This week in Rails: Security Releases, Enumerable Relations and more!

####

Hey there!

I’m just glad we all made to this Friday. This is Washington again pulling together a few stories for our weekly newsletter on Rails.

This week’s Rails contributors

Keeping our tradition let’s start with the 32 splendid contributors that made their commits to rails/rails this week. Keep in mind a ton other people also helped by creating issues and helping the core team with PR reviews.

Rails security releases 3.2.22, 4.1.11 and 4.2.2

Time to upgrade your applications. Five announcements landed on Rails security mailing list this week. Consider joining that list as well if you haven’t yet.

Improved

Include Enumerable in ActiveRecord::Relation

After a couple years Rails core team seems to have changed its mind and Enumerable is finally included into active record relations. Things change and I believe that’s fine.

Fixed

Autoload ActiveRecord::RecordInvalid

Thanks to the awesome open source community it was noted ActiveRecord::RecordInvalid was not being eager loaded as expected. The fix was backported to all supported branches.

Deprecated

Remove ContentLength middleware from the defaults

As per an old change on Rack spec Rails 5 will no longer ship with ContentLength middlleware by default.

Passing hash as first parameter into ActionController::Head is deprecated

The way to go now is to explicitly pass the status first then pass the options hash as a second parameter.

That’s a wrap

That’s all for This week in Rails. As always, there are many more changes than we have room to cover here, but feel free to check them out yourself!

Have you been thinking about writing for us, but you’re scared of putting yourself out there? Don’t worry, you can help our editors improve their writing with thoughtful critique and general grammar policing.

You up for that? Tell Godfrey today.

Rails 3.2.22, 4.1.11 and 4.2.2 have been released and more

Hi everyone!

Rails 3.2.22, 4.1.11 and 4.2.2 have been released, along with web console and jquery-rails plugins and Rack 1.5.4 and 1.6.2.

These releases contain security fixes, so please upgrade as soon as possible!

The security fixes for 4.1.11 and 4.2.2 are:

In order to make upgrading as smooth as possible, we’ve only included commits directly related to each security issue.

The security fix for 3.2.22 is:

Differently from the Rails 4 releases, Rails 3.2.22 includes all the commits from the 3-2-stable branch. This mean that now Rails 3.2 supports Ruby 2.2.

The commits for 3.2.22 can be found here, the commits for 4.1.11 can be found here, and the commits for 4.2.2 can be found here.

Web Console

We are also releasing Web Console 2.1.3 that contains the fix for the following issue:

The commits can be found here.

jquery-ujs and jquery-rails

We are also releasing jquery-ujs 1.0.4 and jquery-rails 3.1.3 and 4.0.4 that includes fix for the following issue:

The commits for jquery-rails 3.1.3 can be found here, the commits for jquery-rails 4.0.4 can be found here, and the commits for jquery-ujs 1.0.4 can be found here.

Rack

Rack 1.5.4 and Rack 1.6.2 have also been released, which include fixes for the following issue:

The commits for rack 1.5.4 can be found here, and the commits for rack 1.6.2 can be found here.

SHA-1

Here are the checksums for Rails 3.2.22:

$ shasum *3.2.22*
cc56be2f49baeeccc0da87b740f23d0ac7bd2d24  actionmailer-3.2.22.gem
d20fd24d9049fad99ea5405a265ca7c9690af378  actionpack-3.2.22.gem
0454b4bd49a1a423e1ef6231a5cb510ca48e0cb8  activemodel-3.2.22.gem
d9e51980eb4892089a29531c1fea69cabe9511e4  activerecord-3.2.22.gem
3754c63826f09b6b10bd0ca749646f76fbe195c6  activeresource-3.2.22.gem
4da01bbf6e03326c24c261c3d65a8c0b563f8663  activesupport-3.2.22.gem
0386d4d55b52d1348e024cb237e3b81126ce6c46  rails-3.2.22.gem
56575ff805b432be10fa79080c25c790947999f2  railties-3.2.22.gem

Here are the checksums for Rails 4.1.11:

$ shasum *4.1.11*
154856eb9c940e8fb5c999b08c748ce82e8a1197  actionmailer-4.1.11.gem
fa9a8271d8c19af89f8cf46c9a5bfd0b3ece1226  actionpack-4.1.11.gem
340678573b91ad305b9c2b07844d0628dbcf6a8d  actionview-4.1.11.gem
c56dc176a7ac0690d4f59472f28b36a664221d5c  activemodel-4.1.11.gem
711334da9e88d8d2606b4e12df115b093fb3a1b1  activerecord-4.1.11.gem
b714633af191481332797ed09f62fdd784363fb1  activesupport-4.1.11.gem
9fc1c823457ffe51cc6f52de2960035149621e15  rails-4.1.11.gem
1640674035171d0eb36ff91da9ea8d86f2137261  railties-4.1.11.gem

Here are the checksums for Rails 4.2.2:

$ shasum *4.2.2*
a093bdd43d732416f02b1cc39edc4f839b27cc69  actionmailer-4.2.2.gem
51dc701f026f3a84a779287459996f36023877f9  actionpack-4.2.2.gem
6ae3231fa1e6bbd07b4d1bf7b124654b39f3e048  actionview-4.2.2.gem
16e607a30b41d000bae2e848c11ef472264a5d94  activejob-4.2.2.gem
e667fb6dee998be2d1d01086467fa3fe2ca58dff  activemodel-4.2.2.gem
394cc4d39e8c84c2aed5b25c352cd6b2903ab686  activerecord-4.2.2.gem
b4b91de89a8c6f223bed5c01a7e578956d4a2bf7  activesupport-4.2.2.gem
a9e286e6799bde99e1449706854b910b5c466302  rails-4.2.2.gem
dd46d7f599fb883c1d3fd6b5ec8fcfd61628b869  railties-4.2.2.gem

Here is the checksum for Web Console 2.1.3:

$ shasum web-console-2.1.3*
60aed82466891904d7348583d67ec7dabce3a176  web-console-2.1.3.gem

Here are the checksums for jquery-rails 3.1.3 and 4.0.4:

$ shasum jquery-rails*.gem
691b6ec57ee08f8ef80bae3e8c09a4442d2f7d5c  jquery-rails-3.1.3.gem
159b4127ebbaba708cbed2921d1d1b00134ee834  jquery-rails-4.0.4.gem

Here are the checksums for Rack 1.5.4 and 1.6.2:

$ shasum rack-*.gem
d71ea9c90d7ef2a0787722f233da8fcbfb5e55d5  rack-1.5.4.gem
85d34dbf068cda5cf36432984da8ccf81c3d1be5  rack-1.6.2.gem

This week in Rails: Rails API, fun with minitest and more!

####

Howdy folks!

My name is Todd and I’ll be your guide through the land of Rails this week. Straight from the comfort of my couch with awful lumbar support, I proudly present bad posture and the highlights from This Week in Rails.

This week’s Rails Contributors

42 people made Rails even more awesome this week.

Rails API has landed on master!

After 52 days, lots of great comments, and a ton of incredible work by Santiago and Jorge, Rails API has been merged into master and will be released as part of Rails 5!

New Stuff

Optional scaffold.css

If you’ve ever wanted the ability to avoid generating scaffold.css when performing a scaffold, you’re in luck. Simply use the --no-scaffold-stylesheet switch and you’re good to go!

Improved

Better minitest integration for Rails’ test runner

The new Rails test runner has been modified to take better advantage of minitest’s extension system.

Added a Point object for Postgres point types

Rails 5 will deprecate the current behavior for Postgres point types. Moving forward, the Postgres adapter will return a Point object instead of an Array.

Reversible remove_foreign_key

Migrations using remove_foreign_key can now be automatically reverted with rake db:rollback without manually defining the down operations.

Fixed

Prefix and suffix options for enums

This allows you to add a prefix or suffix to enum’s auto-generated methods. Useful if you have multiple enums with the same values.

