Skip to:
Content
Pages
Categories
Search
Top
Bottom

BuddyPress 12.4.1 Security Release

Published on May 1st, 2024 by Mathieu Viet

BuddyPress 12.4.1 is now available. This is a security release. All BuddyPress installations should be updated as soon as possible.

The 12.4.1 release addresses the following security issue:

  • The dynamic Members, dynamic Friends & dynamic Groups blocks were vulnerable to a Stored Cross-Site Scripting. Discovered by Wesley (wcraft) from the Wordfence organization.

This vulnerability was impacting BuddyPress branches from 9.0 to 12.0. It was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.

For complete details, visit the 12.4.1 changelog.

You can get the latest version by clicking on the above button, downloading it from the WordPress.org plugin directory or checking it out from our Subversion repository.

If for a specific reason you can’t upgrade to 12.4.1, we have also ported the security fix to BuddyPress versions going all the way back to branch 9.0. Here’s the list of the available downloads for the corresponding tags, you can also find these links on our WordPress.org Plugin Directory “Advanced” page:

  • If you are using BP 9.x and can’t upgrade to 12.4.1, please upgrade to 9.2.3
  • If you are using BP 10.x and can’t upgrade to 12.4.1, please upgrade to 10.6.3
  • If you are using BP 11.x and can’t upgrade to 12.4.1, please upgrade to 11.4.1

BuddyPress 12.4.0 Maintenance Release

Published on March 25th, 2024 by Mathieu Viet

Immediately available is BuddyPress 12.4.0. This maintenance release fixes 4 bugs, mainly to improve the BP Rewrites API we introduced in 12.0.0. We also exceptionally decided to remove the repair tool about the Members last activity in this minor release (we usually do this kind of changes in major releases).

For details on all changes, please read the 12.4.0 release notes.

Update to BuddyPress 12.4.0 today in your WordPress Dashboard, or by downloading it from the WordPress.org plugin repository.

Many thanks to 12.4.0 contributors 

nhrrob, espellcaste, Slaffik, needle, ahegyes, vapvarun, emaralive & imath.

BuddyPress 12.3.0 maintenance release

Published on February 22nd, 2024 by Mathieu Viet

Immediately available is BuddyPress 12.3.0. This maintenance release fixes 7 bugs. The most serious one was happening when a community member requested an email address change from her/his front-end profile: the link to verify the request validity was not generated the right way. This bug is only concerning versions 12.0.0 to 12.2.0. It was reported 12 hours ago and we decided to quickly build this maintenance release to fix it as soon as possible.

For details on all changes, please read the 12.3.0 release notes.

Update to BuddyPress 12.3.0 today in your WordPress Dashboard, or by downloading it from the WordPress.org plugin repository.

Many thanks to 12.3.0 contributors 

yagniksangani, johnjamesjacoby, r-a-y, vapvarun, testovacemaralive & imath.

BP Classic 1.4.0

Published on February 21st, 2024 by Mathieu Viet

Dear end users & site owners,

Please note BP Classic 1.4.0 is now available for upgrade/download. 1.4.0 is a maintenance release of the BuddyPress backwards compatibility Add-on helping you to stay classic so that you can carry on:

  • enjoying 3rd party BP plugins / themes that are not ready yet for the modern BuddyPress (12.0.0 & up);
  • and / or using the deprecated BuddyPress Legacy widgets;
  • and / or using the deprecated BP Default theme.

Only 1 issue has been fixed: the bbPress topics/replies pagination should now behave as expected with BuddyPress 12.0 & up (See #44)

Please upgrade!

BP Classic 1.3.0

Published on January 24th, 2024 by Mathieu Viet

Dear end users & site owners,

Please note BP Classic 1.3.0 is now available for upgrade/download. 1.3.0 is a maintenance release of the BuddyPress backwards compatibility Add-on helping you to stay classic so that you can carry on:

  • enjoying 3rd party BP plugins / themes that are not ready yet for the modern BuddyPress (12.0.0 & up);
  • and / or using the deprecated BuddyPress Legacy widgets;
  • and / or using the deprecated BP Default theme.

What about 1.3.0 changes?

4 issues have been fixed:

  • Switch to BP root blog when migrating directories if necessary (See #33).
  • Make sure BP Tooltips are used in Legacy widgets (See #35 & #39).
  • Use a npm script to get BP Default (See #37).
  • Improve how we check BP Nouveau is the current BP Template Pack in use (See #41)

Please upgrade!

BuddyPress 12.2.0 Maintenance Release

Published on January 23rd, 2024 by Mathieu Viet

Immediately available is BuddyPress 12.2.0. This maintenance release fixes four bugs. One of them was pretty annoying for users first activating BuddyPress with version 12.1.1. In this particular case, the 12.0 deprecated code wasn’t loaded which could cause nasty errors with 3rd party BP plugins / themes not ready yet for the modern BuddyPress (12.0.0 & up). That’s the reason why we’ve been working hard and as fast as possible to quickly wipe this bug.

For details on all changes, please read the 12.2.0 release notes.

Update to BuddyPress 12.2.0 today in your WordPress Dashboard, or by downloading it from the WordPress.org plugin repository.

Many thanks to 12.2.0 contributors 

 jnie, roberthemsing, vapvarun, emaralive, & imath.

BuddyPress 12.1.1 Maintenance & Security release

Published on January 16th, 2024 by Mathieu Viet

BuddyPress 12.1.1 is now available. This is a security and maintenance release. Please update your BuddyPress as soon as possible.

The 12.1.1 release addresses the following minor security issue:

  • Using the Cover Image group’s REST API Endpoints, it was possible to a non member of private/hidden group to get the corresponding group Cover Image URL. Discovered by Colin Xu.

This vulnerability was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.

BuddyPress 12.1.1 also fixes 10 bugs. For complete details, visit the 12.1.1 changelog.

You can get the latest version by clicking on the above button, downloading it from the WordPress.org plugin directory or checking it out from our Subversion repository.

Many thanks to 12.1.1 contributors 

 sabernhardt, emaralive, shawfactor, strategio, vapvarun, perchenetimath.

BuddyPress 12.0.0 “Nonno”

Published on December 11th, 2023 by Mathieu Viet

We’re very excited to announce the immediate availability of BuddyPress 12.0.0 “Nonno”, named after the excellent pizza restaurant located in the 15th arrondissement of Paris, France. Get it now from the WordPress.org plugin repository, or right from your WordPress Dashboard.

It took the BuddyPress Team almost a year to finish baking the 100 changes to perfection, write the user & developer documentation resources and build the backward compatibility Add-on that make up our second major release of 2023.

One of these changes is probably the largest shift we have made since BuddyPress was born 15 years ago.

Our new BP Rewrites API solves a 10-year-old issue and allows BuddyPress to comply with the WordPress way of generating rules to analyze requested URLs and route the visitor to the right site content: the WP Rewrite API. Though we have tried to minimize the changes required for BuddyPress plugins and themes to preserve backward compatibility, the following two constraints couldn’t be worked around:

  • WordPress fully analyzes a URL later in the load process than our BP Legacy URL parser
  • Supporting plain permalinks & customizable slugs required us to completely rethink the way we build BuddyPress URLs

Because of these insurmountable limitations, we chose to build the BP Classic Add-on to extend backward compatibility until all of the plugins you use on your site have been updated to use the new system. If you are using one or more third party BuddyPress plugins that have not been updated for the last 4 months or if you are still using the BP Default theme (which was deprecated 10 years ago), we strongly advise you to download and activate BP Classic before upgrading to 12.0.0.

The first step for a Modern BuddyPress

The BP Rewrites API is a massive revolution opening the way for a progressive BuddyPress evolution. Based on 10 years of experience gained through hard work, we are beginning to reimagine what it means to organize and manage communities within WordPress. Here are the immediate benefits of this new API:

  1. You can customize each piece of any URL generated by BuddyPress to better reflect your unique community using the new URLs settings screen.
  2. Pretty or plain, BuddyPress just works no matter which option you choose for your permalink settings.
  3. Routing BuddyPress URLs is faster, more reliable, extensible, testable and fully compliant with WordPress best practices.

A new “members only” community visibility level

We’ve heard from BuddyPress end-users that being able to easily restrict access to their community is a necessary feature. And, thanks to the BP Rewrites API, we are now able to make this possible. With this first iteration, a site admin can now choose whether the community is fully public or is only accessible to logged-in members. In future versions, we hope to add granularity to this choice, so that community administrators can choose to highlight their members but share activities only inside the community’s “gates,” for example.

BP Nouveau is ready for Twenty Twenty-Four

The BP Nouveau template pack has been improved to better support Block Themes in general and Twenty Twenty-Four in particular. As shown in the above screen capture, our default template pack now includes a new Priority Navigation feature.

Many thanks to 12.0.0 contributors

awol, Bernhard Kaindl (bkaindl), Ben Roberts (bouncingsprout), Boone B Gorges (boonebgorges), btwebdesign, Scott Reilly (coffee2code), corzel, Dan Caragea (dancaragea), David Cavins (dcavins), Diabolique, Heikki Paananen (dj-basstone), Paul Gibbs (DJPaul), emaralive, Fanly, fawp, Fernando Tellado (fernandot), Ian Dunn (iandunn), iamthewebb, Mathieu Viet (imath), itapress, Jason Rouet, John James Jacoby (johnjamesjacoby), Michal Janata (kalich5), koen Huybrechts (koenhuybrechts) Lena Stergatou (lenasterg), Lidia Pellizzaro (lidialab), magland, Makoto Akai (makoto-a), Mehraz Morshed (mehrazmorshed), Mike Witt (mike80222), Pieterjan Deneys (nekojonez), Nifty (niftythree), Nilo Velez (nilovelez), Plugin Devs, Peter Smits (psmits1567), r-a-y, Rajin Sharwar (rajinsharwar), raviousprime, Renato Alves (espellcaste), Shail Mehta (shailu25), shawfactor, Slava Abakumov (slaFFik), sjregan, teeboy4real, Upadala Vipul (upadalavipul), Varun Dubey (vapvarun).

