Ververica Platform 2.15.7
Release Date: 2026-03-02
Overview
This release is a security-focused update designed to address identified vulnerabilities. We recommend that all users upgrade to this version to ensure the continued security and stability of their environments. This patch does not introduce new features or functional changes.
Changelog
Apache Flink®
Ververica Platform 2.15.7 supports the following versions:
- Apache Flink® 1.20
- Apache Flink® 1.19
- Apache Flink® 1.18
Ververica Platform 2.15.7 supports Apache Flink® 1.20, Apache Flink® 1.19, and Apache Flink® 1.18 under SLA.
For Stream Edition:
- 1.18.1-stream7-scala_2.12-java8
- 1.18.1-stream7-scala_2.12-java11
- 1.18.1-stream7-scala_2.12-java17
- 1.19.3-stream4-scala_2.12-java8
- 1.19.3-stream4-scala_2.12-java11
- 1.19.3-stream4-scala_2.12-java17
- 1.20.3-stream3-scala_2.12-java8
- 1.20.3-stream3-scala_2.12-java11
- 1.20.3-stream3-scala_2.12-java17
For Spring Edition the following archives are available:
Vulnerability Fixes (Inside Apache Flink®)
- Updated curl, libcurl4t64 to 8.5.0-2ubuntu10.7 to address CVE-2025-10148, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, CVE-2025-15224
- Updated libexpat1 to 2.6.1-2ubuntu0.4 to address CVE-2026-24515, CVE-2026-25210
- Updated libgnutls30t64 to 3.8.3-1.1ubuntu3.5 to address CVE-2025-14831, CVE-2025-9820
- Updated libpng16-16t64 to 1.6.43-5ubuntu0.5 to address CVE-2026-25646
- Updated libssh-4 to 0.10.6-2ubuntu0.3 to address CVE-2025-8277, CVE-2026-0964, CVE-2026-0965, CVE-2026-0966, CVE-2026-0967, CVE-2026-0967
Vulnerability Fixes (Outside of Apache Flink®)
- Removed curl, libcurl4 to address CVE-2025-0167, CVE-2025-14017, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224
- Removed dirmngr, gnupg-l10n, gpg-wks-client, gpgconf to address CVE-2022-3219, CVE-2025-68972
- Removed gcc-12-base, libgcc-s1, libstdc++6 to address CVE-2022-27943
- Removed libexpat1 to address CVE-2025-66382
- Removed libgcrypt20 to address CVE-2024-2236
- Removed libncurses6, libncursesw6, libtinfo6, ncurses-base, ncurses-bin to address CVE-2023-50495
- Removed libpam-modules, libpam-modules-bin, libpam-runtime, libpam0g to address CVE-2025-8941
- Removed libpcre2-8-0 to address CVE-2022-41409
- Removed libpcre3 to address CVE-2017-11164
- Removed libpng to address CVE-2026-25646
- Removed libssh-4 to address CVE-2025-8277, CVE-2026-0964, CVE-2026-0965, CVE-2026-0966, CVE-2026-0967, CVE-2026-0968
- Removed libsystemd0, libudev1 to address CVE-2023-7008
- Removed libzstd1 to address CVE-2022-4899
- Removed login, passwd to address CVE-2023-29383, CVE-2024-56433
- Removed org.lz4:lz4-java to address CVE-2025-12183, CVE-2025-66566
- Removed stdlib to address CVE-2025-47912, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68121
- Removed tar to address CVE-2025-45582
- Removed wget to address CVE-2021-31879
- Updated coreutils to 9.8-r1 to address CVE-2016-2781
- Updated curl, libcurl4 to 7.81.0-1ubuntu1.22 to address CVE-2025-14017, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224
- Updated gnupg, gnupg-utils, gpg, gpg-agent, gpg-wks-server, gpgsm, gpgv to 2.4.9-r0 to address CVE-2022-3219, CVE-2025-68972
- Updated gnutls to 3.8.12-r0 to address CVE-2025-14831, CVE-2026-1584
- Updated libpng to 1.6.55-r0 to address CVE-2026-25646
- Updated libssh-4 to 0.9.6-2ubuntu0.22.04.6 to address CVE-2025-8277, CVE-2026-0964, CVE-2026-0965, CVE-2026-0966, CVE-2026-0967, CVE-2026-0968
Upgrade
Upgrade via Helm using the following commands:
$ helm repo add ververica https://charts.ververica.com
$ helm repo update
$ helm upgrade [RELEASE] ververica/ververica-platform --version 5.11.7 --values custom-values.yaml