[ANN] Rails 3.2.14 has been released!

Hi everyone,

I am happy to announce that Rails 3.2.14 has been released. This is a bug fix release and includes more than 150 commits.

I also want to announce that the next 3.2.x release, 3.2.15, will be the last bug fix release of this family. After it we will only release security fixes. So, if you have issues on 3.2.x that you think should be included on 3.2.15, let us know thought the GitHub issues page and in 3 months we’ll evaluate if it is time to release.

CHANGES since 3.2.13

Action Mailer

No changes.

Action Pack

  • Merge :action from routing scope and assign endpoint if both :controller and :action are present. The endpoint assignment only occurs if there is no :to present in the options hash so should only affect routes using the shorthand syntax (i.e. endpoint is inferred from the the path).

    Fixes #9856

    Yves Senn, Andrew White

  • Always escape the result of link_to_unless method.

    Before:

    link_to_unless(true, '<b>Showing</b>', 'github.com')
    # => "<b>Showing</b>"
    

    After:

    link_to_unless(true, '<b>Showing</b>', 'github.com')
    # => "&lt;b&gt;Showing&lt;/b&gt;"
    

    dtaniwaki

  • Use a case insensitive URI Regexp for #asset_path.

    This fix a problem where the same asset path using different case are generating different URIs.

    Before:

    image_tag("HTTP://google.com")
    # => "<img alt=\"Google\" src=\"/assets/HTTP://google.com\" />"
    image_tag("http://google.com")
    # => "<img alt=\"Google\" src=\"http://google.com\" />"
    

    After:

    image_tag("HTTP://google.com")
    # => "<img alt=\"Google\" src=\"HTTP://google.com\" />"
    image_tag("http://google.com")
    # => "<img alt=\"Google\" src=\"http://google.com\" />"
    

    David Celis + Rafael Mendonça França

  • Fix explicit names on multiple file fields. If a file field tag has the multiple option, it is turned into an array field (appending []), but if an explicit name is passed to file_field the [] is not appended. Fixes #9830.

    Ryan McGeary

  • Fix assets loading performance in 3.2.13.

    Issue #8756 uses Sprockets for resolving files that already exist on disk, for those files their extensions don’t need to be rewritten.

    Fixes #9803.

    Fred Wu

  • Fix ActionController#action_missing not being called. Fixes #9799.

    Janko Luin

  • ActionView::Helpers::NumberHelper#number_to_human returns the number unaltered when the units hash does not contain the needed key, e.g. when the number provided is less than the largest key provided.

    Examples:

    number_to_human(123, units: {})                # => 123
    number_to_human(123, units: { thousand: 'k' }) # => 123
    

    Fixes #9269. Backport #9347.

    Michael Hoffman

  • Include I18n locale fallbacks in view lookup. Fixes GH#3512.

    Juan Barreneche

  • Fix ActionDispatch::Request#formats when the Accept request-header is an empty string. Fix #7774 [Backport #8977, #9541]

    Soylent + Maxime Réty

Active Model

No changes.

Active Record

  • Do not re-create destroyed association when saving the parent object.

    Fixes #11450.

    Paul Nikitochkin

  • Do not shallow the original exception in exec_cache on PostgreSQL adapter.

    Fixes #11260.

    Rafael Mendonça França

  • Fix ActiveRecord::Store incorrectly tracking changes of its attributes. Fixes #10373.

    Janko Marohnić

  • Fix a bug that prevented the use of the default STI inheritance column (ActiveRecord::Base.inheritance_column = ‘some_column’.)

    chapmajs + Takehiro Adachi

  • Fix mysql2 adapter raises the correct exception when executing a query on a closed connection.

    Yves Senn

  • Fixes bug where Company.new.contract_ids would incorrectly load all non-associated contracts.

