这个更新是13号发布的，只是一直没升级。今天闲着也就把它升了，免得积少成多以后累啊。

中文版官方的更新：

涉及到注册用户的安全问题，如系统中有不信任用户，建议更新。

来源cnbeta的更新：

这次的更新修复了两个安全问题。注册用户登陆之后会有发布文章的权利（注册之后默认的权限是订阅者，并无发文章的权限。）建议升级。第一个安全漏洞是XSS漏洞，第二个是利用上传文件名称来破解Apache配制。有备无患，建议升级。

官方的鸟语解释：

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.  If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

据说这个月下半月就可以见到比较大的以WordPress程序更新为主的更新包了！期待！