News has come around that WordPress 2.6.5 has been released which is a security focused version. The new version fixes one security problem and three bugs.
The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.
2.6.5 contains three other small fixes in addition to the XSS fix.
Now you may be wondering why they have decided to call this version 2.6.5 instead of 2.6.4. The reason for 2.6.5 is to avoid confusion with a version of WordPress that had been been going around which pointed users to a fake version of WordPress that was labeled as 2.6.4. Going this route, the WordPress team can officially say that 2.6.4 never existed and thus, you should continue to avoid links or notifications that tell you to upgrade to 2.6.4.
The version is already available for download.
Thanks for letting us know this. Amazing how we sometimes have to make changes to accommodate the actions of others. In general one doesn’t want to do it, but it certainly is warranted in cases like this.