Sprint was just updated to use ZendFramework's escaper for the auto-escaping of data in ThemedController. This now supports different contexts to ramp the XSS protection up to 11.
This IS intended as a replacement for CI's xss_clean function. You should definitely upgrade, read up on the Escaper, and modify your code to ensure your security is kept working well.
Documentation has been updated in the repo to reflect this change.