The WordPress 5.4.2 Security and Maintenance Release is now available. This update includes 23 fixes and enhancements. It also has a number of security fixes.
This release addresses an important bug which affects all WordPress versions since 5.1. As noted in this devnote, it allows spammers to index in search engines results pages comments that are still awaiting moderation. This fix was also released on the WordPress 5.1, 5.2, 5.3 and 5.4 branches. if you want more detail, please see this post from Jean-Baptiste Audras, CTO @ Whodunit and a WordPress core developer.
We recommend updating to WordPress 5.4.2 as soon as it is available. If you are on an Outcome Labs WordPress Care Plan, we have validated the update and it has already been applied to your site.
In the meanwhile, you may want to validate or delete your comments awaiting moderation.