Spree Commerce

Try It Now

Partner Ninefold Visits the Spree Office

Posted on March 27, 2014 by Shannon Madlin

Partner Ninefold Visits the Spree Office

This week our team from our partner, Ninefold, made the very long trek from Australia and San Francisco to visit our headquarters in the Washington DC area. The week long visit included hosting our very first partner webinar, paired with a lot of brainstorming with both our development team and our marketing group, as well as an introduction to our favorite lunch spot – Chipotle.

The partnership started when Ninefold shared some incredible research they had done on site load time using Spree Commerce as the basis. That quickly developed into a popular session at SpreeConf 2014 and evolved into a fast partnership that will, and has, included a webinar series, documentation and events.

To view the webinar, Lightning Fast Page Load Times, click here.

We appreciate Ninefold taking the time to spend the week here at Spree. We continue to be impressed with their team, and we always enjoy working with our partners to identify ways that we can work more closely together. We look forward to a lot of great collaborations in the future.

Backend Integrations with hub

Posted on March 26, 2014 by Shannon Madlin

SpreeConf Session – Backend Integrations with the Spree Commerce Hub – Brian Quinn

At SpreeConf 2014, Spree Commerce CTO Brian Quinn gave the audience insight into how to build integrations using the Spree Commerce hub. Brian explained how the hub can be used to streamline operations not only for Spree stores, but for all e-commerce platforms, including custom storefronts.

The Spree Commerce hub connects your storefront to crucial business applications such as drop shipping providers, warehouses, accounting systems, ERPs, email services, custom applications and much more. In this video, Spree Commerce CTO Brian Quinn shows you how easily you can get started using the hub, so that you can process all the events as they happen in your store.

More sessions and videos from SpreeConf will be uploaded soon so make sure to subscribe to our YouTube channel to see them as they go live.

Important Security Fix for all Spree 2.x.x Versions

Posted on March 25, 2014 by Ryan Bigg

We have just issued several new versions of Spree that address a critical security vulnerability. A vulnerability in the API was discovered which could allow an attacker to gain the security token for an order. The exploit would require the attacker to randomly guess valid order numbers, but once achieved, the technique would reveal private customer information associated with the order. Credit card details are never stored in Spree and were never at risk by this exploit. Users are advised to perform an immediate upgrade.

We have officially released the following new Spree versions: 2.0.10, 2.1.6, and 2.2.1. These versions also contain several other minor fixes. To see a complete list of changes please view the compare pages:

Tax calculation corrections

Also worth noting is that on the 2-2-stable branch, there have been some minor tweaks to improve the tax calculation there. In certain circumstances, the tax amount that was applied was incorrect. For information about that, please see Issue #4327.

Details on the security patch

We strongly advise everyone to upgrade to the latest version of Spree available for their stores. For example, if you’re running v2.0.9, please upgrade to v2.0.10 immediately.

Alternatively, you can fork Spree to a local `vendor/gems/spree` directory within your application and apply the patch using one of these commands:

  • 2-0-stable: git cherry-pick dc6f3b5b87f31e4f1ce7f8a5ef8378abbb3b16ea
  • 2-1-stable: git cherry-pick 71807994b779fc921d494234aa16b6f081a6c2c4
  • 2-2-stable: git cherry-pick ba4ab90dfb36a8bd25c465f763c977963821102b

Thanks to Michael Nowak from Taktsoft for following security procedures and reporting the issue privately to the security team via the security@spreecommerce.com email. This allowed us to quickly verify the problem and to quickly prepare the necessary security patches for public release.

Future security announcements

Going forward, the best way to ensure you receive all security announcements is to subscribe to the spree security mailing list. The mailing list is very low traffic, and it receives the public notifications the moment the embargo is lifted. Security announcements will also continue to be announced via our blog and social media.

Red Badger Starts Spree Hackathon & Meetup Series

Posted on March 20, 2014 by Shannon Madlin

Red Badger

Who is Red Badger?

Red Badger is a UK-based Development and Design agency with a long-standing tradition of innovation and excellence. They’ve worked with titans such as BBC, BMW and Selfridges. Red Badger joined the Spree Commerce Certified Partner program in January of 2014 and after attending SpreeConf and meeting other UK-based Spree developers, they quickly became a leader in the community.

The Hackathon

This past weekend in London, Red Badger hosted a Spree hackathon. The goal was to take what they had already learned about Spree Commerce, apply it to best practices, and expand their knowledge to see if Spree truly is the best platform to build a truly unique customer experience. In only two days the developers at the hackathon built a new ecommerce storefront from scratch.

One of our developers, Peter Berkenbosch, attended and contributed to the hackathon. He was impressed by the expertise and enthusiasm of the Red Badger team and other attendees. “Red Badger has a great balanced team with talented designers and frontend and backend developers who can build and design a store in 2 days!” said Peter. “The Red Badger culture is based around sharing the same passion and trying to solve similar problems together. They provided feedback on both what Spree is doing well, and what we can do better – which is what this community is all about.”

London Meetups

Red Badger was so excited by the hackathon and the response and outcome, they have decided to keep the momentum going by creating a London MeetUp group where others who are using Spree can get together, share what they’ve learned, compare notes and generally just be a part of a growing community. The next Meet Up will take place at 7 PM in London on May 14th – click here to register.