* Privacy and Security
- #19961, #23400: Superusers can enforce strong password requirements to improve account security
and reduce the risk of brute-force attacks.
- #23356: Password input fields now automatically clear after 10 minutes of inactivity by default,
reducing the risk of leaving sensitive data exposed. Developers can configure the timeout per field instance if needed.
- #19839, #23294: Users are prevented from using their current password to set a new password.
- #23425, #20102: A new scheduled task notifies superusers of accounts inactive for 180 days,
and improvements to the password reset process prevent user enumeration by standardising error messages.
- #13654, #23320: Improved the password reset process to prevent possible user enumeration.
- #23330: Improved usability by adding automatic focus to password confirmation fields.
- #20677, #23335: The API now supports passing authentication tokens via the standard Authorization: Bearer token HTTP header.
- #23354: Token authentication has been improved with new expiry and notification features.
- #12278, #23321: Resolved an issue that could expose internal server IPs in redirect headers.
- #19480, #23317: Replaced ssl:// with tls:// in HTTP connections to strengthen security.
- #23318: Migration details during core updates are now protected by a token,
ensuring only the user performing the update (or someone with the token) can view them.
- #23324: Improved security by hiding sensitive parameters from stack traces on PHP 8.2+.
- #23304: Matomo now logs a warning for insecure HTTP requests when force_ssl is active.
- #3620, #23372: Error and exception handling has been restructured to improve security and clarity.
Stack traces are now only shown when explicitly enabled or in development mode,
file system paths to the Matomo root are redacted, and sensitive values are removed from exception messages.
The error page shown for unsupported PHP versions or missing Composer has also been improved.
- #23352: Improved security by redacting SMTP credentials from logs and error traces.
- #23385: Password confirmation fields now support custom IDs, avoiding duplicate IDs when
multiple password forms appear on the same page and improving accessibility.
- #23503: Updated the opt-out form to use event listeners instead of inline onclick attributes,
improving compatibility with stricter Content Security Policies.
* Reporting
- #23451: Requesting row evolution for flattened Page URL reports is now automatically redirected
to subtable row evolution to avoid excessive memory usage.
- #23505, #23506: The Hits metric is now available in the evolution graph.
- #21664, #23271: Goal reports now include a breakdown of conversions by individual social networks.
- #23347: Added a new API parameter show_dimensions that allows multi-level reports
to display each dimension in separate columns when using flat=1.
- #23456: Introduced a new copy component that enables duplicating reports and other entities such as Heatmaps.
This feature will be extended to additional report types in future releases.
- #23299: The and string in the Goal overview top dimensions is now translatable, ensuring full localisation support.
- #23291: Updated url_query_parameter_to_exclude_from_url to include LinkedIn clickID, preventing these parameters from appearing in Page URL reports.
- #19060, #23315: Resolved low-risk issue where the configuration option for email reports
now prevents showing the report owner’s username in the Reply-To header.
- #23452, #23453: Include Campaign names in Transition reports when either referer_keyword or referer_name is NULL.
- #23283, #23312: Fixed issue where ChatGPT visitors were showing in campaigns.
- #23417, #23448: Fixed eCommerce Overview comparisons that were incorrect.
- #23144: Remove token_auth from image graph urls in API response.
* Performance and Archiving
- #22450, #23421: New maintenance task added to clean up broken archives and keep database storage healthy.
- #23408: Fix invalidation processing for report specific archives for periods including today.
- #23309: Respect ts_archived when purging ERROR/ERROR_INVALIDATED archives
- #23413: Ensure partial archives are marked correctly.
- #23412: Metrics with zero values are now stored consistently, improving archive completeness and ensuring exports include all metrics.
* Measurables (Websites)
- #23277: Update styling and structure of the Create Measurable modal.
- #23488: Allow legacy/bc timezones when creating sites (through API).
- #23422: Allow filtering out sites by site types and allow selecting only sites for which the user has at least write access.
* Matomo User Interface
- #23496: Prevent rendering admin area when screen height or with is below 200px.
- #23264: Improve UI login screen.
