Still on Drupal 7? Security support for Drupal 7 ended on 5 January 2025. Please visit our Drupal 7 End of Life resources page to review all of your options.
Drupal Commerce 1.10 is primarily a bug fix release that addresses the vulnerability described in SA-CONTRIB-2014-087 - Drupal Commerce - Information disclosure and a variety of smaller bugs. The information disclosure fix includes an update hook that cleans usernames created by a default checkout completion rule to remove the host name from e-mail addresses used as usernames.