Skip to content

v4.0.3 — Configurable Query Guards

Choose a tag to compare

View all tags
@igorls igorls released this 20 Mar 19:49
· 23 commits to main since this release
v4.0.3
c29ef76

Security

  • Configurable Query Guards for sort=asc: Prevents unbounded ascending sort queries on get_actions (v1 & v2) that could overload Elasticsearch by forcing full reverse segment scans across all shards.

New Config Options

Two new optional fields in the api section of the chain config:

Option Type Default Description
query_timeout string "10s" Elasticsearch search timeout per query
max_asc_window_days number 90 Maximum time range (in days) for sort=asc requests

Behavior Changes

  • sort=asc on get_actions now requires a valid after or before parameter:
    • ISO date strings (must contain T, e.g., 2026-03-19T00:00:00Z)
    • Positive integer block numbers (e.g., 425000000)
  • ISO date after values must be within max_asc_window_days of the current time.
  • All get_actions queries (v1 + v2) now include a configurable Elasticsearch timeout.
  • sort=desc (default) is unchanged — no new restrictions apply.

Testing

  • 77/77 unit tests pass (17 new for query guard validation)
  • Build: zero TypeScript errors

Upgrade

No configuration changes required — defaults apply automatically:

  • query_timeout: "10s"
  • max_asc_window_days: 90

To customize, add to your chain config under the api section:

{
  "api": {
    "query_timeout": "10s",
    "max_asc_window_days": 90
  }
}
Assets 2
Loading