On September 9 WordPress released a fix for the following three security issues:
- Data exposure vulnerability within the REST API
- A XSS vulnerability in the block editor
- Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes
On November 10 WordPress released an update that fixes two bugs and one security issue. Because it contains a security fix, you should install this update as soon as possible. The security bug was an expired certificate inside WordPress that had to be removed.
Remember to create a backup before updating.