A security release, bugfixes and more!

Posted by gregmolnar, October 11, 2020 @ 12:00 am in News

Hey, this is Greg, bringing you the latest news about Ruby on Rails!

Rails 6.0.3.4 has been released!

Rails 6.0.3.4 has been released! It is a security release and addresses a possible XSS attack vector in Actionable Exceptions.
You can read more about the issue here and check the commit with the fix here.

Optimize ActiveRecord::Relation#include? on an unloaded relation

This PR introduces an exists? call instead of loading the entire relation into memory and that makes it better performing.

Fix ActiveRecord::Relation#include? in case where offset is provided

A follow-up PR for the above improvement, because the original solution broke includes? when an offset was provided, but this change covers that case and falls back to loading the relation in case an offset is provided.

Support passing record to uniqueness validator’s :conditions option

With this change, it is possible to build conditions based on the record’s attributes for a uniqueness validation.

Allow for only no-store in cache-control header

This PR allows one to set the default Cache-Control header to reflect the simple no-store directive exclusively and all other cache directives are dropped when that’s set.

20 people contributed to Rails the past week! If you want to be part of that, check out the list of open issues! Until next week!