Piwik Response to ZF2012-01 Security Advisory

The current version of Piwik (1.8.2) is not affected by this vulnerability. Piwik neither uses nor includes the XmlRpc component from Zend Framework. Piwik users are, however, encouraged to upgrade to the latest versions of Piwik and PHP to take advantage of new features and bug fixes. References: ZF2011-01: Local file disclosure via XXE injection [...]

Marketing and Community Coordinator Wanted for Piwik!

The Piwik team invites interested individuals to apply for the volunteer position of Marketing and Community Coordinator. Growing Open Source Project Looking for a Marketing Leader! If you are an active Piwik user, if you have a flair for communications, marketing, and/or business development, if you enjoy writing good web content or blog posts, if [...]

Piwik Response to ZF2011-02 Security Advisory

The current version of Piwik is not affected by this vulnerability. Since version 0.5 (released December 2009), Piwik checks (and sets, if required) the MySQL connection charset to UTF-8. Piwik users are, however, encouraged to upgrade to the latest versions of Piwik and PHP to take advantage of new features and bug fixes. Reference: ZF2011-02: [...]

Piwik Response to CVE-2011-3791

The path disclosure weakness described in CVE-2011-3791 does not affect Piwik 1.1. Beginning with Piwik 0.6.3 (released June 2010), the installer creates Apache .htaccess and IIS web.config files to prevent direct access to .php files. Users upgrading from an earlier beta version of Piwik, or using a different web server, should consult their web server’s [...]

Piwik 1.5 – Security Advisory

The Piwik 1.5 release addresses a critical security vulnerability, which affect all Piwik users that have let granted some access to the “anonymous” user. Users should upgrade immediately. Description Piwik 1.5 contains a remotely exploitable vulnerabiliy that could allow a remote attacker to execute arbitrary code. Only Installations that have granted untrusted view access to [...]

Piwik 1.2

Piwik 1.2 is a significant update that fixes bugs and adds new features, including first party cookies and custom variables.

It contains many database schema changes so please be careful when running the Update script, do not click multiple times and give it some time to finish. On large Piwik setups, make sure to run the Update Script from the Shell!

Please read the notes below. Enjoy!

Breaking Changes in the JS API

• The deprecated JavaScript API methods setDownloadClass() and setLinkClass() have been removed. Please use setDownloadClasses() and setLinkClasses(), respectively (introduced in Piwik 0.4.2). setCustomData was also deprecated, you can now use setCustomVariable
• The configuration setting, “reverse_proxy”, has been renamed to “assume_secure_protocol”. If your config/config.ini.php contains “reverse_proxy=1″, simply change this to “assume_secure_protocol=1″.

• Deprecated setting “use_first_referer_to_determine_goal_referer” which is now a JS API method (see setConversionAttributionFirstReferrer() in conversion attribution js doc)

See also the new  FAQs & How to:

• How do I track several websites, domains and multiple subdomains in Piwik?
• Subdomain tracking Piwik
• The JavaScript tracking API has been enhanced as well.
• and check the Blog post for more information about the new features in 1.2!

After You Update

• You may notice an uptick in unique visitors as return visitors are switched over to first party cookies.
• If you are using cron-based archiving, make sure the archive.sh script has execute (x) permission set for the cron user.
• Please use the forums for support.

