Maintenance release is a release that only includes bugfixes and doesn't introduce new features or change behaviour.
Since we use semver, maintenance releases get the "patch" version number incremented. 1.0.1 was the first maintenance release after 1.0.0, 1.0.2 was the second etc.
The motivation for the "no new features" policy is that it reduces the amount of required testing. Besides, behaviour changes may require configuration changes even if no backwards-incompatible behaviour was introduced. If we only include fixes, people can be reasonably confident that after upgrade their system will work exactly like before, just without some known bugs.
What triggers a maintenance release
Security issues. If severe enough, we make a release solely for the security fix.
Bugs that break existing features for a substantial number of users. If some corner case is broken, we may put it on hold, but if typical configuration doesn't work, it warrants a release.
When the current development branch gets a fair amount of backwards-compatible fixes, we may make a release even if nothing is broken, especially if those bugs were nuisance (CLI oddities etc.).