According to WordPress.org this release will fix important issues: This release also fixes nine bugs and contains three other security hardening changes: Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests. Fix a low-impact SQL injection by trusted users. Reported by Tom Adams of dxw. Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files. Reported by Szymon Gruszecki.