GCP releases
Google Cloud releases and Terraform Google provider. New features, breaking changes, security advisories and deprecations - each summarised in plain English and updated continuously.
Tracking 330 GCP releases · Updated
- Google Cloud release notes infragcppreviewengineer ·
Cloud Service Mesh Security Patch Releases Address Vulnerability
Multiple patch versions of Cloud Service Mesh (1.28.7-asm.4, 1.27.9-asm.5, and 1.26.8-asm.11) are now available, each containing a fix for security vulnerability GCP-2026-035. These releases update the underlying Envoy proxy versions and are relevant for users running in-cluster Cloud Service Mesh. A previously announced rollout has been stopped and will be superseded by a new release including these patches.
security announcement - Google Cloud release notes infradeprecation ·
GKE Updates Cluster Versions and Deprecates Older Releases
Google Kubernetes Engine has released new cluster versions for the Rapid, Regular, Stable, and Extended channels, enabling upgrades and new cluster creation. Several older versions are being deprecated and will be removed within 90 days, requiring users to upgrade to avoid potential issues. This update impacts GKE users managing cluster lifecycles and versioning across different release channels.
security feature patch - Google Cloud release notes infra ·
Google Distributed Cloud for bare metal 1.33.900-gke.90 released
Google Distributed Cloud (software only) for bare metal version 1.33.900-gke.90 is now available, running on Kubernetes v1.33.11-gke.100. This release addresses several critical issues impacting cluster stability, control plane operations, and node management during updates and provisioning. Users upgrading should consult the provided documentation and verify storage vendor compatibility.
patch announcement - Google Cloud release notes securityinfragcpengineer ·
Google SecOps Marketplace Integrations Updated
Several integrations within the Google SecOps Marketplace have received updates, including refactored code for actions like getting PCAP files, creating alerts, and retrieving detection details. These changes primarily impact security operations teams using these specific connectors, aiming to improve their functionality and reliability. The updates cover integrations for AlienVault USM, ConnectWise, Google Chronicle, Jira, ServiceDesk Plus, ServiceNow, Siemplify, MISP, and Microsoft Sentinel.
patch - Google Cloud release notes infragcppreviewengineer ·
App Engine Standard Go: Direct VPC egress in preview
App Engine standard environment's Go runtime now supports Direct VPC egress in preview. This feature simplifies and reduces costs for accessing VPC network resources, serving as an alternative to Serverless VPC Access connectors. It is available for Go workloads in the standard environment.
feature - Google Cloud release notes infragcppreviewengineer ·
App Engine Java: Direct VPC egress in preview
App Engine standard environment for Java now supports Direct VPC egress in preview. This feature provides a simpler and more cost-effective way for Java workloads to access VPC network resources compared to existing Serverless VPC Access connectors. The capability is available to all users in preview, with no specific prerequisites mentioned.
feature - Google Cloud release notes infragcpgaengineer ·
Compute Engine Flex-start VMs in MIGs are now GA
Compute Engine's Flex-start VMs for Managed Instance Groups (MIGs) are now generally available. This feature allows for gradual VM creation in MIGs as capacity becomes available, potentially at a discount for high-demand resources like GPUs. It's beneficial for users needing to provision specialized hardware or manage variable workloads.
feature - Google Cloud release notes infragcppreview ·
App Engine standard PHP adds Direct VPC egress preview
App Engine standard environment PHP now supports Direct VPC egress in preview. This feature provides a simpler and more cost-effective way for workloads to access VPC network resources, serving as an alternative to Serverless VPC Access connectors. The feature is currently in preview for PHP workloads.
feature - Terraform Google Provider Releases terraforminfragcpengineer ·
Terraform Google Provider v7.35.0: New resources and improvements
Terraform Google Provider v7.35.0 introduces several new resources for managing Google Cloud services, including Oracle GoldenGate connections, Dataplex data products, and Migration Center discoveries. Enhancements to existing resources like firewall policies and container node pools improve configuration flexibility. These updates benefit engineers and architects managing Google Cloud infrastructure through Terraform by expanding the provider's capabilities and fixing reported bugs.
feature patch - Google Cloud release notes infragcppreviewengineer ·
Managed Airflow Gen 3 supports internal-only Cloud Run endpoints
Managed Service for Apache Airflow (Gen 3) now allows access to Cloud Run endpoints restricted to internal ingress traffic via your environment's network attachment. This enhancement improves network security and control for Airflow deployments. The feature is available to all Managed Airflow Gen 3 versions through gcloud CLI beta commands and the beta Cloud Composer API.
feature - Google Cloud release notes infra ·
GKE enhances maintenance exclusions
Google Kubernetes Engine is expanding maintenance exclusion capabilities for node pools. This feature allows for per-node pool exclusions and extends the default "No upgrades" exclusion to 90 days, providing greater control over cluster maintenance schedules. These enhancements are available in GKE release channels for cluster administrators.
feature - Google Cloud release notes infragcpgapreviewdeprecationengineer ·
Cloud SDK 571.0.0: AlloyDB labels, Dataproc confidential compute, BigLake beta
Cloud SDK version 571.0.0 includes new features for AlloyDB, Dataproc, and BigLake, along with updates to Cloud Storage and Compute Engine. Notably, AlloyDB now supports instance labels, Dataproc offers more control over confidential compute, and BigLake hive tables are promoted to beta. These changes benefit users managing cloud resources, particularly those working with data services and confidential computing environments. The release also includes several other minor enhancements and bug fixes.
patch - Google Cloud release notes infragcppreviewengineer ·
Cloud Composer: Internal ingress for Cloud Run endpoints
Cloud Composer now supports accessing Cloud Run endpoints restricted to internal ingress traffic via your environment's network attachment. This enhancement is available for all Managed Airflow (Gen 3) versions through gcloud CLI beta commands and the beta Cloud Composer API. This update allows for more secure and restricted communication between Airflow environments and internal Cloud Run services.
feature - Google Cloud release notes aiinfragcpgaengineer ·
Compute Engine GA for TPUs and MIG Bulk Mode
Google Cloud's Compute Engine now offers general availability for Tensor Processing Units (TPUs), enabling unified AI accelerator management for training and inference. Additionally, a new bulk mode for managed instance groups (MIGs) ensures all requested VMs are provisioned simultaneously, preventing partial deployments. These features benefit AI/ML practitioners and batch workload users by simplifying infrastructure management and ensuring resource availability.
feature - Google Cloud release notes infragcpengineer ·
Container Optimized OS Updates: Kernel, Docker, GPU Drivers
This release of Google Container Optimized OS includes significant updates to its kernel, Docker, and NVIDIA GPU drivers across several versions. Key changes include the addition of new libraries, Python version upgrades, and enhancements to the Integrity Measurement Architecture (IMA) policy. These updates aim to improve system stability, security, and hardware compatibility for users running containerized workloads on GCP.
security patch - Google Cloud release notes infragcpdeprecationarchitect ·
Google Cloud VMware Engine: CUD Pricing Changes
Google Cloud VMware Engine is updating its committed use discount (CUD) policies. Post-paid 3-year CUDs purchased after May 31, 2026, will terminate on October 15, 2028, and 3-year pre-paid CUDs are no longer available. These changes affect customers using these specific discount structures for Google Cloud VMware Engine.
announcement - Google Cloud release notes infragcpengineer ·
Apigee hybrid v1.15.4 includes security fixes and upgrade guidance
Google Cloud released Apigee hybrid version 1.15.4 on May 30, 2026. This patch release incorporates various security and CVE fixes, enhancing the platform's robustness. Upgrading to this version is recommended for all users to benefit from the security improvements and the latest integrated container images.
security announcement - Google Cloud release notes infragcppreviewdeprecationengineer ·
Managed Service for Apache Spark adds Confidential Computing options
Google Cloud's Managed Service for Apache Spark now supports specific Confidential Computing technologies like AMD SEV, SEV-SNP, and Intel TDX through new flags and API fields. This offers enhanced security for sensitive workloads. The older generic '--enable-confidential-compute' flag is deprecated but remains functional, defaulting to AMD SEV for existing configurations. This update is relevant for users managing Spark clusters on Google Cloud who require advanced security features.
announcement - Google Cloud release notes infragcpengineer ·
Cloud Workstations: Base Image Updates and RubyMine Enhancements
Google Cloud Workstations has updated its base images with the Antigravity CLI and Container-Optimized OS 129 LTS. A new JetBrains RubyMine image now uses a custom gem directory. These changes primarily impact developers using Cloud Workstations, particularly those working with Ruby.
feature announcement - Google Cloud release notes infragcpengineer ·
GKE: Workload Identity timeouts, Gateway TLS auth
Workloads using Workload Identity in GKE 1.35+ may encounter transient timeouts connecting to the metadata server after node startup. A new feature adds backend authenticated TLS support for Gateway-originated connections to Pods and InferencePools in specific GatewayClasses. Users experiencing connection issues should consult the provided documentation for recommendations and workarounds.
feature announcement