BuddyPress 14.4.0, BuddyPress 12.6.0, and BuddyPress 11.5.2 are all now available. This is a security release. Please update as soon as possible.

14.4.0, 12.6.0 & 11.5.1 fixed one bug and one security issue:

• The BP REST API signups endpoint could leak signup data, including user email addresses, because of a too-lenient lookup function. Thanks to Asim Alshaya for responsibly reporting this issue.
• Improve behavior of bp_email_unsubscribe_handler(). After the changes in the “Improve security of status update messages” changeset, non-logged-in users clicking an unsubscribe link received no feedback on the success of their action.

Note: 11.5.2 contains the same code changes as 11.5.1 but has been repackaged to hopefully resolve some SVN oddities.

For complete details, visit the 14.4.0 changelog.

Many thanks to our 14.4.0 contributors 

emaralive, jjj, r-a-y, vapvarun, and dcavins.

BuddyPress 14.3.4, BuddyPress 12.5.3, and BuddyPress 11.4.4 are all now available. This is a security release. Please update as soon as possible.

14.3.4, 12.5.3 & 11.4.4 fixed two bugs:

• Restrict bulk notification management to owner. Many thanks to Brian Mungah for responsibly reporting the problem.
• Improve security of status update messages. Many thanks to mikemyers for responsibly reporting the issue.

For complete details, visit the 14.3.4 changelog.

You can get the latest version by clicking on the above button, downloading it from the WordPress.org plugin directory or checking it out from our Subversion repository.

Many thanks to our 14.3.4 contributors 

emaralive, jjj, and dcavins.

BuddyPress 14.3.3 is now available. This is a maintenance release.

14.3.3 fixes a mistake made in the build process for 14.3.1 (and 14.3.2 attempted to fix, but didn’t completely fix the issue, so was never released).

14.3.1 fixed two bugs:

• WordPress 6.7 compatibility: WP 6.7 will throw notices for plugins that load their textdomain before ‘init’ (see #9247).
• BP Legacy Theme Pack: Make sure the bp_heartbeat property is included in the WP Heartbeat data object (see #9248).

For complete details, visit the 14.3.1 changelog.

You can get the latest version by clicking on the above button, downloading it from the WordPress.org plugin directory or checking it out from our Subversion repository.

Many thanks to our 14.3.3 contributors 

dreampixel, boonebgorges, emaralive & imath.

BuddyPress 14.3.1 is now available. This is a maintenance release.

14.3.1 fixes two bugs:

• WordPress 6.7 compatibility: WP 6.7 will throw notices for plugins that load their textdomain before ‘init’ (see #9247).
• BP Legacy Theme Pack: Make sure the bp_heartbeat property is included in the WP Heartbeat data object (see #9248).

For complete details, visit the 14.3.1 changelog.

You can get the latest version by clicking on the above button, downloading it from the WordPress.org plugin directory or checking it out from our Subversion repository.

Many thanks to our 14.3.1 contributors 

dreampixel, boonebgorges, emaralive & imath.

BuddyPress 14.2.1 is now available. This is a maintenance & security release. All BuddyPress installations should be updated as soon as possible.

The 14.2.1 release addresses the following security issue:

• The “Take Photo” feature (which uses the logged in user’s Webcam to capture their profile photo) was vulnerable to an authenticated (Subscriber+) directory traversal. Discovered by Domons from the Wordfence organization.

This vulnerability was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.

14.2.1 also fixes 3 bugs introduced in 14.0.0:

• Groups: move the invite_status group meta check out of the groups_join_group() function (see #9241).
• Administration: use the components right labels into the BP site health info panel (see #9237)
• Administration: resolve Multiple Issues with the BP constants site health info panel (see #9245)

For complete details, visit the 14.2.1 changelog.

You can get the latest version by clicking on the above button, downloading it from the WordPress.org plugin directory or checking it out from our Subversion repository.

If for a specific reason you can’t upgrade to 14.2.1, we have also ported the security fix to BuddyPress versions going all the way back to branch 11.0. Here’s the list of the available downloads for the corresponding tags, you can also find these links on our WordPress.org Plugin Directory “Advanced” page:

• If you are using BP 11.x and can’t upgrade to 14.2.1, please upgrade to 11.4.3
• If you are using BP 12.x and can’t upgrade to 14.2.1, please upgrade to 12.5.2

Many thanks to 14.2.1 contributors 

vapvarun, boonebgorges, emaralive & imath.

