BuddyPress.org

Hello BuddyPress contributors!

5.0.0-beta2 is available for testing, you can download it here or get a copy via our Subversion repository. This is really important for us to have your feedback and testing help.

Since 5.0.0-beta1:

• We’ve brought some improvements to string i18n into the BP REST API code.
• We’ve also improved the JavaScript function we are making available in this release to ease your clients BP REST API Requests.

5.0.0 final release is approaching!

The Release Candidate (RC) is scheduled on September 16: at this time BuddyPress 5.0.0 will be in a string freeze. It means we won’t change i18n strings anymore for this release to leave enough time to our beloved polyglot contributors to translate BuddyPress into their native languages. If you’re a good english writer or copywriter you can still help us to polish the text we plan to use to inform about the 5.0.0 new features.

If you are still using our Legacy Template Pack and think it’s important to include a Twenty Nineteen companion stylesheet into this release, September 16 is also the deadline to make it happen. Please test, contribute and improve the patch attached to this ticket.

Let’s use the coming days to make sure your BuddyPress plugins or your theme or your specific WordPress configuration are ready for BuddyPress 5.0.0 : we need you to help us help you: please download and test 5.0.0-beta2!

5.0.0 is almost ready (Targeted release date is September 30, 2019), but please do not run this Beta 2 release in a production environment just yet. Let us know of any issues you find in the support forums and/or on our development tracker.

BuddyPress 5.0.0-beta1 is available for testing. You can download it here or get a copy via our Subversion repository. We’d love to have your feedback and testing help.

If your version of WordPress is <= 4.6, we remind you that BuddyPress 5.0.0 will require at least WordPress 4.7.

A detailed changelog will be part of our official release notes, but, until then, here’s a tasty list of some of our favorite changes. (Check out this report on Trac for the full list.)

BP REST API

A BuddyPress developers tool to build awesome community applications or improve the performance of their existing ones. It has been developed as a feature as a plugin from GitHub and we think it’s time to include it in BuddyPress Core.

To help you discover the great powers of this new API, we’re also introducing a new user interface to manage Group members (#8045).

BP Invitations API

This API opens very promising opportunities to BuddyPress developers willing to manage their custom objects invites or membership requests. We’re primarly using it to improve how we handle invitations and requests to join Groups (#6210).

BuddyPress Site Health section

Users requesting for support will soon be able to copy the information of this section to their clipboard to share them with us. This should help our beloved support forum contributors to explain/fix issues faster.

5.0.0 is almost ready (Targeted release date is September 30, 2019), but please do not run this Beta 1 release in a production environment just yet. Let us know of any issues you find in the support forums and/or on our development tracker.

Thanks everyone for all your contributions so far; please help us test and polish the 5.0.0 release so it can be as awesome as possible!

BuddyPress 4.4.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.

The 4.4.0 release addresses two security issues:

• A privilege escalation vulnerability was fixed that could allow user who is not a friend with another user to send him a group invite even though this “another user” has selected to restrict group invites from friends only (This is specific to the BP Nouveau template). Discovered by Yuvraj Dighe.
• An XSS vulnerability was fixed in the single Group’s RSS link meta for group names. Discovered by wxy7174.

These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporters for practicing coordinated disclosure.

BuddyPress 4.4.0 also fixes 2 bugs. For complete details, visit the 4.4.0 changelog.

BuddyPress 4.3.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.

The 4.3.0 release addresses nine security issues:

• A privilege escalation vulnerability was fixed that could allow users to “favorite” activity items to which they do not have read access. Discovered by Yuvraj Dighe.
• A privilege escalation vulnerability was fixed that could allow users to join non-public groups while using the Nouveau template pack. Discovered and reported independently by Yuvraj Dighe and Nam.Dinh.
• A privilege escalation vulnerability was fixed that could allow users to reply to activity items to which they do not have read access. Discovered by Yuvraj Dighe.
• A privilege escalation vulnerability was fixed that could allow users to view private message threads to which they do not have access while using the Nouveau template pack. Discovered by Yuvraj Dighe.
• An XSS vulnerability was fixed in the save routine for group names. Discovered by wxy7174.
• An XSS vulnerability was fixed in the content of activity items. Discovered by Yonatan Offek.
• A privilege escalation vulnerability was fixed that could allow unauthorized users to update certain group settings. Discovered by wxy7174.
• A privilege escalation vulnerability was fixed that could allow unauthorized users to view pending group invites. Discovered by Yuvraj Dighe.
• A privilege escalation vulnerability was fixed that could allow unauthorized users to delete pending group invitations. Discovered by Yuvraj Dighe.

These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporters for practicing coordinated disclosure.

BuddyPress 4.3.0 also fixes 3 bugs. For complete details, visit the 4.3.0 changelog.

To start a new decade of WordCamps in Paris (France), the Parisian organizing team has scheduled their first Contributor Day on April 24th, 2019.

BuddyPress 4.2.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.

