A security bug [1] has been fixed in CentralAuth; the bug caused logouts to silently fail if the local account on the central login wiki was unattached. That does not happen under normal circumstances, so the vulnerability can only be exposed if some other error causes attaching accounts to fail; nevertheless you are advised to update your installations. The fix has been backported to all supported versions (those for MediaWiki 1.23, 1.26 and 1.27).
mediawiki-announce@lists.wikimedia.org