Apigee X
Announcement
On December 10th, 2025, we released an updated version of Apigee (1-16-0-apigee-6).
Fixed
| Bug ID | Description |
|---|---|
| 458417250 | Multiple authorization headers Fixed issue where adding multiple authorization headers would cause Apigee to return a |
| N/A | Updates to security, infrastructure, and libraries. |
BigQuery
Feature
You can now use the BigQuery remote MCP server to enable LLM agents to perform a range of data-related tasks.
This feature is in Preview.
Cloud API Registry
Announcement
Cloud API Registry is available in Preview.
Cloud API Registry lets you discover, govern, use, and monitor Model Context Protocol (MCP) servers and tools provided by Google, or by your organization through Apigee API hub. For more information, see the Cloud API Registry overview.
Container Optimized OS
Changed
cos-121-18867-294-60
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.113 | v27.5.1 | v2.0.6 | See List |
Security
Fixed CVE-2025-21868 in the Linux kernel.
Security
Fixed CVE-2025-40248 in the Linux kernel.
Security
Fixed CVE-2025-40271 in the Linux kernel.
Security
Fixed CVE-2025-40273 in the Linux kernel.
Security
Fixed CVE-2025-38057 in the Linux kernel.
Security
Fixed CVE-2025-40266 in the Linux kernel.
Feature
Applied critical tx timeout patch series to fix idpf bug.
Security
Fixed CVE-2025-22103 in the Linux kernel.
Security
Fixed CVE-2025-40251 in the Linux kernel.
Security
Fixed CVE-2025-40268 in the Linux kernel.
Security
Fixed CVE-2025-40256 in the Linux kernel.
Security
Fixed CVE-2025-40320 in the Linux kernel.
Security
Fixed CVE-2025-47914 and CVE-2025-58181 in dev-go/crypto.
Security
Fixed CVE-2025-38678 in the Linux kernel.
Changed
Runtime sysctl changes:
- Changed: fs.file-max: 811755 -> 811799
Fixed
Upgraded app-admin/google-guest-configs to v20251014.00.
Security
Fixed CVE-2025-40250 in the Linux kernel.
Security
Fixed CVE-2025-40272 in the Linux kernel.
Changed
cos-125-19216-104-61
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.55 | v27.5.1 | v2.1.4 | See List |
Changed
Runtime sysctl changes:
- Changed: fs.file-max: 811530 -> 811449
Security
Fixed CVE-2025-40268 in the Linux kernel.
Security
Fixed CVE-2025-40271 in the Linux kernel.
Feature
Added patches to handle IDPF tx timeouts.
Security
Fixed CVE-2025-40251 in the Linux kernel.
Fixed
Upgraded app-admin/google-guest-configs to v20251014.00.
Security
Fixed CVE-2025-40209 in the Linux kernel.
Security
Fixed CVE-2025-40272 in the Linux kernel.
Security
Fixed CVE-2025-40266 in the Linux kernel.
Feature
Enabled automatic loading of RDMA kernel modules when CX-8 devices are detected.
Security
Fixed CVE-2025-40230 in the Linux kernel.
Security
Fixed CVE-2025-40235 in the Linux kernel.
Security
Fixed CVE-2025-38678 in the Linux kernel.
Security
Fixed CVE-2025-40273 in the Linux kernel.
Security
Fixed CVE-2025-40250 in the Linux kernel.
Changed
cos-dev-129-19424-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.61 | v27.5.1 | v2.1.4 | See List |
Feature
Added support for NVIDIA driver v580.105.08 and set it as the default version for all GPU types.
Feature
Enabled automatic loading of RDMA kernel modules when CX-8 devices are detected.
Fixed
upgraded net-fs/cifs-utils to v7.4.
Changed
Updated the Linux kernel to v6.12.61.
Feature
Added patches to handle IDPF tx timeouts.
Changed
Runtime sysctl changes:
- Changed: fs.file-max: 811490 -> 811412
Fixed
Upgraded app-admin/fluent-bit to v4.2.0.
