[ANN] Rails 4.2.0.beta4 has been released!

The Rails team has just released Rails 4.2.0.beta4.

In addition to the security fixes in 4.2.0.beta3, this new release includes a number of bug fixes for issues reported since the 4.2.0.beta2 release.

If all goes according to plan, this should be the last beta release for 4.2.0 before we move into the Release Candidates phase. We would like to thank all of the early adopters who participated in the beta testing and reported issues, as well as the 64 contributors who submitted patches to help our team address these bugs.

Happy upgrading!

[ANN] Rails 4.2.0.beta2 has been released!

Happy Monday everyone!

Today the Rails team is happy to announce that we have released Rails 4.2.0.beta2.

Thanks to all the early adopters who have participated in the first round of beta testing, we have identified a number of bugs, regressions and other imperfections in the codebase. These problems have since been fixed and included in this release.

Security Issues

This release also includes two security patches.

Web Console 2.0.0.beta4

Along with the Rails 4.2.0.beta2 release we also released Web Console 2.0.0.beta4 which includes a security fix.

If you are already using Web Console in development we recommend you to upgrade to this new version of the gem.

Active Job vulnerability

We also fixed an Active Job bug that allowed String arguments to be deserialized as if they were Global IDs, an object injection security vulnerability.

Breaking Changes

In addition to the security and bug fixes, some of the new APIs have also been refined after further testing in real-world applications. This resulted in the following list of breaking changes that are not backwards-compatible with 4.2.0.beta1:

Active Job

The Active Job API has been overhauled:

# The enqueueing method has changed from +enqueue+ to +perform_later+.
#
# In 4.2.0.beta1:
MyJob.enqueue(*args)
#
# In 4.2.0.beta2:
MyJob.perform_later(*args)

# The ways jobs are scheduled has changed.
#
# In 4.2.0.beta1:
MyJob.enqueue_at(Date.tomorrow.noon, record)
MyJob.enqueue_in(1.week, record)
#
# In 4.2.0.beta2:
MyJob.set(wait_until: Date.tomorrow.noon).perform_later(record)
MyJob.set(wait: 1.week).perform_later(record)
#
# You can also specify a queue to enqueue the job onto with this new API:
MyJob.set(queue: :low_priority).perform_later(record)

Action Mailer

The Action Mailer API has also undergone some changes:

# Two new methods +#deliver_now+ and +#deliver_now!+ were introduced for
# clarity. +#deliver+ and +#deliver!+ have been deprecated and applications are
# encouraged to use the +#deliver_*+ instead.
#
# In 4.2.0.beta1:
Notifier.welcome(User.first).deliver!
#
# In 4.2.0.beta2:
Notifier.welcome(User.first).deliver_now!

# The options for +#deliver_later+ and +#deliver_later!+ has changed to match
# those on Active Job.
#
# In 4.2.0.beta1:
Notifier.welcome(User.first).deliver_later!(in: 1.hour)
Notifier.welcome(User.first).deliver_later!(at: 10.hours.from_now)
#
# In 4.2.0.beta2:
Notifier.welcome(User.first).deliver_later!(wait: 1.hour)
Notifier.welcome(User.first).deliver_later!(wait_until: 10.hours.from_now)

Action Controller render behavior change

Historically, calling render "foo/bar" in a controller action is equivalent to calling render file: "foo/bar". Since beta 2, this has been changed to mean render template: "foo/bar" instead. This is due to a number of potential security issues with the old default behavior. If you need to render a file, please change your code to use the explicit form (render file: "foo/bar") instead.

Full list of changes

As always, you can browse the Rails source code repository on GitHub to view the full list of changes that were included in this release.

Acknowledgement

The Rails team would like to thank the 66 people who contributed patches to make this release possible!

[ANN] Rails 4.1.6 and 4.0.10 have been released!

Hi everyone,

I am happy to announce that Rails 4.1.6 and 4.0.10 have been released.

We are planning to produce one more bug fix release in the 4.0 series, targeted for early December. In keeping with our maintenance policy, after the upcoming release of 4.2.0, the 4.0 series will be retired. It will not receive further updates for either bug fixes or security issues. All users are urged to migrate to 4.1 as soon as possible.

CHANGES since 4.0.9

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.1.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.0.10:

$ shasum *4.0.10*
4bd4b8a2be1a2a649f46e37b6dff3a2d8f86fd7d  actionmailer-4.0.10.gem
45d76f39092149e46c31f9226dae71b3faa52012  actionpack-4.0.10.gem
08150685a471db48b240618b378ff22e3a9b7811  activemodel-4.0.10.gem
ed3f6b184b4b62b501e0d7876d8e2f946fe0ed31  activerecord-4.0.10.gem
7c886c946e835cbbfb09dc4b4daf7f1bf05db952  activesupport-4.0.10.gem
a2b8e24d83d5395f9532fcdbfa5c441d3f86e060  rails-4.0.10.gem
533c0589dadb4fc3bd5723bb9944464b545a88f3  railties-4.0.10.gem

Here are the checksums for 4.1.6:

$ shasum *4.1.6*
d6ab3d0aecb1cf97bd5a1050356b3151e4e8ef42  actionmailer-4.1.6.gem
ba7233c749a2229e11ef02acea2d114719ceac71  actionpack-4.1.6.gem
ed67c703dfb7d95e391da21f4f2aab52ae7bbfe4  actionview-4.1.6.gem
1a9ca827740d5e3e254b26886b19ea9094b407c5  activemodel-4.1.6.gem
69d77feb4ce141551875e2a4167d0f5529bd0526  activerecord-4.1.6.gem
dc838a42455b674b95c15bf7433552ffdf777a4f  activesupport-4.1.6.gem
8f2ebf38a0a8d70d8f19916e0b51ece8a954ff8d  rails-4.1.6.gem
c9b10576113567011d37fa28aa4e5ca99b2e4fd9  railties-4.1.6.gem

I'd like to thank you all, every contributor who helped with this release.

[ANN] Rails 4.1.6.rc2 and 4.0.10.rc2 have been released!

Hi everyone,

I am happy to announce that Rails 4.1.6.rc2 and 4.0.10.rc2 have been released.

If no regressions are found expect the final release this Thursday, on September 11, 2014. If you find one, please open an issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 4.0.9

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.1.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.0.10.rc2:

$ shasum *4.0.10.rc2*
16be6057a1af45d0eaf9e5bb95f0980f0498ed38  actionmailer-4.0.10.rc2.gem
b736f6ec57f14a08611bf94e9170a102bbcd235e  actionpack-4.0.10.rc2.gem
7508c684dcfa38fca79640f7196fd437c6945be7  activemodel-4.0.10.rc2.gem
aef89eeadb957dac5ec21cce6e640f13fad301f0  activerecord-4.0.10.rc2.gem
1b6d2dfd4d69605d58de34eaa68bf9c98fedb581  activesupport-4.0.10.rc2.gem
7e3de742b723def7e0026b89e8c744822f66fe23  rails-4.0.10.rc2.gem
bb4f5083436987907c38dc019261b3477386b4b9  railties-4.0.10.rc2.gem

Here are the checksums for 4.1.6.rc2:

$ shasum *4.1.6.rc2*
8fbbefa7a1f87569b54b6b0444ccb42b112b8b4e  actionmailer-4.1.6.rc2.gem
81c84fed39c32a013da3da7181eb81b41084c62f  actionpack-4.1.6.rc2.gem
e750e2a53c16b3312a049c044c9f7d5e7ed1f228  actionview-4.1.6.rc2.gem
8f034fa15a6c364d818e28a0bdd5bc4bcc691025  activemodel-4.1.6.rc2.gem
8259ec18fbaaec162c4eaf344f2a4507322e049b  activerecord-4.1.6.rc2.gem
c220cbad51271b9a2c4e2ef390a0060e66127323  activesupport-4.1.6.rc2.gem
1578350d0c58c5c5ce3e771541336c76728b9c34  rails-4.1.6.rc2.gem
d70a87ccb0d002b4c44cade8ce30a8ae6394313e  railties-4.1.6.rc2.gem

I'd like to thank you all, every contributor who helped with this release.

Rails 4.2.0 beta1: Active Job, Deliver Later, Adequate Record, Web Console

We're putting the final touches on the first major new release of Rails in its second decade of life. While most software would be in a retirement home after a decade of operation, Rails has never been more fit, and this release is packed with goodies that'll make your work even easier, your apps even faster, and the whole experience even better.

Active Job, ActionMailer #deliver_later

The headline feature for Rails 4.2 is the brand new Active Job framework, and its integrations. Active Job is an adapter layer on top of queuing systems like Resque, Delayed Job, Sidekiq, and more. You can write your jobs to Active Job, and they'll run on all these queues with no changes.

With an always-configured queue in place (though the default is just an inline runner), we can build on top of that where it makes sense. And the first place it makes sense is to send Action Mailer emails asynchronously. So we're introducing the #deliver_later method, which will do just that: Add your email to be sent as a job to a queue, so you don't bog down the controller or model. Voila!

The cherry on top is our new GlobalID library. It makes it easy to pass Active Record objects to jobs by serializing them in a generic form. This means you no longer have to manually pack and unpack your Active Records by passing ids. Just give the job the straight AR object, and it'll serialize it using GlobalID, and deserialize it at run time. So much easier!

Special thanks go out to Cristian Bica and Abdelkader Boudih for their outstanding work bringing this trinity of improvements to Rails!

Adequate Record

Aaron Patterson is always hunting for performance bounties in Rails, and with an improvement project called Adequate Record for Active Record, he's come up good. A lot of common queries are now no less than twice as fast in Rails 4.2! This is a great step forward for performance. While computers are constantly getting cheaper and performance is improving, nobody ever said "hey, get that free speed out of my framework". So there you go: Some free speed, buddy!

Web Console

Out of the wonderful Google Summer of Code for Rails campaign comes Web Console. It's an IRB console available in the browser. In development mode, you can go to /console and do your work right there.

Now that's neat, but what's insanely useful is that this console is automatically available on all exception pages! So when something is bust, you'll now instantly be able to inspect the state of affairs. It even allows you to jump between the different points in the backtrace, and you'll be able to inspect things right at that point.

It's a wonderful improvement to the debugging workflow. Thanks to Genadi Samokovarov and Ryan Dao for their work on this project.

Everything else

Some quick highlights from the rest of all the wonder that is Rails 4.2:

  • Template digests are now automatically included when calculating etags for caching. So caches are bust when the template changes.
  • respond_with has moved out and into its own proper home with the responders gem.
  • Support for real foreign keys! add_foreign_key/remove_foreign_key are now available in migrations.
  • A ton of bug fixes and minor improvements to Active Record.
  • Added config.x.whatever.you_want = true for custom configuration of your app in config/environments/*, config/application.rb, and initializers.
  • Added Rails::Application.config_for(:some_yaml) to load YAML configurations store in config/ easily.

We're working on a set of preliminary release notes too.

Maintenance consequences and Rails 5.0!

As per our maintenance policy, the release of Rails 4.2 will mean that bug fixes will only apply to 4-2-stable, regular security issues to 4.2.x, 4.1.x, and severe security issues to 4.2.x, 4.1.x, and 3.2.x. In addition to these already stated commitments, the honorable Rafael França has agreed to also apply bug fixes to 4-1-stable. So everyone still on 4.1 and unable to move quickly can thank Rafael!

Rails 4.2 will also mark the last big release in the 4.x series. After release, we're going to work towards the big Rails 5.0! This means rails/master will have that target as soon as the release candidates for 4.2 start, and 4-2-stable is created.

Rails 5.0 is in most likelihood going to target Ruby 2.2. There's a bunch of optimizations coming in Ruby 2.2 that are going to be very nice, but most importantly for Rails, symbols are going to be garbage collected. This means we can shed a lot of weight related to juggling strings when we accept input from the outside world. It also means that we can convert fully to keyword arguments and all the other good stuff from the latest Ruby.

The release target for Rails 5.0 is currently spring/summer of 2015. So there's a while yet, but we're putting this out there for people to know, so gem maintainers and other Ruby implementations can know where we're going.

Please help us make Rails 4.2 solid!

We rely on the feedback from everyone in the community to flush out bugs and upgrade issues ahead of a big release like this. So please give Rails 4.2 a try on your app, and if you're starting a new app today, you should probably use the beta1 for that, if you're just the least bit savvy with Rails.

Issues can be recorded on the Github issues tracker.

Already, 476 people have contributed to this new release of Rails. Please do become one of them!

[ANN] Rails 4.1.6.rc1 and 4.0.10.rc1 have been released!

Hi everyone,

I am happy to announce that Rails 4.1.6.rc1 and 4.0.10.rc1 have been released.

If no regressions are found expect the final release this Friday, on August 22, 2014. If you find one, please open an issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 4.0.9

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.1.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.0.10.rc1:

$ shasum *4.0.10.rc1*
fa4efa72a6b89c6dcf55280f6bbfab00564982e8  actionmailer-4.0.10.rc1.gem
bfbb408c6c2ab89eafda1b84a33f83a9f58eda8c  actionpack-4.0.10.rc1.gem
f1bedb27e877ca6493541a69491910ce70a34ed0  activemodel-4.0.10.rc1.gem
f211a80fc134f38f4eb2d503b3ca7e92a83eabed  activerecord-4.0.10.rc1.gem
e751d258407d02c3f8790775ffa99f0895c56704  activesupport-4.0.10.rc1.gem
34b8908b2738e78917a434b45ae9fe82b4908425  rails-4.0.10.rc1.gem
a2d4ee8203ce07785b15b367ffe31f9ea96268a7  railties-4.0.10.rc1.gem

Here are the checksums for 4.1.6.rc1:

$ shasum *4.1.6.rc1*
3589d4ea69a04f87ea5335994a43f8d814c6c8df  actionmailer-4.1.6.rc1.gem
b51d28e356c58d08d2f65a3a4912a2911b9d4ffe  actionpack-4.1.6.rc1.gem
f2a8ba7e7ca8fa9e74688cbca3af1e8d48b23de7  actionview-4.1.6.rc1.gem
9a2778d02bd596d629eca6265f0a6d7cecb7d2ef  activemodel-4.1.6.rc1.gem
681023c5764cb1336b6d74bf2ff76efd9c1386b7  activerecord-4.1.6.rc1.gem
85c4e30b5b0eba99c9d43049206591250aed2072  activesupport-4.1.6.rc1.gem
fd10c0533065471768d8fe4b7e7ba81738c607dd  rails-4.1.6.rc1.gem
ec05790e0d256a474f0eaf3ae61e9556e71f1b18  railties-4.1.6.rc1.gem

I'd like to thank you all, every contributor who helped with this release.

Rails 4.0.9 and 4.1.5 have been released!

Hi everyone!

Rails 4.0.9 and 4.1.5 have been released!

These two releases contain a security fix, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue.

The security fix for 4.0.9 and 4.1.5 is:

the commits for 4.0.9 can be found here, and the commits for 4.1.5 can be found here.

Here are the checksums for 4.0.9:

$ shasum *4.0.9*
2034a17791be885e8e4e6211c26447614c830e62  actionmailer-4.0.9.gem
00b13c7dfe94af6ede24c6c1652ff4bc2aee9ef8  actionpack-4.0.9.gem
0a16de437de79128846d5a5fc73a0a0d6ebe369e  activemodel-4.0.9.gem
3d1884dff4fa64267d7c840dbaaac3eafc6fc0a9  activerecord-4.0.9.gem
eb27657cf79c4c13f7b4c4f7aa69a8a171f4e68c  activesupport-4.0.9.gem
2bdba9c61f8860d1883ed5803591dc603b7312fb  rails-4.0.9.gem
f90c7f3104d9d63992d53331990e33c1d832e7c0  railties-4.0.9.gem

Here are the checksums for 4.1.5:

$ shasum *4.1.5*
798edeca54bb9ca1ba91b7669fccb4d2bb41f404  actionmailer-4.1.5.gem
2354a982938658cfafd6097a406ac43facb80c70  actionpack-4.1.5.gem
eb71ffc6ea7537d6066483b6ff5d1edf51f0c344  actionview-4.1.5.gem
15a24e5a1e9191541cc7b24bc1f74e3a0293cf97  activemodel-4.1.5.gem
27cd6cc6a3b52eb5966171e5959b0505f411e8ce  activerecord-4.1.5.gem
44a53eac3e7851c2311cce42f63c966ea05b5552  activesupport-4.1.5.gem
7fa52337ec2b659abfb5b5678125ba0d3b5cbce7  rails-4.1.5.gem
6ffdb1e19734460ded12f9a66f8390ea071f6727  railties-4.1.5.gem

<3<3<3<3

Rails 4.0.8 and 4.1.4 have been released!

Hi everyone!

Rails 4.0.8 and 4.1.4 have been released!

The security patches introduced a regression on the PostgreSQL Range feature. This regression was only introduced to Rails 4.x. Rails 3.2 users are not impacted.

the commits for 4.0.8 can be found here, and the commits for 4.1.4 can be found here.

Here are the checksums for 4.0.8:

$ shasum *4.0.8*
1214de9fa493f5a23c87f7a7c2f1af84f67b60b6  actionmailer-4.0.8.gem
342aa07585b9b4b32ba37c8baf6fe93c53619ad6  actionpack-4.0.8.gem
b40e3b1bbd744b868f74c26e1088d73c9e7d7297  activemodel-4.0.8.gem
b1e28bdad10f21ed8af8b3b8b5e70f0110d19dff  activerecord-4.0.8.gem
1d3d2a767478aee5be22db197b2ec06cdaede10a  activesupport-4.0.8.gem
dbfa6c723191bf61d1c2d3f9809259f419956a74  rails-4.0.8.gem
f22a0677d9151d1f31d109b1c0687b53e06a94f7  railties-4.0.8.gem

Here are the checksums for 4.1.4:

$ shasum *4.1.4*
5e6426134003a55e0f43ff371521f6d66c8881b7  actionmailer-4.1.4.gem
79e84be29d961ef2c175cb5258b1d8c78ad6460f  actionpack-4.1.4.gem
8ba89c7399b81e2727402806176de0db397732eb  actionview-4.1.4.gem
9edc0b4e5c709ad11517a9f40ba50ee93e97e59b  activemodel-4.1.4.gem
23851340221e38717a7159ebcd2eb398e8ebeacd  activerecord-4.1.4.gem
388bd214252b34d22ec8bd1ca2445d7b53cd39bb  activesupport-4.1.4.gem
0e050607bb8581dc756c5184a5920de9708398f1  rails-4.1.4.gem
e1a75ea7161db14c953fce1e399c4e20b2eaa364  railties-4.1.4.gem

<3<3<3<3

Rails 3.2.19, 4.0.7 and 4.1.3 have been released!

Hi everyone!

Rails 3.2.19, 4.0.7 and 4.1.3 have been released!

These three releases contain important security fixes, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue.

The security fix for 3.2.19 is:

The security fix for 4.0.7 and 4.1.3 is:

The commits for 3.2.19 can be found here, the commits for 4.0.7 can be found here, and the commits for 4.1.3 can be found here.

Here are the checksums for 3.2.19:

$ shasum *3.2.19*
18420c276ad514b31e393a8a3e54717e66d1b671  actionmailer-3.2.19.gem
44285b467d5c89d6fcc7ccb0d75e18371373a097  actionpack-3.2.19.gem
44ee59f4024aeaac88cb558e337c67968be96531  activemodel-3.2.19.gem
88a7417694abfbb4e8e9eafd4bdcc1d09d609a76  activerecord-3.2.19.gem
32399ca83e5a4241bd14bd16c3042b1a0bd40277  activeresource-3.2.19.gem
6d392def38721f93fa9b4511d53aeaa44eb0fb47  activesupport-3.2.19.gem
486b22ec6e8ec0a20b4c3e3b4d4c0c12fc762c8d  rails-3.2.19.gem
fc104dc2bbd549e6d5cc9b40e95e321d19bb9d86  railties-3.2.19.gem

Here are the checksums for 4.0.7:

$ shasum *4.0.7*
92398e29b1b39578eb0814fce6ab5eb0b4aa4080  actionmailer-4.0.7.gem
6da21c3793a9d83a8d2c88f9718e3e0679aaf316  actionpack-4.0.7.gem
a7885a5b2a3ae24389bd4037350a49ec6a4baec7  activemodel-4.0.7.gem
126ce8ddd290458577f878152faea8b4a65b14b5  activerecord-4.0.7.gem
efbc0b6ef05b6235955c1d890b7c53ea019d2499  activesupport-4.0.7.gem
9589f7f5141ec688ed1f8e7ac8f7429b06d098ef  rails-4.0.7.gem
e4078a44393d0af71e9ecb2c69ad57654f34db8f  railties-4.0.7.gem

Here are the checksums for 4.1.3:

$ shasum *4.1.3*
23b3bdabaa0932ea0b85e36eeb7a05141a26d523  actionmailer-4.1.3.gem
16555cb09c737f7ed371f7b6bab3ecf3f0e3bfe2  actionpack-4.1.3.gem
699eabc22ac45ca264d31556892d9034c3b4da53  actionview-4.1.3.gem
5a2b351d1c570f746f6df606d5281e92758329ea  activemodel-4.1.3.gem
4db00d654d9006bb569f6c9842eb4ea3d84d4546  activerecord-4.1.3.gem
453dae978b865f6589bf61973f93ed5166cbc5fc  activesupport-4.1.3.gem
7e9d4371abb345ac2a0f2765cc514657a115540a  rails-4.1.3.gem
3999875c0d656b60a309dbfeb897310f4ee2879b  railties-4.1.3.gem

<3<3<3<3

[ANN] Rails 4.1.2 and 4.0.6 have been released!

Hi everyone,

Rails 4.1.2 and Rails 4.0.6 are finally out. Rails 4.1.2 is the first bug fix release for the 4.1 series. Rails 4.0.6 includes a lot of bug fixes to make the upgrade path from Rails 3 easier.

CHANGES since 4.0.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.1.1

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.0.6:

$ shasum *4.0.6*
a343354aa1e0938ecce8665ef4aeee05a5f46a2c  actionmailer-4.0.6.gem
31c869fad7d3996e57fcb54c02db00af7a3a0d13  actionpack-4.0.6.gem
c98040fd624b3946fa53cfa5015178108fd95ada  activemodel-4.0.6.gem
c7d2863923b2b98b4f81e79121a5f4227a95407f  activerecord-4.0.6.gem
2b9ef712c1edb0b6b52891984bcf41daa85487e8  activesupport-4.0.6.gem
d99210557ce76138c4493cd6fc0428b9fd9535e0  rails-4.0.6.gem
6d4c0c37cfce73052607f02c1121770267449c0d  railties-4.0.6.gem

Here are the checksums for 4.1.2:

$ shasum *4.1.2*
df160752af2f6aa27926ae8874402bef9090082b  actionmailer-4.1.2.gem
7982759fca5f229b9fa655f9eef569a792af36f9  actionpack-4.1.2.gem
1858c063242b5fad0c780599c72a1c8751a87bef  actionview-4.1.2.gem
ddadace54c147ba25983352a3fccefbe89a1cc0e  activemodel-4.1.2.gem
b0d1cfecb597b4240d0586869d7bfc943d8c1532  activerecord-4.1.2.gem
a3597126199cbfad360f8c47adcd0a41c47e532e  activesupport-4.1.2.gem
b8246aa396172b409656cd198cc6b1f3a13f7f25  rails-4.1.2.gem
19bfbf57636a2c81e606fe284adcf74767c4bc52  railties-4.1.2.gem

I'd like to thank you all, every contributor who helped with this release.

[ANN] Rails 4.1.2.rc3 and 4.0.6.rc3 have been released!

Hi everyone,

I am happy to announce that Rails 4.1.2.rc3 and 4.0.6.rc3 have been released.

We fixed two regressions on Active Record component.

If no more new regressions are found expect the final release this Thursday, on Jun 26, 2014. If you find one, please open an issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 4.0.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.1.1

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.0.6.rc3:

$ shasum *4.0.6.rc3*
af0d0aab4192f9d37ae238085cd9b410015a1b08  actionmailer-4.0.6.rc3.gem
6911962ef02985ed42fb8829fc4c2c11d0cb7563  actionpack-4.0.6.rc3.gem
e6d6ede05f749122875e171183e7f619af742d53  activemodel-4.0.6.rc3.gem
e4e206c07f42e52785d2964ff90d79c62818ed46  activerecord-4.0.6.rc3.gem
69ede48c8330b294a9eb3ed4c597624842b170ca  activesupport-4.0.6.rc3.gem
2793dd17405af95695c9988fddcbc5c2a2429aca  rails-4.0.6.rc3.gem
369a895d38d264b01f7cd370e7a9edba8cc7f71b  railties-4.0.6.rc3.gem

Here are the checksums for 4.1.2.rc3:

$ shasum *4.1.2.rc3*
4693dd6351e942abadd5c91b20a329ecfcb48374  actionmailer-4.1.2.rc3.gem
a4d75f35b9d8ccc6d80fb797ce94866cf3491ae7  actionpack-4.1.2.rc3.gem
ee9cd1b5cd319c41fdf7a067fd49e042853c6465  actionview-4.1.2.rc3.gem
e2c715ab894261187f1bfe3ce1845bab846ec905  activemodel-4.1.2.rc3.gem
902e4d82d03d460ab4aa3cbcdbaeb5d11135500e  activerecord-4.1.2.rc3.gem
1c086568424a2e511cd2ba3c97c42963c9a474eb  activesupport-4.1.2.rc3.gem
bfb012898f5f4af3f7da0a33929cd9f7ae888902  rails-4.1.2.rc3.gem
5b0c6c33db6aaf8fb7ad940e88c87c345949c84b  railties-4.1.2.rc3.gem

I'd like to thank you all, every contributor who helped with this release.

[ANN] Rails 4.1.2.rc2 and 4.0.6.rc2 have been released!

Hi everyone,

I am happy to announce that Rails 4.1.2.rc2 and 4.0.6.rc2 have been released.

We had a regression with the protected_attributes gem, so if you are using it in your Rails application make sure you are using protected_attributes 1.0.8 to get it working with these Rails versions.

If no new regressions are found expect the final release this Thursday, on Jun 19, 2014. If you find one, please open an issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 4.0.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.1.1

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.0.6.rc2:

$ shasum *4.0.6.rc2*
4f92e40428cf3513823b16fb674cc59367c30e13  actionmailer-4.0.6.rc2.gem
87449d571f13806399bf26aa1fe666787a197af2  actionpack-4.0.6.rc2.gem
b8b9927eb65b43c10d0b7d79a4942925105c7dbb  activemodel-4.0.6.rc2.gem
3c37325ff3f763dce52554046ff07bacbfbb1dd6  activerecord-4.0.6.rc2.gem
f3572822ab03eeee772d849cb9201d29464e0bbb  activesupport-4.0.6.rc2.gem
020211149871991b45926e23a72c483826e14904  rails-4.0.6.rc2.gem
a86b1e31db544c762ebe1005db0e783ad6de604b  railties-4.0.6.rc2.gem

Here are the checksums for 4.1.2.rc2:

$ shasum *4.1.2.rc2*
a34885dfbadd9bb8aeb8047428f04f5680ef40ef  actionmailer-4.1.2.rc2.gem
4800e2ddac6c248817a2bedf2c8b35bd1dab7edd  actionpack-4.1.2.rc2.gem
777e2030dde924fb0a851f6227ee2224a9479735  actionview-4.1.2.rc2.gem
80597481e829dad1e8c7a9a331f3d1d64b7ac97d  activemodel-4.1.2.rc2.gem
5636ec01c68be14d3fb111a2a0c97ad7954929e5  activerecord-4.1.2.rc2.gem
cd64099318e90c72c8588f86c2355aef32580ab6  activesupport-4.1.2.rc2.gem
0f1a970cb66799374db8cbb68f536a515e6d87c0  rails-4.1.2.rc2.gem
86662065b041095ad318256f3a8cda2986849f4c  railties-4.1.2.rc2.gem

I'd like to thank you all, every contributor who helped with this release.

[ANN] Rails 4.1.2.rc1 and 4.0.6.rc1 have been released!

Hi everyone,

I am happy to announce that Rails 4.1.2.rc1 is the first bug fix release for the 4.1 series. Also, we are releasing a new bug fix release for the 4.0 series, as 4.0.6.rc1.

If no regressions are found expect the final release this Friday, on May 30, 2014. If you find one, please open an Issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 4.0.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.1.1

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.0.6.rc1:

$ shasum *4.0.6.rc1*
bfaa81992f296ef78ca9fc3bb91f0774d791a2f1  actionmailer-4.0.6.rc1.gem
f5bda30b6b4055fead69615cb1002e0a7d0b3ea8  actionpack-4.0.6.rc1.gem
8ebc8ee9fc2397938779145fd72a4b3bdf1403f0  activemodel-4.0.6.rc1.gem
3c7020e743f0ae31a50ec66ca539d1edec6f056a  activerecord-4.0.6.rc1.gem
d2fd5241f4725e5c8cea638e2a5e9f9fbff653b7  activesupport-4.0.6.rc1.gem
b44d1a9fc30939c5d83e1f09fba0c0f6cb7f675a  rails-4.0.6.rc1.gem
dbe182d875924600750972e9c0a5025ee2921e55  railties-4.0.6.rc1.gem

Here are the checksums for 4.1.2.rc1:

$ shasum *4.1.2.rc1*
7eb15b9912f8f6948be4091a165417552930950c  actionmailer-4.1.2.rc1.gem
4dde8326e5fdf09a682966d048855d6adb9c49cc  actionpack-4.1.2.rc1.gem
86c81d9dc97b7e23a8ff39826ee7d92d3b0bc78c  actionview-4.1.2.rc1.gem
df193047dc7daabfea8e0a59326ba35ffa7bdd9a  activemodel-4.1.2.rc1.gem
231e81b5baa8eec3a5f7d9b1eb476951f5af619b  activerecord-4.1.2.rc1.gem
ab905ad3df3b4e76622dc209e3f4804612ccf0b7  activesupport-4.1.2.rc1.gem
3f550100c230a76da51b844f88b606eee8e19594  rails-4.1.2.rc1.gem
d2fd2645af58591f09c9a0af6ca61b6005fd8854  railties-4.1.2.rc1.gem

I'd like to thank you all, every contributor who helped with this release.

Rails 3.2.18, 4.0.5 and 4.1.1 have been released!

Hi everyone!

Rails 3.2.18, 4.0.5 and 4.1.1 have been released!

These three releases contain important security fix, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue.

The security fixes is:

The commits for 3.2.18 can be found here, the commits for 4.0.5 can be found here, and the commits for 4.1.1 can be found here.

Here are the checksums for 3.2.18:

$ shasum *3.2.18*
971d49dac1d0d2576e9bd01b9a96c393098a96c5  actionmailer-3.2.18.gem
4c99239a646f8c662559f9fc4924c20a0f29eae7  actionpack-3.2.18.gem
51f280b8c606a3c7cd503933cabff7b0c6172d1b  activemodel-3.2.18.gem
b99c31493ddaf0af4c0007b526dd5213222c2bd9  activerecord-3.2.18.gem
a9d35d1c837047ee328d0f16f420cd2c60a612c9  activeresource-3.2.18.gem
1526e35aaa02ffb526f5cda77425fecdfd449f56  activesupport-3.2.18.gem
8ad5bf5ab760112100e29d8515d7c5181f8dbae0  rails-3.2.18.gem
97e6e478dbebff9cf31c301381b8527f2a523ee5  railties-3.2.18.gem

Here are the checksums for 4.0.5:

$ shasum *4.0.5*
80be4d61b42fc532d87ba8816f521b7413a52ce2  actionmailer-4.0.5.gem
b830f763f6b621cb066002eef02f8ada4826baa2  actionpack-4.0.5.gem
b1aefc15e8b506a53975705840e0445065e14822  activemodel-4.0.5.gem
f263e52056be02628308ccb1980903f3f5fb7668  activerecord-4.0.5.gem
3fba584240a62ad0267f77abbcbd849f138f724b  activesupport-4.0.5.gem
166a8ee2064d34fefcda0a383672e83818e5961f  rails-4.0.5.gem
fefa3c5e348b05027f4181e5e6d39f14599f1724  railties-4.0.5.gem

Here are the checksums for 4.1.1:

$ shasum *4.1.1*
796ec07e257a98f31eeea38def505cbf3f1e2747  actionmailer-4.1.1.gem
25e4ad2bc143df849941ba54bb47b1d2dca55c2c  actionpack-4.1.1.gem
61a9662e06b32f29d89278105e87c230377a6dfd  actionview-4.1.1.gem
672d510e216019776b66f1e07e7faf4ac5bb21f5  activemodel-4.1.1.gem
63100443a3416cdde474cca56967bd55029ac507  activerecord-4.1.1.gem
937c7faa903e678e55536c18ee1ea9bafe08b8af  activesupport-4.1.1.gem
558547922545bf8f7c1c2d3bc845b2a66f9d826a  rails-4.1.1.gem
c5c5763e164eb9fb5e3a93fc25df436c379b0d54  railties-4.1.1.gem

Happy Tuesday! <3<3<3<3

Rails 4.1.0: Spring, Variants, Enums, Mailer previews, secrets.yml

Rails 4.1.0 might carry a minor version bump, but there's nothing minor about the bag of goodies it carries. It simply means that upgrading from 4.0.x should be a relatively mild affair as most of the changes are additions or improvements, not backwards-incompatible changes. Let's go over some of those new goodies.

Spring is our new application preloader. It makes running tests, rake, and generators much faster on large applications. You could think of what we had before as the CGI-mode of the command-line. Every time you ran rake, your entire application would be loaded from scratch, only to be thrown out as soon as the command finished. With Spring, your application is a persistent process that can be reused across commands, so only the first run is slow. And we automatically detect code changes, and reload just those parts. It makes a big difference!

Variants allows you to have different templates and action responses for the same mime type (say, HTML). This is a magic bullet for any Rails app that's serving mobile clients. You can now have individual templates for the desktop, tablet, and phone views while sharing all the same controller logic. This is the secret sauce behind Basecamp's hybrid native/HTML strategy for mobile apps: One Rails app serving desktop browsers, mobile browsers, native mobile apps. The reuse benefits are immense and the productivity boost staggering. Really.

Enums wraps the pattern of having a status field constrained to just a few options. It's just enough syntactic sugar to make tinyint-backed status fields taste delicious while still reaping the optimization benefit of avoiding repeated status strings. Poor man's state machine? Nah, Just Enough for Most of the Time.

Mailer previews make it dead simple to visually iterate over your Action Mailer views with test data, so you can get the same work flow as you have for any other view in your app. Make a change, reload to see it. Easy as pie. And certainly a lot better than either starting with static files that then have to be converted to mailer templates, or trying to copy'n'paste the HTML out of the log files to view them in a browser (come on, you've been there!).

Finally, we've committed to moving production passwords out of your application repository with two changes. The first is secrets.yml, which gives you one place and one convenient interface to access secrets that have been set either via ENV variables or deployment scripts. By default it's used for the secret token guarding cookie integrity, but you can use it for whatever else you need in your app. Second is that we've added support for database URLs in database.yml, and that we by default will be referring to ENV-backed URLs in the generated files. Hurray security!

Now that's just a quick look in the goodie bag. If you want the play-by-play, you can have a look through the 5,200 commits we've done between 4-0-stable and v4.1.0. That's right, five thousand. Witness the firepower of this armed and fully operational community!

You can also digest the changes, and see some real code, by diving into Yves' and Godfrey's splendid work on the release notes for 4.1 as a guide and the feature walk-through.

The gems are now on RubyGems, so gem install rails will get you the latest. Or you can use the v4.1.0 tag.

Enjoy and we hope to see you at RailsConf in two weeks!

Rails 4.1.0: Release candidate 2

This is intended as the last stop before the final version of Rails 4.1.0 hits the virtual presses. We've been stamping out bugs and polishing things for about a month since the last release candidate. Thanks to everyone who so graciously helped report issues and work on getting things fixed. It makes a big difference to the final product!

Please do the same with this version. If you haven't already given a release candidate a try, this is an excellent time to do so. We expect very little to change between this version and the forthcoming final release. Barring any major upsets, we shouldn't be more than a few weeks out from the final release. Just in time for RailsConf!

As a repeat reminder, Yves and Godfrey have done such a splendid job putting together the release notes for 4.1 as a guide and Godfrey's feature walk-through, so I won't repeat them here. But you're definitely in for a treat.

We have a 4-1-0 branch that's tracking rc2 through release of final. And we have a 4-1-stable branch that has a few more fixes for things that weren't appropriate to throw into the release candidate cycle. Finally, there's of course rails/master which now targets 4.2.0, so expect a bit more flux there. Oh, and of course the v4.1.0.rc2 tag for this particular release.

Enjoy!

[ANN] Rails 4.0.4 has been released!

Hi everyone,

I am happy to announce that Rails 4.0.4 has been released. This is a bug fix release and includes more than 290 commits.

This release is also known as "Regression Not Found" release, since no regressions are found after 4.0.4.rc1.

CHANGES since 4.0.3

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes:

d12ff5a5e6a92b038a81a697584e8e4022333d53  actionmailer-4.0.4.gem
c92b825d81fc8ffdd667b4141645f41df5dbba5f  actionpack-4.0.4.gem
e0de4e72d74e6d1af011445a90eff402ec08ebcb  activemodel-4.0.4.gem
e70ec2fb32672dae369c94e9ed627a694a906841  activerecord-4.0.4.gem
af0b69490effcc16f9e9d284814d947810485433  activesupport-4.0.4.gem
9d7371d66c64f9f83ef1b439dd636b166e7a59f4  rails-4.0.4.gem
3cdb34c1836bf09569cf9b2d291a737849d3f699  railties-4.0.4.gem

I'd like to thank you all, every contributor who helped with this release.

[ANN] Rails 4.0.4.rc1 has been released!

Hi everyone,

I am happy to announce that Rails 4.0.4.rc1 has been released. This is a bug fix release and includes more than 290 commits.

If no regressions are found we will release 4.0.4 final this Friday, on March 14, 2014. If you find one, please open an Issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 4.0.3

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes:

450c2d673e35332e93f6ff8b79f5fc6a6c6c5494  actionmailer-4.0.4.rc1.gem
2632500a717450335f35dc46d45ea3bbad4a6c41  actionpack-4.0.4.rc1.gem
b8615f73e39c701295aa7e1c4131fdc03e05420a  activemodel-4.0.4.rc1.gem
8f3329e7daca46cdaf6472f917f159600a378412  activerecord-4.0.4.rc1.gem
1c6fa8c7cb04ed982cdd378890c543984cfd27f1  activesupport-4.0.4.rc1.gem
43118638bc24f2811d09d95a429667ac4bd7eb6d  rails-4.0.4.rc1.gem
ff6cb0a24ff6ebc79f2fca75134ccd65a6e1601c  railties-4.0.4.rc1.gem

I'd like to thank you all, every contributor who helped with this release.

Rails 4.1.0: Release candidate 1

We're getting really close to signing off on Rails 4.1.0, but we need your help to push it the last mile. Today we're putting out the first (and, with luck, only) release candidate of Rails 4.1.0. It would be swell if you would try it out and tell us where it breaks.

It's already in really good shape (we've been running beta1 and forward in production for Basecamp for months), but still, let's make it a shiny gemstone for release.

As a reminder, Yves and Godfrey have done such a splendid job putting together the release notes for 4.1 as a guide and Godfrey's feature walk-through, so I won't repeat them here. But you're definitely in for a treat.

We have also now aimed rails/master at Rails 4.2.0, but there's a new rails/4-1-stable branch to follow for this release series. And of course there's the v4-1-0-rc1 tag for this particular release.

Enjoy!

Rails 3.2.17, 4.0.3 and 4.1.0.beta2 have been released!

Hi everyone!

Rails 3.2.17, 4.0.3 and 4.1.0.beta2 have been released!

These three releases contain important security fixes, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue.

The security fixes in 3.2.17 are:

The security fixes in 4.0.3 are:

The security fixes in 4.1.0.beta2 are:

The commits for 3.2.17 can be found here, the commits for 4.0.3 can be found here, and the commits for 4.1.0.beta2 can be found here.

