Matomo 5.2.1

2 January 2025

Matomo version 5.2.1 is now available (major release).

Upgrading to Matomo 5.2.1

What's New in Matomo 5.2.1

• Limit invalidations for hits metric to current month [by @sgiehl]
  
• Ensure empty plugin settings are saved correctly [by @michalkleiner]
  

• Enhanced security to manage secure access to the Matomo Installer. Learn more. [by @mneudert]
  
• Matomo will notify users by email when a login is detected from a different country than the user’s usual login area. [by @michalkleiner]
  
• Matomo now includes a This Wasn’t Me link in password reset emails, allowing users to cancel accidental or unauthorised password change requests by deleting the reset link from the database. [by @mneudert]
  
• Improve handling for changing email of invited users where changing the email address of an invited user did not invalidate the original invitation link. [by @sgiehl]
  
• Restricted the ability to write annotations to users with ‘Write’ permission and adjusted the API accordingly. [by @sgiehl]
  
• Migrate from md5 to sha256 in config/manifest.inc.php to enhance security. [by @sgiehl]
  

• Ensure Matomo is functional with PHP 8.4. [by @sgiehl]
  
• Explicitly mark parameters as nullable where necessary, eliminating deprecation warnings and ensuring compatibility with PHP 8.4. [by @sgiehl]
  
• Replace the usage of Zend_Session_SaveHandler_Interface with the PHP built in interface SessionHandlerInterface, which can be directly passed to session_set_save_handler. [by @sgiehl]
  
• Fixes for PHP 8.4. [by @sgiehl]
  
• Correct EOL dates of PHP versions. [by @sgiehl]
  

• The marketplace cards now display the owner’s name for each plugin. [by @AltamashShaikh]
  
• Add console plugin:install command to automate the process of fetching and installing the latest compatible version, replacing the manual wget-unzip method. [by @jsantos42]
  
• Addressed performance slowdowns in the CustomVariables, Cohorts, and MarketingCampaignsReporting plugins by adding the ability to enforce index usage during log aggregation. [by @snake14]
  

• When setting up 2FA in Personal > Security, the QR code remains securely hidden and only displayed on the user’s request. [by @michalkleiner]
  
• Introduce new configurable exclusion types for Global list of Query URL parameters to exclude. Users can choose which parameters to exclude from tracking and reporting. [by @caddoo]
  

• Add Total Hits for all websites and Total Hits per site. [by @sgiehl]
  

• Enhance the style for the AdBlock warning when starting the installation process. [by @AnandaCampelo]
  
• Improve title of Ecommerce Overview widget in the dashboard. [by @tsteur]
  
• Refine the workflow for number verification in mobile messaging and increase security on the code’s validity. [by @sgiehl]
  

• Enhance the website deletion process to help users manage and export associated Tag Manager containers. [by @AltamashShaikh]
  
• Improve the instructions displayed when installing Matomo Tag Manager. [by @snake14]
  
• Consent Management Platform tags for Axeptio, CookieYes, and OneTrust. [by @AltamashShaikh, based on work by OpenMost]
  
• Add introductory explainer text to the container dashboard screen. [by @AltamashShaikh]
  
• Implement a new copy feature for containers. [by @snake14]
  
• Implement a new copy feature for tags. [by @snake14]
  
• Implement a new copy for triggers and variables. [by @snake14]
  
• Disable the spell check in the Custom HTML tag > Custom HTML field. [by @AltamashShaikh]
  
• Add new in-app links to FAQs on how to copy containers, tags, triggers, and variables. [by @snake14]
  

• Resolve correct handling of formulas in CSV export where website names starting with = and containing null bytes were not properly escaped in CSV exports. [by @sgiehl]
  
• Add the evolution graph and the segmented visit log to the Referrer report in Acquisition > All Channels. [by @sgiehl]
  
• Update the Annotation API to disable automatic sanitisation, manually sanitise notes before storage, limit annotation notes to 255 characters and add type hinting to ensure parameter correctness. [by @sgiehl]
  
• Allow the sorting of email reports by description in API & UI. [by @sgiehl]
  
• Added attribution information for eCommerce conversions to API responses and updated the visits log to display attribution details for all conversion types in the action tooltip. [by @sgiehl]
  
• Allow alphabetical sorting of goals in Manage Goals and all Goal-related reports. [by @sgiehl]
  
• Standardised the order of goals in reports by sorting them by ID, ensuring consistent display across databases and resolving test failures on TiDB. [by @sgiehl]
  

• The database collation is now written to the configuration to ensure consistency between the database connection and table collations, and to avoid issues when running the core:convert-to-utf8mb4 command. [by @sgiehl]
  
• Refactored table optimisation logic to the Schema classes to account for differences in database engines (MySQL, MariaDB, TiDB). For TiDB, where table optimisation is not supported, the feature is now deactivated. [by @sgiehl]
  
• Aligned table and database creation to ensure consistent collation across engines, addressing differences in sorting behavior between TiDB’s default utf8mb4_general_bin and MySQL’s utf8mb4_general_ci. [by @mneudert]
  
• Ensure utf8 is always used for load data infile on TiDB to resolve compatibility issues with the latin1 charset. [by @sgiehl]
  

• Introduce a feature flag system to control the release of new features, ensuring stability by allowing code deployment without immediate visibility to users. [by @caddoo]
  
• Introduce a workflow to automate preview releases, including version determination, testing, and publishing on success. [by @michalkleiner]
  

• Update to use the automation user for committing built Vue files, ensuring that subsequent actions, such as tests, are triggered correctly after these commits. [by @sgiehl]
  
• Aligned the project with the Matomo coding standards repository to ensure consistent code quality and formatting across the codebase. [by @sgiehl]
  
• Test fixes for TiDb; improve test stability across DB engines. [by @sgiehl]
  
• Improve console message handling by allowing single strings to be passed directly. [by @michalkleiner]
  
• Update DOMPurify to 2.5.6. [by @sgiehl]
  
• Enable automatic NPM updates using Dependabot, limited to minor and patch versions. [by @sgiehl]
  

• Matomo introduces key enhancements to the archiving process to improve performance, reliability, and flexibility for both on-premise and cloud users:
  
• Optimised segment archiving: The –skip-segments-today flag in the core:archive command now prevents invalidations for segments not only for the current day but also for higher periods (week, month, year). This ensures faster and more efficient archiving by skipping unnecessary updates. [by @sgiehl]
  
• Smarter archiving for recent data: The system now avoids reprocessing yesterday’s data if an archive built after midnight already exists or if another archiving process started after midnight is still running. This reduces redundant work and speeds up archiving operations, particularly for users managing high-traffic environments. [by @sgiehl]
  
• Configurable recovery for failed archiving: A new recovery timeout setting, archiving failure recovery timeout (in seconds), allows users to configure retries for interrupted archiving processes. This ensures that archiving can resume automatically after disruptions, enhancing reliability and minimising manual intervention. [by @sgiehl]
  

• Add 3D printing files to download extensions (STL, OBJ, 3MF and PLY. [by @nallath, @sgiehl]
  
• Enable support for Chrome’s formFactors client hint in Matomo’s JavaScript Tracker. [by @sgiehl]
  
• Updated the ResponseBuilder to return a 404 status code when a non-existing method is requested. [by @ BVancea25]