Support for.NET 10 runtime is inGeneral Availability.

New best practices are available for securing generative AI agents using ModelContext Protocol (MCP) with Google Cloud databases. This guide covers keysecurity measures like least privilege, native database controls, and secureagent design to help you build safer AI applications. For more information, seeBest practices for securing agent interactions with Model Context Protocol.

You can migrate a machine learning feature management workload from Vertex AIFeature Store (Legacy) to a Bigtable instance. For more information, seeMigrate from Vertex AI Feature Store (Legacy) toBigtable.

Support for.NET 10 runtime is inGeneral Availability.

Support for.NET 10 runtime is inGeneral Availability.

Control of MCP use with organization policies is deprecated.After March 17, 2026, organization policies that use thegcp.managed.allowedMCPServices constraint won't work,and you can control MCP use with IAM deny policies.For more information about controlling MCP use, seeControl MCP use with IAM.

After March 17, 2026, when you enable the Cloud SQL Admin API(sqladmin.googleapis.com), the Cloud SQL remote MCP server isenabled automatically.

The Cloud SQL remote MCP server is inPreview.

Control of MCP use with organization policies is deprecated.After March 17, 2026, organization policies that use thegcp.managed.allowedMCPServices constraint won't work,and you can control MCP use with IAM deny policies.For more information about controlling MCP use, seeControl MCP use with IAM.

After March 17, 2026, when you enable the Cloud SQL Admin API(sqladmin.googleapis.com)`, the Cloud SQL remote MCP server isenabled automatically.

The Cloud SQL remote MCP server is inPreview.

Control of MCP use with organization policies is deprecated.After March 17, 2026, organization policies that use thegcp.managed.allowedMCPServices constraint won't work,and you can control MCP use with IAM deny policies.For more information about controlling MCP use, seeControl MCP use with IAM.

After March 17, 2026, when you enable the Cloud SQL Admin API(sqladmin.googleapis.com), the Cloud SQL remote MCP server isenabled automatically.

The Cloud SQL remote MCP server is inPreview.

CNI and managed data plane controller version 1.23.6-asm.28 is rolling out to allrelease channels.

While the managed data plane automatically updates Envoy Proxies by restartingworkloads, you must manually restart any StatefulSets and Jobs.

This patch includes the fix for the following CVEs:

Generally available: You can use Hyperdisk Exapools for large-scaleworkloads, such as AI and machine learning, that require between 500 TiB and 5EiB of block storage and more than 100 GiB/s of concurrent performance in asingle zone. With Hyperdisk Exapools, you purchase storage and performance in bulkand share those resources across as many as 500,000 disks in a single project.

To use Hyperdisk Exapools with your projects,contact your account teamto get access.

To learn more about Hyperdisk Exapools, seeHyperdisk Exapools overview.

Cloud Armorpreconfigured WAF rules support for inspection up to the first 64 kB (either 8 kB, 16 kB, 32 kB, 48 kB, or 64 kB) of therequest body content is Generally Available.

Multiple security vulnerabilities have been identified in the OpenSSL library.The most significant finding is CVE-2025-15467, a critical vulnerability thatmight allow for remote code execution (RCE) or denial of service (DoS) attacksvia network-based vectors.For more information, see theGCP-2026-006 security bulletin.

NewProofpoint Threat Protection integration

CrowdStrike Falcon: Version 70.0

• Deprecated the following actions:

  • Add Incident Comment

  • Update Incident

  • Add Comment to Detection

  • Close Detection

  • Update Detection

• Deprecated the following connectors:

  • CrowdStrike - Detections Connector

  • Crowdstrike - Incidents Connector

Exchange: Version 119.0

• Updated the handling of S/MIME emails sent on MacOS in the followingconnectors:

  • Exchange - Mail Connector v2 with OAuth Authentication

  • Exchange - Mail Connector v2

Google Chronicle: Version 76.0

• Restored the previous JSON result structure for empty result sets in thefollowing action:

  • Execute UDM Query

Palo Alto Cortex XDR: Version 23.0

• Added the ability to provide agents using input parameters in the followingactions:

  • Scan Endpoint

  • Isolate Endpoint

  • Unisolate Endpoint

QRadar: Version 63.0

• Updated the logic for offense processing in the following connectors:

  • Qradar Correlation Events Connector V2

  • Qradar Offenses Connector

Qualys VM: Version 21.0

• Integration: Added the ability to configure theX-Requested-With header.

Cofense Triage: Version 17.0

• Optimized the report processing in the following connector:

  • Cofense Triage - Reports Connector

Cloud Network Insightsis available inPreview.

Cloud Network Insights monitors your network and web application performance acrossmulticloud and hybrid networks and provides visualizationtools to help identify and diagnose network issues.

Contact your Technical Account Manager to request access.

New SAP HANA certifications for OLAP and OLTP workloads

For use with SAP HANA, SAP has certified the following:

• You can use them3-ultramem-128,m4-hypermem-64,x4-480-6t-metal,x4-480-8t-metal, andx4-960-12t-metal machine types to run OLAPworkloads in scale-out configurations with up to 8 nodes.
• You can use thex4-480-8t-metal andx4-960-12t-metal machine types to runOLTP workloads in scale-out configurations with up to 4 nodes.

For more information, seeCertified Compute Engine machine types for SAP HANA.

Vertex AI Agent Builder

Vertex AI Agent EngineCode Executionis nowGenerally Available.

AlloyDBperformance snapshot and reports now support read pool instance nodes, providing deeper observability into read operations and replica-specific performance issues.

New best practices are available for securing generative AI agents using ModelContext Protocol (MCP) with Google Cloud databases. This guide covers keysecurity measures like least privilege, native database controls, and secureagent design to help you build safer AI applications. For more information, seeBest practices for securing agent interactions with Model Context Protocol.

You can now make AI function calls in bulk rather than row-by-row, which lets youscale your intelligent workflows faster with new support for array-basedprocessing. For more information, seePerform intelligent SQL queries using AI functions.

This feature is inPreview.

You can now use theAlloyDB remote MCP server.The AlloyDB remote MCP server lets you interact easily with AlloyDB clustersfrom LLMs, AI applications, and AI-enabled development platforms.

This feature is inPreview.

You can now runglobal queries, which let youreference data stored in more than one region in a single query. This feature isinPreview.

Control of MCP use with organization policies is deprecated. AfterMarch 17, 2026, organization policies that use thegcp.managed.allowedMCPServices constraint won't work, and you can controlMCP use with IAM deny policies. For more information about controlling MCP use,seeControl MCP use with IAM deny policies.

After March 17, 2026, when you enable BigQuery, the BigQuery MCP server isautomatically enabled.

You can use theBigtable Admin API MCP serverto enable agents and AI applications to perform a range of data-related tasks.This feature is inPreview.

Cloud Runsource deployment supports Ubuntu 24LTS base images inGeneral Availability. This builder is available undergcr.io/buildpacks/builder:google-24. For more information, seeBuilders.

Cloud Runsource deployment supports Ubuntu 24LTS base images inGeneral Availability. This builder is available undergcr.io/buildpacks/builder:google-24. For more information, seeBuilders.

New best practices are available for securing generative AI agents usingModel Context Protocol (MCP) with Google Cloud databases. This guide coverskey security measures like least privilege, native database controls, andsecure agent design to help you build safer AI applications.For more information, seeBest practices for securing agent interactions with Model Context Protocol.

New best practices are available for securing generative AI agents usingModel Context Protocol (MCP) with Google Cloud databases. This guide coverskey security measures like least privilege, native database controls, andsecure agent design to help you build safer AI applications.For more information, seeBest practices for securing agent interactions with Model Context Protocol.

New best practices are available for securing generative AI agents usingModel Context Protocol (MCP) with Google Cloud databases. This guide coverskey security measures like least privilege, native database controls, andsecure agent design to help you build safer AI applications.For more information, seeBest practices for securing agent interactions with Model Context Protocol.

Starting February 18, 2026,trace sinks are deprecated.For more information, seeExport trace spans with sinks deprecation.

You can use the Log Analytics page, which provides a SQL queryinterface, to query both your trace and log data. To learn more, see thefollowing documents:

• To migrate to using Log Analytics page from a sink-basedexport of trace data to BigQuery, seeMigrate to Log Analytics.

• To query your trace data by using the Log Analytics page, seeQuery and analyze traces.

• To query your trace data by using BigQuery services, seeQuery a linked BigQuery dataset.

After March 17, 2026, when you enable Compute Engine,the Compute Engine MCP server is automatically enabled.

Control of MCP use with organization policies is deprecated. After March 17, 2026,organization policies that use thegcp.managed.allowedMCPServices constraintwon't work, and you can control MCP use with IAM deny policies.For more information about controlling MCP use, seeControl MCP use with IAM.

Document AI legacy processors will be discontinued onJune 30, 2026. To preemptthe risk of service failure while using legacy processors, we recommend transitioning tomore stable, higher-quality processors.

The affected versions are:

To ensure uninterrupted service and benefit from improved extraction quality,we recommend you migrate to the following later versions beforeJune 30, 2026:

• Enterprise Document OCR: Migrate topretrained-ocr-v2.1-2024-08-07.

• Expense parser: Migrate topretrained-expense-v1.3.2-2024-09-11.

• Custom classifier: Migrate topretrained-classifier-v1.5-2025-08-05.

• Custom splitter: Migrate topretrained-splitter-v1.5-2025-07-14.

• Invoice parser: Migrate topretrained-invoice-v2.0-2023-12-06.

• Pay slip parser: Migrate topretrained-paystub-v3.0-2023-12-06.

• Bank statement parser: Migrate topretrained-bankstatement-v5.0-2023-12-06.

To learn more about the migration process, refer toManage processor versions.

If you have any questions or require assistance, contact us atGoogle Cloud support.

New best practices are available for securing generative AI agents using Model Context Protocol (MCP) with Google Cloud databases. This guide covers key security measures like least privilege, native database controls, and secure agent design to help you build safer AI applications. For more information, seeBest practices for securing agent interactions with Model Context Protocol.

Control of MCP use with organization policies is deprecated. After March 17,2026, organization policies that use thegcp.managed.allowedMCPServicesconstraint won't work, and you can control MCP use with IAM deny policies. Formore information about controlling MCP use, seeControl MCP use with IAM.

After March 17, 2026, when you enable Firestore, the FirestoreMCP server is automatically enabled.

Image generation preview endpoints deprecation

The following table describes image generation endpoints that are deprecated andtheir replacements. We recommend updating your model endpoints before March 19,2026, to avoid service disruption.

Anthropic's Claude Sonnet 4.6

Claude Sonnet 4.6is available in Model Garden.

The following issues were addressed in this release:

• Fixed the following issues with the standard (non-advanced reporting)dashboards:

  • TheDashboard> Queue Reports dashboard had broken tableheaders.

  • TheDashboard> Call dashboard was missing metrics labelsin theLOGGED IN AGENT tile.

• Fixed an issue where calls were mistakenly saved in MP3 format rather thanWAV format in external storage.

• Fixed an issue that occurred after an agent put an end-user on hold,transferred the call to another agent, and then left the call. When theremaining agent took the end-user off hold, the agent and the end-usercouldn't hear each other.

• Fixed an issue with NICE WFM export where queue abandoned calls wereinaccurately reported to the WFM system.

• Fixed an issue where theAssign Human Agents page for queues appearedblank, preventing administrators from viewing or managing agent assignments.

• Fixed an issue where an email with a message ID longer than 255 charactersfailed to process and blocked the processing of other emails.

• Fixed an issue where agents in theIn-email status didn't receiveincoming calls or chats.

• Fixed an issue where CSAT ratings were missing from metadata files and rawdata exports.

• Fixed an issue where Salesforce integrations incorrectly created duplicatecases for a single outbound call.

• Fixed an issue where unsupported settings, such asCascade ConditionsandWrap-up settings, mistakenly appeared in the queue menu settings forApple Messages for Business queues.

• Fixed an issue where attempting to barge into a chat while monitoring itreturned aYou are already in Chat error instead of completing the action.

• Fixed an agent desktop issue where theNew photo received bannerreappeared after viewing a photo and switching between active chat tabs.

• Fixed an issue where Direct Access Points failed to route calls correctlyfor SIP URIs with spaces or non-standard formats.

• Fixed an issue where an agent's personal contact name was mistakenlydisplayed as the caller ID to other agents when they received a call fromthe agent.

• Fixed an issue where agents appeared asAvailable in theAgent ActivityTimeline report after signing out.

Google Cloud CCaaS 4.0

We've released version 4.0 of Google Cloud CCaaS.

The timing of the update to your instance depends on the deployment schedulethat you have chosen. For more information, seeDeploymentschedules.

Raw data export: new call_participants data type

We've added thecall_participants data type to raw data export. This data typehelps you track the following escalation details for wait-time virtual agents:

• The amount of time the wait-time virtual agent spent in queue.

• The number of events sent to the wait-time virtual agent while it was inqueue.

For more information, seeRaw data exportdictionary.

Salesforce Service Cloud: new secondary lookup object

The Salesforce Service Cloud integration can now use a secondary lookup objectto identify customer records when the primary lookup object returns no results.This helps prevent the creation of duplicate records.

Administrators: When you clickSettings> Developer Settings> CRM> Salesforce> SFDC Cloud Selection> Service Cloud, a newSecondary Lookup Object checkbox appearsin theAccount Lookup section.

For more information, seeConfigure account lookup and fieldmapping.

Control of MCP use with organization policies is deprecated. After March 17,2026, organization policies that use thegcp.managed.allowedMCPServicesconstraint won't work, and you can control MCP use with IAM deny policies. Formore information about controlling MCP use, seeControl MCP use with IAM.

After March 17, 2026, when you enable GKE, the GKEMCP server is automatically enabled.

After March 17, 2026, when you enable Google SecOps, the Google SecOps MCP server is automatically enabled.

Control of MCP use with organization policies is deprecated. After March 17, 2026, organization policies that use thegcp.managed.allowedMCPServices constraint won't work, and you can control MCP use with IAM deny policies. For more information about controlling MCP use, seeControl MCP use with IAM.

After March 17, 2026, when you enable Google SecOps, the Google SecOps MCP server is automatically enabled.

Control of MCP use with organization policies is deprecated. After March 17, 2026, organization policies that use thegcp.managed.allowedMCPServices constraint won't work, and you can control MCP use with IAM deny policies. For more information about controlling MCP use, seeControl MCP use with IAM.

Rolling out in preview starting February 17, 2026, LookML developers can unlock their Git branch in cases where their Git branch is locked as a result of another Git operation in progress or a previous Git operation failing. When the Git repository is locked, Looker displays theUnlock Branch option in theGit Actions panel of the Looker IDE. In addition, if a LookML developer tries to commit a change on a locked Git branch, Looker displays a warning in theCommit dialog, along with an option to delete the Git lock. See theUsing version control and deploying documentation page for details.

Note: This item was added on February 18, 2026.

Rolling out in preview starting February 17, 2026, theSelf-service Explores feature supports updating the data for a self-service Explore. The owner of a self-service Explore can update it with data from the latest version of the file that was used to create the self-service Explore. See theCreating self-service Explores documentation page for more information.

Rolling out in preview starting February 17, 2026, theSelf-service Explores feature supportsuploading data from Google Sheets. To support uploading data from Google Sheets, your Looker admin mustenable the required APIs in the Google Cloud project that houses your BigQuery database.

Rolling out in preview starting February 17, 2026, theIn-database merge queries feature is supported formerging results of two queries that are on the same BigQuery connection. Previously, the join for merging results was always performed in Looker memory, which limited each query to 5,000 rows that could be calculated in the join. If your Looker admin has enabled theIn-database merge queries Looker Labs feature, the join between two queries that are on the same BigQuery connection is performed in the BigQuery database itself. Performing the join in the database is more performant and allows for unlimited rows that can be joined.

TheSystem Activity User Activity dashboard has been updated to improve authentication troubleshooting. New information includes: recent login failures, the authentication method that was used, the error message that was returned, and the time of the attempt.

Rolling out in preview starting February 17, 2026, thecontent certification feature includes several new updates:

• TheSettings page in the General section of the Admin panel now includes options that let admins enable or disable content certification, set a custom URL for the certification process, and control whether certification is revoked when content is edited.
• LookML dashboards can now be certified.
• Looks and dashboards that are based on uncertified self-service Explores now display the "ungoverned" badge.
• Searching for content now includes the ability to sort content based on its certification status.

Now rolling out in preview, dashboard editors can change the size and layout of dashboard tiles with more granularity. To enable this feature, a Looker admin must turn on theGranular Dashboard Sizing Labs feature.

Now rolling out in preview, dashboard editors canset default options for how the download of a dashboard tile includes query results. They can set the download to include by default all query results or the current result table that is displayed in the visualization, or set a custom number of rows and columns. To enable this feature, a Looker admin must turn on theTile Download Default Options Labs feature.

Rolling out in preview starting February 17, 2026, theEmbed Conversational Analytics Labs feature is now available. When enabled, the Embed Conversational Analytics Labs feature lets youembed Conversational Analytics conversations and agents in an iframe like other Looker content types.

New best practices are available for securing generative AI agents usingModel Context Protocol (MCP) with Google Cloud databases. This guide coverskey security measures like least privilege, native database controls, and secureagent design to help you build safer AI applications. For more information, seeBest practices for securing agent interactions with Model Context Protocol.

This feature is inPreview.

Workflows is available in the following additionalregion:asia-southeast3 (Bangkok, Thailand).

NewAirflow buildsare available in Cloud Composer 3:

• composer-3-airflow-3.1.0-build.9
• composer-3-airflow-2.10.5-build.26 (default)
• composer-3-airflow-2.9.3-build.46

Newimagesare available in Cloud Composer 2:

• composer-2.16.4-airflow-2.10.5 (default)
• composer-2.16.4-airflow-2.9.3

The following Cloud Composer versions and builds have reached theirend of support period:composer-3-airflow-2.9.3-build.15 and composer-2.11.2-*.

Environment snapshotsare available in environments with Airflow 3 (Preview). This change is nowrolled out to all regions supported by Cloud Composer 3.

Thelayout parser web interface is inPreview.

It supports a document view display for processed PDF files and supportsvisualizing the document's parsed JSON, block layout, andimage or table annotation data in a user-friendly interface. Bounding box supportonly exists for version processorpretrained-layout-parser-v1.0-2024-06-03.

It also supports modifying the input layout config to allowfor configuring the table and image annotation feature directly from the interface.

Methodology update: Starting with January 2026 data, we have updated ourcalculation model to align with the comprehensive AI energy/emissions frameworkdetailed inMeasuring the environmental impact of delivering AI at Google Scale.This update allocates previously unallocated AI inference model emissions to theassociated Google Cloud services, following the SKU-level allocation describedin theCarbon Footprint reporting methodology. This change is part of our ongoing effort to provide more accurate andtransparent emissions data for AI inference.

Impact: Customers will see an increase in reported emissions for servicesthat utilize AI model inference across all SKUs. Such an increase is spreadacross all SKUs within those services, based on the SKU-level allocationmethodology.The primary impact is on Vertex AI. Other impacted services include VideoStitcher API, Notebooks, Cloud Natural Language, Cloud Speech API, CloudDocument AI API, Cloud Dialogflow API, Cloud Machine Learning Engine, CloudText-to-Speech API and Cloud Vision API.

NewDataproc on Compute Engine subminor image versions:

• 2.0.159-debian10, 2.0.159-rocky8, 2.0.159-ubuntu18
• 2.1.108-debian11, 2.1.108-rocky8, 2.1.108-ubuntu20, 2.1.108-ubuntu20-arm
• 2.2.76-debian12, 2.2.76-rocky9, 2.2.76-ubuntu22, 2.2.76-ubuntu22-arm
• 2.3.23-debian12, 2.3.23-ml-ubuntu22, 2.3.23-rocky9, 2.3.23-ubuntu22, 2.3.23-ubuntu22-arm

Release 6.3.76 is being rolled out to the first phase of regions as listedhere.

This release contains internal and customer bug fixes.

Release 6.3.76 is being rolled out to the first phase of regions as listedhere.

This release contains internal and customer bug fixes.

After March 17, 2026, when you enable Resource Manager, the Resource Manager MCP server is automatically enabled.

Control of MCP use with organization policies is deprecated. After March 17, 2026, organization policies that use thegcp.managed.allowedMCPServices constraint won't work, and you can control MCP use with IAM deny policies. For more information about controlling MCP use, seeControl MCP use with IAM.

Release 6.3.75 is now available for all regions.

Release 6.3.75 is now available for all regions.

Updated the route for Operations Anomalies fromapigee/analytics/operations-anomalies toapigee/aapi-ops/operations-anomalies.

On February 13, 2026, we released an updated version of the Apigee UI.

On February 13, 2026, we published a security bulletin for Apigee.

A vulnerability was identified in the Apigee platform (CVE-2025-13292) that could have allowed a malicious actor with administrative or developer-level permissions in their own Apigee environment to elevate privileges and access cross-tenant data.

Security bulletin published:GCP-2026-010

You can use theFlink Bigtable connectorversion 0.3.2 to connect to Bigtable from Apache Flink version 2.1.0.Additionally, this version of the connector lets you specify the number ofmutations to include in each batch sent to Bigtable. This feature isgenerally available (GA).

NewServerless for Apache Spark runtime versions:

• 1.2.70
• 2.2.70
• 2.3.23
• 3.0.7

The VMware Engineve2 node type is now available in the followingadditional region:

• Osaka, Japan, Asia Pacific (asia-northeast2)

The following feature was added in 1.34.100-gke.93:

You can deployvsphere-csi-controller in the advanced cluster on the usercluster control plane nodes.

Google Distributed Cloud (software only) for VMware 1.34.100-gke.93 is now availablefor download. To upgrade, see Upgrade a cluster. Google Distributed Cloud1.34.100-gke.93 runs on Kubernetes v1.34.1-gke.4700.

If you are using a third-party storage vendor, check the Google Distributed Cloud-readystorage partners document to make sure the storage vendor has already passed thequalification for this release.

After a release, it takes approximately 7 to 14 days for the version to becomeavailable for use with GKE On-Prem API clients: the Google Cloud console, thegcloud CLI, and Terraform.

The following feature was added in 1.34.100-gke.93:

Thespec.taints field in theNodePoolClaim resource is mutable. You canadd or remove taints on existing node pools without recreating theNodePoolClaim. You can use this field to manage GPU nodes.

Google Distributed Cloud (software only) for bare metal 1.34.100-gke.93 is now available fordownload. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal1.34.100-gke.93 runs on Kubernetes v1.34.1-gke.4700.

After a release, it takes approximately 7 to 14 days for the version to becomeavailable for installations or upgrades with the GKE On-Prem API clients: theGoogle Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Google Distributed Cloud-readystorage partners document to make sure the storage vendor has already passed thequalification for this release of Google Distributed Cloud for bare metal.

You can now determine the status and health of a TPU slice and partition by monitoring these new beta system metrics:

• kubernetes.io/accelerator/slice/state: Indicates the current status of the slice.
• kubernetes.io/accelerator/partition/state: Indicates the health of the partition.

For more information, see theGKE system metrics documentation.

Flow Analyzersupports latency mode, allowing you to analyze round-trip time in yourtraffic flows.For more information, seeDisplay flows in latency mode.

Support for deploying your existing apps in the standard environment to Cloud Run usingthegcloud beta app migrate-to-run command is inPreview. For more information, seeDeploy an App Engine app in the standard environment to Cloud Run.

Support for deploying your existing apps in the standard environment to Cloud Run usingthegcloud beta app migrate-to-run command is inPreview. For more information, seeDeploy an App Engine app in the standard environment to Cloud Run.

Support for deploying your existing apps in the standard environment to Cloud Run usingthegcloud beta app migrate-to-run command is inPreview. For more information, seeDeploy an App Engine app in the standard environment to Cloud Run.

Support for deploying your existing apps in the standard environment to Cloud Run usingthegcloud beta app migrate-to-run command is inPreview. For more information, seeDeploy an App Engine app in the standard environment to Cloud Run.

Support for deploying your existing apps in the standard environment to Cloud Run usingthegcloud beta app migrate-to-run command is inPreview. For more information, seeDeploy an App Engine app in the standard environment to Cloud Run.

Support for deploying your existing apps in the standard environment to Cloud Run usingthegcloud beta app migrate-to-run command is inPreview. For more information, seeDeploy an App Engine app in the standard environment to Cloud Run.

You can now usedataset insightsto understand relationships between tables in a dataset by generatingrelationship graphs and cross-table queries. You can automatically generatedataset summaries, infer relationships across tables, and receive suggestionsfor analytical questions. This feature is inPreview.

You can now provide descriptions for the fields in your custom output schemawhen you use theAI.GENERATEandAI.GENERATE_TABLEfunctions.This feature isgenerally available(GA).

TheAI.CLASSIFY functionnow supports classifying your input into multiple categories. This feature is inPreview.

Cloud Build is now available in theasia-southeast3 region.

For more information, seeCloud Build locations.

You no longer need to configure BigQuery reservation assignmentsto create SQL-based alerting policies or run Log Analytics queries onBigQuery slots. These queries now use on-demand slots by defaultif no BigQuery reservation assignment exists.

For more information, see the following documents:

• Query a linked BigQuery dataset
• Monitor your SQL query results with an alerting policy

Generally available: You can use instance flexibility to improve resource availability when creating VMs in bulk in a region. With instance flexibility, you specify one or more suitable machine types for your workload. Compute Engine then provisions VMs from the list of machine types based on capacity and quota availability.

For more information, seeAbout instance flexibility for VMs created in bulk andCreate VMs in bulk with instance flexibility.

Developer Connect now supportsHTTP connections, for access toarbitrary HTTP endpoints.

Gemini Enterprise mobile app: Standard and Plus editions (Private GA)

The Gemini Enterprise mobile app is available in Private GA. The mobile app letsusers interact with organizational data, engage with agents, and execute tasksseamlessly using their mobile device.

To ensure that you have the latest features, security, and best experience, youmay occasionally be required to update your Gemini Enterprise mobile app, orinstall a new version. Some updates may be necessary to continue using the app.

Contact your account manager to access the mobile app.

Advanced Joins in Search

Google SecOps now supports expanded capabilities for correlating data acrossmultiple sources. These join operations are also supported in multistage queries.

Joins without amatch section: You can now use join operations to correlateand combine data from multiple sources based on common field values withoutrequiring amatch section (unlike statistical joins). Results are displayed in aJoins table, which you can download as a CSV, or for event-to-event joins,exported to a datatable for further analysis.

For more information, seeImplement joins without a match section.

Outer joins: Search now supports left and right outer joins. Unlike standardinner joins, these operations let you retrieve all records from a primarydata source even if no matching entry exists in the secondary source (unmatchedfields are returned asnull). This action lets you correlate datawithout losing unmatched events.

For more information, seeCorrelate data with outer joins.

Advanced Joins in Search

Google SecOps now supports expanded capabilities for correlating data acrossmultiple sources. These join operations are also supported in multistage queries.

Joins without amatch section: You can now use join operations to correlateand combine data from multiple sources based on common field values withoutrequiring amatch section (unlike statistical joins). Results are displayed in aJoins table, which you can download as a CSV, or for event-to-event joins,exported to a datatable for further analysis.

For more information, seeImplement joins without a match section.

Outer joins: Search now supports left and right outer joins. Unlike standardinner joins, these operations let you retrieve all records from a primarydata source even if no matching entry exists in the secondary source (unmatchedfields are returned asnull). This action lets you correlate datawithout losing unmatched events.

For more information, seeCorrelate data with outer joins.

Advanced Joins in Search

Google SecOps now supports expanded capabilities for correlating data acrossmultiple sources. These join operations are also supported in multistage queries.

Joins without amatch section: You can now use join operations to correlateand combine data from multiple sources based on common field values withoutrequiring amatch section (unlike statistical joins). Results are displayed in aJoins table, which you can download as a CSV, or for event-to-event joins,exported to a datatable for further analysis.

For more information, seeImplement joins without a match section.

Outer joins: Search now supports left and right outer joins. Unlike standardinner joins, these operations let you retrieve all records from a primarydata source even if no matching entry exists in the secondary source (unmatchedfields are returned asnull). This action lets you correlate datawithout losing unmatched events.

For more information, seeCorrelate data with outer joins.

Pro feature: Change the billing account

You can change the Google Cloud billing account that is associated with a Looker Studio Pro subscription without interrupting access to your Pro assets.

Learn how to change the Pro billing account.

Additional search parameters

When searching for reports or data sources, you can filter search results by the following parameters:

• Type
• Owner
• Location
• Date Modified

Oracle Database@Google Cloud adds zoneeurope-west2-a-r1 (London, Europe) for the following services:

• Exadata Database Service on Exascale infrastructure
• Base Database Service

For a list of supported locations, seeSupported regions and zones.

You can now run pipelines with three distinct execution methods: running alltasks, running selected tasks, and running tasks with selected tags. For moreinformation, seeRun a pipeline.This feature isgenerally available(GA).

Support forosonly24 runtime is inGeneral Availability. The OS only runtime lets you deploy Go applications from source, and binaries such as Dart and Go. For more information, seeConfigure the OS only runtime.

You can nowdeploy containerized workloads to Cloud Run worker pools. This feature is now generallyavailable (GA).

Cloud KMS Autokey for projects is available in Public Preview. Autokey forprojects lets you enable Cloud KMS Autokey for delegated key management. Indelegated key management, keys created by Autokey are created in the sameproject as the resources they protect. This option is suitable for yourorganization if project administrators are in charge of key management for theprojects they manage.

You can still use Cloud KMS Autokey for centralized key management in a folder,where all keys that protect resources in that folder are created in a dedicatedkey project. You can also use centralized key management in a folder, withcertain projects within that folder configured to use delegated key managementand same-project keys instead of creating keys in the dedicated key project.

You can enable Autokey for projects on individual projects or on all projectswithin a folder. For more information, seeEnable Cloud KMS Autokey.

Support forosonly24 runtime is inGeneral Availability. The OS only runtime lets you deploy Go applications from source, and binaries such as Dart and Go. For more information, seeConfigure the OS only runtime.

You can now use metadata change feeds to receive near real-time notificationsabout metadata changes in Dataplex. Dataplex publishes notifications to aPub/Sub topic of your choice, letting you build event-driven workflows,sync metadata to external catalogs, or trigger data quality checks.For more information, seeAbout metadata change feeds.

(2026-R6) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following versions are now available for new GKE clusters, and formanual control plane upgrades and node upgrades for existing clusters. For moreinformation about versioning and upgrades, seeGKE versioning andsupport andAbout GKEcluster upgrades.

(2026-R6) Security updates

This release includes new GKE versions that use updatedContainer-Optimized OS images. These updated images are cumulative,incorporating security fixes from all Container-Optimized OSversions released since the previous GKE release.

To identify the specific vulnerabilities that were resolved in each updatedContainer-Optimized OS image, see theSecurity release notesfor that image. The following table includes links to the release notes foreach updated Container-Optimized OS image:

(2026-R6) Version updates

• The following versions are now available in the Extended channel:
  • 1.30.14-gke.1973000
  • 1.30.14-gke.2026000
  • 1.31.14-gke.1319000
  • 1.31.14-gke.1376000
  • 1.32.11-gke.1174000
  • 1.33.5-gke.2326000
  • 1.34.3-gke.1245000
  • 1.35.0-gke.2232000
• The following versions are no longer available in the Extended channel:
  • 1.30.14-gke.1901000
  • 1.30.14-gke.1991000
  • 1.31.14-gke.1166000
  • 1.31.14-gke.1336000
  • 1.33.5-gke.2172001
• Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
  • GKE upgrades clusters to the following new minor versions if there are no factors, such asmaintenance exclusions or deprecated APIs, preventing upgrades:
    • 1.29 to1.30.14-gke.1922000
  • GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster hasmaintenance exclusions or other factors preventing minor version upgrades:
    • 1.30 to1.30.14-gke.1922000
    • 1.31 to1.31.14-gke.1243000
    • 1.33 to1.33.5-gke.2228001
    • 1.35 to1.35.0-gke.2232000

(2026-R6) Version updates

• The following versions are now available:
  • 1.32.11-gke.1264000
  • 1.33.5-gke.2469000
  • 1.34.3-gke.1444000
  • 1.35.0-gke.2232000
  • 1.35.0-gke.2398000
  • 1.35.0-gke.2745000
• The following node versions are now available:
  • 1.30.14-gke.2026000
  • 1.31.14-gke.1376000
  • 1.32.11-gke.1264000
  • 1.33.5-gke.2469000
  • 1.34.3-gke.1444000
  • 1.35.0-gke.2232000
  • 1.35.0-gke.2398000
  • 1.35.0-gke.2745000
• The following versions are no longer available:
  • 1.32.9-gke.1728000
  • 1.33.5-gke.2072001
• Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
  • GKE upgrades clusters to the following new minor versions if there are no factors, such asmaintenance exclusions or deprecated APIs, preventing upgrades:
    • 1.32 to1.33.5-gke.2118001
  • GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster hasmaintenance exclusions or other factors preventing minor version upgrades:
    • 1.33 to1.33.5-gke.2118001
    • 1.35 to1.35.0-gke.2232000

(2026-R6) Version updates

• Version1.35.0-gke.2398000 is now the default version for cluster creation in the Rapid channel.
• The following versions are now available in the Rapid channel:
  • 1.32.11-gke.1264000
  • 1.33.5-gke.2469000
  • 1.34.3-gke.1444000
  • 1.35.0-gke.2745000
• The following versions are no longer available in the Rapid channel:
  • 1.32.11-gke.1174000
  • 1.33.5-gke.2326000
  • 1.34.3-gke.1245000
  • 1.35.0-gke.2232000
• Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
  • GKE upgrades clusters to the following new minor versions if there are no factors, such asmaintenance exclusions or deprecated APIs, preventing upgrades:
    • 1.31 to1.32.11-gke.1211000
    • 1.32 to1.33.5-gke.2392000
    • 1.33 to1.34.3-gke.1318000
    • 1.34 to1.35.0-gke.2398000
  • GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster hasmaintenance exclusions or other factors preventing minor version upgrades:
    • 1.32 to1.32.11-gke.1211000
    • 1.33 to1.33.5-gke.2392000
    • 1.34 to1.34.3-gke.1318000
    • 1.35 to1.35.0-gke.2398000

(2026-R6) Version updates

• The following versions are now available in the Regular channel:
  • 1.32.11-gke.1174000
  • 1.33.5-gke.2326000
  • 1.34.3-gke.1245000
  • 1.35.0-gke.2232000
• Version 1.33.5-gke.2172001 is no longer available in the Regular channel.
• Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
  • GKE upgrades clusters to the following new minor versions if there are no factors, such asmaintenance exclusions or deprecated APIs, preventing upgrades:
    • 1.32 to1.33.5-gke.2228001
  • GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster hasmaintenance exclusions or other factors preventing minor version upgrades:
    • 1.33 to1.33.5-gke.2228001
    • 1.35 to1.35.0-gke.2232000

(2026-R6) Version updates

• Version1.33.5-gke.2118001 is now the default version for cluster creation in the Stable channel.
• The following versions are now available in the Stable channel:
  • 1.32.11-gke.1038000
  • 1.33.5-gke.2172001
• The following versions are no longer available in the Stable channel:
  • 1.32.9-gke.1728000
  • 1.33.5-gke.2100001
• Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
  • GKE upgrades clusters to the following new minor versions if there are no factors, such asmaintenance exclusions or deprecated APIs, preventing upgrades:
    • 1.31 to1.32.9-gke.1734000
    • 1.32 to1.33.5-gke.2118001
  • GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster hasmaintenance exclusions or other factors preventing minor version upgrades:
    • 1.32 to1.32.9-gke.1734000
    • 1.33 to1.33.5-gke.2118001

CiscoUmbrella: Version 15.0

• The following new actions have been added:

  • Is Domain In Cisco Popularity List

  • List Top Domains

Palo Alto Cortex XDR: Version 22.0

• Updated the event processing and dynamic list handling of the followingconnector:

  • Palo Alto Cortex XDR Connector

• Added the ability to ignore certain types of artifacts to the followingconnector:

  • Palo Alto Cortex XDR Connector

Google Threat Intelligence: Version 9.0

• Added the ability to define the data freshness threshold for available hashesto the following action:

  • Submit File

• Added the ability to filter using monitor names to the following connector:

  • Google Threat Intelligence - DTM Alerts Connector

• Integration: Updated the connectivity test method to avoid API quotaconsumption.

Tenable.io: Version 13.0

• Optimized the asset processing of the following connector:

  • TenableIO - Vulnerabilities Connector

• Updated the entity processing logic of the following actions:

  • Enrich Entities

  • List Endpoint Vulnerabilities

  • Scan Endpoints

For Exadata Database Service, Oracle Database@Google Cloud supports the following regions and zones:

• australia-southeast2-a-r2 (Melbourne, Australia)
• asia-south2-b-r1 (Delhi, India)

For a list of supported locations, seeSupported regions and zones.

Preview stage supportfor the following integration:

• Managed Lustre

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

• 1.34.0-gke.1
• 1.33.0-gke.2
• 1.32.0-gke.3

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

• 1.34.1-gke.4700
• 1.33.5-gke.1900
• 1.32.9-gke.1800

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

• 1.34.1-gke.4700
• 1.33.5-gke.1900
• 1.32.9-gke.1800

The following versions are not recommended:

• 1.33.4-gke.900
• 1.32.8-gke.600
• 1.32.4-gke.200

If you use any of the preceding versions, we strongly recommend that you upgrade to version 1.34 or the latest available patch versions.

On February 10, 2026, we released an updated version of Apigee (1-17-0-apigee-2).

The following resource types are publicly available through theExportAssets,ListAssets,BatchGetAssetsHistory,QueryAssets,Feed,SearchAllResources,andSearchAllIamPoliciesAPIs.

• Apigee
  • apigee.googleapis.com/ApiProxy
  • apigee.googleapis.com/ApiProxyRevision
  • apigee.googleapis.com/Environment

(Available without upgrading) Fixed an issue where Airflow workloads used thePerformance Persistent Disk type (pd-ssd) instead of the Standard PersistentDisk type (pd-standard).

(Available without upgrading in Cloud Composer 3) Fixed load snapshotoperations that were failing with invalid configuration error for the recentlycreated snapshots.

Model endpoint managementfor Cloud SQL for MySQL and theintegration of Cloud SQL for MySQL with Vertex AI are now generally available(GA).

By integrating your Cloud SQL for MySQL instance with Vertex AI, you caninvoke online predictions and generate vector embeddings from models hostedin Vertex AI directly from your Cloud SQL instance.

With model endpoint management, you can build generative AI applications byintegrating your databases with models from third-party providers like OpenAIusing your own API keys. Model endpoint management lets you register andmanage model endpoints for your MySQL instance, making your interactionswith a wider range of ML models seamless.

Preview: You can use consistency groups of instant snapshots to back up agroup of disks at the same point in time, ensuring data consistency acrossmultiple disks. Consistency groups of instant snapshots offer the followingbenefits:

• Simultaneous backups: create instant snapshots for all disks in a consistencygroup with a single operation.
• Bulk restoration: restore multiple disks at once from a consistency group ofinstant snapshots.

To learn more, seeAbout instant snapshots.

A vulnerability affecting Intel TDX firmware was discovered and isbeing addressed. For more information, see theGCP-2026-008 security bulletin.

Upgraded sys-libs/libcap to v2.77.

Updated dev-libs/libxml2 to version 2.14.6. This resolves CVE-2025-6021.

Upgraded app-admin/google-guest-configs to v20251014.00.

cos-113-18244-582-2

This is anLTS Refresh release.

Upgraded net-libs/libtirpc to v1.3.7.

Upgraded app-containers/docker-credential-helpers to v0.9.4.

cos-125-19216-104-149

Added support for NVIDIA driver v535.288.01, v570.211.01 and v580.126.09.

Enabled TC Traffic Police as a module.

Fixed CVE-2026-23023 in the Linux kernel.

Fixed CVE-2025-71183 in the Linux kernel.

Fixed TCPX performance issues.

Fixed CVE-2026-23038 in the Linux kernel.

Added support for NVIDIA driver v535.288.01, v570.211.01 and v580.126.09.

Fixed CVE-2024-57982 in the Linux kernel.

Fixed CVE-2024-49968 in the Linux kernel.

cos-121-18867-294-116

You can now use theFirestore remote MCP server.The Firestore remote MCP server lets you interact with documents storedin a Firestore database from your AI application.

This feature is inPreview.

GLM 5 is available as an experimental launch in Model Garden. This modelis targeting complex systems engineering and long-horizon agentic tasks.GLM 5 is available as a managed API in Model Garden. To learn more, seeGLM 5.

You can now use the Google Cloud console tomanage backups.This feature isGenerally Available.

You can use theSpanner remote MCP server tointeract with Spanner instances and databases from agentic AIapplications such as Gemini CLI, agentmode in Gemini Code Assist, or Claude.ai.

This feature is inPreview.

You can use constraints in custom organization policies to provide more granularand customizable control over specific fields for internal ranges. For moreinformation, seeManage VPC resources by using custom organizationpolicies.

We are announcing the release of support for the AlloyDB language connectors andAuth Proxy withAuto IAM Authenticationand managed connection pooling. This feature and the fix for the issue frombelow is available starting with maintenance version 20260107.02_05. Clusterswith a maintenance window that may not have received this release can useself-service maintenanceto perform a maintenance update.

You can now customize the scope of data documentation scans for BigQuery tablesto generate specific insights. You can choose to generate only SQL queries,only table and column descriptions, or all insights.

You can also create one-time data scans that execute immediately upon creation,removing the need for a separaterun command. These scans support aTime to Live (TTL) setting to automatically delete the scan resource aftercompletion.

For more information, seeGenerate insights for a BigQuery table.

The following resource types are publicly available through theExportAssets,ListAssets,BatchGetAssetsHistory,QueryAssets,Feed,SearchAllResources,andSearchAllIamPoliciesAPIs.

• Cloud Run
  • run.googleapis.com/WorkerPool
• Dataform
  • dataform.googleapis.com/TeamFolder
  • dataform.googleapis.com/Folder
• Discovery Engine
  • discoveryengine.googleapis.com/Assistant

Cloud Data Fusion version 6.11.1.1 isgenerally available (GA).This release includes the following feature:

• InstanceV3 monitored-resource: Introduceddatafusion.googleapis.com/InstanceV3 as the default monitored resource forinstance-level metrics and system service logs. This resource excludes theorg_id andnamespace labels found inInstanceV2. Emission ofInstanceV2 metrics and logs is disabled by default for new and upgradedinstances but can be re-enabled using the REST API.

  For more information, seeMetrics overview andView pipeline logs.

