🔎 This Week in Rails: Much investigations, such bug fixes! 🔍

This is detective  🕵  Prathamesh reporting from the secret chambers of Rails.

We were busy investigating many  🐛🐛🐛🐛🐛  this week and I am happy to announce that we have successfully solved many mysterious cases 💪

Rails Contributors

Great 🔍 work by 22 detectives who solved mysterious cases this week. Also welcome to 4 new  🕵  in our growing list of contributors!

Ruby/Rails applications not vulnerable to HTTProxy security issue

The Phusion team found out that Ruby, Rails and Rack applications are not affected by the recent security issue related to HTTProxy. Great  🕵  investigation!

Fixed

Use already loaded records in the finder methods

If the records of the finder queries are already loaded, then Rails will use them instead of querying again.

Correctly return associated_table when associated_with? is true

This fixes an issue related to has and belongs to many associations failing when the association name and table name are the same.

Remove circular join references in join_dependency

This fixes a stack level too deep crash when a circular join on the same table is used with the current scope.

Correct the behavior of virtual attributes on models loaded from the database

Before this change, virtual attributes not backed by the database would throw an error unless explicitly initialized. This change fixes it and also cleans up the implementation for virtual attributes. 

Improved

Reset rack.input when the environment is scrubbed for the next request

Before this change, parameters sent via post requests would leak across requests in the Action Controller tests. This change prevents that by cleaning rack.input at the end of the request scrubbing.

Changed partial rendering to allow collections which don’t implement to_ary

This change allows collections which do not implement to_ary also to be used for rendering partials. It allows instances of Enumerator or Enumerable to be used for rendering partials.

Wrapping Up

That’s it from This Week in Rails! There were many other great contributions and investigations too numerous to list here, but feel free to check them out!

Until next week!  🕵 🔍 💪

🚀 This Week in Rails: 2x String#blank? perf, assert_changes and more! 🚀

Hello from Vipul.

This was one busy week, with many changes landing on master.
We had lots of performance improvements, bug fixes, new additions and enhancements.

And here I thought everyone was just playing Pokemon Go now. 

Kasper joins Rails core!

That’s right Kasper gets himself a cartoon face!

Kasper has helped make countless changes and helped others make them as well.

He’s continued to making substantial, individual contributions, like the new partial collection caching scheme, wildcard template dependencies, and big improvements to the test runner.

This Week’s Rails Contributors

This week saw contributions from 30 fabulous people. 2 of those had a commit merged into Rails for the very first time.

A big thank you to you all! ❤️ If you fancy seeing yourself up there next week, why not take a peek at the list of current issues? Improvements to the documentation can also be a great place to start!

2x performance boost for String#blank? in Ruby 2.4!

String#blank? now uses Regex#match? following the backwards compatible addition of Regex#match? that was introduced.

This helps to get upto 2x the performance with new Regex improvements on Ruby 2.4!

Introduce assert_changes and assert_no_changes

ActiveSupport::TestCase was augmented to complement assert_difference with a more more general usage.

With this handy comparison, we can now do something like-

user = User.start_registration
assert_changes ‘user.token’, from: nil, to: /\w{​32}​/ do
  user.finish_registration
end

to encapsulate the state changes, before and after an operation.

New

Bring back support for callable cache key when rendering collection

Support for custom callable cache key was added back to view caching. This allows us to do something like

<%= render partial: ‘projects/project’, collection: @projects, cached: -> project {​ [project, current_user] }​ %>

and pass a key based on a callable block, which allows us to depend on cache’s and cache expiration based on result of the call. In the above case, the cache will be expired with changes to project and current_user objects.

Add exists? and update_all to CollectionProxy to respect an association scope

This change added exists? and update_all to CollectionProxy to respect an association scope.

This was causing issues in newest version of Rails whenever update_all or exists? were called on a collection object like user.references.update_all(…).

