RailsConf 2018 Edition

Hello 🌨 from Pittsburgh! RailsConf was amazing: more than a thousand attendees showing that Rails is more alive and welcoming than ever.

All the presentations will be available on YouTube in about a month. For now, you can take a sneak peek by browsing the slide decks: from Rails 6 to Active Storage, from Migrations to Testing, from Upgrades to API, from Router to Contributing, from GraphQL to Performance, from Collaboration to Communication, from Kafka to PostgreSQL, from Warden to Authorization, from Economy to Art, from Bugs to Security, from Containers to Crypto, from Interviews to History, from Teams to Trust, from Shopify to GitHub, from Engines to Crowdsourcing, from Mortality to Life, there was really something for everyone!

This Week’s Contributors

37 people contributed to Rails in the last week, including 9 for the first time! A big thank you to all of you!

If you’d like to see yourself on that board, why not check out the list of open issues, or get involved in the core discussion list.

Inclusive Language in Documentation Examples

A couple of changes to make the docs more inclusive of trans and non-binary individuals. Hurray! 💗🌈🏳️‍🌈

Add the nonce: true option for javascript_include_tag helper

Works the same way as javascript_tag nonce: true to support automatic nonce generation for Content Security Policy.

Improve performance of translation helper

A PR that is worth reading to learn how to benchmark a possible performance improvement using the right tools.

Don’t pass splat keyword arguments as a single Hash

Looking ahead at Ruby 2.6, which will raise a warning when a method is called with (*args). Declaring the arguments makes for more readable code.

Fix exception in AS::Timezone.all when any tzinfo data is missing

Time zones change every year, even multiple times a year. ActiveSupport::Timezone.all won’t raise an error even when a time zone is missing from TZInfo.

Output only one nonce in CSP header per request

Nonces from old requests were saved, causing the header to grow infinitely after every request.

Avoid blocking the server in #delete_matched

A fix to the newly added redis-cache-store feature of Rails 5.2. Calling delete_matched will no longer block the Redis server.

Coming back home after an amazing event like RailsConf is always tough. Can’t wait to see you all next year at RailsConf 2019 in Minneapolis from April 30th to May 2nd. Hopefully it won’t snow! 🤞– Claudio

Rails 5.2.0, performance optimizations, space-saving compression and more!

And now a Rails 🌩 News Flash 🌩! (Hint: we’ve got some big news this week, if you hadn’t heard). We take you now, live, to our reporter on the scene, Tim, for all the latest and greatest this week.

Rails 5.2.0 is out!

5.2.0 is officially among us, a little bit ahead of RailsConf this year. If you can’t wait until then to find out everything that this new release brings, do go read the original blog post that accompanied the release for all the details!

This Week’s Contributors

48 people contributed to Rails in the last two weeks, including an incredible 11 for the first time! A big thank you to all of you!

If you’d like to see yourself on that board, why not check out the list of open issues, or get involved in the core discussion list.

API controlIers now get a set of default headers

Though you may not need all these headers, there are specific instances where you may want them to enhance security, so it makes sense to have this configured on by default.

An optimization for the Query Cache middleware

This nice little optimization eliminated some array allocations, that you may benefit from if you have a large number of connection pools.

Avoid generating full changes hash on every save

By asking the mutation tracker for the list of changed attributes, some work can be skipped when generating the changes hash. This may be most noticeable for serialized attributes, for which calling #original_value can be significantly more expensive.

Fix ActiveSupport::Cache compression

A regression was found whereby compressed items in the cache store were taking up more space than their original, uncompressed versions. That is now fixed thanks to the great detective work shown in this PR!

As always there were many more changes to the Rails codebase than we can cover here. But you can read all about them here! Until next week!

Rails 5.2.0 FINAL: Active Storage, Redis Cache Store, HTTP/2 Early Hints, CSP, Credentials

Nearly 14 years since the first public version of Rails, it’s our pleasure to release yet another major upgrade to the framework in the form of 5.2.0 final. We’ve been diligently polishing Active Storage and the other big new components for stable release, and it’s great to see so many applications already running the release candidates in production. Basecamp and Shopify have both been running Rails 5.2.0 for quite a while.

This release comes just in time for RailsConf, which features sessions on the new encrypted credentials, a code review of Active Storage, advice on how to upgrade to a new Rails version, and a lot of Webpack talks.

You can read in even more detail about everything that’s new in Rails 5.2 in the newly finished release notes.

Note that rails/master development is now targeting Rails 6.0.

