The Bugzilla Project released Bugzilla 3.2.1, which fixes the longest-standing security bugs in Bugzilla, in addition to a few other security issues. These long-standing security issues were public for many years, but it required a lot of re-architecture of Bugzilla before we could fix them.
The Project also released 3.3.2, which has a lot of cool new features, including the ability to hide email addresses from logged-out users.
Additionally Bugzilla 3.0.6 and Bugzilla 2.22.7 were released as security fixes for people still using those older branches.
See Max Kanat-Alexander’s blog, one of the main developers in the Bugzilla Project, for more information on these releases.