WordPress 4.4.1 has already been released and available for download. This is a security release for all previous versions which addresses security vulnerabilities, so that we strongly encourage you to update your sites immediately.
There are 52 bugs fixed in this release. Besides the fixing of the cross-site scripting vulnerability discovered by Crtc4L, it also addresses an error on WordPress sites running with an older versions of OpenSSL, which were unable to communicate with other services provided through some plugins.
Additionally, this version 4.4.1 also includes how the CMS deals with reused URS, which could redirect visitors to wrong page.
Besides these 2 severe bugs, this release also updates the polyfill used for emoji to support Unicode 8. With this update, users now have full access to the latest emoji characters approved by the Unicode Consortium.
Sites configured to receive automatic update should update within 24 hours. Since this is a security version, it is highly recommended to update your site as soon as possible. For more information, you can see the release note or the lists of change.