Skip to:
Content
Pages
Categories
Search
Top
Bottom

BuddyPress 4.2.0 Maintenance and Security Release

Published on February 20th, 2019 by Boone Gorges

BuddyPress 4.2.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.

The 4.2.0 release addresses two security issues:

  • A cross-site scripting (XSS) vulnerability was fixed that could allow users to send malicious code in the content of private messages. Discovered and reported independently by Kieran Munday and Tim Coen.
  • A privilege escalation vulnerability was fixed that could allow users to reply to unauthorized private message threads. Discovered by Kieran Munday.

These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporters for practicing coordinated disclosure.

BuddyPress 4.2.0 also fixes 4 bugs. For complete details, visit the 4.2.0 changelog.

BuddyPress 4.1.0 maintenance release

Published on December 5th, 2018 by Boone Gorges

Immediately available is BuddyPress 4.1.0. This maintenance release fixes 3 bugs related to last week’s 4.0.0 release, and is a recommended upgrade for all BuddyPress installations.

For complete details on the release, visit the 4.1.0 changelog.

BuddyPress 4.0.0 “Pequod”

Published on November 27th, 2018 by Boone Gorges

BuddyPress 4.0.0 “Pequod” is now available!

A focus on data privacy and control

BuddyPress boasts a proud history of letting community members and managers control their data, independent of third-party, commercial entities. In this spirit, as well as the spirit of recent regulations like the EU’s General Data Protection Regulation (GDPR), Expanding on some of the tools introduced by WordPress in version 4.9.8, BuddyPress 4.0 introduces a suite of tools allowing users and site admins to manage member data and privacy.

Screenshot of "Export Data" panel

Giving your users greater control over their data

The new “Export Data” Settings panel lets users request an export of all BuddyPress data they’ve created. BuddyPress integrates seamlessly with the data export functionality introduced in WordPress 4.9.8, and BP data is included in exports that are initiated either from the Export Data panel or via WP’s Tools > Export Personal Data interface.

BuddyPress 4.0 also integrates with WordPress 4.9.8’s Privacy Policy tools. When you create or update your Privacy Policy, BP will suggest text that’s specifically tailored to the kinds of social data generated on a BuddyPress site. And will prompt registering users to agree to the Privacy Policy, if your theme supports it.

We’ve also done a complete review of BuddyPress’s cookie behavior, and dramatically reduced the number of cookies needed to browse a BP-powered site – especially for logged-out users. We’re confident that this change will help site owners comply with local privacy regulations.

Nouveau and other improvements

The BuddyPress team has been hard at work improving the Nouveau template pack introduced in BuddyPress 4.0. We’ve improved accessibility, extensibility, and responsiveness on mobile devices.

BuddyPress 4.0 also contains a number of internal improvements that improve compatibility with various version of PHP, fix formatting and content issues when sending emails, and address some backward-compatibility concerns.

Mille grazie

As usual, this BuddyPress release is only possible thanks to the contributions of the community. Special thanks to the following folks who contributed code and testing to the release: Alex Concha (xknown), Ankit K Gupta (ankit-k-gupta), Boone B Gorges (boonebgorges), Brajesh Singh (sbrajesh), Brian Cruikshank (brianbws), Christian Wach (needle), Dinesh Kesarwani (cyberwani), dipeshkakadiya, drywallbmb, dullowl, Eric (eric01), Garrett Hyder (garrett-eclipse), Harshal Limaye (harshall), Hugo (hnla), John James Jacoby (johnjamesjacoby), Marcella (marcella1981), Mathieu Viet (imath), mercime, MorgunovVit, n0barcode, paresh.radadiya (pareshradadiya), Paul Gibbs (DJPaul), Pooja N Muchandikar (pooja1210), r-a-y, Renato Alves (espellcaste), RT77, Ryan Williams (cyclic), Samuel Elh (elhardoum), shubh14, spdustin, suvikki, Stephen Edgar (netweb), thejimmy, vapvarun, Wbcom Designs (wbcomdesigns), Yahil Madakiya (yahil)

This version of BuddyPress is code-named “Pequod” after the famous Pequod’s Pizza in Chicago, where the crust really is caramelized, and the dish really is deep. Buon gusto!

Keep on truckin’

Questions or comments about the release? Visit the buddypress.org support forums, or open a ticket on our bugtracker.

BuddyPress 4.0.0 Release Candidate 1

Published on November 16th, 2018 by Boone Gorges

BP 4.0.0 Release Candidate 1 is now available. This package contains the code that we think we’ll ship as BuddyPress 4.0.0 later in November. If you build BuddyPress plugins or themes, you’re encouraged to give the RC a thorough look in a test environment.

Important changes in 4.0.0 include:

  • BuddyPress data exporters (for WP 4.9.6+), including a new ‘Export Data’ Settings subtab, where users can request an export from the front end
  • Integration into the WordPress privacy policy system (for WP 4.9.6+)
  • Improvements to Nouveau and other BP interfaces on mobile devices
  • Bug fixes for emails, Nouveau, BP’s nav tools
  • Improved compatibility with WP 4.9.x and 5.0

See the 4.0.0 milestone for more info.

