This release ensures that, even if configuration does not ever get updated to the new schema as expected, only the expected roles are granted to new registrants.
If you cannot update right away, simply re-save the configuration form at /admin/people/registration-role and your configuration will be fixed, even without this release.
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.