Over the past couple of months, WP Team has been working very hard on the new features for the coming WordPress 2.9. They have also been working on trying to make WordPress as secure as possible. They have identified a number of security hardening changes that were worth back-porting to the 2.8 branch so as to get these improvements out there and make all your blogs as secure as possible.
The main changes in this release are:
_A fix for the Trackback Denial-of-Service attack that is currently being seen.
_Switched the file upload functionality to be whitelisted for all users including Admins.
_Removal of areas within the code where php code in variables was evaluated.
_Retiring of the two importers of Tag data from old plugins.
We recommend that all your sites are upgraded to this new version of WordPress to ensure that you have the best available protection. You can upgrade in seconds, using the One Click upgrade installation, directly from your Dashboard.
If you think your site may have been hit by one of the recent exploits and you would like to make sure that you have cleared out all traces of the exploit then we would recommend that you take a look at the WordPress Exploit Scanner. This is a plugin which searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames. You can read more about this plugin here – “WordPress Exploit Scanner”.