IMPORTANT: You do NOT need to upgrade CiviCRM to remove this vulnerability. See "Prevent Attacks: Delete the Vulnerable File" below.
Not a well known fact until now - during 3.0 release cycle, we've been working hard with DharmaTech to start regularly using unit tests for CiviCRM development and quality assurance. It's time to go out of the closet, since we're nearing the end of the first stage of this project - which was setting up everyone in the team with proper tools and migrating all the tests that we wrote before to our new framework.
So here's what we have right now: