5.0.7 has been released!

..and with a few much-requested features included and some important fixes.
Here’s the changelog:

5.0.7
Feature: Immediately block IP if hacker tries any of the following usernames. (Comma separated list that you can specify on the Wordfence options page)
Feature: Exclude exact URL’s from caching. Specifically, this allows you to exclude the home page which was not possible before.
Feature: Exclude browsers or partial browser matches and specific cookies from caching.
Fix: Fixed issue where /.. dirs would be included in certain scandir operations.
Fix: logHuman function was not analyzing user-agent strings correctly which would allow some crawlers that execute JS to be logged as humans.
Fix: Removed ob_end_clean warnings about empty buffers when a human is being logged.
Fix: Removed warning in lib/wfCache.php caused by unset $_SERVER[‘QUERY_STRING’] when we check it.
Fix: Fixed “logged out as ”” blank username logout messages.
Fix: Improved security of config cache by adding a PHP header to file that we strip. Already secure because we have a .htaccess denying access, but more is better.
Fix: Falcon Engine option to clear Falcon cache when a post scheduled to be published in future is published.
Fix: Fixed Heartbleed scans hanging.

https://wordpress.org/plugins/wordfence/