BuddyPress 12.1.1 is now available. This is a security and maintenance release. Please update your BuddyPress as soon as possible.
The 12.1.1 release addresses the following minor security issue:
- Using the Cover Image group’s REST API Endpoints, it was possible to a non member of private/hidden group to get the corresponding group Cover Image URL. Discovered by Colin Xu.
This vulnerability was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.
BuddyPress 12.1.1 also fixes 10 bugs. For complete details, visit the 12.1.1 changelog.
You can get the latest version by clicking on the above button, downloading it from the WordPress.org plugin directory or checking it out from our Subversion repository.
Many thanks to 12.1.1 contributors
sabernhardt, emaralive, shawfactor, strategio, vapvarun, perchenet & imath.
[…] BuddyPress 12.1.1 Maintenance & Security release […]