phpBB

Development Wiki

Difference between revisions of "Release Highlights/3.1.1"

From phpBB Development Wiki

(Created page with "This page highlights important changes in phpBB 3.1.1 == Notable Changes == * '''Custom style from 3.0.x not available after migrating to 3.1.x''' - If the default style is m...")
 
(Notable Changes)
 
Line 1: Line 1:
 
This page highlights important changes in phpBB 3.1.1
 
This page highlights important changes in phpBB 3.1.1
  
 +
== Security Fixes ==
 +
* '''Cross Site Scripting via PATH_INFO in page_name variable''' - Fixed a cross site scripting vulnerability that allows injecting HTML into pages using the PATH_INFO via session's page_name variable.
 
== Notable Changes ==
 
== Notable Changes ==
 
* '''Custom style from 3.0.x not available after migrating to 3.1.x''' - If the default style is missing after the upgrade to 3.1, attempt to handle this gracefully by resetting to an available style.
 
* '''Custom style from 3.0.x not available after migrating to 3.1.x''' - If the default style is missing after the upgrade to 3.1, attempt to handle this gracefully by resetting to an available style.
 +
* '''Anonymous users can CC themselves on emails sent to admin via contact form''' - The option to send a copy to the sender has been removed from email forms displayed to guest users who are not registered.
  
 
== Notable Bug Fixes ==
 
== Notable Bug Fixes ==
 
* ''' Password issues for converted boards after upgrade''' - Fix auth provider errors for forums that migrated from other forum software.
 
* ''' Password issues for converted boards after upgrade''' - Fix auth provider errors for forums that migrated from other forum software.
 
[[Category:Release Highlights]]
 
[[Category:Release Highlights]]

Latest revision as of 00:13, 2 November 2014

This page highlights important changes in phpBB 3.1.1

Security Fixes

  • Cross Site Scripting via PATH_INFO in page_name variable - Fixed a cross site scripting vulnerability that allows injecting HTML into pages using the PATH_INFO via session's page_name variable.

Notable Changes

  • Custom style from 3.0.x not available after migrating to 3.1.x - If the default style is missing after the upgrade to 3.1, attempt to handle this gracefully by resetting to an available style.
  • Anonymous users can CC themselves on emails sent to admin via contact form - The option to send a copy to the sender has been removed from email forms displayed to guest users who are not registered.

Notable Bug Fixes

  • Password issues for converted boards after upgrade - Fix auth provider errors for forums that migrated from other forum software.