It's recommended that site owners upgrade to 2.2.2 or 1.12.13 to mitigate an information disclosure vulnerability:
An attacker could uncover a few general details (name, icon, short description) about groups that are usually hidden from him/her. This would not expose the group's description, content, or membership, and a probe would require knowledge of Elgg internals. This weakness exists in all previous Elgg versions.
There were a few other fixes. Notably 2.2.2 is now compatible with MySQL 5.7. See the changelogs for 1.12.13 and 2.2.2.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by Raül Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
Could it be that the changelogs are incomplete? Just looking at the changelog of 1.12.13 it looks to me that there should be more changes listed since 1.12.12. For 2.2.2 I'm not so sure but there might be missing some changes there, too.
Can you open an issue with what you think is missing?
https://github.com/Elgg/Elgg/issues/10356
Can i upgrade from elgg 1.12.12 to 2.2.2 directly ??
That right !