- #23274: Refined dashboard top bar with new icons and consistent tooltips.
- #23279: Adds code to accept editURL parameter in ContentBlock.vue to link the title.
* Customisation
- #17451, #23268: Logo and favicon updates now only apply after saving, as expected.
* Compatibility and Requirements
- #23429: Matomo shows a warning when the database version in use has reached end of life.
This works for both MySQL and MariaDB, which now follow different versioning.
- #23410: Remove CASE/WHEN around aggregate function in favour of a simple boolean expression.
- #23220: Drop Flattr as a donation link option.
- #23261: Tweak regex for host checks.
- #23281: API responses using format=original now consistently return the Content-Type: text/plain header instead of text/html.
- #23336: Fix creation of MySQL optimizer hint comments for multiple hints.
* Matomo Tag Manager (MTM)
- #929, #1010: Add description for the History Change Trigger in Matomo Tag Manager.
- #989, #1019: Removed Save button from custom templates if a user does not have access to edit custom templates.
- #1011, #852: The headers for Container Components, Tags, Triggers, Variables, and Versions are now clickable, allowing quick access to each section.
- #1017: Adds the tooltip directive to the ContainerSelector to align with upcoming changes that standardise tooltip behaviour across dashboard headers.
OBS-URL: https://build.opensuse.org/package/show/network:utilities/matomo?expand=0&rev=140
Matomo 5.3.2 is a patch release that delivers a range of stability, security, and performance improvements.
- #23117 If login is sent as an array, Matomo shows a proper error message indicating that the login parameter must be a string.
- #23248 Prevented email clients from automatically converting plain text (e.g. URLs or emails) into clickable links.
- #23247 Improve handling of prefixUrl parameter in API.listAllMethods.
- #23245 Escaped tracked parameters before rendering in Real-time reports.
- #23176 Ensure all translations required for Password Confirmation are always loaded.
- #23161 Handled errors when accessing navigator.javaEnabled in matomo.js, preventing issues caused by certain crawlers.
- #23229 Ensure to discard campaign names with invalid type; only string values are used.
- #23230 Prevent the concurrent deletion of multiple sites to ensure at least one website always remains in the instance.
- #23228 Prevent the warning message from displaying when no email is set for the current user.
- #23235 Optimised region name lookup by reducing execution time and memory usage.
- #23234 Improved memory usage in Live.getLastVisitDetails.
- #23072 Updated URLs in code comments from HTTP to HTTPS.
OBS-URL: https://build.opensuse.org/package/show/network:utilities/matomo?expand=0&rev=139
- Update to 5.3.0
* All Websites Dashboard
- #22312: Improve layout of the All Websites page.
* Reporting
- #22849: Increase width of the Segments drop-down list.
- #22827: Report tables now include action icons (e.g., change visualisation, export, search)
below the report title and not only at the end of the report.
- #23041: Super Users can now share user-specific segments without restricting the original
owner’s ability to edit them. This update also improves the SegmentEditor API with enhanced
type hinting and automatic sanitisation.
* Privacy and Security
- #23017: When using the GDPR Tools to extract data, if a site with visitor logs or visitor
profiles disabled is selected, the data is not available.
- #23068: The 2FA input field now uses autocomplete="one-time-code" and a new ID to prevent
password managers from misidentifying it as a login field.
* Performance and Archiving
- #22989: Allow invalidation of All Visits only and improvements to parts of the
core:invalidate-report-data command.
- #22981: Store Hostname of archiving server in Invalidation Records.
- #23021: Adds a new command to allow administrators to reset stuck invalidations that are
incorrectly marked as “in progress”.
- #23035: Automatically remove duplicate invalidations upon reset.
- #22979: Limit the processing time of archiving jobs.
- #22394: Prevent redundant double archiving of overlapping periods in multi-server setups.
* Matomo Tag Manager (MTM)
- #943: Tag Manager now supports additional tracking capabilities previously
only available via direct JavaScript (_paq).
- #953: Added a new {{FormElement}} to capture and interact with specific form elements.
