Welcome to issue #403 June 17th, 2024

News

Accelerating cloud transformation with Google Cloud and Oracle - Google Cloud and Oracle have announced a new strategic cloud partnership that enables customers to seamlessly migrate and run mission-critical enterprise workloads across Google Cloud and Oracle Cloud Infrastructure (OCI). This partnership includes the Oracle Database@Google Cloud, where Oracle will directly host, operate, and manage Oracle database services natively within and from Google Cloud data centers. Customers can also interconnect Oracle Cloud Infrastructure (OCI) and Google Cloud without any cross-cloud data transfer charges and run Oracle Applications on Google Cloud such as Oracle E-Business Suite.

What’s new with Cloud SQL for MySQL: Vector search, Gemini support, and more - Cloud SQL for MySQL now offers integrated support for vector embedding search, allowing you to build innovative generative AI applications and AI-assistive tools. It also introduces Gemini, a comprehensive database management tool that helps you optimize, manage, and debug your MySQL database.

BigQuery community UDFs go global to simplify data transformations for everyone - BigQuery User Defined Functions (UDFs) are now available in all BigQuery regions. UDFs are custom functions you can create in BigQuery to handle specific tasks, and they work like built-in SQL functions but are tailored to your unique needs.

Get to know Vertex AI Model Monitoring - Vertex AI Model Monitoring, a re-architecture of Vertex AI’s model monitoring features, provides a flexible, extensible, and consistent monitoring solution for models deployed on any serving infrastructure. It supports models hosted outside of Vertex AI, unified monitoring job management, and simplified configuration and metrics visualization. With Vertex AI Model Monitoring, you can monitor model performance in production, detect anomalies, and receive alerts to investigate and start a new training cycle.

Move from always-on privileges to on-demand access with new Privileged Access Manager - Google Cloud’s built-in Privileged Access Manager (PAM) helps you achieve the principle of least privilege by ensuring your principals or other high-privilege users have an easy way to obtain precisely the access they need, only when required, and for no longer than required. When combined with our new Cloud Infrastructure Entitlement Management (CIEM) offering in Security Command Center Enterprise, PAM can help strengthen your identity posture.

Join the latest Google Cloud Security Talks on the intersection of AI and cybersecurity - Google Cloud Security Talks will bring together experts to share insights, best practices, and actionable strategies to strengthen your security posture. You can sign up for an online event that will occur on the 26th June.

Enhancing the HPC experience with Slurm-GCP v6 and TPU support - Google Cloud announces the general availability of Slurm-GCP v6, the latest and recommended version of its Slurm-based offering for HPC systems. This release brings faster deployments, robust reconfiguration, support for more deployments in a single project, fewer dependencies in the deployment environment, and full support for TPU v3 and v4. Users can start using v6 today by navigating to the Toolkit blueprint library.

Google named a Leader in the Cybersecurity Incident Response Services Forrester Wave, Q2 2024 - Google was named a Leader in The Forrester Wave™: Cybersecurity Incident Response Services Report, Q2 2024. Mandiant, part of Google Cloud, received the highest possible score in 17 of the overall 25 pre-defined criteria areas.

---

Act before your cloud budget blows up!

Protect developers from costly mistakes and be sure spot an anomaly in your Google Cloud spend before it escalates into costly issues with Revolgy's Billing Surprise Protection. Our advanced technology alerts you the moment we detect spending irregularities, enabling swift action to prevent budget overruns.

---

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

How to safeguard your SSH environment with Identity-Aware Proxy and Security Command Center - Google Cloud offers tools to help you understand risks and add strong access controls to your organization and projects. Two Google Cloud security tools that can help are Identity-Aware Proxy (IAP) and Security Command Center (SCC). IAP can help prevent unauthorized access to internet-facing resources by blocking unauthorized access and removing public IP addresses. SCC's Risk Engine can help prioritize risks based on their potential to compromise your high-value assets if exploited.