Here are the checksums for 3.2.17:

$ shasum *3.2.17*
f935f62c77648ceeea622c745fb675c00bae1762  actionmailer-3.2.17.gem
c97fc5302175bf85047598303ff5955e62b6ec94  actionpack-3.2.17.gem
73bfa7ba3cf5db06d7dd904d01a364794c26d74b  activemodel-3.2.17.gem
23c0dc657f6eee4c399e7fa3194670a7fb53d0b7  activerecord-3.2.17.gem
0408aec45047c3a487d157cca6776fab482a257e  activeresource-3.2.17.gem
f82805677b48a63678a10516bb190b9018621295  activesupport-3.2.17.gem
dd3dad311e390b57683c9e5367e5b86d468603d9  rails-3.2.17.gem
b1ce101f057562972852841de94f39dd54662ebd  railties-3.2.17.gem

Here are the checksums for 4.0.3:

$ shasum *4.0.3*
23a518945d69748894089be0c0248ac37a53a43a  actionmailer-4.0.3.gem
ea6ed1a6217025114781a82b1a47764b5f208efc  actionpack-4.0.3.gem
f7eebfc01692e433d154b711d7d46dfdb6c952b3  activemodel-4.0.3.gem
2f2d4e466869590a0c05df027b53440fc031a519  activerecord-4.0.3.gem
201700ba04716383dfd170e9fea05dda9f991cba  activesupport-4.0.3.gem
a26d1ecd1d61c18672e29668018dc89c37d371c1  rails-4.0.3.gem
984b1f914e64301f058b3ae49802b1d20f4d29ff  railties-4.0.3.gem

Here are the checksums for 4.1.0.beta2:

$ shasum *4.1.0.beta2*
b75b973e6bbbd547067e5c3b95948fa124110f65  actionmailer-4.1.0.beta2.gem
7450f3c6e4e8fecd570e738935999de60fb5419d  actionpack-4.1.0.beta2.gem
4c26f942e171f370bbe3bd48432709aabeae4b0e  actionview-4.1.0.beta2.gem
f2296128d08078c7d56e56e679ef0fefef256ed1  activemodel-4.1.0.beta2.gem
46ba3ebac34c19b060c7168365e3dedbc80f0332  activerecord-4.1.0.beta2.gem
46e048380d4c6d371d723676fad42c8710c6b4c1  activesupport-4.1.0.beta2.gem
e97fc5cd39c8480e9f2f94a4499c8553dd744aa0  rails-4.1.0.beta2.gem
0ad46ba736bfdf4b970199d8739974ef3c3c0cab  railties-4.1.0.beta2.gem

Happy Tuesday! <3<3<3<3

Rails 4.1.0 beta1: Variants, Spring, mailer previews, JS CSRF, config/secrets.yml, Enums

Hohoho, it's Xmas time, kids! We have a beta full of goodies for everyone who's been nice this year. Rails 4.1 is packed to the gills with more marvelous real-world feature extractions, bug fixes, and the tireless polish only a community full of Rails elves could bestow it with.

While this is just a beta release, it's arguably a lot better tested and ready than most of our previous beta releases. The bulk of what's new are legit bug fixes and additional features. Less shifting of the tectonic plates of the architecture this time around. This should hopefully mean relatively smooth sailing for anyone on 4.0 who wish to upgrade.

In fact, we're already running beta1 in production for Basecamp, so you know it's been taking a good beating. This helped us catch a couple of performance regressions, and we've verified that everything is still spiffy fast on Basecamp.

This new release also follows our new policy of targeting a minor release every six months. The idea being that the jump from minor to minor shouldn't try to include everything under the sun. Just whatever is ready after the six month mark.

So there are already a laundry list of things lined up for 4.2, but that's alright. We can target for that to land in another six months or so.

Yves and Godfrey have done such a splendid job putting together the release notes for 4.1 as a guide and Godfrey's feature walk-through, so I won't repeat them here. But you're definitely in for a treat.

As always, please report any issues as a bug report on Github. If all goes well, we'll try to have the final release out before the end of the year!

[ANN] Rails 4.0.1 has been released!

Hi everyone,

I am happy to announce that Rails 4.0.1 has been released. This is a bug fix release and includes more than 460 commits.

This release comes up with an important change on how Active Record handles subsequent order calls. In Rails 4.0.0 when you do something like this:

User.order("name asc").order("created_at desc")

The latter called order will be prepended in the ORDER BY clause resulting on this SQL:

SELECT * FROM users ORDER BY created_at desc, name asc

In Rails 4.0.1 the behavior of Rails 3 has been restored and the generated ORDER BY clause looks like this:

SELECT * FROM users ORDER BY name asc, created_at desc

We chose to revert the behavior because it added a major backward incompatibility that made harder to have an upgrade path without major changes in the application code. Also we consider the older behavior a bug since it behaves differently from all the others scope methods when they are chained. So we took the most conservative path of reverting it to be consistent with the idea of having a smoother upgrade path to Rails 4.

For those who want the old behavior you can use .reorder or .unscope to remove the ORDER BY clause and generate another one.

Also, this release adds some performance improvements to make Rails 4 even faster.

CHANGES since 4.0.0

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes:

  • 6f2e4d74b34904b61a47187dd879dca3b26fc2d8 actionmailer-4.0.1.gem
  • 063f16cfcf62f766a893fe09e35241bdae7cd70e actionpack-4.0.1.gem
  • b50a071bd924fb27e4c41bb40c9cb483457bc21c activemodel-4.0.1.gem
  • 1a8b173da2d8e2ae27edfeb99164c2574a1d7ddd activerecord-4.0.1.gem
  • 9a58bc3c086628ef8028716eeb7c0cb0f8c7e39a activesupport-4.0.1.gem
  • 4663f4d0607ff59cf0ae5a55b268d27d658fdcc8 rails-4.0.1.gem
  • 22e23959dc14101697eb2bb8acc00a81cc6c3884 railties-4.0.1.gem

I'd like to thank you all, every contributor who helped with this release.

[ANN] Rails 4.0.1.rc1 has been released!

Hi everyone,

I am happy to announce that Rails 4.0.1.rc1 has been released. This is a bug fix release and includes more than 450 commits.

This release comes up with an important change on how Active Record handles subsequent order calls. In Rails 4.0.0 when you do something like this:

User.order("name asc").order("created_at desc")

The later called order will be prepended in the ORDER BY clause resulting on this SQL:

SELECT * FROM users ORDER BY created_at desc, name asc

In Rails 4.0.1 the behavior of Rails 3 has been restored and the generated ORDER BY clause looks like this:

SELECT * FROM users ORDER BY name asc, created_at desc

We chose to revert the behavior because it added a major backward incompatibility that made harder to have an upgrade path without major changes in the application code. So we took the most conservative path of reverting it to be consistent with the idea of having a smoother upgrade path to Rails 4.

Also, this release adds some performance improvements to make Rails 4 even faster.

If no regressions are found we will release 4.0.1 final this Tuesday, on October 22, 2013. If you find one, please open an Issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 4.0.0

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes:

  • 482e0c05fb25ae9a8d261f301054fc182e7b4447 actionmailer-4.0.1.rc1.gem
  • 4da9135cfc94be9fa2f25697247bacc5dad5a7ae actionpack-4.0.1.rc1.gem
  • 205ac4e9fa0be619f636d2947005796be6b8ad9a activemodel-4.0.1.rc1.gem
  • e2f1268614c91b9d9d4ca3dfecf2db5c59c10141 activerecord-4.0.1.rc1.gem
  • 349fc20340fde7d36a755a2e739187659b082648 activesupport-4.0.1.rc1.gem
  • 43b6b57d3c5eaeb2ac0bdea17e9c68a301293930 rails-4.0.1.rc1.gem
  • f17137d25df9f10d6c1a3d31563c70cc82ad1525 railties-4.0.1.rc1.gem

I'd like to thank you all, every contributor who helped with this release.

[ANN] Rails 3.2.15 has been released!

Hi everyone,

I am happy to announce that Rails 3.2.15 has been released. This is a bug fix release and includes 56 commits.

This release also contains one security fix that you can read about here. Users are encouraged to upgrade as soon as possible.

CHANGES since 3.2.14

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes:

$ shasum *
3c9bf15a9b2ea5c4c3280638776f84783adefe6d  actionmailer-3.2.15.gem
34cc3d5cbcee97a4e57ee9d909f51f0f387991bb  actionpack-3.2.15.gem
b1c631dd75fffee2f34407aaf01405aef6c63a43  activemodel-3.2.15.gem
7c86074b47c3864943b719d5b969264e2ace722c  activerecord-3.2.15.gem
a95f88e30d1af9c377f01725282d0e581bd9f88f  activeresource-3.2.15.gem
08b57d2bf95fd16eb9bf1de144f7f0461894ee68  activesupport-3.2.15.gem
da220b9b6f37871d7f32f4c66fe33d42acc92a5a  rails-3.2.15.gem
66e189a5331dabc675459001d57e0fd906f3a888  railties-3.2.15.gem

I'd like to thank you all, every contributor who helped with this release, especially everyone who tried the release candidates.

[ANN] Rails 3.2.14 has been released!

Hi everyone,

I am happy to announce that Rails 3.2.14 has been released. This is a bug fix release and includes more than 150 commits.

I also want to announce that the next 3.2.x release, 3.2.15, will be the last bug fix release of this family. After it we will only release security fixes. So, if you have issues on 3.2.x that you think should be included on 3.2.15, let us know thought the GitHub issues page and in 3 months we'll evaluate if it is time to release.

CHANGES since 3.2.13

Action Mailer

No changes.

Action Pack

  • Merge :action from routing scope and assign endpoint if both :controller and :action are present. The endpoint assignment only occurs if there is no :to present in the options hash so should only affect routes using the shorthand syntax (i.e. endpoint is inferred from the the path).

    Fixes #9856

    Yves Senn, Andrew White

  • Always escape the result of link_to_unless method.

    Before:

    link_to_unless(true, '<b>Showing</b>', 'github.com')
    # => "<b>Showing</b>"
    

    After:

    link_to_unless(true, '<b>Showing</b>', 'github.com')
    # => "&lt;b&gt;Showing&lt;/b&gt;"
    

    dtaniwaki

  • Use a case insensitive URI Regexp for #asset_path.

    This fix a problem where the same asset path using different case are generating different URIs.

    Before:

    image_tag("HTTP://google.com")
    # => "<img alt=\"Google\" src=\"/assets/HTTP://google.com\" />"
    image_tag("http://google.com")
    # => "<img alt=\"Google\" src=\"http://google.com\" />"
    

    After:

    image_tag("HTTP://google.com")
    # => "<img alt=\"Google\" src=\"HTTP://google.com\" />"
    image_tag("http://google.com")
    # => "<img alt=\"Google\" src=\"http://google.com\" />"
    

    David Celis + Rafael Mendonça França

  • Fix explicit names on multiple file fields. If a file field tag has the multiple option, it is turned into an array field (appending []), but if an explicit name is passed to file_field the [] is not appended. Fixes #9830.

    Ryan McGeary

  • Fix assets loading performance in 3.2.13.

    Issue #8756 uses Sprockets for resolving files that already exist on disk, for those files their extensions don't need to be rewritten.

    Fixes #9803.

    Fred Wu

  • Fix ActionController#action_missing not being called. Fixes #9799.

    Janko Luin

  • ActionView::Helpers::NumberHelper#number_to_human returns the number unaltered when the units hash does not contain the needed key, e.g. when the number provided is less than the largest key provided.

    Examples:

    number_to_human(123, units: {})                # => 123
    number_to_human(123, units: { thousand: 'k' }) # => 123
    

    Fixes #9269. Backport #9347.

    Michael Hoffman

  • Include I18n locale fallbacks in view lookup. Fixes GH#3512.

    Juan Barreneche

  • Fix ActionDispatch::Request#formats when the Accept request-header is an empty string. Fix #7774 [Backport #8977, #9541]

    Soylent + Maxime Réty

Active Model

No changes.

Active Record

  • Do not re-create destroyed association when saving the parent object.

    Fixes #11450.

    Paul Nikitochkin

  • Do not shallow the original exception in exec_cache on PostgreSQL adapter.

    Fixes #11260.

    Rafael Mendonça França

  • Fix ActiveRecord::Store incorrectly tracking changes of its attributes. Fixes #10373.

    Janko Marohnić

  • Fix a bug that prevented the use of the default STI inheritance column (ActiveRecord::Base.inheritancecolumn = 'somecolumn'.)

    chapmajs + Takehiro Adachi

  • Fix mysql2 adapter raises the correct exception when executing a query on a closed connection.

    Yves Senn

  • Fixes bug where Company.new.contract_ids would incorrectly load all non-associated contracts.

    Example:

    company = Company.new # Company has many :contracts
    
    # before
    company.contract_ids # => SELECT ... WHERE `contracts`.`company_id` IS NULL
    
    # after
    company.contract_ids # => []
    

    Jared Armstrong

  • Fix the :primary_key option for has_many associations. Fixes #10693.

    Yves Senn

  • fixes bug introduced by #3329. Now, when autosaving associations, deletions happen before inserts and saves. This prevents a 'duplicate unique value' database error that would occur if a record being created had the same value on a unique indexed field as that of a record being destroyed.

    Backport of #10417

    Johnny Holton

  • Fix that under some conditions, Active Record could produce invalid SQL of the sort: "SELECT DISTINCT DISTINCT".

    Backport of #6792.

    Ben Woosley

  • Require ActiveRecord::Base in railtie hooks for rake_tasks, console and runner to avoid circular constant loading issues.

    Backport #7695.

    Fixes #7683 and #882

    Ben Holley

  • Maintain context for joins within ActiveRecord::Relation merges. Backport #10164.

    Neeraj Singh + Andrew Horner

  • Make sure the EXPLAIN command is never triggered by a select_db call.

    Daniel Schierbeck

  • Revert changes on pluck that was ignoring the select clause when the relation already has one. This caused a regression since it changed the behavior in a stable release.

    Fixes #9777.

    Rafael Mendonça França

  • Confirm a record has not already been destroyed before decrementing counter cache.

    Ben Tucker

  • Default values for PostgreSQL bigint types now get parsed and dumped to the schema correctly. Backport #10098.

    Erik Peterson

  • Removed warning when auto_explain_threshold_in_seconds is set and the connection adapter doesn't support explain. This is causing a regression since the Active Record Railtie is trying to connect to the development database in the application boot.

    Rafael Mendonça França

  • Do not reset inheritance_column when it's set explicitly. Backport of #5327.

    kennyj + Fred Wu

  • Fix a problem wrong exception is occured when raising no translatable exception in PostgreSQL.

    kennyj

  • Resets the postgres search path in the structure.sql after the structure is dumped in order to find schema_migrations table when multiples schemas are used. Fixes #9796.

    Juan M. Cuello + Dembskiy Alexander

  • Reload the association target if it's stale. @stale_state should be nil when a model isn't saved. Fixes #7526.

    Larry Lv

  • Don't read CSV files during execution of db:fixtures:load. CSV support for fixtures was removed some time ago but the task was still loading them, even though later the code was looking for the related yaml file instead.

    kennyj

Active Resource

  • Fixes an issue that ActiveResource models ignores ActiveResource::Base.includerootin_json. Backported from the now separate repo rails/activeresouce.

    Xinjiang Lu

Active Support

  • Make Time.at_with_coercion retain the second fraction and return local time.

    Fixes #11350

    Neer Friedman, Andrew White

  • Fix ActiveSupport::TaggedLogging incorrectly providing program name the same as log message even when block is not provided.

    Carson Reinke

  • Override Time.at to support the passing of Time-like values when called with a single argument.

    Andrew White

  • Revert the changes on unicode character encoding from ActiveSupport::JSON.encode. This was causing a regression where the resulting string is always returning UTF-8. Also it changes the behavior of this method on a stable release. Fixes #9498.

    Rafael Mendonça França

  • Fix ActiveSupport::TimeZone.parse when time is at a local DST jump. Fixes #9678.

    Andrew White

Railties

  • Fix bugs that crashed rake test:benchmark, rails profiler and rails benchmarker. Fixes #4938. Backport rails/rails-perftest#2.

    Dmitry Vorotilin + Yves Senn

  • Add support for runner hook.

    Backport #7695.

    Ben Holley

  • Fixes bug with scaffold generator with --assets=false --resource-route=false. Fixes #9525.

    Arun Agrawal

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes:

  • dd2333744644870efcd149e3adf3c3b6934ec6ed actionmailer-3.2.14.gem
  • efcfc238115f7db57650dbab348d0b5192f98770 actionpack-3.2.14.gem
  • d72fadd29e10e2ead9fb0d7371bed5a7fb32c044 activemodel-3.2.14.gem
  • af7585f9a58d5e643d6e332daede4a0b8ee1de7a activerecord-3.2.14.gem
  • 188924273139cea07032254987d748aee45f5800 activeresource-3.2.14.gem
  • e221938399c9cb040ef9285f52b18bfa3e59b10a activesupport-3.2.14.gem
  • a5d44cf4c65798e925d998f416804cd23c914001 rails-3.2.14.gem
  • 4e99050427fb47ff515051e78eedf328c9ec5676 railties-3.2.14.gem

I'd like to thank you all, every contributor who helped with this release, especially everyone who tried the release candidates.

[ANN] Rails 3.2.14.rc2 has been released!

Hi everyone,

One regression was found on the 3.2.14.rc1 release. So, following the script We are releasing a new release candidate, Rails 3.2.14.rc2.

If no regressions are found we will release 3.2.14 final final this Friday, on July 19, 2013. If you find one, please open an Issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 3.2.14.rc1

Action Mailer

No changes.

Action Pack

No changes.

Active Model

No changes.

Active Record

  • Do not re-create destroyed association when saving the parent object.

    Fixes #11450.

    Paul Nikitochkin

Active Resource

No changes.

Active Support

No changes.

Railties

No changes.

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one we've uploaded, please use these SHA-1 hashes:

  • 8126e9ca60ca050fd4e809d70f2035deae1e681f actionmailer-3.2.14.rc2.gem
  • bc0c7594aebc42fe0cdd7213017e3280d6111c40 actionpack-3.2.14.rc2.gem
  • 1b3de1ee862ef055b7a300e180ae97140d51534b activemodel-3.2.14.rc2.gem
  • 57a9ede96d56eaac5e484f8becd41ff9513918f3 activerecord-3.2.14.rc2.gem
  • 2ad96e7ab80ef8801234774f81d85cc800abfc96 activeresource-3.2.14.rc2.gem
  • 02c03d4d8b888b02bf9898ab663126760e3b3678 activesupport-3.2.14.rc2.gem
  • 561edde241b39ba54f79b32f93f29db699fbf668 rails-3.2.14.rc2.gem
  • 4d16819efc81d3a4c761cad460c094f69a58171c railties-3.2.14.rc2.gem

Thank you everyone!

[ANN] Rails 3.2.14.rc1 has been released!

Hi everyone,

I am happy to announce that Rails 3.2.14.rc1 has been released. If no regressions are found I will release 3.2.14 final final this Monday, on July 15, 2013. If you find one, please open an Issue on GitHub and mention me on it, so that I can fix it before the final release.

CHANGES since 3.2.13

Action Mailer

No changes.

Action Pack

  • Merge :action from routing scope and assign endpoint if both :controller and :action are present. The endpoint assignment only occurs if there is no :to present in the options hash so should only affect routes using the shorthand syntax (i.e. endpoint is inferred from the the path).

    Fixes #9856

    Yves Senn, Andrew White

  • Always escape the result of link_to_unless method.

    Before:

    link_to_unless(true, '<b>Showing</b>', 'github.com')
    # => "<b>Showing</b>"
    

    After:

    link_to_unless(true, '<b>Showing</b>', 'github.com')
    # => "&lt;b&gt;Showing&lt;/b&gt;"
    

    dtaniwaki

  • Use a case insensitive URI Regexp for #asset_path.

    This fix a problem where the same asset path using different case are generating different URIs.

    Before:

    image_tag("HTTP://google.com")
    # => "<img alt=\"Google\" src=\"/assets/HTTP://google.com\" />"
    image_tag("http://google.com")
    # => "<img alt=\"Google\" src=\"http://google.com\" />"
    

    After:

    image_tag("HTTP://google.com")
    # => "<img alt=\"Google\" src=\"HTTP://google.com\" />"
    image_tag("http://google.com")
    # => "<img alt=\"Google\" src=\"http://google.com\" />"
    

    David Celis + Rafael Mendonça França

  • Fix explicit names on multiple file fields. If a file field tag has the multiple option, it is turned into an array field (appending []), but if an explicit name is passed to file_field the [] is not appended. Fixes #9830.

    Ryan McGeary

  • Fix assets loading performance in 3.2.13.

    Issue #8756 uses Sprockets for resolving files that already exist on disk, for those files their extensions don't need to be rewritten.

    Fixes #9803.

    Fred Wu

  • Fix ActionController#action_missing not being called. Fixes #9799.

    Janko Luin

  • ActionView::Helpers::NumberHelper#number_to_human returns the number unaltered when the units hash does not contain the needed key, e.g. when the number provided is less than the largest key provided.

    Examples:

    number_to_human(123, units: {})                # => 123
    number_to_human(123, units: { thousand: 'k' }) # => 123
    

    Fixes #9269. Backport #9347.

    Michael Hoffman

  • Include I18n locale fallbacks in view lookup. Fixes GH#3512.

    Juan Barreneche

  • Fix ActionDispatch::Request#formats when the Accept request-header is an empty string. Fix #7774 [Backport #8977, #9541]

    Soylent + Maxime Réty

Active Model

No changes.

Active Record

  • Do not shallow the original exception in exec_cache on PostgreSQL adapter.

    Fixes #11260.

    Rafael Mendonça França

  • Fix ActiveRecord::Store incorrectly tracking changes of its attributes. Fixes #10373.

    Janko Marohnić

  • Fix a bug that prevented the use of the default STI inheritance column (ActiveRecord::Base.inheritancecolumn = 'somecolumn'.)

    chapmajs + Takehiro Adachi

  • Fix mysql2 adapter raises the correct exception when executing a query on a closed connection.

    Yves Senn

  • Fixes bug where Company.new.contract_ids would incorrectly load all non-associated contracts.

    Example:

    company = Company.new # Company has many :contracts
    
    # before
    company.contract_ids # => SELECT ... WHERE `contracts`.`company_id` IS NULL
    
    # after
    company.contract_ids # => []
    

    Jared Armstrong

  • Fix the :primary_key option for has_many associations. Fixes #10693.

    Yves Senn

  • fixes bug introduced by #3329. Now, when autosaving associations, deletions happen before inserts and saves. This prevents a 'duplicate unique value' database error that would occur if a record being created had the same value on a unique indexed field as that of a record being destroyed.

    Backport of #10417

    Johnny Holton

  • Fix that under some conditions, Active Record could produce invalid SQL of the sort: "SELECT DISTINCT DISTINCT".

    Backport of #6792.

    Ben Woosley

  • Require ActiveRecord::Base in railtie hooks for rake_tasks, console and runner to avoid circular constant loading issues.

    Backport #7695.

    Fixes #7683 and #882

    Ben Holley

  • Maintain context for joins within ActiveRecord::Relation merges. Backport #10164.

    Neeraj Singh + Andrew Horner

  • Make sure the EXPLAIN command is never triggered by a select_db call.

    Daniel Schierbeck

  • Revert changes on pluck that was ignoring the select clause when the relation already has one. This caused a regression since it changed the behavior in a stable release.

    Fixes #9777.

    Rafael Mendonça França

  • Confirm a record has not already been destroyed before decrementing counter cache.

    Ben Tucker

  • Default values for PostgreSQL bigint types now get parsed and dumped to the schema correctly. Backport #10098.

    Erik Peterson

  • Removed warning when auto_explain_threshold_in_seconds is set and the connection adapter doesn't support explain. This is causing a regression since the Active Record Railtie is trying to connect to the development database in the application boot.

    Rafael Mendonça França

  • Do not reset inheritance_column when it's set explicitly. Backport of #5327.

    kennyj + Fred Wu

  • Fix a problem wrong exception is occured when raising no translatable exception in PostgreSQL.

    kennyj

  • Resets the postgres search path in the structure.sql after the structure is dumped in order to find schema_migrations table when multiples schemas are used. Fixes #9796.

    Juan M. Cuello + Dembskiy Alexander

  • Reload the association target if it's stale. @stale_state should be nil when a model isn't saved. Fixes #7526.

    Larry Lv

  • Don't read CSV files during execution of db:fixtures:load. CSV support for fixtures was removed some time ago but the task was still loading them, even though later the code was looking for the related yaml file instead.

    kennyj

Active Resource

  • Fixes an issue that ActiveResource models ignores ActiveResource::Base.includerootin_json. Backported from the now separate repo rails/activeresouce.

    Xinjiang Lu

Active Support

  • Make Time.at_with_coercion retain the second fraction and return local time.

    Fixes #11350

    Neer Friedman, Andrew White

  • Fix ActiveSupport::TaggedLogging incorrectly providing program name the same as log message even when block is not provided.

    Carson Reinke

  • Override Time.at to support the passing of Time-like values when called with a single argument.

    Andrew White

  • Revert the changes on unicode character encoding from ActiveSupport::JSON.encode. This was causing a regression where the resulting string is always returning UTF-8. Also it changes the behavior of this method on a stable release. Fixes #9498.

    Rafael Mendonça França

  • Fix ActiveSupport::TimeZone.parse when time is at a local DST jump. Fixes #9678.

    Andrew White

Railties

  • Fix bugs that crashed rake test:benchmark, rails profiler and rails benchmarker. Fixes #4938. Backport rails/rails-perftest#2.

    Dmitry Vorotilin + Yves Senn

  • Add support for runner hook.

    Backport #7695.

    Ben Holley

  • Fixes bug with scaffold generator with --assets=false --resource-route=false. Fixes #9525.

    Arun Agrawal

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes:

  • 1b8d20d39c9c5bb2fa56c835fe564bfcf6f55c66 actionmailer-3.2.14.rc1.gem
  • ccf1df0c3daa92e5e72ec11f3399167e16d2a48f actionpack-3.2.14.rc1.gem
  • 263cbf1ce202095f92648171c6be92eca85837e0 activemodel-3.2.14.rc1.gem
  • 51de13da5e9c9c9ccdd7f7bd4c2bfb3e1dd3dbb1 activerecord-3.2.14.rc1.gem
  • da709adcc9f56364e0d697ea10e4acc9af48068a activeresource-3.2.14.rc1.gem
  • e45cd0115705514d00b1be917f06092af389fe5d activesupport-3.2.14.rc1.gem
  • 9fd0569cdee1ca0ab7b170f1c40c6c48304ec29e rails-3.2.14.rc1.gem
  • a2d485229708af4cdbbdaef72ef6f756fb1b1341 railties-3.2.14.rc1.gem

Thank you everyone!

Rails 4.0: Final version released!

Rails 4.0 is finally ready after a thorough process of betas and release candidates. It's an amazing new version packed with new goodies and farewells to old features past their expiration date.

A big focus has been on making it dead simple to build modern web applications that are screaming fast without needing to go the client-side JS/JSON server route. Much of this work was pioneered for Rails in the new version of Basecamp and focuses on three aspects:

  1. Make it super easy to do Russian Doll-caching through key-based expiration with automatic dependency management of nested templates (explored first in the cache_digests plugin).
  2. Speed-up the client-side with Turbolinks, which essentially turns your app into a single-page javascript application in terms of speed, but with none of the developmental drawbacks (except, maybe, compatibility issues with some existing JavaScript packages).
  3. Declarative etags makes it even easier to ensure you're taking advantage of HTTP freshness.

Rails is of course still a great JSON server for people who want to build client-side JS views with Ember.js, Backbone.js or Angular.js, but with the progress we've made for Rails 4.0, you certainly won't need to go down that route just to have a super fast application.

We've also added live streaming for persistent connections and Rails 4.0 is now safe for threaded servers out of the box (no more need for config.threadsafe!).

Active Record has received a ton of love as well to make everything related to scoping and the query structure more consistent. We've also locked down the general security defaults even tighter with this version.

On top of these new features and fixes, we have hundreds more of all sorts. Everything has been combed over, streamlined, simplified, and we've extracted out lots of old APIs and things that just don't fit "most people most of the time".

Active Resource, Active Record Observers, and Action Pack page and action caching are all examples of things that are no longer in core, but lives on in plugins.

We encourage you to peruse the CHANGELOGs for all the Rails frameworks and delight over the hundreds of improvements we've made to Rails 4.0: Action Pack, Active Model, Active Record, Active Support, Rails.

If you're upgrading an existing application to Rails 4, have a look at the upgrade guide or the Railscast screencast. As always, install the latest with gem install rails --version 4.0.0 --no-ri --no-rdoc or depend on the v4.0.0 tag. If you haven't already, now is a good time to upgrade to Ruby 2.0 as well. Rails 5+ will require Ruby 2.0, so you might as well get a head start.

If you'd like to learn more about developing Rails 4 applications, the final version of Agile Web Development with Rails 4 was released today as well. The more advanced Crafting Rails 4 Applications is also out in late-stage beta. For screencasts, checkout the new Rails 4: Zombie Outlaws and Mike Clark's Rails 4 class. There's new material and books coming out all the time from a variety of other authors and broadcasters, so we're really in good shape with training material timed for the release this time.

Finally, thanks to everyone who contributed to this release. There has been some 10,000 commits between the latest 3.2 release and Rails 4.0 and ~500 people have contributed in 2013 alone. We have a bigger and more engaged community than ever before and it shows: Rails 4 is an incredibly polished release. It's a real milestone and something for everyone in the community to be proud of.

Rails 4.0: Release Candidate 2 released!

We're almost at the end of the road for Rails 4.0.0. This is intended to be the last release candidate before the final version is released. We have just under a hundred commits in since RC1. All just fixing regressions since the last release.

As last time, please give this release candidate an honest try. This is the version we're going to ship on June 25th unless people find and report blocking issues. Please report all the issues you find on the Rails issue tracker.

As always, install the release with gem install rails --version 4.0.0.rc2 --no-ri --no-rdoc or depend on the v4.0.0.rc2 tag. You can also follow the 4-0-0 branch. 4-0-0-stable is now targeting 4.0.1 and master is targeting 4.1.

Go West, friends!

Rails 4.0: Release Candidate 1 released!

Just in time for the opening of RailsConf, we managed to push out the first release candidate of Rails 4.0. This incorporates no less than 1,368 commits since beta 1. You can see the full list of changes on Github. If you're interested in a high-level review of what's in Rails 4.0, please see the announcement we made for beta 1.

As last time, please give this release candidate an honest try. This is pretty much the version we're going to ship unless people find and report blocking issues. Depending on how much stuff is unearthed, we expect that the final version could drop in as little as 3-4 weeks. Please report all the issues you find on the Rails issue tracker.

We're still working on the upgrade guide from 3.2 to 4.0, but that's a good place to start for help on how to do it. We're also so lucky to have many authors and screencasters ready with material for 4.0. In the books department, you'll find Rails 4.0-ready versions of Agile Web Development with Rails and Crafting Rails Applications. For screencasts, checkout the new Rails 4: Zombie Outlaws and Mike Clark's Rails 4 class. There's new material and books coming out all the time from a variety of other authors and broadcasters, so we're really in good shape with training material timed for the release this time!

As always, install the release with gem install rails --version 4.0.0.rc1 --no-ri --no-rdoc or depend on the v4.0.0.rc1 tag. We also have a new 4-0-stable branch. Master is now safe to move on to developing features for 4.1.

Go West, friends!

[SEC] [ANN] Rails 3.2.13, 3.1.12, and 2.3.18 have been released!

Hi everyone!

Rails versions 3.2.13, 3.1.12, and 2.3.18 have been released. These releases contain important security fixes. It is recommended users upgrade as soon as possible.

Please check out these links for the security fixes:

All versions of Rails are impacted by one or more of these security issues, but per our maintenance policy, only versions 3.2.13, 3.1.12, and 2.3.18 have been released. You can find patches for older versions on each stable branch on GitHub:

as well as with the security advisories.

For other changes in each particular release, please see the CHANGELOG corresponding to that version. For all commits in each release, please follow the links below:

Here are the checksums for the released gems:

3.2.13

[aaron@higgins dist]$ shasum *3.2.13.gem
72b14536f1717121e8b2a5aa5a06c6194e02c87c  actionmailer-3.2.13.gem
a21166f7c364ff7825bf83f9757c33cc44fa0c00  actionpack-3.2.13.gem
9fa309dee3f87a53764db3aaefe3bbf6f9724ad2  activemodel-3.2.13.gem
469f6b4456d7fa1bf0336d488ad5878a6842e2da  activerecord-3.2.13.gem
0c89382354ffc5b4438ed37434b50d7cbc71d569  activeresource-3.2.13.gem
cdf230b698b28ae1cffb325ecbb9e219645ed68b  activesupport-3.2.13.gem
3785dc8d2af1521baddf2d90b67a9b61b2b31604  rails-3.2.13.gem
ff0607812bead596492272e4a4306ae3e950bdf4  railties-3.2.13.gem

3.1.12

[aaron@higgins dist]$ shasum *3.1.12.gem
b3f0ecee33032416170263508ccfb33d5dd65eef  actionmailer-3.1.12.gem
426fcf3f5d4e29ae6bf21f536a97d90d02bf73bb  actionpack-3.1.12.gem
2b01ba8bd85d67ded372f3908b694c1fa1ccb041  activemodel-3.1.12.gem
a3afc58fe3f7448ba09cdacb2046c9e10e474cb4  activerecord-3.1.12.gem
d3402193c0820f016b492162547194f942c96c1a  activeresource-3.1.12.gem
e25ed2f7e055d38b1bed482faf8b563a6b7e3899  activesupport-3.1.12.gem
75c2f85ed1e09d2bd1baa3efab5f097cdaef2a6b  rails-3.1.12.gem
618c5beb85124fbedfe41a72424079700f7a1d2c  railties-3.1.12.gem

2.3.18

[aaron@higgins dist]$ shasum *2.3.18.gem
09e361c4c96104303abad5faa4aec72ebe7c19d1  actionmailer-2.3.18.gem
deca0d8352858f734479b54162269e334faada21  actionpack-2.3.18.gem
e385b4b2e863592f9f06ca3248a67a18ea8c7e6c  activerecord-2.3.18.gem
ff4fb4a62c4d4007a6c596edf8f7055147948e60  activeresource-2.3.18.gem
1b9102fa31a47cf66b0c2583c99b707544d42054  activesupport-2.3.18.gem
f4aff07dce1db10ad6145e358344671cc482de70  rails-2.3.18.gem

Happy Monday!

<3<3<3

[ANN] Rails 3.2.13.rc2 has been released!

Hi everybody.

I'd like to announce that Rails 3.2.13.rc2 has been released.

Rails 3.2.13.rc2 contains fixes for regressions found in rc1. Please test out rc2. If you find regressions between 3.2.13.rc2 and 3.2.12, please email the rails-core mailing list, or file an issue on GitHub.

If there aren't any major regressions, 3.2.13 final will be released on March 13, 2013.

Changes:

<3<3<3

[ANN] Rails 3.2.13.rc1 has been released!

Hey everyone! I am pumped to announce that Rails 3.2.13.rc1 has been released! If no regressions are found I will release 3.2.13 final in two weeks, on March 13, 2013. If you find one, please Open an Issue on GitHub so that I can fix it before the final release.

This is a bugfix release, with 287 commits. There is one big thing that is technically a fix but is sort of a feature: Ruby 2.0 support. Big thanks to Prem Sichanugrist for putting that together! Please give your applications a try on Ruby 2.0 and let me know how that goes.

CHANGES since 3.2.12

Action Mailer

No changes.

Action Pack

  • Determine the controller#action from only the matched path when using the shorthand syntax. Previously the complete path was used, which led to problems with nesting (scopes and namespaces). Fixes #7554. Backport #9361.

    Example:

    # this will route to questions#new
    scope ':locale' do
      get 'questions/new'
    end
    

    Yves Senn

  • Fix assert_template with render :stream => true. Fix #1743. Backport #5288.

    Sergey Nartimov

  • Eagerly populate the http method loookup cache so local project inflections do not interfere with use of underscore method ( and we don't need locks )

    Aditya Sanghi

  • BestStandardsSupport no longer duplicates X-UA-Compatible values on each request to prevent header size from blowing up.

    Edward Anderson

  • Fixed JSON params parsing regression for non-object JSON content.

    Dylan Smith

  • Prevent unnecessary asset compilation when using javascript_include_tag on files with non-standard extensions.

    Noah Silas

  • Fixes issue where duplicate assets can be required with sprockets.

    Jeremy Jackson

  • Bump rack dependency to 1.4.3, eliminate Rack::File headers deprecation warning.

    Sam Ruby + Carlos Antonio da Silva

  • Do not append second slash to root_url when using trailing_slash: true

    Fix #8700. Backport #8701.

    Example: # before root_url # => http://test.host//

    # after
    root_url # => http://test.host/
    

    Yves Senn

  • Fix a bug in content_tag_for that prevents it for work without a block.

    Jasl

  • Clear url helper methods when routes are reloaded by removing the methods explicitly rather than just clearing the module because it didn't work properly and could be the source of a memory leak.

    Andrew White

  • Fix a bug in ActionDispatch::Request#raw_post that caused env['rack.input'] to be read but not rewound.

    Matt Venables

  • More descriptive error messages when calling render :partial with an invalid :layout argument.

    Fixes #8376.

    render :partial => 'partial', :layout => true
    # results in ActionView::MissingTemplate: Missing partial /true
    

    Yves Senn

  • Accept symbols as #send_data :disposition value. [Backport #8329] Elia Schito

  • Add i18n scope to distance_of_time_in_words. [Backport #7997] Steve Klabnik

  • Fix side effect of url_for changing the :controller string option. [Backport #6003] Before:

    controller = '/projects'
    url_for :controller => controller, :action => 'status'
    
    puts controller #=> 'projects'
    

    After

    puts controller #=> '/projects'
    

    Nikita Beloglazov + Andrew White

  • Introduce ActionView::Template::Handlers::ERB.escape_whitelist. This is a list of mime types where template text is not html escaped by default. It prevents Jack & Joe from rendering as Jack &amp; Joe for the whitelisted mime types. The default whitelist contains text/plain. Fix #7976 [Backport #8235]

    Joost Baaij

  • BestStandardsSupport middleware now appends it's X-UA-Compatible value to app's returned value if any. Fix #8086 [Backport #8093]

    Nikita Afanasenko

  • prevent double slashes in engine urls when Rails.application.default_url_options[:trailing_slash] = true is set Fix #7842

    Yves Senn

  • Fix input name when :multiple => true and :index are set.

    Before:

    check_box("post", "comment_ids", { :multiple => true, :index => "foo" }, 1)
    #=> <input name=\"post[foo][comment_ids]\" type=\"hidden\" value=\"0\" /><input id=\"post_foo_comment_ids_1\" name=\"post[foo][comment_ids]\" type=\"checkbox\" value=\"1\" />
    

    After:

    check_box("post", "comment_ids", { :multiple => true, :index => "foo" }, 1)
    #=> <input name=\"post[foo][comment_ids][]\" type=\"hidden\" value=\"0\" /><input id=\"post_foo_comment_ids_1\" name=\"post[foo][comment_ids][]\" type=\"checkbox\" value=\"1\" />
    

    Fix #8108

    Daniel Fox, Grant Hutchins & Trace Wax

Active Model

  • Specify type of singular association during serialization Steve Klabnik

Active Record

  • Reverted 921a296a3390192a71abeec6d9a035cc6d1865c8, 'Quote numeric values compared to string columns.' This caused several regressions.

    Steve Klabnik

  • Fix overriding of attributes by default_scope on ActiveRecord::Base#dup.

    Hiroshige UMINO

  • Fix issue with overriding Active Record reader methods with a composed object and using that attribute as the scope of a uniqueness_of validation. Backport #7072.

    Peter Brown

  • Sqlite now preserves custom primary keys when copying or altering tables. Fixes #9367. Backport #2312.