The 4.2.0 release addresses two security issues:

• A cross-site scripting (XSS) vulnerability was fixed that could allow users to send malicious code in the content of private messages. Discovered and reported independently by Kieran Munday and Tim Coen.
• A privilege escalation vulnerability was fixed that could allow users to reply to unauthorized private message threads. Discovered by Kieran Munday.

These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporters for practicing coordinated disclosure.

BuddyPress 4.2.0 also fixes 4 bugs. For complete details, visit the 4.2.0 changelog.

Immediately available is BuddyPress 4.1.0. This maintenance release fixes 3 bugs related to last week’s 4.0.0 release, and is a recommended upgrade for all BuddyPress installations.

For complete details on the release, visit the 4.1.0 changelog.

BuddyPress 4.0.0 “Pequod” is now available!

A focus on data privacy and control

BuddyPress boasts a proud history of letting community members and managers control their data, independent of third-party, commercial entities. In this spirit, as well as the spirit of recent regulations like the EU’s General Data Protection Regulation (GDPR), Expanding on some of the tools introduced by WordPress in version 4.9.8, BuddyPress 4.0 introduces a suite of tools allowing users and site admins to manage member data and privacy.

Giving your users greater control over their data

The new “Export Data” Settings panel lets users request an export of all BuddyPress data they’ve created. BuddyPress integrates seamlessly with the data export functionality introduced in WordPress 4.9.8, and BP data is included in exports that are initiated either from the Export Data panel or via WP’s Tools > Export Personal Data interface.

BuddyPress 4.0 also integrates with WordPress 4.9.8’s Privacy Policy tools. When you create or update your Privacy Policy, BP will suggest text that’s specifically tailored to the kinds of social data generated on a BuddyPress site. And will prompt registering users to agree to the Privacy Policy, if your theme supports it.

We’ve also done a complete review of BuddyPress’s cookie behavior, and dramatically reduced the number of cookies needed to browse a BP-powered site – especially for logged-out users. We’re confident that this change will help site owners comply with local privacy regulations.

Nouveau and other improvements

The BuddyPress team has been hard at work improving the Nouveau template pack introduced in BuddyPress 4.0. We’ve improved accessibility, extensibility, and responsiveness on mobile devices.

BuddyPress 4.0 also contains a number of internal improvements that improve compatibility with various version of PHP, fix formatting and content issues when sending emails, and address some backward-compatibility concerns.

Mille grazie

As usual, this BuddyPress release is only possible thanks to the contributions of the community. Special thanks to the following folks who contributed code and testing to the release: Alex Concha (xknown), Ankit K Gupta (ankit-k-gupta), Boone B Gorges (boonebgorges), Brajesh Singh (sbrajesh), Brian Cruikshank (brianbws), Christian Wach (needle), Dinesh Kesarwani (cyberwani), dipeshkakadiya, drywallbmb, dullowl, Eric (eric01), Garrett Hyder (garrett-eclipse), Harshal Limaye (harshall), Hugo (hnla), John James Jacoby (johnjamesjacoby), Marcella (marcella1981), Mathieu Viet (imath), mercime, MorgunovVit, n0barcode, paresh.radadiya (pareshradadiya), Paul Gibbs (DJPaul), Pooja N Muchandikar (pooja1210), r-a-y, Renato Alves (espellcaste), RT77, Ryan Williams (cyclic), Samuel Elh (elhardoum), shubh14, spdustin, suvikki, Stephen Edgar (netweb), thejimmy, vapvarun, Wbcom Designs (wbcomdesigns), Yahil Madakiya (yahil)

This version of BuddyPress is code-named “Pequod” after the famous Pequod’s Pizza in Chicago, where the crust really is caramelized, and the dish really is deep. Buon gusto!

Keep on truckin’

Questions or comments about the release? Visit the buddypress.org support forums, or open a ticket on our bugtracker.

BP 4.0.0 Release Candidate 1 is now available. This package contains the code that we think we’ll ship as BuddyPress 4.0.0 later in November. If you build BuddyPress plugins or themes, you’re encouraged to give the RC a thorough look in a test environment.

Important changes in 4.0.0 include:

• BuddyPress data exporters (for WP 4.9.6+), including a new ‘Export Data’ Settings subtab, where users can request an export from the front end
• Integration into the WordPress privacy policy system (for WP 4.9.6+)
• Improvements to Nouveau and other BP interfaces on mobile devices
• Bug fixes for emails, Nouveau, BP’s nav tools
• Improved compatibility with WP 4.9.x and 5.0

See the 4.0.0 milestone for more info.

Download the 4.0.0 release candidate from wordpress.org: https://downloads.wordpress.org/plugin/buddypress.4.0.0-RC1.zip. As always, remember that this is pre-release software, and we don’t recommend running it on a production site.

BuddyPress 3.2.0 is now available. This is a maintenance release that fixes 25 bugs and is a recommended upgrade for all BuddyPress installations.

Update to BuddyPress 3.2.0 today in your WordPress Dashboard, or by downloading from the wordpress.org plugin repository. For details on the changes, read the 3.2.0 release notes.