This announcement was inadvertently sent out in draft form. Please re-read the edited version (there is no Critical-severity vulnerability being announced).
All the module versions mentioned in this security announcement are released and available to download on the OpenMRS Module Repository (but note that because of a bug you have to be careful to get the right version of the metadatasharing and serialization.xstream modules).
However the updated versions of the OpenMRS Platform mentioned in this advisory are not yet released. We are actively working on this, and @wyclif will comment again when these are available to download.
Our apologies for any confusion, and thanks for your patience.