WordPress has released WordPress 2.8.6 which is a security release. Last month they released WordPress 2.8.5 which was also a security release.
As per the release note from WordPress team,
2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations.
If your WordPress users data is having some untrusted authors on your blog then you must upgrade your WordPress installation to the latest version. WordPress 2.9 is expected to release by end of this month or in early December 2009.
Download WordPress 2.8.6 or Upgrade Automatically thru Dashboard
We strongly recommend every wordpress user to upgrade their version to the latest one. WordPress is now a popular blogging platforms and very much secured. WordPress team is working really hard to cover-up any security fixes and that’s why you are seeing two updates in last two months.