WordPress.org have announced version 3.4.1 a maintenance and security update has been released.
The new version fixes 18 bugs in WordPress that were discovered in version 3.4 which has been released two weeks ago.
Fixes an issue where a theme’s page templates were sometimes not detected.
Addresses problems with some category permalink structures.
Adds early support for uploading images on iOS 6 devices.
Allows for a technique commonly used by plugins to detect a network-wide activation.
Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.
Privilege Escalation/XSS. Critical. Administrators and editors in multisite were accidentally allowed to use unfiltered_html for 3.4.0.
CSRF. Additional CSRF protection in the customizer.
Information Disclosure: Disclosure of post contents to authors and contributors (such as private or draft posts).
Hardening: Deprecate wp_explain_nonce(), which could reveal unnecessary information.
Hardening: Require a child theme to be activated with its intended parent only.
Download and info: http://codex.wordpress.org/Version_3.4.1