There has been another security update, so here is a brief run-down (this one is simpler than the previous one:)
What we did about it
We have installed the upgrade, which updated the two third-party libraries which had newly-discovered vulnerabilities.
What the vulnerability was
There were two, separate, vulnerabilities; both were in third-party tools used in WordPress.
The first issue was in Plupload, a tool used for managing file uploads, which in certain circumstances could allow a remote person to perform actions on the site which the user did not initiate. This is called a Same Origin Method Execution (SOME) vulnerability. In this case other security measures in WordPress limited the risk, and it only affected the 4.5.1 release, therefore not a high-profile (but still high-priority) issue.
What this means for you
Nothing, as far as we are aware. The issues are completely fixed.
However, it exposed that WordPress is not strictly using HTML5 audio and video. Everyone on the internet should be using a modern browser which supports HTML5; there are inherent risks to older browsers which simply cannot prevent certain types of internet security and privacy attacks which have been resolved in newer browsers. By supporting old, vulnerable browsers (by using MediaElement.js) WordPress is enabling users to continue being at risk rather than encouraging them to update/upgrade.