloudWatch (<code>AWS_CLOUDWATCH</code>)</li>
<li>AWS GuardDuty (<code>GUARDDUTY</code>)</li>
<li>AWS Network Firewall (<code>AWS_NETWORK_FIREWALL</code>)</li>
<li>AWS RDS (<code>AWS_RDS</code>)</li>
<li>AWS Security Hub (<code>AWS_SECURITY_HUB</code>)</li>
<li>AWS VPC Flow (<code>AWS_VPC_FLOW</code>)</li>
<li>AWS VPC Flow (CSV) (<code>AWS_VPC_FLOW_CSV</code>)</li>
<li>AWS WAF (<code>AWS_WAF</code>)</li>
<li>Azure AD (<code>AZURE_AD</code>)</li>
<li>Barracuda WAF (<code>BARRACUDA_WAF</code>)</li>
<li>Blue Coat Proxy (<code>BLUECOAT_WEBPROXY</code>)</li>
<li>Cato Networks (<code>CATO_NETWORKS</code>)</li>
<li>Check Point Harmony (<code>CHECKPOINT_HARMONY</code>)</li>
<li>Chrome Management (<code>CHROME_MANAGEMENT</code>)</li>
<li>CircleCI (<code>CIRCLECI</code>)</li>
<li>Cisco ACS (<code>CISCO_ACS</code>)</li>
<li>Cisco ASA (<code>CISCO_ASA_FIREWALL</code>)</li>
<li>Cisco Email Security (<code>CISCO_EMAIL_SECURITY</code>)</li>
<li>Cisco Firepower NGFW (<code>CISCO_FIREPOWER_FIREWALL</code>)</li>
<li>Cisco IronPort (<code>CISCO_IRONPORT</code>)</li>
<li>Cisco ISE (<code>CISCO_ISE</code>)</li>
<li>Cisco Meraki (<code>CISCO_MERAKI</code>)</li>
<li>Cisco Router (<code>CISCO_ROUTER</code>)</li>
<li>Cisco Secure Access (<code>CISCO_SECURE_ACCESS</code>)</li>
<li>Cisco Switch (<code>CISCO_SWITCH</code>)</li>
<li>Cisco Umbrella Audit (<code>CISCO_UMBRELLA_AUDIT</code>)</li>
<li>Cisco Umbrella Cloud Firewall (<code>UMBRELLA_FIREWALL</code>)</li>
<li>Cisco Umbrella Web Proxy (<code>UMBRELLA_WEBPROXY</code>)</li>
<li>Cisco vManage SD-WAN (<code>CISCO_SDWAN</code>)</li>
<li>Cisco WLC/WCS (<code>CISCO_WIRELESS</code>)</li>
<li>Citrix Netscaler (<code>CITRIX_NETSCALER</code>)</li>
<li>Claroty Xdome (<code>CLAROTY_XDOME</code>)</li>
<li>Cloudflare (<code>CLOUDFLARE</code>)</li>
<li>Corelight (<code>CORELIGHT</code>)</li>
<li>CrowdStrike Alerts API (<code>CS_ALERTS</code>)</li>
<li>CrowdStrike Falcon (<code>CS_EDR</code>)</li>
<li>CyberArk PTA Privileged Threat Analytics (<code>CYBERARK_PTA</code>)</li>
<li>Cynet 360 AutoXDR (<code>CYNET_360_AUTOXDR</code>)</li>
<li>Dell Switch (<code>DELL_SWITCH</code>)</li>
<li>Elastic Windows Event Log Beats (<code>ELASTIC_WINLOGBEAT</code>)</li>
<li>F5 ASM (<code>F5_ASM</code>)</li>
<li>F5 BIGIP LTM (<code>F5_BIGIP_LTM</code>)</li>
<li>FireEye ETP (<code>FIREEYE_ETP</code>)</li>
<li>FireEye NX (<code>FIREEYE_NX</code>)</li>
<li>Forcepoint Proxy (<code>FORCEPOINT_WEBPROXY</code>)</li>
<li>FortiGate (<code>FORTINET_FIREWALL</code>)</li>
<li>FortiMail Email Security (<code>FORTINET_FORTIMAIL</code>)</li>
<li>Fortinet FortiAnalyzer (<code>FORTINET_FORTIANALYZER</code>)</li>
<li>Fortinet Web Application Firewall (<code>FORTINET_FORTIWEB</code>)</li>
<li>GitHub (<code>GITHUB</code>)</li>
<li>Google Cloud Audit (<code>GCP_CLOUDAUDIT</code>)</li>
<li>Google Cloud DNS (<code>GCP_DNS</code>)</li>
<li>HAProxy (<code>HAPROXY</code>)</li>
<li>IBM Tape Storages (<code>IBM_LTO</code>)</li>
<li>Imperva CEF (<code>IMPERVA_CEF</code>)</li>
<li>Imperva SecureSphere Management (<code>IMPERVA_SECURESPHERE</code>)</li>
<li>Infoblox DNS (<code>INFOBLOX_DNS</code>)</li>
<li>Island Browser logs (<code>ISLAND_BROWSER</code>)</li>
<li>JumpCloud Directory Insights (<code>JUMPCLOUD_DIRECTORY_INSIGHTS</code>)</li>
<li>Kemp Load Balancer (<code>KEMP_LOADBALANCER</code>)</li>
<li>Kubernetes Node (<code>KUBERNETES_NODE</code>)</li>
<li>ManageEngine ADAudit Plus (<code>ADAUDIT_PLUS</code>)</li>
<li>Microsoft Defender for Endpoint (<code>MICROSOFT_DEFENDER_ENDPOINT</code>)</li>
<li>Microsoft Defender for Office 365 (<code>MICROSOFT_DEFENDER_MAIL</code>)</li>
<li>Microsoft Graph API Alerts (<code>MICROSOFT_GRAPH_ALERT</code>)</li>
<li>Microsoft IIS (<code>IIS</code>)</li>
<li>Microsoft SQL Server (<code>MICROSOFT_SQL</code>)</li>
<li>MISP Threat Intelligence (<code>MISP_IOC</code>)</li>
<li>NetApp ONTAP (<code>NETAPP_ONTAP</code>)</li>
<li>NetIQ eDirectory (<code>NETIQ_EDIRECTORY</code>)</li>
<li>Netskope V2 (<code>NETSKOPE_ALERT_V2</code>)</li>
<li>Netskope Web Proxy (<code>NETSKOPE_WEBPROXY</code>)</li>
<li>NGINX (<code>NGINX</code>)</li>
<li>Noname API Security (<code>NONAME_API_SECURITY</code>)</li>
<li>Office 365 (<code>OFFICE_365</code>)</li>
<li>Okta (<code>OKTA</code>)</li>
<li>Oracle (<code>ORACLE_DB</code>)</li>
<li>Oracle Cloud Infrastructure VCN Flow Logs (<code>OCI_FLOW</code>)</li>
<li>Oracle NetSuite (<code>ORACLE_NETSUITE</code>)</li>
<li>Palo Alto Networks Firewall (<code>PAN_FIREWALL</code>)</li>
<li>Palo Alto Panorama (<code>PAN_PANORAMA</code>)</li>
<li>Palo Alto Prisma Access (<code>PAN_CASB</code>)</li>
<li>Palo Alto Prisma Cloud Alert payload (<code>PAN_PRISMA_CA</code>)</li>
<li>Ping Identity (<code>PING</code>)</li>
<li>Proofpoint On Demand (<code>PROOFPOINT_ON_DEMAND</code>)</li>
<li>RSA (<code>RSA_AUTH_MANAGER</code>)</li>
<li>Salesforce (<code>SALESFORCE</code>)</li>
<li>Security Command Center Error (<code>GCP_SECURITYCENTER_ERROR</code>)</li>
<li>Security Command Center Misconfiguration (<code>GCP_SECURITYCENTER_MISCONFIGURATION</code>)</li>
<li>Security Command Center Observation (<code>GCP_SECURITYCENTER_OBSERVATION</code>)</li>
<li>Security Command Center Posture Violation (<code>GCP_SECURITYCENTER_POSTURE_VIOLATION</code>)</li>
<li>Security Command Center Threat (<code>GCP_SECURITYCENTER_THREAT</code>)</li>
<li>Security Command Center Toxic Combination (<code>GCP_SECURITYCENTER_TOXIC_COMBINATION</code>)</li>
<li>Security Command Center Unspecified (<code>GCP_SECURITYCENTER_UNSPECIFIED</code>)</li>
<li>Security Command Center Vulnerability (<code>GCP_SECURITYCENTER_VULNERABILITY</code>)</li>
<li>Sendmail (<code>SENDMAIL</code>)</li>
<li>Sentinelone Activity (<code>SENTINELONE_ACTIVITY</code>)</li>
<li>ServiceNow CMDB (<code>SERVICENOW_CMDB</code>)</li>
<li>Sophos Firewall (Next Gen) (<code>SOPHOS_FIREWALL</code>)</li>
<li>Squid Web Proxy (<code>SQUID_WEBPROXY</code>)</li>
<li>Symantec EDR (<code>SYMANTEC_EDR</code>)</li>
<li>Symantec Endpoint Protection (<code>SEP</code>)</li>
<li>Sysdig (<code>SYSDIG</code>)</li>
<li>Thinkst Canary (<code>THINKST_CANARY</code>)</li>
<li>Trellix EDRF Trace Data and Telemetry (<code>TRELLIX_EDRF</code>)</li>
<li>Trend Micro Vision One Detections (<code>TRENDMICRO_VISION_ONE_DETECTIONS</code>)</li>
<li>Trend Micro Vision One Workbench (<code>TRENDMICRO_VISION_ONE_WORKBENCH</code>)</li>
<li>Unix system (<code>NIX_SYSTEM</code>)</li>
<li>Varonis (<code>VARONIS</code>)</li>
<li>Veeam (<code>VEEAM</code>)</li>
<li>VMware vCenter (<code>VMWARE_VCENTER</code>)</li>
<li>VMWare VSphere (<code>VMWARE_VSPHERE</code>)</li>
<li>Windows DNS (<code>WINDOWS_DNS</code>)</li>
<li>Windows Event (<code>WINEVTLOG</code>)</li>
<li>Windows Event (XML) (<code>WINEVTLOG_XML</code>)</li>
<li>Windows Sysmon (<code>WINDOWS_SYSMON</code>)</li>
<li>wiz.io (<code>WIZ_IO</code>)</li>
<li>Workday User Activity (<code>WORKDAY_USER_ACTIVITY</code>)</li>
<li>Zeek JSON (<code>BRO_JSON</code>)</li>
<li>Zscaler (<code>ZSCALER_WEBPROXY</code>)</li>
<li>ZScaler NGFW (<code>ZSCALER_FIREWALL</code>)</li>
</ul>
<p>The following log types were added without a default parser. Each parser is listed by product name and <code>log_type</code> value, where applicable.</p>
<ul>
<li>Cisco Secure Access Enrollment (<code>CISCO_SECURE_ACCESS_ENROLLMENT</code>)</li>
<li>Cisco Secure Access Network (<code>CISCO_SECURE_ACCESS_NETWORK</code>)</li>
<li>CyberArk Certificate Manager SaaS (<code>CYBERARK_CERTIFICATE_MANAGER_SAAS</code>)</li>
<li>Gemini Enterprise Agent Platform (<code>GEMINI_ENTERPRISE_AGENT_PLATFORM</code>)</li>
<li>Schneider Electric GeoScada OT (<code>GEOSCADA_OT</code>)</li>
<li>Model Context Protocol Dev (<code>MCPDEV</code>)</li>
<li>Model Context Protocol Modify (<code>MCPMODIFY</code>)</li>
<li>Model Context Protocol View (<code>MCPVIEW</code>)</li>
<li>NetApp Ransomware Resilience (<code>NETAPP_RANSOMWARE_RESILIENCE</code>)</li>
<li>Netskope Log Streaming (<code>NETSKOPE_LOG_STREAMING</code>)</li>
<li>Pylon Audit Logs (<code>PYLON_LOGS</code>)</li>
<li>Reco AI CSPM (<code>RECO_CSPM</code>)</li>
<li>Salt Security API Protection Platform (<code>SALT_SECURITY</code>)</li>
<li>SentinelOne Application (<code>SENTINELONE_APPLICATION</code>)</li>
<li>Wiz Vulnerabilities (<code>WIZ_VULNERABILITIES</code>)</li>
</ul>
<h2 class="release-note-product-title">Google SecOps SOAR</h2>
<h3>Announcement</h3>
<p>Release 6.3.91 is being rolled out to the first phase of regions as listed
<a href="https://docs.cloud.google.com/chronicle/docs/soar/overview-and-introduction/soar-gradual-release">here</a>.</p>
<p>This release contains internal and customer bug fixes.</p>
<h3>Announcement</h3>
<p><strong>Remote Agents Version 2.6.7</strong></p>
<p>Remote Agents Version 2.6.7 is now available. This release contains minor bug
fixes.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 27, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_27_2026</id>
    <updated>2026-06-27T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_27_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Google SecOps SOAR</h2>
<h3>Announcement</h3>
<p><a href="https://docs.cloud.google.com/chronicle/docs/soar/release-notes#June_21_2026">Release 6.3.90</a> is now
available for all regions.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 26, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_26_2026</id>
    <updated>2026-06-26T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_26_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Compute Engine</h2>
<h3>Feature</h3>
<p><strong>Generally available</strong>: You can cancel a future reservation request in calendar
mode to prevent Compute Engine from provisioning your requested resources and
incurring unnecessary charges. For more information, see
<a href="https://docs.cloud.google.com/compute/docs/instances/delete-future-reservations-calendar-mode">Delete a future reservation request in calendar mode</a>.</p>
<h3>Feature</h3>
<p><strong>Generally available</strong>: In a managed instance group (MIG), you can use a health
check to monitor your application health without triggering repairs for an
unhealthy VM, if the application fails the health check. You can prevent the MIG
from repairing an unhealthy VM by turning off autohealing. For more information,
see <a href="https://docs.cloud.google.com/compute/docs/instance-groups/turn-off-vm-repairs-in-mig">Turn off repairs in a MIG</a>.</p>
<h2 class="release-note-product-title">Confidential VM</h2>
<h3>Feature</h3>
<p>Support for Intel TDX on
<a href="https://docs.cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#machine-type-cpu-zone"><code>c3-standard-*-lssd</code> machine types</a>
is available in
<a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<h2 class="release-note-product-title">Gemini Enterprise</h2>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: Confluence Data Center federated data store</strong></p>
<p>The Confluence Data Center federated data store is generally available
(GA) in Gemini Enterprise.</p>
<p>For more information, see
<a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/confluence-dc">Confluence Data Center</a>.</p>
<h2 class="release-note-product-title">Gemini Enterprise Agent Platform</h2>
<h3>Feature</h3>
<p><strong>New Provisioned Throughput features</strong></p>
<p>The following Provisioned Throughput features are generally available:</p>
<ul>
<li><strong>Change an order</strong>: See <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/models/provisioned-throughput/purchase-provisioned-throughput#change-order">Change a standard Provisioned Throughput
order</a>.</li>
<li><strong>Schedule a new order</strong>: Set a start date and time when you create an
order. See <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/models/provisioned-throughput/purchase-provisioned-throughput#place-an-order">Place a standard Provisioned Throughput
order</a>.</li>
<li><strong>Schedule a change to an order</strong>: Set a start date and time when you
change an order. See <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/models/provisioned-throughput/purchase-provisioned-throughput#change-order">Change a standard Provisioned Throughput
order</a>.</li>
<li><strong>Split an order</strong>: Divide an active order into two orders. See <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/models/provisioned-throughput/purchase-provisioned-throughput#split-order">Split an
order</a>.</li></ul>
<h2 class="release-note-product-title">Google Kubernetes Engine</h2>
<h3>Change</h3>
<h4 id="2026-r24-version-updates">(2026-R24) Version updates</h4>
<p>There are no version updates for 2026-R24.</p>
<h3>Change</h3>
<h4 id="2026-r24-version-updates">(2026-R24) Version updates</h4>
<p>There are no version updates for 2026-R24.</p>
<h3>Change</h3>
<h4 id="2026-r24-version-updates">(2026-R24) Version updates</h4>
<p>There are no version updates for 2026-R24.</p>
<h3>Change</h3>
<h4 id="2026-r24-version-updates">(2026-R24) Version updates</h4>
<p>There are no version updates for 2026-R24.</p>
<h3>Change</h3>
<h4 id="2026-r24-version-updates">(2026-R24) Version updates</h4>
<p>There are no version updates for 2026-R24.</p>
<h3>Change</h3>
<h4 id="2026-r24-version-updates">(2026-R24) Version updates</h4>
<p>There are no version updates for 2026-R24.</p>
<h3>Change</h3>
<h4 id="2026-r25-version-updates">(2026-R25) Version updates</h4>
<p>GKE cluster versions have been updated.</p>
<p><strong>New versions available for upgrades and new clusters.</strong></p>
<p>The following versions are now available for new GKE clusters, and for
manual control plane upgrades and node upgrades for existing clusters. For more
information about versioning and upgrades, see <a href="https://cloud.google.com/kubernetes-engine/versioning">GKE versioning and
support</a> and <a href="https://cloud.google.com/kubernetes-engine/upgrades">About GKE
cluster upgrades</a>.</p>
<div>
<devsite-selector>
<section>
<h3>Rapid channel</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a> is now the default version for cluster creation in the Rapid channel.</li>
<li>The following versions are now available in the Rapid channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1208000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1284000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1324000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302001</a></li>
</ul></li>
<li>The following versions are no longer available in the Rapid channel:
<ul>
<li>1.33.12-gke.1116000</li>
<li>1.33.12-gke.1166000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Rapid channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.8-gke.1218000</li>
<li>1.35.5-gke.1163000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Rapid channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1241000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Rapid channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.36.0-gke.2684000</li>
<li>1.36.0-gke.3009002 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Rapid channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
</ul></li>
</ul>
</section>
<section>
<h3>Regular channel</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a> is now the default version for cluster creation in the Regular channel.</li>
<li>The following versions are now available in the Regular channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1218000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a></li>
</ul></li>
<li>The following versions are no longer available in the Regular channel:
<ul>
<li>1.33.12-gke.1000000</li>
<li>1.34.8-gke.1000000</li>
<li>1.35.5-gke.1000000</li>
<li>1.35.5-gke.1057000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Regular channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
</ul></li>
</ul></li>
</ul>
</section>
<section>
<h3>Stable channel</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1499000</a> is now the default version for cluster creation in the Stable channel.</li>
<li>The following versions are now available in the Stable channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1000000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000004</a></li>
</ul></li>
<li>The following versions are no longer available in the Stable channel:
<ul>
<li>1.33.11-gke.1074000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Stable channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.7-gke.1055000</li>
<li>1.35.3-gke.1389002 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Stable channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13311">1.33.11-gke.1197000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1499000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13311">1.33.11-gke.1197000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1499000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1353">1.35.3-gke.2190000</a></li>
</ul></li>
</ul></li>
</ul>
</section>
<section>
<h3>Extended channel</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a> is now the default version for cluster creation in the Extended channel.</li>
<li>The following versions are now available in the Extended channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2608000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2710000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.1986000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.2116000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1657000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1740000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1218000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a></li>
</ul></li>
<li>The following versions are no longer available in the Extended channel:
<ul>
<li>1.30.14-gke.2530000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.30.14-gke.2681000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.31.14-gke.1942000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.31.14-gke.2074000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.32.13-gke.1551000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.32.13-gke.1729000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.33.12-gke.1000000</li>
<li>1.34.8-gke.1000000</li>
<li>1.35.5-gke.1000000</li>
<li>1.35.5-gke.1057000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.29 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2558000</a></li>
<li>1.30 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.1967000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.30 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2558000</a></li>
<li>1.31 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.1967000</a></li>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1592000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
</ul></li>
</ul></li>
</ul>
</section>
<section>
<h3>No channel (deprecated)</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a> is now the default version for cluster creation.</li>
<li>The following versions are now available:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1208000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1284000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1324000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302001</a></li>
</ul></li>
<li>The following node versions are now available:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2710000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.2116000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1740000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1208000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1284000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1324000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302001</a></li>
</ul></li>
<li>The following versions are no longer available:
<ul>
<li>1.33.11-gke.1074000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.33.12-gke.1166000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.6-gke.1307000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.3-gke.1389002 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1057000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1163000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1241000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.36.0-gke.3009002 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1499000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1499000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
</ul></li>
</ul></li>
</ul>
</section>
</devsite-selector>
</div>
<h3>Security</h3>
<h4 id="2026-r25-security-updates">(2026-R25) Security updates</h4>
<p>This release includes new GKE versions that use updated
Container-Optimized OS images. These updated images are cumulative,
incorporating security fixes from all Container-Optimized OS
versions released since the previous GKE release.</p>
<p>To identify the specific vulnerabilities that were resolved in each updated
Container-Optimized OS image, see the <strong>Security</strong> release notes
for that image. The following table includes links to the release notes for
each updated Container-Optimized OS image:</p>
<p>
<table>
<tbody>
<tr>
<th>GKE version</th>
<th>Container-Optimized OS version</th>
<th>Details</th>
</tr>
<tr>
<td>1.30.14-gke.2608000</td>
<td>cos-117-18613-613-5</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m117#cos-117-18613-613-5_">cos-117-18613-613-5 release notes</a></td>
</tr>
<tr>
<td>1.30.14-gke.2710000</td>
<td>cos-117-18613-613-5</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m117#cos-117-18613-613-5_">cos-117-18613-613-5 release notes</a></td>
</tr>
<tr>
<td>1.31.14-gke.1986000</td>
<td>cos-117-18613-613-7</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m117#cos-117-18613-613-7_">cos-117-18613-613-7 release notes</a></td>
</tr>
<tr>
<td>1.31.14-gke.2116000</td>
<td>cos-117-18613-613-7</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m117#cos-117-18613-613-7_">cos-117-18613-613-7 release notes</a></td>
</tr>
<tr>
<td>1.32.13-gke.1657000</td>
<td>cos-117-18613-534-110</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m117#cos-117-18613-534-110_">cos-117-18613-534-110 release notes</a></td>
</tr>
<tr>
<td>1.32.13-gke.1740000</td>
<td>cos-117-18613-534-110</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m117#cos-117-18613-534-110_">cos-117-18613-534-110 release notes</a></td>
</tr>
<tr>
<td>1.33.12-gke.1165000</td>
<td>cos-121-18867-381-125</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m121#cos-121-18867-381-125_">cos-121-18867-381-125 release notes</a></td>
</tr>
<tr>
<td>1.33.12-gke.1208000</td>
<td>cos-121-18867-381-125</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m121#cos-121-18867-381-125_">cos-121-18867-381-125 release notes</a></td>
</tr>
<tr>
<td>1.34.8-gke.1284000</td>
<td>cos-125-19216-395-7</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m125#cos-125-19216-395-7_">cos-125-19216-395-7 release notes</a></td>
</tr>
<tr>
<td>1.35.5-gke.1057002</td>
<td>cos-125-19216-395-7</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m125#cos-125-19216-395-7_">cos-125-19216-395-7 release notes</a></td>
</tr>
<tr>
<td>1.35.5-gke.1163012</td>
<td>cos-125-19216-395-7</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m125#cos-125-19216-395-7_">cos-125-19216-395-7 release notes</a></td>
</tr>
<tr>
<td>1.35.5-gke.1241004</td>
<td>cos-125-19216-395-7</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m125#cos-125-19216-395-7_">cos-125-19216-395-7 release notes</a></td>
</tr>
<tr>
<td>1.35.5-gke.1324000</td>
<td>cos-125-19216-395-7</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m125#cos-125-19216-395-7_">cos-125-19216-395-7 release notes</a></td>
</tr>
<tr>
<td>1.36.0-gke.3302001</td>
<td>cos-129-19506-120-64</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m129#cos-129-19506-120-64_">cos-129-19506-120-64 release notes</a></td>
</tr>
</tbody>
</table>
</p>
<h3>Change</h3>
<h4 id="2026-r25-version-updates">(2026-R25) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1499000</a> is now the default version for cluster creation in the Stable channel.</li>
<li>The following versions are now available in the Stable channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1000000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000004</a></li>
</ul></li>
<li>The following versions are no longer available in the Stable channel:
<ul>
<li>1.33.11-gke.1074000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Stable channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.7-gke.1055000</li>
<li>1.35.3-gke.1389002 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Stable channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13311">1.33.11-gke.1197000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1499000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13311">1.33.11-gke.1197000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1499000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1353">1.35.3-gke.2190000</a></li>
</ul></li>
</ul></li>
</ul>
<h3>Change</h3>
<h4 id="2026-r25-version-updates">(2026-R25) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a> is now the default version for cluster creation in the Regular channel.</li>
<li>The following versions are now available in the Regular channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1218000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a></li>
</ul></li>
<li>The following versions are no longer available in the Regular channel:
<ul>
<li>1.33.12-gke.1000000</li>
<li>1.34.8-gke.1000000</li>
<li>1.35.5-gke.1000000</li>
<li>1.35.5-gke.1057000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Regular channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
</ul></li>
</ul></li>
</ul>
<h3>Change</h3>
<h4 id="2026-r25-version-updates">(2026-R25) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a> is now the default version for cluster creation in the Rapid channel.</li>
<li>The following versions are now available in the Rapid channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1208000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1284000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1324000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302001</a></li>
</ul></li>
<li>The following versions are no longer available in the Rapid channel:
<ul>
<li>1.33.12-gke.1116000</li>
<li>1.33.12-gke.1166000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Rapid channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.8-gke.1218000</li>
<li>1.35.5-gke.1163000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Rapid channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1241000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Rapid channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.36.0-gke.2684000</li>
<li>1.36.0-gke.3009002 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Rapid channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
</ul></li>
</ul>
<h3>Change</h3>
<h4 id="2026-r25-version-updates">(2026-R25) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a> is now the default version for cluster creation.</li>
<li>The following versions are now available:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1208000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1284000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1324000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302001</a></li>
</ul></li>
<li>The following node versions are now available:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2710000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.2116000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1740000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1165000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1208000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1284000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241004</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1324000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3302001</a></li>
</ul></li>
<li>The following versions are no longer available:
<ul>
<li>1.33.11-gke.1074000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.33.12-gke.1166000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.34.6-gke.1307000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.3-gke.1389002 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1057000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1163000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.35.5-gke.1241000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.36.0-gke.3009002 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a>. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1499000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1499000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
</ul></li>
</ul></li>
</ul>
<h3>Change</h3>
<h4 id="2026-r25-version-updates">(2026-R25) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a> is now the default version for cluster creation in the Extended channel.</li>
<li>The following versions are now available in the Extended channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2608000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2710000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.1986000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.2116000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1657000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1740000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1218000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163012</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a></li>
</ul></li>
<li>The following versions are no longer available in the Extended channel:
<ul>
<li>1.30.14-gke.2530000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.30.14-gke.2681000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.31.14-gke.1942000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.31.14-gke.2074000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.32.13-gke.1551000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.32.13-gke.1729000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.33.12-gke.1000000</li>
<li>1.34.8-gke.1000000</li>
<li>1.35.5-gke.1000000</li>
<li>1.35.5-gke.1057000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.29 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2558000</a></li>
<li>1.30 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.1967000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.30 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2558000</a></li>
<li>1.31 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.1967000</a></li>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1592000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057002</a></li>
</ul></li>
</ul></li>
</ul>
<h2 class="release-note-product-title">Google SecOps</h2>
<h3>Announcement</h3>
<p><strong>Improved documentation portal navigation</strong></p>
<p>Finding help is now easier! We've updated the navigation of our documentation portal to be primarily user-centric. Sections have been reorganized and renamed to align with your workflows, providing a logical path through the documentation.</p>
<p>We've also added:</p>
<ul>
<li>A <a href="https://docs.cloud.google.com/chronicle/docs/secops/release-notes"><strong>Support</strong> tab</a> for technical support, changelogs, and release notes</li>
<li>A <a href="https://docs.cloud.google.com/chronicle/docs/use-cases"><strong>Use cases</strong> tab</a> for persona-driven CUJs and workflows</li>
</ul>
<aside class="note"><strong>Note:</strong><span> Content-level modifications are not included in this update and are scheduled for subsequent phases.</span></aside>
<h2 class="release-note-product-title">Google SecOps SIEM</h2>
<h3>Announcement</h3>
<p><strong>Improved documentation portal navigation</strong></p>
<p>Finding help is now easier! We've updated the navigation of our documentation portal to be primarily user-centric. Sections have been reorganized and renamed to align with your workflows, providing a logical path through the documentation.</p>
<p>We've also added:</p>
<ul>
<li>A <a href="https://docs.cloud.google.com/chronicle/docs/secops/release-notes"><strong>Support</strong> tab</a> for technical support, changelogs, and release notes</li>
<li>A <a href="https://docs.cloud.google.com/chronicle/docs/use-cases"><strong>Use cases</strong> tab</a> for persona-driven CUJs and workflows</li>
</ul>
<aside class="note"><strong>Note:</strong><span> Content-level modifications are not included in this update and are scheduled for subsequent phases.</span></aside>
<h2 class="release-note-product-title">Google SecOps SOAR</h2>
<h3>Announcement</h3>
<p><strong>Improved documentation portal navigation</strong></p>
<p>Finding help is now easier! We've updated the navigation of our documentation portal to be primarily user-centric. Sections have been reorganized and renamed to align with your workflows, providing a logical path through the documentation.</p>
<p>We've also added:</p>
<ul>
<li>A <a href="https://docs.cloud.google.com/chronicle/docs/secops/release-notes"><strong>Support</strong> tab</a> for technical support, changelogs, and release notes</li>
<li>A <a href="https://docs.cloud.google.com/chronicle/docs/use-cases"><strong>Use cases</strong> tab</a> for persona-driven CUJs and workflows</li>
</ul>
<aside class="note"><strong>Note:</strong><span> Content-level modifications are not included in this update and are scheduled for subsequent phases.</span></aside>
<h2 class="release-note-product-title">Managed Service for Apache Airflow</h2>
<h3>Change</h3>
<p>The <code>apache-airflow-providers-google</code> package was upgraded to version 22.1.0.
