Google Cloud release notes

Stay organized with collections Save and categorize content based on your preferences.

Announcing the general availability of Gemini Code Assist API development features in Apigee

With this functionality, you can accelerate your API development lifecycle within VS Code using Gemini Code Assist in Apigee. This feature allows you to use natural language prompts to design, create, iterate, and manage OpenAPI specifications with the following capabilities:

• AI-Powered API Design: Generate high-quality OpenAPI specifications from natural language prompts to the Apigee tool in Gemini Code Assist Chat, leveraging the Gemini model and the enterprise context of your API hub.
• Effortless Iteration: Refine existing or newly generated specifications using the intuitive Gemini chat interface.
• Integrated Testing: Quickly validate your APIs by deploying them to a local or Google Cloud-hosted mock server.
• Streamlined Workflow: Publish your completed API specifications directly to Apigee API hub and kick-start proxy development by creating Apigee proxy bundles from your API specifications.
• Duplicate Endpoint Detection: Proactively identify and prevent the creation of duplicate API endpoints already registered in your API hub.

For more information and usage instructions, see Designing and editing APIs, Tutorial: Use Gemini Code Assist to design, develop, and test APIs in Apigee, and Setting up Apigee API Management in Cloud Code for VS Code.

GKE now provides insights and recommendations that help you to identify and remediate clusters where the etcd cluster state database size is approaching the limit. Implementing the recommendation helps you to keep your clusters stable and performant.

Vertex AI Search: Adjust autocomplete settings to reduce risk of PII leaks (Public preview)

If you use either the search history or user events model for autocomplete suggestions and you have concerns about your users entering their personally identifiable information (PII) as search queries, then see Reduce the risk of returning suggestions that contain PII.

This feature is in Public preview.

You can now start, stop, and restart your primary and read pool AlloyDB instances using the Google Cloud console and the Google Cloud CLI. This feature is generally available (GA).

GA: Apigee Integrated Developer Portal Admin UI in the Google Cloud console.

This release adds the Apigee Integrated Developer Portal Admin UI from the Classic Apigee UI into the Google Cloud console.

Leveraging Google Cloud console components provides API providers and Portal Admins with a centralized platform to efficiently configure, publish, and manage your API consumer portals, eliminating the need to switch between different UIs.

No new APIs have been introduced in this release.

See Publishing overview to get started.

Public Preview: Apigee Extension Processor support for request and response body processing

When creating a load balancer service extension, you can customize the behavior of the extension processor proxy to support request body processing, response body processing, or a combination of the two.

For more information, see Get started with the Apigee Extension Processor.

You can now use the dbt-bigquery adapter to run Python code that's defined in BigQuery DataFrames. For more information, see Use BigQuery DataFrames in dbt. This feature is in preview.

You can now use your Google Account user credentials to authorize the creation, scheduling, and running of pipelines as well as the scheduling of notebooks and data preparations. For more information, see Create a pipeline schedule. This feature is in preview.

You can now create event-driven transfers when transferring data from Cloud Storage to BigQuery. Event-driven transfers can automatically trigger transfer runs when data in your Cloud Storage bucket has been modified or added. This feature is generally available (GA).

You can now configure the observability scope or set the default log scope by using the Google Cloud CLI. You must use version 254.0 or higher. For more information, see Configure observability scopes and Set the default log scope.

Conversational Insights offers a merged analysis, which displays the previous results of each analysis type alongside your most recent analysis result. Merged analysis eliminates the need to run every analysis multiple times.

Public preview: Google Managed Service for Apache Kafka now offers schema registry support. For more information about the feature, see the schema registry overview or get started with an Avro producer in Java.

Pro feature: Code Interpreter is enabled by default

The Code Interpreter for Conversational Analytics is now enabled by default when the Gemini in Looker and Trusted Tester features settings are enabled for the Google Cloud project that is associated with a Looker Studio Pro subscription. The Code Interpreter in Conversational Analytics is a Preview feature that translates your natural language questions into Python code and executes that code to provide advanced analysis and visualizations.

Looker Studio users with the appropriate permissions can manage enablement on the Gemini in Looker page under User Settings.

You can now create a serverless Spark session and run PySpark code in a BigQuery notebook. This feature is generally available (GA).

Column metadata indexing is now available for both BigQuery tables and external tables. This feature is generally available (GA).

Multiple regions now benefit from enhanced responsiveness for latency-sensitive applications for Cloud Run service URLs.

Cloud SQL for SQL Server now offers the maximum server memory recommender.

Database instances running with an allocation of memory that's either too low or too high might experience performance issues.

The max server memory (mb) flag limits the amount of memory that Cloud SQL can allocate for its internal pools. You can manually set a value for this flag, or omit the flag and let Cloud SQL manage memory limits for you automatically.

For more information, see Optimize maximum server memory usage.

Python 3.11 is now available in Colab Enterprise. Existing runtimes and runtime templates will remain using Python 3.10. For more information, see Python versions.

When you create a runtime template, you can now configure it to use the latest Python version available to Colab Enterprise, or you can specify the Python version. Using Latest is a new option that means when a new version of Python is introduced to Colab Enterprise, runtimes that you create will use the latest Python version.

Existing runtime templates and runtimes remain using their current Python version (Python 3.10). This includes existing auto-generated default runtime templates. To create default runtime templates that use Latest, you must do one of the following:

• Delete the existing default runtime templates. Then, when a new default runtime template is created, the Python version will be set to Latest.
• Change a runtime template's Python version by using the REST API.

You can now use strict act-as mode to enable an additional security check for certain user actions in Dataform. For more information, see Use strict act-as mode. This feature is in preview.

Manage files and folders in the Context Drawer

You can now view and manage files and folders requested to be included in Gemini Code Assist's context, using the Context Drawer. After you specify a file or folder to be used as context for your Gemini Code Assist prompts, these files and folders are placed in the Context Drawer, where you can review and remove them from the prompt context.

This gives you more control over which information Gemini Code Assist considers when responding to your prompts.

Workforce Identity Federation supports detailed audit logging, which you can use to troubleshoot attribute mapping issues. This feature is generally available.

You can assign IPv6 bring your own IP (BYOIP) addresses to a subnet's external address range. These subnet ranges can only be used by VM instances, either as ephemeral or reserved addresses. To reserve addresses from these ranges, create a static regional external IPv6 address with the VM endpoint type. This feature is available in General Availability.

For more information, see Create and use IPv6 sub-prefixes.

The AlloyDB Omni Kubernetes operator version 1.4.1 is generally available (GA) and includes the following bug fixes:

• Fix for overriding replication related parameters. This fix lets you override the wal_keep_size value. For more information, see Work with cross-data-center replication. This fix requires database version 15.7.1 or later.
• 63-character DBCluster names are supported, which lets you define clearer and more descriptive cluster names.
• Various bug fixes are implemented to enhance stability and the user experience.

The AlloyDB Omni Kubernetes operator version 1.4.1 is generally available (GA) and includes the following bug fixes:

• Fix for overriding replication related parameters. This fix lets you override the wal_keep_size value. For more information, see Work with cross-data-center replication. This fix requires database version 15.7.1 or later.
• 63-character DBCluster names are supported, which lets you define clearer and more descriptive cluster names.
• Various bug fixes are implemented to enhance stability and the user experience.

With this release, Advanced API Security expands its runtime region support to include africa-south1 (Johannesburg).

For a list of supported regions, see Apigee locations.