Many thanks to Rails core, Rails contributors, and everyone else who’ve helped with code, documentation, bug reports, and whatever else to get Rails 5.2.0 out the door. It’s amazing to have over 400 code contributors with fingerprints on this release.

Feature highlights

It’s been too hard to deal with file uploads in Rails for too long. Sure, there’s been a lot of fine plugins available, but it was overdue that we incorporated something right into the framework. So now we have!

With the new Active Storage framework in Rails 5.2, we’ve solved for the modern approach of uploading files straight to the cloud. Out of the box, there’s support for Amazon’s S3, Google’s Cloud Storage, and Microsoft Azure Cloud File Storage.

If you’re dealing with images, you can create variants on the fly. If you’re dealing with videos or PDFs, you can create previews on the fly. And regardless of the type, you can analyze uploads for metadata extraction asynchronously.

Active Storage was extracted from Basecamp 3 by George Claghorn and yours truly. So not only is the framework already used in production, it was born from production. There’s that Extraction Design guarantee stamp alright!

Speaking of extractions, Jeremy Daer has untangled the long jungle twine of hacks we were using at Basecamp to employ Redis for general partial, fragment, and other Rails caching jobs. There’s a sparkling new Redis Cache Store that incorporates all those years of veteran hacks into a cohesive unit that anyone can use.

This new Redis Cache Store supports Redis::Distributed, for Memcached-like sharding across Redises. It’s fault tolerant, so will treat failures like misses, rather than kill the request with an exception. It even supports distributed MGETs for that full partial collection caching goodness.

This comes together with a massive leap forward for cache efficiency with key recycling and compression both available by default. For Basecamp, it meant improving the cache lifetime by two orders of magnitude! We went from having caches trashed in as little as a day to having caches last for months. If you’re using partial caching and the nesting doll strategy, your cache lifetime will improve dramatically between these two changes.

We’ve also embraced the cherry of HTTP/2 with early hints through the work of Aaron Patterson and Eileen Uchitelle. This means we can automatically instruct the web server to send required style sheet and JavaScript assets early. Which means faster full page delivery, as who wouldn’t want that?

On the topic of performance, Rails now ships with Bootsnap in the default Gemfile, created by our friends at Shopify. It generally reduces application boot times by over 50%.

Rails has always been in the forefront of making your web applications more secure, leading the way with built-in CSRF and XSS protection and we’ve enhanced that further in Rails 5.2 with the addition of a new DSL that allows you to configure a Content Security Policy for your application. You can configure a global default policy and then override it on a per-resource basis and even use lambdas to inject per-request values into the header such as account subdomains in a multi-tenant application.

But it’s not all just new starry-eyed wonders. In Rails 5.1, we added encrypted secrets. These secrets were like the old secrets but, uhm, more secret, because, you know, ENCRYPTION! Confusing? Yes. Why would you want secrets that weren’t really secret? Well, you don’t.

In Rails 5.2, we’ve rectified the mess by deprecating the two different kinds of secrets and introduced a new shared concept called Credentials. Credentials, like AWS access keys and other forms of logins and passwords, were the dominant use case for secrets, so why not just call a spade a spade. So spade it is!

Credentials are always encrypted. This means they’re safe to check into revision control, as long as you keep the key out of it. That means atomic deploys, no need to mess with a flurry of environment variables, and other benefits of having all credentials that the app needs in one place, safe and secure.

In addition, we’ve opened up the API underlying Credentials, so you can easily deal with other encrypted configurations, keys, and files.

Since Rails 5.1, we’ve also made great strides with Webpacker. So Rails 5.2 is meant to pair beautifully with the new Webpacker 3.0 release. Rails has fully embraced modern JavaScript with a pre-configured build pipeline run by Webpack. We keep strengthening that relationship.

New Rails bug fix releases, closer to multi dbs and more!

Hey there, esteemed readers of Rails’ public repo tea leaves. It’s Kasper bringing you the latest hot cup to steel transcendence from.

This Week’s Contributors

Here goes a hey-o to the 16 contributors this week! You can make the list no doubt, try finding an open issue.

Rails 5.0.7 and 5.1.6 are out

New bug fix releases are out, so you can upgrade your apps today.

Easy Multi databases: basic rake tasks

For applications with multiple databases you always had to create your own rake tasks. No more! One of the stepping stones for Rails 6.0 to have multi db support out of the box is in.

Compare dates with before? and after?

To compare two dates and/or times we’d use the standard < and > operators. Now date arithmetic is a little easier with today.before?(tomorrow) and today.after?(yesterday). Thus joining today.between?(yesterday, tomorrow). Your app now has no excuse not to show up on time!

Allow prefixing store attributes

In the vein of delegate :name, to: :person, prefix: true adding person_name, your store attributes now houses the same trick to squash duplicate accessors. Also sports specific prefixes to really clear the path of method name clashing.

Favor app-wide config.force_ssl for HTTPS

Rails has long had a way to incrementally force users onto HTTPS, a controller level force_ssl! Times have changed and Rails 6.0 deprecates that option in favor of the app-wide config.force_ssl so every endpoint will use HTTPS.

There were many more changes to Rails’ codebase, which you can check out here.
Until next week!

Rails 5.0.7 and 5.1.6 have been released

Hi everyone,

I am happy to announce that Rails 5.0.7 and 5.1.6 have been released.

CHANGES since 5.0.6

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 5.1.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-256

If you’d like to verify that your gem is the same as the one I’ve uploaded, please use these SHA-256 hashes.

Here are the checksums for 5.0.7:

$ shasum -a 256 *-5.0.7.gem
c023d1df2fd6f5e1ac042ad6a0338e8a2c4d1404484f8fe77121b81f10b75f2c  actioncable-5.0.7.gem
5f9b12f26ae8906d20b9f4784644853121a3b03f74a396943677fc30f91c2e35  actionmailer-5.0.7.gem
08e0d4582d1b37cc059aca1d19cd271e7bb575265093c4a99cb79d80dcb0d196  actionpack-5.0.7.gem
eb20007cc9ee40ee7a2f96147e9776394f72d59979b23da15f444a9906c17b8b  actionview-5.0.7.gem
e8a15b73302c02352da9463b134daf037841fec7d5d5c2ec97487456f96bb8d5  activejob-5.0.7.gem
fe35b1bbfb140c7416723e3a7d7ef2a78e8921739863d8a917a93131e2b7cc87  activemodel-5.0.7.gem
c6349cd59e29118aaed5d4d2414e87b427affd28925b7fe1559cb45a21152366  activerecord-5.0.7.gem
a595a42311ea13ce994b1feea3325cbbb1ac5c0bf40cd96c89797882121da7fb  activesupport-5.0.7.gem
76815a2a7e99c83b53ea52325c5bbc5ca15e25ecdfb741ea329ca153cf11ff84  rails-5.0.7.gem
e08b95ec3dbb708f9d449a01c083c66d47ddba2f373e4a2fd1bde2c7a92fdb48  railties-5.0.7.gem

Here are the checksums for 5.1.6:

$ shasum -a 256 *-5.1.6.gem
2e678b45852f242e5897a0d4e43dca1088fb3d5c350592b22768b502a085261f  actioncable-5.1.6.gem
ecbc307e66102b1406fba38f6d7c869fd763cafa98b02fd4f6049fd41d663de9  actionmailer-5.1.6.gem
8dcd333263bdea533de7ac8e087f530f20bde6167c3c02060b82630b90aee26f  actionpack-5.1.6.gem
0181e71b9d307425605c50aa70358148aa0dff270bf2e07dbb87acb3d3a7ddcd  actionview-5.1.6.gem
a291963337402f3dcd5aee1dff3fd980256742bb0cfa06c47315257d11d69a0a  activejob-5.1.6.gem
7e3d2904a524a18c4f710a170243eac706279a36142289431d3c504df665c881  activemodel-5.1.6.gem
1da0546d452cc9b25b900bc2616b57d1e41e24039c33466b46d7add27fdf13c7  activerecord-5.1.6.gem
94d2f2a9fe1a7421165e0014eaa4c8eb2d229f72dc9815cf7c2f0c595f05b521  activesupport-5.1.6.gem
b8301a87151de3feb7cbdf57a66842bb668493f4cec464fd0f67d4c7173b6051  rails-5.1.6.gem
482a97c40ff61f4e8aed5f449a5f54fcb3890ddd53c3a7dc0efd02a9da139e79  railties-5.1.6.gem

As always, huge thanks to the many contributors who helped with this release.

Rails 5.2.0.RC2, AWS authentication options and more

Hello fellow Rubyists, this is Wojtek bringing you the polished set of latest Rails news.
We do like to “polish” things here in Poland ;-)

Rails 5.2.0.RC2 released

Aiming for 5.2.0 final version to be released before the RailsConf in April. Help us test it, to have a solid and stable release.

This Week’s Contributors

Big thanks to 16 people who contributed to Rails this week! If you’d like to join them, check out the list of open issues.

