WordPress 2.8.5 is a security hardening release. Some of the notable changes are:
A fix for the Trackback Denial-of-Service attack that is currently being seen.
Removal of areas within the code where php code in variables was evaluated.
Switched the file upload functionality to be whitelisted for all users including Admins.
Retiring of the two importers of Tag data from old plugins.
If you aren’t seeing an upgrade banner message at the top of your WordPress Admin dashboard, go to Tools -> Upgrade to trigger the cron job upgrade manually.
To upgrade WordPress in two steps without having to disable plugins, or if automatic upgrade fails, click here. If you’ve never been able to use automatic upgrade due to errors you could never explain click here.