BuddyPress.org

BuddyPress 7.3.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.

The 7.3.0 release addresses four security issues:

• A vulnerability was fixed that could allow a member to create a group on behalf of another member via a REST API endpoint.
• A vulnerability was fixed that could allow members to favorite any private/hidden activities they shouldn’t access to via a REST API endpoint.
• A vulnerability was fixed that could allow the creator of a group to still be able to update or delete it after being demoted as a regular member of it via a REST API endpoint.
• A vulnerability was fixed that could allow group’s banned members to remove themselves from the group and still be able to join it or request a membership to it via a REST API endpoint.

These vulnerabilities were reported privately to the BuddyPress team by Kien Hoang, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.

Version 7.3.0 also fixes a bug about our WP CLI Scaffold command.

For complete details, visit the 7.3.0 changelog.

Update to BuddyPress 7.3.0 today in your WordPress Dashboard, or by downloading from the WordPress.org plugin repository.

BuddyPress 7.2.1 is now available. This is a security release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.

The 7.2.1 release addresses 5 security issues which were reported privately to the BuddyPress team by Kien Hoang, in accordance with WordPress’s security policies:

• A vulnerability was fixed that could allow a privilege escalation from a regular user to Administrator, using the BuddyPress REST API buddypress/v1/members/me endpoint.
• A vulnerability was fixed that could allow a member to force a friendship on behalf of another member, using the BuddyPress REST API buddypress/v1/friends endpoint.
• A vulnerability was fixed that could allow a member to read private messages in a thread they were not invited to, using the BuddyPress REST API buddypress/v1/messages endpoint.
• A vulnerability was fixed that could allow a member to invite another member to join a group without being friends when that group restricted invites to friends only, using BuddyPress Nouveau and the BuddyPress REST API buddypress/v1/groups/invites endpoint.
• A vulnerability was fixed that could allow a user that has just been demoted from an Administrator role to a Subscriber to add/edit/delete BuddyPress Member Types from the Administration screens introduced in the 7.0.0 release.

The BuddyPress Team also conducted a comprehensive security audit on all BuddyPress REST API endpoints, which led to:

• Improving all permission methods to use a WP_Error object as the default return value.
• Fixing unintended behavior allowing any member to edit their own Member Type.
• Fixing unintended behavior that allowed any logged in member to list the members of a private group.

For an even deeper dive, visit the 7.2.1 changelog.

Our deepest gratitude goes out to Kien for practicing coordinated disclosure and being extremely patient while we worked through these issues.

Update to BuddyPress 7.2.1 today in your WordPress Dashboard, or by downloading from the WordPress.org plugin repository.

Immediately available is BuddyPress 7.2.0. This maintenance release fixes six bugs mainly related to issues when the BP Nouveau Template Pack is used with the Twenty Twenty-One WordPress theme. For details on the changes, please read the 7.2.0 release notes.

Update to BuddyPress 7.2.0 today in your WordPress Dashboard, or by downloading from the WordPress.org plugin repository.

Many thanks to 7.2.0 contributors 

iamthewebb, vapvarun & imath

Hello dear members of the BuddyPress community,

For this last day of 2020, we are inaugurating our very first End of Year wrap-up post. We believe it’s a good way to congratulate ourselves (the whole BuddyPress community) about the free & priceless hard work we’ve all put together into our open source project.

There are many ways we are getting involved into BuddyPress and we all know the best way to maintain BuddyPress in the long term is to give some of our spare time to carry on bringing that little piece to the project. Every contribution makes a difference.

Let’s thank us all, the users, the support forum moderators, the documentation writers, the translators, the theme designers, the plugin developers & the BuddyPress Core committers team. We have built great community features all along the 2020 year.

👏

Here are our results:

2020 releases

• 9 releases (3 more than in 2019)
• 2 major releases (1 more than in 2019)
• 7 minor releases (2 more than in 2019)

2020 Tickets

• We’ve fixed 186 tickets, it’s 62% more than in 2019.
• The 6.0.0 release (May 2020) was the one which fixed the most tickets for 2 years (89).
• Comparing to 2019, we’ve increased the fixed tickets per release average from 14 to 23.

2020 Code contributors

• 7.0.0 gathered the highest number of contributors for 2 years. We were 55 involved into the making of this release. It’s almost twice the number of contributors the 5.0.0 release got in 2019.
• For each release we are an average of 14 contributors per release. In 2019 we were 9 contributors. Contributions to the BuddyPress project grew by 40% in 2020.

2020 Downloads

• Most important spike for 2 years happened in 2020 for the 7.0.0 releases: 34.236 downloads on December 11.
• BuddyPress was downloaded more than 1.257.556 times in 2020 (the year is not finished yet 😌).
• The growth ratio is 23% compared to 2019.

