Teiid 9.0.5 has been posted. It addresses 25 issues. The most significant of which is a security issue - TEIID-4541. If you are allowing remote JDBC connections, not using data roles, and have left trustAllLocal at the default setting, then remote connections that specify PassthroughAuthentication=true are also being allowed.
A fix release for 9.1 including TEIID-4541 will be available for 9.1 by Monday. The first alpha release of 9.2 should be available by the end of next.