You can now share Pub/Sub streaming data through BigQuery sharing with additional client libraries support and provider usage metrics. This feature is generally available (GA).

BigQuery offers optional job creation mode to speed up small queries that you use in your dashboards, data exploration, and other workflows. This mode automatically optimizes eligible queries and uses a cache to improve latency. This feature is generally available (GA).

You can now create build triggers that build from repositories connected to Developer Connect.

Learn how to instrument your generative AI applications by using OpenTelemetry and the LangGraph framework to collect information about the actions taken by your AI agent. You can view generative AI events by using the Trace Explorer:

• Instrument generative AI applications
• Instrument a LangGraph ReAct Agent with OpenTelemetry
• View generative AI events

Support NVIDIA MFT Tools on COS.

Inject IMEX channel char device for GB200 GPUs.

Support NVIDIA MFT Tools on COS.

Inject IMEX channel char device for GB200 GPUs.

Support NVIDIA MFT Tools on COS.

Support NVIDIA MFT Tools on COS.

You can now use the Filestore CSI driver to create Filestore instances with the NFSv4.1 protocol from the Google Kubernetes Engine (GKE) cluster. This feature is available for zonal, regional, and enterprise service tiers.

QM integration now includes chat session events

You can now export chat session events to an external quality management (QM) system. After you configure the endpoint of your QM system in Google Cloud CCaaS, your chat session events can be streamed to the endpoint in real time.

User experience change:

• The QM Integration dialog at Settings > Developer Settings > Session Data Export > QM Integration has a new QM Chat Events - send chat sessions events checkbox.

For more information, see QM, SIPREC, and WFM integration.

Remove email subject lines from interaction data

We now support removing email subject lines when you delete interaction data from your instance for specified end-users. The email subjects are removed when you delete data for an end-user in the Consumer Privacy dialog at Settings > Consumer Management > Consumer Privacy. To completely remove an end-user's data, you must also delete their emails from your mail server. You must also delete chat transcripts, call recordings, and other session-related files from your CRM or external storage, depending on your configuration.

For more information, see Remove subject lines from end-user email interactions.

New sender email with auto-response emails

You can now configure an outbound-only email address and use it as the sender address for auto-response emails. The outbound-only address is a "no-reply" email address that prevents the receiver from responding.

User experience changes:

• The Auto-response dialog at Settings > Queue > Email > [your-email-queue] > Auto-response has a new Sender email field.
• The Add an email dialog at Settings > Developer Settings > Email Account Management > Email account list > Add email account has a new This is an outbound only email account checkbox.

For more information, see Configure an outbound-only email account and Configure an auto-response email.

Include images in outbound emails

You can now include images in outbound emails. This includes emails from an agent in an email session and outbound auto-response emails.

User experience change:

• The Auto-response dialog at Settings > Queue > Email > [your-email-queue] > Auto-response has a new Insert Image button.
• The email adapter has a new Insert Image button.

For more information, see Agent email adapter and Configure an auto-response email.

In GKE version 1.32.2-gke.1297000 and later, you can run GPU workloads on Confidential GKE Nodes with the A3 High machine type and NVIDIA H100 GPUs. This enables stronger data protection and integrity for GPU-accelerated computations running within GKE clusters and nodes. This feature is available in Preview. For more information, see Encrypt GPU workload data in use with Confidential GKE Nodes.

In GKE version 1.32.2-gke.1297000 and later, you can use the Intel TDX and AMD SEV-SNP Confidential Computing technologies with Confidential GKE Nodes. This feature is in General Availability. Use Confidential GKE Nodes to encrypt your workload data in-use through Compute Engine Confidential VMs for data and code confidentiality and integrity. For more information, see Encrypt workload data in-use with Confidential GKE Nodes.

Generally Available: A3 Ultra accelerator-optimized machine types are now available in the following additional regions and zones:

APAC

• Mumbai, India: asia-south1-b
• Delhi, India: asia-south2-c

Europe:

• St. Ghislain, Belgium: europe-west1-b
• Eemshaven, Netherlands: europe-west4-b

North America:

• Council Bluffs, Iowa: us-central1-b
• Moncks Corner, South Carolina: us-east1-d
• Ashburn, Virginia,: us-east4-b
• The Dalles, Oregon: us-west1-c
• Dallas, Texas: us-south1-b

For a complete list of A3 Ultra regions and zones, see GPU regions and zones.

Datastream now supports MongoDB as a source. The feature is in Preview.

For more information, see the Datastream documentation.

New Storage Transfer Service (STS) based feeds

This feature is currently in Preview.

Existing tenants are now able to create new feeds using STS, whereas existing feeds will remain unaffected. Customers will be separately notified about the required steps and timelines for the migration of existing feeds to STS. The following new feeds are available:

• GOOGLE_CLOUD_STORAGE_V2
• GOOGLE_CLOUD_STORAGE_EVENT_DRIVEN
• AMAZON_S3_V2
• AMAZON_SQS_V2
• AZURE_BLOBSTORE_V2

The following feed types are replaced by the new STS-based feeds:

• GOOGLE_CLOUD_STORAGE replaced by GOOGLE_CLOUD_STORAGE_V2
• AMAZON_S3 replaced by AMAZON_S3_V2
• AMAZON_SQS replaced by AMAZON_SQS_V2
• AZURE_BLOBSTORE replaced by AZURE_BLOBSTORE_V2

For more information, see Storage Transfer Service and its benefits and Configuration by source type.

New Storage Transfer Service (STS) based feeds

This feature is currently in Preview.

Existing tenants are now able to create new feeds using STS, whereas existing feeds will remain unaffected. Customers will be separately notified about the required steps and timelines for the migration of existing feeds to STS. The following new feeds are available:

• GOOGLE_CLOUD_STORAGE_V2
• GOOGLE_CLOUD_STORAGE_EVENT_DRIVEN
• AMAZON_S3_V2
• AMAZON_SQS_V2
• AZURE_BLOBSTORE_V2

The following feed types are replaced by the new STS-based feeds:

• GOOGLE_CLOUD_STORAGE replaced by GOOGLE_CLOUD_STORAGE_V2
• AMAZON_S3 replaced by AMAZON_S3_V2
• AMAZON_SQS replaced by AMAZON_SQS_V2
• AZURE_BLOBSTORE replaced by AZURE_BLOBSTORE_V2

For more information, see Storage Transfer Service and its benefits and Configuration by source type.

The Flex service level now supports auto-tiering feature in Preview, and available only for custom-performance Flex zonal pools. For more information, see Manage auto-tiering.

The cross-region backup vaults feature is now generally available. For more information, see Backup vaults.

Efficient backup copying is now enabled for incremental backups. When you copy an incremental backup, Spanner also copies all the older backups in the chain required to restore the copied backup. If the destination instance already contains a backup chain that ends with an older backup copied from the same source chain, Spanner now avoids creating redundant copies of existing backups to save storage and network costs. Spanner copies only the incremental backup and any older backups not present in the destination chain, and appends these backups to the existing chain.

While Spanner aims to avoid redundant copies, in rare situations, Spanner might need to copy all the older backups in the chain, even if previously copied backups already exist in the destination instance.

For more information, see Incremental backups.

Environment load balancing

The environment load balancing feature offers improved stability and fair resource sharing in multi-tenant environments. It uses a lottery algorithm for resource allocation and lets administrators prioritize environments via API-based weighting.

For more information, see Manage environment load balancing.

The Canada Protected B control package is now generally available.

