Published on November 11th, 2015 by Boone Gorges
Published on October 29th, 2015 by Paul Gibbs
BuddyPress 2.3.5 is now available.
This is a security release for all previous versions. All BuddyPress installations are strongly encouraged to upgrade immediately.
BuddyPress versions 2.3.4 and earlier are subject to a vulnerability that may allow privilege escalation for logged-in users. We have no evidence that this bug has ever been exploited in the wild, but we’re eager to make sure that it is not.
The vulnerability was discovered and reported by Slava Abakumov, and the fix was prepared by the BuddyPress team. Thanks to Slava for responsibly reporting the issue.
If your WordPress site supports automatic background updates, then your BuddyPress installation should update automatically, probably by the time you’ve read this blog post.
We always encourage users to run the latest version of BuddyPress. But for those sites that cannot update to the 2.3.x series for whatever reason, we’re simultaneously releasing version 2.0.4, 2.1.2, and 2.2.4, which include the fix for the vulnerability. You can download these packages manually from https://wordpress.org/plugins/buddypress/developers/.
Questions or comments? Stop by the buddypress.org support forums.
Published on October 22nd, 2015 by imath
BuddyPress 2.4.0 Release Candidate 1 is now available for testing. Please download the 2.4.0-rc1 zip or get a copy via our Subversion repository. If you are a plugin or theme developer, or are running a BuddyPress powered site with a development environment available, your help testing is greatly appreciated.
A detailed changelog will be part of our official release notes, but check out the 2.4.0 Beta 1 post for the rundown of our favourite changes until then.
Let us know of any issues you find in the support forums and/or on our development tracker.
Published on October 7th, 2015 by Paul Gibbs
BuddyPress 2.4.0 Beta 2 is available for testing. Please download the 2.4.0-beta2 zip or get a copy via our Subversion repository. If you are a plugin or theme developer, or are running a BuddyPress powered site with a development environment available, we’d love to have your help with testing.
Some improvements we’re introducing in this release are involving changes to our Template Pack. If you are partially or completely overriding it within your theme, we strongly recommend you to test and get ready to update your templates (if necessary) when 2.4.0 is released. If you are still using WordPress 3.6 or 3.7, we remind you BuddyPress 2.4.0 will require at least WordPress 3.8.
A detailed changelog will be part of our official release notes, but until then, here’s a rundown of some of our favourite changes. (Check out this report on Trac for a more detailed view.)
- Accessibility: we’ve made great improvements about this important topic in our Template Pack.
- Members Type & xProfile fields: you will be able to restrict profile fields to specific member types.
- Cover Images for Members and Groups are arriving in 2.4.0 and they are bringing very nice improvements to our BP Attachment API. Developers, make sure to give a look at this codex page.
- New companion stylesheets: Twenty Thirteen and Twenty Sixteen (to be shipped with WordPress 4.4).
- Groups single items: you can now customise their front page according to the ID/Slug of the Groups or their status thanks to a specific Template Hierarchy.
- Continued object & query cache enhancements.
- Tons of under-the-hood improvements.
- Continued coverage of inline code documentation, actions, & filters.
2.4.0 is almost ready, but please do not run it in a production environment just yet. Let us know of any issues you find in the support forums and/or on our development tracker.
Thanks everyone for all your contributions, and we are excited to release BuddyPress 2.4.0 very soon!
Published on August 27th, 2015 by John James Jacoby
BuddyPress 2.3.4 is now available. This is a maintenance release and all BuddyPress installations are recommended to upgrade as soon as possible.
The release fixes a handful of bugs that were introduced in the 2.3 series, and improves support for administration changes made in WordPress 4.3.
Update to BuddyPress 2.3.4 today in your WordPress Dashboard, or by downloading from the wordpress.org plugin repository. Questions or comments? Check out 2.3.4 changelog, or stop by our support forums or Trac.
Published on August 4th, 2015 by Paul Gibbs
BuddyPress 2.3.3 is now available. This is an important maintenance and security release for the 2.3 branch of code, and all BuddyPress installations are recommended to upgrade as soon as possible.
BuddyPress Messages, while off by default, is a component that’s frequently enabled to allow members to communicate privately with each other. A vulnerability was responsibly disclosed to the BuddyPress team that could allow members to manipulate a failed private outbound message and inject unexpected output to the browser. This vulnerability was reported by Krzysztof Katowicz-Kowalewski. The BuddyPress team independently discovered and fixed related vulnerabilities with the messages component that could allow for carefully crafted private message content to be rendered incorrectly to the browser.
This release also includes fixes for several other bugs introduced in the 2.3 series, and improves support for administration changes made in WordPress 4.3.
Update to BuddyPress 2.3.3 today in your WordPress Dashboard, or by downloading from the wordpress.org plugin repository.
Questions or comments? Check out 2.3.3 changelog, or stop by our support forums or Trac.
Published on June 18th, 2015 by Boone Gorges
This Saturday August 8th, Brighton (UK) hosts the first-ever European BuddyPress conference — BuddyCamp Brighton! Tickets are still available, so get yours now and check out the schedule.
BuddyCamp Brighton is a friendly one-day conference, like a WordCamp, but as you can guess from the name, BuddyCamp Brighton is a conference focused on BuddyPress.
Tickets are strictly limited, so if you can get down to Brighton, and want to learn more about BuddyPress, don’t hesitate; get your ticket today! See you there!
We have a great group of European speakers who are notable within the BuddyPress community. For example, we have translation volunteers attending, members of the BuddyPress core team, long-term contributors, people who build or run BuddyPress site, BuddyPress plugin developers, and BuddyPress theme developers.
If you want to learn more about BuddyPress and walk away as a power user, or meet many of the team and contributors behind the project, and share your knowledge with other enthusiasts, then BuddyCamp is perfect for you!
Published on June 8th, 2015 by imath
BuddyPress 2.3.2 is now available. This is an important maintainance and security release for the 2.3 series, and all BuddyPress installations are recommended to upgrade as soon as possible.
BuddyPress 2.3.0 introduced a vulnerability that could allow an unauthenticated user to view the subject lines of a BP user’s private messages by manipulating an AJAX request. This vulnerability was reported by Mike Saunders. The BuddyPress team independently discovered and fixed a related vulnerability that could allow an authenticated user to view the subject lines of a different user’s private messages, also by manipulating an AJAX request.
This release also includes fixes for four bugs introduced in the 2.3 series.
Update to BuddyPress 2.3.2 today in your WordPress Dashboard, or by downloading from the wordpress.org plugin repository.
Questions or comments? Check out 2.3.2 changelog, or stop by our support forums or Trac.
Published on June 5th, 2015 by John James Jacoby
The first WordCamp Lyon took place last Friday, June 5th, on a large houseboat called “The Platform”. I do not know if any WordCamp has ever been held on a houseboat before. But if there is none in the history of WordCamps, then #wplyon (the even’ts official hashtag) was the first ever floating WordCamp!
For 40 minutes, we set sail for BuddyPress and I was the “captain” of a workshop whose subject was “Boost some of your WordPress projects using BuddyPress.”
Read more →
Published on June 3rd, 2015 by imath
Hello again! Remember Wednesday when we released 2.3.0 Livio? Well… it was so incredibly outstandingly good, that today we are releasing 2.3.1 to celebrate it.
BuddyPress 2.3.1 fixes two new accidental features that were causing problems in some installations:
- We accidentally relocated the bbPress external for legacy forum installations, so we’ve moved it back to its proper location so everyone that enjoys running 4-year-old versions of bbPress can continue to do so. See #6480.
- We accidentally removed the ability to nest the “Members” directory underneath another page. It turns out this is not an uncommon configuration, so we un-removed it. See #6475.
If you just updated to 2.3.0, we’re sorry Mario, but your princess is in another castle. If you have not updated to 2.3.0 yet, you can now update to 2.3.1 with a suntan and a grin.
We’re also already starting work on BuddyPress 2.4.0, and we want your help with it. Reach out in the forums, IRC, or Slack if you’re interested.
Please welcome BuddyPress 2.3.0 “Livio”!
Here are the new features the BuddyPress team is really excited about in this release.
A New UI for Avatar Creation
This new “mobile-ready” interface includes an “Upload” tab, letting you drag and drop any image you choose to upload as your profile photo. If your laptop has a camera and you are using a browser supporting webcam video stream access, upload a “selfie” using the “Take Photo” tab!
This new interface is available for member avatar management on the front end (member’s Change Profile Photo screen) as well as in the Dashboard (Extended Profile tab in User’s administration screen). The UI is also available on the front end for groups avatar uploads.
The Avatar UI is built on top of our new Attachments API, the long-awaited foundation for media-related BuddyPress components and features.
Read more →