    Example:

    company = Company.new # Company has many :contracts
    
    # before
    company.contract_ids # => SELECT ... WHERE `contracts`.`company_id` IS NULL
    
    # after
    company.contract_ids # => []
    

    Jared Armstrong

  • Fix the :primary_key option for has_many associations. Fixes #10693.

    Yves Senn

  • fixes bug introduced by #3329. Now, when autosaving associations, deletions happen before inserts and saves. This prevents a ‘duplicate unique value’ database error that would occur if a record being created had the same value on a unique indexed field as that of a record being destroyed.

    Backport of #10417

    Johnny Holton

  • Fix that under some conditions, Active Record could produce invalid SQL of the sort: “SELECT DISTINCT DISTINCT”.

    Backport of #6792.

    Ben Woosley

  • Require ActiveRecord::Base in railtie hooks for rake_tasks, console and runner to avoid circular constant loading issues.

    Backport #7695.

    Fixes #7683 and #882

    Ben Holley

  • Maintain context for joins within ActiveRecord::Relation merges. Backport #10164.

    Neeraj Singh + Andrew Horner

  • Make sure the EXPLAIN command is never triggered by a select_db call.

    Daniel Schierbeck

  • Revert changes on pluck that was ignoring the select clause when the relation already has one. This caused a regression since it changed the behavior in a stable release.

    Fixes #9777.

    Rafael Mendonça França

  • Confirm a record has not already been destroyed before decrementing counter cache.

    Ben Tucker

  • Default values for PostgreSQL bigint types now get parsed and dumped to the schema correctly. Backport #10098.

    Erik Peterson

  • Removed warning when auto_explain_threshold_in_seconds is set and the connection adapter doesn’t support explain. This is causing a regression since the Active Record Railtie is trying to connect to the development database in the application boot.

    Rafael Mendonça França

  • Do not reset inheritance_column when it’s set explicitly. Backport of #5327.

    kennyj + Fred Wu

  • Fix a problem wrong exception is occured when raising no translatable exception in PostgreSQL.

    kennyj

  • Resets the postgres search path in the structure.sql after the structure is dumped in order to find schema_migrations table when multiples schemas are used. Fixes #9796.

    Juan M. Cuello + Dembskiy Alexander

  • Reload the association target if it’s stale. @stale_state should be nil when a model isn’t saved. Fixes #7526.

    Larry Lv

  • Don’t read CSV files during execution of db:fixtures:load. CSV support for fixtures was removed some time ago but the task was still loading them, even though later the code was looking for the related yaml file instead.

    kennyj

Active Resource

  • Fixes an issue that ActiveResource models ignores ActiveResource::Base.include_root_in_json. Backported from the now separate repo rails/activeresouce.

    Xinjiang Lu

Active Support

  • Make Time.at_with_coercion retain the second fraction and return local time.

    Fixes #11350

    Neer Friedman, Andrew White

  • Fix ActiveSupport::TaggedLogging incorrectly providing program name the same as log message even when block is not provided.

    Carson Reinke

  • Override Time.at to support the passing of Time-like values when called with a single argument.

    Andrew White

  • Revert the changes on unicode character encoding from ActiveSupport::JSON.encode. This was causing a regression where the resulting string is always returning UTF-8. Also it changes the behavior of this method on a stable release. Fixes #9498.

    Rafael Mendonça França

  • Fix ActiveSupport::TimeZone.parse when time is at a local DST jump. Fixes #9678.

    Andrew White

Railties

  • Fix bugs that crashed rake test:benchmark, rails profiler and rails benchmarker. Fixes #4938. Backport rails/rails-perftest#2.

    Dmitry Vorotilin + Yves Senn

  • Add support for runner hook.

    Backport #7695.

    Ben Holley

  • Fixes bug with scaffold generator with --assets=false --resource-route=false. Fixes #9525.

