Ververica Platform 2.4.4

Release Date: TBD

Changelog

Improvements

Vulnerability Fixes

• Updated Spring Boot to resolve vulnerabilities CVE-2021-22118, CVE-2021-22060, CVE-2021-22096 and CVE-2021-22119
• Updated Postgres dependency to resolve vulnerability CVE-2022-21724
• Updated Apache Tomcat dependency to resolve vulnerabilities CVE-2021-42340 and CVE-2022-23181
• Updated Apache Log4j2 dependency to resolve vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-44832 and CVE-2021-45105
• Updated Netty dependency to resolve vulnerabilities CVE-2021-37136, CVE-2021-37137 and CVE-2021-43797
• Updated Apache Commons Compress dependency to resolve vulnerabilities CVE-2021-35516, CVE-2021-35515, CVE-2021-36090 and CVE-2021-35517
• Updated Apache Hadoop dependency to resolve CVE-2020-9492, CVE-2018-8029, CVE-2018-8009 and CVE-2018-11768
• Updated Jackson to resolve vulnerability CVE-2020-36518
• Updated Gson to resolve vulnerability CVE-2022-25647
• Updated Google OAuth client to resolve vulnerability CVE-2021-22573

Bug Fixes

• Fixed a serialization bug when specifying liveness/readiness probes with ports in kubernetes pod templates.
• Fixed a bug concerning defaults merging of containers in kubernetes pod template specs.

Upgrade

We recommend upgrading via Helm using the following commands:

$ helm repo add ververica https://charts.ververica.com
$ helm repo update
$ helm upgrade [RELEASE] ververica/ververica-platform --version 5.0.4 --values custom-values.yaml