The update also fixes an information disclosure vulnerability which could have allowed some users to bypass certain security restrictions in order to view the contents of posts that they should not be able to see, such as draft and private posts. WordPress 3.4.1 further improves security by adding additional protections against cross-site request forgery (CSRF) attacks in the customizer, and deprecating the wp_explain_nonce() function as it could reveal unnecessary information. Additionally, a child theme can now only be activated along with its intended parent theme.
A full list of fixes can be found in the WordPress Trac and on the Version 3.4.1 Codex page. WordPress 3.4.1 is available to download from the project’s site; existing users can upgrade using the built-in update functionality. Binaries and source code are licensed under the GPLv2 or later.