What’s New for Confluent Platform for Apache Flink

This topic contains details about each Confluent Platform for Apache Flink® release.

April 2026

Confluent Manager for Apache Flink 2.3.0

This release introduces Confluent Manager for Apache Flink® (CMF) version 2.3.0, which provides the following new features and fixes:

Major New Features

  • Multi-Kubernetes cluster support: CMF can now manage Flink workloads across multiple Kubernetes clusters in multiple data centers, regions, cloud vendors, and still benefit from a central control plane for lifecycle management and monitoring. This feature is available for all resources inside an environment, e.g. applications, compute pools and statements.

  • Flink SQL General Availability: Flink SQL features are generally available (GA) and production-ready in this version of Confluent Platform for Apache Flink.

    • Shared compute pools (session clusters): A new SHARED compute pool type runs a single Flink session cluster that serves multiple SQL statements. SQL Statements typically start much faster on a shared compute pool, allowing for a much more interactive experience. In some scenarios, such as many low throughput queries, a shared compute pool also allows for better resource utilization, because multiple SQL statements can share the same Flink cluster resources.

    • CREATE TABLE and DROP TABLE DDL support: Users can now create and drop Kafka-backed tables using Flink SQL. CREATE TABLE provisions a Kafka topic and registers schemas in Schema Registry. DROP TABLE tears down the Kafka topic, Schema Registry subjects, and persisted metadata.

    • Extended ALTER TABLE support for connector properties and changelog modes: ALTER TABLE now supports changing connector properties and two new changelog modes (upsert and retract), building on the ALTER TABLE support added in 2.1.0.

    • Upsert table support: Added support for Kafka upsert tables and updating (non-append-only) results in SELECT statements.

    • EXECUTE STATEMENT SET support: Enables multi-statement execution via STATEMENT SET, allowing multiple INSERT statements to be submitted as a single Statement.

  • Red Hat certified operator: Confluent Platform for Apache Flink (Flink Kubernetes Operator, CMF, and corresponding Flink images) is now available as a Red Hat certified operator through OperatorHub. CMF 2.2.0 is also available on Red Hat OperatorHub.

  • Scalable resource management through server-side API operations: CMF list APIs now support server-side filtering, field selection, and search to efficiently handle large numbers of resources.

Additional Improvements and Fixes

  • Added extraEnv support to the Helm chart, allowing users to inject Kubernetes Secrets and other environment variable sources into the CMF container. Injected values can be referenced as ${ENV_VAR} placeholders in CMF configuration. See Inject secrets with environment variables.

  • Flink Kubernetes Operator version validation at CMF startup

  • Auto-cleanup of INSERT statement pods on statement completion.

  • Deprecated the cmf.sql.production configuration flag in favor of the more explicit encryption.enabled property.

  • Renamed the alterEnvironments field to ddlEnvironments in the KafkaDatabase REST API for clarity.

  • Fixed an issue where a misconfigured catalog blocked SQL statement submissions from all environments.

  • Fixed RBAC authorization errors being swallowed and returned as 200 OK with empty results.

  • Fixed suspend/resume polluting FlinkApplication spec with null fields.

  • Fixed merging of environment compute pool defaults with the compute pool specification, where user-defined volumes and environment variables were overwritten.

  • Fixed status field not being updated for upgrade savepoints.

  • Fixed statements created with stopped=true not showing STOPPED phase.

  • Fixed savepoint path set to string "null" when not specified.

  • Fixed result fetching failure when lastCheckpointedOffset is -1 for bounded jobs.

  • Fixed application event type mismatch on PostgreSQL.

  • Fixed a regression where statements on deleted compute pools could not be viewed.

  • Improved error message when restoring a statement from a savepoint (returns 400 instead of 500).

  • Fixed overwriting existing CMF environment secrets on environment creation.

Confluent Platform for Apache Flink Kubernetes Operator 1.14.0-cp1

This release introduces Confluent Platform for Apache Flink Kubernetes Operator version 1.14.0-cp1, based on the upstream Apache Flink Kubernetes Operator 1.14.

