A vulnerability was fixed that could allow a privilege escalation from a regular user to Administrator, using the BuddyPress REST API buddypress/v1/members/me endpoint.
A vulnerability was fixed that could allow a member to force a friendship on behalf of another member, using the BuddyPress REST API buddypress/v1/friends endpoint.
A vulnerability was fixed that could allow a member to read private messages in a thread they were not invited to, using the BuddyPress REST API buddypress/v1/messages endpoint.
A vulnerability was fixed that could allow a member to invite another member to join a group without being friends when that group restricted invites to friends only, using BuddyPress Nouveau and the BuddyPress REST API buddypress/v1/groups/invites endpoint.
A vulnerability was fixed that could allow a user that has just been demoted from an Administrator role to a Subscriber to add/edit/delete BuddyPress Member Types from the Administration screens introduced in the 7.0.0 release.
The BuddyPress Team also conducted a comprehensive security audit on all BuddyPress REST API endpoints, which led to:
Improving all permission methods to use a WP_Error object as the default return value.
Fixing unintended behavior allowing any member to edit their own Member Type.
Fixing unintended behavior that allowed any logged in member to list the members of a private group.
Immediately available is BuddyPress 7.2.0. This maintenance release fixes six bugs mainly related to issues when the BP Nouveau Template Pack is used with the Twenty Twenty-One WordPress theme. For details on the changes, please read the 7.2.0 release notes.
For this last day of 2020, we are inaugurating our very first End of Year wrap-up post. We believe it’s a good way to congratulate ourselves (the whole BuddyPress community) about the free & priceless hard work we’ve all put together into our open source project.
There are many ways we are getting involved into BuddyPress and we all know the best way to maintain BuddyPress in the long term is to give some of our spare time to carry on bringing that little piece to the project. Every contribution makes a difference.
Let’s thank us all, the users, the support forum moderators, the documentation writers, the translators, the theme designers, the plugin developers & the BuddyPress Core committers team. We have built great community features all along the 2020 year.
Here are our results:
9 releases (3 more than in 2019)
2 major releases (1 more than in 2019)
7 minor releases (2 more than in 2019)
We’ve fixed 186 tickets, it’s 62% more than in 2019.
The 6.0.0 release (May 2020) was the one which fixed the most tickets for 2 years (89).
Comparing to 2019, we’ve increased the fixed tickets per release average from 14 to 23.
2020 Code contributors
7.0.0 gathered the highest number of contributors for 2 years. We were 55 involved into the making of this release. It’s almost twice the number of contributors the 5.0.0 release got in 2019.
For each release we are an average of 14 contributors per release. In 2019 we were 9 contributors. Contributions to the BuddyPress project grew by 40% in 2020.
Most important spike for 2 years happened in 2020 for the 7.0.0 releases: 34.236 downloads on December 11.
BuddyPress was downloaded more than 1.257.556 times in 2020 (the year is not finished yet 😌).
Making BuddyPress available in as many languages as possible is very important to ensure the best user experience of the plugin features. We are always trying to improve how we credits translators and ease their tasks. During the 6.0.0 release, we’ve reviewed all the strings needing translators comments to explain the meaning of the placeholders we use (e.g.: %s, %d, %1$s, etc.).
We’ve also decided to include, from now on, into major release credits the translation contributor names that have given their times to make sure the development (Trunk) translation is 100% ready once our major releases final string freeze step is over. This work is strategic to BuddyPress users as they will be able to get the new strings translation as soon as they upgrade or install the plugin.
Easing & welcoming code contributions
At the end of 2019, we’ve made available a new plugin to ease beta-testing, this year we’ve added the @wordpress/env package to our development version (Trunk) and wrote a tutorial about how you can easily set up a development environment to play with BuddyPress code thanks to it. We believe it’s an important step towards making contributing to BuddyPress easier and we hope it will increase the number of people getting involved into BuddyPress source code improvements.
Before starting the 7.0.0 development cycle and just like the WordPress Core team does before each major milestone, we’ve published our first “Call for tickets”. We’ll do it before each major release so that you can share with the BuddyPress Core committers the tickets you think should be fixed for the next development cycle. The priorities of the BuddyPress community matter, we encourage you to use this call for tickets to make your voice heard.
Informing BuddyPress Theme & Plugin authors about important changes
During the 6.0.0 development cycle we (re)started to take the time to write developer notes as soon as possible. We also organized these notes into categories according to the version number of the release being built.
