diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 87393da41..9e9b68999 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -4,7 +4,7 @@ on:
   push:
     branches:
       - '3'
-      - '4.11'
+      - '4.12'
       - '5'
 jobs:
   build:
diff --git a/en/02_Developer_Guides/05_Extending/04_Shortcodes.md b/en/02_Developer_Guides/05_Extending/04_Shortcodes.md
index ccf5ae08f..2d83dbdd3 100644
--- a/en/02_Developer_Guides/05_Extending/04_Shortcodes.md
+++ b/en/02_Developer_Guides/05_Extending/04_Shortcodes.md
@@ -70,6 +70,16 @@ class Page extends SiteTree
 }
 ```
 
+[warning]
+Note that the `$arguments` parameter potentially contains any arbitrary key/value pairs the user has chosen to include.
+It is strongly recommended that you don't directly convert this array into a list of attributes for your final HTML markup
+as that could lead to XSS vulnerabilities in your project.
+
+If you want to use the `$arguments` parameter as a list of attributes for your final HTML markup, it is strongly recommended that you
+pass the array through a filter of allowed arguments using [array_filter()](https://www.php.net/manual/en/function.array-filter.php)
+or similar.
+[/warning]
+
 These parameters are passed to the `MyShortCodeMethod` callback:
 
  - Any parameters attached to the shortcode as an associative array (keys are lower-case).