[Bug 259850] www/matomo: update 4.2.1 --> 4.5.0

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 15 Nov 2021 10:36:50 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259850

            Bug ID: 259850
           Summary: www/matomo: update 4.2.1 --> 4.5.0
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://matomo.org/changelog
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: joneum@FreeBSD.org
          Reporter: andrej@ebert.su
                CC: andrej@ebert.su
          Assignee: joneum@FreeBSD.org
             Flags: maintainer-feedback?(joneum@FreeBSD.org)
 Attachment #229506 maintainer-approval?(andrej@ebert.su)
             Flags:
                CC: andrej@ebert.su
             Flags: maintainer-feedback+

Created attachment 229506
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=229506&action=edit
git diff

Update to 4.5.0

I also added a patch to supress the file integrity warning caused by the
shebangfix to misc/log-analytics/import_logs.py and changed the pkg-message
(change to the recommended apache config + upgrade message)

Major Changes:

## Matomo 4.4.0

### Breaking Changes

* The `logme` method for [automatic
logins](https://matomo.org/faq/how-to/faq_30/) is now disabled by default for
new installations. For existing installations it will be enabled automatically
on update. If you do not need it please consider disabling it again for
security reasons by setting `login_allow_logme = 0` in `General` section of
`config.ini.php`.
* The redirect using the `url` param for the automatic login action `logme`,
will no longer do redirects to untrusted hosts. If you need to do redirects to
other URLs on purpose, please add the according hosts as `trusted_hosts` entry
in `config.ini.php`

### New config.ini.php settings

* When determining the client IP address from proxy headers like
X-Forwarded-For, Matomo will by default look at the first IP in the list. If
you need to read the last IP instead, the new INI config option `[General]
proxy_ip_read_last_in_list` be set to `1`. Using the last IP can be more secure
when you are using proxy headers in combination with a load balancer.
* Matomo logs can now be written into "errorlog" (logs using the error_log()
php function) and "syslog" (logs to the syslog service) (to complement existing
log writers: "screen", "file", "database"). [Learn
more.](https://matomo.org/faq/troubleshooting/faq_115/)

### New commands

* Added new command `core:version` which returns the Matomo version number.

## Matomo 4.3.1

### New commands

* Added new command `core:create-security-files` which creates some web server
security files if they haven't existed previously (useful when using for
example Apache or IIS web server).

## Matomo 4.3.0

### JavaScript Tracker

#### Breaking changes in Matomo JS tracker

* Before the JS tracker method, `enableLinkTracking` did not follow the DOM
changes, from this version when the DOM updates, Matomo automatically adds
event listeners for new links on the page. It makes it easier to track clicks
on links in SPAs. From this version, if we use the `addListener` method to add
event listener manually after the DOM has changed and the `enableLinkTracking`
is turned on we will track the click event for that element twice.

### Breaking Changes

* Before every JS error was tracked, from this version the same JS error will
be only tracked once per page view. If the very same error is happening
multiple times, then it will be tracked only once within the same page view. If
another page view is tracked or when the page reloads, then the error will be
tracked again.
* It's no longer possible to store any class instances directly in the session
object. Please use arrays or plain data instead.

### Upcoming Breaking Changes

* In Matomo 4.3.0 we have added a 'passwordConfirmation' parameter to the
CorePluginsAdmin.setSystemSettings API method. It is currently optional, but
will become mandatory in version 4.4.0. Plugin developers and users of the API
should make sure to update their plugins and apps before this happens.

### New config.ini.php settings

* The `password_hash_algorithm`, `password_hash_argon2_threads`,
`password_hash_argon2_memory_cost` and `password_hash_argon2_time_cost` INI
config options have been added to allow using specific `password_hash`
algorithms and options if desired.
* The `enable_php_profiler` INI config option was added. This must now be set
to 1 before profiling is allowed in Matomo.

-- 
You are receiving this mail because:
You are the assignee for the bug.