Apigee X
Announcement
On April 29th, 2026, we began maintenance updates of Apigee instances configured for maintenance windows.
If you set a preferred window for maintenance for your instance, and your instance version is below 1-17-0-apigee-4, your instance will be updated to 1-17-0-apigee-4 within the next seven to 21 days. A notification containing the expected date of upgrade will be sent within the next two business days.
For more information on participating in scheduled maintenance windows, see Maintenance overview and Manage Apigee instance maintenance windows.
BigQuery
Breaking
Strict act-as mode is enforced globally for all Dataform repositories, requiring the use of a custom service account or user credentials for running Dataform workflows, BigQuery pipelines, notebooks, and data preparations.
Feature
You can now use the
VECTOR_INDEX.STATISTICS function to calculate how much an indexed table’s data has drifted between when a
vector index was created and the present. If table data has changed enough
to require a vector index rebuild, you can use the
ALTER VECTOR INDEX REBUILD statement
to rebuild the vector index without downtime. These features are
generally available
(GA).
Feature
You can now use the PARTITION BY clause of the
CREATE VECTOR INDEX statement
to partition TreeAH vector indexes.
Partitioning enables partition pruning and can decrease I/O costs. This feature
is Generally Available.
Compute Engine
Feature
Preview: In an autoscaled managed instance group (MIG), you can monitor individual autoscaling events and view details to understand the reasons behind each autoscaling decision. For more information, see Monitor autoscaling events.
Confidential Space
Announcement
A Confidential Space image (260400) is available. Support for Confidential Space on H100 GPU (a3-highgpu-1g machine family) is generally available.
Dataform
Feature
You can use custom constraints with Organization Policy to provide more
granular control over specific fields for the Folder and TeamFolder
resources. For more information, see
Create custom organization policy constraints.
This feature is
generally available
(GA).
Breaking
Strict act-as mode is enforced globally for all Dataform repositories, requiring the use of a custom service account or user credentials for running Dataform workflows, BigQuery pipelines, notebooks, and data preparations.
Google Kubernetes Engine
Fixed
In GKE versions earlier than 1.34.6-gke.1154000 and
1.35.2-gke.1691000, mounting Cloud Storage buckets by using the
Cloud Storage FUSE CSI driver
can experience significant delays. This issue typically manifests as a
CreateContainer error that states the following message:
failed to reserve container name. This error is self-healing and resolves
automatically after the underlying mount operation completes and the container
runtime releases the reservation.
The delay is caused by an inefficient bucket access check performed by the
CSI driver sidecar by using the ListObjects API method, which can take
several hours to complete on buckets that contain millions of empty folders.
The error occurs because the kubelet enforces a strict two-minute timeout
for the container creation request. If the FUSE mount process exceeds this
time limit while the sidecar is performing the initial bucket access check,
then the kubelet cancels the operation and retries. However, the container
runtime remains blocked on the first attempt and retains the reservation for
the container name.
The new GKE releases fix this issue by replacing the
ListObjects check with the GetStorageLayout API method, which performs
the same validation but returns almost instantly in most cases.
To resolve this issue, upgrade your cluster to one of the following versions:
- 1.34.6-gke.1154000 or later
- 1.35.2-gke.1691000 or later
For GKE version 1.33 clusters running version 1.33.5-gke.2435000
or later, you can mitigate this issue by setting the
skipCSIBucketAccessCheck: "true" volume attribute to bypass the check.
There is no supported fix for this issue in cluster versions 1.33.5-gke.2435000 and earlier.
Google SecOps Marketplace
Change
UrlScan.io: Version 30.0
Added
is_riskyhandling to the following action:- Url Check
Change
Siemplify: Version 107.0
- Integration: Updated TIPCommon dependency.
Change
Microsoft Graph Mail: Version 41.0
Updated MSG attachments processing logic in the following connector:
- Microsoft Graph Mail Connector
Change
Zerofox: Version 4.0
- Integration: Updated documentation link.
Change
MISP: Version 39.0
Updated tag retrieval logic in the following actions:
Add Tag to an Attribute
Add Tag to an Event
Remove Tag from an Attribute
Remove Tag from an Event
Change
Anomali ThreatStream: Version 16.0
Added
is_riskyhandling to the following action:- Enrich Entities
Change
Microsoft Graph Mail Delegated: Version 18.0
Updated MSG attachments processing logic in the following connector:
- Microsoft Graph Mail Delegated Connector
Change
Palo Alto Cortex XDR: Version 28.0
Added the ability to ignore specific artifact types to the following connector:
- Palo Alto Cortex XDR Connector
Change
Source code is now publicly available on GitHub for the following integrations:
Cisco Orbital: Version 9.0
F5 Big IQ: Version 8.0
FireEye EX: Version 14.0
HCL BigFix Inventory: Version 6.0
Illusive Networks: Version 8.0
Lastline: Version 10.0
McAfee ATD: Version 18.0
McAfee Active Response: Version 10.0
ObserveIT: Version 6.0
Outpost24: Version 9.0
Site24x7: Version 7.0
Splash: Version 8.0
Websense: Version 15.0
Source: Google Cloud Platform
