diff --git a/CHANGELOG b/CHANGELOG
index 41dd5343..a37c7bac 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,8 @@
+=== ** v1.2.0.21 ===
+
+* [FIX] Critical bugfix that prevents directory traversal in JS/CSS includes. Thanks to Jan Van for the notice
+* [FIX] Bugfixed resource includes
+
 === ** v1.2.0.20 ===
 
 * [FIX] Critical bugfix that prevents directory traversal in JS/CSS includes. Thanks to Jan Van for the notice
diff --git a/CHANGELOG-ES b/CHANGELOG-ES
index fbe048f1..d5e94619 100644
--- a/CHANGELOG-ES
+++ b/CHANGELOG-ES
@@ -1,3 +1,8 @@
+=== ** v1.2.0.21 ===
+
+* [FIX] Corrección de fallo crítico que previene la transversión de directorios en la inclusión de archivos JS/CSS. Gracias a Jav Van por el aviso
+* [FIX] Corrección de la inclusión de recursos
+
 === ** v1.2.0.20 ===
 
 * [FIX] Corrección de fallo crítico que previene la transversión de directorios en la inclusión de archivos JS/CSS. Gracias a Jav Van por el aviso
diff --git a/css/css.php b/css/css.php
index c185fbe7..17e42497 100644
--- a/css/css.php
+++ b/css/css.php
@@ -52,7 +52,7 @@ if (!$file) {
 
     $Minify = new Minify();
     $Minify->setType(Minify::FILETYPE_CSS);
-    $Minify->setBase(urldecode($base));
+    $Minify->setBase(urldecode($base), true);
     $Minify->addFile(urldecode($file));
     $Minify->getMinified();
 }
\ No newline at end of file
diff --git a/inc/Base.php b/inc/Base.php
index 167bb9dc..5d5ae5d2 100644
--- a/inc/Base.php
+++ b/inc/Base.php
@@ -25,6 +25,7 @@
 
 defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo'));
 
+define('BASE_DIR', __DIR__);
 define('CONFIG_FILE', __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'config' . DIRECTORY_SEPARATOR . 'config.php');
 define('MODEL_PATH', __DIR__);
 define('CONTROLLER_PATH', __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'web');
diff --git a/inc/Minify.class.php b/inc/Minify.class.php
index 08d7b0d0..13569a9a 100644
--- a/inc/Minify.class.php
+++ b/inc/Minify.class.php
@@ -63,10 +63,11 @@ class Minify
 
     /**
      * @param string $base
+     * @param bool   $checkPath
      */
-    public function setBase($base)
+    public function setBase($base, $checkPath = false)
     {
-        $this->_base = Request::getSecureAppPath($base);
+        $this->_base = $checkPath === true ? Request::getSecureAppPath($base) : $base;
     }
 
 
diff --git a/inc/Util.class.php b/inc/Util.class.php
index 45e76083..fef7f2be 100644
--- a/inc/Util.class.php
+++ b/inc/Util.class.php
@@ -304,7 +304,7 @@ class Util
      */
     public static function curlIsAvailable()
     {
-        return (function_exists('curl_init'));
+        return function_exists('curl_init');
     }
 
     /**
@@ -315,7 +315,7 @@ class Util
      */
     public static function getVersion($retBuild = false)
     {
-        $version = array(1, 2, 0, '20');
+        $version = array(1, 2, 0, '21');
 
         if (!$retBuild) {
             array_pop($version);
@@ -338,9 +338,9 @@ class Util
      */
     public static function getMaxUpload()
     {
-        $max_upload = (int)(ini_get('upload_max_filesize'));
-        $max_post = (int)(ini_get('post_max_size'));
-        $memory_limit = (int)(ini_get('memory_limit'));
+        $max_upload = (int)ini_get('upload_max_filesize');
+        $max_post = (int)ini_get('post_max_size');
+        $memory_limit = (int)ini_get('memory_limit');
         $upload_mb = min($max_upload, $max_post, $memory_limit);
 
