Context Navigation

Ticket #848 (closed maintenance: fixed)

Last modified 19 months ago

Piwik 2.13.0

Reported by:	chris	Owned by:	chris
Priority:	major	Milestone:	Maintenance
Component:	Piwik	Keywords:
Cc:	ade	Estimated Number of Hours:	0.0
Add Hours to Ticket:	0	Billable?:	yes
Total Hours:	0.46

Description

From the Changelog:

We are proud to announce Piwik 2.13.0: a new major release of Piwik!

What’s new?

In this release we have focused on improving performance and making Piwik much faster at loading and archiving reports. The dashboard and All websites dashboard will load faster than ever before! This is especially visible if you measure many websites (hundreds of thousands) within your Piwik, the improved Websites Manager will now let you search for websites and page through the list, and the ‘All Websites’ dashboard will now load correctly.

Performance was not our only focus and we also improved the usability and design of some parts of Piwik (such as the Updater and maintenance mode, with more design updates coming in the next releases). Log Analytics, a very popular tool within the Piwik community, has received several improvements. Many other small bugs were closed, and a XSS security bug was reported and fixed in this release.

96 tickets have been closed by 8 contributors!

Change History

comment:1 Changed 19 months ago by chris

Add Hours to Ticket changed from 0.0 to 0.3
Status changed from new to closed
Resolution set to fixed
Total Hours changed from 0.0 to 0.3

Note this from the Changelog:

Security release

This release is rated critical. We warmly thank Security Researcher Dmitriy Shcherbatov who reported to Piwik Security team a XSS vulnerability which has been fixed in Piwik 2.13.0.

Following the PiwikServer#Updates notes:

sudo -i
vi /web/stats.transitionnetwork.org/piwik/config/config.ini.php
cd /web/stats.transitionnetwork.org/
cp piwik/config/config.ini.php .
export PIWIK="2.13.0"
wget "https://builds.piwik.org/piwik-$PIWIK.tar.gz"
  HTTP request sent, awaiting response... 404 Not Found

Checked the list of files available at https://builds.piwik.org/ and it looks like we need https://builds.piwik.org/latest.tar.gz and https://builds.piwik.org/piwik-latest.tar.gz.asc so:

wget "https://builds.piwik.org/piwik-latest.tar.gz"
wget "https://builds.piwik.org/piwik-latest.tar.gz.asc"
gpg --verify piwik-latest.tar.gz.asc
  gpg: Signature made Fri Mar 27 01:21:05 2015 GMT using RSA key ID 5590A237
  gpg: Can't check signature: public key not found
gpg --search-keys 5590A237
  gpg: searching for "5590A237" from hkp server keys.gnupg.net
  (1)     Matthieu Aubry <matt@piwik.org>
          Matthieu Aubry <matt@piwik.pro>
          Matthieu Aubry (WCuCl7) <matt@piwik.pro>
          Matthieu Aubry <matthieu.aubry@gmail.com>
            4096 bit RSA key 814E346FA01A20DBB04B6807B5DBD5925590A237, created: 2013-07-24
  Keys 1-1 of 1 for "5590A237".  Enter number(s), N)ext, or Q)uit > 1
  gpg: requesting key 5590A237 from hkp server keys.gnupg.net
  gpg: key 5590A237: public key "Matthieu Aubry <matt@piwik.org>" imported
  gpg: no ultimately trusted keys found
  gpg: Total number processed: 1
  gpg:               imported: 1  (RSA: 1)
gpg --verify piwik-latest.tar.gz.asc
  gpg: Signature made Fri Mar 27 01:21:05 2015 GMT using RSA key ID 5590A237
  gpg: Good signature from "Matthieu Aubry <matt@piwik.org>"
  gpg:                 aka "Matthieu Aubry <matt@piwik.pro>"
  gpg:                 aka "Matthieu Aubry <matthieu.aubry@gmail.com>"
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 814E 346F A01A 20DB B04B  6807 B5DB D592 5590 A237
tar -zxvf piwik-latest.tar.gz 
cp config.ini.php piwik/config/
chown -R www-data:www-data piwik/
php /web/stats.transitionnetwork.org/piwik/console core:update

  *************************************
    Everything is already up to date.  
  *************************************

/etc/init.d/php5-fpm restart

Checked the web interface and we are running Piwik 2.12.1, so, try again:

export PIWIK="2.13.0-rc1"
wget "https://builds.piwik.org/piwik-$PIWIK.tar.gz"
wget "https://builds.piwik.org/piwik-$PIWIK.tar.gz.asc"
gpg --verify piwik-$PIWIK.tar.gz.asc
  gpg: Signature made Wed Apr 22 09:20:08 2015 BST using RSA key ID 5590A237
  gpg: Good signature from "Matthieu Aubry <matt@piwik.org>"
  gpg:                 aka "Matthieu Aubry <matt@piwik.pro>"
  gpg:                 aka "Matthieu Aubry <matthieu.aubry@gmail.com>"
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 814E 346F A01A 20DB B04B  6807 B5DB D592 5590 A237
tar -zxvf piwik-$PIWIK.tar.gz
cp config.ini.php piwik/config/
chown -R www-data:www-data piwik/
php /web/stats.transitionnetwork.org/piwik/console core:update
  
      *** Update ***
  
      Database Upgrade Required
  
      Your Piwik database is out-of-date, and must be upgraded before you can continue.
  
      Piwik database will be upgraded from version 2.12.1 to the new version 2.13.0-rc1.
  
      *** Note: this is a Dry Run ***
  
  
      *** End of Dry Run ***
  
  A database upgrade is required. Execute update? (y/N) Y
  
  Starting the database upgrade process now. This may take a while, so please be patient.
  
      *** Update ***
  
      Database Upgrade Required
  
      Your Piwik database is out-of-date, and must be upgraded before you can continue.
  
      Piwik database will be upgraded from version 2.12.1 to the new version 2.13.0-rc1.
  
      The database upgrade process may take a while, so please be patient.
  
  
  ****************************************
    Piwik has been successfully updated!  
  ****************************************
  
/etc/init.d/php5-fpm restart

Checked the web interface and all is well, also updated the PiwikServer#Updates wiki page in include a GPG check.

comment:2 Changed 19 months ago by chris

Oops just realised I forgot to reset the record_statistics variable in /web/stats.transitionnetwork.org/piwik/config/config.ini.php back to 1, this has been done now, it will mean there will be a gap in the data for a few hours for today, sorry about that.

comment:3 Changed 19 months ago by chris

Add Hours to Ticket changed from 0.0 to 0.16
Total Hours changed from 0.3 to 0.46

The final version, rather than the release candidate, of 2.13.0 is out:

Security release

This release is rated critical. We warmly thank Security Researcher Dmitriy Shcherbatov who reported to Piwik Security team a XSS vulnerability which has been fixed in Piwik 2.13.0.

So upgrading to this version, following the notes, PiwikServer#Updates:

sudo -i
vim /web/stats.transitionnetwork.org/piwik/config/config.ini.php
cd /web/stats.transitionnetwork.org/
cp piwik/config/config.ini.php .
export PIWIK="2.13.0"
wget "https://builds.piwik.org/piwik-$PIWIK.tar.gz"
wget "https://builds.piwik.org/piwik-$PIWIK.tar.gz.asc"
gpg --verify piwik-$PIWIK.tar.gz.asc
  gpg: Signature made Thu Apr 30 03:51:13 2015 BST using RSA key ID 5590A237
  gpg: Good signature from "Matthieu Aubry <matt@piwik.org>"
  gpg:                 aka "Matthieu Aubry <matt@piwik.pro>"
  gpg:                 aka "Matthieu Aubry <matthieu.aubry@gmail.com>"
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 814E 346F A01A 20DB B04B  6807 B5DB D592 5590 A237
tar -zxvf piwik-$PIWIK.tar.gz
cp config.ini.php piwik/config/
chown -R www-data:www-data piwik/
php /web/stats.transitionnetwork.org/piwik/console core:update
  *************************************
    Everything is already up to date.  
  *************************************
/etc/init.d/php5-fpm restart
vim /web/stats.transitionnetwork.org/piwik/config/config.ini.php

The system check in the web interface, was checked, all good.

Last edited 19 months ago by chris (previous) (diff)

Note: See TracTickets for help on using tickets.

Download in other formats: