WordPress team has released WordPress 2.8.5 today as a hardening release to make WordPress extra secure. Because the update improves your site security, it is recommended that you upgrade as soon as possible.
The headline changes in this release are:
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
If you think your blog was a victim of one of the recent exploits, WordPress recommends you to use WordPress Exploit Scanner to make sure that all traces of the exploit has been cleared.
Upgrade now, and make sure that you follow the Ultimate Guide to Upgrade WordPress.