Matomo 3.8.1
10 February 2019
Matomo version 3.8.1 is now available (major release).
Upgrading to Matomo 3.8.1
Matomo 3.8.1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Matomo updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Matomo install to test the 3.8.1 upgrade prior to applying it live. Get started managing your Matomo installations with Installatron
What's New in Matomo 3.8.1
3.8.1
Breaking Changes
- When changing the email address or the password through the `UsersManager.updateUser` API, a new parameter `passwordConfirmation` needs to be sent along with the request containing the current password of the user issuing the API request.
- The output type "save on disk" in the API method `ScheduledReport.generateReport` has been replaced by the download output type.
- The method `Piwik\Piwik::doAsSuperUser` has been deprecated and will be removed in Matomo 4. Use `Piwik\Access::doAsSuperUser` instead.
New APIs
- It is now possible to queue a request on the JavaScript tracker using the method `queueRequest(requestUrl)`. This can be useful to group multiple tracking requests into one bulk request to reduce the number of tracking requests that are sent to your server making the tracking more efficient.
- When specifying a callback in the JavaScript tracker in a tracker method, we now make sure to execute the callback even in error cases or when sentBeacon is used. The callback recevies an event parameter to determine which request was sent and whether the request was sent successfully.
- Added new event `Metrics.getEvolutionUnit` which lets you set the unit for a metric used in evolution charts and row evolution.
- Added new event `Access.modifyUserAccess` which lets plugins modify current user's access levels/permissions.
- Added new event `CustomMatomoJs.manipulateJsTracker` which lets plugins modify the JavaScript tracker.
Highlights
- The log importer now supports the `--tracker-endpoint-path` parameter which allows you to use a different tracker endpoint than `/piwik.php`, if desired.
- It is now possible to define different log levels for different log writers via INI config. Set log_level_file, for example, to set the log level for the file writer, or log_level_screen for the screen writer.
- Logging to a file can now be easily enabled during tests. A new `[tests] enable_logging` INI option has been added, which you can set to `1` to enable logging for all tests. The `tests:run` and `tests:run-ui` commands now both have an `--enable-logging` option to enable logging for a specific run.
- Added a few more Android devices
Internal change
- New Matomo installation will now use by default "matomo.js" and "matomo.php" as tracking endpoints. From Matomo 4.0 all installations will use "matomo.js" and "matomo.php" by default. We recommend you ensure those files can be accessed through the web and are not blocked.
Deprecations
- The method `Piwik\SettingsPiwik::isPiwikInstalled()` has been deprecated and renamed to `isMatomoInstalled()`. It is still supported to use the method, but the method will be removed in Piwik 4.0.0
Bug Fixes
- Select Goal conversion metrics for each goal in the Graphs metrics picker
- Display the “Segmented Visitor Log” icon in more reports
- Mysqli prepare error: Table ‘piwik.piwik_brute_force_log’ doesn’t exist”
- Widget > Visits in Real-Time :: New 3.8.0 Hover URLs are unclear and too long
- Incorrect password issue
- Website selector: Ctrl+Click should open the website in a new tab
- Explain better why sometimes files “appear” after updates
- Visitors in Real-time plugin: entity codes showed
- Feedburner behind the “wall”
- Update docs regarding session_handler
- It is not possible to record more than one conversion per second for the same visit
- Two-factor authentication after Update to 3.8.0
- Update Intl translations to CLDR 34
- Adds new language Esperanto
- Updated 91 strings in 5 languages (fi, pl, nl, zh-cn, da)
- Updated 337 strings in 6 languages (da, hu, pl, sq, el, zh-tw)
- Segmented Visitor Log icon does not show in Actions > Pages report in sub-tables, when a search is being done
- Hierarchical page export: label wrongly encoded
- Hierarchical reports exports empty datasets on leafs
- Segmented visitor log does not inherit existing segment
- Sparklines broken on Widgetize widget when viewed by anonymous (even with token_auth)
- Add a CACHEDIR.TAG file to tmp/
- Increase the time before an archive is considered outdated
- Cookie _pk_ses value set to * causing some network filter to reject the cookie
- improve RSS fetching
- Fixes some problems in export overlay
- Disable Transitions feature for totals row
- Append token_auth to sparkline urls for embedded widgets
- If “Lock timeout exceeded” error is encountered, log engine status info.
- Change value of _pk_ses cookie to 1.