For more information about changes, see the
<a href="https://airflow.apache.org/docs/apache-airflow-providers-google/stable/changelog.html">apache-airflow-providers-google changelog</a>.</p>
<h3>Change</h3>
<p>New <a href="https://docs.cloud.google.com/composer/docs/composer-versions#images-composer-3">Airflow builds</a>
are available in Managed Airflow (Gen 3):</p>
<ul>
<li><a href="https://docs.cloud.google.com/composer/docs/versions-packages#composer-3-airflow-3-1-7-build-11">composer-3-airflow-3.1.7-build.11</a></li>
<li><a href="https://docs.cloud.google.com/composer/docs/versions-packages#composer-3-airflow-2-11-1-build-7">composer-3-airflow-2.11.1-build.7</a> (default)</li>
<li><a href="https://docs.cloud.google.com/composer/docs/versions-packages#composer-3-airflow-2-10-5-build-40">composer-3-airflow-2.10.5-build.40</a></li>
</ul>
<h3>Change</h3>
<p>New <a href="https://docs.cloud.google.com/composer/docs/composer-versions#images-composer-2">images</a>
are available in Managed Airflow (Gen 2):</p>
<ul>
<li><a href="https://docs.cloud.google.com/composer/docs/versions-packages#composer-2-17-4-airflow-2-11-1">composer-2.17.4-airflow-2.11.1</a> (default)</li>
<li><a href="https://docs.cloud.google.com/composer/docs/versions-packages#composer-2-17-4-airflow-2-10-5">composer-2.17.4-airflow-2.10.5</a></li>
</ul>
<h3>Deprecated</h3>
<p>The following Managed Airflow versions and builds have reached their
<a href="https://docs.cloud.google.com/composer/docs/composer-versioning-overview#version-deprecation-and-support">end of support period</a>:
composer-3-airflow-2.9.3-build.25, composer-3-airflow-2.9.3-build.26,
composer-3-airflow-2.9.3-build.27, composer-2.13.3-airflow-2.9.3,
composer-2.13.4-airflow-2.9.3, composer-2.13.5-airflow-2.9.3,
composer-2.13.3-airflow-2.10.5, composer-2.13.4-airflow-2.10.5,
composer-2.13.5-airflow-2.10.5.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 25, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_25_2026</id>
    <updated>2026-06-25T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_25_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Anthos Config Management</h2>
<h3>Change</h3>
<p>Addressed multiple Common Vulnerabilities and Exposures (CVEs) by updating dependencies.</p>
<h3>Change</h3>
<p>Upgraded the Open Telemetry image from 0.150.0 to 0.152.0 to pick up vulnerability fixes. To understand the changes in each release, review the full changelog for <a href="https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/CHANGELOG.md">opentelemetry-collector-contrib</a>.</p>
<h2 class="release-note-product-title">Application Integration</h2>
<h3>Security</h3>
<p><strong>Security bulletins page</strong></p>
<p>See the new security bulletins page for Application Integration. Use it to stay informed about related security updates, vulnerabilities, and remediations. For more information, see <a href="https://docs.cloud.google.com/application-integration/docs/security-bulletins">Security bulletins</a>.</p>
<h2 class="release-note-product-title">Assured Open Source Software</h2>
<h3>Change</h3>
<p>The Assured Open Source Software free tier includes an updated list of curated
binaries for the Go, Java, and Python languages.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/assured-open-source-software/docs/supported-packages">List of supported Java and Python packages for the
Assured OSS free
tier</a> and <a href="https://docs.cloud.google.com/assured-open-source-software/docs/supported-packages-go">List of supported
Go packages for the Assured OSS free
tier</a>.</p>
<h2 class="release-note-product-title">BigQuery</h2>
<h3>Change</h3>
<p>An updated version of the
<a href="https://docs.cloud.google.com/bigquery/docs/reference/odbc-jdbc-drivers#current_odbc_driver">Simba ODBC driver for BigQuery</a>
is now available.</p>
<h3>Feature</h3>
<p>You can now use the <a href="https://docs.cloud.google.com/bigquery/docs/reference/standard-sql/search_functions#vector_search"><code>VECTOR_SEARCH</code> function</a>
to combine a semantic search with a lexical (keyword) search. This is known as a
hybrid search. For tables with autonomous embedding generation enabled, you can
use <code>HYBRID</code> mode in the <a href="https://docs.cloud.google.com/bigquery/docs/reference/standard-sql/bigqueryml-syntax-ai-search"><code>AI.SEARCH</code></a>
function to simplify your search syntax.</p>
<p>You can also extend a
<a href="https://docs.cloud.google.com/bigquery/docs/reference/standard-sql/data-definition-language#create_vector_index_statement">vector index</a>
to include keyword information to improve the speed of the lexical search
portion of a hybrid search.</p>
<p>This feature is in <a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<h2 class="release-note-product-title">Cloud Monitoring</h2>
<h3>Feature</h3>
<p>Support for applying role-based access controls (RBAC) to
Cloud Monitoring dashboards and alerting policies using Tags is
<a href="https://docs.cloud.google.com/products#product-launch-stages">generally available</a>.</p>
<p>You can use Tags to protect Terraform-managed
Cloud Monitoring resources and configure team-scoped access. For more
information, see
<a href="https://docs.cloud.google.com/monitoring/docs/access-control-with-tags">Use Tags to control access to resources</a>.</p>
<h2 class="release-note-product-title">Cloud SQL for MySQL</h2>
<h3>Feature</h3>
<p>You can now assess the upgrade readiness of your Cloud SQL for MySQL
instances before a major version upgrade by running a precheck.
This precheck analyzes your instance for version incompatibilities and
lists any issues that need to be fixed prior to your upgrade.
For more information, see
<a href="https://docs.cloud.google.com/sql/docs/mysql/upgrade-major-db-version-inplace#precheck">Assess upgrade readiness for your instance</a>.</p>
<p>This feature is in <a href="https://cloud.google.com/products/#product-launch-stages">Preview</a>.</p>
<h2 class="release-note-product-title">Cluster Toolkit</h2>
<h3>Feature</h3>
<p>Cluster Toolkit v1.95.0 is available. This release introduces Slurm
high availability controller support using managed instance groups (MIGs). This
version also implements Google Kubernetes Engine node auto-provisioning (NAP) and unified
compute consumption options for the <code>gcluster job submit</code> command. For details,
see the <a href="https://github.com/GoogleCloudPlatform/cluster-toolkit/discussions/5852">Release announcement on
GitHub</a>.</p>
<h2 class="release-note-product-title">Cortex Framework</h2>
<h3>Announcement</h3>
<h3 id="release_7_0_0_p2_1">Release 7.0.0-preview.2.1 (Public Preview)</h3>
<h3>Fixed</h3>
<ul>
<li><strong>Configuration</strong>: Fix for <code>tableSettings</code> path resolution issue.</li>
</ul>
<h2 class="release-note-product-title">Gemini Enterprise</h2>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: Governance for agents and MCP servers</strong></p>
<p>You can access Agent Registry from within Gemini Enterprise. Agent Registry
provides a catalog of agents and custom Model Context Protocol (MCP) servers.
From the catalog, you can select A2A agents or MCP servers to add to your Gemini
Enterprise apps.</p>
<p>Furthermore, through egress policies managed by Agent Gateway, you can set
allow and deny permissions on traffic going to these agents or these MCP
servers.</p>
<p>This feature is generally available (GA). For more information, see:</p>
<ul>
<li><p><a href="https://docs.cloud.google.com/gemini/enterprise/docs/import-govern-agent-registry">Import agents from Agent Registry</a> and</p></li>
<li><p><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/custom-mcp-server/import-govern-mcp-server-agent-registry">Import custom MCP servers from Agent
Registry</a>.</p></li>
</ul>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: New data store and support for new actions (Public Preview)</strong></p>
<p>The Lovable data store is available in Public Preview in Gemini Enterprise. End
users can search and read projects, and use natural language commands to perform
actions, including adding connectors, remixing projects, and setting project
knowledge and visibility. For more information, see
<a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/lovable">Connect Lovable</a>.</p>
<p>Additionally, support for new actions is available in Public Preview for the
following data stores:</p>
<ul>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/airtable">Airtable</a>: Create bases, fields, tables, and
record comments; update tables.</li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/freshservice">Freshservice</a>: Create tickets; place
service catalog item requests.</li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/googlestitch">Google Stitch</a>: Create and apply design
systems.</li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/zohodesk">Zoho Desk</a>: Create and update calls; send
replies; update tasks.</li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/zohoprojects">Zoho Projects</a>: Create projects and
tasks; update task lists.</li>
</ul>
<p>For more information, see
<a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/connect-third-party-data-source">Connect a third-party data source</a>.</p>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: View agent identity</strong></p>
<p>This feature is generally available (GA).
As a Gemini Enterprise administrator, you can view an agent's identity on the
Agent details page. This is typically the agent's SPIFFE ID.</p>
<p>If the SPIFFE ID is not published, the Agent Registry resource ID is displayed
as a fallback. For more information, see <a href="https://docs.cloud.google.com/gemini/enterprise/docs/agents-overview#agent-identity">Agent
identity</a>.</p>
<h2 class="release-note-product-title">Gemini Enterprise Agent Platform</h2>
<h3>Announcement</h3>
<p><strong>Administrative correction to Gemini Online Inference API on Gemini Enterprise Agent Platform SLA</strong></p>
<p>We made an administrative correction to the Gemini Online Inference API on
Gemini Enterprise Agent Platform <a href="https://cloud.google.com/vertex-ai/generative-ai/sla?e=48754805">Service Level Agreement (SLA)</a>,
addressing a clerical issue.</p>
<h2 class="release-note-product-title">Google Cloud Contact Center as a Service</h2>
<h3>Announcement</h3>
<p><strong>Web SDK version 2 will be shut down on June 26, 2026</strong></p>
<p>On June 26, 2025, we announced the launch of <a href="https://docs.cloud.google.com/contact-center/ccai-platform/docs/release-notes#June_26_2025">Web SDK version
3</a>. Starting on
<strong>June 26, 2026</strong>, the web SDK v2 will no longer be supported. Be sure to
<a href="https://docs.cloud.google.com/contact-center/ccai-platform/docs/web-sdk-v3-upgrade">update your website</a> to
use the web SDK v3 to avoid disrupting your integration with the web SDK. We are
no longer adding new features to the web SDK v2.</p>
<h2 class="release-note-product-title">Google SecOps Marketplace</h2>
<h3>Feature</h3>
<p><strong>Palo Alto Cortex XDR</strong>: Version 30.0</p>
<ul>
<li><p>The following new action has been added:</p>
<ul>
<li><strong>Download File</strong></li>
</ul></li>
</ul>
<h3>Feature</h3>
<p><strong>CyberArk PAM</strong>: Version 11.0</p>
<ul>
<li><p>The following new action has been added:</p>
<ul>
<li><strong>Change Account Password</strong></li>
</ul></li>
</ul>
<h3>Change</h3>
<p><strong>Siemplify</strong>: Version 110.0</p>
<ul>
<li><p>Updated results processing logic to cleanly escape backslashes in the 
following action:</p>
<ul>
<li><strong>Create Gemini Case Summary</strong></li>
</ul></li>
</ul>
<h3>Change</h3>
<p><strong>Secret Manager</strong>: Version 2.0</p>
<ul>
<li><p>Updated action description in the following action:</p>
<ul>
<li><strong>Ping</strong></li>
</ul></li>
</ul>
<h3>Change</h3>
<p><strong>CrowdStrike Falcon</strong>: Version 77.0</p>
<ul>
<li><p>Updated syncing logic to support multiple CrowdStrike alert IDs mapped to a 
single SecOps alert and improved error handling for alert ID context values in 
the following connector:</p>
<ul>
<li><strong>Sync Alerts</strong></li>
</ul></li>
</ul>
<h3>Change</h3>
<p><strong>Azure Active Directory</strong>: Version 29.0</p>
<ul>
<li><p>Updated error handling for sign-in activity retrieval in the following action:</p>
<ul>
<li><strong>Enrich User</strong></li>
</ul></li>
</ul>
<h3>Change</h3>
<p><strong>Google Cloud Compute</strong>: Version 19.0</p>
<ul>
<li><p>Refactored action code in the following actions:</p>
<ul>
<li><p><strong>Add IP To Firewall Rule</strong></p></li>
<li><p><strong>Remove external IP addresses</strong></p></li>
<li><p><strong>Execute VM Patch Job</strong></p></li>
<li><p><strong>Update Firewall Rule</strong></p></li>
</ul></li>
</ul>
<h3>Change</h3>
<p><strong>VirusTotalV3</strong>: Version 41.0</p>
<ul>
<li><p>Updated Predefined Widgets to fix cached fallback rendering in the following 
actions:</p>
<ul>
<li><p><strong>Enrich Hash</strong></p></li>
<li><p><strong>Enrich IOC</strong></p></li>
<li><p><strong>Enrich IP</strong></p></li>
<li><p><strong>Enrich URL</strong></p></li>
<li><p><strong>Get Domain Details</strong></p></li>
</ul></li>
</ul>
<h3>Change</h3>
<p><strong>Google Threat Intelligence</strong>: Version 16.0</p>
<ul>
<li><p>Updated Predefined Widgets to optimize loading performance and aligned layouts 
to prevent visual shifts in the following actions:</p>
<ul>
<li><p><strong>Enrich Entities</strong></p></li>
<li><p><strong>Enrich IOCs</strong></p></li>
</ul></li>
</ul>
<h3>Change</h3>
<p><strong>EmailV2</strong>: Version 42.0</p>
<ul>
<li><p>Updated default values for IMAP server address, port, username, and password 
for the following connector:</p>
<ul>
<li><strong>Generic IMAP Email Connector</strong></li>
</ul></li>
</ul>
<h3>Change</h3>
<p><strong>FireEye Helix</strong>: Version 20.0</p>
<ul>
<li>Added Trellix IAM OAuth authentication support.</li>
</ul>
<h3>Change</h3>
<p><strong>FireEye ETP</strong>: Version 9.0</p>
<ul>
<li>Added Trellix OAuth support, updated public API endpoints to v2, and removed 
legacy V1 API support.</li>
</ul>
<h2 class="release-note-product-title">Oracle Database@Google Cloud</h2>
<h3>Feature</h3>
<p>You can view the details of your GoldenGate deployments, connections, and related assignments through Google Cloud console. For more information, see <a href="https://docs.cloud.google.com/oracle/database/docs/manage-deployments">Manage deployments</a>, <a href="https://docs.cloud.google.com/oracle/database/docs/manage-connections">Manage connections</a>, and <a href="https://docs.cloud.google.com/oracle/database/docs/manage-assignments">Manage assignments</a>.</p>
<p>This feature is <a href="https://cloud.google.com/products#product-launch-stages">Generally Available (GA)</a>.</p>
<h2 class="release-note-product-title">Security Command Center</h2>
<h3>Change</h3>
<p>The Assured Open Source Software premium tier includes an updated list of curated
binaries for the Go, Java, and Python languages.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/security-command-center/docs/aoss-supported-packages-premium">List of supported Java and Python packages for the
Assured OSS premium
tier</a> and <a href="https://docs.cloud.google.com/security-command-center/docs/aoss-supported-packages-go-premium">List of supported
Go packages for the Assured OSS premium
tier</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 24, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_24_2026</id>
    <updated>2026-06-24T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_24_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Announcement</h3>
<p><strong>Apigee Emulator</strong></p>
<h3 id="apigee_emulator_v201">Apigee Emulator v2.0.1</h3>
<p>On June 24, 2026, we released Apigee Emulator version 2.0.1.</p>
<p>This is a security-only hotfix release on top of v2.0.0 that addresses
10 security vulnerabilities in the Netty networking library and the embedded
Cassandra Go standard library health-check binary. There are no functional,
API, or configuration changes -- v2.0.1 is a drop-in replacement for v2.0.0.</p>
<p>The emulator image is available at
<a href="https://console.cloud.google.com/artifacts/docker/apigee-release/us/gcr.io/hybrid%2Fapigee-emulator">Google Artifact Registry</a>.</p>
<p>To upgrade, update the emulator version in your VS Code Cloud Code settings
to <code>2.0.1</code>. See
<a href="https://docs.cloud.google.com/apigee/docs/api-platform/local-development/vscode/manage-apigee-emulator#choose_the_emulator_version">Manage the Apigee Emulator</a>
for details.</p>
<h3>Feature</h3>
<p><strong>Apigee Emulator</strong></p>
<h4 id="changed_in_this_release">Changed in this release</h4>
<ul>
<li>Upgraded Netty to <code>4.1.135.Final</code> (from <code>4.1.133.Final</code>) and pinned all
transitive <code>netty-*</code> artifacts via <code>netty-bom</code>.</li>
<li>Refreshed the Cassandra base image to pick up Go standard library <code>1.25.11</code>
(from <code>1.25.10</code>) in the embedded health-check binary.</li>
<li>Updated <code>netty-tcnative-boringssl-static</code> classifier variants from
<code>2.0.53.Final</code> to <code>2.0.77.Final</code>.</li>
</ul>
<h3>Security</h3>
<p><strong>Apigee Emulator</strong></p>
<h4 id="security">Security</h4>
<p>This release addresses 10 security vulnerabilities in the Netty networking
library and the embedded Go standard library. All Netty fixes come from
upgrading to <code>4.1.135.Final</code>; all Go standard library fixes come from a
Cassandra base image rebuild against Go <code>1.25.11</code>.</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Component</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-50010">CVE-2026-50010</a></td>
<td>Netty (<code>netty-handler</code>)</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-50020">CVE-2026-50020</a></td>
<td>Netty (<code>netty-codec-http</code>)</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-50560">CVE-2026-50560</a></td>
<td>Netty (<code>netty-codec-http2</code>)</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-48043">CVE-2026-48043</a></td>
<td>Netty (<code>netty-codec-http2</code>)</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-44249">CVE-2026-44249</a></td>
<td>Netty (<code>netty-handler</code>)</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-45416">CVE-2026-45416</a></td>
<td>Netty (<code>netty-handler</code>)</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-47244">CVE-2026-47244</a></td>
<td>Netty (<code>netty-codec-http2</code>)</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27145">CVE-2026-27145</a></td>
<td>Go standard library</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-42504">CVE-2026-42504</a></td>
<td>Go standard library</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-42507">CVE-2026-42507</a></td>
<td>Go standard library</td>
</tr>
</tbody>
</table>
<h2 class="release-note-product-title">Bigtable</h2>
<h3>Feature</h3>
<p>You can create <a href="https://docs.cloud.google.com/bigtable/docs/backups#hot-backups">hot backups</a>
and modify all backups in Bigtable Studio. For more information, see
<a href="https://docs.cloud.google.com/bigtable/docs/managing-backups">Manage backups</a>.</p>
<h2 class="release-note-product-title">Cloud Build</h2>
<h3>Security</h3>
<p>For GitLab Enterprise and Bitbucket Data Center connections, Cloud Build now
checks permissions on the calling principal.</p>
<p>When you create or update repository connections, Cloud Build uses Secret Manager
secrets to authenticate to third-party Git providers. Previously, these
referenced secrets were retrieved by the Cloud Build service agent (P4SA) on your
behalf, checking permissions only against the P4SA's credentials rather than
those of the calling principal. To adhere to the security principle of least
privilege, Cloud Build now checks permissions on both the calling principal
(using end-user credentials) and the P4SA, to ensure both have the
<code>secretmanager.versions.access</code> IAM permission on the referenced
secrets.</p>
<p>This check only affects GitLab Enterprise (GLE) and Bitbucket Data Center (BBDC)
connections.</p>
<p>For instructions and more details, see the
<a href="https://cloud.google.com/build/docs/security-bulletins#gcp-2026-042">Cloud Build security bulletin</a>.</p>
<h2 class="release-note-product-title">Cloud SQL for MySQL</h2>
<h3>Change</h3>
<p>Cloud SQL now supports Private Service Connect outbound connectivity on the
following additional types of instances:</p>
<ul>
<li><p>Read replica instances.</p></li>
<li><p>Instances that use advanced disaster recovery features such as switchover and
failover operations.</p></li>
</ul>
<p>For more information about Private Service Connect outbound connectivity see
<a href="https://docs.cloud.google.com/sql/docs/mysql/about-private-service-connect#psc-outbound">About Private Service Connect</a>.</p>
<h2 class="release-note-product-title">Cloud SQL for PostgreSQL</h2>
<h3>Change</h3>
<p>Cloud SQL now supports Private Service Connect outbound connectivity on the
following additional types of instances:</p>
<ul>
<li><p>Read replica instances.</p></li>
<li><p>Instances that use advanced disaster recovery features such as switchover and
failover operations.</p></li>
</ul>
<p>For more information about Private Service Connect outbound connectivity see
<a href="https://docs.cloud.google.com/sql/docs/postgres/about-private-service-connect#psc-outbound">About Private Service Connect</a>.</p>
<h2 class="release-note-product-title">Cloud SQL for SQL Server</h2>
<h3>Change</h3>
<p>Cloud SQL now supports Private Service Connect outbound connectivity on the
following additional types of instances:</p>
<ul>
<li><p>Read replica instances.</p></li>
<li><p>Instances that use advanced disaster recovery features such as switchover and
failover operations.</p></li>
<li><p>Primary instances that have replicas.</p></li>
</ul>
<p>For more information about Private Service Connect outbound connectivity see
<a href="https://docs.cloud.google.com/sql/docs/sqlserver/about-private-service-connect#psc-outbound">About Private Service Connect</a>.</p>
<h2 class="release-note-product-title">Confidential Space</h2>
<h3>Announcement</h3>
<p>Confidential Space image 260600 is available. This image provides support
for graceful shutdown of container workloads on power button events.</p>
<h2 class="release-note-product-title">Cortex Framework</h2>
<h3>Announcement</h3>
<h3 id="release_7_0_0_p2">Release 7.0.0-preview.2 (Public Preview)</h3>
<h3>Feature</h3>
<ul>
<li><strong><a href="https://docs.cloud.google.com/cortex/docs/data-product">Data products for SAP ERP</a></strong>: Additional data product accelerators including: accounting documents, accounts payable, accounts receivable, addresses, agency business settlement documents, billing documents, business partners, condition contracts, controlling areas and cost elements, cost and profit centers, currency conversion, financial statement structure &amp; versions, fiscal year variants, fixed assets, general ledger accounts, global settings, plants and storage, project structure, units of measurement, universal journal, and vendor invoices.</li>
<li><strong><a href="https://docs.cloud.google.com/cortex/docs/extensibility-guide">Extensibility guide</a></strong>: Documentation explaining how to customize and extend Cortex Framework, organized by three steps: <a href="https://docs.cloud.google.com/cortex/docs/extensibility-guide-namespaces">Custom namespace setup</a>, <a href="https://docs.cloud.google.com/cortex/docs/extensibility-guide-data-foundation">Data foundation module creation</a>, and <a href="https://docs.cloud.google.com/cortex/docs/extensibility-guide-data-product">Data product module creation</a>.</li>
</ul>
<h2 class="release-note-product-title">Gemini Enterprise</h2>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: Observability for agents (GA)</strong></p>
<p>Observability for Gemini Enterprise is now generally available (GA). This
includes:</p>
<ul>
<li>Configuring observability settings at the app level and for individual
agents.</li>
<li>Viewing metric dashboards in Metrics Explorer and on the agent's
<strong>Metrics</strong> tab.</li>
<li>Viewing trace spans in Trace Explorer and on the agent's <strong>Traces</strong> tab.</li>
</ul>
<p>For more information, see:</p>
<ul>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/manage-observability-settings">Manage observability settings</a></li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/access-metrics">Access metrics</a></li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/access-traces-and-spans">Access traces and spans</a></li>
</ul>
<h2 class="release-note-product-title">Gemini Enterprise Agent Platform</h2>
<h3>Feature</h3>
<p><strong>AI security findings in Agent Platform</strong></p>
<p>Viewing AI security findings and posture management summaries in Gemini
Enterprise Agent Platform is <a href="https://cloud.google.com/products#product-launch-stages">generally
available</a>.</p>
<p>With this release, the <strong>Security</strong> dashboard introduces the <strong>Top security
findings</strong> widget.</p>
<p>Also, specific features within the AI security widgets are
available in <a href="https://cloud.google.com/products#product-launch-stages">Preview</a>,
including the following:</p>
<ul>
<li>Vulnerability findings and threat monitoring for agent runtimes (such as
Cloud Run)</li>
<li>Historical content violation trends (<strong>Violations over time</strong>)</li>
</ul>
<p>For more information, see <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/govern/view-security-findings">View security
findings</a>.</p>
<h3>Feature</h3>
<p><strong>Model Armor for Agent Gateway in General Availability</strong></p>
<p>You can enable Model Armor on an Agent Gateway resource to apply your
organization's content security guardrails to prompts and responses that pass
through the gateway. This feature is generally available
(<a href="https://cloud.google.com/products#product-launch-stages">GA</a>).</p>
<p>For more information, see <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/govern/configure-model-armor">Configure Model Armor on a
gateway</a>.</p>
<h2 class="release-note-product-title">Google Cloud VMware Engine</h2>
<h3>Announcement</h3>
<p><strong>HCX upgrade to 4.11.4:</strong> The VMware Engine operations team is initiating updates of the HCX Manager Appliance to version 4.11.4. This upgrade resolves an issue with MON-enabled segments. You are responsible for upgrading the HCX On-Prem/Connectors and Service Mesh Appliances. For more details, see the <a href="https://docs.cloud.google.com/vmware-engine/docs/service-announcements#2026-06-24">Latest service announcements</a>.</p>
<h2 class="release-note-product-title">Google Distributed Cloud (software only) for bare metal</h2>
<h3>Announcement</h3>
<p>Google Distributed Cloud (software only) for bare metal 1.34.600-gke.53 is available. To upgrade, see <a href="how-to/upgrade">Upgrade clusters</a>. Runs on Kubernetes v1.34.7-gke.200.</p>
<p>After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.</p>
<p>If you use a third-party storage vendor, check the Google Distributed Cloud-ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.</p>
<h3>Fixed</h3>
<p>The following issues were fixed in 1.34.600-gke.53:</p>
<ul>
<li>Link to <a href="https://docs.cloud.google.com/kubernetes-engine/distributed-cloud/bare-metal/docs/vulnerabilities">Vulnerability fixes</a> for the list of security vulnerabilities addressed in this release.</li>
<li>Fixed an issue where Certificate Authority (CA) rotation failed for
self-managing clusters (admin, hybrid, and standalone). The failure occurs
during the final phase of the rotation when attempting to move management
resources back from the temporary bootstrap cluster to the self-managing
cluster, which can leave the cluster in an unmanageable state. You must
upgrade your clusters to version 1.34.600-gke.53 before you rotate your CAs.
