Ververica Platform 2.15.8
On this page
Ververica Platform 2.15.8
Release Date: 2026-05-11
Changelog
Apache Flink®
Ververica Platform 2.15.8 supports the following versions:
- Apache Flink® 1.20
- Apache Flink® 1.19
- Apache Flink® 1.18
Ververica Platform 2.15.8 supports Apache Flink® 1.20, Apache Flink® 1.19, and Apache Flink® 1.18 under SLA.
For Stream Edition:
- 1.18.1-stream8-scala_2.12-java8
- 1.18.1-stream8-scala_2.12-java11
- 1.18.1-stream8-scala_2.12-java17
- 1.19.3-stream5-scala_2.12-java8
- 1.19.3-stream5-scala_2.12-java11
- 1.19.3-stream5-scala_2.12-java17
- 1.20.3-stream4-scala_2.12-java8
- 1.20.3-stream4-scala_2.12-java11
- 1.20.3-stream4-scala_2.12-java17
For Spring Edition the following archives are available:
- 1.18.1-spring8-scala_2.12.tgz (https://portal.ververica.com/download/flink/flink-1.18.1-spring8-scala_2.12.tgz)
- 1.19.3-spring5-scala_2.12.tgz (https://portal.ververica.com/download/flink/flink-1.19.3-spring5-scala_2.12.tgz)
- 1.20.3-spring4-scala_2.12.tgz (https://portal.ververica.com/download/flink/flink-1.20.3-spring4-scala_2.12.tgz)
Improvements
Configurable Artifact Temporary Directory
Ververica Platform now supports configuring a custom temporary directory for artifact submission in Session cluster deployments. For details, see Artifact Storage (https://docs.ververica.com/vvp/platform-operations/advanced-configurations/artifact-storage/#configuring-the-artifact-temporary-directory).
NATIVE Savepoint Format Support
The Ververica Platform API now supports triggering savepoints in NATIVE format. For details, see Savepoints (https://docs.ververica.com/vvp/user-guide/application-operations/deployments/savepoints/#savepoint-format-types).
Bug Fixes
Restore Mode CLAIM Empty Arguments
An issue was identified where an empty argument was passed to the job when Ververica Platform submitted a restoreMode argument to a Flink job that already included user-defined arguments. The fix is included in the Ververica Platform Flink versions delivered with Ververica Platform 2.15.8.
Vulnerability Fixes (Inside Apache Flink®)
- Updated curl, libcurl4t64 to 8.5.0-2ubuntu10.9 to address CVE-2025-0167, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6276, CVE-2026-6429, CVE-2026-7168
- Updated libcap2 to 1:2.66-5ubuntu2.4 to address CVE-2026-4878
- Updated libfreetype6 to 2.13.2+dfsg-1ubuntu0.1 to address CVE-2026-23865
- Updated libnghttp2-14 to 1.59.0-1ubuntu0.3 to address CVE-2026-27135
- Updated libssh-4 to 0.10.6-2ubuntu0.4 to address CVE-2026-3731
- Updated libssl3t64, openssl to 3.0.13-0ubuntu3.9 to address CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789, CVE-2026-31790
- Updated libsystemd0, libudev1 to 255.4-1ubuntu8.15 to address CVE-2026-29111
- Updated pip to 26.1.1 to address CVE-2026-3219, CVE-2026-6357
- Updated requests to 2.33.1 to address CVE-2026-25645
- Updated sed to 4.9-2ubuntu0.24.04.1 to address CVE-2026-5958
- Updated aircompressor to 2.0.3 to address CVE-2025-67721
Vulnerability Fixes (Outside of Apache Flink®)
- Updated com.fasterxml.jackson.core:jackson-core to 2.21.2 to address GHSA-72hv-8253-57qq
- Updated curl, libcurl4 to 7.81.0-1ubuntu1.24 to address CVE-2025-0167, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6276, CVE-2026-6429, CVE-2026-7168
- Updated gnutls to 3.8.13-r0 to address CVE-2026-33845, CVE-2026-33846, CVE-2026-3832, CVE-2026-3833, CVE-2026-42009, CVE-2026-42010, CVE-2026-42011, CVE-2026-42012, CVE-2026-42013, CVE-2026-42014, CVE-2026-42015, CVE-2026-5260, CVE-2026-5419
- Updated io.netty:netty-codec-http to 4.1.132.Final to address CVE-2026-33870
- Updated io.netty:netty-codec-http2 to 4.1.132.Final to address CVE-2026-33871
- Updated libcap2 to 1:2.44-1ubuntu0.22.04.3 to address CVE-2026-4878
- Updated libcrypto3, libssl3, openssl to 3.5.6-r0 to address CVE-2026-2673, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789, CVE-2026-31790
- Updated libexpat to 2.7.5-r0 to address CVE-2026-32776, CVE-2026-32777, CVE-2026-32778
- Updated libnghttp2-14 to 1.43.0-1ubuntu0.3 to address CVE-2026-27135
- Updated libpng to 1.6.57-r0 to address CVE-2026-33416, CVE-2026-33636, CVE-2026-34757
- Updated libpng16-16 to 1.6.37-3ubuntu0.5 to address CVE-2026-33416, CVE-2026-33636, CVE-2026-34757
- Updated libssh-4 to 0.9.6-2ubuntu0.22.04.7 to address CVE-2026-3731
- Updated libssl3, openssl to 3.0.2-0ubuntu1.23 to address CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789, CVE-2026-31790
- Updated libsystemd0, libudev1 to 249.11-0ubuntu3.20 to address CVE-2026-29111
- Updated musl, musl-utils to 1.2.5-r23 to address CVE-2026-40200, CVE-2026-6042
- Updated org.apache.tomcat.embed:tomcat-embed-core to 10.1.54 to address CVE-2026-24734, CVE-2026-25854, CVE-2026-29145, CVE-2026-32990, CVE-2026-34483, CVE-2026-34487, CVE-2026-34500
- Updated org.bouncycastle:bcpg-jdk18on to 1.84 to address CVE-2026-3505
- Updated org.bouncycastle:bcpkix-jdk18on to 1.84 to address CVE-2026-5588
- Updated org.bouncycastle:bcprov-jdk18on to 1.84 to address CVE-2026-0636, CVE-2026-5598
- Updated org.springframework.boot:spring-boot to 3.5.14 to address CVE-2026-40973
- Updated org.springframework.security:spring-security-core to 6.5.10 to address CVE-2026-22746, CVE-2026-22751
- Updated org.springframework.security:spring-security-oauth2-jose to 6.5.10 to address CVE-2026-22748
- Updated org.springframework.security:spring-security-web to 6.5.10 to address CVE-2026-22732
- Updated org.springframework:spring-webmvc to 6.2.18 to address CVE-2026-22735, CVE-2026-22737, CVE-2026-22741, CVE-2026-22745
- Updated org.thymeleaf:thymeleaf, org.thymeleaf:thymeleaf-spring6 to 3.1.5.RELEASE to address CVE-2026-40477, CVE-2026-40478, CVE-2026-41901
- Updated requests to 2.33.1 to address CVE-2026-25645
- Updated sed to 4.8-1ubuntu2.1 to address CVE-2026-5958
- Updated zlib to 1.3.2-r0 to address CVE-2026-22184, CVE-2026-27171
Upgrade
We recommend upgrading with Helm using the following commands:
1$ helm repo add ververica https://charts.ververica.com
2$ helm repo update
3$ helm upgrade [RELEASE] ververica/ververica-platform --version 5.11.8 --values custom-values.yaml