How to verify signatures for Matomo release packages

We are proud to announce that Matomo (Piwik) releases will now be cryptographically signed using PGP following requests from several community members. In this post we will explain how you can verify the signatures of the Matomo release you downloaded, … Read More

Matomo Response to ZF2012-01 Security Advisory

The current version of Matomo (Piwik) (1.8.2) is not affected by this vulnerability. Matomo neither uses nor includes the XmlRpc component from Zend Framework. Matomo (Piwik) users are, however, encouraged to upgrade to the latest versions of Matomo and PHP … Read More

Matomo Response to ZF2011-02 Security Advisory

The current version of Matomo (Piwik) is not affected by this vulnerability. Since version 0.5 (released December 2009), Matomo checks (and sets, if required) the MySQL connection charset to UTF-8. Matomo (Piwik) users are, however, encouraged to upgrade to the … Read More

Matomo Response to CVE-2011-3791

The path disclosure weakness described in CVE-2011-3791 does not affect Matomo (Piwik) 1.1. Beginning with Matomo (Piwik) 0.6.3 (released June 2010), the installer creates Apache .htaccess and IIS web.config files to prevent direct access to .php files. Users upgrading from … Read More

Matomo 1.5 – Security Advisory

The Matomo (Piwik) 1.5 release addresses a critical security vulnerability, which affect all Matomo users that have let granted some access to the “anonymous” user. Users should upgrade immediately. Description Matomo (Piwik) 1.5 contains a remotely exploitable vulnerabiliy that could … Read More

Matomo 1.1 – Security Advisory

Multiple XSS vulnerabilties are fixed by the Matomo (Piwik) 1.1 release. Description: CVE-2011-004. Matomo (Piwik) versions prior to 1.1 are vulnerable to multiple XSS vulnerabilities, both persistent and reflected. This security update is rated critical, and Matomo (Piwik) users are … Read More

Matomo Response to ZF2010-07 Security Advisory

No Matomo (Piwik) releases up to and including Matomo 0.6.4 are affected by this advisory as the Dojo bundle is not included in the Matomo distribution (or svn). Matomo (Piwik) users are, however, encouraged to upgrade to the latest version … Read More

Matomo 0.6.4 Security Advisory CVE-2010-2786

An arbitrary file inclusion vulnerability is fixed by the latest Matomo (Piwik) 0.6.4 release. Description: Matomo (Piwik) versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote file inclusion using a directory traversal pattern in a crafted request for a data … Read More

Any questions?

Many answers and more information about Matomo you can find here:

We are social

Follow us: