Okay, looks like WordPress released a ‘hardened’ release for 2.8 which will jack your release version to 2.8.5. It’s very important to stay upgraded to ensure that your sites will run properly, but more importantly to maintain security. You don’t want your money-making sites to go down, or to have your account suspended due to your site being compromised. As they say, “A ounce of prevention is worth a pound of cure”.
Details of the release can be found here: http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/
The headline changes in this release are:
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.