WordPress announced that WordPress 4.4.1 is now available. It’s described specifically as a security release for all previous versions, and they “strongly” encourage you to update your sites ASAP.
The update is a response to WordPress versions 4.4 and earlier being affected by a cross-site scripting vulnerability that could allow sites to be compromised.
In addition to the security fix, the update also includes some additional bug fixes (via WordPress.org Blog):
Emoji support has been updated to include all of the latest emoji characters, including the new diverse emoji! 👍🏿👌🏽👏🏼
Some sites with older versions of OpenSSL installed were unable to communicate with other services provided through some plugins.
If a post URL was ever re-used, the site could redirect to the wrong post.
The update fixes 52 WordPress 4.4 bugs in all.