GCP Release Notes: November 12, 2025

API Gateway

Announcement

On November 12, 2025, we released a new version of API Gateway.

Feature

API Gateway now supports OpenAPI version 3.0.

With this release, API Gateway now supports OpenAPI version 3.0, including all patch versions (3.0.x).

Key Benefits:

• Simplified Deployment: Directly upload and deploy OpenAPI version 3.0.x specifications without prior conversion to 2.0.
• Enhanced Compatibility: Seamlessly integrate your OpenAPI version 3.0.x definitions with API Gateway.

For more detail, see OpenAPI overview.

Apigee UI

Announcement

On November 12, 2025, we released an updated version of the Apigee UI.

Fixed

Bug ID	Description
455584175	Fixed a performance issue with Debug session UI Fixed an issue where performance of the Debug session was severely degraded when loading a Debug session with a moderate number of transactions.

App Engine flexible environment Python

Feature

Support for Python 3.14 runtime is in Preview.

App Engine standard environment Python

Feature

Support for Python 3.14 runtime is in Preview.

Cloud Endpoints

Feature

Cloud Endpoints now supports OpenAPI version 3.0.

With this release, Cloud Endpoints now supports OpenAPI version 3.0, including all patch versions (3.0.x).

Key Benefits:

• Simplified Deployment: Directly upload and deploy OpenAPI version 3.0.x specifications without prior conversion to 2.0.
• Enhanced Compatibility: Seamlessly integrate your OpenAPI version 3.0.x definitions with Cloud Endpoints.

For more detail, see OpenAPI overview.

Cloud Run

Feature

Support for Python 3.14 runtime is in Preview. Starting from Python version 3.14 and later, the Python buildpack uses the UV package manager as the default installer for the dependencies you specify in your requirements.txt file. You can also use pip as the default installer for these versions by setting the GOOGLE_PYTHON_PACKAGE_MANAGER environment variable to pip. For more information, see Specify dependencies in Python.

Feature

Cloud Run source deployment supports Ubuntu 24 LTS base images (Preview). This builder is available under gcr.io/buildpacks/builder:google-24. For more information, see Builders.

Cloud Run functions

Feature

Support for Python 3.14 runtime is in Preview. Starting from Python version 3.14 and later, the Python Buildpack uses the UV package manager as the default installer for the dependencies you specify in your requirements.txt file. You can also use pip as the default installer for these versions by setting the GOOGLE_PYTHON_PACKAGE_MANAGER environment variable to pip. For more information, see Specify dependencies in Python.

Cloud SQL for MySQL

Feature

Cloud SQL for MySQL now supports minor version 8.0.44. To upgrade your existing instance to the new version, see Upgrade the database minor version.

Google Distributed Cloud (software only) for VMware

Announcement

Google Distributed Cloud (software only) for VMware 1.31.1100-gke.40 is available for download. To upgrade, see Upgrade a cluster. Distributed Cloud 1.31.1100-gke.40 runs on Kubernetes v1.31.12-gke.600.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Fixed

The following issues were fixed in 1.31.1100-gke.40:

• Fixed vulnerabilities listed in Vulnerability fixes.

Announcement

Google Distributed Cloud (software only) for VMware 1.33.200-gke.70 is available for download. To upgrade, see Upgrade a cluster. Distributed Cloud 1.33.200-gke.70 runs on Kubernetes v1.33.5-gke.600.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Fixed

The following issues were fixed in 1.33.200-gke.70:

• Fixed an issue that gkectl update blocks updating a non-HA non-advanced cluster to HA advanced cluster

• Fixed vulnerabilities listed in Vulnerability fixes.

Google Distributed Cloud (software only) for bare metal

Announcement

Google Distributed Cloud for bare metal 1.33.200-gke.70 is now available for download. To upgrade, see Upgrade clusters. Distributed Cloud for bare metal 1.33.200-gke.70 runs on Kubernetes v1.33.4-gke.900.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Distributed Cloud for bare metal.

