Multiple database improvements, bugfixes and more!

Hey, this is Greg bringing you the latest news about the Rails framework.

Show outstanding migrations on the error page

This PR adds the details of the pending migrations to the pending migrations error message so you will know from the error what’s pending.

Add ability to set per param encoding

Previously you could skip encoding which would encode all parameters on an action as ASCII_8BIT, but after this change you can specify the param_encoding for any one parameter on an action in your controller. An example can be found here.

Fix resources being fetched twice when crossorigin attribute is used

When you load a script or css (by using javascript_include_tag or stylesheet_link_tag respectively) with crossorigin attribute applied, Rails currently causes some browsers to fetch these resources twice. That is because crossorigin in the link header preload directive and on the resource itself need to match in order for browsers to re-use a resource.
This PR changes it so that the link header directives include the same crossorigin values as those that have been passed to the resources themselves, which allows browsers to reuse the preloaded resource.

Implement connecting_to method

Sometimes you need to have a different default connection but aren’t calling the connection with a block. An example is booting a console in reading mode. This PR adds the ability for a script to set a specific connection on boot while preserving the behaviour of connected_to for application code.

Warn if we can’t read the yaml to create database tasks

For multiple databases Rails attempts to generate the tasks by reading the
database.yml before the Rails application is booted but there are some complex cases when this is not possible and Rails will simply issue a warning saying it couldn’t infer the database tasks from the database.yml.

Fix TimeWithzone bug

There was a rounding off issue when we were comparing TimeWithZone times with DateTime and this PR fixes that.

29 people contributed to Rails since last week. Check out the detailed list of all changes. Until next week!

Active Record values_at and cache improvements

Hi, it’s Wojtek bringing you the latest changes summary from Ruby on Rails codebase.

Add values_at method to Active Record

Simplifies retrieving values of specific attributes on Active Record model instance, ie person.values_at(:name, :age).

Use environment variable MEMCACHE_SERVERS by default

When no specific configuration is provided, MEMCACHE_SERVERS environment variable will be checked first before falling back to localhost 127.0.0.1:11211 address in ActiveSupport::Cache::MemCacheStore.

Add store name to cache instrumentation

When subscribing to a “cache” instrumentation events, additional parameter with store name is provided to ease recognizing the context.

12 people contributed to Rails since the last week. Check out the detailed list of all changes. Until next week!

New API Docs site, configurable cache coder, bug fixes, and more!

Hi there! This is Andy bringing you the latest on what’s shipped this week in Ruby on Rails!

New API docs back-end

The frames-based Rails API docs site has been replaced with CSS and Turbolinks. Deep linking is now supported! Let’s take a moment and remember the humble 1990s era <frame/>! Check it out at https://edgeapi.rubyonrails.org.

Stable sorting for DatabaseConfigurations#find_db_config

Sorting configuration for multiple databases was not guaranteed to be stable. This PR fixes that, and includes a supporting test with more information.

Handle binary strings in Active Record serialized columns

When binary data is stored in a serialized column, this change ensures that the original value is preserved. Check out the supporting test for an example.

Make ActiveSupport::Cache coder configurable

This PR lays the groundwork to specify a custom coder. The PR author describes a scenario migrating between 2 different cache stores as a potential use case.

Include layout when rendering objects from controllers

Did you ever notice Rails was like “nah”, when trying to render from a controller with a layout? Well, I’ve got some good news for you.

Fix read_attribute_before_type_cast

From the author: “With this change, read_attribute_before_type_cast will be able to get the value before typecast even if the attr_name is an attribute_alias.”

Fixes, optimizations and documentation

And finally, let’s recognize these contributors that fixed a flaky test, created an optimization to avoid unnecessary queries and another that avoids a duplicate record. In addition to that, 5 PRs shipped this week with documentation improvements! Thank you!

Thank you to the 20 people that contributed to Rails this week. If you’d like to be part of that, check out the list of open issues. Until next time!

A security release, bugfixes and more!

Hey, this is Greg, bringing you the latest news about Ruby on Rails!

Rails 6.0.3.4 has been released!

Rails 6.0.3.4 has been released! It is a security release and addresses a possible XSS attack vector in Actionable Exceptions.
You can read more about the issue here and check the commit with the fix here.

