WordPress 4.4.1 has just been released to patch a XSS (cross-site scripting) vulnerability in all previous versions of WordPress. If you are using version 4.4. or earlier, It is strongly recommended that you update to your site to the latest version immediately.
WordPress 4.4.1 fixes 52 bugs from version 4.4 and several non-security bugs:
- Rdio embed support has been removed
- Polyfill used for emoji has been updated to support Unicode 8.0. Emoji now also supports all of the latest emoji characters
- Some plugins were not being able to update after WordPress 4.4 was installed
- Some sites with older versions of OpenSSL were not being able to communicate with some other https sites via the HTTP API.
- Responsive image feature has been updated to support for external URLs and fix an image blurry issue.
- An existing post could redirect to the wrong URL if it was ever re-used
- Including title in the URL could redirect to a 404 page
- Link target for media files was set to none by default. This was affecting embedding of media elements that are not images (e.g. PDF files, documents)
For detailed information check the WordPress 4.4.1 release notes.