[ANN] Rails 4.2.0.beta4 has been released!

The Rails team has just released Rails 4.2.0.beta4.

In addition to the security fixes in 4.2.0.beta3, this new release includes a number of bug fixes for issues reported since the 4.2.0.beta2 release.

If all goes according to plan, this should be the last beta release for 4.2.0 before we move into the Release Candidates phase. We would like to thank all of the early adopters who participated in the beta testing and reported issues, as well as the 64 contributors who submitted patches to help our team address these bugs.

Happy upgrading!

Rails 3.2.20, 4.0.11, 4.1.7, and 4.2.0.beta3 have been released

Hello everyone!!! It's that time again.

I would like to announce that Rails 3.2.20, 4.0.11, 4.1.7, and 4.2.0.beta3 have been released. These releases contain a security fix where the existence of arbitrary files on the file system can be leaked, but the contents of the file will not be leaked. The issue generally only impacts people who are using Rails to serve static assets, and will generally not impact people who use a proxy to serve static assets. You can read more about the issue here (CVE-2014-7818). A release of sprockets has also been made to help with this issue. You can read about it here (CVE-2014-7819).

For ease of upgrading, the only changes in these releases are the security fixes.

Here are the checksums for the gems:

[aaron@TC release]$ shasum *3.2.20*
b14ca1ad923e035ab2a7785e657c5653447c3149  actionmailer-3.2.20.gem
d6fea767996a954e4bc95fd0ca101ec912fcb093  actionpack-3.2.20.gem
97f5bb424aee73fbbd319baab3fd35c3f5eeb5f4  activemodel-3.2.20.gem
32d76836675a4c88685c3904271b16d9d2338ce9  activerecord-3.2.20.gem
640d83a96accc24e6afcae3cc5b253e5d355983f  activeresource-3.2.20.gem
d1d0a19a589c62278e7d9ac4275d5f8d75df20b3  activesupport-3.2.20.gem
f8b4d3c56d89760c02b37d4c67efd31dedd4df80  rails-3.2.20.gem
41c272d53dd748407210a2270ad17bc7c9f30594  railties-3.2.20.gem
[aaron@TC release]$ shasum *4.0.11*
9718b62f4428a7e4bbf66df4ac57dd82d197905a  actionmailer-4.0.11.gem
f1aec3d29e781e3beb685852db00ecf495150077  actionpack-4.0.11.gem
2ba4ceeff0a76df850d6294e2e1da703f3f6e7cb  activemodel-4.0.11.gem
714dca99a452adfec76b507241896ffd7978a254  activerecord-4.0.11.gem
2791791c5c1eeefb3eee76712656bf674a20867d  activesupport-4.0.11.gem
56bb306d4f0309dcf3a804a97104a3ee26b64b94  rails-4.0.11.gem
243e265c879db8876cce8688374cb7f9bb752d7d  railties-4.0.11.gem
[aaron@TC release]$ shasum *4.1.7*
4e4ce2530ff8773af784340e17e925b3b2c8cb20  actionmailer-4.1.7.gem
81628e433ca4335409677a33cfe9b56627f6ae1a  actionpack-4.1.7.gem
7dc2626f5bc85379c55e49a712f5c0e060340ca8  actionview-4.1.7.gem
83c8be73d22973c843d43a988b27a449d2ca8a9d  activemodel-4.1.7.gem
001156373c248a20c69bcf1451d6f7166dac3ddb  activerecord-4.1.7.gem
217f25a911f8e89cd2834849232555cbc47ca850  activesupport-4.1.7.gem
a1d9bb181d718e7f6cf380136425444e627c2345  rails-4.1.7.gem
1b9c8d08afc8fa77786fef13c54d4e6985cdc6d6  railties-4.1.7.gem
[aaron@TC release]$ shasum *4.2.0*
e5d608e8ce32abdd73c73c91fd34cb8f7075a251  actionmailer-4.2.0.beta3.gem
2e2034c285943777ad325c35292e202a46b937c2  actionpack-4.2.0.beta3.gem
a008833cd1045c926fb6f36ee03e3d34499a0aa9  actionview-4.2.0.beta3.gem
02f4438363419c59b33d85b2dda4d4cf741a6098  activejob-4.2.0.beta3.gem
c8a7dc2134c885ad3b23d4c36be95abc1ec1b769  activemodel-4.2.0.beta3.gem
192e33ab3b9d54954ff834ce6ee7f67a9197cb36  activerecord-4.2.0.beta3.gem
00437ab52df0ed0dd9afe571d083c92c3cdbe361  activesupport-4.2.0.beta3.gem
ca81d6ac9fdd658775d32a6dbfe248ee13f5c87b  rails-4.2.0.beta3.gem
cc302e363248e4bc2d245201f922c576f9fe6f15  railties-4.2.0.beta3.gem

