WordPress 4.9.1 was released on November 29, 2017 and It is recommended that you update as soon as possible. It is recommended that you update as soon as possible because this release addresses four security issues.
Late yesterday WordPress announced the release of version 4.8.2; a security release. This update includes a fix to help protect against SQLi injection attacks that some sites may have been vulnerable to depending on how they use the $wpdb->prepare() function in their code.
Whenever there is a security release from WordPress, Maje Media immediately updates and tests each of our client sites to make sure their sites are updated to the latest, most secure version. We will be sending each of our clients an email today to outline the changes and to let them know their site has been updated and tested.
If your host or maintenance service provider has not contacted you, or if you are responsible for updates on your own, please read the original announcement from WordPress, and a great write up of the issue on Wordfence.