This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
Affected surfaces
Summary
AI summaryFixed proxy compatibility and proper boolean parsing for PANTHER_ALLOW_INSECURE_INSTANCE.
Full changelog
MCP Panther v2.3.1
Functionality
🐛 Bug Fixes
-
Proxy/sandbox compatibility: Added
trust_env=Trueto all aiohttp sessions (GraphQL transport, REST client, and instance config fetcher), enabling the server to respectHTTP_PROXYandHTTPS_PROXYenvironment variables. This fixes connectivity issues in sandboxed or proxied environments where outbound traffic must route through a proxy (#152) -
PANTHER_ALLOW_INSECURE_INSTANCEboolean parsing: The environment variable now uses proper boolean parsing viaparse_bool(). Previously, any non-empty string (including"false","0","no") was treated as truthy, which could unintentionally disable SSL verification. Values like"true","1","yes"now correctly enable insecure mode, while"false","0","no"correctly keep SSL enabled (#151)
Contributors
Special thanks to all contributors who made this release possible:
- @mhalsall-square (Block) — Proxy and sandbox compatibility fix for aiohttp sessions
- @bbakersmith-grindr (Grindr) — Boolean parsing fix for
PANTHER_ALLOW_INSECURE_INSTANCE
Full Changelog: https://github.com/panther-labs/mcp-panther/compare/v2.3.0...v2.3.1
Security Fixes
- `PANTHER_ALLOW_INSECURE_INSTANCE` now correctly parses boolean values, preventing unintentional SSL verification disablement.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About panther-labs/mcp-panther
MCP server that enables security professionals to interact with Panther's SIEM platform using natural language for writing detections, querying logs, and managing alerts.
Related context
Beta — feedback welcome: [email protected]