Skip to:
Content
Pages
Categories
Search
Top
Bottom

BuddyPress 14.2.1 Maintenance & Security release

Published on October 22nd, 2024 by Mathieu Viet

BuddyPress 14.2.1 is now available. This is a maintenance & security release. All BuddyPress installations should be updated as soon as possible.

The 14.2.1 release addresses the following security issue:

  • The “Take Photo” feature (which uses the logged in user’s Webcam to capture their profile photo) was vulnerable to an authenticated (Subscriber+) directory traversal. Discovered by Domons from the Wordfence organization.

This vulnerability was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.

14.2.1 also fixes 3 bugs introduced in 14.0.0:

  • Groups: move the invite_status group meta check out of the groups_join_group() function (see #9241).
  • Administration: use the components right labels into the BP site health info panel (see #9237)
  • Administration: resolve Multiple Issues with the BP constants site health info panel (see #9245)

For complete details, visit the 14.2.1 changelog.

You can get the latest version by clicking on the above button, downloading it from the WordPress.org plugin directory or checking it out from our Subversion repository.

If for a specific reason you can’t upgrade to 14.2.1, we have also ported the security fix to BuddyPress versions going all the way back to branch 11.0. Here’s the list of the available downloads for the corresponding tags, you can also find these links on our WordPress.org Plugin Directory “Advanced” page:

  • If you are using BP 11.x and can’t upgrade to 14.2.1, please upgrade to 11.4.3
  • If you are using BP 12.x and can’t upgrade to 14.2.1, please upgrade to 12.5.2

Many thanks to 14.2.1 contributors 

vapvarun, boonebgorges, emaraliveimath.

BuddyPress 14.1.0 Maintenance Release

Published on September 4th, 2024 by Mathieu Viet

Immediately available is BuddyPress 14.1.0. This maintenance release fixes 4 bugs. For details on the changes, please read the 14.1.0 release notes.

Update to BuddyPress 14.1.0 today in your WordPress Dashboard, or by downloading from the WordPress.org plugin repository.

Many thanks to 14.1.0 contributors 

thomaslhotta, shailu25, emaralive, espellcasteimath.

BuddyPress 14.0.0 « Da Lucia »

Published on July 12th, 2024 by Mathieu Viet

We’re very excited to announce the immediate availability of BuddyPress 14.0.0 « Da Lucia », named after the excellent pizza restaurant located in the 15th arrondissement of Paris, France. Get it now from the WordPress.org plugin repository, or right from your WordPress Dashboard.

This new major version of your site’s community engine introduces around 80 changes mostly working under the hood to improve documentation, code formatting, consistency and the stability of the plugin. Here are five improvements we would like to highlight:

  1. There’s a new “BuddyPress constants” panel added to the WordPress Site Health information tool. Use it to check whether you’re using deprecated constants in your custom code or third party BP Plugins/Add-ons. The information in the “BuddyPress” and “BuddyPress constants” panels is also very useful when you need to ask for support.
  2. Most BuddyPress Admin screens now have a help tab in their top right corner which includes a link to an updated documentation resource.
  3. Whether BuddyPress is installed on a multisite network or on a single site, signups are now managed the exact same way.
  4. Speaking of signups, the BP REST API has been improved so that you can now submit values for any xProfile field registered as part of the Signups profile field group.
  5. Last but not least, we again offer native support for overriding BuddyPress’s language with your community vocabulary using custom translations.

Take a few minutes to discover all changes reading this release note.

Compared to our previous major version (12.0.0 – the number right after was too intimidating 🐈‍⬛), 14.0.0 is a quieter update. After the huge BP Rewrites API revolution, the humans (us the BP Team) who maintain and support your favorite community plugin needed to catch their breath to get ready for the new round of big changes arriving in 15.0.0.

Let’s keep in mind BuddyPress is an open source project maintained by volunteers giving freely of their time and energy to help you build great WordPress community sites. Don’t hesitate to send us some encouraging words and please consider contributing back to the project.

47 contributors freely gave some of their time & energy to build the 14.0.0 release 😍

ahegyes, Boone Gorges (boonebgorges), chairmanbrando, David Cavins (dcavins), Dion Hulse (dd32), Paul Wong-Gibbs (DJPaul), Andrea Tarantini (dontdream), emaralive, Renato Alves (espellcaste), gingerbooch, Ian Dunn (iandunn), Mathieu Viet (imath), IT Path Solutions (itpathsolutions), jnie, johndawson155, John James Jacoby (johnjamesjacoby), Jose Varghese (josevarghese), KaineLabs Team (kainelabsteam), Lena Stergatou (lenasterg), Christian Wach (needle), Nazmul Hasan Robin (nhrrob), Nifty (niftythree), Nitin Patil (nitinp544), pawelhalickiotgs, perchenet, Pooja Sahgal (poojasahgal), r-a-y, respawnsive, Rosso Digital (roberthemsing), Stephen Bernhardt (sabernhardt), Shail Mehta (shailu25), shawfactor, sjregan, Slava Abakumov (Slaffik), Pierre Sylvestre (strategio), testovac,Varun Dubey (vapvarun),Yagnik Sangani (yagniksangani),Dan Caragea (dancaragea), modelaid, Pieterjan Deneys (nekojonez), Mehraz Morshed (mehrazmorshed), 沈唁 (shenyanzhi), 耗子 (haozi), cyrfer, narolainfotech, Benjamin Zekavica (benjamin_zekavica).

