Release 6.3.82 is now available for all regions.
]]>SQL cells in BigQuery notebooks are now generally available (GA).
Published service backends let you configure supported load balancers or regional Cloud Service Mesh to route traffic to published services through Private Service Connect endpoints.
For more information, see Published service backends.
This feature is in Preview.
Use Cloud Trace to troubleshoot your MCP server usage, tool failures, and latency causes. For more information, see Investigate MCP calls using Trace.
SQL cells
Generally available: You can use SQL cells to write, edit, and run SQL queries directly from your Colab Enterprise notebooks. For more information, see Use SQL cells.
Dataplex Universal Catalog is now called Knowledge Catalog. The API, client library, CLI, and Identity and Access Management (IAM) names remain unchanged.
The lightweight profiling mode for data profile scans is available in preview.
The lightweight mode provides low-latency profile scans that return results in seconds, making it ideal for grounding AI agent responses and interactive data exploration. For more information, see Profiling modes.
Google Cloud CCaaS prerelease notes
Here are the prerelease notes for the next version of Google Cloud CCaaS. When we release this version, we expect the new capabilities to be as shown here.
Language selection support for direct calls
End-users making direct calls to agent phone numbers and agent extension numbers can select their language at the start of a call.
Administrators: The Add Number and Edit a Number dialogs, located at Settings > Call > Phone Numbers > Phone Number Management, have a new Set a default language checkbox (when the Set as a direct number checkbox is selected). A list of languages appears when you select the Set a default language checkbox.
"Improved controls for predictive campaigns" is available without assistance from the Google account team
This feature was announced on March 24, 2026 but previously required the Google account team to enable it. You no longer need assistance from the Google account team to use this capability. For more information, see Predictive campaigns.
Virtual agents can transfer calls to a specific human agent
Virtual agents can transfer calls directly to a specific human agent using the
agent ID or agent extension number. Include the agent_extension or agent_id
field in the transfer payload to direct the call to the correct agent.
The following issues were addressed in this release:
Fixed an issue where backslash characters in chat shortcuts and chat messages weren't displayed correctly, resulting in missing or empty message chat bubbles.
Fixed an issue where virtual agent chat transcripts didn't match the actual conversation.
Fixed an issue where call times in session metadata for virtual agent to human agent escalations were shorter than the actual call times.
Fixed an issue where agents were able to join a conference call despite receiving microphone permission errors.
Fixed an issue where direct inbound calls to Twilio numbers assigned at the user level continuously rang without reaching the agent.
Fixed an issue where chat transfers from auto-answer queues to manual-answer queues were incorrectly recorded as manual-to-manual in reporting.
Fixed an agent desktop issue where French (Canadian) translations were missing or incorrect during outbound calls.
Fixed an issue where the All Teams filter didn't block interactions with background elements, which could cause unintended end-user interactions with the UI.
Fixed an issue where missed call volumes didn't appear on the agent monitoring page.
Fixed an issue that occurred when the Display transfer history in agent adapter capability was enabled. After a virtual agent escalation, escalated queue names were shown in English instead of the correct target language.
Fixed an issue where virtual agent audio sessions ended after 15 minutes, causing calls to be escalated unexpectedly.
Fixed an issue where underscores within email addresses were incorrectly removed in CRM transcripts.
Fixed an issue where chat transcript PDFs weren't generated when real-time redaction was enabled and conversations included non-text message types such as inline buttons or content cards.
Fixed an issue where content cards sent by virtual agents during conversations were missing from the PDF chat transcript.
Fixed an issue where chat transcripts created through the API weren't appearing in agent conversations.
Fixed an issue where voicemails disappeared from the agent's queue and didn't appear in voicemail history or reports.
Fixed an issue where the agent adapter displayed Escalated Virtual Agent Call instead of IVR Callback after connecting during a callback.
Fixed an issue where chat disposition selections reset during wrap-up, particularly when Agent Assist was enabled.
Fixed an issue where custom fields in dialer list uploads worked only if the column headers were in all caps.
Fixed an issue where the email adapter didn't start up.
When configuring extensions by using plugins or callouts, you can specify some request and connection attributes to forward to backend services. For more information, see supported attributes.
Private Service Connect consumers can configure supported load balancers or regional Cloud Service Mesh to access published services through Private Service Connect endpoints. This feature is available in Preview.
For more information, see Published service backends.
]]>Relaxed limitation on header name for Client IP resolution
The client IP can now be resolved from any header, not just the X-Forwarded-For header. The most common headers are X-Forwarded-For or True-Client-Ip.
For more information, see Client IP resolution.
The BigQuery Data Transfer Service can now transfer data from Snowflake to BigQuery. This feature is generally available (GA).
You can now use stateful operations in continuous
queries,
which let you perform complex analysis by retaining information across multiple
rows or time intervals using JOINs and windowing aggregations. This feature is
in Preview.
You can now use BigQuery Graph to model your data as a graph and perform analysis on a large scale.
Create a graph directly from tables that store entities and relationships between entities. You don't need to modify your existing workflows or replicate your data to use it in graph queries.
Use Graph Query Language (GQL) to find complex, hidden relationships between data points that would be challenging to find using SQL.
Visualize your graph schema and graph query results in a notebook.
This feature is in Preview.
You can use Gemini in Bigtable Studio to help you write GoogleSQL queries. This feature is available in Preview. For more information, see Write SQL with Gemini assistance.
Security & compliance in Cloud Hub is now in Preview.
Generally available: Hyperdisk ML disks are supported by the following machine series:
Hyperdisk ML offers the highest throughput of all Google Cloud Hyperdisk types, up to 2 TiB/s (2,097,152 MiB/s). For more information, see Hyperdisk ML overview.
You can now specify a custom execution identity for data quality and data profile scans. By default, scans are executed using the Service Agent. You can now use a custom service account (Bring Your Own Service Account) or End-User Credentials (EUC). Using a custom execution identity lets you enforce the principle of least privilege, use fine-grained BigQuery access controls, and unify scan processing costs directly under BigQuery.
For more information, see Configure execution identity for data quality scans and Configure execution identity for data profile scans.
Filestore is integrated with Backup and Disaster Recovery (DR) Service allowing you to centrally manage your backups with advanced features for data protection. This feature is generally available for Filestore instances.
For more information, see Backups overview.
You can now use Gemini Code Assist to get AI-powered assistance in Firestore to generate MQL queries using natural language prompts. This feature is available in Preview.
VS Code Gemini Code Assist 2.77.1 now attributes agent mode logs to Gemini
Code Assist. In previous versions, agent mode logs are being attributed to
Gemini CLI instead of Gemini Code Assist. This discrepancy is resolved in the
latest release, and we recommend that you update to version 2.77.1 or higher
to ensure your usage metrics are correctly reported.
VS Code Gemini Code Assist 2.77.1 now attributes agent mode logs to Gemini
Code Assist. In previous versions, agent mode logs are being attributed to
Gemini CLI instead of Gemini Code Assist. This discrepancy is resolved in the
latest release, and we recommend that you update to version 2.77.1 or higher
to ensure your usage metrics are correctly reported.
Gemini Enterprise: Support for new actions (Preview)
New actions are available for the following data stores:
This feature is in Public Preview. For a list of actions for these data stores, see Supported actions.
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following versions are now available for new GKE clusters, and for manual control plane upgrades and node upgrades for existing clusters. For more information about versioning and upgrades, see GKE versioning and support and About GKE cluster upgrades.
This release includes new GKE versions that use updated Container-Optimized OS images. These updated images are cumulative, incorporating security fixes from all Container-Optimized OS versions released since the previous GKE release.
To identify the specific vulnerabilities that were resolved in each updated Container-Optimized OS image, see the Security release notes for that image. The following table includes links to the release notes for each updated Container-Optimized OS image:
| GKE version | Container-Optimized OS version | Details |
|---|---|---|
| 1.30.14-gke.2320000 | cos-117-18613-534-53 | cos-117-18613-534-53 release notes |
| 1.31.14-gke.1723000 | cos-117-18613-534-53 | cos-117-18613-534-53 release notes |
| 1.32.13-gke.1258000 | cos-117-18613-534-53 | cos-117-18613-534-53 release notes |
| 1.33.10-gke.1115000 | cos-121-18867-381-56 | cos-121-18867-381-56 release notes |
| 1.34.6-gke.1154000 | cos-125-19216-220-106 | cos-125-19216-220-106 release notes |
| 1.35.3-gke.1234000 | cos-125-19216-220-72 | cos-125-19216-220-72 release notes |
Starting with the Looker 26.8 release, which will release in May 2026, the following changes will occur:
Before your Looker instance is upgraded to the Looker 26.8 release, your admin must follow the steps in the Migrating users to service accounts documentation page. This is to ensure admins can either create or migrate service accounts from existing standard users if they require access to users' API credentials.
For more information, see the Discontinuing the admin capability to create, view, and manage API credentials for a standard user deprecation notice.
Google Kubernetes Engine (GKE) Gateway support for using extensions by using callouts to add custom logic into the load balancing processing path is in General Availability. For more information, see GKE extensions.
]]>The BigQuery Data Transfer Service now supports incremental data transfers when transferring data from Microsoft SQL Server to BigQuery. This feature is supported in Preview.
You can now use the
@@session_id system variable with
SQL user-defined functions, table functions, and logical views. This feature is
generally available
(GA).
You can delete up to 1,000 objects in a single request by using the Cloud Storage multi-object delete XML API. If you use Amazon S3-compatible tools or libraries, you can point your request to the Cloud Storage endpoint to use this feature with your existing workflows. For more information, see Delete objects and Delete multiple objects.
Google Cloud CLI lets you configure trace scopes, manage observability buckets, and set default observability settings. These features are in Public Preview. For more information, see the following documents:
Configure trace scopes by using the Google Cloud console, the Google Cloud CLI, Terraform, or the Observability API. For more information, see Create and manage trace scopes.
Manage trace storage by using the Google Cloud CLI or the Observability API. For more information, see Manage trace storage.
Configure default settings by using the Google Cloud CLI, Terraform, or the Observability API. For more information, see Set defaults for observability buckets.
Various bug fixes and minor product enhancements.
Gateway API v1.5 is supported in GKE version 1.35.2-gke.1842000 and later. The GKE Gateway controller passes core conformance tests for this version of the Gateway API.
GKE managed DRANET is now Generally Available (GA) for GKE version 1.35.2-gke.1842000 or later.
GKE DRANET is a managed feature that implements the Kubernetes Dynamic Resource Allocation (DRA) API for high-performance networking. The GA release expands support beyond the preview phase to include the following hardware:
For more information, see Allocate network resources by using GKE managed DRANET.
The feature announced on November 7, 2025, providing faster log processing, has been rolled back. The rollback is due to an issue in an underlying dependency. The described performance improvements are not currently in effect.
Emerging Threats Center general availability
The Emerging Threats Center is now in General Availability (GA) and includes the following new features and enhancements:
For more information, see Emerging Threats Center overview and Emerging Threats Center detail view.
Emerging Threats Center general availability
The Emerging Threats Center is now in General Availability (GA) and includes the following new features and enhancements:
For more information, see Emerging Threats Center overview and Emerging Threats Center detail view.
]]>The BigQuery Data Transfer Service now supports incremental data transfers for the following data source connectors:
These features are supported in Preview.
You can now use the built-in text embedding model embeddinggemma-300m in the
AI.EMBED
and
AI.SIMILARITY
functions. This model uses your BigQuery slots to generate embeddings at scale.
This feature is in
Preview.
You can connect to Bigtable from Java applications and other reporting tools that support a generic JDBC adapter by using the Bigtable JDBC driver. This feature is generally available (GA).
You can use protocol buffer (protobuf) schemas to query individual fields within protobuf messages stored as bytes in Bigtable. You can query your protobuf data using GoogleSQL for Bigtable, continuous materialized views, logical views, or BigQuery external tables. This feature is generally available (GA).
You can use the Database Migration Service MCP server to enable agents and AI applications to view and manage running migration jobs. This feature is in Preview.
You can now ingest OTLP-formatted logs into Cloud Logging by using an OpenTelemetry Collector, an OTLP exporter, and the Telemetry API. For more information, see OTLP log ingestion overview. The Telemetry API for log ingestion is in Preview.
Live migration is generally available (GA) on Confidential VM instances that meet the following configuration criteria:
A C3D machine type
AMD SEV Confidential Computing technology
An operating system image that supports live migration
When you use min_ram or cpu_count resource hints for pipeline steps that don't require accelerators, Auto VM Selection (Instance Flexibility) is enabled automatically. With Auto VM Selection, workers are provisioned from a curated list of machine types that meet your RAM and CPU requirements. For more information, see Auto VM Selection for worker machine types.
You can now use the Datastream remote MCP server to enable LLM agents to perform data-related tasks, such as managing and monitoring your streams, connection profiles, and stream objects.
This feature is in Preview.
Gemini Enterprise: Dropbox federated data store
The Dropbox federated data store is generally available (GA) in Gemini Enterprise.
For more information, see Set up a Dropbox data store.
Advance reporting dashboards 4.12
We've released version 4.12 of the advanced reporting dashboards.
Repeat contacts data added to advanced reporting dashboards
Repeat contacts data is now available in the following advanced reporting dashboards:
Real-time Queue Monitoring - Calls and Real-time Queue Monitoring - Chats: new Total Repeat Contacts tile. For more information, see Queue monitoring dashboards.
All Interactions - Calls and All Interactions - Chats: new Repeat Contact column in the Call Metric Detail and Chat Metric Detail tables.
Real-time Calls - Calls Connected and Real-time Chats - Chats Connected: new Repeat Contact column in the Connected Calls and Connected Chats tables.
New Total Queued Answered metric in the Chat Queue Metrics Explore
The Chat Queue Metrics Explore now includes the Total Queued Answered metric. This metric provides a precise count of chats answered from the queue, providing accurate Service Level Agreement (SLA) and answer rate calculations where the standard "handled" metric might not apply—for example, if a chat is answered and then immediately disconnected.
The following issues were addressed in this release:
Fixed an issue where fields for hourly and 30-minute intervals in call queue metrics didn't display detailed data over long date ranges.
Fixed an issue where the Teams Filter filter displayed incorrect data.
Fixed an issue where calls that started at a specific time didn't appear in their corresponding time windows.
Fixed an issue in the Agent Activity dashboard where the Created By column attributed status changes to an agent when an administrator performed the changes.
Fixed an issue where historical call and chat metrics displayed incorrect timestamps.
On the Real-time Queue Monitoring - Calls and Real-time Queue Monitoring - Chats dashboards, in the Historical Data tables, the Avg CSAT column was renamed CSAT.
Fixed an issue on the Channel Interval - Calls and Channel Interval - Chats dashboards where drill-down views in the trend tiles displayed incorrect information or were empty.
Fixed an issue in the Queue Group Performance - All dashboard where blue highlighting wasn't applied to populated fields in the Queue Group Performance Calls and Queue Group Performance Chats tables.
Search query editor enhancements
Google SecOps has enhanced the search query editor to provide intelligent auto-suggestions and improved error handling.
For more information, see Use auto-suggestions to build queries.
Health Hub
This feature is currently in Preview.
The Health Hub is the central location in Google Security Operations for you to monitor the status and health of all configured data sources. The Health Hub provides crucial information on data sources and log types, offering the context needed to diagnose and remediate data pipeline issues.
The Health Hub includes information about the following:
For more information, see Use the Health Hub.
Search query editor enhancements
Google SecOps has enhanced the search query editor to provide intelligent auto-suggestions and improved error handling.
For more information, see Use auto-suggestions to build queries.
Health Hub
This feature is currently in Preview.
The Health Hub is the central location in Google Security Operations for you to monitor the status and health of all configured data sources. The Health Hub provides crucial information on data sources and log types, offering the context needed to diagnose and remediate data pipeline issues.
The Health Hub includes information about the following:
For more information, see Use the Health Hub.
Organization Policy Service custom constraints are available for managed workload identity and Workload Identity Federation. You can use custom constraints to control how managed workload identity and Workload Identity Federation are used in your organization. For more information, see Custom organization policy constraints for managed workload identity and Custom organization policy constraints for Workload Identity Federation.
The Table Visualization Improvements preview feature is now available, and is disabled by default.
When this preview feature is enabled, you can use the following features for table visualizations:
Parameter Manager supports the latest identifier, which lets you fetch the
most recent parameter value without specifying a version ID. When you use the
gcloud CLI or REST API, you can use latest to retrieve the most recent version
of a parameter.
For more information, see Access a parameter version.
]]>The QueryData tool lets you to query the data in your database using conversational language and build data agents. For more information, see QueryData tool overview. This feature is available in (Preview).
The preview release increases the accuracy of SQL generation with value search queries which match values and their context within a database. Value search queries trigger automatically. QueryData also adds support for Parameterized secure views (PSVs) to help secure applications that use natural language queries. For more information, see Secure and control access to application data using parameterized secure views.
Agent Registry integration support for MCP metadata (Preview)
API hub now includes a managed integration with Agent Registry to automatically synchronize Model Context Protocol (MCP) servers and tools metadata. This feature enables AI agents to discover and interact with the APIs registered in your hub without manual configuration.
This feature is in Public Preview. For more information, see Manage Agent Registry integration.
Correction to April 2, 2026 release note: Deployment disruption for Apigee Drupal Portal via Google Cloud Marketplace
For the deployment disruption announced on April 2, the announcement noted that deployment and management functionality using Google Cloud Deployment Manager would definitely be unavailable during the transition. This statement is incorrect. The functionality might be unavailable.
See the Known issue for more information.
On April 6th, 2026, we released an updated version of Apigee.
This change introduces the new apigee.coreServiceAgent IAM role for
Apigee. Effective immediately, use apigee.coreServiceAgent instead of the
apigee.serviceAgent role.
For information on the new role, see
apigee.coreServiceAgent.
You can manually prewarm images in Artifact Registry to reduce the cold-start latency for deployments. This feature is only available using the API.
You can now use the
AI.AGG function
to semantically aggregate unstructured input data based on natural language
instructions. This feature is in
Preview.
You can now use a custom organization policy to allow or deny specific operations on these BigQuery resources: tables, data policies, and row access policies. This feature is in preview.
The QueryData tool lets you to query the data in your database using conversational language and build data agents. For more information, see QueryData tool overview. This feature is available in (Preview).
The preview release increases the accuracy of SQL generation with value search queries which match values and their context within a database. Value search queries trigger automatically.
If the storage capacity of a Cloud SQL instance is larger than your application needs, then you can manually reduce, or shrink, your storage capacity to a smaller size.
Depending on underlying disk size, storage shrink operations might incur considerable downtime. If your instance requires limited downtime, rather than using storage shrink capabilities, we recommend migrating your data to a new, smaller instance using Database Migration Service.
For more information, see About storage shrink.
If the storage capacity of a Cloud SQL instance is larger than your application needs, then you can manually reduce, or shrink, your storage capacity to a smaller size.
Depending on underlying disk size, storage shrink operations might incur considerable downtime. If your instance requires limited downtime, rather than using storage shrink capabilities, we recommend migrating your data to a new, smaller instance using Database Migration Service.
For more information, see About storage shrink.
The QueryData tool lets you to query the data in your database using conversational language and build data agents. For more information, see QueryData tool overview. This feature is available in (Preview).
The preview release increases the accuracy of SQL generation with value search queries which match values and their context within a database. Value search queries trigger automatically.
If the storage capacity of a Cloud SQL instance is larger than your application needs, then you can manually reduce, or shrink, your storage capacity to a smaller size.
Depending on underlying disk size, storage shrink operations might incur considerable downtime. If your instance requires limited downtime, rather than using storage shrink capabilities, we recommend migrating your data to a new, smaller instance using Database Migration Service.
For more information, see About storage shrink.
Cloud SQL for SQL Server now supports SQL Server 2025 (GA):
For more information, see Database versions and version policies and Choose a machine series.
Cloud SQL for SQL Server integration with Microsoft Entra ID (GA) provides centralized identity and access management (IAM) for your databases using your existing Microsoft Entra ID tenant.
You can now use Storage batch operations to update object contexts for multiple objects in a single job. You can clear all existing contexts from the specified objects, remove contexts with specific keys, or update and insert new context key-value pairs. For more information, see Create and manage batch operation jobs.
Object contexts are now
generally available.
You can attach key-value pairs to your objects to categorize, track, and search
your data. Object contexts are preserved by default during copy, rewrite, and
compose operations. You can help control this behavior by using the
dropContextGroups
JSON API parameter or by providing new contexts in the request.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.123 | v24.0.9 | v1.7.29 | See List |
Fixed CVE-2024-43826 in the Linux kernel.
Fixed CVE-2025-38704 in the Linux kernel.
Fixed CVE-2025-39748 in the Linux kernel.
Fixed CVE-2025-39764 in the Linux kernel.
Fixed CVE-2025-40135 in the Linux kernel.
Fixed CVE-2025-68206 in the Linux kernel.
Fixed CVE-2025-68239 in the Linux kernel.
Fixed CVE-2025-71161 in the Linux kernel.
Fixed CVE-2026-23004 in the Linux kernel.
Fixed CVE-2026-23050 in the Linux kernel.
Fixed CVE-2026-23138 in the Linux kernel.
Fixed CVE-2026-23245 in the Linux kernel.
Fixed CVE-2026-23270 in the Linux kernel.
Fixed CVE-2026-23271 in the Linux kernel.
Fixed CVE-2026-23277 in the Linux kernel.
Fixed CVE-2026-23340 in the Linux kernel.
Fixed CVE-2026-23397 in the Linux kernel.
Fixed CVE-2026-23398 in the Linux kernel.
Fixed CVE-2026-23412 in the Linux kernel.
Fixed CVE-2026-23413 in the Linux kernel.
Fixed CVE-2026-23414 in the Linux kernel.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.161 | v24.0.9 | v1.7.27 | See List |
Fixed CVE-2025-38192 in the Linux kernel.
Fixed CVE-2025-40135 in the Linux kernel.
Fixed CVE-2025-68206 in the Linux kernel.
Fixed CVE-2025-68239 in the Linux kernel.
Fixed CVE-2025-68265 in the Linux kernel.
Fixed CVE-2025-71161 in the Linux kernel.
Fixed CVE-2026-23100 in the Linux kernel.
Fixed CVE-2026-23113 in the Linux kernel.
Fixed CVE-2026-23245 in the Linux kernel.
Fixed CVE-2026-23270 in the Linux kernel.
Fixed CVE-2026-23271 in the Linux kernel.
Fixed CVE-2026-23277 in the Linux kernel.
Fixed CVE-2026-23381 in the Linux kernel.
Fixed CVE-2026-23397 in the Linux kernel.
Fixed CVE-2026-23398 in the Linux kernel.
Fixed KCTF-9df9578 in the Linux kernel.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.122 | v27.5.1 | v2.0.7 | See List |
Fixed CVE-2025-40135 in the Linux kernel.
Fixed CVE-2025-68206 in the Linux kernel.
Fixed CVE-2025-68239 in the Linux kernel.
Fixed CVE-2025-71161 in the Linux kernel.
Fixed CVE-2026-23004 in the Linux kernel.
Fixed CVE-2026-23050 in the Linux kernel.
Fixed CVE-2026-23138 in the Linux kernel.
Fixed CVE-2026-23245 in the Linux kernel.
Fixed CVE-2026-23270 in the Linux kernel.
Fixed CVE-2026-23271 in the Linux kernel.
Fixed CVE-2026-23277 in the Linux kernel.
Fixed CVE-2026-23388 in the Linux kernel.
Fixed CVE-2026-23391 in the Linux kernel.
Fixed CVE-2026-23397 in the Linux kernel.
Fixed CVE-2026-23398 in the Linux kernel.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.67 | v27.5.1 | v2.2.2 | See List |
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.77 | v27.5.1 | v2.2.1 | See List |
Upgraded sys-apps/iproute2 to version 6.18.0.
Fixes a kernel panic in virtio_pci teardown when virtually queues are conditionally skipped.
Fixed a kernel panic in virtio_pci teardown when virtually queues are conditionally skipped.
Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.
Fixed CVE-2024-14027 in the Linux kernel.
Fixed KCTF-7cb9a23 in the Linux kernel.
Fixed CVE-2026-23270 in the Linux kernel.
Upgraded sys-apps/iproute2 to version 6.18.0.
Fixed KCTF-7cb9a23 in the Linux kernel.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.68 | v27.5.1 | v2.1.5 | See List |
Made it so that /dev/hugepages is mounted as noexec for cchost boards.
Made it so that /mnt/disks is mounted as noexec for cchost boards.
Made it so that /run is mounted as noexec for cchost boards.
Upgraded sys-apps/iproute2 to version 6.18.0.
Fixed a kernel panic in virtio_pci teardown when virtually queues are conditionally skipped.
Fixed CVE-2024-14027 in the Linux kernel.
Fixed CVE-2026-23270 in the Linux kernel.
Fixed CVE-2026-23304 in the Linux kernel.
Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.
Fixed KCTF-7cb9a23 in the Linux kernel.
Metadata search for RAG Engine
Use schema-based metadata search in Vertex AI RAG Engine. You can define a metadata schema for a corpus, attach metadata to files within that corpus, and use this metadata to filter contexts during retrieval. For more information, see Filter with metadata search.
Cloud Armor preconfigured rules support ModSecurity Core Rule Set (CRS) 4.22 as a rule source. For more information, see Tuning Google Cloud Armor WAF rules. This feature is available in Preview.
Updates to search query limits and error messaging
Google SecOps has updated search query limits for programmatic and web interface access:
For more information, see Search limits and quotas
v1 Cloud Storage Feed Types (GCS, S3, SQS, Azure)
The v1 feed types for GOOGLE_CLOUD_STORAGE, AMAZON_S3, AMAZON_SQS, and AZURE_BLOBSTORE are deprecated and will be discontinued on March 15, 2027. The new v2 feed types uses the Google Cloud Storage Transfer Service (STS) to provide improved performance, scalability, and reliability.
To ensure continued ingestion, transition your feeds before the March 15, 2027 shutdown date:
You can also self-migrate by creating new feeds using v2 feed types to substitute your existing feeds using v1 feed types by following the steps documented in our feed configuration guides before March 15, 2027.
Key Dates:
For more information, see Feature deprecations.
Updates to search query limits and error messaging
Google SecOps has updated search query limits for programmatic and web interface access:
For more information, see Search limits and quotas
v1 Cloud Storage Feed Types (GCS, S3, SQS, Azure)
The v1 feed types for GOOGLE_CLOUD_STORAGE, AMAZON_S3, AMAZON_SQS, and AZURE_BLOBSTORE are deprecated and will be discontinued on March 15, 2027. The new v2 feed types uses the Google Cloud Storage Transfer Service (STS) to provide improved performance, scalability, and reliability.
To ensure continued ingestion, transition your feeds before the March 15, 2027 shutdown date:
You can also self-migrate by creating new feeds using v2 feed types to substitute your existing feeds using v1 feed types by following the steps documented in our feed configuration guides before March 15, 2027.
Key Dates:
For more information, see Feature deprecations.
You can use the Memorystore for Redis remote MCP server. This server lets you connect to Memorystore for Redis instances from LLMs, AI applications, and AI-enabled development platforms. This feature is available in Preview.
You can use the Memorystore for Valkey remote MCP server. This server lets you connect to Memorystore for Valkey instances from LLMs, AI applications, and AI-enabled development platforms. This feature is available in Preview.
Pub/Sub now offers the AI Inference Single Method Transform (SMT). This SMT lets you get inferences on Pub/Sub messages from Vertex AI models. The model's inferences are added to each message, making them available for downstream processing along with the original message data.
The change is being rolled out in a phased manner over the rest of the week. For more information, see AI Inference SMT. This feature is generally available.
The QueryData tool lets you to query the data in your database using conversational language and build data agents. For more information, see QueryData tool overview. This feature is available in (Preview).
The preview release increases the accuracy of SQL generation with value search queries which match values and their context within a database. Value search queries trigger automatically.
]]>Certificate Manager certificates are available in Google Cloud console while provisioning a load balancer.
You can select a certificate map for the following load balancers:
You can select a Certificate Manager certificate for the following load balancers:
This feature is in General availability.
Release 6.3.82 is being rolled out to the first phase of regions as listed here.
This release contains internal and customer bug fixes.
Playbook Condition and Multi-Choice Question Flows
The maximum number of branches supported in Playbook Conditions and Multiple Choice Questions has been increased from 6 to 20. This allows for more complex branching logic within a single step.
For more information, see Use flows in playbooks.
]]>Playbook Condition and Multi-Choice Question Flows
The maximum number of branches supported in Playbook Conditions and Multiple Choice Questions has been increased from 6 to 20. This allows for more complex branching logic within a single step.
For more information, see Use flows in playbooks.
Release 6.3.81 is now available for all regions.
]]>The gcloud beta alloydb connect
command is now available in
Preview. This command
provides a simplified way to connect securely to AlloyDB
instances by using the AlloyDB Auth Proxy and psql. For more information,
see Connect using gcloud CLI.
The Node.js buildpack supports the Bun package manager in General Availability. For more information, see Building a Node.js application.
Cloud Logging adds support for the ca multi-region. For a complete list
of supported regions, see Supported regions.
Application Monitoring has added a Services and Workloads tab, which lists your registered and discovered services and workloads. From this tab, you can do the following:
Agent or
MCP server.To learn more, see the following:
Dataproc and Google Cloud Serverless for Apache Spark are now unified under the Managed Service for Apache Spark brand. This change consolidates our managed Spark deployment options into a single umbrella brand that includes the full breadth of our Spark capabilities. No existing functionality is being removed as part of this change, and there will be no impact to the Dataproc API, client library, CLI, or IAM names.
Gemini Enterprise: Jira and Confluence federated data stores
The Jira and Confluence federated data stores are generally available (GA) in Gemini Enterprise.
For more information, see: * Jira Cloud * Confluence Cloud
Vertex AI RAG Engine Serverless mode
Vertex AI RAG Engine Serverless mode is now available in public preview. Serverless mode provides a fully managed database for storing RAG resources that abstracts away database provisioning and scaling. You can seamlessly switch between Serverless mode and Spanner mode, which provides dedicated, isolated database instances.
For more information, see the following:
Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.
The following supported default parsers have been updated. Each parser is listed by product name and log_type value, where applicable. This list includes both released default parsers and pending parser updates.
ABNORMAL_SECURITY)AI_HUNTER)AIX_SYSTEM)APACHE)CASSANDRA)ARUBA_WIRELESS)ARUBA_EDGECONNECT_SDWAN)AUTH_ZERO)AWS_AURORA)AWS_CLOUDFRONT)AWS_CLOUDTRAIL)AWS_CLOUDWATCH)AWS_VPC_FLOW)AWS_WAF)AZURE_AD)AZURE_AD_AUDIT)AZURE_FRONT_DOOR)AZURE_SQL)BOMGAR)BEYONDTRUST_BEYONDINSIGHT)BLUECOAT_WEBPROXY)BROADCOM_SUPPORT_PORTAL)CHECKPOINT_HARMONY)CHRONICLE_SOAR_AUDIT)CISCO_ASA_FIREWALL)CISCO_EMAIL_SECURITY)CISCO_ISE)CISCO_MERAKI)CISCO_SECURE_ACCESS)CISCO_SWITCH)CISCO_UMBRELLA_AUDIT)UMBRELLA_DNS)CISCO_WSA)GCP_DNS)GCP_CLOUDSQL)CLOUDFLARE)CLOUDFLARE_WARP)CODE42_INCYDR)CS_ALERTS)CS_EDR)CS_STREAM)CYBERARK_PAM)CYBEREASON_EDR)CYJAX_THREAT_INTELLIGENCE)CTIX)DATABRICKS)DUO_AUTH)ELASTIC_DEFEND)ESET_AV)F5_ASM)F5_BIGIP_APM)FIREEYE_EMPS)FIREEYE_ETP)FIREEYE_NX)FORESCOUT_NAC)FORGEROCK_IDENTITY_CLOUD)FORTINET_FORTIANALYZER)GITHUB)GTI_IOC)CLEARPASS)HUAWEI_SWITCH)IBM_DATAPOWER)IBM_SAFENET)IBM_WEBSPHERE_APP_SERVER)IMPERVA_ABP)IMPERVA_SECURESPHERE)JUNIPER_FIREWALL)KOLIDE)KUBERNETES_AUDIT)KUBERNETES_NODE)AUDITD)MARIA_DB)MCAFEE_EPO)MCAFEE_SKYHIGH_CASB)MCAFEE_WEBPROXY)AZURE_ACTIVITY)MICROSOFT_DEFENDER_CLOUD_ALERTS)MICROSOFT_GRAPH_ALERT)IIS)MICROSOFT_SQL)MIMECAST_MAIL_V2)LOOKOUT_MOBILE_ENDPOINT_SECURITY)MOBILEIRON)NETAPP_ONTAP)NETSKOPE_ALERT_V2)NETSKOPE_WEBPROXY)OBSIDIAN)OFFICE_365)OORT)ORACLE_DB)ORCA)PAN_CORTEX_XDR_EVENTS)PAN_FIREWALL)PAN_PRISMA_CA)POSTFIX_MAIL)PROOFPOINT_ON_DEMAND)PROOFPOINT_MAIL)PROOFPOINT_TRAP)RADWARE_FIREWALL)REDHAT_OPENSHIFT)SALESFORCE)SAP_CHANGE_DOCUMENT)SAP_GATEWAY)SAP_HANA_AUDIT)SAP_SECURITY_AUDIT)GCP_SECURITYCENTER_POSTURE_VIOLATION)GCP_SECURITYCENTER_SENSITIVE_DATA_RISK)GCP_SECURITYCENTER_THREAT)GCP_SECURITYCENTER_TOXIC_COMBINATION)SNYK_SDLC)SURICATA_EVE)SYMANTEC_EDR)SYSDIG)TENABLE_ADS)THREATCONNECT_IOC_V3)TRELLIX_HX_ALERTS)TRELLIX_HX_AUDIT)TRELLIX_HX_ES)TRELLIX_HX_HOSTS)TRENDMICRO_VISION_ONE_ENDPOINT_VULNERABILITIES)TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES)TRENDMICRO_VISION_ONE_WORKBENCH)TRENDMICRO_APEX_CENTRAL)TRENDMICRO_STELLAR)UBIKA_WAF)NIX_SYSTEM)VARONIS)VMWARE_AVINETWORKS_IWAF)VMWARE_ESX)VMWARE_HORIZON)WALLIX_BASTION)WINDOWS_DNS)WINEVTLOG)WINEVTLOG_XML)WIZ_IO)BRO_JSON)ZSCALER_WEBPROXY)The following log types were added without a default parser. Each parser is listed by product name and log_type value, where applicable.
ACTION1)CDNETWORKS_CLOUD_SECURITY)CLAUDE_COMPLIANCE_LOGS)DELL_RECOVERPOINT)IBM_STORWIZE)LEAPXPERT_AUDIT)ORACLE_KEY_VAULT_AUDIT_LOGS)RSA_CLOUD)SERVICENOW_ANTIVIRUS_ACTIVITY)SERVICENOW_ATTACHMENT)SERVICENOW_EMAIL)VERSA_DIRECTOR)ZPE_SYSTEMS_NODEGRID)Google Security Operations has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.
The following supported default parsers have been updated. Each parser is listed by product name and log_type value, where applicable. This list includes both released default parsers and pending parser updates.
ABNORMAL_SECURITY)AI_HUNTER)AIX_SYSTEM)APACHE)CASSANDRA)ARUBA_WIRELESS)ARUBA_EDGECONNECT_SDWAN)AUTH_ZERO)AWS_AURORA)AWS_CLOUDFRONT)AWS_CLOUDTRAIL)AWS_CLOUDWATCH)AWS_VPC_FLOW)AWS_WAF)AZURE_AD)AZURE_AD_AUDIT)AZURE_FRONT_DOOR)AZURE_SQL)BOMGAR)BEYONDTRUST_BEYONDINSIGHT)BLUECOAT_WEBPROXY)BROADCOM_SUPPORT_PORTAL)CHECKPOINT_HARMONY)CHRONICLE_SOAR_AUDIT)CISCO_ASA_FIREWALL)CISCO_EMAIL_SECURITY)CISCO_ISE)CISCO_MERAKI)CISCO_SECURE_ACCESS)CISCO_SWITCH)CISCO_UMBRELLA_AUDIT)UMBRELLA_DNS)CISCO_WSA)GCP_DNS)GCP_CLOUDSQL)CLOUDFLARE)CLOUDFLARE_WARP)CODE42_INCYDR)CS_ALERTS)CS_EDR)CS_STREAM)CYBERARK_PAM)CYBEREASON_EDR)CYJAX_THREAT_INTELLIGENCE)CTIX)DATABRICKS)DUO_AUTH)ELASTIC_DEFEND)ESET_AV)F5_ASM)F5_BIGIP_APM)FIREEYE_EMPS)FIREEYE_ETP)FIREEYE_NX)FORESCOUT_NAC)FORGEROCK_IDENTITY_CLOUD)FORTINET_FORTIANALYZER)GITHUB)GTI_IOC)CLEARPASS)HUAWEI_SWITCH)IBM_DATAPOWER)IBM_SAFENET)IBM_WEBSPHERE_APP_SERVER)IMPERVA_ABP)IMPERVA_SECURESPHERE)JUNIPER_FIREWALL)KOLIDE)KUBERNETES_AUDIT)KUBERNETES_NODE)AUDITD)MARIA_DB)MCAFEE_EPO)MCAFEE_SKYHIGH_CASB)MCAFEE_WEBPROXY)AZURE_ACTIVITY)MICROSOFT_DEFENDER_CLOUD_ALERTS)MICROSOFT_GRAPH_ALERT)IIS)MICROSOFT_SQL)MIMECAST_MAIL_V2)LOOKOUT_MOBILE_ENDPOINT_SECURITY)MOBILEIRON)NETAPP_ONTAP)NETSKOPE_ALERT_V2)NETSKOPE_WEBPROXY)OBSIDIAN)OFFICE_365)OORT)ORACLE_DB)ORCA)PAN_CORTEX_XDR_EVENTS)PAN_FIREWALL)PAN_PRISMA_CA)POSTFIX_MAIL)PROOFPOINT_ON_DEMAND)PROOFPOINT_MAIL)PROOFPOINT_TRAP)RADWARE_FIREWALL)REDHAT_OPENSHIFT)SALESFORCE)SAP_CHANGE_DOCUMENT)SAP_GATEWAY)SAP_HANA_AUDIT)SAP_SECURITY_AUDIT)GCP_SECURITYCENTER_POSTURE_VIOLATION)GCP_SECURITYCENTER_SENSITIVE_DATA_RISK)GCP_SECURITYCENTER_THREAT)GCP_SECURITYCENTER_TOXIC_COMBINATION)SNYK_SDLC)SURICATA_EVE)SYMANTEC_EDR)SYSDIG)TENABLE_ADS)THREATCONNECT_IOC_V3)TRELLIX_HX_ALERTS)TRELLIX_HX_AUDIT)TRELLIX_HX_ES)TRELLIX_HX_HOSTS)TRENDMICRO_VISION_ONE_ENDPOINT_VULNERABILITIES)TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES)TRENDMICRO_VISION_ONE_WORKBENCH)TRENDMICRO_APEX_CENTRAL)TRENDMICRO_STELLAR)UBIKA_WAF)NIX_SYSTEM)VARONIS)VMWARE_AVINETWORKS_IWAF)VMWARE_ESX)VMWARE_HORIZON)WALLIX_BASTION)WINDOWS_DNS)WINEVTLOG)WINEVTLOG_XML)WIZ_IO)BRO_JSON)ZSCALER_WEBPROXY)The following log types were added without a default parser. Each parser is listed by product name and log_type value, where applicable.
ACTION1)CDNETWORKS_CLOUD_SECURITY)CLAUDE_COMPLIANCE_LOGS)DELL_RECOVERPOINT)IBM_STORWIZE)LEAPXPERT_AUDIT)ORACLE_KEY_VAULT_AUDIT_LOGS)RSA_CLOUD)SERVICENOW_ANTIVIRUS_ACTIVITY)SERVICENOW_ATTACHMENT)SERVICENOW_EMAIL)VERSA_DIRECTOR)ZPE_SYSTEMS_NODEGRID)Extended attributes for Workforce Identity Federation are deprecated. For group mapping, we recommend using SCIM instead of extended attributes. For more information, see IAM deprecations.
Hybrid Subnets is available in General Availability. Hybrid subnet routing lets a VPC network share a CIDR block with a connected on-premises network. This configuration helps you migrate workloads to Google Cloud without needing to change any IP addresses. During migration, workloads that have migrated to your VPC network can communicate with those remaining in the on-premises network by using internal IP addresses. After all workloads have migrated, you can disable hybrid subnet routing to restore normal routing behavior.
]]>You can now enable Advanced Query Insights on primary clusters which have secondary clusters configured. Advanced Query Insights is not supported on secondary clusters. If you perform a switchover, you must re-enable Advanced Query Insights on the new primary cluster.
Deployment disruption for Apigee Drupal Portal via Google Cloud Marketplace
Google Cloud Deployment Manager was deprecated as of March 31, 2026. We are currently transitioning the Apigee Drupal Portal Marketplace solution to use Infrastructure Manager. During this transition period, some deployment and management functionalities are unavailable.
Impact:
gcloud deployment-manager tool.Workaround & Resolution: Any configuration changes or management tasks must be performed directly on the individual Google Cloud resources (Compute Engine, Cloud SQL, etc.) rather than through the Marketplace UI.
We are actively working to release the updated Infrastructure Manager-based solution.
You can now use the
CREATE CONNECTION,
ALTER CONNECTION SET OPTIONS,
and DROP CONNECTION
data definition language (DDL) statements to manage Cloud resource connections
with GoogleSQL. Additionally, you can now use the
connection user type
and PROJECT resource type
with GRANT and REVOKE data control language (DCL) statements to manage
connection and project access. These features are
generally available
(GA).
The BigQuery Migration Service supports SQL translations from Snowflake SQL to GoogleSQL. This feature is now generally available (GA).
With this change, the translation service supports a wider variety of
Snowflake SQL and has improved support for several data types.
Among other changes, the translation service maps Snowflake
INTEGER and zero-scale NUMERIC types up to precision 38 to INT64 type in
GoogleSQL for improved performance by default.
You can set the column granularity when you create a search index, which stores additional column information in your search index to further optimize your search query performance. This feature is generally available (GA).
The filter capabilities for log views have been extended to include support for disjunctive clauses, negation statements, and labels. To learn more, see Filters for log views.
Application Monitoring has added support for the following resources:
Additionally, dashboards for Kubernetes workloads display L4 and L7 traffic metrics, when both are available. For more information, see Application Monitoring supported infrastructure.
Cloud SQL for SQL server read pools are now generally available and provide operational simplicity and scaling for your read workloads.
Read pools provide a single endpoint in front of up to seven read pool nodes and automatically load balance traffic.
You can scale your read pool in several ways:
Scale in or out: scale load balancing capacity horizontally by modifying the number of read pool nodes in the read pool. Each read pool supports between 1 and 7 read pool nodes.
Scale up or down: scale load balancing capacity vertically by modifying the machine type associated with a read pool node. Once defined, configuration is uniformly applied across each read pool node in the read pool.
For more information, see About read pools.
Managed Cloud Service Mesh using the TRAFFIC_DIRECTOR implementation now
supports a limited implementation of the EnvoyFilter API. To learn about the
supported fields, extensions, and how to use EnvoyFilter for features like
local rate limiting see
Data plane extensibility with EnvoyFilter.
To troubleshoot any issue while configuring, see Resolving data plane extensibility issues.
You can configure which encryption types are allowed or prohibited for creating new objects in a bucket. For more information, see Enforce or restrict the encryption types for a bucket.
Cluster Toolkit version v1.86.0 is available. This release implements
and configures the Google Container Filesystem (GCFS) to stream images at the
cluster level for Google Kubernetes Engine. This release also migrates the
kubectl_apply_manifest module to Helm and upgrades the command-line interface
(DCGMI) for the NVIDIA Data Center GPU Manager (DCGM).
For more information about version v1.86.0, see the Release announcement on GitHub.
Preview: To control the use of the deprecated container startup agent, an option for
deploying containers on Compute Engine instances, you can enforce the
constraints/compute.managed.disableVmsWithContainerStartupAgent organization
policy constraint. This constraint prevents the creation of
Compute Engine instances that use the container startup
agent and the gce-container-declaration metadata.
You can also enforce this organization policy in dry-run mode to identify projects that use the deprecated metadata, without blocking resource creation.
For more information, see Prevent the creation of VMs that use the container metadata and Migrate containers deployed on VMs during VM creation.
The
Dataform folders and repositories
feature is now
generally available
(GA). This feature lets you organize code assets like notebooks and saved
queries into a hierarchical structure with IAM policy inheritance. This release
also introduces deleteTree API methods for deleting folders and
team folders.
New Dataproc on Compute Engine subminor image versions:
3.9.5 in image version 2.3.NotebookLM Enterprise: Autocomplete for email addresses and group names when sharing notebooks
When sharing notebooks with users and groups, autocomplete is available to help users quickly select the correct email addresses and group names.
If your organization uses the Google Identity Provider, no action is required. If your organization uses Third-party identity and Microsoft Entra ID, a Gemini Enterprise administrator must provision a System for Cross-domain Identity Management (SCIM) tenant for Workforce Identity Federation to enable autocomplete. For more information about identity setup, see Set up NotebookLM Enterprise.
This feature is generally available (GA). For more information, see Share a notebook.
Veo 3.1 Lite
Veo 3.1 Lite is available in public preview. This release is our most cost-efficient Veo on Vertex AI model.
For more information, see 3.1 Lite Generate
Gemini 2.5 model retirement dates updated
The retirement dates for Gemini 2.5 Pro, Gemini 2.5 Flash-Lite, and Gemini 2.5 Flash have been updated to October 16, 2026. For more information, see Model versions and lifecycle.
Google Cloud CCaaS 4.16
We've released version 4.16 of Google Cloud CCaaS.
The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.
Agent Assist is available for calls and chats that are unassociated with a queue
You can now turn on Agent Assist for calls and chats at the team level. That means that Agent Assist is available for interactions that aren't associated with a queue, such as direct inbound calls and outbound calls with no queue selected.
Administrators: In the Settings > Users & Teams > Manage Users & Teams > edit TEAM_NAME pane, there's a new Agent Assist section.
For more information, see Configure Agent Assist at the team level.
New HubSpot CRM ticket view: Help desk view
You can now configure which CRM ticket view your HubSpot integration uses: Standard view, or the new real-time Help desk view.
Administrators: In the Settings > Developer Settings > select HubSpot pane, there's a new CRM Ticket View section.
For more information, see Configure HubSpot.
Play pre-recorded audio for virtual agents
Dialogflow lets virtual agents respond with pre-recorded audio. This lets you use high-quality audio files instead of standard text-to-speech. This capability is available for all voice channels, including inbound and outbound calls. It's available for support virtual agents, task virtual agents, and post-session virtual agents. For more information, see Play pre-recorded audio.
Configure the ringing timeout for virtual agent transfers to SIP endpoints
Twilio users can configure the ringing timeout for outbound calls that virtual
agents transfer to SIP endpoints. Add the sip_ring_timeout field to the
virtual agent's custom payload to set the ringing period for up to 600 seconds.
This allows calls to internal extensions or Unified Communications (UC)
destinations sufficient time to be answered before disconnection. For more
information, see Transfer a call to a SIP
endpoint.
The following issues were addressed in this release:
Fixed an issue with React Native integrations where the email adapter wouldn't load. TBD - confirm that there's only one bug related to the email adapter not loading with React Native integrations.
Fixed an issue where enabling chat redaction caused the unredacted messages to be redacted in the chat adapter.
Fixed an issue where calls continued to be recorded after being transferred to a third-party number, even when the Continue Call recording to Third Party Numbers after the agent leaves the call setting was cleared.
Fixed an issue where emails were automatically assigned to users without agent roles.
Fixed an issue where the global Overcapacity Deflection Messages setting was configured for Uploading Audio Recordings, but queues inheriting global settings incorrectly displayed Text-to-speech in the UI.
Fixed an issue where agents couldn't transfer a chat within the same queue.
Fixed an issue where incoming calls unexpectedly ended with 603 decline errors after ringing for 13 seconds.
Fixed an issue in the Agent Desktop where the session ID didn't match the call ID for the same interaction.
Fixed an issue where user search results didn't display users in locations with the same first three letters of the name when searching for partial locations.
Fixed an issue that let end-users interact with a mailbox immediately after switching to a different mailbox, causing synchronization issues.
Fixed an issue where overcapacity deflection didn't work for direct inbound calls.
Fixed an issue where the Reporting API changed the data types of some response fields. This caused data type mismatches in the reports that the API returned.
Mobile SDK version 2.15.2 patch
This patch updates the following for the Android SDK:
Updates minSdkVersion to 25.
