This applies to the servers, but also to all of us who use the miraheze/mediawiki repo. There's a bug in git that allows arbitrary code execution with submodules. We need the entire team to be secure, too.
Also safe are new versions v2.13.7, v2.14.4, v2.15.2 and v2.16.4.