Ververica Platform 2.14.3

Release Date: 2025-12-11

Changelog

Apache Flink®

Ververica Platform 2.14.3 supports the following versions:

For Stream Edition:

1.17.2-stream6-scala_2.12-java8
1.17.2-stream6-scala_2.12-java11
1.18.1-stream5-scala_2.12-java8
1.18.1-stream5-scala_2.12-java11
1.18.1-stream5-scala_2.12-java17
1.19.3-stream2-scala_2.12-java8
1.19.3-stream2-scala_2.12-java11
1.19.3-stream2-scala_2.12-java17

For Spring Edition the following archives are available:

Improvements

Improved Handling of Incompatible Custom Resources

The platform now includes enhanced error handling for Custom Resources (CRs) that are incompatible with their CustomResourceDefinition (CRD). Previously, invalid CRs could cause reconciliation loops that led to operator instability or system unreachability. With this update, the platform gracefully handles these reconciliation failures, preventing disruptions and ensuring the system remains stable even when malformed resources are present.

Additionally, you can now configure the Kubernetes Operator to run in its own dedicated pod, providing further isolation and resource management control.

To enable the separate operator deployment, set separateDeployment: true in your Helm values configuration:

vvp:
  k8sOperator:
    enabled: true
    separateDeployment: true  # Enables the dedicated operator pod
    identity: "vvp-1"
    watchedNamespaces:
      - <target-namespace-1>
      - <target-namespace-2>

Bug fixes

Fixed Regression Causing Offline DDL Updates to Fail in 2.14.x

A regression introduced after version 2.12.0 caused the offline DDL update command to fail when running the vvp-persistence image, resulting in a Liquibase ClassNotFoundException for a required migration class. This prevented schema migrations from completing across databases such as PostgreSQL. The issue was caused by an unintended dependency exclusion and has now been resolved, with offline DDL updates working correctly again.

Stability Fixes

In this release we have also incorporated critical fixes originally identified in 2.14.2, including the resolution for lost checkpoint visibility and the correction of HA configuration issues introduced by the new HA settings. This release also backports the necessary high-availability fix required by customers upgrading from older versions, ensuring stable behavior without requiring an upgrade to 2.15.x. These changes were selectively cherry-picked from 2.15.0 to provide a safe and compatible upgrade path for environments still using VVP Flink 1.17.

Vulnerability Fixes (inside of Apache Flink®)

Updated pypi/urllib3 to 2.6.1 to address CVE-2025-66471
Updated pypi/urllib3 to 2.6.1 to address CVE-2025-66418
Updated pypi/setuptools to 80.9.0 to address CVE-2025-47273
Updated pypi/protobuf to 4.25.8 to address CVE-2025-4565

Vulnerability Fixes (outside of Apache Flink®)

Upgraded Spring Boot to 3.1.12
Updated nimbus-jose-jwt to 9.37.4 to address CVE-2025-53864
Updated bouncycastle to 1.80 to address CVE-2025-8916
Updated geoip2 to 2.17.0 to address CVE-2020-13956

Upgrade

As always, we recommend upgrading via Helm using the following commands:

$ helm repo add ververica https://charts.ververica.com
$ helm repo update
$ helm upgrade [RELEASE] ververica/ververica-platform --version 5.10.3 --values custom-values.yaml

Changelog​

Apache Flink®​

Improvements​

Improved Handling of Incompatible Custom Resources​

Bug fixes​

Fixed Regression Causing Offline DDL Updates to Fail in 2.14.x​

Stability Fixes​

Vulnerability Fixes (inside of Apache Flink®)​

Vulnerability Fixes (outside of Apache Flink®)​

Upgrade​