What’s New

This topic contains details about each Confluent Platform for Apache Flink® release.

November 2025

This release includes minor/patch releases for Confluent Manager for Apache Flink®, Flink Connector Kafka and Flink SQL docker image

Confluent Manager for Apache Flink 2.1.1

This release introduces new Confluent Manager for Apache Flink (CMF) version: 2.1.1, which provides the following fixes:

CVE Fixes

This release includes the following vulnerability fixes for CMF:

  1. CVE-2025-55754 Apache Tomcat - Console manipulation via escape sequences in log messages

Additional Fixes

  1. Fixed an issue where the loading of configuration cmf.kafka.oauthbearerAllowedUrls was not deterministic, which could lead to failures when Authorization is enabled.

  2. Fixed an issue where the values provided for fields formatType and backoffLimit were incorrectly propagated for DetachedSavepoint.

  3. Minor improvements and fixes.

Flink Connector Kafka

Patch Release: Flink Connector Kafka 3.3.0-1.19-cp2

  1. Fixed the issue of the following missing maven packages:

    1. com.fasterxml.jackson.core:jackson-annotations

    2. com.fasterxml.jackson.core:jackson-databind

October 2025

Confluent Manager for Apache Flink 2.1.0

Major Release: This release introduces Confluent Manager for Apache Flink® version 2.1.0, which provides the following new features and improvements:

New Features

  1. Added support for Savepoint Management via CMF REST API.

  2. Added support for PostgreSQL as an external database for CMF.

  3. Added support for ALTER TABLE operations in Flink SQL jobs managed by CMF.

  4. Added support for CP_FOR_CC license type.

  5. Added support for auto termination of completed SELECT Flink Statements.

  6. Added support for auto termination of SELECT Flink Statements that haven’t been fetched within a configurable period.

  7. Added support for specifying CPU resources as fractions.

  8. Added support for Flink 2.0 and Flink 2.1.

  9. Added support for renaming Catalogs.

  10. Added support to configure if logging full stack traces.

CVE Fixes This release includes the following vulnerability fixes for Confluent Manager for Apache Flink:

  1. CVE-2025-58057 Netty’s decoders vulnerable to DoS via zip bomb style attack

  2. CVE-2025-58056 Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions

  3. CVE-2025-41249 Spring Framework annotation detection mechanism may result in improper authorization

  4. CVE-2025-55163 Netty affected by MadeYouReset HTTP/2 DDoS vulnerability

  5. CVE-2025-48734 Apache Commons Improper Access Control vulnerability

  6. CVE-2025-48924 Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs

  7. CVE‐2025‐8885 Possible DOS in processing specially formed ASN.1 Object Identifiers

  8. CVE-2025-8916 Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation

July 2025

This release introduces new Apache Flink packages:

  • Flink 1.20.2-cp1

  • Flink 1.19.3-cp1

June 2025

This release introduces new Apache Flink packages based on the RHEL UBI 9 image:

  • Flink 1.20.1-cp3

  • Flink 1.19.2-cp3

  • Flink 1.18.1-cp4

April 2025

This release includes the following vulnerability fixes for Flink:

Flink 1.20.1-cp2

CVE

CVSS

Upgraded Package

CVE-2025-30065

10.0

org.apache.parquet:parquet*:1.15.1

Flink 1.19.2-cp2

CVE

CVSS

Upgraded Package

CVE-2025-30065

10.0

org.apache.parquet:parquet*:1.15.1

Flink 1.18.1-cp3

CVE

CVSS

Upgraded Package

CVE-2025-30065

10.0

org.apache.parquet:parquet*:1.15.1

March 2025

Confluent Platform 7.9 release adds support for OAuth authentication for CMF REST APIs.

Note

OAuth is available starting with Confluent Platform version 7.9, but only with REST APIs. It is NOT available with the Confluent CLI or the Confluent for Kubernetes operator.

The new Flink patch versions are now officially available.

Flink 1.20.1-cp1

Flink 1.19.2-cp1

February 2025 - 1.0.3

Confluent Manager for Apache Flink® version 1.0.3 is now available with Confluent Platform 7.8 as a regular maintenance release addressing a number of small issues and updating dependencies.

This release does not include new features.

Fixed issues

The following issues were fixed in this release.

  • Improved validation and error messages of FlinkApplication payloads on the REST API

  • Removed unneeded Netty 3.10.6 dependency with vulnerabilities

February 2025 - 1.0.2

Confluent Manager for Apache Flink® version 1.0.2 is now available with Confluent Platform 7.8 as a regular maintenance release addressing a number of small issues and updating dependencies.

This release does not include new features.

Fixed issues

The following issues were fixed in this release.

  • The Helm chart included a default imagePullSecretRef, which is not set anymore by default.

  • YAML payloads were not properly supported by Confluent Manager for Apache Flink®.

This release includes the following vulnerability fixes for Confluent Manager for Apache Flink®.

Confluent Manager for Apache Flink® 1.0.2

  • Updated Spring Boot to version 3.3.8.

CVE

CVSS

Upgraded Package

CVE-2024-52046

Upgraded org.apache.mina:mina-core.

December 2024

Confluent Platform 7.8 release introduces Confluent Manager for Apache Flink® version 1.0.1 and adds support for Confluent Platform for Apache Flink version 1.20. This release moves Confluent Platform for Apache Flink from limited availability to general availability.

Flink versions 1.18 and 1.19 continue to be supported.

This release also includes the following vulnerability fixes for Flink:

Flink 1.19.1-cp2

CVE

CVSS

Upgraded Package

CVE-2021-21409

5.9

org.wildfly.openssl==1.0.10.Final

CVE-2019-14887

9.1

org.apache.pekko:pekko-actor_2.12==1.1.2

Flink 1.18.1-cp2

CVE

CVSS

Upgraded Package

CVE-2021-21409

5.9

org.wildfly.openssl==1.0.10.Final

CVE-2019-14887

9.1

org.apache.pekko:pekko-actor_2.12==1.1.2

July 2024

Confluent Platform 7.7 release introduces Confluent Platform for Apache Flink in limited availability with support for Flink versions 1.18 and 1.19.