BuddyPress 2.2.2 is available from the WordPress plugin directory. It fixes two potential security issues and has a few bug fixes. This is what is fixed in 2.2.2.
- Activity: sanitize output of “Load More” link
- Members: better nonce check on members widget
- Core: improve filtering of wp_title
The security issues were responsibly disclosed by Todd Gibson and Justin Heideman. I jokingly asked BuddyPress lead developer, John James Jacoby, about releasing security fixes on a Friday evening. He said he’d rather be annoying than irresponsible.
@jeffr0 @imath @tw2113 I’d rather do the right thing and be annoying than not and be irresponsible.
— John James Jacoby (@JJJ) April 11, 2015
If I used BuddyPress, I’d want security fixes as soon as they’re available. Thanks to Jacoby and the rest of the BuddyPress team for helping to keep sites safe no matter what time of day it is. You can download BuddyPress 2.2.2 from the WordPress plugin directory, or visit Dashboard – Updates in the WordPress backend.
Source: WP Tavern