Content complements of: https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
WordPress 4.4.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.4 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be compromised. This was reported by Crtc4L.
There were also several non-security bug fixes:
Emoji support has been updated to include all of the latest emoji characters, including the new diverse emoji!
Some sites with older versions of OpenSSL installed were unable to communicate with other services provided through some plugins.
If a post URL was ever re-used, the site could redirect to the wrong post.
WordPress 4.4.1 fixes 52 bugs from 4.4. For more information, see the release notes or consult the list of changes.
Download WordPress 4.4.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.4.1.
Thanks to everyone who contributed to 4.4.1:
Aaron D. Campbell, Aaron Jorbin, Andrea Fercia, Andrew Nacin, Andrew Ozz, Boone Gorges, Compute, Daniel Jalkut (Red Sweater), Danny van Kooten, Dion Hulse, Dominik Schilling (ocean90), Dossy Shiobara, Evan Herman, Gary Pendergast, gblsm, Hinaloe, Ignacio Cruz Moreno, jadpm, Jeff Pye Brook, Joe McGill, John Blackbourn, jpr, Konstantin Obenland, KrissieV, Marin Atanasov, Matthew Ell, Meitar, Pascal Birchler, Peter Wilson, Roger Chen, Ryan McCue, Sal Ferrarello, Scott Taylor, scottbrownconsulting, Sergey Biryukov, Shinichi Nishikawa, smerriman, Stephen Edgar, Stephen Harris, tharsheblows, voldemortensen, and webaware.