WordPress 4.2.4 is now available. This is a security release for all previous versions and you are encouraged to update your sites immediately.
This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site. It also includes a fix for a potential timing side-channel attack and prevents an attacker from locking a post from being edited. There are also some fixes in this release and you can see the details in the release notes here