We are proud to announce Matomo 4.12.0: a new release of Matomo Analytics.

What’s new?

This is a maintenance release improving the stability, reliability and security of Matomo. Important features have been added to ensure Matomo works well with modern browsers, including supporting Client Hints and a new approach to allowing users to opt-out of tracking that doesn’t use iFrames. In Matomo 4.11.0 we introduced a new, more secure approach to adding new users by sending them an email with a link to accept your invite. In Matomo 4.12.0 you can now access the link to accept the invite with “Copy Link” button.

We are grateful for all community members who reported feedback and suggestions, our awesome team of translators for their work, and our Premium features customers and Matomo Cloud hosting customers for their amazing support.

142 tickets have been closed by more than 20 contributors!

After You Update

  • Please help us spread the word! Maybe you can write about the project on your blog, website, twitter, talk at conferences or let your friends and colleagues know what is Matomo. Already 1,000,000+ websites are keeping full control of their web analytics with Matomo!
  • Use the forums if you have any question or feedback (free support),
    or purchase a Support Plan to get professional support and guidance.
  • To improve Matomo in your language consider contributing to translations.
  • You can also support our efforts by purchasing valuable Premium Features for Matomo or try our Matomo Cloud solution.

Security release

This is a major security release.

Several moderate and low impact security fixes are included in this release. Moderate impact fixes include preventing an XSS vulnerability when using the Widgetize plugin – it was possible to inject javascript code through angular template injection, and an issue where an anonymous user could export a CSV report which, when imported in Microsoft Excel or similar applications could inject commands into reports.

Low impact security improvements include checking the two factor authentication (2FA) status of API requests made by the current session using `token_auth`, and extra escaping in the Overlay module to prevent a possible XSS attack.

These issues were responsibly disclosed to our Security team. Our security bug bounty program welcomes & rewards researchers who discover and responsibly report to us any security issues found in Matomo or any of the plugins created by Matomo/InnoCraft.

Database upgrade

This release does not contain any major database upgrade.

Platform Changes

Matomo is an open analytics platform. In an effort to help Matomo developers learn about improvements and changes in the core APIs, we document the changes since the last release.

In this 4.12.0 release there are breaking changes, new PHP Events, new Javascript Tracker API options, and new Privacy opt-out options. Read more in Platform Changelog for Developers to see all changes to the platform and APIs.

Note: the Marketplace showcases more than 90 plugins already compatible with Matomo and this is just the beginning. Matomo is your universal data analytics platform!

New and updated SDKs (Tracking API Clients)

The Matomo team offers official SDKs (Tracking API Clients) for measuring your mobile apps and any other kind of apps.

New and updated guides and FAQs

New:

Updated:

Need help upgrading Matomo?

Read the Updating Matomo user guide or for more help we offer paid support plans.

List of 142 tickets closed in Matomo 4.12.0

We are together creating the best open analytics platform in the world. You can help make Matomo even more awesome by getting involved in Matomo!