Page MenuHomePhabricator

Application Security Review Request : Matomo upgrade and its campaign reporter plugin
Open, Needs TriagePublic


Project Information

Description of the tool/project:
Matomo is a web analytics platform that allows us to retain ownership of visitor data. It was previously known as Piwik.
It is in production use at: and has 20 microsites configured for tracking.
We currently run version 3.14.1 in production, on the host: matomo1002.eqiad.wmnet currently running Debian buster.

We use binary packages for the core matomo codebase, published at:

The MarketingCampaignsReporting plugin allows Matomo users to measure the effectiveness of their marketing campaigns.
The plugin is published by the same authors as Matomo, but uses a different respository and is not distributed as part of the core Matomo codebase.
Description of how the tool will be used at WMF:
The primary users of Matomo are the WMF-Communications team - notably @SCampos-WMF and @Ospingou
We wish to upgrade our production instance of Matomo from version 3.14.1 to 4.15.1(tracked in T351552) in order to benefit from new features and security patches.

In addition to that, the team expects to make increased use of the TagManager (T349910) functionality to create and track specific capaigns. This plugin will allow the users to measure the effictiveness of these capaigns using the Matomo UI.

It is a PHP application that is enabled by means of the libapache2-mod-php plugin.

Has this project been reviewed before?
I believe that Piwik/Matomo was, but I am not certain whether the existing procedures were in place when piwik was first deployed.
One of the most relevant tickets seems to be this one: T116312
It looks like other version upgrades have been performed without a third-party code review.

The CampaignManagerReporting plugin has not been previoulsy reviewed.

Working test environment
We do not have a test environment for this at present, as it exists only in production.
We could feasibly create a deployment in wmcs for it.

Data-Platform-SRE is the team responsible for its maintenance.


Risk Rating