Version 2.4.2

Version 2.4.2 is a BuddyPress security and maintenance release.

For Version 2.4.2, the database version (_bp_db_version in wp_options) was 10071, and the Trac revision was r10396. Read the full ticket log here.

Fixes

• Groups: properly escape the action status message on the wp-admin management screen to prevent XSS attacks. Thanks to Krzysztof Katowicz-Kowalewski (vnd) for responsibly disclosing this issue.
• Handle errors from wp_upload_dir(). (#6729)
• Extended Profiles: fix the visibility “change” link always being shown, even if field visibility is enforced. (#6730)
• Members: fix name of the Members component’s search parameter. (#6733)
• Members: update Members component search parameter when used with AJAX pagination in the Members Directory. (#6745)
• Fix issue when selecting ‘Gravatar Logo’ from ‘Settings > Discussion > Default Avatar’. (#6737)
• Members: improve z-index of user profile cover images. (#6738)
• General security hardening and data validation improvements.

Full list of changes can be found here:
https://buddypress.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.4.2