v3.0.2

[mikecao]

This is a patch release to address the Next.js CVE and fixes many bugs.

Fixes

• Nextjs/RSC critical vulnerability Nextjs/RSC critical vulnerability #3829
• Time range selection back and forward arrows not jumping with correct steps Time range selection back and forward arrows not jumping with correct steps #3828
• Links and Pixels are prefetched on dashboard Links and Pixels are prefetched on dashboard #3814
• In the chart legend, when the URL is too long, the legend extends beyond the container boundaries, disrupting the page layout. In the chart legend, when the URL is too long, the legend extends beyond the container boundaries, disrupting the page layout. #3813
• User is not able to switch back to My Account after switching to the Team User is not able to switch back to My Account after switching to the Team #3802
• Reset of website stats is not possible after entries in Revenue table Reset of website stats is not possible after entries in Revenue table #3798
• Team workspace is not selectable after login Team workspace is not selectable after login #3796
• Error with long UTM parameters and click IDs Error with long UTM parameters and click IDs #3790
• Direct visitors are missing on Channels (3.0.1) Direct visitors are missing on Channels (3.0.1) #3789
• "Last seen" - "First seen" fields broken since 3.0.1 "Last seen" - "First seen" fields broken since 3.0.1 #3775
• Tests are failing in 3.0.1 Tests are failing in 3.0.1 #3773
• Revenue sums not showing in 3.0.1 Revenue sums not showing in 3.0.1 #3769
• Read-only prevents user from joining team Read-only prevents user from joining team #3764
• Regression: URL theme and lang parameters no longer work for public share links Regression: URL theme and lang parameters no longer work for public share links #3754

Updates

• Next.js 15.5.7
• Prisma 6.19.0

Thanks

@Lokimorty @imsyedabdullah @RaenonX @IndraGunawan

---

This discussion was created from the release v3.0.2.

[martinhjartmyr]

Great work! Is the dashboard /dashboard returning any time soon? Really missing an overview for all websites in 3.x.x.

[eibrahim]

YES PLEASE. I have 20+ websites and the whole reason I installed umami is for the dashboard view... any ETA on that?

[MichaelBelgium]

Can the nextjs CVE be patched for v2 also?

I believe my server got compromised via Umami, last night due this

[craigconstantine]

me too. I was still on 3.0.0 (and am just this morning having an out of the box problem with the upgrade to v3.0.2 but that for another discussion)