CeSGO Dashboard 2.1.0

BuddyPress 14.3.4, BuddyPress 12.5.3, and BuddyPress 11.4.4 are all now available. This is a security release. Please update as soon as possible.

14.3.4, 12.5.3 & 11.4.4 fixed two bugs:

• Restrict bulk notification management to owner. Many thanks to Brian Mungah for responsibly reporting the problem.
• Improve security of status update messages. Many thanks to mikemyers for responsibly reporting the issue.

For complete details, visit the 14.3.4 changelog.

You can get the latest version by clicking on the above button, downloading it from the WordPress.org plugin directory or checking it out from our Subversion repository.

Many thanks to our 14.3.4 contributors 

emaralive, jjj, and dcavins.

BuddyPress 14.3.3 is now available. This is a maintenance release.

14.3.3 fixes a mistake made in the build process for 14.3.1 (and 14.3.2 attempted to fix, but didn’t completely fix the issue, so was never released).

14.3.1 fixed two bugs:

• WordPress 6.7 compatibility: WP 6.7 will throw notices for plugins that load their textdomain before ‘init’ (see #9247).
• BP Legacy Theme Pack: Make sure the bp_heartbeat property is included in the WP Heartbeat data object (see #9248).

For complete details, visit the 14.3.1 changelog.

You can get the latest version by clicking on the above button, downloading it from the WordPress.org plugin directory or checking it out from our Subversion repository.

Many thanks to our 14.3.3 contributors 

dreampixel, boonebgorges, emaralive & imath.

BuddyPress 14.3.1 is now available. This is a maintenance release.

14.3.1 fixes two bugs:

• WordPress 6.7 compatibility: WP 6.7 will throw notices for plugins that load their textdomain before ‘init’ (see #9247).
• BP Legacy Theme Pack: Make sure the bp_heartbeat property is included in the WP Heartbeat data object (see #9248).

For complete details, visit the 14.3.1 changelog.

You can get the latest version by clicking on the above button, downloading it from the WordPress.org plugin directory or checking it out from our Subversion repository.

Many thanks to our 14.3.1 contributors 

dreampixel, boonebgorges, emaralive & imath.

BuddyPress 14.2.1 is now available. This is a maintenance & security release. All BuddyPress installations should be updated as soon as possible.

The 14.2.1 release addresses the following security issue:

• The “Take Photo” feature (which uses the logged in user’s Webcam to capture their profile photo) was vulnerable to an authenticated (Subscriber+) directory traversal. Discovered by Domons from the Wordfence organization.

This vulnerability was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.

14.2.1 also fixes 3 bugs introduced in 14.0.0:

• Groups: move the invite_status group meta check out of the groups_join_group() function (see #9241).
• Administration: use the components right labels into the BP site health info panel (see #9237)
• Administration: resolve Multiple Issues with the BP constants site health info panel (see #9245)

For complete details, visit the 14.2.1 changelog.

You can get the latest version by clicking on the above button, downloading it from the WordPress.org plugin directory or checking it out from our Subversion repository.

If for a specific reason you can’t upgrade to 14.2.1, we have also ported the security fix to BuddyPress versions going all the way back to branch 11.0. Here’s the list of the available downloads for the corresponding tags, you can also find these links on our WordPress.org Plugin Directory “Advanced” page:

• If you are using BP 11.x and can’t upgrade to 14.2.1, please upgrade to 11.4.3
• If you are using BP 12.x and can’t upgrade to 14.2.1, please upgrade to 12.5.2

Many thanks to 14.2.1 contributors 

vapvarun, boonebgorges, emaralive & imath.

Immediately available is BuddyPress 14.1.0. This maintenance release fixes 4 bugs. For details on the changes, please read the 14.1.0 release notes.

Update to BuddyPress 14.1.0 today in your WordPress Dashboard, or by downloading from the WordPress.org plugin repository.

Many thanks to 14.1.0 contributors 

thomaslhotta, shailu25, emaralive, espellcaste & imath.