UNC3944 Targets SaaS Applications - UNC3944, a financially motivated threat group, has shifted its focus from credential harvesting and ransomware to data theft extortion without ransomware. They target SaaS applications and use social engineering techniques to gain initial access, often by impersonating IT support and requesting MFA resets. UNC3944 abuses Okta permissions to expand intrusion beyond on-premises infrastructure to cloud and SaaS applications. To mitigate these threats, organizations should implement host-based certificates with multi-factor authentication for VPN access, create stricter conditional access policies, and monitor SaaS applications for suspicious activity.

Insights on Cyber Threats Targeting Users and Enterprises in Brazil - Brazil faces a unique cyber threat landscape due to the interplay of global and local threats. Cyber espionage actors from various countries target Brazilian users and organizations, with PRC, North Korea, and Russia being the most prominent. Brazil also faces threats from domestic cybercriminals who engage in account takeovers, carding, fraud, and banking malware deployment. The rise of the Global South, with Brazil at the forefront, marks a shift in the geopolitical landscape that extends into the cyber realm, making Brazil an increasingly attractive target for cyber threats.

How you can build a FedRAMP High-compliant network with Assured Workloads - Google Cloud recently achieved FedRAMP High authorization for more than 130 services, including 12 Cloud Networking services. Assured Workloads enables public sector customers to run regulated FedRAMP High workloads on Google's public cloud infrastructure. To help customers securely deploy a network architecture that aligns with FedRAMP High, Google has outlined several recommended best practices. Customers should start by creating an Assured Workloads folder within their org and setting the control package to FedRAMP High.

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion - UNC5537, a financially motivated threat actor, has been targeting Snowflake customer database instances for data theft and extortion. The threat actor gains access to Snowflake customer instances using stolen customer credentials obtained from infostealer malware campaigns. UNC5537 has compromised multiple organizations' Snowflake instances, exfiltrated sensitive data, and attempted to extort the victims. The campaign highlights the importance of enforcing multi-factor authentication, rotating credentials regularly, and implementing network allow lists to protect against unauthorized access.

I Deleted A Bunch of Org Policies! Here’s What Google Cloud Told Me - If You Do Something Shifty, What Will You See in Security Command Centre?

Combining Cloud Run and GKE for Effortless Management - Simplify the deployment and management of containerized workloads.

Enabling enterprise-grade migration across cloud providers — Achieving Network Transitivity on an enterprise scale in GCP - This blog post discusses how to achieve network transitivity on an enterprise scale in Google Cloud Platform (GCP) when migrating from another cloud service provider. It provides a detailed explanation of the network architecture and configurations required to establish seamless communication and data transfer between AWS and GCP.

Google Cloud Engineers Need This App — But Few Realize It Exists - Reviewing a Google Cloud mobile solution for on-the-go data infrastructure management, monitoring and incident response.

Troubleshooting 101: Solving the “Service Account Key Creation is Disabled” error. - Understanding Service Account Key Creation and Its Implications in Google Cloud.

Secure Gateways: Mutual TLS for Ingress Gateway - This article shows how to configure a mutual TLS ingress gateway using Cloud Service Mesh on a GKE cluster. It includes steps to generate client and server certificates and keys, create a secret for the ingress gateway, configure the gateway and virtual service, and test the configuration.

App Development, Serverless, Databases, DevOps

Unlocking API performance insights with Apigee custom reports - Apigee API Management custom reports offer granular insights into API performance and usage. Key reports include latency analysis, response code analysis, API product performance analysis, cache-hit analysis, user agent analysis, and API-location analysis. These reports help identify bottlenecks, optimize performance, troubleshoot issues, and make data-driven decisions to enhance API strategy. Custom reports can be created and accessed through the Google Cloud Console or via Apigee management APIs.