Download the 4.0.0 release candidate from wordpress.org: https://downloads.wordpress.org/plugin/buddypress.4.0.0-RC1.zip. As always, remember that this is pre-release software, and we don’t recommend running it on a production site.

BuddyPress 3.2.0 Maintenance Release

Published on September 14th, 2018 by Paul Gibbs

BuddyPress 3.2.0 is now available. This is a maintenance release that fixes 25 bugs and is a recommended upgrade for all BuddyPress installations.

Update to BuddyPress 3.2.0 today in your WordPress Dashboard, or by downloading from the wordpress.org plugin repository. For details on the changes, read the 3.2.0 release notes.

BuddyPress 3.1.0 Maintenance Release

Published on June 6th, 2018 by @mercime

BuddyPress 3.1.0 is now available. This is a maintenance release that fixes 23 bugs and is a recommended upgrade for all BuddyPress installations.

For more information, see the 3.1.0 milestone on BuddyPress Trac.

Update to BuddyPress 3.1.0 today in your WordPress Dashboard, or by downloading from the wordpress.org plugin repository.

Questions or comments? Check out the 3.1.0 changelog, or stop by our support forums or Trac.

BuddyPress 3.0.0 “Apollo”

Published on May 18th, 2018 by Paul Gibbs

BuddyPress 3.0.0 “Apollo” is now available for immediate download from the WordPress.org plugin repository, or right from your WordPress Dashboard. “Apollo” focuses on various improvement for developers, site builders and site managers.

Say hello to “Nouveau”!

A bold reimagining of our legacy templates, Nouveau is our celebration of 10 years of BuddyPress! Nouveau delivers modern markup with fresh JavaScript-powered templates, and full integration with WordPress’ Customizer, allowing more out-of-the-box control of your BuddyPress content than ever before.

Nouveau provides vertical and horizontal layout options for BuddyPress navigation, and for the component directories, you can choose between a grid layout, and a classic flat list.

Nouveau is fully compatible with WordPress. Existing BuddyPress themes have been written for our legacy template pack, and until they are updated, resolve any compatibility issues by choosing the legacy template pack option in Settings > BuddyPress.

Support for WP-CLI

WP-CLI is the command-line interface for WordPress. You can update plugins, configure multisite installs, and much more, without using a web browser. With this version of BuddyPress, you can now manage your BuddyPress content from WP-CLI.

Control site-wide notices from your dashboard

Site Notices are a feature within the Private Messaging component that allows community managers to share important messages with all members of their community. With Nouveau, the management interface for Site Notices has been removed from the front-end theme templates.

Explore the new management interface at Users > Site Notices.

New profile field type: telephone numbers

A new telephone number field type has been added to the Extended Profiles component, with support for all international number formats. With a modern web browser, your members can use this field type to touch-to-dial a number directly.

BuddyPress: leaner, faster, stronger

With every BuddyPress version, we strive to make performance improvements alongside new features and fixes; this version is no exception. Memory use has been optimised — within active components, we now only load each individual code file when it’s needed, not before.

Most notably, the Legacy Forums component has been removed after 9 years of service. If your site was using Legacy Forums, you need to migrate to the bbPress plugin.

Make mine Apollo’s

In north-east London, Stoke Newington — or Stokey, as it’s affectionately known — is an area awash with newly-opening restaurants, amidst lapping waves of encroaching gentrification. Apollo’s is an authentically Neapolitan pizza place on the High Street, serving fantastically tasty yet uncomplicated pizzas. If you ever find yourself in north London, don’t miss Apollo’s!

BuddyPress 3.0 Beta 2

Published on April 15th, 2018 by Hugo Ashmore

It’s with a huge amount of pleasure and excitement that we’re announcing the Beta 2 release of BP 3.0 today ready for testing and feedback.

BuddyPress 3.0 will be a major milestone release for us and one we’re all really excited about, it’s been a long time coming but finally we are close to releasing the first template pack for BP, this is a completely new ‘theme’ or set of template files and functionality designed to replace bp-legacy which has served us so well since it’s inception way back in the major release of 1.7 where we introduced ‘Theme Compatibility’, and we’re all really eager for any feedback during these beta phases you may grab a copy of our beta1 release here to test with.

Nouveau – as our new template pack has been named – provides an all new clean set of markup files, refactored from the ground up to be semantic and accessible. Styles are re-written and provided as Sass partials for developers if wanting to build out new packs. A lot of core functionality for components has been re-written and re-located to be sourced from include files by component in the template directory which allows even easier access to modify functions by overloading to a new theme or child theme. Our major loops, members, activity etc have been re-factored to run under Backbone for a smooth Ajax experience and indeed all the Javascript functionality is re-written to be far more modular than it was before and has a far better modern feel to it’s structuring.

For the first time we have brought in the Customizer to provide user option choices and a range of layout configurations may be selected. In our initial offering we have provided various layout options for the main BP navigation elements allowing for vertical navs or horizontal, tab effect where suitable. for the component loops such as members, Groups we provide an option to display in a grid layout & at row quantity options or simply as a flat classic list layout.

