Download Latest Version
v2.13.1 -- Policy Studio main-line release + protobufjs patch source code.tar.gz (39.6 MB)
Get an email when there's a new version of CAP Cordum Agent Protocol
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2026-04-21 | 974 Bytes | |
| v2.9.3 source code.tar.gz | 2026-04-21 | 39.6 MB | |
| v2.9.3 source code.zip | 2026-04-21 | 40.4 MB | |
| Totals: 3 Items | 80.0 MB | 0 | |
CI-only patch release. No source or API changes.
Fixed
Closes 4 CodeQL advisories surfaced by the security-extended query pack:
- Actions supply-chain posture (#43): all third-party workflow actions pinned to commit SHAs instead of floating tags. Closes 3
actions/unpinned-tagadvisories: pypa/gh-action-pypi-publish→cef221092ed1bacb1cc03d23a2d87d1d172e277b(in both publish-python + publish-python-guard)Andrew-Chen-Wang/github-wiki-action→50650fccf3a10f741995523cf9708c53cec8912aactions/checkoutin wiki-sync.yml →34e114876b0b11c390a56381ad16ebd13914f8d5- wiki-sync.yml permissions: explicit
permissions: { contents: read }block so the default GITHUB_TOKEN scope is minimal; closes theactions/missing-workflow-permissionsadvisory. The wiki push continues to use the separate WIKI_TOKEN PAT.
Consumers
Downstream cordum users on v2.9.2 can bump to v2.9.3 at leisure — no Go-side code changes since v2.9.1.
