BuddyPress 5.1.2 is now available. This is a security release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.
The 5.1.2 release addresses one security issue:
Certain REST API requests could result in the exposure of private data. Discovered and reported independently by Petter Walbø Johnsgård and Jacek Suski.
The vulnerability was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporters for practicing coordinated disclosure.
BuddyPress 5.1.1 is now available. This is a security release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.
The 5.1.1 release addresses one security issue:
A denied of service was fixed that could allow a logged in user to remove another user’s avatar and also any empty folder. Discovered by nomnom.
Thi vulnerability was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.
Immediately available is BuddyPress 5.1.0. This maintenance release fixes 8 bugs related to the 5.0.0 release, and is a recommended upgrade for all BuddyPress installations.
This plugin’s goal is to make it easier to beta test our pre-releases. You just need to install and activate the plugin to be ready to try our beta and release candidate versions once we’ve announced them on this blog. Beta testing BuddyPress is very important to make sure it behaves the right way for you and for the community. Although we, the BuddyPress Development Team, are regularly testing it, it’s very challenging to test every possible configuration of WordPress and BuddyPress. That’s why we absolutely need your help during these pre-release stages.
Making this plugin available was one of the means we thought about during our post 5.0.0 release development meeting to have more BuddyPress contributors. Beta testing is actually a good way to start contributing, to anticipate and fix potential issues before you have the bad surprise to meet them once you’re upgrading to a new stable version of the plugin.
NB: to beta test BuddyPress, we strongly advise you to have a local copy of your live site or a staging site : it’s always safer than doing it on a production site.
During our next pre-release stages, when you will find something is going wrong during your beta tests, please think of warning us about it submitting a ticket on our Development Tracker or posting a new topic in our support forums.
First, we’d like to thank all the people who contributed to the poll we shared on our development updates blog and into a topic of one of our forums a month ago. It was really important for us to have your expectations about the content the plugin should provide to the WordPress Block Editor.
It’s now time for us to share with you the results of this poll and tell you how we plan to work on BuddyPress blocks for the next release(s) of your favorite community engine!
We will soon publish a maintenance release (5.1.0) to fix some issues that arose since BuddyPress 5.0.0 “Le Gusto”. A detailed changelog will be part of our official release notes, but, until then, you can check out this report on Trac for the full list of fixes.
Today we’re publishing a very specific beta release for version 5.1.0 as it has two goals:
Let you make sure the fixes have no side effects on your community site’s configuration.
Test in real conditions the plugin we’ve been working on and which should greatly simplify the way you betatest BuddyPress.
Meet BP Beta Tester
Once installed it will help you to upgrade your website to the latest Beta or Release candidate. You will also be able to downgrade to the latest stable release once you finished your Beta tests.
Once activated, go to the home page of your Dashboard (Network Dashboard if your are using WordPress Multisite) to find the BP Beta Tester sub menu of the Dashboard menu. From this page, you’ll be able to install the 5.1.0-beta1 release clicking on the tab “Upgrade to 5.1.0-beta1”.
You can always downgrade to the latest stable version of BuddyPress using the corresponding tab of the page’s header.
The development version of this plugin is hosted on GitHub: you can contribute to it pulling requests or reporting issues. We plan to submit this plugin on the WordPress.org Plugins directory so that it’s easier to install.
We are very excited to announce the BuddyPress community the immediate availability of BuddyPress 5.0.0 code-named “Le Gusto“. You can get it clicking on the above button, downloading it from our WordPress.org plugin repository or checking it out from our subversion repository.
NB: if you’re upgrading from a previous version of BuddyPress, please make sure to back-up your WordPress database and files before proceeding.
You can view all the changes we made in 5.0.0 thanks to our full release note. Below are the key features we want to get your attention on.
The BP REST API opens a new era for BuddyPress!
You can now enjoy REST API endpoints for members, groups, activities, private messages, screen notifications and extended profiles.
BuddyPress endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, paving the way for new and innovative methods of interacting with your community through plugins, themes, apps, and beyond.