- #967: The Google Analytics 4 (GA4) tag has been replaced with the Google tag (gtag.js),
ensuring compatibility with the latest tracking implementation.
- #972: Updated reference check to include variables referencing variables.
- #958: Fixed issue with missing array key at upgrade.
* Tickets closed in Matomo 5.2.2
- #22916 Update the code to ensure the API.getBulkRequest check is implemented correctly and functions as intended.
- #22943 Validate the Matomo URL when managing user opt-outs (OptOutManager).
- #22944 Modify log message to encode special control characters to display as plain text.
- #22966 Update user permissions to be handled sequentially and not simultaneously to avoid conflicts and ensure data integrity.
OBS-URL: https://build.opensuse.org/request/show/1253044
OBS-URL: https://build.opensuse.org/package/show/network:utilities/matomo?expand=0&rev=136
- Update to 5.2.2
Matomo 5.2.2 is a patch release that includes several high-impact security fixes
- #22916 Update the code to ensure the API.getBulkRequest check is implemented correctly and functions as intended.
- #22943 Validate the Matomo URL when managing user opt-outs (OptOutManager).
- #22944 Modify log message to encode special control characters to display as plain text.
- #22966 Update user permissions to be handled sequentially and not simultaneously to avoid conflicts and ensure data integrity.
OBS-URL: https://build.opensuse.org/request/show/1240261
OBS-URL: https://build.opensuse.org/package/show/network:utilities/matomo?expand=0&rev=135
- Update to 5.2.0
* PHP 8.4
- #22471 Ensure Matomo is functional with PHP 8.4.
- #22693 Explicitly mark parameters as nullable where necessary,
eliminating deprecation warnings and ensuring compatibility with PHP 8.4.
- #22690 Replace the usage of Zend_Session_SaveHandler_Interface with the PHP built
in interface SessionHandlerInterface, which can be directly passed to session_set_save_handler.
- #22667 Fixes for PHP 8.4.
- #22803 Correct EOL dates of PHP versions.
* Security
- #22750 Enhanced security to manage secure access to the Matomo Installer. Learn more.
- #9152 Matomo will notify users by email when a login is detected from a different country
than the user’s usual login area.
- #14543 Matomo now includes a This Wasn’t Me link in password reset emails,
allowing users to cancel accidental or unauthorised password change requests
by deleting the reset link from the database.
- #22644 Improve handling for changing email of invited users where changing the email address
of an invited user did not invalidate the original invitation link.
- #20716 Restricted the ability to write annotations to users with ‘Write’ permission and adjusted the API accordingly.
- #7029 Migrate from md5 to sha256 in config/manifest.inc.php to enhance security.
* Marketplace plugins
- #22694 The marketplace cards now display the owner’s name for each plugin.
- #21003 Add console plugin:install command to automate the process of fetching and installing
the latest compatible version, replacing the manual wget-unzip method.
- #22559 Addressed performance slowdowns in the CustomVariables, Cohorts, and MarketingCampaignsReporting
plugins by adding the ability to enforce index usage during log aggregation.
# User Interface
* Admin settings
- #18667 When setting up 2FA in Personal > Security, the QR code remains securely hidden and only displayed on the user’s request.
- #22729 Introduce new configurable exclusion types for Global list of Query URL parameters to exclude.
Users can choose which parameters to exclude from tracking and reporting.
* All websites
- #18978 Add Total Hits for all websites and Total Hits per site.
* General
- #17784 Enhance the style for the AdBlock warning when starting the installation process.
- #19779 Improve title of Ecommerce Overview widget in the dashboard.
- #22668 Refine the workflow for number verification in mobile messaging and increase security on the code’s validity.
* Matomo Tag Manager
- #22484 Enhance the website deletion process to help users manage and export associated Tag Manager containers.
- #813 Improve the instructions displayed when installing Matomo Tag Manager.
- #910 Consent Management Platform tags for Axeptio, CookieYes, and OneTrust.
- #911 Add introductory explainer text to the container dashboard screen.
- #917 Implement a new copy feature for containers.
- #924 Implement a new copy feature for tags.
- #936 Implement a new copy for triggers and variables.
- #928 Disable the spell check in the Custom HTML tag > Custom HTML field.
- #938 Add new in-app links to FAQs on how to copy containers, tags, triggers, and variables.
* Reports
- #22646 Resolve correct handling of formulas in CSV export where website names starting with = and
containing null bytes were not properly escaped in CSV exports.
- #22344 Add the evolution graph and the segmented visit log to the Referrer report in Acquisition > All Channels.
- #22552 Update the Annotation API to disable automatic sanitisation, manually sanitise notes before storage,
limit annotation notes to 255 characters and add type hinting to ensure parameter correctness.
- #22462 Allow the sorting of email reports by description in API & UI.
- #22364 Added attribution information for eCommerce conversions to API responses and updated the visits log
to display attribution details for all conversion types in the action tooltip.
- #22279 Allow alphabetical sorting of goals in Manage Goals and all Goal-related reports.
- #22473 Standardised the order of goals in reports by sorting them by ID,
ensuring consistent display across databases and resolving test failures on TiDB.
* Database and configuration
- #22634 The database collation is now written to the configuration to ensure consistency between
the database connection and table collations, and to avoid issues when running the core:convert-to-utf8mb4 command.
- #22355 Refactored table optimisation logic to the Schema classes to account for differences in database engines (MySQL, MariaDB, TiDB).
For TiDB, where table optimisation is not supported, the feature is now deactivated.
- #22271 Aligned table and database creation to ensure consistent collation across engines,
addressing differences in sorting behavior between TiDB’s default utf8mb4_general_bin and MySQL’s utf8mb4_general_ci.
- #22485 Ensure utf8 is always used for load data infile on TiDB to resolve compatibility issues with the latin1 charset.
* Feature Management and Release Process
- #22221 Introduce a feature flag system to control the release of new features, ensuring stability by allowing code deployment without immediate visibility to users.
- #22367 Introduce a workflow to automate preview releases, including version determination, testing, and publishing on success.
* Developer tools and code standards
- #22711 Update to use the automation user for committing built Vue files, ensuring that subsequent actions, such as tests, are triggered correctly after these commits.
- #22421 Aligned the project with the Matomo coding standards repository to ensure consistent code quality and formatting across the codebase.
- #22488 Test fixes for TiDb; improve test stability across DB engines.
- #22648 Improve console message handling by allowing single strings to be passed directly.
- #22610 Update DOMPurify to 2.5.6.
- #22679 Enable automatic NPM updates using Dependabot, limited to minor and patch versions.
* Archiving improvements
Matomo introduces key enhancements to the archiving process to improve performance, reliability,
and flexibility for both on-premise and cloud users:
- #22546 Optimised segment archiving: The –skip-segments-today flag in the core:archive command now prevents invalidations
for segments not only for the current day but also for higher periods (week, month, year).
This ensures faster and more efficient archiving by skipping unnecessary updates.
- #22400 Smarter archiving for recent data: The system now avoids reprocessing yesterday’s data if an archive
built after midnight already exists or if another archiving process started after midnight is still running.
This reduces redundant work and speeds up archiving operations, particularly for users managing high-traffic environments.
- #22435 Configurable recovery for failed archiving: A new recovery timeout setting, archiving failure recovery timeout (in seconds),
allows users to configure retries for interrupted archiving processes.
This ensures that archiving can resume automatically after disruptions, enhancing reliability and minimising manual intervention.
* Tracking
- #22728 Add 3D printing files to download extensions (STL, OBJ, 3MF and PLY.
- #22549 Enable support for Chrome’s formFactors client hint in Matomo’s JavaScript Tracker.
- #22334 Updated the ResponseBuilder to return a 404 status code when a non-existing method is requested.
OBS-URL: https://build.opensuse.org/request/show/1230770
OBS-URL: https://build.opensuse.org/package/show/network:utilities/matomo?expand=0&rev=133
This release contains some security fixes.