- Don’t cache tag manager preview files
- Exclude non core plugins from translation percentage calculation
- Serialize scalars and objects in original format.
- update JShrink (followup)
- When running cron jobs or console commands, and 2FA is forced for everyone, do not fail
- Change session cookie name to MATOMO_SESSID
- Add method to get ecommerce items to tracker
3.8.0
Security
- Improving security of Matomo has been a focus for us in this release
Highlights
- New Plugin - Custom Translations
- New Plugin - Password Verifier
- New Plugin - LoginTokenAuth
Bug Fixes
- Lock down accounts by IP after N failed attemps at logging
- Two Factor Authentication in core + new setting “Require two-factor authentication for everyone.”
- Evolution graphs: buttons to switch the display of historical data by day, week, month or year
- Display a new row “Total” showing the sum of values for all DataTable columns
- When a report is flattened, show the Row Evolution icon
- Integrate the URL Builder directly into the app
- Enable by default to store all session data in the database + remove feature of file-based sessions in tmp/sessions/*
- Visitor Profile – Zoom map as near as possible
- When exporting a flattened report, keep each flattened dimension as a separate column
- New report “Transitions” available under the “Actions” category
- Use navigator.sendBeacon by default and minimise the tracker pause from 500ms to 100ms
- Delete unused actions only at least monthly
- Tooltips appear all over the place but shouldn’t
- Edit capabilities in Users management pages
- When changing password or email address, require to type old password
- Make matomo.js and matomo.php the default Tracking API endpoints used
- Filter in Edit user permission view is confusing
- Make all emails use the pretty HTML emails with branding
- Tracking API behaviour on incorrect token_auth should be improved
- When creating HTML reports in tmp/assets/ include a random string in the filename
- Introduce whitelist test for link protocols.
- nginx and lighttpd configuration recommendations
- Allow excluding IPv6 addresses for tracking
- Setup on demo.matomo.org a showcase of all Piwik features
- add some “events” to demo
- Add some “content tracking” to demo
- Read Environment variables into Matomo config
- “Loading data..” is not always displayed when changing dates in the dashboard
- Report tracking into wrong Site ID
- Rename Referrer Type to Acquisitions Type (or Channel)
- Dashboard selector listing all widgets is hidden once the scroll bar is used
- admins can’t share dashboard with users
- Callback after tracking goal
- flattened “entry page” and “exit page” take a long time to be generated
- Content Tracking may cause huge POST requests to be sent (50Kb or more)
- Segmented Visitor Log high CPU load
- Cache cacheBuster generation when rendering a view
- SEO plugin Alexa broken
- deleteLogDataForDeletedSites locks database for a long period, bogus query?
- Double encoded single quotes in goal names
- Fatal error in Goals/Pages.php, report is null
- Same icon is used for “segmented visitor log” and “show visitor profile”
- Make log and report data screen less technical
- When you are logged out, the URL gets lost when you log in
- Locations users country map should use Unique visitors by default
- When token_auth is re-generated, remove wording that user will be logged out
- New diagnostic checking that max_allowed_packet is at least 64M or issue warning, and recommend 128M
- Change html markup from xhtml4 to html5
- Documentation for installing GeoIP PECL extension misleading
- Write a user guide for Custom Alerts
- Updates composer libraries
- Updates Device Detector to 3.11.4
- Standardise actions of last visitor API output
- Update JavaScript code in app/docs/faq to use window._paq instead of _paq
- Adds new event to define units for metrics
- Actions>Page Titles believes there is a subpage if page <title> includes a forwards slash
- Event tracking with trackEvent: a value of 0 (zero) is not recorded
- possible error while exporting API data
- Prevent trigger errors on demand for instances that are opened to anonymous
- Unsubscribe link in scheduled report missing when report format is PDF
- Content Tracking not logged on a page with q= is in url ?
- Matomo crash when user has view rights
- Report for “today” is not the same as report for any date explicitly selected
- Matomo Tag Manager can be uninstalled
- Do not show plugins notice when plugins admin is disabled
- Updated 1740 strings in 48 languages (es, nl, ar, de, el, it, pl, pt, sq, sv, tr, et, fa, fi, ja, cs, da, fr, hi, hu, id, ko, nb, pt-br, ro, ru, sl, sr, tl, uk, vi, zh-cn, zh-tw, be, bg, ca, es-ar, eu, hr, is, ka, lv, nn, sk, ta, te, th, he)
- Updated 651 strings in 8 languages (ru, zh-cn, es, pl, de, el, it, sq)
- Updated 331 strings in 7 languages (de, el, es, it, sq, tr, be)
- Updated 5 strings in 2 languages (es, ru)
- Updated 118 strings in 4 languages (ja, zh-cn, pt, de)
- Demo the awesome ecommerce functionnality
- Release a last Piwik 2.18.0 version to announce end of LTS for Piwik 2
- Keep flattened columns as extra columns
- Improve wording of Opt-out-iFrame text
- Visit by hour should show report based on first action time
- Quickform2 throws warnings with PHP7.2
- Change default opt out text & allow opt out text to be customized across entire install
- Better wordings for sorting “alphabetically”.
- csv export is empty when using segmentation filters
- Updated menu structure and naming fixes
- Added Fallback Method for Alexa in SEO Plugin
- Add possibility to queue tracking requests so they are sent in bulk
- prefer Gzip to Deflate
- Fix build and make join table sort stable by using DFS
- MySQL error when specifying offset with getUsersPlusRole API
- Autodiscover tables for segments w/ complex segment expressions
- Support tideways xhprof profiler
- Improved CORSHandler
- Notice – Array to string conversion – Matomo 3.7.0-rc1 – core/Period.php(288)
- Use angular to sanitize plugin description.
- Fix lbraces in widget names before setting widget titles.
- Fix two issues causing new/returning visitor conversion rate to not appear
- In LogAggregator, allow the use of a complex dimension w/ an already defined select as.
- Prevent possible fatal during update
- Update link to the cloud website
- Update app logos
- Update CustomDimensions repo.
- don’t allow chrome to translate Matomo pages
- Use new exception in PluginsArchiver & add previous exceptions to backtrace in fatal error report
- disable xdebug for all php versions
- Small API changes needed for a translation plugin
- Mention the –yes flag in core:update description
- Fix header color style should not be applied to menu
- For special dates in evolution graphs, calculate date & timezone together, to get proper result.
- Wrong counting of concurrent archivers
- Fixing build
- Fix possible json encoding error
- Add user UI broken in IE11
- Trigger new event when a tracker has been added
- Upgrade to 3.8.0b4 triggered failure to login without ‘session_save_handler = ‘
- Make sure to always trigger a callback in JS trigger when specified
- Fallback to php serialize handler in sessions when igbinary is used
- Force tracker failure if location url params are used in unauthenticated request.
- Send all session cookie params when updating session expire time.
- Allow setting different log levels per log writer if desired.
- Add generated unique request ID used in logs as custom HTTP header.
- fix donate widget
- Add config setting to disable sending emails.
- Skip downloading discontinued GeoLite databases without an error
- Matomo tag: set a custom page name when tracking a pageview
- Variable for Matomo idSite not working
- Trigger activity only if that api was called directly
- Make sure super user can edit custom templates when only allowing super user
- Etracker event
- Tag Manager out of beta
- Improve TagManager plugin activation behaviour
- Update UI test files after theme update
- Event Value: “The value is not a number” when using variable
- Load matomo tracker only when the tracker is fired
- Prevent possible recursion when custom tags are disabled
- Support replay of piwik.php and matomo.php
- By default support replaying tracking requests to both piwik.php and matomo.php.
- Missing detections for known brands and new browsers
- Custom IP should be only sent when token is specified, otherwise the request fails
2.7.0
Security
- Several XSS issues were responsibly disclosed and fixed in this release
Bug Fixes
- Add Matomo Tag Manager to core
- HTML in report documentation is shown plain text
- Limit password length (at a reasonable length)
- Bad position of the date in the title
- Some translation in maps contains an unnecessary %s
- Real-time widget border is slightly misplaced
- Device Type and Browser plugins reports: hide rows without visits
- Actions performed at the same time register as different visits
- “Remember me” doesn’t, very much
- After 3.6.1 update, error in e-commerce widget and overview “please specify a value for date”
- Show the CORS settings in the UI when enable_general_settings_admin=0
- Updated 222 strings in 9 languages (ja, fi, uk, de, es, pt, it, cs, tr)
- Updated 272 strings in 13 languages (da, et, pl, pt-br, ru, sq, es, de, el, it, pt, tr, cs)
- Page title in Tag Manager, Help page, Admin pages show the date but there is no calendar in the page
- Ability to change periods over which evolution graphs display in scheduled reports
- Fix possible error in visitor profile when no visit found
- Regenerate OmniFixture dump w/ more xss payloads
- fix domain age from archive.org
- Add more tests for format=original.
