Just received a note from Matt Mullenweg – the founding developer of WordPress.
“We’ve fix a critical vulnerability in WordPress’ core HTML sanitation library, and because this library is used lots of places it’s important that everyone update as soon as possible.”
Doing an update update during the holidays is no fun, but you should definitely set aside some time to do this if you don’t want someone to hack your WordPress blog!
You can perform the automatic update in your dashboard, on the “updates” tab.
More details here: WordPress Critical Update 3.0.4