As last time, please give this release candidate an honest try. This is pretty much the version we're going to ship unless people find and report blocking issues. Depending on how much stuff is unearthed, we expect that the final version could drop in as little as 3-4 weeks. Please report all the issues you find on the Rails issue tracker.
We're still working on the upgrade guide from 3.2 to 4.0, but that's a good place to start for help on how to do it. We're also so lucky to have many authors and screencasters ready with material for 4.0. In the books department, you'll find Rails 4.0-ready versions of Agile Web Development with Rails and Crafting Rails Applications. For screencasts, checkout the new Rails 4: Zombie Outlaws and Mike Clark's Rails 4 class. There's new material and books coming out all the time from a variety of other authors and broadcasters, so we're really in good shape with training material timed for the release this time!
As always, install the release with gem install rails --version 4.0.0.rc1 --no-ri --no-rdoc or depend on the v4.0.0.rc1 tag. We also have a new 4-0-stable branch. Master is now safe to move on to developing features for 4.1.
Go West, friends!
]]>We're building a potential list of project ideas on a GitHub wiki, but we welcome other interesting proposals. If your proposal gets accepted, Google will pay you $5000 over the course of three months to work on the code. If you're interested, head over to the GSoC site and start reading about the process. Student applications can be submitted starting April 22 and the deadline is May 3.
If you're wondering what's involved in becoming a GSoC student then the Google Student Guide has all the details on what's expected and what you will gain from taking part. Any further questions can be directed either to the mailing list or to me directly.
What if you're not a student? You can still help out by discussing ideas on the special mailing list we've setup for this year's program. Or if you've got previous experience of contributing to Rails and are ready to make a strong commitment to help out the next generation of developers, you can apply to be a mentor.
We're looking forward to working with this year's students, and expecting some outstanding contributions to Rails as a result!
]]>Rails versions 3.2.13, 3.1.12, and 2.3.18 have been released. These releases contain important security fixes. It is recommended users upgrade as soon as possible.
Please check out these links for the security fixes:
sanitize helper of Ruby on RailsAll versions of Rails are impacted by one or more of these security issues, but per our maintenance policy, only versions 3.2.13, 3.1.12, and 2.3.18 have been released. You can find patches for older versions on each stable branch on GitHub:
as well as with the security advisories.
For other changes in each particular release, please see the CHANGELOG corresponding to that version. For all commits in each release, please follow the links below:
Here are the checksums for the released gems:
[aaron@higgins dist]$ shasum *3.2.13.gem
72b14536f1717121e8b2a5aa5a06c6194e02c87c actionmailer-3.2.13.gem
a21166f7c364ff7825bf83f9757c33cc44fa0c00 actionpack-3.2.13.gem
9fa309dee3f87a53764db3aaefe3bbf6f9724ad2 activemodel-3.2.13.gem
469f6b4456d7fa1bf0336d488ad5878a6842e2da activerecord-3.2.13.gem
0c89382354ffc5b4438ed37434b50d7cbc71d569 activeresource-3.2.13.gem
cdf230b698b28ae1cffb325ecbb9e219645ed68b activesupport-3.2.13.gem
3785dc8d2af1521baddf2d90b67a9b61b2b31604 rails-3.2.13.gem
ff0607812bead596492272e4a4306ae3e950bdf4 railties-3.2.13.gem
[aaron@higgins dist]$ shasum *3.1.12.gem
b3f0ecee33032416170263508ccfb33d5dd65eef actionmailer-3.1.12.gem
426fcf3f5d4e29ae6bf21f536a97d90d02bf73bb actionpack-3.1.12.gem
2b01ba8bd85d67ded372f3908b694c1fa1ccb041 activemodel-3.1.12.gem
a3afc58fe3f7448ba09cdacb2046c9e10e474cb4 activerecord-3.1.12.gem
d3402193c0820f016b492162547194f942c96c1a activeresource-3.1.12.gem
e25ed2f7e055d38b1bed482faf8b563a6b7e3899 activesupport-3.1.12.gem
75c2f85ed1e09d2bd1baa3efab5f097cdaef2a6b rails-3.1.12.gem
618c5beb85124fbedfe41a72424079700f7a1d2c railties-3.1.12.gem
[aaron@higgins dist]$ shasum *2.3.18.gem
09e361c4c96104303abad5faa4aec72ebe7c19d1 actionmailer-2.3.18.gem
deca0d8352858f734479b54162269e334faada21 actionpack-2.3.18.gem
e385b4b2e863592f9f06ca3248a67a18ea8c7e6c activerecord-2.3.18.gem
ff4fb4a62c4d4007a6c596edf8f7055147948e60 activeresource-2.3.18.gem
1b9102fa31a47cf66b0c2583c99b707544d42054 activesupport-2.3.18.gem
f4aff07dce1db10ad6145e358344671cc482de70 rails-2.3.18.gem
Happy Monday!
<3<3<3
]]>I'd like to announce that Rails 3.2.13.rc2 has been released.
Rails 3.2.13.rc2 contains fixes for regressions found in rc1. Please test out rc2. If you find regressions between 3.2.13.rc2 and 3.2.12, please email the rails-core mailing list, or file an issue on GitHub.
If there aren't any major regressions, 3.2.13 final will be released on March 13, 2013.
Changes:
<3<3<3
]]>This is a bugfix release, with 287 commits. There is one big thing that is technically a fix but is sort of a feature: Ruby 2.0 support. Big thanks to Prem Sichanugrist for putting that together! Please give your applications a try on Ruby 2.0 and let me know how that goes.
Action Mailer
No changes.
Action Pack
Determine the controller#action from only the matched path when using the shorthand syntax. Previously the complete path was used, which led to problems with nesting (scopes and namespaces). Fixes #7554. Backport #9361.
Example:
# this will route to questions#new
scope ':locale' do
get 'questions/new'
end
Yves Senn
Fix assert_template with render :stream => true.
Fix #1743.
Backport #5288.
Sergey Nartimov
Eagerly populate the http method loookup cache so local project inflections do not interfere with use of underscore method ( and we don't need locks )
Aditya Sanghi
BestStandardsSupport no longer duplicates X-UA-Compatible values on
each request to prevent header size from blowing up.
Edward Anderson
Fixed JSON params parsing regression for non-object JSON content.
Dylan Smith
Prevent unnecessary asset compilation when using javascript_include_tag on
files with non-standard extensions.
Noah Silas
Fixes issue where duplicate assets can be required with sprockets.
Jeremy Jackson
Bump rack dependency to 1.4.3, eliminate Rack::File headers deprecation warning.
Sam Ruby + Carlos Antonio da Silva
Do not append second slash to root_url when using trailing_slash: true
Fix #8700. Backport #8701.
Example:
# before
root_url # => http://test.host//
# after
root_url # => http://test.host/
Yves Senn
Fix a bug in content_tag_for that prevents it for work without a block.
Jasl
Clear url helper methods when routes are reloaded by removing the methods explicitly rather than just clearing the module because it didn't work properly and could be the source of a memory leak.
Andrew White
Fix a bug in ActionDispatch::Request#raw_post that caused env['rack.input']
to be read but not rewound.
Matt Venables
More descriptive error messages when calling render :partial with
an invalid :layout argument.
Fixes #8376.
render :partial => 'partial', :layout => true
# results in ActionView::MissingTemplate: Missing partial /true
Yves Senn
Accept symbols as #send_data :disposition value. [Backport #8329] Elia Schito
Add i18n scope to distance_of_time_in_words. [Backport #7997] Steve Klabnik
Fix side effect of url_for changing the :controller string option. [Backport #6003]
Before:
controller = '/projects'
url_for :controller => controller, :action => 'status'
puts controller #=> 'projects'
After
puts controller #=> '/projects'
Nikita Beloglazov + Andrew White
Introduce ActionView::Template::Handlers::ERB.escape_whitelist. This is a list
of mime types where template text is not html escaped by default. It prevents Jack & Joe
from rendering as Jack & Joe for the whitelisted mime types. The default whitelist
contains text/plain. Fix #7976 [Backport #8235]
Joost Baaij
BestStandardsSupport middleware now appends it's X-UA-Compatible value to app's
returned value if any. Fix #8086 [Backport #8093]
Nikita Afanasenko
prevent double slashes in engine urls when Rails.application.default_url_options[:trailing_slash] = true is set
Fix #7842
Yves Senn
Fix input name when :multiple => true and :index are set.
Before:
check_box("post", "comment_ids", { :multiple => true, :index => "foo" }, 1)
#=> <input name=\"post[foo][comment_ids]\" type=\"hidden\" value=\"0\" /><input id=\"post_foo_comment_ids_1\" name=\"post[foo][comment_ids]\" type=\"checkbox\" value=\"1\" />
After:
check_box("post", "comment_ids", { :multiple => true, :index => "foo" }, 1)
#=> <input name=\"post[foo][comment_ids][]\" type=\"hidden\" value=\"0\" /><input id=\"post_foo_comment_ids_1\" name=\"post[foo][comment_ids][]\" type=\"checkbox\" value=\"1\" />
Fix #8108
Daniel Fox, Grant Hutchins & Trace Wax
Active Model
Active Record
Reverted 921a296a3390192a71abeec6d9a035cc6d1865c8, 'Quote numeric values compared to string columns.' This caused several regressions.
Steve Klabnik
Fix overriding of attributes by default_scope on ActiveRecord::Base#dup.
Hiroshige UMINO
Fix issue with overriding Active Record reader methods with a composed object
and using that attribute as the scope of a uniqueness_of validation.
Backport #7072.
Peter Brown
Sqlite now preserves custom primary keys when copying or altering tables. Fixes #9367. Backport #2312.
Sean Scally + Yves Senn
Preloading has_many :through associations with conditions won't
cache the :through association. This will prevent invalid
subsets to be cached.
Fixes #8423.
Backport #9252.
Example:
class User
has_many :posts
has_many :recent_comments, -> { where('created_at > ?', 1.week.ago) }, :through => :posts
end
a_user = User.includes(:recent_comments).first
# this is preloaded
a_user.recent_comments
# fetching the recent_comments through the posts association won't preload it.
a_user.posts
Yves Senn
Fix handling of dirty time zone aware attributes
Previously, when time_zone_aware_attributes were enabled, after
changing a datetime or timestamp attribute and then changing it back
to the original value, changed_attributes still tracked the
attribute as changed. This caused [attribute]_changed? and
changed? methods to return true incorrectly.
Example:
in_time_zone 'Paris' do
order = Order.new
original_time = Time.local(2012, 10, 10)
order.shipped_at = original_time
order.save
order.changed? # => false
# changing value
order.shipped_at = Time.local(2013, 1, 1)
order.changed? # => true
# reverting to original value
order.shipped_at = original_time
order.changed? # => false, used to return true
end
Backport of #9073 Fixes #8898
Lilibeth De La Cruz
Fix counter cache columns not updated when replacing has_many :through
associations.
Backport #8400.
Fix #7630.
Matthew Robertson
Don't update column_defaults when calling destructive methods on column with default value.
Backport c517602.
Fix #6115.
Piotr Sarnacki + Aleksey Magusev + Alan Daud
When #count is used in conjunction with #uniq we perform count(:distinct => true).
Fix #6865.
Example:
relation.uniq.count # => SELECT COUNT(DISTINCT *)
Yves Senn + Kaspar Schiess
Fix ActiveRecord::Relation#pluck when columns or tables are reserved words.
Backport #7536.
Fix #8968.
Ian Lesperance + Yves Senn + Kaspar Schiess
Don't run explain on slow queries for database adapters that don't support it. Backport #6197.
Blake Smith
Revert round usec when comparing timestamp attributes in the dirty tracking. Fixes #8460.
Andrew White
Revert creation of through association models when using collection=[]
on a has_many :through association from an unsaved model.
Fix #7661, #8269.
Ernie Miller
Fix undefined method to_i when calling new on a scope that uses an
Array; Fix FloatDomainError when setting integer column to NaN.
Fixes #8718, #8734, #8757.
Jason Stirk + Tristan Harward
Serialized attributes can be serialized in integer columns. Fix #8575.
Rafael Mendonça França
Keep index names when using alter_table with sqlite3.
Fix #3489.
Backport #8522.
Yves Senn
Recognize migrations placed in directories containing numbers and 'rb'. Fix #8492. Backport of #8500.
Yves Senn
Add ActiveRecord::Base.cache_timestamp_format class attribute to control
the format of the timestamp value in the cache key.
This allows users to improve the precision of the cache key.
Fixes #8195.
Rafael Mendonça França
Add :nsec date format. This can be used to improve the precision of cache key.
Please note that this format only works with Ruby 1.9, Ruby 1.8 will ignore it completely.
Jamie Gaskins
Unscope update_column(s) query to ignore default scope.
When applying default_scope to a class with a where clause, using
update_column(s) could generate a query that would not properly update
the record due to the where clause from the default_scope being applied
to the update query.
class User < ActiveRecord::Base
default_scope where(active: true)
end
user = User.first
user.active = false
user.save!
user.update_column(:active, true) # => false
In this situation we want to skip the default_scope clause and just update the record based on the primary key. With this change:
user.update_column(:active, true) # => true
Backport of #8436 fix.
Carlos Antonio da Silva
Fix performance problem with primary_key method in PostgreSQL adapter when having many schemas. Uses pg_constraint table instead of pg_depend table which has many records in general. Fix #8414
kennyj
Do not instantiate intermediate Active Record objects when eager loading.
These records caused after_find to run more than expected.
Fix #3313
Backport of #8403
Yves Senn
Fix pluck to work with joins. Backport of #4942.
