Release Highlights/3.1.1

This page highlights important changes in phpBB 3.1.1

Security Fixes

 * Cross Site Scripting via PATH_INFO in page_name variable - Fixed a cross site scripting vulnerability that allows injecting HTML into pages using the PATH_INFO via session's page_name variable.

Notable Changes

 * Custom style from 3.0.x not available after migrating to 3.1.x - If the default style is missing after the upgrade to 3.1, attempt to handle this gracefully by resetting to an available style.
 * Anonymous users can CC themselves on emails sent to admin via contact form - The option to send a copy to the sender has been removed from email forms displayed to guest users who are not registered.

Notable Bug Fixes

 *  Password issues for converted boards after upgrade - Fix auth provider errors for forums that migrated from other forum software.