Fixed

The following issues were fixed in 1.33.200-gke.70:

• Fixed a timeout issue for the kubeadm API server health check that runs during bootstrap cluster creation. The timeout issue blocked some cluster operations, such as restoring a cluster.

• This patch release doesn’t include new fixes for specific, externally-cited vulnerabilities.

Issue

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Announcement

Google Distributed Cloud for bare metal 1.31.1100-gke.40 is now available for download. To upgrade, see Upgrade clusters. Distributed Cloud for bare metal 1.31.1100-gke.40 runs on Kubernetes v1.31.12-gke.600.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Distributed Cloud for bare metal.

Issue

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google SecOps

Feature

Enhance threat visibility and detection with Emerging Threats

The new Emerging Threats page provides AI-powered threat intelligence to help you understand how current threat campaigns might affect your organization. Powered by Google Threat Intelligence (GTI) and Gemini models, this page offers a curated view of critical global threats relevant to your environment.

Emerging Threats continuously aligns intelligence from GTI with your organization’s telemetry to highlight detection coverage and identify gaps. When it finds a gap, it uses Gemini to automatically draft new detection rules to accelerate your response.

For more details, see Emerging Threats overview, Emerging Threats feed,and Emerging Threats detailed view.

Feature

Use the Triage Agent to investigate alerts

You can now use Triage Agent, an AI-powered investigation assistant, to analyze alerts in Google SecOps. Triage Agent determines if an alert is a true or false positive, provides a summarized explanation for its conclusion, and suggests next steps for further investigation.

You can trigger investigations manually or have them run automatically on supported alert types. Each investigation produces a detailed report that includes the agent’s disposition, a summary of its findings, and a timeline of the analysis.

For more details, see Use Triage Agent to investigate alerts.

Announcement

New parser documentation now available

New parser documentation is available to help you ingest and normalize logs from the following sources:

• Collect Absolute Secure Endpoint logs
• Collect AIDE (Advanced Intrusion Detection Environment) logs
• Collect Akamai Enterprise Application Access logs
• Collect Apache Hadoop logs
• Collect Armis Vulnerabilities logs
• Collect Array Networks SSL VPN logs
• Collect Aruba IPS logs
• Collect Atlassian Confluence logs
• Collect Cisco AMP for Endpoints logs
• Collect Cisco APIC logs
• Collect Cisco Application Centric Infrastructure (ACI) logs
• Collect Cisco CallManager logs
• Collect Cisco CloudLock CASB logs
• Collect Cisco DNA Center Platform logs
• Collect Cisco eStreamer logs
• Collect Cribl Stream logs
• Collect CrowdStrike FileVantage logs
• Collect CrowdStrike IDP Services logs
• Collect Cynet 360 AutoXDR logs
• Collect Digital Shadows SearchLight logs
• Collect Duo Telephony logs
• Collect Edgio WAF logs
• Collect Elastic Auditbeat logs
• Collect Elastic Packet Beats logs
• Collect Elasticsearch logs
• Collect Entrust nShield HSM audit logs
• Collect Imperva Advanced Bot Protection logs
• Collect Imperva Attack Analytics logs
• Collect Imperva Audit Trail logs
• Collect Imperva CEF logs
• Collect Imperva Data Risk Analytics (DRA) logs
• Collect Imperva Database logs
• Collect Imperva FlexProtect logs
• Collect Imperva SecureSphere Management logs
• Collect Kiteworks (formally Accellion) logs
• Collect Proofpoint Emerging Threats Pro IOC logs
• Collect ServiceNow audit logs
• Collect Team Cymru Scout Threat Intelligence data
• Collect URLScan IO logs
• Collect Uptycs EDR logs
• Collect VanDyke VShell SFTP logs
• Collect Zendesk CRM logs
• Collect ZeroFox Platform logs

Google SecOps Marketplace

Feature

New Azure Monitor integration

Feature

Siemplify: Version 95.0

• The following new action has been added:

  • Get Case Alerts

Changed

The following integrations are now GUS recommended:

