Matomo 3.11.0

We are proud to announce Matomo 3.11.0: a new release of Matomo Analytics. It is highly recommended to upgrade to this latest Matomo release.

What’s new?

This release includes security improvements (including a security fix) and also several performance improvements and bug fixes.

In terms of new feature, you can now create Goals that are triggered when visitors stay for a certain amount of time on the website (when the visit duration is greater than X minutes). This lets you measure and later segment your users who are more engaged and stay longer on your website.

In terms of security improvements, a basic rate limiter for password resets was added which prevents possible mass emailing (when many password resets are requested within a short time). Another issue has been fixed where affected users’ passwords were mistakenly changed to a weak value. Now minimal password strengths requirements are enforced (forcing users with very weak passwords to reset them). Also Matomo UI and reports will now send the ‘Referrer-Policy’ header which will prevent leaking the Matomo URL to other websites when you click on links to these websites within Matomo.

Several performance improvements were also implemented which can improve speed of some Matomo requests around 10%. Over the next few releases we’re hoping to continue making performance improvements. Also if your Matomo database is replicated (eg. Master-reader configuration) you can now easily configure Matomo to execute read queries on the database reader server, which will reduce CPU usage on the master server and improve speed of all requests (see the new [database_reader] section in the global.ini.php).

In terms of UX/Design, we’ve made minor tweaks to improve usability. For example the Websites drop down menu list is now wider and will show the full name of your websites.

Several bugs were fixed in the UI, Tracker API, Two-factor compatibility with embedding reports, archiver, and other more minor issues.

We are grateful for all community members who reported feedback and suggestions, our awesome team of translators for their work, and our Matomo Cloud hosting customers and Premium features customers for their amazing support!

67 tickets have been closed by more than 19 contributors!

After You Update

• Please help us spread the word! Maybe you can write about the project on your blog, website, twitter, talk at conferences or let your friends and colleagues know what is Matomo. Already 1,000,000+ websites are keeping full control of their web analytics with Matomo!
• Use the forums if you have any question or feedback (free support),
  or purchase a Support Plan to make the most of your Matomo Analytics and get professional support.
• To improve Matomo in your language consider contributing to translations.
• You can support our efforts by purchasing valuable Premium Features for Matomo or try our Matomo Cloud solution.

Security release

This release is rated critical.

An issue has been fixed where affected users’ passwords were mistakenly changed to a weak value. Now we enforce some minimal password strengths requirement and users who don’t meet them will have to request a password reset. The issue only affected very rare case where a user had their email address manually changed by another Super User in the UI and no password was set. Thank you to Christian Futterlieb for his responsible disclosure via the Hackerone program.

Our security bug bounty program welcomes & rewards researchers who discover and responsibly report to us any security issues found in Matomo or any of the plugins created by Matomo/InnoCraft.

Database upgrade

This release does not contain any major database upgrade.

Platform Changes

Matomo is an open analytics platform. In an effort to help Matomo developers learn about improvements and changes in the core APIs, we document the changes since the last release.

In this 3.11.0 release there are no change. Read more in Platform Changelog for Developers to see all changes to the platform and APIs.

New and updated SDKs (Tracking API Clients)

The Matomo team offers official SDKs (Tracking API Clients) for measuring your mobile apps and any other kind of apps.

• iOS SDK [by @brototyp]
• Android SDK [by @d4rken]

Need help upgrading Matomo?

Read the Updating Matomo user guide or for more help contact the Matomo experts.

