github umami-software/umami v3.2.0
on GitHub

8 hours ago

Umami v3.2.0 is here with new Heatmaps, improved properties reporting, better Session Replay controls, revenue report improvements, and a large set of security, performance, and UI fixes.

New features

Heatmaps

image

Heatmaps are now available as a first-class website report. Use click and scroll heatmaps to understand where visitors interact with each page, with overlays rendered from captured replay snapshots.

  • Click and scroll heatmap reports
  • Snapshot-based rendering with iframe previews
  • Page path filtering
  • Screen-width grouping for responsive layouts
  • Depth labels and improved overlay scaling
  • Self-hosted heatmap recording and storage support

Session Replay improvements

Session Replay received a round of reliability, filtering, and playback improvements.

  • Replay filters for finding sessions faster
  • Fragmented replay events are normalized for playback
  • Full rrweb snapshots are handled as separate replay chunks
  • Replay payloads are chunked and oversized payloads are rejected
  • Replay events flush on pagehide with a shorter interval
  • Mobile layout and modal styling improvements

Event and session property reporting

image

Property reports now support richer data types and reusable charting across both event data and session data.

  • Event data filters for booleans, dates, and arrays
  • Event data charts for arrays, booleans, dates, and numeric values
  • Session data screens with filtering, pivot tables, and property charts
  • Property filter UI shared across event and session data
  • Query optimizations for session property filters

Revenue reporting

Revenue reports have been split into focused APIs and views for better performance and flexibility.

  • Cumulative mode for revenue charts
  • Separate revenue chart, metrics, stats, and session queries
  • Revenue metrics table and metrics bar
  • Improved realtime report UI

DataGrid and table improvements

  • Manual table/card view toggle for DataGrid
  • Sorting on non-analytics tables, including websites, boards, links, pixels, teams, and admin tables
  • Horizontal scrolling for overflowing tables
  • Stable event chart colors across date range changes
  • Hidden events stay hidden when the date range changes

Tracker and API improvements

  • data-auto-pageview tracker attribute to suppress SPA pageview tracking when auto-pageview is disabled
  • Tracker click handling for annotated containers
  • Graceful handling for invalid pushState URLs
  • URL query values included in pages report display
  • LLM channel logic
  • URL pageview metric and expanded metric support
  • Configurable internal API URL handling

Sharing

  • Share page options for filtering and theme enforcement
  • Share-token permissions for websites, boards, links, and pixels
  • Board share entity authorization fixes
  • Unrestricted access for share tokens without section flags

Security

  • Invalidates authenticated sessions after password changes
  • Sanitizes sensitive data in logs
  • Hides internal Prisma and database errors from API responses
  • Hardens analytics writes and avoids leaking internal server errors to clients
  • Validates SSO redirect URLs before setting auth tokens
  • Restricts team owner assignment to admins
  • Enforces team role hierarchy on user updates and removals
  • Fixes share token confusion vulnerabilities
  • Tightens API access checks by website section and share permissions
  • Sanitizes CSV exports against formula injection
  • Limits batch API payloads to 500 items
  • Uses authenticated Redis keys on logout

Migrations

This release includes schema migrations for Heatmaps and event/session data pivot support:

  • prisma/migrations/20_add_heatmap

Migrations run automatically during the build process.

Fixes

  • Retention report completeness
  • Dashboard and Board editing in Firefox #4168
  • Funnel alias issues #4144
  • Ambiguous query errors #4176
  • Username login case-insensitivity #3981
  • Redirect logged-in users away from the login page
  • Active users indicator realtime link
  • Website selector dropdown limit increased from 10 to 100
  • DataGrid pagination preserving query params
  • Long URLs in Links table pushing action buttons off-screen
  • Long distinct IDs in session info
  • Invalid dates causing Firefox event chart errors
  • NaN timestamps breaking event charts in Firefox
  • Pages report url_query display
  • Empty and null value handling
  • Malformed client IP handling in /api/send
  • Invalid IP and localhost lookup failures in location detection
  • Channel metrics queries
  • Column alias collisions in session filters
  • Pie chart rendering without a default height
  • Broken demo link in the README
  • Missing translations and consistency updates across multiple locales
  • Country and flag data updates

Updates

  • Next.js 16.2.6
  • Prisma 7.8.0
  • Cypress and Jest test suites migrated to Playwright and Vitest
  • GitHub workflows migrated to Blacksmith runners
  • Runtime, frontend, and security dependency updates

Thanks

@nurlennart @IEBqp @Maxime-J @Karthited @Nirator78 @manuelfesantos @JLUpengjiaji @yhyasyrian @tairosonloa @c0ball @anvme @yancat160 @seojcarlos @God-2077 @sputnik-mac @avasis-ai @SAYOUNCDR @nielskaspers @AymanAlSuleihi @gputier @ElfenB @ip00 @swayam-mishra @mturac @KadirFiratFTW @Kyzenkms

Full Changelog: v3.1.0...v3.2.0

Check out latest releases or
releases around umami-software/umami v3.2.0

Don't miss a new umami release

NewReleases is sending notifications on new releases.

Get notifications