• CrowdStrike Falcon: Version 69.0

• Wiz: Version .0

• Fortigate: Version 16.0

Changed

Updated the dependency files in the following integrations:

• Microsoft Graph Mail: Version 33.0

• Microsoft Graph Mail Delegated: Version 10.0

Changed

Updated action definitions to meet the new requirements of IDE in the following integrations:

Updated Integrations (45)

• Active Directory: Version 38.0
• AlienVault USM Appliance: Version 22.0
• AlienVault USM Anywhere: Version 32.0
• Area1: Version 6.0
• BulkWhoIs: Version 16.0
• CA Service Desk Manager: Version 23.0
• Carbon Black Response: Version 35.0
• Case Federation: Version 6.0
• ConnectWise: Version 19.0
• CSV: Version 36.0
• DeepSight: Version 9.0
• DomainTools: Version 9.0
• Email V2: Version 36.0
• Endgame: Version 11.0
• Exchange: Version 116.0
• F5 Big IQ: Version 6.0
• FileOperation: Version 12.0
• HTTP: Version 12.0
• IntSights: Version 23.0
• Jira: Version 49.0
• JuniperVSRX: Version 8.0
• McAfee EPO: Version 17.0
• McAfee NSM: Version 8.0
• Microsoft Graph Security: Version 23.0
• MSSQL: Version 17.0
• Palo Alto Next Gen Firewall: Version 26.0
• PhishRod: Version 4.0
• RSA NetWitness: Version 17.0
• Runners: Version 5.0
• Salesforce: Version 12.0
• SCC Enterprise: Version 18.0
• ServiceNow: Version 59.0
• Siemplify: Version 95.0
• SSH: Version 18.0
• Symantec Endpoint Protection: Version 18.0
• Symantec Endpoint Protection 12: Version 13.0
• Symantec ICDX: Version 7.0
• Tenable Security Center: Version 18.0
• Twilio: Version 14.0
• VSphere: Version 8.0
• VirusTotal: Version 40.0
• WildFire: Version 8.0
• WMI: Version 10.0
• XForce: Version .0
• Zabbix: Version 14.0
• Zendesk: Version 10.0

Changed

Cybereason: Version 21.0

• Integration: Added ability to provide a CA Certificate file as part of the configuration.

Changed

Google Security Command Center: Version 14.0

• Added the ability to ingest Toxic Combinations and Chokepoints in the following connector:

  • Google Security Command Center – Findings Connector

Changed

Google Chronicle: Version 67.0

• Updated curated detections processing logic in the following action:

  • Get Detection Details

Changed

CrowdStrike Falcon: Version 69.0

• Refactored the pagination and filtering mechanism in the following actions:

  • List Uploaded IOCs

  • List Hosts

• Added support for wildcards to File Paths to Scan in the following action:

  • On-Demand Scan

Google SecOps SIEM

Feature

New Azure Monitor integration

Feature

Siemplify: Version 95.0

• The following new action has been added:

  • Get Case Alerts

Changed

The following integrations are now GUS recommended:

• CrowdStrike Falcon: Version 69.0

• Wiz: Version .0

• Fortigate: Version 16.0

Changed

Updated the dependency files in the following integrations:

• Microsoft Graph Mail: Version 33.0

• Microsoft Graph Mail Delegated: Version 10.0

Changed

Updated action definitions to meet the new requirements of IDE in the following integrations:

Updated Integrations (45)