Optimize ActiveRecord::Relation#include? on an unloaded relation

This PR introduces an exists? call instead of loading the entire relation into memory and that makes it better performing.

Fix ActiveRecord::Relation#include? in case where offset is provided

A follow-up PR for the above improvement, because the original solution broke includes? when an offset was provided, but this change covers that case and falls back to loading the relation in case an offset is provided.

Support passing record to uniqueness validator’s :conditions option

With this change, it is possible to build conditions based on the record’s attributes for a uniqueness validation.

Allow for only no-store in cache-control header

This PR allows one to set the default Cache-Control header to reflect the simple no-store directive exclusively and all other cache directives are dropped when that’s set.

20 people contributed to Rails the past week! If you want to be part of that, check out the list of open issues! Until next week!

Rails 6.0.3.4 has been released

Hey everyone! Rails version 6.0.3.4 has been released! This version is a security release and addresses one possible XSS attack vector in Actionable Exceptions.

You can read more about the issue here.

Here are the checksums for the gems:

$ shasum *6.0.3.4*
04ec20fe5d23d9e21ed2dd04139563e4173f6c1b  actioncable-6.0.3.4.gem
c96926a293abcb63a9471e9064824160b7348683  actionmailbox-6.0.3.4.gem
e2a0221f78f260b93ac57c1d40f2c0cabe82b1c9  actionmailer-6.0.3.4.gem
83a4fc7ebb7e7b41795149e1d1879e2bce4540f2  actionpack-6.0.3.4.gem
b080d368861b406b2b78ae46f905476d66b8ba4b  actiontext-6.0.3.4.gem
27ecb9befa64104c7b27bc547f4f58de4ba25d9c  actionview-6.0.3.4.gem
5405baf9298cc3af01a5160ebed4ebb79eec0a69  activejob-6.0.3.4.gem
777cf1db073a988d47e1669f494801065560772d  activemodel-6.0.3.4.gem
1f8b15b082531461d7fa029e238b4a53034ddb5c  activerecord-6.0.3.4.gem
07d31d2e1c690384aa6e196c9e844f953551918b  activestorage-6.0.3.4.gem
0c145c62c94dae5c36641d0abcd0026ff40cba95  activesupport-6.0.3.4.gem
a1503f158074aae4dce10d9c1ef6110a3cb61657  rails-6.0.3.4.gem
6066d3a3975184aa566c803aa6c573086f0b296e  railties-6.0.3.4.gem

Have a great day!

<3

Destroying associations asynchronously, interval datatype and more

Hi, Wojtek from this side. We are coming back with newsletter! Here are the changes in Ruby on Rails codebase from the last week.

Destroy associations via background job

Destroying associated records can now be done in background job by setting dependent: :destroy_async option.

Support for PostgreSQL interval datatype

Add support for PostgreSQL interval data type with conversion to ActiveSupport::Duration when loading records from database and serialization to ISO 8601 formatted duration string on save.

Per environment Active Storage config files

Active Storage configuration files for specific environment like config/storage/production.yml will take precedence over config/storage.yml.
It should ease complex configuration scenarios which may arise when configuring services per attachment.

Base class for Active Storage, Action Text and Action Mailbox

Permit applications to hack in custom databases for Active Storage, Action Text and Action Mailbox models by extracting base Active Record class.

17 people contributed to Rails since the last week. Check out the detailed list of all changes. Until next week!

Rails 5.2.4.4 and 6.0.3.3 have been released

Hi everyone! Rails 5.2.4.4 and 6.0.3.3 have been released! These releases contain an important security fix, so please upgrade when you can.

