BuddyPress 5.1.1 is now available. This is a security release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.
The 5.1.1 release addresses one security issue:
- A denied of service was fixed that could allow a logged in user to remove another user’s avatar and also any empty folder. Discovered by nomnom.
Thi vulnerability was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.
For complete details, visit the 5.1.1 changelog.
Update to BuddyPress 5.1.1 today in your WordPress Dashboard, or by downloading from the WordPress.org plugin repository.
[…] We’ve just published BuddyPress 5.1.1. This is a security release, please upgrade asap: https://buddypress.org/2019/12/buddypress-5-1-1/ […]
Hi, by logging in with facebook the user’s avatar is not picked up. If I uninstall buddypress instead it works correctly.
Hi Marco,
I’d advise you to report this to the author of the plugin you use to log in with a facebook account if you want to fallback to it if the user haven’t uploaded a local avatar. Otherwise you can simply deactivate the User Avatar Uploads option in the BuddyPress settings screen and use
remove_filter( 'get_avatar_url', 'bp_core_get_avatar_data_url_filter', 10, 3 );Hi, am using this latest plugin but when people register on the website, they are not receiving activation key in their inbox. And also mail drop in their spam folder. Please what is the way forward for this because is urgent.
Hi, thanks for your feedback.
If mail drops into their spam folders this is probably an issue with your host. You can probably add a simple text into the register template to ask the user to check into his spam folder if he doesn’t receive the email.