This Week in Rails: Read Me To Learn A Cool Trick™!

This is Godfrey, reporting in from Portland, OR. We have a lot to cover this week, let’s dive right into the stories so you can go back to watching Olympics!


Cool Trick™

Router Visualizer

Have you ever wondered what happens when you visit a URL (say /posts/5 ) in your Rails app? How does the Rails router know where to send your users?

The first (of many) step is to compare the URL against the routes table for potential matches. To make this lookup as fast as possible, the routes table is pre-compiled into a finite state machine, specifically a nondeterministic finite automaton (NFA).

If that sounds very intimidating, don’t worry! The Rails router actually comes with a debugging tool that could generates an interactive visualization of your router NFA.

To generate one for your app, simply run Rails.application.routes.router.visualizer from your Rails console and save the returned string into an html file. (You will need the dot command-line tool for this – OS X users can get it from homebrew with brew install graphviz. )

Oh, is it not working? I forgot to mention that this tool is broken on Rails 5 by an internal refactor. Don’t worry though, because Seth fixed it for us in this pull request, which would come out with the next 5.0 patch release. If you are impatient, you could try it out by running the 5-0-stable branch.

Before you build your next billion-dollar startup with this awesome tool, please note that this is an undocumented ( private! ) API, and as you can see, could break unexpectedly between versions (or go away entirely).

While it’s definitely not Production Grade™ software, it’s still very useful for learning and debugging purposes. Enjoy it while it lasts!

New Stuff

Optional schema.rb Alignment

When dumping the schema, Rails tries to align things vertically for readability. However, this could result in a bigger diff than you would like when making changes to an existing table. With this PR, you now have an option to turn that off!

Controller Tests Now Supports as Option

While integration tests are strongly preferred over controller tests going forward, this PR allows you to simulate a request content type in controller tests using the same as: :json (or as: :xml , and so on) option. 

retry_on Gets A Job

Active Job’s retry_on API can now access to the job instance that failed, in addition to the exception object.

Make touch_later Respects no_touching

The no_touching API now composes correctly with touch_later as you would expect.

Query With Arrays and Ranges

With this PR, you will be able to pass an Array or Range object to where(some_column: …) when querying an array/range column, assuming your database supports those column types.

Fix Upgrade Task Documentation

This is a periodic PSA that when it comes to upgrading Rails apps, the update task is going to be your friend. In Rails 5, this command has been renamed to rails app:update , whereas when upgrading to Rails 4.2 and below, you would want to use rake rails:update instead.

See the upgrade guide for more details.

In Case You Missed It…

Active Job Defaults To Async Adapter

In case you missed it, Active Job in Rails 5 defaults to using the “async” adapter for jobs processing (the previous default was the “inline” adapter). The documentation has been updated to reflect that change.

Wrapping Up

That’s it from This Week in Rails! As always, there were a lot more changes than we have room for. If you are interested, definitely go check them out yourself!

Until next week!

This Week in Rails: params encoding, better logging and more!

Hello! This is Roque covering latest events from the Rails community. Like in Rio, our week was busy with plenty of amazing participants #Rio2016 🇧🇷

Security releases!

New Rails versions are released with many important security fixes. If you have not done already, do not drop the ball and upgrade as soon as possible.

This Week’s Rails Contributors

This week 29 code athletes contributed to Rails. We also got 1 first time contributor. Welcome aboard the Rails Games!

Allow specifying encoding of parameters by action

Controllers can list the parameters with parameter_encoding, providing the action and the encoding type.
This allows parameters in the same request to have particular encoding types.


Fix thread_mattr_accessor class leaking

thread_mattr_accessor was sharing the variable with superclasses and subclasses. Setting the variable in one would compromise the other.

Fix the Accept header overwritten issue in integration tests

XHR integration tests were overwriting the Accept header and creating inconsistency with HTTP_ACCEPT.


Better logging of cached partial renders

A while ago, DHH suggested an improvement to better log cached partial renders. It looks pretty clean!

Show error message when Rails runner fails

The Rails runner will now give you a hint of what is going on whenever it fails with an exception.

Wrapping Up

That’s it from This Week in Rails! There were many other great code athletes, too numerous to list here, but feel free to check them out!

Until next week!

Rails,, and have been released!

Hi everyone!

Rails,, and have been released! These release contain important security fixes, so please upgrade when you can.

Versions,, and contain a fix for CVE-2016-6316 which you can read about here. Version also contains CVE-2016-6317 which you can read about here.

To ease upgrading, these releases contain only security fixes.

Here are checksums for the gems:


[aaron@TC release]$ shasum *3.2*
6ba79586fa0c60de8e13d0e2bdd9508ae03e0222  actionmailer-
aa26322bef392b2911d94d4d7390b7c20d2ac8c6  actionpack-
8a5c3cf72592d670b23e2ccfa22d13929dbbed6e  activemodel-
2354c885903252bc8acd6cd03c13f0b8f3f4d9a4  activerecord-
824b2a7eb4b65fd70051006645400ad16aeb095e  activeresource-
3d026ae2c0aa9807510d033abee424ada82782bf  activesupport-
9d40b008c664fb234158f8e68c589dc410520c96  rails-
26e6d7cb9b6fdb160486e8b850ca31fff250b69f  railties-


[aaron@TC release]$ shasum *4.2*
00a9b8ed92e96abf11aead750f98558a0bc136a7  actionmailer-
b7c08b66da4532acc84d099733a8148bbbdbb108  actionpack-
1e843b678e08b503f1521fcbf159f166141221b9  actionview-
93acc93ae1098ef0c5ac6798ca700422b484114c  activejob-
b0a0008a67d8995da0c25e610c659ff69c031c0d  activemodel-
07537cb059779e92615a34b205f3b1e8a722d78b  activerecord-
33b1220c3739453b872cdc1eda193841c0a14033  activesupport-
d39f1fc8c7d86ada1c7243bd713b03ec09889b8b  rails-
5f39ebc0f270d95df72ef38311362cf2d0aaaa87  railties-


[aaron@TC release]$ shasum *5.0*
721f9e6079d184b58b225a88b28c8aeca6b3f388  actioncable-
1dfd080bd3e780816fb0d4b25a8d5cf111e78784  actionmailer-
b557b5c3b94b63356de93c985bf70be8df7619f3  actionpack-
d58cf5cb5b4dc4e0cc33eea9c3d9c4426363922a  actionview-
9f1038a26bac62c97189f664c53729bf74abee24  activejob-
b09333355633f7674f04e098e6766c0fe3ac966b  activemodel-
4ca136b557265b4ee307c8f936180680cc0fcde0  activerecord-
297d6b1bb741226a1aec4081cbdfa61ce27d8e8b  activesupport-
24b7f00cbd411784be774dc526e5398a9c438a3d  rails-
a46d76ae93a8c740a63ef245af3bbe75e491e4f0  railties-

This Week in Rails: New APIs, bug fixes, #Rio2016 🇧🇷

Hello! This is Andy bringing you another week’s worth of highlights from Rails. Today also marks the official start of the #Rio2016 Olympic Games 🇧🇷 . New events this time around include golf, sevens rugby and kitesurfing, so check those out!

Rails Contributors

This week we’d like to thank 18 contributors to Rails and extend a welcome to this week’s only first-time contributor!

New exception handling APIs for ActiveJob

New APIs retry_on and discard_on have been added to ActiveJob. These provide hooks for a job class to perform some additional functionality when exceptions occur. The PR for this feature has some nice discussion, check it out!

New ActiveRecord transaction error classes

ActiveRecord can now distinguish between serialization failures and deadlocks. A more specific error in the case of deadlocks is now returned where supported (currently only PostgreSQL). Check the PR for an analysis of other database adapters and the latest code as the class names may have changed.


Activesupport::Duration inconsistencies around daylight saving time

Since this commit from December, “week” durations are no longer converted to days. This means we need to add :weeks to the parts that ActiveSupport::TimeWithZone will consider being of variable duration to take account of DST transitions.


YAML Parameters backwards compatibility

This change provides backwards compatibility for Rails 4.2 based on YAML serialization changes made in Rails 5.

Wrapping Up

That’s it from This Week in Rails! There were many other great contributions and investigations too numerous to list here, but feel free to check them out!

Until next week!

🔎 This Week in Rails: Much investigations, such bug fixes! 🔍

This is detective  🕵  Prathamesh reporting from the secret chambers of Rails.

We were busy investigating many  🐛🐛🐛🐛🐛  this week and I am happy to announce that we have successfully solved many mysterious cases 💪

Rails Contributors

Great 🔍 work by 22 detectives who solved mysterious cases this week. Also welcome to 4 new  🕵  in our growing list of contributors!

Ruby/Rails applications not vulnerable to HTTProxy security issue

The Phusion team found out that Ruby, Rails and Rack applications are not affected by the recent security issue related to HTTProxy. Great  🕵  investigation!


Use already loaded records in the finder methods

If the records of the finder queries are already loaded, then Rails will use them instead of querying again.

Correctly return associated_table when associated_with? is true

This fixes an issue related to has and belongs to many associations failing when the association name and table name are the same.

Remove circular join references in join_dependency

This fixes a stack level too deep crash when a circular join on the same table is used with the current scope.

Correct the behavior of virtual attributes on models loaded from the database

Before this change, virtual attributes not backed by the database would throw an error unless explicitly initialized. This change fixes it and also cleans up the implementation for virtual attributes. 


Reset rack.input when the environment is scrubbed for the next request

Before this change, parameters sent via post requests would leak across requests in the Action Controller tests. This change prevents that by cleaning rack.input at the end of the request scrubbing.

Changed partial rendering to allow collections which don’t implement to_ary

This change allows collections which do not implement to_ary also to be used for rendering partials. It allows instances of Enumerator or Enumerable to be used for rendering partials.

Wrapping Up

That’s it from This Week in Rails! There were many other great contributions and investigations too numerous to list here, but feel free to check them out!

Until next week!  🕵 🔍 💪

🚀 This Week in Rails: 2x String#blank? perf, assert_changes and more! 🚀

Hello from Vipul.

This was one busy week, with many changes landing on master.
We had lots of performance improvements, bug fixes, new additions and enhancements.

And here I thought everyone was just playing Pokemon Go now. 

Kasper joins Rails core!

That’s right Kasper gets himself a cartoon face!

Kasper has helped make countless changes and helped others make them as well.

He’s continued to making substantial, individual contributions, like the new partial collection caching scheme, wildcard template dependencies, and big improvements to the test runner.

This Week’s Rails Contributors

This week saw contributions from 30 fabulous people. 2 of those had a commit merged into Rails for the very first time.

A big thank you to you all! ❤️ If you fancy seeing yourself up there next week, why not take a peek at the list of current issues? Improvements to the documentation can also be a great place to start!

2x performance boost for String#blank? in Ruby 2.4!

String#blank? now uses Regex#match? following the backwards compatible addition of Regex#match? that was introduced.

This helps to get upto 2x the performance with new Regex improvements on Ruby 2.4!

Introduce assert_changes and assert_no_changes

ActiveSupport::TestCase was augmented to complement assert_difference with a more more general usage.

With this handy comparison, we can now do something like-

user = User.start_registration
assert_changes ‘user.token’, from: nil, to: /\w{​32}​/ do

to encapsulate the state changes, before and after an operation.


Bring back support for callable cache key when rendering collection

Support for custom callable cache key was added back to view caching. This allows us to do something like

<%= render partial: ‘projects/project’, collection: @projects, cached: -> project {​ [project, current_user] }​ %>

and pass a key based on a callable block, which allows us to depend on cache’s and cache expiration based on result of the call. In the above case, the cache will be expired with changes to project and current_user objects.

Add exists? and update_all to CollectionProxy to respect an association scope

This change added exists? and update_all to CollectionProxy to respect an association scope.

This was causing issues in newest version of Rails whenever update_all or exists? were called on a collection object like user.references.update_all(…).


Fix bug in ActiveRecord TimeZoneConverter#set_time_zone_without_conversion

Before this change, multi-parameter attributes conversion with invalid params caused issue, when AR’s time_zone_aware_attributes was enabled, since that caused an invalid conversion. 

The new change, now tries conversion only when a valid value is available for safe-conversion.

Fix calling merge method as the first occurrence in a scope

Previously calling merge as the first method to build up a scope used to lead to errors-

scope :unsafe_chaining, -> {​ merge(Comment.newest) }​ #=> NoMethodError:

This change now allows us to overcome this and build up scopes like-

scope :_chaining, ->{​merge(Comment.newest).joins(:comments) }​ # => OK_


Allow MessageEncryptor to take advantage of authenticated encryption modes

This change allow MessageEncryptor to now support authenticated encryption modes.

AEAD modes like aes-256-gcm provide both confidentiality and data authenticity, eliminating the need to use MessageVerifier to check if the encrypted data has been tampered with. This speeds up encryption/decryption and results in shorter cipher text.

Setup default session store internally, and no longer through an initializer

This change removes creation of the config/initializers/session_store.rb to define session store via initializer and sets up default session store internally.

By default the session store will be set to cookie store with application name as session key.

Wrappin’ Up

That’s it from This Week in Rails! There were many other great contributions, too numerous to list here, but feel free to check them out!

Until next week!

Kasper joins Rails core

It’s a privilege to welcome Kasper Timm Hansen to the Rails core team, and I’m not just saying that because he’s a fellow Dane, though it helps 🇩🇰! Kasper started contributing to Rails during the 2013 Summer of Code program where he worked on the new Loofah-backed sanitizer. It was a big job and Kasper aced it.

Since then he’s racked up almost seven hundred commits on a wide variety of projects and PRs. He’s helped countless contributors polish their pull requests to the point that their work can be committed to the framework.

He’s also continued making substantial, individual contributions, like the new partial collection caching scheme, wildcard template dependencies, and big improvements to the test runner.

He joins the core team as lucky #13 😎✨👏

This Week in Rails: Y U have not updated to Rails 5 yet?!

Hello from Claudio.

This week saw some small fixes applied to Rails 5. Nothing major. Nothing that should stop you from upgrading all your apps from Rails 4.2 to Rails 5. So get onboard! You can do it!

Rails 4.2.7 and 4.1.16 have been released!

Check the blog post for links to all the CHANGELOGs. As Rails 5 was released, this is probably going to be the last release of Rails 4.1. Please take some time to upgrade your application to Rails 4.2 or Rails 5.

This week’s Rails contributors

32 people contributed to Rails this week, including 6 first-timers. Congratulations! Don’t hesitate to check all the changes merged into master this week. 


Add support for limits in batch processing

Active Record’s batch processing methods now support limit, so you can write statements like Post.limit(10_000).find_each { ​|post| … }​.


Fix AR::to_param to maximize content

The documentation states that AR::to_param should truncate values longer than 20 characters by words. This commit enforces this behavior, using as many characters as possible to maximize the information included in the URL.

AS::Duration to serialize empty values correctly

ActiveSupport::Duration::ISO8601Serializer will not fail when asked to serialize zero-length durations such as ActiveSupport::Duration.parse(0.minutes.iso8601).

AS::TimeZone#strptime to raise the correct error

Trying to parse an invalid date such as in strptime('1999-12-31', '%Y/%m/%d') will now raise ArgumentError rather than the confusing NoMethodError: undefined method empty?.

Check request.path_parameters encoding when they’re set in env

The encoding of path parameters is now checked earlier in the dispatch process so that routes that go directly to a Rack app, or skip controller instantiation, don’t have to defend themselves against non-UTF8 characters.


Speed up RDoc generation

Every commit to rails/master automatically updates the Rails docs. The RDoc generation has gotten faster by only including files that contain changes since the last generation.

Wrappin’ Up

Repeat after me: “Next week I will upgrade all my projects to Rails 5.”

💬 “Next week I will upgrade all my projects to Rails 5” 💬

I hope you do! And finally, if you happen to travel to sunny California this summer, come say hi at the Los Angeles Ruby meetup. 🌇😎🏄


[ANN] Rails 4.2.7 and 4.1.16 have been released!

Hi everyone,

I am happy to announce that Rails 4.2.7 and 4.1.16 have been released.

As Rails 5 was released, this is probably going to be the last release of Rails 4.1. Please take some time to upgrade your application to Rails 4.2 or Rails 5.

CHANGES since 4.1.15

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.2.6

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.


If you’d like to verify that your gem is the same as the one I’ve uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.1.16:

$ shasum *4.1.16.gem*
73d32e6b3cdb1969a717fc3ca8f5c3efcf83b13c  actionmailer-4.1.16.gem
09a7871a038b949e3b694fb342b4ed8b7aca5cb2  actionpack-4.1.16.gem
a819dd539d801a32cd38ab5de4d87f02fc0319f9  actionview-4.1.16.gem
06d0b51e36752d8359c3c2328a3dd8d74d3e2ae0  activemodel-4.1.16.gem
ee90f4a21ccf60b389faf1aa0c2f98c5d2615e17  activerecord-4.1.16.gem
4249169a2ec9c61a0ebdcc79a42f7c878c1a88e5  activesupport-4.1.16.gem
a34763cea87724c64b020550c61b14f10f770e54  rails-4.1.16.gem
3ac57878a20dc3d676e90658201bd57f51a12eaf  railties-4.1.16.gem

Here are the checksums for 4.2.7:

$ shasum *4.2.7.gem*
60b53f522dc7769ad03fe4d16bedc2fccd2ea238  actionmailer-4.2.7.gem
6660830b452dd1f074b2279c6e229eaf48a82ffd  actionpack-4.2.7.gem
434f4ef869ba26eedfc9faaa7f7fc26d9eff24b4  actionview-4.2.7.gem
4c32473e6f408b70993cede2f1718aef69ce7122  activejob-4.2.7.gem
f21ddf419aa6db5b2aed441d8d3849e22b5b4bbf  activemodel-4.2.7.gem
e2ad80b89e6af968286855a4913c2460adc888c4  activerecord-4.2.7.gem
517fd2649deacd98339954ac41d5378e8215a98a  activesupport-4.2.7.gem
34475b44a9195d440523af4a0cbac8f8435c7c47  rails-4.2.7.gem
5ea798d4276084cf446f9e24599ad24fa2e873b4  railties-4.2.7.gem

I’d like to thank you all, every contributor who helped with this release.

🌵 This Wild Week in Rails 🌵: Rails 4.2.7/4.1.16, new tag helpers syntax and more!

Hola desperados!

Jon (aka Juan el bandido) here saying “Howdy” from the Navarro desert near Pamplona 🇪🇸 to bring you outlaws a back-slappin’ sagebrush issue of This Wild Week in Rails 🌵.

We’ll be covering a selection of the past 2 weeks’ commits. That’s a dadgummit lotta ground to cover, so pack a saddlebag o’ water, watch out fer rattlesnakes, and dontcha hesitate to click through to the pull requests for more info!


This Week’s Rails Contributors

Let rip some proper hootin’ & hollerin’ fer these 38 heroic wranglerswho contributed to Rails this week, including 8 first-timers! Check out the current issues and the contributing guide if ye’d like to join ‘em!

Rails 4.2.7.rc1 and 4.1.16.rc1 released, gold fever ensues

These two release candidates hit the trail this week. The final release of Rails 4.1.16 should be on its way shortly if no regressions are found. It will probably be the last release of Rails 4.1, so please take some time soon to upgrade your application to Rails 4.2 or Rails 5.

New syntax for Action View tag helpers

Building on an implementation proposal by DHH, new syntactical sugar has been introduced for tag helpers that supports HTML5 markup by default and avoids positional parameters. See the PR for details and code examples as well as #25289 for the groundwork and discussion.

Updated and improved Rails Guides

Many vital documentation contributions were made these past 2 weeks, including completion of the Rails Testing Guide (yeehaw!) and updates for Rails 5.


Cleaner, simpler stack traces

Scheduled for Rails 5.1, this commit aims to clean up noisy stack traces and log only the traces relevant to the developer. The discussion in the PR and in #25343 is worth reading.

Update Action View tag helpers attributes

This commit brings the boolean attributes for the Action View tag helpers up to date with the current spec, while dropping autobuffer in favor of preload and removing pubdate.

Raise on nested time travel helpers

Nested time travel calls in tests can lead to confusion in time stubbing. To discourage this practice, Rails now raises on nested travel and travel_to time helper calls.


Use correct timezone when parsing dates in json

Time specified in ISO 8601 format without Z should be parsed as local time, yet until now it was treated as UTC. This commit fixes the problem by parsing time using the timezone specified in the application config. Additionally, YYYY-MM-DD format is now parsed as Date , not DateTime as it was until now.

Ported to Rails 5-0-stable since this is a potential breaking change.

Routes using as option now work with GET requests

This fix adds the option to the end of the URL path rather than the query params. The PR discussion contains an example of checking impact on performance and working around it. Backported to 5-0-stable.

Don’t reap reassigned connections

This fix ensures that concurrent invocations of the connection reaper cannot allocate the same connection to two threads. Backported to 5-0-stable.

Fix race condition with websocket stream writes

ActionCable::Connection::Stream now safeguards against concurrent writes to a websocket connection from multiple threads. Backported to 5-0-stable.

Close hijacked I/O socket after use

ActionCable::Connection::Stream now properly closes hijacked sockets when the connection was shut down. Backported to 5-0-stable.

Fix adding implicitly-rendered template digests to ETags

Modifying an implicitly-rendered template for a controller action using fresh_when or stale? now correctly results in a new ETag value.

Fix Type::Date#serialize to consistently return a date object

Type::Date#serialize now properly casts values to date objects when making where and find queries on a date field. Backported to 5-0-stable.


New middleware for debugging reloading/executing deadlocks

Backported to 5-0-stable, this PR adds new ActionDispatch::DebugLocks middleware that can be used to diagnose deadlocks in the autoload interlock.

Enable using rake notes with other directories

Developers and gems can now use rake notes to extract notes from other directories (like /spec) by registering them with the SourceAnnotationExtractor.

Wrappin’ Up, Ye Saddle Bums

Luddy Mussy, ah’m all sewn up! That’s all for This Wild Week in Rails 🌵. Der wuz more improvements than we had room to cover here, so doncher hesitate to check ‘em out!

‘Til next week, amigos!