GCP Release Notes: March 11, 2026 Updates & Features

Apigee hybrid

Security

Bug ID	Description
471502899, 471173561	Security fixes for `apigee-synchronizer`. This addresses the following vulnerabilities: CVE-2025-48924 CVE-2025-67735
471502752, 471191392	Security fixes for `apigee-runtime`. This addresses the following vulnerabilities: CVE-2025-48924 CVE-2025-67735
471502495, 471501875, 471126425	Security fixes for `apigee-mart-server`. This addresses the following vulnerabilities: CVE-2025-48924 CVE-2025-67735
471016560, 471015664, 471015120	Security fixes for `apigee-hybrid-cassandra`. This addresses the following vulnerabilities: CVE-2022-40897 CVE-2025-47273 CVE-2025-48924
451224723, 451224123	Security fixes for `apigee-fluent-bit`. This addresses the following vulnerabilities: CVE-2010-4756 CVE-2011-3389 CVE-2013-4392 CVE-2015-3276 CVE-2017-14159 CVE-2017-17740 CVE-2018-20796 CVE-2018-5709 CVE-2018-6829 CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024 CVE-2019-1010025 CVE-2019-9192 CVE-2020-15719 CVE-2022-27943 CVE-2023-2953 CVE-2023-31437 CVE-2023-31438 CVE-2023-31439 CVE-2023-45853 CVE-2024-2236 CVE-2024-2379 CVE-2024-26458 CVE-2024-26461 CVE-2025-0725 CVE-2025-10148 CVE-2025-27587 CVE-2025-62813 CVE-2025-9086 CVE-2025-9230 CVE-2025-9232
N/A	Security fixes for `apigee-asm-ingress`. This addresses the following vulnerability: CVE-2026-24051
N/A	Security fixes for `apigee-asm-istiod`. This addresses the following vulnerability: CVE-2026-24051
N/A	Security fixes for `apigee-connect-agent`. This addresses the following vulnerabilities: CVE-2025-68121 CVE-2025-68119 CVE-2025-61732 CVE-2025-61731 CVE-2025-61729 CVE-2025-61726 CVE-2025-4674
N/A	Security fixes for `apigee-hybrid-cassandra-client`. This addresses the following vulnerabilities: CVE-2026-24051 CVE-2025-68121 CVE-2025-68119 CVE-2025-61732 CVE-2025-61731 CVE-2025-61729 CVE-2025-61726 CVE-2025-61725 CVE-2025-61723 CVE-2025-58188 CVE-2025-58187 CVE-2025-47907 CVE-2025-4674
N/A	Security fixes for `apigee-kube-rbac-proxy`. This addresses the following vulnerabilities: CVE-2025-61729 CVE-2025-61725 CVE-2025-61723 CVE-2025-58188 CVE-2025-58187 CVE-2026-24051
N/A	Security fixes for `apigee-open-telemetry-collector`. This addresses the following vulnerabilities: CVE-2025-58188 CVE-2025-58187 CVE-2026-24051 CVE-2025-68156 CVE-2025-61729 CVE-2025-4674 CVE-2025-29786
N/A	Security fixes for `apigee-open-telemetry-collector:`. This addresses the following vulnerability: CVE-2025-29786
N/A	Security fixes for `apigee-operators`. This addresses the following vulnerability: CVE-2025-61725
N/A	Security fixes for `apigee-prom-prometheus`. This addresses the following vulnerabilities: CVE-2025-58188 CVE-2025-58187 CVE-2026-24051 CVE-2025-68119 CVE-2025-61731 CVE-2025-61729 CVE-2025-61726 CVE-2025-47913 CVE-2025-4674
N/A	Security fixes for `apigee-prometheus-adapter`. This addresses the following vulnerabilities: CVE-2025-58188 CVE-2025-58187 CVE-2026-24051 CVE-2025-68119 CVE-2025-61731 CVE-2025-61729 CVE-2025-61726 CVE-2025-4674
N/A	Security fixes for `apigee-redis`. This addresses the following vulnerabilities: CVE-2025-68121 CVE-2025-68119 CVE-2025-61732 CVE-2025-61731 CVE-2025-61729 CVE-2025-61726 CVE-2025-61725 CVE-2025-61723 CVE-2025-58188 CVE-2025-58187 CVE-2025-47907 CVE-2025-4674
N/A	Security fixes for `apigee-stackdriver-logging-agent`. This addresses the following vulnerabilities: CVE-2025-61594 CVE-2025-24294
N/A	Security fixes for `apigee-udca`. This addresses the following vulnerabilities: CVE-2026-24051 CVE-2025-68121 CVE-2025-68119 CVE-2025-61732 CVE-2025-61731 CVE-2025-61729 CVE-2025-61726 CVE-2025-61725 CVE-2025-61723 CVE-2025-58188 CVE-2025-58187 CVE-2025-47907

Fixed

Fixed in this release

Bug ID	Description
469694040	Fixed an issue where custom Java security policies were intermittently not applied during runtime pod restarts or environment contract updates, which could lead to “Permission denied” errors in Java callouts.

