In case you haven’t seen the notice in your Dashboard, WordPress has released some new security updates. Also on the development blog is an update on the security of the WordPress.org code, so that we don’t get a repeat of the modified downloads that 2.1.1 had.
From the dev blog:
These releases include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the WordPress codebase to protect against future problems. Many thanks to Sumit Siddharth and Alex Concha for their help with reporting issues in this release.
As an update to the systems issue we had last month, we have taken dozens of additional precautions with the servers and systems that run WordPress.org and they appear to be working well, despite hundreds of hack attempts after we publicly disclosed there had been a problem. We are also now aggressively monitoring all downloads for any changes or modifications, and we are confident the same type of problem won’t happen again.
Good on them for making things more secure, but now I have to go and update more than twenty WordPress blogs.