This update is a “security hardening release” – intended to protect against potential problems, and one issue already in the wild.

• A fix for the Trackback Denial-of-Service attack that is currently being seen.
• Removal of areas within the code where php code in variables was evaluated.
• Switched the file upload functionality to be whitelisted for all users including Admins.
• Retiring of the two importers of Tag data from old plugins.

You can get all the details here from WordPress.Org.