Today, we are releasing Omeka 2.2.1, a security update for Omeka 2.2. All users should upgrade.
This release closes vulnerabilities to cross-site scripting (XSS) and cross-site request forgery (CSRF) on the admin user forms.
An unrelated fix to the API removes dead links to private collections for non-authenticated users.
Thanks to Gjoko Krstic at the Zero Science Lab for finding and reporting the XSS and CSRF vulnerabilities.
Please see the release notes for more detail.