Ververica Platform 2.1.2
Release Date: 2020-09-21
Changelog
Apache Flink® 1.10.2
- Please check the release notes of Flink 1.10.2 for a complete list of fixes and improvements.
- In addition to the fixes mentioned above, this release already contains a backport of flink-15467, which is not included in the latest upstream release of Apache Flink®.
- For Stream Edition the following Apache Flink Docker images are available. Please check Ververica Platform Docker Images for all available Apache Flink® images and additional tags.
1.10.2-stream1-scala_2.111.10.2-stream1-scala_2.12
- For Spring Edition the following Apache Flink archives are available
Vulnerability Fixes
The following security vulnerabilities have been fixed compared to 1.10.1:
CVE-2019-20444, CVE-2019-20445 (https://nvd.nist.gov/vuln/detail/CVE-2019-20445), CVE-2020-10543, CVE-2020-10878 (https://nvd.nist.gov/vuln/detail/CVE-2020-10878), CVE-2020-11612, CVE-2020-12723 (https://nvd.nist.gov/vuln/detail/CVE-2020-12723)
Vulnerability Fixes
The following security vulnerability in non-Flink components of Ververica Platform have been fixed compared to 2.1.1:
CVE-2009-5155, CVE-2016-3189 (https://nvd.nist.gov/vuln/detail/CVE-2016-3189), CVE-2016-4448, CVE-2016-4658 (https://nvd.nist.gov/vuln/detail/CVE-2016-4658), CVE-2016-5131, CVE-2016-10739 (https://nvd.nist.gov/vuln/detail/CVE-2016-10739), CVE-2017-0663, CVE-2017-2625 (https://nvd.nist.gov/vuln/detail/CVE-2017-2625), CVE-2017-5130, CVE-2017-5969 (https://nvd.nist.gov/vuln/detail/CVE-2017-5969), CVE-2017-6004, CVE-2017-7186 (https://nvd.nist.gov/vuln/detail/CVE-2017-7186), CVE-2017-7244, CVE-2017-7375 (https://nvd.nist.gov/vuln/detail/CVE-2017-7375), CVE-2017-7376, CVE-2017-8872 (https://nvd.nist.gov/vuln/detail/CVE-2017-8872), CVE-2017-9047, CVE-2017-9048 (https://nvd.nist.gov/vuln/detail/CVE-2017-9048), CVE-2017-9049, CVE-2017-9050 (https://nvd.nist.gov/vuln/detail/CVE-2017-9050), CVE-2017-10140, CVE-2017-15412 (https://nvd.nist.gov/vuln/detail/CVE-2017-15412), CVE-2017-16931, CVE-2017-1000376 (https://nvd.nist.gov/vuln/detail/CVE-2017-1000376), CVE-2018-5711, CVE-2018-6942 (https://nvd.nist.gov/vuln/detail/CVE-2018-6942), CVE-2018-19591, CVE-2018-20482 (https://nvd.nist.gov/vuln/detail/CVE-2018-20482), CVE-2018-20839, CVE-2018-20843 (https://nvd.nist.gov/vuln/detail/CVE-2018-20843), CVE-2018-1000222, CVE-2018-1000858 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000858), CVE-2019-3842, CVE-2019-5018 (https://nvd.nist.gov/vuln/detail/CVE-2019-5018), CVE-2019-5094, CVE-2019-5188 (https://nvd.nist.gov/vuln/detail/CVE-2019-5188), CVE-2019-5827, CVE-2019-6977 (https://nvd.nist.gov/vuln/detail/CVE-2019-6977), CVE-2019-6978, CVE-2019-9169 (https://nvd.nist.gov/vuln/detail/CVE-2019-9169), CVE-2019-9936, CVE-2019-9937 (https://nvd.nist.gov/vuln/detail/CVE-2019-9937), CVE-2019-11038, CVE-2019-11068 (https://nvd.nist.gov/vuln/detail/CVE-2019-11068), CVE-2019-11922, CVE-2019-12418 (https://nvd.nist.gov/vuln/detail/CVE-2019-12418), CVE-2019-12900, CVE-2019-13117 (https://nvd.nist.gov/vuln/detail/CVE-2019-13117), CVE-2019-13118, CVE-2019-14973 (https://nvd.nist.gov/vuln/detail/CVE-2019-14973), CVE-2019-15718, CVE-2019-15903 (https://nvd.nist.gov/vuln/detail/CVE-2019-15903), CVE-2019-17546, CVE-2019-17563 (https://nvd.nist.gov/vuln/detail/CVE-2019-17563), CVE-2019-17594, CVE-2019-17595 (https://nvd.nist.gov/vuln/detail/CVE-2019-17595), CVE-2019-18197, CVE-2019-18224 (https://nvd.nist.gov/vuln/detail/CVE-2019-18224), CVE-2020-1712, CVE-2020-1935 (https://nvd.nist.gov/vuln/detail/CVE-2020-1935), CVE-2020-1938, CVE-2020-1967 (https://nvd.nist.gov/vuln/detail/CVE-2020-1967), CVE-2020-5397, CVE-2020-5398 (https://nvd.nist.gov/vuln/detail/CVE-2020-5398), CVE-2020-5407, CVE-2020-5408 (https://nvd.nist.gov/vuln/detail/CVE-2020-5408), CVE-2020-8022, CVE-2020-9484 (https://nvd.nist.gov/vuln/detail/CVE-2020-9484), CVE-2020-10531, CVE-2020-10543 (https://nvd.nist.gov/vuln/detail/CVE-2020-10543), CVE-2020-10878, CVE-2020-11501 (https://nvd.nist.gov/vuln/detail/CVE-2020-11501), CVE-2020-11996, CVE-2020-12723 (https://nvd.nist.gov/vuln/detail/CVE-2020-12723), CVE-2020-13692, CVE-2020-13777 (https://nvd.nist.gov/vuln/detail/CVE-2020-13777), CVE-2020-13934, CVE-2020-13935 (https://nvd.nist.gov/vuln/detail/CVE-2020-13935)
Upgrade
We recommend upgrading via Helm using the following commands:
1 helm repo add ververica https://charts.ververica.com
2 helm upgrade [RELEASE] ververica/ververica-platform --version 4.1.2 --values custom-values.yaml