MetricsHub / Changelog

Changelog

API changes, SDK releases, platform improvements, and security advisories. Subscribe to RSS for updates.

v2.4.1
3 March 2025
Improved Fixed Security
Improvements
  • QUIC ingest path: Reduced connection establishment overhead by 40% through 0-RTT session resumption. Effective for mobile clients on high-latency networks.
  • Stream processor throughput: Increased peak throughput by 18% through pipeline parallelism improvements in the enrichment stage.
  • Query API: Time-range queries over rolling 30-day windows now execute 8–12% faster following storage tier compaction (maintenance, 15 Dec 2024).
  • Rate limit headers: Added X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset to all API responses for better client-side back-pressure handling.
Bug Fixes
  • Batch ingest: Fixed an edge case where events with identical timestamps within a single batch could be silently deduplicated under high load. Deduplication key now includes a sequence counter.
  • EU West region: Resolved connection pool exhaustion on fra1-b that caused elevated error rates on 22 Jan 2025 (see INC-20250122). Connection pool sizing is now dynamically adjusted based on upstream load.
  • Developer portal: Fixed a layout regression in the API key rotation UI on Safari 17.x.
Security
  • Dependency updates: Updated 12 transitive dependencies with known CVEs (all medium severity or below). No customer impact.
  • TLS configuration: Removed TLS 1.2 support for the developer portal login endpoint. API ingest endpoints retain TLS 1.2 support for legacy SDK compatibility (removal planned for v2.6).
v2.4.0
14 January 2025
New Improved SDK
New Features
  • QUIC ingest endpoint: The ingest API now supports HTTP/3 over QUIC at /v2/ingest for clients that negotiate it. Reduces head-of-line blocking on congested mobile networks. Opt-in via SDK flag useQUIC: true.
  • Stream encoding: New encoding field on batch requests supports msgpack in addition to JSON, reducing payload size by up to 30% for dense numeric event properties.
  • Regional failover API: Clients can now request a preferred ingest region via the X-MH-Region header. Automatic failover to the nearest healthy region occurs within 500ms if the preferred region is degraded.
  • Device profile enrichment: Events are automatically enriched with device metadata (OS version, app version, country) when a device profile has been registered via PUT /v2/devices/:id.
  • Webhook retry configuration: Webhook delivery retry intervals and maximum attempts are now configurable per webhook endpoint in the developer portal.
SDK Releases (v2.4.0)
  • iOS SDK 2.4.0: QUIC support, background batch flushing on app suspend, improved offline queue with SQLite persistence. Minimum deployment target: iOS 15.
  • Android SDK 2.4.0: QUIC support via OkHttp 5, WorkManager-based background flushing, MessagePack encoding. Minimum SDK: Android 26 (Oreo).
  • Node.js SDK 2.4.0: HTTP/2 multiplexing, stream-based batch submission, configurable retry with exponential back-off.
  • Python SDK 2.4.0: Async support via asyncio, thread-safe batch queue, configurable compression (gzip/msgpack).
2024
v2.3.2
18 November 2024
Fixed Security
Note: This release includes security fixes from our Q4 2024 penetration test. No breaking API changes.
Security Fixes
  • Developer portal session tokens: Fixed a session token rotation issue that caused intermittent login failures on 8 Nov 2024 (see INC-20241108). Token propagation is now synchronous across all replicas before old tokens are invalidated.
  • API key entropy: Increased API key generation from 24 to 32 bytes of CSPRNG entropy, yielding 256-bit key space. Existing keys are unaffected; new keys will be longer.
Bug Fixes
  • Fixed X-Request-ID header not being propagated through the stream processor, causing correlation IDs to be lost in downstream logs.
  • Fixed PUT /v2/devices/:id returning 500 when country field contained a valid but uncommon ISO 3166-1 alpha-2 code (e.g., TL for Timor-Leste).
  • Fixed query API returning incorrect event counts when the time range spans a DST boundary in the Europe/London timezone.
v2.3.1
9 September 2024
Improved Fixed
Improvements
  • APAC region (sin1): Added second availability zone (sin1-b). Traffic is now distributed across sin1-a and sin1-b, improving resilience and reducing P99 latency by ~15% for APAC ingest.
  • Batch endpoint validation: More descriptive error messages when event payloads fail schema validation. The response now includes the index and field path of the first offending event.
  • Developer portal: Added usage graphs with hourly resolution for the past 7 days. Previously, the minimum resolution was daily.
Bug Fixes
  • Fixed memory leak in stream processor enrichment stage triggered by event properties containing deeply nested JSON (more than 8 levels). Processing would eventually OOM after ~72 hours of sustained load.
  • Fixed ingest endpoint accepting payloads larger than the documented 8 MB limit without returning a 413 error in cases where the content was gzip-compressed.
v2.3.0
2 July 2024
New SDK
New Features
  • Log aggregation endpoint: New POST /v2/logs endpoint accepts structured and plaintext log lines with automatic field extraction. Supports JSON, logfmt, and Apache Combined Log Format.
  • Prometheus metrics push: POST /v2/metrics now accepts Prometheus-compatible series format in addition to the native MetricsHub format.
  • Go SDK 1.0: Production-ready Go SDK with context-aware batch submission, configurable retry, and OpenTelemetry trace propagation.
  • Java SDK 2.3.0: Added support for Java 21 virtual threads (Project Loom) for non-blocking batch submission without thread pool overhead.
v2.2.0
8 April 2024
New Breaking
⚠ Breaking change: The legacy /v1/track endpoint has been removed. Migrate to POST /v2/ingest. See the API reference for the updated schema.
New Features
  • Multi-region replication: Enterprise accounts can now configure asynchronous cross-region replication with RPO < 5 minutes. Supported pairs: EU West ↔ US East, EU West ↔ APAC.
  • Pipeline routing rules: Events can be conditionally routed to different storage buckets or forwarded to external webhooks based on event name patterns and property filters.
  • Data retention tiers: Hot (0–7 days, full resolution), Warm (7–90 days, 1-minute aggregates), Cold (90 days–2 years, hourly aggregates). Configurable per account.
v2.1.0
15 January 2024
New Improved
New Features
  • US East region (iad1): MetricsHub now has a second ingest region in Ashburn, Virginia. US East traffic is automatically geo-routed for customers without a region preference.
  • Query API GA: The GET /v2/query endpoint is now generally available. Supports time-range filtering, event name wildcards, property filters, and count/sum/avg aggregations.
  • Rate limit increase: Default rate limit increased from 5,000 to 10,000 requests/minute per API key for all plans.

Current SDK Versions

Latest stable releases as of March 2025. All SDKs are open source on GitHub.

🍎
iOS / Swift
v2.4.0
🤖
Android / Kotlin
v2.4.0
🟩
Node.js
v2.4.1
🐍
Python
v2.4.0
🐹
Go
v1.2.0
Java
v2.3.1
💜
.NET / C#
v2.3.0
💎
Ruby
v2.2.1

Security Advisories

Disclosed vulnerabilities in MetricsHub platform components. All advisories are assigned a CVE where applicable.

Advisory Severity Published Fixed in
MHSA-2025-001 — Session token propagation race condition Medium 18 Nov 2024 v2.3.2
MHSA-2024-002 — API key entropy insufficient (24-byte) Medium 18 Nov 2024 v2.3.2
MHSA-2024-001 — Payload size bypass via gzip compression Low 9 Sep 2024 v2.3.1