Uncategorized

BuddyPress: BuddyPress 14.5, 12.7, 11.6

BuddyPress 14.5.0, 12.7.0, and 11.6.0 are now available.

These are security and maintenance releases that include two security fixes, along with a number of compatibility improvements, bug fixes, and code modernization updates. We strongly recommend updating your sites as soon as possible.

Highlights

  • Two security issues:
    • Prevent user ID spoofing in the Messages REST API endpoint via improved validation.
    • Restrict Component management to Users with the appropriate Capabilities.
  • Improves compatibility with WordPress 6.9, including support for block style loading optimizations and replacement of deprecated WordPress APIs where appropriate.
  • Includes numerous bug fixes across BuddyPress, including BP Nouveau, Groups, Friends, Activity, Administration, and several PHP 8.x compatibility improvements.

Download

You can update automatically from your WordPress Dashboard, or download BuddyPress 14.5.0 directly:

For the complete list of changes included in this release, see the changelog:

Many thanks to our 14.5.0 contributors 

Thanks to everyone who contributed patches, testing, reviews, bug reports, and responsible security disclosures that helped make this release possible.

Contributors include: emaralive, vapvarun, westonruter, joelkarunungan, nikunj8866, shawfactor, r-a-y, t.schwarz, dcavins, noruzzaman, rollybueno, potcus, pratiklondhe, yatesa01, bhargavbhandari90, amitraj2203, GaryJ., espellcaste, needle, and johnjamesjacoby.

Security issues were responsibly disclosed via the WordPress Bounty Program over at HackerOne and through the WordPress Plugins Team. If you were not properly attributed for your contribution here, leave a comment and we’ll get you added.

Sorry, You're not allowed to submit vote !

Total 0 Votes
0

Tell us how can we improve this post?

+ = Verify Human or Spambot ?

LEAVE A RESPONSE

Your email address will not be published. Required fields are marked *