This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+14 more
Affected surfaces
ReleasePort's take
Light signalThe v3.17.2 release updates distribution metadata to label the version correctly, ensuring marketplace prompts trigger the GHSA-gvpp-v77h-5w8g security fix.
Why it matters: If you use the package manager's marketplace UI, updating to v3.17.2 automatically surfaces the required GHSA-gvpp-v77h-5w8g patch; versions below 3.17.2 will not prompt this critical fix.
Summary
AI summaryGHSA-gvpp-v77h-5w8g security fix now correctly advertised to users.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | High |
Aligns version labels to 3.17.2 so marketplace prompts update for GHSA-gvpp-v77h-5w8g fix. Aligns version labels to 3.17.2 so marketplace prompts update for GHSA-gvpp-v77h-5w8g fix. Source: llm_adapter@2026-05-27 Confidence: low |
— |
| Security | High |
Addresses CVE GHSA-gvpp-v77h-5w8g preventing untrusted dev-source resolution via CLAUDE_PROJECT_DIR. Addresses CVE GHSA-gvpp-v77h-5w8g preventing untrusted dev-source resolution via CLAUDE_PROJECT_DIR. Source: granite4.1:30b@2026-05-27-audit Confidence: low |
— |
| Security | Medium |
Aligns version labels to 3.17.2 in pyproject.toml and marketplace.json so users receive update prompt for the fix. Aligns version labels to 3.17.2 in pyproject.toml and marketplace.json so users receive update prompt for the fix. Source: granite4.1:30b@2026-05-27-audit Confidence: low |
— |
| Deprecation | Low |
Deprecates legacy PyPI installation paths; only marketplace distribution is supported. Deprecates legacy PyPI installation paths; only marketplace distribution is supported. Source: granite4.1:30b@2026-05-27-audit Confidence: low |
— |
Full changelog
v3.17.2 — Security distribution fix
Makes the GHSA-gvpp-v77h-5w8g fix reach marketplace users.
Why this release exists
v3.17.1 shipped the security fix code to the marketplace, but the release bumped only pyproject.toml — .claude-plugin/marketplace.json still advertised 3.17.0. Claude Code decides whether to prompt a /plugin update by comparing the installed version against the marketplace-advertised version, so users on 3.17.0 were never prompted to update even though the patched code was already in the cloned plugin tree.
v3.17.2 aligns all version labels at 3.17.2 so the marketplace advertises an increment and the update prompt fires.
No code change vs v3.17.1. The fix (untrusted dev-source resolution via CLAUDE_PROJECT_DIR → local arbitrary code execution in cortex-visualize) is present in both. This release is distribution metadata only.
Action required
Update the Cortex plugin via the marketplace — you should now see a 3.17.2 update available.
Advisory
GHSA-gvpp-v77h-5w8g — CVSS 7.8 (HIGH). Reported by @EQSTLab (SK Shieldus).
Note on PyPI
Per ADR-0050, the Claude Code plugin marketplace is the only supported install path. The legacy PyPI versions 3.14.6 / 3.14.7 are affected by this advisory and should not be used; install via the marketplace instead.
Security Fixes
- GHSA-gvpp-v77h-5w8g — CVSS 7.8 (HIGH) – untrusted dev-source resolution via CLAUDE_PROJECT_DIR leading to arbitrary code execution; metadata alignment ensures the fix is visible in marketplace.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About cdeust/Cortex
Persistent memory for Claude Code grounded in computational neuroscience (41 cited papers)
Related context
Beta — feedback welcome: [email protected]