This update is a “security hardening release” – intended to protect against potential problems, and one issue already in the wild.
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
You can get all the details here from WordPress.Org.
