Spree Commerce

Try It Now

Spree 1.3.1 and 1.2.3 Released

Posted on January 07, 2013 by Sean Schofield

Last week the Rails team announced a new release which addresses an important security vulnerability. This is a Rails security problem, but since Spree relies on these insecure versions of Rails, all Spree users are advised to upgrade to a more secure version immediately.

Spree 1.3.1

Existing Spree 1.3.0 users should upgrade to the new Spree 1.3.1 release. This release uses the more secure Rails 3.2.10 version and also includes some minor bug fixes unrelated to the security issue. You can review the Github compare for a complete list of changes.

Spree 1.2.3

Existing Spree 1.2.x users should upgrade to the new Spree 1.2.3 release. This release uses the more secure Rails 3.2.10 version and also includes some minor bug fixes unrelated to the security issue. You can review the Github compare for a complete list of changes.

Other Versions of Spree

If you are using Spree versions 1.1.x and older you should consider upgrading to Spree version 1.2.3 or higher. Our current policy is to only maintain the latest two versions of Spree along with the current master.

Upgrading Rails Without Updating Spree

If you’re not ready to update your version of Spree, you may want to consider updating just the version of Rails you’re using. Spree gems will not allow you to use arbitrary versions of Rails (we like to test them first) so you’ll have to do a little hacking if you want to go it alone. To accomplish this you need to work with the source code and checkout from Git using the exact tag of your version of Spree. You can then modify the gemspec to allow a newer version of Rails. Finally, you’ll need to push this change to a fork and modify the Gemfile in your project to point to the fork.

blog comments powered by Disqus