WordPress has released a new security update to WordPress core: version 5.0.1. This release is not specific to the new WordPress editor introduced in 5.0, but rather a vulnerability that exists as far back as version 3.7.

For details on this release you may reference the official blog post on WordPress.org: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/

There are some backwards-compatibility breaks in this release. If you are the developer/maintainer of your install, have a look at these developer notes that detail the backwards compatibility breaking changes that were necessary for security reasons: https://make.wordpress.org/core/2018/12/13/backwards-compatibility-breaks-in-5-0-1/

As with all security related updates, WordPress has released patches for older functional versions as far back as the 3.7 branch. As a WP Engine customer, no action is required. Our team is already working to push out automatic updates to your site(s) to ensure they are on the latest secure version of their branch. You will receive an email notification when the update has been completed. Our team is always attentive to our promise to provide a secure WordPress experience for all WP Engine customers.