Fixed in Cloud Data Fusion 6.11.1.1:

• Fixed retries in message publishing when the messaging service istemporarily unavailable(CDAP-21043).
• Fixed a security vulnerability where user-provided code in preview runnerscould access sensitive data from other preview runs(CDAP-21211).
• Fixed an issue where internal task workers running user code could hangindefinitely. The system now forces completed tasks to exit and uses ahealth check to restart unresponsive workers(CDAP-21213).
• Fixed an issue where the list apps API endpoint failed to return all deployedpipelines when used with pagination(CDAP-21220).

You can use theCloud Logging API MCP serverto let agents and AI applications interact with your log entries.This feature is inPreview.

You can now use theCloud SQL remote MCP server.The Cloud SQL remote MCP server lets you interact easily with Cloud SQLinstances from LLMs, AI applications, and AI-enabled development platforms.

This feature is inPreview.

You can now use theCloud SQL remote MCP server.The Cloud SQL remote MCP server lets you interact easily with Cloud SQLinstances from LLMs, AI applications, and AI-enabled development platforms.

This feature is inPreview.

You can now use theCloud SQL remote MCP server.The Cloud SQL remote MCP server lets you interact easily with Cloud SQLinstances from LLMs, AI applications, and AI-enabled development platforms.

This feature is inPreview.

The following images are now rolling out for managed Cloud Service Mesh:

• 1.21.6-asm.10 is rolling out to the rapid release channel.
• 1.20.8-asm.63 is rolling out to the regular release channel.
• 1.19.10-asm.57 is rolling out to the stable release channel.

These patch releases contain the fixes for the following managed Cloud Service Mesh CVEs:

You can autoscale a managed instance group (MIG) thathas instance flexibility configured. Autoscaling lets the MIG create ordelete virtual machine instances based on an increase or decrease in load. Formore information, seeAbout instance flexibility.

Layout parser modelpretrained-layout-parser-v1.6-2026-01-13 powered by Gemini 3Flash LLM is available inPreview.

This processor version has ML processing capabilities in the US and EU.

For more information about available models, see thecustomextractor page.

Gemini Enterprise: Data connector for Notion (Public preview)

You can connect Notion data stores to Gemini Enterprise. For more information,seeConnect Notion.

Support for Notion data sources is in Public preview.

Enhanced rule observability: New metadata, visual indicators, and dashboards

Google Security Operations has introduced updates to how detection and alert data is processed and visualized. These changes help Google SecOps teams distinguish between primary rule runs andrule replays, which provides clarity on detection delays and the impact of late-arriving enrichment data.

• Key improvements

  • Enhanced metadata: Detection and alert objects now include specific metadata that identifies whether they were produced during a primary rule run, or as part of arule replay or retrohunt.
  • Improved troubleshooting: This data lets Google SecOps teams definitively answer critical operational questions, such as the cause of perceived detection delays or the specific impact of late-arriving enrichment data on active rules.
  • Rule replay insights: Learn more about the distinction between primary runs and replays to manage the re-enrichment of Unified Data Model (UDM) events. For detailed definitions and technical workflows, seeUnderstand rule replay andUnderstand rule detection delays.
  • New detection dashboard: To support these backend metadata changes, a newDetection Health dashboard is now available. This interface provides a visual representation of rule performance and replay status, letting teams monitor detection health more effectively.
  • Custom reporting: There are new fields available in theDetections schema, letting you build custom dashboards.

• New metadata and third-party integration: Detections and alerts now emit specific metadata to help customers track timing and latency. This data is available for integration with third-party systems using the following fields:

  • detectionTimingDetails: An enum identifying the run type:
  • DETECTION_TIMING_DETAILS_REPROCESSING
  • DETECTION_TIMING_DETAILS_RETROHUNT
  • DETECTION_TIMING_DETAILS_UNSPECIFIED
  • latencyMetrics: Includes timestamps foroldestIngestionTime,newestIngestionTime,oldestEventTime, andnewestEventTime.

• Enhanced platform and visual indicators:

  • Alerts and rule details: A new visual indicator in theDetection Type column provides granular details on hover.
  • Filter facets: TheAlerts lister page now includesdetection timing details as a filterable facet.
  • SOAR integration: In theCase Overview, theComposite Detections table now carries through the same iconography for a consistent investigation experience.

Enhanced rule observability: New metadata, visual indicators, and dashboards

Google Security Operations has introduced updates to how detection and alert data is processed and visualized. These changes help Google SecOps teams distinguish between primary rule runs andrule replays, which provides clarity on detection delays and the impact of late-arriving enrichment data.

• Key improvements

  • Enhanced metadata: Detection and alert objects now include specific metadata that identifies whether they were produced during a primary rule run, or as part of arule replay or retrohunt.
  • Improved troubleshooting: This data lets Google SecOps teams definitively answer critical operational questions, such as the cause of perceived detection delays or the specific impact of late-arriving enrichment data on active rules.
  • Rule replay insights: Learn more about the distinction between primary runs and replays to manage the re-enrichment of Unified Data Model (UDM) events. For detailed definitions and technical workflows, seeUnderstand rule replays andUnderstand rule detection delays.
  • New detection dashboard: To support these backend metadata changes, a newDetection Health dashboard is now available. This interface provides a visual representation of rule performance and replay status, letting teams monitor detection health more effectively.
  • Custom reporting: There are new fields available in theDetections schema, letting you build custom dashboards.

• New metadata and third-party integration: Detections and alerts now emit specific metadata to help customers track timing and latency. This data is available for integration with third-party systems using the following fields:

  • detectionTimingDetails: An enum identifying the run type:
  • DETECTION_TIMING_DETAILS_REPROCESSING
  • DETECTION_TIMING_DETAILS_RETROHUNT
  • DETECTION_TIMING_DETAILS_UNSPECIFIED
  • latencyMetrics: Includes timestamps foroldestIngestionTime,newestIngestionTime,oldestEventTime, andnewestEventTime.

• Enhanced platform and visual indicators:

  • Alerts and rule details: A new visual indicator in theDetection Type column provides granular details on hover.
  • Filter facets: TheAlerts lister page now includesdetection timing details as a filterable facet.
  • SOAR integration: In theCase Overview, theComposite Detections table now carries through the same iconography for a consistent investigation experience.

Enhanced rule observability: New metadata, visual indicators, and dashboards

Google Security Operations has introduced updates to how detection and alert data is processed and visualized. These changes help Google SecOps teams distinguish between primary rule runs andrule replays, which provides clarity on detection delays and the impact of late-arriving enrichment data.

• Key improvements

  • Enhanced metadata: Detection and alert objects now include specific metadata that identifies whether they were produced during a primary rule run, or as part of arule replay or retrohunt.
  • Improved troubleshooting: This data lets Google SecOps teams definitively answer critical operational questions, such as the cause of perceived detection delays or the specific impact of late-arriving enrichment data on active rules.
  • Rule replay insights: Learn more about the distinction between primary runs and replays to manage the re-enrichment of Unified Data Model (UDM) events. For detailed definitions and technical workflows, seeUnderstand rule replay andUnderstand rule detection delays.
  • New detection dashboard: To support these backend metadata changes, a newDetection Health dashboard is now available. This interface provides a visual representation of rule performance and replay status, letting teams monitor detection health more effectively.
  • Custom reporting: There are new fields available in theDetections schema, letting you build custom dashboards.

• New metadata and third-party integration: Detections and alerts now emit specific metadata to help customers track timing and latency. This data is available for integration with third-party systems using the following fields:

  • detectionTimingDetails: An enum identifying the run type:
  • DETECTION_TIMING_DETAILS_REPROCESSING
  • DETECTION_TIMING_DETAILS_RETROHUNT
  • DETECTION_TIMING_DETAILS_UNSPECIFIED
  • latencyMetrics: Includes timestamps foroldestIngestionTime,newestIngestionTime,oldestEventTime, andnewestEventTime.

• Enhanced platform and visual indicators:

  • Alerts and rule details: A new visual indicator in theDetection Type column provides granular details on hover.
  • Filter facets: TheAlerts lister page now includesdetection timing details as a filterable facet.
  • SOAR integration: In theCase Overview, theComposite Detections table now carries through the same iconography for a consistent investigation experience.

The Looker Action Hub has been updated to support newer API versions for Google Ads (from v19 to v22) and Facebook Custom Audiences (from v22 to v24).

When you useElite System Activity, all System Activity fields of thelongtext type that have a size greater than 2 MB will be truncated. If a table has only one column with alongtext type, that column will be set to a maximum of 1.9 MB in size. If a table has multiple columns of thelongtext type, the total maximum size across all such columns is 2 MB, and this limit is distributed uniformly among those columns. For example, if a table hasxlongtext columns, each column will have a maximum length of 2 MB divided byx.

An issue has been fixed where some drill links could fail to work when cookieless embed was enabled. This feature now performs as expected.

When you useElite System Activity, themerge_query table now refreshes every 10 minutes.

When you aredelivering content to an SFTP server, additional key exchange algorithms and host key algorithms are now supported.

An issue has been fixed where the pagination option was not being displayed in the LookML Dashboards folder for some users.This feature now performs as expected.

An issue has been fixed where custom dimensions that were based on numeric fields could be converted to strings, which caused incorrect sorting. This feature now performs as expected.

An issue has been fixed where choosing a non-default color collection and then choosing a custom color in a conditional formatting rule could cause the rule to revert to the default color collection. This feature now performs as expected.

Looker 26.2 is expected to include the following changes, features, and fixes:

• Expected Looker (original) deployment start:Monday, February 9, 2026
• Expected Looker (original) final deployment and download available:Monday, February 16, 2026
• Expected Looker (Google Cloud core) deployment start:Monday, February 9, 2026
• Expected Looker (Google Cloud core) final deployment:Friday, February 27, 2026

An issue has been fixed where a modification to the color palette for the "Along a scale..." conditional formatting feature could fail to be saved. This feature now performs as expected.

Now available in preview, Looker has full support for connections withAlloyDB for PostgreSQL. When youcreate a connection in Looker, you can now select "Google Cloud AlloyDB for PostgreSQL" from the Dialect drop-down menu. This update does not affect existing AlloyDB connections that were created using the PostgreSQL 9.5+ option in the Dialect menu.

An issue has been fixed where non-admin users could not favoriteLookML dashboards. This feature now performs as expected.

The user attribute pairing user interface forSAML,LDAP, andOpenID Connect authentication has been updated. A new "Manage Pairings" side panel provides a robust interface for adding, removing, and viewing attribute pairings. This new interface also includes filtering and pagination and allows for a single claim to be associated with multiple Looker user attributes.

An issue has been fixed where Looker could return a 500 error if a user with one or more single quotes in their name attempted to commit LookML. This feature now performs as expected.

An issue has been fixed where switching a visualization type from Table to Single Value could carry over unwanted conditional formatting. This feature now performs as expected.

An issue has been fixed where conditional formatting no longer appeared on certain dashboard tiles. This feature now performs as expected.

An issue has been fixed where changing the collection in a conditional formatting rule could reset styles for the rule. This feature now performs as expected.

An issue has been fixed where the filter bar would automatically expand on dashboard load when the filter location was set to "Right". This feature now performs as expected.

An issue has been fixed where switching filter types fromMatches (Advanced) to another filter type could populate that filter with an incorrect filter configuration. This feature now performs as expected.

An issue has been fixed where adding a new field to a conditionally formatted result set could fail to apply the conditional formatting to the new field. This feature now performs as expected.

An issue has been fixed where dashboard tiles with titles that included the % symbol could not be downloaded in the Safari 26.0 browser. This feature now performs as expected.

Looker admins can nowgrant essential Google Cloud services, such asConversational Analytics, access to a Looker instance, even when an IP allowlist is active.

Looker admins can now enforce apassword expiration policy, enhancing security for users who authenticate with an email and a password. This new feature lets admins set a password expiration window between 30 and 365 days. Fourteen days before password expiration, a banner will notify the user, and, once their password has expired, the user must reset it at the next login.

TheCustomer Engineer Advanced Editor default role now includes thegemini_in_looker,chat_with_agent,chat_with_explore, andsave_agents permissions, which grant access to Gemini features and Conversational Analytics functionality.

Organization Policy Service custom constraints are available for someNetwork Connectivity resources. For more information, seeManage VPC resources by using custom organization policies.

You can right-click a node in a Spanner Graph queryvisualization to access options like expanding or collapsing adjacent nodes,highlighting or hiding nodes, and viewing only a node's neighbors.

For more information, seeWork with visualizations.

You can bring your own IPv6 global unicast addresses (GUAs)to assign to asubnet's internal IPv6 address range.Although GUAs are typically public addresses, in this configuration they areused privately and function in the same way as Google Cloud-provisioned ULAs.

For more information, seeBring your own IP addresses.

Release 6.3.75 is being rolled out to the first phase of regions as listedhere.

This release contains internal and customer bug fixes.

Release 6.3.75 is being rolled out to the first phase of regions as listedhere.

This release contains internal and customer bug fixes.

Release 6.3.74 is now available for all regions.

Release 6.3.74 is now available for all regions.

On February 6th, 2026, we released an updated version of Apigee.

Apply this hotfix with the following steps:

For more information, seeView usage and forecast data.

The following resource types are publicly available through theExportAssets,ListAssets,BatchGetAssetsHistory,QueryAssets,Feed,SearchAllResources,andSearchAllIamPoliciesAPIs.

• Bigtable
  • bigtableadmin.googleapis.com/LogicalView

You can use theCloud Monitoring API MCP serverto let agents and AI applications interact with your time series data.This feature is inPreview.

You can now ingest OTLP metrics into Cloud Monitoring by using anOpenTelemetry Collector, an OTLP exporter, and the Telemetry API. For moreinformation, seeOTLP metric ingestion overview.The Telemetry API for metric ingestion is inPreview.

Expanded coverage for compute flexible committed use discounts (CUDs) isavailable to all Cloud Billing accounts. Your Cloud Billing accounts havebeen automatically migrated to thenew spend-based CUD model and you no longer need to opt-into benefit from the expanded coverage. For the full list of eligible SKUsacross Compute Engine, GKE, and Cloud Run,seeSKU Groups - Compute Flexible CUD Eligible SKUs.

To learn more about compute flexible CUDs for Cloud Run and how they apply to your usage, seethecompute flexible CUDs documentation.

You can providecustom metadata for aworkstation's host VM.

Use the--instance-metadata flag with thegcloud workstations configs createandgcloud workstations configs updatecommands. Format the metadata as a comma-separated list of key-value pairs—forexample,--instance-metadata=key1=value1,key2=value2.

Note that updating metadata replaces all existing custom metadata for theworkstation instance.

Cloud Workstations supports specifying a custom startup script to be executed onthe workstation's host VM during boot.

Provide the custom startup script as a Google Cloud Storage URL, such asgs://BUCKET/FILE, using the--startup-script-uri flag with thegcloud workstations configs create andgcloud workstations configs updatecommands.

Expanded coverage for compute flexible committed use discounts (CUDs) isavailable to all Cloud Billing accounts. All Cloud Billing accounts havebeen automatically migrated to thenew spend-based CUD model and you no longer need to optin to benefit from the expanded coverage. For the full list of eligible SKUsacross Compute Engine, GKE, and Cloud Run,seeSKU Groups - Compute Flexible CUD Eligible SKUs.

To learn more about compute flexible CUDs and how they apply to your usage, seethecompute flexible CUDs documentation.

Dataproc on Compute Engine:Sharing snapshot diagnostic data: Setting the--tarball-access=GOOGLE_DATAPROC_DIAGNOSE flag with thegcloud dataproc clusters diagnose command shares all of the output Cloud Storage bucket contents with Google Cloud support ifuniform bucket-level access is enabled on the output Cloud Storage bucket. If object-level access control is enabled on the output Cloud Storage bucket, only the generated diagnostic tar file is shared.

NewServerless for Apache Spark runtime versions:

• 1.2.69
• 2.2.69
• 2.3.22
• 3.0.5

Serverless for Apache Spark: Added support for removingconscrypt from Serverless for Apache Spark2.3+ runtimes using thedataproc.artifacts.removeproperty .

You can nowconnect to Secure Source Manager using Developer Connect.

Gemini Enterprise: Security update

CVE-ID:CVE-2026-1727

Vulnerability: Mitigation for Potential Cloud Storage Namespace Hijacking("Bucket Squatting")

Description: We have addressed a security vulnerability(CVE-2026-1727) in Gemini Enterprise related to the management ofCloud Storage bucket names. The issue, commonly known as "bucket squatting," can ariseif an attacker pre-emptively registers a bucket name that Gemini Enterpriseservices might be configured to use.

Potential impact: Exploitation of this vulnerability can let an attackerintercept, access, or manipulate data intended for a legitimateGemini Enterprise-related Cloud Storage bucket.

Status: This vulnerability has been remediated in Gemini Enterprise. We haveenhanced our systems to ensure the integrity and proper ownership ofCloud Storage resources used by the platform, which prevents thispotential issue.

Action required: No action is required from users. Thenecessary fixes and safeguards have been automatically deployed toGemini Enterprise.

Gemini Enterprise: Welcome emails

After a user signs in to Gemini Enterprise for the first time, the user receivesa welcome email with tips on how to get the most out of Gemini Enterprise.Gemini Enterprise admins can turn this feature on or off from the admin settings.

For more information, seeManage web appfeatures.

Gemini Enterprise: Data connector for Linear (Public preview)

You can connect Linear data stores to Gemini Enterprise. For more information,seeConnect Linear.

Support for Linear data sources is in Public preview.

The DataRobotaction is now deprecated. This action is no longer available in the Looker Action Hub.

Google Cloud NetApp Volumes supports the all-squash feature for NFS exports.This option lets you enhance security by mapping all client user IDs to a singleanonymous user ID (UID=65534). For more information, seeUser ID squashing.

You can nowconnect to Secure Source Manager using Developer Connect.

Google Cloud Managed Lustre is generally available(GA).

Google Cloud Managed Lustre is generally available(GA).

Virtual columns forexpressionsis a feature of the columnar engine inPreview thatsignificantly improves query performance and reduces CPU consumption. It cachesthe results of frequently used expressions, which is especially beneficial foranalytical workloads on large datasets. This feature is supported for PostgreSQLversion 16 and higher.

You can configureDirect VPC ingress for Cloud Run worker pools. When you configure Direct VPC ingress,each worker instance receives a private IP address on your configured networkand subnet. To access private IP addresses between instances in your VPC network for secure internal communication, see Retrieve the private IP addresses using the metadata server (MDS). 

Cluster Toolkit version v1.81.0 is available. This release addssupport for the Dynamic Workload Scheduler (DWS) Flex-start provisioning model on TPU7x and TPU v6e resources. This release also updates Slurm cluster blueprints touse the Cloud Storage FUSE profile feature for AI/ML Cloud Storage bucket mounts.

For more information about this release, see theReleaseannouncement on GitHub.

Generally available: You can use Hyperdisk ML with the following machineseries and Cloud TPU versions:

• C4A machine series
• A4 machine series
• A4X machine series
• G4 machine series
• TPU v5e
• TPU v5p
• TPU7x

For more information, seeAbout Hyperdisk ML.

Fixed thespark.driver.extraClassPath delimiter for the Jupyter SparkMonitor Listener.

Added a newdataproc:pypi.repository property to customize the PyPI repository used for pip. The value can be a URL, orgoogle to use a Google-hosted cache of PyPI, accessible without public internet connectivity. Starting in image version 3.1,google will be the default; to opt out and return to public PyPI, use the valuepypi.

NewDataproc on Compute Engine subminor image versions:

• 2.0.158-debian10, 2.0.158-ubuntu18, 2.0.158-rocky8
• 2.1.107-debian11, 2.1.107-ubuntu20, 2.1.107-ubuntu20-arm, 2.1.107-rocky8
• 2.2.75-debian12, 2.2.75-ubuntu22, 2.2.75-ubuntu22-arm, 2.2.75-rocky9
• 2.3.22-debian12, 2.3.22-ml-ubuntu22, 2.3.22-rocky9, 2.3.22-ubuntu22, 2.3.22-ubuntu22-arm

Parquet CLI version upgraded to 1.15.2 in 2.1 and 2.2 images.

Fixed a bug in the ARM image that prevented connecting to a Dataproc Metastore instance with a gRPC protocol endpoint.

Apache Pig is now available in ARM images.

Delta subminor version upgraded to 3.2.1 in Dataproc on Compute Engine image 2.2 and 2.3.

Removed use of deprecated Hadoop configuration propertiesfs.default.name andyarn.resourcemanager.system-metrics-publisher.enabled.

Google Distributed Cloud (software only) for VMware 1.32.800-gke.126 is now availablefor download. To upgrade, seeUpgrade clusters.Google Distributed Cloud 1.32.800-gke.126 runs on Kubernetes v1.32.11-gke.200.

If you are using a third-party storage vendor, check the Google Distributed Cloud-readystorage partners document to make sure the storage vendor has already passed thequalification for this release.

After a release, it takes approximately 7 to 14 days for the version to becomeavailable for use with GKE On-Prem API clients: the Google Cloud console, thegcloud CLI, and Terraform.

Google Distributed Cloud (software only) for bare metal 1.32.800-gke.126 is nowavailable for download. To upgrade, seeUpgrade clusters.Google Distributed Cloud for bare metal 1.32.800-gke.126 runs on Kubernetesv1.32.11-gke.200.

After a release, it takes approximately 7 to 14 days for the version to becomeavailable for installations or upgrades with the GKE On-Prem API clients: theGoogle Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Google Distributed Cloud-readystorage partners document to make sure the storage vendor has already passedthe qualification for this release of Google Distributed Cloud for bare metal.