Your feedback

How are you using BuddyPress? Receiving your feedback and suggestions for future versions of BuddyPress genuinely motivates and encourages our contributors. Please share your feedback about this version of BuddyPress on our website.

Let’s meet at « Da Lucia’s » !

@vapvarun & @imath met at Da Lucia’s to enjoy 2 delicious & enormous pizzas!

BuddyPress is about people! The BuddyPress team is made up of friendly folks from all around the world. We meet online every week during a release cycle but when we manage to meet IRL during a WordCamp, a BuddyCamp or just because we’re around at the same time we absolutely need to celebrate it with a great 🍕. Da Lucia’s will, from now on, be remembered as the great pizza restaurant where @vapvarun & @imath, two members of the BP Team, met IRL for the first time 🤝 😂.

Props @dcavins for his review about this announcement post.

BuddyPress 14.0.0 Release Candidate

Published on July 5th, 2024 by Mathieu Viet

The first release candidate for BuddyPress 14.0.0 is now available!

“Release Candidate” means that we think the new version is ready for release, but with the many possible specific WordPress configurations, hundreds of BuddyPress plugins and Thousands of WordPress themes, it’s possible something was missed.

BuddyPress 14.0.0 is slated for release on July 12, 2024, and your help is needed to get there — if you haven’t tried 14.0.0 yet, doing it now is a great idea!

You can test the 14.0.0-RC pre-release in 5 ways :

A detailed changelog will be part of our official release note, but you can get a quick overview by reading the post about the 14.0.0 Beta1 release.

Plugin and Theme Developers

Please test your plugins and themes against BuddyPress 14.0.0. If you find compatibility problems, please be sure to post to this specific support topic so we can figure those out before the final release. We strongly advise you to have a look at the 14.0.0 developer notes to figure out what to focus on during your testing.

How you can help

Do you speak a language other than English? Help us translate BuddyPress into as many languages as possible! This release also marks the string freeze point of the 14.0.0 release schedule.

If you think you’ve found a bug, you can share it with us replying to this support topic or if you’re comfortable writing a reproducible bug report, file one on BuddyPress Trac.

BuddyPress 14.0.0-beta2

Published on June 24th, 2024 by Mathieu Viet
  • Please note the plugin is still in development, so we recommend running this beta release on a testing site.
  • Please note BuddyPress 14.0.0 will require at least WordPress 6.1.
  • The current target for final release is: July 8, 2024.

Please read the 14.0.0-beta1 announcement post for a list of nice improvements to expect from our next major release.

What has been fixed in beta2?

  • Improve how BP extends the WP Theme Support for BP Standalone Themes (see r13932)
  • Email template footer: use an escape function allowing to output links (see r13933).
  • i18n: bring back custom locations for translation files (see r13936).
  • Manage BP specific WP List Tables pagination from a central function (see r13937).
  • Adds missing /* translators */ inline comments (see r13938)

If you haven’t tested our 3 previous beta release, here’s a fresh opportunity to helped us build 14.0.0. Whether you’re a new, regular or advanced user, a theme designer or a plugin author: we really need you to beta test our next major release, please contribute!

How to test BuddyPress 14.0.0-beta2?

You can test BuddyPress 14.0.0-beta2 in 5 ways :

Thanks to BuddyPress: get together safely, in your own way, in WordPress.

BuddyPress 14.0.0 Beta 1

Published on June 13th, 2024 by Mathieu Viet
  • Please note the plugin is still in development, so we recommend running this beta release on a testing site.
  • Please note BuddyPress 14.0.0 will require at least WordPress 6.1.
  • The current target for final release is: July 8, 2024.

The BuddyPress contributors have been hard at work baking our next release, version 14.0.0. This release is all about code modernization, focusing on these areas:

  • Adding BuddyPress information to the WordPress Site Health reporting tool.
  • New functionality and improvements for the BuddyPress Command Line Interface (CLI), resulting in a new version, v3.0.
  • Many code improvements bringing the BP code base more in line with WordPress Coding Standards.
  • Even more code improvements bringing the BP code base in line with PHPDoc Standards.
  • Treating Signups the same way whether BuddyPress is installed on a multisite network or on a single site.
  • Allow group moderators to… moderate content in groups! This sounds obvious, but we’ve finally given site admins the opportunity to grant all the power to group moderators.
  • Preparing to bring new BuddyPress features playing nice with BuddyPress standalone themes using a second argument to current_theme_supports( 'buddypress', [ 'component', 'feature'] ).
  • Laying the groundwork for supporting PHP 8.3 by adding this version to our continuous integration testing routine.
  • Starting a whole new documentation project! We’re reviewing every doc about BuddyPress and migrating the necessary information to an all-new docs repository. (This is going to be amazing!).
  • Making sure we can preview BuddyPress using WP Playground!

