b2evolution 4.0.5 was released some time ago containing an important security fix.
It is recommended that everyone upgrades to that version.
Download here »
We originally released this silently so that people would have time to upgrade without drawing any more attention to the security issue.
It is now time that people who don't nomally upgrade minor versions consider doing so too.
You might wait for b2evolution 4.1 -- to be released in a couple of weeks -- but be advised that b2evo 4.1 will be released as a beta whereas 4.0.5 is released as a stable version.
We will point more specifically to the issue once everyone now warned has been given a chance to upgrade either to v 4.0.5-stable or v 4.1-beta.
Note: the threat level for this issue is considred Moderate (2/5), but still, we want to give you time to upgrade before letting the bad guys know exactly where to look.