Carlos Antonio da Silva
Fix a problem with translate_exception method in a non English environment.
Backport of #6397.
kennyj
Fix dirty attribute checks for TimeZoneConversion with nil and blank datetime attributes. Setting a nil datetime to a blank string should not result in a change being flagged. Fixes #8310. Backport of #8311.
Alisdair McDiarmid
Prevent mass assignment to the type column of polymorphic associations when using build.
Fixes #8265.
Backport of #8291.
Yves Senn
When running migrations on Postgresql, the :limit option for binary and text columns is
silently dropped.
Previously, these migrations caused sql exceptions, because Postgresql doesn't support limits
on these types.
Victor Costan
#pluck can be used on a relation with select clause.
Fixes #7551.
Backport of #8176.
Example:
Topic.select([:approved, :id]).order(:id).pluck(:id)
Yves Senn
Use nil? instead of blank? to check whether dynamic finder with a bang
should raise RecordNotFound.
Fixes #7238.
Nikita Afanasenko
Fix deleting from a HABTM join table upon destroying an object of a model with optimistic locking enabled. Fixes #5332.
Nick Rogers
Use query cache/uncache when using ENV["DATABASE_URL"]. Fixes #6951. Backport of #8074.
kennyj
Do not create useless database transaction when building has_one association.
Example:
User.has_one :profile
User.new.build_profile
Backport of #8154.
Bogdan Gusiev
AR::Base#attributes_before_type_cast now returns unserialized values for serialized attributes.
Nikita Afanasenko
Fix issue that raises NameError when overriding the accepts_nested_attributes in child classes.
Before:
class Shared::Person < ActiveRecord::Base
has_one :address
accepts_nested_attributes :address, :reject_if => :all_blank
end
class Person < Shared::Person
accepts_nested_attributes :address
end
Person
#=> NameError: method `address_attributes=' not defined in Person
After:
Person
#=> Person(id: integer, ...)
Fixes #8131.
Gabriel Sobrinho, Ricardo Henrique
Active Resource
No changes.
Active Support
Fix DateTime comparison with DateTime::Infinity object.
Dan Kubb
Remove surrogate unicode character encoding from ActiveSupport::JSON.encode The encoding scheme was broken for unicode characters outside the basic multilingual plane; since json is assumed to be UTF-8, and we already force the encoding to UTF-8 simply pass through the un-encoded characters.
Brett Carter
Fix mocha v0.13.0 compatibility. James Mead
#as_json isolates options when encoding a hash. [Backport #8185]
Fix #8182
Yves Senn
Handle the possible Permission Denied errors atomic.rb might trigger due to its chown and chmod calls. [Backport #8027]
Daniele Sluijters
Railties
No changes.
Full listing
To see the full list of changes, check out all the commits on GitHub.
If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes:
6a33c2d10abb5512499addb675df658e179f2e79 actionmailer-3.2.13.rc1.gem11d8303470698c5b0ac68f187a15093c07383c89 actionpack-3.2.13.rc1.gema72dafd8b1e3372cc4dda9015b93bf5509b25baa activemodel-3.2.13.rc1.gem3c6463ab11658b5ab0fe6a4ad06eb52968ef4492 activerecord-3.2.13.rc1.gem06cec200b95dc1f64614cd03432e9ab06742a865 activeresource-3.2.13.rc1.gem5ff59cacae5295baf30a6fb8fb656037f22af3c2 activesupport-3.2.13.rc1.gemfacf4549445922d9dc2a836283ae928fa52df4f8 rails-3.2.13.rc1.gem55e44f621efbf531d9ccade6d27259f7dabae167 railties-3.2.13.rc1.gem<3<3<3
]]>The purpose of this beta is to get as many people as possible to try to upgrade from Rails 3.2 and earlier and to get an adventurous few to start new applications directly on Rails 4.0. That's the only way we're going to suss out all the issues and ensure that we can launch a solid final release. So please help us with that if you can!
Rails 4.0 is packed with new goodies and farewells to old goodies past their expiration date.
A big focus has been on making it dead simple to build modern web applications that are screaming fast without needing to go the client-side JS/JSON server route. Much of this work was pioneered for Rails in the new version of Basecamp and focuses on three aspects:
Rails is of course still a great JSON server for people who want to build client-side JS views, but with the progress we've made for Rails 4.0, you certainly won't need to go down that route just to have a super fast application.
We've also added live streaming for persistent connections and Rails 4.0 is now safe for threaded servers out of the box (no more need for config.threadsafe!).
Active Record has received a ton of love as well to make everything related to scoping and the query structure more consistent.
Given all the fun we've had with security issues, we have some great updates there as well:
On top of these new features and fixes, we have hundreds more of all sorts. Everything has been combed over, streamlined, simplified, and we've extracted out lots of old APIs and things that just don't fit "most people most of the time".
Active Resource, Active Record Observers, and Action Pack page and action caching are all examples of things that are no longer in core, but lives on in plugins.
We encourage you to peruse the CHANGELOGs for all the Rails frameworks and delight over the hundreds of improvements we've made to Rails 4.0: Action Pack, Active Model, Active Record, Active Support, Rails.
Now let's all work together to ensure the release is final and enjoy the bad-ass combination of Ruby on Rails 24! (Or 42?). Please report all the issues you find on the Rails issue tracker. We're still working on the upgrade guide from 3.2 to 4.0, but that's a good place to start for help on how to do it. As always, install betas with gem install rails --version 4.0.0.beta1 --no-ri --no-rdoc (--pre and ri generation is busted on RubyGems 2.0 at the moment) or depend on the v4.0.0.beta1 tag.
Support of the Rails framework is divided into four groups: New features, bug fixes, security issues, and severe security issues. They are handled as follows, all versions in x.y.z format:
New Features are only added to the master branch and will not be made available in point releases.
Only the latest release series will receive bug fixes. When enough bugs are fixed and its deemed worthy to release a new gem, this is the branch it happens from.
Currently included series: 3.2.z
After the Rails 4 release: 4.0.z
The current release series and the next most recent one will receive patches and new versions in case of a security issue.
These releases are created by taking the last released version, applying the security patches, and releasing. Those patches are then applied to the end of the x-y-stable branch. For example, a theoretical 1.2.3 security release would be built from 1.2.2, and then added to the end of 1-2-stable. This means that security releases are easy to upgrade to if you're running the latest version of Rails.
Currently included series: 3.2.z, 3.1.z
After the Rails 4 release: 4.0.z, 3.2.z
For severe security issues we will provide new versions as above, and also the last major release series will receive patches and new versions. The classification of the security issue is judged by the core team.
Currently included series: 3.2.z, 3.1.z, 2.3.z
After the Rails 4 release: 4.0.z, 3.2.z
When a release series is no longer supported, it's your own responsibility to deal with bugs and security issues. We may provide back-ports of the fixes and publish them to git, however there will be no new versions released. If you are not comfortable maintaining your own versions, you should upgrade to a supported version.