    Sean Scally + Yves Senn

  • Preloading has_many :through associations with conditions won't cache the :through association. This will prevent invalid subsets to be cached. Fixes #8423. Backport #9252.

    Example:

    class User
      has_many :posts
      has_many :recent_comments, -> { where('created_at > ?', 1.week.ago) }, :through => :posts
    end
    
    a_user = User.includes(:recent_comments).first
    
    # this is preloaded
    a_user.recent_comments
    
    # fetching the recent_comments through the posts association won't preload it.
    a_user.posts
    

    Yves Senn

  • Fix handling of dirty time zone aware attributes

    Previously, when time_zone_aware_attributes were enabled, after changing a datetime or timestamp attribute and then changing it back to the original value, changed_attributes still tracked the attribute as changed. This caused [attribute]_changed? and changed? methods to return true incorrectly.

    Example:

    in_time_zone 'Paris' do
      order = Order.new
      original_time = Time.local(2012, 10, 10)
      order.shipped_at = original_time
      order.save
      order.changed? # => false
    
      # changing value
      order.shipped_at = Time.local(2013, 1, 1)
      order.changed? # => true
    
      # reverting to original value
      order.shipped_at = original_time
      order.changed? # => false, used to return true
    end
    

    Backport of #9073 Fixes #8898

    Lilibeth De La Cruz

  • Fix counter cache columns not updated when replacing has_many :through associations. Backport #8400. Fix #7630.

    Matthew Robertson

  • Don't update column_defaults when calling destructive methods on column with default value. Backport c517602. Fix #6115.

    Piotr Sarnacki + Aleksey Magusev + Alan Daud

  • When #count is used in conjunction with #uniq we perform count(:distinct => true). Fix #6865.

    Example:

    relation.uniq.count # => SELECT COUNT(DISTINCT *)

    Yves Senn + Kaspar Schiess

  • Fix ActiveRecord::Relation#pluck when columns or tables are reserved words. Backport #7536. Fix #8968.

    Ian Lesperance + Yves Senn + Kaspar Schiess

  • Don't run explain on slow queries for database adapters that don't support it. Backport #6197.

    Blake Smith

  • Revert round usec when comparing timestamp attributes in the dirty tracking. Fixes #8460.

    Andrew White

  • Revert creation of through association models when using collection=[] on a has_many :through association from an unsaved model. Fix #7661, #8269.

    Ernie Miller

  • Fix undefined method to_i when calling new on a scope that uses an Array; Fix FloatDomainError when setting integer column to NaN. Fixes #8718, #8734, #8757.

    Jason Stirk + Tristan Harward

  • Serialized attributes can be serialized in integer columns. Fix #8575.

    Rafael Mendonça França

  • Keep index names when using alter_table with sqlite3. Fix #3489. Backport #8522.

    Yves Senn

  • Recognize migrations placed in directories containing numbers and 'rb'. Fix #8492. Backport of #8500.

    Yves Senn

  • Add ActiveRecord::Base.cache_timestamp_format class attribute to control the format of the timestamp value in the cache key. This allows users to improve the precision of the cache key. Fixes #8195.

    Rafael Mendonça França

  • Add :nsec date format. This can be used to improve the precision of cache key. Please note that this format only works with Ruby 1.9, Ruby 1.8 will ignore it completely.

    Jamie Gaskins

  • Unscope update_column(s) query to ignore default scope.

    When applying default_scope to a class with a where clause, using update_column(s) could generate a query that would not properly update the record due to the where clause from the default_scope being applied to the update query.

    class User < ActiveRecord::Base
      default_scope where(active: true)
    end
    
    user = User.first
    user.active = false
    user.save!
    
    user.update_column(:active, true) # => false
    

    In this situation we want to skip the default_scope clause and just update the record based on the primary key. With this change:

    user.update_column(:active, true) # => true
    

    Backport of #8436 fix.

    Carlos Antonio da Silva

  • Fix performance problem with primarykey method in PostgreSQL adapter when having many schemas. Uses pgconstraint table instead of pg_depend table which has many records in general. Fix #8414

    kennyj

  • Do not instantiate intermediate Active Record objects when eager loading. These records caused after_find to run more than expected. Fix #3313 Backport of #8403

    Yves Senn

  • Fix pluck to work with joins. Backport of #4942.

    Carlos Antonio da Silva

  • Fix a problem with translate_exception method in a non English environment. Backport of #6397.

    kennyj

  • Fix dirty attribute checks for TimeZoneConversion with nil and blank datetime attributes. Setting a nil datetime to a blank string should not result in a change being flagged. Fixes #8310. Backport of #8311.

    Alisdair McDiarmid

  • Prevent mass assignment to the type column of polymorphic associations when using build. Fixes #8265. Backport of #8291.

    Yves Senn

  • When running migrations on Postgresql, the :limit option for binary and text columns is silently dropped. Previously, these migrations caused sql exceptions, because Postgresql doesn't support limits on these types.

    Victor Costan

  • #pluck can be used on a relation with select clause. Fixes #7551. Backport of #8176.

    Example:

    Topic.select([:approved, :id]).order(:id).pluck(:id)
    

    Yves Senn

  • Use nil? instead of blank? to check whether dynamic finder with a bang should raise RecordNotFound. Fixes #7238.

    Nikita Afanasenko

  • Fix deleting from a HABTM join table upon destroying an object of a model with optimistic locking enabled. Fixes #5332.

    Nick Rogers

  • Use query cache/uncache when using ENV["DATABASE_URL"]. Fixes #6951. Backport of #8074.

    kennyj

  • Do not create useless database transaction when building has_one association.

    Example:

    User.has_one :profile
    User.new.build_profile
    

    Backport of #8154.

    Bogdan Gusiev

  • AR::Base#attributes_before_type_cast now returns unserialized values for serialized attributes.

    Nikita Afanasenko

  • Fix issue that raises NameError when overriding the accepts_nested_attributes in child classes.

    Before:

    class Shared::Person < ActiveRecord::Base
      has_one :address
    
      accepts_nested_attributes :address, :reject_if => :all_blank
    end
    
    class Person < Shared::Person
      accepts_nested_attributes :address
    end
    
    Person
    #=> NameError: method `address_attributes=' not defined in Person
    

    After:

    Person
    #=> Person(id: integer, ...)
    

    Fixes #8131.

    Gabriel Sobrinho, Ricardo Henrique

Active Resource

No changes.

Active Support

  • Fix DateTime comparison with DateTime::Infinity object.

    Dan Kubb

  • Remove surrogate unicode character encoding from ActiveSupport::JSON.encode The encoding scheme was broken for unicode characters outside the basic multilingual plane; since json is assumed to be UTF-8, and we already force the encoding to UTF-8 simply pass through the un-encoded characters.

    Brett Carter

  • Fix mocha v0.13.0 compatibility. James Mead

  • #as_json isolates options when encoding a hash. [Backport #8185] Fix #8182

    Yves Senn

  • Handle the possible Permission Denied errors atomic.rb might trigger due to its chown and chmod calls. [Backport #8027]

    Daniele Sluijters

Railties

No changes.

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes:

  • 6a33c2d10abb5512499addb675df658e179f2e79 actionmailer-3.2.13.rc1.gem
  • 11d8303470698c5b0ac68f187a15093c07383c89 actionpack-3.2.13.rc1.gem
  • a72dafd8b1e3372cc4dda9015b93bf5509b25baa activemodel-3.2.13.rc1.gem
  • 3c6463ab11658b5ab0fe6a4ad06eb52968ef4492 activerecord-3.2.13.rc1.gem
  • 06cec200b95dc1f64614cd03432e9ab06742a865 activeresource-3.2.13.rc1.gem
  • 5ff59cacae5295baf30a6fb8fb656037f22af3c2 activesupport-3.2.13.rc1.gem
  • facf4549445922d9dc2a836283ae928fa52df4f8 rails-3.2.13.rc1.gem
  • 55e44f621efbf531d9ccade6d27259f7dabae167 railties-3.2.13.rc1.gem

<3<3<3

Rails 4.0: Beta 1 released!

Hot on the heels of the first production version of Ruby 2.0 comes the first beta version of Rails 4.0. The two form a great pair and are already running in production on a number of applications, including Basecamp Breeze. In fact, Ruby 2.0 is the preferred Ruby to use with Rails 4.0.

The purpose of this beta is to get as many people as possible to try to upgrade from Rails 3.2 and earlier and to get an adventurous few to start new applications directly on Rails 4.0. That's the only way we're going to suss out all the issues and ensure that we can launch a solid final release. So please help us with that if you can!

Rails 4.0 is packed with new goodies and farewells to old goodies past their expiration date.

A big focus has been on making it dead simple to build modern web applications that are screaming fast without needing to go the client-side JS/JSON server route. Much of this work was pioneered for Rails in the new version of Basecamp and focuses on three aspects:

  1. Make it super easy to do Russian Doll-caching through key-based expiration with automatic dependency management of nested templates (explored first in the cache_digests plugin).
  2. Speed-up the client-side with Turbolinks, which essentially turns your app into a single-page javascript application in terms of speed, but with none of the developmental drawbacks (except, maybe, compatibility issues with some existing JavaScript packages).
  3. Declarative etags makes it even easier to ensure you're taking advantage of HTTP freshness.

Rails is of course still a great JSON server for people who want to build client-side JS views, but with the progress we've made for Rails 4.0, you certainly won't need to go down that route just to have a super fast application.

We've also added live streaming for persistent connections and Rails 4.0 is now safe for threaded servers out of the box (no more need for config.threadsafe!).

Active Record has received a ton of love as well to make everything related to scoping and the query structure more consistent.

Given all the fun we've had with security issues, we have some great updates there as well:

  • Session store is now encrypted by default (formerly just signed).
  • Strong Parameters take over from attrprotected (now a <a href="https://github.com/rails/protectedattributes">plugin) to guard against foreign parameters.
  • Security headers like X-Frame-Options, X-XSS-Protection, X-Content-Type-Options are on by default with solid values.
  • XML Parameter parsing has been sent to a plugin.

On top of these new features and fixes, we have hundreds more of all sorts. Everything has been combed over, streamlined, simplified, and we've extracted out lots of old APIs and things that just don't fit "most people most of the time".

Active Resource, Active Record Observers, and Action Pack page and action caching are all examples of things that are no longer in core, but lives on in plugins.

We encourage you to peruse the CHANGELOGs for all the Rails frameworks and delight over the hundreds of improvements we've made to Rails 4.0: Action Pack, Active Model, Active Record, Active Support, Rails.

Now let's all work together to ensure the release is final and enjoy the bad-ass combination of Ruby on Rails 24! (Or 42?). Please report all the issues you find on the Rails issue tracker. We're still working on the upgrade guide from 3.2 to 4.0, but that's a good place to start for help on how to do it. As always, install betas with gem install rails --version 4.0.0.beta1 --no-ri --no-rdoc (--pre and ri generation is busted on RubyGems 2.0 at the moment) or depend on the v4.0.0.beta1 tag.

Maintenance policy for Ruby on Rails

Since the most recent patch releases there has been some confusion about what versions of Ruby on Rails are currently supported, and when people can expect new versions. Our maintenance policy is as follows.

Support of the Rails framework is divided into four groups: New features, bug fixes, security issues, and severe security issues. They are handled as follows, all versions in x.y.z format:

New Features

New Features are only added to the master branch and will not be made available in point releases.

Bug fixes

Only the latest release series will receive bug fixes. When enough bugs are fixed and its deemed worthy to release a new gem, this is the branch it happens from.

Currently included series: 3.2.z

After the Rails 4 release: 4.0.z

Security issues:

The current release series and the next most recent one will receive patches and new versions in case of a security issue.

These releases are created by taking the last released version, applying the security patches, and releasing. Those patches are then applied to the end of the x-y-stable branch. For example, a theoretical 1.2.3 security release would be built from 1.2.2, and then added to the end of 1-2-stable. This means that security releases are easy to upgrade to if you're running the latest version of Rails.

Currently included series: 3.2.z, 3.1.z

After the Rails 4 release: 4.0.z, 3.2.z

Severe security issues:

For severe security issues we will provide new versions as above, and also the last major release series will receive patches and new versions. The classification of the security issue is judged by the core team.

Currently included series: 3.2.z, 3.1.z, 2.3.z

After the Rails 4 release: 4.0.z, 3.2.z

Unsupported Release Series

When a release series is no longer supported, it's your own responsibility to deal with bugs and security issues. We may provide back-ports of the fixes and publish them to git, however there will be no new versions released. If you are not comfortable maintaining your own versions, you should upgrade to a supported version.

You should also be aware that Ruby 1.8 will reach End of Life in June 2013, no further Ruby security releases will be provided after that point. If your application is only compatible Ruby 1.8 you should upgrade accordingly.

[SEC][ANN] Rails 3.2.12, 3.1.11, and 2.3.17 have been released!

Hi everybody.

I'd like to announce that Rails 3.2.12, 3.1.11, and 2.3.17 have been released.

3.2.12 and 3.1.11 contain one security fix, and 2.3.17 contains two security fixes. It is recommended that you update immediately.

You can read about the security fixes by following these links:

Please note that today a new JSON gem was released, and it also contains an important security fix. You should update the JSON gem as soon as possible. You can read about the security issue in the JSON gem here:

In order to ease upgrading, the only major changes in each gem is the security fix. To see the detailed changes for each version, follow the links below:

Thanks to the people who responsibly reported these security issues.

Please note that per our maintenance policy there will be no 3.0.x version released.

Here are the SHA-1 checksums for each gem:

Rails 3.2.12

[aaron@higgins dist]$ shasum *3.2.*
5627c6d044cc52876128459d960f8805006b5f97  actionmailer-3.2.12.gem
336f76c045b6bcbd204831897131182cff82ddf8  actionpack-3.2.12.gem
89bec5d68861ad5d79ca776ef5d6df7c1cfc2b11  activemodel-3.2.12.gem
7d4327c54900f45c60947a63350e865843e193ef  activerecord-3.2.12.gem
4b8ed4190f98a85b800ee7893bae5afd1bee0874  activeresource-3.2.12.gem
c9e44eed288140f556e6543b93fc45f8dd57a415  activesupport-3.2.12.gem
24b3b4633d7f131e61e50decc3aa11590941c6e2  rails-3.2.12.gem
a84262f1968e83141d290c034b20a28d38886d10  railties-3.2.12.gem

Rails 3.1.11

[aaron@higgins dist]$ shasum *3.1.*
d80816e69614c1f0d96cb7d0f4a38bfdc8d84ff5  actionmailer-3.1.11.gem
f65cea0682b6051869d4125f7b441a7c6f59fcbe  actionpack-3.1.11.gem
549ec2b67d4332b38cef1620b23e00e50e0774e6  activemodel-3.1.11.gem
3d342764b7ba3bae05190f15bcb35d401cd8121e  activerecord-3.1.11.gem
19bd70bad6c4e4a555127a7738e71ac4829e6f61  activeresource-3.1.11.gem
7267b2f87bea5bd285f5d1bfe49bb2ba19df7c94  activesupport-3.1.11.gem
ca57e1243451385689343dbe2bb42e23058284df  rails-3.1.11.gem
48cc801bdb7c31c4b6939235a60ef3e5008f5dbb  railties-3.1.11.gem

Rails 2.3.17

[aaron@higgins dist]$ shasum *2.3.*
5df1fe13db46ac10dec8bb607ef515881dcf09c5  actionmailer-2.3.17.gem
d1165517a185ae73ca8a4ac89549e695a23fedfa  actionpack-2.3.17.gem
b24ff71e46b798d7c38504531cb7622955d9a20c  activerecord-2.3.17.gem
9cc2a7bd60a959dcba099425954a1b9c53235ce5  activeresource-2.3.17.gem
4ccc935fdc4d7ede78a1c376453ecb502e48b7ed  activesupport-2.3.17.gem
9613a97cb726f00de59ad6d0f901f7434f9c4733  rails-2.3.17.gem

<3<3<3

[SEC][ANN] Rails 3.0.20, and 2.3.16 have been released!

Hi everybody.

I'd like to announce that 3.0.20, and 2.3.16 have been released. These releases contain one extremely critical security fix so please update IMMEDIATELY.

You can read about the security fix by following this link:

In order to ease upgrading, the only major changes in each gem is the security fix. To see the detailed changes for each version, follow the links below:

Thanks to the people who responsibly reported these security issues.

Please note that per our maintenance policy this will be the last release for the 3.0.x series.

Here are the SHA-1 checksums for each gem:

3.0.20

[aaron@higgins dist]$ shasum *3.0.20*
c5b1a446d921dbd512a2d418c50f144b4540a657  actionmailer-3.0.20.gem
79ec243f6ec301b0a73ad45f89d4ea2335f90346  actionpack-3.0.20.gem
80c7d881ed64ed7a66f4d82b12c2b98b43f6fbde  activemodel-3.0.20.gem
d8fc6e02bf46f9b5f86c3a954932d67da211302b  activerecord-3.0.20.gem
e465e7d582c6d72c487d132e5fac3c3af4626353  activeresource-3.0.20.gem
5bc7b2f1ad70a2781c4a41a2f4eaa75b999750e4  activesupport-3.0.20.gem
ba9fb9dba41ce047feef11b4179cd9c3f81b2857  rails-3.0.20.gem
42b0025e4cb483d491a809b9d9deb6fd182c2a57  railties-3.0.20.gem

2.3.16

[aaron@higgins dist]$ shasum *2.3.16*
ab1a47a08d42352d9e8c276d28e6ed6990c23556  actionmailer-2.3.16.gem
f81ac75eb9edbb363a6d7bbe175a208e97ea3d4f  actionpack-2.3.16.gem
4ce36062f1f0b326b16e42b9fde5f1ab0610bffc  activerecord-2.3.16.gem
3698787f9ab8432f0c10268e22fbfcf682fa79cc  activeresource-2.3.16.gem
90490f62db73c4be9ed69d96592afa0b98e79738  activesupport-2.3.16.gem
239253159f9793e2372c83dcf9d0bd7bff343f7d  rails-2.3.16.gem

<3<3<3

[SEC][ANN] Rails 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released!

Hi everybody.

I'd like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two extremely critical security fixes so please update IMMEDIATELY.

You can read about the security fixes by following these links:

In order to ease upgrading, the only major changes in each gem are the security fixes. To see the detailed changes for each version, follow the links below:

Thanks to the people who responsibly reported these security issues.

Here are the SHA-1 checksums for each gem:

3.2.11

[aaron@higgins dist]$ shasum *3.2.11*
933cd2821b30cdff4a2e0b5cc63f4d2c6b29affe  actionmailer-3.2.11.gem
54731c51b55bf0215392971b982139775c0bfa2b  actionpack-3.2.11.gem
5ccde66568d8051405c01063f1afaed13bd01082  activemodel-3.2.11.gem
f360c17968486479b0a4207e7eccbe379186a9d2  activerecord-3.2.11.gem
c61ff513be8a8aef898d2e5c4c9508d60727c556  activeresource-3.2.11.gem
41a4e8c382594283026d977554c1e18233198ca8  activesupport-3.2.11.gem
8fa6d19a0daea910e39a0911b2240c2a7b630fb1  rails-3.2.11.gem
ffaec7c3e5211283108cf5afab8e79be76090a0d  railties-3.2.11.gem

3.1.10

[aaron@higgins dist]$ shasum *3.1.10*
e3dce983ebd0ee8970c5ddab46b05ac432c8b029  actionmailer-3.1.10.gem
84e536e732255e5dfd3d8053c10ed98dcb45ac80  actionpack-3.1.10.gem
db1a3ac836d988dc1fc7c64d29ded7a277047419  activemodel-3.1.10.gem
ea3ad8514265516033009d97efc1fe7b3d2b09ed  activerecord-3.1.10.gem
0843646278b42d9ca796e157295851fd9938fe96  activeresource-3.1.10.gem
b55ef7f66de0bb79fcfa480e8df3696bffbff7f8  activesupport-3.1.10.gem
4ed7d159191faa1a469cd9efdf9e6a4cdc907195  rails-3.1.10.gem
f288986df0fabd2035569199ea3d5f1f46a56db7  railties-3.1.10.gem

3.0.19

[aaron@higgins dist]$ shasum *3.0.19*
f8376f907b2230ac75882e1a3cfa8d5cdd6df800  actionmailer-3.0.19.gem
68b319d86530a5d4291e13d6ab5f357a1e52c05b  actionpack-3.0.19.gem
f0fb577ea7446ff229752bc799ca86dd53aa9cda  activemodel-3.0.19.gem
c12324d78b22697d426148010901f79b366c0502  activerecord-3.0.19.gem
8dbc7c8c80f5baeec823966aa225b23f4c2a799c  activeresource-3.0.19.gem
b525b778f82f844a56ff993211825b9811bf82bd  activesupport-3.0.19.gem
c2beb0711d28a07cb2747c83962c7d453951e2d6  rails-3.0.19.gem
de286ada16b3fc76129767dc612926e0b4f71dda  railties-3.0.19.gem

2.3.15

[aaron@higgins dist]$ shasum *2.3.15*
5ce45c70851dd534a72814620a6e57b42d360b88  actionmailer-2.3.15.gem
fa174c40f17fa5db952ba3a7c95a4ab0b5467594  actionpack-2.3.15.gem
e7391c92c82f974be7e65765819824e87bdb3cfd  activerecord-2.3.15.gem
4644b7a27993f7860d9e176f51dfa52d8f029ec9  activeresource-2.3.15.gem
64843e3676c20a49060605546dfcdddaef2ea1a8  activesupport-2.3.15.gem
c8c0c49c63ca0f9acc3e0967b38d92b1c0b115af  rails-2.3.15.gem

<3<3<3

[ANN] Rails 3.2.10, 3.1.9, and 3.0.18 have been released!

Rails versions 3.2.10, 3.1.9, and 3.0.18 have been released. These releases contain an important security fix. It is recommended that all users upgrade immediately.

The security identifier is CVE-2012-5664, and you can read about the issue here.

For other change in each particular release, please see the CHANGELOG corresponding to that version. For all commits in each release, please follow the links below:

We're sorry to drop a release like this so close to the holidays but regrettably the exploit has already been publicly disclosed and we don't feel we can delay the release.

To that end, we've minimized the number of changes in each release so that upgrading should be as smooth as possible.

Happy Holidays!

<3<3<3

Rails 3.2.8.rc1 has been released!

Hi everyone,

Rails 3.2.8.rc1 has been released. If no regressions are found we will release 3.2.8 final on Friday.

IMPORTANT

We are removing all the deprecation warnings that we introduced in 3.2.x. We have decided to stop introducing API deprecations in all point releases going forward. From now on, it'll only happen in majors/minors.

CHANGES since 3.2.7

Action Mailer

  • No changes

Action Pack

  • Reverted the deprecation of :confirm. Rafael Mendonça França

  • Reverted the deprecation of :disable_with. Rafael Mendonça França

  • Reverted the deprecation of :mouseover option to image_tag. Rafael Mendonça França

  • Reverted the deprecation of button_to_function and link_to_function helpers. Rafael Mendonça França

Active Model

  • No changes

Active Record

  • Removes the deprecation of update_attribute. fxn

  • Reverted the deprecation of composed_of. Rafael Mendonça França

  • Reverted the deprecation of *_sql association options. They will be deprecated in 4.0 instead. Jon Leighton

  • Do not eager load AR session store. ActiveRecord::SessionStore depends on the abstract store in Action Pack. Eager loading this class would break client code that eager loads Active Record standalone. Fixes #7160

    Xavier Noria

  • Do not set RAILS_ENV to "development" when using db:test:prepare and related rake tasks. This was causing the truncation of the development database data when using RSpec. Fixes #7175.

    Rafael Mendonça França

Active Resource

  • No changes

Active Support

  • Reverted the deprecation of ActiveSupport::JSON::Variable. Rafael Mendonça França

Railties

  • No changes

SHA-1

  • 2e12c71925f8f7f5f05e3225f80e9359db8b0401 actionmailer-3.2.8.rc1.gem
  • d6947496fb560393d7eeb18fbb77e7ee2dff2a37 actionpack-3.2.8.rc1.gem
  • 4be43d52aa3af70f154101b605ac80c45f0b68ff activemodel-3.2.8.rc1.gem
  • 84bc989af7f1bd2e9320fa39d80ca783e3499e94 activerecord-3.2.8.rc1.gem
  • 0ba8e537711adabd81fec69f4762a32c5ceb381c activeresource-3.2.8.rc1.gem
  • 74c2445d8d2541e04e10a969d2ce14419ee3bb9d activesupport-3.2.8.rc1.gem
  • 470bc8d4402b44e9f5f82f0610d31e6e6945b897 rails-3.2.8.rc1.gem
  • b615346580471aa6dcf338826824f78d0aec8512 railties-3.2.8.rc1.gem

You can find an exhaustive list of changes on github.

Thanks to everyone!

Rails 3.2.0: Faster dev mode & routing, explain queries, tagged logger, store

So we didn’t quite make the December release date as we intended, but hey, why break a good tradition and start hitting release targets now! In any case, your patience has been worldly rewarded young grasshopper: Rails 3.2 is done, baked, tested, and ready to roll!

I’ve been running on 3-2-stable for a few months working on Basecamp Next and it’s been a real treat. The new faster dev mode in particular is a major step up over 3.1.

Do remember that this is the last intended release series that’s going to support Ruby 1.8.7. The master git branch for Rails is now targeting Rails 4.0, which will require Ruby 1.9.3 and above. So now is a great time to start the work on getting your app ready for the current version of Ruby. Let’s not hang around old versions forever and a Sunday like those Python guys :).

There’s a v3.2.0 tag on Github and we of course we still have the 3-2-stable branch as well. You can see all the glorious details of everything that was changed in our CHANGELOG compilation.

For documentation, we have the 3.2 release notes with upgrade instructions, both the API docs and the guides have been generated for 3.2 as well, and there’s a brand new 3.2-compatible version of Agile Web Development with Rails. A smörgåsbord indeed!

Note: If you’re having trouble installing the gems under Ruby 1.8.7, you’ve probably hit a RubyGems bug with YAML that’s been fixed in RubyGems 1.8.15. You can upgrade RubyGems using “gem update —system”.

If you can’t be bothered with the full release notes, here’s a reprint of a few feature highlights from when we did the first release candidate:

Faster dev mode & routing

The most noticeable new feature is that development mode got a ton and a half faster. Inspired by Active Reload, we now only reload classes from files you’ve actually changed. The difference is dramatic on a larger application.

Route recognition also got a bunch faster thanks to the new Journey engine and we made linking much faster as well (especially apparent when you’re having 100+ links on a single page).

Explain queries

We’ve added a quick and easy way to explain quieries generated by ARel. In the console, you can run something like puts Person.active.limit(5).explain and you’ll get the query ARel produces explained (so you can easily see whether its using the right indexes). There’s even a default threshold in development mode where if a query takes more than half a second to run, it’s automatically explained inline — how about that!

Tagged logger

When you’re running a multi-user, multi-account application, it’s a great help to be able to filter the log by who did what. Enter the TaggedLogging wrapper. It works like this:

Logger = ActiveSupport::TaggedLogging.new(Logger.new(STDOUT))
Logger.tagged("BCX") { Logger.info "Stuff" } # Logs "[BCX] Stuff"
Logger.tagged("BCX") do
  Logger.tagged("Jason") do
    Logger.info "Stuff" # Logs "\[BCX\] \[Jason\] Stuff"
  end
end

Active Record Store

Key/value stores are great, but it’s not always you want to go the whole honking way just for a little variable-key action. Enter the Active Record Store:

class User < ActiveRecord::Base
  store :settings, accessors: [ :color, :homepage ]
end
 
u = User.new(color: 'black', homepage: '37signals.com')
u.color                          # Accessor stored attribute
u.settings[:country] = 'Denmark' # Any attribute, even if not specified with an accessor

Rails 3.2.0.rc2 has been released!

Hi everyone,

Rails 3.2.0.rc2 has been released!

What to update in your apps

  • Update your Gemfile to depend on rails ~> 3.2.0.rc2
  • Update your Gemfile to depend on sass-rails ~> 3.2.3
  • Start moving any remaining Rails 2.3-style vendor/plugins/*. These are finally deprecated!

Extract your vendor/plugins to their own gems and bundle them in your Gemfile. If they're tiny, not worthy of the own gem, fold it into your app as lib/myplugin/* and config/initializers/myplugin.rb.

Changes since RC1

Action Mailer

  • No changes

Action Pack

  • Add font_path helper method Santiago Pastorino

  • Depends on rack ~> 1.4.0 Santiago Pastorino

  • Add :gzip option to caches_page. The default option can be configured globally using page_cache_compression Andrey Sitnik

Active Model

  • No changes

Active Record

  • No changes

Active Resource

  • No changes

Active Support

  • ActiveSupport::Base64 is deprecated in favor of ::Base64. Sergey Nartimov

Railties

  • Rails 2.3-style plugins in vendor/plugins are deprecated and will be removed in Rails 4.0. Move them out of vendor/plugins and bundle them in your Gemfile, or fold them in to your app as lib/myplugin/* and config/initializers/myplugin.rb. Santiago Pastorino

  • Guides are available as a single .mobi for the Kindle and free Kindle readers apps. Michael Pearson & Xavier Noria

  • Allow scaffold/model/migration generators to accept a "index" and "uniq" modifiers, as in: "tracking_id:integer:uniq" in order to generate (unique) indexes. Some types also accept custom options, for instance, you can specify the precision and scale for decimals as "price:decimal{7,2}". Dmitrii Samoilov

Gem checksums

  • MD5 (actionmailer-3.2.0.rc2.gem) = 118c83b2cddaa935d1de7534cfb6c810
  • MD5 (actionpack-3.2.0.rc2.gem) = 6b18851bc26d5c8958672f27adda05ca
  • MD5 (activemodel-3.2.0.rc2.gem) = d82f4eed949dcff17f8bf2aed806679a
  • MD5 (activerecord-3.2.0.rc2.gem) = d07806fd5fc464f960200d20ceb2193a
  • MD5 (activeresource-3.2.0.rc2.gem) = f51af240ff4623b0b6f8a4293ffa50dc
  • MD5 (activesupport-3.2.0.rc2.gem) = 01380240c12e0380c9e61c97dd45f2f1
  • MD5 (rails-3.2.0.rc2.gem) = 134f923f7d821f514abf6bdf4af62ca7
  • MD5 (railties-3.2.0.rc2.gem) = 4b3ac0f9c5da16b90a1875e8199253d2

You can find an exhaustive list of changes on github. Along with the closed issues marked for v3.2.0.

You can also see issues we haven't closed yet.

Thanks to everyone!

Rails 3.2 RC1: Faster dev mode & routing, explain queries, tagged logger, store

Once you’ve boarded the Rails train, you just know that every stop along the way is going to be a good time. This release candidate is no different and we’ve packed it with loving goodies without making upgrading a hassle.

Faster dev mode & routing

The most noticeable new feature is that development mode got a ton and a half faster. Inspired by Active Reload, we now only reload classes from files you’ve actually changed. The difference is dramatic on a larger application.

Route recognition also got a bunch faster thanks to the new Journey engine and we made linking much faster as well (especially apparent when you’re having 100+ links on a single page).

Explain queries

We’ve added a quick and easy way to explain quieries generated by ARel. In the console, you can run something like puts Person.active.limit(5).explain and you’ll get the query ARel produces explained (so you can easily see whether its using the right indexes). There’s even a default threshold in development mode where if a query takes more than half a second to run, it’s automatically explained inline — how about that!

Tagged logger

When you’re running a multi-user, multi-account application, it’s a great help to be able to filter the log by who did what. Enter the TaggedLogging wrapper. It works like this:

Logger = ActiveSupport::TaggedLogging.new(Logger.new(STDOUT)) Logger.tagged(“BCX”) { Logger.info “Stuff” } # Logs “[BCX] Stuff” Logger.tagged(“BCX”) do Logger.tagged(“Jason”) do Logger.info “Stuff” # Logs “\[BCX\] \[Jason\] Stuff” end end

Active Record Store

Key/value stores are great, but it’s not always you want to go the whole honking way just for a little variable-key action. Enter the Active Record Store:

class User < ActiveRecord::Base store :settings, accessors: [ :color, :homepage ] end u = User.new(color: ‘black’, homepage: ‘37signals.com’) u.color # Accessor stored attribute u.settings[:country] = ‘Denmark’ # Any attribute, even if not specified with an accessor

These are just a few of the highlights. The full release notes detail every loving change.

Given that this is a release candidate, we’re ever so eager to hear your feedback. We hope it’ll be a quick RC phase, but please do spoil that plan by reporting bugs.

As always, you install a release candidate by doing gem install rails --pre.

Git tag for 3.1.2 release

Unfortunately I accidentally pushed an incorrect v3.1.2 tag yesterday. I immediately recognised that it was wrong, so quickly deleted it and pushed the correct tag. I thought that this would not be a problem for anyone who was not pulling the rails repository at that exact moment.

It turns out I was wrong. If you have a rails repository clone that existed before the 3.1.2 release, in order to get the v3.1.2 tag into your repository, you will need to do:

git fetch origin tag v3.1.2

I am very sorry for the inconvenience.

Rails 3.1.1 has been released!

Hi everyone,

Rails 3.1.1 has been released. This release requires at least sass-rails 3.1.4

CHANGES

Action Mailer

  • No changes

Action Pack

  • stylesheetlinktag('/stylesheets/application') and similar helpers doesn't throw Sprockets::FileOutsidePaths exception anymore [Santiago Pastorino]

  • Ensure defaultassethost_protocol is respected, closes #2980. [José Valim]

Changing rake db:schema:dump to run :environment as well as :loadconfig, as running :loadconfig alone will lead to the dumper being run without including extensions such as those included in foreigner and spatial_adapter.

This reverses a change made here: https://github.com/rails/rails/commit/5df72a238e9fcb18daf6ab6e6dc9051c9106d7bb#L0L324

I'm assuming here that :load_config needs to be invoked separately from :environment, as it is elsewhere in the file for db operations, if not the alternative is to go back to "task :dump => :environment do".

[Ben Woosley]

  • Update to rack-cache 1.1.

Versions prior to 1.1 delete the If-Modified-Since and If-Not-Modified headers when config.actioncontroller.performcaching is true. This has two problems: * unexpected inconsistent behaviour between development & production environments * breaks applications that use of these headers

[Brendan Ribera]

  • Ensure that enhancements to assets:precompile task are only run once [Sam Pohlenz]

  • TestCase should respect the view_assigns API instead of pulling variables on its own. [José Valim]

  • javascriptpath and stylesheetpath now refer to /assets if asset pipelining is on. [Santiago Pastorino]

  • button_to support form option. Now you're able to pass for example 'data-type' => 'json'. [ihower]

  • imagepath and imagetag should use /assets if asset pipelining is turned on. Closes #3126 [Santiago Pastorino and christos]

  • Avoid use of existing precompiled assets during rake assets:precompile run. Closes #3119 [Guillermo Iguaran]

  • Copy assets to nondigested filenames too [Santiago Pastorino]

  • Give precedence to config.digest = false over the existence of manifest.yml asset digests [christos]

  • escape options for the stylesheetlinktag method [Alexey Vakhov]

  • Re-launch assets:precompile task using (Rake.)ruby instead of Kernel.exec so it works on Windows [cablegram]

  • env var passed to process shouldn't be modified in process method. [Santiago Pastorino]

  • rake assets:precompile loads the application but does not initialize it.

To the app developer, this means configuration add in config/initializers/* will not be executed.

Plugins developers need to special case their initializers that are meant to be run in the assets group by adding :group => :assets. [José Valim]

  • Sprockets uses config.assets.prefix for asset_path [asee]

  • FileStore keyfilepath properly limit filenames to 255 characters. [phuibonhoa]

  • Fix Hash#toquery edge case with htmlsafe strings. [brainopia]

  • Allow asset tag helper methods to accept :digest => false option in order to completely avoid the digest generation. Useful for linking assets from static html files or from emails when the user could probably look at an older html email with an older asset. [Santiago Pastorino]

  • Don't mount Sprockets server at config.assets.prefix if config.assets.compile is false. [Mark J. Titorenko]

  • Set relative url root in assets when controller isn't available for Sprockets (eg. Sass files using asset_path). Fixes #2435 [Guillermo Iguaran]

  • Fix basic auth credential generation to not make newlines. GH #2882

  • Fixed the behavior of asset pipeline when config.assets.digest and config.assets.compile are false and requested asset isn't precompiled. Before the requested asset were compiled anyway ignoring that the config.assets.compile flag is false. [Guillermo Iguaran]

  • CookieJar is now Enumerable. Fixes #2795

  • Fixed AssetNotPrecompiled error raised when rake assets:precompile is compiling certain .erb files. See GH #2763 #2765 #2805 [Guillermo Iguaran]

  • Manifest is correctly placed in assets path when default assets prefix is changed. Fixes #2776 [Guillermo Iguaran]

  • Fixed stylesheetlinktag and javascriptincludetag to respect additional options passed by the users when debug is on. [Guillermo Iguaran]

  • Fix ActiveRecord#exists? when passsed a nil value

  • Fix assertselectemail to work on multipart and non-multipart emails as the method stopped working correctly in Rails 3.x due to changes in the new mail gem.

Active Model

  • Remove hard dependency on bcrypt-ruby to avoid make ActiveModel dependent on a binary library. You must add the gem explicitly to your Gemfile if you want use ActiveModel::SecurePassword:

gem 'bcrypt-ruby', '~> 3.0.0'

See GH #2687. [Guillermo Iguaran]

Active Record

  • Add deprecation for the preload_associations method. Fixes #3022.

[Jon Leighton]

  • Don't require a DB connection when loading a model that uses setprimarykey. GH #2807.

[Jon Leighton]

  • Fix using select() with a habtm association, e.g. Person.friends.select(:name). GH #3030 and #2923.

[Hendy Tanata]

  • Fix belongs_to polymorphic with custom primary key on target. GH #3104.

[Jon Leighton]

  • CollectionProxy#replace should change the DB records rather than just mutating the array. Fixes #3020.

[Jon Leighton]

  • LRU cache in mysql and sqlite are now per-process caches.

    • lib/activerecord/connectionadapters/mysql_adapter.rb: LRU cache keys are per process id.
    • lib/activerecord/connectionadapters/sqlite_adapter.rb: ditto
  • Database adapters use a statement pool for limiting the number of open prepared statments on the database. The limit defaults to 1000, but can be adjusted in your database config by changing 'statement_limit'.

  • Fix clash between using 'preload', 'joins' or 'eager_load' in a default scope and including the default scoped model in a nested through association. (GH #2834.) [Jon Leighton]

  • Ensure we are not comparing a string with a symbol in HasManyAssociation#inverseupdatescounter_cache?. Fixes GH #2755, where a counter cache could be decremented twice as far as it was supposed to be.

[Jon Leighton]

  • Don't send any queries to the database when the foreign key of a belongs_to is nil. Fixes GH #2828. [Georg Friedrich]

  • Fixed findinbatches method to not include order from default_scope. See GH #2832 [Arun Agrawal]

  • Don't compute table name for abstract classes. Fixes problem with setting the primary key in an abstract class. See GH #2791. [Akira Matsuda]

  • Psych errors with poor yaml formatting are proxied. Fixes GH #2645 and GH #2731

  • Use the LIMIT word with the methods #last and #first. Fixes GH #2783 [Damien Mathieu]

Active Resource

  • No changes

Active Support

  • ruby193: String#prepend is also unsafe [Akira Matsuda]

  • Fix obviously breakage of Time.=== for Time subclasses [jeremyevans]

  • Added fix so that file store does not raise an exception when cache dir does not exist yet. This can happen if a delete_matched is called before anything is saved in the cache. [Philippe Huibonhoa]

  • Fixed performance issue where TimeZone lookups would require tzinfo each time [Tim Lucas]

  • ActiveSupport::OrderedHash is now marked as extractable when using Array#extract_options! [Prem Sichanugrist]

Railties

  • Add jquery-rails to Gemfile of plugins, test/dummy app needs it. Closes #3091. [Santiago Pastorino]

  • rake assets:precompile loads the application but does not initialize it.

