+44 0330 223 3428
Call Us
+44 0330 223 3428

BuddyPress: BuddyPress 2.9.1 Security Release

BuddyPress: BuddyPress 2.9.1 Security Release

BuddyPress 2.9.1 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible.

We fixed two regressions introduced in 2.9:

  • Groups: fix group description truncation length on group screen.
  • Profiles: fix avatar quality when requesting avatar sizes larger than the user’s uploaded avatar.

Importantly, BuddyPress 2.9.1 and earlier versions were affected by the following security issue:

  • Cross-site request forgery (CSRF) in the XProfile administration Dashboard panel.

These vulnerabilities were reported privately by Ronnie Skansing. Our thanks to Ronnie for reporting security issues in accordance with WordPress’ security policies.



Source: WordPress

Related Post
Matt: On React and WordPress

Matt: On React and WordPress Big companies like to bury unpleasant news on Fridays: A few weeks ago, Facebook announced they have decided to dig in on their patent clause addition to the React license, even after Apache had said it’s no longer allowed for Apache.org projects. In their words, removing the patent clause would […]

Read more
WPTavern: First WordCamp Dublin Set for October 14-15

WPTavern: First WordCamp Dublin Set for October 14-15 photo credit: Ireland.com Following up on the success of WordCamp Belfast last October, the WordPress community in Dublin will be hosting its first WordCamp October 14-15. Both camps began the early stages of planning last year and the two communities have shared some of the same organizers […]

Read more
WPTavern: GitHub Partners with Facebook to Release Atom-IDE

WPTavern: GitHub Partners with Facebook to Release Atom-IDE GitHub announced the launch of Atom-IDE this week, a new set of packages that extend its open source JavaScript-powered code editor to include IDE-like functionality. This first release includes packages that support TypeScript, Flow, JavaScript, Java, C#, and PHP. “The start of this journey includes smarter context-aware […]

Read more