Skip to main content
Version: 2.14

Ververica Platform 2.1.1

Release Date: 2020-05-20

Changelog

Vulnerability Fixes

The following security vulnerabilities have been fixed compared to 1.10.0:

CVE-2009-4269, CVE-2011-4461, CVE-2014-0228, CVE-2014-3488, CVE-2015-1832, CVE-2015-2156, CVE-2015-3254, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-1282, CVE-2018-1284, CVE-2018-1313, CVE-2018-1314, CVE-2018-11777

Two dependencies of Apache Flink are affected by CVE-2019-20444 and CVE-2019-20445: Akka and Elasticsearch® 5 client. It was so far not possible to upgrade the affected dependency. With respect to Akka, we have instead verified that the affected class HttpMessageDecoder is not used by Apache Flink (neither with nor without SSL). With respect to Elasticsearch®, thanks to flink-16942 users can configure the connector to use Netty > 4.1.44 instead, which is not affected by the vulnerabilities.

Vulnerability Fixes

Two dependencies of Apache Flink are affected by CVE-2019-20444 and CVE-2019-20445: Akka and Elasticsearch® 5 client. It was so far not possible to upgrade the affected dependency (Netty). For Akka we have instead verified that the affected class HttpMessageDecoder is not used by Apache Flink (neither with nor without SSL). For Elasticsearch® users can configure the connector to use a Netty version which is not affected by the vulnerabilities as outlined in flink-16942.

Charts

  • The Ververica Platform Helm charts now support to pass additional environment variables to the Ververica Platform containers.
  • A platform-wide private Docker registry can now be configured by a single Helm value (vvp.registry).

Upgrade

We recommend upgrading via Helm using the following commands:

    helm repo add ververica https://charts.ververica.com
    helm upgrade [RELEASE] ververica/ververica-platform --version 4.1.1 --values custom-values.yaml