While we are really excited about Nouveau 3.0 also has many other improvements to offer and you can view a list of all closed tickets for 3.0

As always your feedback and testing is an invaluable part of our releases, helping us to catch any last minute bugs.
You can download the beta release for testing at downloads.wordpress.org and install on a local copy of WordPress ( please remember this is a beta release and should not be run on an active production site). Any issues found can be reported on our Trac by creating a new ticket

If you’re a developer comfortable with SVN you might like to checkout a development copy which you can do from this link patches can be submitted to existing tickets or issues found reported on a new ticket.

Further guidance on contributing to BuddyPress is covered on our Contributor guidelines page in our Codex

10 years

Published on March 25th, 2018 by John James Jacoby

In 2008 (just 10 short years ago) Andy Peatling made the very first code-commit to the newly adopted BuddyPress project, joining bbPress, GlotPress, and BackPress at the time. As most of you can probably imagine, BuddyPress was a different piece of software back then, trying to solve a completely different decade’s worth of problems for a completely different version of WordPress.

BuddyPress was multisite only, meaning it did not work on the regular version of WordPress that most people were accustomed to installing. It needed to completely take over the entire website experience to work, with a specific theme for the primary part of your site, and blog themes for user profiles and everything else.

There was a lot to love about the original vision and version of BuddyPress. It was ambitious, but in a clever kind of way that made everyone tilt their heads, squint their eyes, and ponder what WordPress was capable of. BuddyPress knew exactly what it was trying to do, and owned it without apologies.

It touted itself as a “Social Network in a box” at a time when MySpace was generating 75.9 million unique visitors per month, so if you couldn’t imagine how different BuddyPress may have been before, imagine how excited everyone was at the idea of owning their own MySpace.

Since then, Andy invited BoonePaul, and me to help lead the project forward, and in-turn we’ve invited several other prolific BuddyPress contributors to help with every aspect of the project, website, design, and so on.

The BuddyPress team has grown in a few different ways. Most recently, we’ve added Renato Alves to the team to help with WP-CLI support. Renato is a long-time contributor who stepped up big-time to really own the WP-CLI implementation and finally see it through to the end.

Slava Abakumov lead the 2.8 release, and we finally met in person for the very first time just last week at WordCamp Miami. He’s another long-time contributor who has always had the best interests of the project in mind and at heart.

Laurens Offereins has been helping fix BuddyPress bugs and work on evolving features since version 2.1, and while we haven’t met in person yet, I look forward to it someday!

Stephen Edgar (who you may recognize from bbPress) also works a bit on BuddyPress, largely around tooling & meta related things, but he’s fully capable and will jump in and help anywhere he can, be it the forums or features.

Mercime would prefer I not blather on endlessly here about how important she is, or how much I appreciate her, or anything like that, so please forget I mentioned it.

Hugo Ashmore has spent the past 2 years completely rebuilding the default template pack. This is an absolutely huge undertaking, and everyone is really excited about sunsetting ye olde bp-legacy.

Tammie Lister has moved on to work on the enormously important and equally ambitious Gutenberg project. Tammie is wonderful, and doing a great job crafting what the future of democratizing publishing is.

Lastly, a few of our veteran team members took sabbaticals from contributing to BuddyPress in the past few years, which I see as an opportunity to return with fresh ideas and perspectives, or maybe moving onto new & exciting challenges. This is a good, healthy thing to do, both for oneself and the project. Space makes the heart grow fonder, and all that.


A small aside but worth saying here & now, is that leading an open-source project is everything you think it is (or maybe have read already that it is) and like a million other things that are hard to understand until you understand. The one constant (and subsequently the hardest and funnest part) is how to provide opportunities for personal growth, without prohibiting contributions, while also doing what’s best for the greater vision of the project itself, amongst a completely remote group of bespoke volunteers. I think Paul, Boone, and I do OK at this, but we are always learning and adjusting, so please reach out to us if there is anything we can do differently or better.


BuddyPress is my personal favorite piece of software. It’s my favorite community. I wake up excited every day because of what it can do and who it does it for. Put another way, I love what we make it do and who we make it for: ourselves, one another, each other, and you.

Cheers to 10 years, and here’s to another 10!

BuddyPress 2.9.3 Security and Maintenance Release

Published on January 26th, 2018 by Boone Gorges

BuddyPress 2.9.3 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible.

The 2.9.3 release addresses two security issues:

  • A dynamic template loading feature could be used in some cases for unauthorized file execution and directory traversal. Reported by James Golovich.
  • Some permissions checks and path validations in the attachment deletion process were hardened. Reported by RIPSTech and Slava Abakumov of the BuddyPress security team.

These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to all reporters for practicing coordinated disclosure.

In addition, 2.9.3 includes a change that fixes the ability to install legacy bbPress 1.x forums. Please note that legacy forum support will be removed altogether in BuddyPress 3.0; see the announcement blog post for more details.

Skip to toolbar