AI Applications
Announcement
AI Applications: Quotas
AI Applications offers the following allocation quotas in the global region (global), the US multi-region (us), and the EU multi-region (eu) under the Discovery Engine API:
- Number of data stores per project
- Number of documents per project
- Number of engines per project
- Number of user events
The number of data stores, documents, user events, and engines across all locations can’t exceed the total per-project quota for that resource.
For more information, see Quotas.
Apigee hybrid
Announcement
hybrid v1.13.4
On July 9, 2025 we released an updated version of the Apigee hybrid software, 1.13.4.
- For information on upgrading, see Upgrading Apigee hybrid to version 1.13.
- For information on new installations, see The big picture.
Fixed
| Bug ID | Description |
|---|---|
| 420675540 | Fixed Cassandra based replication for runtime contracts in synchronizer. |
| 401746333 | Fixed a java.lang.ClassCircularityError that could occur in Java Callouts due to an issue with the class loading mechanism. |
| 382565315 | A memory leak within the Security Policy has been addressed, improving system stability. |
| 375360455 | Updated apigee-runtime drain timeout to 300s to fix connection termination issue during pod termination. |
Security
| Bug ID | Description |
|---|---|
| 396944778 | Security fixes for apigee-synchronizer. This addresses the following vulnerabilities: |
| 392934392 | Security fixes for apigee-logger. |
| N/A | Security fixes for apigee-mart-server. This addresses the following vulnerability: |
| N/A | Security fixes for apigee-mint-task-scheduler. This addresses the following vulnerability: |
| N/A | Security fixes for apigee-redis. This addresses the following vulnerabilities: |
| N/A | Security fixes for apigee-runtime. This addresses the following vulnerability: |
| N/A | Security fixes for apigee-synchronizer. This addresses the following vulnerability: |
| N/A | Security fixes for vault. This addresses the following vulnerability: |
Cloud Composer
Announcement
A new Cloud Composer release has started on July 9, 2025. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.
Changed
We are gradually rolling out a change that switches the default version from Cloud Composer 2 to Cloud Composer 3 in the Cloud Composer API.
In regions where the change is rolled out, a Cloud Composer 3 environment is created by default when a version is not specified in Google Cloud CLI, Cloud Composer API, or Terraform. If you use automation scripts to provision Cloud Composer 2 environments, make sure that you explicitly specify a Cloud Composer 2 version.
In this release, the change is rolling out in the following regions: africa-south1, asia-northeast2, asia-south2, asia-southeast2, europe-southwest1, europe-west10, europe-west12, europe-west8, me-central1, me-central2, me-west1, southamerica-west1, and us-south1.
Changed
(Available without upgrading) During Cloud Composer 2 environment operations, a more informative error message is returned when an environment’s web server has connectivity issues.
Changed
New Airflow builds are available in Cloud Composer 3:
Changed
New images are available in Cloud Composer 2:
Deprecated
Cloud Composer versions 2.8.4 and 2.8.5 have reached their end of support period.
Cloud Load Balancing
Feature
Application Load Balancers and Proxy Network Load Balancers now support TLS certificates with large key sizes. Previously, these load balancers supported only certificates with RSA-2048 or ECDSA P-256 key types. With this update, you can now use self-managed certificates with RSA-3072, RSA-4096, and ECDSA P-384 keys.
Key details:
-
Supported key types (for self-managed certificates): RSA-2048, RSA-3072, RSA-4096, ECDSA P-256, and ECDSA P-384
-
Load balancing coverage for self managed certificates:
-
Certificate Manager SSL certificates: Global and regional load balancing
-
Compute Engine SSL Certificates: Regional load balancing
-
-
Pricing: An additional charge of $0.45 per 1 million connections applies with certificates that use RSA-3072 and RSA-4096 key types. There are no per-connection charges for certificates that use RSA-2048, ECDSA P-256, or ECDSA P-384 key types.
For more information, see the documentation for Supported key types.
This capability is now in General Availability.
Cloud Service Mesh
Announcement
1.25.3-asm.8 is now available for in-cluster Cloud Service Mesh.
You can now download 1.25.3-asm.8 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.25.3 subject to the list of supported features. Cloud Service Mesh version 1.25.3-asm.8 uses envoy v1.33.4-dev.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
Announcement
1.24.6-asm.4 is now available for in-cluster Cloud Service Mesh.
You can now download 1.24.6-asm.4 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.24.6 subject to the list of supported features. Cloud Service Mesh version 1.24.6-asm.4 uses envoy v1.32.7-dev.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
Changed
1.23.6-asm.11 is now available for in-cluster Cloud Service Mesh.
You can now download 1.23.6-asm.11 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.23.6 subject to the list of supported features. Cloud Service Mesh version 1.23.6-asm.11 uses envoy v1.31.9-dev.
For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.
Google Cloud Managed Service for Apache Kafka
Feature
General availability: Metrics for all Google Cloud Managed Service for Apache Kafka resources are now available, with some exceptions. Exceptions include the request_count and topic_error_count metrics for Kafka clusters and Kafka Connect connectors. For a list of supported metrics, see Metrics for Cloud Managed Service for Apache Kafka.
Google SecOps Marketplace
Changed
BMC Remedy ITSM: Version 9.0
-
Updated input parameter processing in the following action:
- Create Incident
Changed
ServiceNow: Version 58.0
-
Updated processing of record object in the following connector:
- ServiceNow – ServiceNow Connector
Changed
Siemplify: Version 93.0
-
Updated action logic in the following actions:
-
Get Case Details
-
Get Similar Cases
-
Secret Manager
Feature
Enhanced tagging capabilities for Secret Manager: You can now add tags directly at the time of secret creation. This new feature lets you provide essential metadata for your resources and helps with better organization, cost tracking, and automated policy application from the time a secret is created. In addition to this, tagging for regional secrets is now fully supported, both during secret creation and for existing regional secrets. For more information, see the documentation on tags for global secrets and regional secrets.
Soft-enforced rate limits for modifying secrets and secret versions: We have introduced soft-enforced rate limits for the following operations in Secret Manager:
AddSecretVersionUpdateSecretEnableSecretVersionDisableSecretVersionDestroySecretVersion
Soft enforcement lets us continue serving requests beyond the defined quota as long as our backend systems can comfortably handle the increased load. For details, see the Quotas and limits documentation.
Virtual Private Cloud
Feature
Dynamic Private Service Connect interfaces are available in Preview. You can update VM instances to add or remove dynamic Private Service Connect interfaces without restarting or recreating the instance.
For more information, see Private Service Connect interface types.
Feature
VPC Network Peering supports peering connections in consensus mode. This feature is available in Preview. For more information, see Update strategy.
Source: Google Cloud Platform
![Improved backup and restore experience for Microsoft Authenticator on iOS [MC1111780]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-hikaique-379964-96x96.webp "Improved backup and restore experience for Microsoft Authenticator on iOS [MC1111780] 6")
