Wordpress releases version 3.0.4 yesterday which closes a "critical" security vulnerability in how the KSES library is vulnerable to XSS
Wordpress 3.0.2 is released and has a mandatory security fix that is essential for multi author blogs who have writers with "author" accounts.
Upgrading to Wordpress 2.9.2 will close the security hole where contributors can see posts in your trashcan even if they were sensitive or created by the admin.
Wordpress 2.9.1 was released and fixes the issues with pingbacks and scheduled posting that showed up with Wordpress 2.9, upgrade now.
You can download Wordpress 2.9.1 Beta 1 to fix your pingback issues and curl issues that exist in Wordpress 2.9