This is a maintenance and security update.
The security updates are for:
■ Server-side request forgery (SSRF) and remote port scanning via pingbacks. Fixed by the WordPress security team.
■ Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon Cave of the WordPress security team.
■ Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5 was released to address this issue.