Have a great day!!! <3

[ANN] Rails 4.2.0.beta2 has been released!

Happy Monday everyone!

Today the Rails team is happy to announce that we have released Rails 4.2.0.beta2.

Thanks to all the early adopters who have participated in the first round of beta testing, we have identified a number of bugs, regressions and other imperfections in the codebase. These problems have since been fixed and included in this release.

Security Issues

This release also includes two security patches.

Web Console 2.0.0.beta4

Along with the Rails 4.2.0.beta2 release we also released Web Console 2.0.0.beta4 which includes a security fix.

If you are already using Web Console in development we recommend you to upgrade to this new version of the gem.

Active Job vulnerability

We also fixed an Active Job bug that allowed String arguments to be deserialized as if they were Global IDs, an object injection security vulnerability.

Breaking Changes

In addition to the security and bug fixes, some of the new APIs have also been refined after further testing in real-world applications. This resulted in the following list of breaking changes that are not backwards-compatible with 4.2.0.beta1:

Active Job

The Active Job API has been overhauled:

# The enqueueing method has changed from +enqueue+ to +perform_later+.
# In 4.2.0.beta1:
# In 4.2.0.beta2:

# The ways jobs are scheduled has changed.
# In 4.2.0.beta1:
MyJob.enqueue_at(Date.tomorrow.noon, record)
MyJob.enqueue_in(1.week, record)
# In 4.2.0.beta2:
MyJob.set(wait_until: Date.tomorrow.noon).perform_later(record)
MyJob.set(wait: 1.week).perform_later(record)
# You can also specify a queue to enqueue the job onto with this new API:
MyJob.set(queue: :low_priority).perform_later(record)

Action Mailer

The Action Mailer API has also undergone some changes:

# Two new methods +#deliver_now+ and +#deliver_now!+ were introduced for
# clarity. +#deliver+ and +#deliver!+ have been deprecated and applications are
# encouraged to use the +#deliver_*+ instead.
# In 4.2.0.beta1:
# In 4.2.0.beta2:

# The options for +#deliver_later+ and +#deliver_later!+ has changed to match
# those on Active Job.
# In 4.2.0.beta1:
Notifier.welcome(User.first).deliver_later!(in: 1.hour)
Notifier.welcome(User.first).deliver_later!(at: 10.hours.from_now)
# In 4.2.0.beta2:
Notifier.welcome(User.first).deliver_later!(wait: 1.hour)
Notifier.welcome(User.first).deliver_later!(wait_until: 10.hours.from_now)

Action Controller render behavior change

Historically, calling render "foo/bar" in a controller action is equivalent to calling render file: "foo/bar". Since beta 2, this has been changed to mean render template: "foo/bar" instead. This is due to a number of potential security issues with the old default behavior. If you need to render a file, please change your code to use the explicit form (render file: "foo/bar") instead.

Full list of changes

As always, you can browse the Rails source code repository on GitHub to view the full list of changes that were included in this release.


The Rails team would like to thank the 66 people who contributed patches to make this release possible!

[ANN] Rails 4.1.6 and 4.0.10 have been released!

Hi everyone,

I am happy to announce that Rails 4.1.6 and 4.0.10 have been released.