Free to be SRE, with this systems engineering syllabus - Systems engineering is a discipline used by Google site reliability engineers (SREs) to create and implement reliable systems. To help you learn more about systems engineering, Google has assembled some resources, including a paper on the systems engineering side of site reliability engineering, a chapter on non-abstract large system design in the SRE Workbook, a self-guided workshop on distributed image server, a YouTube talk on Google's production environment, and a research paper on reliable data processing with minimal toil.

Five more ways to save on Compute Engine costs - Google Cloud offers various ways to optimize Compute Engine spending. You can save costs by letting go of external IPs, automating machine on and off cycles, considering Spot VMs, comparing regions for the best deals, and introducing automated time limits for VMs. These strategies can help you manage your cloud spending effectively and make the most of your cloud investment.

Lightricks boosts search retrieval rates by 40% with vector support in Cloud SQL - Lightricks, a company that develops photo and video creation apps, enhanced its search functionality using Cloud SQL for PostgreSQL with pgvector support. By leveraging vector embeddings, Videoleap, Lightricks' video editor, improved its search capabilities and boosted retrieval rates by 40%.

Build gen AI apps quickly with LangChain VectorStore in Cloud SQL for PostgreSQL - The Cloud SQL for PostgreSQL LangChain package makes it easy to build generative AI applications with VectorStore, Document Loaders, and Chat Message Memory. It offers secure connections with IAM authorization, convenience with just instance name connection, connection pooling by default, and schema flexibility with table per collection and support for indexing.

X11 GUI forwarding from RHEL linux server to local Mac system - In this article, Rajathithan Rajasekar explains how to forward the GUI component of a product installed on a Redhat-8 Linux server in GCP Compute Engine to a local Mac system. X11 forwarding is used to achieve this, but there is a lack of clear documentation specifically for Mac systems. The author provides a step-by-step guide on how to set up X11 forwarding and successfully perform GUI installation.

Obtain JWT OAuth tokens for Service Account - This article explains how to obtain JWT OAuth tokens for a service account in Python.

Running DeepCell on Google Batch with node pools - Benchmarking DeepCell on Google Batch with node pools, a feature that reuses compute nodes rather than acquiring and initializing a new node per job. Node pools significantly reduce the setup time between job runs of the same type, resulting in faster processing times.

Big Data, Analytics, ML&AI

Supercharging Anti-Money Laundering (AML) with Generative AI at Strise - Strise, a financial compliance platform, uses generative AI and Vertex AI to enhance its Anti-Money Laundering (AML) Intelligence System. By combining NLP and AI, Strise filters out irrelevant events and identifies important ones for users. Generative AI optimizes KYC and AML processes, improving data collection, validation, and risk assessment. Strise leverages Vertex AI's LLMs and integration with Google Cloud services to streamline compliance processes and meet regulatory requirements.

Build maps in the cloud with BigQuery DataFrames, Gemini, and CARTO - BigQuery DataFrames, a set of open-source libraries, provides the common pandas and scikit-learn APIs for processing massive geospatial datasets in the cloud. It allows data scientists to work within a single platform like Jupyter notebooks, avoiding data transfers between Python environments and databases. By integrating with pydeck-CARTO, BigQuery DataFrames enables the creation of interactive maps directly within the notebook environment, enhancing data exploration and analysis capabilities. This streamlined approach simplifies tasks such as data cleaning, aggregation, and preparation for machine learning, empowering users to extract valuable insights from geospatial data effortlessly.

Build your own generative AI chatbot directly from BigQuery - DataSageGen is a chatbot that can access and process information from various sources, including product documentation, blog posts, community knowledge, and product announcements. It uses advanced techniques like retrieval augmented generation (RAG) and BigQuery ML to understand the context of a query and deliver relevant and insightful responses. The chatbot is built on a secure and scalable architecture that ensures authorized access, efficient traffic management, and cost-effective resource utilization.

