5 October 2022
Matomo version 4.12.0 is now available (major release).Upgrading to Matomo 4.12.0
Matomo 4.12.0 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Matomo updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Matomo install to test the 4.12.0 upgrade prior to applying it live. Get started managing your Matomo installations with InstallatronWhat's New in Matomo 4.12.0
Several moderate and low impact security fixes are included in this release. Moderate impact fixes include preventing an XSS vulnerability when using the Widgetize plugin – it was possible to inject javascript code through angular template injection, and an issue where an anonymous user could export a CSV report which, when imported in Microsoft Excel or similar applications could inject commands into reports.
Low impact security improvements include checking the two factor authentication (2FA) status of API requests made by the current session using `token_auth`, and extra escaping in the Overlay module to prevent a possible XSS attack.