BuddyPress 2.2.2 is available from the WordPress plugin directory. It fixes two potential security issues and has a few bug fixes. This is what is fixed in 2.2.2.
- Activity: sanitize output of “Load More” link
- Members: better nonce check on members widget
- Core: improve filtering of wp_title
The security issues were responsibly disclosed by Todd Gibson and Justin Heideman. I jokingly asked BuddyPress lead developer, John James Jacoby, about releasing security fixes on a Friday evening. He said he’d rather be annoying than irresponsible.
https://twitter.com/JJJ/status/586708832874803200
If I used BuddyPress, I’d want security fixes as soon as they’re available. Thanks to Jacoby and the rest of the BuddyPress team for helping to keep sites safe no matter what time of day it is. You can download BuddyPress 2.2.2 from the WordPress plugin directory, or visit Dashboard – Updates in the WordPress backend.
The BuddyPress team pushed out 2.2.2.1 a couple days after 2.2.2 to address an issue we found in the wild; https://codex.buddypress.org/releases/version-2-2-2-1/