WordPress 2.8.5 is just released today. The latest version improves on the security measures in WordPress.
The headline changes in WordPress 2.8.5 are:
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
Read more about at WordPress.org