If you run a WordPress-powered blog (not hosted on WordPress.com) then it’s upgrade time. As much of a pain in the tail as it might be to update your WordPress installations over the holidays, this one is marked critical by the WordPress team:
Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”
The WordPress team is also asking for help, this time around. If you’re a security expert, the team is asking you to put your eyes on the changeset for the new release. Of course the team has spent their own time working on things, but given the critical nature of the update, more eyes are always better.