Matomo 3.6.1
We are proud to announce Matomo 3.6.1: a new minor release of Matomo Analytics.
What’s new?
Our focus has been on maintenance, stability, and security.
We’ve launched a new security bug bounty program on HackerOne. As a result we received lots of great reports and have identified several security issues (XSS) which are fixed in this release.
If you use NGINX, please take a look at our new minimal NGINX configuration which implements best practises for Matomo on NGINX.
When you create a goal matching an event, you can now automatically set the Event Value as the Goal Revenue for each goal conversion. This is useful when you extensively use events and goals at the same time.
Not only you can measure Websites and Mobile Apps with Matomo, but you can now also create an « Intranet » website. Intranet websites should be used whenever you measure an intranet website, where most visitors on the intranet are within your internal network. This new Intranet website feature means you don’t need to manually configure Matomo as per this FAQ anymore.
140 tickets have been closed by more than 16 contributors!
After You Update
- Use the forums if you have any question or feedback (free support),
or contact the Business Support Team to make the most of your Matomo Analytics and get professional support (paid support). - Please help us spread the word about Matomo! Maybe you can write about the project on your blog, website, twitter, talk about Matomo Analytics at conferences, or let your friends and colleagues know what is Matomo. Already 1,000,000+ websites have liberated their web analytics, and with your help we can grow the community!
- To improve Matomo in your language consider contributing to translations.
- Support our efforts by donating to the project.
Security release
This release is rated critical.
Several XSS issues have been fixed thanks to the great work of security researchers who responsible disclosed issues to us.
Our security bug bounty program welcomes & rewards researchers who discover and responsibly report to us any security issues found in Matomo or any of the plugins created by Matomo/InnoCraft.
Database upgrade
This release does not contain any major database upgrade.
Platform Changes
Matomo is an open analytics platform. In an effort to help Matomo developers learn about improvements and changes in the core APIs, we document the changes since the last release.
In this 3.6.1 release there are New APIs, New Developer features. Read more in Platform Changelog for Developers to see all changes to the platform and APIs.
Note: the Marketplace showcases more than 80 plugins already compatible with Matomo 3 and this is just the beginning. Matomo is your universal data analytics platform!
New and updated SDKs (Tracking API Clients)
The Matomo team offers official SDKs (Tracking API Clients) for measuring your mobile apps and any other kind of apps.
Congratulations to the SDK maintainers and contributors for these great releases!
New and updated guides and FAQs
Updated:
New plugins
By the Matomo team and InnoCraft:
- Form Analytics
- Heatmap & Session Recording
- Login SAML
- Media Analytics
- Funnels
- Custom Reports
- Multi Channel Conversion Attribution
- Search Engine Keywords Performance
- A/B Testing
By third party developers:
Need help upgrading Matomo?
Read the Updating Matomo user guide or for more help contact the Matomo experts.
List of 140 tickets closed in Matomo 3.6.1
- Generate changelog using our Github Changelog Generator.
- #7724 Add possibility to manage and view Intranet websites [by @tsteur]
- #13050 Replace our github service « Piwik Plugins » with an app « Matomo Plugins » or webhook [by @tsteur]
- #13363 Send email if no tracked data within N days. [by @diosmosis]
- #13285 Implements wrapper method for a more secure unserialize with PHP 7 [by @sgiehl, @diosmosis]
- #13502 Ensure report title is escaped in export overlay [by @sgiehl, @diosmosis]
- #13520 When requesting a password reset, the email content is out of date [by @diosmosis]
- #13621 Ensure sensitive data is sent as POST parameters in user management [by @sgiehl, @diosmosis]
- #13476 When a Goal is created as « Matching event », allow to set Goal value as the event value
- #13369 3.6.0 period=day&date=today no longer highlights current date [by @sgiehl]
- #13391 Make sure user is not logged out when settings saved w/ no password change. [by @diosmosis, @sgiehl]
- #13401 HTML E-Mail report — Report list incorrect color [by @diosmosis]
- #13405 Fixes Ecommerce overview [by @sgiehl, @diosmosis]
- #13303 Replace row action image icon with font icon in User ID report [by @sgiehl]
- #13330 Make email report unsubscribe link look consistent with other report footer links [by @diosmosis]
- #10165 Remove the user « alias » feature [by @diosmosis]
- #12954 Please change wording of « You are currently opted in. » [by @tsteur]
- #13564 Updates submodules [by @sgiehl]
- #13388 New events + some other misc changes [by @diosmosis]
- #12250 Campaign name with capitals will create duplicate visits
- #13317 Pivoting by custom dimension results in an error [by @diosmosis]
- #13368 Fix capabilities weren’t detected correctly [by @tsteur, @diosmosis]
- #13375 WARNING: /var/www/html/plugins/API/API.php(401): Notice – compact(): Undefined variable: idGoal [by @sgiehl]
- #13384 Manage Users: SQL Error for role write [by @diosmosis]
- #13406 Error: You can’t access this resource as it requires ‘view’ access for the website id = 60. [by @diosmosis]
- #13407 Work around mysql client segfault in update. [by @diosmosis, @sgiehl]
- #13412 It should not be possible to edit anonymous user or set certain permissions [by @diosmosis]
- #13415 When displaying unprocessed segment message, check for urlencoded segment. [by @diosmosis, @tsteur]
- #13423 Anonymous user settings results in an error when site no longer exists [by @tsteur]
- #13438 Fatal error in referrers report [by @tsteur]
- #13445 Create periods with timezones in a couple places that are missing it. [by @diosmosis]
- #13469 Referrer name comparison should be case insensitive … [by @diosmosis]
- #13487 Fix incorrect sort order when scheduled report uses custom report [by @diosmosis]
- #13499 Live.getSimpleLastVisitCount widget loses segment upon refresh
- #13505 Error message CpChart triggered with specific payload [by @sgiehl]
- #13506 Error message Variable « topMenu » does not exist [by @sgiehl]
- #13507 Error message in various places when invalid parameters are used [by @sgiehl]
- #13572 Better check for valid URLs [by @mattab, @diosmosis]
- #13580 Fix single day archive check in ArchiveProcessor/Parameters. [by @diosmosis]
- #13350 Adds new language Spanish (Argentina) [by @sgiehl, @diosmosis]
- #13436 [automatic translation update] Updated 303 strings in 8 languages (el, fa, fi, fr, sv, it, pt, tr) [by @sgiehl]
- #13560 [automatic translation update] Updated 699 strings in 15 languages (es, fa, ja, nl, nn, sq, sv, uk, fr, el, it, pt-br, tr, cs, de) [by @sgiehl]
- #13612 [automatic translation update] Updated 73 strings in 6 languages (it, sq, tr, el, es, pt-br) [by @sgiehl]
- #10586 Run our automated tests suite also on PHP7
- #12215 Exception on visitor profile popup [by @sgiehl]
- #12346 Multiple conditions for goal with AND/OR seperation
- #13092 Auto-detect timezone and currency in installer [by @c960657, @tsteur]
- #13269 Couple changes to aid debugging [by @diosmosis]
- #13282 Use Python 2.7 for travis tests [by @sgiehl]
- #13286 Stable sort for most frequent segment values [by @sgiehl, @diosmosis]
- #13296 Make sure simple datatable metadata is serialized + some test case changes [by @diosmosis]
- #13297 Updates all Guides and FAQs to reference the new « Write » permission
- #13304 Remove COLUMN_AGGREGATION_OPS_METADATA_NAME metadata before serializi… [by @diosmosis]
- #13311 Adds UI tests for Custom Logos [by @sgiehl, @diosmosis]
- #13340 If serialize=1 in Original renderer, return serialized array w/ exception info instead of throwing. [by @diosmosis, @tsteur]
- #13342 Show confirm before changing a users password and show notification on save complete. [by @diosmosis, @mattab]
- #13343 Add site type as attribute to site card in sitesmanager UI so they can be selected by type. [by @diosmosis]
- #13362 Remember user who created a site. [by @diosmosis]
- #13371 Override string trim only if needed to fix performance issue [by @tsteur, @diosmosis]
- #13373 Always set hours to 0 for periods.getToday [by @sgiehl, @diosmosis]
- #13385 Manage Users: Can’t filter by access write [by @diosmosis]
- #13386 Fix « not empty » condition in SegmentExpression [by @splinter89, @tsteur]
- #13404 Ensure action details are sorted stable across PHP versions [by @sgiehl, @diosmosis]
- #13425 Prevent error related report may not be defined [by @tsteur, @sgiehl]
- #13428 Use Request::processRequest() so API events are triggered. [by @diosmosis]
- #13430 Allow session to be writable in CLI mode so tests can write values. [by @diosmosis]
- #13437 Replace unsupported characters in all tracking request params [by @sgiehl, @diosmosis]
- #13446 Use postMessage instead of directly making API calls in the overlay iframe. [by @diosmosis]
- #13449 do not automatically download lfs files when cloning/checking out [by @diosmosis]
- #13470 Remove user-agent checking code in SessionAuth. [by @diosmosis]
- #13477 Stable sort for additional pivoted columns [by @sgiehl, @diosmosis]
