It is important to keep updated with ecommerce distribution, modules and core, especially for security updates. Whenever you are taking money and delivering products from online sites it is extremely critical to maintain security. This is very tough with non-distribution packages, but no less important for developers of distribution packages to maintain current packages. I don't know the status of kickstart, and the latest dev releases could be the solution, but I've not read it.

It sure would help to know what is the latest version of distribution of kickstart relevant to latest drupal core security updates.

Maybe, I missed something somewhere. As I recall the latest distribution for production sites does not include latest drupal core.


jsacksick’s picture

The 2.9 release doesn't include Drupal core 7.23, but the dev release does. We're trying to keep the distribution up to date as much as possible.
The latest drupal core wasn't a security release, so there's no rush here (see below).

Release notes (7.23)

Maintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major new functionality); significant new features are only being added to the forthcoming Drupal 8.0 release.

No security fixes are included in this release.

lsolesen’s picture

Category: feature » support
Priority: Critical » Normal
Status: Active » Fixed

This has been answered in #1

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

HongPong’s picture

For what it's worth, when I followed the upgrade instructions for Commerce Kickstart, it did not produce the patched version of Views, and I had to copy the old patched version back into place. Really, this is fairly complicated of a process, and I think it would be best to index all the patches up front (unless there is such an index and I am just too fried to notice it).

jsacksick’s picture

That's not possible, the .make file of Commerce Kickstart contains the views patch (See