Published on May 2nd, 2016 by John James Jacoby
bbPress 2.5.9 is out, and is a security release for all previous 2.x versions.
bbPress versions 2.5.8 and earlier are susceptible to a form of cross-site-scripting, due to the way users are linked to their profiles when they are mentioned in topics and replies.
If you’re using any version of bbPress 2.x and have not yet updated, please take a moment to update your bbPress installations to 2.5.9. If you’re using WordPress’s built-in updater, it should only take a click or two. If you need help, please reach out in our support forums and someone will be happy to assist you.
Thank you to Marc-Alexandre Montpas for identifying (and responsibly disclosing) his findings to the WordPress security team. Everyone involved worked diligently to get 2.5.9 out as quickly as possible.
These fixes have also been ported over to bbPress 2.6, which we continue to run here at bbPress.org and BuddyPress.org.
Published on March 30th, 2016 by John James Jacoby
Hi everyone!
The current major version of bbPress (2.5.x) has been going strong for about a year now, without any major blockages, problems, or breakage. If you helped make bbPress as great as it is, please pat yourself on the back… now.
Stephen and I have been steadily improving and readying the next major version (2.6) ever since releasing 2.5.0, and while many huge features and neat little improvements have already landed in the development version, there are 2 features that will likely get bumped to 2.7 so we can call 2.6 done:
- bbPress as Post Comments
- Forums as Taxonomies
These two features are fully architected and planned, but do not have enough progress in code for them to hold up the release of 2.6.
In the coming weeks, look forward to beta’s and RC’s of bbPress 2.6 without the two features mentioned above. For 2.7, we’ll likely focus *only* on those two features and nothing else.
Thanks for being patient, and passionate about bbPress. We love forums, and we love our users and fans! <3
Published on September 9th, 2015 by @mercime
This report presents the results of the 2015 bbPress Survey held from May 28 – July 10, 2014. Two hundred thirteen participants from forty-one countries completed the survey. Thank you all.
Read more →
Published on July 13th, 2015 by Stephen Edgar
bbPress 2.5.8 is out now, and it fixes several issues regarding user query parsing and hardening of ajax actions for logged out users for all previous bbPress 2.x installations. If you’re using any version of bbPress 2.x and have not yet updated, please do so right away. If you need help, please reach out in our support forums and someone will be happy to assist you.
These fixes have also been ported over to 2.6, which we continue to run here at bbPress.org and BuddyPress.org.
Published on May 28th, 2015 by John James Jacoby
bbPress has come a long way since it’s early days. We want it to be the best community and support forum software solution around, and your opinions & feedback are critical to achieving that goal.
Last year, Mercime put together a survey that revealed many of the things you’d like bbPress to be, and this year we are doing it again, with questions poised to help the core team build a better bbPress.
You will find the survey embedded below.
Thank you, again, for sharing your opinions with us. We will post the results in about a month or so!
Published on April 20th, 2015 by John James Jacoby
bbPress 2.5.7 is out now, and it fixes several issues regarding unescaped URL output for all previous bbPress 2.x installations. If you’re using any version of bbPress 2.x and have not yet updated, please do so right away. If you need help, please reach out in our support forums and someone will be happy to assist you.
The bbPress team worked closely with the WordPress core team and several other plugin authors to coordinate the release of 2.5.7 alongside other libraries with similar issues.
These fixes have also been ported over to 2.6, which we continue to run here at bbPress.org and BuddyPress.org.
Published on March 17th, 2015 by John James Jacoby
Because 2.5.5 was so good 2 weeks ago, we are releasing bbPress 2.5.6 tonight. It fixes 1 issue with subscription notification emails that was plaguing a few of our more sophisticated installations.
If you’re using any version of bbPress 2.x and have been hesitating to upgrade, please consider doing so today. If you need help, please reach out in our support forums and someone will help you get updated.
Thanks to netweb, DJPaul, and mordauk for their diligence in patching and prioritizing this issue.
Published on March 6th, 2015 by John James Jacoby
bbPress 2.5.5 is out. It fixes 3 potential security issues for all previous bbPress 2.x installations. If you’re using any version of bbPress 2.x and have been hesitating to upgrade, please consider doing so today. If you need help, please reach out in our support forums and someone will be happy to help.
Thanks go out to J.D. Grimes for identifying and responsibly disclosing his findings. The bbPress team (once again) worked quickly to get 2.5.5 out in just over 24 hours of being notified.
Please accept our apologies (again) for the late-Friday release, and take a quick moment to give your bbPress installations a quick update to 2.5.5.
All of these fixes have been ported over to 2.6, and we’ll be releasing a beta real soon!
Published on June 6th, 2014 by John James Jacoby
bbPress 2.5.4 is out. It fixes 6 bugs, the last of which is a security concern for all previous bbPress 2.x installations. If you’re using any version of bbPress 2.x and have been hesitating to upgrade, please consider doing so today. If you need help, please reach out in our support forums and someone will be happy to help.
The following bugs have been fixed in 2.5.4:
- #2586 – Fix ‘Replies in each forum’ repair tool, to prevent breaking the reply position.
- #2162 – Switch notification emails to send 1 email using Bcc headers VS one for each subscriber.
- #2496 – Support slashes in slug settings, and improve sanitization of these fields.
- #2518 – Improve handling of SSL assets when relying on theme compatibility.
- #2588 – Fix bug when editing a reply that would pollute hierarchical replies in that topic.
- #2610 – Properly handle escaping of displayed user fields and data when editing a user.
Thanks go out to Mazen Gamal Mesbah for identifying and responsibly disclosing the displayed user field vulnerability. I’m proud to say the bbPress team worked quickly to get 2.5.4 out just after the 24 hour mark of being notified, which for a volunteer team is pretty great.
For anyone keeping an eye on the development of 2.6, all of these fixes are already ported over, and we bumped the 2.6 release date back to the end of June to give us time to enjoy the fresh summer air.
Please accept our apologies for the late-Friday release, and do spend some time this weekend giving your bbPress installations some TLC with an update to 2.5.4.
Published on May 22nd, 2014 by @mercime
This report presents the results from the 2014 bbPress Survey held from March 7 – April 11, 2014. One hundred eighty-three participants from thirty-seven countries completed the survey. Thank you all.
Read more →