- #13479 don’t send referrer to plugin authors website [by @Findus23, @diosmosis]
- #13503 Escape feature name for rate feature tooltips [by @sgiehl, @diosmosis]
- #13504 Avoid creating any archive tables for future dates [by @sgiehl, @diosmosis]
- #13519 Warning message in a UI notification after requesting a password reset [by @diosmosis]
- #13522 Put our current mission statement (as of Sept 2018) in the Readme [by @mattab, @tsteur]
- #13523 Add tests for password resetter and tweak process a bit. [by @diosmosis]
- #13529 Quote db name in certain queries. [by @diosmosis]
- #13551 Manage users: when clicking « edit » button, scroll back to top [by @oswdr, @tsteur]
- #13558 don’t consider .swf files safe [by @Findus23, @sgiehl]
- #13561 Prevent possible error if goalId is not set [by @sgiehl, @tsteur]
- #13562 Updates device detector to latest 3.11.2 [by @sgiehl]
- #13563 limit Sparkline size [by @Findus23, @sgiehl]
- #13568 Support window.Matomo in JS Tracker [by @tsteur, @diosmosis]
- #13569 Fix license information may not be shown correctly [by @tsteur]
- #13573 Truncate referrer name & keyword in Base class so the value used there matches what is in the DB. [by @diosmosis]
- #13575 don’t allow SEO plugin to make non-HTTPS requests [by @Findus23, @tsteur]
- #13576 fix SEO bing count [by @Findus23, @tsteur]
- #13579 Encode html chars in integrity file list [by @sgiehl, @diosmosis]
- #13583 Acquire an exclusive lock when writing config file [by @tsteur, @diosmosis]
- #13615 Let plugins modify the JS tracker [by @tsteur, @diosmosis]
- #5791 Adds detection for newer version of iOS and macOS [by @sgiehl]
- #5793 Detect Instacast only as a mobile app. [by @etienne-martin, @sgiehl]
- #5794 Windows 8 version_compare
- #5795 Adds detection for Huawei P smart [by @cb8, @sgiehl]
- #5796 Windows 8 version_compare [by @etienne-martin, @sgiehl]
- #5799 Synthetic Monitoring User Agents not detected
- #5800 Adds detection of VKShare (bot) [by @sgiehl]
- #5801 Added some Android devices [by @GregOriol, @sgiehl]
- #5802 4 new bots, omgili, dataminr.com, TrendsmapResolver, tweetedtimes.com [by @sgiehl]
- #5804 Add Samsung Galaxy NOTE 9 (SM-N960) [by @pongee, @sgiehl]
- #5805 Adds detection for TechPad devices [by @sgiehl]
- #5806 Adds detection for Zuum devices [by @sgiehl]
- #5807 Adds detection for Unonu devices [by @sgiehl]
- #5809 Adds detection for Akai devices [by @sgiehl]
- #5810 Adds detection for Bluboo devices [by @sgiehl]
- #5811 Adds detection for Comio devices [by @sgiehl]
- #5812 Improves detection of iTunes on iPhone and iPad [by @sgiehl]
- #5813 Adds detection for some new Asus devices [by @sgiehl]
- #5814 Javascript/Node.js port of device-detector
- #5816 Adds detection for FNB devices [by @sgiehl]
- #5817 Javascript/Node.js port of device-detector [by @etienne-martin, @sgiehl]
- #5818 Adds detection for Miray devices [by @sgiehl]
- #5819 Adds detection for Uhappy devices [by @sgiehl]
- #5820 Add/Detect Snapchat UA as a bot
- #5822 Add Oppo smartphones: PACM00, and PACT00 [by @pongee, @sgiehl]
- #5825 Detect devices MTC, Primepad, Lemnov [by @sanchezzzhak, @sgiehl]
- #5828 Adds detection for Opera Touch [by @sgiehl]
- #5831 Improves detection of various Alcatel devices [by @liviuconcioiu, @sgiehl]
- #5833 What type of device Savio TB-PO1
- #5834 Improves detection of various Alcatel devices [by @liviuconcioiu, @sgiehl]
- #5835 New Google bot DMCA Takedown tool
- #5836 Adds detection for Savio device; Improve AppleTV detection [by @sanchezzzhak, @sgiehl]
- #5838 Adds detection for new Google bot [by @sgiehl]
- #5840 Improves/Adds detection of some Wiko devices [by @sgiehl]
- #5841 Adds detection for Snapchat Proxy [by @sgiehl]
- #5842 Adds detection for Kempler & Strauss devices [by @sgiehl]
- #5843 Adds detection for GoMobile devices [by @sgiehl]
- #53 Add Mastodon as social network [by @mattab, @sgiehl]
- #915 Add yes-com.com [by @ericguirbal, @spmedia]
- #916 Add autoseo-service.org [by @spmedia]
- #917 Add kakablog.net [by @lisandrodemarchi, @spmedia]
- #918 Add grafaman.ru [by @ericguirbal, @spmedia]
- #919 Add lider82.ru [by @ericguirbal, @spmedia]
- #920 Add sribno.net [by @ericguirbal, @spmedia]
- #922 Add kevblog.top [by @ericguirbal, @spmedia]
- #923 Add xn--e1aaajzchnkg.ru.com [by @ericguirbal, @spmedia]
- #924 Adds xtrafficplus.com, blogstar.fun [by @mouse-reeve, @spmedia]
- #925 Add seo-services-with-results.com
- #38 Do not append piwik.php if url contains matomo.php [by @tsteur]
- #46 Create LICENSE [by @Findus23, @mattab]
- #221 Error class was not referenced properly [by @diosmosis]
We are together creating the best open analytics platform in the world. You can help make Matomo even more awesome by getting involved in Matomo!