As part of last week’s network-wide upgrade to 3.0.0 a consensus breaking patch was rolled out that fixes a security vulnerability of medium severity where malleable blocks can be produced to force a chain split.
There has been no indication of the vulnerability ever having been exploited. Attacks to target users following a successful chain split would have been exceptionally difficult to pull off in practice. After the release of 3.0.0, users are not vulnerable, and no further action is required.
This has been assigned CVE-2020-6638, and the details of the issue and the corresponding fix has just been published to our /grin-security github repo: https://github.com/mimblewimble/grin-security/blob/master/CVEs/CVE-2020-6638.md