OK, this one is only important if you allow users to upload files to your WordPress site – if your blog is your own personal one with no other users, you can probably bypass this, but for the benefit of anyone running a more public site, there is an update out now that you should probably install before someone breaks your site, your server and your heart:

WordPress 2.8.6 Security Release

You can download it from the usual place, or use the automagic upgrade feature in your dashboard. If it’s not shouting at you already, go to Tools — Upgrade, where you should be offered the chance to get your blog up to date.