It's recommended that site owners upgrade to 2.2.2 or 1.12.13 to mitigate an information disclosure vulnerability:
An attacker could uncover a few general details (name, icon, short description) about groups that are usually hidden from him/her. This would not expose the group's description, content, or membership, and a probe would require knowledge of Elgg internals. This weakness exists in all previous Elgg versions.
Security issues should be reported to firstname.lastname@example.org!