Announcement

hybrid v1.15.2

On March 11, 2026 we released an updated version of the Apigee hybrid software, v1.15.2.

For information on upgrading, see Upgrading Apigee hybrid to version v1.15.2.
For information on new installations, see The big picture.

Cloud Service Mesh

Security

1.27.8-asm.7 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2026-013 as well as fixes for the following platform CVEs:

CVE	Proxy	Control Plane	Distroless	CNI	Severity
CVE-2025-13151	Yes	Yes	No	Yes	Medium (7.5)
CVE-2025-14831	Yes	Yes	No	Yes	Medium (5.3)
CVE-2025-15281	Yes	Yes	No	Yes	Medium (7.5)
CVE-2025-15467	Yes	Yes	Yes	Yes	Medium (9.8)
CVE-2025-15558	Yes	Yes	Yes	–	High (8.0)
CVE-2025-61726	Yes	Yes	Yes	Yes	High (7.5)
CVE-2025-61728	Yes	Yes	Yes	Yes	Medium (6.5)
CVE-2025-61730	Yes	Yes	Yes	Yes	Medium (5.3)
CVE-2025-61731	Yes	Yes	Yes	Yes	High (7.8)
CVE-2025-61732	Yes	Yes	Yes	Yes	High (8.6)
CVE-2025-68121	Yes	Yes	Yes	Yes	Critical (10)
CVE-2025-68160	Yes	Yes	No	Yes	Low (4.7)
CVE-2025-69418	Yes	Yes	No	Yes	Low (4.0)
CVE-2025-69419	Yes	Yes	No	Yes	Low (7.4)
CVE-2025-69420	Yes	Yes	Yes	Yes	Low (7.5)
CVE-2025-69421	Yes	Yes	Yes	Yes	Low (7.5)
CVE-2025-8277	Yes	Yes	No	Yes	Low (0)
CVE-2025-9820	Yes	Yes	No	Yes	Low (4)
CVE-2026-0861	Yes	Yes	No	Yes	Medium (8.4)
CVE-2026-0915	Yes	Yes	No	Yes	Medium (7.5)
CVE-2026-0964	Yes	Yes	No	Yes	Medium
CVE-2026-0965	Yes	Yes	No	Yes	Low
CVE-2026-0966	Yes	Yes	No	Yes	Low
CVE-2026-0967	Yes	Yes	No	Yes	Medium
CVE-2026-0968	Yes	Yes	No	Yes	Medium
CVE-2026-22795	Yes	Yes	No	Yes	Low (5.5)
CVE-2026-22796	Yes	Yes	No	Yes	Low (5.3)
CVE-2026-24051	Yes	Yes	Yes	Yes	High (7.0)
CVE-2026-25679	Yes	Yes	Yes	Yes	High (7.5)

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh. Cloud Service Mesh 1.27.8-asm.7 uses Envoy 1.35.9.

Security

1.28.5-asm.9 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2026-013 as well as fixes for the following platform CVEs:

CVE	Proxy	Control Plane	Distroless	CNI	Severity
CVE-2025-13151	Yes	Yes	No	Yes	Medium (7.5)
CVE-2025-14831	Yes	Yes	No	Yes	Medium (5.3)
CVE-2025-15281	Yes	Yes	No	Yes	Medium (7.5)
CVE-2025-15467	Yes	Yes	No	Yes	Medium (9.8)
CVE-2025-15558	Yes	Yes	Yes	–	High (8.0)
CVE-2025-61726	Yes	Yes	Yes	Yes	High (7.5)
CVE-2025-61728	Yes	Yes	Yes	Yes	Medium (6.5)
CVE-2025-61730	Yes	Yes	Yes	Yes	Medium (5.3)
CVE-2025-61731	Yes	Yes	Yes	Yes	High (7.8)
CVE-2025-61732	Yes	Yes	Yes	Yes	High (8.6)
CVE-2025-68121	Yes	Yes	Yes	Yes	Critical (10)
CVE-2025-68160	Yes	Yes	No	Yes	Low (4.7)
CVE-2025-69418	Yes	Yes	No	Yes	Low (4.0)
CVE-2025-69419	Yes	Yes	No	Yes	Low (7.4)
CVE-2025-69420	Yes	Yes	Yes	Yes	Low (7.5)
CVE-2025-69421	Yes	Yes	Yes	Yes	Low (7.5)
CVE-2025-8277	Yes	Yes	No	Yes	Low (0)
CVE-2025-9820	Yes	Yes	No	Yes	Low (4)
CVE-2026-0861	Yes	Yes	No	Yes	Medium (8.4)
CVE-2026-0915	Yes	Yes	No	Yes	Medium (7.5)
CVE-2026-0964	Yes	Yes	No	Yes	Medium
CVE-2026-0965	Yes	Yes	No	Yes	Low
CVE-2026-0966	Yes	Yes	No	Yes	Low
CVE-2026-0967	Yes	Yes	No	Yes	Medium
CVE-2026-0968	Yes	Yes	No	Yes	Medium
CVE-2026-22795	Yes	Yes	No	Yes	Low (5.5)
CVE-2026-22796	Yes	Yes	No	Yes	Low (5.3)
CVE-2026-24051	Yes	Yes	Yes	Yes	High (7.0)
CVE-2026-25679	Yes	Yes	Yes	Yes	High (7.5)

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh. Cloud Service Mesh 1.28.5-asm.9 uses Envoy 1.36.5.

Security

1.26.8-asm.3 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2026-013 as well as fixes for the following platform CVEs:

CVE	Proxy	Control Plane	Distroless	CNI	Severity
CVE-2025-13151	Yes	Yes	No	Yes	Medium (7.5)
CVE-2025-14831	Yes	Yes	No	Yes	Medium (5.3)
CVE-2025-15281	Yes	Yes	No	Yes	Medium (7.5)
CVE-2025-15467	Yes	Yes	Yes	Yes	Medium (9.8)
CVE-2025-15558	Yes	Yes	Yes	–	High (8.0)
CVE-2025-61726	Yes	Yes	Yes	Yes	High (7.5)
CVE-2025-61728	Yes	Yes	Yes	Yes	Medium (6.5)
CVE-2025-61730	Yes	Yes	Yes	Yes	Medium (5.3)
CVE-2025-61731	Yes	Yes	Yes	Yes	High (7.8)
CVE-2025-61732	Yes	Yes	Yes	Yes	High (8.6)
CVE-2025-68121	Yes	Yes	Yes	Yes	Critical (10)
CVE-2025-68160	Yes	Yes	No	Yes	Low (4.7)
CVE-2025-68973	Yes	Yes	Yes	Yes	High (7.8)
CVE-2025-69418	Yes	Yes	No	Yes	Low (4.0)
CVE-2025-69419	Yes	Yes	No	Yes	Low (7.4)
CVE-2025-69420	Yes	Yes	Yes	Yes	Low (7.5)
CVE-2025-69421	Yes	Yes	Yes	Yes	Low (7.5)
CVE-2025-8277	Yes	Yes	No	Yes	Low (0)
CVE-2025-9820	Yes	Yes	No	Yes	Low (4)
CVE-2026-0861	Yes	Yes	No	Yes	Medium (8.4)
CVE-2026-0915	Yes	Yes	No	Yes	Medium (7.5)
CVE-2026-0964	Yes	Yes	No	Yes	Medium
CVE-2026-0965	Yes	Yes	No	Yes	Low
CVE-2026-0966	Yes	Yes	No	Yes	Low
CVE-2026-0967	Yes	Yes	No	Yes	Medium
CVE-2026-0968	Yes	Yes	No	Yes	Medium
CVE-2026-22795	Yes	Yes	No	Yes	Low (5.5)
CVE-2026-22796	Yes	Yes	No	Yes	Low (5.3)
CVE-2026-24051	Yes	Yes	Yes	Yes	High (7.0)
CVE-2026-25679	Yes	Yes	Yes	Yes	High (7.5)

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh. Cloud Service Mesh 1.26.8-asm.3 uses Envoy 1.34.13.

Security

The following images are now rolling out for managed Cloud Service Mesh:

Sidecar version 1.21.6-asm.16 is rolling out to the rapid release channel.
Sidecar version 1.20.8-asm.68 is rolling out to the regular release channel.
Sidecar version 1.19.10-asm.61 is rolling out to the stable release channel.
CNI and managed data plane controller version 1.23.6-asm.31 is rolling out to all release channels.

These rollouts will preempt those previously announced on February 9, 2026.

Managed Cloud Service Mesh will start using proxy version csm_mesh_proxy.20260304_RC00 for Gateway API on GKE clusters for all channels. This proxy version maps closest to Envoy version 1.37.

