There has been a security advisory for TinyMCE which urges you to upgrade your TinyMCE WYSIWYG Editor, in case you are using it.
Serendipity offers a TinyMCE plugin so that you can use the TinyMCE editor. The users who have installed that plugin should remember, that they needed to manually download the TinyMCE package and upload it to their Serendipity plugin directory. This means that the Serendipity project does not bundle and/or have control over the actual TinyMCE editor files and you need to maintain this package manually, by uploading a new TinyMCE editor version.
This might sound a bit complicated, but we do not bundle the TinyMCE plugin because of it's large filebase and possible licensing issues. The good side-effect of this is that if you did not already manually take the route to install and use the TinyMCE plugin, you must not be afraid of any security harms to your Serendipity installation. Other (blog-)applications are now forced to issue a complete new release because of this. ;-)