You should also be aware that Ruby 1.8 will reach End of Life in June 2013, no further Ruby security releases will be provided after that point. If your application is only compatible Ruby 1.8 you should upgrade accordingly.
]]>I'd like to announce that Rails 3.2.12, 3.1.11, and 2.3.17 have been released.
3.2.12 and 3.1.11 contain one security fix, and 2.3.17 contains two security fixes. It is recommended that you update immediately.
You can read about the security fixes by following these links:
Please note that today a new JSON gem was released, and it also contains an important security fix. You should update the JSON gem as soon as possible. You can read about the security issue in the JSON gem here:
In order to ease upgrading, the only major changes in each gem is the security fix. To see the detailed changes for each version, follow the links below:
Thanks to the people who responsibly reported these security issues.
Please note that per our maintenance policy there will be no 3.0.x version released.
Here are the SHA-1 checksums for each gem:
[aaron@higgins dist]$ shasum *3.2.*
5627c6d044cc52876128459d960f8805006b5f97 actionmailer-3.2.12.gem
336f76c045b6bcbd204831897131182cff82ddf8 actionpack-3.2.12.gem
89bec5d68861ad5d79ca776ef5d6df7c1cfc2b11 activemodel-3.2.12.gem
7d4327c54900f45c60947a63350e865843e193ef activerecord-3.2.12.gem
4b8ed4190f98a85b800ee7893bae5afd1bee0874 activeresource-3.2.12.gem
c9e44eed288140f556e6543b93fc45f8dd57a415 activesupport-3.2.12.gem
24b3b4633d7f131e61e50decc3aa11590941c6e2 rails-3.2.12.gem
a84262f1968e83141d290c034b20a28d38886d10 railties-3.2.12.gem
[aaron@higgins dist]$ shasum *3.1.*
d80816e69614c1f0d96cb7d0f4a38bfdc8d84ff5 actionmailer-3.1.11.gem
f65cea0682b6051869d4125f7b441a7c6f59fcbe actionpack-3.1.11.gem
549ec2b67d4332b38cef1620b23e00e50e0774e6 activemodel-3.1.11.gem
3d342764b7ba3bae05190f15bcb35d401cd8121e activerecord-3.1.11.gem
19bd70bad6c4e4a555127a7738e71ac4829e6f61 activeresource-3.1.11.gem
7267b2f87bea5bd285f5d1bfe49bb2ba19df7c94 activesupport-3.1.11.gem
ca57e1243451385689343dbe2bb42e23058284df rails-3.1.11.gem
48cc801bdb7c31c4b6939235a60ef3e5008f5dbb railties-3.1.11.gem
[aaron@higgins dist]$ shasum *2.3.*
5df1fe13db46ac10dec8bb607ef515881dcf09c5 actionmailer-2.3.17.gem
d1165517a185ae73ca8a4ac89549e695a23fedfa actionpack-2.3.17.gem
b24ff71e46b798d7c38504531cb7622955d9a20c activerecord-2.3.17.gem
9cc2a7bd60a959dcba099425954a1b9c53235ce5 activeresource-2.3.17.gem
4ccc935fdc4d7ede78a1c376453ecb502e48b7ed activesupport-2.3.17.gem
9613a97cb726f00de59ad6d0f901f7434f9c4733 rails-2.3.17.gem
<3<3<3
]]>I'd like to announce that 3.0.20, and 2.3.16 have been released. These releases contain one extremely critical security fix so please update IMMEDIATELY.
You can read about the security fix by following this link:
In order to ease upgrading, the only major changes in each gem is the security fix. To see the detailed changes for each version, follow the links below:
Thanks to the people who responsibly reported these security issues.
Please note that per our maintenance policy this will be the last release for the 3.0.x series.
Here are the SHA-1 checksums for each gem:
[aaron@higgins dist]$ shasum *3.0.20*
c5b1a446d921dbd512a2d418c50f144b4540a657 actionmailer-3.0.20.gem
79ec243f6ec301b0a73ad45f89d4ea2335f90346 actionpack-3.0.20.gem
80c7d881ed64ed7a66f4d82b12c2b98b43f6fbde activemodel-3.0.20.gem
d8fc6e02bf46f9b5f86c3a954932d67da211302b activerecord-3.0.20.gem
e465e7d582c6d72c487d132e5fac3c3af4626353 activeresource-3.0.20.gem
5bc7b2f1ad70a2781c4a41a2f4eaa75b999750e4 activesupport-3.0.20.gem
ba9fb9dba41ce047feef11b4179cd9c3f81b2857 rails-3.0.20.gem
42b0025e4cb483d491a809b9d9deb6fd182c2a57 railties-3.0.20.gem
[aaron@higgins dist]$ shasum *2.3.16*
ab1a47a08d42352d9e8c276d28e6ed6990c23556 actionmailer-2.3.16.gem
f81ac75eb9edbb363a6d7bbe175a208e97ea3d4f actionpack-2.3.16.gem
4ce36062f1f0b326b16e42b9fde5f1ab0610bffc activerecord-2.3.16.gem
3698787f9ab8432f0c10268e22fbfcf682fa79cc activeresource-2.3.16.gem
90490f62db73c4be9ed69d96592afa0b98e79738 activesupport-2.3.16.gem
239253159f9793e2372c83dcf9d0bd7bff343f7d rails-2.3.16.gem
<3<3<3
]]>I'd like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two extremely critical security fixes so please update IMMEDIATELY.
You can read about the security fixes by following these links:
In order to ease upgrading, the only major changes in each gem are the security fixes. To see the detailed changes for each version, follow the links below:
Thanks to the people who responsibly reported these security issues.
