Als kleine Fingerübung vor dem nächsten “großen” Release WP 2.9 hat die Wordpressmannschaft ein “hardening release” veröffentlicht. So wie ich das verstehe, ist das weniger ein “echtes” Security-Update, in dem bekannt gewordene Schwachstellen gefixt wurden, sondern ein Release, das die verbesserten Securityaspekte der kommenden Version 2.9 schon mal für den 2.8er Zweig zur Verfügung stellt:

(…) We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the 2.8 branch so as to get these improvements out there and make all your sites as secure as possible.
The headline changes in this release are:
* A fix for the Trackback Denial-of-Service attack that is currently being seen.
* Removal of areas within the code where php code in variables was evaluated.
* Switched the file upload functionality to be whitelisted for all users including Admins.
* Retiring of the two importers of Tag data from old plugins.
We would recommend that all sites are upgraded to this new version of WordPress to ensure that you have the best available protection. (…)

Na dann… siebzehn zu aktualisierende Installationen warten auf mich. Daran mache ich mich, sobald die DE-Version auf wordpress-deutschland.org erscheint.