Preview: You can view and export usage and forecast data of the machine types and TPUs in your project, folder, or organization. This information helps you analyze usage trends and plan for future capacity needs. For more information, see the following:

• Capacity Planner overview

• View usage and forecast data in Capacity Planner

• Export usage and forecast with the Google Cloud console

• Export usage and forecast with the Capacity Planner API

• Reserve capacity in Capacity Planner

Generally available: Resource-based committed use discounts (CUDs) are available for M4 machine types that come with 6 TB of memory. Learn more about how to purchase commitments for M4 6 TB machine types.

Dataproc now supports the creation of zero-scale clusters, available in preview. This feature provides a cost-effective way to use Dataproc clusters, as they utilize only secondary workers that can be scaled down to zero when not in use.

In the Google Cloud console, the GKE security posture dashboard now uses Security Command Center to show the top threats that affect your GKE workloads. This feature is in General Availability.

Generally available: You can proactively manage upcoming maintenance host events on your reserved blocks of capacity, whether VMs are running on them or not. This approach helps you minimize disruptions and maintain optimal performance. For more information, see Manage host events across reservations.

AlloyDB for PostgreSQL supports the pg_ivm extension, which provides incremental view maintenance for materialized views.

Public preview of server-sent events

Apigee now supports continuous response streaming from server-sent event (SSE) endpoints to clients in real time. The Apigee SSE feature is useful for handling large language model (LLM) APIs that operate most effectively by streaming their responses back to the client. SSE streaming reduces latency, and clients can receive response data as soon as it is generated by an LLM. This feature supports the use of AI agents that operate in real time environments, such as customer service bots or workflow orchestrators. For more information, see Streaming server-sent events.

Public Preview of Apigee policies for LLM/GenAI workloads

Four new Apigee policies supporting LLM/GenAI workloads are now available in Public Preview:

• SemanticCacheLookup policy
• SemanticCachePopulate policy
• SanitizeUserPrompt
• SanitizeModelResponse

The Apigee semantic caching policies enable intelligent response reuse based on semantic similarity. Using these policies in your Apigee API proxies can minimize redundant backend API calls, reduce latency, and lower operational costs.

The Model Armor policies protect your AI applications by sanitizing user prompts to and responses from large language models (LLMs). Using these policies in your Apigee API proxies can mitigate the risks associated with LLM usage by leveraging Model Armor to detect prompt injection, prevent jailbreak attacks, apply responsible AI filters, filter malicious URLs, and protect sensitive data.

For more information on using these policies in your Apigee API proxies, see:

• Get started with semantic caching policies
• Get started with Apigee Model Armor policies

When you migrate Teradata data to BigQuery using the BigQuery Data Transfer Service, you can now specify the outputs of the BigQuery translation engine to use as schema mapping. This feature is in preview.

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some BigQuery resources. This feature is available in Preview.

When you Set up Gemini in BigQuery you are now prompted to grant the BigQuery Studio User and BigQuery Studio Admin roles. These roles now include permission to use Gemini in BigQuery features. This feature is generally available (GA).

You can select multiple columns and perform data preparation tasks on them, including dropping columns. For more information, see Prepare data with Gemini. This feature is generally available (GA).

Database Migration Service now supports MySQL minor version 8.0.42 for homogeneous MySQL migrations. For more information, see Supported source and destination databases in Cloud SQL for MySQL migrations.

You can now create an instance with both private services access and Private Service Connect enabled. You can also enable Private Service Connect on an existing private services access instance. This feature is now generally available (GA).

For more information, see Configure both private services access and Private Service Connect.

The rollout of the following minor versions, extension versions, and plugin versions is complete:

Minor versions

• 13.20 is upgraded to 13.21.
• 14.17 is upgraded to 14.18.
• 15.12 is upgraded to 15.13.
• 16.8 is upgraded to 16.9.
• 17.4 is upgraded to 17.5.

Extensions and plugins

• pg_squeeze is upgraded from 1.5 to 1.8 for all PostgreSQL versions 12 and above.

To use these versions of the extensions, update your instance to [PostgreSQL version].R20250302.00_19.

If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

For more information on checking your maintenance version, see Self-service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

You can now create an instance with both private services access and Private Service Connect enabled. You can also enable Private Service Connect on an existing private services access instance. This feature is now generally available (GA).

For more information, see Configure both private services access and Private Service Connect.

You can now create an instance with both private services access and Private Service Connect enabled. You can also enable Private Service Connect on an existing private services access instance. This feature is now generally available (GA).

For more information, see Configure both private services access and Private Service Connect.

Public preview: You can request Cloud TPUs using future reservations in calendar mode. This mode, powered by the Dynamic Workload Scheduler, lets you check TPU availability up to 120 days in advance and request capacity based on your schedule. You can use calendar mode to reserve TPUs for 1 to 90 days. Requesting a short-term reservation with calendar mode is a good fit for training and experimentation workloads that require precise start times and have a defined duration. For more information, see Request a short-term reservation using calendar mode.

Public preview: You can enable reservation sharing for Cloud TPU. This feature lets you share a reservation across multiple projects. You can also share a reservation with Vertex AI for training or serving workloads. For more information, see Share a Cloud TPU reservation.

Public preview: The general-purpose C4D machine series offers Local SSD (-lssd) machine types with up to 12 TiB of Titanium SSD. Learn more about C4D machine series and the available C4D Local SSD machine types.

Environment load balancing

The environment load balancing feature offers improved stability and fair resource sharing in multi-tenant environments. It uses a lottery algorithm for resource allocation and lets administrators prioritize SOAR environments via API-based weighting.

For more information, see Manage environment load balancing.

Chart Properties panel improvements

New improvements to the Properties panel Setup and Style tabs let users customize charts with a more organized and user-friendly flow.

New user consent flow for BigQuery data sources

When you're querying BigQuery data sources with Viewer credentials, a new user consent flow is available to verify that your email credentials can be logged.

In the Google Cloud console, the Google Kubernetes Engine (GKE) security posture dashboard shows the top threats and software vulnerabilities that affect your GKE workloads. This feature is in General Availability.

Standalone VTT outputs are now supported.

Preview stage support for the following integration:

• Model Armor

AlloyDB AI query engine (Preview) lets you combine natural language with SQL using operators like ai.if, ai.rank, and ai.generate. You can generate embeddings on images, videos, and text using multimodal embedding models, and you can use Google DeepMind's latest text embedding model into model endpoint management.

Backup and DR Service now supports backup and restore of Db2 databases using persistent disk snapshots. This is typically faster and simpler than previous methods and in some cases may also reduce costs.

This release introduces enhanced logging and alerting capabilities for backup/recovery appliances, enabling proactive monitoring of their health and status. You can now configure email notifications via Cloud Logging to receive timely alerts on appliance status changes or potential issues, and five new events have been added for more granular monitoring:

• 10237: Jobs running over 6 hours.
• 11001: Backup/recovery appliance certificate expires in X days.
• 11004: Backup/recovery appliance system components are down.
• 11006: Backup/recovery appliance unable to sync with host.
• 90003: A new backup/recovery appliance update is available.

You are now able to set access controls on routines. This feature is in Preview.

Google Cloud NetApp Volumes now supports volume replication for large capacity volumes. This feature is now generally available for allow-listed users.

The backup vault now allows users to specify a minimum retention period for backups, which prevents the backup deletion before the specified number of days. This feature is generally available for allow-listed users. For more information, see Backup vaults.

The Flex service level of Google Cloud NetApp Volumes that supports the independent provisioning of capacity and performance with zonal pools in selected regions is now generally available. For more information, see NetApp Volumes key features and Supported regions.

