Ververica Platform 3.1.0

Release Date: 2026-04-03

Ververica Platform 3.1.0 is a feature release that introduces a Kubernetes Operator for simplified deployment and lifecycle management, Audit Logs for enhanced compliance and traceability, Blob Credentials using Mounted Files for secure credential management, and expanded API Token Management for more granular access control. This release also adds a Resource Usage Tracker for improved visibility into platform consumption, support for loading savepoints from custom locations, the Ververica CLI (vvctl), and new connectors and catalogs (Azure CosmosDB and MongoDB).

Ververica Platform 3.1.0 also upgrades to VERA 4.5 with Java 17 support.

New Features and Improvements

Kubernetes Operator

The Ververica Kubernetes Operator lets you manage Ververica Platform deployments directly through Kubernetes using standard tools such as kubectl and Helm. This makes Ververica Platform Kubernetes-native, enabling automation, CI/CD integration, version management, and monitoring without requiring the web UI.

For more information, see Kubernetes Operator.

Audit Logs

Audit Logs capture platform events for security and compliance purposes and store them in a location where you can retrieve, query, and retain them as long as needed. This feature provides enhanced traceability of platform activity and supports organizational governance requirements.

For more information, see Audit Logs.

Blob Credentials using Mounted Files

Blob Credentials using Mounted Files provides a secure way to supply storage access credentials to Ververica Platform without embedding them in configuration files or Kubernetes secrets. You can mount credentials as files in the Ververica environment. Each key is stored separately, and the platform loads them automatically. This method is ideal for environments where credentials are managed externally or rotated frequently.

For more information, see Blob Storage.

API Token Management

API Tokens enable secure, automated access to Ververica Platform without requiring user interaction. Use API tokens to allow machine-to-machine authentication, enabling CI/CD pipelines and automation tools to interact with the platform API safely and within defined permissions.

Each token is scoped to a namespace and assigned a specific role: viewer, editor, or owner. You can create, use, or revoke tokens at any time, making it straightforward to integrate Ververica Platform into automated workflows while maintaining strict access control.

For more information, see API Token Management.

Resource Usage Tracker

Resource usage tracking lets you monitor and report CPU core consumption per namespace over time. Use this feature to track, report, and manage compute usage across teams or environments for transparency, chargeback, or optimization purposes.

You can generate reports using the /api/v1/status/resourceusage endpoint to view usage between specific dates, returned as a CSV file.

For more information, see Resource Usage Tracking.

Loading Savepoints from Custom Locations

Ververica Platform lets you start a deployment from a savepoint stored at any accessible storage location, not only savepoints managed within the platform. Use this feature when restoring state from an external source, such as a savepoint taken from a VVP 2 deployment. You can use this capability through the UI or the Kubernetes Operator.

For more information, see Loading Savepoints from Custom Locations.

VERA 4.5 Upgrade

Ververica Platform 3.1.0 upgrades to VERA 4.5, which adds Java 17 (JDK 17) support alongside the existing JDK 11 default. The following engine versions are available:

vera-4.5-flink-1.20-jdk11 (default)
vera-4.5-flink-1.20-jdk17

For more information, see VERA Engine Versions and Java Compatibility.

This release also introduces new AI SQL functions for intelligent text processing in Flink SQL, including AI_CLASSIFY, AI_SENTIMENT, AI_EXTRACT, AI_SUMMARIZE, AI_EMBED, AI_TRANSLATE, and AI_MASK. For more information, see AI SQL Functions.

Additionally, VERA 4.5 adds native Bitmap type support. For more information, see BITMAP Type and Functions.

Ververica CLI

Ververica CLI (vvctl) is the official command-line tool for managing Ververica Platform resources. It provides a kubectl-like interface for interacting with the platform, either interactively or through automation scripts. Use vvctl to monitor and manage deployments and other platform resources in real-time operations or CI/CD pipelines.

For more information, see Ververica CLI.

New Connectors and Catalogs

Ververica Platform 3.1.0 introduces new connectors and catalogs for writing to and querying external data stores from Flink.

Azure CosmosDB Connector

The Azure CosmosDB connector enables writing data from Flink to Azure Cosmos DB using the API for NoSQL. This connector is sink-only with at-least-once delivery semantics, built on the Flink AsyncSink framework and the Azure Cosmos DB Java SDK v4 async client.

