WordPress announced yesterday that 3.9.2 has been released, this is a security update and it is recommended that if you are not hosting with a web host that offers automatic updates then you should update this yourself as soon as possible.
This update fixes a possible denial of service issue in PHP’s XML processing.
WordPress 3.9.2 also contains other security changes:
- Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default).
- Prevents information disclosure via XML entity attacks in the external GetID3 library.
- Adds protections against brute attacks against CSRF tokens.
- Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.
You can update directly from your admin panel.
WordPress also announced that this is the first security release that their security team and the Drupal security team have worked on jointly.
WordPress 4.0 Beta3 has also just been released so it looks like we might be getting the stable version within the next month or so.