December 2025

This month includes minor and patch releases for Confluent Platform for Apache Flink, Confluent Manager for Apache Flink, Confluent Platform for Apache Flink Kubernetes Operator, and the Flink SQL Docker image.

Confluent Manager for Apache Flink 2.2.0

This release introduces Confluent Manager for Apache Flink® version 2.2.0, which provides the following new features and fixes:

New Features

  • Added support for running CMF on Linux s390x architecture.

  • Added support for Microsoft SQL Server as an external database for CMF.

  • Added support for filtering the Statement list by name.

  • Added a new field in Catalog and Database responses to denote which Environments can access them.

  • Improved error messages for Statement failures due to Catalog errors.

  • Made Statement filtering based on phase to be case-insensitive.

  • Added a REST API to retrieve CMF system information.

  • Added a REST API to retrieve CMF resource-usage information, and changed the Environment, Compute Pool, Application, and Statement APIs to conditionally include resource-usage information.

CVE Fixes

  • CVE-2025-59250 - JDBC Driver for SQL Server has improper input validation issue.

  • CVE-2025-66566 - yawkat LZ4 Java has a possible information leak in Java safe decompressor.

Additional Fixes

  • Fixed an issue where CMF was not starting up intermittently when authorization was enabled.

  • Fixed an issue with merging an Environment’s Compute Pool defaults with the Compute Pool specification.

  • Fixed an issue where Savepoint creation failed when the path was not specified.

Confluent Platform for Apache Flink Operator 1.13.0-cp2

New Features

  • Added support for running the Kubernetes Operator on Linux s390x architecture.

CVE Fixes

  • CVE-2025-48924 - Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs.

Confluent Platform for Apache Flink and Flink SQL

The following Confluent Platform for Apache Flink versions are now available:

  • 2.1.1-cp1

  • 2.0.1-cp1

  • 1.20.3-cp1

  • 1.19.3-cp2

  • 1.18.1-cp5

  • 1.19-cp5

All of these releases add support for running Confluent Platform for Apache Flink on the s390x architecture.

Confluent Manager for Apache Flink 2.1.2

This release introduces CMF version 2.1.2, which provides the following fixes:

  • Fixed various issues with Postgres startup.

  • Fixed an issue where fetched Databases were not filtered by the Catalog name.

November 2025

This release includes minor/patch releases for CMF, Flink Connector Kafka, and the Flink SQL Docker image.

Confluent Manager for Apache Flink 2.1.1

This release introduces new CMF version: 2.1.1, which provides the following fixes:

CVE Fixes

This release includes the following vulnerability fixes for CMF:

  • CVE-2025-55754 Apache Tomcat - Console manipulation via escape sequences in log messages

Additional Fixes

  • Fixed an issue where the loading of configuration cmf.kafka.oauthbearerAllowedUrls was not deterministic, which could lead to failures when Authorization is enabled.

  • Fixed an issue where the values provided for fields formatType and backoffLimit were incorrectly propagated for DetachedSavepoint.

  • Minor improvements and fixes.

Flink Connector Kafka

Patch Release: Flink Connector Kafka 3.3.0-1.19-cp2

  • Fixed the issue of the following missing maven packages:

    • com.fasterxml.jackson.core:jackson-annotations

    • com.fasterxml.jackson.core:jackson-databind

October 2025

Confluent Manager for Apache Flink 2.1.0

Major Release: This release introduces CMF version 2.1.0, which provides the following new features and improvements:

New Features

  • Added support for Savepoint Management via CMF REST API.

  • Added support for PostgreSQL as an external database for CMF.

  • Added support for ALTER TABLE operations in Flink SQL jobs managed by CMF.

  • Added support for CP_FOR_CC license type.

  • Added support for auto termination of completed SELECT Flink Statements.

  • Added support for auto termination of SELECT Flink Statements that haven’t been fetched within a configurable period.

  • Added support for specifying CPU resources as fractions.

  • Added support for Flink 2.0 and Flink 2.1.

  • Added support for renaming Catalogs.

  • Added support to configure if logging full stack traces.

