The Piwik development team is releasing Piwik 0.5 to address issues with performance, PHP 5.3.1 compatibility, and a potential security vulnerability in earlier versions of Piwik. We strongly encourage all Piwik users to update. In addition, users will also benefit from new features and bug fixes in this release.
The automated update was inadvertently broken in 0.4.4 and 0.4.5. If you are running either of these versions, please update manually to 0.5 (see How to update Piwik manually?), preferably by installing Piwik in a fresh folder. Our apologies for the inconvenience.
In disclosing this security risk, we urge all Piwik users to update to this release as soon as possible. If you are unable to update at this time, you should make the following changes immediately to secure your Piwik installation:
core/Cookie.php“, apply this patch
libs/open-flash-chart/php-ofc-library/ofc_upload_image.php” (if it exists). (Reference: SA37078 advisory)
$ php path/to/piwik/index.php.
The “alpha” version of the “Live!” visitor plugin has also been updated, thanks to jr-ewing. To activate this plugin, go to “Settings | Plugins” and click on the “Activate” link. This will allow you to add a live visitor widget to the dashboard, and access the “Visitor Log” report from the menu. Please test-drive this plugin and provide feedback on the forum for further improvement. This is a beta release only.
Piwik core developers Anthon, Maciej, and Matt contributed the bulk of updates for this release, with patches from jr-ewing, kurakin, manne, ogs22, and pebosi. And of course, thank you to the Piwik community and sponsors for your continued support and feedback.