gems spree 4.0.3
Version 4.0.3

latest releases: 4.10.1, 4.10.0, 4.9.0...
4 years ago

This security release is recommended for all Spree 4.0 installations

Fixes security issue with API v2 Order information 72e1d44

An attacker could expose Order information using brute force to guess Order numbers. This patch fixes it by requiring Order token to obtain Order information from API v2 Order Status endpoint.

Don't miss a new spree release

NewReleases is sending notifications on new releases.