* matomo-org/matomo
- #22562 Limit length of annotations to 255 characters and sanitize
- #22589 Add information about risks associated with giving super user access to a user
- #22536 [Bug] Illegal mix of collations with MariaDB 11.5+
- #22592 Limit date ranges that end far in the future
OBS-URL: https://build.opensuse.org/package/show/network:utilities/matomo?expand=0&rev=131
2024-09-27 06:49:34 +00:00
5 changed files with 284 additions and 8 deletions
Sun Aug 31 08:40:34 UTC 2025 - ecsos <ecsos@opensuse.org> - 5.4.0
- Update to 5.4.0
* Privacy and Security
- #19961, #23400: Superusers can enforce strong password requirements to improve account security
and reduce the risk of brute-force attacks.
- #23356: Password input fields now automatically clear after 10 minutes of inactivity by default,
reducing the risk of leaving sensitive data exposed. Developers can configure the timeout per field instance if needed.
- #19839, #23294: Users are prevented from using their current password to set a new password.
- #23425, #20102: A new scheduled task notifies superusers of accounts inactive for 180 days,
and improvements to the password reset process prevent user enumeration by standardising error messages.
- #13654, #23320: Improved the password reset process to prevent possible user enumeration.
- #23330: Improved usability by adding automatic focus to password confirmation fields.
- #20677, #23335: The API now supports passing authentication tokens via the standard Authorization: Bearer token HTTP header.
- #23354: Token authentication has been improved with new expiry and notification features.
- #12278, #23321: Resolved an issue that could expose internal server IPs in redirect headers.
- #19480, #23317: Replaced ssl:// with tls:// in HTTP connections to strengthen security.
- #23318: Migration details during core updates are now protected by a token,
ensuring only the user performing the update (or someone with the token) can view them.
- #23324: Improved security by hiding sensitive parameters from stack traces on PHP 8.2+.
- #23304: Matomo now logs a warning for insecure HTTP requests when force_ssl is active.
- #3620, #23372: Error and exception handling has been restructured to improve security and clarity.
Stack traces are now only shown when explicitly enabled or in development mode,
file system paths to the Matomo root are redacted, and sensitive values are removed from exception messages.
The error page shown for unsupported PHP versions or missing Composer has also been improved.
- #23352: Improved security by redacting SMTP credentials from logs and error traces.
- #23385: Password confirmation fields now support custom IDs, avoiding duplicate IDs when
multiple password forms appear on the same page and improving accessibility.
- #23503: Updated the opt-out form to use event listeners instead of inline onclick attributes,
improving compatibility with stricter Content Security Policies.
* Reporting
- #23451: Requesting row evolution for flattened Page URL reports is now automatically redirected
to subtable row evolution to avoid excessive memory usage.
- #23505, #23506: The Hits metric is now available in the evolution graph.
- #21664, #23271: Goal reports now include a breakdown of conversions by individual social networks.
- #23347: Added a new API parameter show_dimensions that allows multi-level reports
to display each dimension in separate columns when using flat=1.
- #23456: Introduced a new copy component that enables duplicating reports and other entities such as Heatmaps.
This feature will be extended to additional report types in future releases.
- #23299: The and string in the Goal overview top dimensions is now translatable, ensuring full localisation support.
- #23291: Updated url_query_parameter_to_exclude_from_url to include LinkedIn clickID, preventing these parameters from appearing in Page URL reports.
- #19060, #23315: Resolved low-risk issue where the configuration option for email reports
now prevents showing the report owner’s username in the Reply-To header.
- #23452, #23453: Include Campaign names in Transition reports when either referer_keyword or referer_name is NULL.
- #23283, #23312: Fixed issue where ChatGPT visitors were showing in campaigns.
- #23417, #23448: Fixed eCommerce Overview comparisons that were incorrect.
- #23144: Remove token_auth from image graph urls in API response.
* Performance and Archiving
- #22450, #23421: New maintenance task added to clean up broken archives and keep database storage healthy.
- #23408: Fix invalidation processing for report specific archives for periods including today.
- #23309: Respect ts_archived when purging ERROR/ERROR_INVALIDATED archives
- #23413: Ensure partial archives are marked correctly.
- #23412: Metrics with zero values are now stored consistently, improving archive completeness and ensuring exports include all metrics.
