analytics/CHANGELOG.md
Vini Brasil 5152e8d416
Reject events with long URIs and data URIs (#2536)
* Reject events with data URIs

* Reject events with URIs longer than 2,000 characters

* Update CHANGELOG.md
2022-12-21 15:53:04 +02:00

15 KiB

Changelog

All notable changes to this project will be documented in this file.

Unreleased

Changed

v1.5.1 - 2022-12-06

Fixed

v1.5.0 - 2022-12-02

Added

  • Set a different interval on the top graph plausible/analytics#1574 (thanks to @Vigasaurus for this feature)
  • A tagged-events script extension for out-of-the-box custom event tracking
  • The ability to escape | characters with \ in Stats API filter values
  • An upper bound of 1000 to the limit parameter in Stats API
  • The exclusions script extension now also takes a data-include attribute tag
  • A file-downloads script extension for automatically tracking file downloads as custom events
  • Integration with Matomo's referrer spam list to block known spammers
  • API route PUT /api/v1/sites/goals with form params site_id, event_name and/or page_path, and goal_type with supported types event and page
  • API route DELETE /api/v1/sites/goals/:goal_id with form params site_id
  • The public breakdown endpoint can be queried with the "events" metric
  • Data exported via the download button will contain CSV data for all visible graps in a zip file.
  • Region and city-level geolocation plausible/analytics#1449
  • The u option can now be used in the manual extension to specify a URL when triggering events.
  • Delete a site and all related data through the Sites API
  • Subscribed users can see their Paddle invoices from the last 12 months under the user settings
  • Allow custom styles to be passed to embedded iframe plausible/analytics#1522
  • New UTM Tags utm_content and utm_term plausible/analytics#515
  • If a session was started without a screen_size it is updated if an event with screen_size occurs
  • Added LISTEN_IP configuration parameter plausible/analytics#1189
  • The breakdown endpoint with the property query property=event:goal returns custom goal properties (within props)
  • Added IPv6 Ecto support (via the environment-variable ECTO_IPV6)
  • New filter type: contains, available for page, entry_page, exit_page
  • Add filter for custom property
  • Add ability to import historical data from GA: plausible/analytics#1753
  • API route GET /api/v1/sites/:site_id
  • Hovering on top of list items will now show a tooltip with the exact number instead of a shortened version
  • Filter goals in realtime filter by clicking goal name
  • The time format (12 hour or 24 hour) for graph timelines is now presented based on the browser's defined language
  • Choice of metric for main-graph both in UI and API (visitors, pageviews, bounce_rate, visit_duration) plausible/analytics#1364
  • New width=manual mode for embedded dashboards plausible/analytics#2148
  • Add more timezone options
  • Add new strategy to recommend timezone when creating a new site
  • Alert outgrown enterprise users of their usage plausible/analytics#2197
  • Manually lock and unlock enterprise users plausible/analytics#2197
  • ARM64 support for docker images plausible/analytics#2103
  • Add support for international domain names (IDNs) plausible/analytics#2034
  • Allow self-hosters to register an account on first launch
  • Fix ownership transfer invitation link in self-hosted deployments

Fixed

  • Plausible script does not prevent default if it's been prevented by an external script plausible/analytics#1941
  • Hash part of the URL can now be used when excluding pages with script.exclusions.hash.js.
  • UI fix where multi-line text in pills would not be underlined properly on small screens.
  • UI fix to align footer columns
  • Guests can now use the favicon to toggle additional info about the site bing viewed (such as in public embeds).
  • Fix SecurityError in tracking script when user has blocked all local storage
  • Prevent dashboard graph from being selected when long pressing on the graph in a mobile browser
  • The exported pages.csv file now includes pageviews again plausible/analytics#1878
  • Fix a bug where city, region and country filters were filtering stats but not the location list
  • Fix a bug where regions were not being saved
  • Timezone offset labels now update with time changes
  • Render 404 if shared link auth cannot be verified plausible/analytics#2225
  • Restore compatibility with older format of shared links plausible/analytics#2225
  • Fix 'All time' period for sites with no recorded stats plausible/analytics#2277
  • Ensure settings page can be rendered after a form error plausible/analytics#2278
  • Ensure newlines from settings files are trimmed plausible/analytics#2480

Changed

  • script.file-downloads.outbound-links.js only sends an outbound link event when an outbound download link is clicked
  • Plausible script now uses callback navigation (instead of waiting for 150ms every time) when sending custom events
  • Cache the tracking script for 24 hours
  • Move entry_page and exit_page to be part of the Page filter group
  • Paginate /api/sites results and add a View all link to the site-switcher dropdown in the dashboard.
  • Remove the + Add Site link to the site-switcher dropdown in the dashboard.
  • DISABLE_REGISTRATIONS configuration parameter can now accept invite_only to allow invited users to register an account while keeping regular registrations disabled plausible/analytics#1841
  • New and improved Session tracking module for higher throughput and lower latency. PR#1934
  • Do not display ZZ country code in countries report PR#1934
  • Add fallback icon for when DDG favicon cannot be fetched PR#2279

Security

  • Add Content-Security-Policy header to favicon path

v1.4.1 - 2021-11-29

Fixed

  • Fixes database error when pathname contains a question mark

v1.4.0 - 2021-10-27

Added

Fixed

  • Fix weekly report time range plausible/analytics#951
  • Make sure embedded dashboards can run when user has blocked third-party cookies plausible/analytics#971
  • Sites listing page will paginate if the user has a lot of sites plausible/analytics#994
  • Crash when changing theme on a loaded dashboard plausible/analytics#1123
  • UI fix for details button overlapping content on mobile plausible/analytics#1114
  • UI fix for the main graph on mobile overlapping its tick items on both axis
  • UI fixes for text not showing properly in bars across multiple lines. This hides the totals on <768px and only shows the uniques and % to accommodate the goals text too. Larger screens still truncate as usual.
  • Turn off autocomplete for name and password inputs in the New shared link form.
  • Details modals are now responsive and take up less horizontal space on smaller screens to make it easier to scroll.
  • Fix reading config from file
  • Fix some links not opening correctly in new tab
  • UI fix for more than one row of custom event properties plausible/analytics#1383
  • UI fix for user menu and time picker overlapping plausible/analytics#1352
  • Respect the path component of BASE_URL to allow subfolder installatons

Removed

  • Removes AppSignal monitoring package

Changes

  • Disable email verification by default. Added a configuration option ENABLE_EMAIL_VERIFICATION=true if you want to keep the old behaviour

[1.3] - 2021-04-14

Added

Fixed

[1.2] - 2021-01-26

Added

Changed

Fixed

Security

[1.1.1] - 2020-10-14

Fixed

  • Revert Dockerfile change that introduced a regression

[1.1.0] - 2020-10-14

Added

Fixed

[1.0.0] - 2020-10-06

Added

  • Collect and present link tags (utm_medium, utm_source, utm_campaign) in the dashboard

Changed

  • Replace configuration parameters CLICKHOUSE_DATABASE_{HOST,NAME,USER,PASSWORD} with a single CLICKHOUSE_DATABASE_URL plausible/analytics#317
  • Disable subscriptions by default
  • Remove CLICKHOUSE_DATABASE_POOLSIZE, DATABASE_POOLSIZE and DATABASE_TLS_ENABLED parameters. Use query parameters in CLICKHOUSE_DATABASE_URL and DATABASE_URL instead.
  • Remove HOST and SCHEME parameters in favor of a single BASE_URL parameter.
  • Make Bamboo.SMTPAdapter the default as opposed to Bamboo.PostmarkAdapter
  • Disable subscription flow by default