List of issues fixed in this release

• #1363    New Api function Actions.getPageUrls to make it easy to search for a given URL or path
• #409     Implement first party cookie in Piwik
• #1736     Segmentation in API
• #1984     Custom Variables support: new JS API and new reports
• #1916     Fix Edge case: each page is a new visit
• #1698     archive.sh compatible with Freebsd (using /bin/sh instead of /bin/bash)
• #1973     Work around php bug #53632 (CVE-ID: 2010-4645)
• #1974     Archiving doesn’t work anymore on 1.1.x with the cron script
• #1965     Can’t install automatically piwik 1.1.1 on some php 5.2 setups
• #2056     Mails are again sent to the superuser and not to the creator
• #1991     Goal matching regex – test for regression
• #1966     Live! plugin performance issues
• #2078     piwik.js: enableLinkTracking() not working in Safari/Chrome/Webkit
• #1765     update to ZF 1.11.3
• #1780     Missing index in mysql table piwik_options
• #1625     CSS3 Support for IE 8 with CSS3PIE
• #1373     Visitor Generator should update website ts_created field with earliest date
• #1460     Workaround broken mod_security rules causing Piwik to not track visits
• #334     UI: click on Next/Previous should scroll up for subtables
• #1888     Piwik_Period_Day->toString() should support variable formats
• #173     API responses sub tables should contain same metrics as parent tables (filters should be applied recursively)
• #2018     PDF font text appear white in PDFs when read in google PDF reader
• #555     UI: Widgets are too wide in dashboard:”goals” and “advanced” table view should be disabled in the dashboard
• #1961     Reports do not send whilst set to a daily basis
• #2115     piwik.js: configTrackerUrl cannot contain a “?” for GET request method
• #1556     Installation – english labels inconsistency
• #1709     Visitors > Settings > Wide screen report Mobile/Tablet screens
• #752     piwik.js: Tracking middle clicks automatically (they do not fire onclick event)
• #1553     Tracker API improvements : enable set IP and set server date & time
• #1940     Detect output compression conflict
• #1382     Sites Manager and Users Manager – Save Confusion
• #1417     Disable tree-like structure in Actions>Page titles report
• #1388     Page URLs should not record the hash part of the URL
• #1600     Action datatables should use integer indexes rather than string indexes (smaller size and faster access)
• #2015     Clarify reverse_proxy vs proxy headers
• #1947     Live! real time reorders last visitors on display
• #2027     Grey out the ‘Update’ button after click to prevent multiple starts of update
• #2007     Performance: don’t store md5 as strings in the log tables
• #2046     Installation: improve “Re-use existing tables”
• #2067     Remove alpha/transparency layer from icons
• #1827     Review use of preg_* functions on long strings
• #2106     javascript: json2 and jslint updates
• #1951     Add sentence to give count of Users and Websites at top of page
• #1980     UI: Piwik admin UI should be consistent with main app (color, styles)
• #1898     Page Titles report should be as complete as Page URLs report
• #1803     Add a column “Alias” to Manage Users Access
• #1740     UsersManager: Sort list of websites alphabetically
• #739     piwik.js enhancements
• #2061     Allow Users API to return specific users, rather than the full list
• #2062     New API UsersManager.getUsersWithSiteAccess(idSite, access)
• #2042     Add ‘category’ field to Websites, to allow easier bulk access management
• #2068     Live! widget to work when embedded on a third party page with token_auth
• #2051     PDF: usability – disabling of scheduled reports
• #2099     UserAgentParser: misdetect Shiira and Safari
• #2100     All websites dashboard config setting to set number of websites per page (50 by default)
• #1107     Tracker: consecutive goal conversions from same visitor create new visit
• #1950     Compressed assets not being removed on update
• #1963     PDFReports: cron task stops with Error: Object of class Piwik_Date could not be converted to int (piwik/core/Date.php on line 47)
• #1962     Object doesn’t support property/method in piwik.js and IE7
• #1967     Install doesn’t work on free.fr (using 5.1.3RC4)
• #1970     Add new user fails with message “The login has to be between 3…”
• #1977     Consistency check fails for few files in some cases
• #1976     Yandex search referers not tracked properly
• #1968     Add cache busting string to download URL
• #1979     Regression: UsersManager> Apply to all websites not working
• #1829     Improve UI speed: cancel ajax requests on menu click
• #1981     Scheduled PDF Reports very slow when thousands of websites in Piwik
• #1993     SecurityInfo plugin: fileperms error with session.save_path
• #1998     Performance Tracker: delete column and INDEX and reuse another one
• #2001     Creation of directory /tmp/templates_c while using api
• #1958     Broken json extension: Login not working in 1.1.1 for some users
• #2004     SEO: Yahoo siteexplorer no longer expects URLs to be prefixed by http://
• #2002     Performance: Denormalize one logging table
• #2006     Countries/Continents: .cy Cyprus is in EU
• #2020     Show ‘DB upgrade’ message on update, only when there is a schema update
• #2023     SEO – Domain Age no longer fetching age
• #2022     Actions > Exit/Entry pages Next/Previous links a bit buggy
• #1949     Bug in yearly archiving in very rare case
• #1848     ’No data in this category. Try to “Include all popu…’ when accessing a subtable after pagination in Page URLs or Page titles reports
• #2026     UI: Pages DataTable, many similar http requests triggered
• #2047     DBStats: mysql_connect() dependency
• #2052     Creation of PDF reports fails in some cases, uses too much memory
• #2069     Exit rate should use visits to the page, not hits
• #2093     PDF Reports don’t use user’s language
• #2054     Live plugin: Incorrect representation of the Week results under “Visitors – Visitors log”
• #2076     Visitor Log month view is incomplete
• #1988     All websites report should not show unique visitors column for ‘year’

