Raspbian stretch was released four days ago. Although it is not possible to upgrade running omv 3.x , it is probably a good idea if you're running a headless server for other reasons.
There is a patch for the "broadpwn" vulnerability in the wifi firmware.
A couple of months ago, a vulnerability was discovered in the firmware of the BCM43xx wireless chipset which is used on Pi 3 and Pi Zero W; this potentially allows an attacker to take over the chip and execute code on it. The Stretch release includes a patch that addresses this vulnerability.
I wonder if they will backport that to Raspbian Jessie.