bbPress 2.5.9 is out, and is a security release for all previous 2.x versions.
bbPress versions 2.5.8 and earlier are susceptible to a form of cross-site-scripting, due to the way users are linked to their profiles when they are mentioned in topics and replies.
Check the 2.5 milestone for a comprehensive changelog of fixes.
Take a moment to update your bbPress installations to 2.5.9. If you’re using WordPress’s built-in updater, it should only take a click or two.
These fixes have also been ported over to 2.6, which we continue to run here at bbPress.org and BuddyPress.org.
Just a reminder. The WP dev chat time was changed as and a result we have updated ours as well. The bbPress weekly dev chat will now be (back) at 21:00 UTC (4pm central).
bbPress 2.3 release is imminent. Last chance to sneak anything in!
bbPress 2.3 RC1 has now been released 🙂
You can check out the finer details from @JohnJamesJacoby on the bbPress blog here.
It would be great if you could:
- Test all the things…
- Test your themes…
- Test your plugins…
- Test your site…
If you find a bug please post a ticket http://bbpress.trac.wordpress.org/
Updated bbPress.org to latest trunk, which includes some tweaks to posting code, and some preliminary forum searching abilities (courtesy of jmdodd.)
I’ll be tweaking the site templates and CSS to make it fit the site more appropriately.
We’re going to be taking a break from our weekly dev chats for a few weeks to enjoy the holidays. We’ll pick up things again on Wednesday January 2nd, 2013.
The new search feature (#1575) is in trunk so feel free to have some fun with that. Hope everyone has a great Festivus 😉
Had a productive dev chat today. jjj was out but we still covered a few things. You can read the transcript here.
- #1575 – bbPress search (jmdodd). jmdodd is making very good progress and pressing on. This is going to be a killer feature in 2.3 – I’d say the showcase feature for the release. She said in a week or so she will likely have a very solid patch that will be ready for some heavy testing.
- #1694 and #1799 – we skipped over these as jjj was out, but they should be mostly done (completely my guesstimate). Will revisit next week.
- #2036 – Hierarchal replies (jmdodd). Haven’t done much with this since she has been dominated #1575. Depending on the release schedule we decide for 2.3 it can either be punted to 2.4 or attempted for 2.3. General consensus was ideally 2.3 will go out the door sooner than later to let everyone have the search goodness, in which case punting it would be A-OK.
- #1478 – Profile pages have error404 class in some cases (jjj). Still needs to be looked at and given more thought.
- #2054 – Reset/set CSS styling on some in the bbPress content areas (jared). Patch needs testing with non-default themes, but should be solid. Are there any other elements we need to reset? jmdodd suggested looking to see what else is in kses.
- #2067 – Firefox bug causing recent topics/replies on profile to not show. If using the overflow fix does the job, then its a simple CSS change and boom – done.
- #1917 – Tabindex issue. MZAWeb is going to take the inline JS, move it to a seperate file – possibly topics.js if thats all that is needed – and see if that fixes things so we can close this out (again).
- netweb is wrangling all those importer tickets and doing some serious damage on them, most should be wrapped up soon.
- MZAWeb made a great utility for sticking filler content in bbPress and it’s available on GitHub.
- Lastly we talked about the templates in /extras. It’s been pointed out that some of them are wonky in TwentyTwelve. Nothing major, but slightly annoying. We can try and test them all for 2012 in time for 2.3 or punt to 2.4. Nothing complicated, just tedious as when we perform any fixes we’ll want to check them against 2010/2011 to make sure we aren’t breaking stuff. netweb suggested we do this before BuddyPress 1.7 is live, which means it would need to be done in 2.3.
Until next week!
In lieu of a dev chat this week, I went through and prioritized our milestones in Trac.
- Created 2.4 milestone.
- Thinned out 2.3 milestone by moving some things to 2.4.
- Cleaned up some Future Release tickets.
- Fixed everything in 2.2.3 and a few 2.3 stragglers.
If you’d like to help out, assign yourself to a ticket, and get to patchin!
bbPress dev chat summary Nov 21, 2012
- 2.2.3 Ready to go with some minor patches, just waiting so not so many updates being pushed
- Look towards getting 2.3 out the door ‘this year’
- #1917 tabindex issue on new topic form – JS & jQuery
- #1905 Subscribe/Favourite ajax links issue – JS & jQuery
- #1835 Redirected to forum list after creatiing a reply
- #1889 Option to delete imported users when performing ‘Reset Forum’
- #1430 Show pingbacks on topic page <- UI concerns Widget? Template? Sidebar? Show/Hide?
- Raising importance of ‘Search’ for bbPress 2.3 over ‘Per Forum Moderation’
- Adding a svn sync of bbPress trunk to GitHub using https://github.com/wordpress org account
- Updating bbPress Forum Importers (Conversion & BBCode conversion) for 2.3 release
- Bring 'unit testing' to bbPress in 2013 REF: https://github.com/WP-Razor
The full chat log is here