Version 5.2.0
Version 5.2.0 is a BuddyPress security and maintenance release. It was released on April 21, 2020. Four vulnerabilities were addressed, and five bugs fixed.
For version 5.2.0, the database version (bp_db_version
in wp_options
) was 12385, and the Trac revision was 12512.
Fixes
- Security: A vulnerability was fixed that could allow group moderators improper control over group membership via a REST API endpoint.
- Security: A vulnerability was fixed that could allow a CSRF attack related to xProfile field deletion links in the Dashboard.
- Security: A vulnerability was fixed that could allow users to delete group activity items belonging to groups to which they don’t have administrative access.
- Security: A vulnerability was fixed that could allow site Editors or Authors improper edit access over items belonging to BuddyPress’s Email post type.
- Groups: Fixed a PHP notice when adding a user to a group via the REST API.
- Groups: Fixed a string in the Group Members administration UI that was not properly localizable.
- Groups: Fixed a bug that could cause pending invitations to be properly resent in some cases.
- Build: Improved Travis configuration.
- Members: Improved compatibility with WordPress 5.4’s updated user data tools.