It looks like the WordPress team have been fixing a lot of security issues in the past few weeks. The WordPress team has just released WordPress 3.0.4, which fixing a core security bug in their HTML sanitation library, called KSES.
The update on their blog says that this patch is critical and should be applied immediately. Your website may be open to XSS attacks if this patch is not applied immediately.
Earlier this month, the WordPress team had also released WordPress 3.0.2 and 3.0.3 which contained security fixes. If you were planning to put off your upgrade because of the holidays, please don’t do it since the bug is now in the open and can be exploited by the bad guys.
You will be able to upgrade WordPress from your dashboard.