Matomo is a set of open source website access statistics system based on PHP + MySQL technology, which can provide detailed statistical information, such as the number of page views, the most visited pages, search engine keywords and other traffic analysis functions.
Matomo 4.12 is officially released, this is a maintenance release that improves the reliability and stability of Matomo, and also includes some important features and improvements. The specific updates of Matomo 4.12 are as follows:
Safe version
This is a major security release. Several medium and low impact security fixes are included in this release. Moderate impact fixes include preventing XSS vulnerabilities when using the Widgetize plugin – the possibility of injecting javascript code via angular templates, and an issue where anonymous users can export CSV reports, which when imported into Microsoft Excel or similar applications Inject commands in reports.
Low-impact security improvements include usingtoken_auth
Checks the two-factor authentication (2FA) status of API requests for the current session, and additional escaping in the Overlay module to prevent possible XSS attacks.
Platform changes
- groundbreaking change
- when passed
UsersManager.deleteUser
A new parameter when the API uses session authentication to delete a userpasswordConfirmation
Needs to be sent with the request and contains the current password of the user making the API request. - when passed
UsersManager.addUser
A new parameter when the API uses session authentication to add a userpasswordConfirmation
Needs to be sent with a request containing the current password of the user making the API request. - when passed
UsersManager.invertUser
A new parameter when the API uses session authentication to invite a userpasswordConfirmation
Needs to be sent with a request containing the current password of the user making the API request.
- when passed
- new php event
- Added new events
Login.userRequiresPasswordConfirmation
which can be used in login plugins to circumvent password confirmation in the user interface and certain API methods - when passed
SitesManager.deleteSite
A new parameter when the API uses session authentication to delete a sitepasswordConfirmation
Needs to be sent with the request and contains the current password of the user making the API request.
- Added new events
- New privacy opt-out option
- The iframe opt-out UI for the Privacy Manager has been replaced to generate a JavaScript opt-out code that uses the Matomo tracker, the existing iframe opt-out will still work, but the iframe opt-out code will no longer be generated by the UI as most major browsers Stopping support for third-party cookies in iframes.
New and updated SDKs
Matomo team provides official SDK (Tracking API Clients) for monitoring your mobile app and any other kind of app.
More details can be found here: https://matomo.org/changelog/matomo-4-12-0/
#Matomo #Released #Website #Visit #Statistics #System #News Fast Delivery