BuddyPress 2.5.3 is now available. This is a maintenance and security release, and is a recommended upgrade for all BuddyPress installations.
This release addresses a security issue that could allow an attacker to use brute-force techniques to gather information about WordPress’s hashing mechanisms. The issue was reported by Ben Bidner of the WordPress security team, and the fix was prepared by the BuddyPress security team.
Many thanks to Ben Bidner for practicing coordinated disclosure, in accordance with WordPress and BuddyPress security practices. If you think you’ve found a vulnerability in BuddyPress, please follow the the WordPress guidelines for reporting.
Update to BuddyPress 2.5.3 today in your WordPress Dashboard, or by downloading from the wordpress.org plugin repository.