This doesn’t sound like a major exploit fix, as long as you’re doing the one blog owner with one blog author thing. If you’ve got multiple authors and are afraid one of them might be malicious, do this ASAP, (or at least read the release notes.) (I only skimmed the release notes.)
Anyway, we’ve finished the upgrade here, and everything looks OK.