We have updated VOR with several minor enhancements. These are intended to enhance your experience and ensure a safe work environment.
🎯 Release Highlights
This release focuses on security hardening and critical bug fixes across the VOR Stream platform, particularly around SAS processing, SQL engine improvements, and credential security.
🔒 Security Improvements
Five Security Vulnerabilities Addressed: This release patches multiple CVEs across the platform stack:
- CVE-2025-61727 – Go runtime upgraded to v1.24.11
- CVE-2025-64460 – Django framework upgraded to v4.2.27
- CVE-2025-54410 – Docker SDK vulnerability patched
- CVE-2025-57347 – dagre-d3-es (UI graph rendering library) updated
- CVE-2025-64718 – js-yaml parsing library secured
Credential Security Fix: Resolved a critical issue where database credentials could be inadvertently stored in config.json even when Vault-based credential storage was configured. This fix ensures sensitive credentials remain securely stored in Vault.
🐛 Critical Bug Fixes
SAS Processing Improvements: Resolved multiple data integrity issues affecting SAS nodes:
- Fixed column alignment problems that could cause data to shift unexpectedly
- Resolved CSV input reading misalignment issues
- Prevented incorrect PART=1 inheritance from SQL nodes
SQL Engine Fixes: Several edge cases now handled correctly:
- Date values now work properly with MIN/MAX functions
- CASE expressions no longer fail on float types
- Dynamic facts now handle type conversions correctly
✨ Features & Enhancements
- Configurable Timeouts: Super request timeout is now configurable, providing better control for long-running operations
You may download this release on the Resource Center’s downloads page.
Acknowledgments
This release includes contributions addressing many issues and improvements. Special thanks to all contributors who helped make VOR Stream more secure, user-friendly, and powerful.
For detailed guides and technical documentation, please refer to the VOR Stream Documentation.