Spree 1.2.2 has been officially released. The primary purpose of this release is to upgrade to the latest secure version of Rails. Previous versions of Rails 3.2.x have a DoS vulnerability that was fixed in the recent Rails 3.2.9 release. The DoS vulnerability is actually a Ruby security issue as well, so it is recommended that you upgrade your Ruby installation to Ruby 1.9.3.p327 or higher.
There are no new Spree security vulnerabilities addressed in this release – just those mentioned above concerning Ruby/Rails. Please note that earlier last week we issued a flawed Spree 1.2.1 release but that has since been “yanked” (due to a minor glitch) and the fixed version has been released as Spree 1.2.2.
This release also contains a series of minor bug fixes and improvements which you can read more about in the Spree 1.2.2 release notes. As always, this has been a group effort by the outstanding members of our community. This release contained 248 contributions by 44 different authors. You can see the Github compare for full details.