Piwik 1.1 – Security Advisory

Multiple XSS vulnerabilties are fixed by the Piwik 1.1 release. Description: CVE-2011-004. Piwik versions prior to 1.1 are vulnerable to multiple XSS vulnerabilities, both persistent and reflected. This security update is rated critical, and Piwik users are strongly encouraged to update to the latest version of Piwik. The Piwik project and community thanks Stefan Esser [...]

Piwik 0.5.4 Remix by Parallels – Security Advisory – Updated

Sites using the APS package of Piwik 0.5.4 (which we are referring to as, “Piwik Remix by Parallels”, per our trademark policy) may be vulnerable to a shared salt value which may allow an attacker to spoof trusted cookies or nonces. This is a third-party issue, specific to this APS package. The vendor has ceased [...]

Piwik added to Windows Web App Gallery

Piwik is now available on the Windows Web App Gallery, joining the ranks of WordPress, Acquia Drupal, Moodle, Joomla, and phpBB! IIS users can install these (and dozens of other web apps) using Web Platform Installer (aka Web PI or WPI) or WebMatrix. Our thanks to the IIS, Web Platform and Tools team at Microsoft [...]

Piwik Response to ZF2010-07 Security Advisory

No Piwik releases up to and including Piwik 0.6.4 are affected by this advisory as the Dojo bundle is not included in the Piwik distribution (or svn). Piwik users are, however, encouraged to upgrade to the latest version to take advantage of new features and bug fixes. Reference: ZF2010-07: Potential Security Issues in Bundled Dojo [...]

Piwik 0.6.4 Security Advisory CVE-2010-2786

An arbitrary file inclusion vulnerability is fixed by the latest Piwik 0.6.4 release. Description: Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote file inclusion using a directory traversal pattern in a crafted request for a data renderer. This vulnerability is rated critical, and Piwik users are strongly encouraged to update to the latest [...]

Piwik 0.6

Happy Cinco de Mayo! The Piwik team is pleased to announce the immediate availability of Piwik 0.6.  Please update at your earliest convenience to receive the latest features, bug fixes, and support.

Major Changes in this Release:

• Exclude webmaster visits by IP
• Exclude URL parameters
• Configurable timezone and currency

In addition to bug fixes, enhancements, maintenance, and refactoring, a low risk XSS vulnerability was fixed in the Login form.

Thank You:

A special thanks to Matthieu, who has taken time off from paid employment, to code full-time on Piwik. As a result, Matt was able to tackle some large scope, long outstanding TODO items, and move us that much closer to 1.0.

Other contributors to this release include Anthon (vipsoft), lmeyer, halfdan, eagle, and pebosi.

And a big thank you to all the community members who submitted bug reports, feature requests, and feedback on the 0.6-rc1 release candidate.