Changed
cos-113-18244-521-45
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.155 | v24.0.9 | v1.7.27 | See List |
Changed
Runtime sysctl changes:
- Changed: fs.file-max: 811999 -> 812052
Feature
Added support for NVIDIA driver v580.95.05 and v580.105.08.
Security
Fixed CVE-2025-40231 in the Linux kernel.
Fixed
Upgraded app-admin/google-guest-configs to v20251014.00.
Generative AI on Vertex AI
Feature
DeepSeek-V3.2 is available in Model Garden. DeepSeek-V3.2 is a state-of-the-art large language model from DeepSeek. DeepSeek-V3.2 is available as a managed API in Model Garden. To learn more, see DeepSeek-V3.2.
Google Kubernetes Engine
Feature
In GKE version 1.34.1-gke.2541000 and later, you can specify
secure tags for firewalls in the
spec.nodePoolConfig.resourceManagerTags field
in ComputeClasses. GKE adds those secure tags to the nodes that
GKE creates for that ComputeClass, so that you can target
nodes by using these tags in firewall policies. For more information, see
Selectively enforce firewall policies in GKE.
Manufacturing Data Engine
Announcement
Release 1.5.2
This release is a critical update if you have an existing deployment of MDE version 1.5.0. This release introduces a new configuration package upload option that allows users to automatically enable and activate all entities created following the upload. It also includes other minor improvements and bug fixes.
Follow the Upgrade guide in the MDE documentation for detailed instructions. Note that instructions are different depending on the MDE version you are upgrading from.
Changed
- Improvement (441727217): Introduced an option to enable parsers after types activation when you upload a new configuration package.
- Improvement (333321871): Refactored scripts to collect additional information for the MDE team when you open a support ticket to help faster troubleshooting.
- Improvement (441660844): Added
typesMetadataBucketsandtypesTransformationsJSON arrays as responses to the Tags API implementation. - Improvement (435358499): Enabled Streaming Engine for Dataflow in all MDE deployment sizes for optimized consumption, saving resources.
Security
- Improvement (448853115): Added the ability to enable and configure VPC flow logging from Terraform. Collecting VPC flow logs is recommended to detect potential intrusions or anomalies.
- Improvement (450530585): Updated container images and dependencies to address known security vulnerabilities.
- Improvement (448854007): Adjusted IAM roles used by some MDE service accounts following the least-privilege approach.
- Improvement (448148987): Switched to DNS-based endpoint with AIM access control for GKE control plane, following security best practices.
- Improvement (448148673): Enabled SSL required mode on the Cloud SQL instance for additional security enforcement.
- Improvement (448148275): Enabled in-transit encryption and token authentication for Redis.
Libraries
Release signature
6e178bd
1.5.2
9ee64699a1bdf1cf690e7930d968f002
Fixed
- Fix (423567127): Fixed a bug that prevented numeric values to be correctly processed when using file ingestion.
- Fix (441294785): Fixed a bug that prevented the deletion of a message class if the related parser had been deleted beforehand.
- Fix (443710570): Fixed a bug that could use an old version of a parser script when uploading a new configuration package that had the same parser name.
Spanner
Feature
Spanner now supports the following new columns in the SPANNER_SYS
oldest active queries
table:
CLIENT_IP_ADDRESSAPI_CLIENT_HEADERUSER_AGENT_HEADERSERVER_REGIONPRIORITYTRANSACTION_TYPE
You can also view these columns in the Spanner query insights page on the Google Cloud console. For more information, see Monitor active queries.
Source: Google Cloud Platform
Latest Posts
- GCP Release Notes: December 10, 2025
- Microsoft Teams: Enhancing update efficiency through peer-to-peer (P2P) download [MC1194069]
- Microsoft Teams: Restart Event feature for Town Hall with unrecoverable failures [MC1194079]
- Microsoft 365 Copilot: Declarative agents model upgrade to GPT-5.1 [MC1194070]
