phpBB user profile background (img)
In what ways is 3.1.x more secure than 3.0.14? I believe the only change is with password hashes; phpBB 3.1+ uses a blowfish hash that is more difficult to decrypt than the PHPass hash used by phpBB 3.0.14. The difference is only important if your database is stolen and someone tries to decrypt the passwords. And even then, PHPass is extremely secure...to the point where the improvements gained with the blowfish hash are offset by the significant increase in CPU time required to generate the hash.
And FYI, the 3.1+ app.php file can cause buffer overruns in both nginx and Apache when PHP-FPM is proxied via UNIX socket, resulting in raw PHP pages being displayed. This is an issue with the Symfony framework and not specifically with phpBB 3.1+. (To be fair, this may well be a bug in PHP-FPM and not in Symfony, but the only time I have ever seen this problem is with Symfony's app.php file.)
I agree that phpBB 3.0.14 is better than 3.0.12, though not due to the "security fixes". I actually revert one of the "security fixes" on client 3.0.14 installations!