Yesterday, WordPress 4.4.1 was released to the public.
This is a security release for all previous versions and WordPress.org strongly recommends to update those sites.
WordPress 4.4.1 fixes 52 bugs from 4.4, including one security bug where WordPress versions 4.4 and earlier were dogged by a cross-site scripting vulnerability that could result in a site to be compromised. This was reported by Crtc4L.
This release also addresses other severe non-security bugs like:
- Updates the polyfill used for emoji to support Unicode 8. Support for Unicode 8 adds a new variety of new emoji characters to WordPress.
- Fixes the issue with some sites using older versions of OpenSSL where they were unable to communicate with other services provided through some plugins.
- If a post URL was ever re-used, the site could redirect to the wrong post.
Other notable changes include the removal of Rdio embed support, plugins failing to update after WordPress 4.4 is installed and other useful changes to responsive images. Sites configured to receive automatic updates should update within 24 hours. Since 4.4.1 is a security release, you should initiate the update process as soon as possible.
A total of 36 people were responsible for this release. Download WordPress 4.4.1 or venture over to Dashboard > Updates and simply click Update Now. Sites that support automatic background updates are already beginning to update to WordPress 4.4.1.
If you encounter any problems after the update, please create a new thread in the WordPress.org support forums where volunteers are ready to help.