Spree v4.0.3 Release Notes
Release Date: 2019-12-04 // over 4 years ago-
This security release is recommended for all Spree 4.0 installations
🛠 Fixes security issue with API v2 Order information 72e1d44
🛠 An attacker could expose Order information using brute force to guess Order numbers. This patch fixes it by requiring Order token to obtain Order information from API v2 Order Status endpoint.