Here are the SHA-1 checksums for each gem:
[aaron@higgins dist]$ shasum *3.2.11*
933cd2821b30cdff4a2e0b5cc63f4d2c6b29affe actionmailer-3.2.11.gem
54731c51b55bf0215392971b982139775c0bfa2b actionpack-3.2.11.gem
5ccde66568d8051405c01063f1afaed13bd01082 activemodel-3.2.11.gem
f360c17968486479b0a4207e7eccbe379186a9d2 activerecord-3.2.11.gem
c61ff513be8a8aef898d2e5c4c9508d60727c556 activeresource-3.2.11.gem
41a4e8c382594283026d977554c1e18233198ca8 activesupport-3.2.11.gem
8fa6d19a0daea910e39a0911b2240c2a7b630fb1 rails-3.2.11.gem
ffaec7c3e5211283108cf5afab8e79be76090a0d railties-3.2.11.gem
[aaron@higgins dist]$ shasum *3.1.10*
e3dce983ebd0ee8970c5ddab46b05ac432c8b029 actionmailer-3.1.10.gem
84e536e732255e5dfd3d8053c10ed98dcb45ac80 actionpack-3.1.10.gem
db1a3ac836d988dc1fc7c64d29ded7a277047419 activemodel-3.1.10.gem
ea3ad8514265516033009d97efc1fe7b3d2b09ed activerecord-3.1.10.gem
0843646278b42d9ca796e157295851fd9938fe96 activeresource-3.1.10.gem
b55ef7f66de0bb79fcfa480e8df3696bffbff7f8 activesupport-3.1.10.gem
4ed7d159191faa1a469cd9efdf9e6a4cdc907195 rails-3.1.10.gem
f288986df0fabd2035569199ea3d5f1f46a56db7 railties-3.1.10.gem
[aaron@higgins dist]$ shasum *3.0.19*
f8376f907b2230ac75882e1a3cfa8d5cdd6df800 actionmailer-3.0.19.gem
68b319d86530a5d4291e13d6ab5f357a1e52c05b actionpack-3.0.19.gem
f0fb577ea7446ff229752bc799ca86dd53aa9cda activemodel-3.0.19.gem
c12324d78b22697d426148010901f79b366c0502 activerecord-3.0.19.gem
8dbc7c8c80f5baeec823966aa225b23f4c2a799c activeresource-3.0.19.gem
b525b778f82f844a56ff993211825b9811bf82bd activesupport-3.0.19.gem
c2beb0711d28a07cb2747c83962c7d453951e2d6 rails-3.0.19.gem
de286ada16b3fc76129767dc612926e0b4f71dda railties-3.0.19.gem
[aaron@higgins dist]$ shasum *2.3.15*
5ce45c70851dd534a72814620a6e57b42d360b88 actionmailer-2.3.15.gem
fa174c40f17fa5db952ba3a7c95a4ab0b5467594 actionpack-2.3.15.gem
e7391c92c82f974be7e65765819824e87bdb3cfd activerecord-2.3.15.gem
4644b7a27993f7860d9e176f51dfa52d8f029ec9 activeresource-2.3.15.gem
64843e3676c20a49060605546dfcdddaef2ea1a8 activesupport-2.3.15.gem
c8c0c49c63ca0f9acc3e0967b38d92b1c0b115af rails-2.3.15.gem
<3<3<3
]]>The security identifier is CVE-2012-5664, and you can read about the issue here.
For other change in each particular release, please see the CHANGELOG corresponding to that version. For all commits in each release, please follow the links below:
We're sorry to drop a release like this so close to the holidays but regrettably the exploit has already been publicly disclosed and we don't feel we can delay the release.
To that end, we've minimized the number of changes in each release so that upgrading should be as smooth as possible.
Happy Holidays!
<3<3<3
]]>Rails Contributors is a website that keeps track of all contributions made to the Ruby on Rails code base.
The application tries hard to give credit as accurately as possible, which is something you cannot do with git log. For example, according to Git the author of this commit is "@schneems and @mattt", but you do not want to credit "@schneems and @mattt" right? Rails Contributors automatically splits the string, applies mappings, and gives credit both to Richard Schneeman, and Mattt Thompson.
Known typos, emails, and handles are associated to a canonical name to have everything aggregated per contributor rather than scattered in several unrelated listings. Heuristics also capture contributors from commit messages, and even from CHANGELOGs in the diff of commits imported from Subversion.
The purpose of all this work is to give credit, provide visibility to your contributions to Rails, and last but not least, to say thank you.
A new version of the website has just been published, changes are:
More mappings: the application knows about more mappings and false positives.
New page for releases: There is a new shiny page for releases where you can see who contributed what in any of them. The breakdown is approximate for old releases, since all we have from Subversion is the Git history. Commits are classified with git rev-list.
Better Unicode handling: Some names with non-ASCII characters came up from Git using different UTF8 byte representations. The application applies now NFC normalization thoroughly to address that.
Robust commit import: about one thousand commits were missing in the previous version because they were unreachable from the branch tips due to rarities in the git history. The commit importer is now more aggressive looking for commits.
Credit for Rails core in Subversion commits: Rails used Subversion in about its first four years. Subversion does not distinguish author and committer, you only have the committer. If the application determines that the author is not the committer using its heuristics, the committer now gets also credited. This is fair with what happens nowadays, where the committer gets credited by his work on a pull request via the merge commit.
Internal changes: A lot of work has no external visibility indeed, you know. We migrated from grit to rugged, and there were significant refactors and speedups.
Enjoy!
]]>Arun Agrawal has been helping with some housekeeping tasks. He puts a lot of effort to remove warnings, fix broken builds, remove some unneeded code, and ensure Rails works well with JRuby.
Vijay Dev leads the docrails front. He reviews documentation patches, which is a lot of work, and cross-merges docrails and Rails master periodically.
Guillermo Iguaran is a regular active core contributor. Recently he has extracted old-style mass-assignment protection to the new protected_attributes gem, and is helping with the assets pipeline related projects.
Toshinori Kajihara (kennyj) helps to fix and give attention to Active Record issues, which are the most part of Rails open issues.
Steve Klabnik is working on Rails issues like crazy. I mean, GitHub notifications generated by his activity flood your inbox. Giving sensible feedback, dynamizeing threads, and closing issues. He has been key in halving the number of open issues.
Francesco Rodríguez has mainly contributed to the documentation, and also helps with tickets and code. Francesco has extracted page and action caching out to gems.
Piotr Sarnacki is an old-timer. Piotr helps constantly in the project and has done a remarkable work on Rails engines and Action Pack.
Prem Sichanugrist has been helping regularly since the Rails 3 days in many ways. He recently performed the daunting task of converting all Rails guides from Textile to Markdown.
Carlos Antonio da Silva is among the most prolific Rails committers. He contributes in all fronts, code, docs, issues, discussions, etc.
Andrew White has also been helping regularly for a couple of years or so. He is a solid contributor in several areas and in particular knows routing very well.
:metal:
]]>Rails 3.2.9 has been released without new changes since 3.2.9.rc3.
A DoS attack was recently found in Ruby that uses specially-crafted input to dramatically reduce the performance of hashes, thus using up lots of CPU time. Rails applications may be vulnerable to an attacker sending a specially-crafted HTTP request to exploit this.
A good way to limit the effectiveness of such attacks is to configure your frontend servers to limit the size of the HTTP request line, headers and body. Nginx does this by default. Apache can be configured to do this by setting the LimitRequestBody directive.
In addition, all Ruby 1.9 users are recommended to upgrade to ruby-1.9.3 patchlevel 327 to get this security fix.
Action Mailer
Do not render views when mail() isn't called. Fix #7761
Yves Senn
Action Pack
Lock sprockets to 2.2.x REASON: We had some pending fixes in sprockets and sass-rails to make possible to use sprockets version > 2.2. We will do a more conservative sprockets upgrade for this release. In a next release we can relax the dependency again. See #8099 for more information.
Guillermo Iguaran
Clear url helpers when reloading routes.
