BuddyPress 2.3.2 is now available. This is an important maintainance and security release for the 2.3 series, and all BuddyPress installations are recommended to upgrade as soon as possible.
BuddyPress 2.3.0 introduced a vulnerability that could allow an unauthenticated user to view the subject lines of a BP user’s private messages by manipulating an AJAX request. This vulnerability was reported by Mike Saunders. The BuddyPress team independently discovered and fixed a related vulnerability that could allow an authenticated user to view the subject lines of a different user’s private messages, also by manipulating an AJAX request.
This release also includes fixes for four bugs introduced in the 2.3 series.
Update to BuddyPress 2.3.2 today in your WordPress Dashboard, or by downloading from the wordpress.org plugin repository.
Questions or comments? Check out 2.3.2 changelog, or stop by our support forums or Trac.
Hi I just updated to Buddypress 2.3.2 from 2.3.1 and as soon as I did it the website stopped working giving me this error
Warning: require(/home/alum/public_html/wp-content/plugins/buddypress/bp-messages/classes/class-bp-messages-thread.php): failed to open stream: No such file or directory in /home/alum/public_html/wp-content/plugins/buddypress/bp-messages/bp-messages-classes.php on line 12
Fatal error: require(): Failed opening required ‘/home/alum/public_html/wp-content/plugins/buddypress/bp-messages/classes/class-bp-messages-thread.php’ (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in /home/alum/public_html/wp-content/plugins/buddypress/bp-messages/bp-messages-classes.php on line 12
Thank you for letting us know, Nico. This was due to a problem in the deployment of the release. It’s been fixed in the 2.3.2 release, so if you redownload, it’ll be fixed for you. A 2.3.2.1 release is coming up that will also resolve the issue.