We are planning to produce one more bug fix release in the 4.0 series, targeted for early December. In keeping with our maintenance policy, after the upcoming release of 4.2.0, the 4.0 series will be retired. It will not receive further updates for either bug fixes or security issues. All users are urged to migrate to 4.1 as soon as possible.

CHANGES since 4.0.9

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.1.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.


If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.0.10:

$ shasum *4.0.10*
4bd4b8a2be1a2a649f46e37b6dff3a2d8f86fd7d  actionmailer-4.0.10.gem
45d76f39092149e46c31f9226dae71b3faa52012  actionpack-4.0.10.gem
08150685a471db48b240618b378ff22e3a9b7811  activemodel-4.0.10.gem
ed3f6b184b4b62b501e0d7876d8e2f946fe0ed31  activerecord-4.0.10.gem
7c886c946e835cbbfb09dc4b4daf7f1bf05db952  activesupport-4.0.10.gem
a2b8e24d83d5395f9532fcdbfa5c441d3f86e060  rails-4.0.10.gem
533c0589dadb4fc3bd5723bb9944464b545a88f3  railties-4.0.10.gem

Here are the checksums for 4.1.6:

$ shasum *4.1.6*
d6ab3d0aecb1cf97bd5a1050356b3151e4e8ef42  actionmailer-4.1.6.gem
ba7233c749a2229e11ef02acea2d114719ceac71  actionpack-4.1.6.gem
ed67c703dfb7d95e391da21f4f2aab52ae7bbfe4  actionview-4.1.6.gem
1a9ca827740d5e3e254b26886b19ea9094b407c5  activemodel-4.1.6.gem
69d77feb4ce141551875e2a4167d0f5529bd0526  activerecord-4.1.6.gem
dc838a42455b674b95c15bf7433552ffdf777a4f  activesupport-4.1.6.gem
8f2ebf38a0a8d70d8f19916e0b51ece8a954ff8d  rails-4.1.6.gem
c9b10576113567011d37fa28aa4e5ca99b2e4fd9  railties-4.1.6.gem

I'd like to thank you all, every contributor who helped with this release.

[ANN] Rails 4.1.6.rc2 and 4.0.10.rc2 have been released!

Hi everyone,

I am happy to announce that Rails 4.1.6.rc2 and 4.0.10.rc2 have been released.

If no regressions are found expect the final release this Thursday, on September 11, 2014. If you find one, please open an issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 4.0.9

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.1.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.


If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.0.10.rc2:

$ shasum *4.0.10.rc2*
16be6057a1af45d0eaf9e5bb95f0980f0498ed38  actionmailer-4.0.10.rc2.gem
b736f6ec57f14a08611bf94e9170a102bbcd235e  actionpack-4.0.10.rc2.gem
7508c684dcfa38fca79640f7196fd437c6945be7  activemodel-4.0.10.rc2.gem
aef89eeadb957dac5ec21cce6e640f13fad301f0  activerecord-4.0.10.rc2.gem
1b6d2dfd4d69605d58de34eaa68bf9c98fedb581  activesupport-4.0.10.rc2.gem
7e3de742b723def7e0026b89e8c744822f66fe23  rails-4.0.10.rc2.gem
bb4f5083436987907c38dc019261b3477386b4b9  railties-4.0.10.rc2.gem

Here are the checksums for 4.1.6.rc2:

$ shasum *4.1.6.rc2*
8fbbefa7a1f87569b54b6b0444ccb42b112b8b4e  actionmailer-4.1.6.rc2.gem
81c84fed39c32a013da3da7181eb81b41084c62f  actionpack-4.1.6.rc2.gem
e750e2a53c16b3312a049c044c9f7d5e7ed1f228  actionview-4.1.6.rc2.gem
8f034fa15a6c364d818e28a0bdd5bc4bcc691025  activemodel-4.1.6.rc2.gem
8259ec18fbaaec162c4eaf344f2a4507322e049b  activerecord-4.1.6.rc2.gem
c220cbad51271b9a2c4e2ef390a0060e66127323  activesupport-4.1.6.rc2.gem
1578350d0c58c5c5ce3e771541336c76728b9c34  rails-4.1.6.rc2.gem
d70a87ccb0d002b4c44cade8ce30a8ae6394313e  railties-4.1.6.rc2.gem

I'd like to thank you all, every contributor who helped with this release.

Senny and Godfrey to Rails core, Yehuda to alumni

The Rails core team has just accepted Yves "Senny" Senn and Godfrey Chan into its ranks.

Yves had his first patch committed to Rails back in 2011 and has since racked up 1256 commits of improvements to the framework. He's a developer with 4teamwork from Bern, Switzerland, and we couldn't be happier to recognize his great work by admission to Rails core!

Godfrey Chan has been on a tear this year to help making everything Rails better. A lot of work and commits and reviews have come from Chan to ensure Rails 4.2 is the best it can be. He had his first commit in 2012, and has since racked up another 255. Welcome as well!

Finally, Yehuda Katz is retiring from active core participation and will join the hallowed halls of the Rails alumni. We thank him dearly for all he has done to improve Rails and Ruby. It's been a pleasure to argue with him endlessly over things big and small, and doubt that's going to stop just because he's now alumni.

Thanks to Yves, Godfrey, and Yehuda, and to everyone else working on improving Rails, for their service. The community is grateful!

Rails 4.2.0 beta1: Active Job, Deliver Later, Adequate Record, Web Console

We're putting the final touches on the first major new release of Rails in its second decade of life. While most software would be in a retirement home after a decade of operation, Rails has never been more fit, and this release is packed with goodies that'll make your work even easier, your apps even faster, and the whole experience even better.

Active Job, ActionMailer #deliver_later

The headline feature for Rails 4.2 is the brand new Active Job framework, and its integrations. Active Job is an adapter layer on top of queuing systems like Resque, Delayed Job, Sidekiq, and more. You can write your jobs to Active Job, and they'll run on all these queues with no changes.

With an always-configured queue in place (though the default is just an inline runner), we can build on top of that where it makes sense. And the first place it makes sense is to send Action Mailer emails asynchronously. So we're introducing the #deliver_later method, which will do just that: Add your email to be sent as a job to a queue, so you don't bog down the controller or model. Voila!

The cherry on top is our new GlobalID library. It makes it easy to pass Active Record objects to jobs by serializing them in a generic form. This means you no longer have to manually pack and unpack your Active Records by passing ids. Just give the job the straight AR object, and it'll serialize it using GlobalID, and deserialize it at run time. So much easier!

Special thanks go out to Cristian Bica and Abdelkader Boudih for their outstanding work bringing this trinity of improvements to Rails!

Adequate Record

Aaron Patterson is always hunting for performance bounties in Rails, and with an improvement project called Adequate Record for Active Record, he's come up good. A lot of common queries are now no less than twice as fast in Rails 4.2! This is a great step forward for performance. While computers are constantly getting cheaper and performance is improving, nobody ever said "hey, get that free speed out of my framework". So there you go: Some free speed, buddy!

Web Console

Out of the wonderful Google Summer of Code for Rails campaign comes Web Console. It's an IRB console available in the browser. In development mode, you can go to /console and do your work right there.

Now that's neat, but what's insanely useful is that this console is automatically available on all exception pages! So when something is bust, you'll now instantly be able to inspect the state of affairs. It even allows you to jump between the different points in the backtrace, and you'll be able to inspect things right at that point.

It's a wonderful improvement to the debugging workflow. Thanks to Genadi Samokovarov and Ryan Dao for their work on this project.

Everything else

Some quick highlights from the rest of all the wonder that is Rails 4.2:

  • Template digests are now automatically included when calculating etags for caching. So caches are bust when the template changes.
  • respond_with has moved out and into its own proper home with the responders gem.
  • Support for real foreign keys! add_foreign_key/remove_foreign_key are now available in migrations.
  • A ton of bug fixes and minor improvements to Active Record.
  • Added config.x.whatever.you_want = true for custom configuration of your app in config/environments/*, config/application.rb, and initializers.
  • Added Rails::Application.config_for(:some_yaml) to load YAML configurations store in config/ easily.