* Measurables (Websites)
- #23277: Update styling and structure of the Create Measurable modal.
- #23488: Allow legacy/bc timezones when creating sites (through API).
- #23422: Allow filtering out sites by site types and allow selecting only sites for which the user has at least write access.
* Matomo User Interface
- #23496: Prevent rendering admin area when screen height or with is below 200px.
- #23264: Improve UI login screen.
- #23274: Refined dashboard top bar with new icons and consistent tooltips.
- #23279: Adds code to accept editURL parameter in ContentBlock.vue to link the title.
* Customisation
- #17451, #23268: Logo and favicon updates now only apply after saving, as expected.
* Compatibility and Requirements
- #23429: Matomo shows a warning when the database version in use has reached end of life.
This works for both MySQL and MariaDB, which now follow different versioning.
- #23410: Remove CASE/WHEN around aggregate function in favour of a simple boolean expression.
- #23220: Drop Flattr as a donation link option.
- #23261: Tweak regex for host checks.
- #23281: API responses using format=original now consistently return the Content-Type: text/plain header instead of text/html.
- #23336: Fix creation of MySQL optimizer hint comments for multiple hints.
* Matomo Tag Manager (MTM)
- #929, #1010: Add description for the History Change Trigger in Matomo Tag Manager.
- #989, #1019: Removed Save button from custom templates if a user does not have access to edit custom templates.
- #1011, #852: The headers for Container Components, Tags, Triggers, Variables, and Versions are now clickable, allowing quick access to each section.
- #1017: Adds the tooltip directive to the ContainerSelector to align with upcoming changes that standardise tooltip behaviour across dashboard headers.
Thu Dec 12 19:10:52 UTC 2024 - ecsos <ecsos@opensuse.org>
- Update to 5.2.0
* PHP 8.4
- #22471 Ensure Matomo is functional with PHP 8.4.
- #22693 Explicitly mark parameters as nullable where necessary,
eliminating deprecation warnings and ensuring compatibility with PHP 8.4.
- #22690 Replace the usage of Zend_Session_SaveHandler_Interface with the PHP built
in interface SessionHandlerInterface, which can be directly passed to session_set_save_handler.
- #22667 Fixes for PHP 8.4.
- #22803 Correct EOL dates of PHP versions.
* Security
- #22750 Enhanced security to manage secure access to the Matomo Installer. Learn more.
- #9152 Matomo will notify users by email when a login is detected from a different country
than the user’s usual login area.
- #14543 Matomo now includes a This Wasn’t Me link in password reset emails,
allowing users to cancel accidental or unauthorised password change requests
by deleting the reset link from the database.
- #22644 Improve handling for changing email of invited users where changing the email address
of an invited user did not invalidate the original invitation link.
- #20716 Restricted the ability to write annotations to users with ‘Write’ permission and adjusted the API accordingly.
- #7029 Migrate from md5 to sha256 in config/manifest.inc.php to enhance security.
* Marketplace plugins
- #22694 The marketplace cards now display the owner’s name for each plugin.
- #21003 Add console plugin:install command to automate the process of fetching and installing
the latest compatible version, replacing the manual wget-unzip method.
- #22559 Addressed performance slowdowns in the CustomVariables, Cohorts, and MarketingCampaignsReporting
plugins by adding the ability to enforce index usage during log aggregation.
# User Interface
* Admin settings
- #18667 When setting up 2FA in Personal > Security, the QR code remains securely hidden and only displayed on the user’s request.
- #22729 Introduce new configurable exclusion types for Global list of Query URL parameters to exclude.
Users can choose which parameters to exclude from tracking and reporting.
* All websites
- #18978 Add Total Hits for all websites and Total Hits per site.
* General
- #17784 Enhance the style for the AdBlock warning when starting the installation process.
- #19779 Improve title of Ecommerce Overview widget in the dashboard.
- #22668 Refine the workflow for number verification in mobile messaging and increase security on the code’s validity.
* Matomo Tag Manager
- #22484 Enhance the website deletion process to help users manage and export associated Tag Manager containers.