For more information, see Azure CosmosDB Connector.

MongoDB Catalog

The MongoDB catalog enables browsing MongoDB databases and collections directly from Flink SQL without writing per-table DDL statements. The catalog maps MongoDB databases to Flink databases and collections to Flink tables, and automatically infers collection schemas.

For more information, see MongoDB Catalog.

Vulnerability Fixes (Inside Apache Flink)

Updated binutils, binutils-common, binutils-x86-64-linux-gnu, libbinutils, libctf-nobfd0, libctf0, libgprofng0, libsframe1 to 2.42-4ubuntu2.10 to address CVE-2025-11082, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1147, CVE-2025-1148, CVE-2025-11494, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198, CVE-2025-5244, CVE-2025-5245, CVE-2025-7545, CVE-2025-7546, CVE-2025-8225
Updated com.google.guava:guava to 32.0.1-jre to address CVE-2018-10237, CVE-2020-8908, CVE-2023-2976
Updated coreutils to 9.4-3ubuntu6.2 to address CVE-2016-2781
Updated curl, libcurl3t64-gnutls, libcurl4t64 to 8.5.0-2ubuntu10.8 to address CVE-2025-0167, CVE-2025-10148, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, CVE-2025-15224, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784
Updated dirmngr, gnupg, gnupg-utils, gpg, gpg-agent, gpgconf, gpgsm, gpgv, … (+1 more) to 2.4.4-2ubuntu17.4 to address CVE-2022-3219, CVE-2025-68972, CVE-2025-68973
Updated gir1.2-glib-2.0, libglib2.0-0t64, libglib2.0-bin, libglib2.0-data to 2.80.0-6ubuntu3.8 to address CVE-2025-13601, CVE-2025-14087, CVE-2025-14512, CVE-2025-3360, CVE-2025-6052, CVE-2025-7039, CVE-2026-0988, CVE-2026-1484, CVE-2026-1485, CVE-2026-1489
Updated libc-bin, libc-dev-bin, libc6, libc6-dev, locales to 2.39-0ubuntu8.7 to address CVE-2025-15281, CVE-2026-0861, CVE-2026-0915
Updated libexpat1, libexpat1-dev to 2.6.1-2ubuntu0.4 to address CVE-2026-24515, CVE-2026-25210
Updated libfreetype6 to 2.13.2+dfsg-1ubuntu0.1 to address CVE-2026-23865
Updated libgnutls30t64 to 3.8.3-1.1ubuntu3.5 to address CVE-2025-14831, CVE-2025-9820
Updated libpam-modules, libpam-modules-bin, libpam-runtime, libpam0g to 1.5.3-5ubuntu5.5 to address CVE-2025-8941
Updated libpng16-16t64 to 1.6.43-5ubuntu0.5 to address CVE-2025-28162, CVE-2025-28164, CVE-2025-64505, CVE-2025-64506, CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, CVE-2026-22695, CVE-2026-22801, CVE-2026-25646
Updated libpython3.12-minimal, libpython3.12-stdlib, python3.12, python3.12-minimal to 3.12.3-1ubuntu0.12 to address CVE-2025-11468, CVE-2025-12084, CVE-2025-13836, CVE-2025-13837, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-6075, CVE-2025-8291, CVE-2026-0672, CVE-2026-0865
Updated libssh-4 to 0.10.6-2ubuntu0.4 to address CVE-2025-8114, CVE-2025-8277, CVE-2026-0964, CVE-2026-0965, CVE-2026-0966, CVE-2026-0967, CVE-2026-0968, CVE-2026-3731
Updated libssl3t64, openssl to 3.0.13-0ubuntu3.7 to address CVE-2025-15467, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796
Updated libtasn1-6 to 4.19.0-3ubuntu0.24.04.2 to address CVE-2025-13151
Updated libxml2 to 2.9.14+dfsg-1.3ubuntu3.7 to address CVE-2025-7425, CVE-2025-8732, CVE-2026-0989, CVE-2026-0990, CVE-2026-0992
Updated linux-libc-dev to 6.8.0-107.107 to address CVE-2023-53034, CVE-2024-36331, CVE-2024-36350, CVE-2024-36357, CVE-2024-58092, CVE-2025-21729, CVE-2025-21884, CVE-2025-21931, CVE-2025-22018, CVE-2025-22019, CVE-2025-22020, CVE-2025-22021, CVE-2025-22025, CVE-2025-22026, CVE-2025-22027, CVE-2025-22028, CVE-2025-22033, CVE-2025-22035, CVE-2025-22036, CVE-2025-22037, CVE-2025-22038, CVE-2025-22039, CVE-2025-22040, CVE-2025-22041, CVE-2025-22042, CVE-2025-22044, CVE-2025-22045, CVE-2025-22047, CVE-2025-22050, CVE-2025-22053, CVE-2025-22054, CVE-2025-22055, CVE-2025-22056, CVE-2025-22057, CVE-2025-22058, CVE-2025-22060, CVE-2025-22062, CVE-2025-22063, CVE-2025-22064, CVE-2025-22065, CVE-2025-22066, CVE-2025-22068, CVE-2025-22070, CVE-2025-22071, CVE-2025-22072, CVE-2025-22073, CVE-2025-22075, CVE-2025-22079, CVE-2025-22080, CVE-2025-22081, … (+783 more)
Updated protobuf to 4.25.9 to address CVE-2025-4565
Updated python-apt-common, python3-apt to 2.7.7ubuntu5.2 to address CVE-2025-6966
Updated python3-cryptography to 41.0.7-4ubuntu0.4 to address CVE-2026-26007