Running a CA rotation on self-managing clusters in versions prior to
1.34.600-gke.53 triggers this issue and can disrupt your ability to manage
the cluster.
</li>
<li>Fixed an issue where a transient or partial failure during node pool updates
could cause node taints or labels to become permanently stuck (stranded) on
worker nodes, even after you removed them from the NodePool custom resource
specification.
</li>
</ul>
<h2 class="release-note-product-title">Identity-Aware Proxy</h2>
<h3>Feature</h3>
<p>Identity-Aware Proxy (IAP) supports securing agent-to-anywhere egress for Agent Gateway. The feature generally available <a href="https://cloud.google.com/products#product-launch-stages">GA</a>. To learn more about IAP support for Agent Gateway, see <a href="https://docs.cloud.google.com/iap/docs/agent-overview">IAP for agents overview</a>.</p>
<h2 class="release-note-product-title">VPC Service Controls</h2>
<h3>Feature</h3>
<p><a href="https://cloud.google.com/products#product-launch-stages">General availability</a> support for the following integration:</p>
<ul>
<li><a href="https://docs.cloud.google.com/vpc-service-controls/docs/supported-products#table_conversational_analytics">Conversational Analytics API</a></li>
</ul>
<h2 class="release-note-product-title">Virtual Private Cloud</h2>
<h3>Feature</h3>
<p><strong>General Availability</strong>: You can cancel pending deletion requests for VPC
Network Peering connections that are in consensus mode.
For more information, see
<a href="https://docs.cloud.google.com/vpc/docs/using-vpc-peering#cancel-delete">Cancel a deletion request</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 23, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_23_2026</id>
    <updated>2026-06-23T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_23_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">AI Hypercomputer</h2>
<h3>Feature</h3>
<p><strong>Preview</strong>: You can use Gemini in the Google Cloud console as
an AI-powered interface to evaluate hardware options, estimate deployment costs,
and view recommended configurations for your clusters. Prompting
Gemini helps you reach an optimal configuration for your cluster
before you create or modify the cluster. For more information, see
<a href="https://docs.cloud.google.com/ai-hypercomputer/docs/design-with-gemini">Design and optimize your cluster with Gemini</a>.</p>
<h2 class="release-note-product-title">Backup and DR</h2>
<h3>Feature</h3>
<p>You can now configure application-consistent backups for Compute Engine
instances directly through the Google Cloud Console. This enhancement
allows you to enable Guest Flush or VSS options within Backup Plans,
ensuring data integrity for applications running on Linux or Windows
VMs during the backup process. The <a href="https://docs.cloud.google.com/backup-disaster-recovery/docs/cloud-console/compute/compute-instance-backup">Back up Compute Engine instances</a> documentation has been updated with instructions on how to create and modify
backup plans to use this feature. </p>
<h3>Feature</h3>
<p>Announcing the general availability (GA) of cross-region backups for
Backup and DR Service. Customers can now protect Compute Engine instances,
Compute Engine disks, and Filestore instances against regional
outages by storing backups in a distinct secondary region of their choice.
This functionality enhances disaster recovery capabilities, provides a
cost-effective way to ensure regional resilience, and helps maintain
strict control over data residency. To learn more, see
<a href="https://docs.cloud.google.com/backup-disaster-recovery/docs/concepts/backup-vault#regions">Backup vaults for immutable and indelible backups</a>.</p>
<h2 class="release-note-product-title">BigQuery</h2>
<h3>Feature</h3>
<p>You can now configure your BigQuery pipelines to automatically trigger
executions based on updates to specific BigQuery tables. For more information,
see <a href="https://docs.cloud.google.com/bigquery/docs/schedule-pipelines#trigger-based-scheduling">Trigger-based
scheduling</a>. This feature is in
<a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<h3>Feature</h3>
<p><a href="https://docs.cloud.google.com/bigquery/docs/conversational-analytics">Conversational analytics</a> in BigQuery
is now <a href="https://cloud.google.com/products#product-launch-stages">generally available</a>
(GA) and includes the following features:</p>
<ul>
<li>You can select whether an agent can only use generally available models, or
a mix of preview and generally available models.</li>
<li>You can change the thinking mode of an agent within a conversation.</li>
<li>Agents can ask clarifying questions about your input prompt.</li>
<li>Agent responses include context citations, to help you understand the specific
sources used to generate the answer.</li>
<li>Parameters are supported in verified queries.</li>
<li><p>Agents can use the following AI functions to answer your questions:</p>
<ul>
<li><a href="https://docs.cloud.google.com/bigquery/docs/reference/standard-sql/bigqueryml-syntax-ai-key-drivers"><code>AI.KEY_DRIVERS</code></a></li>
<li><a href="https://docs.cloud.google.com/bigquery/docs/reference/standard-sql/bigqueryml-syntax-ai-if"><code>AI.IF</code></a></li>
<li><a href="https://docs.cloud.google.com/bigquery/docs/reference/standard-sql/bigqueryml-syntax-ai-score"><code>AI.SCORE</code></a></li>
<li><a href="https://docs.cloud.google.com/bigquery/docs/reference/standard-sql/bigqueryml-syntax-ai-classify"><code>AI.CLASSIFY</code></a></li>
<li><a href="https://docs.cloud.google.com/bigquery/docs/reference/standard-sql/bigqueryml-syntax-ai-similarity"><code>AI.SIMILARITY</code></a></li>
<li><a href="https://docs.cloud.google.com/bigquery/docs/reference/standard-sql/bigqueryml-syntax-ai-search"><code>AI.SEARCH</code></a></li>
</ul></li>
<li><p>Conversational analytics supports US MREP and EU MREP
<a href="https://docs.cloud.google.com/bigquery/docs/conversational-analytics#locations">locations</a> that govern
the storage of agent and conversation resources, and the location used for
ML processing.</p></li>
</ul>
<p>You can also create a
<a href="https://docs.cloud.google.com/bigquery/docs/create-conversations#datasets">conversation with a dataset</a>.
This feature is in <a href="https://cloud.google.com/products#product-launch-stages">preview</a>.</p>
<h2 class="release-note-product-title">Cloud Database Migration Service</h2>
<h3>Announcement</h3>
<aside class="note">
<b>Note:</b> MySQL version 9.7 version isn't yet available. For more information, see the
  <a href="#July_02_2026" track-metadata-position="releaseNotes" track-metadata-srcpg="docs/release-notes" track-name="link_to_another_note" track-type="releaseNoteLink">release note from July 2nd, 2026</a>.
</aside>
<p>Database Migration Service for MySQL homogeneous migrations now supports MySQL version 9.7.
For more information, see
<a href="https://docs.cloud.google.com/database-migration/docs/supported-databases" track-metadata-position="releaseNotes" track-metadata-srcpg="docs/release-notes" track-name="supported_src_dst_core" track-type="releaseNoteLink">
Supported source and destination databases</a>.</p>
<h2 class="release-note-product-title">Cloud Service Mesh</h2>
<h3>Security</h3>
<p><strong>1.29.5-asm.3 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains the fix for the security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-040">GCP-2026-040</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.29.5-asm.3 uses Envoy v1.37.5-dev.</p>
<h3>Fixed</h3>
<p>This patch release also contain the fixes for the following CVEs:</p>
<table>
<thead>
<tr>
<th style="text-align: left">CVE</th>
<th style="text-align: left">Proxy</th>
<th style="text-align: left">Control Plane</th>
<th style="text-align: left">Distroless</th>
<th style="text-align: left">CNI</th>
<th style="text-align: left">Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">CVE-2026-34182</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (9.1)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45447</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">High (8.8)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-7383</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (8.1)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-34180</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45445</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-9076</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42766</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.9)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42767</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.9)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-34743</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.3)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45446</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (4.8)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42770</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (3.7)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-40226</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (0.0)</td>
</tr>
</tbody>
</table>
<h3>Security</h3>
<p><strong>1.28.9-asm.2 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains the fix for the security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-040">GCP-2026-040</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.28.9-asm.2 uses Envoy v1.36.9-dev.</p>
<h3>Fixed</h3>
<p>This patch release also contain the fixes for the following CVEs:</p>
<table>
<thead>
<tr>
<th style="text-align: left">CVE</th>
<th style="text-align: left">Proxy</th>
<th style="text-align: left">Control Plane</th>
<th style="text-align: left">Distroless</th>
<th style="text-align: left">CNI</th>
<th style="text-align: left">Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">CVE-2026-34182</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (9.1)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45447</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">High (8.8)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-7383</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (8.1)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-34180</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45445</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-9076</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42766</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.9)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42767</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.9)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-34743</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.3)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45446</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (4.8)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42770</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (3.7)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-40226</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (0.0)</td>
</tr>
</tbody>
</table>
<h3>Security</h3>
<p><strong>1.27.9-asm.8 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains the fix for the security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-040">GCP-2026-040</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.27.9-asm.8 uses Envoy v1.35.13-dev.</p>
<h3>Fixed</h3>
<p>This patch release also contain the fixes for the following CVEs:</p>
<table>
<thead>
<tr>
<th style="text-align: left">CVE</th>
<th style="text-align: left">Proxy</th>
<th style="text-align: left">Control Plane</th>
<th style="text-align: left">Distroless</th>
<th style="text-align: left">CNI</th>
<th style="text-align: left">Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">CVE-2026-34182</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (9.1)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45447</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">High (8.8)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-7383</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (8.1)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-34180</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45445</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-9076</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42766</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.9)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42767</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.9)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-34743</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.3)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45446</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (4.8)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42770</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (3.7)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-40226</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (0.0)</td>
</tr>
</tbody>
</table>
<h3>Security</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>Sidecar version 1.21.6-asm.38, is rolling out to the rapid release channel.</li>
<li>Sidecar version 1.20.8-asm.88 is rolling out to the regular release channel.</li>
<li>Sidecar version 1.19.10-asm.78 is rolling out to the stable release channel.</li>
</ul>
<p>These patch releases contain the fix for the vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-040">GCP-2026-040</a>.</p>
<p>These rollouts will preempt those previously announced on
<a href="#June_12_2026">June 12, 2026</a>.</p>
<h2 class="release-note-product-title">Compute Engine</h2>
<h3>Feature</h3>
<p><strong>Preview</strong>: You can use Gemini in the Google Cloud console as
an AI-powered interface to evaluate hardware options, estimate deployment costs,
and view recommended configurations for your Compute Engine instances.
Prompting Gemini helps you reach an optimal configuration for
your workload before you create or modify a compute instance. For more
information, see
<a href="https://docs.cloud.google.com/compute/docs/design-with-gemini">Design your compute infrastructure with Gemini</a>.</p>
<h2 class="release-note-product-title">Config Connector</h2>
<h3>Announcement</h3>
<p>Config Connector version 1.152.0 is now available.</p>
<h3>Feature</h3>
<p>New Fields:</p>
<ul>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/compute/computereservation"><code>ComputeReservation</code></a>
<ul>
<li>Added <code>spec.shareSettings</code> field.</li>
</ul></li>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/compute/computeforwardingrule"><code>ComputeForwardingRule</code></a>
<ul>
<li>Added <code>status.target</code> field.</li>
</ul></li>
</ul>
<h3>Change</h3>
<p>Reconciliation Improvements:</p>
<p>Added support for direct reconciliation to more resources, with opt-in behaviour. The API is unchanged. To use the direct reconciler, add the <code>cnrm.cloud.google.com/reconciler: direct</code> annotation to the corresponding Config Connector object. The following resources now have direct reconciliation support:</p>
<ul>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/compute/computereservation"><code>ComputeReservation</code></a></li>
<li><a href="https://cloud.google.com/config-connector/docs/reference/resource-docs/firestore/firestoreindex"><code>FirestoreIndex</code></a></li>
</ul>
<h3>Fixed</h3>
<p>Bug Fixes:</p>
<ul>
<li><a href="https://github.com/GoogleCloudPlatform/k8s-config-connector/pull/8025">#8025</a>: <code>SQLInstance</code>: Fixed case sensitivity in <code>availabilityType</code>.</li>
<li><a href="https://github.com/GoogleCloudPlatform/k8s-config-connector/pull/7743">#7743</a>: <code>Preview Tool</code>: Fixed crash on typed resources and hang on defaulting in preview mode.</li>
<li><a href="https://github.com/GoogleCloudPlatform/k8s-config-connector/pull/7371">#7371</a>: <code>ComputeForwardingRule</code>: Fixed target field matching.</li>
<li><a href="https://github.com/GoogleCloudPlatform/k8s-config-connector/pull/8479">#8479</a>: <code>ComputeFutureReservation</code>: Fixed validation logic for future reservation times.</li>
</ul>
<h2 class="release-note-product-title">Gemini Enterprise</h2>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: Observability settings for Deep Research agents (Preview)</strong></p>
<p>You can now configure observability settings for individual Deep Research
agents, the same way as for Agent Designer employee-made agents. This allows
you to monitor metrics in Metrics Explorer and view trace results in
Trace Explorer for specific Deep Research agents.</p>
<p>Observability for Deep Research agents is enabled via the agent-level
<strong>Observability</strong> toggle, not the app-level toggle used for the Core Assistant
agent.</p>
<p>This feature is in Public Preview. For more information, see
<a href="https://docs.cloud.google.com/gemini/enterprise/docs/manage-observability-settings">Manage observability settings</a>.</p>
<h2 class="release-note-product-title">Google Kubernetes Engine</h2>
<h3>Issue</h3>
<p>For GKE cluster version 1.34.1-gke.3899001 (sidecar mounter image version
1.21.9) and later affected versions, Cloud Storage FUSE volumes might fail to
mount if the GKE metadata service isn't ready when the Cloud Storage FUSE
sidecar initiates.</p>
<p>When this issue occurs, you might see the following error:</p>
<pre class="devsite-disable-click-to-copy wrap-code devsite-click-to-copy"><code>MountVolume.SetUp failed for volume "volume-name" : rpc error: code = Internal desc = the sidecar container terminated due to Error, exit code: 255
</code></pre>
<p>Additionally, the <code>gcsfuse-sidecar</code> container displays the following error:</p>
<pre class="devsite-disable-click-to-copy wrap-code devsite-click-to-copy"><code>Failed to fetch identity pool and identity provider details required for bucket access check, got error Failed to set up metadata service: failed to get project: Get "http://X.X.X.X/computeMetadata/v1/project/project-id": dial tcp 169.254.169.254:80: connect: connection refused for identity pool PROJECT_ID.svc.id.goog and identity provider https://container.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_NAME
</code></pre>
<p><strong>Mitigation</strong></p>
<p>To resolve this issue, perform one of the following mitigations:</p>
<ol>
<li><p>Upgrade your cluster to one of the following fixed GKE versions:</p>
<ul>
<li><code>1.34.8-gke.1218000</code> or later</li>
<li><code>1.35.3-gke.2347000</code> or later</li>
<li><code>1.36.0-gke.1266000</code> or later.</li>
</ul></li>
<li><p>Create an init container in your Pod that validates metadata service
availability.</p></li>
<li><p>Manually inject the sidecar to ensure the sidecar is blocked by an init
container.</p></li>
</ol>
<p>For more information, see the <a href="https://github.com/GoogleCloudPlatform/gcs-fuse-csi-driver/blob/main/docs/troubleshooting.md#limitations">Cloud Storage FUSE CSI driver troubleshooting
guide</a>.</p>
<h3>Issue</h3>
<p><span id="wi-issue-20260623"></span>
In GKE version 1.35 and later, due to faster node startup, workloads that use
Dataplane V2 and Workload Identity Federation for GKE to <a href="https://docs.cloud.google.com/kubernetes-engine/docs/how-to/workload-identity">authenticate to Google Cloud
APIs</a> might experience
transient connectivity timeouts or refused connections to the GKE metadata
server immediately following node startup.</p>
<p>For recommendations and workarounds
if this impacts your workload (for example, if your workload doesn't retry
requests until they succeed), see <a href="https://docs.cloud.google.com/kubernetes-engine/docs/troubleshooting/authentication#troubleshoot-timeout">Timeout errors at Pod
startup</a>,
specifically by deploying an <code>initContainer</code>.</p>
<p>Alternatively, add any
that selects no workloads, such as in a namespace with no workloads—to GKE Dataplane V2,
<a href="https://docs.cloud.google.com/kubernetes-engine/docs/how-to/network-policy">network policy</a>—including one
which disables the faster node startup.
Improvements are in progress and coming in a future GKE patch.</p>
<h2 class="release-note-product-title">Google SecOps</h2>
<h3>Feature</h3>
<p><strong>[Spotlight Feature] Ask Gemini Cloud Assist in Feed Management</strong></p>
<p>Google SecOps now provides Gemini Cloud Assist (GCA) directly within the Feed Management interface. Use the new <strong>Ask Gemini Cloud Assist</strong> button to get help with feed creation, setup, and general troubleshooting questions.</p>
<p>Click <strong>Ask Gemini Cloud Assist</strong> to open the Gemini Cloud Assist panel and ask questions to get guidance on:</p>
<ul>
<li>Configuring and managing data feeds.</li>
<li>Understanding ingestion pre-requisites and setup steps for different log sources.</li>
<li>Resolving common setup issues.</li>
</ul>
<p><em>Note: Gemini Cloud Assist provides recommendations and answers to your questions, but does not perform configuration changes on your behalf. You must apply any recommended changes manually to your feeds.</em></p>
<p>For more information, see <a href="https://docs.cloud.google.com/chronicle/docs/administration/feed-management-overview">Feed management overview</a>.</p>
<h3>Change</h3>
<p><strong>Ingestion metrics reporting correction</strong></p>
<p>Google Security Operations has resolved an issue where certain ingestion metrics—which are displayed in both the dashboard and Cloud Monitoring—were under-reported.</p>
<p>Because of this correction, you might notice a one-time apparent spike in your ingestion metrics when the update is enabled for your region (between June 29 and July 10, 2026). The actual log volume ingested remains unchanged.</p>
<p>Historical metrics recorded before this update will not be modified or backfilled. This correction does not affect customer billing.</p>
<p>If you have questions or need assistance, contact Google Security Operations support.</p>
<h3>Breaking</h3>
<p><strong>Critical Notice: Upcoming reservation of siemAlertId field</strong></p>
<p>Effective July 5, 2026, the <code>siemAlertId</code> field will be strictly reserved for
internal Chronicle SIEM alert IDs.</p>
<p>Starting July 5, the system will automatically overwrite any custom or
user-supplied data passed through this field. This change impacts all ingestion
methods, including the Ingestion API, webhooks, and both first-party and
third-party connectors. If you are currently utilizing a custom field named
<code>siemAlertId</code> in any of your data ingestion configurations, please migrate to a
different field name immediately to prevent data loss.</p>
<h2 class="release-note-product-title">Google SecOps SIEM</h2>
<h3>Feature</h3>
<p><strong>Ask Gemini Cloud Assist in Feed Management</strong></p>
<p>Google SecOps now provides Gemini Cloud Assist (GCA) directly within the Feed Management interface to help you with feed creation, setup, and general troubleshooting questions.</p>
<p>A new <strong>Ask Gemini Cloud Assist</strong> button is now available in the Feed Management interface. You can click this button to open the Gemini Cloud Assist panel and ask questions to get guidance on:</p>
<ul>
<li>Configuring and managing data feeds.</li>
<li>Understanding ingestion pre-requisites and setup steps for different log sources.</li>
<li>Resolving common setup issues.</li>
</ul>
<p><em>Note: Gemini Cloud Assist provides recommendations and answers to your questions, but does not perform configuration changes on your behalf. You must apply any recommended changes manually to your feeds.</em></p>
<p>For more information, see <a href="https://docs.cloud.google.com/chronicle/docs/administration/feed-management-overview">Feed management overview</a>.</p>
<h3>Change</h3>
<p><strong>Ingestion metrics reporting correction</strong></p>
<p>Google Security Operations has resolved an issue where certain ingestion metrics—which are displayed in both the dashboard and Cloud Monitoring—were under-reported.</p>
<p>Because of this correction, you might notice a one-time apparent spike in your ingestion metrics when the update is enabled for your region (between June 29 and July 10, 2026). The actual log volume ingested remains unchanged.</p>
<p>Historical metrics recorded before this update will not be modified or backfilled. This correction does not affect customer billing.</p>
<p>If you have questions or need assistance, contact Google Security Operations support.</p>
<h2 class="release-note-product-title">Google SecOps SOAR</h2>
<h3>Breaking</h3>
<p><strong>Critical Notice: Upcoming reservation of siemAlertId field</strong></p>
<p>Effective July 5, 2026, the <code>siemAlertId</code> field will be strictly reserved for
internal Chronicle SIEM alert IDs. </p>
<p>Starting July 5, the system will automatically overwrite any custom or
user-supplied data passed through this field. This change impacts all ingestion
methods, including the Ingestion API, webhooks, and both first-party and
third-party connectors. If you are currently utilizing a custom field named 
<code>siemAlertId</code> in any of your alert ingestion configurations, please
migrate to a different field name immediately to prevent data loss.</p>
<h2 class="release-note-product-title">Knowledge Catalog</h2>
<h3>Feature</h3>
<p>You can control data lineage ingestion for BigQuery and Managed Service for Apache Airflow at the organization, folder, or project level. This feature is available in <a href="https://cloud.google.com/products#product-launch-stages">preview</a>.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/dataplex/docs/about-data-lineage#control-lineage-ingestion">Control data ingestion</a>.</p>
<h2 class="release-note-product-title">SAP on Google Cloud</h2>
<h3>Announcement</h3>
<p><strong>ABAP SDK for Google Cloud version 1.14 (On-premises or any cloud edition)</strong></p>
<p>Version 1.14 of the on-premises or any cloud edition of the ABAP SDK for Google
Cloud is generally available (GA).</p>
<p>This version resolves an issue that occurred during signature verification for Cloud Storage content repository and removes an unreferenced node from the SPRO configuration menu.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/sap/docs/abap-sdk/on-premises-or-any-cloud/whats-new#version-1-14">What's new with the ABAP SDK for Google Cloud</a>.</p>
<h3>Announcement</h3>
<p><strong>BigQuery Connector for SAP version 2.15</strong></p>
<p>Version 2.15 of the BigQuery Connector for SAP is generally available (GA).
This version resolves issues related to column descriptions in standalone SLT
system configurations and attribute consistency in Pub/Sub messages during
Change Data Capture (CDC) replication.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/sap/docs/bq-connector/whats-new#version-2-15">What's new with BigQuery Connector for SAP</a>.</p>
<h2 class="release-note-product-title">Sensitive Data Protection</h2>
<h3>Feature</h3>
<p><a href="https://docs.cloud.google.com/sensitive-data-protection/docs/infotypes-reference#image-context">Image safety classification infoTypes</a> are now supported in <code><a href="https://cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/InspectConfig#excludebyimagefindings">ExcludeByImageFindings</a></code> and <code><a href="https://cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/InspectConfig#adjustbyimagefindings">AdjustByImageFindings</a></code> detection rules.</p>
<p>For information about configuring these rules, see <a href="https://docs.cloud.google.com/sensitive-data-protection/docs/creating-custom-infotypes-rules">Modifying infoType detectors
to refine scan results</a>.</p>
<h2 class="release-note-product-title">Spanner</h2>
<h3>Feature</h3>
<p>Spanner supports
<a href="https://docs.cloud.google.com/spanner/docs/latency-points#direct_connectivity">direct connectivity</a>.
When enabled, your application traffic is routed directly to
Spanner servers, bypassing the Google Front End (GFE) servers.
This can reduce your overall latency.
Direct connectivity is
<a href="https://docs.cloud.google.com/products#product-launch-stages">generally available (GA)</a>.</p>
<h2 class="release-note-product-title">Virtual Private Cloud</h2>
<h3>Feature</h3>
<p><strong>General Availability</strong>: Service consumers can authorize Private Service
Connect interfaces to connect to network attachments by adding service class IDs
to a network attachment's accept list.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/vpc/docs/about-network-attachments#connection-policies">Authorization policies</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 22, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_22_2026</id>
    <updated>2026-06-22T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_22_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">AI Hypercomputer</h2>
<h3>Feature</h3>
<p><strong>Preview</strong>: RoCE VPC networks for VM instances support assigning alias IP
ranges to <code>MRDMA</code> vNICs. For more information about these features, see the
following:</p>
<ul>
<li><a href="https://docs.cloud.google.com/vpc/docs/rdma-network-profiles">RDMA network profiles</a></li>
<li><a href="https://docs.cloud.google.com/vpc/docs/alias-ip">Alias IP ranges</a></li>
</ul>
<h2 class="release-note-product-title">Apigee X</h2>
<h3>Announcement</h3>
<p>On June 22nd, 2026, we released an updated version of Apigee (1-17-0-apigee-10).</p>
<aside class="note"><strong>Note:</strong><span> Rollouts of this release began today and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.</span></aside>
<h3>Security</h3>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>519996459</strong></td>
<td><strong>Security fix for Apigee.</strong> Upgraded the Apigee ingress gateway to patch the following vulnerabilities: <p><ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27143">CVE-2026-27143</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-14993">CVE-2019-14993</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-39155">CVE-2021-39155</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-39156">CVE-2021-39156</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-23635">CVE-2022-23635</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27140">CVE-2026-27140</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27144">CVE-2026-27144</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-29181">CVE-2026-29181</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32280">CVE-2026-32280</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32281">CVE-2026-32281</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32283">CVE-2026-32283</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33811">CVE-2026-33811</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33814">CVE-2026-33814</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34986">CVE-2026-34986</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-35469">CVE-2026-35469</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39820">CVE-2026-39820</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39836">CVE-2026-39836</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39883">CVE-2026-39883</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-4046">CVE-2026-4046</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-42499">CVE-2026-42499</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-42501">CVE-2026-42501</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-42504">CVE-2026-42504</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-31045">CVE-2022-31045</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27145">CVE-2026-27145</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32282">CVE-2026-32282</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32288">CVE-2026-32288</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32289">CVE-2026-32289</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39350">CVE-2026-39350</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39817">CVE-2026-39817</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39819">CVE-2026-39819</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39823">CVE-2026-39823</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39825">CVE-2026-39825</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39826">CVE-2026-39826</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-41413">CVE-2026-41413</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-42507">CVE-2026-42507</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-4437">CVE-2026-4437</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-4438">CVE-2026-4438</a></li></ul></p></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fix for Apigee infrastructure.</strong></td>
</tr>
</tbody>
</table>
<h3>Fixed</h3>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>515788622</strong></td>
<td>Upgraded the default outbound TLS protocol from TLSv1.2 to TLSv1.3 on JVMs that support it. Per-proxy <code>&lt;SSLInfo&gt;&lt;Protocols&gt;</code> settings continue to take precedence, and the new <code>HTTPClient.outbound.tls.protocol</code> override lets operators force a specific protocol.</td>
</tr>
<tr>
<td><strong>184266748</strong></td>
<td>Fixed an issue where ApigeeDatastore TLS certificate creation could fail in namespaces with longer names when the certificate common name exceeded the 64-byte limit.</td>
</tr>
<tr>
<td><strong>286069772</strong></td>
<td>Added a per-gateway <code>proxyProtocol.mode</code> property (strict, permissive, disable) on Apigee ingress gateway components to opt in to HAProxy PROXY-protocol parsing. The property defaults to disable.</td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td>Updates to infrastructure and libraries.</td>
</tr>
</tbody>
</table>
<h2 class="release-note-product-title">BigQuery</h2>
<h3>Feature</h3>
<p>You can use the BigQuery Data Transfer Service to transfer metadata from the
following data sources into Knowledge Catalog:</p>
<ul>
<li><a href="https://docs.cloud.google.com/bigquery/docs/oracle-transfer#transfer_metadata">Oracle</a></li>
<li><a href="https://docs.cloud.google.com/bigquery/docs/mysql-transfer#transfer_metadata">MySQL</a></li>
</ul>
<p>This feature is in
<a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<h2 class="release-note-product-title">Cloud Billing</h2>
<h3>Feature</h3>
<p><strong>Resource-based CUD recommendations available for Compute Engine GPUs, Local SSD disks, and OS licenses</strong></p>
<p>Resource-based committed use discount (CUD) recommendations are generally available (GA) for GPUs, Local SSD disks, and premium operating system (OS) licenses.</p>
<p>CUD recommendations provide insight into any additional commitments that you can
purchase to optimize the costs of the resources that you run. You can use these
recommendations and purchase commitments for resource usage that isn't covered
by commitments and is being charged at list prices. Google Cloud analyzes your
compute instance spending trends with and without a commitment and generates
CUD recommendations on a monthly basis.</p>
<p>For more information about how CUD recommendations are generated, what resource
types are supported, and how to use recommendations to purchase commitments, see
<a href="https://docs.cloud.google.com/docs/cuds-recommender">Get recommendations for committed use discounts (CUDs)</a>.</p>
<h2 class="release-note-product-title">Cloud Logging</h2>
<h3>Security</h3>
<p>If the parent project for a Cloud Storage bucket changes, a log sink
stops routing log entries to that bucket. For more information about error
messages and recovery options, see
<a href="https://docs.cloud.google.com/logging/docs/export/troubleshoot#errors_exporting_to_cloud_storage">Errors routing to Cloud Storage</a>.</p>
<h2 class="release-note-product-title">Cloud Monitoring</h2>
<h3>Feature</h3>
<p>Metrics Explorer can automatically break down a chart into a series of tiles,
with each displaying time-series data for a specific label key. This view helps
you identify spikes, dips, or trends that the aggregation settings might
otherwise hide.</p>
<p>To learn more, see
<a href="https://docs.cloud.google.com/monitoring/charts/breakdown-chart-by-labels">Break down a chart by labels</a>.</p>
<h2 class="release-note-product-title">Cloud SQL for PostgreSQL</h2>
<h3>Feature</h3>
<p>Customer-managed encryption key (CMEK) support for Cloud SQL enhanced backups is
generally available. You can protect your CMEK-enabled Cloud SQL instances
using Google Cloud Backup and DR Service.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/sql/docs/postgres/backup-recovery/backup-options">Choose your backup
option</a>.</p>
<h2 class="release-note-product-title">Cloud SQL for SQL Server</h2>
<h3>Feature</h3>
<p>Customer-managed encryption key (CMEK) support for Cloud SQL enhanced backups is
generally available. You can protect your CMEK-enabled Cloud SQL instances
using Google Cloud Backup and DR Service.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/sql/docs/sqlserver/backup-recovery/backup-options">Choose your backup
option</a>.</p>
<h2 class="release-note-product-title">Cloud Service Mesh</h2>
<h3>Feature</h3>
<p>The <a href="https://docs.cloud.google.com/service-mesh/docs/data-plane-extensibility#typegoogleapiscomenvoyextensionsfiltershttpluav3lua">Envoy Lua Filter</a>
is now available as a preview feature in the rapid release channel.</p>
<h2 class="release-note-product-title">Compute Engine</h2>
<h3>Feature</h3>
<p><strong>Generally available</strong>: You can create instances all at once in a regional
managed instance group (MIG) by using resize requests. For more information, see
<a href="https://docs.cloud.google.com/compute/docs/instance-groups/about-resize-requests-mig">About resize requests in a MIG</a>.</p>
<h3>Feature</h3>
<p><strong>Generally available</strong>: Resource-based committed use discount (CUD)
recommendations are available for GPUs, Local SSD disks, and premium operating
system (OS) licenses.</p>
<p>CUD recommendations provide insight into any additional commitments that you can
purchase to optimize the costs of the resources that you run. You can use these
recommendations and purchase commitments for resource usage that isn't covered
by commitments and is being charged at list prices. Google Cloud analyzes your
compute instance spending trends with and without a commitment and generates
CUD recommendations on a monthly basis.</p>
<p>For more information about how CUD recommendations are generated, what resource
types are supported, and how to use recommendations to purchase commitments, see
<a href="https://docs.cloud.google.com/docs/cuds-recommender">Get recommendations for committed use discounts (CUDs)</a>.</p>
<h2 class="release-note-product-title">Container Optimized OS</h2>
<h3>Change</h3>
<h3 id="cos-129-19506-224-52_">cos-129-19506-224-52 <a id='"cos-arm64-129-19506-224-52"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/fd31f7d8b65031d8f8a98c7aafc59c84a831dfc0
">COS-6.12.90</a></td>
<td>v27.5.1</td>
<td>v2.2.3</td>
<td><a href="https://storage.googleapis.com/cos-tools/19506.224.52/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Change</h3>
<h3 id="cos-dev-133-19879-0-0_">cos-dev-133-19879-0-0 <a id='"cos-arm64-dev-133-19879-0-0"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/ef0c067405ff6956b986d853c39c609e6d457228
">COS-6.18.35</a></td>
<td>v29.4.3</td>
<td>v2.2.3</td>
<td><a href="https://storage.googleapis.com/cos-tools/19879.0.0/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Announcement</h3>
<p>Minor changes.</p>
<h3>Fixed</h3>
<p>Upgraded app-admin/logrotate to v3.22.0-r1.</p>
<h3>Fixed</h3>
<p>Upgraded app-admin/oslogin to v20260605.00.</p>
<h3>Fixed</h3>
<p>Upgraded chromeos-base/google-breakpad to v2026.06.03.194714-r275.</p>
<h3>Fixed</h3>
<p>Upgraded cos-gpu-installer to v2.7.4.</p>
<h3>Fixed</h3>
<p>Upgraded dev-db/sqlite to v3.53.2-r1.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/less to v704.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-50195, CVE-2026-53488, CVE-2026-53492, CVE-2026-53489, and CVE-2026-47262 in app-containers/containerd.</p>
<h3>Change</h3>
<h3 id="cos-125-19216-395-112_">cos-125-19216-395-112 <a id='"cos-arm64-125-19216-395-112"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/1dd147644c2ffa2b98ed57056012bfed5c2d2190
">COS-6.12.85</a></td>
<td>v27.5.1</td>
<td>v2.1.7</td>
<td><a href="https://storage.googleapis.com/cos-tools/19216.395.112/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Announcement</h3>
<p>Minor changes.</p>
<h3>Change</h3>
<h3 id="cos-121-18867-381-184_">cos-121-18867-381-184 <a id='"cos-arm64-121-18867-381-184"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/0cf599aaec4ef39b7c8fddb48963b257e7b1e3c7
">COS-6.6.137</a></td>
<td>v27.5.1</td>
<td>v2.0.8</td>
<td><a href="https://storage.googleapis.com/cos-tools/18867.381.184/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Security</h3>
<p>Fixed CVE-2026-5928 in sys-libs/glibc.</p>
<h3>Change</h3>
<h3 id="cos-117-18613-613-62_">cos-117-18613-613-62 <a id='"cos-arm64-117-18613-613-62"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/6baf9cd9b87dc7ebfbc0bf533cef571e4fbcf31e
">COS-6.6.137</a></td>
<td>v24.0.9</td>
<td>v1.7.31</td>
<td><a href="https://storage.googleapis.com/cos-tools/18613.613.62/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Announcement</h3>
<p>Minor changes.</p>
<h2 class="release-note-product-title">Dataflow</h2>
<h3>Feature</h3>
<p>You can now use <a href="https://docs.cloud.google.com/compute/docs/disks/hd-types/hyperdisk-balanced">Hyperdisk Balanced</a>
disks for Dataflow worker VMs. With Hyperdisk Balanced disks, you can provision
IOPS and throughput independently of disk size by using the <code>diskProvisionedIOPS</code>
and <code>diskProvisionedThroughput</code> pipeline options (Java SDK) or
<code>disk_provisioned_iops</code> and <code>disk_provisioned_throughput_mibps</code> pipeline options
(Python and Go SDKs). For more information, see
<a href="https://docs.cloud.google.com/dataflow/docs/guides/configure-worker-vm#disk-type">Disk type</a> and
<a href="https://docs.cloud.google.com/dataflow/docs/guides/configure-worker-vm#provisioned-performance">Provision IOPS and throughput</a>.</p>
<h2 class="release-note-product-title">Gemini Enterprise Agent Platform</h2>
<h3>Change</h3>
<p><strong>Supervised fine-tuning available for Gemini 3.1 Flash Lite and Gemini 3.5 Flash in Public Preview</strong></p>
<p>Supervised fine-tuning is now available for the <code>gemini-3.1-flash-lite</code> and
<code>gemini-3.5-flash</code> models in
<a href="https://cloud.google.com/products#product-launch-stages">Preview</a>. Model tuning
for Gemini 3.1 Flash Lite and Gemini 3.5 Flash is restricted to <code>us-central1</code>
and <code>europe-west4</code> and tuned model serving is restricted to the <code>us</code> and <code>eu</code>
multi-region endpoints.</p>
<p>See <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/models/gemini-supervised-tuning">About supervised
fine-tuning</a>
for more information.</p>
<h3>Feature</h3>
<p><strong>Provisioned Throughput support for supervised fine-tuned Gemini 3 model inference.</strong></p>
<p>Provisioned Throughput can be used to assure supervised fine-tuned inference using the same quota. Supervised fine-tuned inference for Gemini 3 models incurs a higher burndown rate compared to base model inference. Learn more <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/models/provisioned-throughput/supported-models#supervised-fine-tuned-model-support">here</a>.</p>
<h2 class="release-note-product-title">Google Cloud Contact Center as a Service</h2>
<h3>Announcement</h3>
<p><strong>Google Cloud CCaaS 4.43</strong></p>
<p>We've released version 4.43 of Google Cloud CCaaS.</p>
<p>The timing of the update to your instance depends on the deployment schedule
that you have chosen. For more information, see <a href="https://cloud.google.com/contact-center/ccai-platform/docs/deployment-schedules">Deployment
schedules</a>.</p>
<h3>Feature</h3>
<p><strong>Calls to direct numbers display language selection in the call adapter</strong></p>
<p>When an agent receives a direct call, the call adapter now displays the language
that the caller chose during language selection.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/contact-center/ccai-platform/docs/call-settings#direct-phone-numbers">Direct phone
numbers</a>.</p>
<h3>Feature</h3>
<p><strong>HubSpot: Control the display of CRM account fields and record fields in the
agent adapter</strong></p>
<p>You can now control how CRM account fields (contact and company) and record
fields (ticket and deal) appear in the agent adapter for HubSpot integrations.
This gives agents immediate access to important context such as VIP status,
account ownership, and ticket priority during live interactions.</p>
<p>Administrators: In the <strong>Settings <span aria-label="and then">&gt;</span> Developer Settings <span aria-label="and then">&gt;</span>
CRM <span aria-label="and then">&gt;</span> Agent Platform <span aria-label="and then">&gt;</span> HubSpot <span aria-label="and then">&gt;</span> Account
Lookup</strong> section, there are two new <strong>CRM Account Display Fields</strong> sections and
a new <strong>CRM Record Display Fields</strong> section.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/contact-center/ccai-platform/docs/hubspot-lookups">HubSpot
lookups</a>.</p>
<h3>Feature</h3>
<p><strong>The chat API supports CSAT surveys</strong></p>
<p>You can now conduct customer satisfaction (CSAT) surveys using the chat API. You
can configure CSAT surveys at the global level and at the queue level.</p>
<p>Administrators: On the <strong>Settings <span aria-label="and then">&gt;</span> Chat</strong> page, there's a new <strong>Chat
API</strong> section.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/contact-center/ccai-platform/docs/csat-chat-api#adding_translations_for_multiple_languages">CSAT in the chat
API</a>.</p>
<h3>Fixed</h3>
<p>This release addresses the following issues:</p>
<ul>
<li><p>Fixed an issue where uploading a PDF document to a chat made the
conversation history unavailable during a session transfer or page refresh.</p></li>
<li><p>Fixed an issue where direct SMS chats didn't send termination notifications
at the end of the chat.</p></li>
<li><p>Fixed an issue where the after-hours voicemail greeting didn't play during
agent-to-agent call deflections.</p></li>
<li><p>Fixed an issue where SIP and IVR calls intermittently failed if the caller
disconnected before a virtual agent was assigned.</p></li>
<li><p>Fixed an issue where calls deflected to voicemail during after-hours were
incorrectly reported as errors in the <strong>All Call History</strong> report.</p></li>
<li><p>Fixed an issue where direct inbound calls were incorrectly deflected to
voicemail during an agent's available hours when agent deflections were
enabled.</p></li>
<li><p>Fixed an issue where inbound voice calls failed with an application error
during the initial lookup phase.</p></li>
<li><p>Fixed a Kustomer issue where Agent Assist transcripts were
delivered to the CRM as file attachments instead of timeline notes.</p></li>
<li><p>Fixed an issue where the <strong>In Progress</strong> banner and the <strong>Cancel</strong> button
didn't appear immediately after a virtual task assistant request was
initiated.</p></li>
<li><p>Fixed an issue where campaigns stayed in a paused state instead of
transitioning to a completed state after finishing.</p></li>
<li><p>Fixed a Deltacast issue where chats weren't routed correctly to available
agents when the company-wide concurrency setting was disabled but individual
agent limits were active.</p></li>
<li><p>Fixed an issue where supervisor monitoring and whisper features caused
system errors during call recording.</p></li>
<li><p>Fixed an issue where agents couldn't dismiss forwarded voicemails if the
source queue had been deleted.</p></li>
<li><p>Fixed an issue where Telnyx calls that ended normally didn't generate a
disconnect event, resulting in missing recordings, missing transcripts, and
calls appearing to still be active in the CCAI Platform portal.</p></li>
<li><p>Fixed an issue where consecutive IVR queue deletions caused performance
delays and timeout errors.</p></li>
<li><p>Fixed an issue where queue-level automatic wrap-up settings were
disabled without an end-user action.</p></li>
<li><p>Fixed an issue where the queue settings page displayed inconsistent whisper
announcement statuses and didn't play queue names during calls.</p></li>
<li><p>Fixed an issue where the <strong>Queues</strong> page displayed incorrect overcapacity
deflection settings when end-users navigated quickly between different
queues.</p></li>
<li><p>Fixed an issue where virtual agents attempted to fail over to a human agent
during outages even when no human agent was configured.</p></li>
<li><p>Fixed a Salesforce issue where initiating an outbound call from an active
case linked to a separate case assigned to a different user, incorrectly
overriding ownership of the second case.</p></li>
<li><p>Fixed a Kustomer issue where duplicate conversation records were created in
the CRM during calls.</p></li>
<li><p>Fixed a Kustomer issue where SMS chat sessions didn't create tickets in the
CRM.</p></li>
<li><p>Fixed an issue where underscores in an email address in a shortcut
were converted to double backslashes when an agent sent the email address to
an end-user.</p></li>
<li><p>Fixed an issue where deleting Twilio records caused unnecessary errors.</p></li>
<li><p>Fixed an issue where disabling the global CSAT setting prevented IVR surveys
from being offered to callers, even when the surveys were enabled for
specific queues.</p></li>
</ul>
<h2 class="release-note-product-title">Knowledge Catalog</h2>
<h3>Feature</h3>
<p>Knowledge Catalog connectors for importing metadata from Oracle and MySQL data
sources are available in <a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<p>Knowledge Catalog connectors automatically extract metadata (technical,
operational, and business) from external data sources and import it into
Knowledge Catalog entry groups. You can schedule metadata import runs on a set
schedule.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/dataplex/docs/connectors">About database connectors</a>
and <a href="https://docs.cloud.google.com/dataplex/docs/manage-connector-jobs">Manage connector jobs</a>.</p>
<h2 class="release-note-product-title">Looker</h2>
<h3>Announcement</h3>
<p>Starting June 22, 2026, the following features will begin rolling out as part of Looker 26.10.</p>
<h3>Feature</h3>
<p>The <a href="https://docs.cloud.google.com/looker/docs/gemini-expression-asst">Gemini Expression Assistant</a> preview feature has been updated to increase performance.</p>
<p><strong>Note:</strong> This item was updated on June 26, 2026 to indicate support for Looker (original) only.</p>
<h3>Feature</h3>
<p>New in Looker 26.10, Looker project deployments have transitioned from a synchronous to an asynchronous process to improve reliability and efficiency. Deployments now run as background processes. Instead of waiting for a deployment to finish, the system immediately returns a deployment ID, allowing you to continue your work without being blocked. In addition, the Looker IDE's <strong>Deploy</strong> tab is visible for all LookML projects, not just for projects where <a href="https://docs.cloud.google.com/looker/docs/advanced-deploy-mode">advanced deploy mode</a> is enabled. For projects where advanced deploy mode is disabled, when a LookML developer <a href="https://docs.cloud.google.com/looker/docs/version-control-and-deploying-changes#deploying_to_production">deploys to production</a>, the Looker IDE displays a confirmation that the deployment was submitted. The confirmation dialog has a <strong>Go to Deployment Manager</strong> button, which you can click to open the <strong>Deploy</strong> tab in the IDE and see the status of your recent deployments.</p>
<p><strong>Note:</strong> This item was added on June 23, 2026.</p>
<h3>Feature</h3>
<p>The <a href="https://docs.cloud.google.com/looker/docs/exploring-self-service"><strong>Self-service Explores</strong></a> feature has the following updates:</p>
<ul>
<li>You can now <a href="https://docs.cloud.google.com/looker/docs/exploring-self-service#bq-table">upload data from a BigQuery database table to create a self-service Explore</a>.</li>
<li>Previously, on the Looker <a href="https://docs.cloud.google.com/looker/docs/admin-panel-self-service-explore"><strong>Self-service Explores</strong> Admin page</a>, there was a single toggle to enable data uploads on the instance. If the <strong>Data Uploads</strong> toggle was enabled, and your Looker admin also <a href="https://docs.cloud.google.com/looker/docs/admin-panel-self-service-explore#enable-apis">enabled the APIs to support Google Sheets uploads</a>, then data imports from Google Sheets were enabled on the instance. Starting in Looker 26.10, there is a separate toggle for <strong>Google Sheets data import</strong> to allow your Looker admin more granular control over the data uploads on the instance. Your Looker admin can't enable this toggle until after the Looker admin has enabled the the APIs to support Google Sheets uploads.</li>
</ul>
<h3>Feature</h3>
<p>Now available in preview, model localization is supported for imported projects. By default, Looker uses the locale definitions from the importing project only, if the importing project has locale definitions. However, if you want to merge the locale definitions from an imported project with the locale definitions of the importing project, you can add the <code>import_locale_defs: yes</code></p>
<aside class="note"><strong>Note:</strong><span> The release of this preview feature has been temporarily delayed. This release note was updated on July 9, 2026.</span></aside>
<h3>Feature</h3>
<p>Dashboard editors can now enable the <a href="https://docs.cloud.google.com/looker/docs/editing-user-defined-dashboards#preserve-dashboard-layout"><strong>Preserve desktop layout</strong></a> setting to preserve the layout of a dashboard when users view the dashboard in a smaller browser or on a mobile screen. Users can navigate the dashboard with a zoom slider that enlarges tiles, and they can <a href="https://docs.cloud.google.com/looker/docs/mobile-app-viewing-dashboards#viewing_new_dashboards_in_the_app">switch between desktop and mobile view</a>.</p>
<h3>Feature</h3>
<p>When you <a href="https://docs.cloud.google.com/looker/docs/reference/param-view-derived-analytic-model#publish_as_db_analytic_model">publish an in-database analytic model as a stable model on your database</a>, you can now view its stable name in the <strong>Stable Name</strong> field of the <a href="https://docs.cloud.google.com/looker/docs/admin-panel-database-pdts#pdt_details_modal"><strong>PDT Details</strong> modal</a> on the <strong>Persistent Derived Tables</strong> admin page. You can then use the stable name to query the published analytic model. See the <a href="https://docs.cloud.google.com/looker/docs/reference/param-view-derived-analytic-model#pdt_details_modal"><code>derived_analytic_model</code></a> parameter page for more information.</p>
<p><strong>Note:</strong> This item was added on June 26, 2026.</p>
<h3>Feature</h3>
<p><a href="https://docs.cloud.google.com/looker/docs/continuous-integration">Continuous Integration (CI)</a> suites can now be configured to <a href="https://docs.cloud.google.com/looker/docs/ci-create-suite#schedule-trigger">automatically run on a recurring schedule</a>.</p>
<h3>Feature</h3>
<p>The character limit for descriptions on dashboards and Looks has been increased to 2,000 characters, giving content creators the ability to add comprehensive descriptions, operational definitions, and notes to their dashboards and Looks to ensure that viewers fully understand the data context.</p>
<p>This feature is available to any user with standard content editing rights (<a href="https://docs.cloud.google.com/looker/docs/organizing-spaces#folder_access_levels">Edit content access level</a> or <a href="https://docs.cloud.google.com/looker/docs/admin-panel-users-roles#save_dashboards"><code>save_dashboards</code></a> or <a href="https://docs.cloud.google.com/looker/docs/admin-panel-users-roles#save_looks"><code>save_looks</code></a> permissions).</p>
<h3>Feature</h3>
<p>The <a href="https://docs.cloud.google.com/looker/docs/finding-content#searching_for_saved_content">Enhanced search</a> feature is now generally available.</p>
<p><strong>Note</strong>: The general availability of <strong>Enhanced Search</strong> preview feature has been temporarily delayed. This release note was updated on July 1, 2026.</p>
<h3>Feature</h3>
<p>Looker admins can now programmatically change the owner of dashboards, boards, and agents with the <a href="https://docs.cloud.google.com/looker/docs/reference/looker-api/latest">Looker API</a> by updating the associated user ID. This simplifies offboarding and content reassignment when users change roles or leave the organization.</p>
<p>When the owner of a dashboard, a board, or an agent is changed, new owners are automatically granted <a href="https://docs.cloud.google.com/looker/docs/organizing-spaces#folder_access_levels">Manage/Edit access</a> to transferred agents. Any existing <a href="https://docs.cloud.google.com/looker/docs/content-certification">certification badges</a> on transferred dashboards remain intact.</p>
<p>The API initiator must have <a href="https://docs.cloud.google.com/looker/docs/admin-panel-users-roles#save_content"><code>save_content</code></a> and <a href="https://docs.cloud.google.com/looker/docs/admin-panel-users-roles#manage_spaces"><code>manage_spaces</code></a> access to the folder where the asset resides.</p>
<p>Transferring ownership of dashboards and boards doesn't automatically grant the new owner access to parent folders, models, or underlying Looks.</p>
<h3>Feature</h3>
<p>Now available in preview, the <a href="https://docs.cloud.google.com/looker/docs/filters-user-defined-dashboards#filters_as_tiles">Filters as tiles and tile-level filter context</a> feature lets you convert dashboard filters into draggable tiles on the dashboard canvas. A dashboard editor can then drag and arrange filter tiles on the dashboard canvas in the same way as other dashboard tiles. To enable this feature, a Looker admin must turn on the <strong>Filters as tiles and tile-level filter context</strong> setting on the <strong>Previews</strong> admin page.</p>
<p>In addition, viewers can now check which filters are applied to a specific visualization tile.</p>
<h3>Feature</h3>
<p>Now available in preview, the <a href="https://docs.cloud.google.com/looker/docs/google-map-options">Google Maps</a> enhancements feature adds the following features:</p>
<ul>
<li>Fully supported <a href="https://docs.cloud.google.com/looker/docs/google-map-options#3d_heatmap">vector maps</a> for rendering thousands of data points seamlessly that support tilt, rotation, and dynamic 3D extrusions to elevate visual storytelling at every zoom level.</li>
<li><a href="https://docs.cloud.google.com/looker/docs/google-map-options#dual-axis_map">Dual-axis metric comparison</a> that lets you analyze multiple business metrics simultaneously on a single map interface, using heatmaps and points to uncover spatial correlations without switching views.</li>
<li><a href="https://docs.cloud.google.com/looker/docs/google-map-options#layers_menu_options">Contextual and custom overlays</a> that enhance geographical analysis by layering live traffic, transit, or bicycle routes, with granular styling controls for tailored iconography, colors, and sizing.</li>
</ul>
<h3>Feature</h3>
<p>The <a href="custom-looker-visualization-gemini">Visualization Assistant</a> is now available in the <a href="https://docs.cloud.google.com/looker/docs/editing-visualizations-new-explore-experience#using_the_visualization_assistant_in_the_new_explore_experience">new Explore experience</a>.</p>
<h3>Feature</h3>
<p>Now available in preview, the <a href="https://docs.cloud.google.com/looker/docs/admin-panel-general-preview-features#kpi_visualization"><strong>KPI Visualization</strong> feature</a> replaces the <strong>Single Value</strong> chart option with the <strong>KPI (Single Value)</strong> chart option. The new KPI (Single Value) chart option lets users access the following enhanced styling options for single value visualizations:</p>
<ul>
<li>Adding secondary visualizations: Users can add a sparkline or bar chart within a visualization to show trends or distributions that are related to the primary KPI.</li>
<li>Showing enhanced comparisons: Users can specify and compare a primary value against any other measure in an Explore query, using data from the first row, second row, last row, or totals row.</li>
<li>Accessing improved styling options: Users have more control over the appearance of the visualization, including the background color of the tile and the alignment of the values.