Tickets closed in this milestone:

• #41 - Plugin to exclude / include only some Urls parameter
• #43 - Plugin to exclude the webmaster based on IP or IP range
• #56 - Support for editing the site timezone
• #401 - define website to load by default when loading the UI (on a per user basis)
• #526 – Each user should access a page to edit their info: alias, email, password.
• #835 - Provide language param for widgets calls to select the language to show reports
• #838 - LiveOverView Plugin
• #861 - Clearspring Piwik widgets export fails with message: “Thanks for trying Launchpad On-Page. Unfortunately, your user ID is invalid. Please check it and try again.”
• #882 - Piwik_Query() throws exception when used in a Tracker event hook
• #1001 - currency for each website
• #1026 - AnonymousVisits – alternate plugin to exclude storing IP addresses
• #1137 - Empty sparkline with floats
• #1149 - Move some useful settings from file to DB and editable via UI
• #1160 - Include Piwik in SimpleScripts Script
• #1172 - Move Team Profiles to its own page
• #1206 - CorePluginsAdmin – should load translations for third-party plugins
• #1212 - Views should not expect translation strings to have trailing whitespace
• #1214 - Publish a meet the Piwik Team post
• #1215 - “File size mismatch” warning with a modified robots.txt
• #1216 - Auto refresh the MultiSites report page only if date range includes Today
• #1217 - Feedburner arrows are not displaying correctly
• #1219 - UserAgentParser : Windows Server 2003 vs Windows XP 64-bit
• #1220 - Last visits graph -SQLSTATE[42000]: Syntax error
• #1222 - Document plugin getInformation() and the version number policy
• #1227 - archive.sh script should loop over all websites and trigger archiving in a separate request for each
• #1229 - New version update message different for non super user
• #1236 - Can’t login because nonce regenerated by double page load
• #1238 - improve detection of msn bot
• #1241 - Refactor http client methods out of Piwik.php
• #1242 - Call to protected method Zend_Config::_loadFileErrorHandler()
• #1247 - Can’t login because getLocalReferer() doesn’t handle reverse proxies
• #1248 - Remove Installation charset warning and related translation strings (deprecated)
• #1250 - Installation regressions
• #1251 - Tracker regressions
• #1256 - Super user login can contain special characters
• #1257 - Parameter &url redirection behaves different in 0.5.5
• #1261 - add: SitesManager getIdFromSite()
• #1264 - Visit generator not recording visits
• #1267 - New Search engine: sogou.com
• #1268 - API: exit_bounce_count is the same as entry_bounce_count and should be deprecated
• #1269 - Piwik XSS
• #1273 - Piwik 0.6: docs & faq updates
• #1275 - ZF 1.10.3 update
• #1276 - Allow websites to have URLs with é è à
• #1277 - Icon of 123people.de
• #1280 - Plugins tab loses selected state
• #1286 - SearchEngine maintenance
• #1292 - Deprecate/remove Piwik_Quote()
• #1293 - UserAgentParser: Nintendo DS/DSi: OS not detected; parses wrong Opera version
• #1298 - Provide Login help text when nonce / local referrer fail verification
• #1303 - Unit test regressions
• #1304 - Delete dashboard settings when deleting user
• #1306 - Add tracker hook to set idSite
• #1308 - Delete user language settings when deleting user
• #1309 - Update Smarty
• #1310 - Security Plugin fails to recognise suhosin patch
• #1312 - set_include_path cannot override php_admin_value include_path
• #1313 - Adding missing search engine favicons
• #1321 - Missing currency (VEF: Venezuelan Bolivar Fuerte) in trunk
• #1326 - Installation failed on step 7

Piwik 0.6 – Security Advisory to CVE-2010-1453

A non-persistent, cross-site scripting vulnerability (XSS) was found in Piwik’s Login form that reflected the form_url parameter without being properly escaped or filtered. To exploit this vulnerability, the attacker tricks a Piwik user into visiting a Login URL crafted by the attacker. While this is a low risk threat, Piwik users are encouraged to update [...]

