BuddyPress 6.4.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.
The 6.4.0 release addresses one security issue: non-capable users could add a style attributes to “span” and “p” elements in possible rich text fields of their profile page. The vulnerability has been fixed.
Version 6.4.0 also fixes 7 bugs, including compatibility updates to welcome PHP 8.0 release (Congratulations to all PHP 8.0 contributors!).
For complete details, visit the 6.4.0 changelog.
Update to BuddyPress 6.4.0 today in your WordPress Dashboard, or by downloading from the WordPress.org plugin repository.
Many thanks to 6.4.0 contributors
John James Jacoby (johnjamesjacoby), Zeldatea, Dion Hulse, Ray (r-a-y), David Cavins (dcavins) & Mathieu Viet (imath).
[…] BuddyPress 6.4.0 Maintenance and Security Release […]
[…] BuddyPress 6.4.0 has been released yesterday, as we’ve been discussing during the development meeting, it includes fixes to PHP 8.0 deprecated notices for BP Core & BP REST. It also includes a security fix. Read more about this release. […]
[…] 💬 BuddyPress 6.4.0 är släppt, och det är en säkerhetsuppdatering och buggfix, så du bör uppdatera snarast om du kör tillägget. […]
[…] BuddyPress versions below 6.4.0 Lack of Capability Check vulnerability. […]
[…] BuddyPress versions below 6.4.0 Lack of Capability Check vulnerability. […]