This one's for the WordPress bloggers. WordPress version 2.6.5 is available and fixes one security problem and three bugs. Everyone should upgrade to this release (and skip the fake 2.6.4 version which was making the rounds).
The security issue is an XSS exploit that affects IP-based virtual servers running on Apache 2.x. To patch the exploit with security fix only, simply copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.
The most recent build of WordPress (2.6.5) also contains three other small bug fixes:
1) prevents accidentally saving post meta information to a revision.
2) prevents XML-RPC from fetching incorrect post types.
3) adds some user ID sanitization during bulk delete requests.