WordPress 2.8.4 has been released and also similar to WordPress 2.8.3, this is a security fix.
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
Changelog: WordPress 2.8.4
Download: WordPress 2.8.4
Download: Modified files since WordPress 2.8.3
WordPress 2.8.3 has been released and similar to WordPress 2.8.2, this is a security fix.
Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended
Changelog: WordPress 2.8.3
Download: WordPress 2.8.3
Download: Modified files since WordPress 2.8.2