A vulnerability (see SA-CONTRIB-2015-025 - Patterns - Cross Site Request Forgery (CSRF)) was discovered by @Pere Orga (Drupal Security team) in Patterns 7.x-2.1, one of the contributed modules which is used in the 7.x-2.x branch of distribution . The issue is solved in versions >= 7.x-2.5 of Patterns Profile.
Websites running versions of Patterns Profile <= 7.x-2.4 should update the patterns module to >= 7.x-2.2 or update the Patterns Profile distribution to >= 7.x-2.5.
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.