WordPress has released version 3.0.2 to address a privilege escalation user for users having author access. Upgrading is recommended by the vender even if you don’t have untrusted authors.
The upgrade went smoothly on this blog. But on another blog, the update didn’t complete and the blog was stuck in maintenance mode. After taking care of that (delete .maintenance), I had to reinstall the update. I found not every file was updated successfully on the first attempt.
As always with WordPress updates, take a backup, and disable all plugins before the update.
After the update, you’ll want to review any security steps you’ve previously done. The update added a readme.html back to the root directory. Most recommend deleting that as it contains the WP version. In my case there are many other areas where the version is leaked so I don’t think that is such a big deal. Just always update when a new version is out.