Fixed ignore_blank for required select fields

This change will now cause an ArgumentError to be raised in the event ignore_blank is set to false on a required select field.

Fixed abstract class fixtures with belongs_to

Fixes an issue where using belongs_to in abstract classes would result in a crash when loading test fixtures.

That’s a wrap

That’s all for This week in Rails. As always, there are many more changes than we have room to cover here, but feel free to check them out yourself!

Have you been thinking about writing for us, but you’re scared of putting yourself out there? Don’t worry, you can help our editors improve their writing with thoughtful critique and general grammar policing.

You up for that? Tell Godfrey today.

This week in Rails: DateTime vs Time, summer student projects and more!

Hello everyone!

This is Marcel making my ‘initial commit’ with awesome help from Kasper, your friendly ghost editor. Ten minutes from the lovely Jamaican shores, here are the headlines from This Week in Rails.

This week’s Rails Contributors

56 people helped make Rails even more awesome this week.

When should you use DateTime?

Ever wondered what is the difference between DateTime and Time? Checkout this enlightening gist on when you would use each which also landed in the ruby documentation.

Google Summer of Code – Web Console

Follow one of our Google Summer of Code student Hiroyuki on his thoughts, experiments and progress with the web-console browser extension project.

Rails Girls Summer of Code

Meet the 16 official teams that will be participating in the 2015 Rails Girls Summer of Code. We wish them the best of luck.

New Stuff

Custom configurations can be required

Sometimes there’s a configuration your app simply needs to function. Now that important client secret can raise if it hasn’t been set. Just go out with a bang: Rails.application.kitty_litter_supreme.client_secret!

Action Mailer queue name is configurable

Currently all mails sent with deliver_later are put in the mailers queue. This patch keeps that default but allows the queue name to be configured globally via config.action_mailer.deliver_later_queue_name. See also related documentation commit.

Improved

Use inline Gemfile when reporting bugs

No longer do you need to write a physical Gemfile when submitting bug reports, as Bundler 1.10.3 now supports inline gems. Of note, when an inline Gemfile is used, bundle exec is not supported.

Use block variable instead of global

As it turns out using a block variable instead of a “magic” global variable is not only faster but easier to read.

Enumerable#pluck supports multiple attributes

This allows easier integration with Active Record, such that ActiveRecord::Base#pluck will now use Enumerable#pluck if the relation is loaded, without needing to hit the database.

Deprecated

Remove assert_template and assigns()

In order to discourage ties in the controller tests to the internal structure of how your views are organized, assigns and assert_template have both been removed and extracted to the gem rails-controller-testing.

Fixed

Apply Active Record suppression to all saves

Active Record’s suppress is now being applied to non-bang save and update methods. It was also missing from create_* methods provided by singular associations. See gist for more details.

That’s a wrap

That’s all for This week in Rails. As always, there are many more changes than we have room to cover here, but feel free to check them out yourself!

Have you been thinking about writing for us, but you’re scared of putting yourself out there? Don’t worry, you can help our editors improve their writing with thoughtful critique and general grammar policing.

You up for that? Tell Godfrey today.

This week in Rails: Enumerable#pluck, SQLite Collation and lots more

####

Hello everyone!

This is Vipul , happily reporting from a Simmering Summer 😎. Pour yourself a drink 🍹, sit back, relax and enjoy, as we go through these hot off the press changes.

This week’s Rails Contributors

43 people helped make Rails even awesome this week. Checkout the pulse page for more details.

New Stuff

Enumerable#pluck

Enumerable#pluck has just landed on master, providing similar functionality as Active Record’s #pluck.

This allows for something like [{ name: "David" }, { name: "Rafael" }, { name: "Aaron" }].pluck(:name) to get everyone’s names. Pretty handy!

Improved

Collation support in SQLite

Active Record now supports specifying a collation function for SQLite string columns.

Default procs in Attributes API

With the new Attributes API, it is now possible to specify a proc as the default values for an attribute, which allows for runtime-generated default values such as attribute :year, :integer, default: -> { Time.now.year }. See also these related changes.

