We are releasing GIMP 2.8.18 to fix a vulnerability in the XCF loading code (CVE-2016-4994). With special XCF files, GIMP can be caused to crash, and possibly be made to execute arbitrary code provided by the attacker.
This release includes additional bug fixes since 2.8.16. An important change has happened to the initial startup experience on Microsoft Windows and OS X platforms - any “GIMP is not responding” errors encountered there should be gone.
The source code for GIMP 2.8.18 is available from our downloads page; pre-built packages for Microsoft Windows and OS X will follow shortly.