Vertex AI Search: Media search automatically chooses the results mode

Media search can respond to queries as full queries or as partial (search-as-you-type) queries. You can specify which query mode to use or you can specify the auto mode.

With auto mode, Media search makes the choice for you by assessing and weighting various signals such as query length and content. Use the auto mode if you have one search box that some users expect to respond with search-as-you-type suggestions and others expect to respond as a full query search.

Auto mode is the default mode. For more information, see Get search results for media.

Advanced API Security Abuse Detection incident reports now include the ability to view raw data

With this new functionality, you can view raw data underlying an incident report, including client IP address, API proxy, developer app, and other attributes.

For usage information, see the Abuse Detection customer documentation.

Preview: You can use future reservation requests in calendar mode to reserve capacity for creating VMs with TPUs attached. This feature helps you obtain and reserve high-demand resources to run generative artificial intelligence (AI), machine learning (ML), or high performance computing (HPC) workloads.

For more information, see the following pages:

• About future reservation requests in calendar mode

• Create a future reservation request in calendar mode

Vertex AI Agent Engine

The following features are now available in Preview:

• Console support for managing deployed agents
• Sessions support for Agent Development Kit agents

Audio-to-audio support for Gemini 2.5 Flash with Live API is now available as a private preview. Users must be allowlisted to use this new feature.

The model is available in the API and Vertex AI Studio.

See Live API for details.

Thought summaries are now available as an experimental feature for Gemini 2.5 Pro and 2.5 Flash.

For details, see Thinking.

The model is available in the API and Vertex AI Studio.

Imagen 4

Imagen 4 offers two Preview models: Imagen 4 Generate Preview 05-20, and Imagen 4 Ultra Generate Experimental 05-20.

For more information, see Generate images using text prompts and the Generate images API.

The model is available in the API and Vertex AI Studio.

Veo 3

Veo 3 is available in Preview for allowlisted accounts.

For more information about Veo 3, see Veo | AI Video Generator and Veo on Vertex AI API.

The model is available in the API and Vertex AI Studio.

In GKE version 1.32.3-gke.1927002 and later, GKE uses a container-optimized compute platform for the general-purpose Autopilot compute class. This platform improves Pod scheduling latency, especially during autoscaling operations. The container-optimized compute platform provides benefits like faster scaling reaction times and more precise capacity right-sizing. For more information about the general-purpose compute class, see About built-in compute classes in Autopilot clusters.

The following features have been added to Studio in Looker, which is available in preview:

• Some Looker permissions now apply to Studio in Looker reports. See Overview of Studio in Looker permissions for more information.
• Studio in Looker reports now support some download and export capabilities. See Download charts and reports for more information.

Continuous queries let you build long-lived, continuously processing SQL statements that can analyze, process, and perform machine learning (ML) inference on incoming data in BigQuery in real time.

• To monitor your continuous queries, you can use a custom job ID prefix to simplify filtering or view metrics specific to continuous queries in Cloud Monitoring.
• Continuous queries can use slot autoscaling to dynamically scale allocated capacity to accommodate your workload.

This feature is generally available (GA).

Spanner now supports cross regional federated queries from BigQuery which allow BigQuery users to query Spanner tables from regions other than their BigQuery region. Users don't incur Spanner network egress charges during the preview period. This feature is in preview.

Cloud CDN supports content targeting, which helps you cache and deliver assets that are customized for your end-user contexts. It enables device characterization and geo-targeting, which are useful for implementing responsive websites, language customization, and currency settings. This feature is now Generally Available.

Cross-Site Interconnect (Preview) support is available in the following colocation facilities:

• Taipei, Taiwan

For more information, see the Locations table and Global Locations.

To take advantage of the new features of the global external Application Load Balancer, you can now migrate your classic Application Load Balancer resources to the global external Application Load Balancer infrastructure.

To migrate to the global external Application Load Balancer, you change the load balancing scheme of your load balancing resources—specifically, the backend services and forwarding rules—from EXTERNAL to EXTERNAL_MANAGED. You can also rollback resources to the classic Application Load Balancer infrastructure, as long as you do so within 90 days of changing the load balancing scheme.

Cloud Console support is also available to help you complete the migration process.

For more details on the migration process, see the following pages:

• Migration overview
• Migrate resources from classic to global external Application Load Balancer
• Roll back migrated resources to classic Application Load Balancer

This capability is available in General availability.

Previously, Dataplex data profile scans were limited to 300 columns per BigQuery table. You can now run data profile scans on all 10,000 columns in a BigQuery table.

The following new functionality has been introduced in this release of Google Distributed Cloud connected:

• Workload network traffic tagging on GDCc servers. VLAN ID tagging on the kube0 network interface is now supported on GDC connected servers. This lets you tag your GDC connected workload traffic with a specific VLAN ID. You must request this feature when ordering your GDC connected servers deployment. For more information, see Workload network traffic tagging.

• Performance-optimized Network Function operator on GDCc servers. The Network Function operator functionality has been streamlined on GDC connected server deployments to reduce vCPU and RAM consumption. For more information, see Network Function operator profiles.

• L2 MetalLB load balancing for secondary networks. You can now specify an annotation in your Network resource and Pod configuration that triggers automatic configuration of L2 MetalLB load balancing on secondary Pod networks. For more information, see Configure a secondary interface on a Pod using Distributed Cloud multi-networking.

Preview stage support for the following integration:

• Storage batch operations

Service producers can publish services that are hosted on cross-region internal Application Load Balancers. This feature is available in Preview. For more information, see Publish services by using Private Service Connect.

API overview and metrics

The Get Started with API hub page now includes new charts and scorecards to provide a quick overview of your API landscape.

For more information see Get started with API hub.

Preview: You can use the Flex-start consumption option to obtain resources for up to seven days. Flex-start provisions capacity from a secured resource pool. Using this feature increases your chance to obtain high-demand resources like GPUs. For more information, see Choose a consumption option.

Cloud SQL for MySQL now supports minor version 8.0.42. To upgrade your existing instance to the new version, see Upgrade the database minor version.

You can now use advanced disaster recovery (DR) for your Private Service Connect (PSC) enabled Cloud SQL Enterprise Plus edition instances. With advanced DR, you can:

• Designate a cross-region disaster recovery (DR) replica
• Perform a cross-region replica failover for disaster recovery
• Restore your original deployment by using zero-data loss switchover

You can also use switchover to simulate disaster recovery without data loss. For more information, see Use advanced disaster recovery (DR). This feature is generally available (GA).

You can now use advanced disaster recovery (DR) for your Private Service Connect (PSC) enabled Cloud SQL Enterprise Plus edition instances. With advanced DR, you can:

• Designate a cross-region disaster recovery (DR) replica
• Perform a cross-region replica failover for disaster recovery
• Restore your original deployment by using zero-data loss switchover

You can also use switchover to simulate disaster recovery without data loss. For more information, see Use advanced disaster recovery (DR). This feature is generally available (GA).

Public Preview: You can use the flex-start provisioning model to increase your chances of obtaining GPUs for short-duration workloads. You can use flex-start with resize requests in managed instance groups (MIGs).

For more information, see the following:

• About resize requests in a MIG

• Compute Engine instances provisioning models

Global transaction identifier (GTID)-based replication for MySQL sources is now generally available (GA).

Support for creating custom organization policy constraints in Eventarc Advanced and in Eventarc Standard is generally available for some Eventarc resources.