Santiago Pastorino
Revert the shorthand routes scoped with :module option fix
This added a regression since it is changing the URL mapping.
This makes the stable release backward compatible.
Rafael Mendonça França
Revert the assert_template fix to not pass with ever string that matches the template name.
This added a regression since people were relying on this buggy behavior.
This will introduce back #3849 but this stable release will be backward compatible.
Fixes #8068.
Rafael Mendonça França
Revert the rename of internal variable on ActionController::TemplateAssertions to prevent naming collisions. This added a regression related with shoulda-matchers, since it is expecting the instance variable @layouts. This will introduce back #7459 but this stable release will be backward compatible. Fixes #8068.
Rafael Mendonça França
Accept :remote as symbolic option for link_to helper. Riley Lynch
Warn when the :locals option is passed to assert_template outside of a view test case
Fix #3415
Yves Senn
Rename internal variables on ActionController::TemplateAssertions to prevent naming collisions. @partials, @templates and @layouts are now prefixed with an underscore. Fix #7459
Yves Senn
resource and resources don't modify the passed options hash
Fix #7777
Yves Senn
Precompiled assets include aliases from foo.js to foo/index.js and vice versa.
# Precompiles phone-<digest>.css and aliases phone/index.css to phone.css.
config.assets.precompile = [ 'phone.css' ]
# Precompiles phone/index-<digest>.css and aliases phone.css to phone/index.css.
config.assets.precompile = [ 'phone/index.css' ]
# Both of these work with either precompile thanks to their aliases.
<%= stylesheet_link_tag 'phone', media: 'all' %>
<%= stylesheet_link_tag 'phone/index', media: 'all' %>
Jeremy Kemper
assert_template is no more passing with what ever string that matches
with the template name.
Before when we have a template /layout/hello.html.erb, assert_template
was passing with any string that matches. This behavior allowed false
positive like:
assert_template "layout"
assert_template "out/hello"
Now it only passes with:
assert_template "layout/hello"
assert_template "hello"
Fixes #3849.
Hugolnx
Handle ActionDispatch::Http::UploadedFile like Rack::Test::UploadedFile, don't call to_param on it. Since
Rack::Test::UploadedFile isn't API compatible this is needed to test file uploads that rely on tempfile
being available.
Tim Vandecasteele
Fixed a bug with shorthand routes scoped with the :module option not
adding the module to the controller as described in issue #6497.
This should now work properly:
scope :module => "engine" do
get "api/version" # routes to engine/api#version
end
Luiz Felipe Garcia Pereira
Respect config.digest = false for asset_path
Previously, the asset_path internals only respected the :digest
option, but ignored the global config setting. This meant that
config.digest = false could not be used in conjunction with
config.compile = false this corrects the behavior.
Peter Wagenet
Fix #7646, the log now displays the correct status code when an exception is raised.
Yves Senn
Fix handling of date selects when using both disabled and discard options. Fixes #7431.
Vasiliy Ermolovich
Fix select_tag when option_tags is nil. Fixes #7404.
Sandeep Ravichandran
javascript_include_tag :all will now not include application.js if the file does not exists. Prem Sichanugrist
Support cookie jar options (e.g., domain :all) for all session stores. Fixes GH#3047, GH#2483.
Ravil Bayramgalin
Performance Improvement to send_file: Avoid having to pass an open file handle as the response body. Rack::Sendfile will usually intercept the response and just uses the path directly, so no reason to open the file. This performance improvement also resolves an issue with jRuby encodings, and is the reason for the backport, see issue #6844.
Jeremy Kemper & Erich Menge
Active Model
Due to a change in builder, nil values and empty strings now generates closed tags, so instead of this:
<pseudonyms nil=\"true\"></pseudonyms>
It generates this:
<pseudonyms nil=\"true\"/>
Carlos Antonio da Silva
Active Record
Fix issue with collection associations calling first(n)/last(n) and attempting
to set the inverse association when :inverse_of was used. Fixes #8087.
Carlos Antonio da Silva
Fix ActiveRecord#update_column return value.
Aliaxandr
Fix bug when Column is trying to type cast boolean values to integer. Fixes #8067.
Rafael Mendonça França
Fix bug where rake db:test:prepare tries to load the structure.sql into development database.
Fixes #8032.
Grace Liu + Rafael Mendonça França
Fixed support for DATABASE_URL environment variable for rake db tasks. Grace Liu
Fix bug where update_columns and update_column would not let you update the primary key column.
Henrik Nyh
Decode URI encoded attributes on database connection URLs.
Shawn Veader
Fix AR#dup to nullify the validation errors in the dup'ed object. Previously the original and the dup'ed object shared the same errors.
Synchronize around deleting from the reserved connections hash. Fixes #7955
PostgreSQL adapter correctly fetches default values when using multiple schemas and domains in a db. Fixes #7914
Arturo Pie
Fix deprecation notice when loading a collection association that selects columns from other tables, if a new record was previously built using that association.
Ernie Miller
The postgres adapter now supports tables with capital letters. Fix #5920
Yves Senn
CollectionAssociation#count returns 0 without querying if the
parent record is not persisted.
Before:
person.pets.count
# SELECT COUNT(*) FROM "pets" WHERE "pets"."person_id" IS NULL
# => 0
After:
person.pets.count
# fires without sql query
# => 0
Francesco Rodriguez
Fix reset_counters crashing on has_many :through associations.
Fix #7822.
lulalala
ConnectionPool recognizes checkout_timeout spec key as taking precedence over legacy wait_timeout spec key, can be used to avoid conflict with mysql2 use of wait_timeout. Closes #7684.
jrochkind
Rename field_changed? to _field_changed? so that users can create a field named field
Akira Matsuda, backported by Steve Klabnik
Fix creation of through association models when using collection=[]
on a has_many :through association from an unsaved model.
Fix #7661.
Ernie Miller
Explain only normal CRUD sql (select / update / insert / delete). Fix problem that explains unexplainable sql. Closes #7544 #6458.
kennyj
Backport test coverage to ensure that PostgreSQL auto-reconnect functionality remains healthy.
Steve Jorgensen
Use config['encoding'] instead of config['charset'] when executing databases.rake in the mysql/mysql2. A correct option for a database.yml is 'encoding'.
kennyj
Fix ConnectionAdapters::Column.type_cast_code integer conversion, to always convert values to integer calling #to_i. Fixes #7509.
Thiago Pradi
Fix time column type casting for invalid time string values to correctly return nil.
Adam Meehan
Fix becomes when using a configured inheritance_column.
Yves Senn
Fix reset_counters when there are multiple belongs_to association with the
same foreign key and one of them have a counter cache.
Fixes #5200.
Dave Desrochers
Round usec when comparing timestamp attributes in the dirty tracking. Fixes #6975.
kennyj
Use inversed parent for first and last child of has_many association.