Both releases contain the following fix:

Here are the checksums for 5.2.4.4:

ddc79ec6c5122c1eda8121b3c75ca53635235427  actioncable-5.2.4.4.gem
caaa2b50e93b71d25e2181a2bf9d7e885fbbb1f6  actionmailer-5.2.4.4.gem
228ea8910bad233edfe78c323c2789f3c6c811bc  actionpack-5.2.4.4.gem
686b82b79ad7a356a19f23738a79f65ee9dcc2a7  actionview-5.2.4.4.gem
cfa1e6f429162076914fce6897389f10541d6316  activejob-5.2.4.4.gem
1d6f19c918b991aca06d1c32de824ec5ed15bbfb  activemodel-5.2.4.4.gem
12c025ef4137ad8a1570d918a7ad44af3abcfc73  activerecord-5.2.4.4.gem
0e5853ed36a588b017c7e72fcbcc90cff80b8d2d  activestorage-5.2.4.4.gem
7b4459dcfc5f95c9663d8032a9cbf25a6039e8a1  activesupport-5.2.4.4.gem
c755abb919f6be479a50c85c5852fb584cf2e1d4  rails-5.2.4.4.gem
9ed4e14fa0e70ee66f840322e04873faa97f4475  railties-5.2.4.4.gem

Here are the checksums for 6.0.3.3:

e7aad7426b67e420c50f929d6927c82b82ba7299  actioncable-6.0.3.3.gem
fa84ead6387625f4bbb273a0f21c477a66cb85ec  actionmailbox-6.0.3.3.gem
5ec626522e33b09577b60606c9ce38366a55fcf3  actionmailer-6.0.3.3.gem
5fbeef52d963e9e86e81f1897b663702faabc14e  actionpack-6.0.3.3.gem
eaa20ebf94fd7a2954da2c5d2159ba160c2dbb0d  actiontext-6.0.3.3.gem
fe8a07f6adfa212b51d27650db05cf20a5c80a3c  actionview-6.0.3.3.gem
09d536656bce51729710a063ac1d8cd3f0a70607  activejob-6.0.3.3.gem
42037b04104f997b014b0e2754b0fd540337a996  activemodel-6.0.3.3.gem
ffb2443a7a961876a06c59c9ccabda1dd9d40763  activerecord-6.0.3.3.gem
4f151eaf3145ffcf247072b59fdd4e53eca5f3d0  activestorage-6.0.3.3.gem
673e08bfcce6de903d0dfc4c0bb80f67b46c76d4  activesupport-6.0.3.3.gem
a6ba4ef9858e7778d379d9fd6944819d926d31a2  rails-6.0.3.3.gem
504ab700f86737a5747f1557fbef1fac39217ed8  railties-6.0.3.3.gem

Stay safe, and have a great day everyone!

Rails 6.0.3.2 has been released!

Hi everyone!

Rails 6.0.3.2 has been released! This version of Rails contains an important security patch, and you should upgrade! The release contains only one patch that addresses CVE-2020-8185. You can read about CVE-2020-8185 here.

Here are the checksums for the released gems:

$ shasum *6.0.3.2*
49c72c7d45ea6de626313d6142f2c307628d4f7e  actioncable-6.0.3.2.gem
dac7b0bab305f2666525369dc55b33c7cce03b96  actionmailbox-6.0.3.2.gem
a39e5f6e1cb4988ce17e7778a4c6d01b4b24bcdd  actionmailer-6.0.3.2.gem
82f70a87edf540897449d21dde0503213bd62bb2  actionpack-6.0.3.2.gem
fcb1d3e4e67e4a1036d11826f80a9dcbeb849e6c  actiontext-6.0.3.2.gem
0516d18bb37a0a23092b19c4a0473229b706c810  actionview-6.0.3.2.gem
93e32defe3bc17bd2a1a8cdb4d4d81564e8921b3  activejob-6.0.3.2.gem
1606d88b3a86125f89a331a33552cae09401c30d  activemodel-6.0.3.2.gem
a933167ad597b0f5679ffa400309bf697d53de72  activerecord-6.0.3.2.gem
187424658db284753a331a1a3cefa1261016365f  activestorage-6.0.3.2.gem
b92c473960b1ef01ee562d318604e1c8d1e6b175  activesupport-6.0.3.2.gem
7a7235a0d5233338896ca26cbe368c93812231e5  rails-6.0.3.2.gem
151e00dcecc52bf59c6ec52838eeb729e527ae2f  railties-6.0.3.2.gem

Have a great day!

<3

Rails 5.2.4.3 and 6.0.3.1 have been released

Hi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can.

