WordPress has just released a security update to the previous version, WordPress 3.9.1. The most current version is now WordPress 3.9.2.
The update was released yesterday to all WordPress.org installations. Sites that had auto-update feature turned on was automatically updated to the latest version. If you haven't received an email mentioning that your WordPress was updated to version 3.9.2, you should go ahead and update your website now.
According to WordPress, the 3.9.2 release “fixes a possible denial of service issue in PHP's XML processing.”
The new update also contains other security changes including a possible code execution when processing widgets, prevents information disclosure via XML entity attacks, adds protection against brute force attacks against CSRF tokens, etc.
You can check a full list of security fixes here.
To update your WordPress to the latest version, simply log in to your WordPress Dashboard, click Updates and click “Update Now” button. Make sure you keep a backup of your entire site before updating just in case.