A security release for the WordPress 4.0 branch was just released. Sites will start being upgraded to WordPress 4.0.1 immediately.
This security update fixes a number of XSS, CSRF, SSRF, and password vulnerabilities as well as some additional hardening to core components. A complete list of fixes is available in the following blog post on WordPress.org.
You don’t have to take any action at this time. Our technical team is already hard at work auto-updating all sites hosted with WP Engine to this latest version of WordPress.
Keep in mind that this security update only fixes specific security vulnerabilities and minor bugs. It should not impact custom code in your plugins or themes.
Thanks again for choosing WP Engine!