Exploring synthetic data generation with BigQuery DataFrames and LLMs - BigQuery DataFrames enables the generation of synthetic data directly within BigQuery, eliminating the need for third-party solutions or data movement. It integrates seamlessly with Vertex AI, allowing users to leverage advanced language models like Gemini to generate code that produces synthetic data based on specified schemas or existing table structures. This approach addresses data privacy concerns and accelerates AI development by providing a scalable and cost-efficient platform for synthetic data generation.

BigQuery Federated Queries with Oracle - BigQuery federated queries allow you to query data from external sources like Oracle databases without moving the data. This is achieved by using Cloud SQL PostgreSQL as an intermediary and installing the oracle_fdw extension.

Multimodality with Gemini-1.5-Flash: Technical Details and Use Cases - Gemini 1.5 Flash, a new addition to the Gemini family of large language models, is designed for speed, efficiency, and cost-effectiveness in high-volume tasks. Gemini 1.5 Flash offers several key features, including faster inference speed, cost-effectiveness, a long context window of one million tokens, and multimodal reasoning capabilities. It demonstrates impressive performance gains over previous Gemini models while maintaining high levels of performance even as its context window increases.

Building a Smart Retail Shopping Assistant PART 2 - Crafting Your Retail Shopping Assistant with Agent Builder.

Building a Smart Retail Shopping Assistant PART 3 - Integrate your retail assistant to a web app using Agent Builder API.

Implementing Semantic Caching: A Step-by-Step Guide to Faster, Cost-Effective GenAI Workflows - This article is a focused, in-depth exploration of semantic caching, its intricate implementation process, its relationship to LLMs, and its strategic positioning within the broader AI landscape.

Quizaic — A Generative AI Case Study - This article discusses the data model, access model, system architecture, and technology choices made for the application, including Flutter for the user interface, Google Cloud Run for hosting, Cloud Firestore for storage, and Vertex AI for quiz and image generation.

Exploring the New Schedule Notebook Feature in BigQuery - Google recently released the Schedule Notebook feature in BigQuery, allowing for streamlined data processing. This feature enables users to schedule notebooks, execute both Python code and SQL queries, and take advantage of extensive Python libraries for scientific calculations and machine learning processes. To use the feature, certain APIs need to be enabled, a Runtime Template should be created, and the notebook can be scheduled after granting necessary roles to service accounts. While still in preview, this tool has great potential for efficient data processing in BigQuery.

Slides, Videos, Audio

Kubernetes Podcast - #228 Leading Kubernetes into its Second Decade.

Security Podcast - #176 Google on Google Cloud: How Google Secures Its Own Cloud Use.

Releases

Agent Assist - Proactive generative knowledge assist is now launched to GA. The Agent Assist integration backend's public github repository now includes a mechanism for authentication customization and support for authenticating agents with the following providers: Twilio, Genesys Cloud, and Salesforce.

GKE on AWS - The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-26584 For more information, see the GCP-2024-035 security bulletin. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes: CVE-2024-26583 For more information, see the GCP-2024-034 security bulletin. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes: CVE-2022-23222 For more information, see the GCP-2024-033 security bulletin.

Anthos clusters on Azure - The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-26584 For more information, see the GCP-2024-035 security bulletin. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes: CVE-2024-26583 For more information, see the GCP-2024-034 security bulletin. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes: CVE-2022-23222 For more information, see the GCP-2024-033 security bulletin.

GDCV for VMware - A vulnerability (CVE-2022-23222) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes: For more information, see the GCP-2024-033 security bulletin. A vulnerability (CVE-2024-26584) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: For more information, see the GCP-2024-035 security bulletin. Google Distributed Cloud on VMware 1.28.600-gke.154 is now available for download. The following issues are fixed in 1.28.600-gke.154: Fixed the known issue that caused admin cluster upgrades to fail for clusters created on versions 1.10 or earlier. A vulnerability (CVE-2022-23222) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes: For more information, see the GCP-2024-033 security bulletin.

