A new bugfix release of WordPress is available for download. This release was, in some ways, initiated by the recent announcement of a potential security vulnerability (albeit a fairly low risk one).
What was particularly galling about this announcement, however, was the manner in which it was made. According to the lead developers of WP, there was no advance warning of the vulnerability. I'm in favour of full disclosure. I believe sites such as securityfocus are a net security benefit for all parties involved. However, when announcements such as these are made, i.e. without first contacting the developers and allowing a *reasonable* amount of time for development, all that results is a lot of scaremongering, FUD and an overall decrease in security.