WP-Members 3.4.9.4 is a security update. For the majority of users, this will not be a major (nor required) update. But if you use the plugin’s file upload options in the registration or user profile form, this update will be helpful.
NOTE: If your use of WP-Members does not include a file or image upload field in the register/user profile form OR if your instance already disallows directory browsing, this update/fix is not a necessary update.
Previous versions did not force an index.php file in the user’s upload directory. This can be problematic if the /wp-content/uploads/ directory allows directory browsing (or if directory browsing is not specifically disabled).
Note that not disallowing directory browsing throughout your entire WP instance is a major security problem. It can unintentionally expose certain things including information about your instance and filesystem.
Most WP users address this through their host or through a security plugin, and most often it is not a problem. However, for those that ignore this as a security best-practice, it is possible for the WP-Members upload directory to be exposed. This update addresses that directly.
For new installs, it will simply add index.php to the main directories as well as any user directories when they are added (i.e. when a user uploads a file). For previous installs (upgrading from a previous version), the installer will check your filesystem and add index.php to any existing user directories.
If you are unclear on this, whether it applies to you, what the fix addresses, or anything else, reach out through the support form.