This release includes 3 security fixes for security teams reviewing exposed deployments.
Published 1mo
MCP Data & Storage
✓ No known CVEs patched
This release patches 3 known CVEs
Topics
agent-memory-system
anthropic
artificial-intelligence
causal-inference
claude
claude-code
+14 more
claude-code-plugin
cognitive-architecture
cognitive-science
episodic-memory
hopfield-network
llm-memory
long-term-memory
mcp-server
model-context-protocol
neuroscience
persistent-memory
predictive-coding
retrieval-augmented-generation
vector-db
Affected surfaces
rce_ssrf
auth
Summary
AI summaryAuto-fallback to SQLite when DATABASE_URL is absent if no external database URL is provided.
Full changelog
- release: v3.10.0 — Cowork compat + TDQS schema enrichment
- chore(tools): TDQS schema enrichment (40 tools) + sqlite memory_entities
- style: ruff format memory_store after auto-fallback edit
- feat(memory_store): auto-fallback to SQLite when DATABASE_URL absent
- chore(plugin): declare CORTEX_RUNTIME in mcp env schema
- security: use compile-time filename constants + README Glama badge
- chore: add glama.json — maintainer manifest for Glama's evaluator
- docs: refresh Views → Wiki screenshot with post-edit rendered view
- docs: reposition Cortex as a scientific-authoring tool, not just memory+graph
- security: close 2 new CodeQL alerts (ReDoS + HTTP response splitting)
- feat(wiki ui): collapse duplicate-title entries in the sidebar tree
- fix(wiki export): strip frontmatter before pandoc; re-inject as --metadata
- fix(wiki export): clearer error messages; pre-check for LaTeX engine
- ci+ui: skip ccplugins workflows without PAT; surface export errors in UI
- feat(wiki redesign): Phase 10 — Pandoc export (PDF, LaTeX, DOCX, HTML)
- feat(wiki redesign): Phase 9 — academic extensions
- feat(wiki redesign): Phase 8 — inline editor with live KaTeX preview
- feat(wiki redesign): Phase 7.3 — seed wiki from existing repo docs
- feat(wiki redesign): Phase 7.1 + 7.2 — cold-start fix
- ci: keep ccplugins fork in sync continuously
- ci: auto-sync cortex plugin to ccplugins monorepo on release
- docs: add Wiki + Knowledge screenshots; refresh Graph + Board shots
- security: match CodeQL py/path-injection example verbatim (3rd attempt)
- security: switch sanitizer to startswith pattern for CodeQL recognition
- security: keep sanitized path on same variable through sink (CodeQL #48 #49)
- security: close 6 CodeQL alerts in wiki_store + wiki_view_executor
- feat(wiki redesign): Phase 6 — Frontend integration
- feat(wiki redesign): Phase 5 — Malleability (user rules + executable views)
- feat(wiki redesign): Phase 4 — Thermodynamics
- feat(wiki redesign): Phase 3 — Concept emergence (Strauss grounded theory)
- feat(wiki redesign): Phase 2.4 + 2.5 — Curate + Compile
- feat(wiki redesign): Phase 2.3 — Synthesize phase (Path A + Path B)
- feat(wiki redesign): Phase 2.2 — Resolve phase
- feat(wiki redesign): Phase 2.1 — Extract phase (claim_events from memories)
- fix(wiki migrate): accurate written/unchanged counter on idempotent re-runs
- feat(wiki redesign): Phase 1.2 + 1.3 — migration + self-hosting loader
- feat(wiki redesign): Phase 1.1 — wiki.* schema + IR models
- feat: invert wiki gate + harden path traversal check (security)
- fix: classifier tolerates markdown heading prefix in reject patterns
- fix: reject / slash-command framing in wiki
Full Changelog: https://github.com/cdeust/Cortex/compare/v3.9.1...v3.10.0
Security Fixes
- Close 2 CodeQL alerts: Regular Expression Denial‑of‑Service (ReDoS) and HTTP response splitting
- Close 6 CodeQL alerts in wiki_store + wiki_view_executor
- Harden path traversal check by inverting wiki gate and using startswith sanitizer pattern
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About cdeust/Cortex
Persistent memory for Claude Code grounded in computational neuroscience (41 cited papers)
Related context
Beta — feedback welcome: [email protected]