To the app developer, this means configuration add in config/initializers/* will not be executed.

Plugins developers need to special case their initializers that are meant to be run in the assets group by adding :group => :assets.

SHA-1

  • 9337cff7772da034b0b34b73b85cf249f1a70f52 actionmailer-3.1.1.gem
  • 7bb1b8d096a6ff1ff46dcfb778bf86a5daca1b0d actionpack-3.1.1.gem
  • d5dc71e1a9a0e20d819f4dff27ff0697e99a7f64 activemodel-3.1.1.gem
  • 7245632cb3b38612628304c1e244855d0053f7be activerecord-3.1.1.gem
  • 6d09800202c2747e84249b8646f0fd480ed4924f activeresource-3.1.1.gem
  • 66df2fd144aab22f52819fd489e33a976d68a46b activesupport-3.1.1.gem
  • 6a35a49948bbd9f461839a1a271def90b23a851a rails-3.1.1.gem
  • 6979ef891bd03fb639b979af9fdc56781f9358d9 railties-3.1.1.gem

You can find an exhaustive list of changes on github. Along with the closed issues marked for v3.1.1.

Thanks to everyone!

[ANN] Rails 3.1.1.rc3

Hi everyone,

Rails 3.1.1.rc3 has been released. Please give it a try, it's our chance to fix regressions you might find and make a beautiful 3.1.1 stable release. If there are no regressions I will be releasing 3.1.1 final next October 7th. If you find any regression please contact me ASAP by email, twitter or github.

CHANGES

Action Mailer

  • No changes

Action Pack

  • stylesheetlinktag('/stylesheets/application') and similar helpers doesn't throw Sprockets::FileOutsidePaths exception anymore [Santiago Pastorino]

  • Ensure defaultassethost_protocol is respected, closes #2980. [José Valim]

Changing rake db:schema:dump to run :environment as well as :loadconfig, as running :loadconfig alone will lead to the dumper being run without including extensions such as those included in foreigner and spatial_adapter.

This reverses a change made here: https://github.com/rails/rails/commit/5df72a238e9fcb18daf6ab6e6dc9051c9106d7bb#L0L324

I'm assuming here that :load_config needs to be invoked separately from :environment, as it is elsewhere in the file for db operations, if not the alternative is to go back to "task :dump => :environment do".

[Ben Woosley]

  • Update to rack-cache 1.1.

Versions prior to 1.1 delete the If-Modified-Since and If-Not-Modified headers when config.actioncontroller.performcaching is true. This has two problems: * unexpected inconsistent behaviour between development & production environments * breaks applications that use of these headers

[Brendan Ribera]

  • Ensure that enhancements to assets:precompile task are only run once [Sam Pohlenz]

  • TestCase should respect the view_assigns API instead of pulling variables on its own. [José Valim]

  • javascriptpath and stylesheetpath now refer to /assets if asset pipelining is on. [Santiago Pastorino]

  • button_to support form option. Now you're able to pass for example 'data-type' => 'json'. [ihower]

  • imagepath and imagetag should use /assets if asset pipelining is turned on. Closes #3126 [Santiago Pastorino and christos]

  • Avoid use of existing precompiled assets during rake assets:precompile run. Closes #3119 [Guillermo Iguaran]

  • Copy assets to nondigested filenames too [Santiago Pastorino]

  • Give precedence to config.digest = false over the existence of manifest.yml asset digests [christos]

  • escape options for the stylesheetlinktag method [Alexey Vakhov]

  • Re-launch assets:precompile task using (Rake.)ruby instead of Kernel.exec so it works on Windows [cablegram]

  • env var passed to process shouldn't be modified in process method. [Santiago Pastorino]

  • rake assets:precompile loads the application but does not initialize it.

To the app developer, this means configuration add in config/initializers/* will not be executed.

Plugins developers need to special case their initializers that are meant to be run in the assets group by adding :group => :assets. [José Valim]

  • Sprockets uses config.assets.prefix for asset_path [asee]

  • FileStore keyfilepath properly limit filenames to 255 characters. [phuibonhoa]

  • Fix Hash#toquery edge case with htmlsafe strings. [brainopia]

  • Allow asset tag helper methods to accept :digest => false option in order to completely avoid the digest generation. Useful for linking assets from static html files or from emails when the user could probably look at an older html email with an older asset. [Santiago Pastorino]

  • Don't mount Sprockets server at config.assets.prefix if config.assets.compile is false. [Mark J. Titorenko]

  • Set relative url root in assets when controller isn't available for Sprockets (eg. Sass files using asset_path). Fixes #2435 [Guillermo Iguaran]

  • Fix basic auth credential generation to not make newlines. GH #2882

  • Fixed the behavior of asset pipeline when config.assets.digest and config.assets.compile are false and requested asset isn't precompiled. Before the requested asset were compiled anyway ignoring that the config.assets.compile flag is false. [Guillermo Iguaran]

  • CookieJar is now Enumerable. Fixes #2795

  • Fixed AssetNotPrecompiled error raised when rake assets:precompile is compiling certain .erb files. See GH #2763 #2765 #2805 [Guillermo Iguaran]

  • Manifest is correctly placed in assets path when default assets prefix is changed. Fixes #2776 [Guillermo Iguaran]

  • Fixed stylesheetlinktag and javascriptincludetag to respect additional options passed by the users when debug is on. [Guillermo Iguaran]

  • Fix ActiveRecord#exists? when passsed a nil value

  • Fix assertselectemail to work on multipart and non-multipart emails as the method stopped working correctly in Rails 3.x due to changes in the new mail gem.

Active Model

  • Remove hard dependency on bcrypt-ruby to avoid make ActiveModel dependent on a binary library. You must add the gem explicitly to your Gemfile if you want use ActiveModel::SecurePassword:

gem 'bcrypt-ruby', '~> 3.0.0'

See GH #2687. [Guillermo Iguaran]

Active Record

  • Add deprecation for the preload_associations method. Fixes #3022.

[Jon Leighton]

  • Don't require a DB connection when loading a model that uses setprimarykey. GH #2807.

[Jon Leighton]

  • Fix using select() with a habtm association, e.g. Person.friends.select(:name). GH #3030 and #2923.

[Hendy Tanata]

  • Fix belongs_to polymorphic with custom primary key on target. GH #3104.

[Jon Leighton]

  • CollectionProxy#replace should change the DB records rather than just mutating the array. Fixes #3020.

[Jon Leighton]

  • LRU cache in mysql and sqlite are now per-process caches.

    • lib/activerecord/connectionadapters/mysql_adapter.rb: LRU cache keys are per process id.
    • lib/activerecord/connectionadapters/sqlite_adapter.rb: ditto
  • Database adapters use a statement pool for limiting the number of open prepared statments on the database. The limit defaults to 1000, but can be adjusted in your database config by changing 'statement_limit'.

  • Fix clash between using 'preload', 'joins' or 'eager_load' in a default scope and including the default scoped model in a nested through association. (GH #2834.) [Jon Leighton]

  • Ensure we are not comparing a string with a symbol in HasManyAssociation#inverseupdatescounter_cache?. Fixes GH #2755, where a counter cache could be decremented twice as far as it was supposed to be.

[Jon Leighton]

  • Don't send any queries to the database when the foreign key of a belongs_to is nil. Fixes GH #2828. [Georg Friedrich]

  • Fixed findinbatches method to not include order from default_scope. See GH #2832 [Arun Agrawal]

  • Don't compute table name for abstract classes. Fixes problem with setting the primary key in an abstract class. See GH #2791. [Akira Matsuda]

  • Psych errors with poor yaml formatting are proxied. Fixes GH #2645 and GH #2731

  • Use the LIMIT word with the methods #last and #first. Fixes GH #2783 [Damien Mathieu]

Active Resource

  • No changes

ActiveSupport

  • ruby193: String#prepend is also unsafe [Akira Matsuda]

  • Fix obviously breakage of Time.=== for Time subclasses [jeremyevans]

  • Added fix so that file store does not raise an exception when cache dir does not exist yet. This can happen if a delete_matched is called before anything is saved in the cache. [Philippe Huibonhoa]

  • Fixed performance issue where TimeZone lookups would require tzinfo each time [Tim Lucas]

  • ActiveSupport::OrderedHash is now marked as extractable when using Array#extract_options! [Prem Sichanugrist]

Railties

  • Add jquery-rails to Gemfile of plugins, test/dummy app needs it. Closes #3091. [Santiago Pastorino]

  • rake assets:precompile loads the application but does not initialize it.

To the app developer, this means configuration add in config/initializers/* will not be executed.

Plugins developers need to special case their initializers that are meant to be run in the assets group by adding :group => :assets.

You can find an exhaustive list of changes on github. Along with the closed issues marked for v3.1.1. You can also take a look to what's new between v3.1.1.rc2 and v3.1.1.rc3

You can also see issues we haven't closed yet.

Thanks to everyone!

[ANN] Rails 3.1.1.rc2

Hi everyone,

Rails 3.1.1.rc2 has been released. Please give it a try, it's our chance to fix regressions you might find and make a beautiful 3.1.1 stable release. If there are no regressions I will be releasing 3.1.1 final next October 3rd. If you find any regression please contact me ASAP by email, twitter or github.

CHANGES

Action Mailer

  • No changes

Action Pack

  • Allow asset tag helper methods to accept :digest => false option in order to completely avoid the digest generation. Useful for linking assets from static html files or from emails when the user could probably look at an older html email with an older asset. [Santiago Pastorino]

  • Don't mount Sprockets server at config.assets.prefix if config.assets.compile is false. [Mark J. Titorenko]

  • Set relative url root in assets when controller isn't available for Sprockets (eg. Sass files using asset_path). Fixes #2435 [Guillermo Iguaran]

  • Fix basic auth credential generation to not make newlines. GH #2882

  • Fixed the behavior of asset pipeline when config.assets.digest and config.assets.compile are false and requested asset isn't precompiled. Before the requested asset were compiled anyway ignoring that the config.assets.compile flag is false. [Guillermo Iguaran]

  • CookieJar is now Enumerable. Fixes #2795

  • Fixed AssetNotPrecompiled error raised when rake assets:precompile is compiling certain .erb files. See GH #2763 #2765 #2805 [Guillermo Iguaran]

  • Manifest is correctly placed in assets path when default assets prefix is changed. Fixes #2776 [Guillermo Iguaran]

  • Fixed stylesheetlinktag and javascriptincludetag to respect additional options passed by the users when debug is on. [Guillermo Iguaran]

  • Fix ActiveRecord#exists? when passsed a nil value

  • Fix assertselectemail to work on multipart and non-multipart emails as the method stopped working correctly in Rails 3.x due to changes in the new mail gem.

Active Model

  • Remove hard dependency on bcrypt-ruby to avoid make ActiveModel dependent on a binary library. You must add the gem explicitly to your Gemfile if you want use ActiveModel::SecurePassword:

gem 'bcrypt-ruby', '~> 3.0.0'

See GH #2687. [Guillermo Iguaran]

Active Record

  • Add deprecation for the preload_associations method. Fixes #3022.

[Jon Leighton]

  • Don't require a DB connection when loading a model that uses setprimarykey. GH #2807.

[Jon Leighton]

  • Fix using select() with a habtm association, e.g. Person.friends.select(:name). GH #3030 and #2923.

[Hendy Tanata]

  • Fix belongs_to polymorphic with custom primary key on target. GH #3104.

[Jon Leighton]

  • CollectionProxy#replace should change the DB records rather than just mutating the array. Fixes #3020.

[Jon Leighton]

  • LRU cache in mysql and sqlite are now per-process caches.

    • lib/activerecord/connectionadapters/mysql_adapter.rb: LRU cache keys are per process id.
    • lib/activerecord/connectionadapters/sqlite_adapter.rb: ditto
  • Database adapters use a statement pool for limiting the number of open prepared statments on the database. The limit defaults to 1000, but can be adjusted in your database config by changing 'statement_limit'.

  • Fix clash between using 'preload', 'joins' or 'eager_load' in a default scope and including the default scoped model in a nested through association. (GH #2834.) [Jon Leighton]

  • Ensure we are not comparing a string with a symbol in HasManyAssociation#inverseupdatescounter_cache?. Fixes GH #2755, where a counter cache could be decremented twice as far as it was supposed to be.

[Jon Leighton]

  • Don't send any queries to the database when the foreign key of a belongs_to is nil. Fixes GH #2828. [Georg Friedrich]

  • Fixed findinbatches method to not include order from default_scope. See GH #2832 [Arun Agrawal]

  • Don't compute table name for abstract classes. Fixes problem with setting the primary key in an abstract class. See GH #2791. [Akira Matsuda]

  • Psych errors with poor yaml formatting are proxied. Fixes GH #2645 and GH #2731

  • Use the LIMIT word with the methods #last and #first. Fixes GH #2783 [Damien Mathieu]

Active Resource

  • No changes

Active Support

  • Fixed performance issue where TimeZone lookups would require tzinfo each time [Tim Lucas]

  • ActiveSupport::OrderedHash is now marked as extractable when using Array#extract_options! [Prem Sichanugrist]

Railties

  • Add jquery-rails to Gemfile of plugins, test/dummy app needs it. Closes #3091. [Santiago Pastorino]

  • rake assets:precompile loads the application but does not initialize it.

To the app developer, this means configuration add in config/initializers/* will not be executed.

Plugins developers need to special case their initializers that are meant to be run in the assets group by adding :group => :assets.

You can find an exhaustive list of changes on github. Along with the closed issues marked for v3.1.1. You can also take a look to what's new between v3.1.1.rc1 and v3.1.1.rc2

You can also see issues we haven't closed yet.

Thanks to everyone!

[ANN] Rails 3.1.1.rc1

Hi everyone,

Rails 3.1.1.rc1 has been released. Please give it a try, it's our chance to fix regressions you might find and make a beautiful 3.1.1 stable release. If there are no regressions I will be releasing 3.1.1 final next September 16th during GoGaRuCo.

CHANGES

Action Mailer

  • No changes

Action Pack

  • Allow asset tag helper methods to accept :digest => false option in order to completely avoid the digest generation. Useful for linking assets from static html files or from emails when the user could probably look at an older html email with an older asset. [Santiago Pastorino]

  • Don't mount Sprockets server at config.assets.prefix if config.assets.compile is false. [Mark J. Titorenko]

  • Set relative url root in assets when controller isn't available for Sprockets (eg. Sass files using asset_path). Fixes #2435 [Guillermo Iguaran]

  • Fix basic auth credential generation to not make newlines. GH #2882

  • Fixed the behavior of asset pipeline when config.assets.digest and config.assets.compile are false and requested asset isn't precompiled. Before the requested asset were compiled anyway ignoring that the config.assets.compile flag is false. [Guillermo Iguaran]

  • CookieJar is now Enumerable. Fixes #2795

  • Fixed AssetNotPrecompiled error raised when rake assets:precompile is compiling certain .erb files. See GH #2763 #2765 #2805 [Guillermo Iguaran]

  • Manifest is correctly placed in assets path when default assets prefix is changed. Fixes #2776 [Guillermo Iguaran]

  • Fixed stylesheetlinktag and javascriptincludetag to respect additional options passed by the users when debug is on. [Guillermo Iguaran]

  • Fix ActiveRecord#exists? when passsed a nil value

  • Fix assertselectemail to work on multipart and non-multipart emails as the method stopped working correctly in Rails 3.x due to changes in the new mail gem.

Active Model

  • Remove hard dependency on bcrypt-ruby to avoid make ActiveModel dependent on a binary library. You must add the gem explicitly to your Gemfile if you want use ActiveModel::SecurePassword:

gem 'bcrypt-ruby', '~> 3.0.0'

See GH #2687. [Guillermo Iguaran]

Active Record

  • LRU cache in mysql and sqlite are now per-process caches.

    • lib/activerecord/connectionadapters/mysql_adapter.rb: LRU cache keys are per process id.
    • lib/activerecord/connectionadapters/sqlite_adapter.rb: ditto
  • Database adapters use a statement pool for limiting the number of open prepared statments on the database. The limit defaults to 1000, but can be adjusted in your database config by changing 'statement_limit'.

  • Fix clash between using 'preload', 'joins' or 'eager_load' in a default scope and including the default scoped model in a nested through association. (GH #2834.) [Jon Leighton]

  • Ensure we are not comparing a string with a symbol in HasManyAssociation#inverseupdatescounter_cache?. Fixes GH #2755, where a counter cache could be decremented twice as far as it was supposed to be.

[Jon Leighton]

  • Don't send any queries to the database when the foreign key of a belongs_to is nil. Fixes GH #2828. [Georg Friedrich]

  • Fixed findinbatches method to not include order from default_scope. See GH #2832 [Arun Agrawal]

  • Don't compute table name for abstract classes. Fixes problem with setting the primary key in an abstract class. See GH #2791. [Akira Matsuda]

  • Psych errors with poor yaml formatting are proxied. Fixes GH #2645 and GH #2731

  • Use the LIMIT word with the methods #last and #first. Fixes GH #2783 [Damien Mathieu]

Active Resource

  • No changes

Active Support

  • Fixed performance issue where TimeZone lookups would require tzinfo each time [Tim Lucas]

  • ActiveSupport::OrderedHash is now marked as extractable when using Array#extract_options! [Prem Sichanugrist]

Railties

  • No changes

You can find an exhaustive list of changes on github. Along with the closed issues marked for v3.1.1.

You can also see issues we haven't closed yet.

Thanks to everyone!

[ANN] Rails 3.1.0.rc8

Hi everyone,

Rails 3.1.0.rc8 has been released (we've an issue with rc7). This is the final release candidate. Please give it a try, it's our last chance to fix regressions and severe issues. We will be releasing final 3.1.0 next August 30th.

CHANGES

Check the CHANGELOG file of each framework to see what we've changed.

You can find an exhaustive list of changes on github. Along with the closed issues marked for v3.1.0.

You can also see issues we haven't closed.

A comprehensive CHANGELOG will be announced when 3.1.0 final is released.

Thanks!

Rails 3.1: Release candidate

As I promised at RailsConf, we’re finally good to go on the Rails 3.1: Release Candidate. This is a fantastically exciting release. We have three new star features and an even greater number of just awesome improvements. First the stars:

The Asset Pipeline
The star feature of 3.1 is the asset pipeline powered by Sprockets 2.0. It makes CSS and JavaScript first-class code citizens and enables proper organization, including use in plugins and engines. See my RailsConf keynote for a full tour. This comes with SCSS as the default for stylesheets and CoffeeScript as the default for JavaScript. Much documentation is on the way for this.

HTTP Streaming
This lets the browser download your stylesheet and javascripts while the server is still generating the response. The result is noticeable faster pages. It’s opt-in and does require support from the web server as well, but the popular combo of nginx and unicorn is ready to take advantage of it. There’s a great Railscast on HTTP streaming and the API documentation is strong too.

jQuery is now the default
We’ve made jQuery the default JavaScript framework that ships with Rails, but it’s silly easy to switch back to Prototype if you fancy. It’s all bundled up in the jquery-rails and prototype-rails gems. Just depend on the one you’d like in the Gemfile and it’ll Just Work.

Other good stuff:

  • Reversible migrations: DRY migrations that know how to revert themselves. Cleaner, nicer migrations.
  • Mountable engines: Engines can now have their own routing and helper scope. They can also take advantage of the asset pipeline (more documentation on this soon). Read the story behind mountable engines (even if the asset stuff is now out of date).
  • Identity Map: It’s not enabled by default because of some important caveats that are still to be ironed out, but if you can deal with those, it’s a great way to cut down on the number of queries your app will trigger. Faster is better!
  • Prepared statements: Active Record now uses cached prepared statements, which is a big boost for PostgreSQL in all cases and a boost for MySQL on complex statements.
  • Rack::Cache on by default: This makes it possible to use HTTP caching with conditional get as a replacement for page caching (which we’ll soon factor into a plugin and remove from core).
  • Turn test-output on Ruby 1.9: Much nicer test output courtesy of the Turn gem. It’s on with new applications by default on Ruby 1.9.
  • Force SSL: It’s now easier than ever to keep your app safe with force_ssl. Either per-app or per-controller.
  • Role-based mass-assignment protection: attr_protected now accepts roles, so it’s easier do deal with admin/non-admin splits and more.
  • has_secure_password: Dead-simple BCrypt-based passwords. Now there’s no excuse not to roll your own authentication scheme.
  • Custom serializers: Serialize objects with JSON or whatever else you’d like.

You can also check out the an even longer changelog and get a video overview from Railscast.

If you’re starting a new application, it’s strongly recommended that you do so using Ruby 1.9.2. Rails will continue to support 1.8.x until Rails 4.0, but it’s considered the legacy option. Ruby 1.9.x is where the action is. Get on board and enjoy the massive speed boost.

You can install the Rails 3.1: Release Candidate with gem install rails --pre. Enjoy and report any release candidate issues on Github. We expect to release the final version in a couple of weeks if all goes well.

Rails 3.1 beta 1 released

We’ve taken our first release step towards the final version of Rails 3.1 today with the unveiling of beta 1. This is a release mostly for people who’ve already been following along with the development of Rails 3.1 and want to try a version that’s close to feature complete.

We do not yet have all the documentation ready, so it’s still a bit of a detective job to figure out how it all fits together. Thus, this is not a general release and I wont hold it against you if you’re holding out for a release candidate (coming in the next few weeks).

The tag is 3.1.0.beta1 and you can install using gem install rails --pre. Enjoy!

Rails 3.0.5 has been released!

Aaron Patterson showed us some tenderlove this week by releasing Rails 3.0.5. Have a peek at what got updated.

Bugs Fixed

  • Fix when gzip returns a UTF-8 string on Ruby 1.9, when it is actually binary. commit
  • Active Record limit values will not escape Arel SQL Literal nodes. commit
  • Relation#where calls will always produce AND statements regardless of how conditions hashes behaves (reverting 00693209ecc).
  • Observer callbacks will only be executed once when using STI classes in ActiveRecord. commit

Deprecations Added:

  • Deprecate Relation#& alias for Relation#merge. commit
  • Deprecated support for interpolated association conditions with the
    :conditions => ‘foo = #{bar}’ syntax, and added the new interpolation syntax
    which is :conditions => proc { “foo = #{bar}” }. commit

This is not a complete list of changes. The complete list of changes can be
found here

SHA1 Checksums:

  • actionmailer-3.0.5.gem b25750c8126aa21db27d7b0ee829b2e94e525ebc
  • actionpack-3.0.5.gem 0a6f7f9ac2960ff224c913877a2917e1bea80df3
  • activemodel-3.0.5.gem 1556900a7afa1cdcdf4641edbcdd2c24f98bb2de
  • activerecord-3.0.5.gem 33dd05d7362931564f6f15ea7130cc27a5fc09e8
  • activeresource-3.0.5.gem 758f893cbb7ef945c857bf4ca044b94017bdc437
  • activesupport-3.0.5.gem 195fa3f7fa044134703a655cdb906edb515286c4
  • rails-3.0.5.gem 32322bf9952d76c5fa0054c8533c0c58609f40aa
  • railties-3.0.5.gem 3dddf14736dec991c3dbbe2d89495613e72c19c7

Rails 3.0.3: Faster Active Record plus fixes

How about some free speed? Well, here you go. Rails 3.0.3 includes a much faster version of Active Record that reclaims the performance lost when we went from Rails 2.3.x to 3.x and then some. Aaron Patterson has done a phenomenal job benchmarking, tweaking, and tuning the ARel engine that underpins Active Record 3 and the result is Teh Snappy.

You can read more about Aaron’s work in his ARel 2.0 write-up. If you dare, you can also have a look at his RubyConf slides that went over the rewrite and speed-up in even greater detail (warning: there are slides of boys kissing!).

In addition to the free speed, we’ve also included a truckload of minor fixes. So everything just works better and faster. What more can you ask for? Oh, that it’s a drop-in replacement for Rails 3.0 — there are no API changes. You got it.

See all the changes on Github. Install the latest version using gem install rails. Or bind yourself to the v3.0.3 tag.

Enjoy!

Note: Active Record 3.0.3 is mistakenly reporting its tiny version as 1 instead of 3. This has no impact on anything you do unless you were specifically checking that tiny version. But if it bothers you lots, it’s fixed on the 3-0-stable branch.

Ruby on Rails 2.3.9 Released

We’ve released Ruby on Rails 2.3.9 (gem and git tag) to extend the 2.3.8 bridge a few steps closer to Rails 3 and Ruby 1.9. If your app runs on Rails 2.3.9 without deprecation warnings, you’re looking good for an upgrade to Rails 3.

Deprecations

  • Changes i18n named-interpolation syntax from the deprecated Hello to the 1.9-native Hello %{name}.
  • Replaces Kernel#returning with Object#tap which is native to Ruby 1.8.7.
  • Renames Array#random_element to Array#sample which is native to Ruby 1.9.
  • Renames config.load_paths and .load_once_paths to the more accurate config.autoload_paths and .autoload_once_paths.

Along with these deprecations come a broad array of bugfixes and minor tweaks. Read the commit log for the full story.

Onward to 3.1!

Rails 3.0: It's ready!

Rails 3.0 has been underway for a good two years, so it’s with immense pleasure that we can declare it’s finally here. We’ve brought the work of more than 1,600 contributors together to make everything better, faster, cleaner, and more beautiful.

This third generation of Rails has seen thousands of commits, so picking what to highlight was always going to be tough and incomplete. But here’s a choice selection of major changes for Rails 3:

New Active Record query engine
Active Record has adopted the ARel query engine to make scopes and queries more consistent and composable. This makes it much easier to build complex queries over several iterations. We also delay the actual execution of the query until it’s needed. Here’s a simple example:

<pre style="font-size: 12px">users = User.where(:name => "david").limit(20) users = users.where("age > 29")

  1. SELECT * FROM users
  2. WHERE name = “david” AND age > 29
  3. ORDER BY name
  4. LIMIT 20
    users.order(:name).each { |user| puts user.name }

Read more in new Active Record guide and watch the Dive into Rails 3: ARel video.

New router for Action Controller
When we switched to a REST-based approach for controllers in Rails 2, we patched on the syntax to the existing router while we were waiting to see if the experiment panned out.

It did and for Rails 3 we’ve gone back and revamped the syntax completely to favor the REST style with less noise and more flexibility:

<pre style="font-size: 12px">resources :people do resource :avatar

collection do get :winners, :losers end

end

  1. /sd34fgh/rooms
    scope ‘:token’, :token => /\w{5,5}/ do
    resources :rooms
    end
  1. /descriptions
  2. /pl/descriptions
  3. /en/descriptions
    scope ‘(:locale)’, :locale => /en|pl/ do
    resources :descriptions
    root :to => ‘projects#index’
    end

Read more in the new routing guide.

New Action Mailer
Action Mailer was born with a split-personality of half model, half controller. In Rails 3, we’ve made the choice to make it all controller. This means that the feel and functionality will be much closer to Action Controller and in fact they now share a bunch of underlying code. Here’s a taste of what it looks like now:

<pre style="font-size: 12px">class Notifier < ActionMailer::Base default :from => "Highrise <system@#{APPLICATION_DOMAIN}>"

def new_project(digest, project, person) @digest, @project, @person = digest, project, person attachments[‘digest.pdf’] = digest.to_pdf attachments[‘logo.jpg’] = File.read(project.logo_path) mail( :subject => “Your digest for #{project.name}”, :to => person.email_address_with_name ) do |format| format.text { render :text => “Something texty” } format.html { render :text => “Something texty” } end end

end

The new Action Mailer is built on top of the new Mail gem as well. Say goodbye to TMail headaches.

Read more in new Action Mailer guide.

Manage dependencies with Bundler
Managing all the dependencies of a Rails application has long been a hassle of patchworks. We had config.gem, Capistrano externals, custom rake setup tasks, and other incomplete solutions.

Bundler cleans all that up and allows you to specify the libraries, frameworks, and plugins that your application depends on. All Rails 3 applications are born with a Gemfile to control it all. See more on the Bundler site.

XSS protection by default
The internet is a scary place and Rails 3 is watching out for you by default. We’ve had CRSF protection with form signing for a while and SQL-injection protection since the beginning, but Rails 3 ups the anté with XSS protection as well (hat tip to Django for convincing us).

See the Railscast on XSS video and the Dive into Rails 3: Cross-site scripting video for more.

Say goodbye to encoding issues
If you browse the Internet with any frequency, you will likely encounter the &#xFFFD; character. This problem is extremely pervasive, and is caused by mixing and matching content with different encodings.

In a system like Rails, content comes from the database, your templates, your source files, and from the user. Ruby 1.9 gives us the raw tools to eliminate these problems, and in combination with Rails 3, &#xFFFD; should be a thing of the past in Rails applications. Never struggle with corrupted data pasted by a user from Microsoft Word again!

Active Model: Validations, callbacks, etc for all models
We’ve extracted quite a bit of commonly requested Active Record components into the new Active Model framework. This allows an ORM like Mongoid to use Active Record’s validations, callbacks, serialization, and i18n support.

Additionally, in the rewrite of Action Controller, we removed any direct references to Active Record, defining a clean, simple API that ORMs can implement. If you use an API-compliant ORM (like DataMapper, Sequel, or Mongoid), you will be able to use features like form_for, link_to and redirect_to with objects from those ORMs without any additional work.

Official plugin APIs
We also rewrote Railties with the express goal of using the new plugin API for all Rails frameworks like Active Record and Action Mailer. This means that Rails plugins like the ones for DataMapper and RSpec have access to all of the integration as the built-in support for Active Record and Test::Unit.

The new Railtie API makes it possible to modify the built-in generators, add rake tasks, configure default Rails options, and specify code to run as early, or as late as you need. Rails plugins like Devise were able to add much better integration in the Rails 3 version of their plugin. Expect to see a lot more of that in the months ahead.

Rewritten internals
We rewrote the internals of Action Pack and Railties, making them much more flexible and easier to extend. Instead of a single monolithic ActionController::Base, Rails 3 exposes a number of modules, each with defined APIs, that you can mix and match to create special-purpose controllers for your own use. Both Action Mailer in Rails and the Cells project make heavy use of this new functionality.

You can also take a look a this blog post by Yehuda (from last year) to see how the new architecture makes it easy to implement Django-style generic actions in Rails by leveraging Rack and ActionController::Metal.

The Rails generator system is got a revamp as well. Instead of monolithic generators that know about all of the Rails frameworks, each generator calls a series of hooks, such as :test_framework and :orm, that plugins can register handlers for. This means that generating a scaffold when using rSpec, DataMapper and Haml will generate a scaffold customized for those plugins.

Agnosticism with jQuery, rSpec, and Data Mapper
The rewritten internals and the new plugin APIs have brought true agnosticism to Rails 3 for all components of the framework. Prefer DataMapper to Active Record? No problem. Want to use jQuery instead of Prototype? Go ahead. Eager to test with rSpec instead of test/unit? You got it.

It’s never been easier to Have It Your Way™ with Rails 3. And at the same time, we’ve made that happen without making using the excellent default stack any more complicated.

Documentation
Rails 3 has had a long development cycle and while that might have lead to some impatience, it has also given book and tutorial authors a chance to catch up and be ready. There’s a wealth of great Rails 3 documentation available already and more is coming shortly.

The Agile Web Development with Rails 4th Ed book is almost ready and there are plenty more books coming. Check out all the new guides, the new official videos, new Railscasts, and a new tutorial. See the recent recap of documentation sources for more.

Installation
gem install rails --version 3.0.0.

We also have a Rails v3.0.0 tag and a 3-0-stable branch.

Rails 3.0 has been designed to work with Ruby 1.8.7, Ruby 1.9.2, and JRuby 1.5.2+.

Gratitude and next steps
I’m personally incredibly proud of this release. I’ve been working on Rails for more than 7 years and the quality of the framework we have today is just astounding. This is only possible as a community effort and Rails 3 has seen so many incredible developers step up and help make this our best release ever (wink). Many thanks to all of you.

We’ll continue to develop Rails 3.0 with fixes and tweaks via the stable branch and Rails 3.1 is already cooking on master.

UPDATE: We’re raising money for Charity:Water in the name of Rails 3.0. Please donate and help us bring clean water to 5,000 people in the name of the Rails community.

Rails 3.0: Release candidate 2

The release candidate process is progressing as planned. This second candidate has very few changes over the first, which means that unless any blockers are discovered with this release, we’re targeting the final release of Rails 3.0 for this week(!!!).

So please do help us weed out any blockers. Especially in our two new main dependencies: Bundler and ARel. They’ve both progressed into release candidacy for their 1.0 releases and will be sharing the same 1.0-final release date as Rails 3.0.

You can see a complete list of all the dotted t’s and crossed i’s on the new fabulous Github comparo view of RC1 and RC2.

As always, you install this latest version with: gem install rails --pre

Also note that Rails 3.0 now has it’s own stable branch. The master branch is now reserved for Rails 3.1 development. (That’s right, we’re already going there and it’s going to be M-A-G-I-C-A-L!).

Rails 3.0: Release candidate!

High off Baltimore Pandemic and Yellow Tops, I believe we promised a release candidate shortly after RailsConf. As things usually go in open source, we gorged ourselves on fixes and improvements instead. But all to your benefit. We’ve had 842 commits by 125 authors since the release of the last beta!

Now it’s time to just say good is good enough, otherwise we could keep on with this forever. So please welcome the Rails 3 release candidate! You install, as always, with gem install rails --pre.

Most of the fixes have been of minor significance, but we did manage to dramatically speed up Rails 3 development and startup speed for larger applications (Basecamp went from insufferable to about 2.3 levels of enjoyment).

Speed is now pretty good across the board except for part of Arel that Active Record now depends on. We’ll be making sure we get performance of Active Record back to at least 2.3 levels before release.

A few more highlights:

Indulge yourself in the delights of all the glorious details from the commit logs or checkout the slightly less pedantic summaries in the CHANGELOGs.

This release candidate of Rails 3 also concides with the release candidate of Bundler 1.0. Huge strides were made with Bundler and it should both be much faster and have most of the edge cases sawed off.

I’ve said “we’re almost there” so many times that I’m almost exhausted. But really, guys, WE’RE ALMOST THERE!!!1

1 Just a few weeks before final is out?

Rails 3.0: Beta 4 now, RC in days

RailsConf 2010 is underway and what better occasion to do the final stage of the Rails 3 beta program. We’re very pleased to announce Rails 3 beta 4, which we’ll be hammering on and tuning during RailsConf.

At the end of RailsConf, we’ll be putting out the release candidate. So if you’re at the conference, and even if you’re not, now is the time to give upgrading a chance or even starting a new app. We’re all responsible for making this release solid, please join the fun.

You can install the latest beta with gem install rails --pre

Since we’re so close to release now, it’s also a great pleasure to introduce the new Rails 3 screencast series by Gregg Pollack and EnvyLabs. They’ve done an awesome job putting together six episodes and more are coming. You can also read along in their great Rails 3 slides from the RailsConf tutorial.

I also gave a keynote on Rails 3 this morning at RailsConf, so you can enjoy the slides.

Let’s race to the finish line together.

Ruby on Rails 2.3.8 Released

The 2.3.7 release slipped out the door too hastily. Fixing compatibility with the rails_xss plugin inadvertently forced everyone to use it. Facepalm.

I apologize for wasting a chunk of your day on installing what ought to have been a patch-level update only to find it breaks your app. That’s well out of line with our stable release process and it’s my fault for stepping out of it. I got caught up in a sky-is-falling response to a 2.3.6 bug that affected a handful of users and responded with a fix that exposed a new flaw to nearly all users, despite testing and sanity checking.

Thanks for all your feedback today. We hear you, and yes, a thousand times yes. Every stable release, including point releases, deserves the same methodical drumbeat on its march from git stable to to .pre gem to final gem. Expect no less.

Now, on to the gem-cutting: Rails 2.3.8 is available now, bringing us back to stable ground.

Ruby on Rails 2.3.7 Released

With the 2.3.6 release hot out of the oven, Nathan Weizenbaum began updating HAML to support it. He uncovered a couple of bugs in the HTML-safety changes backported from Rails 3, so we’re cutting a 2.3.7 release to fix them.

If you use the rails_xss plugin for automatic HTML escaping, you should upgrade to Rails 2.3.7 and the latest rails_xss plugin.

If you don’t use the rails_xss plugin yet, now’s the time to start. It’s baked in to Rails 3.

Update: fixing compatibility with the rails_xss plugin broke HTML-safety for apps that don’t use rails_xss. We’re sorry, all: HTML-safety is meant to be opt-in! The fix is available now in 2.3.8.pre1 and will be released shortly.

Ruby on Rails 2.3.6 Released

We’ve released Ruby on Rails 2.3.6: six months of bug fixes, a handful of new features, and a strong bridge to Rails 3.

We deprecated some obscure and ancient features in Rails 2.3.6 so we could cut them entirely from Rails 3. If your app runs on Rails 2.3.6 without deprecation warnings, you’re in good shape for a smooth sail onward.

This slow-cooked dish is brought to you some 87 committers from our all-volunteer kitchen.

Now, let’s open the goodie bag!

Action Pack

  • Upgrade Rack from 1.0.1 to 1.1.0.
  • XSS prevention: update to match Rails 3 and move to the official plugin at http://github.com/rails/rails_xss.
  • Cookies: convenient cookie jar add-ons to set permanent or signed cookies, or both at once: cookies.permanent.signed[:remember_me] = current_user.id. Read more.
  • Flash: promote alert and notice, the most common flash keys in many apps, to self.alert = '...' and self.notice = '...'. Add redirect_to url, :alert => '...' and :notice => '...'. Read more.
  • i18n: localize the label helper.

Active Record

  • Namespacing: support optional table name prefixes on modules by defining self.table_name_prefix. Read more.
  • Destroy uses optimistic locking.
  • Counter cache: use Post.reset_counters(1234, :comments) to count the number of comments for post 1234 and reset its comments_count cache.
  • PostgreSQL: always use standard-conforming strings, if supported.
  • MySQL: add index length support. Read more.
  • MySQL: add_ and change_column support column positioning using :first => true and :after => :other_column.

Active Support

  • Upgrade i18n from 1.3.3 to 1.3.7.
  • Upgrade TZInfo from 0.3.12 to 0.3.16.
  • Multibyte: speed up string verification and cleaning.
  • JSON: use YAJL for JSON decoding, if available. gem install yajl-ruby
  • Testing: add assert_blank and assert_present. Read more.
  • Core: backport Object#singleton_class from Ruby 1.8.8, deprecating our Object#metaclass.
  • Core: add Object#presence that returns the object if it’s #present? otherwise returns nil. Example: region = params[:state].presence || params[:country].presence || 'US'
  • Core: add Enumerable#exclude? to match include?.
  • Core: rename Array#rand to Array#random_element to avoid collision with Kernel#rand.
  • Core: rename Date# and Time#last_(month|year) to #prev_(month|year) for Ruby 1.9 forward compatibility.

Active Resource

  • JSON: set ActiveResource::Base.include_root_in_json = true to serialize as a hash of model name → attributes instead of a bare attributes hash. Defaults to false.

Action Mailer

  • Upgrade TMail from 1.2.3 to 1.2.7.

Railties

  • Silence RubyGems 1.3.6 deprecation warnings.

Peruse the commit log for the full story.

Rails 3.0: Second beta release

It took longer than we thought, but then again, what doesn’t? This is the second beta release of Rails 3.0 and hopefully our last stop before a release candidate. There are still a handful of known regressions (see the list at the end), but we’ve made huge strides since the last release and so have auxiliary tools like Bundler.

You can find all the detailed changes in the the CHANGELOGs for each framework: Action Mailer, Action Pack, Active Record, Active Resource, Active Model, Active Support, Rails.

Please install beta 2 and try it out with new and existing applications. (gem install rails --prerelease after you make sure you’re on Ruby Gems 1.3.6 with gem update --system).

You can use Jeremy McAnally’s excellent rails_upgrade plugin to take a 2.3.x app to 3.0 (and get his update book too). There are already a good number of Rails 3 applications live in the wild.

Thanks a million to everyone who’s been working on this. Rails 3 is a mighty big barn and it’s been a joy seeing the community come together to raise it.

Note that Ruby 1.8.7 p248 and p249 has marshaling bugs that crash both Rails 2.3.x and Rails 3.0.0. Ruby 1.9.1 outright segfaults on Rails 3.0.0, so if you want to use Rails 3 with 1.9.x, jump on 1.9.2 trunk for smooth sailing.

Known regressions: Rails crashes unless configuration.action_controller.session is set, config.thread_safe does not work, Unable to run a RJS partial from an HTML template, Backtrace silencers oftem remove application lines from test failures backtraces, Active Record double escapes error_messages_for

Ruby on Rails 2.3.5 Released

Rails 2.3.5 was released over the weekend which provides several bug-fixes and one security fix. It should be fully compatible with all prior 2.3.x releases and can be easily upgraded to with “gem update rails”. The most interesting bits can be summarized in three points.

Improved compatibility with Ruby 1.9

There were a few small bugs preventing full compatibility with Ruby 1.9. However, we wouldn’t be surprised you were already running Rails 2.3.X successfully before these bugs were fixed (they were small).

RailsXss plugin availability

As you may have heard, in Rails 3 we are now automatically escaping all string content in erb (where as before you needed to use “h()” to escape). If you want to have this functionality today you can install Koz’s RailsXss plugin in Rails 2.3.5.

Fixes for the Nokogiri backend for XmlMini

With Rails 2.3 we were given the ability to switch out the default XML parser from REXML to other faster parsers like Nokogiri. There were a few issues with using Nokogiri which are now resolved, so if your application is parsing lots of xml you may want to switch to this faster XML parser.

And that’s the gist of it

Feel free to browse through the commit history if you’d like to see what else has been fixed (but it’s mostly small stuff).

Rails 2.3: Templates, Engines, Rack, Metal, much more!

Rails 2.3 is finally done and out the door. This is one of the most substantial upgrades to Rails in a very long time. A brief rundown of the top hitters:

  • Templates: Allows your new skeleton Rails application to be built your way with your default stack of gems, configs, and more.
  • Engines: Share reusable application pieces complete with routes that Just Work, models, view paths, and the works.
  • Rack: Rails now runs on Rack which gives you access to all the middleware goodness.
  • Metal: Write super fast pieces of optimized logic that routes around Action Controller.
  • Nested forms: Deal with complex forms so much easier.

And that’s just the tip of the iceberg. We’ve put together a complete guide for the Rails 2.3 release notes with much more information. Be sure to checkout the section on what was deprecated when you’re ready to upgrade your application.

You install 2.3 with (the final version is marked 2.3.2):

gem install rails

If you’re running on Passenger, be sure to upgrade to 2.1.2 as well. Rails 2.3 doesn’t run on older versions of Passenger!

We hope you’ll love it.

Rails 2.3 RC2: Final stop before release

The past month has seen a flurry of activity getting Rails 2.3 solid. We think we’ve ironed out all the major kinks now, but just to be sure, we’re running one last release candidate before it heads off to the presses. So please take some time to test out this release candidate. If we don’t get any reports of major blockers, we’re going to call this final within a week or two.

We’ve put together a complete guide for the Rails 2.3 release notes with all the information on what’s new, what’s changed, and what’s deprecated.

You can install the release candidate with:

gem install rails --source http://gems.rubyonrails.org

Rails 2.3.0 RC1: Templates, Engines, Rack, Metal, much more!

Rails 2.3 is almost ready for release, but this package is so stock full of amazing new stuff that we’re making dutifully sure that everything works right before we call it official.

So please help us do thorough testing of this release candidate. Lots of the underpinnings changed. Especially the move to Rack. So we need solid testing and will probably have a slightly longer than average release candidate phase to account for that.

But boy will it be worth it. This is one of the most substantial upgrades to Rails in a very long time. A brief rundown of the top hitters:

  • Templates: Allows your new skeleton Rails application to be built your way with your default stack of gems, configs, and more.
  • Engines: Share reusable application pieces complete with routes that Just Work, models, view paths, and the works.
  • Rack: Rails now runs on Rack which gives you access to all the middleware goodness.
  • Metal: Write super fast pieces of optimized logic that routes around Action Controller.
  • Nested forms: Deal with complex forms so much easier.

And that’s just the tip of the iceberg. We’ve put together a complete guide for the Rails 2.3 release notes with much more information.

You can install the release candidate with:

gem install rails --source http://gems.rubyonrails.org

Enjoy, report the bugs, and let’s get Rails 2.3 final out the door soon.

New REE with OS X, 64-bit, Solaris support and GC patches

Phusion is on a roll today. Not only did we just get a new Passenger, they’ve also just dropped a new REE (the Ruby patches for copy-on-write) that includes 64-bit support as well as compatibility with OS X and Solaris. They’ve also fitted the excellent RailsBench patches from Stefan Kaes that allows you to tweak the GC settings in Ruby if you need to.

This edition was sponsored by 37signals, Curve21, Dr Dispatch Transportation Software, InfoEther, Martian Interactive, New York Times, Shopify, Trevor Turk, and Utah Imaging.

Phusion Passenger 2.0.5 now compatible with Edge Rails

The Phusion team keeps blazing ahead with Passenger and improving it rapidly. They’ve just released version 2.0.5, which includes a few fixes and introduces compatibility with the Rack-based Edge Rails.

At 37signals, we’ve already switched over Ta-da List and are busy working on getting the rest of our suite running on Passenger. It’s just so much easier to deal with and the memory savings you get through REE are a nice cherry on top.

I keep getting a steady stream of success reports from all over the world as well. I’ve even read of a few people getting back into Rails development because Passenger finally took out the inconvenience of deploying.

It’s hard to argue with the usability. I’ve personally been setting up a new server running Ubuntu 8.10 and using Apache 2 with Passenger. The time it took me to go from a fresh install to a complete production setup was ridiculously low. There’s just so much less to worry about.

If you haven’t given Passenger a chance yet, now is definitely the time.

Rails 2.2: i18n, HTTP validators, thread safety, JRuby/1.9 compatibility, docs

Rails 2.2 is finally done after we cleared the last issues from the release candidate program. This release contains an long list of fixes, improvements, and additions that’ll make everything Rails smoother and better, but we also have a number of star player features to parade this time.

Internationalization by default
The most important is that Rails now includes a full-on internationalization framework and that it’s pre-wired from start. The work of the i18n group has been very impressive and it’s great to see that Rails finally ships with a solution in the box that’s both simple and extensible. Great job, guys!

Stronger etag and last-modified support
We’ve also added much better support for HTTP validators in the form of etag and last-modified. Making it so much easier to skip expensive procesesing if the client already has the latest stuff. This also makes it even easier to use Rails with gateway proxies.

Thread safety and a connection pool
Josh Peek has added thread safety to Rails and Nick Sieger from JRuby worked on getting Active Record a proper connection pool. So now all elements of Rails are thread safe, which is a big boon for the JRuby guys in particular. For C Ruby, we still need a bunch of dependent libraries to go non-blocking before it’ll make much of a difference, but work on that is forth coming.

Ruby 1.9 and JRuby compatibility
Jeremy Kemper has been rocking on both Ruby 1.9 and JRuby compatibility. Rails 2.2 is fully compatible with both, but again, there might be supporting libraries and gems that are not. Again, lots of work is going into making everything else fully compatible as well.

Better API docs, great guides
Finally, the last big push has been with the documentation of Rails. Pratik’s docrails project has made immense progress. Not only are the API docs much improved, but we also have a whole new guides section generated from documentation that now lives with the source. A true community project with lots of contributors. I’m sure both those new and old to Rails will greatly appreciate the strong focus on documentation.

To read about all these features and more in details, checkout the Rails 2.2 release notes — another one of those guides from the docrails project.

How to install
As always, you can install Rails 2.2 through RubyGems. We now require RubyGems 1.3.1, so be sure to update that first: gem update --system

Then you can install Rails: gem install rails

If you’re updating an existing application, you can run rake rails:update to get the latest JavaScript files and scripts.

From all of us to all of you, we hope you enjoy this release. It’s a true pleasure to see Rails make such big steps forward once again. Dig in, have fun, and we’ll be back with Rails 2.3 with even more before you know it.

Rails 2.2 RC2: Last stop before final

Rails 2.2 has been baking for long enough now. This is the last taste before the goodies are served. So please install and check it out. See if you can find any regressions or bugs in any of the new stuff, so we can have it all delicious by the time we ring the dinner bell (ok, ok, I’ll put down the food metaphor now).

This release also conciedes with the fact that we’ve branches 2-2-stable, which means that master is now actually targeting Rails 2.3/3.0. There’s also a tag available for this RC as v2.2.1.

If you missed RC1, have a look at the Rails 2.2 release notes to see the major additions. You can see what’s new since RC1 in these two This Week in Edge Rails.

To install, you must first have RubyGems 1.3.1:
gem update --system.

Then you can:
gem install rails -s http://gems.rubyonrails.org

Enjoy!

Rails 2.2 RC1: i18n, thread safety, docs, etag/last-modified, JRuby/1.9 compatibility

Rails 2.2 is almost ready for its final release, but before we christen the gems, we’d like to have everyone test out a release candidate. Rails 2.2 is a major upgrade that includes a wealth of new features and fixes.

Chief inclusions are an internationalization framework, thread safety (including a connection pool for Active Record), easier access to HTTP caching with etags and last modified, compatibility with Ruby 1.9 and JRuby, and a wealth of new documentation.

Mike Gunderloy has compiled an exhaustive list and walk-through of many of the interesting new features for the Rails 2.2 release notes.

To help test the Rails 2.2 release candidate, please install with:
gem install rails -s http://gems.rubyonrails.org -v 2.2.0

Hopefully there will not be too much folly in the RC and we can quickly move to a final release. But it requires your help to get there.

Note that this release is called 2.2.0, not 2.1.99 as our previous naming scheme would have dictated. So the final release of Rails 2.2 will actually be 2.2.1 (if we only need one RC).

Rails 2.1.2: Security, other fixes

Rails 2.1.2 includes the same two security fixes that we pushed out for 2.0.x recently. We’re talking about a backport of the offset/limit sanitization fix for Active Record and a fix against header-injection when using user-contributed strings in redirect_to (see Response Splitting for more information).

In addition, Rails 2.1.2 fixes the warning that users of RubyGems 1.3.0 were having with script/generate as well as a range of other minor fixes. Enjoy!

As always, you can install with:
gem install rails --version 2.1.2

Rails 2.0.4: Maintenance release

Thanks to Git it’s been a lot easier to maintain older branches of the code base, so we’ve taken the opportunity to backport a bunch of bug fixes to the 2.0 branch and here’s the release for that.

The only major issue is that we’ve fixed the REXML DoS vulnerability with a monkey patch that ships in the box. So if you’re on 2.0 and haven’t dealt with the issue already, you can upgrade to 2.0.4 and get it fixed.

You can install with: gem install rails --version 2.0.4

See all the changes

UPDATE: The actual 2.0.4 gem didn’t get published yesterday due to a bug in the release script. It’s been fixed and 2.0.4 is actually available on the main gem repository. Sorry about that!

Capistrano 2.4.0

Capistrano 2.4.0 is now available. Capistrano is the deployment tool of choice for many Rails programmers, but can be used for much more, allowing you to automate remote tasks using a simple task-oriented framework in Ruby.

Install it via RubyGems:

  gem install capistrano

You can read the entire release announcement on Jamis Buck’s weblog.

Rails 2.1: Time zones, dirty, caching, gem dependencies, caching, etc

Rails 2.1 is now available for general consumption with all the features and fixes we’ve been putting in over the last six months since 2.0. This has been a huge effort by a very wide range of contributors helping to make it happen.

Over the past six months, we’ve had 1,400 contributors creating patches and vetting them. This has resulted in 1,600+ patches. A truly staggering number. And lots of that has made it into this release.

New features
The new major features are:

Thanks to Ryan Daigle for the feature introductions and Ryan Bates for the Railscasts. It makes writing the release notes so much easier :).

As always, you can install with:

gem install rails

…or you can use the Git tag for 2.1.0.

Enjoy!

Rails 2.1 release candidate is imminent!

Threat level orange, guys! The release candidate for Rails 2.1 is drawing awfully close, so if you’ve been sitting on a patch that just must make it in now is the time to rise hell or high water to make it so. Once we cut the release candidate, we’ll be loathe to introduce anything but bug fixes to the features already there.

So get in your saddle, cowboy, and make that patch happen. Remember that the party has moved to Github and Lighthouse. Giddiyap!

Capistrano 2.2.0

Capistrano is a utility for managing remote servers and automating remote tasks. It is popularly used to deploy Rails applications (but can do oh, so much more!). Version 2.2.0 is now available (well, it’s released, anyway, you might need to wait for the file to propagate to the gem mirrors).

gem install capistrano

Version 2.2.0 sports the following changes:

FEATURE: Dynamic role definition. The role() method now accepts a block, which should return either a host name, a Capistrano::ServerDefinition object, an array of host names, or an array of Capistrano::ServerDefinition objects. This can be used to describe the servers in a role at runtime.

role :app do
  hosts = some_method_that_looks_up_the_current_hosts
  hosts[0,3]
end

FEATURE: Alternative server-centric role definitions, using the server() method:

role :app, "server"
role :web, "server"

# the above is the same as this:
server "server", :app, :web

FEATURE: Support for a :max_hosts option in tasks, that restricts the task so that it is only executed in hosts at a time, in chunks. This helps people who use Capistrano with very large numbers of servers, and prevents them running into connection caps and from running out of memory.

task :ping, :max_hosts => 100 do
  # anything here will only run against 100 hosts at a time
end

# alternatively, you can pass :max_hosts to the run command itself for
# finer granularity
task :pong do
  # this will run on ALL hosts at once
  run "something"

  # this will run on no more than 100 hosts at a time
  run "something-else", :max_hosts => 100
end

ENHANCEMENT: Improved Git support!

ENHANCEMENT: Password prompt support in the Mercurial SCM.

ENHANCEMENT: Implement Bzr#next_revision so that pending changes can be reported correctly, and use checkout —lightweight instead of branch.

ENHANCEMENT: Bring back the :p4sync_flags and :p4client_root variables for perforce SCM.

Additionally, there are several minor bugs and typos that have been fixed. You can see the CHANGELOG for all the gory details.

As ever, please report bugs via the Rails trac, at http://dev.rubyonrails.org. And if you aren’t yet subscribed to the Capistrano mailing list, it’s where all the cool cappists hang out.

ActiveMerchant 1.3 released

ActiveMerchant 1.3 has been released. The focus on this latest release was the addition of standardized support for the Address Verification System (AVS) and credit card verification value (CVV2) checks across all gateways which is the latest extraction from Shopify.

AVS information helps reduce fraud by checking the billing address of the customer with the cardholder information on file at the credit card company. CVV2 checks help ensure that the cardholder information has not been stolen from a database of credit card numbers because it is forbidden to record or store CVV2 numbers in any way.

The results of the AVS and CVV2 checks are now available in the response object. ActiveMerchant does all the work of interpreting the information returned from the payment gateways for you and makes the information available in a consistent hash format.

Sample AVS/CVV2 result:


response.avs_result['message']      #=> 
     "Street address and 9-digit postal code match."

response.cvv_result['message']      #=> 
     "Suspicious Transaction."

# Details: 
response.avs_result['code']         #=> "X"
response.avs_result['street_match'] #=> "Y"
response.avs_result['postal_match'] #=> "Y"
response.cvv_result['code']    #=> "D"

Other notable improvements with the 1.3 release include:

  • Improved documentation
  • Common interface to AVS / CVV2 results
  • New gateways, including Authorize.net Recurring Billing (ARB)
  • Improved supported feature set of many existing gateways
  • Automatically retry failed connections (when it’s safe)

Coinciding with the 1.3 release of ActiveMerchant is the [ActiveMerchant PeepCode PDF](http://peepcode.com/products/activemerchant-pdf) by [Cody Fauser](http://www.codyfauser.com). The PDF goes over the basics of payment processing, making purchases with ActiveMerchant, and security considerations to keep in mind when processing credit cards in your Rails application. The PDF also walks through the development of a sample Rails application that addresses topics such as order pipelines, order state management and the appropriate unit testing a financial application requires. It is definitely a great read if you are curious about payment processing or require payment processing in your application.

Rails 2.0.2: Some new defaults and a few fixes

Now that we have the big Rails 2.0 release out the door, it’s a lot easier to push out smaller updates more frequently. So that’s what we’re going to do. Rails 2.0.2 contains a bunch of smaller fixes to various bugs, no show-stopping action, just further polish. But it also contains a few new defaults.

SQLite3 is the new default database

Most importantly is SQLite3 as the new database we’ll configure for by default when you run the rails generation command without any specification. This change comes as SQLite3 is simply an easier out of the box experience than MySQL. There’s no fussing with GRANTs and creates, the database is just there. This is especially so under OS X 10.5 Leopard, which ships with SQLite3 and the driver gems preinstalled as part of the development kit.

If you want to preconfigure your database for MySQL (or any of the other adapters), you simply do “rails -d mysql myapp” and everything is the same as before. But if you’re just playing with a new application or building a smallish internal tool, then I strongly recommend having a look at SQLite3. Thanks to the agnostic db/schema.rb, it’s as easy as changing your config/database.yml to switch from SQLite3 to MySQL (or another database) as soon as your load warrants it.

Don’t check for template changes in production mode

New applications will be generated with the following option in their config/environments/production.rb:

config.action_view.cache_template_loading = true

This will stop Rails from constantly doing STAT calls to the file system to check if the file has changed. This can make for a lot of I/O activity, especially if you have lots of partials. If you have very fast disks, this may not matter, but if you’re running off slower disks it can make quite a big difference.

The drawback is that you can no longer just svnup a single template file and see it changed immediately. You’ll have to restart the application servers to make that happen.

Regardless, we feel that this is the better default in a partial-heavy world, but you’re of course always free to change it.

Rails 2.0.2 is a drop-in replacement for Rails 2.0

To upgrade, just do “gem install rails” (if the gems are still not propagated, use —source http://gems.rubyonrails.org) or use the new rel_2-0-2 tag.

The rest of the changes are as follows:

Action Pack

  • Added delete_via_redirect and put_via_redirect to integration testing #10497 [philodespotos]
  • Allow headers[‘Accept’] to be set by hand when calling xml_http_request #10461 [BMorearty]
  • Added OPTIONS to list of default accepted HTTP methods #10449 [holoway]
  • Added option to pass proc to ActionController::Base.asset_host for maximum configurability #10521 [chuyeow]. Example:
ActionController::Base.asset_host = Proc.new { |source| if source.starts_with?(‘/images’) “http://images.example.com” else “http://assets.example.com” end }
  • Fixed that ActionView#file_exists? would be incorrect if @first_render is set #10569 [dbussink]
  • Added that Array#to_param calls to_param on all it’s elements #10473 [brandon]
  • Ensure asset cache directories are automatically created. #10337 [Josh Peek, Cheah Chu Yeow]
  • render :xml and :json preserve custom content types. #10388 [jmettraux, Cheah Chu Yeow]
  • Refactor Action View template handlers. #10437, #10455 [Josh Peek]
  • Fix DoubleRenderError message and leave out mention of returning false from filters. Closes #10380 [Frederick Cheung]
  • Clean up some cruft around ActionController::Base#head. Closes #10417 [ssoroka]

Active Record

  • Ensure optimistic locking handles nil #lock_version values properly. Closes #10510 [rick]
  • Make the Fixtures Test::Unit enhancements more supporting for double-loaded test cases. Closes #10379 [brynary]
  • Fix that validates_acceptance_of still works for non-existent tables (useful for bootstrapping new databases). Closes #10474 [hasmanyjosh]
  • Ensure that the :uniq option for has_many :through associations retains the order. #10463 [remvee]
  • Base.exists? doesn’t rescue exceptions to avoid hiding SQL errors. #10458 [Michael Klishin]
  • Documentation: Active Record exceptions, destroy_all and delete_all. #10444, #10447 [Michael Klishin]

Active Resource

  • Added more specific exceptions for 400, 401, and 403 (all descending from ClientError so existing rescues will work) #10326 [trek]
  • Correct empty response handling. #10445 [seangeo]

Active Support

  • Ruby 1.9 compatibility. #1689, #10466, #10468 [Cheah Chu Yeow, Pratik Naik, Jeremy Kemper]
  • TimeZone#to_s uses UTC rather than GMT. #1689 [Cheah Chu Yeow]
  • Refactor of Hash#symbolize_keys! to use Hash#replace. Closes #10420 [ReinH]
  • Fix HashWithIndifferentAccess#to_options! so it doesn’t clear the options hash. Closes #10419 [ReinH]

Rails

  • Changed the default database from mysql to sqlite3, so now running “rails myapp” will have a config/database.yml that’s setup for SQLite3 (which in OS X Leopard is installed by default, so is the gem, so everything Just Works with no database configuration at all). To get a Rails application preconfigured for MySQL, just run “rails -d mysql myapp” [DHH]
  • Turned on ActionView::Base.cache_template_loading by default in config/environments/production.rb to prevent file system stat calls for every template loading to see if it changed (this means that you have to restart the application to see template changes in production mode) [DHH]
  • Introduce `rake secret` to output a crytographically secure secret key for use with cookie sessions #10363 [revans]
  • Fixed that local database creation should consider 127.0.0.1 local #9026 [parcelbrat]
  • Fixed that functional tests generated for scaffolds should use fixture calls instead of hard-coded IDs #10435 [boone]
  • Added db:migrate:redo and db:migrate:reset for rerunning existing migrations #10431, #10432 [matt]
  • RAILS_GEM_VERSION may be double-quoted also. #10443 [James Cox]
  • Update rails:freeze:gems to work with RubyGems 0.9.5. [Jeremy Kemper]

Rails 2.0: It's done!

Rails 2.0 is finally finished after about a year in the making. This is a fantastic release that’s absolutely stuffed with great new features, loads of fixes, and an incredible amount of polish. We’ve even taken a fair bit of cruft out to make the whole package more coherent and lean.

What a milestone for Ruby on Rails as well. I’ve personally been working on this framework for about four and a half years and we have contributors who’ve been around for almost as long as well. It’s really satisfying to see how far we’ve come in that period of time. That we’ve proven the initial hype worthy, that we’ve been able to stick with it and continue to push the envelope.

Before jumping into the breakdown of features, I’d just like to extend my deep gratitude towards everyone who helped make this release possible. From the stable of merry men in the Rails core to the hundreds of contributors who got a patch applied to everyone who participated in the community over the year. This release is a triumph for large-scale open source development and you can all be mighty proud of the role you played. Cheers!

With the touchy-feely stuff out of the way, let’s dig into the feast and look at just a sliver of what’s new:

Action Pack: Resources

This is where the bulk of the action for 2.0 has gone. We’ve got a slew of improvements to the RESTful lifestyle. First, we’ve dropped the semicolon for custom methods instead of the regular slash. So /people/1;edit is now /people/1/edit. We’ve also added the namespace feature to routing resources that makes it really easy to confine things like admin interfaces:

map.namespace(:admin) do |admin| admin.resources :products, :collection => { :inventory => :get }, :member => { :duplicate => :post }, :has_many => [ :tags, :images, :variants ] end

Which will give you named routes like inventory_admin_products_url and admin_product_tags_url. To keep track of this named routes proliferation, we’ve added the “rake routes” task, which will list all the named routes created by routes.rb.

We’ve also instigated a new convention that all resource-based controllers will be plural by default. This allows a single resource to be mapped in multiple contexts and still refer to the same controller. Example:


  # /avatars/45 => AvatarsController#show
  map.resources :avatars
  
  # /people/5/avatar => AvatarsController#show 
  map.resources :people, :has_one => :avatar

Action Pack: Multiview

Alongside the improvements for resources come improvements for multiview. We already have #respond_to, but we’ve taken it a step further and made it dig into the templates. We’ve separated the format of the template from its rendering engine. So show.rhtml now becomes show.html.erb, which is the template that’ll be rendered by default for a show action that has declared format.html in its respond_to. And you can now have something like show.csv.erb, which targets text/csv, but also uses the default ERB renderer.

So the new format for templates is action.format.renderer. A few examples:

  • show.erb: same show template for all formats
  • index.atom.builder: uses the Builder format, previously known as rxml, to render an index action for the application/atom+xml mime type
  • edit.iphone.haml: uses the custom HAML template engine (not included by default) to render an edit action for the custom Mime::IPHONE format

Speaking of the iPhone, we’ve made it easier to declare “fake” types that are only used for internal routing. Like when you want a special HTML interface just for an iPhone. All it takes is something like this:


  # should go in config/initializers/mime_types.rb
  Mime.register_alias "text/html", :iphone

  class ApplicationController < ActionController::Base
    before_filter :adjust_format_for_iphone
  
    private
      def adjust_format_for_iphone
        if request.env["HTTP_USER_AGENT"] && request.env["HTTP_USER_AGENT"][/(iPhone|iPod)/]
          request.format = :iphone
        end
      end
  end
  
  class PostsController < ApplicationController
    def index
      respond_to do |format|
        format.html   # renders index.html.erb
        format.iphone # renders index.iphone.erb
      end
    end
  end

You’re encouraged to declare your own mime-type aliases in the config/initializers/mime_types.rb file. This file is included by default in all new applications.

Action Pack: Record identification

Piggy-backing off the new drive for resources are a number of simplifications for controller and view methods that deal with URLs. We’ve added a number of conventions for turning model classes into resource routes on the fly. Examples:


  # person is a Person object, which by convention will 
  # be mapped to person_url for lookup
  redirect_to(person)
  link_to(person.name, person)
  form_for(person)

Action Pack: HTTP Loving

As you might have gathered, Action Pack in Rails 2.0 is all about getting closer with HTTP and all its glory. Resources, multiple representations, but there’s more. We’ve added a new module to work with HTTP Basic Authentication, which turns out to be a great way to do API authentication over SSL. It’s terribly simple to use. Here’s an example (there are more in ActionController::HttpAuthentication):


  class PostsController < ApplicationController
    USER_NAME, PASSWORD = "dhh", "secret"

    before_filter :authenticate, :except => [ :index ]

    def index
      render :text => "Everyone can see me!"
    end

    def edit
      render :text => "I'm only accessible if you know the password"
    end

    private
      def authenticate
        authenticate_or_request_with_http_basic do |user_name, password| 
          user_name == USER_NAME && password == PASSWORD
        end
      end
  end

We’ve also made it much easier to structure your JavaScript and stylesheet files in logical units without getting clobbered by the HTTP overhead of requesting a bazillion files. Using javascript_include_tag(:all, :cache => true) will turn public/javascripts/.js into a single public/javascripts/all.js file in production, while still keeping the files separate in development, so you can work iteratively without clearing the cache.

Along the same lines, we’ve added the option to cheat browsers who don’t feel like pipelining requests on their own. If you set ActionController::Base.asset_host = “assets%d.example.com”, we’ll automatically distribute your asset calls (like image_tag) to asset1 through asset4. That allows the browser to open many more connections at a time and increases the perceived speed of your application.

Action Pack: Security

Making it even easier to create secure applications out of the box is always a pleasure and with Rails 2.0 we’re doing it from a number of fronts. Most importantly, we now ship we a built-in mechanism for dealing with CRSF attacks. By including a special token in all forms and Ajax requests, you can guard from having requests made from outside of your application. All this is turned on by default in new Rails 2.0 applications and you can very easily turn it on in your existing applications using ActionController::Base.protect_from_forgery (see ActionController::RequestForgeryProtection for more).

We’ve also made it easier to deal with XSS attacks while still allowing users to embed HTML in your pages. The old TextHelper#sanitize method has gone from a black list (very hard to keep secure) approach to a white list approach. If you’re already using sanitize, you’ll automatically be granted better protection. You can tweak the tags that are allowed by default with sanitize as well. See TextHelper#sanitize for details.

Finally, we’ve added support for HTTP only cookies. They are not yet supported by all browsers, but you can use them where they are.

Action Pack: Exception handling

Lots of common exceptions would do better to be rescued at a shared level rather than per action. This has always been possible by overwriting rescue_action_in_public, but then you had to roll out your own case statement and call super. Bah. So now we have a class level macro called rescue_from, which you can use to declaratively point certain exceptions to a given action. Example:


  class PostsController < ApplicationController
    rescue_from User::NotAuthorized, :with => :deny_access
    
    protected
      def deny_access
        ...
      end
  end

Action Pack: Cookie store sessions

The default session store in Rails 2.0 is now a cookie-based one. That means sessions are no longer stored on the file system or in the database, but kept by the client in a hashed form that can’t be forged. This makes it not only a lot faster than traditional session stores, but also makes it zero maintenance. There’s no cron job needed to clear out the sessions and your server won’t crash because you forgot and suddenly had 500K files in tmp/session.

This setup works great if you follow best practices and keep session usage to a minimum, such as the common case of just storing a user_id and a the flash. If, however, you are planning on storing the nuclear launch codes in the session, the default cookie store is a bad deal. While they can’t be forged (so is_admin = true is fine), their content can be seen. If that’s a problem for your application, you can always just switch back to one of the traditional session stores (but first investigate that requirement as a code smell).

Action Pack: New request profiler

Figuring out where your bottlenecks are with real usage can be tough, but we just made it a whole lot easier with the new request profiler that can follow an entire usage script and report on the aggregate findings. You use it like this:


  $ cat login_session.rb
  get_with_redirect '/'
  say "GET / => #{path}"
  post_with_redirect '/sessions', :username => 'john', :password => 'doe'
  say "POST /sessions => #{path}"
  $ ./script/performance/request -n 10 login_session.rb

And you get a thorough breakdown in HTML and text on where time was spent and you’ll have a good idea on where to look for speeding up the application.

Action Pack: Miscellaneous

Also of note is AtomFeedHelper, which makes it even simpler to create Atom feeds using an enhanced Builder syntax. Simple example:


  # index.atom.builder:
  atom_feed do |feed|
    feed.title("My great blog!")
    feed.updated((@posts.first.created_at))
  
    for post in @posts
      feed.entry(post) do |entry|
        entry.title(post.title)
        entry.content(post.body, :type => 'html')
  
        entry.author do |author|
          author.name("DHH")
        end
      end
    end
  end

We’ve made a number of performance improvements, so asset tag calls are now much cheaper and we’re caching simple named routes, making them much faster too.

Finally, we’ve kicked out in_place_editor and autocomplete_for into plugins that live on the official Rails SVN.

Active Record: Performance

Active Record has seen a gazillion fixes and small tweaks, but it’s somewhat light on big new features. Something new that we have added, though, is a very simple Query Cache, which will recognize similar SQL calls from within the same request and return the cached result. This is especially nice for N+1 situations that might be hard to handle with :include or other mechanisms. We’ve also drastically improved the performance of fixtures, which makes most test suites based on normal fixture use be 50-100% faster.

Active Record: Sexy migrations

There’s a new alternative format for declaring migrations in a slightly more efficient format. Before you’d write:

create_table :people do |t| t.column, “account_id”, :integer t.column, “first_name”, :string, :null => false t.column, “last_name”, :string, :null => false t.column, “description”, :text t.column, “created_at”, :datetime t.column, “updated_at”, :datetime end

Now you can write:

create_table :people do |t| t.integer :account_id t.string :first_name, :last_name, :null => false t.text :description t.timestamps end

Active Record: Foxy fixtures

The fixtures in Active Record has taken a fair amount of flak lately. One of the key points in that criticism has been the work with declaring dependencies between fixtures. Having to relate fixtures through the ids of their primary keys is no fun. That’s been addressed now and you can write fixtures like this:


  # sellers.yml
  shopify:
    name: Shopify

  # products.yml
  pimp_cup:
    seller: shopify
    name: Pimp cup

As you can see, it’s no longer necessary to declare the ids of the fixtures and instead of using seller_id to refer to the relationship, you just use seller and the name of the fixture.

Active Record: XML in, JSON out

Active Record has supported serialization to XML for a while. In 2.0 we’ve added deserialization too, so you can say Person.new.from_xml(“David”) and get what you’d expect. We’ve also added serialization to JSON, which supports the same syntax as XML serialization (including nested associations). Just do person.to_json and you’re ready to roll.

Active Record: Shedding some weight

To make Active Record a little leaner and meaner, we’ve removed the acts_as_XYZ features and put them into individual plugins on the Rails SVN repository. So say you’re using acts_as_list, you just need to do ./script/plugin install acts_as_list and everything will move along like nothing ever happened.

A little more drastic, we’ve also pushed all the commercial database adapters into their own gems. So Rails now only ships with adapters for MySQL, SQLite, and PostgreSQL. These are the databases that we have easy and willing access to test on. But that doesn’t mean the commercial databases are left out in the cold. Rather, they’ve now been set free to have an independent release schedule from the main Rails distribution. And that’s probably a good thing as the commercial databases tend to require a lot more exceptions and hoop jumping on a regular basis to work well.

The commercial database adapters now live in gems that all follow the same naming convention: activerecord-XYZ-adapter. So if you gem install activerecord-oracle-adapter, you’ll instantly have Oracle available as an adapter choice in all the Rails applications on that machine. You won’t have to change a single line in your applications to take use of it.

That also means it’ll be easier for new database adapters to gain traction in the Rails world. As long as you package your adapter according to the published conventions, users just have to install the gem and they’re ready to roll.

Active Record: with_scope with a dash of syntactic vinegar

ActiveRecord::Base.with_scope has gone protected to discourage people from misusing it in controllers (especially in filters). Instead, it’s now encouraged that you only use it within the model itself. That’s what it was designed for and where it logically remains a good fit. But of course, this is all about encouraging and discouraging. If you’ve weighed the pros and the cons and still want to use with_scope outside of the model, you can always call it through .send(:with_scope).

ActionWebService out, ActiveResource in

It’ll probably come as no surprise that Rails has picked a side in the SOAP vs REST debate. Unless you absolutely have to use SOAP for integration purposes, we strongly discourage you from doing so. As a naturally extension of that, we’ve pulled ActionWebService from the default bundle. It’s only a gem install actionwebservice away, but it sends an important message none the less.

At the same time, we’ve pulled the new ActiveResource framework out of beta and into the default bundle. ActiveResource is like ActiveRecord, but for resources. It follows a similar API and is configured to Just Work with Rails applications using the resource-driven approach. For example, a vanilla scaffold will be accessible by ActiveResource.

ActiveSupport

There’s not all that much new in ActiveSupport. We’ve a host of new methods like Array#rand for getting a random element from an array, Hash#except to filter down a hash from undesired keys and lots of extensions for Date. We also made testing a little nicer with assert_difference. Short of that, it’s pretty much just fixes and tweaks.

Action Mailer

This is a very modest update for Action Mailer. Besides a handful of bug fixes, we’ve added the option to register alternative template engines and assert_emails to the testing suite, which works like this:

  1. Assert number of emails delivered within a block:
    assert_emails 1 do
    post :signup, :name => ‘Jonathan’
    end

Rails: The debugger is back

To tie it all together, we have a stream of improvements for Rails in general. My favorite amongst these is the return of the breakpoint in form of the debugger. It’s a real debugger too, not just an IRB dump. You can step back and forth, list your current position, and much more. It’s all coming from the gracious note of the ruby-debug gem. So you’ll have to install that for the new debugger to work.

To use the debugger, you just install the gem, put “debugger” somewhere in your application, and then start the server with —debugger or -u. When the code executes the debugger command, you’ll have it available straight in the terminal running the server. No need for script/breakpointer or anything else. You can use the debugger in your tests too.

Rails: Clean up your environment

Before Rails 2.0, config/environment.rb files every where would be clogged with all sorts of one-off configuration details. Now you can gather those elements in self-contained files and put them under config/initializers and they’ll automatically be loaded. New Rails 2.0 applications ship with two examples in form of inflections.rb (for your own pluralization rules) and mime_types.rb (for your own mime types). This should ensure that you need to keep nothing but the default in config/environment.rb.

Rails: Easier plugin order

Now that we’ve yanked out a fair amount of stuff from Rails and into plugins, you might well have other plugins that depend on this functionality. This can require that you load, say, acts_as_list before your own acts_as_extra_cool_list plugin in order for the latter to extend the former.

Before, this required that you named all your plugins in config.plugins. Major hassle when all you wanted to say was “I only care about acts_as_list being loaded before everything else”. Now you can do exactly that with config.plugins = [ :acts_as_list, :all ].

And hundreds upon hundreds of other improvements

What I’ve talked about above is but a tiny sliver of the full 2.0 package. We’ve got literally hundreds of bug fixes, tweaks, and feature enhancements crammed into Rails 2.0. All this coming off the work of tons of eager contributors working tirelessly to improve the framework in small, but important ways.

I encourage you to scourger the CHANGELOGs and learn more about all that changed.

So how do I upgrade?

If you want to move your application to Rails 2.0, you should first move it to Rails 1.2.6. That’ll include deprecation warnings for most everything we yanked out in 2.0. So if your application runs fine on 1.2.6 with no deprecation warnings, there’s a good chance that it’ll run straight up on 2.0. Of course, if you’re using, say, pagination, you’ll need to install the classic_pagination plugin. If you’re using Oracle, you’ll need to install the activerecord-oracle-adapter gem. And so on and so forth for all the extractions.

So how do I install?

To install through gems, do:

gem install rails -y

…if you’re having trouble with that (gem not found), just grab gems from our own repository in the meanwhile:

gem install rails -y —source http://gems.rubyonrails.org

To try it from an SVN tag, use (you may need to run this command twice depending on your current Rails version):

rake rails:freeze:edge TAG=rel_2-0-1

Note: It’s 2.0.1 because we found a small issue just after we pushed 2.0.0.

Rails 2.0: Release Candidate 2

After another batch of fixes, tweaks, and buckets of polish, we’ve prepared the hopefully last step before 2.0 can go final: Release Candidate 2. If nothing major pops up, expect the final version to land within the next week or two at the most.

As usual, we got the latest gems on the gems.rubyonrails.org server and there’s a RC2 tag as well. Please put this final test through the ringer so we can get a clean 2.0.0 final release.

If you haven’t kept up to date on what’s new in 2.0, have a look at the original preview release announcement. The gem version for this release is 1.99.1. Enjoy!

Rails 2.0: Release Candidate 1

We’ve been taking our sweet time, but now it really is almost there. We’ve just pushed new beta gems to gems.rubyonrails.org and created the rel_2-0-0_RC1 tag. So this is shaping up to be the last chance to raise concerns for Rails 2.0 before we go final in oh-so-shortly.

So please give it a spin. First, upgrade to 1.2.5 if you haven’t already. Fix all the deprecation warnings you see. Then try to jump on Rails 2.0 and see if it runs. If it doesn’t, and you think it’s not because of something you did wrong, please create a ticket.

We’re going to be running this release candidate phase over the next couple of weeks, give or take depending on how many issues are raised.

You can read all about why you should actually care about Rails 2.0 in the original preview release announcement.

The gem version for this release is 1.99.0.

Prototype 1.6.0 and script.aculo.us 1.8.0 released

New versions of the JavaScript libraries that ship with Rails, Prototype 1.6.0 and script.aculo.us 1.8.0, have been released. You can find out about the numerous changes on the Prototype blog and on mir.aculo.us. If you’re running Edge Rails, just svn up and run rake rails:update:javascripts to install the latest versions into your application automatically.

Also of note: Christophe Porteneuve’s Prototype & script.aculo.us book is now out of beta and available for purchase from the Pragmatic Programmers. It’s up-to-date with all of the new features in both libraries, so be sure to check it out if you’re using Prototype and script.aculo.us in your applications.

