oregonknuths commented on PR #4318: URL: https://github.com/apache/streampark/pull/4318#issuecomment-3668500018
**Security Impact**: This PR is critical for distributing the CVE-2025-53960 fix to Docker users. While the vulnerability was fixed in v2.1.7 code, the Docker images were never published due to this build failure. Users deploying StreamPark via Docker are currently unable to access the security fix for JWT HMAC key weakness (CVSS 5.9 MEDIUM). Fixing the Vue dependency conflict unblocks: 1. Publication of v2.1.7 Docker images with CVE-2025-53960 fix 2. All subsequent security updates via docker-push workflow This impacts production security for Docker-based deployments. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
