Cloud Composer
Announcement
Cloud Composer 2 environments can no longer be created in Melbourne (australia-southeast2). We’re switching this region to supporting only Cloud Composer 3 environments. Existing Cloud Composer 2 environments in this region aren’t affected by this change.
Compute Engine
Security
A vulnerability (CVE-2026-23268) about CrackArmor was discovered and has been addressed. For more information, see the GCP-2026-015 security bulletin.
Document AI
Feature
Custom splitter model
pretrained-splitter-v1.5-2025-07-14 is available in
General Availability (GA).
Google Distributed Cloud (software only) for VMware
Fixed
The following issues were fixed in 1.33.600-gke.40:
- Fixed an issue where if updates or upgrades to advanced admin clusters failed and the external bootstrap cluster was deleted, you could lose critical data.
Fixed
The following issues were fixed in 1.32.1000-gke.57:
- Fixed an issue where the node-problem-detector was incorrectly deployed onto non-Advanced (V1) VMware clusters, causing the containerd runtime to continuously restart on affected nodes, leading to ETCD/CRI failures and unsuccessful cluster upgrades.
- Fixed an issue where setting the deprecated stackdriver.enableVPC field to true in a cluster configuration file would block upgrades to an Advanced Cluster. The stackdriver.enableVPC field has been deprecated and its setting is now ignored during the upgrade validation process.
- Fixes an issue where Advanced Clusters incorrectly deployed the node problem detector onto non-Advanced clusters, which caused containerd to continuously restart and led to cluster upgrade failures.
- Fixed an issue where the system certificate pool was ignored when a custom CA certificate was configured for a registry mirror.
- Fixed an issue where retrying the
gkectl upgrade admincommand after a previous failure could fail with “AlreadyExists” errors in the bootstrap cluster. - Fixed an issue where cluster creation or upgrade failed if the proxy or noProxy configuration fields contained extraneous whitespaces. These spaces interfered with internal command-line argument parsing, causing the control plane load balancer initialization to fail.
- Fixed an issue where if updates or upgrades to advanced admin clusters failed and the external bootstrap cluster was deleted, you could lose critical data.
Announcement
Google Distributed Cloud (software only) for VMware 1.32.1000-gke.57 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud 1.32.1000-gke.57 runs on Kubernetes v1.32.13-gke.1000.
If you are using a third-party storage vendor, check the Google Distributed Cloud-ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
Announcement
Google Distributed Cloud (software only) for VMware 1.33.600-gke.40 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud 1.33.600-gke.40 runs on Kubernetes 1.33.5-gke.2200.
If you are using a third-party storage vendor, check the Google Distributed Cloud-ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
Google Distributed Cloud (software only) for bare metal
Fixed
The following issues were fixed in 1.32.1000-gke.57:
- Fixed vulnerabilities listed in Vulnerability fixes.
- Cluster and
node pool failures are now surfaced in the
RecentFailuresfield in the cluster status. This change provides a centralized location for viewing errors from both worker node pools and control plane nodes, improving the troubleshooting and debugging experience. - Fixed an issue where Metrics API operations—including
kubectl top, Horizontal Pod Autoscaling (HPA), and Vertical Pod Autoscaling (VPA)—could fail with TLS verification errors during CA rotation. - Resolved an issue where Certificate Authority (CA) rotation became stuck on self-managed clusters (admin, hybrid, or standalone). This fix resolves an internal resource synchronization error that previously prevented the rotation process from completing successfully.
Announcement
Google Distributed Cloud (software only) for bare metal 1.32.1000-gke.57 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.32.1000-gke.57 runs on Kubernetes v1.32.13-gke.1000.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Google Distributed Cloud-ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Security Command Center
Announcement
Risk Engine has launched enhanced heuristics to help identify default high-value resources.
If you are using the default high-value resource set, you might observe changes in the exposure scores of their findings, resources, and issues. For information about these changes, see Default high-value resource set.
Source: Google Cloud Platform