Our goals doing so is to limit the risk of “breaking” your active theme or plugins keeping their authors aware of changes they should check before a major release is published. It can also help developers to start working early on extending BuddyPress new features. Please do read these notes and share them with your networks to increase their audience and contribute to cover this risk.
Checking how you use BuddyPress and what are your needs:
BuddyPress surveys are back! BuddyPress is about users: we are very happy we could organize the 2020 survey to get you inputs about your BuddyPress usage and about the specific directions for the plugin we are thinking of for its future.
Introducing new community features to the BuddyPress plugin:
The BP REST API welcomed 6 new endpoints to help you build great interactions from your applications about: Blogs, Blog avatar, Friends, Group Cover Image, Member Cover Image, and User Signups.
5 BuddyPress blocks have landed into the BuddyPress blocks category of your WordPress Block Editor.
New Administration screens to manage BuddyPress Types (Member & Group ones) are now available within your WordPress Dashboard.
Just like Members & Groups, the Blogs component can now enjoy a new default avatar for Sites.
A great 2.0 version of BP WP CLI to help you manage your BuddyPress site right from the command lines.
And many fixes and improvements about the existing features (See 6.0.0 & 7.0.0 release notes)
If one of these projects is interesting you, don’t hesitate to contribute to it.
Based on the discussions the Core Team had during our development meetings (every other Wednesday at 19:00 UTC in #BuddyPress), here’s a list of directions we mostly agree on about:
A fantastic standalone BuddyPress theme.
BuddyPress code reference.
A BuddyPress Attachments component.
Improve ways to get help about & for BuddyPress.
Let’s try to make them concrete in 2021!
Thanks for reading this post and for your involvement in contributing to BuddyPress in 2020. Let’s wish us all a great new year’s eve 🎉. Bye 2020 and Happy 2021, full of great contributions, to the BuddyPress community.
We use to feature BuddyPress usage case studies. These are great ways to share with you how BuddyPress can help you achieve your community site projects reading how other buddies did it. The case study you are about to read now is a bit different. It’s about the steps the lovely BuddyX BuddyPress theme had to take to be widely and freely available from the official WordPress.org theme directory. I’m very happy Varun Dubey took the time to write this guest post to share his experience with all of us. My secret hope is that it will inspire as many BuddyPress Theme authors as possible to do the same 😇.
Varun Dubey is a full-stack WordPress & BuddyPress developer. He’s the co-founder of Wbcom Designs, a WordPress themes and plugins development agency in India. He’s also a regular BuddyPress contributor, we often talk with him about the BuddyPress project during our development meetings (every other Wednesday at 19:00 UTC on Slack), he contributes to our development tasks (testing, reporting issues, patching, documenting, etc..) and he still manage to find time to help you regularly replying to your support topics (661 replies so far!). So, once again, many thanks to him for getting involved with BuddyPress 😍.
So let’s learn more from his experience, here’s what he wanted to share with you about it!
👉 If you’re upgrading from a previous version of BuddyPress, it’s always a good idea to back-up your WordPress database and files ahead of time.
You can review all of the changes in this 7.0.0 release in the release notes. Below are a few of the key features we believe you are going to love!
You can now manage your Member Types and/or Group Types right from your WordPress Dashboard
Playing with BP Types just became much easier! The Member Types and Group Types were primarily introduced in BuddyPress as features for advanced users, just like the WordPress Custom Post Type feature. Thanks to the two new WordPress Administration Screens, adding, editing and deleting Member & Group Types has never been so easy! Now you can set up BP Types using custom code or by simply using the Administration interfaces.
Let’s watch a demo about how it looks like for Member Types!
3 new BP Blocks for your WP Posts & Pages
3 new BP Blocks are now available via your WordPress Editor. From the BuddyPress blocks category of the WordPress Block Inserter, you can pick a BP Block to feature a list of members, a list of groups or embed a public BuddyPress Activity into your post or page. Read more about it in this development note.
Here’s a quick video showing you how to insert a list of Members profile images into your home page.
A default profile image for the sites of your network
The Site Tracking component now has a default profile image it can use to make your Sites loop prettier if some of them have not customized their WordPress Site Icon. Multisite WordPress configurations will be able to find it when displaying the Sites directory. Read more about it in the development note.
BP Nouveau is ready for Twenty Twenty-One 🎨
You love the latest default WordPress Theme, so do we! It’s important for us to make sure the BP Nouveau template pack looks great in the default themes included in the WordPress package. This is the first of the many improvements we are bringing to our default Template Pack.
BP REST API improvements
The Developer documentation has been updated according to the latest improvements we’ve brought to the BuddyPress REST API.
To name two: get the groups the logged in user is a member of, and create a blog when BuddyPress is activated on a network of WordPress sites. Read this development note to learn about all the others.
Improved support for WP CLI
WP-CLI is the command-line interface for WordPress. You can update plugins, configure multisite installs, and much more, all without using a web browser. In 7.0.0, you will be able to use new BuddyPress CLI commands to manage BuddyPress Group Meta, BuddyPress Activity Meta, activate or deactivate the BuddyPress signup feature and create BuddyPress-specific testing code for plugins.
7.0.0 includes more than 70 changes such as image lazy loading support, multiple Member Type assignment, a Docker ready development environment to improve your BuddyPress experience as users, and as contributors to our project.
Many thanks to the 55 contributors who helped us build & translate BuddyPress 7.0.0
7.0.0 is code-named “Filippi” after Filippi’s Pizza Grotto in lovely San Diego, California, USA. The “Grotto” is in the back room of an Italian grocery and butcher shop in Little Italy. Tall pizza lovers will have to watch out for the Chianti bottles hanging from the ceiling, but the red-and-white-checked-tablecloth atmosphere and piled-high pizza is worth it!
Feedback is always welcome 😍
Receiving your feedback & suggestions for future versions of BuddyPress genuinely motivates and encourages our contributors. Please share your feedback about this version of BuddyPress in the comments area of this post. And of course, if you’ve found a bug: please tell us about it into our Support forums.
First, many thanks to all the respondents who participated to this survey 😍. Doing so you contributed to give the BuddyPress Core Team informations about how the plugin is used, could be used and how its usage is evolving. Some of the questions we asked are directions we’re considering for the plugin (eg: Q9, Q10, Q17), so your inputs are very important to us.
As no questions were required, it’s difficult to be 100% accurate about how many people took the survey. So we were at least (we also took the survey 😉) 483 from all over the world as it’s the highest number a question was replied to.
Most of the questions were leaving participants the choice to select more than one reply, this is why if you sum up the percentage results you’ll often find more than 100% 😁.
When we had data about a previous survey we made in 2018, we compared the 2020 results with them and calculated the differences between both years percentages. We thought it could be interesting to see how some results are evolving.
We’ve been working on getting the BP Nouveau Template Pack looks great into the next WordPress default theme “Twenty Twenty-One“. We believe BP Nouveau is now ready to enjoy this awesome theme whether you use its regular or dark mode.
BuddPress 7.0.0 is still slated for release on Wednesday, December 9, and if you haven’t tried 7.0.0 yet, it’s probably your last chance to do so!
Let’s test BuddyPress 7.0.0-RC2 with WordPress 5.6-RC3 to be sure both will be great as soon as they will be released! It’s also important to do so if you want to help us check BP Nouveau’s integration with Twenty Twenty-One is as nice as we think 😉
You can test the 7.0.0-RC2 pre-release in 4 ways :
A detailed changelog will be part of our official release note, but you can get a quick overview by reading the post about the 7.0.0 Beta1 release.
Polyglots contributors, let’s target 100% of translated strings.
Since previous release candidate we’ve reached the string freeze point of the 7.0.0 release schedule, so this one (RC2) does not introduce new strings to translate. Let’s use the days we have left to try to make BuddyPress fully available into your locale as soon as it is released. Thanks in advance for your help.
BuddyPress 6.4.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.
The 6.4.0 release addresses one security issue: non-capable users could add a style attributes to “span” and “p” elements in possible rich text fields of their profile page. The vulnerability has been fixed.
Version 6.4.0 also fixes 7 bugs, including compatibility updates to welcome PHP 8.0 release (Congratulations to all PHP 8.0 contributors!).
This is an important milestone as we progress toward the BuddyPress 7.0.0 final release date. “Release Candidate” means that we think the new version is ready for release, but with more than 200,000 active installs, hundreds of BuddyPress plugins, thousands of WordPress themes, and many possible specific WordPress configurations it’s possible we missed one or more details.
BuddyPress 7.0.0 is slated for release on December 9th, 2020. Do you want to help us get there? Here’s how you can:
You are a WordPress news writer? We’d love you to share this post with your readers: the more testers, the better!
It’s always best to anticipate than having a bad surprise after updating the plugin from your WordPress Dashboard: get involved!
What to expect from BuddyPress 7.0.0
First, note that BP 7.0.0 will require at least version 4.9 of WordPress. Then, read an overview of its top features in the post we published to announce the first beta of 7.0.0. If you would like more detail, you can read our 7.0.0 developer notes.