We're working on a set of preliminary release notes too.

Maintenance consequences and Rails 5.0!

As per our maintenance policy, the release of Rails 4.2 will mean that bug fixes will only apply to 4-2-stable, regular security issues to 4.2.x, 4.1.x, and severe security issues to 4.2.x, 4.1.x, and 3.2.x. In addition to these already stated commitments, the honorable Rafael França has agreed to also apply bug fixes to 4-1-stable. So everyone still on 4.1 and unable to move quickly can thank Rafael!

Rails 4.2 will also mark the last big release in the 4.x series. After release, we're going to work towards the big Rails 5.0! This means rails/master will have that target as soon as the release candidates for 4.2 start, and 4-2-stable is created.

Rails 5.0 is in most likelihood going to target Ruby 2.2. There's a bunch of optimizations coming in Ruby 2.2 that are going to be very nice, but most importantly for Rails, symbols are going to be garbage collected. This means we can shed a lot of weight related to juggling strings when we accept input from the outside world. It also means that we can convert fully to keyword arguments and all the other good stuff from the latest Ruby.

The release target for Rails 5.0 is currently spring/summer of 2015. So there's a while yet, but we're putting this out there for people to know, so gem maintainers and other Ruby implementations can know where we're going.

Please help us make Rails 4.2 solid!

We rely on the feedback from everyone in the community to flush out bugs and upgrade issues ahead of a big release like this. So please give Rails 4.2 a try on your app, and if you're starting a new app today, you should probably use the beta1 for that, if you're just the least bit savvy with Rails.

Issues can be recorded on the Github issues tracker.

Already, 476 people have contributed to this new release of Rails. Please do become one of them!

[ANN] Rails 4.1.6.rc1 and 4.0.10.rc1 have been released!

Hi everyone,

I am happy to announce that Rails 4.1.6.rc1 and 4.0.10.rc1 have been released.

If no regressions are found expect the final release this Friday, on August 22, 2014. If you find one, please open an issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 4.0.9

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.1.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.


If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.0.10.rc1:

$ shasum *4.0.10.rc1*
fa4efa72a6b89c6dcf55280f6bbfab00564982e8  actionmailer-4.0.10.rc1.gem
bfbb408c6c2ab89eafda1b84a33f83a9f58eda8c  actionpack-4.0.10.rc1.gem
f1bedb27e877ca6493541a69491910ce70a34ed0  activemodel-4.0.10.rc1.gem
f211a80fc134f38f4eb2d503b3ca7e92a83eabed  activerecord-4.0.10.rc1.gem
e751d258407d02c3f8790775ffa99f0895c56704  activesupport-4.0.10.rc1.gem
34b8908b2738e78917a434b45ae9fe82b4908425  rails-4.0.10.rc1.gem
a2d4ee8203ce07785b15b367ffe31f9ea96268a7  railties-4.0.10.rc1.gem

Here are the checksums for 4.1.6.rc1:

$ shasum *4.1.6.rc1*
3589d4ea69a04f87ea5335994a43f8d814c6c8df  actionmailer-4.1.6.rc1.gem
b51d28e356c58d08d2f65a3a4912a2911b9d4ffe  actionpack-4.1.6.rc1.gem
f2a8ba7e7ca8fa9e74688cbca3af1e8d48b23de7  actionview-4.1.6.rc1.gem
9a2778d02bd596d629eca6265f0a6d7cecb7d2ef  activemodel-4.1.6.rc1.gem
681023c5764cb1336b6d74bf2ff76efd9c1386b7  activerecord-4.1.6.rc1.gem
85c4e30b5b0eba99c9d43049206591250aed2072  activesupport-4.1.6.rc1.gem
fd10c0533065471768d8fe4b7e7ba81738c607dd  rails-4.1.6.rc1.gem
ec05790e0d256a474f0eaf3ae61e9556e71f1b18  railties-4.1.6.rc1.gem

I'd like to thank you all, every contributor who helped with this release.

Rails 4.0.9 and 4.1.5 have been released!

