Version 2.4.2 is a BuddyPress security and maintenance release.
For Version 2.4.2, the database version (_bp_db_version in wp_options) was 10071, and the Trac revision was r10396. Read the full ticket log here.
- Groups: properly escape the action status message on the wp-admin management screen to prevent XSS attacks. Thanks to Krzysztof Katowicz-Kowalewski (vnd) for responsibly disclosing this issue.
- Handle errors from wp_upload_dir(). (#6729)
- Extended Profiles: fix the visibility “change” link always being shown, even if field visibility is enforced. (#6730)
- Members: fix name of the Members component’s search parameter. (#6733)
- Members: update Members component search parameter when used with AJAX pagination in the Members Directory. (#6745)
- Fix issue when selecting ‘Gravatar Logo’ from ‘Settings > Discussion > Default Avatar’. (#6737)
- Members: improve z-index of user profile cover images. (#6738)
- General security hardening and data validation improvements.
Full list of changes can be found here: