Skip to content

UPinar/contrastapi

v1.33.5 Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 18d MCP Security & Auth
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-agents ai-security api claude cve security
+13 more
domain-recon email-security email-validation llm-tools mcp mitre-atlas mitre-d3fend model-context-protocol osint sigma-rules threat-intelligence vulnerability-management web-intel

Affected surfaces

breaking_upgrade

Summary

AI summary

Fixed resource exhaustion causing 504 errors on sustained load in fetch_live_page.

Changes in this release

Performance Medium

Added explicit timeout on outbound HTTP client for live fetch endpoints.

Added explicit timeout on outbound HTTP client for live fetch endpoints.

Source: llm_adapter@2026-05-21

Confidence: low
Bugfix Medium

`fetch_live_page` awaited cancelled task to release connection pool under sustained uptime.

`fetch_live_page` awaited cancelled task to release connection pool under sustained uptime.

Source: llm_adapter@2026-05-21

Confidence: high
Full changelog

Hotfix on top of v1.33.4.

Fix

fetch_live_page raced HTTPS+HTTP streaming requests and cancelled the losing task without awaiting it, so the streaming response's context manager could skip returning its connection to the shared bounded outbound HTTP connection pool. Under sustained uptime the pool starved and every endpoint performing an outbound live fetch (/v1/tech, /v1/scan/headers, /v1/robots, /v1/redirect-chain, /v1/brand) returned 504 after ~5s. Resource-exhaustion fix — the affected routes return to 200 under sustained load.

  • Await the cancelled task on both race paths so the connection is released before the function returns.
  • Explicit pool timeout on the outbound client (defense-in-depth; no behaviour change at current config).

Hardening (comment-only, no behaviour change)

  • CodeQL dispositions: rationale on two intentional empty-except blocks in the DKIM probe (#107/#108); rationale for SHA-256 over a KDF on high-entropy API-key tokens (#109, dismissed won't-fix).

Meta

  • Tests: 2434 -> 2437 (deterministic regression tests for both race paths + pool-timeout config).
  • MCP surface unchanged: 53 tools, 7 Resources, 3 Prompts (no contract change -> MCP Registry republish skipped).
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track UPinar/contrastapi

Get notified when new releases ship.

Sign up free

About UPinar/contrastapi

Security intelligence API with 31 MCP tools for CVE/EPSS/KEV lookup, domain recon (DNS/WHOIS/SSL/subdomains/CT logs), IOC/threat intel, OSINT (email/phone/username), and code security scanning (secrets, injection). Free 100 req/hr.

All releases →

Related context

Earlier breaking changes

  • v1.33.11 `bulk_sigma_rule_lookup` now costs 1 credit per `rule_id`, changing from flat 1 credit/call.

Beta — feedback welcome: [email protected]