Totara 2.2.12 is a "security" release, because it includes important fixes for potential security vulnerabilities. We recommend upgrading your site to this release.

Here's the 2.2.12 changelog:

Release 2.2.12 (20th December 2012):
==================================================

Security fixes:
    T-10196     Improve XSS filtering in Learning Plan and other description fields
    T-10219     Fix password rotation limits

Database upgrades:
    T-10069     Update totara sync to allow file uploads with needing direct server access
                The UI for uploading files has changed slightly and you must now choose
                between using direct file uploads or providing a directory on your server.

New features:
    T-10211     Add 'Is enrolled' filter to course completion report

Improvements:
    T-10069     Change image selectors from URLs to filepickers in custom totara theme

Bug fixes:
    T-10209     Stop zero values in parentid and typeid stopping totara sync from running
    T-10202     Fix to display help for variable substitution in programs
    T-10198     Fix display of table on f2f signup page
    T-10204     Change the colour of program progress bar so it is clear when a program is complete
    T-10152     Fix scheduled reports with user content restrictions to show the manager's staff correctly
    T-10228     Fix error when assigning users to a program who don't have a manager

This will be the last Totara release of 2012. All the best for the New Year from the Totara team.

Simon