Hi everyone!

Rails 4.0.9 and 4.1.5 have been released!

These two releases contain a security fix, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue.

The security fix for 4.0.9 and 4.1.5 is:

the commits for 4.0.9 can be found here, and the commits for 4.1.5 can be found here.

Here are the checksums for 4.0.9:

$ shasum *4.0.9*
2034a17791be885e8e4e6211c26447614c830e62  actionmailer-4.0.9.gem
00b13c7dfe94af6ede24c6c1652ff4bc2aee9ef8  actionpack-4.0.9.gem
0a16de437de79128846d5a5fc73a0a0d6ebe369e  activemodel-4.0.9.gem
3d1884dff4fa64267d7c840dbaaac3eafc6fc0a9  activerecord-4.0.9.gem
eb27657cf79c4c13f7b4c4f7aa69a8a171f4e68c  activesupport-4.0.9.gem
2bdba9c61f8860d1883ed5803591dc603b7312fb  rails-4.0.9.gem
f90c7f3104d9d63992d53331990e33c1d832e7c0  railties-4.0.9.gem

Here are the checksums for 4.1.5:

$ shasum *4.1.5*
798edeca54bb9ca1ba91b7669fccb4d2bb41f404  actionmailer-4.1.5.gem
2354a982938658cfafd6097a406ac43facb80c70  actionpack-4.1.5.gem
eb71ffc6ea7537d6066483b6ff5d1edf51f0c344  actionview-4.1.5.gem
15a24e5a1e9191541cc7b24bc1f74e3a0293cf97  activemodel-4.1.5.gem
27cd6cc6a3b52eb5966171e5959b0505f411e8ce  activerecord-4.1.5.gem
44a53eac3e7851c2311cce42f63c966ea05b5552  activesupport-4.1.5.gem
7fa52337ec2b659abfb5b5678125ba0d3b5cbce7  rails-4.1.5.gem
6ffdb1e19734460ded12f9a66f8390ea071f6727  railties-4.1.5.gem


Rails 4.0.8 and 4.1.4 have been released!

Hi everyone!

Rails 4.0.8 and 4.1.4 have been released!

The security patches introduced a regression on the PostgreSQL Range feature. This regression was only introduced to Rails 4.x. Rails 3.2 users are not impacted.

the commits for 4.0.8 can be found here, and the commits for 4.1.4 can be found here.

Here are the checksums for 4.0.8:

$ shasum *4.0.8*
1214de9fa493f5a23c87f7a7c2f1af84f67b60b6  actionmailer-4.0.8.gem
342aa07585b9b4b32ba37c8baf6fe93c53619ad6  actionpack-4.0.8.gem
b40e3b1bbd744b868f74c26e1088d73c9e7d7297  activemodel-4.0.8.gem
b1e28bdad10f21ed8af8b3b8b5e70f0110d19dff  activerecord-4.0.8.gem
1d3d2a767478aee5be22db197b2ec06cdaede10a  activesupport-4.0.8.gem
dbfa6c723191bf61d1c2d3f9809259f419956a74  rails-4.0.8.gem
f22a0677d9151d1f31d109b1c0687b53e06a94f7  railties-4.0.8.gem

Here are the checksums for 4.1.4:

$ shasum *4.1.4*
5e6426134003a55e0f43ff371521f6d66c8881b7  actionmailer-4.1.4.gem
79e84be29d961ef2c175cb5258b1d8c78ad6460f  actionpack-4.1.4.gem
8ba89c7399b81e2727402806176de0db397732eb  actionview-4.1.4.gem
9edc0b4e5c709ad11517a9f40ba50ee93e97e59b  activemodel-4.1.4.gem
23851340221e38717a7159ebcd2eb398e8ebeacd  activerecord-4.1.4.gem
388bd214252b34d22ec8bd1ca2445d7b53cd39bb  activesupport-4.1.4.gem
0e050607bb8581dc756c5184a5920de9708398f1  rails-4.1.4.gem
e1a75ea7161db14c953fce1e399c4e20b2eaa364  railties-4.1.4.gem