Development Wiki

Release Highlights/3.1.1

From phpBB Development Wiki

Revision as of 00:13, 2 November 2014 by Naderman (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This page highlights important changes in phpBB 3.1.1

Security Fixes

  • Cross Site Scripting via PATH_INFO in page_name variable - Fixed a cross site scripting vulnerability that allows injecting HTML into pages using the PATH_INFO via session's page_name variable.

Notable Changes

  • Custom style from 3.0.x not available after migrating to 3.1.x - If the default style is missing after the upgrade to 3.1, attempt to handle this gracefully by resetting to an available style.
  • Anonymous users can CC themselves on emails sent to admin via contact form - The option to send a copy to the sender has been removed from email forms displayed to guest users who are not registered.

Notable Bug Fixes

  • Password issues for converted boards after upgrade - Fix auth provider errors for forums that migrated from other forum software.