Piwik 0.5.5

Announcing Piwik 0.5.5. As always, please update to the latest version to receive the latest features, bug fixes, and support.

New Features

• #692 – AnonymizeIP plugin to mask the IP address of your visitors.
• #908 – add a hook to allow plugins to define the website ID to load by default when going to stats
• #1097 – Installation/Update: file integrity check to report missing or corrupt files
• #1129 – Tracker: table index enhancements

Bug Fixes

• #59 – Feedburner plugin update
• #987 – ArchiveProcessing: duplicate idArchive
• #1011 – Provider plugin now limits row count to 500
• #1027 – IE7/IE8 Add a widget (Widgetize) bugs
• #1041 – Keyworks that don’t link to search engine page results are now not linked, as expected
• #1061 – non-processable GET-parameter throws error message
• #1071 – get/save language preference
• #1082 – Actions plugin: cannot use object of type Piwik_DataTable_Row as array
• #1087 – Multisites: date range selection in the calendar is be the largest available across websites
• #1089 – sync up DDL with schema update script
• #1090 – “Display JavaScript Tag” always showed name of first website
• #1100 – handle malformed dashboard layout
• #1109 – undefined function error in Goals manager
• #1114 – all actions incorrectly labeled as Page Views?
• #1115 – MultiSites: handle single quote(s) in site name
• #1120 – refinements to the Live! plugin
• #1132 – Epiphany misdetected as Safari
• #1127 – evolution always shows 0% when current visits is 0
• #1136 – handle byte count and other shorthand notation for memory limit
• #1137 – libs/sparkline: rendering bugs with small values or ranges
• #1151 – update to the Update welcome page: displaying full list of SQL queries to execute
• #1193 – non-javascript tracking now disabled by default, possibility to record non-JS visits by appending &rec=1 to the beacon
• #1196 – typos / refactoring of css
• #1147 – plugin enable, disable, dashboard layout save and visit generator operations protected by the token_auth
• - refactoring of the Login controller and views, and fixing the redirect logic

Maintenance

• #445 - added a few .htaccess files to override overly permissive Apache configuration (e.g., directory listing, direct access to .php files)
• #991 – redirect to Installation plugin’s welcome screen if database connection credentials fails (instead of an exception and a backtrace)
• #1067 – page titles and for page URLs can now use a different delimiter
• #1068 – internationalize the Goals plugin
• #1091 – Feedback UI improvements
• #1092 – provide workaround if parse_ini_file() is disabled; replacement function by Andrew Sohn
• #1096 – plugin descriptions should be translateable
• #1098 – auto-refresh the Multisites report
• #1099 – added MySQL client/server version compatibility check
• #1101 – numbered args in translations should be %1$s, %2$s, etc.
• #1110 – handle IPv4-mapped addresses; detect IPv6 addresses at Installation
• #1119 – remove out-of-date translations of password recovery email body
• #1122 – E_STRICT clean-up in plugin API files
• #1123  – reogranize browser families; convert WebKit versions to corresponding Safari product versions
• #1133 – add ‘charset = utf8′ to configuration file on new installs (or reinstalls where tables are deleted) when client/serve charset mismatch detected
• #1135, #1174 - more search engines
• #1150 – outdated reports should be displayed rather than no data at all
• #1155 – cookie path can now be defined in config.ini.php or in global.ini.php
• #1156 – document SPL and Reflection requirements
• #1163 – Palm Pre/Pixi detection
• #1165 - UserSettings unit tests coverage expanded
• #1167 – UserAgentParser issued
• #1175 – update to Zend Framework 1.10.2
• #1176 – update to Smarty 2.6.26
• #1178 – remove unused/obsoltete  json.js
• #1179 – JavaScript API should have trackPageView(title)
• #1181 – first day of stats, select today by default instead of yesterday
• #1182 – coding style changes to Live plugin
• #1191 – PHP 5.2.0 syntax issue
• #1195 – comment typo in _pk_translate function
• #1200 – on successful login, Piwik should redirect to the referer URL only if it is a Piwik URL
• #1202 – utility nonce functions for the plugin framework
• - piwik.js has been YUI-compressed since Piwik 0.4; with 0.5.5, you can now use js/index.php to serve up a deflate/gzip compressed piwik.js if your web server doesn’t have mod_deflate or mod_gzip (8.3K vs 3.5K)

Anthon and Matt contributed the bulk of changes for this release.  Thanks also go out to Andrew Sohn, feyp, halfdan, jr-ewing, masterkeedu, pebosi, and yareckon for patches.

Piwik Response to Zend Framework Security Advisory ZF2010-01

Piwik 0.5.4 (released Dec. 18, 2009) and earlier versions are not affected by this security advisory to Zend_Log (disclosed Jan. 11, 2010) because Piwik uses UTF-8. Furthermore, Piwik is not affected by security advisories ZF2010-02 through ZF2010-06 because Piwik uses a subset of ZF which does not include Zend_Form, Zend_View, Zend_Dojo, Zend_Filter, Zend_File, Zend_Service, or [...]

Piwik 0.5.4

Merry Christmas! Welcome to another update of your favorite open source, real-time web analytics platform! Piwik 0.5.4 is a maintenance release addressing a couple of bugs that some users have experienced.

Bug fixes

• #1086 Ability to save URLs longer than 255 characters
• #1082 Addressing the Cannot use object of type Piwik_DataTable_Row as array error
• #1081 Fixing NOTICE error written out to the error log

Piwik 0.5.2

New Features

• #389 – MultiSites plugin – this plugin provides a multi-site, bird’s eye view of ALL your sites. An “All Websites” link is added to the top navigation bar. Note that it would have performance issues if your Piwik has more than a few hundreds registered websites. See live demo on piwik.org.
• #1055 – SecurityInfo plugin – based on PhpSecInfo from the PHP Security Consortium, this plugin provides security information about your PHP environment and offers suggestions for improvement. It is not Piwik-specific. However, it is a useful tool in a multilayered security approach. As such, it does not replace secure development practices nor audit the code/application.

Bug fixes

• #1060 – JSON parse error for Goal descriptions containing double quotes.
• #1065 – Internet Explorer: JSON error when reloading page with Flash
• #1069 – Dashboard loading error when referencing a widget that no longer exists in an enabled plugin
• #1062 – Internet Explorer 8: subtables don’t expand with jQuery 1.3.2; quick fix using IE7 compatibility mode
• #1074 – error messages in Live Controller index()
• Incorrect locale for Albanian translation

Maintenance

• #1072 – wrap plugin author name with author_homepage (instead of homepage)

Thanks to pebosi, python, and SvenL for patches.

Piwik 0.5.1

This is a follow-up release to address some portability issues raised in the recent Piwik 0.5 update.

Translations
Kristalin Chavdarov and Besnik Bleta contributed new translations, bringing the total to 32. Please contact Noah to assist with new translations and updates (more information on http://piwik.org/translations/).

• Adding Bulgarian and Albanian
• Updating Catalan, Finnish, and Dutch

Bug Fixes

• Live! plugin – idaction column renamed to idaction_url
• Dashboard should exclude disabled widgets — fix for pre-PHP 5.2
• archive.sh exits early if php5 not found (and script invoked with -e)
• Fixed create a goal was setting goal type to undefined
• Fixes #1060 JSON Parse Error in the Goals details page

Maintenance

• Embed Flash functionality restored to Widgetize
• Recognize additional search engines

Thanks to blueyed for patches.

Piwik 0.5, response to “Shocking News in PHP Exploitation”

The Piwik project acknowledges its exposure to the cookie exploit vulnerability described in Stefan Esser’s presentation, “Shocking News in PHP Exploitation“. The potential security vulnerability exists in all versions of Piwik prior to version 0.5. While no exploit code has been posted, this is a serious threat given Piwik’s increasing popularity. As such, we strongly [...]