Fixed

Fix bug in ActiveRecord TimeZoneConverter#set_time_zone_without_conversion

Before this change, multi-parameter attributes conversion with invalid params caused issue, when AR’s time_zone_aware_attributes was enabled, since that caused an invalid conversion. 

The new change, now tries conversion only when a valid value is available for safe-conversion.

Fix calling merge method as the first occurrence in a scope

Previously calling merge as the first method to build up a scope used to lead to errors-

scope :unsafe_chaining, -> {​ merge(Comment.newest) }​ #=> NoMethodError:

This change now allows us to overcome this and build up scopes like-

scope :_chaining, ->{​merge(Comment.newest).joins(:comments) }​ # => OK_

Improved

Allow MessageEncryptor to take advantage of authenticated encryption modes

This change allow MessageEncryptor to now support authenticated encryption modes.

AEAD modes like aes-256-gcm provide both confidentiality and data authenticity, eliminating the need to use MessageVerifier to check if the encrypted data has been tampered with. This speeds up encryption/decryption and results in shorter cipher text.

Setup default session store internally, and no longer through an initializer

This change removes creation of the config/initializers/session_store.rb to define session store via initializer and sets up default session store internally.

By default the session store will be set to cookie store with application name as session key.

Wrappin’ Up

That’s it from This Week in Rails! There were many other great contributions, too numerous to list here, but feel free to check them out!

Until next week!

Kasper joins Rails core

It’s a privilege to welcome Kasper Timm Hansen to the Rails core team, and I’m not just saying that because he’s a fellow Dane, though it helps 🇩🇰! Kasper started contributing to Rails during the 2013 Summer of Code program where he worked on the new Loofah-backed sanitizer. It was a big job and Kasper aced it.

Since then he’s racked up almost seven hundred commits on a wide variety of projects and PRs. He’s helped countless contributors polish their pull requests to the point that their work can be committed to the framework.

He’s also continued making substantial, individual contributions, like the new partial collection caching scheme, wildcard template dependencies, and big improvements to the test runner.

He joins the core team as lucky #13 😎✨👏

This Week in Rails: Y U have not updated to Rails 5 yet?!

Hello from Claudio.

This week saw some small fixes applied to Rails 5. Nothing major. Nothing that should stop you from upgrading all your apps from Rails 4.2 to Rails 5. So get onboard! You can do it!

Rails 4.2.7 and 4.1.16 have been released!

Check the blog post for links to all the CHANGELOGs. As Rails 5 was released, this is probably going to be the last release of Rails 4.1. Please take some time to upgrade your application to Rails 4.2 or Rails 5.

This week’s Rails contributors

32 people contributed to Rails this week, including 6 first-timers. Congratulations! Don’t hesitate to check all the changes merged into master this week. 

New

Add support for limits in batch processing

Active Record’s batch processing methods now support limit, so you can write statements like Post.limit(10_000).find_each { ​|post| … }​.

Fixed

Fix AR::to_param to maximize content

The documentation states that AR::to_param should truncate values longer than 20 characters by words. This commit enforces this behavior, using as many characters as possible to maximize the information included in the URL.

AS::Duration to serialize empty values correctly

ActiveSupport::Duration::ISO8601Serializer will not fail when asked to serialize zero-length durations such as ActiveSupport::Duration.parse(0.minutes.iso8601).

AS::TimeZone#strptime to raise the correct error

Trying to parse an invalid date such as in strptime('1999-12-31', '%Y/%m/%d') will now raise ArgumentError rather than the confusing NoMethodError: undefined method empty?.

Check request.path_parameters encoding when they’re set in env

The encoding of path parameters is now checked earlier in the dispatch process so that routes that go directly to a Rack app, or skip controller instantiation, don’t have to defend themselves against non-UTF8 characters.

Improved

Speed up RDoc generation

Every commit to rails/master automatically updates the Rails docs. The RDoc generation has gotten faster by only including files that contain changes since the last generation.

Wrappin’ Up

Repeat after me: “Next week I will upgrade all my projects to Rails 5.”

💬 “Next week I will upgrade all my projects to Rails 5” 💬

I hope you do! And finally, if you happen to travel to sunny California this summer, come say hi at the Los Angeles Ruby meetup. 🌇😎🏄

–Claudio

[ANN] Rails 4.2.7 and 4.1.16 have been released!

Hi everyone,

I am happy to announce that Rails 4.2.7 and 4.1.16 have been released.

As Rails 5 was released, this is probably going to be the last release of Rails 4.1. Please take some time to upgrade your application to Rails 4.2 or Rails 5.

CHANGES since 4.1.15

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.2.6

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you’d like to verify that your gem is the same as the one I’ve uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.1.16:

$ shasum *4.1.16.gem*
73d32e6b3cdb1969a717fc3ca8f5c3efcf83b13c  actionmailer-4.1.16.gem
09a7871a038b949e3b694fb342b4ed8b7aca5cb2  actionpack-4.1.16.gem
a819dd539d801a32cd38ab5de4d87f02fc0319f9  actionview-4.1.16.gem
06d0b51e36752d8359c3c2328a3dd8d74d3e2ae0  activemodel-4.1.16.gem
ee90f4a21ccf60b389faf1aa0c2f98c5d2615e17  activerecord-4.1.16.gem
4249169a2ec9c61a0ebdcc79a42f7c878c1a88e5  activesupport-4.1.16.gem
a34763cea87724c64b020550c61b14f10f770e54  rails-4.1.16.gem
3ac57878a20dc3d676e90658201bd57f51a12eaf  railties-4.1.16.gem

Here are the checksums for 4.2.7:

$ shasum *4.2.7.gem*
60b53f522dc7769ad03fe4d16bedc2fccd2ea238  actionmailer-4.2.7.gem
6660830b452dd1f074b2279c6e229eaf48a82ffd  actionpack-4.2.7.gem
434f4ef869ba26eedfc9faaa7f7fc26d9eff24b4  actionview-4.2.7.gem
4c32473e6f408b70993cede2f1718aef69ce7122  activejob-4.2.7.gem
f21ddf419aa6db5b2aed441d8d3849e22b5b4bbf  activemodel-4.2.7.gem
e2ad80b89e6af968286855a4913c2460adc888c4  activerecord-4.2.7.gem
517fd2649deacd98339954ac41d5378e8215a98a  activesupport-4.2.7.gem
34475b44a9195d440523af4a0cbac8f8435c7c47  rails-4.2.7.gem
5ea798d4276084cf446f9e24599ad24fa2e873b4  railties-4.2.7.gem

I’d like to thank you all, every contributor who helped with this release.

🌵 This Wild Week in Rails 🌵: Rails 4.2.7/4.1.16, new tag helpers syntax and more!

Hola desperados!

Jon (aka Juan el bandido) here saying “Howdy” from the Navarro desert near Pamplona 🇪🇸 to bring you outlaws a back-slappin’ sagebrush issue of This Wild Week in Rails 🌵.

We’ll be covering a selection of the past 2 weeks’ commits. That’s a dadgummit lotta ground to cover, so pack a saddlebag o’ water, watch out fer rattlesnakes, and dontcha hesitate to click through to the pull requests for more info!

Giddyup!

This Week’s Rails Contributors

Let rip some proper hootin’ & hollerin’ fer these 38 heroic wranglerswho contributed to Rails this week, including 8 first-timers! Check out the current issues and the contributing guide if ye’d like to join ‘em!

Rails 4.2.7.rc1 and 4.1.16.rc1 released, gold fever ensues

These two release candidates hit the trail this week. The final release of Rails 4.1.16 should be on its way shortly if no regressions are found. It will probably be the last release of Rails 4.1, so please take some time soon to upgrade your application to Rails 4.2 or Rails 5.