    Arun Agrawal

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you’d like to verify that your gem is the same as the one I’ve uploaded, please use these SHA-1 hashes:

  • dd2333744644870efcd149e3adf3c3b6934ec6ed actionmailer-3.2.14.gem
  • efcfc238115f7db57650dbab348d0b5192f98770 actionpack-3.2.14.gem
  • d72fadd29e10e2ead9fb0d7371bed5a7fb32c044 activemodel-3.2.14.gem
  • af7585f9a58d5e643d6e332daede4a0b8ee1de7a activerecord-3.2.14.gem
  • 188924273139cea07032254987d748aee45f5800 activeresource-3.2.14.gem
  • e221938399c9cb040ef9285f52b18bfa3e59b10a activesupport-3.2.14.gem
  • a5d44cf4c65798e925d998f416804cd23c914001 rails-3.2.14.gem
  • 4e99050427fb47ff515051e78eedf328c9ec5676 railties-3.2.14.gem

I’d like to thank you all, every contributor who helped with this release, especially everyone who tried the release candidates.

[ANN] Rails 3.2.14.rc2 has been released!

Hi everyone,

One regression was found on the 3.2.14.rc1 release. So, following the script We are releasing a new release candidate, Rails 3.2.14.rc2.

If no regressions are found we will release 3.2.14 final final this Friday, on July 19, 2013. If you find one, please open an Issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 3.2.14.rc1

Action Mailer

No changes.

Action Pack

No changes.

Active Model

No changes.

Active Record

  • Do not re-create destroyed association when saving the parent object.

    Fixes #11450.

    Paul Nikitochkin

Active Resource

No changes.

Active Support

No changes.

Railties

No changes.

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you’d like to verify that your gem is the same as the one we’ve uploaded, please use these SHA-1 hashes:

  • 8126e9ca60ca050fd4e809d70f2035deae1e681f actionmailer-3.2.14.rc2.gem
  • bc0c7594aebc42fe0cdd7213017e3280d6111c40 actionpack-3.2.14.rc2.gem
  • 1b3de1ee862ef055b7a300e180ae97140d51534b activemodel-3.2.14.rc2.gem
  • 57a9ede96d56eaac5e484f8becd41ff9513918f3 activerecord-3.2.14.rc2.gem
  • 2ad96e7ab80ef8801234774f81d85cc800abfc96 activeresource-3.2.14.rc2.gem
  • 02c03d4d8b888b02bf9898ab663126760e3b3678 activesupport-3.2.14.rc2.gem
  • 561edde241b39ba54f79b32f93f29db699fbf668 rails-3.2.14.rc2.gem
  • 4d16819efc81d3a4c761cad460c094f69a58171c railties-3.2.14.rc2.gem

Thank you everyone!

[ANN] Rails 3.2.14.rc1 has been released!

Hi everyone,

I am happy to announce that Rails 3.2.14.rc1 has been released. If no regressions are found I will release 3.2.14 final final this Monday, on July 15, 2013. If you find one, please open an Issue on GitHub and mention me on it, so that I can fix it before the final release.

CHANGES since 3.2.13

Action Mailer

No changes.

Action Pack

  • Merge :action from routing scope and assign endpoint if both :controller and :action are present. The endpoint assignment only occurs if there is no :to present in the options hash so should only affect routes using the shorthand syntax (i.e. endpoint is inferred from the the path).

    Fixes #9856

    Yves Senn, Andrew White

  • Always escape the result of link_to_unless method.

    Before:

    link_to_unless(true, '<b>Showing</b>', 'github.com')
    # => "<b>Showing</b>"
    

    After:

    link_to_unless(true, '<b>Showing</b>', 'github.com')
    # => "&lt;b&gt;Showing&lt;/b&gt;"
    

    dtaniwaki

  • Use a case insensitive URI Regexp for #asset_path.

    This fix a problem where the same asset path using different case are generating different URIs.

