BuddyPress 14.4.0, BuddyPress 12.6.0, and BuddyPress 11.5.2 are all now available. This is a security release. Please update as soon as possible.
14.4.0, 12.6.0 & 11.5.1 fixed one bug and one security issue:
- The BP REST API signups endpoint could leak signup data, including user email addresses, because of a too-lenient lookup function. Thanks to Asim Alshaya for responsibly reporting this issue.
- Improve behavior of
bp_email_unsubscribe_handler(). After the changes in the “Improve security of status update messages” changeset, non-logged-in users clicking an unsubscribe link received no feedback on the success of their action.
Note: 11.5.2 contains the same code changes as 11.5.1 but has been repackaged to hopefully resolve some SVN oddities.
For complete details, visit the 14.4.0 changelog.
