WordPress 4.1.2 has been released by WordPress.org. This is a critical security release.  We strongly encourage you to update your WordPress site to this version immediately.

This security update fixes four security vulnerabilities, including two critical cross-site scripting vulnerabilities which could enable anonymous users to compromise a site, a vulnerability that allows files with invalid or unsafe names could be uploaded, and a SQL injection vulnerability. Also included in this update are numerous hardening changes to make your WordPress installation more resistant to attacks.

For more information, see the WordPress 4.1.2 Release Notes.

Download WordPress 4.1.2 or from your WordPress Dashboard go to Updates and simply click “Update Now.” WordPress sites that are on version 4.1 which support automatic background updates should update to WordPress 4.1.2 automatically.