← Back to all sparks
C

Countly

ANALYTICS
Velocity5.0

Open-source product analytics for mobile and web.

Countly is in a security-hardening and enterprise-governance grind, not a feature pivot.

product-analyticssecurity-hardeningenterprisejourney-enginegovernancemaintenance
Current state
Countly is a product-analytics platform shipping a steady point-release train on its 25.03 line, with security backports to the 24.05 LTS branch. The recent run is dominated by maintenance: bug fixes plus a sustained security-hardening pass (anti-exfiltration, query sanitization, path-traversal, mass-assignment allowlists). The feature work that lands is incremental and enterprise-tilted — journey-engine fixes, data-manager value filtering, and AD/LDAP journey-approver governance.
Where it's heading
The arc is consolidation and hardening rather than expansion. Countly is closing security gaps — a bug-bounty-style pass backported across the 25.03 and 24.05 branches the same day — and adding governance controls around its existing journey and data-manager features. No new capability surface or directional bet is visible in this window.
Prediction
Expect continued 25.03 point releases mixing fixes with small enterprise features (journey engine, data manager, access governance) and further security backports to the 24.05 LTS line. Nothing in the entries signals a larger move.

Recent moves

  1. 10d ago

    Regex event filters (Enterprise) plus access-redirect and journey fixes

    Mostly fixes — redirecting already-provisioned users away from the no-access/setup page and a journey-engine duplicate-event guard — alongside a small enterprise feature allowing regex in event filters. Continues the incremental enterprise-feature-plus-maintenance pattern of the 25.03 line.

    View source ↗
  2. 21d ago

    Data-manager value filtering and journey result tab, plus content fixes

    Content-display and query-validation fixes plus enterprise additions: a filterable user-property value table in data-manager and a result tab for running journeys. Small but real options layered onto existing enterprise analytics features.

    View source ↗
  3. 27d ago

    Security fixes, AD/LDAP journey-approver groups, subdirectory support

    Security fixes and network-subdirectory support, plus an enterprise governance feature — journey-approver groups for Active Directory and LDAP. Fits the trajectory's governance-and-hardening tilt rather than adding analytics capability.

    View source ↗
  4. 1mo ago

    Validation, calculation, and legacy-data compatibility fixes

    A pure bug-fix release — note-color validation, top-events calculations with dotted event keys, a jobs-list filter, and tolerance for legacy string group IDs on pre-2021 tenants. No user-facing new capability.

    View source ↗
  5. 1mo ago

    Security hardening: query sanitization, path-traversal, mass-assignment allowlists

    A substantial security-hardening release — blocking cross-app metric exfiltration, stripping dangerous Mongo operators from user queries, closing path-traversal in filenames, and replacing mass-assignment with explicit allowlists. Action-required hardening, the core of the current consolidation arc.

    View source ↗
  6. 1mo ago

    Security hardening backport to the 24.05 LTS branch

    The same bug-bounty-style hardening pass backported to the older 24.05 LTS branch — login-token scoping, session-fixation fixes, dashboard enumeration defenses, SSRF protection on redirect URLs, and per-task authorization. Coordinated with the 25.03.44 cut for operators on the LTS line.

    View source ↗