Professional Security Audit for Matomo 1.1

Contents

In the past, whenever we received security related questions and suggestions for Matomo (Piwik), sent to our security@piwik.org address, we quickly reacted and released a fix in a new Matomo release. However, going forward, we want to be proactive, so we requested a professional and thorough review of our code base.

SektionEins, a leading software security company based in Germany, undertook the professional security review of the Matomo source code. Stefan Esser conducted the audit on the Matomo source code for 5 full days. Stefan then sent us all the details about what could be improved in Matomo regarding security (various recommendations, XSS, etc.). Anthon and Matt from the Matomo team then prepared fixes and improvements following the security audit, which were then released in Matomo 1.1.

We would like to give a huge thanks to SektionEins and Stefan Esser for their work and support to Matomo and the open source community. We are very happy with their service, and can only recommend all other open source projects (and of course any closed source softwares) to contract them for security audits, consulting and/or security training.

We also want to give credit to our sponsors who helped us cover the cost of the review.

You can also learn more about our continuous Security efforts in Matomo.

Matomo 1.1 is rated critical. Please update to Matomo 1.1 now.

Enjoyed this post?
Join the 160,000+ subscribers who receive the Matomo Newsletter straight to their inbox every month

Subscribe to our newsletter to receive regular information about Matomo. You can unsubscribe at any time from it. This service uses MadMimi. Learn more about it within our privacy Policy page.

Get started with Matomo

A powerful web analytics platform that gives you and your business 100% data ownership and user privacy protection.

No credit card required.

Free forever.

Get started with Matomo

A powerful web analytics platform that gives you and your business 100% data ownership and user privacy protection.

No credit card required.

Free forever.