         Log::writeNewLog(__FUNCTION__, "Max. PHP upload: " . $upload_mb . "MB");
diff --git a/inc/themes/material-blue/js/functions.min.js b/inc/themes/material-blue/js/functions.min.js
index 1aae1eb2..b7444566 100644
--- a/inc/themes/material-blue/js/functions.min.js
+++ b/inc/themes/material-blue/js/functions.min.js
@@ -1,5 +1,5 @@
 var $jscomp={scope:{},findInternal:function(a,f,b){a instanceof String&&(a=String(a));for(var d=a.length,c=0;c<d;c++){var k=a[c];if(f.call(b,k,c,a))return{i:c,v:k}}return{i:-1,v:void 0}}};$jscomp.defineProperty="function"==typeof Object.defineProperties?Object.defineProperty:function(a,f,b){if(b.get||b.set)throw new TypeError("ES3 does not support getters and setters.");a!=Array.prototype&&a!=Object.prototype&&(a[f]=b.value)};
-$jscomp.getGlobal=function(a){return"undefined"!=typeof window&&window===a?a:"undefined"!=typeof global&&null!=global?global:a};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(a,f,b,d){if(f){b=$jscomp.global;a=a.split(".");for(d=0;d<a.length-1;d++){var c=a[d];c in b||(b[c]={});b=b[c]}a=a[a.length-1];d=b[a];f=f(d);f!=d&&null!=f&&$jscomp.defineProperty(b,a,{configurable:!0,writable:!0,value:f})}};
+$jscomp.getGlobal=function(a){return"undefined"!=typeof window&&window===a?a:"undefined"!=typeof global?global:a};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(a,f,b,d){if(f){b=$jscomp.global;a=a.split(".");for(d=0;d<a.length-1;d++){var c=a[d];c in b||(b[c]={});b=b[c]}a=a[a.length-1];d=b[a];f=f(d);f!=d&&null!=f&&$jscomp.defineProperty(b,a,{configurable:!0,writable:!0,value:f})}};
 $jscomp.polyfill("Array.prototype.find",function(a){return a?a:function(a,b){return $jscomp.findInternal(this,a,b).v}},"es6-impl","es3");
 sysPass.Util.Theme=function(a){var f=sysPass.Util.Common,b=f.passwordData,d=f.LANG,c=function(){a("#wrap-loading").show();a("#loading").addClass("is-active")},k=function(){a("#wrap-loading").hide();a("#loading").removeClass("is-active")},m=function(){a(".active-tooltip").tooltip({content:function(){return a(this).attr("title")},tooltipClass:"tooltip"})},n=function(g,e,l,c){e=0;g="";for(var h;e<b.complexity.numlength;){h=Math.floor(100*Math.random())%94+33;if(!b.complexity.symbols){if(33<=h&&47>=h)continue;
 if(58<=h&&64>=h)continue;if(91<=h&&96>=h)continue;if(123<=h&&126>=h)continue}!b.complexity.numbers&&48<=h&&57>=h||!b.complexity.uppercase&&65<=h&&90>=h||(e++,g+=String.fromCharCode(h))}!0===l?a("#viewPass").attr("title",g):alertify.alert('<div id="alert"><p id="alert-text">'+d[6]+'</p><p id="alert-pass"> '+g+"</p>");e=zxcvbn(g);b.passLength=g.length;c?(l=a("#"+c).parent(),f.outputResult(e.score,c),e=new MaterialTextfield,l.find("input:password").val(g),l.addClass(e.CssClasses_.IS_DIRTY).removeClass(e.CssClasses_.IS_INVALID),
diff --git a/js/js.php b/js/js.php
index 78b664d4..85685643 100644
--- a/js/js.php
+++ b/js/js.php
@@ -54,7 +54,7 @@ if (!$file) {
 
     $Minify = new Minify();
     $Minify->setType(Minify::FILETYPE_JS);
-    $Minify->setBase(urldecode($base));
+    $Minify->setBase(urldecode($base), true);
     $Minify->addFile(urldecode($file));
     $Minify->getMinified();
 }