Ververica Platform 2.15.1
Release Date: 2025-07-11
Changelog
Apache Flink®
Ververica Platform 2.15.1 supports the following versions:
- Apache Flink® 1.20
- Apache Flink® 1.19
- Apache Flink® 1.18
Ververica Platform 2.15.1 supports Apache Flink® 1.20, Apache Flink® 1.19, and Apache Flink® 1.18 under SLA.
For Stream Edition the following Apache Flink® Docker images are available. See Ververica Platform Docker Images for the full list and additional tags.
- 1.18.1-stream5-scala_2.12-java8
- 1.18.1-stream5-scala_2.12-java11
- 1.18.1-stream5-scala_2.12-java17
- 1.19.0-stream3-scala_2.12-java8
- 1.19.0-stream3-scala_2.12-java11
- 1.19.0-stream3-scala_2.12-java17
- 1.20.1-stream1-scala_2.12-java8
- 1.20.1-stream1-scala_2.12-java11
- 1.20.1-stream1-scala_2.12-java17
For Spring Edition the following archives are available:
Features
Restore Deployments from a Savepoint via the Kubernetes Operator
Now the Ververica Platform Kubernetes Operator can start a deployment directly from a Flink savepoint.
Add the field below when you create a VvpDeployment manifest:
spec:
initialSavepointSpec:
savePointLocation: s3://bucket/path/to/savepoint-abc123
Key conditions:
- The savepoint status must be COMPLETED.
- The deployment’s current state must be
spec.deployment.spec.state: CANCELLED. spec.deployment.restoreStrategymust not beNONE.- The deployment must not already exist.
This one-line addition enables one-shot recoveries and disaster-recovery drills through GitOps alone, bringing the operator to par with the UI and REST API.
Improvements
Audit Log Captures Login Activity
The Audit Log now also records:
- Successful user logins
- User logouts
- Failed / denied login attempts
These entries appear alongside all other audit records in the UI and via the REST API, so admins can filter or export them for GDPR and internal-security reviews. No configuration changes are required — every new and existing namespace inherits the extended logging automatically.
Bug Fixes
Events Tab Fixed — Shows Timestamps, Right Job IDs, and Works Without the Operator
In 2.15.0, the Kubernetes Events tab could look incomplete — timestamps were missing, Job IDs showed an internal handle, and the list stayed empty if the VVP Kubernetes Operator was turned off because the platform pod lacked the right RBAC. The 2.15.1 release corrects all three in one go: the timestamp column is filled, the proper Flink Job ID appears, and the platform role now includes the needed get/list/watch permissions so events load even without the operator.
Missing metadata.ownerReferences on Deployment Created by Ververica Kubernetes Operator
In previous versions, metadata.ownerReferences was not populated properly leading to a broken chain of ownership in Kubernetes resources. This release fixes the assignment of metadata.ownerReferences by Ververica Platform to point to the CR that was created via the Kubernetes Operator.
Vulnerability Fixes (outside Apache Flink®)
- Upgraded Spring Boot to 3.4.7 (CVE-2025-41234, CVE-2025-48988)
- Upgraded Avro to 1.12.0 (CVE-2024-47561)
- Upgraded kafka-clients to 3.8.1 (CVE-2025-27817)
- Upgraded PostgreSQL JDBC to 42.7.7 (CVE-2025-49146)
- Upgraded HttpClient to 4.5.14 (CVE-2020-13956)
- Upgraded jsonschema2pojo to 1.1.0 (CVE-2019-10202)
- Upgraded ZooKeeper to 3.9.2 (CVE-2024-51504)
- Upgraded libxml2 to 2.12.10-r0 (CVE-2025-27113)
- Upgraded Logback to 1.5.18 (CVE-2024-12798, CVE-2024-12801)
- Upgraded Commons BeanUtils to 1.11.0 (CVE-2025-48734)
- Upgraded Velocity to 2.4.1 (CVE-2024-47554)
Upgrade
helm repo add ververica https://charts.ververica.com
helm repo update
helm upgrade <RELEASE> ververica/ververica-platform \
--version 5.11.1 \
--values custom-values.yaml