Ververica Platform 2.15.6
Release Date: 2026-02-16
Overview
This release is a security-focused update designed to address identified vulnerabilities. We recommend that all users upgrade to this version to ensure the continued security and stability of their environments. This patch does not introduce new features or functional changes.
Changelog
Apache Flink®
Ververica Platform 2.15.6 supports the following versions:
- Apache Flink® 1.20
- Apache Flink® 1.19
- Apache Flink® 1.18
Ververica Platform 2.15.6 supports Apache Flink® 1.20, Apache Flink® 1.19, and Apache Flink® 1.18 under SLA.
For Stream Edition:
- 1.18.1-stream6-scala_2.12-java8
- 1.18.1-stream6-scala_2.12-java11
- 1.18.1-stream6-scala_2.12-java17
- 1.19.3-stream3-scala_2.12-java8
- 1.19.3-stream3-scala_2.12-java11
- 1.19.3-stream3-scala_2.12-java17
- 1.20.3-stream2-scala_2.12-java8
- 1.20.3-stream2-scala_2.12-java11
- 1.20.3-stream2-scala_2.12-java17
For Spring Edition the following archives are available:
Vulnerability Fixes (Inside Apache Flink®)
- Updated openssl to 3.0.13-0ubuntu3.7 to address CVE-2025-15467
- Updated jaraco.context to 6.1.0 to address CVE-2026-23949
- Updated protobuf to 6.33.5 to address CVE-2026-0994
- Updated wheel to 0.46.3 to address CVE-2026-24049
Vulnerability Fixes (Outside of Apache Flink®)
- Updated to Spring Boot 3.4.13 to resolve Spring libraries related CVEs.
- Updated jsonschema2pojo-core to 1.3.2 to address CVE-2025-3588
- Updated libcrypto & libssl to 3.5.5 to address CVE-2025-15467, CVE-2025-69421, CVE-2025-69419
- Updated mssql-jdbc to 12.10.2 to address CVE-2025-59250
- Updated logback-core to 1.5.29 to address CVE-2026-1225
- Updated commons-lang3 to 3.20.0 to address CVE-2025-48924
- Upgraded to Python 3.11, addressing multiple Python-related CVEs
Upgrade
Upgrade via Helm using the following commands:
$ helm repo add ververica https://charts.ververica.com
$ helm repo update
$ helm upgrade [RELEASE] ververica/ververica-platform --version 5.11.6 --values custom-values.yaml