Spree v4.0.3

« Changelog History

Release Date: 2019-12-04 // over 4 years ago

This security release is recommended for all Spree 4.0 installations

🛠 Fixes security issue with API v2 Order information 72e1d44

🛠 An attacker could expose Order information using brute force to guess Order numbers. This patch fixes it by requiring Order token to obtain Order information from API v2 Order Status endpoint.

Awesome Ruby is part of the LibHunt network. Terms. Privacy Policy.