In addition to the fixes found in the previous patches to v2.3.1, 231patch4 provides the following:
* !!! Fixes cross-site security issue
* Re-introduces old (0.9x) theme compatibility if OLD_THEME_COMPATIBLE constant is set in the theme config.php settings file
* Fixes issue where IE fixes would be applied since they were loaded before the stylesheets
* Fixes issue with possible mangled meta tags (due to bad user input)
* Fixes issue where message queue wasn't always displayed
* Fixes issue in a dropdown control where both 'blank item' and 'no items' would be listed
* Fixes shipping/billing calculator upgrade script to run on all upgrades
* Updates removal of some old libraries left in after ugprade from v2.3.0 to v2.3.1
* Adds comment to .htaccess file to help with issues running from subfolder
* Fixes bad refs for .htaccess error documents
* Fixes some issues saving bootstraptheme/bootstrap3theme theme configuration setting changes
* Fix display of showlogin view for bootstrap3
* Fixes bad closing tag on new 'message' smarty function
* Fixes issue where MOTD item allowed setting of 'any month' was not allowed
* Fixes expSession to deal with mangled $user session variable
* Fixes expUtil::browser() method to work w/ php v5.2.1
* Fix for possible database manager write error reporting 'Invalid CSRF token'
* More graceful exit from an upgrade if the database is down
* Fixes styling of DataTables Tabletools for non-bootstrap views
* Now allows sorting by 'is admin' for manage user view
* Fixes issue w/ CKEditor (only elFinder support fixed) where image size didn't appear in insert image dialog after file selection, now also transfers 'alt' from file manager

231patch1, 231patch2, and 231patch3 created a data corruption issue and were pulled from release
