WordPress 2.6.5 has been released and includes a number of changes including one security fix, here is a list of the changes in detail:
* Added a check for the correct post_type to blogger.editPost and blogger.deletePost (#8267).
* Updates to update_post_meta() and delete_post_meta() to ensure they work correctly with post revisions and don’t create the meta on the revision instead of the post (#7925).
* Protection for a very difficult to exploit XSS issue (#8291).
* Fix for an XSS issue with the Atom and RSS feeds on some hosting setups (, ).
For a complete list of all the changes you can read this section of the branches/2.6 log on the WordPress bug tracker.
Note that we have skipping version 2.6.4 and jumped from 2.6.3 to 2.6.5 to avoid confusion with a fake 2.6.4 release that made the rounds.