github arp242/goatcounter v2.7.0
on GitHub

3 days ago

2025-12-15 v2.7.0

This release contains a number of incremental improvements and fixes. Nothing especially major.

Also available on DockerHub: https://hub.docker.com/r/arp242/goatcounter

Features

  • The -geodb flag now accepts -geodb=maxmind:account_id:license to automatically download updates. See goatcounter help serve for the full documentation.

  • Automatically detect secure and sameSite cookie attributes. Previously this relied on the correct usage of the -tls flag, which people often got wrong. Now it's detected from the client connection.

    This depends on the proxy to set the Scheme: https or X-Forwarded-Proto: https header, which most should already do by default.

  • WebSocket support is now detected automatically, without the need to set the -websocket flag (which is now a no-op).

  • Store bot pageviews in a new bots table for 30 days. This table is never accessed, but it can be useful for debugging purposes.

  • Read the GOATCOUNTER_TMPDIR environment variable as an alternative way to set TMPDIR. Mainly intended for cases where TMPDIR can't be used (e.g. when the capability bit is set on Linux).

  • Use PostgreSQL 17 in compose.yaml; also update the PostgreSQL settings to be less conservative.

  • The -smtp flag now also supports smtps:// URLs for TLS connections (previously it only supported STARTTLS). To help with debugging you can now also add ?debug=1 to print SMTP traffic to stderr, or use the new Server Management → Email page for testing the SMTP connection.

  • Add more detailed totals to /api/v0/stats/totals. Previously it would only return the grand totals; now it also returns the totals broken down by hour and day.

  • Allow finding paths by name in the API. Everything that accepts include_paths=.. and exclude_paths=.. now also accepts path_by_name=true to finds paths by the path rather than ID.

  • Expand filter syntax with some keywords such as at:start and in:path. See the tooltip on the filter input.

  • The JS-based datepicker can be disabled in the user settings.

  • Add buttons to navigate by year on the dashboard.

Fixes

  • Don't add translate-to=.. to query parameters. Previously it would set this from Google Translate parameters so you could see which languages people were using with that, but I don't think anyone ever used that and it just split paths for no good reason.

  • Make sure CLI flags with a . such as -user.email can be set from environment (as USER_EMAIL).

  • Adjust screen size categories for more modern devices.

  • API Tokens will now work for all sites the user has access to.

  • Fix default combined-vhost and common-vhost log formats from $host:[..] to $host [..].

  • Include all sites in email reports, instead of just the first site that was created.

  • Fix merging of multiple paths when more than one path has entries for the same hour.

  • Store Campaign in hits table.

  • Make sure the visitor counter works for events; previously it only worked for paths.

  • Set CORS headers for API.

  • Pass hideui=1 when redirecting with access-token.

  • Fix pagination of Top referrers.

  • Fix page count for text table after pagination.

  • Remove sizes table; was only used for hits.size_id, which is now replaced with hits.width. This indirection didn't really add much.

  • Correctly display error on widgets; previously it would just display errors.errorString Value.

  • Disable daily view if less than 7 days are selected as it just looks weird.

Check out latest releases or
releases around arp242/goatcounter v2.7.0

Don't miss a new goatcounter release

NewReleases is sending notifications on new releases.

Get notifications