Archive for October, 2011

Spree 0.70.0 Released

Spree 0.70.0 is now officially released. The most important change with this release is that is is fully compatible with the brand new Rails 3.1.1 release. Please read the release notes for more information on what has changed and how to upgrade from previous versions.

Prior to today’s new release of Rails, there were significant problems with the asset pipeline and other features. These problems were severe enough to cause us to hold off on the new Spree release until they were addressed. Spree 0.70.0 represents another massive release (due mostly to the massive amount of change in Rails itself.) The Github compare shows this release to consist of a total of 356 commits by 36 different contributors and a whopping 1,093 files changed!

Deface Themes

There have been signficant improvements to themes which now rely on Brian Quinn’s awesome deface library. Themes are also now available as engines which means they can be more easily shared with others. This is just the start of what he have planned for themes in Spree. You can expect more improvements in the near future.

New Extension Generator

This release contains a brand new extension generator. Once you’ve installed the new Spree gem you can use this generator to create extensions using the following command:

  $ spree extension foofah

One of the most important advances in this new generator is that you can now easily run specs for extensions in their own standalone repository. You just need to create a test application (one time only) as a context before running your specs.

  $ rake test_app
  $ bundle exec rspec spec

Asset Pipeline

One of the most important features of Rails 3.1.x is the asset pipeline. There have been many changes to Spree to support the asset pipeline (which are covered more thoroughly in the release notes.)

Unfortunately some of the Rails 3.1.x changes have introduced significant performance issues when running Spree in development mode. The good news is you can improve performance significantly by using a special precompile task.

  $ bundle exec rake assets:precompile RAILS_ENV=development
    RAILS_ASSETS_NONDIGEST=true

Using the precompile rake task in development will prevent any changes to asset files from being automatically included in when you reload the page. You must re-run the precompile task for changes to become available.

Rail’s also provides the following rake task that will delete the entire public/assets directory, this can be helpful to clear out development assets before committing.

 $ rake assets:clean

It might also be worthwhile to include the public/assets directory in your .gitignore file.

Spree 0.60.2 Released (Security Fix)

We have just released Spree 0.60.2 which contains an important security fix. A vulnerability exists in the ProductScope class that could allow for unauthenticated remote command execution. To put it simply, you should either upgrade immediately or add your own custom fix based on this commit.

Special thanks to joernchen of Phenoelit for discovering and reporting the problem through the appropriate channels(which is a private email to security@railsdog.com.) Roman Smirnov (aka romul) provided the necessary fix.

The edge code has also been updated to include this fix. There are also a few other minor issues addressed in this release. See the Github compare view for the full details.

We are currently working on an improved solution for handling the reporting of security issues. We will be announcing a new initiative on this front in the near future.

New Website Launched

We’re pleased to announce the launch of our brand new website! Its been several weeks in the making and last weekend we finally rolled it out to the general public. One of the major changes you’ll likely notice is that we have introduced several new paid products. This represents a great step forward as we can now offer commercial support (which comes included with all hosting plans.) Please feel free to use the contact forms on the website if you are interested and have any questions.

Spree will continue to remain 100% open source. We’re just providing support, hosting and payment processing options for those that require them. The members of the Spree core team will also continue to participate in the free “community support” (mailing list, IRC, etc.) but for those that want a higher level of support you now have a new option available to you.

This project is maintained by a core team of developers and is freely available for commercial use under the terms of the New BSD License.