- Regenerate htaccess files after update
- Different `delete_logs_older_than` value for log tables
- Update theme to reflect the new logo and brand color changes
- fix switch continue in CreatePull
- Tracking unavailable when data rotation happens
- Undefined index: never
- Added API endpoint to return the php version info
- Fix punctuation, spelling, and grammar
- Let plugins change content of JS Tracking Code Missing Email
- Fix wrong Site class is used which may not be available in build
- Fix link to linkedin to point directly to the group
- In API requests made by Insights, make sure existing query params do not affect requests.
- Add request parameters to API.Request.intercept event.
- Matomo analytics tag option for setting secure cookies
- Make sure that if JS tracker doesnt get bundled the tracking still works
- Added VWO tag
- Added Emarsys tag
- add Bing Conversion Tracking
- Add new tag: Drift chat
- Add new tag: Change android address bar color
- Add LiveZilla Tag
- first version of ThemeColorTag
- add drift tag
- Debian packages for 3.6.0
- Bundle Tag Manager in Matomo build
- TB-* TM-* devices user agents
- Detect devices: teXet, Touchmate, Grape
- Improves detection of various Alcatel devices
- Improves detection of various BlackBerry devices
- Improves detection of various LG devices
- Improves detection of various ASUS devices
- Improves detection of various ZTE devices
- Improves detection of various Alcatel devices
- Adds detection for ComTrade Tesla devices
- Improves detection of various Alcatel tablets
- Improves detection of various Bmobile devices
- Added a few Android devices
- Improves detection of Xiaomi devices
- Adds detection for Myria devices
- Added a few Android devices
- Adds detection for Top House devices
- Google Search Console not detected
- Google Pixel (2 XL, 3XL) under Android 9 and Chrome 70
- Added a few Android devices
- Add port for Crystal lang
- Adds detection for Nextbit and Wooze devices
2.6.1
Security
- Several XSS issues have been fixed
Highlights
- New Plugin - Form Analytics
- New Plugin - Heatmap & Session Recording
- New Plugin - Login SAML
- New Plugin - Media Analytics
- New Plugin - Funnels
- New Plugin - Custom Reports
- New Plugin - Multi Channel Conversion Attribution
- New Plugin - Search Engine Keywords Performance
- New Plugin - A/B Testing
- New Plugin - Sentry Logger
Bug Fixes
- Add possibility to manage and view Intranet websites
- Replace our github service “Piwik Plugins” with an app “Matomo Plugins” or webhook
- Send email if no tracked data within N days.
- Implements wrapper method for a more secure unserialize with PHP 7
- Ensure report title is escaped in export overlay
- When requesting a password reset, the email content is out of date
- Ensure sensitive data is sent as POST parameters in user management
- When a Goal is created as “Matching event”, allow to set Goal value as the event value
- 3.6.0 period=day&date=today no longer highlights current date
- Make sure user is not logged out when settings saved w/ no password change.
- HTML E-Mail report — Report list incorrect color
- Fixes Ecommerce overview
- Replace row action image icon with font icon in User ID report
- Make email report unsubscribe link look consistent with other report footer links
- Remove the user “alias” feature
- Please change wording of “You are currently opted in.”
- Updates submodules
- New events + some other misc changes
- Campaign name with capitals will create duplicate visits
- Pivoting by custom dimension results in an error
- Fix capabilities weren’t detected correctly
- WARNING: /var/www/html/plugins/API/API.php(401): Notice – compact(): Undefined variable: idGoal
- Manage Users: SQL Error for role write
- Error: You can’t access this resource as it requires ‘view’ access for the website id = 60.
- Work around mysql client segfault in update.
- It should not be possible to edit anonymous user or set certain permissions
- When displaying unprocessed segment message, check for urlencoded segment.
- Anonymous user settings results in an error when site no longer exists
- Fatal error in referrers report
- Create periods with timezones in a couple places that are missing it.
- Referrer name comparison should be case insensitive …
- Fix incorrect sort order when scheduled report uses custom report
- Live.getSimpleLastVisitCount widget loses segment upon refresh
- Error message CpChart triggered with specific payload
- Error message Variable “topMenu” does not exist
- Error message in various places when invalid parameters are used
- Better check for valid URLs
- Fix single day archive check in ArchiveProcessor/Parameters.