Both releases contain the following fixes:

Here are the checksums for 5.2.4.3:

57936c04e421d5626dae6384645d2c04c50fade9  actioncable-5.2.4.3.gem
b9574346692494c816ba90c6c9f882e7535d3d6e  actionmailer-5.2.4.3.gem
d9abd6496bb593bcd6ded01eb2970d6c68591913  actionpack-5.2.4.3.gem
94b6025625aaf8a58271f29a8fcf2ab731bb2ba5  actionview-5.2.4.3.gem
261537dfe4b9becacadb97b5a4b1745a1a2ad88e  activejob-5.2.4.3.gem
3152765c56701234d56505be6f9f335686335d42  activemodel-5.2.4.3.gem
2db5dfbeb0860c4287fe1f6f7f4d180213c95393  activerecord-5.2.4.3.gem
80d1942082dfac378fa2446c4d9b90b59a209b16  activestorage-5.2.4.3.gem
1bfd68dcae101feb5a6414f3d449de07f179366b  activesupport-5.2.4.3.gem
27a4883d96f4bdfb67f89194e55f72c80ded8bcb  rails-5.2.4.3.gem
0ca72c6ab581f088394096f28290cb3fcc5abed6  railties-5.2.4.3.gem

Here are the checksums for 6.0.3.1:

7a791c75121a2d291c940c42dee32bab6f79b28d  actioncable-6.0.3.1.gem
8ab6c70bb51c65365f0ecf45bc313a92538bdc51  actionmailbox-6.0.3.1.gem
32abbd8b860e0eb4dc6ddc7eb91229f138f41be5  actionmailer-6.0.3.1.gem
b4e2f362f9e3f64c463f13a355c91eac4faf5c3c  actionpack-6.0.3.1.gem
d2830250080c6ddfce32d7eed3b5e06868593679  actiontext-6.0.3.1.gem
d6fd791dd17410eedc792a83114bd2226d809081  actionview-6.0.3.1.gem
d93fa09175cd3a4260aaa04576405caeaea5c722  activejob-6.0.3.1.gem
751083db939d5b00ee66e383688365f06221b9a5  activemodel-6.0.3.1.gem
799344ebdf08a45c56ace16e3f124d4e2a0ecc46  activerecord-6.0.3.1.gem
5066a273cc46d7a71e69f34c6d17b1f0eeac74ef  activestorage-6.0.3.1.gem
637121aaab5d88902f686d64e86fd4b4967b2031  activesupport-6.0.3.1.gem
faebc6a2d71d81b8fdababff057b91bea2bba47e  rails-6.0.3.1.gem
5dacf3de55b1c1aa6f9f31b346e963a3745a15d2  railties-6.0.3.1.gem

Stay safe, and have a great day everyone!

Rails 4.2.11.3 has been released

Due to an unfortunate oversight, Rails 4.2.11.2 has a missing constant error. To address this Rails 4.2.11.3 has been released.

The original announcement for CVE-2020-8163 has a follow-up message with an updated patch if you’re unable to use the gems.

Here are the shas:

$ sha256sum *-4.2.11.3.gem
229cd7da59bd26faf3e9d67a8285150e6eba6f63e077392b68d93b02a06cfd34  actionmailer-4.2.11.3.gem
67e84b5fcde0b2d885987a444646fb4d741926fd565565a336e73c5153e7a5a4  actionpack-4.2.11.3.gem
3be3f1ab60f518415da2fab994eac7d4ad869ea6b89762b7c1a9922e0756963e  actionview-4.2.11.3.gem
cab80c01aa01e0856c506c9a1fc7e492ca5e93c45ac917f9ea3671f8c77016ae  activejob-4.2.11.3.gem
97b94190b4a2c1ccfaa9727a445d2b157dac8378959c37df3b51a0aafb3967fc  activemodel-4.2.11.3.gem
cd6c8445c0b4ee3c89ec382149c0e7d44148d179092f69d8ec333be1fc4efcba  activerecord-4.2.11.3.gem
515015c5b8c7b35af33f5911c14248b06438c25fda60905965ba8d3c2237e372  activesupport-4.2.11.3.gem
7502ee83259abce924803052e34f3a9d072b01050e41e2ae94a22ddfd16d9686  rails-4.2.11.3.gem
f33ac1fc4e3dff3f35369caaf7ca21ace876637fabba9d05e512bfc06379c789  railties-4.2.11.3.gem

Apologies to anyone affected by this error.