Immediately available is BuddyPress 14.1.0. This maintenance release fixes 4 bugs. For details on the changes, please read the 14.1.0 release notes.

Update to BuddyPress 14.1.0 today in your WordPress Dashboard, or by downloading from the WordPress.org plugin repository.

Many thanks to 14.1.0 contributors 

thomaslhotta, shailu25, emaralive, espellcaste & imath.

We’re very excited to announce the immediate availability of BuddyPress 14.0.0 « Da Lucia », named after the excellent pizza restaurant located in the 15th arrondissement of Paris, France. Get it now from the WordPress.org plugin repository, or right from your WordPress Dashboard.

This new major version of your site’s community engine introduces around 80 changes mostly working under the hood to improve documentation, code formatting, consistency and the stability of the plugin. Here are five improvements we would like to highlight:

1. There’s a new “BuddyPress constants” panel added to the WordPress Site Health information tool. Use it to check whether you’re using deprecated constants in your custom code or third party BP Plugins/Add-ons. The information in the “BuddyPress” and “BuddyPress constants” panels is also very useful when you need to ask for support.
2. Most BuddyPress Admin screens now have a help tab in their top right corner which includes a link to an updated documentation resource.
3. Whether BuddyPress is installed on a multisite network or on a single site, signups are now managed the exact same way.
4. Speaking of signups, the BP REST API has been improved so that you can now submit values for any xProfile field registered as part of the Signups profile field group.
5. Last but not least, we again offer native support for overriding BuddyPress’s language with your community vocabulary using custom translations.

Take a few minutes to discover all changes reading this release note.

Compared to our previous major version (12.0.0 – the number right after was too intimidating 🐈‍⬛), 14.0.0 is a quieter update. After the huge BP Rewrites API revolution, the humans (us the BP Team) who maintain and support your favorite community plugin needed to catch their breath to get ready for the new round of big changes arriving in 15.0.0.

Let’s keep in mind BuddyPress is an open source project maintained by volunteers giving freely of their time and energy to help you build great WordPress community sites. Don’t hesitate to send us some encouraging words and please consider contributing back to the project.

47 contributors freely gave some of their time & energy to build the 14.0.0 release 😍

ahegyes, Boone Gorges (boonebgorges), chairmanbrando, David Cavins (dcavins), Dion Hulse (dd32), Paul Wong-Gibbs (DJPaul), Andrea Tarantini (dontdream), emaralive, Renato Alves (espellcaste), gingerbooch, Ian Dunn (iandunn), Mathieu Viet (imath), IT Path Solutions (itpathsolutions), jnie, johndawson155, John James Jacoby (johnjamesjacoby), Jose Varghese (josevarghese), KaineLabs Team (kainelabsteam), Lena Stergatou (lenasterg), Christian Wach (needle), Nazmul Hasan Robin (nhrrob), Nifty (niftythree), Nitin Patil (nitinp544), pawelhalickiotgs, perchenet, Pooja Sahgal (poojasahgal), r-a-y, respawnsive, Rosso Digital (roberthemsing), Stephen Bernhardt (sabernhardt), Shail Mehta (shailu25), shawfactor, sjregan, Slava Abakumov (Slaffik), Pierre Sylvestre (strategio), testovac,Varun Dubey (vapvarun),Yagnik Sangani (yagniksangani),Dan Caragea (dancaragea), modelaid, Pieterjan Deneys (nekojonez), Mehraz Morshed (mehrazmorshed), 沈唁 (shenyanzhi), 耗子 (haozi), cyrfer, narolainfotech, Benjamin Zekavica (benjamin_zekavica).

Your feedback

How are you using BuddyPress? Receiving your feedback and suggestions for future versions of BuddyPress genuinely motivates and encourages our contributors. Please share your feedback about this version of BuddyPress on our website.

Let’s meet at « Da Lucia’s » !

BuddyPress is about people! The BuddyPress team is made up of friendly folks from all around the world. We meet online every week during a release cycle but when we manage to meet IRL during a WordCamp, a BuddyCamp or just because we’re around at the same time we absolutely need to celebrate it with a great 🍕. Da Lucia’s will, from now on, be remembered as the great pizza restaurant where @vapvarun & @imath, two members of the BP Team, met IRL for the first time 🤝 😂.

Props @dcavins for his review about this announcement post.

The first release candidate for BuddyPress 14.0.0 is now available!

“Release Candidate” means that we think the new version is ready for release, but with the many possible specific WordPress configurations, hundreds of BuddyPress plugins and Thousands of WordPress themes, it’s possible something was missed.