Preserve MySQL’s sql\_mode with strict: :default

By default, Rails overrides MySQL’s sql_mode setting with sql_mode=STRICT_ALL_TABLES to prevent silent data loss. While this is helpful, it has the unfortunate side-effect of overriding any user customizations.

If you prefer to manage this yourself, you can now specify strict: :default in your connection’s config and Rails will leave your sql_mode alone. (STRICT_ALL_TABLES is still highly recommended though!)

Deprecated

Deprecate render nothing: true

If you are using render nothing: true, you should start replacing it with head :ok, which does the same thing and is more semantic. This option will go away permanently in Rails 5.1.

Deprecate Relation#uniq

The superficial similarity between Relation#uniq and Array#uniq has been a source of confusion, which led to the addition of Relation#distinct which better communicates what is happening under the hood.

The recent discussion on #20198 put the final nail in the coffin for Relation#uniq and its friends, #uniq! and #uniq_value. These methods are deprecated and scheduled for removal in Rails 5.1, so you might want to start using #distinct, #distinct! and #distinct_value soon.

That’s a wrap

That’s all for This week in Rails. As always, there are many more changes than we have room to cover here, but feel free to check them out yourself!

P.S. If you enjoyed this newsletter, why not share it with your friends? :) If you wish to be part of this project please don’t hesitate to contact Godfrey – there’re a lot of ways you could help make this newsletter more awesome!

This week in Rails: try'ing with Delegator, schema cache and a lot more

Hey everyone, this is Prathamesh. Back with latest spells and bindings from magical world of Rails. Keep your wands ready!

This week’s Rails Contributors

39 people got commits into rails/rails this week. And 7 of them made their first patch in this week! Checkout the pulse page for more details.

New Stuff

Support for try with Delegator

Delegator will now respond to try rather than delegating it to the underlying object. Phew! The surprising behavior when using try with normal objects and delegators is gone finally.

Improved

Copy schema cache to new connection pool after fork

Active Record does all the heavy lifting of maintaining and creating connection pools. It just got better. Thanks to this patch, it will copy the schema cache of old connections pools to the new ones if one already exists.

Fixed

Quoted sequence names now work with serial?

Quoted sequence names in PostgreSQL will work properly now with serial? method. Before this patch, the serial? method would return false if the sequence name was quoted. Finally it’s fixed.

One More Thing™

Integer#positive? and Integer#negative? in Ruby core

Last week Integer#positive? and Integer#negative? were added to Rails and this week they became part of Ruby core. Hooray!

That’s a wrap

That’s all for This week in Rails. As always, there are many more changes than we have room to cover here, but feel free to check them out yourself!

P.S. If you enjoyed this newsletter, why not share it with your friends? :) If you wish to be part of this project please don’t hesitate to contact Godfrey – there’re a lot of ways you could help make this newsletter more awesome!

This week in Rails: Connection Pool, Responsive Site, Oh my!

Hey everyone, cough this is cough Kasper.

I’ve been cough sick most of the week and am cough-ing my way through this.

Feel free to insert cough’s through the rest of this, as long as you remember not to snooze on a sneeze or two too.

Alright, cough ‘em up.

This Week’s Rails Contributors

Look at these 31 people and how they’ve hammered away at their keyboards, as if possessed by a different sickness. One of radness that is, my duderinos and duderinas.

Active Record: Connection Pool is More Concurrent

Active Record keeps a pool of database connections. To keep the pool safe from people trying to cannonball queries at once we need to lock it. The pull request slims down what happens when locking, so you can quicker release the lock. Basically more people can go splash, because the diving board is free earlier.

Holy Ruby on Rails on Responsive Website, Batman!

Are you on your phone? Are you on your watch? Are you on the toi… eh, anyway, the Rails website is now responsive.

Just to tide you over until the website redesign will be revealed. That’ll surely be a royal flush.

New Stuff

The Tragoedia and Comoedia of Integers

This week integers gained introspection methods that makes a select a tad easier to read. They are the gangbuster team of negative? and positive?. And hopefully the polarity shockwaves will rock the Ruby world too.