This feature is disabled by default. <a href="https://docs.cloud.google.com/looker/docs/kpi-single-value-options">Learn more about the new KPI (Single Value) Visualization</a>.</li>
</ul>
<h3>Change</h3>
<p>Looker dashboard agents are now included in the embedded Looker experience. Embed users with the <a href="https://docs.cloud.google.com/looker/docs/signed-embedding#permissions">appropriate permissions</a> can see dashboard agents on all the embedded dashboards that they have access to.</p>
<p><a href="https://docs.cloud.google.com/looker/docs/conversational-analytics-looker-embedding">Learn more about how to configure an embedded dashboard for embed user visibility</a>.</p>
<h3>Change</h3>
<p>The <a href="https://docs.cloud.google.com/looker/docs/admin-panel-general-preview-features#granular-dashboard-sizing">Granular Dashboard Sizing preview feature</a> is now enabled by default.</p>
<h3>Change</h3>
<p>Conversational Analytics data agents that are <a href="https://docs.cloud.google.com/looker/docs/conversational-analytics-looker-data-agents#publish-data-agents">published to Gemini Enterprise</a> now support visualizations in their conversations. <strong>Note</strong>: This feature is not yet available. This item was updated on July 9, 2026.</p>
<h3>Change</h3>
<p>The dashboard summary feature can now be enabled separately from dashboard data agents. This feature is disabled by default. When this feature is enabled, a <a href="https://docs.cloud.google.com/looker/docs/conversational-analytics-looker-data-agents-dashboards#dashboard-summaries">dashboard summary</a> is generated automatically at the top of the dashboard data agent conversation. To enable this feature, a Looker admin must turn on the <strong>Enable Dashboard Summary</strong> feature on the <strong>Gemini in Looker</strong> admin page.</p>
<p><strong>Note</strong>: This feature is not yet available. This item was updated on July 6, 2026.</p>
<h3>Breaking</h3>
<p>When you update the Gemini Enterprise instance that is connected to Looker, any <a href="https://docs.cloud.google.com/looker/docs/conversational-analytics-looker-data-agents#publish-data-agents">data agents that you published</a> to the previous Gemini Enterprise instance will be unpublished. You can still access these data agents in Looker, but you must re-publish them to the new Gemini Enterprise instance before you can chat with those agents in Gemini Enterprise.</p>
<h3>Feature</h3>
<p>Now available in preview, enhanced observability metrics, including engagement and token usage data, are available for Conversational Analytics on the <a href="https://docs.cloud.google.com/looker/docs/system-activity-dashboards#conversational-analytics">Conversational Analytics System Activity dashboard</a>. To enable this feature, a Looker admin must turn on the <strong>Conversational Analytics Observability</strong> setting on the <strong>Previews</strong> admin page.</p>
<p><strong>Note</strong>: The <strong>Conversational Analytics Observability</strong> preview feature is temporarily unavailable. You can still monitor Conversational Analytics engagement on the Conversational Analytics System Activity dashboard, but metrics on token usage are not available. This item was updated on June 29, 2026.</p>
<h2 class="release-note-product-title">Managed Service for Apache Spark</h2>
<h3>Breaking</h3>
<p><strong>Managed Service for Apache Spark</strong> (formerly Dataproc on Compute Engine):
The following new subminor image versions, <code>1.3.96</code>, <code>1.4.81</code>, <code>1.5.92</code>, <code>2.0.161</code>, and <code>2.3.32</code>,
don't have preconfigured Conda channels, and are not mapped to default aliases
(such as <code>2.3-debian12</code> and <code>2.3-ubuntu22</code>) until August 25, 2026.
The new 2.1 and 2.2 subminor images continue to have preconfigured Conda channels,
but note the following <strong>Default change schedule:</strong>, which will impact all supported
image versions.</p>
<ul>
<li><strong>Impact:</strong> When creating clusters with these image versions, specify the exact subminor version (for example, <code>2.3.32-debian12</code>). Packages cannot be installed using Conda unless channels are manually configured during cluster initialization.</li>
<li><strong>Mitigation:</strong> If your workloads require preconfigured Conda channels or default aliases, pin your clusters to the previous image versions.</li>
<li><strong>Default change schedule:</strong> The subminor versions <code>1.3.96</code>, <code>1.4.81</code>, <code>1.5.92</code>, and <code>2.0.161</code> will become default after August 25, 2026.
Additionally, newer subminor versions for <code>2.1</code>, <code>2.2</code>, and <code>2.3</code> released after August 25, 2026 will not have preconfigured Conda channels and will be mapped to default aliases.
All workloads must use new images after August 25, 2026
since the use of prior subminor versions with preconfigured Conda
channels will be disallowed.</li>
</ul>
<p><strong>You may need to delete and replace existing clusters</strong> After August 25, 2026,
existing clusters created with images that have preconfigured Conda channels
(even if cluster jobs don't use Conda to install packages) need to be deleted
and replaced with new
<a href="https://docs.cloud.google.com/managed-spark/docs/guides/create-cluster#creating_a_cloud_dataproc_cluster">clusters created</a>
or <a href="https://docs.cloud.google.com/managed-spark/docs/guides/recreate-cluster#recreate_and_update_a_cluster_2">recreated</a>
with images that don't have preconfigured Conda channels.</p>
<h3>Announcement</h3>
<p>New <a href="https://docs.cloud.google.com/managed-spark/docs/concepts/versioning/image-version-lists#supported-dataproc-image-versions"><strong>Managed Service for Apache Spark</strong> (formerly Dataproc on Compute Engine) subminor cluster image versions</a>:</p>
<ul>
<li>1.3.96-debian10, 1.3.96-ubuntu18</li>
<li>1.4.81-debian10, 1.4.81-ubuntu18</li>
<li>1.5.92-debian10, 1.5.92-rocky8, 1.5.92-ubuntu18</li>
<li>2.0.161-debian10, 2.0.161-rocky8, 2.0.161-ubuntu18</li>
<li>2.1.115-debian11, 2.1.115-rocky8, 2.1.115-ubuntu20, 2.1.115-ubuntu20-arm</li>
<li>2.1.116-debian11, 2.1.116-rocky8, 2.1.116-ubuntu20, 2.1.116-ubuntu20-arm</li>
<li>2.2.83-debian12, 2.2.83-rocky9, 2.2.83-ubuntu22, 2.2.83-ubuntu22-arm</li>
<li>2.2.84-debian12, 2.2.84-rocky9, 2.2.84-ubuntu22, 2.2.84-ubuntu22-arm</li>
<li>2.3.31-debian12, 2.3.31-ml-ubuntu22, 2.3.31-rocky9, 2.3.31-ubuntu22, 2.3.31-ubuntu22-arm</li>
<li>2.3.32-debian12, 2.3.32-ml-ubuntu22, 2.3.32-rocky9, 2.3.32-ubuntu22, 2.3.32-ubuntu22-arm</li>
</ul>
<h3>Announcement</h3>
<p><strong>Managed Service for Apache Spark</strong> (formerly Dataproc on Compute Engine):
Key updates in these image versions include:</p>
<ul>
<li><strong>Iceberg support</strong>: Added support for Iceberg 1.10 in Dataproc 2.3 images. This change only applies to 2.3 clusters created with the <code>ICEBERG</code> optional component. Users can opt-in to Iceberg 1.10 by setting the <code>dataproc:dataproc.iceberg.version</code> cluster property to <code>1.10</code> during cluster creation.</li>
<li><strong>Spark optimizations</strong>: Enabled Spark skewed-join and self-join optimizations by default in new GCE image versions.</li>
<li><strong>Scheduler exitTimeout</strong>: Configured <code>spark.scheduler.listenerbus.exitTimeout</code> to 30s for Compute Engine deployments.</li>
</ul>
<h2 class="release-note-product-title">Sensitive Data Protection</h2>
<h3>Change</h3>
<p>Image scanning is available in the following cloud regions:</p>
<ul>
<li><code>asia-southeast1</code></li>
<li><code>us-east4</code></li>
<li><code>us-west1</code></li>
</ul>
<p>For more information, see <a href="https://cloud.google.com/sensitive-data-protection/docs/locations#image-limitations">Locations that support image scanning</a>.</p>
<h3>Fixed</h3>
<p>Between July 2025 and June 2026, some <a href="https://docs.cloud.google.com/sensitive-data-protection/docs/metrics-reference#table-data-profile">table data
profiles</a> saved to BigQuery contained an incorrect
<code>1970-01-01</code> timestamp instead of <code>NULL</code> in <a href="https://docs.cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/organizations.locations.tableDataProfiles#TableDataProfile.FIELDS.expiration_time"><code>expiration_time</code></a>
for tables that don't expire. This issue has been fixed. New exports of table
data profiles show the correct expiration timestamps.</p>
<h2 class="release-note-product-title">Virtual Private Cloud</h2>
<h3>Feature</h3>
<p><strong>Preview</strong>: RoCE VPC networks for VM instances support assigning alias IP
ranges to <code>MRDMA</code> vNICs. For more information about these features, see the
following:</p>
<ul>
<li><a href="https://docs.cloud.google.com/vpc/docs/rdma-network-profiles">RDMA network profiles</a></li>
<li><a href="https://docs.cloud.google.com/vpc/docs/alias-ip">Alias IP ranges</a></li>
</ul>
]]>
    </content>
  </entry>

  <entry>
    <title>June 21, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_21_2026</id>
    <updated>2026-06-21T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_21_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Google SecOps</h2>
<h3>Announcement</h3>
<p><strong>Scheduled Maintenance</strong> </p>
<p>CloudSQL will undergo a scheduled minor upgrade this Sunday, June 21, 2026.</p>
<h2 class="release-note-product-title">Google SecOps SOAR</h2>
<h3>Announcement</h3>
<p>Release 6.3.90 is being rolled out to the first phase of regions as listed <a href="https://docs.cloud.google.com/chronicle/docs/soar/overview-and-introduction/soar-gradual-release">here</a>.</p>
<p>This release contains internal and customer bug fixes.</p>
<h3>Announcement</h3>
<p><strong>Scheduled Maintenance</strong> </p>
<p>CloudSQL will undergo a scheduled minor upgrade.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 20, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_20_2026</id>
    <updated>2026-06-20T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_20_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Cloud Shell</h2>
<h3>Change</h3>
<p>Cloud Shell no longer includes the Terraform CLI by default. Users can
<a href="https://docs.cloud.google.com/shell/docs/configuring-cloud-shell#environment_customization">customize their environment</a>
to install the CLI on environment startup, or
install the binary to their home directory to persist the install between
sessions.</p>
<h2 class="release-note-product-title">Google SecOps SOAR</h2>
<h3>Announcement</h3>
<p><a href="https://docs.cloud.google.com/chronicle/docs/soar/release-notes#June_14_2026">Release 6.3.89</a> is now available for all regions.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 19, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_19_2026</id>
    <updated>2026-06-19T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_19_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee hybrid</h2>
<h3>Announcement</h3>
<h3 id="v1166">v1.16.6</h3>
<p>On June 19, 2026 we released an updated version of the Apigee hybrid software, v1.16.6.</p>
<ul>
<li>For information on upgrading, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/upgrade">Upgrading Apigee hybrid to version v1.16.6</a>.</li>
<li>For information on new installations, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/big-picture">The big picture</a>.</li>
</ul>
<aside class="note"><strong>Note:</strong><span> This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see <a href="https://docs.cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images">Apigee release process</a>.</span></aside>
<h3>Feature</h3>
<p><strong>HAProxy PROXY-protocol support on Apigee ingress gateway</strong></p>
<p>In this release, you can opt into HAProxy PROXY-protocol parsing by setting the <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/config-prop-ref#ingressgateways-proxyprotocol-mode"><code>ingressGateways[].proxyProtocol.mode</code></a> property (with options <code>strict</code>, <code>permissive</code>, or <code>disable</code>) in your overrides configuration file. The property defaults to <code>disable</code>.</p>
<h3>Security</h3>
<p>Various security and CVE fixes are included in this release.</p>
<h2 class="release-note-product-title">Bare Metal Solution</h2>
<h3>Feature</h3>
<p>Bare Metal Solution supports using Privileged Access Manager to provide temporary elevated access to a user to perform the critical evict operation that permanently deletes a storage resource. For more information, see <a href="https://docs.cloud.google.com/bare-metal/docs/bms-delete-storage-volume-resources#evict-storage-volume">Evict a LUN or storage volume</a>.</p>
<h2 class="release-note-product-title">Bigtable</h2>
<h3>Feature</h3>
<p>You can use the Bigtable Studio explorer to search for all resources except for
authorized views and column families. For more information, see
<a href="https://docs.cloud.google.com/bigtable/docs/manage-data-using-console">Manage your data using Bigtable Studio</a>.</p>
<h2 class="release-note-product-title">Cloud SQL for MySQL</h2>
<h3>Change</h3>
<p>When you <a href="https://docs.cloud.google.com/sql/docs/mysql/migrate-xtrabackup-physical-file">migrate from Percona XtraBackup physical file to Cloud SQL for MySQL</a>,
you can now specify multiple data files in the <code>innodb_data_file_path</code>
parameter of your external server configuration. Also, you are no longer
required to use the default name for your data files.</p>
<h3>Change</h3>
<p>Cloud SQL for MySQL now supports multiple system tablespace files, allowing
<a href="https://docs.cloud.google.com/sql/docs/quotas#table_limit">system tablespace size</a> to grow larger than 16TB.</p>
<h2 class="release-note-product-title">Gemini</h2>
<h3>Other</h3>
<h3 id="bug_fixes_in_vs_code">Bug fixes in VS Code</h3>
<p>Various bug fixes and minor product enhancements.</p>
<h2 class="release-note-product-title">Secret Manager</h2>
<h3>Feature</h3>
<p>Secret Manager supports multi-region storage. You can choose between a single
region or a multi-region location when you create a regional secret in the
Google Cloud console.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/secret-manager/regional-secrets/create-regional-secret">Create a regional secret</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 18, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_18_2026</id>
    <updated>2026-06-18T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_18_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">API Gateway</h2>
<h3>Change</h3>
<p><strong>Update to the API Gateway runtime architecture</strong></p>
<p>The API Gateway runtime architecture is being updated to improve its integration
with Google Cloud Platform and its services.</p>
<p>This update does not affect existing API Gateway features.
However, be aware of the following differences:</p>
<ul>
<li><p>Status code changes for <strong>gRPC</strong> API Gateways
<table>
<tr>
<th>Error</th>
<th>New status code</th>
<th>Previous status code</th>
</tr>
<tr>
<td>Quota exceeded</td>
<td><code>ResourceExhausted</code></td>
<td><code>Unavailable</code>
</td></tr>
<tr>
<td>Invalid API key</td>
<td><code>InvalidArgument</code></td>
<td><code>InternalError</code></td>
</tr>
</table></p></li>
<li><p>For 4xx client-side quota failures, API Gateway will now reject requests
(fail closed). This applies to both <strong>gRPC</strong> and <strong>OpenAPI</strong> API Gateways.</p></li>
</ul>
<p>If you experience any other differences in behavior due to this update, contact <a href="https://cloud.google.com/support-hub">Google
Cloud Customer Care</a>.</p>
<p><strong>Note</strong>: Rollouts of this release to production instances might take up to 4 weeks to complete
across all Google Cloud zones. Your instances might not be updated until the rollout is complete.</p>
<h2 class="release-note-product-title">Agent Registry</h2>
<h3>Announcement</h3>
<p>Agent Registry is <a href="https://cloud.google.com/products#product-launch-stages">generally available (GA)</a>.</p>
<p>The following are features available in Agent Registry for the GA launch stage:</p>
<ul>
<li><strong>API v1 and client libraries:</strong> The <code>v1</code> version of the Agent Registry API is available. Cloud client libraries are available in C#, Go, Java, Node.js, PHP, Python, and Ruby.</li>
<li><strong>A2A v1 support:</strong> Agent Registry supports Agent-to-Agent (A2A) protocol version <code>1.0</code>, letting you explicitly declare transport endpoints and bindings inside the <code>supportedInterfaces</code> array, in addition to the existing <code>0.3</code> schema support.</li>
<li><strong>Terraform support:</strong> Terraform scripts for Application Default Credentials (ADC) have graduated to General Availability. You can use Terraform to configure and manage your agents, MCP servers, endpoints, and bindings.</li>
</ul>
<p><strong>Known limitations:</strong></p>
<ul>
<li><strong>Access Transparency and Access Approval:</strong> <a href="https://docs.cloud.google.com/assured-workloads/access-transparency/docs/overview">Access Transparency</a> logs, which provide visibility into when Google personnel access your content, and <a href="https://docs.cloud.google.com/assured-workloads/access-approval/docs/overview">Access Approval</a> controls aren't available for Agent Registry configurations.</li>
</ul>
<h2 class="release-note-product-title">Apigee X</h2>
<h3>Announcement</h3>
<p>On June 18th, 2026, we began maintenance updates of Apigee instances <a href="https://docs.cloud.google.com/apigee/docs/api-platform/system-administration/maintenance-windows">configured for maintenance windows</a>.</p>
<p>If you set a preferred window for maintenance for your instance, and your instance version is
below <strong>1-17-0-apigee-9</strong>, your instance will be updated to <strong>1-17-0-apigee-9</strong> within the
next seven to 21 days. A notification containing the expected date of upgrade will be sent within the next two business days.</p>
<aside class="note">Note: Instances that meet either of the following two criteria will <b>not</b> be updated:
<ul>
<li>Your instance has a DNS misconfiguration, as described in <a href="https://docs.cloud.google.com/apigee/docs/release/known-issues">Known Issue 445936920</a>.</li>
<li>Your instance uses an Apigee Java Library that has been removed, as described in <a href="https://docs.cloud.google.com/apigee/docs/release/release-notes#October_16_2025">Apigee release notes dated October 16, 2025</a>.</li>
</ul></aside>
<p>For more information on participating in scheduled maintenance windows, see <a href="https://docs.cloud.google.com/apigee/docs/api-platform/system-administration/maintenance">Maintenance overview</a> and <a href="https://docs.cloud.google.com/apigee/docs/api-platform/system-administration/maintenance-windows">Manage Apigee instance maintenance windows</a>.</p>
<h2 class="release-note-product-title">Backup and DR</h2>
<h3>Feature</h3>
<p>Backup vault support for Cloud SQL instances encrypted with customer-managed encryption keys (CMEK) is generally available (GA), providing immutable and indelible storage with enforced retention. For more information, see <a href="https://docs.cloud.google.com/backup-disaster-recovery/docs/cloud-console/sql/csql-backup">Back up Cloud SQL instances to a backup vault</a>.</p>
<h2 class="release-note-product-title">Cloud Logging</h2>
<h3>Change</h3>
<p>The Cloud Logging API adds support for the <code>ca</code> regional endpoint. For a
complete list of regional endpoints, see the
<a href="https://docs.cloud.google.com/logging/docs/reference/v2/rest?rep_location=global">REST reference pages</a>.</p>
<h2 class="release-note-product-title">Cloud SQL for MySQL</h2>
<h3>Feature</h3>
<p>Cloud SQL for MySQL now supports minor version
<a href="https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-46.html">8.0.46</a>.
To upgrade your existing instance to the new minor version, see
<a href="https://docs.cloud.google.com/sql/docs/mysql/upgrade-minor-db-version#manual-upgrade">Upgrade the database minor version</a>.</p>
<h2 class="release-note-product-title">Cloud SQL for PostgreSQL</h2>
<h3>Feature</h3>
<p>Cloud SQL is integrated with <a href="https://ai.google.dev/aistudio">Google AI Studio</a>
to help you build full-stack applications that use a
<a href="https://docs.cloud.google.com/sql/docs/postgres/ai-assisted-coding-and-cloud-sql#cloud-sql-configuration-in-starter-tier">Cloud SQL for PostgreSQL developer edition</a>
instance as the database. You can enter natural language
prompts in the Google AI Studio to build applications backed by Cloud SQL and
add features such as authentication, search, and persistent data storage.</p>
<p>For more information, see
<a href="https://docs.cloud.google.com/sql/docs/postgres/ai-assisted-coding-and-cloud-sql">Build vibe-coded applications using Google AI Studio and Cloud SQL</a>.</p>
<p>This feature is generally available (<a href="https://cloud.google.com/products#product-launch-stages">GA</a>).</p>
<h3>Feature</h3>
<p>The rollout of the following Cloud SQL for PostgreSQL
minor version and extension upgrades is complete:</p>
<p><strong>Minor versions</strong></p>
<ul>
<li>14.22 is upgraded to 14.23.</li>
<li>15.17 is upgraded to 15.18.</li>
<li>16.13 is upgraded to 16.14.</li>
<li>17.9 is upgraded to 17.10.</li>
<li>18.3 is upgraded to 18.4.</li>
</ul>
<p>The new maintenance version is <a href="https://docs.cloud.google.com/sql/docs/postgres/maintenance-changelog"><code>[PostgreSQL version].R20260319.07_04</code></a>.
To apply the new maintenance version, see
<a href="https://docs.cloud.google.com/sql/docs/postgres/self-service-maintenance">Perform self-service maintenance</a>.</p>
<h2 class="release-note-product-title">Cloud Trace</h2>
<h3>Feature</h3>
<p>You can collect, view, and analyze multimodal prompts and responses from
your agentic applications that use the LangGraph or Agent Development Kit (ADK)
frameworks. This feature is
<a href="https://cloud.google.com/products#product-launch-stages">generally available (GA)</a>.</p>
<ul>
<li><a href="https://docs.cloud.google.com/stackdriver/docs/instrumentation/ai-agent-overview">Instrument generative AI applications</a></li>
<li><a href="https://docs.cloud.google.com/trace/docs/collect-view-multimodal-prompts-responses">Collect and view multimodal prompts and responses</a></li>
</ul>
<h2 class="release-note-product-title">Cluster Toolkit</h2>
<h3>Feature</h3>
<p>Cluster Toolkit v1.94.0 is available. This release provides reservation
subblock support in the <code>nodeset</code> module for Slurm. This version also adds
<code>network_policy</code> as a variable in the <code>gke-cluster</code> module and loosens strict
Terraform version constraints across core and community modules. By moving to a
minimum version requirement, you can use newer versions of Terraform while
maintaining compatibility. For details, see the <a href="https://github.com/GoogleCloudPlatform/cluster-toolkit/discussions/5804">Release announcement on
GitHub</a>.</p>
<h2 class="release-note-product-title">Container Optimized OS</h2>
<h3>Change</h3>
<h3 id="cos-129-19506-224-49_">cos-129-19506-224-49 <a id='"cos-arm64-129-19506-224-49"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/fd31f7d8b65031d8f8a98c7aafc59c84a831dfc0
">COS-6.12.90</a></td>
<td>v27.5.1</td>
<td>v2.2.3</td>
<td><a href="https://storage.googleapis.com/cos-tools/19506.224.49/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Change</h3>
<p>Updated oslogin to v20260605.00.</p>
<h3>Fixed</h3>
<p>Upgraded app-admin/logrotate to v3.22.0-r1.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/less to v704.</p>
<h3>Security</h3>
<p>Fix CVE-2026-41567 in app-containers/docker.</p>
<h3>Security</h3>
<p>Fix CVE-2026-41568 in app-containers/docker.</p>
<h3>Security</h3>
<p>Fix CVE-2026-42306 in app-containers/docker.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46160 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46315 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46321 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46322 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46323 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-50195, CVE-2026-53488, CVE-2026-53492, CVE-2026-53489, and CVE-2026-47262 in app-containers/containerd.</p>
<h3>Change</h3>
<h3 id="cos-125-19216-395-109_">cos-125-19216-395-109 <a id='"cos-arm64-125-19216-395-109"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/1dd147644c2ffa2b98ed57056012bfed5c2d2190
">COS-6.12.85</a></td>
<td>v27.5.1</td>
<td>v2.1.7</td>
<td><a href="https://storage.googleapis.com/cos-tools/19216.395.109/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Change</h3>
<p>Updated oslogin to v20260605.00.</p>
<h3>Security</h3>
<p>Fix CVE-2026-41568 in app-containers/docker.</p>
<h3>Security</h3>
<p>Fix CVE-2026-415687 in app-containers/docker.</p>
<h3>Security</h3>
<p>Fix CVE-2026-42306 in app-containers/docker.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46315 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46321 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46322 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46323 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-50195, CVE-2026-53488, CVE-2026-53492, CVE-2026-53489, and CVE-2026-47262 in app-containers/containerd.</p>
<h3>Change</h3>
<p>Runtime sysctl changes:
<ul>
<li>Changed: net.ipv4.udp_mem: 188034   250715  376068 -&gt; 188034    250714  376068</li>
</ul></p>
<h3>Change</h3>
<h3 id="cos-117-18613-613-61_">cos-117-18613-613-61 <a id='"cos-arm64-117-18613-613-61"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/6baf9cd9b87dc7ebfbc0bf533cef571e4fbcf31e
">COS-6.6.137</a></td>
<td>v24.0.9</td>
<td>v1.7.31</td>
<td><a href="https://storage.googleapis.com/cos-tools/18613.613.61/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Change</h3>
<p>Updated oslogin to v20260605.00.</p>
<h3>Security</h3>
<p>Fix CVE-2026-41567 in app-containers/docker.</p>
<h3>Security</h3>
<p>Fix CVE-2026-41568 in app-containers/docker.</p>
<h3>Security</h3>
<p>Fix CVE-2026-42306 in app-containers/docker.</p>
<h3>Security</h3>
<p>Fixed CVE-2025-13462 in dev-lang/python.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46323 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-50195, CVE-2026-53488, CVE-2026-53492, CVE-2026-53489, and CVE-2026-47262 in app-containers/containerd.</p>
<h3>Change</h3>
<h3 id="cos-121-18867-381-183_">cos-121-18867-381-183 <a id='"cos-arm64-121-18867-381-183"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/0cf599aaec4ef39b7c8fddb48963b257e7b1e3c7
">COS-6.6.137</a></td>
<td>v27.5.1</td>
<td>v2.0.8</td>
<td><a href="https://storage.googleapis.com/cos-tools/18867.381.183/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Change</h3>
<p>Updated oslogin to v20260605.00.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46323 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-50195, CVE-2026-53488, CVE-2026-53492, CVE-2026-53489, and CVE-2026-47262 in app-containers/containerd.</p>
<h2 class="release-note-product-title">Data Studio</h2>
<h3>Feature</h3>
<p><strong>Viewer data refresh</strong></p>
<p>Report editors can now allow report viewers to manually refresh report data. When editors enable the new <strong>Viewer data refresh</strong> option in <a href="https://docs.cloud.google.com/data-studio/report-settings#viewer-data-refresh">report settings</a>, viewers can refresh data for a component by right clicking the component, or refresh data for a report by selecting the option in the three-dot menu.</p>
<h2 class="release-note-product-title">Gemini</h2>
<h3>Other</h3>
<h3 id="bug_fixes_in_intellij">Bug fixes in IntelliJ</h3>
<p>Various bug fixes and minor product enhancements.</p>
<h2 class="release-note-product-title">Gemini Enterprise</h2>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: Workflow agents (GA with allowlist)</strong></p>
<p>You can create, import, update, and use workflow agents in the Gemini Enterprise
web app. These agents are designed to execute a sequence of
steps or actions, which can include a mix of AI automation and human intervention, based on a
configured trigger.</p>
<p>This feature is available as a GA with allowlist. To access this feature,
contact your Google account manager. After your Google Cloud project is added to
the allowlist, a Gemini Enterprise administrator must turn on the <strong>Enable agent designer</strong>
toggle in the web app feature management settings to let users use it.</p>
<p>For more information, see:</p>
<ul>
<li><p><a href="https://docs.cloud.google.com/gemini/enterprise/docs/manage-web-app-features">Manage web app
features</a></p></li>
<li><p><a href="https://docs.cloud.google.com/gemini/enterprise/docs/agent-designer-eap/workflow-agents">Workflow agents</a>
(You need to be on the allowlist to access the page.)</p></li>
</ul>
<h2 class="release-note-product-title">Gemini Enterprise Agent Platform</h2>
<h3>Feature</h3>
<p><strong>Agent Gateway in General Availability</strong></p>
<p>Agent Gateway is the networking component of the Gemini
Enterprise Agent Platform ecosystem. It secures and governs connectivity for
all agentic interactions, whether they occur between users and agents,
agents and tools, or among agents themselves.</p>
<p>For details, see <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/govern/gateways/agent-gateway-overview">Agent Gateway
overview</a>.</p>
<h3>Feature</h3>
<p><strong>Agent Observability is generally available (GA)</strong></p>
<p>This release provides visibility into the performance, behavior, and health of deployed agents and Model Context Protocol (MCP) servers directly within the agent management workflow.</p>
<p>Key updates in this release include:</p>
<ul>
<li><strong>Default-On Tracing:</strong> OpenTelemetry tracing is now enabled by default for newly deployed Agent Development Kit (ADK) agents on Agent Engine, simplifying the observability setup process without requiring manual configuration.</li>
<li><strong>Storage Prioritization:</strong> Google Cloud Storage (GCS) is the default storage choice in the Google Cloud Console, instead of Cloud Logging. We recommend that you store your multimodal prompt and response payloads in a Cloud Storage (GCS) bucket. This solution provides robust support for large payloads and it enables fine-grained lifecycle management.</li>
<li><strong>Enhanced Tracing:</strong> Inspect step-by-step session execution and view directed acyclic graphs (DAGs) of trace spans.</li>
</ul>
<p>For more information, see the following:</p>
<ul>
<li><a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/optimize/observability/overview">Observability overview</a></li>
<li><a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/optimize/observability/traces">View agent traces</a></li>
<li><a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/scale/runtime/tracing">Set up tracing</a></li></ul>
<h3>Feature</h3>
<p><strong>Agent Registry is generally available (GA)</strong></p>
<p>Agent Registry is <a href="https://cloud.google.com/products#product-launch-stages">generally available (GA)</a>. Agent Registry is a centralized catalog for discovering and registering agents and Model Context Protocol (MCP) servers.</p>
<p>The following features are available in Agent Registry for the GA launch stage:</p>
<ul>
<li><strong>API v1 and client libraries:</strong> The <code>v1</code> version of the Agent Registry API is available. Cloud client libraries are available in C#, Go, Java, Node.js, PHP, Python, and Ruby.</li>
<li><strong>A2A v1 support:</strong> Agent Registry supports Agent-to-Agent (A2A) protocol version <code>1.0</code>, letting you explicitly declare transport endpoints and bindings inside the <code>supportedInterfaces</code> array, in addition to the existing <code>0.3</code> schema support.</li>
<li><strong>Terraform support:</strong> Terraform scripts for Application Default Credentials (ADC) have graduated to General Availability. You can use Terraform to configure and manage your agents, MCP servers, endpoints, and bindings.</li>
</ul>
<p><strong>Known limitations:</strong></p>
<ul>
<li><strong>Access Transparency and Access Approval:</strong> <a href="https://docs.cloud.google.com/assured-workloads/access-transparency/docs/overview">Access Transparency</a> logs, which provide visibility into when Google personnel access your content, and <a href="https://docs.cloud.google.com/assured-workloads/access-approval/docs/overview">Access Approval</a> controls aren't available for Agent Registry configurations.</li>
<li><strong>Data Residency:</strong> If you configure the <a href="https://docs.cloud.google.com/organization-policy/restrict-locations">resource location constraint</a> in your organization policy, Agent Registry enforces the constraint when you register a resource. However, detective controls for data residency compliance reporting are limited.</li>
</ul>
<p>For more information, see the <a href="https://docs.cloud.google.com/agent-registry/overview">Agent Registry overview</a>.</p>
<h3>Feature</h3>
<p>The Agent Identity API (<code>agentidentity.googleapis.com</code>) is
available in <a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.
This new API replaces the legacy IAM Connectors API
(<code>iamconnectors.googleapis.com</code>) for managing auth providers and agent
identities.</p>
<p>During the preview migration period, both APIs operate side-by-side. Existing
auth providers are automatically mirrored to the new V2 resource hierarchy
(<code>authProviders/</code>), allowing you to migrate your IAM policies, agent code, and
client applications without downtime.</p>
<h2 class="release-note-product-title">Identity and Access Management</h2>
<h3>Feature</h3>
<p>The Agent Identity API (<code>agentidentity.googleapis.com</code>) is
available in <a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.
This new API replaces the legacy IAM Connectors API
(<code>iamconnectors.googleapis.com</code>) for managing auth providers and agent
identities.</p>
<p>During the preview migration period, both APIs operate side-by-side. Existing
auth providers are automatically mirrored to the new V2 resource hierarchy
(<code>authProviders/</code>), allowing you to migrate your IAM policies,
agent code, and client applications without downtime.</p>
<h2 class="release-note-product-title">Oracle Database@Google Cloud</h2>
<h3>Feature</h3>
<p>For Exadata Database Service on Exascale infrastructure and Base Database Service, Oracle Database@Google Cloud adds region <code>asia-northeast2</code> (Osaka, Japan).</p>
<p>For a list of supported locations, see <a href="https://docs.cloud.google.com/oracle/database/docs/regions-and-zones">Supported regions and zones</a>.</p>
<h2 class="release-note-product-title">Secret Manager</h2>
<h3>Feature</h3>
<p>Secret Manager is available in the following multi-regions:</p>
<ul>
<li>United States (<code>us</code>)</li>
<li>European Union (<code>eu</code>)</li>
<li>Canada (<code>ca</code>)</li>
<li>India (<code>in</code>)</li>
</ul>
<p>For more information, see
<a href="https://docs.cloud.google.com/secret-manager/docs/locations#location-mr">Secret Manager locations</a>.</p>
<h2 class="release-note-product-title">Security Command Center</h2>
<h3>Feature</h3>
<p>Security Command Center External Exposure is available in
<a href="https://cloud.google.com/products#product-launch-stages">Preview</a> for the
Security Command Center Premium tier. The service helps you manage and reduce your external
attack surface through automated asset discovery, Google Cloud network exposure
path validation, and active exploitability testing.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/security-command-center/docs/detect-external-exposure">Detect exposed
resources</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 17, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_17_2026</id>
    <updated>2026-06-17T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_17_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Agent Assist</h2>
<h3>Feature</h3>
<p>Agent Assist offers the following <a href="https://docs.cloud.google.com/agent-assist/docs/aaforsalesforce-setup">UI module integrations with Agent Assist for Salesforce</a>:</p>
<ul>
<li><a href="https://docs.cloud.google.com/agent-assist/docs/aaforsalesforce-chat">Chat</a></li>
<li><a href="https://docs.cloud.google.com/agent-assist/docs/aaforsalesforce-voice-twilio">Voice with Twilio Flex</a></li>
<li><a href="https://docs.cloud.google.com/agent-assist/docs/aaforsalesforce-voice-nice">Voice with Nice CXone</a></li>
<li><a href="https://docs.cloud.google.com/agent-assist/docs/aaforsalesforce-voice-genesys">Voice with Genesys CX Cloud</a></li>
</ul>
<h2 class="release-note-product-title">BigQuery</h2>
<h3>Feature</h3>
<p>You can enable <a href="https://docs.cloud.google.com/bigquery/docs/autonomous-embedding-generation">autonomous embedding
generation</a> on new or existing
tables that you make with the <a href="https://docs.cloud.google.com/bigquery/docs/autonomous-embedding-generation#create_an_automatically_generated_embedding_column"><code>CREATE
TABLE</code></a>
or <a href="https://docs.cloud.google.com/bigquery/docs/autonomous-embedding-generation#add_an_automatically_generated_embedding_column_to_an_existing_table"><code>ALTER
TABLE</code></a>
statements. When you do this, BigQuery maintains a column of embeddings on the
table based on a source column. When you add or modify data in the source
column, BigQuery automatically generates or updates the embedding column for
that data.</p>
<p>This feature is
<a href="https://cloud.google.com/products#product-launch-stages">generally available</a>
(GA).</p>
<h2 class="release-note-product-title">Cloud Billing</h2>
<h3>Feature</h3>
<p><strong>CUD dashboard redesign available (preview)</strong></p>
<p>The redesigned CUD dashboard is available in the Billing section of the
Google Cloud console. It provides a consolidated view of all your resource-based
and spend-based CUDs in a single place. The new design improves usability and
scalability, helping you find information faster.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/billing/docs/how-to/cuds-list-overview">View your commitments</a>.</p>
<h2 class="release-note-product-title">Cloud Storage</h2>
<h3>Feature</h3>
<p>When you <a href="https://docs.cloud.google.com/storage/docs/composing-objects">create composite objects</a>, you can
delete the temporary source objects as part of the composition process.</p>
<h2 class="release-note-product-title">Gemini Enterprise</h2>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: Create and manage skills (GA with allowlist)</strong></p>
<p>You can create, import, update, and use skills in the Gemini Enterprise
web app. Skills are reusable custom instructions that help the assistant
perform specific tasks.</p>
<p>This feature is available as a GA with allowlist. To access this feature,
contact your Google account manager. After your Google Cloud project is added to
the allowlist, a Gemini Enterprise administrator must turn on the <strong>Enable skills</strong>
toggle in the web app feature management settings to let users use it.</p>
<aside class="note"><strong>Note:</strong><span> There is a correction to this release note regarding the <strong>Enable
skills</strong> toggle. See <a href="https://docs.cloud.google.com/gemini/enterprise/docs/release-notes#July_09_2026">July 09,
2026</a>.</span></aside>
<p>For more information, see:</p>
<ul>
<li><p><a href="https://docs.cloud.google.com/gemini/enterprise/docs/manage-web-app-features">Manage web app
features</a>.</p></li>
<li><p><a href="https://docs.cloud.google.com/gemini/enterprise/docs/skills">Create and manage
skills</a> (You need to be on the allowlist to access the page.)</p></li>
</ul>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: Gemini Enterprise app for Slack</strong></p>
<p>Gemini Enterprise administrators can integrate Gemini Enterprise with Slack to
deliver AI-powered answers and search directly to users in their Slack
workspace. Once integrated, users can interact with Gemini Enterprise through
direct messages and slash commands to receive answers that
incorporate data from all connected data stores.</p>
<p>This feature is generally available (GA). For more information, see
<a href="https://docs.cloud.google.com/gemini/enterprise/docs/configure-slack-app">Configure the Gemini Enterprise app for
Slack</a>.</p>
<h2 class="release-note-product-title">Gemini Enterprise Agent Platform</h2>
<h3>Feature</h3>
<p><strong>Memory Bank and Sessions global and multi-regional endpoints GA</strong></p>
<p>Memory Bank and Sessions support for multi-regional and global endpoints is now
in General Availability (GA). For more information, see
<a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/resources/agent-locations#multi-regional-and-global-endpoints">Supported locations for agents</a>. Note that
Customer-Managed Encryption Keys (CMEK) cannot be used if your Memory Bank
or Sessions instance is configured to use the global endpoint.</p>
<h2 class="release-note-product-title">Google Distributed Cloud (software only) for VMware</h2>
<h3>Announcement</h3>
<p>We are experiencing a delay preventing patch releases for GDC software
only for VMware. We are working diligently to resolve this issue. We will post
updates here with more information as it becomes available.</p>
<h2 class="release-note-product-title">Google SecOps</h2>
<h3>Change</h3>
<p><strong>Auto-collapse setting for the query editor</strong></p>
<p>You can now configure the query editor to automatically collapse after you run
a search, maximizing the screen space available for viewing your search results.
By default, the query editor remains expanded.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/chronicle/docs/investigation/udm-search#CollapsequeryEditor">Configure query editor behavior</a>.</p>
<h2 class="release-note-product-title">Google SecOps Marketplace</h2>
<h3>Feature</h3>
<p><strong>Secret Manager</strong>: Version 1.0</p>
<ul>
<li>New <strong>Secret Manager</strong> integration.</li>
</ul>
<h3>Change</h3>
<p>Source code is now publicly available on <a href="https://github.com/chronicle/content-hub">GitHub</a>
for the following integrations:</p>
<ul>
<li><p><strong>AlienVault USM Appliance</strong>: Version 29.0</p></li>
<li><p><strong>AlienVaultTI</strong>: Version 15.0</p></li>
<li><p><strong>Arcsight</strong>: Version 46.0</p></li>
<li><p><strong>Axonius</strong>: Version 8.0</p></li>
<li><p><strong>BMC Helix Remedyforce</strong>: Version 18.0</p></li>
<li><p><strong>Cisco AMP</strong>: Version 24.0</p></li>
<li><p><strong>EasyVista</strong>: Version 8.0</p></li>
<li><p><strong>Mandiant</strong>: Version 10.0</p></li>
<li><p><strong>Office 365 Management API</strong>: Version 11.0</p></li>
<li><p><strong>SCCM</strong>: Version 22.0</p></li>
<li><p><strong>SonicWall-Beta</strong>: Version 9.0</p></li>
<li><p><strong>Stellar Cyber Starlight</strong>: Version 19.0</p></li>
<li><p><strong>Symantec Email Security.Cloud</strong>: Version 6.0</p></li>
<li><p><strong>Twilio</strong>: Version 16.0</p></li>
<li><p><strong>XForce</strong>: Version 20.0</p></li>
<li><p><strong>Zabbix</strong>: Version 17.0</p></li>
</ul>
<h3>Change</h3>
<p><strong>Google Chronicle</strong>: Version 86.0</p>
<ul>
<li><p>Fixed an issue where the connector would idle or hang on heartbeats instead of 
breaking early when <code>nextPageToken</code> or <code>nextPageStartTime</code> is received, and 
updated ontology mapping in the following connector:</p>
<ul>
<li><strong>Chronicle Alerts Connector</strong></li>
</ul></li>
</ul>
<h3>Change</h3>
<p><strong>Palo Alto Cortex XDR</strong>: Version 29.0</p>
<ul>
<li><p>Updated host name extraction logic in the raw payload in the following 
connector:</p>
<ul>
<li><strong>Palo Alto Cortex XDR Connector</strong></li>
</ul></li>
</ul>
<h2 class="release-note-product-title">Google SecOps SIEM</h2>
<h3>Change</h3>
<p><strong>Auto-collapse setting for the query editor</strong></p>
<p>You can now configure the query editor to automatically collapse after you run
a search, maximizing the screen space available for viewing your search results.
By default, the query editor remains expanded.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/chronicle/docs/investigation/udm-search#CollapsequeryEditor">Configure query editor behavior</a>.</p>
<h2 class="release-note-product-title">Memorystore for Redis</h2>
<h3>Feature</h3>
<p>Memorystore for Redis supports the <a href="https://docs.cloud.google.com/products#product-launch-stages">General Availability</a>
of the following health issues:</p>
<ul>
<li><a href="https://docs.cloud.google.com/memorystore/docs/redis/expensive-commands"><strong>Expensive commands</strong></a>:
resolve performance issues that are associated with using Redis commands that
are resource-intensive (expensive).</li>
<li><a href="https://docs.cloud.google.com/memorystore/docs/redis/high-resource-utilization"><strong>High resource utilization</strong></a>:
resolve issues that are associated with instances not performing optimally.</li>
<li><a href="https://docs.cloud.google.com/memorystore/docs/redis/maintenance-policy-not-set"><strong>Maintenance policy not set</strong></a>:
check whether users set maintenance windows for instances. If there's an optimal
time slot for the maintenance windows when there's low traffic, then the health
issue provides this slot.</li>
</ul>
<h2 class="release-note-product-title">Service Extensions</h2>
<h3>Feature</h3>
<p>Support for the <a href="https://docs.cloud.google.com/service-extensions/docs/callouts-overview#ext-authz"><code>ext_authz</code> Envoy gRPC API
protocol</a>
is now <a href="https://cloud.google.com/products#product-launch-stages">generally available
(GA)</a> for regional
external Application Load Balancers and regional internal
Application Load Balancers.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 16, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_16_2026</id>
    <updated>2026-06-16T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_16_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">AlloyDB for PostgreSQL</h2>
<h3>Feature</h3>
<p>AlloyDB integration with Knowledge Catalog is now generally available (<a href="https://cloud.google.com/products#product-launch-stages">GA</a>).</p>
<p>This integration provides a unified metadata view to simplify data governance and analysis. It includes near real-time synchronization and expanded metadata details, like primary and foreign keys.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/alloydb/docs/knowledge-catalog-integration">Integrate AlloyDB with Knowledge Catalog</a>.</p>
<h2 class="release-note-product-title">Apigee hybrid</h2>
<h3>Announcement</h3>
<h3 id="v1146">v1.14.6</h3>
<p>On June 16, 2026 we released an updated version of the Apigee hybrid software, v1.14.6.</p>
<ul>
<li>For information on upgrading, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.14/upgrade">Upgrading Apigee hybrid to version v1.14.6</a>.</li>
<li>For information on new installations, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.14/big-picture">The big picture</a>.</li>
</ul>
<aside class="note"><strong>Note:</strong><span> This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see <a href="https://docs.cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images">Apigee release process</a>.</span></aside>
<h3>Security</h3>
<p>Various security and CVE fixes are included in this release.</p>
<h2 class="release-note-product-title">BigQuery</h2>
<h3>Announcement</h3>
<p>Table Explorer behavior is moving to the <strong>Reference</strong> panel. This transition
will occur in July 2026 or later. For more information, see
<a href="https://docs.cloud.google.com/bigquery/docs/table-explorer">Table Explorer</a>.</p>
<h2 class="release-note-product-title">Cloud SQL for PostgreSQL</h2>
<h3>Feature</h3>
<p>QueryData adds support for parameterized secure views (PSVs) to help secure
applications that use natural language queries. For more information, see <a href="https://docs.cloud.google.com/sql/docs/postgres/secure-app-data-parameterized-secure-views-qd">Secure
and control access to application data</a>.</p>
<p>This feature is in <a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<h2 class="release-note-product-title">Compute Engine</h2>
<h3>Change</h3>
<p>For resource-based committed use discounts (CUDs), the default value of CUD
scope for most Cloud Billing accounts has changed from <strong>Project</strong> to
<strong>Billing account</strong>. If the CUD scope is set to <strong>Billing account</strong>, then
resource-based CUDs from a commitment are shared across all projects in that
account. If the CUD scope is set to <strong>Project</strong>, then resource-based CUDs from a
commitment are available to only the project in which you purchased that
commitment.</p>
<p>Depending on the Cloud Billing account's creation date and the active
commitments in that account, this change applies in the following way:</p>
<ul>
<li><strong>Cloud Billing accounts created on or after June 16, 2026</strong>: The
CUD scope is <strong>Billing account</strong> (CUD sharing enabled) by default.</li>
<li><strong>Cloud Billing accounts created before June 16, 2026</strong>:
<ul>
<li>If the account has <strong>no active resource-based commitments</strong> on
June 16, 2026, then the CUD scope has changed to <strong>Billing account</strong>
(CUD sharing enabled).</li>
<li>If the account has <strong>any active resource-based commitments</strong> on June 16,
2026, then the CUD scope remains unchanged and Google Cloud continues
to use your existing configuration.</li>
</ul></li>
</ul>
<p>For more information, see
<a href="https://docs.cloud.google.com/compute/docs/committed-use-discounts/share-resource-cuds-across-projects#cud-scope-configuration">Share resource-based CUDs across projects</a>.</p>
<h2 class="release-note-product-title">Confidential VM</h2>
<h3>Feature</h3>
<p>Support for the accelerator-optimized
<a href="https://docs.cloud.google.com/compute/docs/accelerator-optimized-machines#g4-vms">g4-standard-48 machine type</a>
for securely running AI and ML workloads is available in
<a href="https://cloud.google.com/products#product-launch-stages">Preview</a>, with the
following specifications:</p>
<ul>
<li>5th Generation AMD EPYC Turin processor</li>
<li>AMD SEV</li>
<li>1 NVIDIA RTX PRO 6000 GPU</li>
</ul>
<h2 class="release-note-product-title">Dataflow</h2>
<h3>Feature</h3>
<p>Dataflow now supports NVIDIA RTX Pro 6000 GPUs. You can use this
GPU model to run your Apache Beam pipelines on Dataflow. RTX
Pro 6000 GPUs are recommended for large, medium, and small model inference
workloads. To configure your workers with this GPU model, set the accelerator
type to <code>nvidia-rtx-pro-6000</code>. For more information, see <a href="https://docs.cloud.google.com/dataflow/docs/gpu/gpu-support">Dataflow
support for GPUs</a>.</p>
<h2 class="release-note-product-title">Gemini Enterprise</h2>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: ServiceNow data store actions and federation</strong></p>
<p>The ServiceNow data store supports federation and assistant actions in
Gemini Enterprise.</p>
<p>You can connect a ServiceNow site to search and read incidents, change
requests, tasks, and knowledge base articles using natural language. You
can also perform actions, such as creating and updating incidents,
directly from the Gemini Enterprise app.</p>
<p>This feature is generally available (GA). For more information, see
<a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/servicenow">Connect ServiceNow</a>.</p>
<h2 class="release-note-product-title">Google Distributed Cloud (software only) for bare metal</h2>
<h3>Announcement</h3>
<p>Google Distributed Cloud (software only) for bare metal 1.35.200-gke.66 is now available for
download. To upgrade, see <a href="how-to/upgrade">Upgrade clusters</a>.
Google Distributed Cloud for bare metal
1.35.200-gke.66 runs on Kubernetes v1.35.3-gke.400.</p>
<p>After a release, it takes approximately 7 to 14 days for the version to become
available for installations or upgrades with the GKE On-Prem API clients: the
Google Cloud console, the gcloud CLI, and Terraform.</p>
<p>If you use a third-party storage vendor, check the Google Distributed Cloud-ready
storage partners document to make sure the storage vendor has already passed the
qualification for this release of Google Distributed Cloud for bare metal.</p>
<h3>Fixed</h3>
<p>The following issues were fixed in 1.35.200-gke.66:</p>
<ul>
<li>Fixed vulnerabilities listed in <a href="https://docs.cloud.google.com/kubernetes-engine/distributed-cloud/bare-metal/docs/vulnerabilities">Vulnerability fixes</a>.</li>
<li>Fixed an issue where a transient or partial failure during node pool updates
could cause node taints or labels to become permanently stuck (stranded) on
worker nodes, even after you removed them from the NodePool custom resource
specification.
</li>
<li>Fixed an issue where, during the machine initialization phase, the
<code>etcd-events</code> pod read the stale data directory when it started
and attempted to reuse the old member ID to rejoin the cluster instead of the
new one. Trying to use the old member ID to rejoin the cluster resulted in an
infinite retry loop and caused the cluster to reject the connection. The fix
ensures the <code>/var/lib/etcd-events</code> directory is
cleared upon failure, and adds retry logic to <code>kubeadm-reset</code> to improve resiliency against transient API errors.
</li>
<li>Fixed an issue where, when enabling or updating etcd encryption, the API
server was terminated abruptly, causing transient connection timeouts or
failures for in-cluster workloads for up to five minutes.
</li>
<li>Fixed an issue where, during control plane certificate rotation or etcd
encryption updates, the installer stalled for three minutes per control plane node
while waiting for the local API server to restart, causing nodes to temporarily
report an Unknown status and triggering transient routing disruptions (such as
503 Service Unavailable or ImagePullBackOff errors) for workloads scheduled on
those nodes.</li></ul>
<h2 class="release-note-product-title">Google SecOps</h2>
<h3>Announcement</h3>
<p><strong>New Documentation changelogs</strong></p>
<p>Google SecOps is now releasing a monthly changelog to capture major documentation updates.</p>
<p>For more information, refer to <a href="https://docs.cloud.google.com/chronicle/docs/changelogs/changelogs">Documentation changelog</a>.</p>
<h2 class="release-note-product-title">Google SecOps SIEM</h2>
<h3>Announcement</h3>
<p><strong>New Documentation changelogs</strong></p>
<p>Google SecOps is now releasing a monthly changelog to capture major documentation updates.</p>
<p>For more information, refer to <a href="https://docs.cloud.google.com/chronicle/docs/changelogs/changelogs">Documentation changelog</a>.</p>
<h2 class="release-note-product-title">Google SecOps SOAR</h2>
<h3>Announcement</h3>
<p><strong>New Documentation changelogs</strong></p>
<p>Google SecOps is now releasing a monthly changelog to capture major documentation updates.</p>
<p>For more information, refer to <a href="https://docs.cloud.google.com/chronicle/docs/changelogs/changelogs">Documentation changelog</a>.</p>
<h2 class="release-note-product-title">Managed Service for Apache Spark</h2>
<h3>Announcement</h3>
<p><strong>Managed Service for Apache Spark</strong> (formerly Dataproc on Compute Engine): Rollout of the <a href="https://docs.cloud.google.com/dataproc/docs/concepts/versioning/dataproc-version-clusters#supported-dataproc-image-versions">new sub-minor versions without pre-configured channels</a> will begin on June 22, 2026, delayed from the previously planned date of June 15, 2026 ETA.</p>
<h2 class="release-note-product-title">Secure Web Proxy</h2>
<h3>Feature</h3>
<p>You can now use <a href="https://docs.cloud.google.com/secure-web-proxy/docs/policies-and-rules-overview#authorization-policies">authorization
policies</a>
to perform identity-based and content-based access control checks when
processing outbound traffic requests through Secure Web Proxy.</p>
<p>By <a href="https://docs.cloud.google.com/secure-web-proxy/docs/setup-authz-policies">configuring authorization
policies</a>, you can set rules for
your workloads to access external destinations. You can also use these
authorization policies to delegate complex authorization decisions to identity
and content-scanning services like Service Extensions. This feature is
supported in <a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<h3>Feature</h3>
<p>You can <a href="https://docs.cloud.google.com/secure-web-proxy/docs/use-frontend-mtls-with-swp">integrate frontend mutual TLS (mTLS) with
Secure Web Proxy</a> to boost
the security of your applications and workloads.</p>
<p>With this integration, you can use validated client identities in
Secure Web Proxy <a href="https://docs.cloud.google.com/secure-web-proxy/docs/policies-and-rules-overview#authorization-policies">authorization
policies</a>
to enforce granular access control for outbound traffic. This feature is
supported in <a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 15, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_15_2026</id>
    <updated>2026-06-15T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_15_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">AI Hypercomputer</h2>
<h3>Feature</h3>
<p><strong>Preview</strong>: Before you create Spot VMs, you can view the real-time
availability, estimated uptime, historical preemption rate, and pricing for a
specific machine type and location. This information helps you maximize the
chances of successfully creating Spot VMs and choose the
configuration that best fits your workload needs and budget. For more
information, see <a href="https://docs.cloud.google.com/ai-hypercomputer/docs/consumption-models#spot">Use Spot</a>.</p>
<h2 class="release-note-product-title">AlloyDB for PostgreSQL</h2>
<h3>Feature</h3>
<p>The Database Insights remote Model Context Protocol (MCP) server now supports
the following advanced query insights tools for AlloyDB for PostgreSQL:</p>
<ul>
<li><code>get_advanced_aggregated_query_stats</code></li>
<li><code>get_advanced_aggregated_wait_event_stats</code></li>
<li><code>get_advanced_time_series_query_stats</code></li>
<li><code>get_advanced_time_series_wait_event_stats</code></li>
<li><code>get_index_recommendations</code></li>
</ul>
<p>For more information, see <a href="https://docs.cloud.google.com/alloydb/docs/reference/mcp/databaseinsights/mcp/index">Database Insights remote MCP server</a>.</p>
<h3>Feature</h3>
<p>You can publish an <a href="https://docs.cloud.google.com/gemini/data-agents/conversational-analytics/alloydb/create-data-agents#publish-agent-gemini-enterprise">AlloyDB for PostgreSQL conversational analytics agent in
Gemini Enterprise</a>.