New syntax for Action View tag helpers

Building on an implementation proposal by DHH, new syntactical sugar has been introduced for tag helpers that supports HTML5 markup by default and avoids positional parameters. See the PR for details and code examples as well as #25289 for the groundwork and discussion.

Updated and improved Rails Guides

Many vital documentation contributions were made these past 2 weeks, including completion of the Rails Testing Guide (yeehaw!) and updates for Rails 5.

Improved

Cleaner, simpler stack traces

Scheduled for Rails 5.1, this commit aims to clean up noisy stack traces and log only the traces relevant to the developer. The discussion in the PR and in #25343 is worth reading.

Update Action View tag helpers attributes

This commit brings the boolean attributes for the Action View tag helpers up to date with the current w3.org spec, while dropping autobuffer in favor of preload and removing pubdate.

Raise on nested time travel helpers

Nested time travel calls in tests can lead to confusion in time stubbing. To discourage this practice, Rails now raises on nested travel and travel_to time helper calls.

Fixed

Use correct timezone when parsing dates in json

Time specified in ISO 8601 format without Z should be parsed as local time, yet until now it was treated as UTC. This commit fixes the problem by parsing time using the timezone specified in the application config. Additionally, YYYY-MM-DD format is now parsed as Date , not DateTime as it was until now.

Ported to Rails 5-0-stable since this is a potential breaking change.

Routes using as option now work with GET requests

This fix adds the option to the end of the URL path rather than the query params. The PR discussion contains an example of checking impact on performance and working around it. Backported to 5-0-stable.

Don’t reap reassigned connections

This fix ensures that concurrent invocations of the connection reaper cannot allocate the same connection to two threads. Backported to 5-0-stable.

Fix race condition with websocket stream writes

ActionCable::Connection::Stream now safeguards against concurrent writes to a websocket connection from multiple threads. Backported to 5-0-stable.

Close hijacked I/O socket after use

ActionCable::Connection::Stream now properly closes hijacked sockets when the connection was shut down. Backported to 5-0-stable.

Fix adding implicitly-rendered template digests to ETags

Modifying an implicitly-rendered template for a controller action using fresh_when or stale? now correctly results in a new ETag value.

Fix Type::Date#serialize to consistently return a date object

Type::Date#serialize now properly casts values to date objects when making where and find queries on a date field. Backported to 5-0-stable.

New

New middleware for debugging reloading/executing deadlocks

Backported to 5-0-stable, this PR adds new ActionDispatch::DebugLocks middleware that can be used to diagnose deadlocks in the autoload interlock.

Enable using rake notes with other directories

Developers and gems can now use rake notes to extract notes from other directories (like /spec) by registering them with the SourceAnnotationExtractor.

Wrappin’ Up, Ye Saddle Bums

Luddy Mussy, ah’m all sewn up! That’s all for This Wild Week in Rails 🌵. Der wuz more improvements than we had room to cover here, so doncher hesitate to check ‘em out!

‘Til next week, amigos!

[ANN] Rails 4.2.7.rc1 and 4.1.16.rc1 have been released!

Hi everyone,

I am happy to announce that Rails 4.2.7.rc1 and 4.1.16.rc1 have been released.

As Rails 5 was released, this is probably going to be the last release of Rails 4.1. Please take some time to upgrade your application to Rails 4.2 or Rails 5.

If no regressions are found expect the final release this Thursday, on July 7, 2016. If you find one, please open an issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 4.1.15

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.2.6

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you’d like to verify that your gem is the same as the one I’ve uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.1.16.rc1:

$ shasum *4.1.16.rc1.gem*
8e0be05cfb4e4516c75cc12c971fe4924f111762  actionmailer-4.1.16.rc1.gem
1ad0c0c1bc13ddf9f85c6b1d5cd6288d8d0114d6  actionpack-4.1.16.rc1.gem
ee83721f8f7a95b23aa93163fe3e01ba89ca046a  actionview-4.1.16.rc1.gem
35fa99af4f158079a444cb8473a0a3dd0465220b  activemodel-4.1.16.rc1.gem
680a69dc13474894c84054a1f2a9d23868d6000e  activerecord-4.1.16.rc1.gem
a03b6a27496cf08e215db8e487f3a06a45b0e29a  activesupport-4.1.16.rc1.gem
70bf01fb349592a8473d3ffedb873c9f9abc293d  rails-4.1.16.rc1.gem
5c6cc7659065da6f61fc3ff0bcc13439a4df8ee2  railties-4.1.16.rc1.gem

Here are the checksums for 4.2.7.rc1:

$ shasum *4.2.7.rc1.gem*
6deda04a33d767f0d9d7be5a199c98c359701b34  actionmailer-4.2.7.rc1.gem
723e016bcf59cb860b6343a4936f417c927dab09  actionpack-4.2.7.rc1.gem
19cef0c8418c294ebc46547e29d460c554a4d77c  actionview-4.2.7.rc1.gem
f1038a46fdcbd888dca12285d7bf8db2ea40f80c  activejob-4.2.7.rc1.gem
c48f4b32f0da8ea64541e8ca80b4e15a47e01ad1  activemodel-4.2.7.rc1.gem
0ef45fd5da001370593558cb8b64f5aba6d7de16  activerecord-4.2.7.rc1.gem
5969a35bf853ce9f872f6c99f4d75572d436a4ed  activesupport-4.2.7.rc1.gem
ac23853084ac321ce40a0e79d2f878ad18dac7a3  rails-4.2.7.rc1.gem
e9dde94765e7a8682ff4675f8ae47244a996644d  railties-4.2.7.rc1.gem

I’d like to thank you all, every contributor who helped with this release.

This Week In Rails: Rails 5 is out with new guides and more!

Hello open sourcerer!

Here’s Kasper rushing straight from the bullpen to the printers to report: Slow week, but we’ll get through it.

Just kidding! Rails 5 is here.

In fact, to really underline the magnitude of this achievement please play this music while you read.

Rails 5 is here!

After a period of betas Rails 5.0 has now been released. The headline features are Action Cable and a mode primed for API-only apps.

There are also loads of other goodies which we’re covered here before. Check out our archives or comb through the 9999 commits themselves.

Guides updated for Rails 5

If you’d like a more high level overview there’s also new guides ready.

You can find tips on upgrading, there’s a new version of the testing guide — and there are the full release notes, which has a lot of details.

Rails 5: made by you and me

Rails 5 wouldn’t be possible without the 948 people who put in free time to help make these releases happen. A roaring thank you goes out to every contributor big and small. ❤️

(Here’s what happened just this week.)

Wrapping Up

That’s it from This Week in Rails! There were many other great contributions, too numerous to list here, but feel free to check them out!

Until next week!

Rails 5.0: Action Cable, API mode, and so much more

After six months of polish, four betas, and two release candidates, Rails 5.0 is finally done! It’s taken hundreds of contributors and thousands of commits to get here, but what a destination: Rails 5.0 is without a doubt the best, most complete version of Rails yet. It’s incredible that this community is still going so strong after so long. Thanks to everyone who helped get us here.

The two star features of Rails 5.0 are as follows:

Action Cable

Action Cable is a brand-new framework for handling WebSockets in Rails. It’s a completely integrated solution for managing connections, a channels layer for server-side processing, and a JavaScript layer for client-side interaction. It’s incredibly easy to use, and makes designing live features like chat, notifications, and presence so much easier. It’s what’s powering all those features of Basecamp 3, if you want to see it in action.

What’s really lovely about Action Cable is that you get access to your entire Active Record and PORO domain model in your WebSockets work. We even added a brand-new ActionController::Renderer system that makes it trivial to render your templates outside of controllers, when you want to reuse server-side templates for WebSocket responses.

In development, Action Cable runs in-process with the rest of your app. To do this, we’ve switched the default development server from Webrick to Puma. In production, you may well want to run Action Cable servers in their own processes. That’s how we run it at Basecamp at scale.

