SShortSingh.
Back to feed

Unbounded Python Dependency Caused 421 Errors After fastmcp 3.4.3 Silently Upgraded

0
·1 views

A team running a Model Context Protocol server on Google Cloud Run encountered universal 421 Misdirected Request errors immediately after a routine redeployment, despite making no intentional code or infrastructure changes. The root cause was an unbounded dependency constraint — fastmcp>=3.4.2 in pyproject.toml — which allowed the package resolver to silently upgrade to fastmcp 3.4.3 during a routine uv lock refresh. Version 3.4.3 introduced DNS-rebinding protection enabled by default, which rejected any request whose Host header was not explicitly whitelisted, causing every custom-domain request to fail instantly. Because http_allowed_hosts defaulted to None, the effective allowlist was empty, blocking all traffic before any real processing occurred. The incident highlights the risk of open-ended version constraints in production dependencies, as what appears to be a patch release can introduce default-on breaking behavior.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Developer Open-Sources Lightweight Go Workflow Engine with Pluggable Persistence

A Go developer has open-sourced go-workflow-engine, a lightweight workflow orchestration library designed to embed directly into existing Go applications without requiring a separate service or heavy infrastructure. Workflows are defined using simple JSON files, and the engine handles step execution, state tracking, and failure management. The persistence layer is fully modular, supporting in-memory storage and GORM out of the box, allowing teams to plug in their preferred database. An event-driven architecture lets applications react to workflow lifecycle changes without tight coupling between components. The project was built to address a recurring personal need and is now open to community feedback, contributions, and pull requests.

0
ProgrammingDEV Community ·

Dependency Inversion Principle: Why Core Logic Should Rely on Abstractions

The Dependency Inversion Principle (DIP) is the fifth concept in the SOLID software design framework, stating that high-level business logic and low-level tools should both depend on shared abstractions rather than on each other directly. When a high-level class like a NotificationManager is hardwired to a specific database such as MySQL, switching to another database forces developers to rewrite core logic and risks introducing new bugs. By introducing an interface — analogous to a USB-C port that works with any power source — both the business class and the database implementation depend on a common contract, leaving neither tied to the other. This loose coupling allows developers to swap databases, payment gateways, or email providers by changing a single line of setup code without touching the main application logic. The approach also simplifies automated testing, as a lightweight mock implementation can replace a real database during test runs.

0
ProgrammingDEV Community ·

Sumsub vs. Veriff: Which Fraud Prevention Stack Suits Your Compliance Needs

A vendor analysis by PrimeBiometry compares Sumsub and Veriff, two leading identity verification and fraud prevention platforms, across architecture, pricing, and compliance coverage. Sumsub offers a consolidated stack covering KYC, KYB, AML, and transaction monitoring under a single API, starting at $1.35 per verification, while Veriff focuses on high-accuracy identity verification at $0.80 per check with modular pricing. The comparison highlights that 90–95% of alerts from traditional rule-based monitoring systems are false positives, driving demand for more efficient, layered fraud prevention architectures. PrimeBiometry scores vendors across five weighted factors: integration depth, compliance coverage, pricing transparency, market coverage, and user sentiment, based on a methodology developed during an FCA authorization process. The analysis concludes that Sumsub suits regulated sectors needing broad compliance functions, while Veriff is better suited for consumer apps prioritizing decision accuracy at scale.

0
ProgrammingDEV Community ·

Postgres Creator: LLMs Achieve 0% Accuracy on Real Enterprise Database Queries

Turing Award winner and Postgres creator Mike Stonebraker has claimed that large language models score 0% accuracy when tested on real-world production data warehouse queries, far below the 80–85% figures reported on popular benchmarks like Spider and Bird. Speaking on the Data Renegades podcast, Stonebraker explained that standard benchmarks use clean, simple datasets that bear little resemblance to the complex, idiosyncratic schemas found in actual enterprise systems. He identified four core reasons for the gap: enterprise data is absent from LLM training sets, real queries are far more complex, production schemas are messy and inconsistently named, and companies use domain-specific terminology that models have never encountered. To support his findings, Stonebraker released BEAVER, an anonymized benchmark based on four real data warehouses, urging AI researchers to test their models against realistic data. He drew a parallel to past tech hype cycles, warning that AI vendors may be shipping demos of capabilities that do not yet function reliably in production environments.