WordPress version 4.1.2 is now available to download and contains changes to address the following serious security issues:

• A serious critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
• Files with invalid or unsafe names could be upload.
• Some plugins are vulnerable to an SQL injection attack.
• A very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
• Four hardening changes, including better validation of post titles within the Dashboard.

You can read more about the update: https://core.trac.wordpress.org/log/branches/4.1?rev=32234&stop_rev=32144

You can download WordPress 4.1.2: http://wordpress.org/wordpress-4.1.2.zip