    Before:

    image_tag("HTTP://google.com")
    # => "<img alt=\"Google\" src=\"/assets/HTTP://google.com\" />"
    image_tag("http://google.com")
    # => "<img alt=\"Google\" src=\"http://google.com\" />"
    

    After:

    image_tag("HTTP://google.com")
    # => "<img alt=\"Google\" src=\"HTTP://google.com\" />"
    image_tag("http://google.com")
    # => "<img alt=\"Google\" src=\"http://google.com\" />"
    

    David Celis + Rafael Mendonça França

  • Fix explicit names on multiple file fields. If a file field tag has the multiple option, it is turned into an array field (appending []), but if an explicit name is passed to file_field the [] is not appended. Fixes #9830.

    Ryan McGeary

  • Fix assets loading performance in 3.2.13.

    Issue #8756 uses Sprockets for resolving files that already exist on disk, for those files their extensions don’t need to be rewritten.

    Fixes #9803.

    Fred Wu

  • Fix ActionController#action_missing not being called. Fixes #9799.

    Janko Luin

  • ActionView::Helpers::NumberHelper#number_to_human returns the number unaltered when the units hash does not contain the needed key, e.g. when the number provided is less than the largest key provided.

    Examples:

    number_to_human(123, units: {})                # => 123
    number_to_human(123, units: { thousand: 'k' }) # => 123
    

    Fixes #9269. Backport #9347.

    Michael Hoffman

  • Include I18n locale fallbacks in view lookup. Fixes GH#3512.

    Juan Barreneche

  • Fix ActionDispatch::Request#formats when the Accept request-header is an empty string. Fix #7774 [Backport #8977, #9541]

    Soylent + Maxime Réty

Active Model

No changes.

Active Record

  • Do not shallow the original exception in exec_cache on PostgreSQL adapter.

    Fixes #11260.

    Rafael Mendonça França

  • Fix ActiveRecord::Store incorrectly tracking changes of its attributes. Fixes #10373.

    Janko Marohnić

  • Fix a bug that prevented the use of the default STI inheritance column (ActiveRecord::Base.inheritance_column = ‘some_column’.)

    chapmajs + Takehiro Adachi

  • Fix mysql2 adapter raises the correct exception when executing a query on a closed connection.

    Yves Senn

  • Fixes bug where Company.new.contract_ids would incorrectly load all non-associated contracts.

    Example:

    company = Company.new # Company has many :contracts
    
    # before
    company.contract_ids # => SELECT ... WHERE `contracts`.`company_id` IS NULL
    
    # after
    company.contract_ids # => []
    

    Jared Armstrong

  • Fix the :primary_key option for has_many associations. Fixes #10693.

    Yves Senn

  • fixes bug introduced by #3329. Now, when autosaving associations, deletions happen before inserts and saves. This prevents a ‘duplicate unique value’ database error that would occur if a record being created had the same value on a unique indexed field as that of a record being destroyed.

    Backport of #10417

    Johnny Holton

  • Fix that under some conditions, Active Record could produce invalid SQL of the sort: “SELECT DISTINCT DISTINCT”.

    Backport of #6792.

    Ben Woosley

  • Require ActiveRecord::Base in railtie hooks for rake_tasks, console and runner to avoid circular constant loading issues.

    Backport #7695.

    Fixes #7683 and #882

    Ben Holley

  • Maintain context for joins within ActiveRecord::Relation merges. Backport #10164.

    Neeraj Singh + Andrew Horner

  • Make sure the EXPLAIN command is never triggered by a select_db call.

    Daniel Schierbeck

  • Revert changes on pluck that was ignoring the select clause when the relation already has one. This caused a regression since it changed the behavior in a stable release.

    Fixes #9777.

    Rafael Mendonça França

  • Confirm a record has not already been destroyed before decrementing counter cache.

    Ben Tucker

  • Default values for PostgreSQL bigint types now get parsed and dumped to the schema correctly. Backport #10098.

    Erik Peterson

  • Removed warning when auto_explain_threshold_in_seconds is set and the connection adapter doesn’t support explain. This is causing a regression since the Active Record Railtie is trying to connect to the development database in the application boot.