• Active Directory: Version 38.0
• AlienVault USM Appliance: Version 22.0
• AlienVault USM Anywhere: Version 32.0
• Area1: Version 6.0
• BulkWhoIs: Version 16.0
• CA Service Desk Manager: Version 23.0
• Carbon Black Response: Version 35.0
• Case Federation: Version 6.0
• ConnectWise: Version 19.0
• CSV: Version 36.0
• DeepSight: Version 9.0
• DomainTools: Version 9.0
• Email V2: Version 36.0
• Endgame: Version 11.0
• Exchange: Version 116.0
• F5 Big IQ: Version 6.0
• FileOperation: Version 12.0
• HTTP: Version 12.0
• IntSights: Version 23.0
• Jira: Version 49.0
• JuniperVSRX: Version 8.0
• McAfee EPO: Version 17.0
• McAfee NSM: Version 8.0
• Microsoft Graph Security: Version 23.0
• MSSQL: Version 17.0
• Palo Alto Next Gen Firewall: Version 26.0
• PhishRod: Version 4.0
• RSA NetWitness: Version 17.0
• Runners: Version 5.0
• Salesforce: Version 12.0
• SCC Enterprise: Version 18.0
• ServiceNow: Version 59.0
• Siemplify: Version 95.0
• SSH: Version 18.0
• Symantec Endpoint Protection: Version 18.0
• Symantec Endpoint Protection 12: Version 13.0
• Symantec ICDX: Version 7.0
• Tenable Security Center: Version 18.0
• Twilio: Version 14.0
• VSphere: Version 8.0
• VirusTotal: Version 40.0
• WildFire: Version 8.0
• WMI: Version 10.0
• XForce: Version .0
• Zabbix: Version 14.0
• Zendesk: Version 10.0

Changed

Cybereason: Version 21.0

• Integration: Added ability to provide a CA Certificate file as part of the configuration.

Changed

Google Security Command Center: Version 14.0

• Added the ability to ingest Toxic Combinations and Chokepoints in the following connector:

  • Google Security Command Center – Findings Connector

Changed

Google Chronicle: Version 67.0

• Updated curated detections processing logic in the following action:

  • Get Detection Details

Changed

CrowdStrike Falcon: Version 69.0

• Refactored the pagination and filtering mechanism in the following actions:

  • List Uploaded IOCs

  • List Hosts

• Added support for wildcards to File Paths to Scan in the following action:

  • On-Demand Scan

Feature

Enhance threat visibility and detection with Emerging Threats

The new Emerging Threats page provides AI-powered threat intelligence to help you understand how current threat campaigns might affect your organization. Powered by Google Threat Intelligence (GTI) and Gemini models, this page offers a curated view of critical global threats relevant to your environment.

Emerging Threats continuously aligns intelligence from GTI with your organization’s telemetry to highlight detection coverage and identify gaps. When it finds a gap, it uses Gemini to automatically draft new detection rules to accelerate your response.

For more details, see Emerging Threats overview, Emerging Threats feed,and Emerging Threats detailed view.

Feature

Use the Triage Agent to investigate alerts

You can now use Triage Agent, an AI-powered investigation assistant, to analyze alerts in Google SecOps. Triage Agent determines if an alert is a true or false positive, provides a summarized explanation for its conclusion, and suggests next steps for further investigation.

You can trigger investigations manually or have them run automatically on supported alert types. Each investigation produces a detailed report that includes the agent’s disposition, a summary of its findings, and a timeline of the analysis.

For more details, see Use Triage Agent to investigate alerts.

Announcement

New parser documentation now available

New parser documentation is available to help you ingest and normalize logs from the following sources:

• Collect Absolute Secure Endpoint logs
• Collect AIDE (Advanced Intrusion Detection Environment) logs
• Collect Akamai Enterprise Application Access logs
• Collect Apache Hadoop logs
• Collect Armis Vulnerabilities logs
• Collect Array Networks SSL VPN logs
• Collect Aruba IPS logs
• Collect Atlassian Confluence logs
• Collect Cisco AMP for Endpoints logs
• Collect Cisco APIC logs
• Collect Cisco Application Centric Infrastructure (ACI) logs
• Collect Cisco CallManager logs
• Collect Cisco CloudLock CASB logs
• Collect Cisco DNA Center Platform logs
• Collect Cisco eStreamer logs
• Collect Cribl Stream logs
• Collect CrowdStrike FileVantage logs
• Collect CrowdStrike IDP Services logs
• Collect Cynet 360 AutoXDR logs
• Collect Digital Shadows SearchLight logs
• Collect Duo Telephony logs
• Collect Edgio WAF logs
• Collect Elastic Auditbeat logs
• Collect Elastic Packet Beats logs
• Collect Elasticsearch logs
• Collect Entrust nShield HSM audit logs
• Collect Imperva Advanced Bot Protection logs
• Collect Imperva Attack Analytics logs
• Collect Imperva Audit Trail logs
• Collect Imperva CEF logs
• Collect Imperva Data Risk Analytics (DRA) logs
• Collect Imperva Database logs
• Collect Imperva FlexProtect logs
• Collect Imperva SecureSphere Management logs
• Collect Kiteworks (formally Accellion) logs
• Collect Proofpoint Emerging Threats Pro IOC logs
• Collect ServiceNow audit logs
• Collect Team Cymru Scout Threat Intelligence data
• Collect URLScan IO logs
• Collect Uptycs EDR logs
• Collect VanDyke VShell SFTP logs
• Collect Zendesk CRM logs
• Collect ZeroFox Platform logs

Feature

Enhance threat visibility and detection with Emerging Threats

The new Emerging Threats page provides AI-powered threat intelligence to help you understand how current threat campaigns might affect your organization. Powered by Google Threat Intelligence (GTI) and Gemini models, this page offers a curated view of critical global threats relevant to your environment.

Emerging Threats continuously aligns intelligence from GTI with your organization’s telemetry to highlight detection coverage and identify gaps. When it finds a gap, it uses Gemini to automatically draft new detection rules to accelerate your response.

For more details, see Emerging Threats overview, Emerging Threats feed,and Emerging Threats detailed view.

Feature

Use the Triage Agent to investigate alerts

You can now use Triage Agent, an AI-powered investigation assistant, to analyze alerts in Google SecOps. Triage Agent determines if an alert is a true or false positive, provides a summarized explanation for its conclusion, and suggests next steps for further investigation.

You can trigger investigations manually or have them run automatically on supported alert types. Each investigation produces a detailed report that includes the agent’s disposition, a summary of its findings, and a timeline of the analysis.

For more details, see Use Triage Agent to investigate alerts.

Announcement

New parser documentation now available

New parser documentation is available to help you ingest and normalize logs from the following sources:

• Collect Absolute Secure Endpoint logs
• Collect AIDE (Advanced Intrusion Detection Environment) logs
• Collect Akamai Enterprise Application Access logs
• Collect Apache Hadoop logs
• Collect Armis Vulnerabilities logs
• Collect Array Networks SSL VPN logs
• Collect Aruba IPS logs
• Collect Atlassian Confluence logs
• Collect Cisco AMP for Endpoints logs
• Collect Cisco APIC logs
• Collect Cisco Application Centric Infrastructure (ACI) logs
• Collect Cisco CallManager logs
• Collect Cisco CloudLock CASB logs
• Collect Cisco DNA Center Platform logs
• Collect Cisco eStreamer logs
• Collect Cribl Stream logs
• Collect CrowdStrike FileVantage logs
• Collect CrowdStrike IDP Services logs
• Collect Cynet 360 AutoXDR logs
• Collect Digital Shadows SearchLight logs
• Collect Duo Telephony logs
• Collect Edgio WAF logs
• Collect Elastic Auditbeat logs
• Collect Elastic Packet Beats logs
• Collect Elasticsearch logs
• Collect Entrust nShield HSM audit logs
• Collect Imperva Advanced Bot Protection logs
• Collect Imperva Attack Analytics logs
• Collect Imperva Audit Trail logs
• Collect Imperva CEF logs
• Collect Imperva Data Risk Analytics (DRA) logs
• Collect Imperva Database logs
• Collect Imperva FlexProtect logs
• Collect Imperva SecureSphere Management logs
• Collect Kiteworks (formally Accellion) logs
• Collect Proofpoint Emerging Threats Pro IOC logs
• Collect ServiceNow audit logs
• Collect Team Cymru Scout Threat Intelligence data
• Collect URLScan IO logs
• Collect Uptycs EDR logs
• Collect VanDyke VShell SFTP logs
• Collect Zendesk CRM logs
• Collect ZeroFox Platform logs

