WordPress 3.9.2 is now available for download and upgrade.
This is an important security release for all previous versions and we strongly encourage you to update your sites immediately.
This release fixes a possible denial of service issue in PHP’s XML processing.
WordPress 3.9.2 also contains other security changes:
- Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default).
- Prevents information disclosure via XML entity attacks in the external GetID3 library.
- Adds protections against brute attacks against CSRF tokens.
- Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.