Apigee API Hub - Vertex AI extensions You can create Vertex AI extensions for the APIs registered in API hub. Eventarc triggers API hub is integrated with Google Cloud's Eventarc. Multi-level delete By default, you can delete an API only if all underlying versions are deleted.

Apigee X - On June 12, 2024, we released an updated version of Apigee. Feature: Preview release of Google Cloud-based mock servers for API Management features in Gemini Code Assist.

Apigee Hybrid - v1.11.2. hybrid v1.11.2 On June 10, 2024 we released an updated version of the Apigee hybrid software, 1.11.2. Bug ID Description 340248314 Added support for targetCPUUtilizationPercentage to apigeeIngressGateway and ingressGateways for hybrid installations managed with Helm. Bug ID Description 345520525 Security fixes for apigee-asm-ingress.

Backup and DR Service - Backup and DR Service added support to view storage resource usage logs in Cloud Logging. Backup and DR Service added support to view storage resource utilization reports in BigQuery.

Bare Metal Solution - Support for BIOS_PUR043.37.14.021 (TS24.02) and BIOS_PUR043.37.16.023 (TS24.05) firmware on Bare Metal Solution is now deprecated.

BigQuery - You can now schedule notebooks.

Chronicle SOAR - Remote Agents Release 2.0.0 is currently in Preview. Release 6.3.6 is now in General Availability. Release Notes 6.3.7 is currently in Preview. Case filters are removed when refreshing the browser (ID #50834432). Custom Actions, and the parameter types multi-select and password cause errors when trying to save a playbook (ID #51582854).

Colab - Gemini in Colab Enterprise, which is a product in the Gemini for Google Cloud portfolio, is available in Preview. The notebook scheduler is now available in Preview.

Cloud Composer - Environment upgrading is now generally available (GA).

Compute Engine - Spot VMs are now available for the H3 machine series. Preview: C3 bare metal machine types are available in Preview in the C3 machine series. Expanded Hyperdisk Balanced support for M3 and C3 machine types: The maximum number of Hyperdisk Balanced volumes that you can use with C3 and M3 virtual machines has been increased, as follows: C3 VMs with 4 or 8 vCPUs now support attaching up to 16 Hyperdisk Balanced volumes. Preview: General Purpose C4 VM instances are now available in Public Preview on the Intel Emerald Rapids CPU. Generally available: The A3 Mega accelerator-optimized machine type is now available. C3 and C3D VMs are available in the following regions and zones: C3: asia-northeast1-b Tokyo, Japan europe-west3-b,c Frankfurt, Germany us-west1-a,b The Dalles, OR us-west2-a Los Angeles, CA us-south1-a Dallas, TX C3D: australia-southeast1-c Sydney, Australia europe-west3-c Frankfurt, Germany us-west4-a Las Vegas, NV.

Contact Center AI Platform - New critical deployment schedule We've added a new critical deployment schedule, which lets you get updates outside of peak business hours.

Database Migration Service - Database Migration Service for homogeneous PostgreSQL migrations to Cloud SQL for PostgreSQL now supports PostgreSQL version 16.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.65 1.2.9 2.0.73 2.2.9. Upgraded Spark BigQuery connector to version 0.36.3 in the latest 1.2 and 2.2 Dataproc Serverless for Spark runtime versions. The Apache Spark in BigQuery feature is available in Private Preview.

Dialogflow - Vertex AI Agents: The following new regions are supported by agent apps: europe-west1 europe-west2 europe-west3 northamerica-northeast1 us-west1. The following was incorrectly announced: Dialogflow CX: The gemini-1.5-flash generative model is now available for the generators feature.

Cloud Data Loss Prevention - A new detection model is available for the DATE_OF_BIRTH infoType detector.

Cloud Domains - If your domain expired within the past 30 days, you can renew it using the Google Cloud CLI or the Cloud Domains API. For domains such as .uk or .co.uk that don't support authorization codes, you can now use the Google Cloud CLI or the Cloud Domains API to initiate a push transfer to another registrar.

