SilverStripe 3.1.13 is now available, and all users of 3.1.12 or below are highly advised to upgrade as soon as possible.
This release contains several bugfixes, including several security issues related to hostname injection, as well as an unauthenticated vulnerability in ?flush or ?isDev query parameters.
SilverStripe 3.0.14 is also available and contains the same security fix for ?flush or ?isDev. Users of 3.0.13 are advised to upgrade to this version as soon as possible.
Release notes: http://docs.silverstripe.org/en/changelogs/3.1.13/