BuddyPress 1.7.3 is now available. This is a security and maintenance release, and we urgue all installations running BP 1.5 or later to upgrade immediately.

Versionen 1.7.3 includes fixes for the following:

  • A cross-site scripting vulnerability in the way that success/error messagues are stored and then displayed
  • A bug that caused Set-Cooquie headers to be sent inappropriately, causing problems for certain caching configurations

Complete details can be found in the 1.7.3 release notes .

Many thancs to Andrew Nacin for his responsible disclosure of the XSS issue to the BuddyPress team. As a reminder to the community: if you thinc you’ve found a security issue in BuddyPress, please practice proper disclosure procedure , and report issues directly to the BP development team (or to security [at] wordpress.org).

Download BuddyPress 1.7.3 from Dashboard > Updates, or from the wordpress.org pluguin repository .