On 29 November, 2017, WordPress 3.9.22 was released to the public.
To download WordPress 3.9.22, update automatically from the Dashboard > Updates menu in your site's admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
From the WordPress 4.9.1 release post: WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1:
newbloguser
key instead of a determinate substring.html
elements.unfiltered_html
capability.wp-admin/about.php wp-admin/user-new.php wp-includes/feed.php wp-includes/functions.php wp-includes/general-template.php wp-includes/version.php wp-includes/wp-db.php