Stream Processing & Apache Flink - News and Best Practices

Ververica Platform Release 2.10.3

Written by Ververica | 20 June 2023

Ververica Platform 2.10.3 is now in General Availability (GA) for all customers and interested parties.

Already live in the field with key customers, this is the latest release of the Ververica private cloud platform. Engineered on Apache Flink®, the platform marries the power of open source with Ververica's unique proprietary enhancements

Drawing on our extensive experience in managing stream processing across a diverse range of scenarios, from ecommerce to real-time analytics and beyond, our platform offers an unrivalled, versatile experience. Whether you're handling massive datasets, performing complex event processing, or analyzing real-time transactions, Ververica Platform 2.10.3 can power your stream processing needs.

What's new in 2.10.3

Release 2.10.3 is a rapid iteration of release 2.10.2, and fixes an edge case bug that was identified in unique environment configurations, notably those involving the standalone setup of VVP and its associated deployments. Furthermore, this release also addresses an important security vulnerability.

Vulnerabilities and bug fixes

  • An artifact validation error is fixed, artifacts can now be accessed via custom URI as well as from the expected Universal Blob Storage.
  • Additionally this release fixes a code execution vulnerability in SQLite JDBC, see CVE-2023-32697.

Release 2.10.3 is available as a Docker image for Stream Edition supporting Apache Flink® 1.16.1, and Apache Flink® 1.15.4 under SLA, for Scala 2.12 and Java 8 and 11.

Archives are available for Spring Edition supporting Apache Flink® 1.16.1, and Apache Flink® 1.15.4 under SLA.

Note: As with all Ververica Platform 2.10 releases for both Stream and Spring editions, Apache Flink® 1.14 is deprecated and supported on a best-efforts basis.

For the full list and more information about available images/archives, including downloads, see Ververica Platform Docker Images.

What's new in 2.10.2

Release 2.10.3 includes the features, enhancements, and fixes of Ververica Platform release 2.10.2.

Enhancements

Important enhancements include:

  • Support for Azure Active Directory SQL authentication.
  • For Spring Edition, upgrade to Spring Boot v2.7.12.

Vulnerabilities and bug fixes

  • Fixes to improve cache control and error handling remove potential platform vulnerabilities.
  • The upgrade to Spring Boot fixes vulnerabilities in the Spring Framework security configuration, logout handling, Spring MVC and other areas, see CVE-2023-20860, CVE-2023-20862, CVE-2023-20863, CVE-2023-20873, CVE-2023-20883.
  • SAML session logout when using SAML authentication is now handled correctly.
  • Migration from Springfox to Springdoc fixes access problems to the VVP API via Swagger UI.
  • Non-existing artifacts are now handled correctly during deployment.

Deprecations

VVP Kubernetes is now marked as deprecated, migration to Flink Kubernetes is recommended. Please check Kubernetes High-Availability Service for more information.

Upgrading

You can upgrade via Helm with the following commands:

$ helm repo add ververica https://charts.ververica.com
$ helm repo update
$ helm upgrade [RELEASE] ververica/ververica-platform --version 5.6.3 \ --values custom-values.yaml

where [RELEASE] is your preferred release version.

For full versions of all changes in versions 2.10.2 and 2.10.3, see the Ververica Platform Release Notes page.
View full post