BuddyPress 2.8.2 is now available. This is a security release. We strongly encourage all BuddyPress sites to upgrade as soon as possible.
BuddyPress 2.8.1 and earlier versions were affected by the following three security issues:
- Cross-site request forgery (CSRF) in the XProfile administration Dashboard panel.
- Cross-site request forgery (CSRF) in a number of user-facing AJAX endpoints.
- Cross-site request forgery (CSRF) when dismissing a pending email change.
These vulnerabilities were reported privately by Ronnie Skansing. Our thanks to Ronnie for reporting security issues in accordance with WordPress’s security policies.
BuddyPress 2.8.1 is now available. This maintenance release fixes four bugs, including two regressions in BuddyPress 2.8.0. See the Trac milestone or the official changelog for more details.
Version 2.8.1 is a recommended update for all BP installations. Update via the WordPress Dashboard, or download manually from wordpress.org.
BuddyPress 2.8.0 “San Matteo” is now available for download from the WordPress.org plugin repository, or right from your WordPress Dashboard. “San Matteo” focuses on various improvement for developers, site builders and site managers.
For Developers & Site Builders
Modernizing the Codebase
To continue the migration of legacy code to modern standards and techniques necessary for the BP REST API project and other new features moving forward, BuddyPress 2.8 requires at least PHP 5.3. This will allow us to build better, robust, and secure code, benefiting developers and users now and in the future.
More helpful “Activate Pending Accounts” screen
When you click on the username on the “Users > Manage Signups” page, you can now view profile data entered by the user at the time of registration.
Support for List-Unsubscribe header in emails
Allow users to unsubscribe from BuddyPress email notifications in some email clients such as Gmail (web), when properly configured.
Twenty Seventeen Companion Style sheet
BuddyPress looks great in WordPress’s latest default theme with the new Twenty Seventeen companion style sheet.
To change the default two-column page layout to a full-width layout as seen in the image, add the following code to the functions.php file of your Twenty Seventeen child theme.
More hooks for Messages
We’ve added new filters and actions for different methods throughout the Messages component.
A more flexible Group search
The new search_column parameter allows developers to specify which columns should be matched, as well as where wildcard characters should be placed, when searching via BP_Groups_Group::get().
Alphabetical sorting for Groups widget
The groups widget can now be sorted alphabetically, in addition to sorting the results by recently active, popular, and newest groups.
Enable choice of PHPMailer
Developers can specify which PHPMailer should be used when sending BuddyPress with a new filter.
Localization Improvements
We continue to improve our localization internals, making it easier for translation editors to ensure that BuddyPress will be available for everyone in their own language.
Developer Reference
Regular updates to inline code documentation make it easier for developers to understand how BuddyPress works.
Accessibility Upgrades
Continued improvements for universal access help make BuddyPress back- and front-end screens usable for everyone (and on more devices).
…and much more!
Read about all the bug fixes and feature enhancements introduced in BuddyPress 2.8.0 at our official 2.8.0 changelog.
Thank You to Our Contributors
Many, many thanks to all those who contributed during this development cycle. This is a volunteer-run project, and these contributors freely gave of their time and expertise to make BuddyPress better than ever:
Andrea Tarantini (dontdream), Ankit K Gupta (ankit-k-gupta), angeljs, Boone B Gorges (boonebgorges), Brandon Allen (thebrandonallen), Bunty (bhargavbhandari90),chetansatasiya (ketuchetan), Chirag Patel (chiragpatel), danbp, David Cavins (dcavins), Dennis (wpdennis), Diana K. Cury (Dianakc), finzend, Hugo (hnla),J.D. Grimes (jdgrimes), John James Jacoby (johnjamesjacoby), Jonas Lundman (jonas-lundman), jonieske, jreeve, lakrisgubben, Laurens Offereins (Offereins), lgreenwoo,maccast, Mathieu Viet (imath), mchansy, mercime, Michael Beckwith (tw2113), modemlooper, Mustafa Uysal (m_uysl), Nick Momrik (nickmomrik), Paul Gibbs (DJPaul),paresh.radadiya (pareshradadiya), Petya Raykovska, r-a-y, rekmla, Renato Alves (espellcaste), Roger Coathup (rogercoathup), Salvatore (DarkWolf),Sanket Parmar (sanket.parmar), Slava Abakumov (slaffik), Stagger Lee (stagger-lee), Stephen Edgar (netweb), Sven Wagener (mahype), wordpressrene.
PanuozzoPress
BuddyPress 2.8 is called “San Matteo” after a great pizza restaurant in New York City. San Matteo specializes in the “panuozzo”, a pizza-sandwich hybrid native to Salerno, Italy. The proprietor of San Matteo is a friendly fellow who insists on speaking Italian even to customers who don’t understand a word of it. If you find yourself in the neighborhood, be sure to stop by for a great pizza.
Time to Go Get 2.8.0!