- Adds new language Spanish (Argentina)
- Updated 303 strings in 8 languages (el, fa, fi, fr, sv, it, pt, tr)
- Updated 699 strings in 15 languages (es, fa, ja, nl, nn, sq, sv, uk, fr, el, it, pt-br, tr, cs, de)
- Updated 73 strings in 6 languages (it, sq, tr, el, es, pt-br)
- Run our automated tests suite also on PHP7
- Exception on visitor profile popup
- Multiple conditions for goal with AND/OR seperation
- Auto-detect timezone and currency in installer
- Couple changes to aid debugging
- Use Python 2.7 for travis tests
- Stable sort for most frequent segment values
- Make sure simple datatable metadata is serialized + some test case changes
- Updates all Guides and FAQs to reference the new “Write” permission
- Remove COLUMN_AGGREGATION_OPS_METADATA_NAME metadata before serializi…
- Adds UI tests for Custom Logos
- If serialize=1 in Original renderer, return serialized array w/ exception info instead of throwing.
- Show confirm before changing a users password and show notification on save complete.
- Add site type as attribute to site card in sitesmanager UI so they can be selected by type.
- Remember user who created a site.
- Override string trim only if needed to fix performance issue
- Always set hours to 0 for periods.getToday
- Manage Users: Can’t filter by access write
- Fix “not empty” condition in SegmentExpression
- Ensure action details are sorted stable across PHP versions
- Prevent error related report may not be defined
- Use Request::processRequest() so API events are triggered.
- Allow session to be writable in CLI mode so tests can write values.
- Replace unsupported characters in all tracking request params
- Use postMessage instead of directly making API calls in the overlay iframe.
- do not automatically download lfs files when cloning/checking out
- Remove user-agent checking code in SessionAuth.
- Stable sort for additional pivoted columns
- don’t send referrer to plugin authors website
- Escape feature name for rate feature tooltips
- Avoid creating any archive tables for future dates
- Warning message in a UI notification after requesting a password reset
- Put our current mission statement (as of Sept 2018) in the Readme
- Add tests for password resetter and tweak process a bit.
- Quote db name in certain queries.
- Manage users: when clicking “edit” button, scroll back to top
- don’t consider .swf files safe
- Prevent possible error if goalId is not set
- Updates device detector to latest 3.11.2
- limit Sparkline size
- Support window.Matomo in JS Tracker
- Fix license information may not be shown correctly
- Truncate referrer name & keyword in Base class so the value used there matches what is in the DB.
- don’t allow SEO plugin to make non-HTTPS requests
- fix SEO bing count
- Encode html chars in integrity file list
- Acquire an exclusive lock when writing config file
- Let plugins modify the JS tracker
- Adds detection for newer version of iOS and macOS
- Detect Instacast only as a mobile app.
- Windows 8 version_compare
- Adds detection for Huawei P smart
- Windows 8 version_compare
- Synthetic Monitoring User Agents not detected
- Adds detection of VKShare (bot)
- Added some Android devices
- 4 new bots, omgili, dataminr.com, TrendsmapResolver, tweetedtimes.com
- Add Samsung Galaxy NOTE 9 (SM-N960)
- Adds detection for TechPad devices
- Adds detection for Zuum devices
- Adds detection for Unonu devices
- Adds detection for Akai devices
- Adds detection for Bluboo devices
- Adds detection for Comio devices
- Improves detection of iTunes on iPhone and iPad
- Adds detection for some new Asus devices
- Javascript/Node.js port of device-detector
- Adds detection for FNB devices
- Javascript/Node.js port of device-detector
- Adds detection for Miray devices
- Adds detection for Uhappy devices
- Add/Detect Snapchat UA as a bot
- Add Oppo smartphones: PACM00, and PACT00
- Detect devices MTC, Primepad, Lemnov
- Adds detection for Opera Touch
- Improves detection of various Alcatel devices
- What type of device Savio TB-PO1
- Improves detection of various Alcatel devices
- New Google bot DMCA Takedown tool
- Adds detection for Savio device; Improve AppleTV detection
- Adds detection for new Google bot
- Improves/Adds detection of some Wiko devices
- Adds detection for Snapchat Proxy
- Adds detection for Kempler & Strauss devices
- Adds detection for GoMobile devices
- Add Mastodon as social network