Jan 20 2011
A WordPress security update was issued last December 29. It fixes what Matt Mullenweg referred to as a critical security bug in the HTML sanitation library. All versions of WordPress are affected by the bug, including the 2.x editions.
I recommend that you update your WordPress site as soon as possible to prevent security breaches by hackers. The update can be through the Dashboard in WordPress or you can download it here.