Totara 2.2.13 is a "security" release, because it includes upstream fixes from Moodle (including security fixes). We recommend upgrading your site to this release.

Here's the 2.2.13 changelog:

Release 2.2.13 (18th January 2013):
==================================================

Security fixes:
                Fixes from Moodle HQ http://docs.moodle.org/dev/Moodle_2.2.7_release_notes

Database upgrades:
    T-10237     Fix problem when upgrading Facetoface to 2.2.11 on large sites

New features:
    T-9832      Change language pack import to use Totara server instead of Moodle HQ

Improvements:
    T-9804      Add missing strings for block_totara_recent_learning
    T-10250     Add missing strings in US English
    T-10248     Add user lastlogin filter to various Report Builder reports
    T-10236     Add support for cross joins to Report Builder
    T-10239     Add new userfullname replacement variable for Program messages

Bug fixes:
    T-5879      Fix typo in admin component language string
    T-10230     Fix display of course title in Learning Plans
    T-10240     Fix to prevent non-authenticated user from seeing a list of all courses in a category
    T-10247     Fix warnings in tag filter when there are no tags
    T-10231     Fix broken images in Learning Plan component descriptions
    T-10198     Fix display of Facetoface Session table
    T-10252     Apply fix from MDL-36421 to fix 'New Window' option for SCORM course format
    T-10238     Fix temp table field lengths to match the user table in totara_sync
    T-9571      Update Copyright dates for 2013
    T-10244     Fix saving and display of images in Program summary and endnote text fields
    T-10258     Fix incorrect date syntax in face-to-face module version number
    T-10227     Fix totara sync log report filter so that it is possible to filter by warnings
    T-10228     Fix notice when assigning user with no manager to a program

Simon