WordPress 2.3.3 was released today, and it is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog.
Anyone running the 2.3 branch is recommended to upgrade immediately to 2.3.3. Official wp announcement: http://wordpress.org/development/2008/02/wordpress-233/
As always, you can download the latest wordpress version from: http://wordpress.org/download/
Note: I must say that I am very happy since I’ve switched to the subversion method to update wordpress. This is indeed very easy, and if you are managing several wordpress installations this should help a lot in the process to keep them updated:
1 2 3 4 5 6 7 8