Upgrades the following dependencies:
Twilio Conversations to 6.2.1
Twilio Voice to 6.10.2
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following versions are now available for new GKE clusters, and for manual control plane upgrades and node upgrades for existing clusters. For more information about versioning and upgrades, see GKE versioning and support and About GKE cluster upgrades.
This release includes new GKE versions that use updated Container-Optimized OS images. These updated images are cumulative, incorporating security fixes from all Container-Optimized OS versions released since the previous GKE release.
To identify the specific vulnerabilities that were resolved in each updated Container-Optimized OS image, see the Security release notes for that image. The following table includes links to the release notes for each updated Container-Optimized OS image:
| GKE version | Container-Optimized OS version | Details |
|---|---|---|
| 1.30.14-gke.2286000 | cos-117-18613-534-44 | cos-117-18613-534-44 release notes |
| 1.31.14-gke.1681000 | cos-117-18613-534-44 | cos-117-18613-534-44 release notes |
| 1.32.13-gke.1205000 | cos-117-18613-534-44 | cos-117-18613-534-44 release notes |
| 1.33.10-gke.1067000 | cos-121-18867-381-45 | cos-121-18867-381-45 release notes |
| 1.34.6-gke.1068000 | cos-125-19216-220-72 | cos-125-19216-220-72 release notes |
Chrome Enterprise Premium Integration general availability
The Chrome Enterprise Premium integration is now GA. This release includes the following new features and updates:
New Chrome Enterprise Connector which configures recommended data export settings and sends data through Google Cloud to Google Security Operations. Chrome Enterprise Premium customers can export data with additional security context provided by Google Safe Browsing.
Updates to the CHROME_MANAGEMENT parser documentation in Collect Chrome Enterprise data and
Chrome Enterprise Premium Threats.
Curated Detections for Chrome Enterprise Premium.
Curated Dashboards for Chrome Enterprise Premium.
Response actions to block and remove malicious extensions or to delete blocked extensions from the extension policy ExtensionInstallBlocklist.
Security Command Center Risk Engine supports Managed Service for Apache Spark resources in attack paths and Managed Service for Apache Spark clusters and jobs in high-value resource sets.
]]>Airflow 2.11.1 is available in Cloud Composer 3 and Cloud Composer 2.
New Airflow builds are available in Cloud Composer 3:
New images are available in Cloud Composer 2:
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.67 | v27.5.1 | v2.2.2 | See List |
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.77 | v27.5.1 | v2.2.1 | See List |
Fixed CVE-2024-14027 in the Linux kernel.
Fixed KCTF-7cb9a23 in the Linux kernel.
Fixed KCTF-7cb9a23 in the Linux kernel.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.68 | v27.5.1 | v2.1.5 | See List |
Fixed CVE-2024-14027 in the Linux kernel.
Fixed CVE-2026-23304 in the Linux kernel.
Fixed KCTF-7cb9a23 in the Linux kernel.
Various bug fixes and minor product enhancements.
Gemini Enterprise: Data connector request count metric
Monitor the total number of requests to your Gemini Enterprise data connectors or data stores using the Gemini Enterprise DataConnector - Gemini Enterprise DataConnector Request Count metric in Metrics Explorer.
This feature is generally available (GA). For more information, see Access metrics in Metrics Explorer.
Microsoft 365 Defender: Version 26.0
The following new job has been added:
SentinelOneV2: Version 48.0
The following new job has been added:
Microsoft Teams: Version 36.0
Optimized user lookup logic for the following actions:
Add Users To Channel
Create Chat
Akamai: Version 6.0
Updated the JSON results of the following actions:
Add Items To Client List
Remove Items From Client List
Source code is now publicly available on GitHub for the following integrations:
CyberX: Version 6.0
JuniperVSRX: Version 11.0
McAfee NSM: Version 11.0
Micro Focus ITSMA: Version 7.0
Portnox: Version 9.0
ReversingLabs A1000: Version 10.0
Stealthwatch V6.10: Version 6.0
Symantec Content Analysis: Version 7.0
Azure Active Directory: Version 25.0
Added the ability to fetch last login time information to the following actions:
Enrich User
Get Manager Contact Details
Hot standby enhances the AlloyDB high availability (HA) architecture to improve failover times and to ensure consistent performance after failover. AlloyDB continuously replicates transactions to the standby node to keep caches warm and to ensure that the node is ready to take over quickly during a failover. This feature is generally available (GA) in PostgreSQL 18 and is automatically enabled for all new instances. For more information, see the AlloyDB high availability overview.
On March 31st, 2026, we released an updated version of Apigee.
General Availability (GA) launch of Model Context Protocol (MCP) in Apigee
With this release, Model Context Protocol (MCP) in Apigee is generally available, enabling you to expose your Apigee APIs as MCP tools to agentic applications.
Any MCP client that supports remote MCP endpoints over HTTP/S can access these tools. Because the endpoints are managed, you don't need to install or manage local MCP servers, remote MCP servers, or additional infrastructure to enable agentic applications to access your services.
MCP in Apigee is available for Subscription, Pay-as-you-go, and Evaluation organizations, including organizations with Data Residency and VPC Service Controls enabled.
For more information on using MCP in Apigee, see MCP in Apigee overview.
Enhanced OAS server URL path handling for MCP in Apigee
With this feature enhancement, your OpenAPI specification (OAS) configurations behave exactly
as defined in the OAS standard, automatically combining the server.url base path value with individual operation paths.
For example, a server URL ofhttps://example.com/api/v1 paired with a path of /users will now correctly route to https://example.com/api/v1/users without additional manual intervention.
If you previously prepended base paths to your OAS paths entries, remove the path segment from your servers.url field to prevent
duplication. For example, change https://example.com/api/v1 to https://example.com.
For more information, see Create an OpenAPI 3.0 specification.
Updated MCP server target endpoint for MCP Discovery Proxies
With the GA launch of Model Context Protocol (MCP) in Apigee, the structure of the MCP server target endpoint for MCP Discover Proxies has changed to ORG_NAME.mcp.apigee.internal.
Private preview customers using the previous format (mcp.apigee.internal) are encouraged to update their proxies to reflect the new structure. Existing endpoints using the old format will continue to work, but new endpoints will use the new structure.
Known Issue 496552286: Deployment fails for MCP Discovery Proxies in regions with capacity limitations.
For more information, see Apigee known issues.
The Data Boundary for FedRAMP High supports the following products:
The Data Boundary for Impact Level 2 (IL2) supports the following products:
The Data Boundary for Impact Level 4 (IL4) supports the following products:
The Data Boundary for FedRAMP Moderate supports the following products:
The Data Boundary for Impact Level 5 (IL5) supports the following products:
BigQuery ObjectRef values
now support the following:
ObjectRef functions
with either
direct access or delegated access.OBJ.MAKE_REF function
automatically fetches the latest Cloud Storage metadata and populates this in
the ref.details field.OBJ.GET_READ_URL function
returns a STRUCT value with a read URL and status columns and renders image
results in the Cloud console. Use this function when you don't require a
write URL.These features are generally available (GA).
SNI-based routing for proxy Network Load Balancers is now available in Preview.
You can now route TLS traffic based on Server Name Indication (SNI) hostnames
by using the new TLSRoute resource. The load balancer inspects the
initial unencrypted ClientHello message to extract the SNI hostname and
route connections to the appropriate backend service.
This feature provides pure TLS passthrough without terminating the connection
at the load balancer. Key benefits include:
TLSRoute API lets platform administrators
to manage frontend infrastructure while service owners manage their own routes
and backends independently.This feature is available for regional and cross-region proxy Network Load Balancers.
For more information, see:
The default TCP TIME_WAIT
timeout for Cloud NAT is scheduled to decrease from 120 seconds to 30 seconds,
across all regions, as follows:
Impact on gateways
Existing gateways: Cloud NAT gateways created before the regional update will retain the 120-second default. You can adjust this value by using the --tcp-time-wait-timeout flag at any time.
Cloud NAT gateways configured with a custom TIME_WAIT value
aren't affected and will continue to use your configured custom value.
The following table outlines the applicable default timeout for new gateways throughout the deployment timeline.
| Gateway type | Default timeout (before June 30) |
Default timeout (June 30—September 29) |
Default timeout (on or after September 30) |
|---|---|---|---|
| New | 120 seconds | 30 or 120 seconds | 30 seconds |
You can now migrate a subset of databases from an external server to a destination Cloud SQL for MySQL instance.
For more information, see Configure Cloud SQL and the external server for replication.
You can now use Storage Insights datasets to help manage your data security and compliance. The ability to identify publicly accessible objects is now generally available. Additionally, new fields in bucket and object metadata schemas, such as encryption, retentionPeriod, encryptionType, and retentionExpirationTime, help you audit encryption configurations and monitor data retention policies. For more information, see
Storage Insights datasets and
Dataset tables and schemas.
Generally available: TPU7x is generally available (GA). TPU7x is the first release within the Ironwood family, Google Cloud's seventh generation TPU. TPU7x supports large-scale AI training and inference, providing performance and cost-effectiveness for demanding workloads such as large language (LLMs), mixture of experts (MoEs), and diffusion models. For more information, see the TPU7x (Ironwood) documentation.
Generally available: The maximum throughput for a Hyperdisk ML disk is increased to 2,097,152 MiB/s from 1,200,000 MiB/s. Hyperdisk ML provides the highest throughput per disk for machine learning and for workloads that require high read throughput on immutable datasets.
For more information, see About Hyperdisk ML.
Upgrading fine tuned custom extractor processors is now available in Preview.
The feature allows you to fine tune a new processor version with a newer base version, while keeping the configurations of the previously fine-tuned processor version selected. This is available through the UI in the Deploy & use tab in the console.
This is currently supported for upgrading pretrained-foundation-model-v1.4-2025-02-05
to pretrained-foundation-model-v1.5-2025-05-05.
For more information, see training overview.
Gemini Enterprise: Support for new actions (Preview)
New actions are available for the following data stores:
For a list of actions for these data stores, see Supported actions.
Gemini Enterprise: Connect Salesforce data using data federation (Preview)
You can connect Salesforce data stores to Gemini Enterprise using data federation.
This feature is in Public Preview. For more information, see Connect Salesforce.
Gemini Enterprise: Federated connector error logs in Logs Explorer
You can view detailed error logs for your federated connectors in Logs Explorer. These logs include connection problems, data transformation issues, or API errors.
For more information, see Access Gemini Enterprise connector error logs with Cloud Logging.
Gemini Enterprise and NotebookLM Enterprise: BSI C5:2020 compliance
Gemini Enterprise and NotebookLM Enterprise are certified for BSI C5:2020 compliance.
Cloud Armor supports a visual Match Condition Builder that allows you to create complex expressions in Common Expression Language (CEL) without writing raw code. For more information, see Use the Match Condition Builder.
Multi-stage queries in YARA-L
The Multi-stage queries feature is now GA. This feature lets you feed the output of one query stage into the input of another, providing more granular data transformation than a single, monolithic query.
You can use multi-stage queries in both Dashboards and Search to build sophisticated detection and visualization logic. No action is required to enable this feature.
Learn more about how to create multi-stage queries with YARA-L 2.0.
Multi-stage queries in YARA-L
The Multi-stage queries feature is now GA. This feature lets you feed the output of one query stage into the input of another, providing more granular data transformation than a single, monolithic query.
You can use multi-stage queries in both Dashboards and Search to build sophisticated detection and visualization logic. No action is required to enable this feature.
Learn more about how to create multi-stage queries with YARA-L 2.0.
Gemini assistance in the IAM role picker is generally available.
For more information, see Get predefined role suggestions with Gemini assistance.
Oracle Database@Google Cloud supports VPC Service Controls. For more information, see Configure VPC Service Controls. This feature is Generally Available (GA).
ABAP SDK for Google Cloud version 1.13 (On-premises or any cloud edition)
Version 1.13 of the on-premises or any cloud edition of the ABAP SDK for Google Cloud is generally available (GA). For the latest Gemini 3.1 Pro models, this version includes support for function calling with thought signatures and enhanced thinking configurations to optimize model reasoning.
Additionally, this version introduces support for the Parameter Manager API and fixes an issue with the recordstamp field in the BigQuery toolkit for SAP when multiple records with the same primary key are replicated to BigQuery.
For more information, see What's new with the on-premises or any cloud edition of the ABAP SDK for Google Cloud.
Risk Engine now supports aiplatform.googleapis.com/ReasoningEngine in both attack paths and high value resource sets.
AlloyDB now offers conversational analytics, which lets users query their operational data using natural language. This feature is powered by the Conversational Analytics API, which can help you translate complex human dialog into precise database queries to provide actionable insights. This feature is in Preview. For more information, see Conversational analytics for AlloyDB overview.
The following forecasting and anomaly detection functions and updates are generally available (GA):
The
AI.DETECT_ANOMALIES function
supports providing a custom context window that determines how many of the
most recent data points should be used by the model.
The
AI.FORECAST function
supports specifying the latest timestamp value for forecasting.
The
AI.EVALUATE function
supports the following:
You can provide a custom context window that determines how many of the most recent data points should be used by the model.
The function outputs the mean absolute scaled error for the time series.
You can now create BigQuery non-incremental materialized views over Spanner data to improve query performance by periodically caching results. This feature is generally available (GA).
You can view the details of Bigtable continuous materialized views in the Google Cloud console.
Scenario modeling for CUD recommendations is generally available
Scenario modeling for committed use discount (CUD) recommendations is now generally available (GA). You can simulate scenarios for both spend-based and resource-based CUDs, and customize recommendations to purchase a commitment that maximizes your savings.
For more information, see Simulate scenarios for CUDs savings.
Cloud Build now supports uploading generic artifacts to generic
repositories, and also downloading generic repositories as build dependencies.
For more information, see genericArtifacts
and Specify a generic artifact as a dependency.
For global external Application Load Balancers, you can configure Cloud CDN cache policies at various levels of a URL map, providing more granular control over caching. You can now apply specific caching logic based on hostnames, URL paths, HTTP headers, and query parameters. This feature is in Preview.
For more information, see Cache policies in URL maps.
Database Migration Service for homogeneous MySQL migrations now lets you migrate individual databases from your source. You can select the databases when you create a migration job for homogeneous MySQL migrations.
For any new project that is created on or after March 30, 2026, if the project enables the Cloud Logging API, then Google Cloud Observability also enables the Telemetry API.
For any new project that is created on or after March 30, 2026, if the project enables the Cloud Monitoring API, Telemetry API.
Cloud SQL for MySQL now offers conversational analytics, which lets users query their operational data using natural language. This feature is powered by the Conversational Analytics API, which can help you translate complex human dialog into precise database queries to provide actionable insights. This feature is in Preview. For more information, see Conversational analytics for Cloud SQL for MySQL overview.
Cloud SQL for PostgreSQL now offers conversational analytics, which lets users query their operational data using natural language. This feature is powered by the Conversational Analytics API, which can help you translate complex human dialog into precise database queries to provide actionable insights. This feature is in Preview. For more information, see Conversational analytics for Cloud SQL for PostgreSQL overview.
Vector assist (Preview) is temporarily disabled for all Cloud SQL for PostgreSQL instances.
For any new project that is created on or after March 30, 2026, if the project enables the Cloud Trace API, then Google Cloud Observability also enables the Telemetry API.
You can use the Cloud Trace API MCP server to let agents and AI applications interact with your trace data. This feature is in Preview.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.67 | v27.5.1 | v2.2.2 | See List |
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.77 | v27.5.1 | v2.2.1 | See List |
Fixed CVE-2026-27135 in net-libs/nghttp2.
Updated the Linux kernel to v6.12.77.
Enabled dynamic configuration of FUSE max pages limit.
Enabled dynamic configuration of FUSE max pages limit.
Fixed CVE-2026-23292 in the Linux kernel.
Fixed CVE-2026-27135 in net-libs/nghttp2.
Fixed CVE-2026-23293 in the Linux kernel.
Runtime sysctl changes:
Fixed CVE-2026-23296 in the Linux kernel.
Fixed CVE-2026-23297 in the Linux kernel.
Fixed CVE-2026-23300 in the Linux kernel.
Fixed CVE-2026-23303 in the Linux kernel.
Fixed CVE-2026-23304 in the Linux kernel.
Fixed CVE-2026-23310 in the Linux kernel.
Fixed CVE-2026-23316 in the Linux kernel.
Fixed CVE-2026-23319 in the Linux kernel.
Fixed CVE-2026-23340 in the Linux kernel.
Fixed CVE-2026-23352 in the Linux kernel.
Fixed CVE-2026-23359 in the Linux kernel.
Fixed CVE-2026-23360 in the Linux kernel.
Fixed CVE-2026-23380 in the Linux kernel.
Fixed CVE-2026-23381 in the Linux kernel.
Fixed CVE-2026-23383 in the Linux kernel.
Fixed CVE-2026-23388 in the Linux kernel.
Fixed CVE-2026-23390 in the Linux kernel.
Fixed KCTF-9df9578 in the Linux kernel.
Runtime sysctl changes:
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.68 | v27.5.1 | v2.1.5 | See List |
Enabled dynamic configuration of FUSE max pages limit.
Fixed CVE-2026-23292 in the Linux kernel.
Fixed CVE-2026-23293 in the Linux kernel.
Fixed CVE-2026-23296 in the Linux kernel.
Fixed CVE-2026-23297 in the Linux kernel.
Fixed CVE-2026-23300 in the Linux kernel.
Fixed CVE-2026-23303 in the Linux kernel.
Fixed CVE-2026-23310 in the Linux kernel.
Fixed CVE-2026-23316 in the Linux kernel.
Fixed CVE-2026-23319 in the Linux kernel.
Fixed CVE-2026-23340 in the Linux kernel.
Fixed CVE-2026-23352 in the Linux kernel.
Fixed CVE-2026-23359 in the Linux kernel.
Fixed CVE-2026-23360 in the Linux kernel.
Fixed CVE-2026-23380 in the Linux kernel.
Fixed CVE-2026-23381 in the Linux kernel.
Fixed CVE-2026-23383 in the Linux kernel.
Fixed CVE-2026-23388 in the Linux kernel.
Fixed CVE-2026-23390 in the Linux kernel.
Fixed CVE-2026-27135 in net-libs/nghttp2.
Fixed CVE-2026-27448 in dev-python/pyopenssl.
Fixed CVE-2026-27459 in dev-python/pyopenssl.
Fixed KCTF-9df9578 in the Linux kernel.
Runtime sysctl changes:
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.122 | v27.5.1 | v2.0.7 | See List |
Added support for loading the ublk kernel module.
Fixed CVE-2026-23292 in the Linux kernel.
Fixed CVE-2026-23293 in the Linux kernel.
Fixed CVE-2026-23296 in the Linux kernel.
Fixed CVE-2026-23300 in the Linux kernel.
Fixed CVE-2026-23303 in the Linux kernel.
Fixed CVE-2026-23304 in the Linux kernel.
Fixed CVE-2026-23310 in the Linux kernel.
Fixed CVE-2026-23340 in the Linux kernel.
Fixed CVE-2026-23352 in the Linux kernel.
Fixed CVE-2026-23359 in the Linux kernel.
Fixed CVE-2026-23368 in the Linux kernel.
Fixed CVE-2026-23381 in the Linux kernel.
Fixed CVE-2026-23386 in the Linux kernel.
Fixed CVE-2026-23392 in the Linux kernel.
Fixed CVE-2026-27135 in net-libs/nghttp2.
Fixed CVE-2026-27448 in dev-python/pyopenssl.
Fixed CVE-2026-27459 in dev-python/pyopenssl.
Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.
Fixed KCTF-329f0b9 in the Linux kernel.
Fixed KCTF-9df9578 in the Linux kernel.
Fixed the "CrackArmor" vulnerability in the Linux kernel.
Runtime sysctl changes:
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.123 | v24.0.9 | v1.7.29 | See List |
Fixed CVE-2026-23292 in the Linux kernel.
Fixed CVE-2026-23293 in the Linux kernel.
Fixed CVE-2026-23296 in the Linux kernel.
Fixed CVE-2026-23300 in the Linux kernel.
Fixed CVE-2026-23303 in the Linux kernel.
Fixed CVE-2026-23304 in the Linux kernel.
Fixed CVE-2026-23310 in the Linux kernel.
Fixed CVE-2026-23351 in the Linux kernel.
Fixed CVE-2026-23352 in the Linux kernel.
Fixed CVE-2026-23359 in the Linux kernel.
Fixed CVE-2026-23368 in the Linux kernel.
Fixed CVE-2026-23381 in the Linux kernel.
Fixed CVE-2026-23386 in the Linux kernel.
Fixed CVE-2026-23388 in the Linux kernel.
Fixed CVE-2026-23391 in the Linux kernel.
Fixed CVE-2026-23392 in the Linux kernel.
Fixed CVE-2026-27135 in net-libs/nghttp2.
Fixed CVE-2026-27448 in dev-python/pyopenssl.
Fixed the "CrackArmor" vulnerability in the Linux kernel.
Fixed the "CrackArmor" vulnerability in the Linux kernel.
Runtime sysctl changes:
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.161 | v24.0.9 | v1.7.27 | See List |
Updated cos-gpu-installer to v2.6.1.
Fixed CVE-2026-23292 in the Linux kernel.
Fixed CVE-2026-23293 in the Linux kernel.
Fixed CVE-2026-23296 in the Linux kernel.
Fixed CVE-2026-23300 in the Linux kernel.
Fixed CVE-2026-23303 in the Linux kernel.
Fixed CVE-2026-23304 in the Linux kernel.
Fixed CVE-2026-23340 in the Linux kernel.
Fixed CVE-2026-23352 in the Linux kernel.
Fixed CVE-2026-23359 in the Linux kernel.
Fixed CVE-2026-23368 in the Linux kernel.
Fixed CVE-2026-23388 in the Linux kernel.
Fixed CVE-2026-23391 in the Linux kernel.
Fixed CVE-2026-23392 in the Linux kernel.
Fixed CVE-2026-27135 in net-libs/nghttp2.
Fixed CVE-2026-27448 in dev-python/pyopenssl.
Fixed CVE-2026-27459 in dev-python/pyopenssl.
Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.
Fixed KCTF-329f0b9 in the Linux kernel.
Runtime sysctl changes:
Automated cataloging of Looker (Google Cloud core) metadata as well as data lineage ingestion from BigQuery sources are now available in preview. For more information, see the Looker (Google Cloud core) documentation.
Gemini Enterprise: Include cross-domain documents feature for Google Drive (Preview)
When configuring a Google Drive data store, the Include cross-domain documents feature lets you search and index documents outside your organization. Enable this setting during app creation or on the Manage web app features page for existing apps.
This feature is in Public Preview. For more information, see Create an app and Manage web app features.
Version 20260329.00 of the guest agent
is now available for all supported operating systems. This version introduces
the following features:
enable_local_plugins configuration now defaults to true.connection_type is introduced to the
PluginConfig section of the guest agent configuration file. This option
forces a specific connection type when the guest agent connects to the
extensions it is managing. Supported connection types are UDS and TCP.Version 20260329.00 of the guest agent
is now available for all supported operating systems. This version introduces
the following fixes:
Starting March 30, 2026, the following features will begin rolling out.
The Looker mobile application now supports sending alert notifications as push notifications to users who have the Looker mobile application on their mobile device. (This release note was updated on April 9, 2026 to reflect that this update is a feature and to correct a documentation link.)
Available in preview for Looker (Google Cloud core), you can now track end-to-end data lineage from BigQuery to Looker content, including views, Explores, dashboards, and Looks, through the Looker and Dataplex lineage integration. This enables impact analysis to see how BigQuery changes affect downstream Looker (Google Cloud core) contents.
Available in preview, you can publish the Conversational Analytics data agents that you create in Looker to Gemini Enterprise.
Available in preview, you can chat with Conversational Analytics data agents in user-defined dashboards and in LookML dashboards.
The Enhanced Content Cleanup preview feature is now available. When this feature is enabled for your instance, it lets admins and content owners access an enhanced content management experience in Looker. The Enhanced Content Cleanup preview feature provides the following capabilities:
This feature is disabled by default. Learn more about managing unused content with Enhanced Content Cleanup.
Now generally available, Looker has full support for connections with AlloyDB for PostgreSQL. When you create a connection in Looker, you can now select Google Cloud AlloyDB for PostgreSQL from the Dialect drop-down menu. This update doesn't affect existing AlloyDB connections that were created using the PostgreSQL 9.5+ option in the Dialect menu.
The New Looker Explore and Merge Query Experience preview feature is now available.
