Drupal 8.3.4 and Drupal 7.56 are maintenance releases which contain fixes for security vulnerabilities.
- PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This could lead to remote code execution
- The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled
- Files uploaded by anonymous users into a private file system can be accessed by other anonymous users
- If you use Drupal 7.x, upgrade to Drupal core 7.56
- If you use Drupal 8.x, upgrade to Drupal core 8.3.4