Most importantly - it fixes a critical SQL injection bug in the ODBC database driver.
The fixes to the ODBC driver mean that you can no longer use the query builder with it, nor the escape() functions.
On the plus side, it now has actual query binding, as opposed to emulated.
CodeIgniter 3.1.1 was released today, with some security fixes, bug fixes and enhancements.
Security: Fixed a flaw in the Security library, for PHP 5.3.
Enhancements: to the inflector_helper and common functions.
Bug fixes: for the Cache, Email, File Uploading, Form Validation, HTML Table, Image Manipulation, Session, Trackback, Unit Testing, and XML-RPC libraries;as well as the Database driver, Database Forge and Query Builder.
CodeIgniter 3.1.3 was released today, with some critical security fixes, as well as numerous bug fixes.
Security: Fixed an email handling issue, and an XSS vulnerability, as well as some CSRF hardening.
Bug fixes: for the Database, Email, File Uploading, Image Manipulation, Input, Loader, Output, Query Builder, Session, and XML-RPC libraries; as well as for the Date helper and the bootstrap file.
CodeIgniter 3.1.4 was released today, with some security and bug fixes.
Security: Fixed byte-safety handling in the encryption code, and a header injection.
Bug fixes: for the Database, Input, Loader, Session libraries; and for the Html, Text & common functions helpers.
Also updated the Query Builder and Profiler.
Enhancements: Image library.