WordPress 4.6.1 was made available yesterday. This security release is meant for all the previous versions of WordPress and the users are strongly advised to update their websites immediately.
The WordPress 4.6.1 security release addresses two security vulnerabilities. The first, reported by SumOfPwn researcher Cengiz Han Sahin is a cross-site scripting vulnerability via image filename; and the second, reported by Dominik Schilling from the WordPress security team, is a path traversal vulnerability in the upgrade package uploader.
Additionally, WordPress 4.6.1 fixes 15 bugs. The websites should update automatically since this is a security release. Alternatively, you can update manually by visiting the Updates option in your WordPress Dashboard and clicking the Update Now button.
If you encounter any problems, make sure to report it to the WordPress Support Forum. For more information, check out the release notes and list of changes that have been made to the new release.