New solidus_auth_devise & Solidus releases to address a severe security vulnerability

We've released solidus_auth_devise 2.5.4 to address a security vulnerability (GHSA-xm34-v85h-9pg2) affecting all versions of solidus_auth_devise.

We've also released Solidus 3.1.3, 3.0.3 and 2.11.12. They just contain a patch in case you're unable to update solidus_auth_devise.

You can read about GHSA-xm34-v85h-9pg2 on the solidus mailing list.

If you have any questions about how to secure your site please stop by our Slack

Have a nice day!