List of 67 tickets closed in Matomo 3.11.0

matomo-org/matomo
• #7554 Add auxiliary database support for big instances
• #14508 New Goal type: Convert when user stays more than X minutes on the site [by @diosmosis]
• #13813 rate limit password resets [by @sgiehl]
• #14534 Copy downloaded plugins from Marketplace to MATOMO_PLUGIN_DIRS folder too
• #14624 various performance tweaks [by @tsteur, @diosmosis]
• #14621 ‘secondaryDimension’ isn’t set in the Request [by @tsteur]
• #14539 Visits in Real-time right margin inconsistent [by @sgiehl]
• #14629 Long labels in left mobile menu may be shown on the next line [by @tsteur, @diosmosis]
• #13706 Expand drop down menu list when searching for a site and make it so that you can see the full title. [by @katebutler]
• #14600 Removes Zend_Cache [by @sgiehl]
• #14613 Remove « fbclid » URL parameter from Page URLs [by @sgiehl]
• #14685 Updates Device Detector to 3.12.0 [by @sgiehl]
• #8918 Error during installation: The directory « /var/www/html/piwik/tmp/cache/tracker/ » is not writable.
• #10109 On email reports the conversion rate is zero always
• #14344 Console: invalidating reports with segment based on custom Dimensions fails
• #14446 2FA Prevents dashboard from being embedded [by @katebutler]
• #14452 Why the visitor_days_since_first is not gradually increasing
• #14475 Installer reports invalid email address when the email is valid
• #14499 error message returned in core:archive: Unexpected state: row evolution API call returned empty DataTable\Map. [by @katebutler]
• #14580 strlen() expects parameter 1 to be string, array given in strlen called at /core/Tracker/Request.php [by @katebutler]
• #14615 Bug: Website Measurable URLs unexpected behavior
• #14604 Make Tag Manager getting started translatable [by @katebutler]
• #14641 [automatic translation update] Updated 328 strings in 5 languages (pt-br, zh-cn, fr, ja, ro) [by @sgiehl]
• #14684 [automatic translation update] Updated 269 strings in 7 languages (ja, uk, fr, el, es, tr, zh-cn) [by @sgiehl]
• #14037 Make more links clickable in New releases notification emails [by @AlainRnet, @tsteur]
• #14368 Fix missing 3rd party cookie when using POST requests [by @MichaelHeerklotz, @tsteur]
• #14448 allow to disable tracking failure notifications [by @fdellwing, @diosmosis]
• #14449 Fix download issues via cURL with HTTP/2 [by @katebutler, @tsteur]
• #14461 make opt-out iframe reload cacheless [by @dazwiafl, @sgiehl]
• #14476 use PHP filter to validate E-Mails [by @Findus23, @tsteur]
• #14482 send Referrer-Policy header [by @Findus23, @tsteur]
• #14491 If new visit is forced, known visitors should still be recognized [by @diosmosis]
• #14517 In Visitors > Real-time report, hide the calendar [by @sgiehl]
• #14531 Fix GitHub links for ‘About matomo’-Page (Footer) [by @obendev, @tsteur]
• #14537 Copy downloaded plugin to all plugins directories [by @nabiltntn, @tsteur]
• #14565 use same fontsize for links in Help page [by @fdellwing, @katebutler]
• #14581 Truncate very long useragents to prevent possible tracking slowdown [by @sgiehl, @tsteur]
• #14605 Improve speed of serving unreadable files [by @sgiehl, @tsteur]
• #14606 Small archiving refactors for GA import [by @diosmosis]
• #14620 Remove « open source web analytics » tooltip in app logo when a custom logo is uploaded [by @tsteur]
• #14625 Ensure each plugin has a config.php and tracker.php file [by @toredash, @tsteur]
• #14627 Tweaks to Readme, updating links [by @mattab, @tsteur]
• #14628 When installer is disabled and any module is requested, also show the not set up yet message [by @tsteur, @diosmosis]
• #14630 Update GitHub links in composer.json [by @obendev, @tsteur]
• #14635 Update the link tag for all php files [by @obendev, @tsteur]
• #14636 Update GitHub link [by @obendev, @tsteur]
• #14638 Update CHANGELOG.md [by @obendev, @sgiehl]
• #14660 In JS tracker generator make sure to reuse same class when creating new file [by @tsteur]
• #14676 Remove sponsors from the help page [by @tsteur]
• #14681 Support configuration of a reader database [by @tsteur]
• #14683 Update cache component to 1.0.3 [by @tsteur, @sgiehl]
• #14687 Determine in file class if the file content is the same [by @tsteur]
matomo-org/device-detector
• #5984 Detect QMobile, Fondi, ANS, STF [by @sanchezzzhak, @sgiehl]
• #5985 Detect Mobiola, Ergo, Simbans [by @sanchezzzhak, @sgiehl]
• #5986 HMD Global (Nokia)
• #5987 Detect BQ, Alcatel, Arian Space, Motorola, LG, Polytron [by @sanchezzzhak, @sgiehl]
• #5992 Detect Browser Firefox Rocket [by @sanchezzzhak, @sgiehl]
• #5993 Detect Land Rover devices [by @sanchezzzhak, @sgiehl]
• #5994 Increase required php version to 5.5 [by @sgiehl]
matomo-org/tag-manager
• #163 Converts UI tests to headless chrome [by @sgiehl, @tsteur]
• #167 Check container version exists before publishing it [by @tsteur]
matomo-org/referrer-spam-blacklist
• #1118 Add axcus.top and xtraffic.plus [by @smokris, @spmedia]
• #1119 Add artpress.top [by @smokris, @spmedia]
• #1120 Add wallinside.top [by @skylarmt, @spmedia]
matomo-org/matomo-php-tracker
• #46 Set curl option follow location to true for GET requests [by @olleharstedt, @tsteur]
matomo-org/component-cache
• #20 Improve fetching cache from chained backend [by @tsteur]
matomo-org/component-ini
• #9 Split comments on blank lines [by @c960657, @tsteur]

We are together creating the best open analytics platform in the world. You can help make Matomo even more awesome by getting involved in Matomo!