Set links to open in new tabs for pivot tables and table charts

The new Open links in new tab option lets report editors specify whether hyperlinks that are included in the data will open in a new tab.

Open links in new tab option is available only for pivot tables and table charts in reports that have modern charts enabled.

Looker connector filter enhancements

The Looker connector now supports the Matches (advanced) filter condition for text and number filter types, in addition to the data and time filter type. This support applies to filters from Looker data sources that are defined in LookML models with the conditionally_filter and always_filter parameters.

Learn more about how Looker Studio interprets LookML filters.

Support for creating custom organization policy constraints in Eventarc Advanced and for creating custom organization policy constraints in Eventarc Standard is generally available for some Eventarc resources.

When you enable Security Command Center for the first time in an organization, and you enable data residency in the European Union or United States, data residency controls are enforced at rest, in use, and in transit. This feature is in General Availability.

For details, see Planning for data residency and Security Command Center regional endpoints.

You can now create a pre-filtered vector index that indexes only rows in your database that match a specific filter condition. Using a pre-filtered vector index improves both the performance and recall of approximate nearest neighbor (ANN) searchers by restricting the search to only apply to rows that satisfy the filtering condition. For more information, see Filter a vector index.

Large message payload support in Apigee

Apigee now supports message payloads up to 30MB. For more information, see:

• Message payload size.
• Properties in the ProxyEndpoint configuration elements reference.
• Properties in the TargetEndpoint configuration elements reference.

Improvements to the AppGroups functionality

Scopes and attributes can now be added to the AppGroup App Key via a POST operation on the key using the appGroupAppKey. See the updateAppGroupAppKey API for details.

Improvements to the PublishMessage policy

The PublishMessage policy now supports two new elements:

• The <UseMessageAsSource> element uses request or response message content as the source of data to be written to Pub/Sub. For more information, see <UseMessageAsSource>.

• The <Attributes> element lets you specify string attributes (key/value pairs) to include with the request or response message that is written to Pub/Sub. For more information, see <Attributes>.

You can now schedule automated data transfers from Snowflake to BigQuery using the BigQuery Data Transfer Service. This feature is in preview.

BigQuery now supports cross-region transfers for batch loading and exporting data. You can load or export your data from any region or multi-region to any other region or multi-region using a single bq load, LOAD DATA, bq extract, or EXPORT DATA statement. This feature is generally available (GA).

Vector indexes support the TreeAH index type, which uses Google's ScaNN algorithm. The TreeAH index is optimized for efficient batch processing, capable of handling anywhere from a few thousand to hundreds of thousands of embeddings at once. This feature is generally available (GA).

It is now possible to migrate from Cloud Composer 1 to Cloud Composer 3 using snapshots in all regions supported by Cloud Composer 3. The gradual rollout of this feature is finished.

It is now possible to restart the Airflow web server through Cloud Composer API by using the RestartWebServer method.

Global and cross-region load balancers now support enabling traffic isolation on the service load balancing policy. By default, these load balancers use the WATERFALL_BY_REGION algorithm which allows traffic overflow to other regions when backends in the region closest to the user are either full or unhealthy. Enabling traffic isolation lets the load balancer route traffic only to the region closest to the user, even if all the backends in that region are running at their configured capacity limit. You can also choose to prevent traffic overflow entirely by enabling this feature in STRICT mode.

For details, see Traffic isolation.

This feature is in Preview.

Cloud SQL for SQL Server now supports TLS connections to Active Directory endpoints without requiring server certificate trust or the use of IP addresses. Existing server certificates will need to be rotated to use this feature.

Create custom commands

You can now configure and use custom commands with IntelliJ Gemini Code Assist (version 1.15.0). Create, save, and execute your own pre-configured prompts to perform repetitive tasks faster and more easily in the IDE.

To view the custom commands settings, go to Settings > Tools > Gemini > Prompt Library.

Chat responses with error messages now have action buttons for IntelliJ Gemini Code Assist (version 1.15.0).

Preview: You can use the Google Cloud console to create admin clusters and view admin cluster details. For more information, see Create an admin cluster.

The Code Interpreter in Conversational Analytics is now available in Preview. The Code Interpreter translates your natural language questions into Python code and executes that code to provide advanced analysis and visualizations. The Code Interpreter is disabled by default. Admins of Looker (original) instances can manage enablement for the Code Interpreter on the Gemini in Looker admin page. (This release note was added on May 19, 2025.)

You can now create connections using the Amazon Redshift 2.1+ or Amazon Redshift Serverless 2.1+ SQL dialect, both of which use the Redshift JDBC driver. Connections with the original Amazon Redshift SQL dialect option use the Postgres JDBC driver.

The Presto JDBC driver version has been updated to 0.291.

You can now select the JDBC driver version when you create or edit a connection.

The sync_lookml_dashboard API endpoint now accepts an optional dashboard_ids parameter to specify a subset of dashboards to synchronize.

The gemini_in_looker permission can now be applied to selected models on the Looker instance. The Gemini role still applies the gemini_in_looker permission to all models on the Looker instance; however, if needed, Looker admins can manually restrict use of Gemini in Looker to specific models by creating and assigning a Looker role with gemini_in_looker permissions on limited models.

The following SQL features are now generally available (GA) in BigQuery:

• GROUP BY STRUCT and the SELECT DISTINCT clause.
• GROUP BY ARRAY and the SELECT DISTINCT clause.
• GROUP BY ALL clause.

You can export query results from Bigtable Studio. This feature is generally available (GA).

For more information, see Manage your data using Bigtable Studio.

Labels you previously set for your Cloud Run functions using either gcloud functions commands or the Cloud Functions v2 API propagate to Cloud Run when you deploy your functions in Cloud Run. For more information on creating labels in Cloud Run, see Configure labels for services.

Labels you previously set for your Cloud Run functions using either gcloud functions commands or the Cloud Functions v2 API propagate to Cloud Run when you deploy your functions in Cloud Run. For more information on creating labels in Cloud Run, see Configure labels for services.

Bulk export of universal catalog metadata is generally available (GA).

You can export universal catalog metadata into Cloud Storage and then use it for tasks that require comprehensive retrieval of metadata. You can also query and analyze the exported metadata in BigQuery.

For more information, see Export metadata.

Datastream is now available in the europe-north2 (Stockholm) region. For the list of all available regions, see IP allowlists and regions.

Co-browse is renamed to Screen Share

We've renamed the Co-browse capability to Screen Share. We've made this change in the user interface and in the documentation. However, we haven't renamed any endpoint, property, object, or other programmatic element in the APIs or the SDKs for this update.

Manual wrap-up is automatically assigned to the last completed chat

When an agent manually enters wrap-up status, wrap-up is automatically assigned to the agent's last completed chat. For more information, see Manual wrap-up.

Spelling and grammar check is available for SMS and WhatsApp sessions

Spelling and grammar check is now available for SMS and WhatsApp chat sessions. For more information, see Agent Assist for chat.

Virtual agent to virtual agent chat transfers

A virtual agent can now transfer a chat session to another virtual agent by transferring to the queue that the destination virtual agent is assigned to. For more information, see Virtual agent to virtual agent transfers.

GKE now provides insights and recommendations that help you to identify and troubleshoot clusters with Custom Resource Definitions that contain an invalid or malformed Certificate Authority bundle, which might disrupt cluster operations. Implementing the recommendation helps you to keep your clusters stable and performant.

