The latest WordPress update fixes one security problem and three bugs.
The security issue is an XSS exploit discovered by Jeremias Reith that affects IP-based virtual servers running on Apache 2.x.
The first fix prevents accidentally saving post meta information to a revision.Â The second prevents XML-RPC from fetching incorrect post types.Â The third adds some user ID sanitization during bulk delete requests.
As usual, I’ve made available an update file to upgrade your WordPress 2.6.3 blog to 2.6.5. The file as per the changeset between 2.6.3 and 2.6.5.
If you are running any version prior to 2.6.3 then you will need to first update your blog to 2.6.3.