Capistrano 2.1

After a much larger delay than I would have liked, Capistrano 2.1 is now available! (Capistrano is a utility for executing commands on multiple remote machines in parallel, and is the tool of choice for many Rails developers for automating deployment.) There is a lot going on in this release, including some pretty exciting changes. As ever, install it via RubyGems with:

  gem install capistrano

Here’s what’s new, roughly in order of magnitude:

No default PTY. Prior to 2.1, Capistrano would request a pseudo-tty for each command that it executed. This had the side-effect of causing the profile scripts for the user to not be loaded. Well, no more! As of 2.1, Capistrano no longer requests a pty on each command, which means your .profile (or .bashrc, or whatever) will be properly loaded on each command! Note, however, that some have reported on some systems, when a pty is not allocated, some commands will go into non-interactive mode automatically. If you’re not seeing commands prompt like they used to, like svn or passwd, you can return to the previous behavior by adding the following line to your capfile:

  default_run_options[:pty] = true

Disable sh wrapping. Some shared hosts do not allow the POSIX shell to be used to execute arbitrary commands, which is what Capistrano has done since 2.0. If you’re on such a host, you can add the following line to your capfile:

  default_run_options[:shell] = false

Capistrano will then run the command directly, rather than wrapping it in an “sh -c” command. Note, though, that this means that your own user shell on the remote hosts must be POSIX compatible, or you’ll get cryptic errors.

Git SCM support. Many thanks to Garry Dolley, Geoffrey Grosenbach, and Scott Chacon for their work on the new Git SCM module for Capistrano. If you’re a user of Git, you can now do:

  set :scm, :git

Accurev SCM support. Thanks to Doug Barth, all you Accurev users can now enjoy Capistrano, too. Just do:

  set :scm, :accurev

Rails’ Plugin Support. Capfile’s generated via the “capify” utility will now include a line that will autoload all recipes from vendor/plugins/*/recipes/*.rb. If you want this feature and you’ve already got a Capfile (and you don’t mind losing any changes you might have made to your Capfile), you can delete the Capfile and re-run “capify .”. Or, you can just add the following line to your Capfile, before the line that loads ‘config/deploy’:

  Dir['vendor/plugins/*/recipes/*.rb'].each { |plugin| load(plugin) }

Windows-safe reads. Any time Capistrano needs to read a file’s contents, it will now use the “b” flag, so that binary reads on Windows do not corrupt the file.

Cap shell and sudo. The Capistrano shell now properly recognizes sudo commands and prompts for the password correctly.

Use `match’ to check dependencies. There is a new remote dependency method for deploy:check: “match”. You can now look for arbitrary regular expressions in the output of various commands to see if things are set up correctly:

  depend :remote, :match, "rake -V", /version 0\.7/

Namespaces#top. Sometimes you’ll find yourself wanting to execute a task from within another task, but the parent namespace of the target task is conflicting with a similarly-named namespace, and things are breaking. You can now use the “top” method to jump to the top of the namespace hierarchy:

  namespace :apache do
    namespace :deploy do
      task :restart do
        run "restart apache"
        top.deploy.restart
      end
    end
  end

Other changes. There are lots of other, smaller bug fixes and changes, too:

  • Default to 0664 instead of 0660 on upload.
  • Fix deploy:pending to query SCM for the subsequent revision so that it does not include the last deployed change.
  • Prefer ‘Last Changed Rev’ over ‘Revision’ when querying latest revision via Subversion.
  • Explicitly require ‘stringio’ in copy_test.
  • When Subversion#query_revision fails, give a more sane error.
  • Don’t run the upgrade:revisions task on non-release servers.
  • Use the —password switch for subversion by default, but add :scm_prefer_prompt variable for those who’d rather not send the password on the command-line.
  • Use sudo -p switch to set sudo password prompt to something predictable.
  • Allow independent configurations to require the same recipe file within the same Ruby process.
  • Allow auth-caching of subversion credentials to be enabled via :scm_auth_cache.
  • Don’t let a task trigger itself when used as the source for an “on” hook.
  • Add version_dir, current_dir, and shared_dir variables for naming the directories used in deployment.
  • Use the :runner variable to determine who to sudo as for deploy:restart.
  • Change the “-h” output so that it does not say that “-q” is the default.

Enjoy! And please report any bugs on the Rails trac, with the component set to “Capistrano”.

Rails 1.2.5: Security and maintenance release

This release closes a JSON XSS vulnerability, fixes a couple of minor regressions introduced in 1.2.4, and backports a handful of features and fixes from the 2.0 preview release.

All users of Rails 1.2.4 or earlier are advised to upgrade to 1.2.5, though it isn’t strictly necessary if you aren’t working with JSON. For more information the JSON vulnerability, see CVE-2007-3227.

Summary of changes:

  • acts_as_list: fixed an edge case where removing an item from the list then destroying the item leads to incorrect item positioning
  • deprecated calling .create on has_many associations with an unsaved owner (like post = Post.new; post.comments.create)
  • backport array and hash query parameters
  • fix in place editor’s setter action with non-string fields
  • updated config/boot.rb to correctly recognize RAILS_GEM_VERSION

To upgrade, `gem install rails`, set RAILS_GEM_VERSION to ‘1.2.5’ in config/environment.rb, and `rake rails:update:configs`.

Rails 1.2.4: Maintenance release

This release contains additional deprecation notices, security fixes and some minor performance improvements. All users of 1.2.3 are advised to upgrade.

Deprecation Notices

If you intend to upgrade to 2.0 you should run your tests to and fix any errors that are displayed. The warnings will become errors with the release of 2.0.

If you’re using RESTful routing, pay special attention to the changes to route generation and recognition. The previous use of the semicolon in URLs has been replaced with a regular /. For instance /person/1;edit has become /person/1/edit. This change was made as several libraries, including mongrel, mistakenly treated semi-colons as query string seperators and some browsers and http libraries misbehaved.

Your old ;-based URLs will be continued to be recognized, though. They’re just no longer generated.

Security Enhancements

1.2.4 fixes several potential security issues:

  • Session fixation attacks are mitigated by removing support for URL-based sessions
  • Changed the JSON encoding algorithms to avoid otential XSS issues when using ActiveRecord::Base#to_json
  • Potential Security and performance problems with XmlSimple have been fixed by disabling certain dangerous options by default.

Upgrade with the standard gem install rails command. Rails 1.2.4 serves as a drop-in replacement for 1.2.3.

Update: please see the latest 1.2.5 stable release

Rails 2.0: Preview Release

Behold, behold, Rails 2.0 is almost here. But before we can slap on the final stamp, we’re going to pass through a couple of trial release phases. The first is this preview release, which allows you to sample the goodies in their almost finished state.

We might change a few things or add something else, but by and large, this is how Rails 2.0 is going to look and feel. After this release have had a chance to be tried out, we’re going to move to a release candidate or two (or three, depending on how many we need). Then, the final release.

Before the release of 2.0, we’re also going to be putting out 1.2.4, which will include a variety of bug fixes and the last deprecation warnings to get you ready for upgrading an existing application to 2.0 standards.

Enough about process. Let me tell you a little bit about what’s new in Rails 2.0:

Action Pack: Resources

This is where the bulk of the action for 2.0 has gone. We’ve got a slew of improvements to the RESTful lifestyle. First, we’ve dropped the semicolon for custom methods instead of the regular slash. So /people/1;edit is now /people/1/edit. We’ve also added the namespace feature to routing resources that makes it really easy to confine things like admin interfaces:

map.namespace(:admin) do |admin| admin.resources :products, :collection => { :inventory => :get }, :member => { :duplicate => :post }, :has_many => [ :tags, :images, :variants ] end

Which will give you named routes like inventory_admin_products_url and admin_product_tags_url. To keep track of this named routes proliferation, we’ve added the “rake routes” task, which will list all the named routes created by routes.rb.

We’ve also instigated a new convention that all resource-based controllers will be plural by default. This allows a single resource to be mapped in multiple contexts and still refer to the same controller. Example:


  # /avatars/45 => AvatarsController#show
  map.resources :avatars
  
  # /people/5/avatar => AvatarsController#show 
  map.resources :people, :has_one => :avatar

Action Pack: Multiview

Alongside the improvements for resources come improvements for multiview. We already have #respond_to, but we’ve taken it a step further and made it dig into the templates. We’ve separated the format of the template from its rendering engine. So show.rhtml now becomes show.html.erb, which is the template that’ll be rendered by default for a show action that has declared format.html in its respond_to. And you can now have something like show.csv.erb, which targets text/csv, but also uses the default ERB renderer.

So the new format for templates is action.format.renderer. A few examples:

  • show.erb: same show template for all formats
  • index.atom.builder: uses the Builder format, previously known as rxml, to render an index action for the application/atom+xml mime type
  • edit.iphone.haml: uses the custom HAML template engine (not included by default) to render an edit action for the custom Mime::IPHONE format

Speaking of the iPhone, we’ve made it easier to declare “fake” types that are only used for internal routing. Like when you want a special HTML interface just for an iPhone. All it takes is something like this:


  # should go in config/initializers/mime_types.rb
  Mime.register_alias "text/html", :iphone

  class ApplicationController < ActionController::Base
    before_filter :adjust_format_for_iphone
  
    private
      def adjust_format_for_iphone
        if request.env["HTTP_USER_AGENT"] && request.env["HTTP_USER_AGENT"][/(iPhone|iPod)/]
          request.format = :iphone
        end
      end
  end
  
  class PostsController < ApplicationController
    def index
      respond_to do |format|
        format.html   # renders index.html.erb
        format.iphone # renders index.iphone.erb
      end
    end
  end

You’re encouraged to declare your own mime-type aliases in the config/initializers/mime_types.rb file. This file is included by default in all new applications.

Action Pack: Record identification

Piggy-backing off the new drive for resources are a number of simplifications for controller and view methods that deal with URLs. We’ve added a number of conventions for turning model classes into resource routes on the fly. Examples:


  # person is a Person object, which by convention will 
  # be mapped to person_url for lookup
  redirect_to(person)
  link_to(person.name, person)
  form_for(person)

Action Pack: HTTP Loving

As you might have gathered, Action Pack in Rails 2.0 is all about getting closer with HTTP and all its glory. Resources, multiple representations, but there’s more. We’ve added a new module to work with HTTP Basic Authentication, which turns out to be a great way to do API authentication over SSL. It’s terribly simple to use. Here’s an example (there are more in ActionController::HttpAuthentication):


  class PostsController < ApplicationController
    USER_NAME, PASSWORD = "dhh", "secret"

    before_filter :authenticate, :except => [ :index ]

    def index
      render :text => "Everyone can see me!"
    end

    def edit
      render :text => "I'm only accessible if you know the password"
    end

    private
      def authenticate
        authenticate_or_request_with_http_basic do |user_name, password| 
          user_name == USER_NAME && password == PASSWORD
        end
      end
  end

We’ve also made it much easier to structure your JavaScript and stylesheet files in logical units without getting clobbered by the HTTP overhead of requesting a bazillion files. Using javascript_include_tag(:all, :cache => true) will turn public/javascripts/.js into a single public/javascripts/all.js file in production, while still keeping the files separate in development, so you can work iteratively without clearing the cache.

Along the same lines, we’ve added the option to cheat browsers who don’t feel like pipelining requests on their own. If you set ActionController::Base.asset_host = “assets%d.example.com”, we’ll automatically distribute your asset calls (like image_tag) to asset1 through asset4. That allows the browser to open many more connections at a time and increases the perceived speed of your application.

Action Pack: Security

Making it even easier to create secure applications out of the box is always a pleasure and with Rails 2.0 we’re doing it from a number of fronts. Most importantly, we now ship we a built-in mechanism for dealing with CRSF attacks. By including a special token in all forms and Ajax requests, you can guard from having requests made from outside of your application. All this is turned on by default in new Rails 2.0 applications and you can very easily turn it on in your existing applications using ActionController::Base.protect_from_forgery (see ActionController::RequestForgeryProtection for more).

We’ve also made it easier to deal with XSS attacks while still allowing users to embed HTML in your pages. The old TextHelper#sanitize method has gone from a black list (very hard to keep secure) approach to a white list approach. If you’re already using sanitize, you’ll automatically be granted better protection. You can tweak the tags that are allowed by default with sanitize as well. See TextHelper#sanitize for details.

Finally, we’ve added support for HTTP only cookies. They are not yet supported by all browsers, but you can use them where they are.

Action Pack: Exception handling

Lots of common exceptions would do better to be rescued at a shared level rather than per action. This has always been possible by overwriting rescue_action_in_public, but then you had to roll out your own case statement and call super. Bah. So now we have a class level macro called rescue_from, which you can use to declaratively point certain exceptions to a given action. Example:


  class PostsController < ApplicationController
    rescue_from User::NotAuthorized, :with => :deny_access
    
    protected
      def deny_access
        ...
      end
  end

Action Pack: Miscellaneous

Also of note is AtomFeedHelper, which makes it even simpler to create Atom feeds using an enhanced Builder syntax. Simple example:


  # index.atom.builder:
  atom_feed do |feed|
    feed.title("My great blog!")
    feed.updated((@posts.first.created_at))
  
    for post in @posts
      feed.entry(post) do |entry|
        entry.title(post.title)
        entry.content(post.body, :type => 'html')
  
        entry.author do |author|
          author.name("DHH")
        end
      end
    end
  end

We’ve made a number of performance improvements, so asset tag calls are now much cheaper and we’re caching simple named routes, making them much faster too.

Finally, we’ve kicked out in_place_editor and autocomplete_for into plugins that live on the official Rails SVN.

Active Record: Performance

Active Record has seen a gazillion fixes and small tweaks, but it’s somewhat light on big new features. Something new that we have added, though, is a very simple Query Cache, which will recognize similar SQL calls from within the same request and return the cached result. This is especially nice for N+1 situations that might be hard to handle with :include or other mechanisms. We’ve also drastically improved the performance of fixtures, which makes most test suites based on normal fixture use be 50-100% faster.

Active Record: Sexy migrations

There’s a new alternative format for declaring migrations in a slightly more efficient format. Before you’d write:

create_table :people do |t| t.column, “account_id”, :integer t.column, “first_name”, :string, :null => false t.column, “last_name”, :string, :null => false t.column, “description”, :text t.column, “created_at”, :datetime t.column, “updated_at”, :datetime end

Now you can write:

create_table :people do |t| t.integer :account_id t.string :first_name, :last_name, :null => false t.text :description t.timestamps end

Active Record: XML in, JSON out

Active Record has supported serialization to XML for a while. In 2.0 we’ve added deserialization too, so you can say Person.new.from_xml(“David”) and get what you’d expect. We’ve also added serialization to JSON, which supports the same syntax as XML serialization (including nested associations). Just do person.to_json and you’re ready to roll.

Active Record: Shedding some weight

To make Active Record a little leaner and meaner, we’ve removed the acts_as_XYZ features and put them into individual plugins on the Rails SVN repository. So say you’re using acts_as_list, you just need to do ./script/plugin install acts_as_list and everything will move along like nothing ever happened.

A little more drastic, we’ve also pushed all the commercial database adapters into their own gems. So Rails now only ships with adapters for MySQL, SQLite, and PostgreSQL. These are the databases that we have easy and willing access to test on. But that doesn’t mean the commercial databases are left out in the cold. Rather, they’ve now been set free to have an independent release schedule from the main Rails distribution. And that’s probably a good thing as the commercial databases tend to require a lot more exceptions and hoop jumping on a regular basis to work well.

The commercial database adapters now live in gems that all follow the same naming convention: activerecord-XYZ-adapter. So if you gem install activerecord-oracle-adapter, you’ll instantly have Oracle available as an adapter choice in all the Rails applications on that machine. You won’t have to change a single line in your applications to take use of it.

That also means it’ll be easier for new database adapters to gain traction in the Rails world. As long as you package your adapter according to the published conventions, users just have to install the gem and they’re ready to roll.

Active Record: with_scope with a dash of syntactic vinegar

ActiveRecord::Base.with_scope has gone protected to discourage people from misusing it in controllers (especially in filters). Instead, it’s now encouraged that you only use it within the model itself. That’s what it was designed for and where it logically remains a good fit. But of course, this is all about encouraging and discouraging. If you’ve weighed the pros and the cons and still want to use with_scope outside of the model, you can always call it through .send(:with_scope).

ActionWebService out, ActiveResource in

It’ll probably come as no surprise that Rails has picked a side in the SOAP vs REST debate. Unless you absolutely have to use SOAP for integration purposes, we strongly discourage you from doing so. As a naturally extension of that, we’ve pulled ActionWebService from the default bundle. It’s only a gem install actionwebservice away, but it sends an important message none the less.

At the same time, we’ve pulled the new ActiveResource framework out of beta and into the default bundle. ActiveResource is like ActiveRecord, but for resources. It follows a similar API and is configured to Just Work with Rails applications using the resource-driven approach. For example, a vanilla scaffold will be accessible by ActiveResource.

ActiveSupport

There’s not all that much new in ActiveSupport. We’ve a host of new methods like Array#rand for getting a random element from an array, Hash#except to filter down a hash from undesired keys and lots of extensions for Date. We also made testing a little nicer with assert_difference. Short of that, it’s pretty much just fixes and tweaks.

Action Mailer

This is a very modest update for Action Mailer. Besides a handful of bug fixes, we’ve added the option to register alternative template engines and assert_emails to the testing suite, which works like this:

  1. Assert number of emails delivered within a block:
    assert_emails 1 do
    post :signup, :name => ‘Jonathan’
    end

Rails: The debugger is back

To tie it all together, we have a stream of improvements for Rails in general. My favorite amongst these is the return of the breakpoint in form of the debugger. It’s a real debugger too, not just an IRB dump. You can step back and forth, list your current position, and much more. It’s all coming from the gracious note of the ruby-debug gem. So you’ll have to install that for the new debugger to work.

To use the debugger, you just install the gem, put “debugger” somewhere in your application, and then start the server with —debugger or -u. When the code executes the debugger command, you’ll have it available straight in the terminal running the server. No need for script/breakpointer or anything else. You can use the debugger in your tests too.

Rails: Clean up your environment

Before Rails 2.0, config/environment.rb files every where would be clogged with all sorts of one-off configuration details. Now you can gather those elements in self-contained files and put them under config/initializers and they’ll automatically be loaded. New Rails 2.0 applications ship with two examples in form of inflections.rb (for your own pluralization rules) and mime_types.rb (for your own mime types). This should ensure that you need to keep nothing but the default in config/environment.rb.

Rails: Easier plugin order

Now that we’ve yanked out a fair amount of stuff from Rails and into plugins, you might well have other plugins that depend on this functionality. This can require that you load, say, acts_as_list before your own acts_as_extra_cool_list plugin in order for the latter to extend the former.

Before, this required that you named all your plugins in config.plugins. Major hassle when all you wanted to say was “I only care about acts_as_list being loaded before everything else”. Now you can do exactly that with config.plugins = [ :acts_as_list, :all ].

And hundreds upon hundreds of other improvements

What I’ve talked about above is but a tiny sliver of the full 2.0 package. We’ve got literally hundreds of bug fixes, tweaks, and feature enhancements crammed into Rails 2.0. All this coming off the work of tons of eager contributors working tirelessly to improve the framework in small, but important ways.

I encourage you to scourger the CHANGELOGs and learn more about all that changed.

So how do I upgrade?

If you want to move your application to Rails 2.0, you should first move it to Rails 1.2.3. That’ll include deprecation warnings for most everything we yanked out in 2.0. So if your application runs fine on 1.2.3 with no deprecation warnings, there’s a good chance that it’ll run straight up on 2.0. Of course, if you’re using, say, pagination, you’ll need to install the classic_pagination plugin. If you’re using Oracle, you’ll need to install the activerecord-oracle-adapter gem. And so on and so forth for all the extractions.

To install the preview release through gems, do:

gem install rails —source http://gems.rubyonrails.org

To try it from an SVN tag, use:

rake rails:freeze:edge TAG=rel_2-0-0_PR

We’ll also be putting out Rails 1.2.4 shortly which will include a few more deprecations to warn you in time for 2.0.

In any case, as I explained in the beginning, this is a preview release. Use it to get a feel for 2.0. See where your currently application might need tweaks. And try creating a new application from scratch to see the new defaults. In a few weeks we’ll get on with the release candidates.

Thanks to everyone who’ve been involved with the development of Rails 2.0. We’ve been working on this for more than six months and it’s great finally to be able to share it with a larger audience. Enjoy!

Capistrano 2.0

Capistrano 2.0 is real. (What is Capistrano?)

Install it thus:

gem install capistrano

It’s been through four preview releases, and has seen significant changes since 1.4.1. If you’re currently using 1.4.1, be sure to check out the upgrade documentation at http://www.capify.org. If you’re altogether new to Capistrano, you might like to read about getting started.

Since the last preview release (number four, version 1.99.3), the changes are primarily bug fixes, but the following featureish modifications snuck in, too:

  • The uploader has added a tiny bit of sleep to prevent the CPU from going bonkers during uploads.
  • You can specify the $CAPISTRANO:HOST$ placeholder in the filenames that you give to “put”, and it will be replaced with the actual host that the file is being uploaded to.

Also, some people reported SFTP uploads were hanging for them. If this happens to you, try adding the following line to the top of your recipe file:

set :synchronous_connect, true

That will cause connections to the servers to be established serially, rather than in parallel, so if you’ve got a lot of servers that you are connecting to, it might make things a bit time-consuming. However, this appeared to work around the hanging SFTP issue.

You can read the complete changelog here. If you are using Capistrano at all, please also consider joining the mailing list, it’s a great place to share tips and report issues.

KNOWN ISSUES

Yes, there are a few of these. Two are of immediate significance:

  1. If you try to use the ‘put’ command to upload a file to two or more hosts via a gateway, you run a good chance of encountering “corrupted mac” errors. This is due to design flaws in Net::SSH and Net::SFTP, and (to my knowledge) cannot be worked around. The current best practice is to upload to a single host, and then use scp or rsync from the remote hosts to pull the file.
  2. A very few people have reported commands hanging inexplicably and infrequently. I suspect this is also due to flaws in Net::SSH, but I’m not certain yet.

Haml 1.7

The Haml team recently announced the release of Haml 1.7, which is an alternative markup system that you can use in Rails, instead of the default ERb-based markup. Version 1.7 is significantly faster than previous releases (and is almost as fast as Rails’ default system, now!). There are a few other new features, too: read all about it in the release notes. Great work!

Capistrano 2.0 Preview 4

I am such a chicken. I very much wanted the next release of Capistrano to be the official “Capistrano 2.0” release. But as I watched the changelog grow, I started to get cold feet.

Thus, tonight I announce the fourth (and final, hopefully!) preview release of Capistrano 2.0. As before, you can grab it from the Rails beta gems server:

gem install -s http://gems.rubyonrails.com capistrano

(What is Capistrano, you ask? Allow me to direct your attention to http://www.capify.org…)

The following items are just some of the changes new in preview #4:

  • The deploy:symlink task works correctly now when run by itself.
  • Synchronously instantiate the gateway to prevent it being instantiated multiple times.
  • Use “which” instead of "test -p to test whether a command exists on the path.
  • The :hosts and :roles keys can now accept lambdas, to lazily select which hosts or roles a task uses.
  • Versions of Net::SSH prior to 1.1.0 work with Capistrano again.
  • Variable accesses are now thread safe.
  • The deployment code is now locale-independent, so that the revision is parsed correctly even if your computer is using a non-English locale.
  • You can now pass :on_error => :continue when defining a task, so that any connection or command errors that occur during the task’s execution will be ignored, allowing the task (and subsequent tasks) to continue.

You can see the entire list of changes in the CHANGELOG.

So, give it a go. Try it out. Post your feedback to the Capistrano mailing list. I’d love to release cap2 final next week!

P.S. If you are on a Windows machine, and you get Zlib errors trying to install the Capistrano gem, try this. Find the rubygems/package.rb file (wherever it happens to be in your Ruby installation), open it up, and find the zipped_stream method. Then, replace it, wholesale, with the following:

def zipped_stream(entry)
  entry.read(10) # skip the gzip header
  zis = Zlib::Inflate.new(-Zlib::MAX_WBITS)
  is = StringIO.new(zis.inflate(entry.read))
ensure
  zis.finish if zis
end

That seems to do the trick for me; let me know if it doesn’t work for you.

Capistrano 2.0 Preview 3

Alright, we’re nearing the finish line! Capistrano 2.0 Preview Release #3 is now available.

Capistrano is a utility for automating the execution of tasks on one or more remote machines. You can read all about it at www.capify.org.

To install Preview #3, you’ll need to grab it from the Rails beta gem server:

gem install -s http://gems.rubyonrails.org capistrano

Accompanying PR3 is a new page of documentation on the capify.org site: Capistrano Basics. This walks you through the major features of Capistrano, but does not touch on deployment. This makes it a great introduction for those wanting to use Capistrano in non-deployment scenarios.

Preview #3 includes the following changes and enchancements:

Feature: Mercurial and CVS are now supported out of the box. Just set your :scm variable to :mercurial or :cvs, like so:

set :scm, :mercurial
# or
set :scm, :cvs

Thanks to Tobias Luetke and Matthew Elder for the Mercurial module, and Brian Phillips for the CVS module.

Feature: There is now a :default_environment variable, which is a hash that can be used to set environment variables that should be present for all commands that are executed. For instance:

default_environment["PATH"] =
  "/bin:/usr/bin:/usr/local/bin:/home/jamis/bin"

Feature: All commands are now explicitly invoked via “sh”, which means that even if your default user shell is non-POSIX (e.g., tcsh, csh, etc.), you can use Capistrano just fine. Note that if you were using tcsh or csh syntax in your Capistrano scripts, you now need to set the :default_shell variable to use your (non-POSIX) shell of choice:

set :default_shell, "/usr/bin/tcsh"

Feature: You can declare empty roles, and Capistrano won’t complain. This is useful for predeclaring roles that need to exist (because task definitions depend on them), but which might not have any servers in them (depending on runtime conditions).

Feature: A username and port specified with the server definition (e.g., “fred@some.server.com:1234”) now take precedence over the :username and :port settings in the ssh_options hash, rather than the other way around. This lets you set a general default via ssh_options, and override on a per-server basis in the server definitions themselves.

There are several other minor changes and fixes as well; you can read the CHANGELOG for all the gory details.

Capistrano 2.0 Preview 1

Capistrano 2.0 Preview 1 is now available for installing and testing:

gem install -s http://gems.rubyonrails.com capistrano

(It’ll show up as version 1.99.0; the 1.99.x series will be used as the preview releases for 2.0)

For those of you late to the party, Capistrano is a utility for executing remote commands in parallel on multiple remote servers. It is ideal for system administration, and for deploying web applications.

Note, though, that this release is not entirely backwards compatible with Capistrano 1.x, so you may need to massage your recipes a little to make them work smoothly under the new version. In order to make the upgrade process as smooth as possible, I’ve begun compiling a few documents to point out new features, gotchas, and upgrade paths:

http://www.capify.org/upgrade

Like Capistrano 2.0, the new www.capify.org website is still a bit rough in spots, and will see more documentation appearing over the next few weeks. If you have any feedback for either Capistrano 2.0 or the website, please join us on the Capistrano mailing list and make your voice heard!

Rails 1.2.3: Compatible with Ruby 1.8.6 (and other fixes)

While Rails Edge continues to move forward at a rapid clip, we’ve still had the time to make sure that Rails 1.2.x stays in the game. This release irons out the few wrinkles there was between Ruby 1.8.6 and Rails 1.2.2. So now you can enjoy the latest Ruby with the latest Rails.

Besides the 1.8.6 compatibility, we’ve included a few minor fixes. Nothing major. This should be a drop-in replacement for Rails 1.2.2.

As always, you can upgrade with gems or use the latest svn tag (rel_1-2-3). Enjoy!

Capistrano 1.4.1

Here it is, another Capistrano release, and less than a month since the last one! Miracles truly never cease.

Capistrano, for those embarrassingly late to the party, is a utility for executing commands in parallel on multiple remote servers. It is useful for lots of things, including automating deployment of Rails applications.

Version 1.4.1, available just as soon as the mirrors get updated, is a pretty minor update, but has one new feature:

  • You can now pass :env to ‘run’ (and friends), in order to specify environment variables that should be set for that command. For example:
run “some_batch_thang.rb”, :env => { “DEBUG” => “1” }

There is also one deprecation: if you are using UPPERCASE variables in your Capistrano recipes, you’ll being seeing warnings now. Support for variables that start with uppercase letters will be removed altogether in Capistrano 2.0. If you want uppercase identifiers, you should use Ruby constants.

The two fixes in this release:

  • Actor#get will not close the SFTP channel when it finishes. This makes it possible to do multiple SFTP gets and puts in a single session.
  • The subversion adapter now passes the “no-auth-cache” option, so that if you configure an explicit subversion username for deployment other than your dev username, those deployment auth tokens won’t clobber your development tokens.

So, go get it, “gem install capistrano.” Or download it directly from RubyForge. And at the risk of promising too much, too early: I expect this to be the last 1.x release of Capistrano, barring any critical problems that may arise with 1.4.1. Come on, cap2!

Shiny new Subversion and Trac cluster

You’ve all noticed the excruciating Rails svn updates and Trac molasses in the last couple of weeks. Following the release of Rails 1.2 we thoroughly overwhelmed our development server, no small feat for a hefty dual Xeon. Congratulations, all, for your hearty Rails appetite! Your sustained Mbps say more than words possibly could.

Our friends at TextDrive have stepped up once again to keep Rails development running smoothly and your production apps deploying predictably. Please give a warm welcome to our new development cluster, a load-balanced crew of SunFires and Thumpers hosting Trac at dev.rubyonrails.org and Subversion at svn.rubyonrails.org.

Subversion will remain available at the old dev URL so you needn’t touch your live apps. Feel free to migrate to the new URL at your own speed.

Rails 1.2.2: SQLite3, gems, singular resources

It’s time for another minor update to Rails 1.2. This was primarily prompted by a change in the API for SQLite between version 3.3.7 and 3.3.8+, which left the Rails database adapter for dead by the road side. But with this release and Jamis Buck’s sqlite3-ruby gem at version 1.2.1, we’re back in business on all versions of SQLite3.

Second, we’re now depending on RubyGems 0.9.0 and above. This will fix the deprecation messages for require_gem (the new method is just gem) and will restore rake rails:freeze:gems to working order. So be sure to update to the latest RubyGems before installing. That’s done with “gem update —system”.

Finally, we’ve decided to throw in a few goodies along with the fixes described above and the rest of the bug reparations in this release. Singular resources, for example, allow you to model singleton resources within the scope of the domain. The common example is user.application.com/account. That’s now modeled with:

map.resource :account

…and routes accordingly:

GET /account => AccountController#show GET /account/new => AccountController#new GET /account;edit => AccountController#edit POST /account => AccountController#create PUT /account => AccountController#update DELETE /account => AccountController#destroy

Note that the controller is also singular, not plural as is usually the case when using map.resources.

We’ve also brought over the enhancement to :conditions in Active Record that’ll allow you to pass in ranges and get them automatically converted to BETWEEN statements. Like:

Student.find(:all, :conditions => { :grade => 9..12 })

…which then becomes:

SELECT * FROM students WHERE grade BETWEEN 9 AND 12”

This is a recommended upgrade for everyone running 1.2.x (and a reminder that if you’re not yet on Rails 1.2.x, you won’t be getting bug fixes automatically and have to backport them yourself). It’s a drop-in replacement requiring no changes to applications running 1.2.×.

Enjoy!

Capistrano 1.4.0

Capistrano is a utility for executing commands in parallel on multiple machines, such as for automating the deployment of applications. Version 1.4.0 is now available.

To install:

gem install capistrano

Version 1.4.0 fixes a few bugs, and adds a few features. The new features:

  • A “capture” helper has been added, to make it easy to capture the stdout of a remote command and return it as a string:
result = capture(“uptime”)
  • A “get” helper has been added, to mirror the “put” command, letting you easily download files from a remote server to the local host. It will only download from the first server that matches the criteria for the current task. You must have Net::SFTP installed (gem install net-sftp) in order to use the “get” helper.
get “#{current_path}/log/production.log”, “logs/production.log”
  • Support for a system-wide config file has been added. If a file exists in “/etc/capistrano.conf”, it will be loaded immediately after the standard recipe file is loaded, and immediately before any user-specific configuration.

The fixed bugs:

  • There used to be issues with cap hanging when running multiple capistrano instances at the same time when using gateways. This has been fixed.
  • The permissions tweaking in the standard recipe has been refactored into a separate task (set_permissions), which you can override if you are on a host that won’t let you set group-writable permissions.
  • The setup task now uses umask so that intermediate directories are created with the proper permissions.
  • Make sure the standard recipe loads first, so that .caprc and friends can oerride what it defines.
  • cold_deploy now calls update instead of deploy, to avoid invoking the restart task.
  • The ‘touch’ command in update_code now sets TZ to UTC for the duration of that command, so that asset timestamps are set correctly.
  • An off-by-one bug in the width computation for show_tasks has been fixed.

Minor deprecations:

  • The c/-caprc switch has been removed, since the new load order (standard, system, user, application) makes it meaningless.

Thanks to Mark Imbriaco, Neil Wilson, Bojan Mihelac, Joshua Wehner, and Mike Bailey for their contributions to this release.

Haml 1.0

Since we’re all celebrating new releases, it seems only fair to point out that Haml, an alternative markup format to Rails’ RHTML templates, has reached the lofty version of 1.0. It even comes with a plugin for seamless integration with Rails applications, so you really have no excuse not to give it a try. If you’re looking for an alternative to RHTML, Haml may just be you. Check it out!

Prototype 1.5: Now with a manual!

Prototype 1.5 shipped together with Rails 1.2 today. But that’s not all that’s been happening at the JavaScript sugar mill. Today also marks the official unveiling of prototypejs.org. A brand new site dedicated to promoting and teaching Prototype. It comes complete with API documentation, a blog, and a guide on how to contribute. Congratulations to Sam, Justin, and the rest of the team behind the site.

Rails 1.2: REST admiration, HTTP lovefest, and UTF-8 celebrations

Get out your party balloons and funny hats because we’re there, baby. Yes, sire, Rails 1.2 is finally available in all it’s glory. It took a little longer than we initially anticipated to get everything lined up (and even then we had a tiny snag that bumped us straight from 1.2.0 to 1.2.1 before this announcement even had time to be written).

So hopefully it’s been worth the wait. Who am I kidding. Of course it’s been worth the wait. We got the RESTful flavor with new encouragement for resource-oriented architectures. We’re taking mime types, HTTP status codes, and multiple representations of the same resource serious. And of course there’s the international pizzazz of multibyte-safe UTF-8 wrangling.

That’s just some of the headliner features. On top of that, there’s an absolutely staggering amount of polish being dished out. The CHANGELOG for Action Pack alone contains some two hundred entries. Active Record has another 170-something on top of that.

All possible due to the amazing work of our wonderful and glorious community. People from all over the world doing their bit, however big or small, to increase the diameter of your smile. That’s love, people.

As always, you get a hold of the latest and greatest through gems:

gem install rails —include-dependencies

…or if you prefer to freeze it straight up, you can:

rake rails:freeze:edge TAG=rel_1-2-1

If you go with the gems, remember to change your version binding in config/environment.rb. Otherwise, you’ll still be tied to whatever old version you were using before.

Do note, though, that this is a massive upgrade. A few major components of Rails were left for scraps and entirely rewritten (routing and auto-loading included). We’ve tried our very best to remain backwards compatible. We’ve run multiple release candidate sessions to everyone help achieve that goal.

But it may not be perfect — heck, what is — so you’d be best advised to give your application a full and thorough work-out before contemplating a deployment. But of course, you’ve been such a good little tester bee that all what is needed is a single “rake” to see if everything passes, right?

How to get started learning all about Rails 1.2

With the fanfare out of the way, I point your attention to a rerun of the RC1 release notes on the new features. This rerun only contains the highlights, though. Real fans will want to peruse the CHANGELOGs themselves from the API.

For everyone else, there’s of course also the much easier path of just picking up the second edition of Agile Web Development with Rails. This edition was written to be spot on with 1.2 and contains a lot more elaborate guidance than you’ll find in the CHANGELOGs.

So it’s no wonder that the 2nd edition sold out the 15,000 copies of the first print run in a mere three weeks. Rest assured, though, the second run should already be available in stores. And for instant gratification, nothing beats picking up the PDF+Book combo off the Pragmatic book site.

REST and Resources

REST, and general HTTP appreciation, is the star of Rails 1.2. The bulk of these features were originally introduced to the general public in my RailsConf keynote on the subject. Give that a play to get into the mindset of why REST matters for Rails.

Then start thinking about how your application could become more RESTful. How you too can transform that 15-action controller into 2-3 new controllers each embracing a single resource with CRUDing love. This is where the biggest benefit is hidden: A clear approach to controller-design that’ll reduce complexity for the implementer and result in an application that behaves as a much better citizen on the general web.

To help the transition along, we have a scaffold generator that’ll create a stub CRUD interface, just like the original scaffolder, but in a RESTful manner. You can try it out with “script/generate scaffold_resource”. Left with no arguments like that, you get a brief introduction to how it works and what’ll create.

The only real API element that binds all this together is the new map.resources, which is used instead of map.connect to wire a resource-based controller for HTTP verb love. Then, once you have a resource-loving controller, you can link with our verb-emulation link link_to "Destroy", post_url(post), :method => :delete. Again, running the resource scaffolder will give you a feel for how it all works.

Formats and respond_to

While respond_to has been with us since Rails 1.1, we’ve added a small tweak in 1.2 that ends up making a big difference for immediate usefulness of the feature. That is the magic of :format. All new applications will have one additional default route: map.connect ':controller/:action/:id.:format'. With this route installed, imagine the following example:

class WeblogController < ActionController::Base def index @posts = Post.find :all respond_to do |format| format.html format.xml { render :xml => @posts.to_xml } format.rss { render :action => “feed.rxml” } end end end GET /weblog # returns HTML from browser Accept header GET /weblog.xml # returns the XML GET /weblog.rss # returns the RSS

Using the Accept header to accomplish this is no longer necessary. That makes everything a lot easier. You can explore your API in the browser just by adding .xml to an URL. You don’t need a before_filter to look for clues of a newsreader, just use .rss. And all of them automatically works with page and action caching.

Of course, this format-goodness plays extra well together with map.resources, which automatically makes sure everything Just Works. The resource-scaffold generator even includes an example for this using format.xml, so /posts/5.xml is automatically wired up. Very nifty!

Multibyte

Unicode ahoy! While Rails has always been able to store and display unicode with no beef, it’s been a little more complicated to truncate, reverse, or get the exact length of a UTF-8 string. You needed to fool around with KCODE yourself and while plenty of people made it work, it wasn’t as plug’n’play easy as you could have hoped (or perhaps even expected).

So since Ruby won’t be multibyte-aware until this time next year, Rails 1.2 introduces ActiveSupport::Multibyte for working with Unicode strings. Call the chars method on your string to start working with characters instead of bytes.

Imagine the string ‘€2.99’. If we manipulate it at a byte-level, it’s easy to get broken dreams:

‘€2.99’[0,1] # => “\342” ‘€2.99’[0,2] # => “?” ‘€2.99’[0,3] # => “€”

The € character takes three bytes. So not only can’t you easily byte-manipulate it, but String#first and TextHelper#truncate used to choke too. In the old days, this would happen:

‘€2.99’.first # => ‘\342’ truncate(‘€2.99’, 2) # => ‘?’

With Rails 1.2, you of course get:

‘€2.99’.first # => ‘€’ truncate(‘€2.99’, 2) # => ‘€2’

TextHelper#truncate/excerpt and String#at/from/to/first/last automatically does the .chars conversion, but if when you need to manipulate or display length yourself, be sure to call .chars. Like:

You’ve written <%= @post.body.chars.length %> characters.

With Rails 1.2, we’re assuming that you want to play well with unicode out the gates. The default charset for action renderings is therefore also UTF-8 (you can set another with ActionController::Base.default_charset=(encoding)). KCODE is automatically set to UTF-8 as well.

Watch the screencast. (but note that manually setting the KCODE is no longer necessary)

Unicode was in greatest demand, but Multibyte is ready handle other encodings (say, Shift-JIS) as they are implemented. Please extend Multibyte for the encodings you use.

Thanks to Manfred Stienstra, Julian Tarkhanov, Thijs van der Vossen, Jan Behrens, and (others?) for creating this library.

Routes

Action Pack has an all new implementation of Routes that’s both faster and more secure, but it’s also a little stricter. Semicolons and periods are separators, so a /download/:file route which used to match /download/history.txt doesn’t work any more. Use :requirements => { :file => /.*/ } to match the period.

Auto-loading

We’ve fixed a bug that allowed libraries from Ruby’s standard library to be auto-loaded on reference. Before, if you merely reference the Pathname constant, we’d autoload pathname.rb. No more, you’ll need to manually require 'pathname' now.

We’ve also improved the handling of module loading, which means that a reference for Accounting::Subscription will look for app/models/accounting/subscription.rb. At the same time, that means that merely referencing Subscription will not look for subscription.rb in any subdir of app/models. Only app/models/subscription.rb will be tried. If you for some reason depended on this, you can still get it back by adding app/models/accounting to config.load_paths in config/environment.rb.

Prototype

To better comply with the HTML spec, Prototype’s Ajax-based forms no longer serialize disabled form elements. Update your code if you rely on disabled field submission.

For consistency Prototype’s Element and Field methods no longer take an arbitrary number of arguments. This means you need to update your code if you use Element.toggle, Element.show, Element.hide, Field.clear, and Field.present in hand-written JavaScript (the Prototype helpers have been updated to automatically generate the correct thing).


// if you have code that looks like this
Element.show('page', 'sidebar', 'content');
// you need to replace it with code like this
['page', 'sidebar', 'content'].each(Element.show);

Action Mailer

All emails are MIME version 1.0 by default, so you’ll have to update your mailer unit tests: @expected.mime_version = '1.0'

Deprecation

Since Rails 1.0 we’ve kept a stable, backward-compatible API, so your apps can move to new releases without much work. Some of that API now feels like our freshman 15 so we’re going on a diet to trim the fat. Rails 1.2 deprecates a handful of features which now have superior alternatives or are better suited as plugins.

Deprecation isn’t a threat, it’s a promise! These features will be entirely gone in Rails 2.0. You can keep using them in 1.2, but you’ll get a wag of the finger every time: look for unsightly deprecation warnings in your test results and in your log files.

Treat your 1.0-era code to some modern style. To get started, just run your tests and tend to the warnings.

Capistrano 1.3.1

I’ve been remiss in announcing recent Capistrano releases, so I’m making up for lost time now. Capistrano 1.3.1 is now available!

Capistrano, for those of you that are late to the game, is a utility for executing commands in parallel on multiple remote machines. It comes with support for vastly simplifying the deployment process of Rails applications, but can be customized to work with virtually any environment.

Since 1.2.0, the following enhancements and changes have been made:

  • You can encode the username and port for a host in the host string. Does one machine require a different user than another? A non-standard port for SSH access? It’s as simple as:
role :app,  "app1.host.com"
role :web,  "webuser@web1.host.com"
role :db,   "db1.host.com:1234"
role :file, "fileuser@file1.host.com:1234"
  • You can pass an :as option to sudo, to specify which user a command should be run as:
sudo "spinner", :as => "app"
  • If you define a “.caprc” file in your home directory, Capistrano will automatically load that file on every invocation. (It has the same format as any other Capistrano recipe file.)
  • Assets in the images, javascripts, and stylesheets directories are now touched after updating the code, to ensure that Rails’ asset timestamping feature works correctly.
  • Make sure new setups and checkouts are group-writable.
  • Do not run the cleanup task on servers marked “no_release”.
  • Rake integration is now deprecated. You should be invoking ‘cap’ directly. A future release will remove rake integration altogether.

Feel free to read the changelog several other fixes and tweaks. It might be a few hours before the 1.3.1 gem reaches all the mirrors, but when it gets there, a simple “gem install capistrano” ought to do the trick!

Rails 1.2: Release Candidate 2

This is it. We’re a mere two shakes of a lamb’s tail from releasing the final version of Rails 1.2. But before we light the fireworks and pop the champagne, we’ll just do one itsy, bitsy, tiny test run. Like wearing protection glasses in downtown Copenhagen on New Year’s. You know, just for precautions.

So please do give it a good run. We’re looking for STOP THE BOAT and HOLD THE PRESSES kind of issues for this one. Nothing else will stop it (but please do report every thing you find any way).

For a reminder on how to install and what’s new, see the release notes for Release Candidate 1. We also did a series of highlights for Active Record, Action Pack, and Active Support. Read those and hold your breath in anticipation. Unless a surge of heinous issues appear, we’re expecting the final version to land some times next week.

Yay, hurray!

Rails 1.2 RC1: New in Active Support

The following are some of the smaller, but notable features added to Rails 1.2 ActiveSupport since the Rails 1.1 release. (compiled by Joshua Sierles).

Module#unloadable marks constants that require unloading after each request. Example:

    CONFIG.unloadable

Module#alias_attribute clones class attributes, including their getter, setter and query methods. Example:

class Email < ActiveRecord::Base
  alias_attribute :subject, :title
end

e = Email.find(1)
e.title    # => "Superstars"
e.subject  # => "Superstars"
e.subject? # => true
e.subject = "Megastars"
e.title    # => "Megastars"

Enumerable#sum calculates a sum from the array elements. Examples:

  [1, 2, 3].sum
  payments.sum { |p| p.price * p.tax_rate }
  payments.sum(&:price)

  This replaces: payments.inject(0) { |sum, p| sum + p.price }

Array#to_s(:db) produces a comma-separated list of ids. Example:

Purchase.find(:all, :conditions => "product_id IN (#{shops.products.to_s(:db)})"

Module#alias_method_chain encapsulates the common pattern:

alias_method :foo_without_feature, :foo
alias_method :foo, :foo_with_feature

 With alias_method_chain:

alias_method_chain :foo, :feature

Array#split divides arrays into one or more subarrays by value or block. Examples:

[1, 2, 3, 4, 5].split(3) => [[1, 2], [4, 5]] 
(1..10).to_a.split { |i| i % 3 == 0 }   # => [[1, 2], [4, 5], [7, 8], [10]]

Hash.from_xml(string) creates a hash from an XML string, typecasting its elements if possible. Example:

Hash.from_xml <<-EOT
  <note>
    <title>This is a note</title>
    <created-at type="date">2004-10-10</created-at>
  </note>
EOT

...would return:

{ :note => { :title => "This is a note", :created_at => Date.new(2004, 10, 10) } }

The Builder package has been upgraded to version 2.0. Changes include:

-- UTF-8 characters in data are now correctly translated to their XML equivalents
-- Attribute values are now escaped by default

Rails 1.2 RC1: New in Action Pack

With all respect to the reporter from the Edge, here are a few tasty bits from ActionPack in Rails 1.2 (CHANGELOG). (compiled by Geoffrey Grosenbach).

Views

You can now access nested attributes in RJS:

page['foo']['style']['color'] = 'red' # => $('foo').style.color = 'red';

Forms now use blocks instead of end_form_tag (notes from DHH):


<% form_tag(products_url) do %>
  <%= text_field :product, :title %>
  <%= submit_tag "Save" %>
<% end -%>

And how many blogs have you visited that say “Last updated 60 days ago”? Years and months have been added to distance_of_time_in_words, so you’ll see “2 months ago” or maybe even “5 years ago” now.

Controllers

Uncaught exceptions raised anywhere in your application will cause RAILS_ROOT/public/500.html to be read and shown instead of just the static “Application error (Rails).” So make it look nice if you aren’t using it already!

There is a new head(options = {}) method for responses that have no body.

head :status => 404 # return an empty response with a 404 status
head :location => person_path(@person), :status => 201

You can declare specific file extensions exempt from layouts. Bring on the CSS, PDF, and graphic generating plugins!

ActionController::Base.exempt_from_layout 'rpdf'

RESTful resources automatically get a params[:format] option that can force a content type. If :format is specified and matches a declared extension, that mime type will be used in preference to the “Accept” header. This means you can link to the same action from different extensions and use that fact to determine output (cheat sheet).

class WeblogController < ActionController::Base
  def index
    @posts = Post.find :all
    respond_to do |format|
      format.html
      format.xml { render :xml => @posts.to_xml }
      format.rss { render :action => "feed.rxml" }
    end
  end

You can also register your own custom MIME types. These will be automatically incorporated into controllers so you can use them in respond_to blocks and as file :format extensions.

Mime::Type.register(string, symbol, synonyms = [])
Mime::Type.register("image/gif", :gif)

Finally, ActionController.filter_parameter_logging makes it easy to remove passwords, credit card numbers, and other sensitive information from being logged when a request is handled.

filter_parameter_logging 'password' # Don't log fields that match 'password'

Routing and URLs

Routing has been significantly rewritten for speed and consistency. One of the benefits is that you can use named routes and RESTful routes in your mailer templates.


class MyMailer < ActionMailer::Base

  include ActionController::UrlWriter
  default_url_options[:host] = 'my_site.com'

Testing

assert_response now supports additional symbolic status codes.

  assert_response :success # You know this one
  assert_response :ok
  assert_response :not_found
  assert_response :forbidden

Added the rulin’ assert_select for CSS selector-based testing (cheat sheet). Use this instead of assert_tag from now on.

assert_select "a[href=http://assert_select_rules.com]", @item.url, "Should have a link" 
assert_select "div#products", nil, "Should show a products div on the page"

Deprecated

You’ll see warnings when you run your test suite. Here are a few that have been replaced with better syntax:

  • assert_tag → assert_select
  • start_form_tag and end_form_tag → form_tag do end
  • @cookies, @headers, @request, @response, @params, @session, @flash → cookies, headers, request, response, params, session, flash
  • .png is no longer automatically appended to extension-less image_tag calls

Rails 1.2 RC1: New in ActiveRecord

Here are some of the smaller yet notable features in the Rails 1.2 release of ActiveRecord made since the 1.1 release. (compiled by Josh Susser).

Finding

Added simple hash conditions to #find that will just convert a hash to an equality/AND-based condition string. Example:

Person.find(:all, :conditions => { :last_name => "Catlin", :status => 1 })

...is the same as:

Person.find(:all, :conditions => [ "last_name = ? and status = ?", "Catlin", 1 ])

This makes it easier to pass in the options from a form or otherwise outside.

Added find_or_initialize_by_X which works like find_or_create_by_X but doesn't save the newly instantiated record.

Records and arrays of records are bound as quoted ids.

Foo.find(:all, :conditions => ['bar_id IN (?)', bars])
Foo.find(:first, :conditions => ['bar_id = ?', bar])

Associations

Allow :uniq => true with has_many :through associations. This is equivalent to doing a SELECT DISTINCT in SQL, but it is done in Ruby code instead.

Add records to has_many :through using <<, push, and concat by creating the join model record. Raise if base or associate are new records since both ids are required to create the association. #build raises an error since you can't associate an unsaved record. #create! takes an attributes hash and creates both the associated record and its join model record in a transaction.

For example:

# before:
post.taggings.create!(:tag => Tag.find_by_name('finally')
# after:
post.tags << Tag.find_by_name('finally')

And:

# before:
transaction { post.taggings.create!(:tag => Tag.create!(:name => 'general')) }
# after:
post.tags.create! :name => 'general'

Add #delete support to has_many :through associations.

has_one supports the :dependent options :destroy, :delete, and :nullify.

Misc

Support for row-level locking, using either the :lock finder option or the #lock! method. See ActiveRecord::Locking::Pessimistic docs for details.

# Obtain an exclusive lock on person 1 so we can safely increment visits.
Person.transaction do
  # SELECT * FROM people WHERE id=1 FOR UPDATE
  person = Person.find(1, :lock => true)
  person.visits += 1
  person.save!
end

Rails 1.2: Release Candidate 1

It’s been almost eight months since the last major release of Rails introduced RJS, respond_to, eager loading, and much more. It’s about time we introduced the latest batch of big ideas we’ve been polishing in the interim.

Since this is a major new release and we’ve gotten so much incredible uptake even since 1.1, we’re feeling the need to certify that things work as well as they can out the gates. Thus, this release candidate to fret out any regressions or major issues with the new features.

Update: Josh Susser has more on what this means for developers, and how best to go about submitting bug reports for the new release.

What’s New

But first, allow me to give you a short rundown of what you should be excited about. While these new features may not appear to have the immediate glitz and glamour the likes of RJS, they still represent a big fundamental shift in how a lot of Rails applications will be created from this day forth.

REST and Resources

REST, and general HTTP appreciation, is the star of Rails 1.2. The bulk of these features were originally introduced to the general public in my RailsConf keynote on the subject. Give that a play to get into the mindset of why REST matters for Rails.

Then start thinking about how your application could become more RESTful. How you too can transform that 15-action controller into 2-3 new controllers each embracing a single resource with CRUDing love. This is where the biggest benefit is hidden: A clear approach to controller-design that’ll reduce complexity for the implementer and result in an application that behaves as a much better citizen on the general web.

To help the transition along, we have a scaffold generator that’ll create a stub CRUD interface, just like the original scaffolder, but in a RESTful manner. You can try it out with “script/generate scaffold_resource”. Left with no arguments like that, you get a brief introduction to how it works and what’ll create.

The only real API element that binds all this together is the new map.resources, which is used instead of map.connect to wire a resource-based controller for HTTP verb love. Then, once you have a resource-loving controller, you can link with our verb-emulation link link_to "Destroy", post_url(post), :method => :delete. Again, running the resource scaffolder will give you a feel for how it all works.

Formats and respond_to

While respond_to has been with us since Rails 1.1, we’ve added a small tweak in 1.2 that ends up making a big difference for immediate usefulness of the feature. That is the magic of :format. All new applications will have one additional default route: map.connect ':controller/:action/:id.:format'. With this route installed, imagine the following example:

class WeblogController < ActionController::Base def index @posts = Post.find :all respond_to do |format| format.html format.xml { render :xml => @posts.to_xml } format.rss { render :action => “feed.rxml” } end end end GET /weblog # returns HTML from browser Accept header GET /weblog.xml # returns the XML GET /weblog.rss # returns the RSS

Using the Accept header to accomplish this is no longer necessary. That makes everything a lot easier. You can explore your API in the browser just by adding .xml to an URL. You don’t need a before_filter to look for clues of a newsreader, just use .rss. And all of them automatically works with page and action caching.

Of course, this format-goodness plays extra well together with map.resources, which automatically makes sure everything Just Works. The resource-scaffold generator even includes an example for this using format.xml, so /posts/5.xml is automatically wired up. Very nifty!

Multibyte

Unicode ahoy! While Rails has always been able to store and display unicode with no beef, it’s been a little more complicated to truncate, reverse, or get the exact length of a UTF-8 string. You needed to fool around with KCODE yourself and while plenty of people made it work, it wasn’t as plug’n’play easy as you could have hoped (or perhaps even expected).

So since Ruby won’t be multibyte-aware until this time next year, Rails 1.2 introduces ActiveSupport::Multibyte for working with Unicode strings. Call the chars method on your string to start working with characters instead of bytes.

Imagine the string ‘€2.99’. If we manipulate it at a byte-level, it’s easy to get broken dreams:

‘€2.99’[0,1] # => “\342” ‘€2.99’[0,2] # => “?” ‘€2.99’[0,3] # => “€”

The € character takes three bytes. So not only can’t you easily byte-manipulate it, but String#first and TextHelper#truncate used to choke too. In the old days, this would happen:

‘€2.99’.first # => ‘\342’ truncate(‘€2.99’, 2) # => ‘?’

With Rails 1.2, you of course get:

‘€2.99’.first # => ‘€’ truncate(‘€2.99’, 2) # => ‘€2’

TextHelper#truncate/excerpt and String#at/from/to/first/last automatically does the .chars conversion, but if when you need to manipulate or display length yourself, be sure to call .chars. Like:

You’ve written <%= @post.body.chars.length %> characters.

With Rails 1.2, we’re assuming that you want to play well with unicode out the gates. The default charset for action renderings is therefore also UTF-8 (you can set another with ActionController::Base.default_charset=(encoding)). KCODE is automatically set to UTF-8 as well.

Watch the screencast. (but note that manually setting the KCODE is no longer necessary)

Unicode was in greatest demand, but Multibyte is ready handle other encodings (say, Shift-JIS) as they are implemented. Please extend Multibyte for the encodings you use.

Thanks to Manfred Stienstra, Julian Tarkhanov, Thijs van der Vossen, Jan Behrens, and (others?) for creating this library.

Gotchas

While we’ve tried our best to remain as backwards compatible with 1.1.6 as possible, there are a few minor edge cases that will need some rework if you used to do things a certain way.

Routes

Action Pack has an all new implementation of Routes that’s both faster and more secure, but it’s also a little stricter. Semicolons and periods are separators, so a /download/:file route which used to match /download/history.txt doesn’t work any more. Use :requirements => { :file => /.*/ } to match the period.

Auto-loading

We’ve fixed a bug that allowed libraries from Ruby’s standard library to be auto-loaded on reference. Before, if you merely reference the Pathname constant, we’d autoload pathname.rb. No more, you’ll need to manually require 'pathname' now.

We’ve also improved the handling of module loading, which means that a reference for Accounting::Subscription will look for app/models/accounting/subscription.rb. At the same time, that means that merely referencing Subscription will not look for subscription.rb in any subdir of app/models. Only app/models/subscription.rb will be tried. If you for some reason depended on this, you can still get it back by adding app/models/accounting to config.load_paths in config/environment.rb.

Prototype

To better comply with the HTML spec, Prototype’s Ajax-based forms no longer serialize disabled form elements. Update your code if you rely on disabled field submission.

For consistency Prototype’s Element and Field methods no longer take an arbitrary number of arguments. This means you need to update your code if you use Element.toggle, Element.show, Element.hide, Field.clear, and Field.present in hand-written JavaScript (the Prototype helpers have been updated to automatically generate the correct thing).


// if you have code that looks like this
Element.show('page', 'sidebar', 'content');
// you need to replace it with code like this
['page', 'sidebar', 'content'].each(Element.show);

Action Mailer

All emails are MIME version 1.0 by default, so you’ll have to update your mailer unit tests: @expected.mime_version = '1.0'

Deprecation

Since Rails 1.0 we’ve kept a stable, backward-compatible API, so your apps can move to new releases without much work. Some of that API now feels like our freshman 15 so we’re going on a diet to trim the fat. Rails 1.2 deprecates a handful of features which now have superior alternatives or are better suited as plugins.

Deprecation isn’t a threat, it’s a promise! These features will be entirely gone in Rails 2.0. You can keep using them in 1.2, but you’ll get a wag of the finger every time: look for unsightly deprecation warnings in your test results and in your log files.

Treat your 1.0-era code to some modern style. To get started, just run your tests and tend to the warnings.

Installing

The release candidate gems live in the Rails gem repository. You install them like this:

gem install rails —source http://gems.rubyonrails.org —include-dependencies

Note that it’ll say something like “Successfully installed rails-1.1.6.5618”. That’s correct as we won’t use the final version numbers until the official release.

You can also grab it straight from Subversion with http://dev.rubyonrails.org/svn/rails/tags/rel_1-2-0_RC1.

Submitting regression bugs

There you have it. Those are the major changes and as always, you can get the full, nitty-gritty scoop in the CHANGELOGs. Over the last eight months, we’ve made literaly hundreds of improvements. It’s well worth traversing the CHANGELOGs for goodies. Ryan’s Scraps is doing a good job annotating the changes as well.

But with the release of any new piece of software, a number of things which used to work, will work no longer.

While the intention with Rails 1.2 is to provide seamless backwards compatibility, we’re only human, and chances are a few things have snuck through. So if you’re trying out the 1.2 release candidate, and find a bug, be sure to report it to us. There are a few steps you should follow to help us fix your bug during the release canididate cycle.

When adding your bug report, be sure to put ‘1.2regression’ in the keywords field. Bugs with this keyword show up in a trac report, if you’re looking for a place to help out, start there.

If at all possible, please include a failing unit test with your bug report. This makes our life significantly easier, and helps others verify that you’ve found a genuine case.

Capistrano 1.1.9 (beta)

A new release of Capistrano is nearly upon us! Before I unleash it upon the world, though, I’d like to have a few brave souls put it through its paces, so I’m doing a brief run of it as a pre-release. You can grab it from the Rails beta gem server:

gem install -s http://gems.rubyonrails.com capistrano

There are a lot of changes in this release, most of them minor or cosmetic. However, there are some changes that may bite you, too.

The most significant change that may affect you has to do with the roles used for the setup, update_code, rollback_code, and symlink tasks. These tasks have changed such that they now deploy to all defined servers. That’s right, if you’ve got a server associated with any role, those tasks will deploy to that server. However, a server can explicitly opt out of being part of release deployment by setting :no_release => true in its role definition:

   role :file, "file-server.somewhere.example",
        :no_release => true

Take note of that! If you have any servers using non-standard roles (any role besides web, app, or db), you need to explicitly add :no_release => true in their role definitions, or your next deploy will target those servers, too.

Other significant changes that may or may not tickle you:

  • The -r/--recipe command line option is deprecated. You should use -f/--file instead.
  • Matthew Elder has contributed (and agreed to maintain) a module for the Mercurial SCM.
  • If you have sudo in a non-standard location, you can specify the path to sudo via the :sudo variable
  • Added :svn_passphrase so you can use keys with passphrases
  • Fixed missing default for :local in the CVS module
  • Subversion SCM accepts HTTPS certificates now
  • Work with pid-based setups (new spawner/reaper)
  • Added update task
  • Added :except on task declarations (as the opposite of :only)
  • Override the hosts to be used for a task via the HOSTS environment variable
  • Override the roles that will be used for a task via the ROLES environment variable
  • Added :hosts option on task declarations for defining tasks that work only on specific machines (rather than by role)
  • Don’t require a capfile (this allows you to use capistrano to operate on arbitrary hosts, all from the command line)

Various other changes have been made as well—you can look at the CHANGELOG for a complete list.

Rails 1.1.6, backports, and full disclosure

The cat is out of the bag, so here’s the full disclosure edition of the current security vulnerability. With Rails 1.1.0 through 1.1.5 (minus the short-lived 1.1.3), you can trigger the evaluation of Ruby code through the URL because of a bug in the routing code of Rails. This means that you can essentially take down a Rails process by starting something like /script/profiler, as the code will run for a long time and that process will be hung while it happens. Other URLs can even cause data loss.

We’ve backported a fix to all the affected versions for those of you that can’t update. You’ll have to apply the diff for your version:

These patches (and 1.1.6) will break applications using the 3rd party engines idea. So if you can’t upgrade because of dependencies to those, you can also add the following URL blocking while engines are being updated. Here’s how to do it with mod_rewrite under Apache:

RewriteRule ^(app|components|config|db|doc|lib|log|public|script|test|tmp|vendor)/ - [F]

Here’s how to do it under lighttpd:

url.rewrite-once = ( "^/(app|components|config|db|doc|lib|log|public|script|test|tmp|vendor)/" => "index.html" )

Unfortunately, the 1.1.5 update from yesterday only partly closed the hole (getting rid of the worst data loss trigger). After learning more about the extent of the problem, we’ve now put together a 1.1.6 release that completely closes all elements of the hole (using the same technique as the backports above).

So if you upgraded to 1.1.5 yesterday, you need to upgrade again. The approach stays the same, but since the Rubyforge gem server can be very slow at distributing gem updates, you should grab this fix straight from the Rails server:

sudo gem install rails --source http://gems.rubyonrails.org --include-dependencies

If you’re running of trunk (also known as edge) using revision 4394 or later, you’re not affected by all this in any form.

We’ll follow up with more information as it becomes available. Needless to say, this is all the Rails core team is working on right now and we’ve recruited a whole band of testers to help us play this out. We’ll make sure to evaluate all the feedback that’s been coming in and develop some scar tissue a policy for dealing with security issues in the future. Thanks for your continued understanding.

We’ve also started #rails-security on Freenet for people with IRC available to get and share more information.

UPDATE: If you’re floating on gems (don’t have vendor/rails), then make sure you update RAILS_GEM_VERSION in your config/environment.rb. Otherwise you’ll still be bound to that earlier version of Rails even as you install the new gems.

UPDATE 2: Rails 1.1.6 is now available on the official gem server, so you no longer need to add the —source http://gems.rubyonrails.org parameter.

Rails 1.1.5: Mandatory security patch (and more)

We’re still hard at work on Rails 1.2, which features all the new dandy REST stuff and more, but a serious security concern has come to our attention that needed to be addressed sooner than the release of 1.2 would allow. So here’s Rails 1.1.5!

This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn’t affected by this). If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security issue is severe and you do not want to be caught unpatched.

The issue is in fact of such a criticality that we’re not going to dig into the specifics. No need to arm would-be assalients.

So upgrade today, not tomorrow. We’ve made sure that Rails 1.1.5 is fully drop-in compatible with 1.1.4. It only includes a handful of bug fixes and no new features.

For the third time: This is not like “sure, I should be flossing my teeth”. This is “yes, I will wear my helmet as I try to go 100mph on a motorcycle through downtown in rush hour”. It’s not a suggestion, it’s a prescription. So get to it!

As always, the trick is to do “gem install rails” and then either changing config/environment.rb, if you’re bound to gems, or do “rake rails:freeze:gems” if you’re freezing gems in vendor.

UPDATE: This problem affects 0.13, 0.14, 1.0, and 1.1.×. So here’s a happy opportunity to upgrade if you still haven’t.

UPDATE 2: We’ve fixed the zlib buffer problems for people on Windows. Redownload the gem and everything should be dandy.

UPDATE 3: Regarding security through obscurity, we’ll release the full details of this issue once everyone has had a fair chance to upgrade their system. Source transparency is of little comfort if you just had your system compromised before you got a chance to apply the patch.

UPDATE 4: This problem does not affect Rails 1.0 or earlier. The only versions affected are 1.1.0, 1.1.1, 1.1.2, and 1.1.4. See security update for details.

UPDATE 5: We’ve released Rails 1.1.6 with additional fixes to the problem and created backported patches for all affected versions.

P.S.: If you run a major Rails site and for some reason are completely unable to upgrade to 1.1.5, get in touch with the core team and we’ll try to work with you on a solution.

Rails 1.1.4: Security fix without breakage

The security fix from Rails 1.1.3 might have closed the hole, but it also caused breakage for people with controllers in modules. We’ve fixed that now, so Rails 1.1.4 should work for any application that also ran under 1.1.2. We apologize for the problem with 1.1.3 and encourage everyone running 1.1.x to upgrade as soon as possible to this release.

Note: Edge Rails was never affected by this security issue as it includes a rewritten routes module. So if you’re running on the latest edge, you don’t need to worry about upgrading.

Rails 1.1.3: Security fix and minor fixes

We’ve found and fixed a security issue with routing that could cause excess CPU usage in Rails processes when triggered by certain URLs. We strongly encourage anyone running 1.1.x to upgrade to the latest version. It’s fully backwards compatible and should serve as a small drop-in fix.

If you’re running the latest Edge Rails, though, there’s no need to update. We’ve rewritten the routes functionality on edge and the new version doesn’t have this problem.

To upgrade, you as always can just do: gem install rails --include-dependencies

Note: This release doesn’t include any of the new CRUD/resource-based features. All of the new features we’ve been working on over the last couple of months will become available in 1.2.0, which is scheduled for “soonish”. This 1.1.3 release is purely to address the security issue and another few minor fixes that were available on the STABLE branch as well.

New from O'Reilly: RJS Templates for Rails

Cody Fauser has just announced the release of his PDF-only book RJS Templates for Rails.

From almost the day we checked rjs into the repository, Cody was quickly singling himself out as an expert. When he found out they weren’t going to make the 1.0 release, he made an rjs plugin available for those staying back at 1.0. Before we had extensive documentation, he was doing the dirty work, putting together various tutorials and explanations. Many of you likely learned about rjs from Cody. And now, many more of you likely will too.

Jaded Pixel wisely brought him onto their team. He’s applied his rjs skills to great effect on Shopify.

As a reviewer of RJS Templates for Rails, I can attest to it being comprehensive and up to date. The book provides a tutorial style guide to using rjs then at the end there is a full reference. Most impressively, Cody is a solid technical writer. I’m quite sure this is his first book yet it reads like it was written by someone who’s been doing this for years. I hope it’s not his last.

You can get a copy for 9 bucks.

Browse your Subversion Repositories

Bounty Source provides the Open Source community with free hosting and tools including a task manager, a CMS, and a Subversion Code Repository. They’ve been gracious enough to release the Subversion Browser as a Rails plugin.

I’ve posted a technique on Rails Weenie on using your application’s authentication scheme on the plugin, so that your secret sauce is not available to the whole world.

Dan Webb's Request Routing Plugin

Have you ever wanted to write Rails routes using a URL's subdomain? What about routing based on whether a request was HTTP vs HTTPS? Well, now you can. Recently Dan Webb released his "Request Routing Plugin":http://svn.vivabit.net/external/rubylibs/requestrouting/README for public use. This plugin lets you create routing rules that use a whole slew of new properties: domain, subdomain, method, port, remoteip, contenttype, accepts, requesturi, and protocol.

You can obtain the plugin from Dan's subversion repository:

ruby script/plugin install \
   http://svn.vivabit.net/external/rubylibs/request_routing/

Easily find inefficient queries with QueryTrace

Nathaniel Talbott of test/unit fame has just released a new plugin he calls QueryTrace. I’ll let him explain what it does:


It’s nice that ActiveRecord logs the queries that are performed when your actions are executed, since it makes it easy to see when you have serious inefficiencies in your application. The next question, though, is always, “OK, so where are those being run from?

Rails Recipes is out of beta

Chad Fowler’s excellent Rails Recipes, quickly becoming the de facto companion to the canonical Agile Web Development with Rails, is out of beta and off to the printers. Now that you, the community, put it through its beta paces, it’s been cleaned up and deemed ready for prime time. If you’ve been holding off til now, your time has come: order it here.

For those who couldn’t wait and jumped on board during the beta, you can get a free update here.

A big thanks to Chad for the months of work he’s put into this.

UPDATE: Chad shares his take on What Makes a Good Recipe Book.

Radiant released: Content Management Simplified


John Long has announced the initial release of Radiant, the simple and elegant CMS that is planned to eventually power the redesigned reincarnation of the official Ruby website, ruby-lang.org.

You can take a look at some screenshots, check out the demo, read the source, subscribe to the mailing list, and follow along on the weblog.

Underneath the sheets, John is using his custom templating library Radius, on top of which he’s implemented his so called Behaviors. To help you dig into such features, John has provided some starting points for learning Radiant as well as a quickstart for Radius. If you want to jump aboard and help the development, he’s providing some tips on how you can contribute.

svn co http://dev.radiantcms.org/svn/radiant/trunk/radiant/

Things called a CMS are notoriously complex. Cheers for keeping it simple.

Rails Recipes release candidate now available

Dave Thomas has just announced that the first release-candidate of Rails Recipes is now available. What that means is that the book is essentially in its finished form. It’s had a great beta run, with a lot of praise and good feedback. Now that it’s been put through its passes, it’s pretty much ready for primetime, sporting 70 solutions to your real world programming challenges. If you’ve been holding off, now is a great time to get in on what is shaping up to be the de facto companion to Agile Web Development with Rails.

If you already bought the PDF, you can get the latest copy for free.

If you haven’t, what are you waiting for? Order it here.

Rails 1.1.2: Tiny fix for gems dependencies

The new gem version dependency system from Rails 1.1.1 needed a few tweaks to work properly and to stop throwing meaningless warnings. This tiny release makes up for that. To install:

  • gem install rails
  • rake rails:update:configs (to get the latest config/boot.rb)

This release also signals our new commitment to do more tiny releases from the stable branch, which only gets bug fixes. So it will not be uncommon to see bi-weekly tiny releases in the 1.1.x series while we continue to add features to the forthcoming 1.2.0.

Plug into HyperEstraier with acts_as_searchable

Patrick Lenz has announced his acts_as_searchable plugin which integrates ActiveRecord models with HyperEstraier, an open source fulltext search engine.

It’s available as a gem so you can just do sudo gem install acts_as_searchable.

You can then take a look at the API docs, which provide a few examples.

Full text searching just got as simple as:


class Article < ActiveRecord::Base
acts_as_searchable
end

Article.fulltext_search(‘biscuits AND gravy’)

Rails 1.1.1: Fixing a slew of minors (but you must still freeze Typo)

Rails 1.1 was a big upgrade with a lot of new features and we’ve been working hard since its release to polish off the kinks revealed after it was deployed to the masses. Rails 1.1.1 contains fixes for things like Prototype memory leaks in IE 6, Oracle adapter runnings, and a number of compatibility tweaks to make most older applications work.

This release still doesn’t work with Typo, though. And it won’t. Instead you must freeze Rails 1.0 to vendor/rails if you run Typo 2.6.0 while we await the new release from the Typo team that will be fully 1.1 compatible. Read more about Typo and how to freeze Rails.

This is the release we recommend that hosting companies upgrade to. If you still haven’t frozen your application and it for some reason doesn’t work with Rails 1.1.1, don’t run crying to them. We screwed up in the release notes of the last release by not telling people that Typo would break, but now that this information is spread far and wide, it’ll rest on your shoulders to make sure you’re frozen and stay cool.

If you still haven’t upgraded to Rails 1.1, checkout the original announcement for a run-through of all the features.

For the full story, see the changelogs: Rails, Action Pack, Active Record, Active Support, Action Web Service

Upload Progress Helper and Rails 1.1

One of the casualties of the 1.1 release was the experimental upload progress helper. Unfortunately it didn’t work on all the platforms we support and it was a source of numerous bug reports. After talking with Sean, we decided to remove it from rails’ core.

For those of you who were using it, the code was extracted to a rails plugin. To install it just run the following command and everything will be back where you need it.

./script/plugin install upload_progress

Rails 1.1: RJS, Active Record++, respond_to, integration tests, and 500 other things!

The biggest upgrade in Rails history has finally arrived. Rails 1.1 boasts more than 500 fixes, tweaks, and features from more than 100 contributors. Most of the updates just make everyday life a little smoother, a little rounder, and a little more joyful.

But of course we also have an impressive line of blockbuster features that will make you an even happier programmer. Especially if you’re into Ajax, web services, and strong domain models — and who isn’t these funky days?

The star of our one-one show is RJS: JavaScript written in Ruby. It’s the perfect antidote for your JavaScript blues. The way to get all Ajaxified without leaving the comfort of your beloved Ruby. It’s the brainchild of JavaScript and Ruby mastermind Sam Stephenson and an ode to the dynamic nature of Ruby.

Here goes a few sample rjs calls:

  # First buy appears the cart, subsequent buys highlight it
  page[:cart].visual_effect(@cart.size == 1 ? :appear : :highlight)
  
  # Replace the cart with a refresh rendering of the cart partial
  page[:cart].replace_html :partial => "cart"
  
  # Highlight all the DOM elements of class "product"
  page.select(".product").each do |element|
    element.visual_effect :highlight
  end
 
  # Call the custom JavaScript class/method AddressBook.cancel()
  page.address_book.cancel
  
  # 4 seconds after rendering, set the font-style of all company
  # spans inside tds to normal
  page.delay(4) do
    page.select("td span.company").each do |column| 
      column.set_style :fontStyle => "normal"
    end
  end

And that’s just a tiny taste of what RJS is capable of. It takes the Ajax on Rails experience far above and beyond the great support we already had. Bringing us even closer to the goal of “as easy as not to”. Read more about RJS in the docs or in Cody Fauser’s tutorial about element and collection proxies and his introduction to RJS (it shouldn’t surprise you that Cody is writing about book about RJS for O’Reilly).

But its not just the view we’re giving some tender love, oh no. Active Record has been blessed with bottomless eager loading, polymorphic associations, join models, to_xml, calculations, and database adapters for Sybase and OpenBase. It’s a huge upgrade and made possible through the fantastic work of Rick Olson (who was recently accepted into Rails Core, not a minute too soon!) and Anna Chan. Let’s dig into three of the top features:

Bottomless eager loading gives you the power of pulling back a multi-level object graph in a single JOIN-powered SQL query. Example:

  # Single database query:
  companies = Company.find(:all, :include => { 
    :groups => { :members=> { :favorites } } })
  
  # No database query caused:
  companies[0].groups[0].members[0].favorites[0].name

You can mix’n’match too. Using both multi-level fetches and first-level ones in the same call:

  # Just 1 database query for all of this:
  authors = Author.find(:all, :include => [ 
    { :posts => :comments }, :categorizations ])
  authors[0].posts[0].comments[0].body # => "Rock on Rails!"
  authors[0].categorizations[0].name   # => "Less software"

Polymorphic associations and join models give you access to much richer domains where many-to-many relationships are exposed as real models. Say Authorship between Book and Author:

  class Author < ActiveRecord::Base
    has_many :authorships
    has_many :books, :through => :authorships
  end
 
  class Book < ActiveRecord::Base
    has_many :authorships
    has_many :authors, :through => :authorships
  end
 
  class Authorship < ActiveRecord::Base
    belongs_to :author
    belongs_to :book
  end

…or addresses that can belong to both people and companies:

  class Address < ActiveRecord::Base
    belongs_to :addressable, :polymorphic => true
  end
 
  class Person < ActiveRecord::Base
    has_one :address, :as => :addressable
  end
 
  class Company < ActiveRecord::Base
    has_one :address, :as => :addressable
  end

Now let’s have a look at the new respond_to feature of Action Controller that makes it much easier to launch your application with both Ajax, non-Ajax, and API access through the same actions. By inspecting the Accept header, we can do clever stuff like:

  class WeblogController < ActionController::Base
    def create
      @post = Post.create(params[:post])
  
      respond_to do |type|
        type.js   { render }  # renders create.rjs
        type.html { redirect_to :action => "index" }
        type.xml  do
          headers["Location"] = post_url(:id => @post)
          render(:nothing, :status => "201 Created")
        end
      end
    end
  end

The recently launched API for Basecamp uses this approach to stay DRY and keep Jamis happy. So happy that he wrote a great guide on how to use respond_to

Speaking of Jamis, he also added the third layer of testing to Rails: Integration tests. They allow you to faithfully simulate users accessing multiple controllers and even gives you the power to simulate multiple concurrent users. It can really give you a whole new level of confidence in your application. The 37signals team used it heavily in Campfire from where it was later extracted into Rails. See Jamis’ great guide to integration testing for more.

These highlighted features are just the tip of the iceberg. Scott Raymond has done a great job trying to keep a tab on all the changes, see his What new in Rails 1.1 for a more complete, if brief, walk-through of all the goodies. And as always, the changelogs has the complete step-by-step story for those of you who desire to know it all.

And as mentioned before, Chad Fowler’s excellent Rails Recipes has in-depth howtos on a lot of the new features. If you desire some packaged documentation, this is the book to pick up.

Upgrading from 1.0

So with such a massive update, upgrading is going to be hell, right? Wrong! We’ve gone to painstaking lengths to ensure that upgrading from 1.0 will be as easy as pie. Here goes the steps:

  • Update to Rails 1.1:
    gem install rails --include-dependencies
  • Update JavaScripts for RJS:
    rake rails:update

That’s pretty much it! If you’re seeing any nastiness after upgrading, it’s most likely due to a plugin that’s incompatible with 1.1. See if the author hasn’t updated it and otherwise force him to do so.

If you’re on Ruby 1.8.2 with Windows, though, you’ll want to upgrade to the 1.8.4 (or the script/console will fail). And even if you’re on another platform, it’s a good idea to upgrade to Ruby 1.8.4. We still support 1.8.2, but might not in the next major release. So may as well get the upgrading with over with now.

Rails 1.1: Release Candidate 1 available

It’s been roughly three months since the release of the big one-oh. That’s obviously an eternity in Rails time, so its about high time we’re getting ready for the release for 1.1. And boy, is this an exciting upgrade!

I do believe this is the biggest upgrade to Rails we’ve ever done. We have recorded about 500 fixes, tweaks, and new features in the changelogs. That’s a lot and that’s just counting major new features like RJS as one.

So with all these goodies, we want to make sure we launch without any obvious blunders or backwards compatibility breaking changes. This is why we’re doing a release candidate and why we need your help to test it.

Rails 1.1 is supposed to be just fully backwards compatible with 1.0, but we did change just a couple of defaults, see CHANGED DEFAULT notes in the changelogs. That means we want to test Rails 1.1 with as many 1.0 applications as possible.