You can now create Looker (Google Cloud core) instances that use Private Service Connect with a hybrid network configuration. Instances that have this type of configuration will allow secure inbound access through a web URL and will connect to external services through a private network.

Spanner now supports the INTERVAL data type in GoogleSQL and PostgreSQL, which represents a duration or an amount of time.

For more information, see Interval functions in GoogleSQL and PostgreSQL data types.

Spanner now supports the SPLIT_SUBSTR() GoogleSQL function, which splits an input string using a delimiter and returns a substring composed of a specific number of segments, starting from a given segment index.

Spanner also supports the following GoogleSQL aliases:

• ADDDATE(): Alias for DATE_ADD()
• SUBDATE(): Alias for DATE_SUB()
• LCASE(): Alias for LOWER()
• UCASE(): Alias for UPPER()

BigQuery resource utilization charts have the following changes:

• The default timeline shown in the event timeline chart has changed from one to six hours.
• Several improvements have been made to the views, including a new reservation slot usage view. This view helps monitor idle, baseline, and autoscaled slot usage.

This feature is in Preview.

You can now view the Query text section in a BigQuery execution graph to understand how the stage steps are related to the query text. This feature is in preview.

You can now use BigQuery and BigQuery DataFrames to enable multimodal analysis, transformation, and data engineering (ELT) workflows in both SQL and Python. Use multimodal data features to do the following:

• Integrate unstructured data into standard tables by using ObjectRef values, and then work with this data in analysis and transformation workflows by using ObjectRefRuntime values.

• Use generative AI to analyze multimodal data and generate embeddings by using BigQuery ML SQL functions or BigQuery DataFrames methods with Gemini and multimodal embedding models.

• Create multimodal DataFrames in BigQuery DataFrames, and then use object transformation methods to transform images and chunk PDF files.

• Use Python user-defined functions (UDFs) to transform images and chunk PDF files.

This feature is in Preview.

Public preview: In a managed instance group (MIG), you can use a health check to monitor your application health without triggering repairs of an unhealthy VM, if the application fails the health check. You can prevent the MIG from repairing an unhealthy VM by turning off autohealing. For more information, see Turn off repairs in a MIG.

Dataproc Serverless for Spark: Spark UI for Dataproc Serverless batches and interactive sessions, which lets you monitor and debug your serverless Spark workloads, now features Event Timeline and Task Quantile views for enhanced troubleshooting.

In GKE version 1.33 and later, the Compute Engine persistent disk CSI Driver supports provisioning Hyperdisk Balanced High Availability volumes in the ReadWriteOnce, ReadWriteOncePod, and ReadWriteMany access modes. For more information, see Provisioning Hyperdisk Balanced High Availability volumes.

A feature rollout on May 8, 2025, introduced new APIs that may require updated permissions for custom roles to access the detection UI page.

If you encounter access errors, update your permissions, as needed, or select Revert to Previous Detection Table on the detection page to revert to the previous UI.

A feature rollout on May 8, 2025, introduced new APIs that may require updated permissions for custom roles to access the detection UI page.

If you encounter access errors, update your permissions, as needed, or select Revert to Previous Detection Table on the detection page to revert to the previous UI.

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Cloud Quotas resources. For more information, see Use custom organization policies. This feature is available in Preview.

You can exclude IP address ranges from being used for automatic IP address allocation for internal ranges. This feature is available in General Availability. For more information, see Reserve internal ranges.

AlloyDB Omni version 16.3.0 with Red Hat Universal Base Image (UBI) as a base image is generally available (GA). The image is RedHat certified and can also be accessed from the Red Hat Ecosystem Catalog. Version UBI 16.3.0 includes third-party extensions, including PostGIS and Orafce, which you can install on RPM-based Linux distributions. For more information about using UBI in AlloyDB Omni, see Install AlloyDB Omni on a VM.

AlloyDB Omni version 16.3.0 with Red Hat Universal Base Image (UBI) as a base image is generally available (GA). The image is RedHat certified and can also be accessed from the Red Hat Ecosystem Catalog. Version UBI 16.3.0 includes third-party extensions, including PostGIS and Orafce, which you can install on RPM-based Linux distributions. For more information about using UBI in AlloyDB Omni, see Install AlloyDB Omni on a VM.

Public preview: A Security Risk Overview dashboard for Compute Engine, available in the Google Cloud console, shows the top Security Command Center findings that affect your Compute Engine resources.

New features in 1.33

• New v1beta2 versions of the Kubernetes Dynamic Resource Allocation (DRA) APIs will be available (because this is a beta API, using it in GKE clusters requires opt-in). For more information about using DRA in GKE, see About dynamic resource allocation in GKE.
• In-Place Pod Resize (Public Preview) allows you to change the CPU and memory requests and limits assigned to containers within a running Pod (limitations apply) through the new resize pod subresource (on-by-default), often without requiring a container restart significantly decreasing service disruptions. For more information, see Resize CPU and Memory Resources assigned to Containers.
• Sidecar Containers graduated to stable, enabling the "sidecar pattern". initContainers with restartPolicy: Always will start before application containers and remain running throughout the pod's lifecycle, terminating after the main containers exit.
• Streaming List Response Encoding enables efficient handling of requests for large object collections, improving API server reliability and performance.

• Multiple Service CIDRs is now generally available, allowing cluster administrators to dynamically increase the number of IP addresses available for type: ClusterIP Services (by creating new ServiceCIDR objects).

Google SecOps supports Self Service creation of custom log types. Self service custom log types let you create custom log types instantly instead of going through SecOps support, allowing quicker data onboarding. This feature will be available as a public preview starting the week of May 12, 2025.

Google SecOps supports Self Service creation of custom log types. Self service custom log types let you create custom log types instantly instead of going through SecOps support, allowing quicker data onboarding. This feature will be available as a public preview starting the week of May 12, 2025.

Memorystore for Valkey now provides node-level metrics. This feature is Generally Available (GA). For more information, see Supported monitoring metrics.

A Security Risk Overview dashboard for Compute Engine is available in the Google Cloud console. The dashboard, available in Preview, shows the top Security Command Center findings that affect your Compute Engine resources.

AlloyDB supports IAM authentication in AlloyDB Studio. For more information, see Choose a database authentication method.

You can now use additional concurrency settings for heterogeneous SQL Server migration jobs with Database Migration Service. This lets you adjust the migration process to better align with your scenario.

For information about creating migration jobs using the new full dump configuration and maximum concurrent connection settings, see:

• Create a migration job in the SQL Server to Cloud SQL for PostgreSQL documentation
• Create a migration job in the SQL Server to AlloyDB for PostgreSQL documentation

Global external Application Load Balancers that use HTTPS as the backend service protocol can now negotiate TLS 1.3 for the connection from the load balancer to the backend.

For more details, see TLS support.

This capability is available in General Availability.

Log Analytics can now automatically infer fields of a column when the data type is JSON. You can also view how often these inferred fields appear in your data.

In GKE version 1.32 and later, GKE Sandbox (gVisor) can now be configured with SYS_ADMIN privileges in GKE Autopilot. This lets you use Docker-in-Docker with gVisor in GKE Autopilot.

ClusterProfile sync is now available to generate a cluster inventory for an existing fleet. A cluster inventory lets you work with open source and third party integrations that use the ClusterProfile specification.

New grid lines options for cartesian charts

New grid line options let you set colors and line styles for individual axis grid lines, which makes it easier to distinguish between left or right y-axis grid lines.

The new grid line options are available only for cartesian charts in reports that have modern charts enabled.

