Spree Commerce

Try It Now

Announcing Our First SpreeConf

Posted on November 01, 2011 by Sean Schofield

Today we’re pleased to announce our first ever SpreeConf to be held in New York City on February 15-16, 2012. This is a great opportunity to learn more about Spree and the other technologies that power it. We have a great lineup of speakers and a really incredible keynote speaker. There will also be a full day of training on Rails, jQuery, Coffee Script and Spree.

Conferences are the life blood of any open source project. They represent an invaluable opportunity for the developers and users of software to connect and help shape the future of the project. The conference will not be exclusively focused on Spree. Our goal was to do something that would be interesting for Spree users but also helpful to Rails developers in general. So there will be some general talks that may touch on Spree when applicable and there will be some Spree talks that will also introduce concepts that are applicable outside of Spree.

The price of the conference is only $99 and it includes a full day of training and a second day of talks. The space for training is limited so we encourage you to sign up now since we expect to fill up the training slots quickly. We’ve also made arrangements to get a special hotel rate with the Cooper Square Hotel which is located near the conference. For those traveling on a budget, you may be able to find something more affordable through our friends at Airbnb

We're funded - Now what?

Posted on October 31, 2011 by Sean Schofield

It’s been two weeks since we announced our recent funding and now its time to start talking about what comes next. We are working on an e-commerce analytics product as well as a service for recommendations and mailing lists.

Before we make these products available to all of our users we will be conducting a limited beta test. If you are interested in helping us with the testing please create a Spree account on our website and use the “Request Beta Access” button to submit your request. Currently beta testing is limited to those running Spree 0.60.x or higher.

We’re particularly excited about the analytics product (shown below) which is now ready for beta testing. We’ve been running it for a few days now on the Spree demo store and its been working pretty well. We’d like to get a few more people who are interested to help with the testing.

Eventually we hope to make the analytics product available on older versions of Spree as well. Of course you’re probably not running a really old version of Spree because you read the recent security announcements.

We’re also working on a very cool recommendations solution for Spree. We’ve partnered with a company that has significant expertise with this area and has a very cool “learning algorithm” with a proven track record. If you’re interested in this you should also request beta access now so we can contact you when we’re ready.

Finally, we have two major announcements to make later this week. Stay tuned.

Important Security Updates (Oct. 2011)

Posted on October 24, 2011 by Sean Schofield

Over the past several weeks there have been several important security updates to Rails as well as Spree. The most recent Spree security announcement describes a critical vulnerability that affects all but the very latest versions of Spree. All affected users are advised to upgrade immediately.

We have also implemented a new mechanism to inform Spree developers and store owners of potential security threats before they are announced on the mailing list. We have created an alerts feature that will perform an automated check against your version of Rails and Spree and inform you of any potential security problems. We believe this feature is so important that we’ve gone back and implemented it for previous versions of Spree as well.

Please consult the following list of scenarios to find out what the recommendations are for your particular version of Spree.

Edge/Master

No action required.

0.70.1

No action required.

0.70.0

Its recommended that you update to 0.70.1. There are no known vulnerabilities with 0.70.0 but version 0.70.1 contains the new security alert mechansim to keep you informed of issues in the future.

0.60.3

It is recommended that you update to 0.60.4. The are no security issues with Spree itself but this version of Spree does use a version of Rails that is considered to be insecure. By updating this verison of Spree you will move to the more secure Rails 3.0.10.

0.60.0 – 0.60.2

It is recommended that you update to 0.60.4. These versions of Spree have a critical vulnerability and they are also using insecure versions of Rails.

0.50.0 – 0.50.3

It is recommended that you update to 0.50.4 at a minimum. This will address a critical vulnerability in Spree but will still leave possible issues with the version of Rails. You should consider updating to Spree 0.60.4 which will also address the Rails security issues by updating you to Rails 3.0.10.

0.40.0 – 0.40.3

It is recommended that you update to 0.40.4 at a minimum. This will address a critical vulnerability in Spree but will still leave possible issues with the version of Rails. You should consider updating to Spree 0.60.4 which will also address the Rails security issues by updating you to Rails 3.0.10.

0.30.0 – 0.30.1

It is recommended that you update to 0.30.2 at a minimum. This will address a critical vulnerability in Spree but will still leave possible issues with the version of Rails. You should consider updating to Spree 0.60.4 which will also address the Rails security issues by updating you to Rails 3.0.10.

0.11.0 – 0.11.2

It is recommended that you update to 0.11.3. This will address a critical vulnerability in Spree and will also address issues with older versions of Rails that contain security problems. After upgrading you will be moved to the more secure Rails 2.3.14.

Versions prior to 0.11.0

Recommended that you update to 0.11.3

Spree 0.70.1 Released

Posted on October 20, 2011 by Sean Schofield

Spree 0.70.1 is now officially released. There are two important changes in this release. The first change is a fix to the asset precompile stuff. If you’re running 0.70.0 you’ll want to upgrade because this will result in a performance increase.

The other major change is that we have introduced the concept of security and release alerts. You will now receive a notification in your control panel whenever there is a new release. This feature also allows us to notify you of important security announcements. The alerts can be dismissed once they’re read and you have the option to disable them entirely (not recommended.)

The Security Guide contains more information on alerts. You can also view the Github compare for a complete list of changes in this release.