Google SecOps SOAR

Feature

New Azure Monitor integration

Feature

Siemplify: Version 95.0

• The following new action has been added:

  • Get Case Alerts

Changed

The following integrations are now GUS recommended:

• CrowdStrike Falcon: Version 69.0

• Wiz: Version .0

• Fortigate: Version 16.0

Changed

Updated the dependency files in the following integrations:

• Microsoft Graph Mail: Version 33.0

• Microsoft Graph Mail Delegated: Version 10.0

Changed

Updated action definitions to meet the new requirements of IDE in the following integrations:

Updated Integrations (45)

• Active Directory: Version 38.0
• AlienVault USM Appliance: Version 22.0
• AlienVault USM Anywhere: Version 32.0
• Area1: Version 6.0
• BulkWhoIs: Version 16.0
• CA Service Desk Manager: Version 23.0
• Carbon Black Response: Version 35.0
• Case Federation: Version 6.0
• ConnectWise: Version 19.0
• CSV: Version 36.0
• DeepSight: Version 9.0
• DomainTools: Version 9.0
• Email V2: Version 36.0
• Endgame: Version 11.0
• Exchange: Version 116.0
• F5 Big IQ: Version 6.0
• FileOperation: Version 12.0
• HTTP: Version 12.0
• IntSights: Version 23.0
• Jira: Version 49.0
• JuniperVSRX: Version 8.0
• McAfee EPO: Version 17.0
• McAfee NSM: Version 8.0
• Microsoft Graph Security: Version 23.0
• MSSQL: Version 17.0
• Palo Alto Next Gen Firewall: Version 26.0
• PhishRod: Version 4.0
• RSA NetWitness: Version 17.0
• Runners: Version 5.0
• Salesforce: Version 12.0
• SCC Enterprise: Version 18.0
• ServiceNow: Version 59.0
• Siemplify: Version 95.0
• SSH: Version 18.0
• Symantec Endpoint Protection: Version 18.0
• Symantec Endpoint Protection 12: Version 13.0
• Symantec ICDX: Version 7.0
• Tenable Security Center: Version 18.0
• Twilio: Version 14.0
• VSphere: Version 8.0
• VirusTotal: Version 40.0
• WildFire: Version 8.0
• WMI: Version 10.0
• XForce: Version .0
• Zabbix: Version 14.0
• Zendesk: Version 10.0

Changed

Cybereason: Version 21.0

• Integration: Added ability to provide a CA Certificate file as part of the configuration.

Changed

Google Security Command Center: Version 14.0

• Added the ability to ingest Toxic Combinations and Chokepoints in the following connector:

  • Google Security Command Center – Findings Connector

Changed

Google Chronicle: Version 67.0

• Updated curated detections processing logic in the following action:

  • Get Detection Details

Changed

CrowdStrike Falcon: Version 69.0

• Refactored the pagination and filtering mechanism in the following actions:

  • List Uploaded IOCs

  • List Hosts

• Added support for wildcards to File Paths to Scan in the following action:

  • On-Demand Scan

Looker

Feature

Conversational Analytics is now generally available for Looker instances that are on Looker 25.18 or later.

You can now use Conversational Analytics in your Looker instance without having to enable the Trusted Testers settings. Enablement of the Gemini in Looker setting is still required.

For Looker (Google Cloud core) instances, this launch includes support for Conversational Analytics in instances that are within a VPC perimeter.

Enablement of the Trusted Tester Features setting is still required when using the Code Interpreter with Conversational Analytics in Looker.

NetApp Volumes

Feature

Google Cloud NetApp Volumes supports the all-squash feature for NFS exports. This option lets you enhance security by mapping all client user IDs to a single anonymous user ID (UID=65534). For more information, see User ID squashing.

Source: Google Cloud Platform