[ANN] Rails 4.2.0.rc3 has been released!

Happy Friday everyone!

The Rails team has just released the third Release Candidate of Rails 4.2.0 today. For an overview of all the major changes in the 4.2 series, please refer to the release notes.

The RC3 release includes a few more minor patches over RC2. You can refer to the diff on Github for a full list of changes.

We would like to thank you again for assisting our team in testing the release candidates. Please continue to report any issues you discovered to our issue tracker and/or notify the maintainers of the relevant gems and plugins.

So far, we still haven't identify any major regressions for this release, meaning that we are still on track for our target to release the final version of 4.2.0 before Christmas time.

[ANN] Rails 4.2.0.rc2 has been released!

Happy Friday everyone!

The Rails team has just released the second Release Candidate of Rails 4.2.0 today. For an overview of all the major changes in the 4.2 series, please refer to the release notes.

The RC2 release includes some patches for a few minor issues that was reported in the last week. It also includes some improvements to the documentation and some enhancements that decreases the verbosity of the Active Job logs. You can refer to the diff on Github for a full list of changes.

We would like to thank you again for assisting our team in testing the release candidates. Please continue to report any issues you discovered to our issue tracker and/or notify the maintainers of the relevant gems and plugins.

If no other major issues are found, we expect to release the final version of 4.2.0 very soon, just in time for Christmas!

[ANN] Rails 4.2.0.rc1 has been released!

Happy Black Friday everyone!

The Rails team is very excited to announce that the first Release Candidate of Rails 4.2.0 has been released today. For an overview of all the major changes, please refer to the release notes.

We would like to thank everyone who have assisted our team in testing the beta and smoothing out all the rough edges. During the beta period, we have logged over 1500 commits by over 60 contributors and over 100 tickets and pull requests on GitHub.

In particular, thanks to contributors who have assisted in testing the release in their Real World™ applications, we have identified and addressed a number of performance issues since the last beta release.

With the release candidate out the door, we are now much closer to the final release of 4.2.0. Please consider testing this release with your applications if you haven't already – you can read the upgrade guide for detailed instructions. If you found any problems while upgrading, please report them to our issue tracker and/or notify the authors of the relevant gems and plugins.

Thank you all again, this release would not be possible without your help!

One More Thing™

The release of the first RC for the 4.2.0 series also marks the beginning of Rails 5 development. The 4-2-stable branch has been created today and all changes on the master branch will be targeted for Rails 5.0 and backported according to our maintenance policy. Read more about the grand plans for Rails 5!

Rails 4.0.11.1 and 4.1.7.1 have been released

Hi everyone!

Rails 4.0.11.1 and 4.1.7.1 have been released!

These two releases contain only security fix that was already released as 4.0.12 and 4.1.8. You can read more about the issue here (CVE-2014-7829).

4.0.12 and 4.1.8 were inadvertently based on their respective stable branches, and so incorporated additional changes beyond those necessary to resolve the security issue. In keeping with our security policy, it is our intention to include only the minimum necessary changes in security releases, to ensure everyone can upgrade without fear of regressions. As those releases included unrelated changes, we are providing new releases, based on the previous release, which contain only the security fix itself.

If you have already successfully upgraded to 4.0.12 or 4.1.8, no further action is required. Otherwise, if you are still on 4.0.11 or 4.1.7, please do upgrade to 4.0.11.1 or 4.1.7.1 at your earliest convenience.

The 3.2.21 release did incorporate a second change, but that change was intended: by policy, minor security-relevant bugs (which do not independently warrant a security release) are occasionally backported to 3-2-stable, and rolled into a subsequent security release.

The commits for 4.0.11.1 can be found here, and the commits for 4.1.7.1 can be found here.

