UPinar/contrastapi

v1.33.20 Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 4d MCP Security & Auth

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-agents ai-security api claude cve security

+13 more

domain-recon email-security email-validation llm-tools mcp mitre-atlas mitre-d3fend model-context-protocol osint sigma-rules threat-intelligence vulnerability-management web-intel

Summary

AI summary

Domain report now degrades gracefully when crt.sh times out, returning partial results with a timeout flag instead of failing.

Changes in this release

Type	Severity	Summary	CVE
Bugfix	Medium	Domain report no longer fails when crt.sh times out; returns 200 with partial result and reports timeout status. Domain report no longer fails when crt.sh times out; returns 200 with partial result and reports timeout status. Source: llm_adapter@2026-05-31 Confidence: high	—

Full changelog

Fix

Domain report no longer fails when crt.sh (Certificate Transparency) upstream times out.

full_domain_report (powering /v1/domain/{domain} and the audit_domain MCP tool) ran its certificate-transparency and subdomain lookups through two closures sharing one crt.sh fetch. When that upstream was slow, the inner timeout was left unhandled — the whole report failed with a 504 even though DNS, WHOIS, SSL, headers and threat data had all resolved successfully.

Now the timeout is caught inside both closures and the report degrades gracefully: it returns 200 with the partial result, and both the certificates and subdomains branches honestly report crtsh_status: "timeout" (instead of one of them masquerading as "ok" with an empty list). Clients get every reachable signal plus a truthful availability flag for the one source that was slow.

Compatibility

No schema change. error and crtsh_status fields already existed.
Backward compatible. New optional crtsh_error parameter on internal helpers defaults to preserving prior behavior.
Status code for the crt.sh-timeout path changes 504 → 200 (partial success).

Tests

2490 → 2491 (added one regression test covering the crt.sh-timeout path on both branches).

MCP tools / Resources / Prompts unchanged (53 / 7 / 3).

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track UPinar/contrastapi

Get notified when new releases ship.

About UPinar/contrastapi

Security intelligence API with 31 MCP tools for CVE/EPSS/KEV lookup, domain recon (DNS/WHOIS/SSL/subdomains/CT logs), IOC/threat intel, OSINT (email/phone/username), and code security scanning (secrets, injection). Free 100 req/hr.

All releases →

Related context

Related tools

Earlier breaking changes

v1.33.11 `bulk_sigma_rule_lookup` now costs 1 credit per `rule_id`, changing from flat 1 credit/call.