When this feature is enabled for your instance, it lets individual users have the option to try the redesigned Looker Explore and Merge Query interfaces. The streamlined interfaces let Looker users find connections and gain insights from their data more quickly. For an AI-assisted experience, enable additional options on the Gemini in Looker page in the Platform section of the Admin panel.
This feature is disabled by default.
Learn more about the new Explore and Merge Query experience.
For customer-hosted Looker instances, Looker 26.6 supports MySQL 8.4.X for the Looker backend database. For customer-hosted instances that use MySQL 8.0.X for the Looker backend database, it is recommended that you update to MySQL 8.4.X as soon as you update your Looker instance to 26.6 or later. Note: This item was added on April 6, 2026.
Available in preview, Looker (Google Cloud core) now integrates with Dataplex Universal Catalog, providing a unified discovery and management experience for your Looker metadata. This allows you to search for Looker assets like LookML models and dashboards directly within Dataplex, giving you a comprehensive view of your data landscape.
When connecting Looker to your database, you can specify additional Java Database Connectivity (JDBC) parameters that you want Looker to include when it communicates with your database driver. In order to keep your connection secure, Looker now has an allowlist for the additional JDBC parameters that are supported for each database dialect.
For a list of the supported JDBC parameters for your dialect, see the "Supported JDBC parameters" section of the database configuration instructions page for your dialect.
Spanner offers conversational analytics, which lets users query their operational data using natural language. This feature is powered by the Conversational Analytics API, which can help you translate complex human dialog into precise database queries to provide actionable insights. This feature is in Preview. For more information, see Conversational analytics for Spanner overview.
You can create BigQuery non-incremental materialized views over Spanner data to improve query performance by periodically caching results. This feature is generally available (GA).
You can use
Cloud resource connections with EXPORT DATA statements
to reverse ETL (extract, transform, load) BigQuery data to
Spanner. This feature is
generally available (GA).
Service producers can accept or reject connections from individual Private Service Connect endpoints. This feature is available in General Availability.
]]>Release 6.3.81 is being rolled out to the first phase of regions as listed here.
This release contains internal and customer bug fixes.
]]>Release 6.3.80 is now available for all regions.
You can configure Sensitive Data Protection to detect specific client-provided metadata. For more information, see Create a custom metadata label detector.
]]>The Data Boundary for IRS 1075 supports the following products:
The US Data Boundary for Healthcare and Life Sciences and US Data Boundary for Healthcare and Life Sciences with Support support the following products:
The Data Boundary for ITAR supports the following products:
Cloud Composer 2 environments can no longer be created in Melbourne (australia-southeast2). We're switching this region to supporting only Cloud Composer 3 environments. Existing Cloud Composer 2 environments in this region aren't affected by this change.
A new Cloud Composer release has started on March 27, 2026. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.
(Airflow 3.1.7) Starting from version composer-3-airflow-3.1.7-build.1, Airflow workers no longer have direct access to the Airflow database of your environment.
This feature was announced previously and has finished gradually rolling out to all regions supported by Cloud Composer 3.
New Airflow builds are available in Cloud Composer 3:
New images are available in Cloud Composer 2:
The following Cloud Composer versions and builds have reached their end of support period: composer-3-airflow-2.9.3-build.19 and composer-2.12.0-*.
A vulnerability (CVE-2026-23268) about CrackArmor was discovered and has been addressed. For more information, see the GCP-2026-015 security bulletin.
Custom splitter model
pretrained-splitter-v1.5-2025-07-14 is available in
General Availability (GA).
The following issues were fixed in 1.33.600-gke.40:
The following issues were fixed in 1.32.1000-gke.57:
gkectl upgrade admin command after a
previous failure could fail with "AlreadyExists" errors in the bootstrap cluster.
Google Distributed Cloud (software only) for VMware 1.32.1000-gke.57 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud 1.32.1000-gke.57 runs on Kubernetes v1.32.13-gke.1000.
If you are using a third-party storage vendor, check the Google Distributed Cloud-ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
Google Distributed Cloud (software only) for VMware 1.33.600-gke.40 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud 1.33.600-gke.40 runs on Kubernetes 1.33.5-gke.2200.
If you are using a third-party storage vendor, check the Google Distributed Cloud-ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
The following issues were fixed in 1.32.1000-gke.57:
RecentFailures field
in the cluster status. This change provides a centralized location for viewing
errors from both worker node pools and control plane nodes, improving the
troubleshooting and debugging experience.
kubectl top, Horizontal Pod Autoscaling (HPA), and Vertical Pod Autoscaling
(VPA)—could fail with TLS verification errors during CA rotation.
Google Distributed Cloud (software only) for bare metal 1.32.1000-gke.57 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.32.1000-gke.57 runs on Kubernetes v1.32.13-gke.1000.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Google Distributed Cloud-ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Risk Engine has launched enhanced heuristics to help identify default high-value resources.
If you are using the default high-value resource set, you might observe changes in the exposure scores of their findings, resources, and issues. For information about these changes, see Default high-value resource set.
reCAPTCHA Mobile SDK v18.9.0-beta02 is available for Android. This version includes the following:
Upgraded the Open Telemetry image from v0.127.0 to v0.133.0 to pick up vulnerability fixes. This change promotes the pkg.translator.prometheus.NormalizeName feature gate to stable.
To understand the changes in each release, review the full changelog for opentelemetry-collector-contrib.
Addressed multiple Common Vulnerabilities and Exposures (CVEs) by updating dependencies.
Upgraded bundled Helm version from v3.18.6 to v3.20.0 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.
On March 26th, 2026, we released an updated version of Apigee (1-17-0-apigee-6).
| Bug ID | Description |
|---|---|
| 495897297, 495909767 | Security fix for Apigee infrastructure. This addresses the following vulnerabilities: |
| Bug ID | Description |
|---|---|
| N/A | Updates to infrastructure and libraries. |
You can now use
Cloud resource connections with EXPORT DATA statements
to reverse ETL BigQuery data to Spanner. This
feature is
generally available (GA).
MySQL 8.0.44 is now the default minor version for Cloud SQL for MySQL 8.0.
For more information about minor version support in Cloud SQL for MySQL, see MySQL 8.0.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.67 | v27.5.1 | v2.2.2 | See List |
Added support for the Lustre 2.14.0_p249 drivers.
Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.
Added support for loading the ublk kernel module.
Fixed an ek-cpu-balloon bug which would result in CPUs being underreported on ek machines with SMT enabled.
Upgraded app-admin/google-osconfig-agent to v20260119.00.
Fixed CVE-2025-71265 in the Linux kernel.
Fixed CVE-2025-71266 in the Linux kernel.
Fixed CVE-2025-71267 in the Linux kernel.
Fixed CVE-2025-71268 in the Linux kernel.
Fixed CVE-2026-23069 in the Linux kernel.
Fixed CVE-2026-23083 in the Linux kernel.
Fixed CVE-2026-23085 in the Linux kernel.
Fixed CVE-2026-23086 in the Linux kernel.
Fixed CVE-2026-23095 in the Linux kernel.
Fixed CVE-2026-23097 in the Linux kernel.
Fixed CVE-2026-23099 in the Linux kernel.
Fixed CVE-2026-23103 in the Linux kernel.
Fixed CVE-2026-23105 in the Linux kernel.
Fixed CVE-2026-23107 in the Linux kernel.
Fixed CVE-2026-23110 in the Linux kernel.
Fixed CVE-2026-23243 in the Linux kernel.
Fixed CVE-2026-23254 in the Linux kernel.
Fixed CVE-2026-23262 in the Linux kernel.
Fixed KCTF-329f0b9 in the Linux kernel.
Fixed KCTF-c9bc175 in the Linux kernel.
Updated dev-libs/openssl to v3.5.5. This resolves CVE-2025-15467.
Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.
Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.123 | v24.0.9 | v1.7.29 | See List |
Added support for the Lustre 2.14.0_p249 drivers.
Added support for loading the ublk kernel module.
Updated cos-gpu-installer to v2.6.1.
Upgraded app-admin/google-osconfig-agent to v20260119.00.
Upgraded sys-apps/file to v5.47-r1.
Fixed CVE-2026-23231 in the Linux kernel.
Fixed CVE-2026-23243 in the Linux kernel.
Fixed CVE-2026-23254 in the Linux kernel.
Fixed CVE-2026-27459 in dev-python/pyopenssl.
Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.
Fixed KCTF-329f0b9 in the Linux kernel.
You can use the Error Reporting API MCP server to let agents and AI applications interact with your error data. This feature is in Preview.
Gemini Enterprise: Chat with files in the Google Drive connector
Gemini Enterprise can analyze content and generate answers from CSV, PDF, PPTX, and XLSX files in the Google Drive connector, eliminating the need to upload these files to the assistant.
This feature is generally available (GA). For more information, see Chat with files in connectors.
As part of Looker 26.6, Conversational Analytics now offers new modes for asking questions. Fast mode allows you to get answers more quickly. Thinking mode allows you to ask more complex questions and test your agent's capabilities.
As part of Looker 26.6, Conversational Analytics will now ask you questions to clarify any ambiguities in your original query.
In addition to the per-instance CA mode, Memorystore for Valkey offers the following new CA modes:
Memorystore for Valkey supports version 1.0 of Bloom filters and JSON documents. This feature is available in Preview.
General availability support for the following integration:
Vertex AI Search: Gemini 3.1 Pro and Gemini 3 Flash for answer generation (Preview)
You can generate answers with the Gemini 3.1 Pro (Preview) and Gemini 3 Flash (Preview) models.
For more information, see Answer generation model versions and lifecycle, Gemini 3.1 Pro, and Gemini 3 Flash.
Vertex AI Search: Gemini 3 Pro (Preview) for answer generation discontinued
The Gemini 3 Pro (Preview) model has been discontinued and is no longer available for answer generation. If you have been using that model, upgrade to the Gemini 3.1 Pro (Preview) model.
For information about available models, see Answer generation model versions and lifecycle.
]]>Database server compatibility with PostgreSQL version 18 is now generally available (GA):
The following AlloyDB AI features are available in Preview:
You can now use the ai.hybrid_search() function, which fuses results from
each search type into a single list using the Reciprocal Rank Fusion (RRF)
algorithm. For more information, see Run hybrid vector similarity search.
AlloyDB supports the rum extension for complex full-text search
operations. The rum extension extends standard GIN indexes by storing
positional information directly in the index. This enables faster phrase
searches and relevance ranking without needing to access the table data. For
more information, see Create and manage a RUM index.
When no major version is specified, AlloyDB for PostgreSQL now defaults to PostgreSQL major version 17 for new clusters.
The Gemini for Google Cloud API (cloudaicompanion.googleapis.com) is now enabled for existing BigQuery projects in the European jurisdiction.
You can now use the BigQuery Migration Service MCP server to perform SQL translation tasks, including translating SQL queries into GoogleSQL syntax, generating DDL statements from SQL input queries, and getting explanations of SQL translations.
This feature is in preview.
In BigQuery Data Transfer Service, you can monitor resource-level status reporting for Hive managed tables to track progress and view granular error details for individual tables. This feature is in preview.
You can use the BigQuery migration assessment for Snowflake to assess the complexity of migrating from Snowflake to BigQuery. This feature is generally available (GA).
Bigtable client for Java has modernized its Admin API. For detailed migration steps and code examples, see Upgrading client libraries.
Cloud Location Finder checks service activation and quota for the project that you're using to run Cloud Location Finder API queries (the client project), not the projects that queries target (the resource project). As a result, you only need to enable the Cloud Location Finder API in your client project.
Deploying services using a Compose file is in General Availability.
Cluster Toolkit version v1.85.0 is available. This release updates the
cloud_dns_config setting in the gke-cluster module to default to KUBE_DNS
(CoreDNS). This version also adds Google Cloud Managed Lustre integration for
Google Kubernetes Engine with the A4X Max machine type.
For more information about this release and other minor changes, see the Release announcement on GitHub.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.68 | v27.5.1 | v2.1.5 | See List |
Added support for the Lustre 2.14.0_p249 drivers.
Added support for loading the ublk kernel module.
Added CPU balloon support for Arm CPUs.
Upgraded app-admin/google-osconfig-agent to v20260119.00.
Upgraded sys-apps/file to v5.47-r1.
Fixed CVE-2025-71265 in the Linux kernel.
Fixed CVE-2025-71266 in the Linux kernel.
Fixed CVE-2025-71267 in the Linux kernel.
Fixed CVE-2025-71268 in the Linux kernel.
Fixed CVE-2026-23243 in the Linux kernel.
Fixed CVE-2026-23254 in the Linux kernel.
Fixed CVE-2026-23262 in the Linux kernel.
Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.
Fixed KCTF-329f0b9 in the Linux kernel.
Fixed KCTF-c9bc175 in the Linux kernel.
Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.
Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.
Runtime sysctl changes:
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.76 | v27.5.1 | v2.2.1 | See List |
Fixed an ek-cpu-balloon bug which would result in CPUs being underreported on ek machines with SMT enabled.
Upgraded dev-db/sqlite to v3.51.3.
Upgraded dev-libs/expat to v2.7.5.
Upgraded virtual/logger to v0-r3.
Fixed CVE-2026-32597 with pyjwt package upgrade to v2.12.1.
Fixed KCTF-329f0b9 in the Linux kernel.
Fixed KCTF-c9bc175 in the Linux kernel.
Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.
Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.
Lyria 3
Lyria is available in public
preview. You can use
lyria-3-pro-preview to generate 184 seconds of audio, or
lyria-3-clip-preview to generate 30 seconds of audio.
For more information, see the following:
Web SDK version 2 will be shut down on June 26, 2026
On June 26, 2025, we announced the launch of Web SDK version 3. Starting on June 26, 2026, the web SDK v2 will no longer function. Be sure to update your website to use the web SDK v3 before that date to avoid breaking your integration with the web SDK. We are no longer adding new features to the web SDK v2.
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following versions are now available for new GKE clusters, and for manual control plane upgrades and node upgrades for existing clusters. For more information about versioning and upgrades, see GKE versioning and support and About GKE cluster upgrades.
This release includes new GKE versions that use updated Container-Optimized OS images. These updated images are cumulative, incorporating security fixes from all Container-Optimized OS versions released since the previous GKE release.
To identify the specific vulnerabilities that were resolved in each updated Container-Optimized OS image, see the Security release notes for that image. The following table includes links to the release notes for each updated Container-Optimized OS image:
| GKE version | Container-Optimized OS version | Details |
|---|---|---|
| 1.30.14-gke.2250000 | cos-117-18613-534-36 | cos-117-18613-534-36 release notes |
| 1.31.14-gke.1634000 | cos-117-18613-534-36 | cos-117-18613-534-36 release notes |
| 1.32.13-gke.1147000 | cos-117-18613-534-24 | cos-117-18613-534-24 release notes |
| 1.33.9-gke.1166000 | cos-121-18867-381-24 | cos-121-18867-381-24 release notes |
To provide more controls over the control plane version upgrade, you can now do the following:
Credential validation for third-party API feed types
Credential validation is now available for all 49 third-party API connectors.
When you create a feed using a third-party API feed type, Google SecOps now automatically validates the provided credentials. This ensures that if credentials are incorrect:
Azure API: Version 3.0
Added predefined widget to the following action:
Microsoft Graph Security: Version 26.0
Added predefined widget to the following action:
Google Cloud IAM: Version 20.0
The following new action has been added:
Siemplify: Version 106.0
The following new action has been added:
Added predefined widget to the following action:
Microsoft Defender ATP: Version 30.0
The following new actions have been added:
Get Machine Recommendations
Get Machine Vulnerabilities
Get User Related Alerts
BitSight: Version 12.0
IIntroduced Light Theme compatibility for the predefined widget of the following action:
RSA NetWitness Platform: Version 16.0
Introduced Light Theme compatibility for the predefined widget of the following action:
CyberArk Credential Provider: Version 3.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Application Password Value
Run CLI Application Password SDK Command
CrowdStrike Falcon: Version 75.0
Added offline queueing support to the following actions:
Execute Command
Run Script
MobileIron: Version 6.0
FireEye HX: Version 22.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Acknowledge Alert Groups
Get Indicator
Anomali ThreatStream: Version 14.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Related Associations
Get Related Entities
HashiCorp Vault: Version 6.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Generate AWS Credentials
List AWS Roles
List Key-Value Secret Keys
Read Key-Value Secret
AWS WAF: Version 11.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Rule Groups
List Web ACLs
Microsoft Graph Security: Version 26.0
Introduced Light Theme compatibility for the predefined widget of the following action:
JoeSandbox: Version 10.0
Introduced Light Theme compatibility for the predefined widget of the following action:
ThreatQ: Version 18.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Attribute
Add Source
Create Adversary
Create Event
Create Indicator
Create Object
Link Objects
Symantec Endpoint Security Complete Cloud: Version 8.0
Introduced Light Theme compatibility for the predefined widget of the following action:
EmailV2: Version 40.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Delete Email
Forward Email
Save Email Attachments To Case
Send Email
Send Thread Reply
Wait for Email from User
Cofense Triage: Version 20.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Tags To Report
Categorize Report
Download Report Email
Download Report Preview
Get Report Reporters
CA Service Desk Manager: Version 26.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Microsoft Defender ATP: Version 30.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Akamai: Version 5.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Activate Client List
Activate Network List
Add Items To Network List
Remove Items From Network List
SSH: Version 20.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Connections
List iptables Rules
List Processes
Run Command
Microsoft Azure Sentinel: Version 62.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Comment to Incident
Create Alert Rule
Create Custom Hunting Rule
Get Alert Rule Details
Get Custom Hunting Rule Details
Get Incident Statistic
Update Alert Rule
Update Custom Hunting Rule
Update Incident Details
Update Incident Details v2
Update Incident Labels
Update Incident Labels v2
Google Cloud Compute: Version 16.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add IP To Firewall Rule
Add Network Tags
Delete Instance
Execute VM Patch Job
Remove IP From Firewall Rule
Remove Network Tags
Start Instance
Stop Instance
Update Firewall Rule
Microsoft Graph Mail Delegated: Version 16.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Forward Email
Save Email to the Case
Send Email
Send Email HTML
Send Thread Reply
Send Vote Email
Wait For Email From User
Wait For Vote Email Results
Extrahop: Version 8.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Palo Alto Cortex XDR: Version 26.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Incident Details
Query
Recorded Future: Version 21.0
Introduced Light Theme compatibility for the predefined widget of the following action:
VSphere: Version 11.0
Introduced Light Theme compatibility for the predefined widget of the following action:
FireEye CM: Version 14.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add IOC Feed
Download Alert Artifacts
Tenable.io: Version 16.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Remote Agent Utilities: Version 7.0
Introduced Light Theme compatibility for the predefined widget of the following action:
FireEye Helix: Version 18.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Archive Search
Get Alert Details
Index Search
Okta: Version 16.0
Office 365 CloudApp Security: Version 25.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add IP To IP Address Range
Create IP Address Range
Remove IP From IP Address Range
Palo Alto Prisma Cloud: Version 6.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Google Cloud Armor: Version 5.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add a Rule to a Security Policy
Create a Security Policy
Update a Security Policy
Redis: Version 8.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add To List
Get List
Carbon Black Response: Version 38.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get FileMod Data For Process
Get Process Tree Data
Microsoft Graph Mail: Version 39.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Forward Email
Save Email to the Case
Send Email
Send Email HTML
Send Thread Reply
Send Vote Email
Wait For Email From User
Wait For Vote Email Results
NessusScanner: Version 12.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Atlassian Confluence Server: Version 5.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Child Pages
Get Page by ID
Get Page Comments
List Pages
Slack: Version 29.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Build Block
Create Channel
Get User Details
Get User Details By Id
Rename Channel
Wait For Reply
Wait For Reply With Webhook
McAfee ATD: Version 16.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Report
Submit File
Symantec ICDX: Version 9.0
McAfee NSM: Version 10.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Cloudflare: Version 7.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Firewall Rule
Create Rule List
Update Firewall Rule
Rapid7 InsightIDR: Version 12.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Saved Query
Set Investigation Assignee
Set Investigation Status
Update Investigation
Exchange Extension Pack: Version 13.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Domains to Exchange-Siemplify Mail Flow Rules
Add Senders to Exchange-Siemplify Mail Flow Rule
Purge Compliance Search Results
Remove Domains from Exchange-Siemplify Mail Flow Rules
Remove Senders from Exchange-Siemplify Mail Flow Rules
Run Compliance Search
CSV: Version 40.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Mandiant ASM: Version 12.0
IIntroduced Light Theme compatibility for the predefined widget of the following action:
Shodan: Version 16.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
DNS Resolve
DNS Reverse
Get Api Info
Google Kubernetes Engine: Version 9.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Operation Status
List Clusters
List Node Pools
List Operations
Set Cluster Addons
Set Cluster Labels
Set Node Autoscaling
Set Node Count
Set Node Pool Management
SiemplifyUtilities: Version 28.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Delete File
Filter JSON
Get Deployment URL
List Operations
Parse EML to JSON
Anomali: Version 14.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Reversinglabs A1000: Version 9.0
Introduced Light Theme compatibility for the predefined widget of the following action:
CyberArk PAM: Version 9.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Jira: Version 55.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Alert Issue
Create Issue
List Issues
Update Issue
Ivanti Endpoint Manager: Version 9.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Execute Query
List Column Set Fields
List Column Sets
List Delivery Methods
List Packages
List Queries
Check Point Firewall: Version 15.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add a SAM Rule
Remove SAM Rule
Run Script
Any.Run: Version 11.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
AnalyzeFile
AnalyzeFileURL
AnalyzeURL
Carbon Black Protection: Version 12.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
LogRhythm: Version 22.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Note To Case
Create Cas
Download Case Files
Update Case
BMC Remedy ITSM: Version 12.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Incident
Create Record
Wait For Incident Fields Update
Wait For Record Fields Update
AlienVault USM Anywhere: Version 35.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Zoho Desk: Version 11.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Comment To Ticket
Create Ticket
Update Ticket
AWS GuardDuty: Version 11.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create a Detector
Create a Trusted IP List
Create Threat Intelligence Set
Get all Trusted IP lists
Get Finding Details
List Detectors
List Findings for a Detector
List Threat Intelligence Sets
AWS Elastic Compute Cloud (EC2): Version 10.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Instances
List Security Groups
Take Snapshot
Cybereason: Version 24.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Malop
List Malop Processes
List Reputation Items
Rapid7 InsightVm: Version 15.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Scan Results
Launch Scan
Cisco AMP: Version 22.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Group
Get File Lists By Policy
Get Groups
Get Policies
Trend Micro Cloud App Security: Version 11.0
Introduced Light Theme compatibility for the predefined widget of the following action:
CiscoUmbrella: Version 18.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Solar Winds Orion: Version 7.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Enrich Endpoint
Execute Entity Query
Execute Query
Tenable Security Center: Version 21.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add IP To IP List Asset
Create IP List Asset
Get Report
Get Scan Results
Run Asset Scan
Gmail: Version 8.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Forward Email
Save Email To The Case
Send Email
Send Thread Reply
FireEye AX: Version 8.0
Introduced Light Theme compatibility for the predefined widget of the following action:
FortiAnalyzer: Version 11.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Comment To Alert
Update Alert
WMI: Version 14.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Google Chat: Version 7.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Send Advanced Message
Send Message
SentinelOneV2: Version 47.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Device Control Rule
Download Threat File
Enrich Endpoint
Get System Status
Update Alert
Update Device Control Rule
Google Translate: Version 6.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Translate Text
List Languages
Exchange: Version 122.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Save Mail Attachments To The Case
Send Mail
Send Thread Reply
Send Vote Mail
Wait for mail from user
Wait for Vote Mail Results
Symantec ATP: Version 12.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Azure API: Version 3.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Tanium: Version 18.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Question
Download File
Get Question Results
Site24x7: Version 6.0
Introduced Light Theme compatibility for the predefined widget of the following action:
ConnectWise: Version 21.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Attachment To Ticket
Get Ticket
Cisco Threat Grid: Version 17.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Zendesk: Version 12.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Ticket Details
Search Tickets
Symantec Endpoint Protection 12: Version 15.0
Introduced Light Theme compatibility for the predefined widget of the following action:
ServiceNow: Version 62.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Comment To Record
Add Parent Incident
Create Alert Incident
Create Incident
Create Record
Get Incident
Get Oauth Token
Get Record Details
Update Incident
Update Record
Wait For Field Update
Wait For Status Update
Cuckoo: Version 13.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Detonate File
Get Report
Sophos: Version 20.0
Introduced Light Theme compatibility for the predefined widget of the following action:
IronPort: Version 15.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get All Recipients By Sender
Get All Recipients By Subject
Get Report
Lastline: Version 8.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Search Analysis History
Submit File
Submit URL
F5 BIG-IP iControl API: Version 7.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add IP To Address List
Add IP To Data Group
Add Port To Port List
Create Address List
Create Data Group
Create iRule
Create Port List
Remove IP From Address List
Remove IP From Data Group
Remove Port From Port List
Update iRule
Palo Alto Panorama: Version 35.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Ips to group
Block ips in policy
Block Urls
Edit Blocked Applications
Get Blocked Applications
Remove Ips from group
Unblock ips in policy
Unblock Urls
Cynet: Version 12.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Hash Query
Remediation Status
Trend Vision One: Version 8.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Execute Email
Update Workbench Alert
MalShare: Version 10.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Tor: Version 9.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Qualys VM: Version 24.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Download Report
List Ips
BMC Helix Remedyforce: Version 17.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Record
Wait For Fields Update
AlienVault USM Appliance: Version 25.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Service Desk Plus: Version 8.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Request
Get Request
Update Request
FireEye NX: Version 11.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Intezer: Version 13.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Alert
Submit Alert
Submit File
Submit Suspicious Email
MISP: Version 37.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Event
Create File Misp Object
Create IP-Port Misp Object
Create network-connection Misp Object
Create Virustotal-Report Object
Download File
Publish Event
Unpublish Event
Upload File
Palo Alto Next Gen Firewall: Version 28.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Ips to group
Block ips in policy
Block Urls
Edit Blocked Applications
Get Blocked Applications
Remove Ips from group
Unblock ips in policy
Unblock Urls
Illusive Networks: Version 6.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Freshworks Freshservice: Version 18.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Agent
Deactivate Agent
Update Agent
Splunk: Version 64.0
Introduced Light Theme compatibility for the predefined widget of the following action:
AlgoSec: Version 7.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Allow IP
Block IP
Wait for Change Request Status Update
Salesforce: Version 17.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Case
Search Records
RSA Archer: Version 14.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Incident Journal Entry
Create Incident
Get Incident Details
Update Incident
QRadar: Version 66.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
QRadar AQL Search
QRadar Simple AQL Search
Update Offense
Mimecast: Version 15.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Sumo Logic Cloud SIEM: Version 12.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Tags To Insight
Add Comment To Insight
Update Insight
ArcSight: Version 45.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Microsoft Teams: Version 35.0
Integration: Updated dependencies.
