WordPress 4.4.2 is now available for download. Users are strongly urged to update as soon as possible!
This update addresses two security issues: A possible XSS for certain local URIs and an open redirection attack. According to the announcement, all versions of WordPress preceding 4.4.2 are affected. The issues were reported by Ronni Skansing and Shailesh Suthar, respectively.
4.4.2 also addresses 17 bugs found in 4.4.1 and 4.4 including,
- wp_list_comments ignores $comments parameter
- Pagination issue on front page after 4.4.1
You can update to 4.4.2 in the dashboard or download it directly. If your site supports auto updates, the upgrade will push automatically.