Piwik 0.5

The Piwik development team is releasing Piwik 0.5 to address issues with performance, PHP 5.3.1 compatibility, and a potential security vulnerability in earlier versions of Piwik. We strongly encourage all Piwik users to update. In addition, users will also benefit from new features and bug fixes in this release.

Automated update
The automated update was inadvertently broken in 0.4.4 and 0.4.5. If you are running either of these versions, please update manually to 0.5 (see How to update Piwik manually?), preferably by installing Piwik in a fresh folder. Our apologies for the inconvenience.

Security
In disclosing this security risk, we urge all Piwik users to update to this release as soon as possible. If you are unable to update at this time, you should make the following changes immediately to secure your Piwik installation:

• In “core/Cookie.php“, apply this patch
• Remove the third-party file “libs/open-flash-chart/php-ofc-library/ofc_upload_image.php” (if it exists). (Reference: SA37078 advisory)

A special thanks to security researcher, Stefan Esser of SektionEins, for his assistance.

New report

This release adds a new report to “Actions | Pages” which displays the page Title.  There are now two page reports, Page URLs and Page Titles. The page title can be set via setDocumentTitle(). (Refer to Piwik’s JavaScript tracking API for more info.) In addition, this release addresses a significant table index bottleneck experienced by the largest Piwik instances. As a result of this performance enhancement, this release contains a schema update. If you have a large Piwik database, updates might take too long to run in the browser. If this situation applies to you, you can execute the updates from the shell (command line), e.g.,: $ php path/to/piwik/index.php.

Live! plugin

The “alpha” version of the “Live!” visitor plugin has also been updated, thanks to jr-ewing. To activate this plugin, go to “Settings | Plugins” and click on the “Activate” link. This will allow you to add a live visitor widget to the dashboard, and access the “Visitor Log” report from the menu. Please test-drive this plugin and provide feedback on the forum for further improvement. This is a beta release only.

New Features

• #530 – Report actions by html page title as well as reporting by URL (or custom page name)
• #708 – Hash the “name” column (using CRC32 algorithm) to speed up the SELECT idaction in piwik.php
• #997 – widget+data loaded in a single fetch cutting round-trip delays (latency)

Bug Fixes

• #693 – Visit Generator should ask for user confirmation before generating data
• #905 – tag cloud line breaks
• #947 – truncated translation string in Flash widget when “no data”; this is now styled consistently with “no data” for tables and tag clouds
• #959 – Show website name in UI when displaying JavaScript tracking code
• #967 – non-superuser admin could reduce own access to view/no access
• #981 – add ORDER BY NULL clause where order doesn’t matter (faster)
• #994 – set content type to application/JSON for OFC data feed
• #1004 – add/delete user after changing site selection causes FF to prompt re: resending information
• #1010 – auto-update failing
• #1012 – “Database usage” (DBStatus menu) not translated
• #1013 – html entities not decoded in User Country/Continent data tables
• #1020 – “Save image locally” (right-click pop-up menu) only worked for last chart; also close stream on ‘Export as image’ pop up window
• #1033 – archive.sh: readlink -f is not a valid option on FreeBSD
• #1034 – undefined variable after resetting password
• #1037 – URL match on ampersand fails on sanitized URL
• #1039 – Class Piwik_Apiable not found when updating from pre-0.2.10
• #1053 – suppress “add site” link for non-superuser
• checking for writable session.savepath

Maintenance

• #510 – update to jQuery 1.3.2 and jQuery UI 1.7.2
• #946 – some CSS cleanup
• #986 – handle Firefox variant user agent strings (eg development, alpha, or nightly builds)
• #1029 – replace thickbox 3.1 with jquery ui dialog
• #1049 – peephole optimizations (assignment to temporary variable before returning it)
• sync up with Zend Framework 1.9.6

Piwik core developers Anthon, Maciej, and Matt contributed the bulk of updates for this release, with patches from jr-ewing, kurakin, manne, ogs22, and pebosi. And of course, thank you to the Piwik community and sponsors for your continued support and feedback.