We have updated VOR with several minor enhancements.Β These are intended to enhance your experience and ensure a safe work environment.
π― Release Highlights
This is a security patch release focused on addressing vulnerabilities in Go and Python dependencies, along with a significant performance optimization.
π Security Improvements
| CVE | CVSS | Description |
| CVE-2025-61730 | 5.3 Medium | TLS 1.3 handshake messages processed at incorrect encryption level |
| CVE-2025-61726 | 7.5 High | Unbounded memory consumption in URL query parameter parsing |
| CVE-2025-61728 | 6.5 Medium | Denial of Service via excessive CPU consumption in archive/zip |
Dependency Update: Upgraded shipped Go from 1.24.11 β 1.24.12
Python
| CVE | CVSS | Description |
| CVE-2025-68158 | 8.8 High | CSRF vulnerability in OAuth state handling |
| CVE-2026-21441 | 7.5 High | Decompression bomb vulnerability in HTTP redirects |
Dependency Updates:
- authlib 1.6.5 β 1.6.6
- urllib3 2.6.2 β 2.6.3
π Performance Improvements
- perf(ui): Eliminated N+1 query pattern on Run Study screen, reducing load time from 8-30 seconds to instant for large study lists
π Critical Bug Fixes
- fix(engine): Fixed issue where stopping a VOR process did not properly terminate hung nodes
β¨ Features & Enhancements
Infrastructure & CI
- CI and deployment improvements for automated deployments
Documentation
- Update inventory file variable documentation
Acknowledgments
This release includes contributions addressing many issues and improvements. Special thanks to all contributors who helped make VOR Stream more secure, user-friendly, and powerful.
For detailed guides and technical documentation, please refer to theΒ VOR Stream Documentation.