Fire up your update ExpressionEngines!
Today, EllisLab released ExpressionEngine 2.9.1. This is a security and stability release (meaning no new features).
This nugget at the end of the company blog post about the release should interest you:
This release contains quite a bit more security fixes than normal, but it shouldn’t cause alarm. We’ve recently opened ExpressionEngine up to white hat security researchers to report even the smallest issue. Most of the potential attacks found involve attacking yourself or the existence of a malicious admin, but we still recommend this update for all users. We’re committed to the hardening of our software to keep your data safe and remain one of the most provenly secure web platforms out there.