Fixed

Don’t Add to Local Assigns without an Object

If you rendered a partial like <%= render partial: 'spruce_goose' %>, Rails would spruce up local_assigns with the name of the partial. That goose chase ended this week.

One More Thing™

One More Chance to Review Rails API

The option to generate API only Rails apps is almost done. But there’s still a chance to help out by reviewing it. Give it a shot of love!

That’s a wrap

That’s all for This week in Rails. As always, there are more changes than we have room to cover here, but feel free to check them out yourself!

P.S. If you enjoyed this newsletter, why not share it with your friends? :) If you wish to be part of this project please don’t hesitate to contact Godfrey – there’re a lot of ways you could help make this newsletter more awesome!

This week in Rails: Job IDs, inline images preview and more

Hi there!! Washington here again.

Glad we all made to another Friday. A lot of small patches around Rails repository this week. So we had another relatively calm week after the major announcements on RailsConf. The talks list is getting bigger on confreaks by the way. You might want to watch some of those this weekend.

This Week’s Contributors

38 people made it to the Rails repository this week. Check out the pulse page on github too for the full list of recent issues and PRs.

New Stuff

Keeping original job IDs with ActiveJob#provider_job_id

ActiveJob will be able to report the original adapter job ID in Rails 5. The patch started targeting Delayed Job then Sidekiq and Que got their own about a week later. Great team work.

Mailer previews support inline images

This commit adds a preview interceptor to search for inline cid: urls in src attributes and convert them to data urls. P.S. I had to look up the cid protocol myself to get this one.

Deprecated

Removed assigns from functional test templates

Rails is moving towards deprecating the assigns helper on controller tests. The main motivation is that it’s asserting against the internals of the implementation which we shouldn’t care about in a unit test.

See some comments from DHH about that and a couple other test helpers.

Improved

Allow custom response messages on authentication methods

This adds the same functionality already provided in Digest to the HTTPAuth Basic and Token modules.

Apply schema cache dump when creating connections

Quite interesting patch on improving the set up for database connection pools. The schema cache dump will now be applied to every connection as they are created to avoid querying the database for its schema.

That’s a wrap

That’s all for This week in Rails. As always, there are more changes than we have room to cover here, but feel free to check them out yourself!

P.S. If you enjoyed this newsletter, why not share it with your friends? :) If you wish to be part of this project please don’t hesitate to contact Godfrey – there’re a lot of ways you could help make this newsletter more awesome!

This week in Rails: recovering from RailsConf

Happy Friday! It’s Claudio with the latest updates on Rails. Overall, this has been a relaxed week. Many documentation fixes have made their way into master while features uncovered at RailsConf (like the integration of Rails API) are being heavily discussed on GitHub.

This Week’s Contributors

This week 31 people helped Rails out. Six people had their first commit merged into rails/rails. Hooray!

RailsConf 2015 videos

One by one, all the presentations of RailsConf are being uploaded. Lots of great talks to fill your weekend!

GSoC students announced!

We are proud to announce that 8 students will be working on improving Rails as part of the Google Summer of Code 2015. Congratulations and welcome to Rails!

Improved

Better docs for minitest assertions

Rails ships with minitest by default but has different naming conventions for inverse assertion methods. The new guides clarify this difference. And give us a great excuse to link to Ruby on Rails on Minitest.

Toward a better “Caching with Rails” guide

Everyone can help make Rails better by improving its guides. “Caching with Rails” is an awesome place to start. If you think you can improve it, don’t hesitate to submit a pull request!

Remove use of mocha in the named-base tests

Some tests in the Rails codebase use the mocha library and can be faster by using minitest/mock instead. This commit fixes one of those tests; you are all invited to do the same for the remaining ones.

Fixed

Rake routes not showing right format when nested

The rake routes command was not properly showing nested routes with a scope constraint for the format override by a resource… but that just got fixed!

That’s a wrap

That’s all for This week in Rails. As always, there are more changes than we have room to cover here, but feel free to check them out yourself!

