WordPress launched 5.7.2 which features one security fix. This security release features one security fix. Because this is a security release, it is recommended to update sites immediately. All versions since WordPress 3.7 have also been updated.
Security updates
One security issue affecting WordPress versions between 3.7 and 5.7. Object injection in PHPMailer is CVE-2020-36326 and CVE-2018-19296. PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via attachment with a UNC pathname. PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
After this short-cycle security release, the next major release will be version 5.8. It is possible to update to WordPress 5.7.2 by downloading from WordPress.org, or visit your Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started the update process.