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Channel
Create Channel
Send Chat Message
Send Message Reply
Wait For Reply
Service Desk Plus V3: Version 8.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Note
Add Note And Wait For Reply
Close Request
Create Alert Request
Create Request
Create Request - Dropdown Lists
Get Request
Update Request
Wait For Field Update
Wait For Status Update
AWS CloudWatch: Version 9.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Log Group
Create Log Stream
Endgame: Version 14.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Falcon Sandbox: Version 20.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Google Cloud Recommender: Version 10.0
Introduced Light Theme compatibility for the predefined widget of the following action:
HTTP Rest API: Version 14.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Data
Post Data
Google Threat Intelligence: Version 13.0
Improved loading for predefined widgets of the following actions:
Enrich Entities
Enrich IOC
Removed the usage of a deprecated API endpoint and the Retrieve AI Summary
parameter from the following action:
IntSights: Version 26.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Credential validation for third-party API feed types
Credential validation is now available for all 49 third-party API connectors.
When you create a feed using a third-party API feed type, Google SecOps now automatically validates the provided credentials. This ensures that if credentials are incorrect:
Looker 26.6 is expected to include the following changes, features, and fixes:
Expected Looker (original) deployment start: Sunday, March 22, 2026
Expected Looker (original) final deployment and download available: Sunday, April 5, 2026
Expected Looker (Google Cloud core) deployment start: Monday, March 23, 2026
Expected Looker (Google Cloud core) final deployment: Friday, April 3, 2026
An issue has been fixed where creating or updating database connections that use OAuth (such as Snowflake or BigQuery) could fail with the error JDBC Parameter Validation Failed. This feature now performs as expected.
When no theme is selected, the Theme picker will now display "Default" rather than "None".
An issue has been fixed where dashboard themes were not applying color collections correctly. This feature now performs as expected.
An issue has been fixed where buttons on dashboards that used the extension framework could unnecessarily add /embed/ to link URLs. This feature now performs as expected.
An issue has been fixed where the font and background color picker was not accessible when you edited visualizations on merge queries. This feature now performs as expected.
An issue has been fixed where opening the Interaction Details dialog on the Historical Analytics Interactions Search dashboard in a new window could result in a 401 error. This feature now performs as expected.
An issue has been fixed where searching for content could return a 500 error. This feature now performs as expected.
An issue has been fixed where pressing Enter to confirm IME composition when writing a message in Conversational Analytics would prematurely submit the message. This feature now performs as expected.
An issue has been fixed where the LookML Assistant could return a 404 error. This feature now performs as expected.
An issue has been fixed where tabs could be automatically added to existing dashboards. This feature now performs as expected.
An issue has been fixed where visualization tooltips on dashboards could use incorrect background or text colors. This feature now performs as expected.
An issue has been fixed where the LookML dashboards folder could fail to display the complete list of LookML dashboards. This feature now performs as expected.
Tabbed dashboards with unsupported layouts will now display a warning message prompting users to update to a new layout.
Include and exclude spoke filters for hybrid spokes are available in public preview.
You can use export filters to control which subnets or routes a spoke can send to the hub. Import filters control which subnets or routes can be accepted by a spoke from the hub.
The Spark Spanner connector supports writing a Spark Dataframe to a Spanner table using the Spark data source API. For more information, see Use the Spark Spanner connector.
]]>You can now use the BigQuery Data Transfer Service remote MCP server to enable AI agents to create, manage, and run data transfers. This feature is in Preview.
You can manage Bigtable tiered storage configuration in the Google Cloud console and view tiered storage metrics in system insights. For more information, see Create and manage tables.
The Telemetry API's supports up to 60,000 metric-ingestion requests per minute per region. The regional quota replaces the global quota. To learn more, see Telemetry API quotas and limits for metric ingestion.
You can use the URL filtering service to filter your workload traffic by using domain and Server Name Indication (SNI) information available in the egress HTTP(S) messages. For more information, see URL filtering service overview. This feature is available in General Availability.
Cloud Router supports named sets in Preview for BGP route policies. Named sets are used to group together expressions of either communities or BGP prefixes, allowing them to be managed or referenced as a single entity. For more information, see BGP route policies overview.
Anywhere Cache has been renamed to Rapid Cache.
The Telemetry API supports trace ingestion of up to 2.4GB per minute for the following regions:
For all other regions, the Telemetry API supports trace ingestion of up to 300 MB per minute.
These regional byte-based quotas replace a global quota which limited the number of requests per minute. To learn more, see Telemetry API limits and quotas.
Generally available: The maximum throughput for a Hyperdisk Balanced High Availability disk is increased to 2,400 MiB/s from 1,200 MiB/s. Hyperdisk Balanced High Availability provides high availability block storage for mission-critical workloads by synchronously replicating data between two zones within a region.
For more information, see Hyperdisk Balanced High Availability overview.
A new Confidential Space image (260300) is available.
New Dataproc on Compute Engine subminor image versions:
Gemini Enterprise: Enhanced filtering for Microsoft OneDrive data stores (Preview)
You can configure filters for your Microsoft OneDrive data stores using either the Google Cloud console or the API. These filters allow you to define exactly which content is accessible to the Assistant by including or excluding specific OneDrive paths.
This feature is in Public Preview. For more information, see Set up a Microsoft OneDrive data store and Add filters to a Microsoft OneDrive data store.
Gemini Enterprise: Get insights with the Data Insights agent (GA with allowlist)
The Data Insights agent is a Made by Google agent that provides insights from your BigQuery data. This feature is available as a GA with allowlist. Contact your Google Cloud sales representative to access this feature.
For more information, see Get insights with the Data Insights agent.
Imagen generation GA endpoints deprecation
The following table describes image generation endpoints that are deprecated and their replacements. We recommend updating your model endpoints before June 30, 2026, to avoid service disruption.
| Discontinued endpoints | Recommended endpoint migration |
|---|---|
imagegeneration@002 |
gemini-2.5-flash-image |
imagegeneration@003 |
gemini-2.5-flash-image |
imagegeneration@004 |
gemini-2.5-flash-image |
imagegeneration@005 |
gemini-2.5-flash-image |
imagegeneration@006 |
gemini-2.5-flash-image |
imagetext@001 |
gemini-2.5-flash-image |
imagen-3.0-capability-001 |
gemini-2.5-flash-image |
imagen-3.0-capability-002 |
gemini-2.5-flash-image |
imagen-3.0-fast-generate-001 |
gemini-2.5-flash-image |
imagen-3.0-generate-001 |
gemini-2.5-flash-image |
imagen-3.0-generate-002 |
gemini-2.5-flash-image |
imagen-4.0-fast-generate-001 |
gemini-2.5-flash-image |
imagen-4.0-generate-001 |
gemini-2.5-flash-image |
imagen-4.0-ultra-generate-001 |
gemini-2.5-flash-image |
Video generation GA endpoints deprecation
The following table describes video generation endpoints that are deprecated and their replacements. We recommend updating your model endpoints before June 30, 2026, to avoid service disruption.
| Discontinued endpoints | Recommended endpoint migration |
|---|---|
veo-3.0-generate-001 |
veo-3.1-generate-001 |
veo-3.0-fast-generate-001 |
veo-3.1-fast-generate-001 |
veo-2.0-generate-001 |
veo-3.1-generate-001 |
Google Cloud CCaaS 4.12
We've released version 4.12 of Google Cloud CCaaS.
The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.
Support for creating chat virtual agents using CX Agent Studio
Contact Center AI Platform supports creating chat virtual agents using Customer Experience Agent Studio (CX Agent Studio). This expands on its existing support for creating voice virtual agents with CX Agent Studio.
For more information, see Create and integrate Customer Experience Agent Studio agents.
Callback fulfillment hours
You can configure callback fulfillment hours, which are the hours when your contact center fulfills callbacks. If you enable callback rollovers to the next day, callbacks that are scheduled outside of these hours are rolled over to the next day. If you don't enable callback rollovers, callbacks that are scheduled outside of these hours are canceled. Callback fulfillment hours aren't available by default. To use this capability, ask your Google contact to turn it on for your instance. For more information, see Callback fulfillment hours.
Improved support for multiple agent matches for agent extension searches
When an end-user inputs an agent extension number at the beginning of a call and there are multiple agent matches, the system now reads agent matches in groups of eight. This gets the end-user to the correct agent faster. We've added the following new extension directory messages to help guide the end-user to the correct agent:
Multiple agents found
Search results next page
End of search results
For more information, see Extension directory messages.
HubSpot lookup against company profiles
HubSpot integrations now support lookups against Company profiles. Administrators can configure primary and secondary lookup objects, allowing the system to search for end-users across both Contacts and Companies to ensure accurate identification during active sessions.
For more information, see HubSpot lookup against company profiles.
HubSpot: Mobile Phone Number Lookup
Admins can now enable mobile phone number lookups for HubSpot integrations to ensure callers are accurately matched with existing contacts. To activate this, navigate to Settings > Developer Settings > CRM and check the Mobile phone number lookup box in the new Phone Number Lookup section. Once enabled, the system will automatically search both the "Phone number" and "Mobile phone number" fields in HubSpot during incoming voice or chat sessions. For more information, see HubSpot mobile phone number lookup.
Improved controls for predictive campaigns
We've added the following controls to predictive campaigns to reduce the risk of call abandonment due to overdialing. These controls let you ramp up dialing rates more naturally and consistently.
Max Calls Per Agent
Target Agent Occupancy
We've also made the Max Abandonment % setting optional, for campaigns that don't require maintaining a maximum abandonment percentage.
Administrators: When you click Campaigns > Add Campaign > Mode > Predictive, the new controls appear in the Add Campaign dialog.
For more information, see Predictive campaigns.
Resume chat endpoint
You can use the new chats/CHAT_ID/resume endpoint to resume chat sessions that
are in dismissed or va_dismissed status. Resumed chat sessions display the
chat history to both the end-user and the agent.
For more information, see Resume a chat.
The following issues were addressed in this release:
Fixed an issue for Zendesk users where using click-to-dial from a private note failed to display existing tickets for outbound calls, forcing agents to create new tickets.
Fixed an issue for Brightspeed users where the CRM link in the agent adapter didn't open during calls or chats.
Fixed an issue where call recordings between agents and end-users didn't upload to Salesforce promptly.
Fixed an issue where agents placing an outbound call couldn't select queues from their parent team.
Fixed an issue where agent status durations continued to accrue even after agents logged out or went offline.
Fixed an issue where web queue redirects didn't work with domains ending in
.today.
Fixed an issue in the Agent dashboard where team names with a forward
slash displayed the HTML character entity (/) instead of the forward
slash.
Fixed an issue where changing agent status after completing wrap-up displayed the wrap-up screen instead of the new status.
Fixed an issue where the default global contact list was missing, despite being enabled, preventing end-users from accessing this directory.
Fixed an issue where virtual agent calls weren't recorded and uploaded to external storage even when call recording was turned on.
Fixed an issue where outbound calls were incorrectly prompting for customer satisfaction (CSAT) feedback when a menu was assigned.
Fixed an issue where the French Canadian translation for "wrap-up" was inconsistent between the chat adapter and notes panel.
Fixed an issue where filtering agents by Team on the Agents tab resulted in significant delays.
Fixed an issue where users were unable to download reports from the virtual agent dashboard and chat history if the requested date range exceeded the storage retention period.
Fixed an issue where SMS, WhatsApp, and AMB queues that were copied from Web or IVR channels incorrectly inherited transfer restrictions, preventing agents from transferring chats.
Fixed an issue where users were unable to upload a key when adding or editing a redaction platform under developer settings.
Fixed an issue where call recording links were not being pushed to HubSpot cases as expected.
Fixed an issue where agents intermittently failed to connect to incoming calls and were immediately disconnected, causing calls to requeue or drop unexpectedly.
Fixed an issue where chat and call queues appeared unavailable for transfers when destination agents reached maximum capacity or were in an unavailable status.
Fixed an issue where toggling the Whisper Announcement or Countdown settings in Automatic Redirection would unintentionally disable the Customize Greetings Announcement option.
Fixed an issue where callback selections made after a virtual agent handover were not accurately reflected in downloadable reports.
Fixed an issue where the Available filter didn't display agents that were available to receive a transfer.
Fixed an issue with Alvaria Workforce integrations where files were rejected due to a random suffix added to the RECORDKEY value.
Fixed an issue where two end-users could be connected simultaneously to a single agent during campaign calls.
Fixed an issue where the inactive chat dismissal timer did not reset after a conversation was escalated from a virtual agent to a live agent queue.
Fixed an issue where transcript metadata files were sometimes stored in the folder for the following day instead of matching the transcript file date, ensuring all metadata and transcript files are now consistently organized by the correct chat end date.
Fixed an issue where agents appeared available but were unable to receive or be re-offered calls due to repeated WebSocket presence updates and connection expirations.
Fixed an issue where Direct Access Points configured with SIP URIs containing spaces or non-standard formats failed to route calls correctly.
Fixed an issue where the Agents tab filter in the UJET Portal displayed "All undefined" and was unclickable, preventing manual agent selection.
Fixed an issue where managers could access queue reports requested by other managers, even if they were not involved in the relevant queues.
Fixed an issue where searching by Location on the Users & Teams page could return agents who no longer matched the search criteria. Search results now accurately reflect current agent locations.
Fixed an issue where users did not see a message indicating that no time slots were available when selecting a queue with no available time slots.
Fixed an issue where the fetch time slots endpoint incorrectly included non-working days when calculating available future time slots.
Fixed an issue where call recordings failed to convert from MP3 to WAV, preventing playback in Call Quality Assurance tools that require WAV format.
Fixed an issue where, after a warm call transfer, if Agent 1 left the call and Agent 2 resumed the conversation, there was no audio between Agent 2 and the end user.
Fixed a 500 Internal Server Error that occurred when administrators tried to add a new language (for example, Danish) under the "Languages and Message" settings. This error prevented the language from being added to the list.
Fixed an issue where the chat widget landmark was missing an accessible label. The chat widget now includes an aria-label matching the chat button label.
We have updated the session metadata to provide a strict distinction between Escalations and Transfers. This ensures that reporting accurately reflects the business context of how a session moves between resources. The session metadata will now categorize these events as follows:
Escalation: Recorded only when a Virtual Agent transfers a session to a Human Agent.
Transfer: Recorded for all other routing scenarios, including:
Human Agent > Human Agent
Virtual Agent > Virtual Agent (Support or Task)
Human Agent > Virtual Agent
Fixed an issue where updating a contact's mobile phone number during an interaction would incorrectly overwrite the existing phone number field.
Fixed an issue where chats that ended due to end user timeout or disconnection were incorrectly shown as "undefined" in the Interaction Outcome column of platform reports.
Fixed an issue in WFM data where the handle count was showing incorrect information if a chat spanned multiple intervals.
Fixed a data discrepancy in NICE WFM interval reports where chat metrics (specifically ContactsReceived and HandledLong) were incorrectly showing activity during time intervals where no chats actually occurred.
Fixed an issue where calls transferred using warm transfer to another queue were incorrectly deflected due to overcapacity, resulting in a cold transfer instead.
Fixed an issue where agents with multiple custom roles were incorrectly prevented from changing to certain statuses due to role restriction logic.
Fixed an issue where changing the "Custom After Hours Deflection" setting in queue configuration would incorrectly reset wrap up settings from "Queue" to "Global."
Fixed an issue where users with custom roles and correct permissions for Queues were unable to add teams.
Fixed an issue where the right-side columns on the outbound phone numbers page were not visible and could not be accessed when the browser window was too small.
Fixed a web SDK issue where the chat modal on Android Chrome was not recognized by screen readers due to a missing dialog role.
Fixed a web SDK issue where elements behind the Text size menu overlay were focusable, ensuring that keyboard focus now remains on the Text size menu until it is dismissed by the user.
Fixed a web SDK issue where the "Request a call" option in the chat widget was not accessible to screen reader or keyboard-only users.
Fixed an issue where agents were incorrectly presented with a manual "Answer" button and placed in "Missed Call" status after a single missed Deltacast, even when auto answer was enabled.
Fixed an issue where transferring a direct outbound call to a queue could fail with a "Not Found" error, even when the target menu and agents were available.
Fixed an issue where the disposition list was not displaying in the configured custom order and instead appeared alphabetically in both Agent Desktop and standard Agent Adapter.
Fixed an issue where the user inactivity timeout setting did not consistently log out users as configured.
Fixed an issue where queue channels and menu options would intermittently disappear or fail to load correctly due to delays in feature flag initialization.
Fixed an issue where adding multiple agents to a team would fail if any selected user was already a member, resulting in a vague error and no agents being added.
Fixed an issue in Progressive Campaigns where agents were intermittently connected to two outbound call targets simultaneously. This occurred when a dial attempt terminated immediately but failed to detach from the conference bridge before the next attempt connected.
Fixed an issue where deleting a queue that was the target of an automatic redirection could cause transfer options to fail to load for agents.
Fixed an issue where adding multiple agents to a team would fail if any selected user was already a member, resulting in a vague error and no agents being added.
Fixed the following issues that occurred with dual-channel and segmented call recordings:
Calls escalated from virtual agents weren't being recorded properly.
Recordings of conversations with transferred agents were missing.
Fixed an issue where chats escalated from a virtual agent to a human agent queue were incorrectly set to auto answer.
Fixed an issue where the call recording warning message didn't play for callbacks initiated by virtual agent escalation when the destination queue exceeded capacity.
Fixed an issue where search results in the Directory tab of the Transfer/Add party screen in the call adapter persisted after closing and reopening the screen.
Fixed an issue where the call adapter displayed an error when the Call button was clicked.
Fixed an issue where uploading an automatic-redirection audio recording in one IVR queue caused the recording to incorrectly appear in a different IVR queue.
Fixed an issue where custom agent statuses restricted to specific roles weren't visible to users assigned those roles.
Fixed an issue where contacts added to an outbound campaign using the
/outbound_dialer/campaigns/CAMPAIGN_ID/contacts endpoint weren't dialed.
Fixed an issue where users who authenticated with Single Sign-On (SSO) couldn't update their profiles due to an invalid password error.
Fixed an issue where the queue list on the Settings > Queues page didn't load for instances with a large number of queues.
Fixed an issue where the interaction history in the agent adapter incorrectly displayed as empty.
Fixed an issue where Salesforce account lookup settings couldn't be saved
when selecting the Person Account object and record types.
Fixed an issue in the chat adapter where the Previous Interactions summary displayed duplicate section headings (Customer Satisfaction and Action) and an incorrect section heading (Label).
Fixed an issue where team managers couldn't download agent reports when selecting the All Agents filter.
Fixed an issue where the system didn't record the failure reason when a virtual agent tried to escalate a chat to a human agent outside of operating hours.
Fixed an issue where using the Bulk User Management tool to deactivate users failed.
Fixed an issue where the Monitoring Chat screen displayed chats incorrectly, with misaligned chat bubbles, incorrectly formatted bullets, and missing sender names and timestamps.
Fixed an issue where the Directory screen in the call adapter appeared empty when an agent tried to start an internal call transfer to another agent.
Fixed an issue where agent prioritization for deltacast selection was incorrect.
Fixed an issue that occurred when a human agent didn't respond to a transferred or auto-answered session. The system incorrectly recorded the termination reason as "agent stopped responding" instead of "timeout waiting for agent message".
Fixed a web SDK issue where underscores in text (for example, in email addresses like user_name@example.com) were incorrectly removed in messages to end-users.
Fixed a web SDK issue for iOS users where the Yes and No buttons in the survey request at the end of a chat were hidden.
Agent Assist offers Gemini Enterprise for Customer Experience tools for AI coach in GA. These tools enable virtual agents to connect with external systems to retrieve, update, format, or analyze information.
The following functions are now generally available (GA):
AI.EMBED:
create embeddings from text or image data.AI.SIMILARITY:
compute the semantic similarity between pairs of text, pairs of images, or
across text and images.You can clean, transform, and enrich data from files in Cloud Storage and Google Drive in your BigQuery data preparations. For more information, see Prepare data with Gemini. This feature is generally available (GA).
Billing account permissions now streamline access to Google payments profiles and payments accounts
We've launched a billing IAM permissions update that simplifies
and streamlines Cloud Billing account access to the associated
Google payments profiles and accounts, for users who have the billing.accounts.updatePaymentInfo permission on their
Cloud Billing account.
Prior to this update: While working in the Cloud Billing console, to access and edit the associated Google payments profile and account information, all Cloud Billing account users needed two sets of permissions:
After this permissions update: Cloud Billing account users with
the billing.accounts.updatePaymentInfo permission on the billing account
can access and edit Google payments profile and account information
directly from the Cloud Billing console, without needing additional permissions on the payments profile itself.
This includes users with the
Billing Account Administrator role
(roles/billing.admin) and those granted this permission via a
custom role.
Note that this permissions update applies only to Cloud Billing accounts associated with an Organization (or Business) Google payments profile type. You can verify your account type on the Payment settings page in the Cloud Billing console.
With the billing.accounts.updatePaymentInfo permission on the billing account,
users can do the following:
Billing account users with the billing.accounts.updatePaymentInfo permission
won't have the Manage users or Admin with all permissions level of access
on the Google payments profile. To fully manage a payments
profile and gain
Manage users and Admin permissions, billing account users still require additional
Google payments user permissions
granted on the associated payments profile.
You can now analyze the performance of your deployed applications using the monitoring platform of your choice and automatically trigger actions such as rollbacks. This feature is generally available.
You can now provide user-defined actions using tasks.
This includes deploy hooks,
deployment verification,
analysis, and custom target types.
This feature is
generally available.
Secure tags with a purpose-data attribute specifying a VPC network or an
organization now support VPC networks that are connected using VPC Network
Peering. For more information, see
Secure tags for firewalls.
This feature is available in General Availability.
Preview: The instance flexibility policy of a managed instance group (MIG) lets you override the minimum CPU platform and disk definition that is specified in the MIG's instance template. With these overrides, you can select machine types that run on different CPU platforms and that have different architectures.
For more information, see About instance flexibility in MIGs.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.68 | v27.5.1 | v2.1.5 | See List |
Added support for the Lustre 2.14.0_p249 drivers.
Added CPU balloon support for Arm CPUs.
Upgraded app-admin/google-osconfig-agent to v20260119.00.
Upgraded sys-apps/file to v5.47-r1.