Ravil Bayramgalin
Fix Column.microseconds and Column.fast_string_to_date to avoid converting timestamp seconds to a float, since it occasionally results in inaccuracies with microsecond-precision times. Fixes #7352.
Ari Pollak
Fix increment!, decrement!, toggle! that was skipping callbacks.
Fixes #7306.
Rafael Mendonça França
Fix AR#create to return an unsaved record when AR::RecordInvalid is raised. Fixes #3217.
Dave Yeu
Remove unnecessary transaction when assigning has_one associations with a nil or equal value. Fix #7191.
kennyj
Allow store to work with an empty column. Fix #4840.
Jeremy Walker
Remove prepared statement from system query in postgresql adapter. Fix #5872.
Ivan Evtuhovich
Make sure :environment task is executed before db:schema:load or db:structure:load
Fixes #4772.
Seamus Abshere
Active Resource
Active Support
Add logger.push_tags and .pop_tags to complement logger.tagged:
class Job
def before
Rails.logger.push_tags :jobs, self.class.name
end
def after
Rails.logger.pop_tags 2
end
end
Jeremy Kemper
Add %:z and %::z format string support to ActiveSupport::TimeWithZone#strftime. [fixes #6962] kennyj
Railties
Revert "Respect children paths filter settings" This reverts commit 53778ec2d716f860646fd43957fd53c8db4da2fe. Closes #8146
Santiago Pastorino
Don't eager-load app/assets and app/views Elia Schito
Update supported ruby versions error message in ruby_version_check.rb Lihan Li
You can find a list of changes between v3.2.8 and v3.2.9 here
Thanks to everyone!
]]>Rails 3.2.9.rc3 has been released. If no regressions are found I will release 3.2.9 final this Monday 12th. If you find a regression open an issue on github and mention me on it, mail me or tweet me, whatever but let me know :).
Action Mailer
Action Pack
Lock sprockets to 2.2.x REASON: We had some pending fixes in sprockets and sass-rails to make possible to use sprockets version > 2.2. We will do a more conservative sprockets upgrade for this release. In a next release we can relax the dependency again. See #8099 for more information.
Guillermo Iguaran
Clear url helpers when reloading routes.
Santiago Pastorino
Revert the shorthand routes scoped with :module option fix
This added a regression since it is changing the URL mapping.
This makes the stable release backward compatible.
Rafael Mendonça França
Active Model
Active Record
Active Resource
Active Support
Railties
Revert "Respect children paths filter settings" This reverts commit 53778ec2d716f860646fd43957fd53c8db4da2fe. Closes #8146
Santiago Pastorino
You can find a list of changes between v3.2.9.rc2 and v3.2.9.rc3 here and an exhaustive list of changes since v3.2.8 here.
Thanks to everyone!
]]>Rails 3.2.9.rc2 has been released. If no regressions are found I will release 3.2.9 final this Monday 5th. If you find a regression open an issue on github and mention me on it, mail me or tweet me, whatever but let me know :).
Action Mailer
Action Pack
Revert the assert_template fix to not pass with ever string that matches the template name.
This added a regression since people were relying on this buggy behavior.
This will introduce back #3849 but this stable release will be backward compatible.
Fixes #8068.
Rafael Mendonça França
Revert the rename of internal variable on ActionController::TemplateAssertions to prevent naming collisions. This added a regression related with shoulda-matchers, since it is expecting the instance variable @layouts. This will introduce back #7459 but this stable release will be backward compatible. Fixes #8068.
Rafael Mendonça França
Active Model
Active Record
Fix issue with collection associations calling first(n)/last(n) and attempting
to set the inverse association when :inverse_of was used. Fixes #8087.
Carlos Antonio da Silva
Fix ActiveRecord#update_column return value.
Aliaxandr
Fix bug when Column is trying to type cast boolean values to integer. Fixes #8067.
Rafael Mendonça França
Fix bug where rake db:test:prepare tries to load the structure.sql into development database.
Fixes #8032.
Grace Liu + Rafael Mendonça França
Fixed support for DATABASE_URL environment variable for rake db tasks. Grace Liu
Active Resource
Active Support
Railties
You can find a list of changes between v3.2.9.rc1 and v3.2.9.rc2 here and an exhaustive list of changes since v3.2.8 here.
Thanks to everyone!
]]>Rails 3.2.9.rc1 has been released. If no regressions are found I will release 3.2.9 final this Thursday 1st. If you find a regression open an issue on github and mention me on it, mail me or tweet me, whatever but let me know :).
Action Mailer
Do not render views when mail() isn't called. Fix #7761
Yves Senn
Action Pack
Accept :remote as symbolic option for link_to helper. Riley Lynch
Warn when the :locals option is passed to assert_template outside of a view test case
Fix #3415
Yves Senn
Rename internal variables on ActionController::TemplateAssertions to prevent naming collisions. @partials, @templates and @layouts are now prefixed with an underscore. Fix #7459
Yves Senn
resource and resources don't modify the passed options hash
Fix #7777
Yves Senn
Precompiled assets include aliases from foo.js to foo/index.js and vice versa.
# Precompiles phone-<digest>.css and aliases phone/index.css to phone.css.
config.assets.precompile = [ 'phone.css' ]
# Precompiles phone/index-<digest>.css and aliases phone.css to phone/index.css.
config.assets.precompile = [ 'phone/index.css' ]
# Both of these work with either precompile thanks to their aliases.
<%= stylesheet_link_tag 'phone', media: 'all' %>
<%= stylesheet_link_tag 'phone/index', media: 'all' %>
Jeremy Kemper
assert_template is no more passing with what ever string that matches
with the template name.
Before when we have a template /layout/hello.html.erb, assert_template
was passing with any string that matches. This behavior allowed false
positive like:
assert_template "layout"
assert_template "out/hello"
Now it only passes with:
assert_template "layout/hello"
assert_template "hello"
Fixes #3849.
Hugolnx
Handle ActionDispatch::Http::UploadedFile like Rack::Test::UploadedFile, don't call to_param on it. Since
Rack::Test::UploadedFile isn't API compatible this is needed to test file uploads that rely on tempfile
being available.
Tim Vandecasteele
Fixed a bug with shorthand routes scoped with the :module option not
adding the module to the controller as described in issue #6497.
This should now work properly:
scope :module => "engine" do
get "api/version" # routes to engine/api#version
end
Luiz Felipe Garcia Pereira
Respect config.digest = false for asset_path
Previously, the asset_path internals only respected the :digest
option, but ignored the global config setting. This meant that
config.digest = false could not be used in conjunction with
config.compile = false this corrects the behavior.
Peter Wagenet
Fix #7646, the log now displays the correct status code when an exception is raised.
Yves Senn
Fix handling of date selects when using both disabled and discard options. Fixes #7431.
Vasiliy Ermolovich
Fix select_tag when option_tags is nil. Fixes #7404.
Sandeep Ravichandran
javascript_include_tag :all will now not include application.js if the file does not exists. Prem Sichanugrist
Support cookie jar options (e.g., domain :all) for all session stores. Fixes GH#3047, GH#2483.