Vulnerability Fixes (Outside Apache Flink)

Removed commons-httpclient:commons-httpclient to address CVE-2012-5783
Removed gnutls to address CVE-2025-14831, CVE-2026-1584
Removed log4j:log4j to address CVE-2019-17571, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2023-26464
Removed org.apache.dolphinscheduler:dolphinscheduler-common, org.apache.dolphinscheduler:dolphinscheduler-service to address CVE-2023-49620
Removed org.apache.dolphinscheduler:dolphinscheduler-task-api to address CVE-2024-43202
Removed org.apache.logging.log4j:log4j-core to address CVE-2025-68161
Removed org.bouncycastle:bcpkix-jdk15on to address CVE-2025-8916
Removed org.bouncycastle:bcprov-ext-jdk15on to address CVE-2023-33202
Removed org.bouncycastle:bcprov-ext-jdk15on, org.bouncycastle:bcprov-jdk15on to address CVE-2023-33201
Removed org.bouncycastle:bcprov-jdk15on to address CVE-2023-33201, CVE-2024-29857, CVE-2024-30171
Removed org.codehaus.groovy:groovy-all to address CVE-2015-3253, CVE-2016-6814, CVE-2020-17521
Removed org.ini4j:ini4j to address CVE-2022-41404
Removed org.lz4:lz4-java to address CVE-2025-12183, CVE-2025-66566
Updated busybox, busybox-binsh, ssl_client to 1.37.0-r30 to address CVE-2024-58251, CVE-2025-46394
Updated c-ares to 1.34.6-r0 to address CVE-2025-62408
Updated ch.qos.logback:logback-core to 1.5.22 to address CVE-2025-11226
Updated ch.qos.logback:logback-core to 1.5.32 to address CVE-2025-11226, CVE-2026-1225
Updated com.alibaba:fastjson to 1.2.83 to address CVE-2022-25845
Updated com.alibaba:fastjson to 2.0.59 to address CVE-2022-25845
Updated com.fasterxml.jackson.core:jackson-core to 2.18.6 to address CVE-2025-49128, CVE-2025-52999, GHSA-72hv-8253-57qq
Updated com.fasterxml.jackson.core:jackson-databind to 2.18.6 to address CVE-2020-25649, CVE-2020-35490, CVE-2020-35491, CVE-2020-35728, CVE-2020-36179, CVE-2020-36180, CVE-2020-36181, CVE-2020-36182, CVE-2020-36183, CVE-2020-36184, CVE-2020-36185, CVE-2020-36186, CVE-2020-36187, CVE-2020-36188, CVE-2020-36189, CVE-2020-36518, CVE-2021-20190, CVE-2022-42003, CVE-2022-42004
Updated com.google.protobuf:protobuf-java to 3.25.6 to address CVE-2021-22569, CVE-2022-3171, CVE-2024-7254
Updated com.nimbusds:nimbus-jose-jwt to 9.37.4 to address CVE-2025-53864
Updated commons-collections:commons-collections to 3.2.2 to address CVE-2015-6420, CVE-2015-7501
Updated commons-io:commons-io to 2.20.0 to address CVE-2021-29425, CVE-2024-47554
Updated commons-net:commons-net to 3.9.0 to address CVE-2021-37533
Updated io.netty:netty-codec to 4.1.131.Final to address CVE-2025-58057
Updated io.netty:netty-codec-http to 4.1.130.Final to address CVE-2025-67735
Updated io.netty:netty-codec-http to 4.1.131.Final to address CVE-2025-58056, CVE-2025-67735
