www/matomo: update to 4.5.0
I also added a patch to supress the file integrity warning caused by the shebangfix to misc/log-analytics/import_logs.py and changed the pkg-message (change to the recommended apache config + upgrade message)
Changelog:
https://matomo.org/changelog
Major Changes:
- The logme method for automatic logins is now disabled by default for new installations. For existing installations it will be enabled automatically on update. If you do not need it please consider disabling it again for security reasons by setting login_allow_logme = 0 in General section of config.ini.php.
- The redirect using the url param for the automatic login action logme, will no longer do redirects to untrusted hosts. If you need to do redirects to other URLs on purpose, please add the according hosts as trusted_hosts entry in config.ini.php
- When determining the client IP address from proxy headers like X-Forwarded-For, Matomo will by default look at the first IP in the list. If you need to read the last IP instead, the new INI config option [General] proxy_ip_read_last_in_list be set to 1. Using the last IP can be more secure when you are using proxy headers in combination with a load balancer.
- Matomo logs can now be written into "errorlog" (logs using the error_log() php function) and "syslog" (logs to the syslog service) (to complement existing log writers: "screen", "file", "database"). Learn more.
- Added new command core:version which returns the Matomo version number.
- Added new command core:create-security-files which creates some web server security files if they haven't existed previously (useful when using for example Apache or IIS web server).
- Before the JS tracker method, enableLinkTracking did not follow the DOM changes, from this version when the DOM updates, Matomo automatically adds event listeners for new links on the page. It makes it easier to track clicks on links in SPAs. From this version, if we use the addListener method to add event listener manually after the DOM has changed and the enableLinkTracking is turned on we will track the click event for that element twice.
- Before every JS error was tracked, from this version the same JS error will be only tracked once per page view. If the very same error is happening multiple times, then it will be tracked only once within the same page view. If another page view is tracked or when the page reloads, then the error will be tracked again.
- It's no longer possible to store any class instances directly in the session object. Please use arrays or plain data instead.
- In Matomo 4.3.0 we have added a 'passwordConfirmation' parameter to the CorePluginsAdmin.setSystemSettings API method. It is currently optional, but will become mandatory in version 4.4.0. Plugin developers and users of the API should make sure to update their plugins and apps before this happens.
- The password_hash_algorithm, password_hash_argon2_threads, password_hash_argon2_memory_cost and password_hash_argon2_time_cost INI config options have been added to allow using specific password_hash algorithms and options if desired.
- The enable_php_profiler INI config option was added. This must now be set to 1 before profiling is allowed in Matomo.
PR: 259850
Approved by: maintainer timeout