Here are our achievements:

Acknowledging Polyglots contributions

Making BuddyPress available in as many languages as possible is very important to ensure the best user experience of the plugin features. We are always trying to improve how we credits translators and ease their tasks. During the 6.0.0 release, we’ve reviewed all the strings needing translators comments to explain the meaning of the placeholders we use (e.g.: %s, %d, %1$s, etc.).

We’ve also decided to include, from now on, into major release credits the translation contributor names that have given their times to make sure the development (Trunk) translation is 100% ready once our major releases final string freeze step is over. This work is strategic to BuddyPress users as they will be able to get the new strings translation as soon as they upgrade or install the plugin.

Easing & welcoming code contributions

At the end of 2019, we’ve made available a new plugin to ease beta-testing, this year we’ve added the @wordpress/env package to our development version (Trunk) and wrote a tutorial about how you can easily set up a development environment to play with BuddyPress code thanks to it. We believe it’s an important step towards making contributing to BuddyPress easier and we hope it will increase the number of people getting involved into BuddyPress source code improvements.

Before starting the 7.0.0 development cycle and just like the WordPress Core team does before each major milestone, we’ve published our first “Call for tickets”. We’ll do it before each major release so that you can share with the BuddyPress Core committers the tickets you think should be fixed for the next development cycle. The priorities of the BuddyPress community matter, we encourage you to use this call for tickets to make your voice heard.

Informing BuddyPress Theme & Plugin authors about important changes

During the 6.0.0 development cycle we (re)started to take the time to write developer notes as soon as possible. We also organized these notes into categories according to the version number of the release being built.

• To prepare 6.0.0, we’ve published 4 notes,
• To prepare 7.0.0, we’ve published 9 notes.

Our goals doing so is to limit the risk of “breaking” your active theme or plugins keeping their authors aware of changes they should check before a major release is published. It can also help developers to start working early on extending BuddyPress new features. Please do read these notes and share them with your networks to increase their audience and contribute to cover this risk.

Checking how you use BuddyPress and what are your needs:

BuddyPress surveys are back! BuddyPress is about users: we are very happy we could organize the 2020 survey to get you inputs about your BuddyPress usage and about the specific directions for the plugin we are thinking of for its future.

Introducing new community features to the BuddyPress plugin:

• The BP REST API welcomed 6 new endpoints to help you build great interactions from your applications about: Blogs, Blog avatar, Friends, Group Cover Image, Member Cover Image, and User Signups.
• 5 BuddyPress blocks have landed into the BuddyPress blocks category of your WordPress Block Editor.
• New Administration screens to manage BuddyPress Types (Member & Group ones) are now available within your WordPress Dashboard.
• Just like Members & Groups, the Blogs component can now enjoy a new default avatar for Sites.
• A great 2.0 version of BP WP CLI to help you manage your BuddyPress site right from the command lines.
• And many fixes and improvements about the existing features (See 6.0.0 & 7.0.0 release notes)

Starting side projects:

• A new design for the BuddyPress.org network
• Block based Activity Post Form.
• Migrating the Developer Updates blog from WordPress.com to BuddyPress.org (See #5525).

If one of these projects is interesting you, don’t hesitate to contribute to it.

2021 Goals

Based on the discussions the Core Team had during our development meetings (every other Wednesday at 19:00 UTC in #BuddyPress), here’s a list of directions we mostly agree on about:

• A fantastic standalone BuddyPress theme.
• BuddyPress code reference.
• A BuddyPress Attachments component.
• Improve ways to get help about & for BuddyPress.

Let’s try to make them concrete in 2021!

Thanks for reading this post and for your involvement in contributing to BuddyPress in 2020. Let’s wish us all a great new year’s eve 🎉. Bye 2020 and Happy 2021, full of great contributions, to the BuddyPress community.

Immediately available is BuddyPress 7.1.0. This maintenance release fixes two bugs related to issues introduced in the 7.0.0 release.

• It makes sure the BP Blogs tools to repare Site icons / Site profile photos synchronization is only available to WordPress multisite configs,
• It fixes the unavailability of the Groups Admin screen for site networks using the BuddyPress multiblog mode.

For details on the changes, please read the 7.1.0 release notes.

Update to BuddyPress 7.1.0 today in your WordPress Dashboard, or by downloading from the WordPress.org plugin repository.