CVE Fixes This release includes the following vulnerability fixes for Confluent Manager for Apache Flink:

  • CVE-2025-58057 Netty’s decoders vulnerable to DoS via zip bomb style attack

  • CVE-2025-58056 Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions

  • CVE-2025-41249 Spring Framework annotation detection mechanism may result in improper authorization

  • CVE-2025-55163 Netty affected by MadeYouReset HTTP/2 DDoS vulnerability

  • CVE-2025-48734 Apache Commons Improper Access Control vulnerability

  • CVE-2025-48924 Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs

  • CVE‐2025‐8885 Possible DOS in processing specially formed ASN.1 Object Identifiers

  • CVE-2025-8916 Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation

Confluent Platform for Apache Flink Kubernetes Operator 1.13

Major Release: Kubernetes Operator 1.13

Flink Connector Kafka

Major Release: Flink Connector Kafka 4.0.1-2.0-cp1/

July 2025

This release introduces new Apache Flink packages:

  • Flink 1.20.2-cp1

  • Flink 1.19.3-cp1

June 2025

This release introduces new Apache Flink packages based on the RHEL UBI 9 image:

  • Flink 1.20.1-cp3

  • Flink 1.19.2-cp3

  • Flink 1.18.1-cp4

April 2025

This release includes the following vulnerability fixes for Flink:

Flink 1.20.1-cp2

CVE

CVSS

Upgraded Package

CVE-2025-30065

10.0

org.apache.parquet:parquet*:1.15.1

Flink 1.19.2-cp2

CVE

CVSS

Upgraded Package

CVE-2025-30065

10.0

org.apache.parquet:parquet*:1.15.1

Flink 1.18.1-cp3

CVE

CVSS

Upgraded Package

CVE-2025-30065

10.0

org.apache.parquet:parquet*:1.15.1

March 2025

Confluent Platform 7.9 release adds support for OAuth authentication for CMF REST APIs.

Note

OAuth is available starting with Confluent Platform version 7.9, but only with REST APIs. It is NOT available with the Confluent CLI or the Confluent for Kubernetes operator.

The new Flink patch versions are now officially available.

Flink 1.20.1-cp1

Flink 1.19.2-cp1

February 2025 - 1.0.3

Confluent Manager for Apache Flink® version 1.0.3 is now available with Confluent Platform 7.8 as a regular maintenance release addressing a number of small issues and updating dependencies.

This release does not include new features.

Fixed issues

The following issues were fixed in this release.

  • Improved validation and error messages of FlinkApplication payloads on the REST API

  • Removed unneeded Netty 3.10.6 dependency with vulnerabilities

February 2025 - 1.0.2

Confluent Manager for Apache Flink® version 1.0.2 is now available with Confluent Platform 7.8 as a regular maintenance release addressing a number of small issues and updating dependencies.

This release does not include new features.

Fixed issues

The following issues were fixed in this release.

  • The Helm chart included a default imagePullSecretRef, which is not set anymore by default.

  • YAML payloads were not properly supported by CMF.

This release includes the following vulnerability fixes for CMF.

Confluent Manager for Apache Flink® 1.0.2

  • Updated Spring Boot to version 3.3.8.

CVE

CVSS

Upgraded Package

CVE-2024-52046

Upgraded org.apache.mina:mina-core.

December 2024

Confluent Platform 7.8 release introduces CMF version 1.0.1 and adds support for Confluent Platform for Apache Flink version 1.20. This release moves Confluent Platform for Apache Flink from limited availability to general availability.

Flink versions 1.18 and 1.19 continue to be supported.

This release also includes the following vulnerability fixes for Flink:

Flink 1.19.1-cp2

CVE

CVSS

Upgraded Package

CVE-2021-21409

5.9

org.wildfly.openssl==1.0.10.Final

CVE-2019-14887

9.1

org.apache.pekko:pekko-actor_2.12==1.1.2

Flink 1.18.1-cp2

CVE

CVSS

Upgraded Package

CVE-2021-21409

5.9

org.wildfly.openssl==1.0.10.Final

CVE-2019-14887

9.1

org.apache.pekko:pekko-actor_2.12==1.1.2

July 2024

Confluent Platform 7.7 release introduces Confluent Platform for Apache Flink in limited availability with support for Flink versions 1.18 and 1.19.