    Rafael Mendonça França

  • Do not reset inheritance_column when it’s set explicitly. Backport of #5327.

    kennyj + Fred Wu

  • Fix a problem wrong exception is occured when raising no translatable exception in PostgreSQL.

    kennyj

  • Resets the postgres search path in the structure.sql after the structure is dumped in order to find schema_migrations table when multiples schemas are used. Fixes #9796.

    Juan M. Cuello + Dembskiy Alexander

  • Reload the association target if it’s stale. @stale_state should be nil when a model isn’t saved. Fixes #7526.

    Larry Lv

  • Don’t read CSV files during execution of db:fixtures:load. CSV support for fixtures was removed some time ago but the task was still loading them, even though later the code was looking for the related yaml file instead.

    kennyj

Active Resource

  • Fixes an issue that ActiveResource models ignores ActiveResource::Base.include_root_in_json. Backported from the now separate repo rails/activeresouce.

    Xinjiang Lu

Active Support

  • Make Time.at_with_coercion retain the second fraction and return local time.

    Fixes #11350

    Neer Friedman, Andrew White

  • Fix ActiveSupport::TaggedLogging incorrectly providing program name the same as log message even when block is not provided.

    Carson Reinke

  • Override Time.at to support the passing of Time-like values when called with a single argument.

    Andrew White

  • Revert the changes on unicode character encoding from ActiveSupport::JSON.encode. This was causing a regression where the resulting string is always returning UTF-8. Also it changes the behavior of this method on a stable release. Fixes #9498.

    Rafael Mendonça França

  • Fix ActiveSupport::TimeZone.parse when time is at a local DST jump. Fixes #9678.

    Andrew White

Railties

  • Fix bugs that crashed rake test:benchmark, rails profiler and rails benchmarker. Fixes #4938. Backport rails/rails-perftest#2.

    Dmitry Vorotilin + Yves Senn

  • Add support for runner hook.

    Backport #7695.

    Ben Holley

  • Fixes bug with scaffold generator with --assets=false --resource-route=false. Fixes #9525.

    Arun Agrawal

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you’d like to verify that your gem is the same as the one I’ve uploaded, please use these SHA-1 hashes:

  • 1b8d20d39c9c5bb2fa56c835fe564bfcf6f55c66 actionmailer-3.2.14.rc1.gem
  • ccf1df0c3daa92e5e72ec11f3399167e16d2a48f actionpack-3.2.14.rc1.gem
  • 263cbf1ce202095f92648171c6be92eca85837e0 activemodel-3.2.14.rc1.gem
  • 51de13da5e9c9c9ccdd7f7bd4c2bfb3e1dd3dbb1 activerecord-3.2.14.rc1.gem
  • da709adcc9f56364e0d697ea10e4acc9af48068a activeresource-3.2.14.rc1.gem
  • e45cd0115705514d00b1be917f06092af389fe5d activesupport-3.2.14.rc1.gem
  • 9fd0569cdee1ca0ab7b170f1c40c6c48304ec29e rails-3.2.14.rc1.gem
  • a2d485229708af4cdbbdaef72ef6f756fb1b1341 railties-3.2.14.rc1.gem

Thank you everyone!

Rails 4.0: Final version released!

Rails 4.0 is finally ready after a thorough process of betas and release candidates. It’s an amazing new version packed with new goodies and farewells to old features past their expiration date.

A big focus has been on making it dead simple to build modern web applications that are screaming fast without needing to go the client-side JS/JSON server route. Much of this work was pioneered for Rails in the new version of Basecamp and focuses on three aspects:

  1. Make it super easy to do Russian Doll-caching through key-based expiration with automatic dependency management of nested templates (explored first in the cache_digests plugin).
  2. Speed-up the client-side with Turbolinks, which essentially turns your app into a single-page javascript application in terms of speed, but with none of the developmental drawbacks (except, maybe, compatibility issues with some existing JavaScript packages).
  3. Declarative etags makes it even easier to ensure you’re taking advantage of HTTP freshness.

Rails is of course still a great JSON server for people who want to build client-side JS views with Ember.js, Backbone.js or Angular.js, but with the progress we’ve made for Rails 4.0, you certainly won’t need to go down that route just to have a super fast application.

We’ve also added live streaming for persistent connections and Rails 4.0 is now safe for threaded servers out of the box (no more need for config.threadsafe!).

Active Record has received a ton of love as well to make everything related to scoping and the query structure more consistent. We’ve also locked down the general security defaults even tighter with this version.

On top of these new features and fixes, we have hundreds more of all sorts. Everything has been combed over, streamlined, simplified, and we’ve extracted out lots of old APIs and things that just don’t fit “most people most of the time”.

Active Resource, Active Record Observers, and Action Pack page and action caching are all examples of things that are no longer in core, but lives on in plugins.

We encourage you to peruse the CHANGELOGs for all the Rails frameworks and delight over the hundreds of improvements we’ve made to Rails 4.0: Action Pack, Active Model, Active Record, Active Support, Rails.

If you’re upgrading an existing application to Rails 4, have a look at the upgrade guide or the Railscast screencast. As always, install the latest with gem install rails --version 4.0.0 --no-ri --no-rdoc or depend on the v4.0.0 tag. If you haven’t already, now is a good time to upgrade to Ruby 2.0 as well. Rails 5+ will require Ruby 2.0, so you might as well get a head start.

If you’d like to learn more about developing Rails 4 applications, the final version of Agile Web Development with Rails 4 was released today as well. The more advanced Crafting Rails 4 Applications is also out in late-stage beta. For screencasts, checkout the new Rails 4: Zombie Outlaws and Mike Clark’s Rails 4 class. There’s new material and books coming out all the time from a variety of other authors and broadcasters, so we’re really in good shape with training material timed for the release this time.

Finally, thanks to everyone who contributed to this release. There has been some 10,000 commits between the latest 3.2 release and Rails 4.0 and ~500 people have contributed in 2013 alone. We have a bigger and more engaged community than ever before and it shows: Rails 4 is an incredibly polished release. It’s a real milestone and something for everyone in the community to be proud of.

docrails, back to the roots

A bit of history

docrails is a branch of Ruby on Rails thought for quick doc fixes that gets cross-merged with master regularly, please have a look at What is docrails? for more on docrails.

When Pratik Naik created docrails back in 2008, he offered commit bit to anyone interested (this is the original announcement). Let me express my admiration for this idea. You know, in open source the commit bit is seen as the precious treasure only given to a few, and Pratik goes and puts this upside down to encourage contributions to the documentation. Genius!

And it went even further. GitHub was very kind to flip a private backend flag for docrails that enabled public write access, you didn’t even have to ask for commit bit, you could clone and push without asking for permission.

The idea proved to work, trust people and you’ll get trust back. Tons of people, including yours truly, have been able to contribute and improve the API and the guides with a workflow that is trivial compared to the friction of pull requests. Is about the same effort for Rails committers, patches have to be equally reviewed, but much less for contributors, which is fantastic.

Back to the roots

GitHub had to change their infrastructure recently and they needed to get rid of that hackish flag (only used by three projects). We are very grateful to them for providing it all this time. Thanks guys!

With the flag out now we are back to the roots. docrails is now owned by the Rails organization and has thus moved from lifo/docrails to rails/docrails. You can either ask for commit bit if you’d like to contribute to docrails regularly (please contact anyone from the core team), or else propose documentation changes to Rails itself via pull requests to rails/rails.

Please, do not open pull requests in docrails, documentation belongs to Rails and is maintained and evolved alongside the source code, the purpose of docrails is precisely to give you a way to bypass pull requests altogether.

Rails 4.0: Release Candidate 2 released!

We’re almost at the end of the road for Rails 4.0.0. This is intended to be the last release candidate before the final version is released. We have just under a hundred commits in since RC1. All just fixing regressions since the last release.

As last time, please give this release candidate an honest try. This is the version we’re going to ship on June 25th unless people find and report blocking issues. Please report all the issues you find on the Rails issue tracker.

As always, install the release with gem install rails --version 4.0.0.rc2 --no-ri --no-rdoc or depend on the v4.0.0.rc2 tag. You can also follow the 4-0-0 branch. 4-0-0-stable is now targeting 4.0.1 and master is targeting 4.1.

Go West, friends!

2013 Rails Google Summer of Code Projects

Google has announced the accepted projects for the Summer of Code 2013 and Rails has been granted five slots. Here’s what our students will be working on this summer:

Genadi Samokovarov will be working on adding a web-based console for development, debugging and testing your Rails applications. He will be mentored by Rails Core Team member Guillermo Iguaran.

Łukasz Strzałkowski will be working on seperating Action View from Action Pack and adding support for custom view classes. He will be mentored by Piotr Sarnacki, who was a Rails Summer of Code student in 2010 and has been a consistent contributor to Rails.

Ujjwal Thaakar will be working on adding support to Rails for bulk/collection actions with RESTful resources. He will be mentored by Rails Core Team member Andrew White.

Kasper Timm Hansen will be working on replacing the venerable html-scanner in the Rails HTML Sanitization API with Loofah and adding improvements to the API. He will be mentored by Rails Core Team member Rafael França.

John Wang will be working on refactoring the configuration and initialization of Rails applications. He will be mentored by Rails Core Team member Santiago Pastorino.

We’d like to thank all of the students and mentors who participated in the Summer of Code selection process - it was tough to get down to five projects, considering all the great proposals we had. We’re looking forward to seeing what all of our students bring to Rails this summer and we hope not to lose touch with others who are also excited about the prospects for Rails 4.0.

Rails 4.0: Release Candidate 1 released!

Just in time for the opening of RailsConf, we managed to push out the first release candidate of Rails 4.0. This incorporates no less than 1,368 commits since beta 1. You can see the full list of changes on Github. If you’re interested in a high-level review of what’s in Rails 4.0, please see the announcement we made for beta 1.

As last time, please give this release candidate an honest try. This is pretty much the version we’re going to ship unless people find and report blocking issues. Depending on how much stuff is unearthed, we expect that the final version could drop in as little as 3-4 weeks. Please report all the issues you find on the Rails issue tracker.

We’re still working on the upgrade guide from 3.2 to 4.0, but that’s a good place to start for help on how to do it. We’re also so lucky to have many authors and screencasters ready with material for 4.0. In the books department, you’ll find Rails 4.0-ready versions of Agile Web Development with Rails and Crafting Rails Applications. For screencasts, checkout the new Rails 4: Zombie Outlaws and Mike Clark’s Rails 4 class. There’s new material and books coming out all the time from a variety of other authors and broadcasters, so we’re really in good shape with training material timed for the release this time!

As always, install the release with gem install rails --version 4.0.0.rc1 --no-ri --no-rdoc or depend on the v4.0.0.rc1 tag. We also have a new 4-0-stable branch. Master is now safe to move on to developing features for 4.1.

Go West, friends!

Google Summer of Code 2013

We’re pleased to announce, Ruby on Rails has been accepted into Google Summer of Code 2013 as a mentoring organization. What does this mean to you? Potentially, if you’re the right person, you can get paid to work on Rails this summer! The “right person” in this case is one who is at least 18 years old (sorry, Google’s rule, not ours!) on or before May 27, 2013; a full or part-time college student; and passionate about improving Rails.

We’re building a potential list of project ideas on a GitHub wiki, but we welcome other interesting proposals. If your proposal gets accepted, Google will pay you $5000 over the course of three months to work on the code. If you’re interested, head over to the GSoC site and start reading about the process. Student applications can be submitted starting April 22 and the deadline is May 3.

If you’re wondering what’s involved in becoming a GSoC student then the Google Student Guide has all the details on what’s expected and what you will gain from taking part. Any further questions can be directed either to the mailing list or to me directly.

What if you’re not a student? You can still help out by discussing ideas on the special mailing list we’ve setup for this year’s program. Or if you’ve got previous experience of contributing to Rails and are ready to make a strong commitment to help out the next generation of developers, you can apply to be a mentor.

We’re looking forward to working with this year’s students, and expecting some outstanding contributions to Rails as a result!

[SEC] [ANN] Rails 3.2.13, 3.1.12, and 2.3.18 have been released!

Hi everyone!

Rails versions 3.2.13, 3.1.12, and 2.3.18 have been released. These releases contain important security fixes. It is recommended users upgrade as soon as possible.

Please check out these links for the security fixes:

All versions of Rails are impacted by one or more of these security issues, but per our maintenance policy, only versions 3.2.13, 3.1.12, and 2.3.18 have been released. You can find patches for older versions on each stable branch on GitHub:

as well as with the security advisories.

For other changes in each particular release, please see the CHANGELOG corresponding to that version. For all commits in each release, please follow the links below:

Here are the checksums for the released gems:

3.2.13

[aaron@higgins dist]$ shasum *3.2.13.gem
72b14536f1717121e8b2a5aa5a06c6194e02c87c  actionmailer-3.2.13.gem
a21166f7c364ff7825bf83f9757c33cc44fa0c00  actionpack-3.2.13.gem
9fa309dee3f87a53764db3aaefe3bbf6f9724ad2  activemodel-3.2.13.gem
469f6b4456d7fa1bf0336d488ad5878a6842e2da  activerecord-3.2.13.gem
0c89382354ffc5b4438ed37434b50d7cbc71d569  activeresource-3.2.13.gem
cdf230b698b28ae1cffb325ecbb9e219645ed68b  activesupport-3.2.13.gem
3785dc8d2af1521baddf2d90b67a9b61b2b31604  rails-3.2.13.gem
ff0607812bead596492272e4a4306ae3e950bdf4  railties-3.2.13.gem

3.1.12

[aaron@higgins dist]$ shasum *3.1.12.gem
b3f0ecee33032416170263508ccfb33d5dd65eef  actionmailer-3.1.12.gem
426fcf3f5d4e29ae6bf21f536a97d90d02bf73bb  actionpack-3.1.12.gem
2b01ba8bd85d67ded372f3908b694c1fa1ccb041  activemodel-3.1.12.gem
a3afc58fe3f7448ba09cdacb2046c9e10e474cb4  activerecord-3.1.12.gem
d3402193c0820f016b492162547194f942c96c1a  activeresource-3.1.12.gem
e25ed2f7e055d38b1bed482faf8b563a6b7e3899  activesupport-3.1.12.gem
75c2f85ed1e09d2bd1baa3efab5f097cdaef2a6b  rails-3.1.12.gem
618c5beb85124fbedfe41a72424079700f7a1d2c  railties-3.1.12.gem

2.3.18

[aaron@higgins dist]$ shasum *2.3.18.gem
09e361c4c96104303abad5faa4aec72ebe7c19d1  actionmailer-2.3.18.gem
deca0d8352858f734479b54162269e334faada21  actionpack-2.3.18.gem
e385b4b2e863592f9f06ca3248a67a18ea8c7e6c  activerecord-2.3.18.gem
ff4fb4a62c4d4007a6c596edf8f7055147948e60  activeresource-2.3.18.gem
1b9102fa31a47cf66b0c2583c99b707544d42054  activesupport-2.3.18.gem
f4aff07dce1db10ad6145e358344671cc482de70  rails-2.3.18.gem

Happy Monday!

<3<3<3