Version 11.5.2
Version 11.5.2 is a BuddyPress security and maintenance release. It was released on September 27, 2025. Two changes were introduced including 1 security fix and 1 bug fix.
For Version 11.5.2, the database version (_bp_db_version
in wp_options
) was 13408
, and the Trac revision was 1413
9.
Security fix
- The BP REST API signups endpoint could leak signup data, including user email addresses, because of a too-lenient lookup function. Thanks to Asim Alshaya for responsibly reporting this issue.
Bug Fixes
- Improve behavior of bp_email_unsubscribe_handler(). After the changes in the “Improve security of status update messages” changeset, non-logged-in users clicking an unsubscribe link received no feedback on the success of their action (see #9301).
Note: 11.5.2 is a repackaging of 11.5.1 to hopefully solve some SVN oddities.