Special thanks to Pratik Naik, Javan Makhmali and Matthew Draper for their formative work on Action Cable.

API mode

Rails is not only a great choice when you want to build a full-stack application that uses server-side rendering of HTML templates, but also a great companion for the new crop of client-side JavaScript or native applications that just needs the backend to speak JSON. We’ve made this even clearer now with the new –api mode. If you create a new Rails application using rails new backend --api, you’ll get a slimmed down skeleton and configuration that assumes you’ll be working with JSON, not HTML.

There’s still more work to be done on this feature, but we’re off to a great start. By default, API mode just relies on #to_json calls on model classes. But you can either use Jbuilder, Active Model Serializers, or look at the new JSONAPI::Resources project for a more advanced solution.

Thanks in particular to Santiago Pastorino and Jorge Bejar for making this happen.

Other highlights

  • One Rails Command instead of the split-brain setup between rake and rails, so now it’s bin/rails db:migrate instead of bin/rake db:migrate (herding by Kasper Timm Hansen).
  • New Attributes API by Sean Griffin.
  • The test runner now reports failures inline, so you don’t have to complete the suite to see what went wrong.
  • ApplicationRecord has been born as a default parent class of all models created by the generators.
  • ActiveRecord::Relation#in_batches makes it much easier to deal with record work in batches at a time to lessen memory overloads.
  • Post.where(‘id = 1’).or(Post.where(‘id = 2’)) gives you exactly what you’d think!
  • No more accidentally halting Active Record callbacks because the last statement is false. Now you throw(:abort) explicitly!

You should really checkout the CHANGELOGs, though. There’s just so much new and good stuff available in all the frameworks:

Rails 5.0 also ships with Turbolinks 5 – the one with native iOS and Android wrapper implementations! If you’ve dismissed Turbolinks in the past, I urge you to checkout Sam Stephenson’s RailsConf presentation: Turbolinks 5: I Can’t Believe It’s Not Native!.

There’s even more detail in the full Rails 5.0 release notes and Claudio B. did a nice little slide deck walking through some of his favorite improvements (and removals!). And I did a brand-new let’s build a blog in Rails 5 video to demonstrate the basics.

Your dynamic release manager duo for Rails 5.0 was Eileen M. Uchitelle and Sean Griffin. And the undisputed PR merge champ was Rafael França!

Note: As per our maintenance policy, the release of Rails 5.0 will mean that bug fixes will only apply to 5.0.x, regular security issues to 5.0.x and 4.2.x, and severe security issues also to 5.0.x and 4.2.x (but when 5.1 drops, to 5.1.x, 5.0.x, and 4.2.x). This means 4.1.x and below will essentially be unsupported! Ruby 2.2.2+ is now also the only supported version of Rails 5.0+.

This Week In Rails: 5.0.0.rc2 release, bugfixes, and more!

Hello everyone! This is Greg bringing latest news from the Rails community.

This week’s Rails Contributors

22 great people helped this week to move the Rails framework forward! If you want to join these folks, have a look at the issues list.

Rails 5.0.0.rc2 release!

Rails 5 RC2 has been released with a lot of bug fixes and polishing. We are one step closer to the final release!

Fixed

Fix rails/info routes for apps with globbing route

The /rails/info routes were inaccessible in apps with a catch-all route, as they were being appended after the globbing route and would never be matched.

Fix db:structure:load silent failure on PostgresSQL error

The db:structure:load  task silently failed if there was any SQL error, but with this commit, now it will report the error.

Improved

Improved db:structure:dump

To avoid unnecessary diffs in the db structure dump, the –skip-comments flag is passed to the mysqldump  command from now on.

Changed

datetime_field change

The datetime_tag helper now generates an input tag with the type of datetime-local.

Wrapping Up

That’s it from This Week in Rails! There were many other great contributions, too numerous to list here, but feel free to check them out!

Until next week!