Spree 1.1.4 has been officially released. The primary purpose of this release is to upgrade to the latest secure version of Rails. Previous versions of Rails 3.2.x have a DoS vulnerability that was fixed in the recent Rails 3.2.9 release. The DoS vulnerability is actually a Ruby security issue as well, so it is recommended that you upgrade your Ruby installation to Ruby 1.9.3.p327 or higher.
There are no new Spree security vulnerabilities addressed in this release – just those mentioned above concerning Ruby/Rails. This release also contains a series of minor bug fixes which you can read more about in the Spree 1.1.4 release notes. You can also see the Github compare for full details.
Due to the upcoming Spree 1.3.0 release, this will be the final patch release of Spree 1.1.×. We encourage you to update to Spree 1.2.x as soon as possible.