The issue relates to HTML attribute injection which can be triggered when rendering editor content, such as when a post is edited or quoted.
Note: There are no other changes in this release and any work previously done towards XenForo 2.2.11 - including a new CAPTCHA option by Cloudflare Turnstile and various bug fixes and improvements - will be released alongside XenForo 2.2.12 in the coming weeks.
XenForo 2.2.12 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability.
We're pleased to announce the introduction of two new features available in XenForo 2.2.12.