BuddyPress: BuddyPress 2.9.1 Security Release
BuddyPress 2.9.1 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible.
We fixed two regressions introduced in 2.9:
- Groups: fix group description truncation length on group screen.
- Profiles: fix avatar quality when requesting avatar sizes larger than the user’s uploaded avatar.
Importantly, BuddyPress 2.9.1 and earlier versions were affected by the following security issue:
- Cross-site request forgery (CSRF) in the XProfile administration Dashboard panel.