To install the release candidate gems, you just need to do:

gem install rake
gem install rails --source http://gems.rubyonrails.org

Or you can just install the new Rake gem (Rails 1.1 depends on Rake 0.7) and then call rake freeze_edge. That’ll pull the latest Rails down from the Subversion repository and bind just that one application to it.

Or you can set svn:externals on vendor/ to be against http://dev.rubyonrails.org/svn/rails/tags/rel_1-1-0_RC1, if you want to pull it in through Subversion automatically.

Lots of options, no excuses. We really need your help to make sure the final release is as solid as Rails 1.0 was. And so we don’t need 1.1.1 two days later.

Once you have the latest Rails installed, you can do rake rails:update to get the latest scripts and the latest version of Prototype and script.aculo.us installed in public/javascripts. That’s about all the upgrading you need to do to existing applications.

Do note, though, that all plugins may not be upgraded to be compatible with Rails 1.1. Or you may indeed just have an old version of a plugin that has been updated. Keep an eye out for that.

If you’re wondering why to even bother with Rails 1.1, Scott Raymond currently has the best play-by-play overview of what’s new. We’ll be adding to that with more walkthroughs and hopefully movies around release time.

If you need more documentation, I strongly encourage you to pick up Chad Fowler’s Rails Recipe book. It’s currently out in its 3rd beta release and includes a bunch of great recipes on the new 1.1 features. Including RJS, polymorphic associations (and how to do better tagging with them), join models, integration testing, and more. You can get it as a PDF right now for $21.50.

So help us help you. Test Rails 1.1 with your existing applications. Try building new stuff with it. And let us know if something breaks in the process. We will be taking care of all heinous bugs before release. Thank you all!

Quick PDF generation with RTex

Bruce Williams of Naviance recently announced his RTex plugin. It exposes your controller data to rtex views that output LaTeX which is convereted to PDF.

To install you can use the plugin script:

ruby script/plugin install rtex

Or grab it from svn:

svn co http://codefluency.com/svn/codefluency/rails/plugins/rtex

People have used PDF::Writer to generated .rpdf views. Why go through LaTex to get to PDF rather than use PDF::Writer? Speed, says Bruce.

i5labs pushing the limits of Rails

In November, PlanetMoon launched Infected, a first-person shooter game for Playstation Portable. The PSP game has two-pieces, one, the actual PSP game (which is C++), and a statistics reporting tool (how many kills did you get, how many people did you infect, where in the world are they). Any time someone wants to grab their stats, it kicks in the PSP Web Browser, which points to a Ruby on Rails server. The team behind this is Jason Wong’s i5labs. Jason blogs about some of the challenges of working within the constraints of PSP console.

i5labs also just finished a Zubio chair massage kiosk at the San Francisco Shopping Center. You schedule 10 or 20 minute massage sessions using a touchscreen, then swipe your credit card. The touchscreen system is implemented with Rails. Jason shares details of the code and hardware.

i5labs is also looking to hire a part time Ruby on Rails developer (who could eventually go full time). If you’re interested drop them a note at jobs@i5labs.com.

We’ve seen the limits of Rails pushed before, when Mike Clark and James Duncan Davidson mixed Rails with Cocoa with VitalSource. Anyone else using Rails outside of the traditional web context?

Auto sanitized templates with Erubis

Last month on the Rails core mailing list, a thread popped up (that went on and on) wherein the idea was proposed that rhtml templates should automatically sanitize output by default. After much back and forth, David suggested those in favor redirect their energies toward a working plugin.

Enter stage left, Erubis. It’s a customized implementation of eRuby that provides a handful of features, notably that <%= %> tags automatically sanitize output. You use <%== %> if you don’t want to sanitize the output. For all those who wish rhtml files were sanitized by default, here is your solution.

Configure your Rails apps to use Erubis templates with ActionView::Base::register_template_handler.

SwitchTower 0.10.0

You can read the complete changelog, but here’s a quick overview of some of the most notable changes:

Bugs Fixed

  • Handle SSH password prompts formatted like “someone’s password:”
  • Allow the sudo password to be reentered if it was entered incorrectly
  • Errors during checkout are now caught and reported early
  • Avoid timeouts on long-running commands
  • Add a small sleep during command processing to give the CPU a rest
  • Rake tasks should work much more nicely on Windows (you’ll need to do switchtower --apply-to /path/to/app to update, keeping your config/deploy.rb and overwriting lib/tasks/switchtower.rake)

New Features

ssh_options variable

There is now an ssh_options hash that you can use in your recipe files to set custom SSH connection options, like setting a non-standard port to connect on:

ssh_options[:port] = 2345

Allow svn checkouts to use export instead of co

If you don’t want to use an svn co to checkout your code, you can set the :checkout variable to :export, and SwitchTower will use svn export instead.

set :checkout, :export

This variable defaults to :co.

update_current task

There is now an update_current task that just does an svn up on the last-deployed release. This is useful for trivial updates, like when a template changed.

cleanup task

You can easily remove unused releases from your deployment directories with the cleanup task. It will (by default) keep the 5 most recent releases, and delete the rest.

SFTP for file transfers

Net::SFTP is now used (if it is available) for file transfers. This should make transferring large files more robust, as well as allow binary characters in files.

restart_via variable

You can now set the :restart_via variable to :run, if you need to have the restart task use run instead of sudo.

set :restart_via, :run

This defaults variable to :sudo.

Rails 1.0: Party like it's one oh oh!

15 months after the first public release, Rails has arrived at the big 1.0. What a journey! We’ve gone through thousands of revisions, tickets, and patches from hundreds of contributors to get here. I’m incredibly proud at the core committer team, the community, and the ecosystem we’ve raised around this framework.

Rails 1.0 is mostly about making all the work we’ve been doing solid. So it’s not packed with new features over 0.14.x, but has spit, polish, and long nights applied to iron out kinks and ensure that it works mostly right, most of the time, for most of the people. Yes, we still have pending tickets, but we will always have pending tickets. If I had accepted that fact back in February, we would probably have been at 2.0 now ;).

Alongside 1.0, we’ve also been working on a new web site, which premieres today as well. It’s a 37signals-powered redesign that streamlines and decrufts us into a much cleaner profile that hopefully will make it even easier for people to get excited and try out Ruby on Rails. It’s online at www.rubyonrails.org and includes two brand new screencasts.

So this is a major milestone for Rails, but we’ve not even begun to think about slowing down. Rails 1.1 is already pretty far along in development and will see some of the biggest upgrades of any Rails release. Hopefully some time in February. But in the mean time, enjoy one oh!

To install Rails 1.0:

gem install rails —include-dependencies

To learn about upgrading a Rails application not already running 0.14.x: Upgrade to 1.0

The only thing you need to do to upgrade from 0.14.x is update your Javascripts using “rake update_javascripts”. You’ll be rocking along with Scriptaculous 1.5 and Prototype 1.4.

Happy 1.0, everyone!

Rails RC5 (0.14.4): Next stop one-oh (really, this time!)

It’s been a month since we promised that RC4 would be the final countdown. And counting down we have. We’ve fixed a ton of major, minor, and aesthetic issues and now have a package that we would be very proud to call 1.0. No, it’s not completely spotless. A project of this size with thousands of programmers using it for every application type under the moon will never be. But it’s Pretty Damn Good.

So here it goes: Release candidate 5. This is the final, short pitstop before 1.0 materializes next week. Thus, you’re more than well advised to upgrade and make sure we didn’t leave anything heinous in there. This is the “speak now or forever hold your peace” part of the ceremony.

If you already upgraded to 0.14.x, going to RC5 is completely effortless. Simply call upon the gems to do your bidding with: gem install rails --include-dependencies. And you’ll be serving up your application with all the bugs squashed. On top of that, we’ve thrown in a new adapter for the Firebird database and added a beautiful new index.html that’ll greet you on new applications:

So upgrade, dammit! Now. And stand by as we finish setting up the fireworks planned for next week’s release of the long-awaited 1.0. It’s magical times, my friends, and the spellcasting is just getting started.

The interesting changes are in:

Rails 1.0 RC4 (0.14.3): It's the final countdown!

Comrades, we are so close to the goal that the relieve should be tastable. The mythical 1.0 release is now penned to be the very next release once we rattle out the heinous bugs from this one. So we need every man, woman, and child at work testing the living daylights out of this final release candidate. Upgrade your apps, start new ones, kick the tires, rev the engine, do it all!

So what’s new? What’s in there to make it pay to upgrade today rather than at 1.0? Lots! In a regular universe, this would have counted as more than merely a 0.0.1 increment. We got a ton of stuff especially for Active Record and the Rails infrastructure.

The new commands

  • script/server: Will now use lighttpd/FCGI if both are available on the system. This makes for a considerably faster development experience than WEBrick, but is unfortunately a OS X/nix thing only. Windows users will continue to get a WEBrick-powered server launched.
  • script/plugin: Your gateway to the wonderful world of plugins. Helps you install, manage, and discover new plugins. See script/plugin —help for more.
  • script/about: Gives you the all the versions for Rails and associates. See the sample.

Active Record: find_or_create_by_X, association collection extensions, migrations for all databases

We’ve added a new dynamic finder that allows you to find or create a new record on the basis of attributes passed, such as saying Tag.find_or_create_by_name(“Summer”). It even works on associations, so page.tags.find_or_create_by_name(“Summer”) is kosher too.

Extensions for association collections is a sexy new way of adding methods to the proxies that all access delegate through. Example:


class Account < ActiveRecord::Base
  has_many :people do
    def find_or_create_by_name(name)
      first_name, *last_name = name.split
      last_name = last_name.join " "
 
      find_or_create_by_first_name_and_last_name(first_name, last_name)
    end
  end
end
 
person = Account.find(:first).people.find_or_create_by_name("David Heinemeier Hansson")
person.first_name # => "David"
person.last_name  # => "Heinemeier Hansson"

And finally we’ve really put the spit and polish on the database adapters by adding migration support to all the commercial ones. As well as giving especially the SQL Server one a good loving in general.

Action Pack: Better filter controls, fixed ActiveRecordStore, and redirect_to :back

Action Controller now has skip_before_filter and skip_after_filter to sidestep certain filters set in superclasses that doesn’t apply to the current controller. Such as specifying :authenticate in ApplicationController, but skiping it in the SignupController.

The ActiveRecordStore no longer only saves when changes have occured, so you can again rely on updated_at being incremented at each page view, and thus rely on it for garbage collection.

Finally we now have an easy way of saying “go back to where you came from” with redirect_to :back.

Upgrading from 0.14.x

It has never been so easy to upgrade to the latest and greatest if you’re on 0.14.x series. You get almost all of it for free simply by installing the latest gems and the rest by running these two commands:


rake update_javascripts
rake add_new_scripts

I’ll let you figure out what those do.

Upgrading from 0.13.x (or earlier)

Jeremy Kemper has put together a great guide to upgrading from an earlier version.

What else is new?

As usual, you get the full play-by-play story of the changes by examining the changelogs. Such wonderful bedtime reading.

Liquid templates announced

Liquid is a brand new template engine optimized for xhtml and emails. It features a very clean syntax and speedy execution speeds. The main difference to traditional ERb is that it does not rely on eval. This means that no potentially harmful code is executed when a Liquid template is compiled or rendered.

The chief advantage is that you can let your users change templates without having to worry about your data’s security. The templates only see data which you export to them. In Shopify for example you will be able to edit your shop’s templates and emails directly in the admin interface. The templates are stored in the database and rendered directly from it.

Liquid is packaged as a rails plugin for easy installation. In good rails style there is a small movie available showing how to install and use it.

Rails 1.0 RC3 (0.14.2): A bunch of little things

We’ve pushed out the third release candidate for 1.0 of Rails. This release most prominently fixes a memory leak with render_component (which affected Typo among others), the scaffolding bug, and a number of other small things. Please do upgrade. If you’re already running 0.14.1 (RC2), then you don’t need to change anything in the application.

Introducing SwitchTower: Distributed deployment for Rails

SwitchTower is a utility for executing commands in parallel on multiple machines. It lets you (among many other things) deploy distributed applications with a single command.

When your application is young you may be deploying it to a single machine, which runs the web server, app server, and database all together. In this situation, deploying manually is not unbearably painful. But as your application grows you may find yourself needing to deploy your application to two web servers, four app servers, and two database servers, atomically. This is where SwitchTower steps in as a pain-killer.

Getting Started

Suppose you have an existing Rails application that you want to deploy to a cluster of machines. SwitchTower attempts to make the entire process as painless as possible:

  • Install SwitchTower. This is as simple as gem install switchtower.
  • Decorate your application with the necessary SwitchTower files. Just do switchtower --apply-to /path/to/your/app.
  • Tell SwitchTower where your application code sits and what machines it should deploy to. Just edit config/deploy.rb and fill in the blanks.
  • Set up your machines so they are ready to receive your application. It’s as easy as rake remote_exec ACTION=setup.
  • Lastly, deploy your application! Just type rake deploy and let the good times roll.

Other Capabilities

In addition to simply moving your application to the various boxes, SwitchTower attempts to make the task of maintaining your deployment simpler. Suppose something goes wrong while checking out your code—SwitchTower will detect that and roll back the change, on all deployed machines. This means it is much harder to wind up with your application out of sync on the various boxes.

Other things SwitchTower can do, out of the box:

  • Database migrations on your production database
  • Enable/disable the web interface (only works with Apache currently)
  • Restart your application on the application servers

SwitchTower also makes it very simple to override and extend the standard tasks, and to write your own. The tasks use a simple language similar to Rake that allows you to automate many different tasks.

More Information

Want to know more about SwitchTower? There’s an entire user manual full of useful tidbits at http://manuals.rubyonrails.com/read/book/17.

Rails 1.0: The Release Candidate (2)

The release of 1.0 is near upon us! It has been a long time in the making, involved a heroic final sprint at RubyConf by the core team, and is a testament to how it’s all been coming together over the last months. Almost three hundred bug fixes, enhancements, and new features have been introduced since 0.13.1 saw the light of day three months ago. That’s on average three per day. So it’s not been a while because of slacking off.

But with all these changes, we want to allow for an extended release-candidate phase before we declare 1.0 a reality. So from today you can get the 1.0 RC 2, which is packaged as version 0.14.1 in the gems.

Over the next two weeks or so, we’re very interested in hearing about bugs and we’ll likely push out a few more release candidates as more and more fixes go in. That said, we can’t fix it all and we surely can’t process all the pending feature enhancements for 1.0. So don’t expect to see an empty Pending Patches or Faults lists. Our main objective is to stamp out the “heinous” bugs: those that significantly affect the many or those that dangerously affect the few.

(The main gem server is pretty over-worked, you may want to do gem install rails --source http://gems.rubyonrails.org --include-dependencies to offload it a bit)

Rails 0.13.1: Faster for all, eager limits, more Ajax

We’ve returned the default MySQL/Ruby bindings to their former glory, made sure development mode on big applications didn’t get penalized on resetting the object space, and cut WEBricks lust to have a new database connection per request. All changes that actually allows Rails 0.13.1 to live up to the promise of better performance for everyone.

Additionally, we’ve made it possible to use :limit and :offset together with eager loading of has_one and belongs_to associations (has_many and has_and_belongs_to_many will still not work due to the nature of how SQL joins work).

And of course there’s a big bag of delicious script.aculo.us additions and fixes. Be sure to checkout the changelogs for the full scoop as usual:

Rails 0.13: 225+ features/fixes in 75 days!

After the longest gap between releases since Rails was made public and after more than 225 fixes and new features, the final major release before the 1.0 milestone has arrived. We’ve basically put in three new features or fixes every single day for the past 75 days. But what do you care about our labouring efforts? Here’s what’s new in 0.13.0:

Ajax: Visual effects, drag’n’drop, sortable lists, auto-completing text fields
Thomas Fuchs is the latest member of the Rails core contributor group and his amazing set of Javascript magic, entitled script.aculo.us, has been integrated in this release.

It adds a completely rewritten visual effects engine, drag-and-drop capability including sortable lists, and autocompleting text fields to Rails. All building on top of Prototype, the foundation for Ajax in Rails, which has also received a spiffy upgrade by Sam Stephenson.

Hand in hand with the Javascript files is a fresh batch of helper methods that enables to skip the process of writing any Javascript yourself. The new auto_complete_for macro is one of these helpers and it makes adding Google Suggest style auto-completing text fields effortless, as does sortable_element for sortable lists and floats and draggable_element and it’s counterpart drop_receiving_element for drag-and-drop. Try out the live demos and see source code.

We also have Ajaxified progress indicators for file uploads in as an experimental feature in this release. It makes for a much more user-friendly experience uploading large files. See the demo. It’s experimental nature means that it only works on Apache, lighttpd 1.4.x, and only in some environments. Consider it a preview of really cool tech. You need to include ActionController::Base.enable_upload_progress in your environment.rb file to turn it on.

We’ve additionally added support for graceful error handling of Ajax calls:


link_to_remote(      
      "test",
      :url => { :action =>"faulty" },
      :update => { :success =>"good", :failure =>"bad" },
      403 =>"alert('Forbidden- got ya!')",
      404 =>"alert('Nothing there...?')",
      :failure =>"alert('Unkown error ' + request.status)")

And if you want to perform multiple document updates on a single Ajax call, there’s now the lovely JavascriptHelper#update_element_function, which can be used to generate a stacked return.

Migrations: Agile software needs agile databases
Migrations can manage the evolution of a schema used by several physical databases. It’s a solution to the common problem of adding a field to make a new feature work in your local database, but being unsure of how to push that change to other developers and to the production server. With migrations, you can describe the transformations in self-contained classes that can be checked into version control systems and executed against another database that might be one, two, or five versions behind.

They currently only work with MySQL and PostgreSQL, but with the help of the community, we’ll hopefully have most databases supported in upcoming releases. Read more in the Migration documentation.

Performance: Faster routes, faster everything!
One of our primary goals with this release is to identify and address performance issues. Stefan Kaes took on the task of optimizing the entire code base and contributed numerous speedups with additional help from Jeremy Kemper. An entire rewrite of Routes by Nicholas Seckar makes it nearly seven times faster now. And all this comes with complete backwards compatability. In an effort to make developers more performance-aware, you can now use the new BenchmarkHelper to measure the execution time of a block in a template.

Sweepers: Clean up your caches in a single sweep
ActionController::Caching::Sweeper is a new approach to sweeping caches that follows a much more intuative one-sweep system where the caches are actually cleared on the observer callbacks. Not just recorded to be cleared during a later filter callback. Sanity is restored to sweeping.

Rendering: One method to bind them all
In the wake of refactoring Active Record’s find API, the various render methods got a whole new suit, making the render method the single point of entry for all rendering tasks. Tobias Luetke has a good before and after write up of how render is used now.

Lessons learned from find and render: Consolidate multiple method names that do similar things into one method, use symbols to dictate what used to be done by method name and parametrize with an options hash rather than positional parameters.

Read more about it on the new API documentation for render.

FastCGI: Easier to update, more stable in the running
With a new release of a better and up to date FastCGI Ruby binding, and as FastCGI becomes solidified as the deployment mechanism of choice, it’s a good time to have a vastly improved dispatch.fcgi with changes that include:

  • Send HUP to force the fcgi process to dynamically reload the application
  • Send USR1 to force the process to gracefully restart (allowing active requests to finish first)
  • Better crash logging

We’ve also extracted a RailsFCGIHandler, so you in the future can update Rails and get improvements without having to get a fresh dispatch.fcgi file.

Routes: Giving them a name and calling them by it
On top of Nicholas Seckar’s entire rewrite of the Routes code come Named Routes by Marcel Molina. Named Routes allow you to reduce code duplication by associating a name with a given route rule. This generates a convenience method that wraps the route rule hash. You define a named route by calling it in your routes.rb in place of the connect method. So, for example:


  map.home '', :controller => 'main', :action => 'start'

So with the above named route, what would have previously been


  redirect_to :controller => 'main', :action => 'start'

is now

  redirect_to :home_url

Parametrize your routes. With:

  map.user_page 'users/:user', :controller => 'users', :action => 'show'

You could do

  link_to @user.username, user_page_url(:user => @user)

See more at the Named Routes wiki page.

Email attachements: Make those emails carry the load
Action Mailer now supports sending attachments and multipart messages. Jamis Buck has been leading the way to making ActionMailer robust and feature complete. There’s a fresh new API too that gives specifying emails a more domain-language feel to it. Read all about it in Action Mailer API.

Validations: Run them conditionally and only if
With the new :if option for all validations, you can limit when an attribute is validated, either using a block or a method reference. Examples:

  1. Conditional validations such as the following are made possible:
    validates_numericality_of :income, :if => :employed?
  1. Conditional validations can also solve the salted login generator problem:
    validates_confirmation_of :password, :if => :new_password?
  1. Using blocks:
    validates_presence_of :username, :if => Proc.new { |user| user.signup_step > 1 }

Fully backwards compatible!
As has been the norm since around 0.9.0, this release is mindful of backward compatibility, so despite the flow of fixes, improvements, and features, your existing applications won’t need to be updated code-wise. All you need to do to upgrade is get the new gems with gem update rails and then generating the new infrastructure files with rails &lt;your-app-dir>.

You want to overwrite the dispatches, the prototype library, the Rakefile, and the test_helper.rb. Don’t overwrite application_controller.rb, application_helper.rb, or other files you may have tailored, though. It’s always good to do this run on a backup first and check that every things work.

Last major stop before 1.0!
First I want to congratulate the core contributor team on the amazing accomplishment that is this release. The group came together in a stronger-than-ever force especially for the last few weeks up to release. And as the latest member of the group, Thomas Fuchs deserves special praise for giving Rails such a boost of Ajaxiness with script.aculo.us and the associated helpers. It’s incredible that Rails is home to both Prototype and script.aculo.us — the two strongest Javascript libraries for Ajaxians around — and Thomas and Sam deserve much lavish praise for making it happen.

Another shout out for Nicholas Seckar. The second-most recent addition to the group. He has once again delivered goodness all over the code base. From named routes to all those little fixes that makes 0.13 a much more solid experience. You tha man.

And all the hard work is paying off. We’re planning to make 0.13 the last major release before 1.0! We might well see 0.13.1 (but hopefully not 0.13.2) before we start pumping out release candidates for the big one-oh, but it’s getting close. Real close, now.

What you’ve seen here is of course only a tiny sliver of the massive amount of new features and fixes. For the full scoop be sure to devour the changelogs:

Enjoy Rails 0.13!

Rails 0.12.1: No major update without a bit of pain

There’s nothing like pushing a new major update in order to find bugs in the code when its exposed to a couple of hundred working applications. Thankfully the fixes were almost as swift as the reports. In any case, you’ll definitely want to upgrade to 0.12.1 right away. There’s a good handful of fixes for both Action Pack and Active Record (mostly concerning the new eager loading).

Here’s the dirt, so you don’t have to go look it up. First for Action Pack:

  • Added xml_http_request/xhr method for simulating XMLHttpRequest in functional tests #1151 [Sam Stephenson]. Example: xhr :post, :index
  • Fixed that Ajax.Base.options.asynchronous wasn’t being respected in Ajax.Request (thanks Jon Casey)
  • Fixed that :get, :post, and the others should take a flash array as the third argument just like process #1144 [rails@cogentdude.com]
  • Fixed a problem with Flash.now
  • Fixed stringification on all assigned hashes. The sacrifice is that assigns[:person] won’t work in testing. Instead assigns[“person”] or assigns(:person) must be used. In other words, the keys of assigns stay strings but we’ve added a method-based accessor to appease the need for symbols.
  • Fixed that rendering a template would require a connection to the database #1146

Then for Active Record:

  • Fixed frivilous database queries being triggered with eager loading on empty associations and other things
  • Fixed order of loading in eager associations
  • Fixed stray comma when using eager loading and ordering together from has_many associations #1143

Updating, as always, couldn’t be easier than gem install rails --include-dependencies.

Rails 0.12.0: Eager associations, new Base.find API, assertions revisited, more Ajax!

The time had come to butcher the piggy-back query and introduce real association loading through outer joins. Behold, the glorious eager loading of associations that makes it silly easy to fetch not 1, 2, but unlimited associations alongside any record in a single query. Turning 50 database queries into 1 never felt this good.

# Turning N+1 queries into 1
for post in Post.find(:all, :include => [ :author, :comments ])
  puts "Post:            " + post.title
  puts "Written by:      " + post.author.name
  puts "Last comment on: " + post.comments.first.created_on
end

And to match the eager loading, we’re introducing a brand new unified API for Base.find, which works the same whether you’re searching for a specific id, the first record, or all the records. By using named options we alleviate your poor brain for remembering whether the ordering option was argument number 3 or 4.

Person.find(1, :conditions =>"administrator = 1", :order =>"created_on DESC")
Person.find(1, 5, 6, :conditions =>"administrator = 1", :order =>"created_on DESC")
Person.find(:first, :order =>"created_on DESC", :offset => 5)
Person.find(:all, :conditions => [ "category IN (?)", categories], :limit => 50)
Person.find(:all, :offset => 10, :limit => 10)

Better testing
We’ve also slashed the huge number of assertions for testing controllers. In one fell swoop, we’ve gone from around thirty to a shap seven. The remaining assertions are more flexible than before, not nearly as hard to remember, and are followed on by the fantastic new assert_tag, which makes examining the HTML output of an action so much easier than the XHTML/REXML fumblings of yesterday.

More Ajaxing
Of course, we couldn’t make a new release without asserting the undisputed position as the number one framework for doing Ajaxed applications. This release contains a bunch of new smooth effects for visualizing your non-refreshing actions. It’s now much easier to make Ajaxed applications that treat the unfortunate without Javascript nicely with request.xml_http_request? and alternative targets for ajax links and forms. We’ve also added periodically_call_remote that can be used to Ajax-update a given block every so seconds.

In the next release, which will be not very far off, we’re also adding awesome support for both Google Suggest-like search boxes and for upload progress indicators. There’s a powerful team behind pushing the envelope on this. We have so not seen the end of it.

A total of 96 changes, tweaks, and fixes
All these goodies are just the tip of the iceberg, though. There’s a total of 96 new features, changes, tweaks, and fixes packed into this monster of a release. And we didn’t even have time to push in all of the pending patches. How’s that for an action-packed three weeks since the last release?

Fully backwards compatible!
Despite the true onslaught of new features, fixes, and goodies, we’ve managed to keep this release fully backwards compatible with 0.11.1. So you just do a “gem update rails” and all the new stuff is available for use in your current application (to take advantage of the new JS effects you’ll want to copy that one over, though — use rails . in your app dir to get that for free).

See the changelogs for the full story:

Rails 0.11.1: More Ajax, Verifications, SQL Server updated, loads of fixes

The Ajax wave is sweeping across Rails. In this release, we’ve added a :position option to both link_to_remote and form_remote_tag that can be set to either :before, :top, :bottom, or :after. These options make it possible to add new DOM elements to existing lists without replacing the whole list. When working on big lists that are in a fixed order anyway, there’s a considerable speed increase to be had.

Yellow Fade Technique
Additionally, we’ve implemented the first in a hopefully long series of packaged effects. This is the 37signals’ Yellow Fade Technique that’s now available as Effect.Highlight(id) — perfect for highlighting a new element that was just added with Ajax. If you have the Javascript chops to do other effects, please do help out. The wiki discussion page for Ajax in Rails already has great ideas for slide, fadeout, and squish.

Verifications
Verifications in a whole new module for Action Pack that allows you to specify preconditions for you actions. They come in the form of “verify that these parameters are part of the request or redirect the user somewhere else (possibly adding a message to the flash)”. Or said in code:

verify :params => "post", :only => [ :create, :update ], :redirect_to => { :action => "index" }

SQL Server adapter updated
The Micrsoft SQL Server adapter is back in top form supporting both file uploads (albeit still restricted by SQL Server’s 7KB limit) and the new limit style. Thanks to DeLynn Berry for the quick update. Now only the DB2 adapter is not supporting the new limit style.

Loads of fixes
Iconv is no longer required to install Rails (but you’ll want it if you need to send/receive UTF-8 with Action Mailer), you can clone Active Records with floats, the dispatch.fcgi has been fixed, and a bunch of other things. In total, this release has 30 new features, additions, tweaks, and fixes.

See all the changes in the changelogs for Rails, Active Record, Action Pack, Active Support, Action Mailer, and Action Web Service.

Update: No application changes should be required. Just make sure that you copy over the latest prototype.js if you’re using Ajax.

P.S.: Many thanks to Florian Gross for the wonderful code snippet that allows for uploads to RubyForge automatically. This saved me the headache of releasing 12 files by hand one more time. And many thanks to Jamis Buck for the new template used for the API documentation.

Rails 0.11.0: Ajax, Pagination, Non-vhost, Incoming mail

With the inclusion of Ajax helpers in Rails 0.11.0, we’ve addressed the most important concern holding back large scale Ajax use: Writing DHTML by hand. Manipulating the DOM by hand is a labor-intensive and error-prone process rife with frustration and cross-browser compatibility. With the Ajax support in Rails, writing manual Javascript/DHTML is (almost) a thing of the past.

Through a handful of helper tags, we’ve exposed an approach that relies on a bare minimum of support on the client-side (XMLHttpRequest and innerHTML) while offloading the generation of page fragments to familiar constructs like ERb and Builder templates. This means that you’ll build your Ajax integration using all the tools you’re familiar with and safely let the Javascript/DOM magic be off-loaded to the Rails helper and library.

Sam Stephenson (hire this guy!) has been the architect behind transforming my meager Javascript attempts into a fully object-oriented library that the Rails helper calls to do its dirty work. He has also done a video demonstrating how he can turn a create form into Ajax in just a few minutes. While this may appear a bit complicated, its mostly because the application Sam’s integrating with lets the controller generate the URL, which normally isn’t the case.

While the Ajax support is certainly the star of this release, we have much more. Another Sam Stephenson goodie is Pagination support, which lets you seamlessly spread the results of a list across multiple pages by combining controller-side and view-side support for pages and navigation.

Also of note is that Rails applications no longer require their own virtual host to be easy to setup. It’s now possible to symlink the public directory from underneath an existing hierarchy, so your application can live under hieraki in /community/hieraki. This should make it considerably easier to install and distribute applications that need to live on shared servers. If you want to make your own application vhost agnostic, have a look at the AssetTagHelper that’ll automatically create the proper paths for images, stylesheets, and the likes.

The Action Mailer gained inbound capabilities in this release. By implementing the receive(email) method, you can target your Action Mailer from fx postfix and have it process incoming emails. We’ve even enhanced TMail to make it easy to process international emails (auto converting to UTF-8) and handling file attachments. See the example in the README and checkout the Howto.

On top of all that there’s a new script/runner for making it easy to call your Rails domain model from CRON, there’s a new Flash module, there’s database indifferent limit/offset, and a truckload of fixes, enhancements, and tweaks.

See all the changes in the changelogs for Rails, Active Record, Action Pack, Active Support, Action Mailer, and Action Web Service.

Updating: If you’re coming from Rails 0.10.1, just run rails . --skip in the root of your application to get the new files. You shouldn’t need to change any code. You will need to clear out all your sessions, though, because of the Flash module upgrade!

Rails 0.10.0: Routing, Web Services, Components, Oracle

We’re plowing through the road map at lightning speed with the release of Rails 0.10.0. There’s so much good stuff in here this time it’s really hard to pick just a few bits to focus on for the overview, but still I have. With Rails 0.10.0, you’ll get:

  • Routing: Pretty URLs of all flavors and fashions can now be specified using an easy to understand Routing syntax made in Ruby. This means no more wrestling with mod_rewrite in Apache to get custom URL schemes. It means you’re not bound to the traditional /controller/action/id form (the controller and action names don’t even have to be part of the URL!). It also means that the URL parsing and generation is handled by the same configuration, which removes all the labor previously involved in getting your Ruby code to sync with your rewrite rules. That makes it possible to share the same URL configuration across all the web servers supported by Rails. You can seemlessly develop your application on WEBrick and without changes move it to Apache or lighttpd. Read more in the Routing book, see a bunch of routes explained, or dig into the ActionController::Base#url_for API documentation.
  • Web Services: Action Web Service is a whole new add-on framework for Action Pack that enables SOAP with WSDL and XML-RPC web services to be made with Rails ease. You can either describe an existing controller with an API, and let the clients interact with the same methods used to do the HTTP interface, or you can create dedicated service classes that can be bound to a controller. In addition to the support for building web services, we’ve also added convenient wrappers for calling other web services from your application. For getting started, there’s a whole book on Action Web Service that explains how to define, implement, and interact with the web serivce APIs. We also got examples using the GoogleSearch API and the metaWeblogApi.
  • Components: With components it’s possible to call other actions and controllers for their rendered response while executing another action. You can either delegate the entire response rendering or you can mix a partial response in with your other content. This makes it possible to package functionality in reusable parts and to keep more DRY on application elements that integrate from many sources (like a dashboard). To learn more about components, we have another book, a video showing how to make and call components, and the API docs.
  • Oracle: In addition to the existing adapters for MySQL, PostgreSQL, SQLite, SQL Server, and DB2, we now also support Oracle as a database option for Active Record. The adapter that made it in is built on top of OCI8 and has been confirmed to work great with Oracle 8i and 9i. Our sixth database adapter is documented in the API.

But there’s a world of additional new and fixed stuff in 0.10.0. See the other whole new package Active Support and check the changelogs for Rails, Active Record, Action Pack, and Action Mailer.

Honoring Nicholas Seckar and Leon Breedt

The two most important features in this release has been contributed to two relative newcomers to the Rails scene. Nicholas Seckar tried at least three attempts at Routing before we found the one that felt like the best Rails fit. He put an enormous amount of energy into sorting out all the complications and have since helped to improve all parts of Rails. You’ve done a superb job, Nicholas. May potential employeers looking for talent see your name.

Equal thanks goes to Leon Breedt that popped out of nowhere with a whole new framework that followed our established conventions and approach to the dot. The quality of the code and documentation has made a big impression on the existing team of core contributors. And the work has contributed to make us all the much closer to 1.0. Thanks for the excellent work, Leon!

So how far away is Rails 1.0?

Rails 1.0 moved much closer today as we knocked off well over half of the previously announced road map. What we primarily lack now is Packaging and Performance alongside the aim to bring the number of uninvestigated and/or fixed fault tickets down to zero. The current tentative date is end of March/start of April.

Upgrading from Rails 0.9.5 to 0.10.0

If you don’t have any custom URLs defined in your existing application, then it’s a fairly straight forward process to upgrade. If you do have custom URLs, it’s a bit more work, but definitely manageable. Basecamp used a lot of custom URL tricks and it took me under an hour and resulted in 100 lines of code being stripped from the application. In any case, we’ve created a book to guide the upgrade process.

Rails 0.9.5: A world of fixes and tweaks

This release is mostly about polishing the Rails by closing holes, deficiencies, and subtle extensions to existing features. The long-awaited Directions and generator upgrade have been postponed to the next release. The highlights of this release is:

  • Rewritten reloading: Working in development with models and controllers reloading on every request now resembles “the real thing” a lot more by actually removing the model classes before reloading them. This fixes a bunch of subtle bugs and makes it possible to remove a method and see it reflected without restarting the application.
  • Create and update collections: Through calls like text_field "student[]", "last_name", it’s now much easier to get input tags like input name="student[123][last_name]"..., which together with the fact that Base#create, Base#update, Base#destroy, Base#delete, AssociationCollection#build, and AssociationCollection#create now all accept arrays enables handling of many records at once.
  • Stopping after render/redirect: Any before_filter can now terminate the chain by calling render or redirect and the pattern of redirect-and-return now works again. The first call to either render or redirect wins as well and subsequent calls are ignored.

That’s just three of the 37 changes, fixes, and additions available in Rails 0.9.5. You can read the full story in the changelogs for Active Record, Action Pack, and Rails.

This release shouldn’t require any changes to your application if you’re coming from Rails 0.9.4 unless you were relying on const_missing to load non-AR/AO/AC classes. In that case, you’ll have to start being explicit with require_dependency for the reloading to be triggered.

Rails 0.9.4.1: Cleaning up the mess

Seems like the 0.9.4 release required a public launch in order to find the last snags. No game, no pain, or something. The changes are:

Action Mailer

  • Fixed sending of emails to use Tmail#from not the deprecated Tmail#from_address

Action Pack

  • Fixed bug in page caching that prevented it from working at all
  • Fixed a bug where cookies wouldn’t be set if a symbol was used instead of a string as the key
  • Added assert_cookie_equal to assert the contents of a named cookie

Active Record

  • Fixed that the belongs_to and has_one proxy would fail a test like ‘if project.manager’ — this unfortunately also means that you can’t call methods like project.manager.build unless there already is a manager on the project #492 [Tim Bates]
  • Fixed that the Ruby/MySQL adapter wouldn’t connect if the password was empty #503 [Pelle]

Rails

  • Added 5-second timeout to WordNet alternatives on creating reserved-word models #501 [Marcel Molina]
  • Fixed binding of caller #496 [Alexey]

…you may need to use “gem install rails”, and not just “gem update”, to install the latest version.

Rails 0.9.4: Caching, filters, SQLite3...

Another incredibly strong release sees the light of day as we move one step closer to the mythical 1.0. This release tackles one of the five steps on the roadmap in form of caching as well as adding a bunch of other cool stuff.

  • Render Caching: Added an extensive caching module that offers three levels of granularity (page, action, fragment) and a variety of stores (file, memory, DRb, MemCached). Read more
  • Conditional filters: It’s now possible to limit the actions that a given filter will apply to within a controller using either :only or :except. Like, before_filter :authorize, :only => [ :edit, :delete ]. Read more
  • Associating unsaved objects: Associations between unsaved objects makes it much easier to build big graphs that only makes sense to be saved together. Read more
  • Database compatibility: SQLite3 is now supported by the sqlite adapter and MySQL 4.1.1+ is also supported by the included Ruby/MySQL driver.
  • Numeric bytes and time: Rails has taken upon itself to extend Ruby in a few spots, such as adding the possibility for expressions like 45.kilobytes + 2.3.megabytes and 45.minutes + 2.hours + 1.fortnight. Read more

Those were the highlights, but Rails 0.9.4 includes no less than 50 changes, fixes, and features. You can read the full story in the changelogs for Active Record, Action Pack, and Rails.

This release shouldn’t require any changes to your application if you’re coming from Rails 0.9.3.

Rails 0.9.3: Optimistic locking, dynamic finders, 1.8.2

Rails is now fully compatible with Ruby 1.8.2, which we advice all to upgrade to as soon as possible. It contains a year’s worth of bug fixes for Ruby, so it’s great finally to be able to use the new version with Rails. But that is not all we got in store for 0.9.3. A few of the highlights are:

  • Automated optimistic locking: Just add the field lock_version to your table and the associated class will be governed by optimistic locking that’ll raise an exception if a stale object attempts to save.
  • Dynamic finders: Finders like Person.find_by_user_name, Payment.find_by_amount, and even Person.find_by_user_name_and_password are now available with no code at all. Any column can be used and combined with other columns in the new dynamic finders.
  • MS SQL Server and DB2: Active Record now supports both Microsoft SQL Server (through ADO) and IBM’s DB2 databases.
  • MemCacheStore for sessions: You can now store sessions in Action Pack using Danga’s memcache technology.
  • Generators guard against reserved words: Not only will ./script/generate model Thread be denied, you’ll also get a list of synonyms pulled live from WordNet!

That’s just a small taste of the 35 changes, fixes, and features introduced with Rails 0.9.3. You can read the full story in the changelogs for Active Record, Action Pack, and Rails.

Upgrading from Rails 0.9.2 to 0.9.3

There’s only one change you need to make in order to have your application updated from 0.9.2 to 0.9.3. In the config/environments/production.rb and config/environments/test.rb, you need to change:

  ActionController::Base.reload_dependencies = false
  ActiveRecord::Base.reload_associations     = false

…to:

Dependencies.mechanism = :require

And in config/environments/development.rb, you need to change:

  ActionController::Base.reload_dependencies = true
  ActiveRecord::Base.reload_associations     = true

…to:

Dependencies.mechanism = :load

If you’re coming on from 0.8.x, you’ll need to go through the Upgrading to 0.9 manual.