I know that there are a lot of people that have been looking forward to WordPress version 3.6 to finally be released, but this one is important so update as soon as you can. This year has been a hotbed of brute force and DDoS attacks.
- Ability to block server-side request forgery attacks.
- A fix on the contributors roles, like not allowing users under that level to publish posts or change a post’s authorship (NOTE: which even though it was reported recently, this has been a long time problem… surprised this one took years to finally patch up.)
- An update to the SWFUpload external library to fix cross-site scripting vulnerabilities.
- Prevent denial of service attacks, especially sites using password-protected posts.
- An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
- Several fixes for cross-site scripting.
- Avoid disclosing a full file path when a upload fails.
As for version 3.6, no worries, it will be ready when it is ready. Thanks to the volunteers and staff at WordPress.org for keeping on top of things!