Note: All clients will be updated today!
Previous to this post, WordPress update notifications have been taking place only over at WPbyMe.com, my WordPress training site. From this update forward, notification will take place here as well.
WordPress 4.1.2 is considered a critical security release and it is strongly encouraged you update your sites immediately. This helps to patch a critical cross-site scripting vulnerability. which could enable anonymous users to compromise a site and affect 4.1.1 and earlier releases.
In addition, the following security fixes are covered with 4.1.2:
- Files with invalid or unsafe names could be uploaded (4.1 and higher)
- A very limited cross-site vulnerability which could be used as part of a social engineering attack (3.9 and higher)
- Some plugins were vulnerable to an SQL injection vulnerability.
Full source and credits to those discovering the vulnerability are available at the official release announcement at WordPress.org