Published on February 26th, 2025 by John James Jacoby
bbPress 2.6.12 is a minor release that fixes 1 security issue and 1 small bug.
The security issue was responsibly disclosed via the WordPress HackerOne bounty program. It does not appear to be actively exploited, and specifically targets: single-site WordPress installations, newer than 5.3.0, with the “Membership” setting set to “Anyone can register”, and with bbPress active.
(Even if that isn’t you, you should still update bbPress to 2.6.12 anyways!)
The minor bug was a regression to the search component introduced in 2.6.11, causing search results to not be as accurate as everyone deserves for them to be. ๐ต
Both of these fixes are already merged into the 2.7 development branch.
Thank you to GDragoN and mungah (via HackerOne) for your help fixing bugs, and Robin W for keeping the bbPress.org Forums squeaky clean and well-supported! I really appreciate all of y’all! ๐
Published on June 29th, 2024 by John James Jacoby
bbPress 2.6.11 is a minor release that fixes 13 relatively small bugs reported over the past few years.
Most notably, it improves HTML output escaping in the topic & reply forms (nothing serious, just some entities showing up where they should not), prevents a bunch of different debug notices from filling up error logs, and also updates some code to avoid deprecated notices from testing with the latest version(s) of WordPress itself.
All of these fixes have already been merged up into the 2.7 development branch.
If you’re paying really close attention, you may be wondering “hey John, what happened to 2.6.10?”
Well… I botched it. It’s been a while, ok? ๐คฆโโ๏ธ And 2.6.11 is good to go.
Huge thanks to Eusebiu, Kevin, and (as always) Robin W for being super fast with their feedback and just generally awesome!
Published on November 29th, 2021 by John James Jacoby
bbPress 2.6.9 is a minor release that improves the Akismet clean-up routines introduced in the 2.6.7 release. If you are using Akismet with bbPress and saw some debug notices in your logs, this release is for you!
Thank you to our friends over at Automattic’s Akismet team for helping! ๐
Published on November 19th, 2021 by John James Jacoby
bbPress 2.6.8 is a minor release that fixes 1 regression in the 2.6.7 release. ๐ฌ
Thank you to everyone who provided prompt feedback in the support forums. Because of you, we were able to react quickly and repackage this release right away. ๐
Published on November 17th, 2021 by John James Jacoby
bbPress 2.6.7 is a minor release that fixes 19 issues. For everyone running bbPress 2.6, feel free to update at your earliest convenience. ๐ฏ
This release improves Akismet and BuddyPress support, allows Moderators to reply to unapproved Topics, and fixes a user-interface issue with the hierarchical replies feature, just to highlight a few notable changes.
Thank you to everyone who contributed to this bbPress release! ๐
Published on November 5th, 2020 by John James Jacoby
bbPress 2.6.6 is a minor release that fixes 22 issues. For all y’all running bbPress 2.6, you are welcome to update at your earliest convenience. ๐
This release fixes a few PHP warnings & notices, some output formatting bugs, and improves a few different moderator experiences, just to name a few of my favorite changes.
As always, thank you for choosing bbPress. It means a lot to our team that you and over 300,000 others entrust us with powering your community. ๐
Published on May 28th, 2020 by John James Jacoby
bbPress 2.6.5 is a security release, and fixes 8 total issues reported either via Trac or HackerOne. For anyone running bbPress 2.6, please update to this version immediately.
Special thanks to the following folks for improving the security of bbPress:
- Raphael Karger for disclosing an unauthenticated privilege escalation when New User Registration is enabled
- hoangkien1020 for disclosing an authenticated privilege escalation via the Super Moderator feature
- Binit Ghimire for reporting the potential for a self-XSS via the Forums list-table
Also in this release are: various typographical fixes, a few PHP warnings & notices were eradicated, more accurate escaping of Search results, and support for some recently added WordPress Plugin headers.
This security release came together very quickly, with the help of several WordPress Core, Meta Team, and Security Team members. I appreciate all of your help today. ๐
Another big shoutout to my employer, Sandhills Development, for allowing me the freedom to responsibly shirk my plans for today, enabling me to focus on getting this release out ASAP. โค๏ธ
Published on January 30th, 2020 by John James Jacoby
bbPress 2.6.4 is a security release, and fixes 8 total issues reported by our amazing, patient, and vigilant community members:
- Fixes an obscure security issue with BuddyPress Group Forums, allowing Group Members to save Topics to invalid Forum IDs
- Fixes performance degradation for 2.5 database schemas
- Fixes a few typos
- Fixes some debug notices
- Fixes user email changes using the wrong API
- Improves compatibility with PHP 7.2 and higher
Special thanks to Yuvraj Dighe for his responsible disclosure of the BuddyPress Group Forums bug over at HackerOne. Thank you for helping improve bbPress. ๐
Work continues on improving bbPress 2.6 while also doing a bit more clean-up for 2.7. ๐งน
Expect for the next minor release (bbPress 2.6.5) to be released sometime before March 1. ๐
Published on December 10th, 2019 by John James Jacoby
bbPress 2.6.3 fixes 9 issues reported by community members:
- Fixes a few typos and grammatical errors
- Bumps required WordPress versions to 5.3.0 (bbPress always only officially supports the latest WordPress version)
- Fixes the Forums widget displaying in the wrong order
- Fixes a JavaScript error with hierarchical replies
We’re continuing to work on improving bbPress 2.6 while also deciding what exactly will make it into 2.7.
Expect for the next minor release (bbPress 2.6.4) to be released sometime before Christmas 2019. ๐
Published on November 22nd, 2019 by John James Jacoby
bbPress 2.6.2 fixes 5 more small bugs that were reported by community members in our support forums:
- Hierarchical replies in threaded discussion topics were broken for sites that were enabling the visual editor, so we unbroke it.
- Sites with custom
bbpress.css files were not having their custom styling applied in some cases. We fixed at least one case that we could find. Let us know if this is still not working correctly for you. - BuddyPress Notifications stopped working completely, but that wasn’t on purpose so we made them work completely again.
- The “Edit” part of a URL pattern was not customizable inside of Forum Settings. Now it is!
- One of the repair tools had a typo in it, so we untypo’ed it.
Thanks to everyone in the forums for being persistent and helping us identify all these annoyances.
We’re going to continue minor releases as bugs get reported and fixed. The team is committed to making sure your forums are running as smoothly as can be, so don’t be surprised if you see 2.6.3 soon too! ๐
