WordPress 2.6.5 has been released and includes a number of changes including one security fix, here is a list of the changes in detail:
- Added a check for the correct post_type to
- Updates to
delete_post_meta()to ensure they work correctly with post revisions and don’t create the meta on the revision instead of the post (#7925).
- Protection for a very difficult to exploit XSS issue (#8291).
- Fix for an XSS issue with the Atom and RSS feeds on some hosting setups (, ).
For a complete list of all the changes you can read this section of the branches/2.6 log on the WordPress bug tracker.
Note that we have skipping version 2.6.4 and jumped from 2.6.3 to 2.6.5 to avoid confusion with a fake 2.6.4 release that made the rounds.
There is not and never will be a version 2.6.4.