Ververica Platform 2.11.0

Release Date: 2023-07-26

Changelog

Apache Flink®

Ververica Platform 2.11.0 supports Apache Flink® 1.17 and Apache Flink® 1.16 under SLA. Apache Flink® 1.15 images are no longer provided in this version but are still supported on a best-effort basis.

• For Stream Edition the following Apache Flink® Docker images are available. Please check Ververica Platform Docker Images for all available Apache Flink® images and additional tags.

  • 1.15.4-stream1-scala_2.12-java8
  • 1.15.4-stream1-scala_2.12-java11
  • 1.16.2-stream1-scala_2.12-java8
  • 1.16.2-stream1-scala_2.12-java11
  • 1.17.1-stream1-scala_2.12-java8
  • 1.17.1-stream1-scala_2.12-java11

• For Spring Edition the following archives are available

  • flink-1.15.4-spring1-scala_2.12.tgz
  • flink-1.16.2-spring1-scala_2.12.tgz
  • flink-1.17.1-spring1-scala_2.12.tgz

Apache Flink® SQL

The Flink SQL Version has been bumped to Apache Flink® 1.17.1

Improvements

• Upgraded Spring Boot up to v2.7.14
• Add kubernetes operator for Flink Jobs Lifecycle Management
• Extend sql panel consisting of sql-scripts and sql-editor
• Enable disaster recovery which allows to track last successful checkpoint of jobs in VVP
• Add deploymentId in deployment details view
• Add support for Azure SQL authentication
• Expose deploymentName in the metrics link template and extend metrics link for history jobs
• Show entrypoint class and mainArgs on the Configuration tab
• Show entrypoint class, mainArgs, and pod template on the Jobs tab for past jobs
• Add support for SQL "ADD JAR" statement
• Implement a mechanism to prune a Deployments job history
• Allow to configure VVP context path

Vulnerability Fixes (outside of Apache Flink®)

• Updated Spring Security to resolve critical vulnerability CVE-2023-34034
• Updated Jettison to resolve vulnerability CVE-2023-1436
• Updated Hadoop and Reload4j to resolve vulnerability CVE-2020-7572
• Updated Jose4j to resolve vulnerability CWE-327
• Updated H2 to resolve vulnerability CVE-2018-10054
• Updated Node Semver to resolve vulnerability CVE-2022-25883
• Updated Openssl to resolve vulnerabilities CVE-2023-1255 and CVE-2023-2650
• Updated Curl to resolve vulnerabilities CVE-2023-28322, CVE-2023-28321, CVE-2023-28319 and CVE-2023-28320
• Updated Ncurses to resolve vulnerability CVE-2023-29491
• Updated Snappy-Java package to resolve vulnerability CVE-2023-34455

VVP Kubernetes vs. Flink Kubernetes

• VVP Kubernetes is marked as deprecated (it won't be available from VVP 2.12) and it is recommended to use Flink Kubernetes. Please check Kubernetes High-Availability Service for more information

Upgrade

We recommend upgrading via Helm using the following commands:

    helm repo add ververica https://charts.ververica.com
    helm repo update
    helm upgrade [RELEASE] ververica/ververica-platform --version 5.7.0 --values custom-values.yaml