Everyone, 2 things.
First apologies that we were so late announcing the update, after it had already been pushed out. This was indeed a security thing but we’re pretty flooded atm with customer requests and I just didn’t find time to blog, update the website etc in time so that came a day late.
Second, we don’t give details about security problems, we just say “please update asap”. We do out-of-plan updates when there are significant issues. Could be security, could be file loss, could be something else, but only important things. So these updates do have some important fixes, please update asap. Just like any update, btw, it is usually really wise to update as quick as you reasonably can (no need to lose sleep over it but don’t wait 2 weeks). That’s what we also always say in our announcements 
As a matter of policy, we don’t give details about security fixes until 2 weeks after release because that gives the Bad Folks tips on how to exploit them. In 2 weeks, we will have published security advisories with impact analysis on https://nextcloud.com/security/ as usual. See what Joas said.