This feature is in
<a href="https://cloud.google.com/products/#product-launch-stages">Preview</a>.</p>
<h2 class="release-note-product-title">Anti Money Laundering AI</h2>
<h3>Announcement</h3>
<p>New minor engine versions released for the commercial line of business within the <code>v004.009</code> and <code>v004.010</code> version lines. These versions extend support for the major engine version and include no significant changes compared to the previous minor versions.</p>
<h2 class="release-note-product-title">BigQuery</h2>
<h3>Feature</h3>
<p>Use Gemini Cloud Assist to analyze your SQL queries and receive
recommendations to <a href="https://docs.cloud.google.com/bigquery/docs/use-cloud-assist#optimize-query">optimize query performance in BigQuery</a>.
This feature is available to customers who use BigQuery editions.
This feature is in
<a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<h3>Issue</h3>
<p>Support for configuring daily token quotas for BigQuery generative AI
functions has been temporarily disabled. We are working to restore this
feature as soon as possible.</p>
<h3>Feature</h3>
<p>You can resize the width of table columns in BigQuery Studio for
BigQuery listings such as datasets, repositories, job history,
and connections. To resize a column, hover over the column divider and drag it
to your preferred width.</p>
<h3>Feature</h3>
<p>You can use Gemini Code Assist directly within the BigQuery <strong>Jobs explorer</strong>,
<strong>Job details</strong>, <strong>Job history</strong>, and <strong>Capacity management</strong> pages to help you
troubleshoot and analyze performance issues. For more information, see
<a href="https://docs.cloud.google.com/bigquery/docs/admin-jobs-explorer#get-job-details">Troubleshoot job
performance</a>. This feature
is in <a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<h2 class="release-note-product-title">Blockchain Node Engine</h2>
<h3>Announcement</h3>
<p><strong>Limited support for Blockchain Node Engine</strong></p>
<p>Starting June 15, 2026, Blockchain Node Engine will enter a period of limited support.</p>
<ul>
<li><p>New node creation in Blockchain Node Engine and provisioning of new Blockchain RPC endpoints will be disabled.</p></li>
<li><p>Existing nodes and endpoints will continue to function and receive critical updates until the final shutdown date.</p></li>
<li><p>We recommend migrating your workloads to our partner, <a href="https://www.quicknode.com/gcp-node-migration"><strong>Quicknode</strong></a>, to avoid service disruption.</p></li>
</ul>
<p>For more information, see the <a href="https://docs.cloud.google.com/blockchain-node-engine/docs/migrate-to-quicknode.md">migration guide</a>.</p>
<h2 class="release-note-product-title">Cloud Billing</h2>
<h3>Feature</h3>
<p><strong>New filters and group-by options available in Cloud Billing Reports</strong></p>
<p>Cloud Billing has added two <strong>filters</strong> to the <strong>Billing Reports</strong>
page to help you analyze and understand your costs:</p>
<ul>
<li><p><strong>Products</strong>: Google Cloud
<a href="https://docs.cloud.google.com/billing/docs/how-to/reports#filter-by-products">Products</a>
consist of a group of SKUs (potentially from more than one
<a href="https://docs.cloud.google.com/billing/docs/how-to/reports#filter-by-services">Google Cloud <em>Service</em></a>)
that work together and are sold as a single service, sometimes referred to as
a <em>logical</em> product family or a subscription service. Examples include
Gemini Enterprise and Firebase App Hosting.</p></li>
<li><p><strong>Originating services</strong>: An
<a href="https://docs.cloud.google.com/billing/docs/how-to/reports#filter-by-orig-services">Originating service</a>
is a Google Cloud service that causes usage in another service. For
example, Google Kubernetes Engine (GKE) can cause usage in Compute Engine. In
this use case, when you are viewing the Compute Engine usage and
costs, GKE is an originating service when it causes usage
in Compute Engine.</p></li>
</ul>
<p>You can also
<a href="https://docs.cloud.google.com/billing/docs/how-to/reports#group-by"><strong>Group by</strong></a> the new filters, to
summarize your costs by the dimension you select.</p>
<ul>
<li><strong>Product</strong>: When you
<a href="https://docs.cloud.google.com/billing/docs/how-to/reports#group-by-product">group by <em>Product</em></a>,
the Report shows your costs and savings summarized by Product.</li>
<li><strong>Originating service &gt; Service</strong>: When you
<a href="https://docs.cloud.google.com/billing/docs/how-to/reports#group-by-orig-service">group by <em>Originating service &gt; Service</em></a>,
the Report shows your costs and savings summarized by Originating service.
In the <strong>report table</strong>, you can expand each row for an <em>Originating service</em>
to see your costs summarized by each <em>Service</em> that is associated with the
<em>Originating service</em>.</li>
</ul>
<p>Learn more about <a href="https://docs.cloud.google.com/billing/docs/how-to/reports">analyzing billing data and cost trends with Reports</a>.</p>
<p>Learn how to <a href="https://docs.cloud.google.com/billing/docs/how-to/reports/gemini-enterprise-costs">view Gemini Enterprise costs in Cloud Billing reports</a>.</p>
<h2 class="release-note-product-title">Cloud Deploy</h2>
<h3>Change</h3>
<p>The Cloud Deploy image now uses Kubectl Kustomize.</p>
<p>By default, Cloud Deploy now uses the
<a href="https://kubernetes.io/docs/reference/kubectl/generated/kubectl_kustomize/">Kustomize built into kubectl</a>.
Previously, the default version of Kustomize was the version embedded in the
Cloud Deploy image. Now it's the version used by kubectl.</p>
<p>You can still use kustomize directly (not through kubectl) by specifying the
kustomize version when you create a release.</p>
<h2 class="release-note-product-title">Cloud Service Mesh</h2>
<h3>Feature</h3>
<p>The <a href="https://docs.cloud.google.com/service-mesh/docs/data-plane-extensibility#typegoogleapiscomenvoyextensionsfiltershttpcompressorv3compressor">Envoy Compressor Filter</a>
is now GA in the rapid release channel.</p>
<p>To ensure your <code>EnvoyFilter</code> compressor configuration is fully supported, see
<a href="https://docs.cloud.google.com/service-mesh/docs/migrate/modernize-envoyfilter-compressor">Modernize EnvoyFilter compressor configurations</a>.</p>
<h2 class="release-note-product-title">Compute Engine</h2>
<h3>Feature</h3>
<p><strong>Preview</strong>: Before you create Spot VMs, you can view the following
  information for a specific machine type and location:</p>
<ul>
<li><p><strong>You can view the real-time obtainability and estimated uptime</strong>. This
information helps you maximize your chances of successfully creating
Spot VMs, as well as help ensure that your workload starts
and runs efficiently.</p></li>
<li><p><strong>You can view historical and current preemption rate and pricing</strong>. This
information helps you compare and choose the configuration that best fits
your workload needs and budget.</p></li>
</ul>
<p>For more information, see
<a href="https://docs.cloud.google.com/compute/docs/instances/view-vm-availability">View the availability of Spot VMs</a>
and
<a href="https://docs.cloud.google.com/compute/docs/instances/view-spot-preemption-price">View the preemption rate and pricing for Spot VMs</a>.</p>
<h2 class="release-note-product-title">Container Optimized OS</h2>
<h3>Change</h3>
<h3 id="cos-129-19506-224-36_">cos-129-19506-224-36 <a id='"cos-arm64-129-19506-224-36"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/fac8e2b17485d0065f6f69f83ddb8eb0e9d9c55a
">COS-6.12.90</a></td>
<td>v27.5.1</td>
<td>v2.2.3</td>
<td><a href="https://storage.googleapis.com/cos-tools/19506.224.36/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Change</h3>
<h3 id="cos-dev-133-19862-0-0_">cos-dev-133-19862-0-0 <a id='"cos-arm64-dev-133-19862-0-0"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/ef0c067405ff6956b986d853c39c609e6d457228
">COS-6.18.35</a></td>
<td>v29.4.3</td>
<td>v2.2.3</td>
<td><a href="https://storage.googleapis.com/cos-tools/19862.0.0/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Fixed</h3>
<p>Upgraded app-admin/fluent-bit to v4.2.5.</p>
<h3>Fixed</h3>
<p>Upgraded cos-gpu-installer to v2.7.3.</p>
<h3>Change</h3>
<p>Allow overriding IMA policy from oem partition.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/less to v702.</p>
<h3>Change</h3>
<p>On cchost boards, autoload IMA policy on boot.</p>
<h3>Security</h3>
<p>Fixed CVE-2025-71289 in the Linux kernel.</p>
<h3>Change</h3>
<p>Set static UUID for the stateful partition.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-43245 in the Linux kernel.</p>
<h3>Change</h3>
<p>Update sys-process/audit to v3.0.9.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-43503 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-45838 in the Linux kernel.</p>
<h3>Change</h3>
<p>Updated glib to v2.86.5.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-45839 in the Linux kernel.</p>
<h3>Change</h3>
<p>Updated sys-libs/pam to v1.5.3.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-45841 in the Linux kernel.</p>
<h3>Change</h3>
<p>Updated the Linux kernel to v6.18.35.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-45842 in the Linux kernel.</p>
<h3>Change</h3>
<p>Upgraded net-misc/openssh to v10.0_p2.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-45843 in the Linux kernel.</p>
<h3>Change</h3>
<p>Upgraded sys-apps/ek-cpu-balloon to v1.2.3.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-45844 in the Linux kernel.</p>
<h3>Fixed</h3>
<p>Added support for NVIDIA driver v580.159.04.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46243 in the Linux kernel.</p>
<h3>Fixed</h3>
<p>Fixed a crash that occurs when using the <code>configfile</code> or
<code>source</code> GRUB2 commands when Secure Boot is enabled.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46244 in the Linux kernel.</p>
<h3>Fixed</h3>
<p>Upgraded app-containers/docker to v29.4.3, Upgraded app-containers/docker-test to v29.4.3, Upgraded app-containers/docker-cli to v29.4.3.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46274 in the Linux kernel.</p>
<h3>Fixed</h3>
<p>Upgraded app-containers/docker-credential-helpers to v0.9.7.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46300 in the Linux kernel.</p>
<h3>Fixed</h3>
<p>Upgraded cos-gpu-installer to v2.7.2.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46316 in the Linux kernel.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/gentoo-functions to v1.7.7.</p>
<h3>Security</h3>
<p>Fixed KCTF-def602e in the Linux kernel.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/less to v702.</p>
<h3>Security</h3>
<p>Fixed KCTF-e5b31d9 in the Linux kernel.</p>
<h3>Fixed</h3>
<p>Upgraded sys-libs/libcap-ng to v0.9.3.</p>
<h3>Security</h3>
<p>Updated dev-python/pyjwt to v2.13.0. This fixes
CVE-2026-48522, CVE-2026-48524, CVE-2026-48525, CVE-2026-485256.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-44431 in dev-python/urllib3.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-6732 in dev-libs/libxml2.</p>
<h3>Security</h3>
<p>Updated dev-lang/go to 1.25.10. This fixes CVE-2026-33814,CVE-2026-39819,CVE-2026-39823,CVE-2026-39825,CVE-2026-42499,CVE-2026-39817,CVE-2026-39820,CVE-2026-39826,CVE-2026-39836.</p>
<h3>Security</h3>
<p>Updated dev-python/pyjwt to v2.13.0. This fixes
CVE-2026-48522, CVE-2026-48524, CVE-2026-48525, CVE-2026-485256.</p>
<h3>Security</h3>
<p>Updated net-misc/curl to v8.20. This fixes CVE-2026-5545,CVE-2026-4873,CVE-2026-6429,CVE-2026-7168,CVE-2026-6253,CVE-2026-6276,CVE-2026-7009,CVE-2026-5773.</p>
<h3>Change</h3>
<h3 id="cos-117-18613-613-56_">cos-117-18613-613-56 <a id='"cos-arm64-117-18613-613-56"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/7ead0fd4c30a3ac938a51edf82fd36b526ffa21b
">COS-6.6.137</a></td>
<td>v24.0.9</td>
<td>v1.7.31</td>
<td><a href="https://storage.googleapis.com/cos-tools/18613.613.56/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Fixed</h3>
<p>Fixed a race condition triggered by ext4 online resize that
rarely causes machines to fail to boot.</p>
<h3>Fixed</h3>
<p>Upgraded cos-gpu-installer to v2.7.4.</p>
<h3>Fixed</h3>
<p>Upgraded dev-libs/libusb to v1.0.30.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/less to v702.</p>
<h3>Security</h3>
<p>Fixed CVE-2024-56647 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2025-38584 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-23272 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-23394 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-31527 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-43492 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-43496 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-43503 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46243 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46244 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46274 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46289 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46294 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46303 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46304 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46306 in the Linux kernel.</p>
<h3>Security</h3>
<p>Updated dev-python/pyjwt to v2.13.0. This fixes
CVE-2026-48522, CVE-2026-48524, CVE-2026-48525, CVE-2026-485256.</p>
<h3>Change</h3>
<h3 id="cos-125-19216-395-101_">cos-125-19216-395-101 <a id='"cos-arm64-125-19216-395-101"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/19cc070c0f9a696f1ec666a1c12e685222e54963
">COS-6.12.85</a></td>
<td>v27.5.1</td>
<td>v2.1.7</td>
<td><a href="https://storage.googleapis.com/cos-tools/19216.395.101/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Fixed</h3>
<p>Fixed a race condition triggered by ext4 online resize that
rarely causes machines to fail to boot.</p>
<h3>Fixed</h3>
<p>Upgraded cos-gpu-installer to v2.7.4.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/less to v702.</p>
<h3>Fixed</h3>
<p>Uprev sys-kernel/lakitu-kernel-6_12 to v6.12.92</p>
<h3>Security</h3>
<p>Fixed CVE-2025-71289 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-23394 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-43245 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46160 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46244 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46274 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46283 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46289 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46294 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46303 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46304 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46306 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46316 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed KCTF-def602e in the Linux kernel.</p>
<h3>Security</h3>
<p>Updated dev-python/pyjwt to v2.13.0. This fixes
CVE-2026-48522, CVE-2026-48524, CVE-2026-48525, CVE-2026-485256.</p>
<h3>Change</h3>
<h3 id="cos-121-18867-381-177_">cos-121-18867-381-177 <a id='"cos-arm64-121-18867-381-177"/'></a></h3>
<table class="pkg">
<tr>
<td>Kernel</td>
<td>Docker</td>
<td>Containerd</td>
<td><a href="https://cloud.google.com/container-optimized-os/docs/how-to/run-gpus">GPU Drivers</a></td>
</tr>
<tr>
<td><a href="https://cos.googlesource.com/third_party/kernel/+/0b06ec28c776324f21325b54d9c4c8e501b34301
">COS-6.6.137</a></td>
<td>v27.5.1</td>
<td>v2.0.8</td>
<td><a href="https://storage.googleapis.com/cos-tools/18867.381.177/lakitu/gpu_driver_versions.textproto">See List</a></td>
</tr>
</table>
<h3>Fixed</h3>
<p>Fixed a race condition triggered by ext4 online resize that
rarely causes machines to fail to boot.</p>
<h3>Fixed</h3>
<p>Upgraded cos-gpu-installer to v2.7.4.</p>
<h3>Fixed</h3>
<p>Upgraded sys-apps/less to v702.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-23394 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-31527 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-43492 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-43496 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46243 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46244 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46274 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46289 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46294 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46303 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46304 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed CVE-2026-46306 in the Linux kernel.</p>
<h3>Security</h3>
<p>Fixed KCTF-def602e in the Linux kernel.</p>
<h3>Security</h3>
<p>Updated dev-python/pyjwt to v2.13.0. This fixes
CVE-2026-48522, CVE-2026-48524, CVE-2026-48525, CVE-2026-485256.</p>
<h2 class="release-note-product-title">Dataflow</h2>
<h3>Feature</h3>
<p>Dataflow has updated and expanded its pipeline update features for
streaming jobs:</p>
<ul>
<li><strong>Automated stop-and-replace updates</strong>: You can perform automated,
declarative stop-and-replace updates to streaming jobs.</li>
<li><strong>Parallel updates with the same job name</strong>: When you perform automated
parallel updates, you can use the same job name for the new replacement job.</li>
<li><strong>Auto-cancel draining jobs</strong>: When performing parallel or stop-and-replace
updates, you can configure Dataflow to automatically cancel
the old job if it does not finish draining after a timeout you specify.</li>
<li><strong>Update strategy configuration</strong>: You can explicitly choose between a
parallel update (<code>update_strategy_parallel_job_update</code>) and a standard
in-place update (<code>update_strategy_in_place_update</code>) while keeping all other
configuration the same.</li>
<li><strong>Template upsert functionality</strong>: When launching pipelines from classic
templates, flex templates, Terraform, or Config Connector, you can use the
<code>create_or_update_job</code> experiment to enable automatic create-or-update
(upsert) behavior. If an active job with the specified name already exists,
it is updated. Otherwise, a new job is created.</li>
</ul>
<p>For more information, see <a href="https://docs.cloud.google.com/dataflow/docs/guides/upgrade-guide#automated-stop-replace">Automated stop and
replace</a>, <a href="https://docs.cloud.google.com/dataflow/docs/guides/upgrade-guide#automated-parallel-updates">Automated
parallel pipeline
updates</a>, and
<a href="https://docs.cloud.google.com/dataflow/docs/guides/upgrade-guide#templates-create-or-update">Automatic create or update (upsert) for
templates</a>.</p>
<h2 class="release-note-product-title">Gemini Enterprise</h2>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: New data stores and support for new actions (Public Preview)</strong></p>
<p>The following data stores are available in Public Preview:</p>
<ul>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/airops">AirOps</a></li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/airtable">Airtable</a></li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/calendly">Calendly</a></li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/dynamics365">Dynamics 365</a></li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/freshservice">Freshservice</a></li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/googlestitch">Google Stitch</a></li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/intercom">Intercom</a></li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/mailerlite">MailerLite</a></li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/zohocrm">Zoho CRM</a></li>
</ul>
<p>Additionally, support for new actions is available for the following data
stores:</p>
<ul>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/smartsheet">Smartsheet</a></li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/wrike">Wrike</a></li>
<li><a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/zohoprojects">Zoho Projects</a></li>
</ul>
<p>For more information, see
<a href="https://docs.cloud.google.com/gemini/enterprise/docs/connectors/connect-third-party-data-source">Connect a third-party data source</a>.</p>
<h3>Feature</h3>
<p><strong>Gemini Enterprise: Observability settings for individual agents (Preview)</strong></p>
<p>You can now configure observability settings for individual agents in
Agent Designer employee-made agents. This allows you to monitor metrics in
Metrics Explorer and view trace results in Trace Explorer for specific
agents.</p>
<p>Observability settings for individual agents are configured inside the
agent-level settings. Previously, observability was only available at the
application level, which applies to the Core Assistant agent.</p>
<p>This feature is in Public Preview. For more information, see
<a href="https://docs.cloud.google.com/gemini/enterprise/docs/manage-observability-settings">Manage observability settings</a>.</p>
<h2 class="release-note-product-title">Gemini Enterprise Agent Platform</h2>
<h3>Feature</h3>
<p><strong>Reinforcement Learning fine-tuning is available for Gemini 3.5 Flash in Public Preview</strong></p>
<p>Reinforcement Learning fine-tuning is now available for the <code>gemini-3.5-flash</code> models in
<a href="https://cloud.google.com/products#product-launch-stages">Preview</a>. Model tuning
for Gemini 3.5 Flash is restricted to <code>us-central1</code> and <code>europe-west4</code>, and tuned
model serving is restricted to the <code>us</code> and <code>eu</code> multi-region endpoints.</p>
<p>See <a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/models/tuning/reinforcement-tuning">About reinforcement learning fine-tuning</a>
for more information.</p>
<h2 class="release-note-product-title">Google Cloud Contact Center as a Service</h2>
<h3>Announcement</h3>
<p><strong>Advanced reporting dashboards 4.36</strong></p>
<p>We've released version 4.36 of the advanced reporting dashboards.</p>
<h3>Feature</h3>
<p><strong>New child queues filter option</strong></p>
<p>Dashboards that have the <strong>Queue Name</strong> filter now also have a <strong>Child Queues</strong>
checkbox. Select <strong>Yes</strong> if you want to include all child queues of the
specified queue. There's also a new <strong>Child Queues (Yes / No)</strong> filter available
in Explores that have the <strong>Queue Name</strong> filter.</p>
<h3>Feature</h3>
<p><strong>The Agent &amp; Queue Status (Live) Explore contains new real-time agent and queue metrics</strong></p>
<p>The <strong>Agent &amp; Queue Status (Live)</strong> Explore contains the following new metrics:</p>
<ul>
<li><p><strong>In Call</strong>: the number of agents currently on a call</p></li>
<li><p><strong>Available / Waiting</strong>: the number of agents available and waiting for the
next contact</p></li>
<li><p><strong>Contacts in Queue</strong>: the number of calls currently waiting in the queue</p></li>
</ul>
<h3>Feature</h3>
<p><strong>Link directly to CSAT scores in your CRM from the CSAT dashboards</strong></p>
<p>In the <strong>CSAT Interactions</strong> table of the <strong>CSAT - Calls</strong> and <strong>CSAT - Chats</strong>
dashboards, next to the <strong>Session ID</strong> numbers, links to the associated CSAT
scores in your CRM are now available. You can go directly to the CSAT scores
without needing to search for them in your CRM.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/contact-center/ccai-platform/docs/dashboards-csat">CSAT dashboards</a>.</p>
<h3>Feature</h3>
<p><strong>Updates to the Real-time Queue Monitoring - Calls dashboard</strong></p>
<p>The <strong>Real-time Queue Monitoring - Calls</strong> dashboard now includes the following
metrics tiles:</p>
<ul>
<li><p><strong>Total Rolled Over Pending Callbacks</strong></p></li>
<li><p><strong>Total Rolled Over Completed Callbacks</strong></p></li>
<li><p><strong>Avg CSAT Calls</strong></p></li>
</ul>
<p>For more information, see <a href="https://docs.cloud.google.com/contact-center/ccai-platform/docs/dashboards-real-time-queue-monitor">Queue monitoring dashboards</a>.</p>
<h3>Feature</h3>
<p><strong>Updates to the Queue Performance dashboards</strong></p>
<ul>
<li><p>The <strong>Queue Performance - Calls</strong> and <strong>Queue Performance - Chats</strong>
dashboards now include the following:</p>
<ul>
<li><p>A new <strong>Interaction Type</strong> filter</p></li>
<li><p>A new <strong>Interaction Type</strong> column in the <strong>Queue Detailed Table</strong></p></li>
</ul></li>
<li><p>The <strong>Queue Performance - Calls</strong> dashboard now includes the following
metrics tiles:</p>
<ul>
<li><p><strong>Total Rolled Over Completed Callbacks</strong></p></li>
<li><p><strong>Total Rolled Over Pending Callbacks</strong></p></li>
</ul></li>
</ul>
<h3>Feature</h3>
<p><strong>Repeat contact data in the Queue Performance dashboards</strong></p>
<p>The <strong>Queue Summary Table</strong> of the <strong>Queue Performance - Calls</strong> and <strong>Queue
Performance - Chats</strong> dashboards now includes the following columns:</p>
<ul>
<li><p><strong>Total Repeat Contacts</strong></p></li>
<li><p><strong>Repeat Contact %</strong></p></li>
</ul>
<p>For more information, see <a href="https://docs.cloud.google.com/contact-center/ccai-platform/docs/dashboards-queue-performance">Queue Performance dashboards</a>.</p>
<h3>Fixed</h3>
<p>The following issues were addressed in this release:</p>
<ul>
<li><p>Fixed an issue where <strong>Repeat Contact %</strong> values in the <strong>Queue Summary
Table</strong> of the <strong>Queue Performance - Calls</strong> dashboard exceeded 100%.</p></li>
<li><p>Fixed an issue where the <strong>Date</strong> filter in Explores returned no results
when <strong>is on or after</strong> was set for an absolute date.</p></li>
<li><p>Removed the <strong>Total Logged in Time</strong> metrics tile from the <strong>Agent
Availability</strong> dashboard.</p></li>
<li><p>Fixed an issue where language labels were missing from the advanced
reporting dashboards.</p></li>
<li><p>Fixed an issue that occurred when filtering by chat ID in the <strong>All
Interactions - Chats</strong> dashboard. The wrong chat ID appeared in the
<strong>Virtual Agent Chats</strong> table.</p></li>
<li><p>Fixed an issue where disposition codes were missing or blank for outbound
calls in the <strong>Call Agent Metrics (Historical)</strong> dashboard.</p></li>
</ul>
<h2 class="release-note-product-title">Google Distributed Cloud (software only) for VMware</h2>
<h3>Announcement</h3>
<p>Starting with Distributed Cloud software only for VMware version
1.33.0-gke.799, you must add <code>us.gcr.io</code> to your firewall allowlist to
create or upgrade advanced clusters.</p>
<h2 class="release-note-product-title">Identity and Access Management</h2>
<h3>Feature</h3>
<p>You can use the error ID provided in permission error messages to help
troubleshoot access. Error IDs provide context for the error, including the
principal, resource, permission, and supported IAM conditions.
This feature is available in
<a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<p>For more information, see
<a href="https://docs.cloud.google.com/iam/docs/permission-error-messages">Permission error messages</a>.</p>
<h2 class="release-note-product-title">Spanner</h2>
<h3>Feature</h3>
<p>You can publish a <a href="https://docs.cloud.google.com/gemini/data-agents/conversational-analytics/spanner/create-data-agents#publish-agent-gemini-enterprise">Spanner conversational analytics agent in
Gemini Enterprise</a>.
