WordPress.org have announced version 3.4.1 a maintenance and security update has been released.
The new version fixes 18 bugs in WordPress that were discovered in version 3.4 which has been released two weeks ago.
Fixes include:
Fixes an issue where a theme’s page templates were sometimes not detected.
Addresses problems with some category permalink structures.
Better handling for plugins or themes loading JavaScript incorrectly.
Adds early support for uploading images on iOS 6 devices.
Allows for a technique commonly used by plugins to detect a network-wide activation.
Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.
Privilege Escalation/XSS. Critical. Administrators and editors in multisite were accidentally allowed to use unfiltered_html for 3.4.0.
CSRF. Additional CSRF protection in the customizer.
Information Disclosure: Disclosure of post contents to authors and contributors (such as private or draft posts).
Hardening: Deprecate wp_explain_nonce(), which could reveal unnecessary information.
Hardening: Require a child theme to be activated with its intended parent only.
Download and info: http://codex.wordpress.org/Version_3.4.1