Matomo (Piwik) 0.5.4 (released Dec. 18, 2009) and earlier versions are not affected by this security advisory to Zend_Log (disclosed Jan. 11, 2010) because Matomo uses UTF-8.
Furthermore, Matomo is not affected by security advisories ZF2010-02 through ZF2010-06 because Matomo uses a subset of ZF which does not include Zend_Form, Zend_View, Zend_Dojo, Zend_Filter, Zend_File, Zend_Service, or Zend_Json.
Matomo users are, however, encouraged to upgrade to the latest version to take advantage of new features and bug fixes.
Reference: Potential XSS vectors due to inconsistent encodings