IAM - You can use principal access boundary policies to limit the resources that a principal is eligible to access.

Google Kubernetes Engine - For GKE clusters running versions later than 1.28.10-gke.1141000, the NEG, Ingress, L4 internal load balancer, and L4 RBS controllers skip processing nodes that are missing the thetopology.kubernetes.io/zone label until the zone information is ready. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-26584 For more information, see the GCP-2024-035 security bulletin. (2024-R19) Version updates GKE cluster versions have been updated. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes: CVE-2024-26583 For more information, see the GCP-2024-034 security bulletin. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes: CVE-2022-23222 For more information, see the GCP-2024-033 security bulletin.

GKE - (2024-R19) Version updates The following versions are now available: 1.26.15-gke.1404000 1.27.14-gke.1059000 1.28.8-gke.1095000 1.28.9-gke.1069000 1.28.10-gke.1089000 1.29.5-gke.1121000 The following node versions are now available: 1.26.15-gke.1404000 1.27.14-gke.1059000 1.28.10-gke.1089000 1.29.5-gke.1121000 The following versions are no longer available: 1.27.13-gke.1000000 1.29.3-gke.1282001 1.29.4-gke.1670000 Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.9-gke.1209000 with this release.

Google Kubernetes Engine Rapid - (2024-R19) Version updates Version 1.30.1-gke.1156000 is now the default version in the Rapid channel.

Google Kubernetes Engine Regular - (2024-R19) Version updates The following versions are no longer available in the Regular channel: 1.27.13-gke.1070000 1.28.9-gke.1000000 Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1166000 with this release.

Google Kubernetes Engine Stable - (2024-R19) Version updates The following versions are now available in the Stable channel: 1.27.13-gke.1070000 1.28.8-gke.1095000 1.28.9-gke.1069000 1.29.4-gke.1043002 Version 1.27.13-gke.1000000 is no longer available in the Stable channel.

Load Balancing - You can now access backend services residing in different projects than the external or internal Application Load Balancers with cross-project service referencing.

Cloud Logging - You can now use Terraform commands to attach an IAM role binding to a log view that grants a principal access to the log view.

