This Week in Rails: 🍫 Your Golden Ticket to the Chocolate Factory 🍫

Jon here welcoming you to This Week in Rails!

Today we’ll be touring the wondrous Ruby on Rails chocolate factory to see how its marvelous candy, consumed by web apps and developers everywhere, is made and tested.

Golden tickets in hand? Let’s go!

Welcome! 🎩

This Week’s Rails Contributors

This week, 26 fabulous oompa-loompas concocted improvements to make your favorite candy even more delicious – including one for the first time!

Fix Bundler warnings about insecure github sources

If you upgrade to bundler 1.13 and use github options to specify gem sources in your Gemfile, you’ll see warnings when running bundle commands.

To fix, you can run bundle config github.https true on the command line.

Or if you don’t control the environment the Gemfile will execute in, you can add this to the Gemfile, like Rails now does:

git_source(:github) |repo_name| do

Backported to 5-0-stable.

Improving the chocolate 🍩🍫

Puma docs: Disconnect connections before preloading

This pull request added documentation for config/puma.rb to recommend closing database connections if preloading an application that uses Active Record. See the discussions in the pull request and in puma/puma#1001 for more.

Improve assert_response helper

To improve productivity when writing tests, if an assert_response test fails, Rails nows outputs the actual response body if it’s not too large (less than or equal to 500 chars).

Fixing bugs in the candy 🍬

Clear attribute changes after touching

Following-up on a very good bug report, this PR fixed a Rails 5 regression so that calling ActiveRecord#touch when using optimistic locking once again leaves the model in a non-dirty state with no attribute changes.

Prevent mutation of constants

Tests using ActionDispatch::IntegrationTest were failing when run after any controller test that modified request.session_options. It turned out that  ActionController::TestSession::DEFAULT_OPTIONS was being mutated, and as a result, Rack::Session::Abstract::Persisted::DEFAULT_OPTIONS also, which made integration tests inherit that value and fail.

This pull request dup’ed the AC default options constant to prevent mutation, and a pull request to Rack was merged to freeze the Rack default options constant and avoid the issue in the future.

Force correct namespace with TransactionManager

This pull request fixed issue #26441: “NameError: uninitialized constant AR::ConnectionAdapters::DatabaseStatements::TransactionManager when calling reset_transaction”.

How to contribute? Some examples from this week 🍰

Fix warnings in the test suite

Running the Rails test suite can be a great way to uncover minor issues to fix. This pull request addressed 2 warnings in the test suite that arose simply from not wrapping a method argument in parentheses.

Add missing tests

Noticing that there were no tests for when ActiveRecord::Enum#enum was called with a specific suffix, this contributor added some.

Improve the Rails Guides

Better documentation is always welcome. After seeing issue #26286, this contributor helpfully improved the documentation for the render partial ‘as’ option.

Add a bug report template

The commit message says it all: “I created this for testing migrations in isolation and thought it would be helpful to others in the future to avoid having to dig through the Rails migration tests.”

Remove duplicate code

This elsif branch was a duplicate of the else branch just after it. You’ll never believe what happened next 😮.

How to inherit a world of unlimited imagination 🍭

That’s it for today’s tour, but the true journey has only just begun.

Starting today, choose any file in the Rails codebase and read it.

Pick an open issue on the master branch, and try to reproduce the bug using the Rails bug report templates.

Go through the Contributing to Ruby on Rails Guide. Set up your Rails test environment.

Pick an open pull request and test it or review it.

You’ll be surprised what baby steps like these can lead to!

Enjoy the wonderful chocolate – and see you next week.

This Week in Rails: Ruby 2.4 compat, attachments in preview emails, fixture_file_upload and more!

Howdy everyone!

This is Prathamesh bringing you the changes from this week in Rails!

This Week’s Rails Contributors

This week we had 22 awesome people making Rails better. We also had 3 people contributing for the first time. 

One more step towards Ruby 2.4 compatibility

Ruby 2.4 is coming! If you have already tried it with Rails 5, a key must be 32 bits error was raised due to a breaking change in Ruby 2.4 related to openssl cipher key lengths. It is now fixed, while keeping backward compatibility with any existing signed data. 🎉


Allow download of email attachments in the Mailer Previews

Now we can download email attachments in mailer previews similar to real-world emails thanks to this change.


Make fixture_file_upload work in integration tests

This change makes sure that the  fixture_file_upload   test helper works properly in integration tests. In case you missed it, integration tests are the default way of testing controllers in Rails 5.

Use proper test adapter for Active Jobs inheriting from ApplicationJob

Rails 5 introduced ApplicationJob as the default base class for Active Job classes. When testing these classes, the proper test adapter was not being invoked due to looking for subclasses of ActiveJob::Base instead of its descendants. This change fixes it.

Wrapping Up

Although I enjoyed reviewing all the commits from the last week, there were as usual too many to mention exhaustively. But do check them out yourself here!   Until next week!

This Week in Rails: Speedier Times, Explicit Public Assets and more!

Oh, hello there!

This is Tim here bringing you your latest installment of This Week in Rails. We had another corker this week chock full of great updates - read on for the full details!

This Week’s Rails Contributors

This week saw 99 commits from 27 fantabulous people contributed to Rails, including an amazing 5 first-timers! If you’d like to see your name up there next week, why not take a gander at the issues board, or you may even consider the next item for inspiration….

Documentation Galore

This week saw a whopping 11 documentation PRs successfully merged. Improvements to the documentation are not only gratefully received, but are a great way to start getting involved.


Make public asset use explicit

When calling asset_path with an invalid file name, this method would simply pass the string that you gave it back to you. This revision adds a configurable flag called unknown_asset_fallback which when set to false will raise an error if the asset is not found. Setting it to true will preserve the current behavior, but will indicate that it is being deprecated.

Don’t unnecessarily load a belongs_to when saving

This change prevents an already-loaded model from being reloaded if its id gets assigned to another model in a belongs_to association and then saved.


Fix performance regression in TimeWithZone#to_time

Up until Rails 4.0.0.beta1, TimeWithZone#to_time could return a cached instance attribute. Since that release it has been coercing the value to a Time on each call. This revision reverts the old behavior, which, according to the author’s benchmarks, is over 5 times faster.

Allow send_file to declare a charset

Previously, calling send_file with type: "text/calendar; charset=utf-8" , would result in the charset’s being deleted - a bug that was fixed in this PR.

Wrapping Up

Although I enjoyed reviewing all the commits from the last week, there were as usual too many to mention exhaustively. But do check them out yourself here!

Until next week!

This Week in Rails: Bad Puns, Dad Jokes And Other Useless Information!

Hello there!

Yes, this is Godfrey again. I am glad a lot of you found last week’s Cool Trick™ useful. However, wouldn’t life be pretty boring if you just keep getting useful information? So I figured I would change things up a bit by delivering you an issue full of bad puns, dad jokes and other useless information. Let’s get to it!

This Week’s Rails Contributors

This week, 11 new contributors along with 19 other returning contributors took some time to keep Rails chugging along.

Include The Content of “The Flash” In ETags

When confronted about code bloat, DHH does not take it lightly. This week, he pulled another one of those moves by committing the content of The Flash into the Rails codebase.

Redirect POST Requests With 307 Status Code

Chirag Singhal decided to stir up some drama here by sending browsers a HTTP 307 “YOU JUST DON’T GET IT” status code when upgrading POST/PUT/DELETE requests to HTTPS connections.

Remove over meta programming in AR::Relation

When Bogdan Gusiev dived into the AR::Relation code base, he was not pleased with what he saw. After making some tweaks in this PR, he seemed happy with the result. Why?


( •_•)>⌐■-■


It doesn’t meta anymore.


Improve tag_option performance

Amadeus Folego identified  tag_options  as a hotspot in his application and decided to help improve its performance by throwing in some frozen strings. Cool!

Update docs with Action Cable Redis dependency

Coming back from his vacation, Rafael Reggiani Manzo redis™covered a new dependency for developing Rails. To ease the shock for the next person, he added the setup instructions to the guides.

Missing key should throw KeyError

Last but not least, Eileen M. Uchitelle committed a key error this week.

Wrapping Up

That’s all from me this week, I hope you find this information useless! For a more informative view, check out (no pun intended) the commits here.

Okay, please don’t unsubscribe! 😭 Your favorite rotation of editors will be back starting next week to replace me, so I’m sure things will get better from here!


This Week in Rails: Read Me To Learn A Cool Trick™!

This is Godfrey, reporting in from Portland, OR. We have a lot to cover this week, let’s dive right into the stories so you can go back to watching Olympics!


Cool Trick™

Router Visualizer

Have you ever wondered what happens when you visit a URL (say /posts/5 ) in your Rails app? How does the Rails router know where to send your users?

The first (of many) step is to compare the URL against the routes table for potential matches. To make this lookup as fast as possible, the routes table is pre-compiled into a finite state machine, specifically a nondeterministic finite automaton (NFA).

If that sounds very intimidating, don’t worry! The Rails router actually comes with a debugging tool that could generates an interactive visualization of your router NFA.

To generate one for your app, simply run Rails.application.routes.router.visualizer from your Rails console and save the returned string into an html file. (You will need the dot command-line tool for this – OS X users can get it from homebrew with brew install graphviz. )

Oh, is it not working? I forgot to mention that this tool is broken on Rails 5 by an internal refactor. Don’t worry though, because Seth fixed it for us in this pull request, which would come out with the next 5.0 patch release. If you are impatient, you could try it out by running the 5-0-stable branch.

Before you build your next billion-dollar startup with this awesome tool, please note that this is an undocumented ( private! ) API, and as you can see, could break unexpectedly between versions (or go away entirely).

While it’s definitely not Production Grade™ software, it’s still very useful for learning and debugging purposes. Enjoy it while it lasts!

New Stuff

Optional schema.rb Alignment

When dumping the schema, Rails tries to align things vertically for readability. However, this could result in a bigger diff than you would like when making changes to an existing table. With this PR, you now have an option to turn that off!

Controller Tests Now Supports as Option

While integration tests are strongly preferred over controller tests going forward, this PR allows you to simulate a request content type in controller tests using the same as: :json (or as: :xml , and so on) option. 

retry_on Gets A Job

Active Job’s retry_on API can now access to the job instance that failed, in addition to the exception object.

Make touch_later Respects no_touching

The no_touching API now composes correctly with touch_later as you would expect.

Query With Arrays and Ranges

With this PR, you will be able to pass an Array or Range object to where(some_column: …) when querying an array/range column, assuming your database supports those column types.

Fix Upgrade Task Documentation

This is a periodic PSA that when it comes to upgrading Rails apps, the update task is going to be your friend. In Rails 5, this command has been renamed to rails app:update , whereas when upgrading to Rails 4.2 and below, you would want to use rake rails:update instead.

See the upgrade guide for more details.

In Case You Missed It…

Active Job Defaults To Async Adapter

In case you missed it, Active Job in Rails 5 defaults to using the “async” adapter for jobs processing (the previous default was the “inline” adapter). The documentation has been updated to reflect that change.

Wrapping Up

That’s it from This Week in Rails! As always, there were a lot more changes than we have room for. If you are interested, definitely go check them out yourself!

Until next week!

This Week in Rails: params encoding, better logging and more!

Hello! This is Roque covering latest events from the Rails community. Like in Rio, our week was busy with plenty of amazing participants #Rio2016 🇧🇷

Security releases!

New Rails versions are released with many important security fixes. If you have not done already, do not drop the ball and upgrade as soon as possible.

This Week’s Rails Contributors

This week 29 code athletes contributed to Rails. We also got 1 first time contributor. Welcome aboard the Rails Games!

Allow specifying encoding of parameters by action

Controllers can list the parameters with parameter_encoding, providing the action and the encoding type.
This allows parameters in the same request to have particular encoding types.


Fix thread_mattr_accessor class leaking

thread_mattr_accessor was sharing the variable with superclasses and subclasses. Setting the variable in one would compromise the other.

Fix the Accept header overwritten issue in integration tests

XHR integration tests were overwriting the Accept header and creating inconsistency with HTTP_ACCEPT.


Better logging of cached partial renders

A while ago, DHH suggested an improvement to better log cached partial renders. It looks pretty clean!

Show error message when Rails runner fails

The Rails runner will now give you a hint of what is going on whenever it fails with an exception.

Wrapping Up

That’s it from This Week in Rails! There were many other great code athletes, too numerous to list here, but feel free to check them out!

Until next week!

Rails,, and have been released!

Hi everyone!

Rails,, and have been released! These release contain important security fixes, so please upgrade when you can.

Versions,, and contain a fix for CVE-2016-6316 which you can read about here. Version also contains CVE-2016-6317 which you can read about here.

To ease upgrading, these releases contain only security fixes.

Here are checksums for the gems:


[aaron@TC release]$ shasum *3.2*
6ba79586fa0c60de8e13d0e2bdd9508ae03e0222  actionmailer-
aa26322bef392b2911d94d4d7390b7c20d2ac8c6  actionpack-
8a5c3cf72592d670b23e2ccfa22d13929dbbed6e  activemodel-
2354c885903252bc8acd6cd03c13f0b8f3f4d9a4  activerecord-
824b2a7eb4b65fd70051006645400ad16aeb095e  activeresource-
3d026ae2c0aa9807510d033abee424ada82782bf  activesupport-
9d40b008c664fb234158f8e68c589dc410520c96  rails-
26e6d7cb9b6fdb160486e8b850ca31fff250b69f  railties-


[aaron@TC release]$ shasum *4.2*
00a9b8ed92e96abf11aead750f98558a0bc136a7  actionmailer-
b7c08b66da4532acc84d099733a8148bbbdbb108  actionpack-
1e843b678e08b503f1521fcbf159f166141221b9  actionview-
93acc93ae1098ef0c5ac6798ca700422b484114c  activejob-
b0a0008a67d8995da0c25e610c659ff69c031c0d  activemodel-
07537cb059779e92615a34b205f3b1e8a722d78b  activerecord-
33b1220c3739453b872cdc1eda193841c0a14033  activesupport-
d39f1fc8c7d86ada1c7243bd713b03ec09889b8b  rails-
5f39ebc0f270d95df72ef38311362cf2d0aaaa87  railties-


[aaron@TC release]$ shasum *5.0*
721f9e6079d184b58b225a88b28c8aeca6b3f388  actioncable-
1dfd080bd3e780816fb0d4b25a8d5cf111e78784  actionmailer-
b557b5c3b94b63356de93c985bf70be8df7619f3  actionpack-
d58cf5cb5b4dc4e0cc33eea9c3d9c4426363922a  actionview-
9f1038a26bac62c97189f664c53729bf74abee24  activejob-
b09333355633f7674f04e098e6766c0fe3ac966b  activemodel-
4ca136b557265b4ee307c8f936180680cc0fcde0  activerecord-
297d6b1bb741226a1aec4081cbdfa61ce27d8e8b  activesupport-
24b7f00cbd411784be774dc526e5398a9c438a3d  rails-
a46d76ae93a8c740a63ef245af3bbe75e491e4f0  railties-

This Week in Rails: New APIs, bug fixes, #Rio2016 🇧🇷

Hello! This is Andy bringing you another week’s worth of highlights from Rails. Today also marks the official start of the #Rio2016 Olympic Games 🇧🇷 . New events this time around include golf, sevens rugby and kitesurfing, so check those out!

Rails Contributors

This week we’d like to thank 18 contributors to Rails and extend a welcome to this week’s only first-time contributor!

New exception handling APIs for ActiveJob

New APIs retry_on and discard_on have been added to ActiveJob. These provide hooks for a job class to perform some additional functionality when exceptions occur. The PR for this feature has some nice discussion, check it out!

New ActiveRecord transaction error classes

ActiveRecord can now distinguish between serialization failures and deadlocks. A more specific error in the case of deadlocks is now returned where supported (currently only PostgreSQL). Check the PR for an analysis of other database adapters and the latest code as the class names may have changed.


Activesupport::Duration inconsistencies around daylight saving time

Since this commit from December, “week” durations are no longer converted to days. This means we need to add :weeks to the parts that ActiveSupport::TimeWithZone will consider being of variable duration to take account of DST transitions.


YAML Parameters backwards compatibility

This change provides backwards compatibility for Rails 4.2 based on YAML serialization changes made in Rails 5.

Wrapping Up

That’s it from This Week in Rails! There were many other great contributions and investigations too numerous to list here, but feel free to check them out!

Until next week!

🔎 This Week in Rails: Much investigations, such bug fixes! 🔍

This is detective  🕵  Prathamesh reporting from the secret chambers of Rails.

We were busy investigating many  🐛🐛🐛🐛🐛  this week and I am happy to announce that we have successfully solved many mysterious cases 💪

Rails Contributors

Great 🔍 work by 22 detectives who solved mysterious cases this week. Also welcome to 4 new  🕵  in our growing list of contributors!

Ruby/Rails applications not vulnerable to HTTProxy security issue

The Phusion team found out that Ruby, Rails and Rack applications are not affected by the recent security issue related to HTTProxy. Great  🕵  investigation!


Use already loaded records in the finder methods

If the records of the finder queries are already loaded, then Rails will use them instead of querying again.

Correctly return associated_table when associated_with? is true

This fixes an issue related to has and belongs to many associations failing when the association name and table name are the same.

Remove circular join references in join_dependency

This fixes a stack level too deep crash when a circular join on the same table is used with the current scope.

Correct the behavior of virtual attributes on models loaded from the database

Before this change, virtual attributes not backed by the database would throw an error unless explicitly initialized. This change fixes it and also cleans up the implementation for virtual attributes. 


Reset rack.input when the environment is scrubbed for the next request

Before this change, parameters sent via post requests would leak across requests in the Action Controller tests. This change prevents that by cleaning rack.input at the end of the request scrubbing.

Changed partial rendering to allow collections which don’t implement to_ary

This change allows collections which do not implement to_ary also to be used for rendering partials. It allows instances of Enumerator or Enumerable to be used for rendering partials.

Wrapping Up

That’s it from This Week in Rails! There were many other great contributions and investigations too numerous to list here, but feel free to check them out!

Until next week!  🕵 🔍 💪

🚀 This Week in Rails: 2x String#blank? perf, assert_changes and more! 🚀

Hello from Vipul.

This was one busy week, with many changes landing on master.
We had lots of performance improvements, bug fixes, new additions and enhancements.

And here I thought everyone was just playing Pokemon Go now. 

Kasper joins Rails core!

That’s right Kasper gets himself a cartoon face!

Kasper has helped make countless changes and helped others make them as well.

He’s continued to making substantial, individual contributions, like the new partial collection caching scheme, wildcard template dependencies, and big improvements to the test runner.

This Week’s Rails Contributors

This week saw contributions from 30 fabulous people. 2 of those had a commit merged into Rails for the very first time.

A big thank you to you all! ❤️ If you fancy seeing yourself up there next week, why not take a peek at the list of current issues? Improvements to the documentation can also be a great place to start!

2x performance boost for String#blank? in Ruby 2.4!

String#blank? now uses Regex#match? following the backwards compatible addition of Regex#match? that was introduced.

This helps to get upto 2x the performance with new Regex improvements on Ruby 2.4!

Introduce assert_changes and assert_no_changes

ActiveSupport::TestCase was augmented to complement assert_difference with a more more general usage.

With this handy comparison, we can now do something like-

user = User.start_registration
assert_changes ‘user.token’, from: nil, to: /\w{​32}​/ do

to encapsulate the state changes, before and after an operation.


Bring back support for callable cache key when rendering collection

Support for custom callable cache key was added back to view caching. This allows us to do something like

<%= render partial: ‘projects/project’, collection: @projects, cached: -> project {​ [project, current_user] }​ %>

and pass a key based on a callable block, which allows us to depend on cache’s and cache expiration based on result of the call. In the above case, the cache will be expired with changes to project and current_user objects.

Add exists? and update_all to CollectionProxy to respect an association scope

This change added exists? and update_all to CollectionProxy to respect an association scope.

This was causing issues in newest version of Rails whenever update_all or exists? were called on a collection object like user.references.update_all(…).


Fix bug in ActiveRecord TimeZoneConverter#set_time_zone_without_conversion

Before this change, multi-parameter attributes conversion with invalid params caused issue, when AR’s time_zone_aware_attributes was enabled, since that caused an invalid conversion. 

The new change, now tries conversion only when a valid value is available for safe-conversion.

Fix calling merge method as the first occurrence in a scope

Previously calling merge as the first method to build up a scope used to lead to errors-

scope :unsafe_chaining, -> {​ merge(Comment.newest) }​ #=> NoMethodError:

This change now allows us to overcome this and build up scopes like-

scope :_chaining, ->{​merge(Comment.newest).joins(:comments) }​ # => OK_


Allow MessageEncryptor to take advantage of authenticated encryption modes

This change allow MessageEncryptor to now support authenticated encryption modes.

AEAD modes like aes-256-gcm provide both confidentiality and data authenticity, eliminating the need to use MessageVerifier to check if the encrypted data has been tampered with. This speeds up encryption/decryption and results in shorter cipher text.

Setup default session store internally, and no longer through an initializer

This change removes creation of the config/initializers/session_store.rb to define session store via initializer and sets up default session store internally.

By default the session store will be set to cookie store with application name as session key.

Wrappin’ Up

That’s it from This Week in Rails! There were many other great contributions, too numerous to list here, but feel free to check them out!

Until next week!