Database migration required: `sizes` table is dropped and `hits.size_id` is replaced with `hits.width`.
Automatic cookie `secure`/`sameSite` detection now relies on the proxy sending `Scheme: https` or `X-Forwarded-Proto: https` headers. Verify your reverse proxy sets these before removing any `-tls` flag workarounds.
PostgreSQL compose.yaml updated to version 17 with revised settings; review if using the provided compose setup.
Breaking changes
The `sizes` table has been removed; `hits.size_id` is replaced by `hits.width`. Upgraders must run database migrations.
The `translate-to` query parameter is no longer appended — any tooling or downstream processing relying on it will stop receiving it.
The `-websocket` flag is now a no-op; WebSocket support is auto-detected.
Notable features
Automatic secure/sameSite cookie detection from proxy headers
`-geodb` supports `maxmind:account_id:license` for automatic database updates
Go 1.21 or newer is required to compile GoatCounter.
Default SQLite DB path changed to ./goatcounter-data/db.sqlite3; old path ./db/goatcounter.sqlite3 is used automatically if it still exists — no action needed for existing installs.
Default ACME secrets path changed to ./goatcounter-data/acme-secrets; old path ./acme-secrets is used automatically if it still exists — no action needed for existing installs.
Breaking changes
Default -listen and -tls flags changed from :443/tls,rdr,acme to :8080/none — affects deployments that relied on built-in TLS without explicit flags
Removed support for legacy window.goatcounter.vars and window.counter in count.js (deprecated 5+ years ago)
Individual pageviews no longer stored in hits table by default — CSV export of raw pageviews no longer possible unless re-enabled in settings
Notable features
Official Dockerfile and DockerHub images
CLI flags can now be set via GOATCOUNTER_«FLAG» environment variables
GeoIP database auto-loaded from ./goatcounter-data/*.mmdb