We are excited for you to try our new release. Please run it through its paces, and let us know what problems you run into! Thanks for your help in crafting the best release we can build.

How to test BuddyPress 14.0.0-beta1?

You can test BuddyPress 14.0.0-beta1 in 5 ways :

Props @dcavins for his great contribution crafting this announcement post!

Thanks to BuddyPress: get together safely, in your own way, in WordPress.

BuddyPress 12.5.1 Security Release

Published on June 10th, 2024 by Mathieu Viet

BuddyPress 12.5.1 is now available. This is a security release. All BuddyPress installations should be updated as soon as possible.

The 12.5.1 release addresses the following security issue:

  • The Members block was vulnerable to a Stored Cross-Site Scripting. Discovered by Wesley (wcraft) from the Wordfence organization.

This vulnerability was impacting BuddyPress branches from 9.0 to 12.0. It was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.

For complete details, visit the 12.5.1 changelog.

You can get the latest version by clicking on the above button, downloading it from the WordPress.org plugin directory or checking it out from our Subversion repository.

If for a specific reason you can’t upgrade to 12.5.1, we have also ported the security fix to BuddyPress versions going all the way back to branch 9.0. Here’s the list of the available downloads for the corresponding tags, you can also find these links on our WordPress.org Plugin Directory “Advanced” page:

  • If you are using BP 9.x and can’t upgrade to 12.5.1, please upgrade to 9.2.4
  • If you are using BP 10.x and can’t upgrade to 12.5.1, please upgrade to 10.6.4
  • If you are using BP 11.x and can’t upgrade to 12.5.1, please upgrade to 11.4.2

BuddyPress 12.5.0 Maintenance Release

Published on May 14th, 2024 by Mathieu Viet

Immediately available is BuddyPress 12.5.0. This maintenance release fixes 8 bugs. We are releasing this new version pretty soon after our latest security release in order to fix 5 regressions introduced by it. Thanks in advance for your understanding.

For details on all changes, please read the 12.5.0 release notes.

Update to BuddyPress 12.5.0 today in your WordPress Dashboard, or by downloading it from the WordPress.org plugin repository.

Many thanks to 12.5.0 contributors 

respawnsive, gingerbooch, boonebgorges, r-a-y, johndawson155, poojasahgalemaralive & imath.

BuddyPress 12.4.1 Security Release

Published on May 1st, 2024 by Mathieu Viet

BuddyPress 12.4.1 is now available. This is a security release. All BuddyPress installations should be updated as soon as possible.

The 12.4.1 release addresses the following security issue:

  • The dynamic Members, dynamic Friends & dynamic Groups blocks were vulnerable to a Stored Cross-Site Scripting. Discovered by Wesley (wcraft) from the Wordfence organization.

This vulnerability was impacting BuddyPress branches from 9.0 to 12.0. It was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.

For complete details, visit the 12.4.1 changelog.

You can get the latest version by clicking on the above button, downloading it from the WordPress.org plugin directory or checking it out from our Subversion repository.

If for a specific reason you can’t upgrade to 12.4.1, we have also ported the security fix to BuddyPress versions going all the way back to branch 9.0. Here’s the list of the available downloads for the corresponding tags, you can also find these links on our WordPress.org Plugin Directory “Advanced” page:

  • If you are using BP 9.x and can’t upgrade to 12.4.1, please upgrade to 9.2.3
  • If you are using BP 10.x and can’t upgrade to 12.4.1, please upgrade to 10.6.3
  • If you are using BP 11.x and can’t upgrade to 12.4.1, please upgrade to 11.4.1

BuddyPress 12.4.0 Maintenance Release

Published on March 25th, 2024 by Mathieu Viet

Immediately available is BuddyPress 12.4.0. This maintenance release fixes 4 bugs, mainly to improve the BP Rewrites API we introduced in 12.0.0. We also exceptionally decided to remove the repair tool about the Members last activity in this minor release (we usually do this kind of changes in major releases).

For details on all changes, please read the 12.4.0 release notes.

Update to BuddyPress 12.4.0 today in your WordPress Dashboard, or by downloading it from the WordPress.org plugin repository.

Many thanks to 12.4.0 contributors 

nhrrob, espellcaste, Slaffik, needle, ahegyes, vapvarun, emaralive & imath.

Skip to toolbar