Ververica Platform 2.4.2

Release Date: 2021-04-15

Changelog

Apache Flink®

Apache Flink® 1.11.3

• For Stream Edition the following Apache Flink® Docker images are available:

  • 1.11.3-stream3-scala_2.11
  • 1.11.3-stream3-scala_2.12

• For Spring Edition the following archives are available:

  • flink-1.11.3-spring3-scala_2.11.tgz
  • flink-1.11.3-spring3-scala_2.12.tgz

Please check Ververica Platform Docker Images for all available Apache Flink® images and additional tags.

Vulnerability Fixes

The following security vulnerabilities have been fixed compared to 1.11.3-[stream|spring]2:

CVE-2017-18640

Bug Fixes

• In previous releases, the vvp-kubernetes HighAvailabilityServices could fail with a ConcurrentModificationException during frequent Jobmanager failures which could generally lead to a more unstable cluster. This is now fixed.

Apache Flink® 1.12.2

• For Stream Edition the following Apache Flink® Docker images are available:

  • 1.12.2-stream2-scala_2.11
  • 1.12.2-stream2-scala_2.12

• For Spring Edition the following archives are available:

  • flink-1.12.2-spring2-scala_2.11.tgz
  • flink-1.12.2-spring2-scala_2.12.tgz

Please check Ververica Platform Docker Images for all available Apache Flink® images and additional tags.

Vulnerability Fixes

The following security vulnerabilities have been fixed compared to 1.12.2-[stream|spring]2:

None

Bug Fixes

• In previous releases, the vvp-kubernetes HighAvailabilityServices could fail with a ConcurrentModificationException during frequent Jobmanager failures which could generally lead to a more unstable cluster. This is now fixed.

Bug Fixes

The following bugs have been fixed in non-Flink components.

• [REST API] PUT /deployments/{deploymentId} works again. In Ververica Platform 2.4.1 only PUT /deployments/{deploymentName} was supported.
• [Deployment] We fixed a memory leak in Ververica Platform’s appmanager process related to the submission of Deployments to Session Clusters.
• [Web User Interface] The Deployment Defaults form does not auto-select a Deployment Target if there is only one Deployment Target anymore.
• [Web User Interface] The web user interface does not redirect you automatically to the login page anymore, when you are logged out. This behavior was introduced in Ververica Platform 2.4.0, but could lead to loss of unsaved work in the SQL Editor. So, it has been reverted for now.

Vulnerability Fixes

The following security vulnerability in non-Flink components of Ververica Platform have been fixed compared to 2.4.1:

CVE-2014-9092, CVE-2016-1838, CVE-2016-3616, CVE-2016-9318, CVE-2017-15232, CVE-2017-16932, CVE-2017-6363, CVE-2018-11212, CVE-2018-11213, CVE-2018-11214, CVE-2018-14553, CVE-2018-18751, CVE-2018-18928, CVE-2018-19664, CVE-2018-20217, CVE-2018-20330, CVE-2018-5709, CVE-2018-8012, CVE-2019-0201, CVE-2019-13115, CVE-2019-14844, CVE-2019-16869, CVE-2019-17498, CVE-2019-20367, CVE-2019-20444, CVE-2019-20445, CVE-2019-5443, CVE-2019-5815, CVE-2019-6129, CVE-2019-7317, CVE-2020-11080, CVE-2020-13956, CVE-2020-14152, CVE-2020-14153, CVE-2020-15250, CVE-2020-17527, CVE-2020-24977, CVE-2020-27216, CVE-2020-27218, CVE-2020-27223, CVE-2020-28500, CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2020-8908, CVE-2020-9484, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-22112, CVE-2021-22876, CVE-2021-22890, CVE-2021-23337, CVE-2021-24122, CVE-2021-25122, CVE-2021-25329

Upgrade

We recommend upgrading via Helm using the following commands:

$ helm repo add ververica https://charts.ververica.com
$ helm upgrade [RELEASE] ververica/ververica-platform --version 5.0.2 --values custom-values.yaml