This release adds 3 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
Summary
AI summaryAdded dynamic UTM attribution capture, stronger referral tracking, and automatic host app version detection.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Medium |
Adds dynamic UTM attribution capture for web sessions. Adds dynamic UTM attribution capture for web sessions. Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Feature | Medium |
Adds stronger referral tracking with domain capture and redaction. Adds stronger referral tracking with domain capture and redaction. Source: llm_adapter@2026-05-28 Confidence: low |
— |
| Feature | Medium |
Adds automatic host app version detection from page globals and manifests. Adds automatic host app version detection from page globals and manifests. Source: llm_adapter@2026-05-28 Confidence: low |
— |
| Feature | Low |
Enhances referral tracking with referrer domain capture, channel classification, and safer redaction of sensitive values. Enhances referral tracking with referrer domain capture, channel classification, and safer redaction of sensitive values. Source: granite4.1:30b@2026-05-28-audit Confidence: low |
— |
| Feature | Low |
Automatically detects host app version from page globals, metadata, manifests, and same-origin version files. Automatically detects host app version from page globals, metadata, manifests, and same-origin version files. Source: granite4.1:30b@2026-05-28-audit Confidence: low |
— |
| Bugfix | Medium |
Preserves first-touch UTM/referral data when cookie consent delays SDK startup. Preserves first-touch UTM/referral data when cookie consent delays SDK startup. Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Bugfix | Medium |
Allows `beforeSendAttribution` to drop attribution by returning `null`. Allows `beforeSendAttribution` to drop attribution by returning `null`. Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Bugfix | Medium |
Handles delayed `init()` and `start()` flows more reliably. Handles delayed `init()` and `start()` flows more reliably. Source: llm_adapter@2026-05-28 Confidence: low |
— |
| Bugfix | Low |
Improves handling of delayed `init()` and `start()` flows, retaining the strongest attribution snapshot upon SDK bundle load before consent acceptance. Improves handling of delayed `init()` and `start()` flows, retaining the strongest attribution snapshot upon SDK bundle load before consent acceptance. Source: granite4.1:30b@2026-05-28-audit Confidence: low |
— |
Full changelog
Published to npm as @rejourneyco/[email protected].
What's Changed
Added
- Dynamic UTM attribution capture for web sessions, including
utm_source,utm_medium,utm_campaign,utm_id,utm_term,utm_content,utm_source_platform,utm_creative_format, andutm_marketing_tactic. - Stronger referral tracking for web sessions, with referrer domain capture, channel classification, and safer redaction of sensitive referrer/query values.
- Automatic host app version detection from page globals, metadata, manifests, and same-origin version files, so
appVersionreflects the developer's website/app when available instead of the SDK package version.
Fixed
- Preserves first-touch UTM/referral data when cookie consent banners delay SDK startup and the site later cleans or replaces the URL before recording begins.
- Handles delayed
init()and delayedstart()flows more reliably by keeping the strongest available attribution snapshot when the SDK bundle loads before consent acceptance. - Allows
beforeSendAttributionto drop attribution by returningnull.
Full Changelog: https://github.com/rejourneyco/rejourney/compare/browser/v0.2.0...browser/v0.3.0
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About rejourneyco/rejourney
All releases →Beta — feedback welcome: [email protected]