You can use custom constraints to define your own restrictions on Google Cloud services for Network Connectivity Center resources. To learn about which Network Connectivity Center resources support custom constraints, and some sample use cases, see Use custom organization policies for Network Connectivity Center.

This feature is available in General Availability for the following resources:

• Hubs
• Spokes

It is available in Public preview for the Groups resource.

Security Command Center Enterprise uses predefined security graph rules to identify issues. This feature is in Preview.

For more information, see Predefined security graph rules.

You can migrate from Cloud SQL for PostgreSQL to AlloyDB for PostgreSQL using your Cloud SQL for PostgreSQL backup (GA). The Google Cloud CLI is also supported. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.

AlloyDB lets you configure a deny maintenance period on clusters running the latest version. The feature is generally available (GA).

You can now build a vector embedding Extract, Transform, Load (ETL) pipeline that lets you generate and ingest embeddings from files or real time sources to AlloyDB using Google Cloud Dataflow. For more information, see Build realtime vector embedding pipeline for AlloyDB with Dataflow.

The following products are now supported by the following control packages. See supported products for more information:

• Cloud Build, Cloud SQL for PostgreSQL, Cloud Workstations, Document AI, Firebase Security Rules, Cloud OS Login API, Storage Transfer Service:
  • Australia Regions
  • Australia Regions with Assured Support
  • Brazil Regions
  • Canada Protected B
  • Canada Regions
  • Canada Regions and Support
  • Chile Regions
  • EU Regions
  • EU Regions and Support
  • Hong Kong Regions
  • India Regions
  • Indonesia Regions
  • Israel Regions
  • Israel Regions and Support
  • Japan Regions
  • Qatar Regions
  • Singapore Regions
  • South Africa Regions
  • South Korea Regions
  • Switzerland Regions
  • Taiwan Regions
  • UK Regions
  • US Regions
  • US Regions and Support
• Google Cloud NetApp Volumes:
  • Canada Regions
  • EU Regions
  • Singapore Regions
  • US Regions
• Google Security Operations (Google SecOps) SOAR
  • Australia Regions:
  • Australia Regions with Assured Support
  • Brazil Regions
  • Chile Regions
  • Hong Kong Regions
  • India Regions
  • Indonesia Regions
  • Israel Regions
  • Israel Regions and Support
  • Japan Regions
  • Qatar Regions
  • Singapore Regions
  • South Africa Regions
  • South Korea Regions
  • Switzerland Regions
  • Taiwan Regions
  • UK Regions
  • US Regions
  • US Regions and Support

You can use Data Boost when you analyze your Bigtable data with BigQuery. This feature is available in Preview.

Data lineage in Cloud Composer now uses OpenLineage in all regions supported by Cloud Composer. For more information about this feature, see the previous announcement.

You can migrate to AlloyDB for PostgreSQL using your Cloud SQL for PostgreSQL backup (GA). The Google Cloud CLI is also supported. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.

Custom connectors for managed connectivity pipelines are available for a variety of third-party data sources. These connectors are contributed by the community. For more information, see Community-contributed custom connectors.

Gemini 2.0 Flash with image generation (gemini-2.0-flash-preview-image-generation) is now available as a public preview offering.

For more information, see Generate images with Gemini.

Workload Identity Federation support for X.509 certificates is generally available.

The following features have been added to Studio in Looker, which is available in preview:

• You can now create reports using the responsive layout.
• You can now use variables, including parameters and query result variables. However, the ability to modify parameters using the report link is not supported in Studio in Looker.

Migrate to Virtual Machines now introduces an expiration time for a migrating VM. A migrating VM is a VM that you create during the migration process to migrate your workloads to Google Cloud.

A migrating VM stays active for 100 days from the time that the VM appears in the VM Migrations tab. After 100 days, the VM is moved to the EXPIRED state and stays in the EXPIRED state for 30 days. If you need more time to complete your migration, you can extend the lifespan of the migrating VM by an additional 100 days. You can only extend the lifespan of a migrating VM two weeks before the VM expires and throughout the expiration period (between 86 to 130 days from the creation of the VM). If you don't extend the lifespan of the VM during this period, the VM expires.

The following features of internal ranges are available in General Availability:

• Reserving internal ranges with IPv6 addresses
• Creating immutable ranges (ranges that can't be edited, except for the description)
• Editable descriptions

For more information, see Internal ranges overview.

When you reserve an internal range with an automatically allocated IPv4 CIDR block, you can specify the allocation strategy that is used to select a free block. This feature is available in Preview.

Apigee now offers a Management API that allows users to list all recent debug sessions for a given proxy, regardless of revision or environment and current deployment status. This API is available for use, and is now used to populate all recent debug sessions in the Apigee Debug UI.

For more information on this method, see: organizations.apis.debugsessions.list

Apigee now offers a Management API that allows users to list all recent debug sessions for a given proxy, regardless of revision or environment and current deployment status. This API is available for use, and is now used to populate all recent debug sessions in the Apigee Debug UI.

For more information on this method, see: organizations.apis.debugsessions.list

The following resource types are now publicly available through the Search (SearchAllResources, SearchAllIamPolicies) APIs.

• Eventarc
  • eventarc.googleapis.com/Channel
  • eventarc.googleapis.com/ChannelConnection

When you create a snooze for a single alerting policy, you can now use resource, metric, and metadata label types to filter applicable incidents. For more information, see Create a snooze.

Private NAT supports Cloud Run in Preview. For more information, see Supported resources.

Direct VPC egress supports Private NAT (Preview).

Prompt with folders in your local workspace (Preview)

You can now include folders from your local IDE project for IntelliJ Gemini Code Assist (version 1.14.0) to use as context for your prompts, in Preview. To specify a folder in your chat prompt, type @ and select the folder you want to specify.

Directing Code Assist to add folders to your chat can improve responses by specifying use of the contents within your selected folder(s), with support up to a 1M token context window.

General availability: Managed Service for Apache Kafka now supports configuring standard Apache Kafka ACLs using REST, gRPC, and gcloud CLI. For more information, see Access control with IAM and Kafka ACLs.

• GA: Advanced clusters. By default, new clusters are created as advanced clusters. For more information, see Differences when running advanced clusters.

• GKE Identity Service supports a new diagnosis mode that surfaces diagnostic information related to the login flow. This makes it easier to troubleshoot login and OIDC configuration issues. For details, see GKE Identity Service diagnostic utility.

• Support configuring cluster-level default topology spread constraints when creating a cluster for use with topology domains. For details, see schedulerConfiguration.

• GA: Added support for new diagnosis utility for GKE Identity Service that provides diagnostics information related to the login flow. This makes it easier to troubleshoot login and OIDC configuration issues. For more information, see GKE Identity Service diagnostic utility.

• GA: For high availability control planes, Google Distributed Cloud automatically configures the Keepalived virtual router redundancy protocol (VRRP) configuration to make failover behaviour deterministic and prevent interleaving of ARP replies with different MAC addresses:

  • By default, each Keepalived instance is configured with a different priority value.
  • Each Keepalived instance is configured with nopreempt to avoid elections when a non-master instance is restarted.

• GA: Added support for a new field, controlPlane.loadBalancer.keepalivedVRRPGARPMasterRepeat, in the cluster configuration file that maps to the vrrp_garp_master_repeat setting for Keepalived. This field specifies the number of gratuitous ARP (GARP) messages to send at a time after a control plane node transitions to the role of the master server. The default value is 5.