Looker - Looker (Google Cloud core) and Looker (original) changes. Looker 24.10 includes the following changes, features, and fixes: Expected Looker (original) deployment start: Monday, June 17, 2024 Expected Looker (original) final deployment and download available: Thursday, June 27, 2024 Expected Looker (Google Cloud core) deployment start: Monday, June 17, 2024 Expected Looker (Google Cloud core) final deployment: Monday, July 1, 2024. When an admin edits a user's email address, Looker will now log out that user and send an email verification link to the user's new email address. The ability to change your Development Mode folder from the Account page has been removed. The listen property on a merge query dashboard element can now be defined on a source query directly, rather than on the element as a whole. A loading indicator will show up on the IDE modal when you're creating, renaming, or deleting a file or folder. You can now create treemap charts using the Chart Config Editor. The lightweight drill links Labs feature is now GA. The SingleStore7+ derived table strategy has been updated to use Common Table Expressions. OAuth 2.0 support has been added for Trino connections. OAuth 2.0 support has been added for Databricks connections. An issue with git initialization that could potentially have caused Looker to fail when starting up has been fixed. An issue in map visualizations where null values caused the map to disappear has been resolved. An issue has been fixed where text visualizations were causing errors on other dashboard tiles immediately after the dashboard was saved. Generation of a signed embed URL now requires the manage_embed_settings permission. A startup issue related to database connection pooling has been fixed. An issue where some Liquid number comparisons were returning incorrect results has been fixed. The User Activity dashboard has been updated with new Looks. A curated sidebar title was not being localized properly. An issue where parameter filters of type: number were not showing the filter label has been fixed. An issue where BOOL_OR and BOOL_AND functions on Snowflake were generating incorrect SQL has been fixed. Previously, when users searched for fields in the field picker, some special characters were not being properly escaped. Content validator queries have been optimized. LookML model loading time has been optimized by reducing unnecessary filesystem interactions. In the Open SQL Interface, user errors and internal server errors are now more clearly differentiated. An issue in table visualizations has been fixed where column widths were not always respected when subtotals were enabled. An issue where users were unable to drill on pivot tables that were transposed has been fixed. Referencing another view by using Liquid in the sql_table_name parameter will no longer cause suggestions on fields that are defined with full_suggestions: no to be forced to full_suggestions: yes. An issue has been fixed where downloading all results with subtotals enabled from a BigQuery database with BI Engine enabled would sometimes produce no results. Previously, dashboard tiles that were based on map visualizations with no data would display an error rather than report an absence of data. The timeline visualization has been updated to better enable integration with annotations using the Chart Config Editor. Timeline visualizations can now have the same start and end time. An issue where the "is in the month" filter was displaying the incorrect month has been fixed. An issue where suggest_explore failed to link to filter suggestion results has been fixed. An issue has been fixed where refreshing the page could cause unexpected behavior with "is not between" filters. The LookML validator will now return an error if the url parameter of a link parameter uses http instead of https. An issue has been fixed where merged results filters did not retain certain settings after a dashboard was saved. SQL generation measures of type: min and type: max for Firebolt connections have been updated. Default permissions of OAuth authentication to BigQuery connections are limited to read-only. An issue has been fixed where attributes in the Attribute Pairing section of the SAML, LDAP, and OIDC settings could not be deleted. The performance of the folder copying and moving actions has been improved. Performance improvements have been implemented for the loading time of Explores for projects that use local import. An issue has been fixed where, previously, dates were not accepted when a "before absolute" filter was used in Explores. Looker (original) only changes. The account setup URL field and the password reset URL field have been removed from both the Edit User page UI and from the Update User API response to ensure that the URLs aren't misused. The Disallow Numeric Query IDs Legacy feature is now deprecated. Looker (Google Cloud core) only changes. Admins can now update a user email address through IAM or IdP. CloudSQL dialects on Looker (Google Cloud core) can connect using application default credentials and service account impersonation.

Memorystore for Redis Cluster - Added support for single-zone instances (Preview).

Migration Center - Discovery client 5.3.5.11: Fixed an issue that may cause large memory usage during collection.

Network Connectivity Center - Private Service Connect connection propagation is now available in public preview.

Cloud VPN - Cloud VPN support for IPv6-only HA VPN gateways is available in General Availability.

Security Command Center - Preview of Cloud Infrastructure Entitlement Management capabilities Cloud Infrastructure Entitlement Management (CIEM) for Amazon Web Services (AWS) and other identity providers on Google Cloud, such as Entra ID (Azure AD) and Okta, is now in preview.

Sensitive Data Protection - A new detection model is available for the DATE_OF_BIRTH infoType detector.

Cloud SQL MySQL - Cloud SQL for MySQL now supports minor version 8.0.37. You can now choose to receive a maintenance notification 5 weeks before the maintenance update of your Cloud SQL instance is scheduled to occur.

Cloud SQL Postgres - The temporal_tables extension, version 1.2.2 is generally available. You can now choose to receive a maintenance notification 5 weeks before the maintenance update of your Cloud SQL instance is scheduled to occur.

Cloud SQL SQL Server - You can now choose to receive a maintenance notification 5 weeks before the maintenance update of your Cloud SQL instance is scheduled to occur.

Virtual Private Cloud - Private Service Connect port mapping is available in Preview. Private Service Connect propagated connections are available in Preview. The following features of policy-based routes are available in Preview: Applying policy-based routes to IPv6 traffic Using a next hop that is in a peered VPC network For more information, see Create policy-based routes. VPC Flow Logs includes internet routing details for egress flows.

Workstation - Workstations that enable nested virtualization are hosted on VMs running Container-Optimized OS (COS) instead of Ubuntu.