WordPress Version 4.7.1 was published on January 11. It is a security update and is strongly recommended to install immediately.
It fixes a remote code execution in PHPMailer, cross-site scripting and cross-site request forgery vulnerabilities. It also fixes the weak cryptographic security activation key for multisite.
WordPress 4.7.1 fixes 62 bugs from 4.7.
The fixes are for the customizer, editor, libraries, feeds, HTTP API, REST API, media, posts, taxonomy, themes, installation and other general issues.
A full and detailed list can be found here.
Also for WordPress 4.6 there are two updates:
4.6.1 contains 15 bug-fixes and removes two vulnerabilities and
4.6.2 which contains nearly all the fixes of 4.7.1 for WP 4.6.
A detailed list of the update 4.6.2 can be found here.
Remember to backup your site before updating.