Your feedback

Receiving your feedback and suggestions for future versions of BuddyPress genuinely motivates and encourages our contributors. Please share it 🙏

Thanks a lot for using BuddyPress 😍

Let’s celebrate “Nonno”

Just like BuddyPress, “Nonno” (which means grandfather) has been around for 15 years, its team is very welcoming, caring and friendly; each of its members is committed to offering the best service and delivering the best tasting pizzas of the highest quality to customers. It’s the perfect place to entertain and have good times with your friends, family, or coworkers.

Enjoy BuddyPress “Nonno”

BuddyPress 12.0.0 Release Candidate

Published on November 28th, 2023 by Mathieu Viet

The first release candidate (RC1) for BuddyPress 12.0.0 is now available!

This version of the BuddyPress software is a development version. Please do not install, run, or test this version of BuddyPress on production or mission-critical websites. Instead, it’s recommended that you evaluate 12.0.0-RC1 on a test server and site.

Reaching this phase of the release cycle is an important milestone. While release candidates are considered ready for release, testing remains vital to ensure that everything in BuddyPress 12.0.0 is the best it can be.

You can test WordPress 12.0.0-RC1 in four ways:

The current target for the BuddyPress 12.0.0 release is December 6, 2023. Get an overview of the 12.0.0 release cycle, and check the BP Development updates blog for 12.0.0 related posts.

What’s new in 12.0.0-RC1 ?

  • We made three new improvements to the BP Nouveau template pack:
    • Member and Group loop entries are now more consistent (see #9025)
    • A group’s excerpt in a loop is now “really” truncating the Group’s description when it exceeds 225 characters (see #9024).
    • We have made the member’s cover header action buttons behave more consistently (see #9023)
  • We also added other improvements to this template pack to welcome the Twenty Twenty-Four WordPress theme, including a new Priority Navigation feature (See #9030).

12.0.0 Highlights

The BP Rewrites API (a massive change!)

  • Site Administrators now have a full control over all BuddyPress-generated URLs. They can choose slugs (portions of URLs) that reflect their community, using localized language or special terms that are more meaningful to their members. All also means that URLs generated by third-party BuddyPress Add-ons using the BP Rewrites API will be editable.
  • BuddyPress is fully compatible with plain URL permalinks.
  • Parsing BuddyPress URLs is fastermore reliable, extensible, testable and fully compliant with WordPress best practices.
  • Please note that if some of your BP plugins are not ready yet for this new API we have you covered thanks to this backwards compatibility plugin.

A new community visibility level: Members only

Thanks to the BP Rewrites API, we were able to give site admins a choice as to whether their community should be fully public or only accessible by logged-in members. In future versions, we hope to add granularity to this choice, so that community administrators can choose to highlight their members but share activities only inside the community “gates” for example. 

Ways to contribute

BuddyPress is open source software made possible by a community of people collaborating on and contributing to its development.

Get involved in testing

Testing for issues is critical to developing the software and ensuring its quality. It’s also a meaningful way for anyone to contribute—whether you have coding experience or not.

If you think you’ve found a bug, you can share it with us replying to this support topic or if you’re comfortable writing a reproducible bug report, file one on BuddyPress Trac.

Help translate BuddyPress

Do you speak a language other than English? Help us translate BuddyPress into as many languages as possible! This release also marks the string freeze point of the 12.0.0 release schedule.

BP Classic 1.2.0

Published on November 21st, 2023 by Mathieu Viet

Dear end users & site owners,

Never heard about BP Classic? You should read the Add-on’s first version announcement post. Please note version 1.2.0 is now available for upgrade/download.

What about 1.2.0 changes?

3 issues have been fixed:

  • Avoid a type mismatch issue during the migration process (See #27).
  • Only check once BuddyPress current config & version are ok (See #28).
  • Make sure the migration script is run on Multisite (See #31).

Many thanks to the contributors who helped BP Classic be ready for the next BP major release (12.0.0)

@imath @emaralive

NB: BuddyPress 12.0.0 is still under development (final release is scheduled to December 6). You can contribute to BP Classic to check it makes sure the third party plugins – not ready yet for the BP Rewrites API (to be introduced in 12.0.0) – you are using will behave as expected thanks to this backwards compatibility add-on. To do so simply test it & your BP plugins with the BP 12.0.0-beta4 pre-release and report issues adding a reply to this topic.

Please upgrade!

Skip to toolbar