type
product
Jul 23, 2024
Jul 17, 2024
Jul 09, 2024
The XSS inbox variable vulnerability allows malicious code to be executed within an inbox notification when the message is opened if the code is included as part of a data variable. This contrasts with directly placing the same code in the inbox template, which renders the code without executing it.
A customer reported the issue and demonstrated using an iframe with a JavaScript alert payload. To reproduce the issue, you must create an inbox template, reference a variable in the template's body, send a data payload containing the malicious code, and then open the inbox message where the code execution occurs. The issue was with our Inbox and Components implementations on version 6.2.1. The release does not fix customers who have implemented their Inbox on top of our APIs; they will need to implement a similar XSS fix if affected. Please reach out to Courier Support for help.
Jun 24, 2024
Jun 18, 2024
Jun 10, 2024
Jun 10, 2024
May 22, 2024
May 09, 2024
May 06, 2024
Apr 30, 2024
Mar 28, 2024
/tenants
endpoint, which caused an empty array to be returned when fetching a list of tenants, has been resolved. The issue was due to many archived tenants that hindered proper pagination. The endpoint now accurately returns the correct list of non-archived tenants.Mar 27, 2024
@{index}
and @{userId},
respectively. This change followed customer feedback and aimed to improve traceability by aligning Message IDs with their corresponding Request IDs. This update was fully rolled out over the past two months and recently enabled for ad hoc requests, bulk sends, and automations.Mar 16, 2024
We've redesigned our Integrations page to provide analytics about each channel implemented in Courier. You can see usage, errors and error rates broken down by channels at a glance.
Log in and check it out
Mar 07, 2024
Mar 04, 2024
Feb 23, 2024
We've been hard at work with our new front-end components, and this release shows it.
Feb 16, 2024
We redesigned our user interface around Assets to improve the overall user experience for customers with many templates and automations. The new Assets navigation is centered around Templates and Automations and gives a unifying view of activity, channels, and tags.
This also means we've moved a few things out of assets. For example,
Feb 06, 2024
Tenants and User/Tenant Membership is now generally available. While we call the feature tenants, it can be used for any group membership with users. Teams, workspaces, groups, roles, etc. Each tenant can have parent tenants as well.
Using tenants you can
Start using tenants them with our SDKs, REST, Segment.group(), or Rudderstack.group() events.
Feb 06, 2024
Jan 22, 2024
Jan 18, 2024
In the first of its series, we've re-investing in our SDKs by parterning with Fern to launch our newest Node SDK. With use case oriented clients, stronger typing and robust documentation, our v6 is better than ever. Check it out on npm or Github and ask us questions on Discord.
New features include:
Jan 16, 2024
Nov 06, 2023
Courier’s React Native SDK now supports User Preferences.
All 3 of Courier’s User Preferences APIs are now available. The following User Preferences API are now available in Courier's React Native SDK:
For more details, refer to the Preferences.md file in the Courier React Native repository.
Oct 12, 2023
Support for JWT authentication has been added to the following User Preference REST API endpoints:
PUT | PATCH | DELETE /users/:user_id/preferences/:topic_id
GET /users/:user_id/preferences
GET /users/:user_id/preferences/:topic_id
Docs: https://www.courier.com/docs/reference/auth/issue-token/#usage
Sep 11, 2023
Sep 01, 2023
<br>
tags in Markdown blocks which caused it to render incorrectly. This has been fixed. Aug 18, 2023
Aug 17, 2023
Preferences can now be associated with a tenant. If you send to a user in the context of their tenant, the preferences being applied will be the tenant level preferences, and if its not in the context of a tenant, its picked from user level preferences.
Note, this change does not impact you unless you’re using tenants. See the Tenants API reference for more information.
Aug 16, 2023
The hosted user preference age now uses brands from the tenant when a notification is sent using tenant_id
.
Create a tenant using API and attach a brand_id
:
1name: "ACME Inc",2brand_id: "acme_brand_new",3properties: {4ceo: "Person",5}6}
When you send a notification using the above tenant, the host user preference page links generated by Courier will have appropriate acme_brand_new
instead of default brand.
Aug 16, 2023
Automations templates can now infer recipient userId
in most cases without manual configuration. User Id is inferred when:
user_id
or userId
) on invoke.recipient
field is set on invokeAug 14, 2023
The syntax for sending with a tenant has been updated to improve distinction vs sending to all members of a tenant with the addition of the context
property.
Please see the tenants section of users for examples of this syntax and usage.
Aug 11, 2023
message.data
will also be forwarded to the push provider.Jul 21, 2023
Jul 07, 2023
Jun 23, 2023
Jun 16, 2023
Jun 09, 2023
May 26, 2023
May 19, 2023
May 12, 2023
May 05, 2023
Apr 28, 2023
Apr 21, 2023
Send up to 10,000 notifications every month, for free.
Get started for free
© 2024 Courier. All rights reserved.