As per the main WordPress site, another upgrade has hit. The security fix refers to our wonderful friend, xmlrpc.php. I highly suggest disabling this file (just delete it from your WordPress directory) if you’re maintaining a locked down installation of WordPress. This file seems to be present in every security issue lately, and a brief scan of the source seems to indicate that it offers support for pinging update services, sending pingbacks and allowing remote control of the service – none of these features are generally critical for sites valuing security more than blogosphere wankery.
DreamHost doesn’t seem to be offering the official upgrade yet, so I’m just downloading the fixed xmlrpc.php file for my installations requiring it, and replacing the file until the one-click install option comes online.