Hello, zzak here with the latest changes from the last week to Rails.
This release includes many bug fixes so be sure to upgrade! You can read the full summary of changes here.
This solves a potential query manipulation vulnerability with MySQL.
A helpful exception is now raised if pool_config is nil when using config.active_record.writing_role(:all).
After introducing encryption into Active Record, a couple new features and a bug fix were followed!
This PR removes N+1 queries from Active Storage when using with_all_variant_records and with_attached_* scope.
Previously there was a bug when using strict_loading where eager loading wouldn’t propagate through associations.
Previously when generating a new Rails app, the package.json would hard-code the string “6.0.0” for all npm dependencies. This now uses the Rails version that generated the app.
This allows expiring URLs for signed blob ids in Active Storage via the “expires_in” parameter or by setting a default with “config.active_storage.urls_expire_in”.
This PR adds support for setting the default “cache_control” headers for uploads using Google Cloud Storage service.
By using the built-in features of FFmpeg, Active Storage now generates much better thumbnails for videos. These parameters were also made configurable in a follow-up PR!
You should be calling these methods directly on the attachment and not on the association.
You may be familiar with the instance method Model#update!, but now you can do that on the class!
This fixes a huge performance bug for inversing associations with a lot of records.
This quality-of-life improvement is for apps migrating from RailsUJS to Turbo with both living inside the codebase to easily distinguish which should handle forms.