lightning RCE is not fixed in 2.2.2

[anderruiz]

GHSA-cgwc-qvrx-rf7f advisory is not solved in version 2.2.2 for lightning, at least version 2.2.5 is vulnerable

[darakian]

Hey @anderruiz, any chance there's some public documentation supporting that? What we have on file now is not that 2.2.2 fixes the issue but rather that 2.2.1 is the last known version which is affected. If it's shown that other versions are also affected that would be fantastic to know 😄