Few Days back the Wordpress team found a major security issue in the wordpress 2.6.3 and released the version 2.6.5.

The security issue is an XSS exploit that affects IP-based virtual servers running on Apache 2.x.

If you are interested only in rectifying the security fix, you can simply copy the wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 in addition to the XSS fix, also contains 3 other small fixes. The first prevents accidentally saving post meta information to a revision, the second prevents XML-RPC from fetching incorrect post types and the third adds some user ID sanitization during bulk delete requests.

For a full list of what files have been changed, you can check the full changeset between 2.6.3 and 2.6.5.

Wordpress also added that they are skipping version 2.6.4 and jumping from 2.6.3 to 2.6.5 to avoid confusion with a fake 2.6.4 release that made the rounds.

Download Wordpress 2.6.5