[Update: 2021-02-12] Updated Webmin packages which include Webmin v1.970 (plus the previously mentioned tweak to the MySQL module) have been pushed to the "main" TurnKey repo. So enabling the TurnKey testing repo is no longer required (I've edited the post to hopefully make that clear).
It has come to our attention that a number of Webmin releases include a vulnerability that could allow a remote attacker to take control of a server with a vulnerable version of Webmin installed. Alarmingly: