Meet our Google Summer of Code students and mentors!

Google has announced the list of projects that were accepted into the Google Summer of Code (GSoC) 2014 program. I’m extremely excited and proud to announce that Rails has been granted eight project slots this year. Here’s what our students will be working on this summer and the mentors that they are working with:

Unifying controller and integration tests

Alan Guo Xiang Tan will be working on unifying controller and integration tests. This would help to improve the performance of integration tests and encourage more full-sprecturm testing.

Joining him on this effort will be Rails committers Matthew Draper and Yves Senn.

Long-running Ruby and Rails benchmark

Bert Chang will be creating a set of long-running benchmarks for Ruby and Rails. This will help both projects continuously monitor how their commits are impacting real-world performance, which will help discover and respond to regressions much earlier in the development cycle.

He will be mentored by Damien Mathieu, a longtime Rails contributor.

Form models

Petros Markou will be exploring different API designs to help reduce coupling between the view and model layer.

Carlos Antonio da Silva, a member of the Rails core team, will be assisting him along this journey.

Improving compatibility with other Ruby implementations

Robin Dupret will be getting the Rails test suite passing on alternative Ruby implementations, such as JRuby and Rubinius. This work will help improve the compatibility of Rails on these platforms.

Ben Browning (JRuby and Rails contributor), Vipul A M (Ruby and Rails contributor) and Federico Builes (Rubinius and Rubyspec contributor) will be joining forces to help Robin with his project.

A web-console in your error page

Last year, Genadi Samokovarov developed a web-based console in his GSoC project. This year, Ryan Dao will continue that effort and integrate the web-console project into the error page you see in development mode.

Fittingly, Genadi himself will be mentoring the project along with core team member Guillermo Iguaran.

Refactor URL generation and recognition code

Ujjwal Thaakar will be improving Rails’ internals by refactoring parts of the routing code that are no longer necessary thanks to Journey.

He will be mentored by Andrew White, another member of the Rails core team.

Security upgrades

Xuchu Zhang will be picking up the task of improving Rails’ security defaults and other related features. This effort would help ensure that Rails remains secure out-of-the-box. Plans include implementing support for the latest security features in modern browsers and auto-expiring cookie jars.

Godfrey Chan, a Rails committer, and Rafael Mendonça França, a core team member, will be mentoring Xuchu for this project.

Randomizing the Rails test suite

Last but not least, Zuhao Wan will be eliminating any leakage of global states in our test suite so that it can be run in randomized order without errors.

Rails committer Yves Senn will be assisting him on this project.

Towards a bright future

I don’t know about you, but after seeing this list of amazing projects, I am genuinely getting very excited about the bright future for Rails. By the end of this summer, not only would we gain a few great new features, but we are also helping to nurture some new contributors in Rails and the wider OSS community, how great is that!

Finally, we’d like to thank every single student and mentor who participated in the Google Summer of Code selection process. There were many great proposals and we’re really excited to be able to work on so many of them this year.

<3 <3 <3 <3 <3

P.S. If you enjoyed this post, you should also check out GSoC’s sister project – the Rails Girls Summer of Code initiative, where another seven (Update: 15!) awesome teams will be working on some equally impressive projects in our ecosystem. Did I mention how incredibly excited I am about this summer?

Rails 3.2.18, 4.0.5 and 4.1.1 have been released!

Hi everyone!

Rails 3.2.18, 4.0.5 and 4.1.1 have been released!

These three releases contain important security fix, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we’ve only included commits directly related to each security issue.

The security fixes is:

The commits for 3.2.18 can be found here, the commits for 4.0.5 can be found here, and the commits for 4.1.1 can be found here.

Here are the checksums for 3.2.18:

$ shasum *3.2.18*
971d49dac1d0d2576e9bd01b9a96c393098a96c5  actionmailer-3.2.18.gem
4c99239a646f8c662559f9fc4924c20a0f29eae7  actionpack-3.2.18.gem
51f280b8c606a3c7cd503933cabff7b0c6172d1b  activemodel-3.2.18.gem
b99c31493ddaf0af4c0007b526dd5213222c2bd9  activerecord-3.2.18.gem
a9d35d1c837047ee328d0f16f420cd2c60a612c9  activeresource-3.2.18.gem
1526e35aaa02ffb526f5cda77425fecdfd449f56  activesupport-3.2.18.gem
8ad5bf5ab760112100e29d8515d7c5181f8dbae0  rails-3.2.18.gem
97e6e478dbebff9cf31c301381b8527f2a523ee5  railties-3.2.18.gem

Here are the checksums for 4.0.5:

$ shasum *4.0.5*
80be4d61b42fc532d87ba8816f521b7413a52ce2  actionmailer-4.0.5.gem
b830f763f6b621cb066002eef02f8ada4826baa2  actionpack-4.0.5.gem
b1aefc15e8b506a53975705840e0445065e14822  activemodel-4.0.5.gem
f263e52056be02628308ccb1980903f3f5fb7668  activerecord-4.0.5.gem
3fba584240a62ad0267f77abbcbd849f138f724b  activesupport-4.0.5.gem
166a8ee2064d34fefcda0a383672e83818e5961f  rails-4.0.5.gem
fefa3c5e348b05027f4181e5e6d39f14599f1724  railties-4.0.5.gem

Here are the checksums for 4.1.1:

$ shasum *4.1.1*
796ec07e257a98f31eeea38def505cbf3f1e2747  actionmailer-4.1.1.gem
25e4ad2bc143df849941ba54bb47b1d2dca55c2c  actionpack-4.1.1.gem
61a9662e06b32f29d89278105e87c230377a6dfd  actionview-4.1.1.gem
672d510e216019776b66f1e07e7faf4ac5bb21f5  activemodel-4.1.1.gem
63100443a3416cdde474cca56967bd55029ac507  activerecord-4.1.1.gem
937c7faa903e678e55536c18ee1ea9bafe08b8af  activesupport-4.1.1.gem
558547922545bf8f7c1c2d3bc845b2a66f9d826a  rails-4.1.1.gem
c5c5763e164eb9fb5e3a93fc25df436c379b0d54  railties-4.1.1.gem

Happy Tuesday! <3<3<3<3

Rails 4.1.0: Spring, Variants, Enums, Mailer previews, secrets.yml

Rails 4.1.0 might carry a minor version bump, but there’s nothing minor about the bag of goodies it carries. It simply means that upgrading from 4.0.x should be a relatively mild affair as most of the changes are additions or improvements, not backwards-incompatible changes. Let’s go over some of those new goodies.

Spring is our new application preloader. It makes running tests, rake, and generators much faster on large applications. You could think of what we had before as the CGI-mode of the command-line. Every time you ran rake, your entire application would be loaded from scratch, only to be thrown out as soon as the command finished. With Spring, your application is a persistent process that can be reused across commands, so only the first run is slow. And we automatically detect code changes, and reload just those parts. It makes a big difference!

Variants allows you to have different templates and action responses for the same mime type (say, HTML). This is a magic bullet for any Rails app that’s serving mobile clients. You can now have individual templates for the desktop, tablet, and phone views while sharing all the same controller logic. This is the secret sauce behind Basecamp’s hybrid native/HTML strategy for mobile apps: One Rails app serving desktop browsers, mobile browsers, native mobile apps. The reuse benefits are immense and the productivity boost staggering. Really.

Enums wraps the pattern of having a status field constrained to just a few options. It’s just enough syntactic sugar to make tinyint-backed status fields taste delicious while still reaping the optimization benefit of avoiding repeated status strings. Poor man’s state machine? Nah, Just Enough for Most of the Time.

Mailer previews make it dead simple to visually iterate over your Action Mailer views with test data, so you can get the same work flow as you have for any other view in your app. Make a change, reload to see it. Easy as pie. And certainly a lot better than either starting with static files that then have to be converted to mailer templates, or trying to copy’n’paste the HTML out of the log files to view them in a browser (come on, you’ve been there!).

Finally, we’ve committed to moving production passwords out of your application repository with two changes. The first is secrets.yml, which gives you one place and one convenient interface to access secrets that have been set either via ENV variables or deployment scripts. By default it’s used for the secret token guarding cookie integrity, but you can use it for whatever else you need in your app. Second is that we’ve added support for database URLs in database.yml, and that we by default will be referring to ENV-backed URLs in the generated files. Hurray security!

Now that’s just a quick look in the goodie bag. If you want the play-by-play, you can have a look through the 5,200 commits we’ve done between 4-0-stable and v4.1.0. That’s right, five thousand. Witness the firepower of this armed and fully operational community!

You can also digest the changes, and see some real code, by diving into Yves’ and Godfrey’s splendid work on the release notes for 4.1 as a guide and the feature walk-through.

The gems are now on RubyGems, so gem install rails will get you the latest. Or you can use the v4.1.0 tag.

Enjoy and we hope to see you at RailsConf in two weeks!

Rails 4.1.0: Release candidate 2

This is intended as the last stop before the final version of Rails 4.1.0 hits the virtual presses. We’ve been stamping out bugs and polishing things for about a month since the last release candidate. Thanks to everyone who so graciously helped report issues and work on getting things fixed. It makes a big difference to the final product!

Please do the same with this version. If you haven’t already given a release candidate a try, this is an excellent time to do so. We expect very little to change between this version and the forthcoming final release. Barring any major upsets, we shouldn’t be more than a few weeks out from the final release. Just in time for RailsConf!

As a repeat reminder, Yves and Godfrey have done such a splendid job putting together the release notes for 4.1 as a guide and Godfrey’s feature walk-through, so I won’t repeat them here. But you’re definitely in for a treat.

We have a 4-1-0 branch that’s tracking rc2 through release of final. And we have a 4-1-stable branch that has a few more fixes for things that weren’t appropriate to throw into the release candidate cycle. Finally, there’s of course rails/master which now targets 4.2.0, so expect a bit more flux there. Oh, and of course the v4.1.0.rc2 tag for this particular release.

Enjoy!

[ANN] Rails 4.0.4 has been released!

Hi everyone,

I am happy to announce that Rails 4.0.4 has been released. This is a bug fix release and includes more than 290 commits.

This release is also known as “Regression Not Found” release, since no regressions are found after 4.0.4.rc1.

CHANGES since 4.0.3

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you’d like to verify that your gem is the same as the one I’ve uploaded, please use these SHA-1 hashes:

d12ff5a5e6a92b038a81a697584e8e4022333d53  actionmailer-4.0.4.gem
c92b825d81fc8ffdd667b4141645f41df5dbba5f  actionpack-4.0.4.gem
e0de4e72d74e6d1af011445a90eff402ec08ebcb  activemodel-4.0.4.gem
e70ec2fb32672dae369c94e9ed627a694a906841  activerecord-4.0.4.gem
af0b69490effcc16f9e9d284814d947810485433  activesupport-4.0.4.gem
9d7371d66c64f9f83ef1b439dd636b166e7a59f4  rails-4.0.4.gem
3cdb34c1836bf09569cf9b2d291a737849d3f699  railties-4.0.4.gem

I’d like to thank you all, every contributor who helped with this release.

[ANN] Rails 4.0.4.rc1 has been released!

Hi everyone,

I am happy to announce that Rails 4.0.4.rc1 has been released. This is a bug fix release and includes more than 290 commits.

If no regressions are found we will release 4.0.4 final this Friday, on March 14, 2014. If you find one, please open an Issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 4.0.3

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you’d like to verify that your gem is the same as the one I’ve uploaded, please use these SHA-1 hashes:

450c2d673e35332e93f6ff8b79f5fc6a6c6c5494  actionmailer-4.0.4.rc1.gem
2632500a717450335f35dc46d45ea3bbad4a6c41  actionpack-4.0.4.rc1.gem
b8615f73e39c701295aa7e1c4131fdc03e05420a  activemodel-4.0.4.rc1.gem
8f3329e7daca46cdaf6472f917f159600a378412  activerecord-4.0.4.rc1.gem
1c6fa8c7cb04ed982cdd378890c543984cfd27f1  activesupport-4.0.4.rc1.gem
43118638bc24f2811d09d95a429667ac4bd7eb6d  rails-4.0.4.rc1.gem
ff6cb0a24ff6ebc79f2fca75134ccd65a6e1601c  railties-4.0.4.rc1.gem

I’d like to thank you all, every contributor who helped with this release.

Google Summer of Code 2014

We’re pleased to announce, Ruby on Rails has been accepted into Google Summer of Code 2014 as a mentoring organization. What does this mean to you? Potentially, if you’re the right person, you can get paid to work on Rails this summer! The “right person” in this case is one who is at least 18 years old (sorry, Google’s rule, not ours!) on or before April 21, 2014; a full or part-time college student; and passionate about improving Rails.

We’re building a potential list of project ideas on a GitHub wiki, but we welcome other interesting proposals. If your proposal gets accepted, Google will pay you $5500 over the course of three months to work on the code. If you’re interested, head over to the GSoC site and start reading about the process. Student applications can be submitted starting March 10 and the deadline is March 21.

If you’re wondering what’s involved in becoming a GSoC student then the Google Student Guide has all the details on what’s expected and what you will gain from taking part. Any further questions can be directed either to the mailing list or to me directly.

What if you’re not a student? You can still help out by discussing ideas on the special mailing list we’ve setup for this year’s program. Or if you’ve got previous experience of contributing to Rails and are ready to make a strong commitment to help out the next generation of developers, you can apply to be a mentor.

We’re looking forward to working with this year’s students, and expecting some outstanding contributions to Rails as a result!

Rails 4.1.0: Release candidate 1

We’re getting really close to signing off on Rails 4.1.0, but we need your help to push it the last mile. Today we’re putting out the first (and, with luck, only) release candidate of Rails 4.1.0. It would be swell if you would try it out and tell us where it breaks.

It’s already in really good shape (we’ve been running beta1 and forward in production for Basecamp for months), but still, let’s make it a shiny gemstone for release.

As a reminder, Yves and Godfrey have done such a splendid job putting together the release notes for 4.1 as a guide and Godfrey’s feature walk-through, so I won’t repeat them here. But you’re definitely in for a treat.

We have also now aimed rails/master at Rails 4.2.0, but there’s a new rails/4-1-stable branch to follow for this release series. And of course there’s the v4-1-0-rc1 tag for this particular release.

Enjoy!

Rails 3.2.17, 4.0.3 and 4.1.0.beta2 have been released!

Hi everyone!

Rails 3.2.17, 4.0.3 and 4.1.0.beta2 have been released!

These three releases contain important security fixes, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we’ve only included commits directly related to each security issue.

The security fixes in 3.2.17 are:

The security fixes in 4.0.3 are:

The security fixes in 4.1.0.beta2 are:

The commits for 3.2.17 can be found here, the commits for 4.0.3 can be found here, and the commits for 4.1.0.beta2 can be found here.

Here are the checksums for 3.2.17:

$ shasum *3.2.17*
f935f62c77648ceeea622c745fb675c00bae1762  actionmailer-3.2.17.gem
c97fc5302175bf85047598303ff5955e62b6ec94  actionpack-3.2.17.gem
73bfa7ba3cf5db06d7dd904d01a364794c26d74b  activemodel-3.2.17.gem
23c0dc657f6eee4c399e7fa3194670a7fb53d0b7  activerecord-3.2.17.gem
0408aec45047c3a487d157cca6776fab482a257e  activeresource-3.2.17.gem
f82805677b48a63678a10516bb190b9018621295  activesupport-3.2.17.gem
dd3dad311e390b57683c9e5367e5b86d468603d9  rails-3.2.17.gem
b1ce101f057562972852841de94f39dd54662ebd  railties-3.2.17.gem

Here are the checksums for 4.0.3:

$ shasum *4.0.3*
23a518945d69748894089be0c0248ac37a53a43a  actionmailer-4.0.3.gem
ea6ed1a6217025114781a82b1a47764b5f208efc  actionpack-4.0.3.gem
f7eebfc01692e433d154b711d7d46dfdb6c952b3  activemodel-4.0.3.gem
2f2d4e466869590a0c05df027b53440fc031a519  activerecord-4.0.3.gem
201700ba04716383dfd170e9fea05dda9f991cba  activesupport-4.0.3.gem
a26d1ecd1d61c18672e29668018dc89c37d371c1  rails-4.0.3.gem
984b1f914e64301f058b3ae49802b1d20f4d29ff  railties-4.0.3.gem

Here are the checksums for 4.1.0.beta2:

$ shasum *4.1.0.beta2*
b75b973e6bbbd547067e5c3b95948fa124110f65  actionmailer-4.1.0.beta2.gem
7450f3c6e4e8fecd570e738935999de60fb5419d  actionpack-4.1.0.beta2.gem
4c26f942e171f370bbe3bd48432709aabeae4b0e  actionview-4.1.0.beta2.gem
f2296128d08078c7d56e56e679ef0fefef256ed1  activemodel-4.1.0.beta2.gem
46ba3ebac34c19b060c7168365e3dedbc80f0332  activerecord-4.1.0.beta2.gem
46e048380d4c6d371d723676fad42c8710c6b4c1  activesupport-4.1.0.beta2.gem
e97fc5cd39c8480e9f2f94a4499c8553dd744aa0  rails-4.1.0.beta2.gem
0ad46ba736bfdf4b970199d8739974ef3c3c0cab  railties-4.1.0.beta2.gem

Happy Tuesday! <3<3<3<3

Rails 4.1.0 beta1: Variants, Spring, mailer previews, JS CSRF, config/secrets.yml, Enums

Hohoho, it’s Xmas time, kids! We have a beta full of goodies for everyone who’s been nice this year. Rails 4.1 is packed to the gills with more marvelous real-world feature extractions, bug fixes, and the tireless polish only a community full of Rails elves could bestow it with.

While this is just a beta release, it’s arguably a lot better tested and ready than most of our previous beta releases. The bulk of what’s new are legit bug fixes and additional features. Less shifting of the tectonic plates of the architecture this time around. This should hopefully mean relatively smooth sailing for anyone on 4.0 who wish to upgrade.

In fact, we’re already running beta1 in production for Basecamp, so you know it’s been taking a good beating. This helped us catch a couple of performance regressions, and we’ve verified that everything is still spiffy fast on Basecamp.

This new release also follows our new policy of targeting a minor release every six months. The idea being that the jump from minor to minor shouldn’t try to include everything under the sun. Just whatever is ready after the six month mark.

So there are already a laundry list of things lined up for 4.2, but that’s alright. We can target for that to land in another six months or so.

Yves and Godfrey have done such a splendid job putting together the release notes for 4.1 as a guide and Godfrey’s feature walk-through, so I won’t repeat them here. But you’re definitely in for a treat.

As always, please report any issues as a bug report on Github. If all goes well, we’ll try to have the final release out before the end of the year!