BuddyPress 2.4.2 is now available. This is an maintenance and security release, and all BuddyPress installations are recommended to upgrade as soon as possible.
An XSS vulnerability in the Groups component was discovered, which affected the Groups administration screen inside the wp-admin area. We thank Krzysztof Katowicz-Kowalewski (vnd) for responsibly disclosing this issue to the BuddyPress team.
We have also made a number of security hardening improvements (which were discovered during a regular audit) to protect against similar vulnerabilities. Last but not least, this release also includes fixes for several other bugs introduced in the 2.4 series.
Update to BuddyPress 2.4.2 today in your WordPress Dashboard, or by downloading from the wordpress.org plugin repository.