Ververica Platform 2.15.3

Release Date: 2025-12-22

Changelog

Apache Flink®

Ververica Platform 2.15.3 supports the following versions:

For Stream Edition:

1.18.1-stream5-scala_2.12-java8
1.18.1-stream5-scala_2.12-java11
1.18.1-stream5-scala_2.12-java17
1.19.3-stream1-scala_2.12-java8
1.19.3-stream1-scala_2.12-java11
1.19.3-stream1-scala_2.12-java17
1.20.1-stream2-scala_2.12-java8
1.20.1-stream2-scala_2.12-java11
1.20.1-stream2-scala_2.12-java17

For Spring Edition the following archives are available:

Improvements

Improved Handling of Incompatible Custom Resources

The platform now includes enhanced error handling for Custom Resources (CRs) that are incompatible with their CustomResourceDefinition (CRD). Previously, invalid CRs could cause reconciliation loops that led to operator instability or system unreachability. With this update, the platform gracefully handles these reconciliation failures, preventing disruptions and ensuring the system remains stable even when malformed resources are present.

Bug fixes

Deployments Not Visible Without Sorting

Resolved an issue where the Deployments page initially appeared empty, requiring users to manually trigger a sort to view their deployments. This was caused by a frontend error when the property spec.containers[] was configured as empty, resulting in a UI rendering failure. The page now loads and displays deployments correctly by default.

Missing CPU and Memory Metrics

Fixed an issue where CPU and memory usage values were missing from the Deployments page, occasionally causing deployments to appear empty. This is now resolved, ensuring that deployment lists and their associated resource metrics load correctly without requiring filter adjustments.

Snapshot Restore Failure with Changelog State Backend (Flink 1.19)

Fixed an issue where jobs using Flink 1.19 with the changelog state backend enabled failed to restart from checkpoints or savepoints, even when execution.savepoint-restore-mode: CLAIM was configured. The fix addresses an internal conflict regarding full snapshot enforcement, ensuring jobs can now reliably resume using the changelog state backend.

Missing RBAC Permissions for Resource Finalizers

Resolved an issue where the Helm chart lacked the necessary RBAC permissions to update resource finalizers when blockOwnerDeletion was enabled (VVP 2.15.1+). This previously blocked upgrades or caused reconciliation failures. The Helm chart now grants the required permissions, ensuring smooth upgrades and correct operator behavior without manual patching.

Savepoint Restore Failure Due to Outdated `commons-cli` (Flink 1.20.1)

Fixed a NoSuchMethodError during savepoint recovery for Flink 1.20.1 applications. The issue was caused by an outdated commons-cli version within the flink-shaded-hadoop-2-uber dependency. Dependency handling has been updated to avoid classpath conflicts, ensuring reliable startup and recovery.

Schema Validation Error for `flinkFatalExceptionFailEarly`

Resolved a schema validation failure that prevented deployments from being created or updated when flinkFatalExceptionFailEarly was configured. The Custom Resource Definition (CRD) has been updated to include this missing field, allowing the configuration to be applied successfully.

Kafka Connector Failure Missing Jackson Dependencies

Fixed a runtime ClassNotFoundException in the Flink SQL Kafka connector when using OAuth-based authentication. The connector was missing required Jackson libraries (databind, core, annotations). These dependencies are now included, ensuring OAuth authentication works out of the box.

Vulnerability Fixes (outside of Apache Flink®)

Upgraded Spring Boot to 3.4.12 to address CVE-2025-41249, CVE-2025-41248, and CVE-2025-41242
Updated bouncycastle to 1.82 to address CVE-2025-8916
Updated Netty to 4.1.128.Final to address CVE-2025-55163, CVE-2025-58056, CVE-2025-58057
Updated kafka-clients to 3.9.1 to address CVE-2025-27817
Updated vertx-core to 4.5.22 to address CVE-2025-49574
Updated nimbus-jose-jwt to 9.37.4 to address CVE-2025-53864
Updated okio-jvm to 3.6.14 to address CVE-2023-3635
Updated zookeeper to 3.9.4 to address CVE-2025-58457
Updated tomcat-embed-core to 10.1.49 to address CVE-2024-50379, CVE-2025-52520, CVE-2025-53506, and CVE-2025-48989
Updated nginx to 1.29.4-alpine to address CVE-2025-9230, CVE-2025-9231, CVE-2025-4947, CVE-2025-59375, CVE-2025-48175 and CVE-2025-6021
Updated vertx-web to 4.5.22 to address CVE-2025-11965
Updated grpc-netty-shaded to 1.77.0 to address CVE-2025-55163
Updated mssql-jdbc to 12.10.2.jre8 to address CVE-2025-59250
Updated minio to 8.6.0 to address CVE-2025-59952

Upgrade

As always, we recommend upgrading via Helm using the following commands:

$ helm repo add ververica https://charts.ververica.com
$ helm repo update
$ helm upgrade [RELEASE] ververica/ververica-platform --version 5.11.3 --values custom-values.yaml

Changelog​

Apache Flink®​

Improvements​

Improved Handling of Incompatible Custom Resources​

Bug fixes​

Deployments Not Visible Without Sorting​

Missing CPU and Memory Metrics​

Snapshot Restore Failure with Changelog State Backend (Flink 1.19)​

Missing RBAC Permissions for Resource Finalizers​

Savepoint Restore Failure Due to Outdated commons-cli (Flink 1.20.1)​

Schema Validation Error for flinkFatalExceptionFailEarly​

Kafka Connector Failure Missing Jackson Dependencies​

Vulnerability Fixes (outside of Apache Flink®)​

Upgrade​