On April 21, 2021, a critical security advisory was released for Drupal core to disclose a cross-site scripting vulnerability, affecting all currently-supported versions of Drupal (7, 8, and 9).
New versions of the UT Drupal Kit for both Drupal 7 and Drupal 9 incorporate the updated versions of Drupal core which address this vulnerability. There are no other changes in these releases.
It is recommended that all users of the UT Drupal Kit update their sites with this latest version as soon as practicable.
How to Update the UT Drupal Kit
UT Drupal Kit 2 (Drupal 7)
Please visit the UT Drupal Kit 2 documentation for release notes and instructions for updating an existing Drupal 7 site from the Pantheon upstream or download.
UT Drupal Kit 3 (Drupal 8/9)
Please visit the UT Drupal Kit 3 documentation for release notes and instructions for updating an existing Drupal 8/9 codebase using Composer.
And remember to always make backups of your code, files, and database before proceeding with an update!