WordPress 2.6.2 has been released today following the recent alarms on possible dangers due to SQL column truncation and weaknesses of the mt_rand() function, credits to Stefan Esser. Apparently, random numbers generated by mt_rand() are not so random; and theoretically, an attacker can use this exploit to reset another user’s randomly generated password. Stefan Essar is expected to post on the details soon.
Download it here; upgrade instructions can be found here (basic), and here (extended).
WordPress 2.7, a major version, will also appear in next few months.