• GA: Added a new controlPlane.loadBalancer.mode, field for Layer 2 load balancing. This field lets you separate control plane load balancing from data plane load balancing:

  • At cluster creation, if you set controlPlane.loadBalancer.mode to bundled and loadBalancer.nodePoolSpec is configured, the control plane load balancer runs in the control plane node pool and the data plane load balancer runs in the load balancer node pool.
  • For an existing cluster where controlPlane.loadBalancer.mode isn't set and loadBalancer.nodePoolSpec isn't specified, both the control plane load balancer and the data plane load balancer run in the control plane node pool. You can migrate the data plane load balancer to a load balancer node pool by updating the cluster spec to specify a load balancer node pool (loadBalancer.nodePoolSpec) and to add controlPlane.loadBalancer.mode set to bundled.

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Dataplex and data lineage resources. For more information, see Manage Dataplex resources using custom constraints and Manage data lineage resources using custom constraints. This feature is generally available (GA).

Support for PHP 8.4 runtime is in Preview.

Support for Python 3.13 runtime is in General availability (GA).

Support for Ruby 3.4 runtime is in Preview.

Support for PHP 8.4 runtime is in Preview.

Support for Python 3.13 runtime is in General Availability (GA).

Support for Ruby 3.4 runtime is in Preview.

Changes that you make to your saved queries are now automatically saved. This feature is in preview.

Invalidation using cache tags is Generally Available.

Cloud CDN now also offers faster performance and higher rate limits for invalidation requests using all invalidation matchers. For more information, see Cache validation overview.

It is now possible to migrate from Cloud Composer 1 to Cloud Composer 3 using snapshots. For more information, see the new migration guide.

This feature will gradually roll out to all regions supported by Cloud Composer 3. At the moment it is available in the africa-south1, asia-south1, me-central1, me-central2, me-west1, southamerica-east1, and southamerica-west1 regions.

Support for the Python 3.13 runtime is in General Availability (GA).

Support for the Ruby 3.4 runtime is in Preview.

Support for the PHP 8.4 runtime is in Preview.

Support for the Python 3.13 runtime is in General Availability (GA).

Support for the Ruby 3.4 runtime is in Preview.

Support for the PHP 8.4 runtime is in Preview.

Cloud SQL for Enterprise Plus edition supports AI-assisted troubleshooting. With AI-assisted troubleshooting, you can resolve complex database performance issues like slow queries and high load for your instances in a guided manner. To use AI-assisted troubleshooting, you need Gemini Cloud Assist and query insights for Enterprise Plus edition. AI-assisted troubleshooting is available in Preview.

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Dataplex and data lineage resources. For more information, see Manage Dataplex resources using custom constraints and Manage data lineage resources using custom constraints. This feature is generally available (GA).

You can now use Private Service Connect interfaces as a private connectivity method in Datastream. For more information, see the documentation.

Custom extractor model pretrained-foundation-model-v1.5-2025-04-25 powered by Gemini 2.5 Flash LLM is available as Public Preview in US regions. The custom extractor model supports a quota of up to 15 pages per minute for online process requests.

For more information about available models, see Custom extractor model versions.

New Light Theme

Google SecOps has introduced a new light theme option in the platform. The light theme includes a color palette for visual clarity.

New Light Theme

Google SecOps has introduced a new light theme option in the platform. The light theme includes a color palette for visual clarity.

Web Security Scanner, a built-in service of Security Command Center, released new detectors. The following detectors, which are available with the Enterprise and Premium tiers of Security Command Center, detect misconfigurations in web applications:

• HSTS_MISCONFIGURATION
• CSP_MISSING
• CSP_MISCONFIGURATION
• COOP_MISSING
• CLICKJACKING_PROTECTION_MISSING

For more information, see Web Security Scanner misconfiguration findings.

Large message payload support in Apigee

Apigee now supports message payloads up to 30MB. For more information, see:

• Message payload size.
• Properties in the ProxyEndpoint configuration elements reference.
• Properties in the TargetEndpoint configuration elements reference.

Improvements to the PublishMessage policy

The PublishMessage policy now supports two new elements:

• The <UseMessageAsSource> element uses request or response message content as the source of data to be written to Pub/Sub. For more information, see <UseMessageAsSource>.

• The <Attributes> element lets you specify string attributes (key/value pairs) to include with the request or response message that is written to Pub/Sub. For more information, see <Attributes>.

Large message payload support in Apigee hybrid

Apigee now supports message payloads up to 30MB. For information see:

• Message payload size
• runtime.resources.limits.memory in the Configuration property reference.
• runtime.resources.requests.memory in the Configuration property reference.

The Sovereign Controls for Kingdom of Saudi Arabia control package now supports the following products. See Supported products by control package for more information:

• Access Context Manager
• Certificate Authority Service
• Connect
• GKE Hub
• GKE Identity Service

The Sovereign Controls for EU control package now supports the following products. See Supported products by control package for more information:

• Access Context Manager
• Certificate Authority Service
• Cloud Service Mesh
• Connect
• GKE Hub
• MemoryStore for Redis
• Speech-to-Text

The ITAR control package now supports Service Directory.

You can now set up custom DNS names by configuring the custom subject alternative name (SAN) for your instance. After you set up DNS name resolution, you can connect to your Cloud SQL instance using the custom DNS name instead of using an IP address. This feature is available only for instances that are configured with the customer-managed certificate authority (CA) (CUSTOMER_MANAGED_CAS_CA) option as its server CA mode.

Custom SAN configuration for instances is generally available (GA).

You can now set up custom DNS names by configuring the custom subject alternative name (SAN) for your instance. After you set up DNS name resolution, you can connect to your Cloud SQL instance using the custom DNS name instead of using an IP address. This feature is available only for instances that are configured with the customer-managed certificate authority (CA) (CUSTOMER_MANAGED_CAS_CA) option as its server CA mode.

Custom SAN configuration for instances is generally available (GA).

You can now set up custom DNS names by configuring the custom subject alternative name (SAN) for your instance. After you set up DNS name resolution, you can connect to your Cloud SQL instance using the custom DNS name instead of using an IP address. This feature is available only for instances that are configured with the customer-managed certificate authority (CA) (CUSTOMER_MANAGED_CAS_CA) option as its server CA mode.

Custom SAN configuration for instances is generally available (GA).

Auto extraction of JSON logs

Google SecOps supports Auto Extraction of JSON logs. The auto extraction feature lets you use raw log fields directly in search, detection rules, and Native Dashboards, with or without a parser. Public preview for this feature begins the week of May 5, 2025.

Auto extraction of JSON logs

Google SecOps supports Auto Extraction of JSON logs. The auto extraction feature lets you use raw log fields directly in search, detection rules, and Native Dashboards, with or without a parser. Public preview for this feature begins the week of May 5, 2025.

Cloud Logging for agent-based transfers now logs skipped files. A skipped file is logged when the file already exists in the sink, and your transfer job is configured to ignore existing files.

See Cloud Logging for Storage Transfer Service for details.

The nomos vet command now supports a --threshold flag to proactively validate the number of objects in your Config Sync repository. You can use this flag in validation pipelines to prevent sync failures caused by exceeding the underlying etcd size limits when your repository contains a large number of objects. For more information, see Enforce the maximum number of objects to sync.

Deleting a RootSync or RepoSync now removes its management metadata from all managed objects. This allows objects to be adopted by their new managers, simplifying the procedure for splitting a large configuration repository across multiple RootSync or RepoSync objects. For more information, see Break up a repository into multiple repositories.

App Hub supported resources are now generally available (GA).