Hey, this is Greg, bringing you the latest news about Ruby on Rails!
Rails 18.104.22.168 has been released! It is a security release and addresses a possible XSS attack vector in Actionable Exceptions.
You can read more about the issue here and check the commit with the fix here.
This PR introduces an
exists? call instead of loading the entire relation into memory and that makes it better performing.
A follow-up PR for the above improvement, because the original solution broke
includes? when an offset was provided, but this change covers that case and falls back to loading the relation in case an offset is provided.
With this change, it is possible to build conditions based on the record’s attributes for a uniqueness validation.
This PR allows one to set the default Cache-Control header to reflect the simple no-store directive exclusively and all other cache directives are dropped when that’s set.