Grab BuddyPress 2.8.0 “San Matteo” from the wordpress.org plugin repository, or right from your WordPress Dashboard.
Questions, comments, feature requests, or bug reports? Please use our support forums or our development tracker.
BuddyPress 2.8.0 Release Candidate 1 is now available for testing. Please download the 2.8.0-RC1 zip or get a copy via our Subversion repository.
This is our last chance to find any bugs that slipped through the beta process. So please test with your themes and plugins. We plan to release BuddyPress 2.8.0 next Wednesday, February 15.
A detailed changelog will be part of our official release notes, but you can get a quick overview by reading the post about the 2.8.0 Beta 1 release.
Release Candidate means we are in string freeze, so translators should feel confident in finishing their BuddyPress translations in GlotPress.
Let us know of any issues you find in the support forums and/or on our development tracker.
Thanks in advance for giving the release candidate a test drive!
BuddyPress 2.8.0 Beta 1 is packed with new features and enhancements and is now available for testing. You can download the BP 2.8.0-beta1 zip or get a copy via our Subversion repository. We’d love to have your feedback and testing help.
BuddyPress 2.8.0 requires PHP 5.3+, and will not be activated on a server with a lower version of PHP. We also remind you that BuddyPress 2.8.0 will require at least WordPress 4.3.
A detailed changelog will be part of our official release notes, but, until then, here’s a list of some of our favorite changes. (Check out this report on Trac for the full list.)
- BP Email: Allow end user to specify which PHPMailer should be used #7286
- Companion Stylesheet – Twentyseventeen #7338
- Minimum PHP version is 5.3 #7325, #7299
- Support List-Unsubscribe header in emails #7390
- Make group search more flexible #7418 and other groups improvements, like #7419, #7399, #7388, #7386, #7375
- Lots of new filters in various parts of the code, like #6667, #5193
- Lots of inline documentation tweaks and other fixes and improvements
BP 2.8.0 is almost ready, but please do not run it in a production environment just yet. Let us know of any issues you find in the support forums and/or development tracker.
Thanks everyone for all your help to date. We are excited to release BuddyPress 2.8.0 in February!
BuddyPress 2.7.4 is now available, and is a security release & recommended upgrade for all BuddyPress installations. We’ve also ported the code changes in 2.7.4 to all branches back 2.0, and are pushing updates out for all installations where we are able to do so.
These releases include a fix to the BuddyPress core attachments API that could allow arbitrary file deletion on certain installation configurations.
This bug was responsibly disclosed to the WordPress security team (and the BuddyPress team) through the WordPress HackerOne Bounty Program by Sam Pizzey (mopman).
Both Boone & Paul worked together to fix this for all versions of BuddyPress that are currently in active use, and Stephen & Dion helped package and push these releases out.
Please update to these latest versions of BuddyPress today in your WordPress Dashboard, or by downloading from the wordpress.org plugin repository.
Questions or comments? Check out the 2.7.4 changelog, or stop by our support forums or Trac.
BuddyPress 2.7.3 is now available. This is a maintenance release and a recommended upgrade for all BuddyPress installations.
BP 2.7.3 fixes bugs in several components. For more information, see the 2.7.3 milestone on BuddyPress Trac.
Update to BuddyPress 2.7.3 today in your WordPress Dashboard, or by downloading from the wordpress.org plugin repository.
Questions or comments? Check out the 2.7.3 changelog, or stop by our support forums or Trac.
BuddyPress 2.7.2 is now available. This is a maintenance release and a recommended upgrade for all BuddyPress installations.
BP 2.7.2 fixes a bug which ignored deprecated code being used in existing installations. For more information, see the 2.7.2 milestone on BuddyPress Trac.
Update to BuddyPress 2.7.2 today in your WordPress Dashboard, or by downloading from the wordpress.org plugin repository.
Questions or comments? Check out 2.7.2 changelog, or stop by our support forums or Trac.
BuddyPress 2.7.1 is now available. This is a maintenance release and a recommended upgrade for all BuddyPress installations.
BP 2.7.1 fixes bugs in several components. For more information, see the 2.7.1 milestone on BuddyPress Trac.
Update to BuddyPress 2.7.1 today in your WordPress Dashboard, or by downloading from the wordpress.org plugin repository.
Questions or comments? Check out 2.7.1 changelog, or stop by our support forums or Trac.
Earlier this year, Project leads @johnjamesjacoby, @boonebgorges, and @djpaul presented a number of strategic priorities which included defining the primary intended audience for BuddyPress: Site Builders and WordPress Developers, an explicit recognition of what BuddyPress has become, and how people use it.
Help us start the year right in 2017. Your feedback is important to help us improve BuddyPress by ensuring that we’re still building what you want to use and help us determine if any course corrections are necessary.
This survey will run from November 1 – 30 December 15, 2016. It has 36 questions and could take around 15 – 20 minutes to complete.
Thank you for your participation !
=> Take the 2016 BuddyPress Survey now.
