Piwik 1.5 brings e-commerce analytics, fixes critical hole
Version 1.5 of Piwik is a major update to the open source web analytics suite; it includes several new features and, according to its developers, brings better scalability. The latest release allows users to track custom variables on a per page basis and adds e-commerce analytics so that developers can, for example, track product views when visitors add items to their shopping carts and e-commerce orders.
The 1.5 update addresses a critical security vulnerability in the software. In non-default configurations where an anonymous user has access to reports, the Piwik server could be compromised and allow the execution of arbitrary code. Neal Poole was awarded $500 for disclosing the bug, as part of the security bug bounty program. According to the developers, the security issue only affects "a minority of Piwik servers". Further details about the security hole were not provided.
Piwik, which aims to be an open source alternative to Google Analytics, is licensed under the GPL. According to the project's site, it is already used by more than 150,000 web sites.