Image streaming is now available in theasia-southeast3 region. For more information,see theImage streaming documentation.

Looker Studio Pro for Google Workspace

You can purchase a Looker Studio Pro subscription from the Google Workspace Admin console.

Learn more about Looker Studio Pro for Workspace.

Export chart to image

You can now export a chart to an image by saving it as a PNG file or by copying it to your clipboard.

SeeExport data from a chart for more information.

Now displaying Conversational Analytics reasoning

After you enter your query, clickShow reasoning to see a plain text explanation of the steps that Conversational Analytics took to interpret your query.

SeeShow reasoning for more information.

Link to chart in report

You can now link to a specific component, like a chart or control, in your report.

SeeLink to a component for more information.

Google Cloud's Agent for SAP version 3.11

Version 3.11 of Google Cloud's Agent for SAP is generally available (GA). Thisversion introduces enhancements for optimizing performance of SAP HANA runningon X4 instances, disk snapshot based backup and recovery for SAP HANA, andVM Extension Manager support to install and manage the agent on yourVM fleet.

For more information, seeWhat's new with Google Cloud's Agent for SAP.

Data transfers from theYouTube ChannelandYouTube Content Ownerdata sources now support reach reports. For more information, seeYouTube Channel report transformationandYouTube Content Owner report transformation.

You can now associatedata policies directly oncolumns. Thisfeature enables direct database administration for controlling access andapplying masking and transformation rules at the column level. This feature isnowgenerallyavailable (GA).

Upcoming Spark data lineage changes See the upcoming May,2026 Dataproc and Serverless for Apache Spark release notes for an announcementof a change that will automatically enableDataproc Spark data lineage andServerless for Apache Spark data lineagewhen you enable the Data Lineage API (seeControl lineage ingestion for a service)without requiring additional project, cluster, batch workload, orinteractive session settings.

Gemini Enterprise and NotebookLM Enterprise: Usage audit logs available in Cloud Logging

Gemini Enterprise admins can access user query and response audit logs inCloud Logging for both Gemini Enterprise and NotebookLM Enterprise.

For more information, see:

• Configure usage audit logging for Gemini Enterprise
• Configure usage audit logging for NotebookLM Enterprise

Anthropic's Claude Opus 4.6

Claude Opus 4.6is available in Model Garden.

Google Distributed Cloud (software only) for VMware 1.33.400-gke.113 is now availablefor download. To upgrade, seeUpgrade clusters.Google Distributed Cloud 1.33.400-gke.113 runs on Kubernetes v1.33.5-gke.1900.

If you are using a third-party storage vendor, check the Google Distributed Cloud-readystorage partners document to make sure the storage vendor has already passed thequalification for this release.

After a release, it takes approximately 7 to 14 days for the version to becomeavailable for use with GKE On-Prem API clients: the Google Cloud console, thegcloud CLI, and Terraform.

Google Distributed Cloud (software only) for bare metal 1.33.400-gke.113 is nowavailable for download. To upgrade, seeUpgrade clusters. Google Distributed Cloud forbare metal 1.33.400-gke.113 runs on Kubernetes v1.33.5-gke.1900.

After a release, it takes approximately 7 to 14 days for the version to becomeavailable for installations or upgrades with the GKE On-Prem API clients: theGoogle Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Google Distributed Cloud-readystorage partners document to make sure the storage vendor has already passedthe qualification for this release of Google Distributed Cloud for bare metal.

(2026-R5) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following versions are now available for new GKE clusters, and formanual control plane upgrades and node upgrades for existing clusters. For moreinformation about versioning and upgrades, seeGKE versioning andsupport andAbout GKEcluster upgrades.

(2026-R5) Security updates

This release includes new GKE versions that use updatedContainer-Optimized OS images. These updated images are cumulative,incorporating security fixes from all Container-Optimized OSversions released since the previous GKE release.

To identify the specific vulnerabilities that were resolved in each updatedContainer-Optimized OS image, see theSecurity release notesfor that image. The following table includes links to the release notes foreach updated Container-Optimized OS image:

(2026-R5) Version updates

• Version1.34.3-gke.1051003 is now the default version for cluster creation in the Extended channel.
• The following versions are now available in the Extended channel:
  • 1.30.14-gke.1922000
  • 1.30.14-gke.1991000
  • 1.31.14-gke.1243000
  • 1.31.14-gke.1336000
  • 1.33.5-gke.2228001
• The following versions are no longer available in the Extended channel:
  • 1.29.15-gke.2629000
  • 1.29.15-gke.2660000
  • 1.29.15-gke.2725000
  • 1.30.14-gke.1870000
  • 1.30.14-gke.1973000
  • 1.31.14-gke.1156000
  • 1.31.14-gke.1319000
  • 1.32.9-gke.1734000
  • 1.33.5-gke.2118001
  • 1.34.1-gke.3971002
• Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
  • GKE upgrades clusters to the following new minor versions if there are no factors, such asmaintenance exclusions or deprecated APIs, preventing upgrades:
    • 1.29 to1.30.14-gke.1901000
  • GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster hasmaintenance exclusions or other factors preventing minor version upgrades:
    • 1.30 to1.30.14-gke.1901000
    • 1.31 to1.31.14-gke.1166000
    • 1.32 to1.32.11-gke.1038000
    • 1.33 to1.33.5-gke.2172001
    • 1.34 to1.34.3-gke.1051003

(2026-R5) Version updates

• Version1.34.3-gke.1051003 is now the default version for cluster creation.
• The following versions are now available:
  • 1.32.11-gke.1211000
  • 1.33.5-gke.2392000
  • 1.34.3-gke.1318000
• The following node versions are now available:
  • 1.30.14-gke.1991000
  • 1.31.14-gke.1336000
  • 1.32.11-gke.1211000
  • 1.33.5-gke.2392000
  • 1.34.3-gke.1318000
• The following versions are no longer available:
  • 1.32.9-gke.1711000
  • 1.32.11-gke.1153001
  • 1.33.5-gke.2019000
  • 1.33.5-gke.2100000
  • 1.33.5-gke.2288001
  • 1.34.1-gke.3971002
  • 1.34.3-gke.1136000
• Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
  • GKE upgrades clusters to the following new minor versions if there are no factors, such asmaintenance exclusions or deprecated APIs, preventing upgrades:
    • 1.31 to1.32.11-gke.1038000
    • 1.32 to1.33.5-gke.2100001
  • GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster hasmaintenance exclusions or other factors preventing minor version upgrades:
    • 1.32 to1.32.11-gke.1038000
    • 1.33 to1.33.5-gke.2100001
    • 1.34 to1.34.3-gke.1051003

(2026-R5) Version updates

• Version1.35.0-gke.2232000 is now the default version for cluster creation in the Rapid channel.
• The following versions are now available in the Rapid channel:
  • 1.32.11-gke.1211000
  • 1.33.5-gke.2392000
  • 1.34.3-gke.1318000
  • 1.35.0-gke.2398000
• The following versions are no longer available in the Rapid channel:
  • 1.32.11-gke.1038000
  • 1.32.11-gke.1153001
  • 1.33.5-gke.2228001
  • 1.33.5-gke.2288001
  • 1.34.3-gke.1051003
  • 1.34.3-gke.1136000
  • 1.35.0-gke.1795000
  • 1.35.0-gke.2180000
• Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
  • GKE upgrades clusters to the following new minor versions if there are no factors, such asmaintenance exclusions or deprecated APIs, preventing upgrades:
    • 1.31 to1.32.11-gke.1174000
    • 1.32 to1.33.5-gke.2326000
    • 1.33 to1.34.3-gke.1245000
  • GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster hasmaintenance exclusions or other factors preventing minor version upgrades:
    • 1.32 to1.32.11-gke.1174000
    • 1.33 to1.33.5-gke.2326000
    • 1.34 to1.34.3-gke.1245000
    • 1.35 to1.35.0-gke.2232000

(2026-R5) Version updates

• Version1.34.3-gke.1051003 is now the default version for cluster creation in the Regular channel.
• Version1.33.5-gke.2228001 is now available in the Regular channel.
• The following versions are no longer available in the Regular channel:
  • 1.32.9-gke.1734000
  • 1.33.5-gke.2118001
  • 1.34.1-gke.3971002
• Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
  • GKE upgrades clusters to the following new minor versions if there are no factors, such asmaintenance exclusions or deprecated APIs, preventing upgrades:
    • 1.31 to1.32.11-gke.1038000
    • 1.32 to1.33.5-gke.2172001
  • GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster hasmaintenance exclusions or other factors preventing minor version upgrades:
    • 1.32 to1.32.11-gke.1038000
    • 1.33 to1.33.5-gke.2172001
    • 1.34 to1.34.3-gke.1051003

(2026-R5) Version updates

• Version1.33.5-gke.2100001 is now the default version for cluster creation in the Stable channel.
• The following versions are now available in the Stable channel:
  • 1.32.9-gke.1734000
  • 1.33.5-gke.2118001
• The following versions are no longer available in the Stable channel:
  • 1.32.9-gke.1711000
  • 1.33.5-gke.2072001
• Clusters in this channel running the listed minor version have new general auto-upgrade targets. GKE can upgrade control planes and nodes to the following new versions with this release:
  • GKE upgrades clusters to the following new minor versions if there are no factors, such asmaintenance exclusions or deprecated APIs, preventing upgrades:
    • 1.31 to1.32.9-gke.1728000
    • 1.32 to1.33.5-gke.2100001
  • GKE upgrades clusters to the following new patch versions if no minor version upgrade is available, or if the cluster hasmaintenance exclusions or other factors preventing minor version upgrades:
    • 1.32 to1.32.9-gke.1728000
    • 1.33 to1.33.5-gke.2100001

New parser documentation now available

New parser documentation is available to help you ingest and normalize logs from the following sources:

• Collect ForgeRock OpenIDM logs
• Collect Forseti Open Source logs
• Collect Fortinet FortiClient logs
• Collect Fortinet FortiDDoS logs
• Collect Fortinet FortiEDR logs
• Collect Fortinet FortiManager logs
• Collect Fortinet Switch logs
• Collect Fortra Powertech SIEM Agent logs
• Collect Google App Engine logs
• Collect Google Cloud DNS Threat Detector logs
• Collect Google Cloud Monitoring alerting activity logs
• Collect Google Cloud Network Connectivity Center logs
• Collect Google Cloud Secure Web Proxy logs
• Collect Gmail logs
• Collect H3C Comware Platform Switch logs
• Collect HackerOne logs
• Collect Hillstone Firewall logs
• Collect Hitachi Content Platform logs
• Collect HYPR MFA logs
• Collect IBM Guardium logs

The re.capture_all function is now available

The newre.capture_all YARA-L 2.0 function is available in Rules, Search, and Dashboards.

Use there.capture_all() function to extract every non-overlapping match of a regular expression from a string. While the standardre.capture function stops after the first match it finds, there.capture_all() function continues through the entire string to identify every instance that matches your pattern.

Siemplify ThreatFuse: Version 16.0

• Updated the configuration (Connector.def) of the following connector::

  • Siemplify ThreatFuse - Observables Connector

Siemplify: Version 102.0

• Refactored the following actions:

  • Get Case Details

  • Wait For Custom Fields

  • Set Custom Fields

  • Get Similar Cases

  • Get Custom Field Values

  • Export Case

• Updated error handling in the following action:

  • Assign Case

Google Chronicle: Version 75.0

• Optimized performance for large data tables in the following actions:

  • Is Value In Data Table

  • Remove Rows From Data Table

Azure Security Center: Version 13.0

• Updated the configuration (Connector.def) of the following connector:

  • Azure Security Center - Security Alerts Connector

New parser documentation now available

New parser documentation is available to help you ingest and normalize logs from the following sources:

• Collect ForgeRock OpenIDM logs
• Collect Forseti Open Source logs
• Collect Fortinet FortiClient logs
• Collect Fortinet FortiDDoS logs
• Collect Fortinet FortiEDR logs
• Collect Fortinet FortiManager logs
• Collect Fortinet Switch logs
• Collect Fortra Powertech SIEM Agent logs
• Collect Google App Engine logs
• Collect Google Cloud DNS Threat Detector logs
• Collect Google Cloud Monitoring alerting activity logs
• Collect Google Cloud Network Connectivity Center logs
• Collect Google Cloud Secure Web Proxy logs
• Collect Gmail logs
• Collect H3C Comware Platform Switch logs
• Collect HackerOne logs
• Collect Hillstone Firewall logs
• Collect Hitachi Content Platform logs
• Collect HYPR MFA logs
• Collect IBM Guardium logs

The re.capture_all function is now available

The newre.capture_all YARA-L 2.0 function is available in Rules, Search, and Dashboards.

Use there.capture_all() function to extract every non-overlapping match of a regular expression from a string. While the standardre.capture function stops after the first match it finds, there.capture_all() function continues through the entire string to identify every instance that matches your pattern.

New parser documentation now available

New parser documentation is available to help you ingest and normalize logs from the following sources:

• Collect ForgeRock OpenIDM logs
• Collect Forseti Open Source logs
• Collect Fortinet FortiClient logs
• Collect Fortinet FortiDDoS logs
• Collect Fortinet FortiEDR logs
• Collect Fortinet FortiManager logs
• Collect Fortinet Switch logs
• Collect Fortra Powertech SIEM Agent logs
• Collect Google App Engine logs
• Collect Google Cloud DNS Threat Detector logs
• Collect Google Cloud Monitoring alerting activity logs
• Collect Google Cloud Network Connectivity Center logs
• Collect Google Cloud Secure Web Proxy logs
• Collect Gmail logs
• Collect H3C Comware Platform Switch logs
• Collect HackerOne logs
• Collect Hillstone Firewall logs
• Collect Hitachi Content Platform logs
• Collect HYPR MFA logs
• Collect IBM Guardium logs

The re.capture_all function is now available

The newre.capture_all YARA-L 2.0 function is available in Rules, Search, and Dashboards.

Use there.capture_all() function to extract every non-overlapping match of a regular expression from a string. While the standardre.capture function stops after the first match it finds, there.capture_all() function continues through the entire string to identify every instance that matches your pattern.

For Exadata Database Service, Oracle Database@Google Cloud supports theasia-northeast2 (Osaka, Japan) region.

For a list of supported locations, seeSupported regions and zones.

You can create individual static external IPv4 addresses frombring your own IP addresses (BYOIP) prefixes. This feature isavailable inGeneral Availability and only applies to IPv4regional v2 prefixes that are created afterDecember 13, 2025.

For more information, seeEnhanced IP address allocation.

Copy an AML AI model to a separate AML AI instance. SeeCopy models to new instances to find out more about how this works.

Support for configuring two condition types within a single security action

Announcing the availability of support for two condition typesin a single security action. For example, you can include both IP addresses andASN numbers in the same security action.

This feature is available in Apigee and Apigee hybrid 1.16.0 and later.

Note: This feature is available when configuring the security actionvia the API, not the UI, at this time.

For usage information, seeConfigure multiple condition types in the documentation.

On February 3, 2026 we released an updated version of Advanced API Securitysecurity actions

Gemini in BigQuery now processes data in the same jurisdiction (US orEU) asyour BigQuery datasets, or based upon user-specified location settings. For moreinformation, seeWhere Gemini BigQuery processes yourdata.

cos-dev-129-19506-0-0

Upgraded chromeos-base/power_manager-client to v0.0.1-r2972.

Upgraded net-libs/gnutls to v3.8.11.

Upgraded sys-apps/dmidecode to v3.7.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2833.

Fixed KCTF-50da4b9 in the Linux kernel.

Removed the futility program from the root file system.

Fixed CVE-2025-61729 in dev-lang/go.

Upgraded app-crypt/mit-krb5 from version 1.20.1 to version 1.22.1.

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Fixed CVE-2025-61727 in dev-lang/go.

Upgrade dev-libs/json-c from 0.16-r1 to 0.18.0.

Added binary auth-provider-gcp.

Updated app-containers/runc to v1.4.0.

Upgraded app-admin/fluent-bit to v4.2.2.

Upgraded sys-apps/nvme-cli from version 1.6-r1 to version 2.16, added package sys-libs/libnvme.

Updated cos-gpu-installer to v2.5.10.

Upgraded sys-apps/less to v691.

Upgraded app-admin/google-guest-configs to v20260112.00.

Upgraded app-containers/docker-credential-gcr to v2.1.31

Upgraded chromeos-base/google-breakpad to v2026.01.12.054131-r266.

Upgraded app-containers/cni-plugins to v1.9.0.

Upgraded app-shells/bash to v5.3.

Fixed CVE-2025-13837 in dev-lang/python.

Upgraded dev-db/sqlite to v3.51.1.

Fixed CVE-2025-66471 and CVE-2025-66418 in dev-python/urllib3.

Added support for CASFS (Content Addressable Storage File System) as a kernel module.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r671.

Upgraded google-guest-configs to v20260121.00.

Upgraded app-containers/docker-credential-helpers to v0.9.5.

Updated kubelet and kubectl to v1.35.0.

Made it so that /mnt/disks is mounted as noexec.

Upgraded sys-apps/pv to v1.10.3.

Updated dev-libs/openssl to v3.5.4.

Upgraded chromeos-base/debugd-client to v0.0.1-r2737.

Upgraded app-admin/sosreport to v4.10.2.

Fixed CVE-2025-12084 in dev-lang/python.

Updated sys-libs/readline to v8.3.

Upgrade dev-libs/libuv from 1.43.0 to 1.51.0-r1.

Fixed KCTF-2397e92 in the Linux kernel.

Updated the Linux kernel to v6.12.67.

Upgraded app-admin/oslogin to v20260116.00.

Upgraded chromeos-base/google-breakpad to v2026.01.16.201758-r268.

Updated CONFIG_BLK_DEV_LOOP_MIN_COUNT to 0. This allowsunlimited loop devices.

Upgraded sys-apps/kmod to v34.2.

Upgraded net-misc/socat to v1.8.1.0.

Updated app-containers/containerd to v2.2.0.

Fixed CVE-2026-21441 in dev-python/urllib3.

Upgraded net-dns/c-ares to v1.34.6.

Upgraded sys-libs/libseccomp to v2.6.0-r3.

Upgraded app-benchmarks/microbenchmarks to v0.0.1-r21.

Fixed CVE-2025-13836 in dev-lang/python.

Upgraded chromeos-base/google-breakpad to v2025.12.22.204548-r263.

Upgrade dev-util/cmake from 3.26.4 to 3.31.9.

cos-125-19216-104-133

Fixed CVE-2025-71148 in the Linux kernel.

Fixed CVE-2025-71151 in the Linux kernel.

Fixed CVE-2026-22994 in the Linux kernel.

Fixed CVE-2026-22979 in the Linux kernel.

Fixed CVE-2026-22998 in the Linux kernel.

Fixed CVE-2026-22980 in the Linux kernel.

Fixed CVE-2026-23011 in the Linux kernel.

Fixed CVE-2025-38591 in the Linux kernel.

Fixed CVE-2026-23005 in the Linux kernel.

Fixed CVE-2026-22976 in the Linux kernel.

Fixed CVE-2026-23010 in the Linux kernel.

Fixed KCTF-50da4b9 in the Linux kernel.

Fixed CVE-2025-71160 in the Linux kernel.

Fixed CVE-2025-71157 in the Linux kernel.

Fixed CVE-2026-22996 in the Linux kernel.

Fixed KCTF-2397e92 in the Linux kernel.

Fixed CVE-2026-23003 in the Linux kernel.

Fixed CVE-2026-22989 in the Linux kernel.

Fixed CVE-2025-40149 in the Linux kernel.

Fixed CVE-2026-22988 in the Linux kernel.

Fixed CVE-2026-23002 in the Linux kernel.

Fixed CVE-2025-71149 in the Linux kernel.

Fixed CVE-2026-22977 in the Linux kernel.

Fixed CVE-2026-22999 in the Linux kernel.

Fixed CVE-2026-23001 in the Linux kernel.

Runtime sysctl changes:

• Changed: kernel.tainted: 4096 -> 4608

Fixed CVE-2025-71156 in the Linux kernel.

Fixed CVE-2026-0915 in sys-apps/glibc.

Fixed CVE-2026-23000 in the Linux kernel.

cos-121-18867-294-112

Fixed CVE-2025-71148 in the Linux kernel.

Fixed KCTF-2397e92 in the Linux kernel.

Fixed CVE-2025-71151 in the Linux kernel.

Enabled TC Traffic Police as a module.

Fixed CVE-2026-22994 in the Linux kernel.

Fixed CVE-2026-22988 in the Linux kernel.

Fixed CVE-2025-71160 in the Linux kernel.

Fixed CVE-2026-22976 in the Linux kernel.

Fixed CVE-2026-22979 in the Linux kernel.

Fixed CVE-2026-22980 in the Linux kernel.

Fixed CVE-2025-71149 in the Linux kernel.

Fixed CVE-2026-22977 in the Linux kernel.

Runtime sysctl changes:

• Changed: kernel.tainted: 4096 -> 4608

Fixed KCTF-50da4b9 in the Linux kernel.

Fixed CVE-2025-22111 in the Linux kernel.

Fixed CVE-2026-0915 in sys-apps/glibc.

cos-117-18613-439-120

Fixed CVE-2025-71151 in the Linux kernel.

Fixed CVE-2026-22977 in the Linux kernel.

Fixed CVE-2026-22979 in the Linux kernel.

Fixed CVE-2026-22980 in the Linux kernel.

Runtime sysctl changes:

• Changed: kernel.tainted: 4096 -> 4608

Fixed KCTF-50da4b9 in the Linux kernel.

Fixed KCTF-2397e92 in the Linux kernel.

Fixed CVE-2026-0915 in sys-apps/glibc.

Fixed CVE-2026-22994 in the Linux kernel.

Fixed CVE-2025-71148 in the Linux kernel.

Fixed CVE-2026-22988 in the Linux kernel.

Fixed CVE-2026-22976 in the Linux kernel.

Fixed CVE-2025-71149 in the Linux kernel.

Fixed CVE-2025-71160 in the Linux kernel.

cos-113-18244-521-98

Fixed CVE-2026-0915 in sys-apps/glibc.

Fixed CVE-2026-22988 in the Linux kernel.

Upgraded sys-apps/less to v691.

Fixed KCTF-50da4b9 in the Linux kernel.

Fixed KCTF-2397e92 in the Linux kernel.

Fixed CVE-2026-22977 in the Linux kernel.

Fixed CVE-2026-22979 in the Linux kernel.

Fixed CVE-2024-49968 in the Linux kernel.

Fixed CVE-2026-22994 in the Linux kernel.

Fixed CVE-2026-22980 in the Linux kernel.

Fixed CVE-2025-71149 in the Linux kernel.

Fixed CVE-2026-22976 in the Linux kernel.

The following issues were addressed in this release:

• Fixed an issue on the Agent Performance dashboard where theDisconnectStatus field for chats incorrectly displayedUnknown or was empty.

• Fixed an issue on the All Interactions - Calls dashboard where theSLA%andSLA% by 30 Minute Interval tiles displayed the wrong calculations.

• Fixed an issue where theVoice Inbound (Direct) andVoice Outbound(Direct) values were missing from theInteraction Type filter on thefollowing dashboards:

  • Real-time Calls - Calls Queued

  • Real-time Queue Monitoring - Calls

• Fixed an issue where theCall Type field on theAgent ProductivityDetailed - Calls table of the Agent Performance dashboard displayedUnknown instead ofVoice Inbound (Direct) orVoice Outbound (Direct).

• Fixed the experience for filtering on the consumer phone number for thefollowing dashboards:

  • All Interactions - Calls

  • Real-time Calls - Calls Connected

  • Abandons - Calls

• Fixed an issue on the All Interactions - Calls dashboard where widgetsweren't loading.

• Fixed an issue on the Email dashboard where agent information was missingfor email sessions that were started by the end-user.

• Fixed an issue where theConsumer Phone Number field was missing fromthe following dashboards:

  • Agent Activity

  • Failed Sessions - Calls

  • Missed Interactions - Calls

  • Abandons - Calls

  • CSAT - Calls

  We also renamed theCustomer ANI field toConsumer Phone Number.

Email dashboard

The Email dashboard now includes the following table:

• Queue Transfers Detail: email transfer information at the instance,queue, and session levels

For more information, seeEmail.

Advanced reporting dashboards 3.43

We've released version 3.43 of the advanced reporting dashboards.

Performance overview dashboard

The performance overview dashboard now includes the following tiles:

• Avg Queue Time: the average time a session (call or chat) spent in aqueue until an agent accepted it or the end-user abandoned it

• Avg Queue Abandon Time: the average time that sessions (calls or chats)waited in a queue before being disconnected without an agent accepting them

• Sentiment Score: the average sentiment score for sessions (calls orchats)

For more information, seePerformance overviewdashboard.

The following Google Distributed Cloud connected components have been updated:

• GDC software-only has been updated to version v1.33.300-gke.60.(This component was formerly known as GKE on Bare Metal and as Anthos Clusters on Bare Metal.)

• Kubernetes has been updated to version 1.33.5-gke.900.

• EdgeOS kernel has been updated to version6.12.31.

• Symcloud Storage has been updated to version 5.4.18-278.

The following functionality has been deprecated in this release of Google Distributed Cloud connected:

• GDC connected racks form factor. The Google Distributed Cloud connected racks form factor, also knownas Config 1 and Config 2, has been deprecated and all documentation for Google Distributed Cloud connectedfeatures related to this form factor has been removed from product documentation. The last minor releaseof Google Distributed Cloud connected that supports the racks form factor isGoogle Distributed Cloud connected 1.11.

This is a minor release of Google Distributed Cloud connected (version 1.12.0). Google Distributed Cloud software updatesroll out gradually across regions. The latest version might not be immediately available on your Google Distributed Cloudconnected deployment.

The following issues have been resolved in this release of Google Distributed Cloud connected:

• Virtual machines no longer intermittently freeze. Through a combination of updates to Symcloud Storage andnew firmware for the integrated Dell Remote Access Controller (iDRAC),we have improved the resilience of virtual machine workloads against unstable mains power and resolved freezescaused by storage snapshotting. For more information, contactGoogle Support.

• Auto-renewal of TLS certificates for Symcloud Storage no longer fails. Symcloud Storage host services no longerreport aCritical state if a Google Distributed Cloud connected node was restarted after the Symcloud Storage TLScertificate has expired. These certificates now renew automatically when the Google Distributed Cloud connected softwareon the cluster is upgraded.

• Symcloud Storage volumes no longer intermittently enterDegraded state due to disk initialization failures.Disk initialization jobs now automatically retry until they succeed if transient control plane instability causes them to fail.

• Single-node cluster upgrades no longer fail due to race conditions. A number of bugs inrunc have been resolved, eliminatingrace conditions that caused single-node cluster upgrade failures.

Security mitigations for the following vulnerabilities have been implemented in this release of Google Distributed Cloud connected:

• OS layer security mitigations: All CVEs that have been resolved up to the LTS kernel version 6.12.31 (inclusive).

• GDC software-only security mitigations: All mitigations listed in theGDC software-only release notes up to version1.33.300-gke.60 (inclusive).

The following new functionality has been introduced in this release of Google Distributed Cloud connected:

• Refreshed GDC connected servers G2 hardware. We are now shipping refreshed Google Distributed Cloud connectedservers G2 hardware based on the Dell XR8000 series platform. For more information, seePlan the hardware configuration.

• Virtual machine image download with Workload Identity. You can now access Cloud Storage buckets that holdyour virtual machine images using a Kubernetes service account impersonating a Google service account. For moreinformation, seeCreate a Cloud Storage bucket for virtual machine images.

This release of Google Distributed Cloud connected contains the following known issues:

• Symcloud Storage pods can enter aCrashLoopBackOff state due to bootstrapping failures.. The Symcloud Storageworker pods can intermittently restart multiple times while bootstrapping, preventing theconfig.ini file from beinggenerated, which causes the pods to fail repeatedly. To remedy this issue, contactGoogle Support.

• Symcloud Storage jobs can stall due to thread lock contention. A race condition caused by lock contention betweenmultiple threads can prevent Symcloud Storage jobs, such as volume attachment, detachment, creation, or deletion to stall.To remedy this issue, contactGoogle Support.

• Symcloud Storage activation can stall due to scheduling conflicts following transient pre-install job failures.The pre-installation job does not tolerate transient failures, such ascontainerd issues. If a job pod fails but isn'tautomatically deleted, existing pod affinity constraints prevent a replacement pod from being scheduled. This leaves thejob incomplete and stalls the Symcloud Storage activation process. To remedy this issue, contactGoogle Support.

• RobinCluster status updates can be delayed after reconciliation. TheRobinCluster status may not immediatelyreflect a Ready state even after reconciliation has completed. This delay occurs because the Symcloud Storage Operator'sback-off timer can increase to over 10 minutes during reconciliation, causing a lag in reporting the final status.

• Network Operator metrics missing in Cloud Monitoring. Metrics for Network Function operators are not reported inCloud Monitoring if the Google Cloud project hosting the cluster exceeds its Cloud Monitoring API ingestion quota limits.To remedy this issue, review your Cloud Monitoring API quota usage. If you consistently reach the limits, request a quotaincrease through the Google Cloud Console.

The following Google Distributed Cloud connected components have been updated:

• Symcloud Storage has been updated to version 5.4.16-166.

The following issues have been resolved in this release of Google Distributed Cloud connected:

• Single-node cluster upgrades no longer fail due to race conditions. A number of bugs inrunc have been resolved, eliminatingrace conditions that caused single-node cluster upgrade failures.

• Virtual machines no longer intermittently freeze. Through a combination of updates to Symcloud Storage andnew firmware for the integrated Dell Remote Access Controller (iDRAC),we have improved the resilience of virtual machine workloads against unstable mains power and resolved freezescaused by storage snapshotting. For more information, contactGoogle Support.

• Improved reliability of virtual machine workloads. This release addresses Symcloud Storage issues contributing tofreezing and slow recovery of VM workloads:iomgrbmap cache assertion,bmap repopulation performance, andbmapgarbage collection performance.

• Virtual machine workloads no longer throw aSyncFailed error when reading large amounts of remote data. A racecondition was resolved that caused virtual machine workloads to stop responding to their clients if the network connectionfailed when reading large amounts of data remotely. The race condition caused the virtual machine to become unhealthy andreport the following event:SyncFailed virt-handler unknown error encountered sending command SyncVMI: rpc error: code = DeadlineExceeded desc = context deadline exceeded.

• Patroni cluster now synchronizes properly when restarted after an ungraceful shutdown. If the Patroni cluster was not gracefullyshut down, it could fail to synchronize correctly upon restart, leading to an outage of the Robin Service.

• Symcloud Storage pods now start up properly even if some pods are not ready when a node is cordoned or terminated. The PatroniStatefulSet used theOrdered pod management policy, which prevented remaining pods from starting up if the previous pod wasn't ready.The updated policy now allows each pod to recover regardless of the state of the other pods.

This release of Google Distributed Cloud connected contains the following known issues:

• Robin Service fails after restarting a worker node due to expired TLS certificates. Symcloud Storage TLS certificatesdo not auto-renew. If a worker pod is restarted while the corresponding certificate is expired, all Robin host services reportaCritical state. To remedy this issue, contactGoogle Support.

• Symcloud Storage jobs can stall due to thread lock contention. A race condition caused by lock contention between multiplethreads can cause Symcloud Storage jobs, such as volume creation, deletion, attachment, or detachment, to stall. To remedy thisissue, contactGoogle Support.

• Symcloud Storage pods can enter aCrashLoopBackOff state due to bootstrapping failures. The Symcloud Storage worker podscan intermittently restart multiple times while bootstrapping, preventing theconfig.ini file from being generated, which causesthe pods to fail repeatedly. To remedy this issue, contactGoogle Support.

• Symcloud Storage cluster in Degraded state after installation. Transient control plane instability can cause the diskinitialization job to fail and there is no automatic retry upon job failure. This results in the installation ending withthe Symcloud Storage cluster inDegraded state. To remedy this issue, contactGoogle Support.

• Symcloud Storage activation can stall due to scheduling conflicts following transient pre-install job failures. The pre-installationjob does not tolerate transient failures, such as containerd issues. If a job pod fails but isn't automatically deleted, existing pod affinity constraints prevent a replacement pod from being scheduled. This leaves the job incomplete and stalls the Symcloud Storage activation process.To remedy this issue, contactGoogle Support.

• RobinCluster status updates can be delayed after reconciliation. TheRobinCluster status may not immediately reflectaReady state even after reconciliation has completed. This delay occurs because the Symcloud Storage Operator's back-offtimer can increase to over 10 minutes during reconciliation, causing a lag in reporting the final status.

This is a patch release of Google Distributed Cloud connected (version 1.11.1). Google Distributed Cloud software updatesroll out gradually across regions. The latest version might not be immediately available on your Google Distributed Cloudconnected deployment.

Image streaming and secondary boot disks are now generally available (GA) fornodes using the Ubuntu with containerd (UBUNTU_CONTAINERD) image type. Thesefeatures improve workload startup performance on GKE Standard and Autopilot clustersthrough image data streaming and preloaded disk data. To use these features onUbuntu nodes, your cluster must be running GKE version 1.35.0-gke.1403000 or later.

For more information, see the documentation forImage StreamingandUsing Secondary Boot Disks.

Share custom column sets

Google SecOps now lets you share custom sets of columns in theEvents table forconsistent analysis across teams.

For more details, seeSearch for events and alerts

Mute an IoC deprecated

The Mute an IoC feature is deprecated, and theIOC details page no longer displays theMute indicator.

Data RBAC global scope changes for ATI

To enhance data security, several features related to Indicators of Compromise(IOCs) and Emerging Threats now require global scope data RBAC permissions.Users without global scope will see restricted information in the following areas:

• Emerging threats page: IOC match counts per campaign are no longer visible.

• Entity widget overlay: TheIndicators table is hidden or appears empty.

• Threat details page: The related entities, IOC matches, and GTI IOC tables are no longer visible.

• Entity summary widget: GTI scores are excluded from the overlay.

• IOC details page: TheIndicator Details tab doesn't populate.

API impact: API calls toIocService andThreatCollectionService nowrequire global scope. Direct calls made with the CLI or client libraries failwithout this permission.

Required: Google SecOps administrators should review user roles andgrant global scope to those who require continued access to these threatintelligence features.

For more details, seeSearch for events and alerts

Share custom column sets

Google SecOps now lets you share custom sets of columns in theEvents table forconsistent analysis across teams.

For more details, seeSearch for events and alerts

Mute an IoC deprecated

The Mute an IoC feature is deprecated, and theIOC details page no longer displays theMute indicator.

Data RBAC global scope changes for ATI

To enhance data security, several features related to Indicators of Compromise(IOCs) and Emerging Threats now require global scope data RBAC permissions.Users without global scope will see restricted information in the following areas:

• Emerging threats page: IOC match counts per campaign are no longer visible.

• Entity widget overlay: TheIndicators table is hidden or appears empty.

• Threat details page: The related entities, IOC matches, and GTI IOC tables are no longer visible.

• Entity summary widget: GTI scores are excluded from the overlay.

• IOC details page: TheIndicator Details tab doesn't populate.

API impact: API calls toIocService andThreatCollectionService nowrequire global scope. Direct calls made with the CLI or client libraries failwithout this permission.

Required: Google SecOps administrators should review user roles andgrant global scope to those who require continued access to these threatintelligence features.

You can now assign custom domains for your private Secure Source Managerinstance's HTML, API, Git HTTP, and Git SSH endpoints. To use custom domains, youmust provide your own Certificate Authority (CA) certificate and CA pool duringinstance creation. You can only create custom domains using the API when youfirst create an instance. For more information, seeCreate a Private ServiceConnect Secure Source Managerinstance.

Connect API Gateway to Apigee API hub instances that use VPC Service Controls

API Gateway can now beconnected to Apigee API hub instances that useVPC Service Controls.

Known Issue:480997525 - Proxy calls fail withThe URI contains illegal characters error after Netty upgrade

Support for thePHP 8.5 runtime is inPreview.

Support for thePHP 8.5 runtime isinPreview.

FIFO message processing with Pub/Sub ordering keys

Application Integration now supports publishing messages to Google Cloud Pub/Sub topics using ordering keys, enabling First-In, First-Out (FIFO) message processing. By setting an ordering key in the Pub/Sub trigger'sPublish Message action, you can ensure messages are received in the correct order, enhancing reliability for integrations requiring ordered message processing. For more information on how to use ordering keys to publish messages, seeUsing ordering keys.

You can now passparameterized queriesfrom the BigQuery query editor in the Google Cloud console.

This feature isgenerally available(GA).

Support forPHP 8.5 runtime is inPreview.

Support for NVIDIA RTX PRO 6000 Blackwell GPU is inPreview.For more information, see GPU support forservices,jobs, andworker pools.

Support forPHP 8.5 runtime is inPreview.

You can now update the server certificate authority (CA) mode of an existingCloud SQL instance. You can update existing instances that use the per-instanceCA option (GOOGLE_MANAGED_INTERNAL_CA) to use the shared CA option(GOOGLE_MANAGED_CAS_CA) or the customer-managed CA option (CUSTOMER_MANAGED_CAS_CA).

For more information about the different server CA mode options, seeCertificate authority (CA) hierarchies.

You can now update the server certificate authority (CA) mode of an existingCloud SQL instance. You can update existing instances that use the per-instanceCA option (GOOGLE_MANAGED_INTERNAL_CA) to use the shared CA option(GOOGLE_MANAGED_CAS_CA) or the customer-managed CA option (CUSTOMER_MANAGED_CAS_CA).

For more information about the different server CA mode options, seeCertificate authority (CA) hierarchies.

You can now update the server certificate authority (CA) mode of an existingCloud SQL instance. You can update existing instances that use the per-instanceCA option (GOOGLE_MANAGED_INTERNAL_CA) to use the shared CA option(GOOGLE_MANAGED_CAS_CA) or the customer-managed CA option (CUSTOMER_MANAGED_CAS_CA).

For more information about the different server CA mode options, seeCertificate authority (CA) hierarchies.

You can now analyze your trace data by using theLog Analyticspage in the Google Cloud console. This page supports SQL queries and lets you viewyour query results as a table or as a chart. Your SQL queries can also join yourtrace and log data. This feature is in Public Preview.

To learn more about analyzing and viewing trace data,see the following documents:

• Query and analyze traces
• Find and explore traces by using the Trace Explorer

Cloud Trace now stores your trace data in an observability dataset. You cancontinue to view your trace data by using theTrace Explorer page.If you create a link on your dataset, then you can use services likeBigQuery to query and analyze your trace data.To learn more, see the following documents:

• Trace storage overview
• Manage trace storage
• Query a linked BigQuery dataset

Dataflow Managed I/O now supports rolling upgrades for streaming jobs. With thisfeature, Dataflow upgrades your Managed I/O connectors in running pipelines asnew connector versions become available. For more information, seeAutomatic upgrades.

Eventarc Standard is available in theasia-southeast3 (Bangkok, Thailand)region.

The Firestore databases page in the Google Cloud console now includesa status column. Possible statuses include:

• Ready
• Cloning is in progress
• Restoring from backup is in progress
• Deleted
• Failed

For the cloning and restore statuses, the status column updates upon completion.

The Firestore databases page in the Google Cloud console now includesa status column. Possible statuses include:

• Ready
• Cloning is in progress
• Restoring from backup is in progress
• Deleted
• Failed

For the cloning and restore statuses, the status column updates upon completion.

The Firestore databases page in the Google Cloud console now includesa status column. Possible statuses include:

• Ready
• Cloning is in progress
• Restoring from backup is in progress
• Deleted
• Failed

For the cloning and restore statuses, the status column updates upon completion.

Fine-grained access control for individual Gemini Enterprise apps

Gemini Enterprise admins can control access to individual Gemini Enterprise appsusing app-level IAM policies. IAM permissions are often managed at the projectlevel, but app-level IAM allows for more granular control.

For more information, seeConfigure access controls for apps.

The following issues were addressed in this release:

• Fixed an issue where calls were incorrectly deflected to voicemail duringscheduled holidays instead of connecting to the virtual agent.

• Fixed an issue where thequeue_id value passed to post-session virtualagents was incorrect during complex transfer flows, such as human-agent tovirtual-agent to human-agent transfers.

• Fixed an Agent Assist issue where the autogenerated session summarydidn't include the conversation context from the virtual agent segmentafter a transfer to a human agent.

• Fixed an issue where the virtual agent incorrectly terminated a chat sessionimmediately after escalating it to a human agent.

• Fixed an issue causing inaccurate reporting for chats escalated from avirtual agent to a human agent. The system failed to record the initialvirtual agent to human agent escalation in the transfer history and used anincorrect originating queue for subsequent transfers.

• Fixed an issue where source links were missing from knowledge assist answersin the agent adapter during calls.

• Fixed an issue affecting Telnyx users where selectingStop Monitoringdidn't fully terminate monitoring sessions.

• Fixed an issue where call transcript and session summary files saved toexternal storage had incorrect filenames. The variables in the filenames,such as{{date}} and{{session_start_time}}, didn't resolve correctly.

• Fixed an issue for Salesforce users where cases were not generated duringcalls, even when theAlways use the admin user for all recordcreations/updates checkbox was selected.

• Fixed an issue where photos received via blended SMS didn't display inthe agent adapter.

• Fixed an issue that caused errors when creating CRM records for abandonedcalls in multi-language queues.

• Fixed an issue where CRM skip options (for example, skipping CRM accountcreation or lookup) didn't correctly reset when switching between differentCRM integrations.

• Fixed an issue for Salesforce users where the dialpad appeared duringclick-to-dial.

• Fixed an issue where thecallParticipantFinished event didn't emit when anagent performed a cold transfer.

• Fixed an issue where WhatsApp messages received after business hours weremishandled. The system queued messages to agents instead of sendingafter-hours messages and ending the sessions.

• Fixed an issue where the status timer in the chat adapter displayedincorrect elapsed times.

• Fixed an issue where the agent desktop displayed agent statuses that wereinconsistent with the standalone agent adapter.

• Fixed an issue that caused 503 and 431 errors.

• Fixed an issue in the chat adapter where theagent_joined_chat eventspecified the wrong chat ID when the agent was handling multiple chats.

• Fixed an issue where the chat adapter incorrectly labeled SMS message eventsas chat inbound messages when agents sent SMS chat messages.

• Fixed an issue where newly created instances didn't create a global contactlist, preventing the initial custom contact list from appearing.

• Fixed an issue where attempting to copy a queue from the IVR channel to theSMS channel returned an error.

• Fixed an issue where the menu language selected inSettings>Call> Fallback IVR Navigation reverted to English.

