Normally we wait for the breaks in between semesters to deploy feature updates to WordPress core. However, a cross-site scripting (XSS) vulnerability was discovered recently in the WordPress commenting system. A patch was quickly released for the latest feature release (4.2), but not for the release that we were running (4.1.2).
All site networks protected by the Akismet anti-spam plugin (as this one is) should have been protected against this vulnerablity; however, we decided to play it safe and upgrade to WordPress 4.2.1.
The new features for this release are minor. They include support for 4-byte Unicode characters like Han characters and emoji. 🐯🎉🎈 The “Press This” bookmarklet tool was enhanced. Tumblr and Kickstarter were added to the list of supported oEmbed services. You can now switch themes right in the appearance Customizer. Also, the WordPress admin interface has a tweaked default color scheme — consistent cool grays replace the neutral and warm grays.
You can see a full rundown of the new features in this video from WordPress.TV.