Ravil Bayramgalin
Performance Improvement to send_file: Avoid having to pass an open file handle as the response body. Rack::Sendfile will usually intercept the response and just uses the path directly, so no reason to open the file. This performance improvement also resolves an issue with jRuby encodings, and is the reason for the backport, see issue #6844.
Jeremy Kemper & Erich Menge
Active Model
Due to a change in builder, nil values and empty strings now generates closed tags, so instead of this:
<pseudonyms nil=\"true\"></pseudonyms>
It generates this:
<pseudonyms nil=\"true\"/>
Carlos Antonio da Silva
Active Record
Fix bug where update_columns and update_column would not let you update the primary key column.
Henrik Nyh
Decode URI encoded attributes on database connection URLs.
Shawn Veader
Fix AR#dup to nullify the validation errors in the dup'ed object. Previously the original and the dup'ed object shared the same errors.
Synchronize around deleting from the reserved connections hash. Fixes #7955
PostgreSQL adapter correctly fetches default values when using multiple schemas and domains in a db. Fixes #7914
Arturo Pie
Fix deprecation notice when loading a collection association that selects columns from other tables, if a new record was previously built using that association.
Ernie Miller
The postgres adapter now supports tables with capital letters. Fix #5920
Yves Senn
CollectionAssociation#count returns 0 without querying if the
parent record is not persisted.
Before:
person.pets.count
# SELECT COUNT(*) FROM "pets" WHERE "pets"."person_id" IS NULL
# => 0
After:
person.pets.count
# fires without sql query
# => 0
Francesco Rodriguez
Fix reset_counters crashing on has_many :through associations.
Fix #7822.
lulalala
ConnectionPool recognizes checkout_timeout spec key as taking precedence over legacy wait_timeout spec key, can be used to avoid conflict with mysql2 use of wait_timeout. Closes #7684.
jrochkind
Rename field_changed? to _field_changed? so that users can create a field named field
Akira Matsuda, backported by Steve Klabnik
Fix creation of through association models when using collection=[]
on a has_many :through association from an unsaved model.
Fix #7661.
Ernie Miller
Explain only normal CRUD sql (select / update / insert / delete). Fix problem that explains unexplainable sql. Closes #7544 #6458.
kennyj
Backport test coverage to ensure that PostgreSQL auto-reconnect functionality remains healthy.
Steve Jorgensen
Use config['encoding'] instead of config['charset'] when executing databases.rake in the mysql/mysql2. A correct option for a database.yml is 'encoding'.
kennyj
Fix ConnectionAdapters::Column.type_cast_code integer conversion, to always convert values to integer calling #to_i. Fixes #7509.
Thiago Pradi
Fix time column type casting for invalid time string values to correctly return nil.
Adam Meehan
Fix becomes when using a configured inheritance_column.
Yves Senn
Fix reset_counters when there are multiple belongs_to association with the
same foreign key and one of them have a counter cache.
Fixes #5200.
Dave Desrochers
Round usec when comparing timestamp attributes in the dirty tracking. Fixes #6975.
kennyj
Use inversed parent for first and last child of has_many association.
Ravil Bayramgalin
Fix Column.microseconds and Column.fast_string_to_date to avoid converting timestamp seconds to a float, since it occasionally results in inaccuracies with microsecond-precision times. Fixes #7352.
Ari Pollak
Fix increment!, decrement!, toggle! that was skipping callbacks.
Fixes #7306.
Rafael Mendonça França
Fix AR#create to return an unsaved record when AR::RecordInvalid is raised. Fixes #3217.
Dave Yeu
Remove unnecessary transaction when assigning has_one associations with a nil or equal value. Fix #7191.
kennyj
Allow store to work with an empty column. Fix #4840.
Jeremy Walker
Remove prepared statement from system query in postgresql adapter. Fix #5872.
Ivan Evtuhovich
Make sure :environment task is executed before db:schema:load or db:structure:load
Fixes #4772.
Seamus Abshere
Active Resource
Active Support
Add logger.push_tags and .pop_tags to complement logger.tagged:
class Job
def before
Rails.logger.push_tags :jobs, self.class.name
end
def after
Rails.logger.pop_tags 2
end
end
Jeremy Kemper
Add %:z and %::z format string support to ActiveSupport::TimeWithZone#strftime. [fixes #6962] kennyj
Railties
Don't eager-load app/assets and app/views Elia Schito
Update supported ruby versions error message in ruby_version_check.rb Lihan Li
You can find a list of changes between v3.2.8 and v3.2.9.rc1 here
Thanks to everyone!
]]>This version contains three important security fixes, please upgrade immediately.
One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using select_tag's prompt option and strip_tags helper from ActionPack.
We are also removing all the deprecation warnings that we introduced in 3.2.x. We have decided to stop introducing API deprecations in all point releases going forward. From now on, it'll only happen in majors/minors.
Action Mailer
Action Pack
html_escape should escape single quotes. Santiago Pastorino
Reverted the deprecation of :confirm. Rafael Mendonça França
Reverted the deprecation of :disable_with. Rafael Mendonça França
Reverted the deprecation of :mouseover option to image_tag. Rafael Mendonça França
Reverted the deprecation of button_to_function and link_to_function helpers. Rafael Mendonça França
Active Model
Active Record
Do not set RAILS_ENV to "development" when using db:test:prepare and related rake tasks.
This was causing the truncation of the development database data when using RSpec.
In RC2 was fixed again when using config.active_record.schema_format = :sql
Rafael Mendonça França
Do not consider the numeric attribute as changed if the old value is zero and the new value is not a string. Fixes #7237. Rafael Mendonça França
Removes the deprecation of update_attribute. fxn
Reverted the deprecation of composed_of. Rafael Mendonça França
Reverted the deprecation of *_sql association options. They will
be deprecated in 4.0 instead. Jon Leighton
Do not eager load AR session store. ActiveRecord::SessionStore depends on the abstract store in Action Pack. Eager loading this class would break client code that eager loads Active Record standalone. Fixes #7160
Xavier Noria
Do not set RAILS_ENV to "development" when using db:test:prepare and related rake tasks.
This was causing the truncation of the development database data when using RSpec.
Fixes #7175.
Rafael Mendonça França
Active Resource
Active Support
Fix ActiveSupport integration with Mocha > 0.12.1. Mike Gunderloy
Reverted the deprecation of ActiveSupport::JSON::Variable. Rafael Mendonça França
Railties
:data => { :confirm => "Text" } syntax instead of :confirm. Rafael Mendonça FrançaYou can find an exhaustive list of changes on github.
Thanks to everyone!
]]>This release of Rails contains three important security fixes:
All changes can be found on github.
Thanks everyone!
]]>This release of Rails contains three important security fixes:
All changes can be found on github.
Thanks everyone!
]]>