Many thanks to 7.1.0 contributors 

shawfactor, slaFFik & imath

We use to feature BuddyPress usage case studies. These are great ways to share with you how BuddyPress can help you achieve your community site projects reading how other buddies did it. The case study you are about to read now is a bit different. It’s about the steps the lovely BuddyX BuddyPress theme had to take to be widely and freely available from the official WordPress.org theme directory. I’m very happy Varun Dubey took the time to write this guest post to share his experience with all of us. My secret hope is that it will inspire as many BuddyPress Theme authors as possible to do the same 😇.

Varun Dubey is a full-stack WordPress & BuddyPress developer. He’s the co-founder of Wbcom Designs, a WordPress themes and plugins development agency in India. He’s also a regular BuddyPress contributor, we often talk with him about the BuddyPress project during our development meetings (every other Wednesday at 19:00 UTC on Slack), he contributes to our development tasks (testing, reporting issues, patching, documenting, etc..) and he still manage to find time to help you regularly replying to your support topics (661 replies so far!). So, once again, many thanks to him for getting involved with BuddyPress 😍.

So let’s learn more from his experience, here’s what he wanted to share with you about it!

Read more →

This major release introduces new administration screens to manage your Member & Group Types 🙌

We are very excited to announce the immediate availability of BuddyPress 7.0.0 code-named “Filippi“. You can get it clicking on the above button, downloading it from the WordPress.org plugin directory or checking it out from our Subversion repository.

👉 If you’re upgrading from a previous version of BuddyPress, it’s always a good idea to back-up your WordPress database and files ahead of time.

You can review all of the changes in this 7.0.0 release in the release notes. Below are a few of the key features we believe you are going to love!

You can now manage your Member Types and/or Group Types right from your WordPress Dashboard

Playing with BP Types just became much easier! The Member Types and Group Types were primarily introduced in BuddyPress as features for advanced users, just like the WordPress Custom Post Type feature. Thanks to the two new WordPress Administration Screens, adding, editing and deleting Member & Group Types has never been so easy! Now you can set up BP Types using custom code or by simply using the Administration interfaces.

Let’s watch a demo about how it looks like for Member Types!

3 new BP Blocks for your WP Posts & Pages

3 new BP Blocks are now available via your WordPress Editor. From the BuddyPress blocks category of the WordPress Block Inserter, you can pick a BP Block to feature a list of members, a list of groups or embed a public BuddyPress Activity into your post or page. Read more about it in this development note.

Here’s a quick video showing you how to insert a list of Members profile images into your home page.

A default profile image for the sites of your network

The Site Tracking component now has a default profile image it can use to make your Sites loop prettier if some of them have not customized their WordPress Site Icon. Multisite WordPress configurations will be able to find it when displaying the Sites directory. Read more about it in the development note.

BP Nouveau is ready for Twenty Twenty-One 🎨

You love the latest default WordPress Theme, so do we! It’s important for us to make sure the BP Nouveau template pack looks great in the default themes included in the WordPress package. This is the first of the many improvements we are bringing to our default Template Pack.

BP REST API improvements

The Developer documentation has been updated according to the latest improvements we’ve brought to the BuddyPress REST API.

To name two: get the groups the logged in user is a member of, and create a blog when BuddyPress is activated on a network of WordPress sites. Read this development note to learn about all the others.

Improved support for WP CLI

WP-CLI is the command-line interface for WordPress. You can update plugins, configure multisite installs, and much more, all without using a web browser. In 7.0.0, you will be able to use new BuddyPress CLI commands to manage BuddyPress Group Meta, BuddyPress Activity Meta, activate or deactivate the BuddyPress signup feature and create BuddyPress-specific testing code for plugins.

Discover more about it from this developer note.

Under the hood

7.0.0 includes more than 70 changes such as image lazy loading support, multiple Member Type assignment, a Docker ready development environment to improve your BuddyPress experience as users, and as contributors to our project.

Many thanks to the 55 contributors who helped us build & translate BuddyPress 7.0.0

Adil Oztaser (oztaser), Boone B Gorges (boonebgorges), Brajesh Singh (sbrajesh), corsky, Dan Caragea (dancaragea), David Cavins (dcavins), devnik,Dilip Bheda, Dion Hulse (dd32), dragoeco,Erik Betshammar (kebbet), etatus, Didier Saintes (ExoGeek), 诗语 (f2010525),George Mamadashvili, Giuseppe (mociofiletto), Hareesh,iamthewebb, Javier Esteban (nobnob), Jb Audras (audrasjb), John James Jacoby (johnjamesjacoby), Joost Abrahams (joost-abrahams), k3690, Knut Sparhell (knutsp), Laxman Prajapati, Lidia Pellizzaro (lidialab), marbaque, Marcel Claus (geckse), marioshtika,Mark Robson (markscottrobson), Mathieu Viet (imath), mercime,  Meet Makadia, Michael Beckwith, Morteza Geransayeh (man4toman), morenolq, N33D, oddev56, Paul Gibbs (DJPaul), Petter Walbø Johnsgård (walbo), Peter Smits (psmits1567), Pooja N Muchandikar (pooja1210), Raruto, r-a-y, Renato Alves (espellcaste), scipi, Scott Bolinger (scottopolis), shanebp, shawfactor, sjregan, Stephen Edgar (netweb), tharsheblows, Tor-Bjorn Fjellner (tobifjellner), Varun Dubey (vapvarun) & wp24.cz (podporawebu).

BuddyPress Filippi

7.0.0 is code-named “Filippi” after Filippi’s Pizza Grotto in lovely San Diego, California, USA. The “Grotto” is in the back room of an Italian grocery and butcher shop in Little Italy. Tall pizza lovers will have to watch out for the Chianti bottles hanging from the ceiling, but the red-and-white-checked-tablecloth atmosphere and piled-high pizza is worth it!

Feedback is always welcome 😍

Receiving your feedback & suggestions for future versions of BuddyPress genuinely motivates and encourages our contributors. Please share your feedback about this version of BuddyPress in the comments area of this post. And of course, if you’ve found a bug: please tell us about it into our Support forums.

The BuddyPress 2020 survey was published the same day we released BuddyPress 6.0.0 “iovine’s” (May 13, 2020). Now that we are about to release our next major release (7.0.0 will be delivered in the coming days), it is time to share with you the survey results.

First, many thanks to all the respondents who participated to this survey 😍. Doing so you contributed to give the BuddyPress Core Team informations about how the plugin is used, could be used and how its usage is evolving. Some of the questions we asked are directions we’re considering for the plugin (eg: Q9, Q10, Q17), so your inputs are very important to us.

As no questions were required, it’s difficult to be 100% accurate about how many people took the survey. So we were at least (we also took the survey 😉) 483 from all over the world as it’s the highest number a question was replied to.

Most of the questions were leaving participants the choice to select more than one reply, this is why if you sum up the percentage results you’ll often find more than 100% 😁.

When we had data about a previous survey we made in 2018, we compared the 2020 results with them and calculated the differences between both years percentages. We thought it could be interesting to see how some results are evolving.

Read more →

Hello,

The second release candidate for BuddyPress 7.0.0 is now ready for an ultimate round of testing 🙂

What happened Since the first release candidate?

We’ve been working on getting the BP Nouveau Template Pack looks great into the next WordPress default theme “Twenty Twenty-One“. We believe BP Nouveau is now ready to enjoy this awesome theme whether you use its regular or dark mode.

BuddPress 7.0.0 is still slated for release on Wednesday, December 9, and if you haven’t tried 7.0.0 yet, it’s probably your last chance to do so!

Let’s test BuddyPress 7.0.0-RC2 with WordPress 5.6-RC3 to be sure both will be great as soon as they will be released! It’s also important to do so if you want to help us check BP Nouveau’s integration with Twenty Twenty-One is as nice as we think 😉

You can test the 7.0.0-RC2 pre-release in 4 ways :

• Try the BP Beta Tester plugin.
• Download the release candidate here (zip file).
• Check out our SVN repository: svn co https://buddypress.svn.wordpress.org/trunk/
• Clone our read-only Git repository: git clone git://buddypress.git.wordpress.org/

A detailed changelog will be part of our official release note, but you can get a quick overview by reading the post about the 7.0.0 Beta1 release.

Polyglots contributors, let’s target 100% of translated strings.

Since previous release candidate we’ve reached the string freeze point of the 7.0.0 release schedule, so this one (RC2) does not introduce new strings to translate. Let’s use the days we have left to try to make BuddyPress fully available into your locale as soon as it is released. Thanks in advance for your help.

As usual, if you think you’ve found a bug, please let us know reporting it on this support topic and/or on our development tracker.

BuddyPress 6.4.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.

The 6.4.0 release addresses one security issue: non-capable users could add a style attributes to “span” and “p” elements in possible rich text fields of their profile page. The vulnerability has been fixed.

Version 6.4.0 also fixes 7 bugs, including compatibility updates to welcome PHP 8.0 release (Congratulations to all PHP 8.0 contributors!).

For complete details, visit the 6.4.0 changelog.

Update to BuddyPress 6.4.0 today in your WordPress Dashboard, or by downloading from the WordPress.org plugin repository.

Many thanks to 6.4.0 contributors 

John James Jacoby (johnjamesjacoby), Zeldatea, Dion Hulse, Ray (r-a-y), David Cavins (dcavins) & Mathieu Viet (imath).