From phpBB Development Wiki
This page highlights important changes in phpBB 3.1.1
- Cross Site Scripting via PATH_INFO in page_name variable - Fixed a cross site scripting vulnerability that allows injecting HTML into pages using the PATH_INFO via session's page_name variable.
- Custom style from 3.0.x not available after migrating to 3.1.x - If the default style is missing after the upgrade to 3.1, attempt to handle this gracefully by resetting to an available style.
- Anonymous users can CC themselves on emails sent to admin via contact form - The option to send a copy to the sender has been removed from email forms displayed to guest users who are not registered.
Notable Bug Fixes
- Password issues for converted boards after upgrade - Fix auth provider errors for forums that migrated from other forum software.