Updated io.netty:netty-codec-http2 to 4.1.131.Final to address CVE-2025-55163
Updated io.projectreactor.netty:reactor-netty-http to 1.2.16 to address CVE-2025-22227
Updated libcrypto3, libssl3 to 3.5.5-r0 to address CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796
Updated libexpat to 2.7.5-r0 to address CVE-2026-24515, CVE-2026-25210
Updated libpng to 1.6.55-r0 to address CVE-2025-64505, CVE-2025-64506, CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, CVE-2026-22695, CVE-2026-22801, CVE-2026-25646
Updated org.apache.commons:commons-compress to 1.21 to address CVE-2023-42503
Updated org.apache.commons:commons-lang3 to 3.19.0 to address CVE-2025-48924
Updated org.apache.httpcomponents:httpclient to 4.5.14 to address CVE-2015-5262, CVE-2020-13956
Updated org.apache.tomcat.embed:tomcat-embed-core to 10.1.52 to address CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-55752, CVE-2025-55754, CVE-2025-61795, CVE-2025-66614, CVE-2026-24733
Updated org.bitbucket.b_c:jose4j to 0.9.6 to address CVE-2023-51775, CVE-2024-29371
Updated org.bouncycastle:bcpkix-jdk18on to 1.82 to address CVE-2023-33202, CVE-2025-8916
Updated org.bouncycastle:bcpkix-jdk18on, org.bouncycastle:bcprov-jdk18on to 1.82 to address CVE-2023-33202
Updated org.bouncycastle:bcprov-jdk18on to 1.82 to address CVE-2023-33201, CVE-2024-29857, CVE-2024-30171, CVE-2024-34447, CVE-2025-8885
Updated org.codehaus.groovy:groovy-all to 2.4.21 to address CVE-2015-3253, CVE-2016-6814, CVE-2020-17521
Updated org.eclipse.jetty:jetty-http to 12.0.33 to address CVE-2025-11143
Updated org.eclipse.jetty:jetty-http to 9.4.58.v20250814 to address CVE-2022-2047, CVE-2023-40167, CVE-2025-11143
Updated org.eclipse.jetty:jetty-server to 9.4.58.v20250814 to address CVE-2023-26048, CVE-2023-26049, CVE-2024-13009, CVE-2024-8184
Updated org.json:json to 20231013 to address CVE-2022-45688, CVE-2023-5072
Updated org.springframework.security:spring-security-core to 6.5.9 to address CVE-2025-41248
Updated org.springframework:spring-core to 6.2.17 to address CVE-2025-41249
Updated org.springframework:spring-webmvc to 6.2.17 to address CVE-2025-41242

Upgrade

To upgrade Ververica Platform to version 3.1.0, run the following Helm command:

helm upgrade --install <RELEASE_NAME> \
  oci://registry.ververica.cloud/platform-charts/ververica-platform \
  --version 3.1.0 \
  --namespace vvp-system \
  --values values.yaml

New Features and Improvements​

Kubernetes Operator​

Audit Logs​

Blob Credentials using Mounted Files​

API Token Management​

Resource Usage Tracker​

Loading Savepoints from Custom Locations​

VERA 4.5 Upgrade​

Ververica CLI​

New Connectors and Catalogs​

Azure CosmosDB Connector​

MongoDB Catalog​

Vulnerability Fixes (Inside Apache Flink)​

Vulnerability Fixes (Outside Apache Flink)​

Upgrade​