Allow full use of the AWS S3 SDK authentication options

It’s now possible to use environment variables and IAM roles to authenticate to AWS in Active Storage.

Support mysql2 gem version 0.5

New version of mysql2 gem brings some bugfixes and features but also some backward incompatibilites. Check them out in changelog.

Memoize the result of calculating path to translation

Speeds up usage of I18n.translate. Benchmark included in the comments.

Use ASCII-8BIT paths in ActionDispatch::Static

Fixes encoding incompatibilites between Rack and Rails middlewares.

Remove support for Qu gem from Active Job

Qu gem wasn’t compatible since Rails 5.1. Development was stopped in 2014 and maintainers have confirmed its demise.

There were many more changes to Rails’ codebase, which you can check out here.
Until next week!

Rails 5.2.0 RC2: Active Storage, Redis Cache Store, HTTP/2 Early Hints, CSP, Credentials

It’s almost time for RailsConf, and we’re determined to get the final version of Rails 5.2 released before then. So here’s the hopefully last release candidate before that can happen. We’ve put a ton of into ironing out all the issues with Active Storage in particular, now that more and more applications are starting to use it in production.

You can peruse the nearly 200 commits since the first release candidate from the beginning of the year to see everything that has been fixed.

If you’re about to start a new application, I feel confident enough in this release to recommend that you should base it off this RC2. If you like to keep up with the latest release, now is also a great time to update your existing application.

You can read in even more detail about everything that’s new in Rails 5.2 in the newly finished release notes.

Enjoy Rails 5.2 and hope to see a good portion of everybody at RailsConf in a month or so!

Recap of the highlights of Rails 5.2 from the beta announcement

It’s been too hard to deal with file uploads in Rails for too long. Sure, there’s been a lot of fine plugins available, but it was overdue that we incorporated something right into the framework. So now we have!

With the new Active Storage framework in Rails 5.2, we’ve solved for the modern approach of uploading files straight to the cloud. Out of the box, there’s support for Amazon’s S3, Google’s Cloud Storage, and Microsoft Azure Cloud File Storage.

If you’re dealing with images, you can create variants on the fly. If you’re dealing with videos or PDFs, you can create previews on the fly. And regardless of the type, you can analyze uploads for metadata extraction asynchronously.

Active Storage was extracted from Basecamp 3 by George Claghorn and yours truly. So not only is the framework already used in production, it was born from production. There’s that Extraction Design guarantee stamp alright!

Speaking of extractions, Jeremy Daer has untangled the long jungle twine of hacks we were using at Basecamp to employ Redis for general partial, fragment, and other Rails caching jobs. There’s a sparkling new Redis Cache Store that incorporates all those years of veteran hacks into a cohesive unit that anyone can use.

This new Redis Cache Store supports Redis::Distributed, for Memcached-like sharding across Redises. It’s fault tolerant, so will treat failures like misses, rather than kill the request with an exception. It even supports distributed MGETs for that full partial collection caching goodness.

This comes together with a massive leap forward for cache efficiency with key recycling and compression both available by default. For Basecamp, it meant improving the cache lifetime by two orders of magnitude! We went from having caches trashed in as little as a day to having caches last for months. If you’re using partial caching and the nesting doll strategy, your cache lifetime will improve dramatically between these two changes.

We’ve also embraced the cherry of HTTP/2 with early hints through the work of Aaron Patterson and Eileen Uchitelle. This means we can automatically instruct the web server to send required style sheet and JavaScript assets early. Which means faster full page delivery, as who wouldn’t want that?

On the topic of performance, Rails now ships with Bootsnap in the default Gemfile, created by our friends at Shopify. It generally reduces application boot times by over 50%.

Rails has always been in the forefront of making your web applications more secure, leading the way with built-in CSRF and XSS protection and we’ve enhanced that further in Rails 5.2 with the addition of a new DSL that allows you to configure a Content Security Policy for your application. You can configure a global default policy and then override it on a per-resource basis and even use lambdas to inject per-request values into the header such as account subdomains in a multi-tenant application.

But it’s not all just new starry-eyed wonders. In Rails 5.1, we added encrypted secrets. These secrets were like the old secrets but, uhm, more secret, because, you know, ENCRYPTION! Confusing? Yes. Why would you want secrets that weren’t really secret? Well, you don’t.

In Rails 5.2, we’ve rectified the mess by deprecating the two different kinds of secrets and introduced a new shared concept called Credentials. Credentials, like AWS access keys and other forms of logins and passwords, were the dominant use case for secrets, so why not just call a spade a spade. So spade it is!