• Fixed an issue where CRM records were created for outbound calls that endedwith aConnection Declined status, despite theCreate CRM records forabandoned calls checkbox being cleared.

• Fixed an issue where theAgents dashboard filter incorrectly displayedagents in both parent and child queues.

• Fixed an issue where notification rules based on average wait time didn'ttrigger alerts or send emails.

• Improved the French Canadian translations for several default agentstatuses. The changes include the following:

  • "Appel entrant" is now "Appel en cours."

  • "Dans la discussion" is now "Clavardage en cours."

  • "Synthèse" is now "Conclusion."

  • "Synthèse prolongée" is now "Temps de conclusion dépassé."

• Fixed an issue where theAgents dashboard stopped refreshing, causingagent statuses to appear outdated or incorrect.

• Fixed an issue where the agent directory appeared empty when an agentattempted to start an internal call transfer, preventing the agent fromseeing available teammates.

• Fixed a web SDK issue where theContent-Encoding response header wasmissing for the widget.

Edit email subject lines

Agents can now modify email subject lines when replying to or forwardingemail messages. This lets agents add context to the subject line, such as ticketnumbers or case details. The system maintains the session ID and keeps theconversation thread intact.

Administrators: In theSettings> Email> General> Email Management section, there's a newEnable Subject Line Editing checkbox.

For more information, seeLet agents edit the subject lines inemails.

Improvements to end-user to agent calling

The following improvements are available for end-user to agent calling:

• You can control whether end-users can input an agent's extension number atthe beginning of a call.

• You can add a message at the beginning of a call prompting the end-user toenter an extension number.

• End-users can input an agent's extension number in the extension directory.

Administrators:

• A newExtension Input Settings section appears in theSettings> Call> Agent Extensions>Consumer to Agent Calls section.

• New and updated messages appear in theSettings> Languages &Messages> Audible Messages> Extension DirectoryMessages section.

For more information, seeEnd-user to agentcalling.

Google Cloud CCaaS 3.44

We've released version 3.44 of Google Cloud CCaaS.

The timing of the update to your instance depends on the deployment schedulethat you have chosen. For more information, seeDeploymentschedules.

Assigned agent tags

Assigned agent tags let you see at a glance which agent is assigned to eachemail in an email list and which emails are unassigned. An agent assignment tagis a round tag containing an agent's initials, which indicate the agent assignedto an email.

Administrators: In theSettings> Email> General> Email Management section, there's a newEnable Assigned Agent Initials on Email List View checkbox.

For more information, seeAssigned agenttags.

Apps API: new endpoint for adding a third party to a call

The apps API now includes an endpoint(/calls/add/CALL_ID/dial) to add a third party toan ongoing call. When you make a request to this endpoint, the systemautomatically dials the third-party's phone number, and the agent's call adapterdisplays theCalling screen.

For more information, seeAdd a third party to acall.

Support for French Canadian in the Google Cloud CCaaS portal

You can now view the Google Cloud CCaaS portal in French Canadian.

For more information, seeDynamically control the custom-panellanguage.

Improvements to deflection message management

Agents can now upload message files from the call adapter to use for message andvoicemail greetings. These files support after-hours deflection, overcapacitydeflection, and automatic redirection.

A newUpload audio recording option appears in the call adapter in thefollowing locations:

• Options> Agent Deflections> After hoursdeflection

• Options> Agent Deflections> Overcapacitydeflection

• Options> Agent Deflections> Automaticredirections

If you make changes to an agent's after-hours deflection settings, overcapacitydeflection settings, or automatic redirection settings, you can now revert tothe settings that the agent selected in the call adapter. TheRevert to agentsettings button appears in theAgent Call Deflections section on theagent'sEdit User page. To access the agent'sEdit User page, go to theSettings> Users & Teams page.

For more information, seeConfigure deflections at the agentlevelandSet deflections for extensioncalls.

Send DTMF tones in the agent adapter using the keyboard

An agent can now use their keyboard to type or paste alphanumeric stringsdirectly into the call adapter to play DTMF tones, with the appropriate pauses.This capability eliminates the need to click number buttons on a virtual keypad.This streamlines data entry during IVR, web, and mobile calls and improvesaccessibility.

User experience change: TheDial button on the call adapter has been renamedKeypad.

For more information, seeIn-callinterface.

Custom data-collection forms for chats are available in the web SDK

Your human agents and virtual agents can now send custom data-collection formsto end-users using the web SDK.

Administrators: TheWeb chat checkbox appears atSettings>Forms> Add template> Custom form.

For more information, seeAdd a customform.

Disable multicast for call routing

You can now disable multicast to ensure that the system offers calls to only oneagent at a time through deltacast. When you disable multicast, the system usesonly deltacast attempts to find an agent. If no agent accepts the deltacast, thecall isn't multicasted to all available agents. Instead, it follows your logicfor cascade groups or overcapacity deflection. All other deltacast rules, suchas maximum queue time, remain in effect.

Administrators: The newDisable Multicast fallback after all Deltacast attempts checkbox appears in the following places:

• Settings> Operation Management> Routing> Call Routing

• Settings> Operation Management> Routing> Chat Routing

• Settings> Queue> IVR orMobile orWeb> Edit / View>QUEUE_NAME> Routing> Configure> Call Routing

• Settings> Queue> IVR orMobile orWeb> Edit / View>QUEUE_NAME> Routing> Configure> Chat Routing

For more information, seeTurn on deltacast for callsgloballyandTurn on deltacast for calls at the queuelevel.

Apps API: new end_user.phone parameter

The apps API accepts an optionalend_user.phone parameter during chatcreation. This parameter enables CRM lookup using the end-user's phone number,which lets the chat adapter display the end-user's name.

For more information, seeCreatechat.

New @{END_USER_NUMBER} variable

You can use the new@{END_USER_NUMBER} variable to read out the end-user'sphone number in a message to leave a voicemail or request a callback. Readingout the end-user's phone number helps them confirm whether they want to use itor a different number. To use this capability, add the@{END_USER_NUMBER}variable to theCallback - Request Phone Number andVoicemail - RequestPhone Number text-to-speech message fields. You can configure this at theglobal or queue level.

For more information, seeRead out a phone number in a voicemail or callbackmessage.

Google SecOps has updated the list of supported default parsers. Updatespropagate gradually; changes typically appear in your region within one to fourbusiness days. For more information, seeSupported log types and default parsers.

The following supported default parsers have been updated. Each parser is listedby product name andlog_type value, where applicable. This list includes bothreleased default parsers and pending parser updates.

• A10 Load Balancer (A10_LOAD_BALANCER)
• AIX system (AIX_SYSTEM)
• Akamai Cloud Monitor (AKAMAI_CLOUD_MONITOR)
• AlgoSec Security Management (ALGOSEC)
• Amazon API Gateway (AWS_API_GATEWAY)
• Apache (APACHE)
• Apple macOS (MACOS)
• AppOmni (APPOMNI)
• Arcsight CEF (ARCSIGHT_CEF)
• Arista Switch (ARISTA_SWITCH)
• Aruba (ARUBA_WIRELESS)
• Aruba Airwave (ARUBA_AIRWAVE)
• Aruba EdgeConnect SD-WAN (ARUBA_EDGECONNECT_SDWAN)
• Aruba Switch (ARUBA_SWITCH)
• Attivo Networks (ATTIVO)
• Auth0 (AUTH_ZERO)
• Automation Anywhere (AUTOMATION_ANYWHERE)
• Avanan Email Security (AVANAN_EMAIL)
• AWS Aurora (AWS_AURORA)
• AWS Cloudtrail (AWS_CLOUDTRAIL)
• AWS CloudWatch (AWS_CLOUDWATCH)
• AWS Elastic Load Balancer (AWS_ELB)
• AWS GuardDuty (GUARDDUTY)
• AWS RDS (AWS_RDS)
• AWS Security Hub (AWS_SECURITY_HUB)
• AWS WAF (AWS_WAF)
• Azure AD (AZURE_AD)
• Azure AD Directory Audit (AZURE_AD_AUDIT)
• Azure AD Sign-In (AZURE_AD_SIGNIN)
• Azure Front Door (AZURE_FRONT_DOOR)
• Barracuda Email (BARRACUDA_EMAIL)
• Barracuda WAF (BARRACUDA_WAF)
• BeyondTrust (BOMGAR)
• BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
• BeyondTrust Endpoint Privilege Management (BEYONDTRUST_ENDPOINT)
• BeyondTrust Secure Remote Access (BEYONDTRUST_REMOTE_ACCESS)
• BIND (BIND_DNS)
• Bindplane Agent (BINDPLANE_AGENT)
• Blue Coat Proxy (BLUECOAT_WEBPROXY)
• Box (BOX)
• Carbon Black (CB_EDR)
• Cato Networks (CATO_NETWORKS)
• Check Point (CHECKPOINT_FIREWALL)
• CipherTrust Manager (CIPHERTRUST_MANAGER)
• Cisco Application Centric Infrastructure (CISCO_ACI)
• Cisco ASA (CISCO_ASA_FIREWALL)
• Cisco Email Security (CISCO_EMAIL_SECURITY)
• Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
• Cisco Internetwork Operating System (CISCO_IOS)
• Cisco ISE (CISCO_ISE)
• Cisco Meraki (CISCO_MERAKI)
• Cisco PIX Firewall (CISCO_PIX_FIREWALL)
• Cisco Router (CISCO_ROUTER)
• Cisco Stealthwatch (CISCO_STEALTHWATCH)
• Cisco Switch (CISCO_SWITCH)
• Cisco Umbrella Audit (CISCO_UMBRELLA_AUDIT)
• Cisco Umbrella DNS (UMBRELLA_DNS)
• Cisco vManage SD-WAN (CISCO_SDWAN)
• Cisco WLC/WCS (CISCO_WIRELESS)
• Cisco WSA (CISCO_WSA)
• Citrix Netscaler (CITRIX_NETSCALER)
• Claroty Continuous Threat Detection (CLAROTY_CTD)
• Claroty Xdome (CLAROTY_XDOME)
• Cloud SQL (GCP_CLOUDSQL)
• Cloudflare (CLOUDFLARE)
• Cloudflare Audit (CLOUDFLARE_AUDIT)
• Compute Engine (GCP_COMPUTE)
• Corelight (CORELIGHT)
• CrowdStrike Alerts API (CS_ALERTS)
• CrowdStrike Detection Monitoring (CS_DETECTS)
• CrowdStrike Falcon (CS_EDR)
• CrowdStrike Falcon Stream (CS_STREAM)
• CyberArk (CYBERARK)
• CyberArk Endpoint Privilege Manager (EPM) (CYBERARK_EPM)
• CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
• Cyolo Secure Remote Access for OT (CYOLO_OT)
• Darktrace (DARKTRACE)
• Delinea Secret Server (DELINEA_SECRET_SERVER)
• Dell ECS Enterprise Object Storage (DELL_ECS)
• Dell Switch (DELL_SWITCH)
• Duo Auth (DUO_AUTH)
• ExtraHop RevealX (EXTRAHOP)
• Extreme Wireless (EXTREME_WIRELESS)
• F5 Advanced Firewall Management (F5_AFM)
• F5 ASM (F5_ASM)
• F5 BIGIP Access Policy Manager (F5_BIGIP_APM)
• F5 BIGIP LTM (F5_BIGIP_LTM)
• F5 Distributed Cloud Services (F5_DCS)
• Fastly CDN (FASTLY_CDN)
• FireEye ETP (FIREEYE_ETP)
• FireEye NX (FIREEYE_NX)
• Forcepoint Email Security (FORCEPOINT_EMAILSECURITY)
• Forescout eyeInspect (FORESCOUT_EYEINSPECT)
• FortiGate (FORTINET_FIREWALL)
• Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
• Fortinet Fortimanager (FORTINET_FORTIMANAGER)
• Fortinet Web Application Firewall (FORTINET_FORTIWEB)
• GCP_APP_ENGINE (GCP_APP_ENGINE)
• GCP_MODEL_ARMOR (GCP_MODEL_ARMOR)
• GitHub (GITHUB)
• GitHub Dependabot (GITHUB_DEPENDABOT)
• Google Cloud Audit (GCP_CLOUDAUDIT)
• Google Threat Intelligence (GCP_THREATINTEL)
• H3C Comware Platform Switch (H3C_SWITCH)
• Hashicorp Vault (HASHICORP)
• HP Aruba (ClearPass) (CLEARPASS)
• Huawei Switches (HUAWEI_SWITCH)
• IBM DataPower Gateway (IBM_DATAPOWER)
• IBM DB2 (DB2_DB)
• Illumio Core (ILLUMIO_CORE)
• Imperva (IMPERVA_WAF)
• Imperva DRA (IMPERVA_DRA)
• Island Browser logs (ISLAND_BROWSER)
• Jamf pro context (JAMF_PRO_CONTEXT)
• JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
• Juniper MX Router (JUNIPER_MX)
• Keycloak (KEYCLOAK)
• KnowBe4 PhishER (KNOWBE4_PHISHER)
• Kolide Endpoint Security (KOLIDE)
• Kubernetes Node (KUBERNETES_NODE)
• Linux Auditing System (AuditD) (AUDITD)
• McAfee DLP (MCAFEE_DLP)
• McAfee ePolicy Orchestrator (MCAFEE_EPO)
• McAfee Web Gateway (MCAFEE_WEBPROXY)
• Microsoft AD FS (ADFS)
• Microsoft Defender For Cloud (MICROSOFT_DEFENDER_CLOUD_ALERTS)
• Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
• Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
• Microsoft IIS (IIS)
• Microsoft Intune (AZURE_MDM_INTUNE)
• Microsoft PowerShell (POWERSHELL)
• Microsoft SQL Server (MICROSOFT_SQL)
• Mimecast Mail V2 (MIMECAST_MAIL_V2)
• MISP Threat Intelligence (MISP_IOC)
• Mobileiron (MOBILEIRON)
• MySQL (MYSQL)
• NetApp ONTAP (NETAPP_ONTAP)
• Netfilter IPtables (NETFILTER_IPTABLES)
• NetIQ Access Manager (NETIQ_ACCESS_MANAGER)
• Netskope V2 (NETSKOPE_ALERT_V2)
• Netskope Web Proxy (NETSKOPE_WEBPROXY)
• Network Policy Server (MICROSOFT_NPS)
• NGINX (NGINX)
• Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
• Nutanix Prism (NUTANIX_PRISM)
• Obsidian (OBSIDIAN)
• Office 365 (OFFICE_365)
• Okta (OKTA)
• Onapsis (ONAPSIS)
• One Identity TPAM (ONEIDENTITY_TPAM)
• OneLogin (ONELOGIN_SSO)
• Open Cybersecurity Schema Framework (OCSF) (OCSF)
• Oracle (ORACLE_DB)
• Palo Alto Networks Firewall (PAN_FIREWALL)
• Palo Alto Panorama (PAN_PANORAMA)
• Ping Identity (PING)
• PostFix Mail (POSTFIX_MAIL)
• PostgreSQL (POSTGRESQL)
• Proofpoint CASB (PROOFPOINT_CASB)
• Proofpoint Email Filter (PROOFPOINT_MAIL_FILTER)
• Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
• Proofpoint Tap Alerts (PROOFPOINT_MAIL)
• Pulse Secure (PULSE_SECURE_VPN)
• QNAP Systems NAS (QNAP_NAS)
• Radware Web Application Firewall (RADWARE_FIREWALL)
• Recorded Future (RECORDED_FUTURE_IOC)
• Red Hat OpenShift (REDHAT_OPENSHIFT)
• Salesforce (SALESFORCE)
• SAP Sybase Adaptive Server Enterprise Database (SAP_ASE)
• Security Command Center Chokepoint (GCP_SECURITYCENTER_CHOKEPOINT)
• Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
• Security Command Center Threat (GCP_SECURITYCENTER_THREAT)
• Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
• ServiceNow Audit (SERVICENOW_AUDIT)
• Snare System Diagnostic Logs (SNARE_SOLUTIONS)
• Snyk Group level audit/issues logs (SNYK_ISSUES)
• Solaris system (SOLARIS_SYSTEM)
• Sophos Central (SOPHOS_CENTRAL)
• STIX Threat Intelligence (STIX)
• Stormshield Firewall (STORMSHIELD_FIREWALL)
• Sublime Security (SUBLIMESECURITY)
• Suricata EVE (SURICATA_EVE)
• Swift Alliance Messaging Hub (SWIFT_AMH)
• Symantec DLP (SYMANTEC_DLP)
• Symantec Endpoint Protection (SEP)
• Symantec Messaging Gateway (SYMANTEC_MAIL)
• Tableau (TABLEAU)
• TCPWave DDI (TCPWAVE_DDI)
• TeamViewer (TEAMVIEWER)
• Tenable Active Directory Security (TENABLE_ADS)
• Tenable OT (TENABLE_OT)
• Tenable.io (TENABLE_IO)
• Thinkst Canary (THINKST_CANARY)
• ThreatConnect IOC V3 (THREATCONNECT_IOC_V3)
• Trellix HX Event Streamer (TRELLIX_HX_ES)
• Trend Micro (TIPPING_POINT)
• Trend Micro Vision One (TRENDMICRO_VISION_ONE)
• Trend Micro Vision One Workbench (TRENDMICRO_VISION_ONE_WORKBENCH)
• TrendMicro Deep Discovery Inspector (TRENDMICRO_DDI)
• TXOne Stellar (TRENDMICRO_STELLAR)
• Unifi AP (UNIFI_AP)
• Unix system (NIX_SYSTEM)
• Vectra Detect (VECTRA_DETECT)
• Vectra XDR (VECTRA_XDR)
• Veritas NetBackup (VERITAS_NETBACKUP)
• Versa Firewall (VERSA_FIREWALL)
• VMware ESXi (VMWARE_ESX)
• VMware NSX (VMWARE_NSX)
• VMware vCenter (VMWARE_VCENTER)
• WatchGuard (WATCHGUARD)
• Windows DNS (WINDOWS_DNS)
• Windows Event (WINEVTLOG)
• Windows Event (XML) (WINEVTLOG_XML)
• Wiz.io (WIZ_IO)
• Workday Audit Logs (WORKDAY_AUDIT)
• Workspace Activities (WORKSPACE_ACTIVITY)
• Workspace Alerts (WORKSPACE_ALERTS)
• Zimperium (ZIMPERIUM)
• Zscaler (ZSCALER_WEBPROXY)
• Zscaler CASB (ZSCALER_CASB)
• Zscaler DLP (ZSCALER_DLP)
• ZScaler DNS (ZSCALER_DNS)
• Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
• ZScaler NGFW (ZSCALER_FIREWALL)
• Zscaler Private Access (ZSCALER_ZPA)
• Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)
• Zscaler Tunnel (ZSCALER_TUNNEL)
• Zywall (ZYWALL)

The following log types were added without a default parser. Each parser is listed by product name andlog_type value, where applicable.

• Aikido (AIKIDO)
• Akamai API Security (AKAMAI_API_SECURITY)
• Alkira IP Flow (ALKIRA_IP_FLOW)
• Atlassian Guard Detect (ATLASSIAN_GUARD_DETECT)
• BlinkOps (BLINKOPS)
• Canvas LMS (CANVAS_LMS)
• Cisco Secure Email Threat Defense (CISCO_SECURE_EMAIL_THREAT_DEFENSE)
• Cisco StarOS (CISCO_STAR_OS)
• Citadel Identity360 (CITADEL_IDENTITY360)
• Cyware Threat Intelligence Exchange (CTIX)
• Cyberark Identity Audit (CYBERARK_IDENTITY_AUDIT)
• CyCognito ASM (CYCOGNITO_ASM)
• Dell VxRail (DELL_VXRAIL)
• Gene6 FTP Server (GENE6_FTP)
• IBM Copy Services Manager (IBM_CSM)
• LangSmith Audit (LANGSMITH_AUDIT)
• Mellanox Switch (MELLANOX_SWITCH)
• Microsoft Entra ID Protection (MICROSOFT_ENTRA_ID_PROTECTION)
• NSFOCUS Next Generation Intrusion Prevention System (NSFOCUS_NGIPS)
• Perplexity (PERPLEXITY)
• Pleasant Password Server (PLEASANT_PASSWORD_SERVER)
• Prompt Security (PROMPT_SECURITY)
• Qualtrics Audit (QUALTRICS_AUDIT)
• Rancher API Audit Log (RANCHER_API_AUDIT_LOG)
• Rubrik Security Cloud (RUBRIK_SECURITY_CLOUD)
• SAP Business Warehouse (SAP_BW)
• SAP Change Document (SAP_CHANGE_DOCUMENT)
• SAP Gateway (SAP_GATEWAY)
• SAP Hana Audit (SAP_HANA_AUDIT)
• Scale Computing (SCALE_COMPUTING)
• Slack API (SLACK_API)
• Snowplow (SNOWPLOW)
• Sterling Order Management System Data (STERLING_OMS_DATA)
• Strivacity (STRIVACITY)
• Tencent CloudAudit (TENCENT_CLOUD_AUDIT)
• Trellix EX (TRELLIX_EX)
• Unifi System (UNIFI_SYSTEM)
• Windows Bindplane (WINDOWS_BINDPLANE)
• Witness AI Control (WITNESS_AI_CONTROL)
• Zendesk Advanced Data Privacy and Protection (ZENDESK_ADPP)

Google SecOps has updated the list of supported default parsers. Updatespropagate gradually; changes typically appear in your region within one to fourbusiness days. For more information, seeSupported log types and default parsers.