- #813 Improve the instructions displayed when installing Matomo Tag Manager.
- #910 Consent Management Platform tags for Axeptio, CookieYes, and OneTrust.
- #911 Add introductory explainer text to the container dashboard screen.
- #917 Implement a new copy feature for containers.
- #924 Implement a new copy feature for tags.
- #936 Implement a new copy for triggers and variables.
- #928 Disable the spell check in the Custom HTML tag > Custom HTML field.
- #938 Add new in-app links to FAQs on how to copy containers, tags, triggers, and variables.
* Reports
- #22646 Resolve correct handling of formulas in CSV export where website names starting with = and
containing null bytes were not properly escaped in CSV exports.
- #22344 Add the evolution graph and the segmented visit log to the Referrer report in Acquisition > All Channels.
- #22552 Update the Annotation API to disable automatic sanitisation, manually sanitise notes before storage,
limit annotation notes to 255 characters and add type hinting to ensure parameter correctness.
- #22462 Allow the sorting of email reports by description in API & UI.
- #22364 Added attribution information for eCommerce conversions to API responses and updated the visits log
to display attribution details for all conversion types in the action tooltip.
- #22279 Allow alphabetical sorting of goals in Manage Goals and all Goal-related reports.
- #22473 Standardised the order of goals in reports by sorting them by ID,
ensuring consistent display across databases and resolving test failures on TiDB.
* Database and configuration
- #22634 The database collation is now written to the configuration to ensure consistency between
the database connection and table collations, and to avoid issues when running the core:convert-to-utf8mb4 command.
- #22355 Refactored table optimisation logic to the Schema classes to account for differences in database engines (MySQL, MariaDB, TiDB).
For TiDB, where table optimisation is not supported, the feature is now deactivated.
- #22271 Aligned table and database creation to ensure consistent collation across engines,
addressing differences in sorting behavior between TiDB’s default utf8mb4_general_bin and MySQL’s utf8mb4_general_ci.
- #22485 Ensure utf8 is always used for load data infile on TiDB to resolve compatibility issues with the latin1 charset.
* Feature Management and Release Process
- #22221 Introduce a feature flag system to control the release of new features, ensuring stability by allowing code deployment without immediate visibility to users.
- #22367 Introduce a workflow to automate preview releases, including version determination, testing, and publishing on success.
* Developer tools and code standards
- #22711 Update to use the automation user for committing built Vue files, ensuring that subsequent actions, such as tests, are triggered correctly after these commits.
- #22421 Aligned the project with the Matomo coding standards repository to ensure consistent code quality and formatting across the codebase.
- #22488 Test fixes for TiDb; improve test stability across DB engines.
- #22648 Improve console message handling by allowing single strings to be passed directly.
- #22610 Update DOMPurify to 2.5.6.
- #22679 Enable automatic NPM updates using Dependabot, limited to minor and patch versions.
* Archiving improvements
Matomo introduces key enhancements to the archiving process to improve performance, reliability,
and flexibility for both on-premise and cloud users:
- #22546 Optimised segment archiving: The –skip-segments-today flag in the core:archive command now prevents invalidations
for segments not only for the current day but also for higher periods (week, month, year).
This ensures faster and more efficient archiving by skipping unnecessary updates.
- #22400 Smarter archiving for recent data: The system now avoids reprocessing yesterday’s data if an archive
built after midnight already exists or if another archiving process started after midnight is still running.
This reduces redundant work and speeds up archiving operations, particularly for users managing high-traffic environments.
- #22435 Configurable recovery for failed archiving: A new recovery timeout setting, archiving failure recovery timeout (in seconds),
allows users to configure retries for interrupted archiving processes.
This ensures that archiving can resume automatically after disruptions, enhancing reliability and minimising manual intervention.
* Tracking
- #22728 Add 3D printing files to download extensions (STL, OBJ, 3MF and PLY.
- #22549 Enable support for Chrome’s formFactors client hint in Matomo’s JavaScript Tracker.
- #22334 Updated the ResponseBuilder to return a 404 status code when a non-existing method is requested.
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