Credentials are always encrypted. This means they’re safe to check into revision control, as long as you keep the key out of it. That means atomic deploys, no need to mess with a flurry of environment variables, and other benefits of having all credentials that the app needs in one place, safe and secure.

In addition, we’ve opened up the API underlying Credentials, so you can easily deal with other encrypted configurations, keys, and files.

Since Rails 5.1, we’ve also made great strides with Webpacker. So Rails 5.2 is meant to pair beautifully with the new Webpacker 3.0 release. Rails has fully embraced modern JavaScript with a pre-configured build pipeline run by Webpack. We keep strengthening that relationship.

Time column improvements and bugfixes!

Hello everyone! This is Greg bringing you the latest news from the Rails world.

This Week’s Contributors

15 people contributed to Rails this week! If you’d like to join them, why not check out the list of open issues?

Time column improvements

This commit applies precision when assigning values to time columns, fixes issues with time columns not being normalised on SQLite and ensures that the date component from a time is stripped for MySQL and PostgreSQL.

RedisCacheStore configuration fix

When RedisCacheStore is initialised it  should take a redis instance but it didn’t before this patch.

Fix multiline expression indexes for postgresql

This commit fixes an issue with Active Record’s PostgreSQL adapter when an index is defined by an expression.

That’s it for this week. Many more changes were introduced to Rails than were featured here, check out the full week of commit activity to learn more!

Until next time!

Rails 5.1.5, parallel testing and more!

Hello everyone! This is Roque bringing you the latest news from the Rails world.

Rails 5.1.5 released 🎉

Release 5.1.5 is out, but you can still help the community by testing 5.2.0.rc1 to ensure it is solid.

This Week’s Contributors

26 people contributed to Rails the past week! If you’d like to join them, why not check out the list of open issues?

On writing software well: pilot episode

This is first of a serie of episodes recently released by DHH. Check out the full list on YouTube.

Parallel testing

In Rails 6.0.0, new application will run tests in parallel by default. The number of parallel workers is customizable, and which one will have its own temporary database. I recommend reading the awesome pull request description. Good job!

Custom serializers for Active Job arguments

This brings more flexibility on how arguments are passed to jobs. Arguments can be serialized using a simple interface described here.

Add #create_or_find_by

This is similar to #find_or_create_by, but avoids querying the table first before attempting to insert a row. The new approach relies on unique constraints to try inserting a row first, and selecting later. This is very helpful to high throughput application that could have data changes between a SELECT and a INSERT.

Add support for connection pooling on Redis cache store

This will keep the number of Redis connections under control.

That’s it for this week. Many more changes were introduced to Rails than were featured here, check out the full week of commit activity to learn more!

Until next time!

Rails 5.1.5 has been released

Hi everyone,

I am happy to announce that Rails 5.1.5 has been released.

CHANGES since 5.1.4

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-256

If you’d like to verify that your gem is the same as the one I’ve uploaded, please use these SHA-256 hashes.

Here are the checksums for 5.1.5:

$ shasum -a 256 *-5.1.5.gem
877ff84da386dafdd5d8fc5f8fccd2d87be59cbbfdd2dcac378fb3672c3eb554  actioncable-5.1.5.gem
9c690209cdd6da82ab335db6195f8179afd5e36ed64a70d63a1c78f34d3150e4  actionmailer-5.1.5.gem
ed592c0b6a729bd5b96daa11b7a9cc9f930c5fd69650184519d3957e0063eeaa  actionpack-5.1.5.gem
47ac593df4dc8b1e9e80be8118c61dba0046dc53dd470eecdab1af33233bcc95  actionview-5.1.5.gem
e063e2042173723a5b135efbe9c4c1cd9a0cf49b28047ae8ef7113b8fc43ecef  activejob-5.1.5.gem
dddd51d8682d96c14adc5b9064b8c8ed544e4de8bfe69845d80464c2e78a61fe  activemodel-5.1.5.gem
fc11c06b9cd40b9871c6a82d6497bb0755991846fb3712a1433ee5ad23fc3572  activerecord-5.1.5.gem
d9b548c63c547b8d6b4c98ca6f8a61d21833ea33a09e7a2295156344d2996c5a  activesupport-5.1.5.gem
fee9771fc53f3060875267a6789aea9e35975e5c344ff5c3175e27be92a01561  rails-5.1.5.gem
fa9747717cc279d4dce56a7a75a230dfce8f166a5be120bc2f2f38b91925aa43  railties-5.1.5.gem

As always, huge thanks to the many contributors who helped with this release.