Ververica Platform 2.12.3
Release Date: 2024-03-29
Changelog
Apache Flink®
Ververica Platform 2.12.3 supports the following versions:
- Apache Flink® 1.18.1
- Apache Flink® 1.17.2
Ververica Platform 2.12.3 supports Apache Flink® 1.18 and Apache Flink® 1.17 under SLA. Apache Flink® 1.16 images are no longer provided in this version but are still supported on a best-effort basis.
For Stream Edition the following Apache Flink® Docker images are available. Please check Ververica Platform Docker Images for all available Apache Flink® images and additional tags.
- 1.16.3-stream1-scala_2.12-java8
- 1.16.3-stream1-scala_2.12-java11
- 1.17.2-stream1-scala_2.12-java8
- 1.17.2-stream1-scala_2.12-java11
- 1.18.1-stream2-scala_2.12-java8
- 1.18.1-stream2-scala_2.12-java11
- 1.18.1-stream2-scala_2.12-java17
For Spring Edition the following archives are available:
See Flink 1.18.1 release.
New features
Flink 1.18 image on JAVA 17
In alignment with the Apache Flink support of Java 17 in beta mode, we provide an updated VVP Flink 1.18.1 image ready to run with Java 17.
Improvements
Ververica Platform Kubernetes Operator integrated with Authentication/Authorization/RBAC
If authentication is already enabled, users will need to update Ververica Platform deployment definition custom resources. With this improvement, the resources now require authentication to be reconciled by the Ververica Platform K8s operator.
We are introducing an enhancement to the VVP Kubernetes Operator that integrates seamlessly with Ververica Platform's Authentication/Authorization and RBAC features. This update ensures that the operator respects Ververica Platform's security settings, preventing unauthorized creation of Flink deployments in Ververica Platform namespaces.
Previously, Ververica’s Kubernetes Operator handled RBAC similarly to open-source operators, restricting RBAC to a specific Kubernetes namespace. With this enhancement, users can achieve more granular access control by configuring permissions within designated Ververica Platform namespaces. This approach offers a tailored and secure solution compared to the broader, Kubernetes namespace-based RBAC typical of open-source operators.
For further details, see the Kubernetes operator configuration documentation.
Bug fixes
UI shows one event "Awaiting cluster teardown" every 3 seconds
Previously, users experienced an issue where an "Awaiting cluster teardown" notification would repeatedly appear every 3 seconds during the teardown process, leading to potential confusion and clutter in the UI. We have corrected this behavior to ensure the notification no longer appears repeatedly but just once per operation.
Vulnerability Fixes (outside of Apache Flink®)
- Updated netty to 4.1.108.Final to resolve vulnerability CVE-2024-29025
- Updated Spring Boot to 3.1.10 to resolve CVE-2024-22257 and CVE-2024-22259
- Updated helm charts to set a security context to the containers to address vulnerability CKV_K8S_30
- Updated helm charts to minimize containers capabilities to address vulnerabilities CKV_K8S_28 and CKV_K8S_37
- Updated helm charts to disable allowPrivilegeEscalation to address vulnerability CKV_K8S_20
- Updated helm charts to run as specific non root user to address vulnerabilities CKV_K8S_23 and CKV_K8S_40
- Updated helm charts to set the seccomp profile to address vulnerabilities CKV_K8S_31
Upgrade
As always, we recommend upgrading via Helm using the following commands:
$ helm repo add ververica https://charts.ververica.com
$ helm repo update
$ helm upgrade [RELEASE] ververica/ververica-platform --version 5.8.3 --values custom-values.yaml