This expat release fixes CVE-2022-40674 - Heap use-after-free vulnerability in function doContent. Expected impact is denial of service or potentially arbitrary code execution.

Should be fixed in both 1.12 and 1.11 branches.