P.S. If you enjoyed this newsletter, why not share it with your friends? :) If you wish to be part of this project please don’t hesitate to contact Godfrey – there’re a lot of ways you could help make this newsletter more awesome!

Welcome to Google Summer of Code 2015!

Google has announced the list of accepted projects for this year’s Google Summer of Code(GSoC). Rails has been granted 8 slots, here’s a brief introduction to the projects and the people behind them.

Performance Enhancements for the Asset Pipeline

Student: Martha de Luque
Mentors: Guillermo Iguaran and Josh Peek

Martha will be profiling, benchmarking and updating parts of our asset compilation process to improve our asset [re]generation speed. The initial scope of this project covers CoffeeScript, Sass and our Uglifier, but benchmarks will be guiding this effort to work where we can get the biggest benefits in these four months.

Evented File System Monitoring

Student: Puneet Agarwal
Mentors: Xavier Noria and Matthew Draper

ActiveSupport::FileUpdateChecker, the system we use for detecting changes in files (mostly for reloading purposes) has served us well over the years, but we’re done with polling. Puneet will be replacing our current design with a event-based approach that relies on existing third-party monitors (e.g. inotify or FSEvent).

Asset Pipeline Support for Source Maps

Student: Andrei Istratii
Mentors: Rafael França and Arthur Nogueira Neves

The goal of Andrei’s project is to give you good inspecting and debugging capabilities in environments where your code goes through various transformations (e.g. your CoffeeScript file being compiled to Javascript and then minified in your staging environment). With source maps you can use the existing tools your browser provides to do things like reading the CoffeeScript source or setting breakpoints on it.

Refactoring Action View and Active Support

Student: Islam Wazery
Mentors: Kir Shatrov and Carlos Antonio da Silva

Islam is adding some of the things we should already have in Rails, liked adding named arguments for Action View helpers (goodbye counting commas!). He will also be researching how to improve some of our core abstractions like ActionController::Parameters and ActionView::OutputBuffer to enable better security and performance.

Web Console Browser Extensions

Student: Hiroyuki Sano
Mentor: Genadi Samokovarov

Following up on the work of previous GSoC projects, Hiroyuki will be creating browser extensions for the Rails web console. Like the Source Maps project, this one will give you a better live debugging experience using standard tools that everyone has available already.

Test Failure Prediction

Student: Genki Sugimoto
Mentors: Robin Dupret and Josh Kalderimis

Aaron Patterson has touched upon some interesting ideas on predicting test failures using the experimental Coverage feature available in recent Ruby versions. Genki will be experimenting with this to see if we can make it a part of the Rails testing ecosystem.

Refactoring Cookies

Student: Siddharth Bhatore
Mentors: Kasper Timm Hansen and Prem Sichanugrist

Rails cookie handling is pretty basic, and although it works in most use cases, we can improve it. Siddarth will be adding server-side expiration mechanisms and purpose fields to our existing cookie jar, allowing us to have better control and security over our systems.

Improving RubyBench.org

Student: Kasif Gilbert
Mentors: Sam Saffron

In case you’re not familiar with it, RubyBench is an amazing effort to keep long running benchmarks for Ruby and related projects (like Rails). As you can see, our own benchmarks could use some love, so Kasif will be taking care of this. If everything goes well, JRuby support in RubyBench would be the next step for this project.


Fun Fact: 4 of the 14 mentors we have this year participated as GSoC students in previous years. Today they’re all active contributors around the Ruby/Rails ecosystem!

We hope to keep you up on important updates during the summer, but if you’re interested in staying up to date (or maybe lending a hand?) please make sure to subscribe to our mailing list.

Finally, we want to thank José Valim/The Pragmatic Programmers, Pat Shaughnessy/No Starch Press and O’Reilly for donating copies of Crafting Rails Applications, Ruby Under the Microscope and offering discounts on O’Reilly products to our students.

PS: In case you missed it, Ruby and SciRuby will also be part of this year’s GSoC! You can learn more in the Ruby GSoC and SciRuby Development mailing list announcements.