This release includes breaking changes for platform teams planning a safe upgrade.
✓ No known CVEs patched in this version
Topics
+13 more
Affected surfaces
Summary
AI summarytech_stack_cve_audit is now fully tier‑free, always returning exploit_findings and a 50‑item CVE candidate batch.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Medium |
`tech_stack_cve_audit` tool is now fully tier-free, providing exploit_findings and a full CVE candidate batch of 50 across all tiers. `tech_stack_cve_audit` tool is now fully tier-free, providing exploit_findings and a full CVE candidate batch of 50 across all tiers. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Low |
CI tests for 'test_tech_stack_cve_audit.py' converted to synchronous functions, removing dependency on pytest-asyncio. CI tests for 'test_tech_stack_cve_audit.py' converted to synchronous functions, removing dependency on pytest-asyncio. Source: granite4.1:30b@2026-05-22-audit Confidence: low |
— |
| Refactor | Low |
Schema change: 'exploit_findings' field is now a list with default [] (previously optional None). Schema change: 'exploit_findings' field is now a list with default [] (previously optional None). Source: granite4.1:30b@2026-05-22-audit Confidence: low |
— |
| Other | Low |
{...}]}<|im_start|>assistant>{ {...}]}<|im_start|>assistant>{ Source: llm_adapter@2026-05-21 Confidence: low |
— |
Full changelog
v1.33.1 — Policy hotfix on v1.33.0
Policy fix: tech_stack_cve_audit is now fully tier-free
v1.33.0 shipped this tool with Free tier omitting exploit_findings and getting a smaller CVE candidate batch (10 vs 50). That data is sourced from local DB mirrors (ExploitDB/NVD) — not Shodan or AbuseIPDB — so per the monetization model (revenue = per-call credit cost + hourly rate limit; only Shodan/AbuseIPDB-backed tools may be tier-gated) it must not be feature-gated.
- All tiers now identical: exploit lookup always runs,
exploit_findingsalways present, CVE candidate batch fixed at 50. - Schema:
exploit_findingsislist[dict]default[](waslist | NonedefaultNone+ a Free-drop serializer). Wire-compatible — a sometimes-absent field is now always present + populated. - Cost unchanged (10 credits); the credit + rate-limit gate is the monetization lever, not data gating.
CI fix
test_tech_stack_cve_audit.py (added in v1.33.0) was the only suite file using async def + @pytest.mark.asyncio; pytest-asyncio is not in requirements.txt, so CI (Python 3.14) failed all 6 async tests. Converted to the codebase convention (sync def + asyncio.run()) — no new dependency. CI Tests green.
Docs
- Tool count synced 52 → 53 across README/README_CN/CONTRIBUTING/DEPENDENCIES/guide/glama/SDK (deferred v1.33.0 propagation).
- README "Try it" rewritten to the actual top-5 tools by usage (cve_search, domain_report, cve_lookup, exploit_lookup, ip_lookup); all curls + prompts verified live.
- Landing trust strip: dropped hardcoded Smithery score.
Counts
- Tests: 2417 pass (renamed/inverted; net unchanged)
- MCP tools 53 · Resources 7 · Prompts 3 (unchanged)
No breaking changes.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About UPinar/contrastapi
Security intelligence API with 31 MCP tools for CVE/EPSS/KEV lookup, domain recon (DNS/WHOIS/SSL/subdomains/CT logs), IOC/threat intel, OSINT (email/phone/username), and code security scanning (secrets, injection). Free 100 req/hr.
Related context
Related tools
Earlier breaking changes
- v1.33.11 `bulk_sigma_rule_lookup` now costs 1 credit per `rule_id`, changing from flat 1 credit/call.
Beta — feedback welcome: [email protected]