The following supported default parsers have been updated. Each parser is listedby product name andlog_type value, where applicable. This list includes bothreleased default parsers and pending parser updates.

• A10 Load Balancer (A10_LOAD_BALANCER)
• AIX system (AIX_SYSTEM)
• Akamai Cloud Monitor (AKAMAI_CLOUD_MONITOR)
• AlgoSec Security Management (ALGOSEC)
• Amazon API Gateway (AWS_API_GATEWAY)
• Apache (APACHE)
• Apple macOS (MACOS)
• AppOmni (APPOMNI)
• Arcsight CEF (ARCSIGHT_CEF)
• Arista Switch (ARISTA_SWITCH)
• Aruba (ARUBA_WIRELESS)
• Aruba Airwave (ARUBA_AIRWAVE)
• Aruba EdgeConnect SD-WAN (ARUBA_EDGECONNECT_SDWAN)
• Aruba Switch (ARUBA_SWITCH)
• Attivo Networks (ATTIVO)
• Auth0 (AUTH_ZERO)
• Automation Anywhere (AUTOMATION_ANYWHERE)
• Avanan Email Security (AVANAN_EMAIL)
• AWS Aurora (AWS_AURORA)
• AWS Cloudtrail (AWS_CLOUDTRAIL)
• AWS CloudWatch (AWS_CLOUDWATCH)
• AWS Elastic Load Balancer (AWS_ELB)
• AWS GuardDuty (GUARDDUTY)
• AWS RDS (AWS_RDS)
• AWS Security Hub (AWS_SECURITY_HUB)
• AWS WAF (AWS_WAF)
• Azure AD (AZURE_AD)
• Azure AD Directory Audit (AZURE_AD_AUDIT)
• Azure AD Sign-In (AZURE_AD_SIGNIN)
• Azure Front Door (AZURE_FRONT_DOOR)
• Barracuda Email (BARRACUDA_EMAIL)
• Barracuda WAF (BARRACUDA_WAF)
• BeyondTrust (BOMGAR)
• BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
• BeyondTrust Endpoint Privilege Management (BEYONDTRUST_ENDPOINT)
• BeyondTrust Secure Remote Access (BEYONDTRUST_REMOTE_ACCESS)
• BIND (BIND_DNS)
• Bindplane Agent (BINDPLANE_AGENT)
• Blue Coat Proxy (BLUECOAT_WEBPROXY)
• Box (BOX)
• Carbon Black (CB_EDR)
• Cato Networks (CATO_NETWORKS)
• Check Point (CHECKPOINT_FIREWALL)
• CipherTrust Manager (CIPHERTRUST_MANAGER)
• Cisco Application Centric Infrastructure (CISCO_ACI)
• Cisco ASA (CISCO_ASA_FIREWALL)
• Cisco Email Security (CISCO_EMAIL_SECURITY)
• Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
• Cisco Internetwork Operating System (CISCO_IOS)
• Cisco ISE (CISCO_ISE)
• Cisco Meraki (CISCO_MERAKI)
• Cisco PIX Firewall (CISCO_PIX_FIREWALL)
• Cisco Router (CISCO_ROUTER)
• Cisco Stealthwatch (CISCO_STEALTHWATCH)
• Cisco Switch (CISCO_SWITCH)
• Cisco Umbrella Audit (CISCO_UMBRELLA_AUDIT)
• Cisco Umbrella DNS (UMBRELLA_DNS)
• Cisco vManage SD-WAN (CISCO_SDWAN)
• Cisco WLC/WCS (CISCO_WIRELESS)
• Cisco WSA (CISCO_WSA)
• Citrix Netscaler (CITRIX_NETSCALER)
• Claroty Continuous Threat Detection (CLAROTY_CTD)
• Claroty Xdome (CLAROTY_XDOME)
• Cloud SQL (GCP_CLOUDSQL)
• Cloudflare (CLOUDFLARE)
• Cloudflare Audit (CLOUDFLARE_AUDIT)
• Compute Engine (GCP_COMPUTE)
• Corelight (CORELIGHT)
• CrowdStrike Alerts API (CS_ALERTS)
• CrowdStrike Detection Monitoring (CS_DETECTS)
• CrowdStrike Falcon (CS_EDR)
• CrowdStrike Falcon Stream (CS_STREAM)
• CyberArk (CYBERARK)
• CyberArk Endpoint Privilege Manager (EPM) (CYBERARK_EPM)
• CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
• Cyolo Secure Remote Access for OT (CYOLO_OT)
• Darktrace (DARKTRACE)
• Delinea Secret Server (DELINEA_SECRET_SERVER)
• Dell ECS Enterprise Object Storage (DELL_ECS)
• Dell Switch (DELL_SWITCH)
• Duo Auth (DUO_AUTH)
• ExtraHop RevealX (EXTRAHOP)
• Extreme Wireless (EXTREME_WIRELESS)
• F5 Advanced Firewall Management (F5_AFM)
• F5 ASM (F5_ASM)
• F5 BIGIP Access Policy Manager (F5_BIGIP_APM)
• F5 BIGIP LTM (F5_BIGIP_LTM)
• F5 Distributed Cloud Services (F5_DCS)
• Fastly CDN (FASTLY_CDN)
• FireEye ETP (FIREEYE_ETP)
• FireEye NX (FIREEYE_NX)
• Forcepoint Email Security (FORCEPOINT_EMAILSECURITY)
• Forescout eyeInspect (FORESCOUT_EYEINSPECT)
• FortiGate (FORTINET_FIREWALL)
• Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
• Fortinet Fortimanager (FORTINET_FORTIMANAGER)
• Fortinet Web Application Firewall (FORTINET_FORTIWEB)
• GCP_APP_ENGINE (GCP_APP_ENGINE)
• GCP_MODEL_ARMOR (GCP_MODEL_ARMOR)
• GitHub (GITHUB)
• GitHub Dependabot (GITHUB_DEPENDABOT)
• Google Cloud Audit (GCP_CLOUDAUDIT)
• Google Threat Intelligence (GCP_THREATINTEL)
• H3C Comware Platform Switch (H3C_SWITCH)
• Hashicorp Vault (HASHICORP)
• HP Aruba (ClearPass) (CLEARPASS)
• Huawei Switches (HUAWEI_SWITCH)
• IBM DataPower Gateway (IBM_DATAPOWER)
• IBM DB2 (DB2_DB)
• Illumio Core (ILLUMIO_CORE)
• Imperva (IMPERVA_WAF)
• Imperva DRA (IMPERVA_DRA)
• Island Browser logs (ISLAND_BROWSER)
• Jamf pro context (JAMF_PRO_CONTEXT)
• JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
• Juniper MX Router (JUNIPER_MX)
• Keycloak (KEYCLOAK)
• KnowBe4 PhishER (KNOWBE4_PHISHER)
• Kolide Endpoint Security (KOLIDE)
• Kubernetes Node (KUBERNETES_NODE)
• Linux Auditing System (AuditD) (AUDITD)
• McAfee DLP (MCAFEE_DLP)
• McAfee ePolicy Orchestrator (MCAFEE_EPO)
• McAfee Web Gateway (MCAFEE_WEBPROXY)
• Microsoft AD FS (ADFS)
• Microsoft Defender For Cloud (MICROSOFT_DEFENDER_CLOUD_ALERTS)
• Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
• Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
• Microsoft IIS (IIS)
• Microsoft Intune (AZURE_MDM_INTUNE)
• Microsoft PowerShell (POWERSHELL)
• Microsoft SQL Server (MICROSOFT_SQL)
• Mimecast Mail V2 (MIMECAST_MAIL_V2)
• MISP Threat Intelligence (MISP_IOC)
• Mobileiron (MOBILEIRON)
• MySQL (MYSQL)
• NetApp ONTAP (NETAPP_ONTAP)
• Netfilter IPtables (NETFILTER_IPTABLES)
• NetIQ Access Manager (NETIQ_ACCESS_MANAGER)
• Netskope V2 (NETSKOPE_ALERT_V2)
• Netskope Web Proxy (NETSKOPE_WEBPROXY)
• Network Policy Server (MICROSOFT_NPS)
• NGINX (NGINX)
• Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
• Nutanix Prism (NUTANIX_PRISM)
• Obsidian (OBSIDIAN)
• Office 365 (OFFICE_365)
• Okta (OKTA)
• Onapsis (ONAPSIS)
• One Identity TPAM (ONEIDENTITY_TPAM)
• OneLogin (ONELOGIN_SSO)
• Open Cybersecurity Schema Framework (OCSF) (OCSF)
• Oracle (ORACLE_DB)
• Palo Alto Networks Firewall (PAN_FIREWALL)
• Palo Alto Panorama (PAN_PANORAMA)
• Ping Identity (PING)
• PostFix Mail (POSTFIX_MAIL)
• PostgreSQL (POSTGRESQL)
• Proofpoint CASB (PROOFPOINT_CASB)
• Proofpoint Email Filter (PROOFPOINT_MAIL_FILTER)
• Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
• Proofpoint Tap Alerts (PROOFPOINT_MAIL)
• Pulse Secure (PULSE_SECURE_VPN)
• QNAP Systems NAS (QNAP_NAS)
• Radware Web Application Firewall (RADWARE_FIREWALL)
• Recorded Future (RECORDED_FUTURE_IOC)
• Red Hat OpenShift (REDHAT_OPENSHIFT)
• Salesforce (SALESFORCE)
• SAP Sybase Adaptive Server Enterprise Database (SAP_ASE)
• Security Command Center Chokepoint (GCP_SECURITYCENTER_CHOKEPOINT)
• Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
• Security Command Center Threat (GCP_SECURITYCENTER_THREAT)
• Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
• ServiceNow Audit (SERVICENOW_AUDIT)
• Snare System Diagnostic Logs (SNARE_SOLUTIONS)
• Snyk Group level audit/issues logs (SNYK_ISSUES)
• Solaris system (SOLARIS_SYSTEM)
• Sophos Central (SOPHOS_CENTRAL)
• STIX Threat Intelligence (STIX)
• Stormshield Firewall (STORMSHIELD_FIREWALL)
• Sublime Security (SUBLIMESECURITY)
• Suricata EVE (SURICATA_EVE)
• Swift Alliance Messaging Hub (SWIFT_AMH)
• Symantec DLP (SYMANTEC_DLP)
• Symantec Endpoint Protection (SEP)
• Symantec Messaging Gateway (SYMANTEC_MAIL)
• Tableau (TABLEAU)
• TCPWave DDI (TCPWAVE_DDI)
• TeamViewer (TEAMVIEWER)
• Tenable Active Directory Security (TENABLE_ADS)
• Tenable OT (TENABLE_OT)
• Tenable.io (TENABLE_IO)
• Thinkst Canary (THINKST_CANARY)
• ThreatConnect IOC V3 (THREATCONNECT_IOC_V3)
• Trellix HX Event Streamer (TRELLIX_HX_ES)
• Trend Micro (TIPPING_POINT)
• Trend Micro Vision One (TRENDMICRO_VISION_ONE)
• Trend Micro Vision One Workbench (TRENDMICRO_VISION_ONE_WORKBENCH)
• TrendMicro Deep Discovery Inspector (TRENDMICRO_DDI)
• TXOne Stellar (TRENDMICRO_STELLAR)
• Unifi AP (UNIFI_AP)
• Unix system (NIX_SYSTEM)
• Vectra Detect (VECTRA_DETECT)
• Vectra XDR (VECTRA_XDR)
• Veritas NetBackup (VERITAS_NETBACKUP)
• Versa Firewall (VERSA_FIREWALL)
• VMware ESXi (VMWARE_ESX)
• VMware NSX (VMWARE_NSX)
• VMware vCenter (VMWARE_VCENTER)
• WatchGuard (WATCHGUARD)
• Windows DNS (WINDOWS_DNS)
• Windows Event (WINEVTLOG)
• Windows Event (XML) (WINEVTLOG_XML)
• Wiz.io (WIZ_IO)
• Workday Audit Logs (WORKDAY_AUDIT)
• Workspace Activities (WORKSPACE_ACTIVITY)
• Workspace Alerts (WORKSPACE_ALERTS)
• Zimperium (ZIMPERIUM)
• Zscaler (ZSCALER_WEBPROXY)
• Zscaler CASB (ZSCALER_CASB)
• Zscaler DLP (ZSCALER_DLP)
• ZScaler DNS (ZSCALER_DNS)
• Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
• ZScaler NGFW (ZSCALER_FIREWALL)
• Zscaler Private Access (ZSCALER_ZPA)
• Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)
• Zscaler Tunnel (ZSCALER_TUNNEL)
• Zywall (ZYWALL)

The following log types were added without a default parser. Each parser is listed by product name andlog_type value, where applicable.

• Aikido (AIKIDO)
• Akamai API Security (AKAMAI_API_SECURITY)
• Alkira IP Flow (ALKIRA_IP_FLOW)
• Atlassian Guard Detect (ATLASSIAN_GUARD_DETECT)
• BlinkOps (BLINKOPS)
• Canvas LMS (CANVAS_LMS)
• Cisco Secure Email Threat Defense (CISCO_SECURE_EMAIL_THREAT_DEFENSE)
• Cisco StarOS (CISCO_STAR_OS)
• Citadel Identity360 (CITADEL_IDENTITY360)
• Cyware Threat Intelligence Exchange (CTIX)
• Cyberark Identity Audit (CYBERARK_IDENTITY_AUDIT)
• CyCognito ASM (CYCOGNITO_ASM)
• Dell VxRail (DELL_VXRAIL)
• Gene6 FTP Server (GENE6_FTP)
• IBM Copy Services Manager (IBM_CSM)
• LangSmith Audit (LANGSMITH_AUDIT)
• Mellanox Switch (MELLANOX_SWITCH)
• Microsoft Entra ID Protection (MICROSOFT_ENTRA_ID_PROTECTION)
• NSFOCUS Next Generation Intrusion Prevention System (NSFOCUS_NGIPS)
• Perplexity (PERPLEXITY)
• Pleasant Password Server (PLEASANT_PASSWORD_SERVER)
• Prompt Security (PROMPT_SECURITY)
• Qualtrics Audit (QUALTRICS_AUDIT)
• Rancher API Audit Log (RANCHER_API_AUDIT_LOG)
• Rubrik Security Cloud (RUBRIK_SECURITY_CLOUD)
• SAP Business Warehouse (SAP_BW)
• SAP Change Document (SAP_CHANGE_DOCUMENT)
• SAP Gateway (SAP_GATEWAY)
• SAP Hana Audit (SAP_HANA_AUDIT)
• Scale Computing (SCALE_COMPUTING)
• Slack API (SLACK_API)
• Snowplow (SNOWPLOW)
• Sterling Order Management System Data (STERLING_OMS_DATA)
• Strivacity (STRIVACITY)
• Tencent CloudAudit (TENCENT_CLOUD_AUDIT)
• Trellix EX (TRELLIX_EX)
• Unifi System (UNIFI_SYSTEM)
• Windows Bindplane (WINDOWS_BINDPLANE)
• Witness AI Control (WITNESS_AI_CONTROL)
• Zendesk Advanced Data Privacy and Protection (ZENDESK_ADPP)

Google SecOps has updated the list of supported default parsers. Updatespropagate gradually; changes typically appear in your region within one to fourbusiness days. For more information, seeSupported log types and default parsers.

The following supported default parsers have been updated. Each parser is listedby product name andlog_type value, where applicable. This list includes bothreleased default parsers and pending parser updates.