Fixed CVE-2025-71265 in the Linux kernel.
Fixed CVE-2025-71266 in the Linux kernel.
Fixed CVE-2025-71267 in the Linux kernel.
Fixed CVE-2025-71268 in the Linux kernel.
Fixed CVE-2026-23243 in the Linux kernel.
Fixed CVE-2026-23254 in the Linux kernel.
Fixed CVE-2026-23262 in the Linux kernel.
Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.
Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.
Runtime sysctl changes:
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.122 | v27.5.1 | v2.0.7 | See List |
Added support for the Lustre 2.14.0_p249 drivers.
Updated cos-gpu-installer to v2.6.1.
Upgraded app-admin/google-osconfig-agent to v20260119.00.
Upgraded sys-apps/file to v5.47-r1.
Fixed CVE-2025-22026 in the Linux kernel.
Fixed CVE-2025-69647 in binutils-libs.
Fixed CVE-2025-69648 in binutils-libs.
Fixed CVE-2026-23254 in the Linux kernel.
Fixed KCTF-71e99ee in the Linux kernel.
Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.
Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.76 | v27.5.1 | v2.2.1 | See List |
Added support for the Lustre 2.14.0_p249 drivers.
Added support for 8th generation TPU devices.
Upgraded app-admin/google-osconfig-agent to v20260119.00.
Upgraded chromeos-base/google-breakpad to v2026.03.03.162944-r270.
Upgraded dev-libs/expat to v2.7.4.
Upgraded net-firewall/iptables to v1.8.13.
Upgraded sys-apps/file to v5.47-r1.
Fixed KCTF-c9bc175 in the Linux kernel.
Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.
Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.123 | v24.0.9 | v1.7.29 | See List |
Added support for the Lustre 2.14.0_p249 drivers.
Updated cos-gpu-installer to v2.6.1.
Upgraded sys-apps/file to v5.47-r1.
Fixed CVE-2026-23231 in the Linux kernel.
Fixed CVE-2026-23243 in the Linux kernel.
Fixed CVE-2026-23254 in the Linux kernel.
Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.
Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.161 | v24.0.9 | v1.7.27 | See List |
Upgraded sys-apps/file to v5.47-r1.
Fixed CVE-2024-26822 in the Linux kernel.
Fixed CVE-2025-69647 in binutils-libs.
Fixed CVE-2026-23243 in the Linux kernel.
Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.
Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.
Custom classifier models
pretrained-classifier-v1.6-2026-03-09 and pretrained-classifier-v1.6-pro-2026-03-09
are available in Preivew.
Custom splitter models
pretrained-splitter-v1.6-2026-03-09 and pretrained-splitter-v1.6-pro-2026-03-09
are available in Preview.
Regional and Multi-Regional endpoints for the Firestore API are now Generally Available (GA). You can use a Regional or a Multi-Regional endpoint to ensure that your application's requests are transmitted, stored and processed in the same region or multi-region as your database's location.
To learn more, see the Firestore regional endpoints guide.
You can also use Private Service Connect regional endpoints and Private Service Connect backends to connect to the regional and the multi-regional endpoints of the Firestore API.
Regional and Multi-Regional endpoints for the Datastore API are now Generally Available (GA). You can use a Regional or a Multi-Regional endpoint to ensure that your application's requests are transmitted, stored and processed in the same region or multi-region as your database's location.
To learn more, see the Datastore regional endpoints guide.
You can also use Private Service Connect regional endpoints and Private Service Connect backends to connect to the regional and the multi-regional endpoints of the Datastore API.
Gemini Enterprise: Data connector for Docusign (Preview)
You can connect Docusign data stores to Gemini Enterprise.
Support for Docusign data stores is in Public Preview. For more information, see Connect Docusign.
Google Distributed Cloud (software only) for VMware 1.33.600-gke.39 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud 1.33.600-gke.39 runs on Kubernetes v1.33.5-gke.2200.
If you are using a third-party storage vendor, check the Google Distributed Cloud-ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
The following issues were fixed in 1.33.600-gke.39:
gkectl upgrade admin command after a
previous failure could fail with "AlreadyExists" errors in the bootstrap cluster.Google Distributed Cloud (software only) for bare metal 1.33.600-gke.39 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.33.600-gke.39 runs on Kubernetes v1.33.5-gke.2200.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Google Distributed Cloud-ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
The following issues were fixed in 1.33.600-gke.39:
New parser documentation now available
New parser documentation is available to help you ingest and normalize logs from the following sources:
New parser documentation now available
New parser documentation is available to help you ingest and normalize logs from the following sources:
To enhance security, the Looker language SDKs and the Looker API /login endpoint are being modified. They will exclusively accept passing credentials in the HTTP request body and will no longer support using URL query parameters.
Release date: This update is expected to take effect with the Looker 26.18 release in October 2026.
Potential impact: Any scripts or applications currently passing credentials in the URL query parameters in the Looker SDK libraries, or directly calling the /login API endpoint, will fail after this update.
Who is affected: All customers using Looker SDKs, custom scripts, or applications that call the /login API endpoint directly.
Action required:
We have sent a message to your affected customers. However, to help avoid service disruptions, please recommend that they evaluate their environment and take the following actions before October 2026:
Preview stage support for the following integration:
]]>AlloyDB lets you monitor node-level metrics in Google Cloud console and Metrics Explorer to provide detailed troubleshooting guidance for read pools and to identify nodes causing performance regressions. For more information, see System insights metrics reference.
Flex-start VMs and calendar-mode reservations are generally available (GA).
Both consumption options use Dynamic Workload Scheduler pricing, which offers discounts of up to 53% off of on-demand pricing. For more information, see Create and run a job that uses GPUs and Ensure resource availability using VM reservations.
Cloud SQL for MySQL now supports minor version 8.0.45. To upgrade your existing instance to the new minor version, see Upgrade the database minor version.
New Serverless for Apache Spark runtime versions:
Important: Mandatory flag for admin cluster upgrades
If an update or upgrade to advanced admin clusters fails in versions 1.32 and newer, don't delete the external bootstrap cluster from the workstation. The bootstrap cluster contains required information about states that you need to resume the update or upgrade. If an update or upgrade to admin clusters fails, and you re-run gkectl upgrade admin, you must add the flag --reuse-bootstrap-cluster or you can lose critical data.
View Triage and Investigation Agent (TIN) results in the Case Summary
This feature is currently in Preview and is part of a gradual rollout.
You can now view TIN results and verdict summaries directly within the Case Summary view. This integration provides real-time progress updates and automated verdicts for true or false positives without leaving the case.
For more information, see Use Triage and Investigation Agent (TIN) to investigate alerts.
Agentic Automation
This feature is in Public Preview.
You can now use Agentic Automation to embed AI Agents directly into your workflows. This feature lets you integrate AI-driven capabilities into your existing playbooks while staying in charge of critical actions by combining agents with deterministic automation steps.
For more information, see Agentic Automation.
A new version of the Looker mobile app is available for iOS (version 2.2.0) and Android (version 2.0.88). The mobile app now includes the following features and improvements:
Flow Analyzer is generally available (GA).
Flow Analyzer is generally available (GA).
On March 19th, 2026, we began maintenance updates of Apigee instances configured for maintenance windows.
If you set a preferred window for maintenance for your instance, and your instance version is below 1-16-0-apigee-6, your instance will be updated to 1-16-0-apigee-6 within the next seven to 21 days. A notification containing the expected date of upgrade will be sent within the next two business days.
For more information on participating in scheduled maintenance windows, see Maintenance overview and Manage Apigee instance maintenance windows.
You can now use a custom organization policy to allow or deny specific operations on routines. This feature is in preview.
Cloud Composer 2 environments can no longer be created in Berlin (europe-west10) and Dallas (us-south1). We're switching these regions to supporting only Cloud Composer 3 environments. Existing Cloud Composer 2 environments in these regions aren't affected by this change.
(Airflow 3.1.7 in Cloud Composer 3)
The apache-airflow-providers-cncf-kubernetes package was
upgraded to version 10.14.0.
For changes in other packages, see the
preinstalled packages changelog.
New Airflow builds are available in Cloud Composer 3:
New images are available in Cloud Composer 2:
Google Cloud Observability has expanded the supported locations for observability buckets, which store your trace data, to include the following:
For a list of supported locations, see Locations for observability buckets.
You can create alerting policies that monitor the results of your SQL queries. For more information, see Monitor your SQL query results with an alerting policy. This feature is in public preview.
Changed: The following operations on the boot disk of a Compute Engine instance
that has a service account attached require the iam.serviceAccounts.actAs permission
on the service account. In the following list, the boot disk of such an instance is
referred to as the source disk.
If you have already have the Compute Instance Admin (v1)
(roles/compute.instanceAdmin.v1) role and the Service Account User (v1)
(roles/iam.serviceAccountUser) role on the project, no action is required.
Otherwise, ask your administrator to grant you the iam.serviceAccounts.actAs
permission on the service account. For instructions, see
Manage access to other resources.
Spanner now offers AI functions, as a part of machine learning functions, that help you perform semantic operations using Large Language Models (LLMs) in SQL to classify, evaluate, and rank your data:
AI.CLASSIFY:
Classify a natural language input into user-defined categories.AI.IF: Evaluate a
condition described in natural language.AI.SCORE: Rate
natural language input and assign it a score.Database Migration Service for heterogeneous SQL Server migrations now supports failback migration jobs in Preview. Failback migrations let you push CDC updates back to the original SQL Server source from the destination PostgreSQL database after you complete the standard migration. This feature keeps your original source database alive and up to date in case you need to switch your application back to the source SQL Server database. For more information, see the page relevant for your migration scenario:
New Dataproc on Compute Engine subminor image versions:
2.1, 2.2 and 2.3 images.The following issues were fixed in 1.34.200-gke.68:
VSphereMachine remaining in the Creating phase
without actionable error messages.Google Distributed Cloud (software only) for VMware 1.34.200-gke.68 is now available for download. To upgrade, see Upgrade clusters.
Important: There is a mandatory flag for admin cluster upgrades; see the updated entry for March 20, 2026.
Google Distributed Cloud 1.34.200-gke.68 runs on Kubernetes v1.34.3-gke.400.
If you are using a third-party storage vendor, check the Google Distributed Cloud-ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
Google Distributed Cloud (software only) for bare metal 1.34.200-gke.68 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.34.200-gke.68 runs on Kubernetes v1.34.3-gke.400.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Google Distributed Cloud-ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
The following issues were fixed in 1.34.200-gke.68:
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following versions are now available for new GKE clusters, and for manual control plane upgrades and node upgrades for existing clusters. For more information about versioning and upgrades, see GKE versioning and support and About GKE cluster upgrades.
This release includes new GKE versions that use updated Container-Optimized OS images. These updated images are cumulative, incorporating security fixes from all Container-Optimized OS versions released since the previous GKE release.
To identify the specific vulnerabilities that were resolved in each updated Container-Optimized OS image, see the Security release notes for that image. The following table includes links to the release notes for each updated Container-Optimized OS image:
| GKE version | Container-Optimized OS version | Details |
|---|---|---|
| 1.34.5-gke.1153000 | cos-125-19216-220-57 | cos-125-19216-220-57 release notes |
| 1.35.2-gke.1485000 | cos-125-19216-220-57 | cos-125-19216-220-57 release notes |
Bindplane features for Google SecOps general availability
The following Bindplane features that relate to Google SecOps are now in General Availability (GA):
Single sign-on with custom claims role mapping: gives a production-ready way to manage Bindplane access through your identity provider. For more information, see Single Sign-On (Cloud).
SecOps parser validator: validates that your logs will be parsed correctly by Google SecOps directly from the snapshot view. Get immediate feedback on parsed events or validation errors without waiting for data to appear in Google SecOps. For more information, see Validate SecOps Parser.
Forwarder migration tool: provides production-ready paths to migrate existing forwarder configurations into Bindplane-managed pipelines. For more information, see Migrate Configurations.
Microsoft Graph Mail: Version 37.0
A new predefined widget has been added to following action:
CrowdStrike Falcon: Version 73.0
The following new action has been added:
Endgame: Version 73.0
New predefined widgets have been added to following actions:
Get Endpoints
Get Host Isolation Config
Hunt File
Hunt IP
Hunt Process
Hunt Registry
Hunt User
List Investigations
Microsoft Graph Security: Version 24.0
A new predefined widget has been added to following action:
Azure Security Center: Version 14.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Regulatory Standards
List Regulatory Standard Controls
Zoho Desk: Version 9.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Stellar Cyber Starlight: Version 17.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Advanced Search
Simple Search
Siemplify ThreatFuse: Version 17.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Related Associations
Get Related Domains
Get Related Email Addresses
Get Related Hashes
Get Related IPs
Get Related URLs
Submit Observables
Devo: Version 10.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Advanced Query
Simple Query
AWS CloudWatch: Version 7.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Log Groups
List Log Streams
Search Log Events
ZScaler: Version 11.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Google Workspace: Version 24.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Members To Group
Block Extension
Create Group
Create OU
Create User
Delete Extension
List Group Members
List OU Of Account
List Users
Update OU
Update User
Azure Active Directory: Version 23.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Groups
List Members in the Group
Trend Micro Cloud App Security: Version 9.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Tanium: Version 16.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Task Details
List Connections
Intezer: Version 11.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Detonate File
Detonate Hash
Detonate URL
Get File Report
Get URL Report
Index File
RSA NetWitness: Version 18.0
Introduced Light Theme compatibility for the predefined widget of the following action:
MongoDB: Version 8.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Exchange: Version 120.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Block Sender by Message ID
Delete Mail
Download Attachments
Extract EML Data
List Exchange-Siemplify Inbox Rules
Move Mail To Folder
Search Mails
Unblock Sender by Message ID
ThreatQ: Version 16.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Events
List Related Objects
RSA NetWitness Platform: Version 14.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Carbon Black Response: Version 36.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Binary Free Query
Process Free Query
Symantec Endpoint Protection: Version 19.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Report And Enrich
GetReport
ListEndpoints
ListGroups
AlienVault USM Anywhere: Version 33.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Mandiant Digital Threat Monitoring: Version 5.0
Introduced Light Theme compatibility for the predefined widget of the following action:
FireEye CM: Version 12.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Download Custom Rules File
Download Quarantined Email
List IOC Feeds
List Quarantined Emails
Google Threat Intelligence: Version 11.0
Updated is_suspicious and is_risky logic handling in the following
actions:
Enrich Entities
Submit File
Shodan: Version 14.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Search
SearchForExploits
Snowflake: Version 7.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Execute Custom Query
Execute Simple Query
Proofpoint Threat Protection: Version 2.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Allow List Entries
Get Block List Entries
Vectra: Version 11.0
Introduced Light Theme compatibility for the predefined widget of the following action:
MSSQL: Version 18.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Rapid7 InsightVm: Version 13.0
Introduced Light Theme compatibility for the predefined widget of the following action:
ServiceNow: Version 60.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Attachment
Download Attachments
Get Child Incident Details
Get CMDB Record Details
Get User Details
List CMDB Records
List Record Comments
Wait For Comments
CiscoUmbrella: Version 16.0
Introduced Light Theme compatibility for the predefined widget of the following action:
RSA NetWitness EDR: Version 7.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add IP To Blacklist
Add URL To Blacklist
Microsoft 365 Defender: Version 24.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Execute Custom Query
Execute Entity Query
Execute Query
Easy Vista: Version 6.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Sumologic: Version 18.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Symantec Endpoint Security Complete Cloud: Version 6.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Google Rapid Response (GRR): Version 9.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Hunt Details
List Hunts
Start a Hunt
Stop a Hunt
TruSTAR: Version 7.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Related IOCs
Get Related Reports
List Enclaves
FireEye AX: Version 6.0
Introduced Light Theme compatibility for the predefined widget of the following action:
McAfee ATD: Version 14.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Mimecast: Version 13.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Advanced Archive Search
Simple Archive Search
Microsoft Azure Sentinel: Version 60.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Alert Rules
List Custom Hunting Rules
List Incidents
Run Custom Hunting Rule Query
Run KQL Query
ElasticSearch: Version 42.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Advanced ES Search
DSL Search
Simple ES Search
FireEye HX: Version 20.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Alert Group Details
Get Alerts
Get Alerts in Alert Group
Get Indicators
FortiGate: Version 18.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Address Groups
List Policies
CBProtection: Version 10.0
Introduced Light Theme compatibility for the predefined widget of the following action:
BlueLiv: Version 11.0
Introduced Light Theme compatibility for the predefined widget of the following action:
MISP: Version 35.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Attribute
Add Sighting to an Attribute
Add Tag to an Attribute
Add Tag to an Event
Create Url Misp Object
Delete an Attribute
Delete an Event
List Event Objects
List Sightings of an Attribute
Remove Tag from an Attribute
Remove Tag from an Event
Exchange Extension Pack: Version 11.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Fetch Compliance Search Results
List Exchange-Siemplify Mail Flow Rules
Google Cloud Storage: Version 13.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Download an Object From a Bucket
Get a Bucket's Access Control List
List Bucket Objects
List Buckets
Upload an Object To a Bucket
Microsoft Graph Mail Delegated: Version 14.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Delete Email
Download Attachments from Email
Extract Data from Attached EML
Move Email To Folder
Run Microsoft Search Query
Search Emails
Ivanti Endpoint Manager: Version 7.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Execute Task
Scan Endpoints
Akamai: Version 3.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Items To Client List
Get Client Lists
Get Network Lists
Remove Items From Client List
CyberArk PAM: Version 7.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Nozomi Networks: Version 8.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Vulnerabilities
Run a Query
iBoss: Version 12.0
Introduced Light Theme compatibility for the predefined widget of the following action:
FireEye EX: Version 12.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Download Alert Artifacts
Download Quarantined Email
List Quarantined Emails
AWS Security Hub: Version 9.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Insight
Get Insight Details
Mandiant ASM: Version 10.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get ASM Entity Details
Search Issues
Cisco Orbital: Version 17.0
Introduced Light Theme compatibility for the predefined widget of the following action:
IronScales: Version 5.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Incident Details
Get Incident Mitigation Details
Get Mitigation Impersonation Detail
Get Mitigations Per Mailbox
Google Cloud IAM: Version 16.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Role
Create Service Account
Delete Role
List Roles
List Service Accounts
Armis: Version 13.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Attivo: Version 8.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Critical ThreatPath
List Service ThreatPaths
List Vulnerability Hosts
Falcon Sandbox: Version 18.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Analyze File
Analyze File URL
Search
Tenable.io: Version 14.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Vulnerability Details
List Plugin Families
List Policies
List Scanners
Google Chat: Version 5.0
Introduced Light Theme compatibility for the predefined widget of the following action:
IntSights: Version 24.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Jira: Version 53.0
Integration: Added support for service account token based authentication.
Integration: Updated issue object handling.
Introduced Light Theme compatibility for predefined widgets of the following actions:
Download Attachments
Get Issues
List Relation Types
Google BigQuery: Version 16.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Run Custom Query
Run SQL Query
ArcSight: Version 43.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Activelist Entries
Get Query Results
Get Report
Is Value In Activelist Column
Search
Check Point Firewall: Version 13.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Download Log Attachment
List Layers On Site
List Policies On Site
Show Logs
FortiAnalyzer: Version 9.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Microsoft Defender ATP: Version 28.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Isolate Machine Task
Create Run Antivirus Scan Task
Create Stop And Quarantine File Specific Machine Task
Create Unisolate Machine Task
Get Current Task Status
List Alerts
List Indicators
List Machines
Run Advanced Hunting Query
Wait Task Status
Microsoft Teams: Version 33.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Chats
List Teams
List Users
Send Message
Recorded Future: Version 19.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Active Directory: Version 39.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Group Members
Search Active Directory
Cofense Triage: Version 18.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Report Headers
List Categories
List Playbooks
List Reports Related To Threat Indicators
ElasticSearchV7: Version 20.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Advanced ES Search
DSL Search
Simple ES Search
BMC Remedy ITSM: Version 10.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Incident Details
Get Record Details
Cloudflare: Version 5.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add IP To Rule List
List Firewall Rules
OpenSearch: Version 2.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Advanced OS Search
DSL Search
Simple OS Search
Microsoft Graph Mail: Version 37.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Download Attachments from Email
Extract Data from Attached EML
Move Email To Folder
Search Emails
F5 BIG-IP Access Policy Manager: Version 6.0
Introduced Light Theme compatibility for the predefined widget of the following action:
McAfee Mvision EPO: Version 9.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Endpoints In Group
List Groups
List Tags
Palo Alto Cortex XDR: Version 24.0
Introduced Light Theme compatibility for the predefined widget of the following action:
XForce: Version 17.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Okta: Version 14.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Microsoft Intune: Version 6.0
Introduced Light Theme compatibility for the predefined widget of the following action:
F5 BIG-IP iControl API: Version 5.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Address Lists
List Data Groups
List Port Lists
List iRules
AppSheet: Version 4.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Record
Delete Record
List Tables
Search Records
Update Record
McAfee ESM: Version 44.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Send Advanced Query To ESM
Send Query To ESM
Google Cloud Recommender: Version 8.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Recommendation
List Recommendations
Update Recommendation
Any.Run: Version 9.0
Introduced Light Theme compatibility for the predefined widget of the following action:
FireEye Helix: Version 16.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Lists
Get List Items
Area1: Version 7.0
Introduced Light Theme compatibility for the predefined widget of the following action:
ExabeamAdvancedAnalytics: Version 8.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Comments To Entity
Create Watchlist
List Watchlist Items
List Watchlists
Azure Monitor: Version 2.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Rapid7 InsightIDR: Version 10.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Investigations
List Saved Queries
Run Saved Query
Amazon Macie: Version 8.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Custom Data Identifier
List Findings
AWS IAM Access Analyzer: Version 8.0
Introduced Light Theme compatibility for the predefined widget of the following action:
ProofPoint TAP: Version 13.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
DecodeURL
Get Threat Forensics
GetCampaign
List Campaigns
Search Events
Splunk: Version 62.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Execute Entity Query
SplunkQuery
LogPoint: Version 18.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Execute Entity Query
Execute Query
List Repos
BitSight: Version 10.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Company Highlights
List Company Vulnerabilities
WMI: Version 12.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
ListServices
ListUsers
RunQuery
AWS Identity and Access Management (IAM): Version .0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create a Group
Create a Policy
Create a User
List Groups
List Policies
List Users
Fortinet FortiSIEM: Version 8.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Execute Custom Query
Execute Simple Query
Humio: Version 7.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Execute Custom Search
Execute Simple Search
AlgoSec: Version 5.0
Introduced Light Theme compatibility for the predefined widget of the following action:
AWS WAF: Version 9.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create IP Set
Create Regex Pattern Set
Create Rule Group
Create Web ACL
List IP Sets
List Regex Pattern Sets
CA Service Desk Manager: Version 24.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Search Tickets
Sync Ticket History
Freshworks Freshservice: Version 16.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Ticket Time Entry
Add a Ticket Note
Add a Ticket Reply
Create Requester
Create Ticket
List Agents
List Requesters
List Ticket Conversations
List Ticket Time Entries
List Tickets
Update Requester
Update Ticket
Update Ticket Time Entry
BMC Helix RemedyForce: Version 15.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Execute Custom Query
Execute Simple Query
Get Record Details
List Record Types
AWS S3: Version 6.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Download File From Bucket
Get Bucket Policy
List Bucket Objects
List Buckets
Upload File To Bucket
Cybereason: Version 22.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Execute Custom Investigation Search
Execute Simple Investigation Search
List Malop Affected Machines
List Malop Remediations
List Processes
List files
Remediate Malop
SCCM: Version 19.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Netskope: Version 15.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Alerts
List Clients
List Events
Qradar: Version .0
Optimized the caching fetched offenses logic in the following connectors:
Qradar Correlation Events Connector V2
Qradar Offenses Connector
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Rule MITRE Coverage
List Reference Maps
List Reference Maps of Sets
List Reference Sets
List Reference Tables
Lookup for a Key in Reference Map
Lookup for a Key in Reference Map of Sets
Lookup for a Value in Reference Map
Lookup for a Value in Reference Map of Sets
Lookup for a Value in Reference Set
Lookup for a Value in Reference Tables
Google Cloud Compute: Version 14.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Labels To Instance
Get Instance IAM Policy
List Instances
Remove External IP Addresses
Set Instance IAM Policy
Cylance: Version 17.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Global List
Get Threats
EmailV2: Version 38.0
Introduced Light Theme compatibility for the predefined widget of the following action:
McAfee EPO: Version 35.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Execute Custom Query
Execute Entity Query
Execute Query By ID
List Queries
List Tasks
ArcSight Logger: Version 10.0
Introduced Light Theme compatibility for the predefined widget of the following action:
SonicWall-Beta: Version 7.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Address Groups
List URI Groups
List URI Lists
VSphere: Version 9.0
Introduced Light Theme compatibility for the predefined widget of the following action:
SiemplifyUtilities: Version 26.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Export Entities as OpenIOC File
Extract Top From JSON
Office 365 CloudApp Security: Version 23.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Enrich Entities
List Files
Salesforce: Version 15.0
Introduced Light Theme compatibility for the predefined widget of the following action:
AWS Elastic Compute Cloud (EC2): Version 8.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Start Instance
Stop Instance
Terminate Instance
McAfee Mvision ePO V2: Version 6.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
List Devices
List Tags
Anomali ThreatStream: Version 12.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Automox: Version 6.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Microsoft Graph Security: Version 24.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Qualys VM: Version 22.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Download Vm Scan Results
Launch VM Scan And Fetch Results
List Groups
List Reports
List Scans
Cloud Logging: Version 4.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Cisco ISE: Version 14.0
Introduced Light Theme compatibility for the predefined widget of the following action:
SentinelOneV2: Version 45.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Create Path Exclusion Record
Get Blacklist
Get Deep Visibility Query Result
Get Site Agents
Get Threats
Initiate Deep Visibility Query
List Sites
Mark as Threat
Mitigate Threat
Resolve Threat
Palo Alto Panorama: Version 33.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Correlated Traffic Between IPs
Search logs
Cisco AMP: Version 20.0
Introduced Light Theme compatibility for the predefined widget of the following action:
Slack: Version 27.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Get Channel Or User Conversation History
List Channels
List Users
Send Interactive Message
LogRhythm: Version 20.0
Introduced Light Theme compatibility for predefined widgets of the following actions:
Add Alarm To Case
Attach File To Case
Get Alarm Details
List Case Evidence
Bindplane features for Google SecOps general availability
The following Bindplane features that relate to Google SecOps are now in General Availability (GA):
Single sign-on with custom claims role mapping: gives a production-ready way to manage Bindplane access through your identity provider. For more information, see Single Sign-On (Cloud).
