WordPress 3.0.2 has been released on November 30, 2010 and ready for download. This released is fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements.
What have been fixed in this released:
- Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
- Fix canonical redirection for permalinks containing %category% with nested categories and paging.
- Fix occasional irrelevant error messages on plugin activation.
- Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
- Clarify the license in the readme
- Multisite: Fix the delete_user meta capability
- Multisite: Fix ms-files.php content type headers when requesting a URL with a query string
- Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins
- Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs
To update your wordpress you can download and overwrite the WordPress files manually from WordPress download. Or you can upgrade it automatically from your WordPress Dashboard > Updates menu. This is confirmed by the WordPress team that you should update immediately for this security hardening released.
More info about this released can be read here.