Ververica Platform 2.13.1

Release Date: 2024-06-17

Changelog

Apache Flink®

Ververica Platform 2.13.1 supports the following versions:

Apache Flink® 1.19
Apache Flink® 1.18
Apache Flink® 1.17

Ververica Platform 2.13.1 supports Apache Flink® 1.19, Apache Flink® 1.18, and Apache Flink® 1.17 under SLA.

For Stream Edition the following Apache Flink® Docker images are available. Please check Ververica Platform Docker Images for all available Apache Flink® images and additional tags.

1.17.2-stream3-scala_2.12-java8
1.17.2-stream3-scala_2.12-java11
1.18.1-stream3-scala_2.12-java8
1.18.1-stream3-scala_2.12-java11
1.18.1-stream3-scala_2.12-java17
1.19.0-stream1-scala_2.12-java8
1.19.0-stream1-scala_2.12-java11
1.19.0-stream1-scala_2.12-java17

For Spring Edition the following archives are available:

Additionally, the Apache Flink 1.17.2 has been patched to include the FLINK-34496 bug fix from Flink 1.19.0.

New features

JSON Schema for YAML configuration validation

We are excited to introduce a JSON Schema for pre-validating YAML files in Custom Resource deployments and Kubernetes Operator configurations. This enhancement ensures YAML configurations are reliable and correct by enforcing proper structure, required fields, data types, and value constraints. Our updated documentation includes the schema, enabling seamless integration into CI/CD pipelines for automatic validation, streamlining deployment and enhancing system integrity.

Improvements

Improved Performance for Deployments Page

We have optimized the deployments page, reducing load times and the overall responsiveness of the platform. Users will now experience faster access to their deployment list, whereas previously, especially in environments with many deployments, page load could take up to one minute.

Improved Performance for Ververica Platform UI Catalog Tree

Enhanced the catalog tree load times to improve overall responsiveness. Performance improvements were made to ensure that even with a large number of tables and scripts, the catalog tree loads efficiently. This fix ensures a smoother experience when using the SQL Editor and browsing the catalog.

Enhance error logging for Custom Resource deployment parameter issues

We have improved error logging for Custom Resource (CR) deployments to address user challenges with the generic "Deployment parameters are invalid" message. Our system now provides detailed descriptions of incorrect parameters and highlights specific discrepancies between the provided and expected values. This update ensures easier identification and correction of errors.

Audit Logs improvement

We are pleased to announce an enhancement to our audit logging functionality. Ververica Platform audit logs are now more descriptive, detailing activity changes, especially state changes like "Deployment Paused" and "Deployment Resumed". These improvements provide better insights into system actions, ensuring comprehensive tracking and easier troubleshooting.

Bug fixes

EndpointSuffix in Azure blob storage credential configuration not respected

Resolved an issue where the specified EndpointSuffix value configured for Azure blob storage credentials was not respected, throwing an error.

Fix messaging when fetching connectors from JAR/URL

Previously, when creating a connector from a JAR file or URL, Ververica Platform messaging was unclear, for example, when there were no connectors in the provided source, it was treated as having multiple connectors. The platform messaging has been improved to account for such instances.

Deployment stays in TRANSITIONING when there is an exception

Fixed an issue where deployments remained indefinitely in the TRANSITIONING state after exceptions in the program’s main method (before the Flink job graph executed).

You can now configure deployments to fail fast by setting:

spec.template.spec.flinkFatalExceptionFailEarly: true

This forces the job into a FAILED state (exit code 1, 2, or 239) instead of hanging in TRANSITIONING. Previously, parameters like spec.maxJobCreationAttempts and spec.jobFailureExpirationTime were ineffective in this scenario.

Fail deployment earlier when restoring from a snapshot that does not exist

Resolved an issue where deployments got stuck in a crash loop when restoring from a nonexistent snapshot. Such deployments now fail cleanly instead of retrying indefinitely.

Fixed issue when configuring logging profiles

Resolved an issue where the text box for configuring custom templates for user profiles was acting as "read-only". It is now back to working as expected, as the user changes appear in the resulting deployment YAML.

Deprecation

Disable non-production mode in deployments

To enhance our licensing model and ensure fair usage, we have discontinued non-production mode in version 2.13.1. Previously, non-production mode allowed test deployments without impacting the licensed CPU core quota. Going forward, we are offering separate non-production licenses for customers who need extensive testing capabilities, ensuring uninterrupted testing workflows. For more details on obtaining a non-production license or any questions regarding this change, please contact our support team.

Vulnerability Fixes (outside of Apache Flink®)

Upgraded to Angular 17.3.1, which resolves CVE-2023-42366, CVE-2023-42365, CVE-2024-34459, CVE-2024-4603
Updated apache compress version to 1.26.0 to resolve CVE-2024-26308 & CVE-2023-42503
Updated apache santuario xmlsec to 2.3.4 by updating openSaml version to 4.3.1 to resolve CVE-2023-44483
Dropped nginx version from 404 pages
Addressed helm chart vulnerability CKV_K8S_43. The example below showcases how to use digest in VVP configuration values.yaml under the vvp key:

vvp:
  resultFetcher:
    tag: sha256:8d381486e25a3044cd8bb8736d53646e9cf68d593d8a23cb7d36342448abcb87

appmanager:
  image:
    digest: sha256:6866594ec3cfd9beda04902eaf768c2e5aa52c6c3b7583b9ec706361f84de13a
  artifactFetcherTag: sha256:10a02abd451f7a377f0c75417e7e3bb1400fe0c48b65180246b81b7033c8d0d6

gateway:
  image:
    digest: sha256:09a06afe47c728c515a112e98f6b1765ac26c901ca213990132ac1edde7b47e1

ui:
  image:
    digest: sha256:5ed5dc93de5204ba7ded056a7af4db1f070958a0f309ca6f757e423012e12c24

Upgrade

As always, we recommend upgrading via Helm using the following commands:

$ helm repo add ververica https://charts.ververica.com
$ helm repo update
$ helm upgrade [RELEASE] ververica/ververica-platform --version 5.9.1 --values custom-values.yaml

Changelog​

Apache Flink®​

New features​

JSON Schema for YAML configuration validation​

Improvements​

Improved Performance for Deployments Page​

Improved Performance for Ververica Platform UI Catalog Tree​

Enhance error logging for Custom Resource deployment parameter issues​

Audit Logs improvement​

Bug fixes​

EndpointSuffix in Azure blob storage credential configuration not respected​

Fix messaging when fetching connectors from JAR/URL​

Deployment stays in TRANSITIONING when there is an exception​

Fail deployment earlier when restoring from a snapshot that does not exist​

Fixed issue when configuring logging profiles​

Deprecation​

Disable non-production mode in deployments​

Vulnerability Fixes (outside of Apache Flink®)​

Upgrade​