The 4.9.4 CE and PE versions of DotNetNuke has been released. The release notes can be read @ http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryId/2262/DotNetNuke-4-9-4-Released.aspx .

These releases fix 2 "low" security issues. One was discovered by a member of the core team (Sebastian), and the other was reported to us by an information security services company, lateralsecurity. The bulletins can be read

As always we recommend you upgrade as soon as possible.

If you're new to upgrading I recommend you read the "detailed installation guide" found here , and the excellent set of blog entries from Erik here and here. For users who are running 4.6.2 or above, I recommend you read this blog entry which details how to use the upgrade package to easily merge any web.config changes.

You can read more details about these issues and our security policy here