WordPress 3.0.4 has been released to plug a critical security vulnerability.
[It] fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.” I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.
If you’re currently testing WordPress 3.1, make sure that you upgrade to the latest nightly release to get the same security fixes.