Per https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E ATS 8.1 ships the following security fixes:
CVE-2021-27577 Incorrect handling of url fragment leads to cache poisoning CVE-2021-32565 HTTP Request Smuggling, content length with invalid charters CVE-2021-32566 Specific sequence of HTTP/2 frames can cause ATS to crash CVE-2021-32567 Reading HTTP/2 frames too many times CVE-2021-35474 Dynamic stack buffer overflow in cachekey plugin
Sadly we don't have a clear upgrade path from our current ATS 8.0.8 to ATS 8.1.2 as the last time we tried an ATS 8.1 build we observed serious performance drawbacks on ATS backend