SecOps parser validator: validates that your logs will be parsed correctly by Google SecOps directly from the snapshot view. Get immediate feedback on parsed events or validation errors without waiting for data to appear in Google SecOps. For more information, see Validate SecOps Parser.
Forwarder migration tool: provides production-ready paths to migrate existing forwarder configurations into Bindplane-managed pipelines. For more information, see Migrate Configurations.
You can deploy instances in the asia-southeast3 (Bangkok)
region.
You can deploy instances in the asia-southeast3 (Bangkok)
region.
You can use the Google Cloud console to find and set maintenance windows and perform self-service maintenance on instances. This feature is Generally Available.
You can update a service attachment's target service without recreating the service attachment. Consumer connections are preserved during the update, but traffic is briefly disrupted. This feature is available in General Availability.
For more information, including a list of supported configurations, see Service mutability.
]]>On March 17, 2026 we released an updated version of Advanced API Security abuse detection
VPC-SC support in abuse detection
This release includes full support in Advanced API Security abuse detection for VPC-SC customers. This includes support for VPC-SC with the Advanced Anomaly Detection ML model used for abuse detection, as well as detection exclusion lists.
For usage information, see Abuse detection in the documentation.
On March 17th, 2026, we released an updated version of Apigee (1-17-0-apigee-5).
| Bug ID | Description |
|---|---|
| N/A | Updates to infrastructure and libraries. |
Support for Ruby 4.0 runtime is in General Availability.
Support for Ruby 4.0 runtime is in General Availability.
In BigQuery ML, you can now automatically deploy open models to Vertex AI endpoints. Automatically deployed models offer the following benefits:
This feature is generally available (GA).
(Airflow 3.1.7) Starting from version composer-3-airflow-3.1.7-build.1, Airflow workers no longer have direct access to the Airflow database of your environment.
This change follows the architectural and security improvements introduced in the community version of Airflow 3.0. For more information about an alternative way to export and access the data stored in the Airflow database, see Access the Airflow database.
This change is gradually rolled out to all regions supported by Cloud Composer 3.
(Airflow 3.1.7 in Cloud Composer 3)
The apache-airflow-providers-google package was upgraded to version 20.0.0.
For more information about changes, see the
apache-airflow-providers-google changelog.
(Airflow 3.1.7 in Cloud Composer 3)
The apache-airflow-providers-cncf-kubernetes package was
upgraded to version 10.13.0.
For changes in other packages, see the
preinstalled packages changelog.
New Airflow builds are available in Cloud Composer 3:
New images are available in Cloud Composer 2:
The following Cloud Composer versions and builds have reached their end of support period: composer-3-airflow-2.9.3-build.18, composer-3-airflow-2.9.3-build.17, composer-2.11.5-*, and composer-2.11.4-*.
Cloud Data Fusion version 6.11.1.2 is generally available (GA).
This release includes the following changes:
Fixed the triggers panel in the pipeline details page to display the correct triggers count on initial load (CDAP-21230).
Updated the GraphQL query mechanism to cache the pipelines list and fix the long loading screen in the deployed pipelines list page (CDAP-21229).
Support for Ruby 4.0 runtime is in General Availability.
Support for Ruby 4.0 runtime is in General Availability.
Multi-region backup vaults for Cloud SQL enhanced backups are generally available (GA).
This feature lets you store your backup data in multi-region storage locations, providing higher availability and protection against regional outages.
For more information, see Enhanced backups.
Cloud SQL supports cross-project PITR operations for instances protected by backup and DR (GA).
This feature lets you restore a Cloud SQL instance to a project other than the project where either the source instance or the backup vault is located.
For more information, see Perform a cross-project PITR.
You can now cancel an in-place major version upgrade operation during the main upgrade phase, when the upgrade is actually being performed.
For more information, see Cancel the major version upgrade.
Multi-region backup vaults for Cloud SQL enhanced backups are generally available (GA).
This feature lets you store your backup data in multi-region storage locations, providing higher availability and protection against regional outages.
For more information, see Enhanced backups.
Cloud SQL supports cross-project PITR operations for instances protected by backup and DR (GA).
This feature lets you restore a Cloud SQL instance to a project other than the project where either the source instance or the backup vault is located.
For more information, see Perform a cross-project PITR.
Cloud SQL supports cross-project PITR operations for instances protected by backup and DR (GA).
This feature lets you restore a Cloud SQL instance to a project other than the project where either the source instance or the backup vault is located.
For more information, see Perform a cross-project PITR.
Point-in-time recovery (PITR) default enablement behavior has changed:
For more information, see Configure point-in-time recovery (PITR).
Multi-region backup vaults for Cloud SQL enhanced backups are generally available (GA).
This feature lets you store your backup data in multi-region storage locations, providing higher availability and protection against regional outages.
For more information, see Enhanced backups.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.67 | v27.5.1 | v2.2.2 | See List |
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.76 | v27.5.1 | v2.2.1 | See List |
Added support for the Lustre 2.14.0_p246 drivers.
Added support for the Lustre 2.14.0_p246 drivers.
Fixed the "CrackArmor" vulnerability in the Linux kernel.
Fixed the "CrackArmor" vulnerability in the Linux kernel.
/dev/hugepages is now mounted with the noexec option.
/dev/hugepages is now mounted with the noexec option.
Updated cos-gpu-installer to v2.6.0.
/run is now mounted with the noexec option.
Updated the Linux kernel to v6.12.76.
Updated cos-gpu-installer to v2.6.0.
Upgraded CASFS to v0.1.2.
Upgraded CASFS to v0.1.2.
Switched to using systemd-resolved stub resolver by default, which fixes DNS caching issues.
Upgraded app-containers/containerd to v2.2.2.
Added support for larger ring sizes for the GVNIC driver in DQO-QPL mode.
Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.
Added support for larger ring sizes for the GVNIC driver in DQO-QPL mode.
Fixed a kernel bug which could cause traffic drops after NIC resets.
Updated cos-gpu-installer to v2.6.1.
Enabled buffer overflow detection for kernel str/mem functions.
Upgraded app-admin/sosreport to v4.11.0.
Fixed a kernel bug which could cause traffic drops after NIC resets.
Upgraded dev-util/gn to v2331.
Fixed performance and efficiency issues in TCPX through optimized netmem handling and scatter-gather list coalescing for large memory mappings.
Upgraded net-misc/socat to v1.8.1.1.
Upgraded sys-apps/acl to v2.3.2-r3.
Upgraded sys-apps/file to v5.47.
Updated cos-gpu-installer to v2.6.1.
Upgraded the galog version to v0.0.0-20250924170816-9dbf105986f4 in google-guest-agent to fix an issue with high CPU consumption.
Upgraded dev-utils/gdbus-codegen to v2.86.3.
Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.
Upgraded app-admin/fluent-bit to v4.2.3.1.
Upgraded app-admin/sosreport to v4.11.0.
Upgraded dev-util/gdbus-codegen to v2.86.3.
Upgraded the galog version to v0.0.0-20250924170816-9dbf105986f4 in google-guest-agent to fix an issue with high CPU consumption.
Fixed CVE-2026-23229 in the Linux kernel.
Fixed CVE-2026-23230 in the Linux kernel.
Fixed CVE-2026-23240 in the Linux kernel.
Fixed a packet header clobbering issue in the IDPF driver occurring when SWIOTLB and header split are enabled.
Fixed KCTF-71e99ee in the Linux kernel.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.122 | v27.5.1 | v2.0.7 | See List |
Fixed CVE-2025-38162 in the Linux kernel.
Fixed CVE-2025-38201 in the Linux kernel.
Fixed CVE-2026-23102 in the Linux kernel.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.123 | v24.0.9 | v1.7.29 | See List |
Fixed CVE-2025-38162 in the Linux kernel.
Fixed CVE-2025-38162 in the Linux kernel.
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.161 | v24.0.9 | v1.7.27 | See List |
Fixed CVE-2026-23054 in the Linux kernel.
Fixed KCTF-71e99ee in the Linux kernel.
Gemini Enterprise: Grace period for license deactivation
To ensure a smooth transition and prevent service interruptions when a subscription ends early, we've introduced a one-week (seven days) grace period. During this time, you can continue to use the service while you transition to a new subscription.
This feature is generally available (GA). For more information, see Handle early termination.
Unified Feature Role-based Access Control (RBAC) is now in General Availability (GA). This enables administrators to manage feature access control for Google SecOps including SOAR by leveraging Google Cloud IAM instead of managing it separately for SIEM and SOAR.
You can enable it by migrating the legacy SOAR permission groups and permissions to Google Cloud IAM through a self-service migration available from January 26, 2026. Please check the documentation and video for full instructions.
This update is available to all customers who have completed Stage 1 of the SOAR migration to Google Cloud.
SOAR Permission Groups migration to Google Cloud IAM is now in General Availability (GA). You can now leverage Google Cloud IAM for precise, granular feature access, moving away from legacy permission groups.
You can enable it by migrating the legacy SOAR permission groups and permissions to Google Cloud IAM through a self-service migration available from January 26, 2026. Please check the documentation and video for full instructions.
This update is available to all customers who have completed Stage 1 of the SOAR migration to Google Cloud.
As part of Looker 26.4, the following features will begin rolling out on March 17, 2026.
Looker Connections Settings page has a new option, Disable Connection, that allows a Looker admin to disable a connection in cases where there are downstream issues with the database, instead of killing queries manually or allowing queries to remain in the query queue. When the connection is disabled, Looker will not send queries to the database and will return an error message to users.
The Visualization Assistant, which lets you customize formatting options for Looker visualizations in natural language with Gemini assistance, is now generally available. This assistant can be enabled by turning on the Gemini in Looker and Looker Assistants settings on the Gemini in Looker page in the Platform section of the Admin panel.
The Self-service Explores feature is now generally available.
In addition, if your Looker admin has enabled your Looker instance to support OAuth for Google Sheets uploads, the self-service Explores feature supports uploading data from Google Sheets using Google Drive navigation.
The content certification feature is now generally available. In Looker 26.4, the following support has been added:
The Continuous Integration (CI) feature is updated for better integration with the Looker user interface:
The updated Looker Continuous Integration feature includes the following:
Note: This item was updated on March 27, 2026.
The Dashboard Tile Limits preview feature is now available, and is disabled by default.
When enabled, the Dashboard Tile Limits preview feature lets admins set limits to how many query tiles can be added to each tab in a dashboard. Admins can set these limits in the Maximum Query Tiles per tab setting on the Content guardrails admin page.
The Gemini in Looker assistant that helps you generate LookML parameters is now available to enable individually from other Gemini in Looker features. This assistant, which continues to be available in preview, suggests LookML parameters that are based on the natural language prompts that you add to your project files. This assistant can be enabled by turning on the Gemini in Looker and LookML Assistant settings on the Gemini in Looker page in the Platform section of the Admin panel.
The Increased Row Limit preview feature feature is now available, and is disabled by default.
When enabled, the Increased Row Limit preview feature lets admins set row limits up to 50,000 rows or datapoints for map charts, scatterplot charts, and table charts. Admins can set the limits for each visualization type in the Visualization limits setting on the Content guardrails admin page.
Table charts, scatterplot charts, and Google Maps charts that have increased row limits are subject to additional limitations when you download, send, or schedule dashboards in PDF format. See Downloading or delivering dashboards in rendered formats for more information about scheduling and downloading dashboard PDFs with increased row limits.
Note: This item was originally published on March 16, 2026 and was updated on March 17, 2026.
Now available in preview, you can use Gemini in Looker to assist you in writing Looker expressions for table calculations and custom fields. This feature can be enabled by turning on the Expression Assistant setting on the Gemini in Looker page in the Platform section of the Admin panel.
The Enhanced Search preview feature is now available.
When enabled, Enhanced Search helps you find saved content on your instance using Gemini in Looker. Enhanced Search moves beyond keyword matching to interpreting the conceptual meaning of your search queries, letting you search for saved content using business terms or analytical questions (for example, "total customer acquisition cost").
You can filter your search results to limit them to specific content types, folders, content creators, creation dates, modification dates, and the content certification status.
To enable Gemini in Looker assistance with searching content, you must also enable the Semantic Search setting on the Gemini in Looker page in the Platform section of the Admin panel.
Note: The Semantic Search option will begin rolling out on April 6, 2026. This item was updated on April 2, 2026.
Now available in preview, Gemini in Looker can automatically generate Quick Start analyses for Explores. This feature can be enabled by turning on the AI-assisted Quick Starts setting on the Gemini in Looker page in the Platform section of the Admin panel.
Available in preview, you can now use custom calendars, such as fiscal or retail calendars, for dialects that support it. The custom calendar feature lets your Looker developers create a LookML model of a custom calendar table in your database and then create custom calendar dimension groups that use the custom calendar. Your end users can then create Explore queries using the custom calendar dimension timeframes.
In addition, your LookML developers can create period-over-period measures based on custom calendar dimension groups.
Note: This item was updated on March 19, 2026.
Conversational Analytics now offers new modes for asking questions. Fast mode allows you to get answers more quickly. Thinking mode allows you to ask more complex questions and test your agent's capabilities. (Note: Question modes are not yet available. This release note was updated on March 24, 2026.)
The simulate maintenance event feature for Memorystore for Valkey is Generally Available.
You can now deploy instances in the asia-southeast3 (Bangkok), europe-north2
(Stockholm), and northamerica-south1 (Mexico)
regions.
AlloyDB now supports the 2 vCPU C4A machine type (c4a-highmem-2-lssd),
which is powered by Google Axion, Google's custom Arm-based processor.
This expansion provides a smaller entry point and more flexibility for
scaling your production workloads using Axion-based instances. For more information,
see Choose an AlloyDB machine type.
AlloyDB enhanced backups are generally available (GA). You can now select the Enhanced tier during cluster creation, manage your project-level backups with tiered tabs, and delete an enhanced backup. For more information, see Manage enhanced backups.
BigQuery now lets you configure a global default location. This setting is used if the location isn't set or can't be inferred from the request. You can set the default location at the organization or project level.
This feature is generally available (GA).
Cloud Build now supports uploading OCI images to Artifact Registry during a build process. OCI artifacts for a build are shown in the following locations:
For more information, see
Store an OCI image in Artifact Registry after your build completes
and the Cloud Build configuration file schema definition for oci.
Support for managing TTL indexes in the MongoDB API.
Stage 2 of the SOAR migration to Google Cloud deadline has been extended from June 30th to September 30th, 2026.
Stage 2 of the SOAR migration to Google Cloud deadline has been extended from June 30th to September 30th, 2026.
Google Cloud's Agent for SAP version 3.12
Version 3.12 of Google Cloud's Agent for SAP is generally available (GA). This version introduces enhancements for SAP workload validation and disk snapshot based recovery for SAP HANA.
For more information, see What's new with Google Cloud's Agent for SAP.
The names of Event Threat Detection rules pertaining to AI control plane have changed.
The Cloud Run Threat Detection rule
Privilege Escalation: Fileless Execution in /dev/shm has been shut
down.
General availability support for the following integration:
VPC Service Controls feature (Status: Preview): VPC Service Controls supports the following identities in ingress and egress rules to allow access to resources protected by a service perimeter:
Agent identities
SPIFFE formats for third-party workforce and workload identities
This feature is available in Preview.
For more information, see Supported identities for ingress and egress rules.
Vertex Explainable AI is deprecated. For details, see Vertex AI deprecations.
]]>The filter query parameter for resourceRecordSets.list is generally available (GA).
You can filter records to match a specified domain using the API.
Release 6.3.80 is being rolled out to the first phase of regions as listed here.
This release contains internal and customer bug fixes.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.68 | v27.5.1 | v2.1.5 | See List |
Fixed the "CrackArmor" vulnerability in the Linux kernel.
Downgraded ek-cpu-balloon driver to version 1.1.0 to address efficiency daemon issues.
Advanced reporting dashboards 4.0
We've released version 4.0 of the advanced reporting dashboards.
Voicemails dashboard
With the Voicemails dashboard, get insights into the volume of voicemails received by your contact center and the performance of your agents in responding to them. This includes the number of voicemails received, the number of voicemails accessed by agents, and the average agent response time. For more information, see Voicemails dashboard.
Queue Performance dashboard
With the Queue Performance - Calls and Queue Performance - Chats dashboards, get performance metrics by queue for your call and chat sessions. This includes queue interaction volume, abandons, handle time, callbacks, sentiment, and CSAT. For more information, see Queue Performance dashboards.
Update to the Virtual agent dashboard for wait-time virtual agent metrics
The Virtual agent dashboard includes the following new tiles to measure the activity of wait-time virtual agents while end-users wait in queue:
Total VA In-Queue Interactions (calls only): the number of calls where wait-time virtual agents were active while end-users were in a queue
Total VA In-Queue Time (calls only): the total time that wait-time virtual agents were active while end-users were in a queue
Avg VA In-Queue Time (calls only): the average time that wait-time virtual agents were active while end-users were in a queue
For more information, see Virtual agent dashboards.
Advanced reporting is available in French Canadian
Advanced reporting dashboards are now available in French Canadian. For more information about configuring your instance for location and language, see Configure location and language.
Improved analytics for Queue Interval and Channel Interval dashboards
We've improved the detailed information available for the Queue Interval and Channel Interval dashboards:
Queue Interval dashboards: Click a bar in the SLA by Interval tile to get historical call or chat queue metrics for that interval.
Channel Interval dashboards: Click a data point on the trend line in the Service Level Trend, AHT Trend, Queue Time Trend, CSAT Trend, or Transfer Trend tile to get historical call or chat queue metrics for that interval.
The following issues were addressed in this release:
Fixed an issue where the Start Time and End Time filters weren't correctly applied to summary metrics on the Agent Performance dashboard and historical reports.
Fixed an issue where calls returned to queues due to agent connectivity or microphone errors didn't appear in the Queued Calls dashboard.
Fixed an issue on the CSAT Dashboard - Calls dashboard where the direction in the Direction filter couldn't be selected.
Fixed an issue in dashboards with a Time Format filter. When users selected Seconds in this filter, single-value tiles displayed decimals instead of whole numbers.
Updated the format of time duration fields in Explores from HH:MM:SS to
MM:SS for durations of less than one hour. For example, 00:10:20 changed
to 10:20.
Fixed an issue where the Total Failed metric incorrectly counted a maximum of one failure per call or chat session.
Fixed time duration fields so that values represent the number of seconds rather than a fraction of a day.
Fixed an issue where the Queue Abandon % tile was missing from the Abandons dashboards.
Fixed an issue on the Failed Sessions dashboards where the Queue Name column of the Historical table and the Queue Name filter weren't appearing.
Fixed an issue where the Time Format filter was missing from dashboards.
In the Real-time Calls, Real-time Chats, Queue Group Performance, and Email dashboards, the naming of fields such as "assigned at", "created at", and "ended at" was improved in the Explores to make them clearer. For example, on the Real-time Chats - Chats Connected dashboard, in the Chat Metrics (Live) Explore, Chat > Started At Date > Date and Chat > Started At Date > Month changed to Chat > Started At > Started At Date and Chat > Started At > Started At Month.
Fixed an issue where the Agent preferences table displayed an incorrect date and timestamp.
Fixed an issue where the Location filter on the All interactions for Chats dashboard didn't display data in some tiles.
Fixed an issue where deactivated users appeared in dashboards.
Fixed an issue where outbound calls that weren't associated with queues appeared in the Queue Performance dashboard.
Fixed performance issues on the Agent Performance dashboard.
Fixed an issue on the Failed Interactions dashboard where the Outbound Phone Numbers filter didn't display any values.
Fixed an issue where the Queue Interactions metric included the short abandons count.
Fixed an issue on the Queue Group Performance - All dashboard where the Locations filter didn't display all values.
Release 6.3.79 is now available for all regions.
]]>On March 13, 2026, we released an updated version of the Apigee UI.
Manage environment-scoped Key Value Maps in the Apigee UI
You can now view, add, edit, and delete environment-scoped Key Value Map (KVM) entries in the Apigee UI. For more information, see Using key value maps.
The Node.js buildpack supports the Bun package manager in Preview. For more information, see Building a Node.js application.
Configuring Identity-Aware Proxy (IAP) directly on Cloud Run to secure your services without the need for load balancers is in General Availability (GA).
You can now enable automatic server certificate rotation for your Cloud SQL instance. This feature is specifically designed for instances utilizing the Certificate Authority Service (CAS). Automatic server certificate rotation helps you maintain high security standards while removing the operational burden of manual rotation.
For more information about enabling automatic server certificate rotation for your instance, see Enable automatic server certificate rotation.
You can now enable automatic server certificate rotation for your Cloud SQL instance. This feature is specifically designed for instances utilizing the Certificate Authority Service (CAS). Automatic server certificate rotation helps you maintain high security standards while removing the operational burden of manual rotation.
For more information about enabling automatic server certificate rotation for your instance, see Enable automatic server certificate rotation.
You can now enable automatic server certificate rotation for your Cloud SQL instance. This feature is specifically designed for instances utilizing the Certificate Authority Service (CAS). Automatic server certificate rotation helps you maintain high security standards while removing the operational burden of manual rotation.
For more information about enabling automatic server certificate rotation for your instance, see Enable automatic server certificate rotation.
New Serverless for Apache Spark runtime versions:
The Hive Metastore versions 1.2.2 and 2.2.0 are deprecated. You can no longer create services with these versions. Existing services will continue to function.
Gemini 3.1 Pro and Gemini 3.0 Flash are now available to Gemini Code Assist users in VS Code and IntelliJ, in Preview. You can use these models for agent mode, chat, and code generation.
Various bug fixes and minor product enhancements.
Gemini 3.1 Pro and Gemini 3.0 Flash are now available to Gemini Code Assist users in VS Code and IntelliJ, in Preview. You can use these models for agent mode, chat, and code generation.
Gemini Enterprise: Enhanced filtering for Microsoft SharePoint data stores (Preview)
You can now configure filters for your Microsoft SharePoint data stores using either the Google Cloud console or the API. These filters allow you to define exactly which content is accessible to the Assistant by including or excluding specific SharePoint sites.
This feature is in Public Preview. For more information, see Connect Microsoft SharePoint Online.
Gemini Enterprise: Search generated images and videos
You can search your generated images and videos in the Gemini Enterprise assistant. You can also search for items directly in the Library.
This feature is generally available (GA). For more information, see Search your Gemini Enterprise content and View, download, and search generated images and videos.
In GKE version 1.35 and later, all organization and cluster administrators can granularly control which privileged Autopilot partner workloads can run in GKE clusters. Additionally, approved customers can authorize and run their own privileged workloads in Autopilot mode by using custom allowlists.
For more information, see About Autopilot privileged workloads.
You can configure custom OAuth clients in Identity-Aware Proxy by using the Google Cloud console; the feature is generally available (GA). You must use custom OAuth clients to do the following:
Configure IAP for users who are outside of an organization.
Customize the OAuth consent screen with custom branding.
Provide default OAuth clients for inherited applications across all IAP-protected resources at the organization or project level.
For more information, see Use custom OAuth clients with IAP.
You can now use the Pub/Sub remote MCP server to manage Pub/Sub resources. You can create, list, get, update, and delete Pub/Sub topics, subscriptions, and snapshots, as well as publish messages to topics.
This feature is in Preview.
The USER_NAME infoType detector is available in all regions. For more information about all built-in infoTypes, see the InfoType detector reference.
| Bug ID | Description |
|---|---|
| 490308770 | Fixed malformed http_proxy and https_proxy strings in Helm templates that occurred when using authenticated outbound proxy configurations. |
| 488417252 | Fixed an issue where the Apigee Operator guardrails pod failed to run on EKS with Workload Identity Federation (WIF) by ensuring it runs as the federated principal rather than the default service account. |
| 485526221 | Removed the deprecated apigee-stackdriver-logging-agent image from the apigee-pull-push.sh tool, resolving image pull failures during automated deployments. |
| 484405364 | Helm chart images with the 1.16.0-hotfix.1 tag are available for download. |
| 482209901 | Added the watch permission to the apigee-manager role to allow the controller to monitor Deployment resources and resolve watch failures in the namespace. |
| 482077193 | Fixed an issue where proxy chaining failed with HTTP 404 route_not_found errors in multi-organization, single-namespace configurations. |
| 481793880 | Fixed a bug in the apigeeorg admission webhook controller that prevented upgrading organizations when monetization was enabled. |
| 479872706 | Resolved an issue that prevented loading API products, apps, and developers after migrating data to Apigee hybrid 1.16.0 in configurations using Workload Identity Federation (WIF) with an HTTP Forward Proxy. |
| 479040521 | Resolved a regression where the apigee-operator-guardrails-sa ServiceAccount was not correctly created on AKS and EKS platforms with Federated Workload Identity enabled. |
On March 12, 2026 we released an update to Apigee hybrid 1.16.0-hotfix.1.
Apply this hotfix with the following steps:
export CHART_REPO=oci://us-docker.pkg.dev/apigee-release/apigee-hybrid-helm-chartsexport CHART_VERSION=1.16.0-hotfix.1helm pull $CHART_REPO/apigee-operator --version $CHART_VERSION --untarhelm pull $CHART_REPO/apigee-datastore --version $CHART_VERSION --untarhelm pull $CHART_REPO/apigee-env --version $CHART_VERSION --untarhelm pull $CHART_REPO/apigee-ingress-manager --version $CHART_VERSION --untarhelm pull $CHART_REPO/apigee-org --version $CHART_VERSION --untarhelm pull $CHART_REPO/apigee-redis --version $CHART_VERSION --untarhelm pull $CHART_REPO/apigee-telemetry --version $CHART_VERSION --untarhelm pull $CHART_REPO/apigee-virtualhost --version $CHART_VERSION --untar
helm upgrade operator apigee-operator/ \ --install \ --namespace APIGEE_NAMESPACE \ --atomic \ -f overrides.yaml \ --dry-run=server
helm upgrade operator apigee-operator/ \ --install \ --namespace APIGEE_NAMESPACE \ --atomic \ -f overrides.yaml
helm upgrade $ORG_NAME apigee-org/ \ --install \ --namespace APIGEE_NAMESPACE \ --atomic \ -f overrides.yaml \ --dry-run=server
helm upgrade $ORG_NAME apigee-org/ \ --install \ --namespace APIGEE_NAMESPACE \ --atomic \ -f overrides.yaml
kubectl -n APIGEE_NAMESPACE get apigeeorg
helm upgrade ENV_RELEASE_NAME apigee-env/ \ --install \ --namespace APIGEE_NAMESPACE \ --atomic \ --set env=$ENV_NAME \ -f overrides.yaml \ --dry-run=server
helm upgrade ENV_RELEASE_NAME apigee-env/ \ --install \ --namespace APIGEE_NAMESPACE \ --atomic \ --set env=$ENV_NAME \ -f overrides.yaml
kubectl -n APIGEE_NAMESPACE get apigeeenv
Support for Go 1.26 runtime is in General Availability.
Support for Go 1.26 runtime is in General Availability.
BigQuery advanced runtime is now enabled as the default runtime for all projects.
The automatic backfill operation performed on a log bucket that has been upgraded to use Log Analytics has been temporarily paused. To manually initiate the backfill operation, contact Cloud Customer Care.
Support for Go 1.26 runtime is in General Availability.
Support for Go 1.26 runtime is in General Availability.
Object uploads that use customer-managed encryption keys (CMEK) now fail if the Cloud Storage service agent lacks the necessary IAM role to decrypt the object. For steps to grant the required role, see Assign a Cloud KMS key to a service agent.
Cluster Toolkit version v1.84.0 is available. This release adds disk type validation in specific zones, updates GKE versioning for GPU direct configurations, and fixes an issue with NCCL test scripts on A3 High instances. For details, see the Release announcement on GitHub.
Gemini Enterprise: Observability settings (Preview)
Gemini Enterprise administrators can enable observability settings to view the following data from your interactions with the assistant in your Gemini Enterprise web app:
This feature is in Public Preview. For more information, see Manage observability settings.
Partner model evaluations
The Gen AI evaluation service supports evaluating partner models, such as Anthropic and Llama models. For more information, see Perform evaluation using the console.
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following versions are now available for new GKE clusters, and for manual control plane upgrades and node upgrades for existing clusters. For more information about versioning and upgrades, see GKE versioning and support and About GKE cluster upgrades.
This release includes new GKE versions that use updated Container-Optimized OS images. These updated images are cumulative, incorporating security fixes from all Container-Optimized OS versions released since the previous GKE release.
To identify the specific vulnerabilities that were resolved in each updated Container-Optimized OS image, see the Security release notes for that image. The following table includes links to the release notes for each updated Container-Optimized OS image:
| GKE version | Container-Optimized OS version | Details |
|---|---|---|
| 1.30.14-gke.2192000 | cos-117-18613-534-15 | cos-117-18613-534-15 release notes |
| 1.31.14-gke.1576000 | cos-117-18613-534-15 | cos-117-18613-534-15 release notes |
| 1.32.13-gke.1059000 | cos-117-18613-534-15 | cos-117-18613-534-15 release notes |
| 1.33.9-gke.1060000 | cos-121-18867-381-14 | cos-121-18867-381-14 release notes |
Manage parser versions
The Manage parser versions feature is in Public Preview for all customers.
Microsoft Azure Sentinel: Version 59.0
The following new job has been added:
Microsoft Azure Sentinel: Version 59.0
Deprecated the following job:
Manage parser versions
The Manage parser versions feature is in Public Preview for all customers.
Looker (Google Cloud core) instances with public or hybrid connections now support IP allowlists, which enhance security by ensuring that only traffic from specified IP addresses can access your instance. To connect to certain Google Cloud services, like Conversational Analytics or Connected Sheets, you can select an option to automatically allowlist the necessary IP ranges for those services. You can configure an IP allowlist for an existing instance by editing it in the Google Cloud console.
This feature will roll out to instances over the next week.
The Granular Dashboard Sizing preview feature is temporarily unavailable for some Looker instances. Any dashboard tiles that were resized during this feature's enablement will revert to Looker's original sizing constraints.
(Note: This release note was added on March 16, 2026.)
]]>On March 11, 2026 we released an updated version of the Apigee hybrid software, v1.15.2.
| Bug ID | Description |
|---|---|
| 469694040 | Fixed an issue where custom Java security policies were intermittently not applied during runtime pod restarts or environment contract updates, which could lead to "Permission denied" errors in Java callouts. |
| Bug ID | Description |
|---|---|
| 471502899, 471173561 | Security fixes for apigee-synchronizer. This addresses the following vulnerabilities: |
| 471502752, 471191392 | Security fixes for apigee-runtime. This addresses the following vulnerabilities: |
| 471502495, 471501875, 471126425 | Security fixes for apigee-mart-server. This addresses the following vulnerabilities: |
| 471016560, 471015664, 471015120 | Security fixes for apigee-hybrid-cassandra. This addresses the following vulnerabilities: |
| 451224723, 451224123 | Security fixes for apigee-fluent-bit. This addresses the following vulnerabilities:
|
| N/A | Security fixes for apigee-asm-ingress. This addresses the following vulnerability: |
| N/A | Security fixes for apigee-asm-istiod. This addresses the following vulnerability: |
| N/A | Security fixes for apigee-connect-agent. This addresses the following vulnerabilities: |
| N/A | Security fixes for apigee-hybrid-cassandra-client. This addresses the following vulnerabilities: |
| N/A | Security fixes for apigee-kube-rbac-proxy. This addresses the following vulnerabilities: |
| N/A | Security fixes for apigee-open-telemetry-collector. This addresses the following vulnerabilities: |
| N/A | Security fixes for apigee-open-telemetry-collector:. This addresses the following vulnerability: |
| N/A | Security fixes for apigee-operators. This addresses the following vulnerability: |
| N/A | Security fixes for apigee-prom-prometheus. This addresses the following vulnerabilities: |
| N/A | Security fixes for apigee-prometheus-adapter. This addresses the following vulnerabilities: |
| N/A | Security fixes for apigee-redis. This addresses the following vulnerabilities: |
| N/A | Security fixes for apigee-stackdriver-logging-agent. This addresses the following vulnerabilities: |
| N/A | Security fixes for apigee-udca. This addresses the following vulnerabilities: |
You can now understand and debug BigQuery query performance with a visual mapping of your SQL query in the query execution graph. A heatmap highlights the steps that consume more slot-time. This feature is generally available (GA).
1.28.5-asm.9 is now available for in-cluster Cloud Service Mesh.
This patch release contains fixes for the security vulnerabilities listed in GCP-2026-013 as well as fixes for the following platform CVEs:
| CVE | Proxy | Control Plane | Distroless | CNI | Severity |
|---|---|---|---|---|---|
| CVE-2025-13151 | Yes | Yes | No | Yes | Medium (7.5) |
| CVE-2025-14831 | Yes | Yes | No | Yes | Medium (5.3) |
| CVE-2025-15281 | Yes | Yes | No | Yes | Medium (7.5) |
| CVE-2025-15467 | Yes | Yes | No | Yes | Medium (9.8) |
| CVE-2025-15558 | Yes | Yes | Yes | - | High (8.0) |
| CVE-2025-61726 | Yes | Yes | Yes | Yes | High (7.5) |
| CVE-2025-61728 | Yes | Yes | Yes | Yes | Medium (6.5) |
| CVE-2025-61730 | Yes | Yes | Yes | Yes | Medium (5.3) |
| CVE-2025-61731 | Yes | Yes | Yes | Yes | High (7.8) |
| CVE-2025-61732 | Yes | Yes | Yes | Yes | High (8.6) |
| CVE-2025-68121 | Yes | Yes | Yes | Yes | Critical (10) |
| CVE-2025-68160 | Yes | Yes | No | Yes | Low (4.7) |
| CVE-2025-69418 | Yes | Yes | No | Yes | Low (4.0) |
| CVE-2025-69419 | Yes | Yes | No | Yes | Low (7.4) |
| CVE-2025-69420 | Yes | Yes | Yes | Yes | Low (7.5) |
| CVE-2025-69421 | Yes | Yes | Yes | Yes | Low (7.5) |
| CVE-2025-8277 | Yes | Yes | No | Yes | Low (0) |
| CVE-2025-9820 | Yes | Yes | No | Yes | Low (4) |
| CVE-2026-0861 | Yes | Yes | No | Yes | Medium (8.4) |
| CVE-2026-0915 | Yes | Yes | No | Yes | Medium (7.5) |
| CVE-2026-0964 | Yes | Yes | No | Yes | Medium |
| CVE-2026-0965 | Yes | Yes | No | Yes | Low |
| CVE-2026-0966 | Yes | Yes | No | Yes | Low |
| CVE-2026-0967 | Yes | Yes | No | Yes | Medium |
| CVE-2026-0968 | Yes | Yes | No | Yes | Medium |
| CVE-2026-22795 | Yes | Yes | No | Yes | Low (5.5) |
| CVE-2026-22796 | Yes | Yes | No | Yes | Low (5.3) |
| CVE-2026-24051 | Yes | Yes | Yes | Yes | High (7.0) |
| CVE-2026-25679 | Yes | Yes | Yes | Yes | High (7.5) |
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh. Cloud Service Mesh 1.28.5-asm.9 uses Envoy 1.36.5.
1.27.8-asm.7 is now available for in-cluster Cloud Service Mesh.
This patch release contains fixes for the security vulnerabilities listed in GCP-2026-013 as well as fixes for the following platform CVEs:
| CVE | Proxy | Control Plane | Distroless | CNI | Severity |
|---|---|---|---|---|---|
| CVE-2025-13151 | Yes | Yes | No | Yes | Medium (7.5) |
| CVE-2025-14831 | Yes | Yes | No | Yes | Medium (5.3) |
| CVE-2025-15281 | Yes | Yes | No | Yes | Medium (7.5) |
| CVE-2025-15467 | Yes | Yes | Yes | Yes | Medium (9.8) |
| CVE-2025-15558 | Yes | Yes | Yes | - | High (8.0) |
| CVE-2025-61726 | Yes | Yes | Yes | Yes | High (7.5) |
| CVE-2025-61728 | Yes | Yes | Yes | Yes | Medium (6.5) |
| CVE-2025-61730 | Yes | Yes | Yes | Yes | Medium (5.3) |
| CVE-2025-61731 | Yes | Yes | Yes | Yes | High (7.8) |
| CVE-2025-61732 | Yes | Yes | Yes | Yes | High (8.6) |
| CVE-2025-68121 | Yes | Yes | Yes | Yes | Critical (10) |
| CVE-2025-68160 | Yes | Yes | No | Yes | Low (4.7) |
| CVE-2025-69418 | Yes | Yes | No | Yes | Low (4.0) |
| CVE-2025-69419 | Yes | Yes | No | Yes | Low (7.4) |
| CVE-2025-69420 | Yes | Yes | Yes | Yes | Low (7.5) |
| CVE-2025-69421 | Yes | Yes | Yes | Yes | Low (7.5) |
| CVE-2025-8277 | Yes | Yes | No | Yes | Low (0) |
| CVE-2025-9820 | Yes | Yes | No | Yes | Low (4) |
| CVE-2026-0861 | Yes | Yes | No | Yes | Medium (8.4) |
| CVE-2026-0915 | Yes | Yes | No | Yes | Medium (7.5) |
| CVE-2026-0964 | Yes | Yes | No | Yes | Medium |
| CVE-2026-0965 | Yes | Yes | No | Yes | Low |
| CVE-2026-0966 | Yes | Yes | No | Yes | Low |
| CVE-2026-0967 | Yes | Yes | No | Yes | Medium |
| CVE-2026-0968 | Yes | Yes | No | Yes | Medium |
| CVE-2026-22795 | Yes | Yes | No | Yes | Low (5.5) |
| CVE-2026-22796 | Yes | Yes | No | Yes | Low (5.3) |
| CVE-2026-24051 | Yes | Yes | Yes | Yes | High (7.0) |
| CVE-2026-25679 | Yes | Yes | Yes | Yes | High (7.5) |
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh. Cloud Service Mesh 1.27.8-asm.7 uses Envoy 1.35.9.
The following images are now rolling out for managed Cloud Service Mesh:
These rollouts will preempt those previously announced on February 9, 2026.
Managed Cloud Service Mesh will start using proxy version csm_mesh_proxy.20260304_RC00 for Gateway API on GKE clusters for all channels. This proxy version maps closest to Envoy version 1.37.
These patch releases contain the fixes for the vulnerabilities listed in GCP-2026-013 as well as fixes for the following platform CVEs:
| CVE | Proxy | Control Plane | Distroless | CNI | MDPC | Severity |
|---|---|---|---|---|---|---|
| CVE-2025-61726 | Yes | Yes | Yes | - | - | High (7.5) |
| CVE-2025-61728 | Yes | Yes | Yes | - | - | Medium (6.5) |
| CVE-2025-61730 | Yes | Yes | Yes | - | - | Medium (5.3) |
| CVE-2025-61731 | Yes | Yes | Yes | - | - | High (7.8) |
| CVE-2025-61732 | Yes | Yes | Yes | - | - | High (8.6) |
| CVE-2025-68121 | Yes | Yes | Yes | - | - | Critical (10) |
| CVE-2025-68160 | Yes | Yes | No | - | - | Low (4.7) |
| CVE-2025-69418 | Yes | Yes | No | - | - | Low (4.0) |
| CVE-2025-69419 | Yes | Yes | No | - | - | Low (7.4) |
| CVE-2025-69420 | Yes | Yes | No | - | - | Low (7.5) |
| CVE-2025-69421 | Yes | Yes | No | - | - | Low (7.5) |
| CVE-2025-8277 | - | - | - | Yes | Yes | Low (0) |
| CVE-2025-9820 | - | - | - | Yes | Yes | Low (4.0) |
| CVE-2025-14831 | - | - | - | Yes | Yes | Medium (5.3) |
| CVE-2025-15281 | Yes | Yes | Yes | - | - | Medium (7.5) |
| CVE-2025-15467 | Yes | Yes | No | - | - | Medium (9.8) |
| CVE-2026-0861 | Yes | Yes | No | - | - | Medium (8.4) |
| CVE-2026-0915 | Yes | Yes | No | - | - | Medium (7.5) |
| CVE-2026-0964 | - | - | - | Yes | Yes | Medium |
| CVE-2026-0965 | - | - | - | Yes | Yes | Low |
| CVE-2026-0966 | - | - | - | Yes | Yes | Low |
| CVE-2026-0967 | - | - | - | Yes | Yes | Medium |
| CVE-2026-0968 | - | - | - | Yes | Yes | Medium |
| CVE-2026-22795 | Yes | Yes | No | - | - | Low (5.5) |
| CVE-2026-22796 | Yes | Yes | No | - | - | Low (5.3) |
| CVE-2026-24051 | - | - | - | Yes | Yes | High (7.0) |
| CVE-2026-25679 | Yes | Yes | - | - | - | High (7.5) |
1.26.8-asm.3 is now available for in-cluster Cloud Service Mesh.
This patch release contains fixes for the security vulnerabilities listed in GCP-2026-013 as well as fixes for the following platform CVEs:
| CVE | Proxy | Control Plane | Distroless | CNI | Severity |
|---|---|---|---|---|---|
| CVE-2025-13151 | Yes | Yes | No | Yes | Medium (7.5) |
| CVE-2025-14831 | Yes | Yes | No | Yes | Medium (5.3) |
| CVE-2025-15281 | Yes | Yes | No | Yes | Medium (7.5) |
| CVE-2025-15467 | Yes | Yes | Yes | Yes | Medium (9.8) |
| CVE-2025-15558 | Yes | Yes | Yes | - | High (8.0) |
| CVE-2025-61726 | Yes | Yes | Yes | Yes | High (7.5) |
| CVE-2025-61728 | Yes | Yes | Yes | Yes | Medium (6.5) |
| CVE-2025-61730 | Yes | Yes | Yes | Yes | Medium (5.3) |
| CVE-2025-61731 | Yes | Yes | Yes | Yes | High (7.8) |
| CVE-2025-61732 | Yes | Yes | Yes | Yes | High (8.6) |
| CVE-2025-68121 | Yes | Yes | Yes | Yes | Critical (10) |
| CVE-2025-68160 | Yes | Yes | No | Yes | Low (4.7) |
| CVE-2025-68973 | Yes | Yes | Yes | Yes | High (7.8) |
| CVE-2025-69418 | Yes | Yes | No | Yes | Low (4.0) |
| CVE-2025-69419 | Yes | Yes | No | Yes | Low (7.4) |
| CVE-2025-69420 | Yes | Yes | Yes | Yes | Low (7.5) |
| CVE-2025-69421 | Yes | Yes | Yes | Yes | Low (7.5) |
| CVE-2025-8277 | Yes | Yes | No | Yes | Low (0) |
| CVE-2025-9820 | Yes | Yes | No | Yes | Low (4) |
| CVE-2026-0861 | Yes | Yes | No | Yes | Medium (8.4) |
| CVE-2026-0915 | Yes | Yes | No | Yes | Medium (7.5) |
| CVE-2026-0964 | Yes | Yes | No | Yes | Medium |
| CVE-2026-0965 | Yes | Yes | No | Yes | Low |
| CVE-2026-0966 | Yes | Yes | No | Yes | Low |
| CVE-2026-0967 | Yes | Yes | No | Yes | Medium |
| CVE-2026-0968 | Yes | Yes | No | Yes | Medium |
| CVE-2026-22795 | Yes | Yes | No | Yes | Low (5.5) |
| CVE-2026-22796 | Yes | Yes | No | Yes | Low (5.3) |
| CVE-2026-24051 | Yes | Yes | Yes | Yes | High (7.0) |
| CVE-2026-25679 | Yes | Yes | Yes | Yes | High (7.5) |
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh. Cloud Service Mesh 1.26.8-asm.3 uses Envoy 1.34.13.
To address high-severity kernel vulnerabilities (including CVE-2025-21756 and CVE-2025-38052) in Rocky Linux 8 and 9, updates are available for the Compute Engine images maintained by CIQ. If your VM instances use images dated before September 2025 (version v20250912), you must take action to ensure you continue to receive security patches.
How to determine if your Compute Engine VMs are affected
You are affected if your VM instance uses a Rocky Linux image from an -optimized-gcp or -optimized-gcp-nvidia family with a version date older than v20250912 (for example, rocky-linux-9-optimized-gcp-v20250807). To check your VM's source image, see View VM instance image details. You can view details for these image families in Rocky Linux OS details.
Action required
If your image version is v20250912 or later: Your VM is already configured to use the newer SIG/Cloud Next (SCN) repositories and is receiving security updates. No action is required.
If your image version is older than v20250912: Your VM is configured to use legacy SIG/Cloud repositories that no longer receive regular kernel updates and won't receive future security patches. While running sudo dnf update applies a one-time patch for the vulnerabilities listed, you must manually migrate the VM to the SCN repositories to receive ongoing updates by following the CIQ migration guide.
Dataproc on Compute Engine: The following subminor image versions announced on March 08, 2026 have been rolled back:
Gemini Enterprise: Configure retention period for assistant chats
Gemini Enterprise administrators can configure the retention period for assistant chat history. This feature is generally available (GA). For more information, see Configure the assistant.
Gemini Enterprise: Data connector for Google Chat (Preview)
You can connect Google Chat data stores to Gemini Enterprise.
Support for Google Chat data stores is in Public Preview. For more information, see Connect Google Chat.
Gemini Enterprise: Support for new actions (Preview)
New actions are available for the following data stores:
For a list of actions for these data stores, see Supported actions.
CrowdStrike Falcon: Version 72.0
Updated the handling of Days To Expire in the following action:
Case Federation: Version 7.0
ProofPoint TAP: Version 12.0
Updated input handling in the following action:
Microsoft Teams: Version 32.0
Updated reply handling in the following action:
Introduced Light Theme compatibility for predefined widgets in the following integrations:
CrowdStrike Falcon: Version 72.0
Google Chronicle: Version 79.0
Google Cloud API: Version 8.0
Google Cloud Asset Inventory: Version 13.0
Google Security Command Center: Version 16.0
Google Threat Intelligence: Version 10.0
HTTP v2: Version 13.0
MITRE ATT&CK: Version 17.0
ScreenshotMachine: Version 14.0
Siemplify: Version 104.0
UrlScan.io: Version 28.0
Vertex AI: Version 5.0
VirusTotalV3: Version 38.0
Vmware Carbon Black Cloud: Version 37.0
Beginning in Looker 26.4, customer-hosted Looker instances will use a new LookML parser with optimized performance. This parser is already in use for Looker-hosted instances. For customer-hosted instances on Looker 26.4, if you want to revert to the legacy parser, contact Looker Support for details on how to disable the new parser. The legacy parser will be fully deprecated in Looker 26.6.
Support for version 9.0 of Valkey is Generally Available.
For Exadata Database Service, Oracle Database@Google Cloud adds zone europe-west8-a-r1 (Milan, Italy).
For a list of supported locations, see Supported regions and zones.
The CRIME_STATUS infoType detector is available in Preview. For more information about all infoTypes, see InfoType detector reference.