This feature is in
<a href="https://cloud.google.com/products/#product-launch-stages">Preview</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 14, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_14_2026</id>
    <updated>2026-06-14T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_14_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Google SecOps SOAR</h2>
<h3>Announcement</h3>
<p>Release 6.3.89 is being rolled out to the first phase of regions as listed <a href="https://docs.cloud.google.com/chronicle/docs/soar/overview-and-introduction/soar-gradual-release">here</a>.</p>
<p>This release contains internal and customer bug fixes.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 13, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_13_2026</id>
    <updated>2026-06-13T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_13_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Google SecOps</h2>
<h3>Feature</h3>
<p><strong>Non-prioritized IoC Matching rules Category</strong></p>
<p>Google SecOps has introduced a new detection category, <em>Non-prioritized IoC Matching rules</em>, as part of the <a href="https://docs.cloud.google.com/chronicle/docs/detection/curated-detections">Curated Detections</a> feature. These rule sets integrate with Google's Indicators of Compromise (IoC) feeds and build on curated threat intelligence to identify malicious activities within Google SecOps environments, specifically focusing on threats identifiable through high-fidelity indicators like IPs, domains, and file hashes.</p>
<p>This rules category provides comprehensive coverage for threats often missed by standard managed content, including cryptomining, Command and Control (C2) communications, and the use of malicious anonymization services.</p>
<p>For more information, refer to <a href="https://docs.cloud.google.com/chronicle/docs/detection/non-prioritized-ioc-matching-threats-category">Non-prioritized IoC Matching rules category overview</a>.</p>
<h2 class="release-note-product-title">Google SecOps SIEM</h2>
<h3>Feature</h3>
<p><strong>Non-prioritized IoC Matching rules Category</strong></p>
<p>Google SecOps has introduced a new detection category, <em>Non-prioritized IoC Matching rules</em>, as part of the <a href="https://docs.cloud.google.com/chronicle/docs/detection/curated-detections">Curated Detections</a> feature. These rule sets integrate with Google's Indicators of Compromise (IoC) feeds and build on curated threat intelligence to identify malicious activities within Google SecOps environments, specifically focusing on threats identifiable through high-fidelity indicators like IPs, domains, and file hashes.</p>
<p>This rules category provides comprehensive coverage for threats often missed by standard managed content, including cryptomining, Command and Control (C2) communications, and the use of malicious anonymization services.</p>
<p>For more information, refer to <a href="https://docs.cloud.google.com/chronicle/docs/detection/non-prioritized-ioc-matching-threats-category">Non-prioritized IoC Matching rules category overview</a>.</p>
<h2 class="release-note-product-title">Google SecOps SOAR</h2>
<h3>Announcement</h3>
<p><a href="https://docs.cloud.google.com/chronicle/docs/soar/release-notes#June_07_2026">Release 6.3.88</a> is now available for all regions.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 12, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_12_2026</id>
    <updated>2026-06-12T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_12_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">BigQuery</h2>
<h3>Feature</h3>
<p><a href="https://docs.cloud.google.com/bigquery/docs/generative-ai-overview">BigQuery AI functions</a> can use
<a href="https://docs.cloud.google.com/bigquery/docs/work-with-objectref"><code>ObjectRef</code> values</a> directly as input,
without calling the <code>OBJ.GET_ACCESS_URL</code> function.
This feature is
<a href="https://cloud.google.com/products#product-launch-stages">generally available</a>
(GA).</p>
<h2 class="release-note-product-title">Cloud Monitoring</h2>
<h3>Change</h3>
<p>All <code>agent.googleapis.com/processes</code> metrics are retained for 24 months. For
more information, see <a href="https://docs.cloud.google.com/monitoring/quotas#data_retention_policy">Data retention</a>.</p>
<h2 class="release-note-product-title">Cloud SQL for PostgreSQL</h2>
<h3>Feature</h3>
<p>You can now create and query <a href="https://docs.cloud.google.com/sql/docs/postgres/parameterized-secure-views">parameterized secure views</a>
in Cloud SQL for PostgreSQL.</p>
<p>Parameterized secure views let you use PostgreSQL views with more granular
access control over your data. While you can issue a <code>GRANT</code> statement to control
whether a user can query a PostgreSQL view, a <code>GRANT</code> statement doesn't let you
control the data that the view returns based on the user who is making the
query.</p>
<p>To gain this level of control, use parameterized secure views. You can
define parameters such as a user ID or region within the view. When your
application queries the view, a user can provide values for these parameters,
which customizes the query results. Using parameterized secure views lets you
enforce "least privilege" access to help ensure that your users interact only
with the data that is relevant and authorized to them.</p>
<p>This feature is in <a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<h2 class="release-note-product-title">Cloud Service Mesh</h2>
<h3>Security</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>Sidecar version 1.21.6-asm.36, is rolling out to the rapid release channel.</li>
<li>Sidecar version 1.20.8-asm.86 is rolling out to the regular release channel.</li>
<li>Sidecar version 1.19.10-asm.76 is rolling out to the stable release channel.</li>
</ul>
<p>These rollouts will preempt those <a href="#June_03_2026">previously announced on June 3, 2026</a>.</p>
<p>These patch releases contain the fix for the vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-035">GCP-2026-035</a></p>
<h3>Security</h3>
<p>Proxy version csm_mesh_proxy.20260423_RC03 for Gateway API on GKE clusters is
rolling out to all Managed Cloud Service Mesh release channels over the next
week.</p>
<h2 class="release-note-product-title">Gemini Enterprise</h2>
<h3>Feature</h3>
<p><strong>Gemini Enterprise mobile app: General availability (GA) for Google Identity users</strong></p>
<p>The Gemini Enterprise mobile app is generally available (GA) for organizations using Google Identity as their identity provider. Users can access their agents, search enterprise data, utilize voice features, and perform interactive actions from iOS and Android devices.</p>
<p>With this release, administrators can display a configuration QR code on the web app homepage to enable user access by scanning the QR code. For organizations using Microsoft Entra ID, access to the mobile app is in GA with allowlist.</p>
<p>To learn more, see <a href="https://docs.cloud.google.com/gemini/enterprise/docs/configure-mobile-app">Configure the mobile app</a> and <a href="https://docs.cloud.google.com/gemini/enterprise/docs/use-the-mobile-app">Use the mobile app</a>.</p>
<h2 class="release-note-product-title">Google Cloud Contact Center as a Service</h2>
<h3>Announcement</h3>
<p><strong>Google Cloud CCaaS 4.40</strong></p>
<p>We've released version 4.40 of Google Cloud CCaaS.</p>
<p>The timing of the update to your instance depends on the deployment schedule
that you have chosen. For more information, see <a href="https://cloud.google.com/contact-center/ccai-platform/docs/deployment-schedules">Deployment
schedules</a>.</p>
<h3>Fixed</h3>
<p>This release addresses the following issues:</p>
<ul>
<li><p>Fixed an issue with Salesforce where virtual agent responses appeared out of
order in transcripts.</p></li>
<li><p>Fixed an issue where the advanced reporting dashboards didn't load.</p></li>
<li><p>Fixed an issue where PDF and audio attachments weren't visible to agents
after a chat transfer.</p></li>
<li><p>Fixed an issue where end-users were incorrectly placed on hold following a
cold transfer to a queue.</p></li>
<li><p>Fixed an issue where MP3 audio files for agent call deflections couldn't be
uploaded.</p></li>
<li><p>Fixed an issue where agents were automatically logged out due to inactivity
while still engaged in active calls or chats.</p></li>
<li><p>Fixed an issue where a bulk user upload with blank phone number columns
caused existing direct inbound phone numbers to become unassigned from agent
profiles.</p></li>
</ul>
<h2 class="release-note-product-title">Google Kubernetes Engine</h2>
<h3>Change</h3>
<h4 id="2026-r23-version-updates">(2026-R23) Version updates</h4>
<p>GKE cluster versions have been updated.</p>
<p><strong>New versions available for upgrades and new clusters.</strong></p>
<p>The following versions are now available for new GKE clusters, and for
manual control plane upgrades and node upgrades for existing clusters. For more
information about versioning and upgrades, see <a href="https://cloud.google.com/kubernetes-engine/versioning">GKE versioning and
support</a> and <a href="https://cloud.google.com/kubernetes-engine/upgrades">About GKE
cluster upgrades</a>.</p>
<div>
<devsite-selector>
<section>
<h3>Rapid channel</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a> is now the default version for cluster creation in the Rapid channel.</li>
<li>The following versions are now available in the Rapid channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1166000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3009002</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
<li>The following versions are no longer available in the Rapid channel:
<ul>
<li>1.33.12-gke.1059000</li>
<li>1.34.8-gke.1126000</li>
<li>1.35.5-gke.1057000</li>
<li>1.36.0-gke.2459000</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1218000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1218000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163000</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a></li>
</ul></li>
</ul></li>
</ul>
</section>
<section>
<h3>Regular channel</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000000</a> is now the default version for cluster creation in the Regular channel.</li>
<li>The following versions are now available in the Regular channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2459000</a></li>
</ul></li>
<li>The following versions are no longer available in the Regular channel:
<ul>
<li>1.33.11-gke.1197000</li>
<li>1.34.7-gke.1499000</li>
<li>1.35.3-gke.2190000</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1000000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1000000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000000</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2459000</a></li>
</ul></li>
</ul></li>
</ul>
</section>
<section>
<h3>Stable channel</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>The following versions are now available in the Stable channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13311">1.33.11-gke.1197000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1499000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1353">1.35.3-gke.2190000</a></li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1055000</a></li>
</ul></li>
</ul></li>
</ul>
</section>
<section>
<h3>Extended channel</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000000</a> is now the default version for cluster creation in the Extended channel.</li>
<li>The following versions are now available in the Extended channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2558000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2681000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.1967000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.2074000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1592000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1729000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2459000</a></li>
</ul></li>
<li>The following versions are no longer available in the Extended channel:
<ul>
<li>1.30.14-gke.2458000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.30.14-gke.2608000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.31.14-gke.1868000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.31.14-gke.1986000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.32.13-gke.1492000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.32.13-gke.1657000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.33.11-gke.1197000</li>
<li>1.34.7-gke.1499000</li>
<li>1.35.3-gke.2190000</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.29 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2530000</a></li>
<li>1.30 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.1942000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.30 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2530000</a></li>
<li>1.31 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.1942000</a></li>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1551000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1000000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000000</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2459000</a></li>
</ul></li>
</ul></li>
</ul>
</section>
<section>
<h3>No channel (deprecated)</h3>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000000</a> is now the default version for cluster creation.</li>
<li>The following versions are now available:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1166000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2459000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3009002</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
<li>The following node versions are now available:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2681000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.2074000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1729000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1166000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2459000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3009002</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1000000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1055000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1000000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1055000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000000</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2459000</a></li>
</ul></li>
</ul></li>
</ul>
</section>
</devsite-selector>
</div>
<h3>Security</h3>
<h4 id="2026-r23-security-updates">(2026-R23) Security updates</h4>
<p>This release includes new GKE versions that use updated
Container-Optimized OS images. These updated images are cumulative,
incorporating security fixes from all Container-Optimized OS
versions released since the previous GKE release.</p>
<p>To identify the specific vulnerabilities that were resolved in each updated
Container-Optimized OS image, see the <strong>Security</strong> release notes
for that image. The following table includes links to the release notes for
each updated Container-Optimized OS image:</p>
<p>
<table>
<tbody>
<tr>
<th>GKE version</th>
<th>Container-Optimized OS version</th>
<th>Details</th>
</tr>
<tr>
<td>1.30.14-gke.2681000</td>
<td>cos-117-18613-613-40</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m117#cos-117-18613-613-40_">cos-117-18613-613-40 release notes</a></td>
</tr>
<tr>
<td>1.31.14-gke.2074000</td>
<td>cos-117-18613-613-40</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m117#cos-117-18613-613-40_">cos-117-18613-613-40 release notes</a></td>
</tr>
<tr>
<td>1.33.12-gke.1166000</td>
<td>cos-121-18867-381-161</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m121#cos-121-18867-381-161_">cos-121-18867-381-161 release notes</a></td>
</tr>
<tr>
<td>1.35.5-gke.1241000</td>
<td>cos-125-19216-395-55</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m125#cos-125-19216-395-55_">cos-125-19216-395-55 release notes</a></td>
</tr>
<tr>
<td>1.36.0-gke.2459000</td>
<td>cos-129-19506-120-64</td>
<td><a href="https://docs.cloud.google.com/container-optimized-os/docs/release-notes/m129#cos-129-19506-120-64_">cos-129-19506-120-64 release notes</a></td>
</tr>
</tbody>
</table>
</p>
<h3>Change</h3>
<h4 id="2026-r23-version-updates">(2026-R23) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>The following versions are now available in the Stable channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13311">1.33.11-gke.1197000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1499000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1353">1.35.3-gke.2190000</a></li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1055000</a></li>
</ul></li>
</ul></li>
</ul>
<h3>Change</h3>
<h4 id="2026-r23-version-updates">(2026-R23) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000000</a> is now the default version for cluster creation in the Regular channel.</li>
<li>The following versions are now available in the Regular channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2459000</a></li>
</ul></li>
<li>The following versions are no longer available in the Regular channel:
<ul>
<li>1.33.11-gke.1197000</li>
<li>1.34.7-gke.1499000</li>
<li>1.35.3-gke.2190000</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1000000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1000000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000000</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2459000</a></li>
</ul></li>
</ul></li>
</ul>
<h3>Change</h3>
<h4 id="2026-r23-version-updates">(2026-R23) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a> is now the default version for cluster creation in the Rapid channel.</li>
<li>The following versions are now available in the Rapid channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1166000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3009002</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
<li>The following versions are no longer available in the Rapid channel:
<ul>
<li>1.33.12-gke.1059000</li>
<li>1.34.8-gke.1126000</li>
<li>1.35.5-gke.1057000</li>
<li>1.36.0-gke.2459000</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1218000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1116000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1218000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1163000</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a></li>
</ul></li>
</ul></li>
</ul>
<h3>Change</h3>
<h4 id="2026-r23-version-updates">(2026-R23) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000000</a> is now the default version for cluster creation.</li>
<li>The following versions are now available:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1166000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2459000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3009002</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
<li>The following node versions are now available:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2681000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.2074000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1729000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1166000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1278000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1241000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2459000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2684000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3009002</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.3070003</a></li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1000000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1055000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1000000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347">1.34.7-gke.1055000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000000</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2459000</a></li>
</ul></li>
</ul></li>
</ul>
<h3>Change</h3>
<h4 id="2026-r23-version-updates">(2026-R23) Version updates</h4>
<aside class="note"><strong>Note</strong>: Your clusters might not have these versions available.
Rollouts are already in progress when we publish the release notes, and can take
multiple days to complete across all Google Cloud zones.</aside>
<ul>
<li>Version <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000000</a> is now the default version for cluster creation in the Extended channel.</li>
<li>The following versions are now available in the Extended channel:
<ul>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2558000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2681000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.1967000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.2074000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1592000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1729000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1059000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1126000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1057000</a></li>
<li><a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2459000</a></li>
</ul></li>
<li>The following versions are no longer available in the Extended channel:
<ul>
<li>1.30.14-gke.2458000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.30.14-gke.2608000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.31.14-gke.1868000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.31.14-gke.1986000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.32.13-gke.1492000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.32.13-gke.1657000 is <a href="https://docs.cloud.google.com/kubernetes-engine/versioning#patch-version-support">deprecated</a> in the Extended channel. This version will be removed in 90 days, or at the end of support, if sooner.</li>
<li>1.33.11-gke.1197000</li>
<li>1.34.7-gke.1499000</li>
<li>1.35.3-gke.2190000</li>
</ul></li>
<li>Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
<ul>
<li>GKE upgrades clusters to the following new minor versions if there are no factors, such as <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or deprecated APIs, preventing upgrades:
<ul>
<li>1.29 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2530000</a></li>
<li>1.30 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.1942000</a></li>
</ul></li>
<li>GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster has <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#exclusions">maintenance exclusions</a> or other factors preventing minor version upgrades:
<ul>
<li>1.30 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13014">1.30.14-gke.2530000</a></li>
<li>1.31 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v13114">1.31.14-gke.1942000</a></li>
<li>1.32 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md#v13213">1.32.13-gke.1551000</a></li>
<li>1.33 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312">1.33.12-gke.1000000</a></li>
<li>1.34 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348">1.34.8-gke.1000000</a></li>
<li>1.35 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355">1.35.5-gke.1000000</a></li>
<li>1.36 to <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360">1.36.0-gke.2459000</a></li>
</ul></li>
</ul></li>
</ul>
<h2 class="release-note-product-title">Google SecOps</h2>
<h3>Feature</h3>
<p><strong>[Spotlight Feature] Search for cases using SIEM Search</strong></p>
<p>Google SecOps SIEM Search now provides robust capabilities for analyzing cases and case history alongside existing Unified Data Model (UDM) events and entities. This update allows security analysts to seamlessly correlate case details with other security telemetry within a single interface, streamlining workflows and accelerating incident response.</p>
<p>Key Highlights:</p>
<ul>
<li><p><strong>Unified Search Experience</strong>: Conduct searches across UDM events, entities, cases, and case history from a single SIEM Search interface.</p></li>
<li><p><strong>Correlate SIEM and SOAR Data</strong>: Effortlessly link case details and historical activities with security data, reducing context switching and improving investigation efficiency.</p></li>
</ul>
<p>For more information, see <a href="https://docs.cloud.google.com/chronicle/docs/investigation/search-and-search-case-history">Search cases and case history</a>.</p>
<h3>Feature</h3>
<p><strong>[Spotlight Feature] Investigate detections in Google SecOps Search</strong></p>
<p>Google SecOps Search now supports querying, filtering, and analyzing system-generated detections. When searching on events or entities, matching detections will now appear in the <strong>Alerts and Detections</strong> tab, providing a more holistic workflow for threat investigation.</p>
<p>For more details, see <a href="https://docs.cloud.google.com/chronicle/docs/investigation/investigate-detections-in-search">Investigate detections in Search</a>.</p>
<h3>Announcement</h3>
<p><strong>Asynchronous Search APIs for large datasets</strong></p>
<p>Google SecOps now supports asynchronous Search APIs that let you perform
long-running queries without blocking your applications. This is ideal for 
searches that return a large volume of results.</p>
<ul>
<li><strong>Non-blocking queries</strong>: Initiate searches and receive an operation ID to
track progress, so your application remains responsive.</li>
<li><strong>Handle large result sets</strong>: Retrieve up to 1 million results from data
sources including Unified Data Model (UDM) events, data tables, and Entity
Context Graph (ECG).</li>
<li><strong>Paginated results</strong>: View results efficiently in manageable pages.</li>
</ul>
<p>For more information, see <a href="https://docs.cloud.google.com/chronicle/docs/investigation/search-lro-api">Asynchronous Search APIs</a>
and <a href="https://docs.cloud.google.com/chronicle/docs/investigation/udm-search#resultLimitsDataSources">Result limits for data sources</a>.</p>
<h2 class="release-note-product-title">Google SecOps SIEM</h2>
<h3>Feature</h3>
<p><strong>[Spotlight Feature] Investigate detections in Google SecOps Search</strong></p>
<p>Google SecOps Search now supports querying, filtering, and analyzing system-generated detections. When searching on events or entities, matching detections will now appear in the <strong>Alerts and Detections</strong> tab, providing a more holistic workflow for threat investigation.</p>
<p>For more details, see <a href="https://docs.cloud.google.com/chronicle/docs/investigation/investigate-detections-in-search">Investigate detections in Search</a>.</p>
<h3>Announcement</h3>
<p><strong>Asynchronous Search APIs for large datasets</strong></p>
<p>Google SecOps now supports asynchronous Search APIs that let you perform
long-running queries without blocking your applications. This is ideal for 
searches that return a large volume of results.</p>
<ul>
<li><strong>Non-blocking queries</strong>: Initiate searches and receive an operation ID to
track progress, so your application remains responsive.</li>
<li><strong>Handle large result sets</strong>: Retrieve up to 1 million results from data
sources including Unified Data Model (UDM) events, data tables, and Entity
Context Graph (ECG).</li>
<li><strong>Paginated results</strong>: View results efficiently in manageable pages.</li>
</ul>
<p>For more information, see <a href="https://docs.cloud.google.com/chronicle/docs/investigation/search-lro-api">Asynchronous Search APIs</a>
and <a href="https://docs.cloud.google.com/chronicle/docs/investigation/udm-search#resultLimitsDataSources">Result limits for data sources</a>.</p>
<h2 class="release-note-product-title">Managed Service for Apache Airflow</h2>
<h3>Feature</h3>
<p>New Managed Airflow (Gen 2) environments created while the Restrict Endpoint
Usage organization policy is active now use regional endpoints for services
like Cloud Storage, Cloud Logging, Pub/Sub, and Data Lineage. For more
information, see
<a href="https://docs.cloud.google.com/composer/docs/composer-2/configure-restrict-endpoint-usage-environments">Configure environments with Restrict Endpoint Usage policy</a>.</p>
<h2 class="release-note-product-title">Media CDN</h2>
<h3>Feature</h3>
<p>The maximum cacheable object size for Media CDN can be increased up to 1 TiB. To
request a limit increase for your project, contact your Google support
representative. This feature is <strong>Generally Available</strong>.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/media-cdn/quotas">Quotas and limits</a>.</p>
<h3>Feature</h3>
<p>Media CDN lets you identify the country codes of the edge caches serving client
requests. This feature is <strong>Generally Available</strong>.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/media-cdn/docs/custom-headers#header-variables">Custom headers</a>.</p>
<h2 class="release-note-product-title">Policy Intelligence</h2>
<h3>Feature</h3>
<p>The ability to <a href="https://docs.cloud.google.com/policy-intelligence/docs/remediate-requests">remediate access
issues</a> with Policy Troubleshooter
is <a href="https://cloud.google.com/products#product-launch-stages">generally
available</a>.</p>
<h2 class="release-note-product-title">Sensitive Data Protection</h2>
<h3>Feature</h3>
<p>Added support for inspecting and de-identifying batched content. You can now include a <code><a href="https://cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/ContentItem#BatchContentItem">BatchContentItem</a></code> in your <code><a href="https://cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/ContentItem">ContentItem</a></code> requests.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 11, 2026</title>
    <id>tag:google.com,2016:gcp-release-notes#June_11_2026</id>
    <updated>2026-06-11T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/release-notes#June_11_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">BigQuery</h2>
<h3>Feature</h3>
<p>You can <a href="https://docs.cloud.google.com/bigquery/docs/use-cloud-assist#administer_bigquery">monitor performance, analyze capacity, and optimize costs with Gemini Cloud Assist in BigQuery</a>.
This feature is in <a href="https://cloud.google.com/products#product-launch-stages">Preview</a>.</p>
<h3>Feature</h3>
<p>Support for the
<a href="https://docs.cloud.google.com/bigquery/docs/reference/standard-sql/bigqueryml-syntax-ai-key-drivers"><code>AI.KEY_DRIVERS</code> function</a>
is restored. You can use the
<code>AI.KEY_DRIVERS</code> function to identify segments of data that cause statistically significant changes to a summable metric.</p>
<p>This feature is in
<a href="https://cloud.google.com/products/#product-launch-stages">Preview</a>.</p>
<h2 class="release-note-product-title">Cluster Toolkit</h2>
<h3>Feature</h3>
<p>Cluster Toolkit v1.93.0 is available. This release introduces example
blueprints for GKE H4D deployments that use the <a href="https://docs.cloud.google.com/compute/docs/instances/about-flex-start-vms">flex-start provisioning
model</a>, a <a href="https://docs.cloud.google.com/compute/docs/instances/placement-policies-overview#about-compact-policies">compact placement
policy</a>
and integrated <a href="https://docs.cloud.google.com/tpu/docs/ml-diagnostics/overview">Google Cloud ML Diagnostics</a>.
This version also adds a Slurm high availability controller script and upgrades Slurm
images from Rocky Linux 8 to Rocky Linux 9. For details, see the <a href="https://github.com/GoogleCloudPlatform/cluster-toolkit/discussions/5770">Release
announcement on
GitHub</a>.</p>
<h2 class="release-note-product-title">Compute Engine</h2>
<h3>Feature</h3>
<p>In an autoscaled managed instance group (MIG), you can configure the
stabilization period to manage how quickly the autoscaler deletes instances
after a decrease in the load. This configuration can help optimize costs or
maintain extra capacity based on your workload requirements. For more
information, see
<a href="https://docs.cloud.google.com/compute/docs/autoscaler/managing-autoscalers#configure_stabilization_period">Configure stabilization period</a>.</p>
<h2 class="release-note-product-title">Data Studio</h2>
<h3>Feature</h3>
<p><strong>Pro feature: Security and compliance enhancements</strong></p>
<p>The following features are now available to help you meet your organization's security and compliance needs. These features are only available for Data Studio Pro.</p>
<ul>
<li><strong><a href="https://docs.cloud.google.com/data-studio/cmek">Customer-managed encryption keys (CMEK)</a></strong>:  Use your own cryptographic keys to protect Data Studio Pro assets.</li>
<li><strong><a href="https://docs.cloud.google.com/data-studio/cms">Customer-managed storage</a></strong>: Store your file uploads in your own Cloud Storage bucket and your data extracts in your own BigQuery dataset.</li>
<li><strong><a href="https://docs.cloud.google.com/data-studio/data-residency">Data residency</a></strong>: Keep your data physically within a geographical area.</li></ul>
<h2 class="release-note-product-title">Gemini</h2>
<h3>Other</h3>
<h3 id="bug_fixes_in_vs_code_2">Bug fixes in VS Code</h3>
<p>Various bug fixes and minor product enhancements.</p>
<h2 class="release-note-product-title">Google Cloud VMware Engine</h2>
<h3>Announcement</h3>
<p>The VMware Engine <a href="https://docs.cloud.google.com/vmware-engine/docs/concepts/node-types"><code>ve2</code> node type</a> is now available in the following
additional region:</p>
<ul>
<li>Mexico City (<code>northamerica-south1</code>)</li></ul>
<h2 class="release-note-product-title">Google SecOps Marketplace</h2>
<h3>Change</h3>
<p><strong>Siemplify</strong>: Version 109.0</p>
<ul>
<li><p>Refactored the code in the following action:</p>
<ul>
<li><strong>Attach Playbook to Alert</strong></li>
</ul></li>
</ul>
<h2 class="release-note-product-title">Knowledge Catalog</h2>
<h3>Feature</h3>
<p>Knowledge Catalog now supports data profile scans for unstructured data
(such as PDFs in Cloud Storage) on existing BigQuery object tables.
This feature uses Vertex AI Gemini models to extract semantic insights,
including entities and relationships, from unstructured content.</p>
<aside class="note"><strong>Note:</strong><span> Data profile scans for unstructured data are currently available in
<a href="https://cloud.google.com/products#product-launch-stages">Preview</a> using the
Dataplex REST API only. The cloud console and gcloud
workflows are not supported for this feature.</span></aside>
<p>For more information, see <a href="https://docs.cloud.google.com/dataplex/docs/data-insights-unstructured-data">About unstructured data insights</a>
and <a href="https://docs.cloud.google.com/dataplex/docs/use-data-profile-unstructured-data">Use data profile for unstructured data</a>.</p>
]]>
    </content>
  </entry>

</feed>
