Google Cloud

BigQuery Feature: BigQuery standard SQL now supports the JSON data type for storing JSON data. The JSON data type is in Preview. For more information, see Working with JSON data in Standard SQL. Virtual Private Cloud Changed: By default, Google Cloud blocks egress packets sent to TCP destination port 25 of an external IP address …

Workflows Feature: Workflows can invoke Cloud Functions or Cloud Run services that have ingress restricted to internal traffic.

Vertex AI Feature: You can now use a pre-built container to perform custom training with PyTorch 1.10.

Security Command Center Feature Security Health Analytics, a built-in service of Security Command Center, launched the DATAPROC_IMAGE_OUTDATED detector to General Availability. This detector finds clusters created with Dataproc image versions that are affected by security vulnerabilities in the Apache Log4j 2 utility (CVE-2021-44228 and CVE-2021-45046). For more information, see Dataproc vulnerability findings.

Anthos clusters on VMware Issues When deploying Anthos clusters on VMware releases with a version number of 1.9.0 or higher, that have the Seesaw bundled load balancer in an environment that uses NSX-T stateful distributed firewall rules, stackdriver-operator might fail to create gke-metrics-agent-conf ConfigMap and cause gke-connect-agent Pods to be in a crash loop. The underlying issue is that stateful NSX-T …

Anthos on bare metal Release 1.9.3: Anthos clusters on bare metal 1.9.3 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.9.3 runs on Kubernetes 1.21. Fixes: Fixed an issue in which cluster creation fails if a cluster has more than one control plane node, and …

Security Command Center Feature: Event Threat Detection, a built-in service of Security Command Center, launched the Active Scan: Log4j Vulnerable to RCE rule to General Availability. This rule detects active Log4j vulnerabilities by identifying DNS queries for unobfuscated domains that were initiated by supported Log4j vulnerability scanners. For more information, see Event Threat Detection rules.

Google Kubernetes Engine Changed For GKE versions 1.21 and later, newly created clusters will have the DenyServiceExternalIPs admission controller enabled by default, disabling the use of ExternalIPs Services. For existing clusters, when you upgrade the cluster to GKE version 1.21 or later, the DenyServiceExternalIPs admission controller will not be enabled. Since ExternalIPs Services are not widely …

Dataproc Changed Dataproc has released the following sub-minor image versions to address an Apache Log4j 2 vulnerability (also see Create a cluster and Recreate and update a cluster for more information). Note: These images supersede the 1.5 and 2.0 images listed in the December 16, 2021 release note: 1.5.53-centos8, 1.5.53-debian10, 1.5.53-ubuntu18, 2.0.27-centos8, 2.0.27-debian10, 2.0.27-ubuntu18 Note: The Geode interpreter for Zeppelin notebooks is not operational in the 1.4.77, 1.5.53, 2.0.27, …

Cloud Composer Feature: Cloud Composer 2 is now generally available (GA). Feature: Private Service Connect support is available in Preview for Cloud Composer 2. Feature: Authorized networks support is available in Preview. Announcement: For the latest updates of the potential impact of the open-source Apache Log4j 2 vulnerability on Google Cloud products, see the Apache …