Spree Commerce

Try It Now

Spree 0.60.6 Released

Posted on March 15, 2012 by Sean Schofield

Spree 0.60.6 has been released. The primary purpose of this release is to address a recently discovered security vulnerability which under certain circumstances allows any authenticated user to read the contents of another user’s order.

Please see the Github compare for a complete list of changes in this release. Due to this issue and other previously announced vulnerabilities you should upgrade to this version of Spree if you are running any version of Spree prior to 0.60.6.