Here are the checksums for 4.0.11.1:

$ shasum *4.0.11.1*
f35d8d54b15b83b25aa6a46aa57b58cd9888b5cc  actionmailer-4.0.11.1.gem
9d656c7959dc913fc208fa7ffdab265b73abb8f1  actionpack-4.0.11.1.gem
bde6aa4985bff22ca7046f5ad855ccacee3e345e  activemodel-4.0.11.1.gem
26d91f7d7f5cf828d25503326f6fe598f275cca3  activerecord-4.0.11.1.gem
2040d73aeb8ec84945e5ac5a1e060a703770f0a4  activesupport-4.0.11.1.gem
1dde2b45a0039ccef166030bdbc1948fa899a5e5  rails-4.0.11.1.gem
86cc0c06139bc085e830fbd0994a0bf7480e68dc  railties-4.0.11.1.gem

Here are the checksums for 4.1.7.1:

$ shasum *4.1.7.1*
3e0c627e2f35293c7f963586ddedad84fe140c3b  actionmailer-4.1.7.1.gem
038d1dd8eab2471f44cf456cbb8f94f4e413e069  actionpack-4.1.7.1.gem
6a6e2a188b58855748e0f400d6c562a779e76130  actionview-4.1.7.1.gem
6dcfeca9cb28490a4d3fde1cfbb9d14850130167  activemodel-4.1.7.1.gem
b1d5b4bab0873e712f270fdb7ad8acb81d487a73  activerecord-4.1.7.1.gem
0af0c9e374f1a83f06db82457c219b29556233ca  activesupport-4.1.7.1.gem
1fbef83600552fc18d83e61c39da752c7d6ba07c  rails-4.1.7.1.gem
f50d5902047d96b8836c3f6376ed9c212506268b  railties-4.1.7.1.gem

<3<3<3<3

Rails 3.2.21, 4.0.12, and 4.1.8 have been released

Hello everyone!!! It's that time again.

I would like to announce that Rails 3.2.21, 4.0.12, and 4.1.8 have been released. These releases contain a security fix where the existence of arbitrary files on the file system can be leaked, but the contents of the file will not be leaked. The issue generally only impacts people who are using Rails to serve static assets, and will generally not impact people who use a proxy to serve static assets. This issue is similar to CVE-2014-7818, but is slightly different. You can read more about the issue here (CVE-2014-7829).

For ease of upgrading, the only changes in these releases are the security fixes.

Here are the checksums for the gems:

[aaron@TC release]$ shasum *3.2.21*
5f59bb7e463fa3a443593bdd650a258b34ae8db6  actionmailer-3.2.21.gem
1f7ffef317f7808aa3f6b3f63f292c136a827b7c  actionpack-3.2.21.gem
aaf186bc935b66e52e43a5e5c8b0af37b0444ccc  activemodel-3.2.21.gem
9e5645ea4536238a3fec7f04e6f74a22db9057ec  activerecord-3.2.21.gem
fe64a4b4d5a0680ce2b05e4fb75d325454671c5f  activeresource-3.2.21.gem
0a503dfc64a73980b18d799f9b80f02b3b1645b7  activesupport-3.2.21.gem
b757a3161412742fd9f0323ff7ab6b31212e115c  rails-3.2.21.gem
9cb5de52049319e1c837be75deaab0eba3695e42  railties-3.2.21.gem
[aaron@TC release]$ shasum *4.0.12*
c62e361241fd26a7e31ed3a9c87489bc5a86b12f  actionmailer-4.0.12.gem
f63c9d0e7a637c114b96cd864c12641e09eed373  actionpack-4.0.12.gem
2e9a64d08b9bcef0953132f1b9d4f295dfa167a4  activemodel-4.0.12.gem
d3e59b3c9a0c5fc9045783905f53e49d4d6bc1ba  activerecord-4.0.12.gem
6bf2468d9466b019d2ffaf21e44cb7a4d4ed8dde  activesupport-4.0.12.gem
d759db3bb1420c02c97852358e425b4a168198ff  rails-4.0.12.gem
729345b543653507dfea3d2e158a870d49260548  railties-4.0.12.gem
[aaron@TC release]$ shasum *4.1.8*
db4fc0a8ac77332b96947480db7ff529c18ead44  actionmailer-4.1.8.gem
24cd5ff7bcc78a2d4997ebe6bc962f09e394f59e  actionpack-4.1.8.gem
0c22174fbe03bf461aad27bf8ddebf7ae93988fa  actionview-4.1.8.gem
2b2b98b8dfd96012b443a2ddf3cbf4267c378c4d  activemodel-4.1.8.gem
f263ff5ee5a4436184390aaf825d5072c71afc4e  activerecord-4.1.8.gem
c25e858743372f197ecfdbbbc5b1dbd71934947a  activesupport-4.1.8.gem
4b96a78c669b7122f9ad905ee8f36772ac1bd8d9  rails-4.1.8.gem
cbae764aa4a635f37c7bb52c84028dc032e1afea  railties-4.1.8.gem
[aaron@TC release]$

Happy RubyConf and have a great day!!! <3

[ANN] Rails 4.2.0.beta4 has been released!

The Rails team has just released Rails 4.2.0.beta4.

In addition to the security fixes in 4.2.0.beta3, this new release includes a number of bug fixes for issues reported since the 4.2.0.beta2 release.

If all goes according to plan, this should be the last beta release for 4.2.0 before we move into the Release Candidates phase. We would like to thank all of the early adopters who participated in the beta testing and reported issues, as well as the 64 contributors who submitted patches to help our team address these bugs.

Happy upgrading!

Rails 3.2.20, 4.0.11, 4.1.7, and 4.2.0.beta3 have been released

Hello everyone!!! It's that time again.

I would like to announce that Rails 3.2.20, 4.0.11, 4.1.7, and 4.2.0.beta3 have been released. These releases contain a security fix where the existence of arbitrary files on the file system can be leaked, but the contents of the file will not be leaked. The issue generally only impacts people who are using Rails to serve static assets, and will generally not impact people who use a proxy to serve static assets. You can read more about the issue here (CVE-2014-7818). A release of sprockets has also been made to help with this issue. You can read about it here (CVE-2014-7819).

For ease of upgrading, the only changes in these releases are the security fixes.

Here are the checksums for the gems:

[aaron@TC release]$ shasum *3.2.20*
b14ca1ad923e035ab2a7785e657c5653447c3149  actionmailer-3.2.20.gem
d6fea767996a954e4bc95fd0ca101ec912fcb093  actionpack-3.2.20.gem
97f5bb424aee73fbbd319baab3fd35c3f5eeb5f4  activemodel-3.2.20.gem
32d76836675a4c88685c3904271b16d9d2338ce9  activerecord-3.2.20.gem
640d83a96accc24e6afcae3cc5b253e5d355983f  activeresource-3.2.20.gem
d1d0a19a589c62278e7d9ac4275d5f8d75df20b3  activesupport-3.2.20.gem
f8b4d3c56d89760c02b37d4c67efd31dedd4df80  rails-3.2.20.gem
41c272d53dd748407210a2270ad17bc7c9f30594  railties-3.2.20.gem
[aaron@TC release]$ shasum *4.0.11*
9718b62f4428a7e4bbf66df4ac57dd82d197905a  actionmailer-4.0.11.gem
f1aec3d29e781e3beb685852db00ecf495150077  actionpack-4.0.11.gem
2ba4ceeff0a76df850d6294e2e1da703f3f6e7cb  activemodel-4.0.11.gem
714dca99a452adfec76b507241896ffd7978a254  activerecord-4.0.11.gem
2791791c5c1eeefb3eee76712656bf674a20867d  activesupport-4.0.11.gem
56bb306d4f0309dcf3a804a97104a3ee26b64b94  rails-4.0.11.gem
243e265c879db8876cce8688374cb7f9bb752d7d  railties-4.0.11.gem
[aaron@TC release]$ shasum *4.1.7*
4e4ce2530ff8773af784340e17e925b3b2c8cb20  actionmailer-4.1.7.gem
81628e433ca4335409677a33cfe9b56627f6ae1a  actionpack-4.1.7.gem
7dc2626f5bc85379c55e49a712f5c0e060340ca8  actionview-4.1.7.gem
83c8be73d22973c843d43a988b27a449d2ca8a9d  activemodel-4.1.7.gem
001156373c248a20c69bcf1451d6f7166dac3ddb  activerecord-4.1.7.gem
217f25a911f8e89cd2834849232555cbc47ca850  activesupport-4.1.7.gem
a1d9bb181d718e7f6cf380136425444e627c2345  rails-4.1.7.gem
1b9c8d08afc8fa77786fef13c54d4e6985cdc6d6  railties-4.1.7.gem
[aaron@TC release]$ shasum *4.2.0*
e5d608e8ce32abdd73c73c91fd34cb8f7075a251  actionmailer-4.2.0.beta3.gem
2e2034c285943777ad325c35292e202a46b937c2  actionpack-4.2.0.beta3.gem
a008833cd1045c926fb6f36ee03e3d34499a0aa9  actionview-4.2.0.beta3.gem
02f4438363419c59b33d85b2dda4d4cf741a6098  activejob-4.2.0.beta3.gem
c8a7dc2134c885ad3b23d4c36be95abc1ec1b769  activemodel-4.2.0.beta3.gem
192e33ab3b9d54954ff834ce6ee7f67a9197cb36  activerecord-4.2.0.beta3.gem
00437ab52df0ed0dd9afe571d083c92c3cdbe361  activesupport-4.2.0.beta3.gem
ca81d6ac9fdd658775d32a6dbfe248ee13f5c87b  rails-4.2.0.beta3.gem
cc302e363248e4bc2d245201f922c576f9fe6f15  railties-4.2.0.beta3.gem

Have a great day!!! <3

[ANN] Rails 4.2.0.beta2 has been released!

Happy Monday everyone!

Today the Rails team is happy to announce that we have released Rails 4.2.0.beta2.

Thanks to all the early adopters who have participated in the first round of beta testing, we have identified a number of bugs, regressions and other imperfections in the codebase. These problems have since been fixed and included in this release.

Security Issues

This release also includes two security patches.

Web Console 2.0.0.beta4

Along with the Rails 4.2.0.beta2 release we also released Web Console 2.0.0.beta4 which includes a security fix.

If you are already using Web Console in development we recommend you to upgrade to this new version of the gem.

Active Job vulnerability

We also fixed an Active Job bug that allowed String arguments to be deserialized as if they were Global IDs, an object injection security vulnerability.

Breaking Changes

In addition to the security and bug fixes, some of the new APIs have also been refined after further testing in real-world applications. This resulted in the following list of breaking changes that are not backwards-compatible with 4.2.0.beta1:

Active Job

The Active Job API has been overhauled:

# The enqueueing method has changed from +enqueue+ to +perform_later+.
#
# In 4.2.0.beta1:
MyJob.enqueue(*args)
#
# In 4.2.0.beta2:
MyJob.perform_later(*args)

# The ways jobs are scheduled has changed.
#
# In 4.2.0.beta1:
MyJob.enqueue_at(Date.tomorrow.noon, record)
MyJob.enqueue_in(1.week, record)
#
# In 4.2.0.beta2:
MyJob.set(wait_until: Date.tomorrow.noon).perform_later(record)
MyJob.set(wait: 1.week).perform_later(record)
#
# You can also specify a queue to enqueue the job onto with this new API:
MyJob.set(queue: :low_priority).perform_later(record)

Action Mailer

The Action Mailer API has also undergone some changes:

# Two new methods +#deliver_now+ and +#deliver_now!+ were introduced for
# clarity. +#deliver+ and +#deliver!+ have been deprecated and applications are
# encouraged to use the +#deliver_*+ instead.
#
# In 4.2.0.beta1:
Notifier.welcome(User.first).deliver!
#
# In 4.2.0.beta2:
Notifier.welcome(User.first).deliver_now!

# The options for +#deliver_later+ and +#deliver_later!+ has changed to match
# those on Active Job.
#
# In 4.2.0.beta1:
Notifier.welcome(User.first).deliver_later!(in: 1.hour)
Notifier.welcome(User.first).deliver_later!(at: 10.hours.from_now)
#
# In 4.2.0.beta2:
Notifier.welcome(User.first).deliver_later!(wait: 1.hour)
Notifier.welcome(User.first).deliver_later!(wait_until: 10.hours.from_now)

Action Controller render behavior change

Historically, calling render "foo/bar" in a controller action is equivalent to calling render file: "foo/bar". Since beta 2, this has been changed to mean render template: "foo/bar" instead. This is due to a number of potential security issues with the old default behavior. If you need to render a file, please change your code to use the explicit form (render file: "foo/bar") instead.

Full list of changes

As always, you can browse the Rails source code repository on GitHub to view the full list of changes that were included in this release.

Acknowledgement

The Rails team would like to thank the 66 people who contributed patches to make this release possible!

[ANN] Rails 4.1.6 and 4.0.10 have been released!

Hi everyone,

I am happy to announce that Rails 4.1.6 and 4.0.10 have been released.

We are planning to produce one more bug fix release in the 4.0 series, targeted for early December. In keeping with our maintenance policy, after the upcoming release of 4.2.0, the 4.0 series will be retired. It will not receive further updates for either bug fixes or security issues. All users are urged to migrate to 4.1 as soon as possible.

CHANGES since 4.0.9

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.1.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.0.10:

$ shasum *4.0.10*
4bd4b8a2be1a2a649f46e37b6dff3a2d8f86fd7d  actionmailer-4.0.10.gem
45d76f39092149e46c31f9226dae71b3faa52012  actionpack-4.0.10.gem
08150685a471db48b240618b378ff22e3a9b7811  activemodel-4.0.10.gem
ed3f6b184b4b62b501e0d7876d8e2f946fe0ed31  activerecord-4.0.10.gem
7c886c946e835cbbfb09dc4b4daf7f1bf05db952  activesupport-4.0.10.gem
a2b8e24d83d5395f9532fcdbfa5c441d3f86e060  rails-4.0.10.gem
533c0589dadb4fc3bd5723bb9944464b545a88f3  railties-4.0.10.gem

Here are the checksums for 4.1.6:

$ shasum *4.1.6*
d6ab3d0aecb1cf97bd5a1050356b3151e4e8ef42  actionmailer-4.1.6.gem
ba7233c749a2229e11ef02acea2d114719ceac71  actionpack-4.1.6.gem
ed67c703dfb7d95e391da21f4f2aab52ae7bbfe4  actionview-4.1.6.gem
1a9ca827740d5e3e254b26886b19ea9094b407c5  activemodel-4.1.6.gem
69d77feb4ce141551875e2a4167d0f5529bd0526  activerecord-4.1.6.gem
dc838a42455b674b95c15bf7433552ffdf777a4f  activesupport-4.1.6.gem
8f2ebf38a0a8d70d8f19916e0b51ece8a954ff8d  rails-4.1.6.gem
c9b10576113567011d37fa28aa4e5ca99b2e4fd9  railties-4.1.6.gem

I'd like to thank you all, every contributor who helped with this release.

[ANN] Rails 4.1.6.rc2 and 4.0.10.rc2 have been released!

Hi everyone,

I am happy to announce that Rails 4.1.6.rc2 and 4.0.10.rc2 have been released.

If no regressions are found expect the final release this Thursday, on September 11, 2014. If you find one, please open an issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 4.0.9

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.1.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.0.10.rc2:

$ shasum *4.0.10.rc2*
16be6057a1af45d0eaf9e5bb95f0980f0498ed38  actionmailer-4.0.10.rc2.gem
b736f6ec57f14a08611bf94e9170a102bbcd235e  actionpack-4.0.10.rc2.gem
7508c684dcfa38fca79640f7196fd437c6945be7  activemodel-4.0.10.rc2.gem
aef89eeadb957dac5ec21cce6e640f13fad301f0  activerecord-4.0.10.rc2.gem
1b6d2dfd4d69605d58de34eaa68bf9c98fedb581  activesupport-4.0.10.rc2.gem
7e3de742b723def7e0026b89e8c744822f66fe23  rails-4.0.10.rc2.gem
bb4f5083436987907c38dc019261b3477386b4b9  railties-4.0.10.rc2.gem

Here are the checksums for 4.1.6.rc2:

$ shasum *4.1.6.rc2*
8fbbefa7a1f87569b54b6b0444ccb42b112b8b4e  actionmailer-4.1.6.rc2.gem
81c84fed39c32a013da3da7181eb81b41084c62f  actionpack-4.1.6.rc2.gem
e750e2a53c16b3312a049c044c9f7d5e7ed1f228  actionview-4.1.6.rc2.gem
8f034fa15a6c364d818e28a0bdd5bc4bcc691025  activemodel-4.1.6.rc2.gem
8259ec18fbaaec162c4eaf344f2a4507322e049b  activerecord-4.1.6.rc2.gem
c220cbad51271b9a2c4e2ef390a0060e66127323  activesupport-4.1.6.rc2.gem
1578350d0c58c5c5ce3e771541336c76728b9c34  rails-4.1.6.rc2.gem
d70a87ccb0d002b4c44cade8ce30a8ae6394313e  railties-4.1.6.rc2.gem

I'd like to thank you all, every contributor who helped with this release.