umami

Umami v3.1.0 is here with a ton of new features, including the much-anticipated Boards and Session Replay. This release also brings Web Vitals performance tracking, a redesigned share page, and hundreds of fixes and improvements.

New features

Boards

Boards are here! Create your own custom dashboards by composing components on a flexible row/column canvas. Pick from charts, tables, and metric components, bind them to any website, and share the finished board with your team.

• Row/column layout editor with resize, reorder, and remove controls
• Per-component website binding and live preview
• Free-form TextBlock components for notes and section headers
• Board sharing, duplication, and table-level edit/delete actions
• Dashboard-wide date range and filter controls

Session Replay

Watch real user sessions replayed in the browser. Session Replay is built on rrweb and works alongside your existing tracker.

• Configurable masking levels for privacy (defaults to moderate)
• Per-visit recording so replays stay short and focused
• Filterable replays table with event-level filtering
• Replay modal with mobile-friendly playback

Web Vitals performance tracking

Track Core Web Vitals (LCP, INP, CLS, FCP, TTFB) from your visitors' browsers. The redesigned Performance page shows industry-standard calculations with rating badges for each metric.

Redesigned share page

Share pages have a fresh look with full mobile support, a collapsible sidenav, and per-share display options. You can now:

• Name each share link
• Choose which sections visitors can see (overview, events, etc.)
• Apply filtered navigation so visitors only see what you want

Filters, segments, and cohorts

• OR logic across filters, segments, and cohorts
• Regex operators for more powerful matching
• Multiselect on equals/not-equals operators
• UTM filters and fields exposed throughout the app
• Exclude bounces toggle with filter-form integration

Funnels

• Per-step event property filters in both funnel creation and overview
• Wildcard support in the goals report

Other improvements

• Custom slug support for Links
• Pixel and Link detail pages with sharing
• MetricsBar added to the Events page
• Event type filter on Journeys
• Time unit selector (hour/day/month)
• Distinct ID available as a filter and metric dimension
• Cache-control headers on GET responses
• SKIP_BUILD_GEO env variable to skip geo DB build
• Configurable salt rotation period via env vars
• EdgeOne geolocation headers
• Version endpoint and settings display
• Download for breakdown reports
• Pagination limit on event charts, metrics tables, and UTM reports

Admin & internationalization

• Migrated from react-intl to next-intl with all 51 locale files translated
• Adopted the react-zen design system across the app
• Consolidated top navigation with embedded selectors for websites, boards, links, and pixels
• Team validation and redirect for invalid teams
• Team-gated feature resolution via Redis

Security

• Fixed IDOR vulnerabilities in reports and segments
• Blocked share tokens from all editing permissions and API modifications
• Restricted x-umami-client-* headers to cloud mode
• Various dependency vulnerability fixes (tar, ajv, jws, brace-expansion, next)

Migrations

This release includes schema migrations for Boards, Shares, Session Replay, and board duplicate-key handling. Migrations run automatically during the build process.

Fixes

• PostgreSQL 12/13 syntax error in Journeys #3970
• Implicit alias syntax error in Postgres session and event queries #4147
• name alias compatibility for Postgres 12 relational queries #3970
• Table alias missing in filterQuery #3869
• Timezone not applied to relational queries #3975
• Revenue chart timezone mismatch #4107
• Ambiguous session_id errors in SQL queries
• Breakdown alias column not found
• www. prefix not stripped during hostname comparison #3256
• Minute label formatting #3088
• Website select page size limited to 10 #3913
• Deleted website visibility #3865
• BASE_PATH support #4064
• Pixel event tracking #4028
• Pagination issues #4029
• Login email case-sensitivity #3981
• Tracker double-initialization when script injected more than once
• Tracker fetch priority now set to low #3642
• robots.txt fixes #3996
• Goals wildcard support #4086
• MetricsBar on Events page #3830
• Distinct ID in filters / expanded metrics #3861
• Team admin workflow for team members #2767
• Event type filter for Journeys #2803
• Salt rotation configurable via env #3427
• Share token allowing access to pages with undefined share params
• Fix #4058 (pixel tracking null referrer)
• Autofill background color in forms
• Denied storage access in tracker
• Prisma session race condition
• Docker Prisma migrate and stray query log
• Monthly truncation timezone issue
• Share page retention and logo margins
• Filters persisting across website change
• "All time" filter on websites with no data
• Japanese translation for "breakdown" label
• UAE emirate names in iso-3166-2.json
• IPv6 handling for client IP detection
• Numerous mobile UI fixes across admin, nav, share, and team screens

Updates

• Next.js 16.2.4
• Prisma 7.6.0
• Minimum Node.js version bumped to 22 (Prisma 7 requirement)

Thanks

@Yashh56 @boutterudy @AymanAlSuleihi @juanisidoro @cryst-hq @RaenonX @PaiJi @Gouttfi @AlejandroGispert @lawrence3699 @kkhys @journry789 @sputnik-mac @sbozh @Mintimate @Mravuri96 @maphubs @maennenajere @XahidEx @IndraGunawan @GochoMugo @FEgor04 @Nayrode @diogotcorreia @dyanakiev @fauzora @BrentRobert @hilja