BuddyPress 14.2.1 is now available. This is a maintenance & security release. All BuddyPress installations should be updated as soon as possible.
The 14.2.1 release addresses the following security issue:
The “Take Photo” feature (which uses the logged in user’s Webcam to capture their profile photo) was vulnerable to an authenticated (Subscriber+) directory traversal. Discovered by Domons from the Wordfence organization.
This vulnerability was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.
14.2.1 also fixes 3 bugs introduced in 14.0.0:
Groups: move the invite_status group meta check out of the groups_join_group() function (see #9241).
Administration: use the components right labels into the BP site health info panel (see #9237)
Administration: resolve Multiple Issues with the BP constants site health info panel (see #9245)
If for a specific reason you can’t upgrade to 14.2.1, we have also ported the security fix to BuddyPress versions going all the way back to branch 11.0. Here’s the list of the available downloads for the corresponding tags, you can also find these links on our WordPress.org Plugin Directory “Advanced” page:
If you are using BP 11.x and can’t upgrade to 14.2.1, please upgrade to 11.4.3
If you are using BP 12.x and can’t upgrade to 14.2.1, please upgrade to 12.5.2
We’re very excited to announce the immediate availability of BuddyPress 14.0.0 « Da Lucia », named after the excellent pizza restaurant located in the 15th arrondissement of Paris, France. Get it now from the WordPress.org plugin repository, or right from your WordPress Dashboard.
This new major version of your site’s community engine introduces around 80 changes mostly working under the hood to improve documentation, code formatting, consistency and the stability of the plugin. Here are five improvements we would like to highlight:
There’s a new “BuddyPress constants” panel added to the WordPress Site Health information tool. Use it to check whether you’re using deprecated constants in your custom code or third party BP Plugins/Add-ons. The information in the “BuddyPress” and “BuddyPress constants” panels is also very useful when you need to ask for support.
Most BuddyPress Admin screens now have a help tab in their top right corner which includes a link to an updated documentation resource.
Whether BuddyPress is installed on a multisite network or on a single site, signups are now managed the exact same way.
Speaking of signups, the BP REST API has been improved so that you can now submit values for any xProfile field registered as part of the Signups profile field group.
Last but not least, we again offer native support for overriding BuddyPress’s language with your community vocabulary using custom translations.
Take a few minutes to discover all changes reading this release note.
Compared to our previous major version (12.0.0 – the number right after was too intimidating 🐈⬛), 14.0.0 is a quieter update. After the huge BP Rewrites API revolution, the humans (us the BP Team) who maintain and support your favorite community plugin needed to catch their breath to get ready for the new round of big changes arriving in 15.0.0.
Let’s keep in mind BuddyPress is an open source project maintained by volunteers giving freely of their time and energy to help you build great WordPress community sites. Don’t hesitate to send us some encouraging words and please consider contributing back to the project.
47 contributors freely gave some of their time & energy to build the 14.0.0 release 😍
How are you using BuddyPress? Receiving your feedback and suggestions for future versions of BuddyPress genuinely motivates and encourages our contributors. Please share your feedback about this version of BuddyPress on our website.
Let’s meet at « Da Lucia’s » !
BuddyPress is about people! The BuddyPress team is made up of friendly folks from all around the world. We meet online every week during a release cycle but when we manage to meet IRL during a WordCamp, a BuddyCamp or just because we’re around at the same time we absolutely need to celebrate it with a great 🍕. Da Lucia’s will, from now on, be remembered as the great pizza restaurant where @vapvarun & @imath, two members of the BP Team, met IRL for the first time 🤝 😂.
Props @dcavins for his review about this announcement post.
“Release Candidate” means that we think the new version is ready for release, but with the many possible specific WordPress configurations, hundreds of BuddyPress plugins and Thousands of WordPress themes, it’s possible something was missed.
BuddyPress 14.0.0 is slated for release on July 12, 2024, and your help is needed to get there — if you haven’t tried 14.0.0 yet, doing it now is a great idea!
You can test the 14.0.0-RC pre-release in 5 ways :
A detailed changelog will be part of our official release note, but you can get a quick overview by reading the post about the 14.0.0 Beta1 release.
Plugin and Theme Developers
Please test your plugins and themes against BuddyPress 14.0.0. If you find compatibility problems, please be sure to post to this specific support topic so we can figure those out before the final release. We strongly advise you to have a look at the 14.0.0 developer notes to figure out what to focus on during your testing.
If you think you’ve found a bug, you can share it with us replying to this support topic or if you’re comfortable writing a reproducible bug report, file one on BuddyPress Trac.
Improve how BP extends the WP Theme Support for BP Standalone Themes (see r13932)
Email template footer: use an escape function allowing to output links (see r13933).
i18n: bring back custom locations for translation files (see r13936).
Manage BP specific WP List Tables pagination from a central function (see r13937).
Adds missing /* translators */ inline comments (see r13938)
If you haven’t tested our 3 previous beta release, here’s a fresh opportunity to helped us build 14.0.0. Whether you’re a new, regular or advanced user, a theme designer or a plugin author: we really need you to beta test our next major release, please contribute!
The current target for final release is: July 8, 2024.
The BuddyPress contributors have been hard at work baking our next release, version 14.0.0. This release is all about code modernization, focusing on these areas:
Adding BuddyPress information to the WordPress Site Health reporting tool.
Many code improvements bringing the BP code base more in line with WordPress Coding Standards.
Even more code improvements bringing the BP code base in line with PHPDoc Standards.
Treating Signups the same way whether BuddyPress is installed on a multisite network or on a single site.
Allow group moderators to… moderate content in groups! This sounds obvious, but we’ve finally given site admins the opportunity to grant all the power to group moderators.
Preparing to bring new BuddyPress features playing nice with BuddyPress standalone themes using a second argument to current_theme_supports( 'buddypress', [ 'component', 'feature'] ).
Laying the groundwork for supporting PHP 8.3 by adding this version to our continuous integration testing routine.
Starting a whole new documentation project! We’re reviewing every doc about BuddyPress and migrating the necessary information to an all-new docs repository. (This is going to be amazing!).
We are excited for you to try our new release. Please run it through its paces, and let us know what problems you run into! Thanks for your help in crafting the best release we can build.
BuddyPress 12.5.1 is now available. This is a security release. All BuddyPress installations should be updated as soon as possible.
The 12.5.1 release addresses the following security issue:
The Members block was vulnerable to a Stored Cross-Site Scripting. Discovered by Wesley (wcraft) from the Wordfence organization.
This vulnerability was impacting BuddyPress branches from 9.0 to 12.0. It was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.
If for a specific reason you can’t upgrade to 12.5.1, we have also ported the security fix to BuddyPress versions going all the way back to branch 9.0. Here’s the list of the available downloads for the corresponding tags, you can also find these links on our WordPress.org Plugin Directory “Advanced” page:
If you are using BP 9.x and can’t upgrade to 12.5.1, please upgrade to 9.2.4
If you are using BP 10.x and can’t upgrade to 12.5.1, please upgrade to 10.6.4
If you are using BP 11.x and can’t upgrade to 12.5.1, please upgrade to 11.4.2
Immediately available is BuddyPress 12.5.0. This maintenance release fixes 8 bugs. We are releasing this new version pretty soon after our latest security release in order to fix 5 regressions introduced by it. Thanks in advance for your understanding.