Codex Home → Releases → Version 14.2.1

Version 14.2.1

Version 14.2.1 is a BuddyPress security and maintenance release. It was released on October 22, 2024. 4 changes were introduced including 1 security fix & 3 bug fixes.

For Version 14.2.1, the database version (_bp_db_version in wp_options) was 13906, and the Trac revision was 14052.

Security fix

• The “Take Photo” feature (which uses the logged in user’s Webcam to capture their profile photo) was vulnerable to an authenticated (Subscriber+) directory traversal. Discovered by Domons from the Wordfence organization.

Bug Fixes

• Groups: move the invite_status group meta check out of the groups_join_group() function (see #9241).
• Administration: use the components right labels into the BP site health info panel (see #9237)
• Administration: resolve Multiple Issues with the BP constants site health info panel (see #9245)

---