These patch releases contain the fixes for the vulnerabilities listed in GCP-2026-013 as well as fixes for the following platform CVEs:

CVE	Proxy	Control Plane	Distroless	CNI	MDPC	Severity
CVE-2025-61726	Yes	Yes	Yes	–	–	High (7.5)
CVE-2025-61728	Yes	Yes	Yes	–	–	Medium (6.5)
CVE-2025-61730	Yes	Yes	Yes	–	–	Medium (5.3)
CVE-2025-61731	Yes	Yes	Yes	–	–	High (7.8)
CVE-2025-61732	Yes	Yes	Yes	–	–	High (8.6)
CVE-2025-68121	Yes	Yes	Yes	–	–	Critical (10)
CVE-2025-68160	Yes	Yes	No	–	–	Low (4.7)
CVE-2025-69418	Yes	Yes	No	–	–	Low (4.0)
CVE-2025-69419	Yes	Yes	No	–	–	Low (7.4)
CVE-2025-69420	Yes	Yes	No	–	–	Low (7.5)
CVE-2025-69421	Yes	Yes	No	–	–	Low (7.5)
CVE-2025-8277	–	–	–	Yes	Yes	Low (0)
CVE-2025-9820	–	–	–	Yes	Yes	Low (4.0)
CVE-2025-14831	–	–	–	Yes	Yes	Medium (5.3)
CVE-2025-15281	Yes	Yes	Yes	–	–	Medium (7.5)
CVE-2025-15467	Yes	Yes	No	–	–	Medium (9.8)
CVE-2026-0861	Yes	Yes	No	–	–	Medium (8.4)
CVE-2026-0915	Yes	Yes	No	–	–	Medium (7.5)
CVE-2026-0964	–	–	–	Yes	Yes	Medium
CVE-2026-0965	–	–	–	Yes	Yes	Low
CVE-2026-0966	–	–	–	Yes	Yes	Low
CVE-2026-0967	–	–	–	Yes	Yes	Medium
CVE-2026-0968	–	–	–	Yes	Yes	Medium
CVE-2026-22795	Yes	Yes	No	–	–	Low (5.5)
CVE-2026-22796	Yes	Yes	No	–	–	Low (5.3)
CVE-2026-24051	–	–	–	Yes	Yes	High (7.0)
CVE-2026-25679	Yes	Yes	–	–	–	High (7.5)

Looker

Feature

Beginning in Looker 26.4, customer-hosted Looker instances will use a new LookML parser with optimized performance. This parser is already in use for Looker-hosted instances. For customer-hosted instances on Looker 26.4, if you want to revert to the legacy parser, contact Looker Support for details on how to disable the new parser. The legacy parser will be fully deprecated in Looker 26.6.

Memorystore for Valkey

Feature

Support for version 9.0 of Valkey is Generally Available.

Oracle Database@Google Cloud

Feature

For Exadata Database Service, Oracle Database@Google Cloud adds zone europe-west8-a-r1 (Milan, Italy).

For a list of supported locations, see Supported regions and zones.

Sensitive Data Protection

Feature

The CRIME_STATUS infoType detector is available in Preview. For more information about all infoTypes, see InfoType detector reference.

Source: Google Cloud Platform

Latest Posts

Pass It On

AI Logo Generator on GCP Release Notes: February 14, 202617 February 2026
It’s exciting to see Google SecOps SIEM and SOAR updates rolling out globally. I’m curious if there are any significant…
AI Music Generator on GCP Release Notes: February 13, 202615 February 2026
Security bulletins like the one for CVE-2025-13292 are always a bit concerning, but it’s reassuring to know Google is actively…
Nano Banana AI on GCP Release Notes: February 12, 202614 February 2026
This migration tool seems like a great step for those looking to modernize their infrastructure. Being able to move App…
Trusted Script Enforcement in SharePoint Online: What’s Changing and How to Prepare with SPFx - Proteus on Content Security Policies (CSP) are coming to SharePoint Online and might impact your custom SPFx solutions [MC1193419]12 February 2026
[…] CSP is enforced, these patterns will cause breakages. Microsoft’s SharePoint team confirms that any SPFx solution loading scripts from…
Nana Banana UK AI Image Editor on Microsoft Teams: Meeting participants can request collaborative annotation sessions [MC1019312]10 February 2026
This collaborative annotation feature sounds like a huge leap forward for real-time screen sharing in Teams. Being able to instantly…

GCP Release Notes: March 11, 2026

Apigee hybrid

Security

Fixed

Fixed in this release

Announcement

hybrid v1.15.2

Cloud Service Mesh

Security

Security

Security

Security

Looker

Feature

Memorystore for Valkey

Feature

Oracle Database@Google Cloud

Feature

Sensitive Data Protection

Feature

Latest Posts

Comments

Leave a Reply Cancel reply

Modern Workspace Pro