GCP releases
Google Cloud releases and Terraform Google provider. New features, breaking changes, security advisories and deprecations - each summarised in plain English and updated continuously.
Tracking 329 GCP releases · Updated
- Google Cloud release notes securitygcpsecurity-advisoryengineer ·
Container Optimized OS updates kernel, drivers, and security fixes
Container Optimized OS has released several updates across multiple versions, including kernel upgrades, GPU driver support, and various package updates. These changes address numerous security vulnerabilities, such as CVEs in the Linux kernel and in packages like pyjwt and urllib3. Users of Container Optimized OS should review these updates to ensure their systems are patched against known security risks.
security patch - Google Cloud release notes securitygcpsecurity-advisoryengineer ·
Compute Engine Addresses Arm Core Vulnerability
A security vulnerability, CVE-2025-10263, affecting bypass of translation stages or GPT protections in certain Arm core families has been resolved in Compute Engine. This addresses a critical security issue impacting users leveraging these specific Arm configurations. More details are available in the GCP-2026-036 security bulletin.
security - Google Cloud release notes securitygcpsecurity-advisoryengineer ·
Container Optimized OS Update Includes Numerous Linux Kernel Security Fixes
This release of Google's Container Optimized OS (COS) addresses a significant number of security vulnerabilities within the Linux kernel, including multiple CVEs. These fixes are critical for maintaining the security posture of containerized workloads running on GCP. The update applies to all users of Container Optimized OS, with specific versions for Kernel, Docker, Containerd, and GPU drivers noted.
security patch - Google Cloud release notes securitygcpsecurity-advisoryengineer ·
Container Optimized OS Updates Address Multiple Linux Kernel CVEs
Container Optimized OS (COS) has released updates for its kernel, Docker, and Containerd components. These updates are critical as they patch numerous security vulnerabilities (CVEs) identified in the Linux kernel, enhancing the overall security posture of the operating system. The fixes are included in the latest versions of COS, applicable to users running these container environments on Google Cloud Platform.
security patch - Google Cloud release notes securitygcpsecurity-advisoryengineer ·
Cloud Service Mesh Updates Address Numerous CVEs
Multiple versions of Cloud Service Mesh have been released with significant security updates, including fixes for critical and high-severity CVEs across the proxy, control plane, and CNI components. These updates are crucial for maintaining the security posture of service mesh deployments. Users are advised to upgrade to the latest available patch versions to protect against identified vulnerabilities.
patch announcement - Google Cloud release notes securitygcpsecurity-advisoryengineer ·
Apigee X: Updated Cassandra version released for security
Google Cloud has released an updated version of Apigee X's Cassandra, incorporating a security fix for infrastructure vulnerabilities. This update addresses multiple CVEs and aims to enhance the security posture of Apigee X deployments. The rollout began on June 2nd, 2026, and may take several business days to complete across all Google Cloud zones.
security announcement - Google Cloud release notes securityinfragcpsecurity-advisoryengineer ·
Container Optimized OS Updates Address Security Vulnerabilities
This release of Google Container Optimized OS includes multiple package upgrades and patches to address numerous security vulnerabilities, primarily in the Linux kernel, Go, and curl. The updates ensure system security and stability for users running COS. The changes are available now for all users.
security patch announcement - Google Cloud release notes securitygcpsecurity-advisoryengineer ·
Apigee Emulator v2.0.0 improves security and decouples releases
Apigee Emulator has been updated to version 2.0.0, independently versioned from Apigee hybrid for faster security updates. This release addresses 78 security vulnerabilities across various components, including Jackson Databind, SnakeYAML, Guava, and Go standard library. The updated emulator is available now and can be accessed via Google Artifact Registry, with instructions provided for updating VS Code Cloud Code settings.
security feature announcement - Google Cloud release notes securityinfragcpsecurity-advisoryengineer ·
Container Optimized OS Updates: Kernel, Drivers, and Security Fixes
Container Optimized OS (COS) has been updated with a new Linux kernel version (6.18.32) and numerous security patches, including fixes for CVE-2025-38584 and CVE-2026-43060. The update also introduces support for new NVIDIA driver branches and adds the `cos_kernel_args` tool for manipulating kernel command line arguments. These changes are relevant for users running workloads on Google Cloud's Container Optimized OS, particularly those utilizing GPUs.
security feature patch announcement - Google Cloud release notes securitygcpsecurity-advisory ·
Apigee X Security Bulletin: SSRF Vulnerability
A security bulletin has been published for Apigee X detailing a Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-2264). The vulnerability arises from insufficient validation of the IntegrationRegion parameter in the SetIntegrationRequest policy, potentially allowing service account token exfiltration. This impacts users who can manipulate flow variables controlling the IntegrationRegion parameter.
security