This security release is recommended for all Spree 3.7 installations
Fixes security issue with API v2 Order information 72e1d44
An attacker could expose Order information using brute force to guess Order numbers. This patch fixes it by requiring Order token to obtain Order information from API v2 Order Status endpoint.