Piwik 2.4.0 is a new major release of Piwik! This release is rated critical. Please update now.

After You Update

  • Use the forums if you have any question or feedback (free support)
  • Please help us spread the word about Piwik! Maybe you can write about the project on your blog, website, twitter, talk about Piwik Analytics at conferences, or let your friends and colleagues know what is Piwik. Already 1,150,000 websites have liberated their web analytics but we need your help to grow the community!
  • To improve Piwik in your language consider contributing to translations.
  • Contact Piwik PRO for any enquiry, custom development or to learn more about making the most of Piwik

Database upgrade

If you have not yet enabled the DeviceDetection plugin then this release will trigger a major database upgrade.

If the DeviceDetection plugin is already enabled in your Piwik server then this upgrade will not trigger any database upgrade.

Security fixes
We would like to warmly thank Security researchers Aron Molnar (XSEC infosec GmbH) for reporting a XSS vulnerability which we have fixed in 2.4.0. We also thank Andrea Palazzo and Jose Luis Zayas for their security recommendations which are now implemented in 2.4.0.

New FAQs and blog posts

List of 60 tickets closed in Piwik 2.4.0

  • #57 Better Data Insights. Show me what’s increased and decreased, movers and shakers (beta)
  • #5222 Remove Zeitgeist theme from Piwik and support only Morpheus
  • #5275 Tracking API: major performance improvements with Transactions, when using Bulk Tracking
  • #5394 Referrers overview: report labels should show more characters before truncation
  • #5314 Log Analytics: several performance improvements
  • #5212 New setting: enable Left Menu mode
  • #3770 LibreJS compatibility for piwik.js: free/libre license notice
  • #5192 Simplify / improve top menu
  • #5329 Enable DevicesDetection plugin by default
  • #5301 Developers: provide a simpler ScheduledTasks API
  • #5331 Developers: new hooks in Login: ‘Login.authenticate’, ‘Login.authenticate.successful’
  • #5360 Developers: new hook Live.makeNewVisitorObject for plugins to customise Visitor object
  • #5303 Switching metrics in row evolution view doesn’t work after changing report timespan
  • #5396 New parameters for the core:archive console command for power users
  • #4455 Change piwik URL to builds.piwik.org/piwik-latest.zip
  • #4363 Row Evolution shows wrong data when directory and file with identical names exist at same level
  • #5291 PiwikTracker PHP client: when bulk tracking, Custom variables are now reset after each request
  • #5306 php console core:update -> issue using Piwik 2.3.0
  • #5320 Calculation All Websites dashboard wrong
  • #5332 DataTable footer drawer does not expand when clicked
  • #5356 When a custom date range is requested, the timezone of the requested website may be ignored
  • #2900 When running piwik proxy php to hide footprint, IP address is not set correctly when the website being tracked is behind proxy
  • #4918 When 10 widgets request the same site + date + segment at once, check it is archived only once
  • #5263 make core:archive command compatibile with HHVM
  • #5266 htaccess should help apache serve HTML files properly with: AddHandler text/html .html
  • #5282 Include Meta tag IE=edge for best security practises
  • #5311 Ensure all directories in plugins/ are chmod 755, to serve html/scripts/images
  • #5344 New system check to alert user when session.auto_start = 1
  • #5366 Limits ability of different Piwik instances to cross-match users (privacy)
  • #4017 Detect requests from iTunes
  • #5025 Support for user-agent string from AFNetworking library (iOS)
  • #5343 Cron core:archive: make sure the PHP cli binary is at least 5.3.2
  • #5371 Piwik should work as expected when PHP setting session.hash_function has non default value
  • #5382 Make “Site Search” on “All Websites Dashboard” case-insensitive
  • #5384 piwik.js: new function setCustomRequestProcessing() to let you edit the tracking request before it is sent
  • #5393 Piwik.js: ability to register plugins to execute logic when a request is sent
  • #5387 New config setting: set the Scheduled report emails Reply-to field to Email and Alias name of report creator
  • #4870 Nightingale Media Player not detected correctly
  • #4872 API: get PageUrl returns same results for several day
  • #5007 Error when running cron:archive: Response was ‘Console ToolUsage: [options] command….
  • #5213 Website dropdown no longer appears
  • #5240 German translation incomplete in version 2.3.0
  • #5243 Visitor/locations: Map region selector to narrow
  • #5247 Long Segment names break segment listing layout
  • #5253 Error in “Database Usage” usage …
  • #5254 import_logs give a IOError: [Errno 29] Illegal seek when receiving log from pipe
  • #5255 IIS: web.config should allow to server HTM, HTML and SVG files.
  • #5256 Visitor Generator not working from console
  • #5262 Not well testable php class method URL::redirectToUrl($url)
  • #5268 2.3.0: Visitors in Real-time widget, incorrect page title display
  • #5281 invalidateArchivedReports $dates issue
  • #5297 Remove plugins/Zeitgeist/ plugin from filesystem on upgrade
  • #5322 Incorrect domain age reported
  • #5349 Warning: syntax error, unexpected $end, expecting ‘}’ in config.ini.php in libs/upgradephp/upgrade.php
  • #5354 Dropping outdated archives can timeout on huge Piwik instances
  • #5358 Auto archiving: all websites should be archived at least once per day
  • #5370 DBStats: Call to a member function getColumn() on a non-object in core/DataTable/Filter/ColumnCallbackAddColumnQuotient
  • #5383 getVisitorProfilePopup: error on empty data
  • #5388 FatalError – subDay() in API.php
  • #3651 Support user agents of PIM clients (calendar, email) and feed readers (RSS, Atom)
  • #5339 hardcoded user in permission error

Did you know you can get involved in the project? Piwik needs you to provide the best open alternative to Google Analytics.