Mambo patch

There’s a patch available for Mambo, where Tar.php is exposed to XSS injection. I’ve upgraded our installation (and also upgraded the mambo installation to the version prior to this update too