Countly
Open-source product analytics for mobile and web.
Countly is in a security-hardening and enterprise-governance grind, not a feature pivot.
◆Recent moves
- 10d ago
Regex event filters (Enterprise) plus access-redirect and journey fixes
Mostly fixes — redirecting already-provisioned users away from the no-access/setup page and a journey-engine duplicate-event guard — alongside a small enterprise feature allowing regex in event filters. Continues the incremental enterprise-feature-plus-maintenance pattern of the 25.03 line.
View source ↗ - 21d ago
Data-manager value filtering and journey result tab, plus content fixes
Content-display and query-validation fixes plus enterprise additions: a filterable user-property value table in data-manager and a result tab for running journeys. Small but real options layered onto existing enterprise analytics features.
View source ↗ - 27d ago
Security fixes, AD/LDAP journey-approver groups, subdirectory support
Security fixes and network-subdirectory support, plus an enterprise governance feature — journey-approver groups for Active Directory and LDAP. Fits the trajectory's governance-and-hardening tilt rather than adding analytics capability.
View source ↗ - 1mo ago
Validation, calculation, and legacy-data compatibility fixes
A pure bug-fix release — note-color validation, top-events calculations with dotted event keys, a jobs-list filter, and tolerance for legacy string group IDs on pre-2021 tenants. No user-facing new capability.
View source ↗ - 1mo ago
Security hardening: query sanitization, path-traversal, mass-assignment allowlists
A substantial security-hardening release — blocking cross-app metric exfiltration, stripping dangerous Mongo operators from user queries, closing path-traversal in filenames, and replacing mass-assignment with explicit allowlists. Action-required hardening, the core of the current consolidation arc.
View source ↗ - 1mo ago
Security hardening backport to the 24.05 LTS branch
The same bug-bounty-style hardening pass backported to the older 24.05 LTS branch — login-token scoping, session-fixation fixes, dashboard enumeration defenses, SSRF protection on redirect URLs, and per-task authorization. Coordinated with the 25.03.44 cut for operators on the LTS line.
View source ↗