WordPress 2.8.5: Hardening Release

http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/

"As you know over the past couple of months we have been working on the
new features for WordPress 2.9. We have also been working on trying to
make WordPress as secure as possible and during this process we have
identified a number of security hardening changes that we thought were
worth back-porting to the 2.8 branch so as to get these improvements out
there and make all your sites as secure as possible."

" * A fix for the Trackback Denial-of-Service attack that is
currently being seen.
* Removal of areas within the code where php code in variables was
evaluated.
* Switched the file upload functionality to be whitelisted for all
users including Admins.
* Retiring of the two importers of Tag data from old plugins."

"We would recommend that all sites are upgraded to this new version of
WordPress to ensure that you have the best available protection."

I concur with WordPress's recommendation. Please upgrade as soon as
possible to the latest release.