BuddyPress 2.5.3 is now available. This is a maintenance and security release, and is a recommended upgrade for all BuddyPress installations.

This release addresses a security issue that could allow an attacker to use brute-force techniques to gather information about WordPress’s hashing mechanisms. The issue was reported by Ben Bidner of the WordPress security team, and the fix was prepared by the BuddyPress security team.

Many thanks to Ben Bidner for practicing coordinated disclosure, in accordance with WordPress and BuddyPress security practices. If you think you’ve found a vulnerability in BuddyPress, please follow the the WordPress guidelines for reporting.

BP 2.5.3 also fixes five bugs related to the way emails are generated and sent in BuddyPress 2.5+. For more information, see the 2.5.3 milestone on BuddyPress Trac.

Update to BuddyPress 2.5.3 today in your WordPress Dashboard, or by downloading from the wordpress.org plugin repository.

Questions or comments? Check out 2.5.3 changelog, or stop by our support forums or Trac.