The BP REST API opens great new opportunities to improve the way you play with the BuddyPress component features: we couldn’t resist to start building on top of it introducing…
A new interface for managing group members.
Group administrators will love our new interface for managing group membership. Whether you’re working as a group admin on the front-end Manage tab, or as the site admin on the Dashboard, the new REST API-based tools are faster, easier to use, and more consistent.
The BP REST API is fully documented
The development team worked hard on the features but also took the time to write the documentation about how to use it and how to extend it. BuddyPress developers, let’s start building great stuff for our end users: take a look at the BP REST API developer reference.
Improved Group invites and membership requests
Thanks to the new BP Invitations API, Group invites and membership requests are now managed in a more consistent way. The BP Invitations API abstracts how these two actions are handled and allows developers to use them for any object on your site (e.g., Sites of a WordPress network).
Knowing your WordPress and BuddyPress configuration is very important when one of our beloved support volunteers tries to help you fix an issue. That’s why we added a BuddyPress section to the Site Health Info Administration screen.
The panel is displayed at the bottom of the screen. It includes the BuddyPress version, active components, active template pack, and a list of other component-specific settings information.
Improved integrations with WordPress
BP Nouveau Template Pack
In BuddyPress 5.0.0, the BP Nouveau template pack looks better than ever with the Twenty Nineteen theme.
Nouveau now uses the same password control as the one used in WordPress Core, for better consistency between BuddyPress and WordPress spaces.
BuddyPress Blocks now have their own category into the Block Editor.
Developers building tools for the Block Editor can now add their blocks to the BuddyPress category. This change provides a foundation for organizing custom BuddyPress blocks.
Screen capture of the comment Matt made about BuddyPress 4.0.0
PS: we know, just like Matt, you’re eager to enjoy high quality community blocks: now we have the BP REST API and this new Blocks category available in BuddyPress Core, get ready to be amazed for our next release. Fasten your seatbelts: BuddyPress blocks are arriving!
BuddyPress Le Gusto
5.0.0 is code-named “Le Gusto” after the well known Pizza restaurant in Fortaleza, Brazil. It’s the perfect place to meet with friends and start tasting new flavors like @espellcaste’s favorite one: the “Pizza de Camarão”.
Receiving your feedback and suggestions for future versions of BuddyPress genuinely motivates and encourages our contributors. Please share your feedback about this version of BuddyPress in the comments area of this post. And of course, if you’ve found a bug: please tell us about it into our Support forums.
Since the first release candidate, we’ve improved the way BP REST API Controllers are loaded inside BuddyPress component classes.
This is an important milestone as we progress toward the BuddyPress 5.0.0 final release date. “Release Candidate” means that we think the new version is ready for release, but with more than 200,000 active installs, hundreds of BuddyPress plugins and Thousands of WordPress themes, it’s possible something was missed. BuddPress 5.0.0 is scheduled to be released on Monday, September 30, but we need your help to get there—if you haven’t tried 5.0.0 yet, now is the time!
This is a guest post by Tanner Moushey, Founder and Lead Engineer of StudyChurch. He is a BP REST API early adopter and we thought his achievments implementing Headless BuddyPress was a great source of inspirations for the BuddyPress community. Many thanks to him for taking the time to share with us about this case study.
StudyChurch is an ambitious startup seeking to make a mark in the church product marketplace. With a unique approach to online interaction, StudyChurch combines elements of engagement and learning in a way that is both simple and intuitive for the end user.
Background
I began working on StudyChurch as a side project in 2015. It started as a proof of concept and an excuse to dive deeply into BuddyPress. I wanted to leverage the group and activity components that BuddyPress provides and combine that with a custom study module that I created with a custom post type, BackboneJS, and the WordPress REST API. Answers to study questions were stored in WordPress Comments and synced to a custom BuddyPress activity type which was then used to create the discussion interface. Each question had an activity component under it to show off the other group answers and corresponding discussions.
I finished the first draft of the project after several months and before too long I had groups signing up to use the system. I continued to make minor modifications over the next few years but kept running into complaints about speed and the user interface.
When I was approached in 2018 by a publisher that wanted to use StudyChurch on a larger scale it sounded like a great opportunity to rebuild.
Implementing Headless BuddyPress
One of the big changes that I wanted to make in the rebuild was to switch to a JavaScript front end. I wanted something that was going to allow us to make numerous asynchronous data requests without using Ajax, which can be slow and difficult to maintain over a large project. I decided on VueJS and started building out the API to handle the data that was previously controlled by the BuddyPress templates.
Building a custom API with the BuddyPress REST API
I’d done quite a bit of work extending the WordPress REST API on previous projects and was excited to discover the BuddyPress REST API that extended it. This took care of a lot of the structure and allowed me to focus my time on building out our custom modules and functionality. Anytime I ran into something that needed to be more flexible, I’d submit a patch to the BuddyPress REST API repository and would get a prompt resolution.
Now that we are able to post and retrieve data through the API, the user interactive elements on the site are noticeably faster and the overall load on the server is much less. Not only that, but we are ready for a native app once we get to that point.
Creating a VueJS front end
Building a completely JavaScript front end for BuddyPress was fun challenge. I underestimated how many different components I’d need to build out since I wasn’t able to rely on the BuddyPress default templates, but the end result was well worth the effort.With VueJS we were able to leverage a lot of prebuilt UI packages (like Element) to do a lot of the heavy lifting for us. Since we were no longer tied to the BuddyPress template engine, we were able to get creative with how we displayed information and handled user interactions. The end result was a clean, fast, and user friendly interface that was simple and straightforward to use.
I made a few modifications to allow WordPress and BuddyPress recognize our front end app and use it for BuddyPress components. I solved this with a pretty simple hook into the template include filter and included our template instead of the default. A few custom rewrite rules handled any non-BuddyPress url structures I needed to support and I soon had a fully functional and detached front end.
Conclusion
StudyChurch is now a powerful, robust social network ready for scale. We are still working on improving the system and adding new features which are now easier and faster to implement with the new structure.
We’ve received some great feedback from users who find the app fast and intuitive. We are hoping to build out a native app in the near future.
I’m so thankful for the work done by all of the volunteers who’ve put so much time into WordPress, BuddyPress, and now the BuddyPress REST API. I think there are going to be many more projects like StudyChurch in the near future that will leverage these great tools to build amazing and helpful solutions.
Feel free to reach out if you have any questions or comments on what we’ve done with StudyChurch. Also, you are welcome to browse our code base on GitHub.
You can read more about StudyChurch and other projects we work on at iwitnessdesign.com.
We’re very excited to officially announce the launch of a new development resources site on the BuddyPress.org network.
Today we are inaugurating developer.buddypress.org with a complete handbook documenting the BP REST API. This API will be introduced into our next major version which is scheduled on September 30, 2019. We thought you’d be interested to have a tool to help you discover the BuddyPress REST endpoints and their parameters to start playing with them (You’ll need BuddyPress 5.0.0-RC1 to have even more fun with it!).
Using the BP REST API Handbook
The main part of the handbook is the « Developer Endpoint Reference ». We grouped these endpoints according to the component they belongs to.
Each page of the reference is firstly introducing the component and describing the data schema of items contained into the REST responses. Then for each verb (or method), you’ll find the available arguments, their definition and an example of use with the bp.apiRequest() JavaScript function. Below is a screenshot of the method to get a specific Activity.
The future of this development resources hub
You can have a good idea of what’s coming next into this developer oriented site looking at its current landing page. We will first work on building the full PHP Code Reference for BuddyPress: functions, classes and hooks.
Then, we haven’t planned anything yet ☺ and we’re very opened to ideas and of course contributions about the « how » step and the « do » one.
About the editing workflow
Unlike the BuddyPress Codex, it’s not possible for everyone to directly edit the content of the BP REST API Handbook or the future PHP Code Reference.
But you can always report issues or suggest improvements using our Bug Tracker making sure to select the « BuddyPress.org sites » option of the components dropdown of your ticket.
Props
The first version of the development resources hub was built thanks to the involvement of these contributors:
