bbPress 2.5.9 is out, and is a security release for all previous 2.x versions.
bbPress versions 2.5.8 and earlier are susceptible to a form of cross-site-scripting, due to the way users are linked to their profiles when they are mentioned in topics and replies.
Check the 2.5 milestone for a comprehensive changelog of fixes.
Take a moment to update your bbPress installations to 2.5.9. If you’re using WordPress’s built-in updater, it should only take a click or two.
These fixes have also been ported over to 2.6, which we continue to run here at bbPress.org and BuddyPress.org.
In accordance with our WP compatibility guidelines, we’ll be dropping official support for WordPress versions 3.6, 3.7, 3.8, and 3.9 in bbPress 2.6. For more details, see #2902
Can I bother you to contribute a few more minutes of your time to fill out the 2015 contributor survey? It helps everyone establish some baselines around the contributor experience so that we can gauge how things change over time.
This is being posted to all the Make teams, so if you subscribe to a bunch of p2s and keep seeing this post, know that you only need to fill the survey in once, not once per team.
The survey is anonymous (so you can be extra honest), all questions are optional (so you can skip any that you don’t want to answer), and we’ll post some aggregate results around the end of January. It took testers 5-10 minutes to complete on average (depends how much you have to say), so I bet you could crank it out right after you read this post.
There are two sections of the survey:
- The first has questions about team involvement, recognition, and event involvement, and is pretty much what you’d expect from an annual survey (which teams did you contribute to, how happy are you as a contributor, etc).
- The second section is about demographics so we can take a stab at assessing how diverse our contributor base is. All questions are optional, but the more information we have the better we can figure out what we need to improve. If there’s some information you’d rather not identify, that’s okay, but please do not provide false information or use the form to make jokes — just skip those questions.
The survey will be open until January 15, 2016. Whether you have 5 minutes now, or 10 over lunch (or whenever), please take the 2015 contributor survey. Thanks, and thanks again for making 2015 awesome!
It can be cumbersome to navigate, intimidating to learn, and difficult to master. We know Trac isn’t always the most user friendly tool, but we love it anyways because it works really well for managing the type of project bbPress is and the workflow we use.
These issues are exacerbated when Trac is out of date, or has not been “gardened”, which usually refers to general pruning, tidying, and making sure there’s a place for everything and everything is in its place.
Over the past year we’ve focused on improving the software and the build tools, and (other than software updates to keep up with WordPress’s Trac) haven’t revisited our Components, Milestones, or Resolutions in a long while.
This afternoon I made some rearrangements I think will help us stay better organized and on-target, outlined below:
- Added the “Under Consideration” milestone, for issues that the core team has reviewed but hasn’t decided on exactly where it belongs yet. This is good for keeping Awaiting Review empty, and getting feedback to ticket authors sooner.
- Components are now namespaced by what exactly they are intended to be. This should help tickets get categorized sooner, and help the core team better assess what areas need what improvements.
- Several components were renamed to more appropriately reflect our intentions for them.
- Added the “regression” ticket type, to help draw attention to issues that should be tested more quickly and prioritized higher.
- Add “idea” ticket type, to help promote brainstorming and planning on Trac vs. Slack or the Forums.
Like most things, all of these changes are open to criticism and scrutinization. If it turns out they hurt more than they help, we can try something else. These changes are inspired by years of interacting with Trac and witnessing repeated workflow hang-ups.
We aren’t exactly agile; sometimes members of the core team don’t intersect on issues for a few days, and tickets go unloved for weeks or months. I think we do great in the face of this, and hope our slightly modified arrangement feels like a natural progression of our growing team and project.
Just a quick update.
We didn’t have a formal dev chat on 8th or 16th. We’re still pressing forward with 2.4. Also there 2.3.2 was released which had a few updates.
The main thing right now is to keep working on 2.4. Also, if you haven’t already, test jmdodd’s hierarchal replies patch for #2036. For real, lot’s of testing on this.
Lastly, with the discovery of #2334 (http://bbpress.trac.wordpress.org/ticket/2334) there is certainly a possibility of a 2.3.3 release in the near future.
Today’s dev chat was very brief. Since last week jjj pushed 2.3.1 which had a few minor fixes.
Notably it contained a fix for posting code and further refined the new back tick feature ( ` ). There is no need to use <code> or <pre> when posting lines/blocks of code, simply wrap the code in a ` (if you use GitHub or Markdown it is the same concept) and we take care of the rest.
Also in 2.3.1 the “visual tab” of the TinyMCE/fancy editor was turned off by default. The visual tab is great in theory but we’ve seen a slew of issues with it such as code being reformatted, mangled, etc. For users who really need it back (and don’t post code in their forums) they can either use this snippet or this plugin to bring back the visual mode.
Aside from the 2.3.1 release we are just moving forward with the 2.4 tickets.
MZAWeb also talked about looking into getting Alex Mill’s SyntaxHighlighter plugin working with bbPress now that we have the code posting sorted out.