The WordPress team has released a security update for the world’s best bloggng software (John Chow dot Com is a featured WordPress Showcase blog). Anyone running WordPress 2.8 or 2.8.1 should upgrade to this latest version right away.
WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site. Download 2.8.2 or automatically upgrade from the Tools->Upgrade page of your blog’s admin.
The upgrade changes only 10 files and doesn’t touch the database. A simple upload and replace is all that’s required. Or you can use the auto upgrade feature built into the WordPress software.