• A10 Load Balancer (A10_LOAD_BALANCER)
• AIX system (AIX_SYSTEM)
• Akamai Cloud Monitor (AKAMAI_CLOUD_MONITOR)
• AlgoSec Security Management (ALGOSEC)
• Amazon API Gateway (AWS_API_GATEWAY)
• Apache (APACHE)
• Apple macOS (MACOS)
• AppOmni (APPOMNI)
• Arcsight CEF (ARCSIGHT_CEF)
• Arista Switch (ARISTA_SWITCH)
• Aruba (ARUBA_WIRELESS)
• Aruba Airwave (ARUBA_AIRWAVE)
• Aruba EdgeConnect SD-WAN (ARUBA_EDGECONNECT_SDWAN)
• Aruba Switch (ARUBA_SWITCH)
• Attivo Networks (ATTIVO)
• Auth0 (AUTH_ZERO)
• Automation Anywhere (AUTOMATION_ANYWHERE)
• Avanan Email Security (AVANAN_EMAIL)
• AWS Aurora (AWS_AURORA)
• AWS Cloudtrail (AWS_CLOUDTRAIL)
• AWS CloudWatch (AWS_CLOUDWATCH)
• AWS Elastic Load Balancer (AWS_ELB)
• AWS GuardDuty (GUARDDUTY)
• AWS RDS (AWS_RDS)
• AWS Security Hub (AWS_SECURITY_HUB)
• AWS WAF (AWS_WAF)
• Azure AD (AZURE_AD)
• Azure AD Directory Audit (AZURE_AD_AUDIT)
• Azure AD Sign-In (AZURE_AD_SIGNIN)
• Azure Front Door (AZURE_FRONT_DOOR)
• Barracuda Email (BARRACUDA_EMAIL)
• Barracuda WAF (BARRACUDA_WAF)
• BeyondTrust (BOMGAR)
• BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
• BeyondTrust Endpoint Privilege Management (BEYONDTRUST_ENDPOINT)
• BeyondTrust Secure Remote Access (BEYONDTRUST_REMOTE_ACCESS)
• BIND (BIND_DNS)
• Bindplane Agent (BINDPLANE_AGENT)
• Blue Coat Proxy (BLUECOAT_WEBPROXY)
• Box (BOX)
• Carbon Black (CB_EDR)
• Cato Networks (CATO_NETWORKS)
• Check Point (CHECKPOINT_FIREWALL)
• CipherTrust Manager (CIPHERTRUST_MANAGER)
• Cisco Application Centric Infrastructure (CISCO_ACI)
• Cisco ASA (CISCO_ASA_FIREWALL)
• Cisco Email Security (CISCO_EMAIL_SECURITY)
• Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
• Cisco Internetwork Operating System (CISCO_IOS)
• Cisco ISE (CISCO_ISE)
• Cisco Meraki (CISCO_MERAKI)
• Cisco PIX Firewall (CISCO_PIX_FIREWALL)
• Cisco Router (CISCO_ROUTER)
• Cisco Stealthwatch (CISCO_STEALTHWATCH)
• Cisco Switch (CISCO_SWITCH)
• Cisco Umbrella Audit (CISCO_UMBRELLA_AUDIT)
• Cisco Umbrella DNS (UMBRELLA_DNS)
• Cisco vManage SD-WAN (CISCO_SDWAN)
• Cisco WLC/WCS (CISCO_WIRELESS)
• Cisco WSA (CISCO_WSA)
• Citrix Netscaler (CITRIX_NETSCALER)
• Claroty Continuous Threat Detection (CLAROTY_CTD)
• Claroty Xdome (CLAROTY_XDOME)
• Cloud SQL (GCP_CLOUDSQL)
• Cloudflare (CLOUDFLARE)
• Cloudflare Audit (CLOUDFLARE_AUDIT)
• Compute Engine (GCP_COMPUTE)
• Corelight (CORELIGHT)
• CrowdStrike Alerts API (CS_ALERTS)
• CrowdStrike Detection Monitoring (CS_DETECTS)
• CrowdStrike Falcon (CS_EDR)
• CrowdStrike Falcon Stream (CS_STREAM)
• CyberArk (CYBERARK)
• CyberArk Endpoint Privilege Manager (EPM) (CYBERARK_EPM)
• CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
• Cyolo Secure Remote Access for OT (CYOLO_OT)
• Darktrace (DARKTRACE)
• Delinea Secret Server (DELINEA_SECRET_SERVER)
• Dell ECS Enterprise Object Storage (DELL_ECS)
• Dell Switch (DELL_SWITCH)
• Duo Auth (DUO_AUTH)
• ExtraHop RevealX (EXTRAHOP)
• Extreme Wireless (EXTREME_WIRELESS)
• F5 Advanced Firewall Management (F5_AFM)
• F5 ASM (F5_ASM)
• F5 BIGIP Access Policy Manager (F5_BIGIP_APM)
• F5 BIGIP LTM (F5_BIGIP_LTM)
• F5 Distributed Cloud Services (F5_DCS)
• Fastly CDN (FASTLY_CDN)
• FireEye ETP (FIREEYE_ETP)
• FireEye NX (FIREEYE_NX)
• Forcepoint Email Security (FORCEPOINT_EMAILSECURITY)
• Forescout eyeInspect (FORESCOUT_EYEINSPECT)
• FortiGate (FORTINET_FIREWALL)
• Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
• Fortinet Fortimanager (FORTINET_FORTIMANAGER)
• Fortinet Web Application Firewall (FORTINET_FORTIWEB)
• GCP_APP_ENGINE (GCP_APP_ENGINE)
• GCP_MODEL_ARMOR (GCP_MODEL_ARMOR)
• GitHub (GITHUB)
• GitHub Dependabot (GITHUB_DEPENDABOT)
• Google Cloud Audit (GCP_CLOUDAUDIT)
• Google Threat Intelligence (GCP_THREATINTEL)
• H3C Comware Platform Switch (H3C_SWITCH)
• Hashicorp Vault (HASHICORP)
• HP Aruba (ClearPass) (CLEARPASS)
• Huawei Switches (HUAWEI_SWITCH)
• IBM DataPower Gateway (IBM_DATAPOWER)
• IBM DB2 (DB2_DB)
• Illumio Core (ILLUMIO_CORE)
• Imperva (IMPERVA_WAF)
• Imperva DRA (IMPERVA_DRA)
• Island Browser logs (ISLAND_BROWSER)
• Jamf pro context (JAMF_PRO_CONTEXT)
• JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
• Juniper MX Router (JUNIPER_MX)
• Keycloak (KEYCLOAK)
• KnowBe4 PhishER (KNOWBE4_PHISHER)
• Kolide Endpoint Security (KOLIDE)
• Kubernetes Node (KUBERNETES_NODE)
• Linux Auditing System (AuditD) (AUDITD)
• McAfee DLP (MCAFEE_DLP)
• McAfee ePolicy Orchestrator (MCAFEE_EPO)
• McAfee Web Gateway (MCAFEE_WEBPROXY)
• Microsoft AD FS (ADFS)
• Microsoft Defender For Cloud (MICROSOFT_DEFENDER_CLOUD_ALERTS)
• Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
• Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
• Microsoft IIS (IIS)
• Microsoft Intune (AZURE_MDM_INTUNE)
• Microsoft PowerShell (POWERSHELL)
• Microsoft SQL Server (MICROSOFT_SQL)
• Mimecast Mail V2 (MIMECAST_MAIL_V2)
• MISP Threat Intelligence (MISP_IOC)
• Mobileiron (MOBILEIRON)
• MySQL (MYSQL)
• NetApp ONTAP (NETAPP_ONTAP)
• Netfilter IPtables (NETFILTER_IPTABLES)
• NetIQ Access Manager (NETIQ_ACCESS_MANAGER)
• Netskope V2 (NETSKOPE_ALERT_V2)
• Netskope Web Proxy (NETSKOPE_WEBPROXY)
• Network Policy Server (MICROSOFT_NPS)
• NGINX (NGINX)
• Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
• Nutanix Prism (NUTANIX_PRISM)
• Obsidian (OBSIDIAN)
• Office 365 (OFFICE_365)
• Okta (OKTA)
• Onapsis (ONAPSIS)
• One Identity TPAM (ONEIDENTITY_TPAM)
• OneLogin (ONELOGIN_SSO)
• Open Cybersecurity Schema Framework (OCSF) (OCSF)
• Oracle (ORACLE_DB)
• Palo Alto Networks Firewall (PAN_FIREWALL)
• Palo Alto Panorama (PAN_PANORAMA)
• Ping Identity (PING)
• PostFix Mail (POSTFIX_MAIL)
• PostgreSQL (POSTGRESQL)
• Proofpoint CASB (PROOFPOINT_CASB)
• Proofpoint Email Filter (PROOFPOINT_MAIL_FILTER)
• Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
• Proofpoint Tap Alerts (PROOFPOINT_MAIL)
• Pulse Secure (PULSE_SECURE_VPN)
• QNAP Systems NAS (QNAP_NAS)
• Radware Web Application Firewall (RADWARE_FIREWALL)
• Recorded Future (RECORDED_FUTURE_IOC)
• Red Hat OpenShift (REDHAT_OPENSHIFT)
• Salesforce (SALESFORCE)
• SAP Sybase Adaptive Server Enterprise Database (SAP_ASE)
• Security Command Center Chokepoint (GCP_SECURITYCENTER_CHOKEPOINT)
• Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
• Security Command Center Threat (GCP_SECURITYCENTER_THREAT)
• Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
• ServiceNow Audit (SERVICENOW_AUDIT)
• Snare System Diagnostic Logs (SNARE_SOLUTIONS)
• Snyk Group level audit/issues logs (SNYK_ISSUES)
• Solaris system (SOLARIS_SYSTEM)
• Sophos Central (SOPHOS_CENTRAL)
• STIX Threat Intelligence (STIX)
• Stormshield Firewall (STORMSHIELD_FIREWALL)
• Sublime Security (SUBLIMESECURITY)
• Suricata EVE (SURICATA_EVE)
• Swift Alliance Messaging Hub (SWIFT_AMH)
• Symantec DLP (SYMANTEC_DLP)
• Symantec Endpoint Protection (SEP)
• Symantec Messaging Gateway (SYMANTEC_MAIL)
• Tableau (TABLEAU)
• TCPWave DDI (TCPWAVE_DDI)
• TeamViewer (TEAMVIEWER)
• Tenable Active Directory Security (TENABLE_ADS)
• Tenable OT (TENABLE_OT)
• Tenable.io (TENABLE_IO)
• Thinkst Canary (THINKST_CANARY)
• ThreatConnect IOC V3 (THREATCONNECT_IOC_V3)
• Trellix HX Event Streamer (TRELLIX_HX_ES)
• Trend Micro (TIPPING_POINT)
• Trend Micro Vision One (TRENDMICRO_VISION_ONE)
• Trend Micro Vision One Workbench (TRENDMICRO_VISION_ONE_WORKBENCH)
• TrendMicro Deep Discovery Inspector (TRENDMICRO_DDI)
• TXOne Stellar (TRENDMICRO_STELLAR)
• Unifi AP (UNIFI_AP)
• Unix system (NIX_SYSTEM)
• Vectra Detect (VECTRA_DETECT)
• Vectra XDR (VECTRA_XDR)
• Veritas NetBackup (VERITAS_NETBACKUP)
• Versa Firewall (VERSA_FIREWALL)
• VMware ESXi (VMWARE_ESX)
• VMware NSX (VMWARE_NSX)
• VMware vCenter (VMWARE_VCENTER)
• WatchGuard (WATCHGUARD)
• Windows DNS (WINDOWS_DNS)
• Windows Event (WINEVTLOG)
• Windows Event (XML) (WINEVTLOG_XML)
• Wiz.io (WIZ_IO)
• Workday Audit Logs (WORKDAY_AUDIT)
• Workspace Activities (WORKSPACE_ACTIVITY)
• Workspace Alerts (WORKSPACE_ALERTS)
• Zimperium (ZIMPERIUM)
• Zscaler (ZSCALER_WEBPROXY)
• Zscaler CASB (ZSCALER_CASB)
• Zscaler DLP (ZSCALER_DLP)
• ZScaler DNS (ZSCALER_DNS)
• Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
• ZScaler NGFW (ZSCALER_FIREWALL)
• Zscaler Private Access (ZSCALER_ZPA)
• Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)
• Zscaler Tunnel (ZSCALER_TUNNEL)
• Zywall (ZYWALL)

The following log types were added without a default parser. Each parser is listed by product name andlog_type value, where applicable.

• Aikido (AIKIDO)
• Akamai API Security (AKAMAI_API_SECURITY)
• Alkira IP Flow (ALKIRA_IP_FLOW)
• Atlassian Guard Detect (ATLASSIAN_GUARD_DETECT)
• BlinkOps (BLINKOPS)
• Canvas LMS (CANVAS_LMS)
• Cisco Secure Email Threat Defense (CISCO_SECURE_EMAIL_THREAT_DEFENSE)
• Cisco StarOS (CISCO_STAR_OS)
• Citadel Identity360 (CITADEL_IDENTITY360)
• Cyware Threat Intelligence Exchange (CTIX)
• Cyberark Identity Audit (CYBERARK_IDENTITY_AUDIT)
• CyCognito ASM (CYCOGNITO_ASM)
• Dell VxRail (DELL_VXRAIL)
• Gene6 FTP Server (GENE6_FTP)
• IBM Copy Services Manager (IBM_CSM)
• LangSmith Audit (LANGSMITH_AUDIT)
• Mellanox Switch (MELLANOX_SWITCH)
• Microsoft Entra ID Protection (MICROSOFT_ENTRA_ID_PROTECTION)
• NSFOCUS Next Generation Intrusion Prevention System (NSFOCUS_NGIPS)
• Perplexity (PERPLEXITY)
• Pleasant Password Server (PLEASANT_PASSWORD_SERVER)
• Prompt Security (PROMPT_SECURITY)
• Qualtrics Audit (QUALTRICS_AUDIT)
• Rancher API Audit Log (RANCHER_API_AUDIT_LOG)
• Rubrik Security Cloud (RUBRIK_SECURITY_CLOUD)
• SAP Business Warehouse (SAP_BW)
• SAP Change Document (SAP_CHANGE_DOCUMENT)
• SAP Gateway (SAP_GATEWAY)
• SAP Hana Audit (SAP_HANA_AUDIT)
• Scale Computing (SCALE_COMPUTING)
• Slack API (SLACK_API)
• Snowplow (SNOWPLOW)
• Sterling Order Management System Data (STERLING_OMS_DATA)
• Strivacity (STRIVACITY)
• Tencent CloudAudit (TENCENT_CLOUD_AUDIT)
• Trellix EX (TRELLIX_EX)
• Unifi System (UNIFI_SYSTEM)
• Windows Bindplane (WINDOWS_BINDPLANE)
• Witness AI Control (WITNESS_AI_CONTROL)
• Zendesk Advanced Data Privacy and Protection (ZENDESK_ADPP)

Conversational Analytics now displays its reasoning for how it analyzes queries. After you enter your query, clickShow reasoning to see a plain text explanation of the steps that Conversational Analytics took to interpret your query.

Organization Policy Service custom constraints are available for someArtifact Analysis resources. For more information, seeUse custom organization policies.

Organization Policy Service custom constraints are available for some Storage Transfer Serviceresources. For more information, seeCustom organization policy constraints.

Access Resource Manager using our remote MCP server

You can use the Resource Manager remote MCP server to search for and identify allGoogle Cloud projects you have permission to access, so you have the correctidentifiers before configuring specific resources.

TheResource Manager remote MCP server is inPreview.

Secure Source Manager is now available in the followingregions:

• us-east1 (South Carolina)

You can create and hostremote functionsin Cloud Run and call them from Spanner queriesusing the GoogleSQL dialect. This feature is inPreview.

Organization Policy Service custom constraints are now available forStorage Transfer Service. You can use custom constraints to control howStorage Transfer Service is used in your organization. For example, you can restricttransfers to only allow Cloud Storage to Cloud Storage transfers, orrestrict transfers to a specific list of approved source buckets.

SeeCustom organization policy constraintsfor details.

TheCase Federation feature is no longer dependent on theCase Federation integration in the primary platform.

The primary platform sync job is now disabled. Do not attempt to re-enable it.

For more information, seeSet up federated case access for SecOps.

TheCase Federation feature is no longer dependent on theCase Federation integration in the primary platform.

The primary platform sync job is now disabled. Do not attempt to re-enable it.

For more information, seeSet up federated case access for SecOps.

TheCase Federation feature is no longer dependent on theCase Federation integration in the primary platform.

The primary platform sync job is now disabled. Do not attempt to re-enable it.

For more information, seeSet up case federation access for SOAR.

Release 6.3.74 is being rolled out to the first phase of regions as listedhere.

This release contains the following changes:

TheCase Federation feature is no longer dependent on theCase Federation integration in the primary platform.

The primary platform sync job is now disabled. Do not attempt to re-enable it.

For more information, seeSet up case federation access for SOAR.

Release 6.3.74 is being rolled out to the first phase of regions as listedhere.

This release contains the following changes:

Go 1.11 isdeprecated.You won't be able to deploy Go 1.11 applications, even if your organizationpreviously used an organization policy to re-enable deployments of legacyruntimes. Your existing Go 1.11 applications will continue to run and receivetraffic. We recommend that youmigrate to the latest supported version ofGo.

Java 8 isdeprecated.You won't be able to deploy Java 8 applications, even if your organizationpreviously used an organization policy to re-enable deployments of legacyruntimes. Your existing Java 8 applications will continue to run and receivetraffic. We recommend that youmigrate to the latest supported version ofJava.

PHP 5 isdeprecated.You won't be able to deploy PHP 5 applications, even if yourorganization previously used an organization policy to re-enabledeployments of legacy runtimes. Your existing PHP 5 applicationswill continue to run and receive traffic. We recommend that youmigrate to the latest supported version of PHP.

Python 2.7 isdeprecated.You won't be able to deploy Python 2.7 applications, even if yourorganization previously used an organization policy to re-enabledeployments of legacy runtimes. Your existing Python 2.7 applicationswill continue to run and receive traffic. We recommend that youmigrate to the latest supported version of Python.

Cloud Workstations supportsHyperdisk Balanced High Availability (hyperdisk-balanced-ha) for persistent directories on configurations using A3, C3, C4, G4, M3, N4, N4D, and Z3 machine series. You can specify the disk type using the--disk-type flag with thegcloud workstations configs create andgcloud workstations configs update commands.

Cloud Workstations supports A3 machine types with Hyperdisk only. For more details, seeAvailable machine types andAvailable GPUs.

Customer Experience Insights offersanalysis rules for follow up analysis. A follow up analysis rule tells CX Insights to analyze a group of conversations based on the result from an analysis of a different group of conversations.

Release 6.3.73 is now available for all regions.

Release 6.3.73 is now available for all regions.

Multiple security vulnerabilities have been identified in the OpenSSL library.The most significant finding is CVE-2025-15467, a critical vulnerability thatmight allow for remote code execution (RCE) or denial of service (DoS) attacksvia network-based vectors.

For more details, see theGCP-2026-006 security bulletin.

Multiple security vulnerabilities have been identified in the OpenSSL library.The most significant finding is CVE-2025-15467, a critical vulnerability thatmight allow for remote code execution (RCE) or denial of service (DoS) attacksvia network-based vectors.

For more details, see theGCP-2026-006 security bulletin.

Bigtable has a unified, customizable system insights dashboard. This dashboardincludes predefined metrics and other Google Cloud metrics. Thisfeature isgenerally available (GA).For more information, seeCustomize the system insights dashboard.

We have corrected the issue resulting in incomplete Cloud Run emissions data forNovember and December 2025. Customers who used Cloud Run during this period cannow access the corrected data.

Action Required: To see the corrected Cloud Run emissions data,schedule a manual data backfill for Novemberand December 2025. Note that there is a half-month lag of our data release. Forexample, to backfill November and December 2025 data, run the backfill forDecember 15, 2025 and January 15, 2026, which will update the data for Novemberand December 2025 in your BigQuery table.

The following resource types are publicly available through theExportAssets,ListAssets,BatchGetAssetsHistory,QueryAssets,Feed,SearchAllResources,andSearchAllIamPoliciesAPIs.

• BigQuery
  • bigquery.googleapis.com/Routine

Folder level and organization level support for thequota adjuster feature is available inPreview through theCloud Quotas API,gcloud quotas betaCLI,Terraform, andCloud Client Libraries. For moreinformation, see the documentation about how toenable the quota adjuster through the Cloud Quotas API.

Object change notification is deprecated on January 30, 2026. To generatenotifications for changes to objects, usePub/Sub notifications for Cloud Storage instead.

NewServerless for Apache Spark runtime versions:

• 3.0.4

Dataproc on Compute Engine: The following subminor image versions announced onJanuary 24, 2026 have been rolled back:

• 2.0.157-debian10, 2.0.157-ubuntu18, 2.0.157-rocky8
• 2.1.106-debian11, 2.1.106-ubuntu20, 2.1.106-ubuntu20-arm, 2.1.106-rocky8
• 2.2.74-debian12, 2.2.74-ubuntu22, 2.2.74-ubuntu22-arm, 2.2.74-rocky9
• 2.3.21-debian12, 2.3.21-ml-ubuntu22, 2.3.21-rocky9, 2.3.21-ubuntu22, 2.3.21-ubuntu22-arm

Gemini Enterprise: Support for new actions (Preview)

New actions are available for the following data stores:

• Jira Data Center
• Zendesk

For a list of actions for these data stores, seeSupported actions.

Multiple security vulnerabilities have been identified in the OpenSSL library.The most significant finding is CVE-2025-15467, a critical vulnerability thatmight allow for remote code execution (RCE) or denial of service (DoS) attacksvia network-based vectors.

For more details, see theGCP-2026-006 security bulletin.

Multiple security vulnerabilities have been identified in the OpenSSL library.The most significant finding is CVE-2025-15467, a critical vulnerability thatmight allow for remote code execution (RCE) or denial of service (DoS) attacksvia network-based vectors.

For more details, see theGCP-2026-006 security bulletin.

The following v2 connectors, which utilize Google Storage Transfer Service (STS), are now in General Availability:

• Google Cloud Storage v2
• Amazon S3 v2
• Google Cloud Storage (Event Driven)
• Amazon SQS v2
• Azure Blobstore v2

The following v2 connectors, which utilize Google Storage Transfer Service (STS), are now in General Availability:

• Google Cloud Storage v2
• Amazon S3 v2
• Google Cloud Storage (Event Driven)
• Amazon SQS v2
• Azure Blobstore v2

The following v2 connectors, which utilize Google Storage Transfer Service (STS), are now in General Availability:

• Google Cloud Storage v2
• Amazon S3 v2
• Google Cloud Storage (Event Driven)
• Amazon SQS v2
• Azure Blobstore v2

Theprompt injection and jailbreak detectionfilter for the Mumbai (asia-south1) and Singapore (asia-southeast1) regionsis upgraded to improve detection accuracy and reduce the rate of false positives.

Spanner supports theUUID data type for bothGoogleSQL and PostgreSQL-dialect databases. Thisdata type stores universally unique identifiers (UUIDs) as 128-bit values.

You can use the GoogleSQLNEW_UUID()function or the PostgreSQLgen_random_uuid() tofunction to create UUID values.

For more information, seeUse a universally unique identifier (UUID).

The updated reCAPTCHA Mobile SDK improves the risk score. You should reviewand adjust your reCAPTCHA action thresholds as needed.

Upgraded the Open Telemetry image from v0.119.0 to v0.127.0. This version removes the deprecated OpenCensus receiver. This change impacts only custom metric solutions that use the OpenCensus receiver. To understand the changes in each release, review thechange logs

Resolved an issue where metrics for deleted ResourceGroups continued to show outdated values.

Addressed multiple Common Vulnerabilities and Exposures (CVEs) by updating dependencies.

Upgraded bundled Helm version from v3.15.3 to3.18.6 to pick up vulnerability fixes. To understand the changes in each release, review thechangelogs.

BigQuery now supports aRANDOM_HASH predefined masking rule. This rule returnsa hash of the column's value using a salted hash algorithm, and it providesstronger security than the standardHash (SHA-256) rule.

For more information, seeData masking rules.

BigQuery now offersconversational analytics,which accelerates data analysis by enabling insights through natural language.Users can view a predefined sample agent, chat with their BigQuery data orcustom agents, and access those agents even outside of BigQuery. They can alsousesupported BigQuery ML functionsin verified queries and in chat. This feature is inPreview.

You can now createBigQuery ML models by using theGoogle Cloud console.

This feature isgenerally available(GA).

Environment snapshotsare available in environments with Airflow 3 (Preview).

This feature is gradually rolled out in several releases and is available inthe following regions in this release: africa-south1, asia-east1, asia-east2,asia-northeast2, asia-northeast3, asia-south2, asia-southeast2,australia-southeast2, europe-central2, europe-north1, europe-north2,europe-southwest1, europe-west10, europe-west12, europe-west3, europe-west4,europe-west6, europe-west8, europe-west9, me-central1, me-central2, me-west1,northamerica-northeast1, northamerica-northeast2, northamerica-south1,southamerica-east1, southamerica-west1, us-east1, us-east5, us-south1,us-west2, us-west3 and us-west4.

The following Cloud Composer versions and builds have reached theirend of support period:composer-3-airflow-2.9.3-build.14 and composer-2.11.1-*.

(Cloud Composer 2) Airflow component metrics are now availableon the Monitoring dashboardin the Google Cloud console. This feature was previously available only inCloud Composer 3.

NewAirflow buildsare available in Cloud Composer 3:

• composer-3-airflow-3.1.0-build.8
• composer-3-airflow-2.10.5-build.25 (default)
• composer-3-airflow-2.9.3-build.45

(Airflow 3.1.0 in Cloud Composer 3)Theapache-airflow-providers-google package was upgraded to version 19.4.0.For more information about changes, see theapache-airflow-providers-google changelog.

(Available without upgrading) Cloud Composer 3 environment metadata in CloudAsset Inventory now matches the environment configuration available through theCloud Composer API, including the image version format.

Newimagesare available in Cloud Composer 2:

• composer-2.16.3-airflow-2.10.5 (default)
• composer-2.16.3-airflow-2.9.3

(Airflow 2) The Dag Details view in Airflow UI now scrolls correctly when the"Run config" field contains long values.

TheComposer Local Development CLI toolis now available for Airflow 3 (Preview).

You can now export your Crashlytics data and (optionally) Firebase sessionsdata to Cloud Logging. Once the data is exported, it's also available toCloud Monitoring, so you can filter your logs, build custom dashboards, setup custom alerts, and even export the data to other services. For information about how to export your Crashlytics data, seeExport Crashlytics data toCloud Logging,and for information about howyou can use this data, seeWhat can you do with Crashlytics data inCloud Logging.

You can control data lineage ingestion for Dataprocat the organization, folder, or project level. This feature is inPreview.For more information, seeControl lineage ingestion.

Stretched private clouds capable of hosting bothve1 andve2 node-familyclusters are now available in the following regions:

• Sydney, Australia, Asia Pacific (australia-southeast1-a,australia-southeast1-b)
• Frankfurt, Germany, Europe (europe-west3-a,europe-west3-b)

While a stretched private cloud can contain mixed node families, each individualstretched cluster must be comprised of nodes from the same family type.

The following versions are now available for new GKE clusters, and formanual control plane upgrades and node upgrades for existing clusters. For moreinformation about versioning and upgrades, seeGKE versioning andsupport andAbout GKEcluster upgrades.