[ANN] Rails 3.2.10, 3.1.9, and 3.0.18 have been released!

Rails versions 3.2.10, 3.1.9, and 3.0.18 have been released. These releases contain an important security fix. It is recommended that all users upgrade immediately.

The security identifier is CVE-2012-5664, and you can read about the issue here.

For other change in each particular release, please see the CHANGELOG corresponding to that version. For all commits in each release, please follow the links below:

We’re sorry to drop a release like this so close to the holidays but regrettably the exploit has already been publicly disclosed and we don’t feel we can delay the release.

To that end, we’ve minimized the number of changes in each release so that upgrading should be as smooth as possible.

Happy Holidays!

<3<3<3

What Is New in Rails Contributors

What is Rails Contributors?

Rails Contributors is a website that keeps track of all contributions made to the Ruby on Rails code base.

The application tries hard to give credit as accurately as possible, which is something you cannot do with git log. For example, according to Git the author of this commit is “@schneems and @mattt”, but you do not want to credit “@schneems and @mattt” right? Rails Contributors automatically splits the string, applies mappings, and gives credit both to Richard Schneeman, and Mattt Thompson.

Known typos, emails, and handles are associated to a canonical name to have everything aggregated per contributor rather than scattered in several unrelated listings. Heuristics also capture contributors from commit messages, and even from CHANGELOGs in the diff of commits imported from Subversion.

The purpose of all this work is to give credit, provide visibility to your contributions to Rails, and last but not least, to say thank you.

What Is New?

A new version of the website has just been published, changes are:

  • More mappings: the application knows about more mappings and false positives.

  • New page for releases: There is a new shiny page for releases where you can see who contributed what in any of them. The breakdown is approximate for old releases, since all we have from Subversion is the Git history. Commits are classified with git rev-list.

  • Better Unicode handling: Some names with non-ASCII characters came up from Git using different UTF8 byte representations. The application applies now NFC normalization thoroughly to address that.

  • Robust commit import: about one thousand commits were missing in the previous version because they were unreachable from the branch tips due to rarities in the git history. The commit importer is now more aggressive looking for commits.

  • Credit for Rails core in Subversion commits: Rails used Subversion in about its first four years. Subversion does not distinguish author and committer, you only have the committer. If the application determines that the author is not the committer using its heuristics, the committer now gets also credited. This is fair with what happens nowadays, where the committer gets credited by his work on a pull request via the merge commit.

  • Internal changes: A lot of work has no external visibility indeed, you know. We migrated from grit to rugged, and there were significant refactors and speedups.

Enjoy!

The People Behind Rails 4

Rails 4 is coming along nicely with a ton of new stuff, but this major release would have not been possible without the help of some people whose contributions have been outstanding. We want to dedicate this post to them, to show our appreciation and recognition for their extraordinary work:

Arun Agrawal has been helping with some housekeeping tasks. He puts a lot of effort to remove warnings, fix broken builds, remove some unneeded code, and ensure Rails works well with JRuby.

Vijay Dev leads the docrails front. He reviews documentation patches, which is a lot of work, and cross-merges docrails and Rails master periodically.

Guillermo Iguaran is a regular active core contributor. Recently he has extracted old-style mass-assignment protection to the new protected_attributes gem, and is helping with the assets pipeline related projects.

Toshinori Kajihara (kennyj) helps to fix and give attention to Active Record issues, which are the most part of Rails open issues.

Steve Klabnik is working on Rails issues like crazy. I mean, GitHub notifications generated by his activity flood your inbox. Giving sensible feedback, dynamizeing threads, and closing issues. He has been key in halving the number of open issues.

Francesco Rodríguez has mainly contributed to the documentation, and also helps with tickets and code. Francesco has extracted page and action caching out to gems.

Piotr Sarnacki is an old-timer. Piotr helps constantly in the project and has done a remarkable work on Rails engines and Action Pack.

Prem Sichanugrist has been helping regularly since the Rails 3 days in many ways. He recently performed the daunting task of converting all Rails guides from Textile to Markdown.

Carlos Antonio da Silva is among the most prolific Rails committers. He contributes in all fronts, code, docs, issues, discussions, etc.

Andrew White has also been helping regularly for a couple of years or so. He is a solid contributor in several areas and in particular knows routing very well.

:metal:

Rails 3.2.9 has been released!

Hi everyone,

Rails 3.2.9 has been released without new changes since 3.2.9.rc3.

IMPORTANT!

A DoS attack was recently found in Ruby that uses specially-crafted input to dramatically reduce the performance of hashes, thus using up lots of CPU time. Rails applications may be vulnerable to an attacker sending a specially-crafted HTTP request to exploit this.

A good way to limit the effectiveness of such attacks is to configure your frontend servers to limit the size of the HTTP request line, headers and body. Nginx does this by default. Apache can be configured to do this by setting the LimitRequestBody directive.

In addition, all Ruby 1.9 users are recommended to upgrade to ruby-1.9.3 patchlevel 327 to get this security fix.

CHANGES since 3.2.8

Action Mailer

  • Do not render views when mail() isn’t called. Fix #7761

    Yves Senn

Action Pack

  • Lock sprockets to 2.2.x REASON: We had some pending fixes in sprockets and sass-rails to make possible to use sprockets version > 2.2. We will do a more conservative sprockets upgrade for this release. In a next release we can relax the dependency again. See #8099 for more information.

    Guillermo Iguaran

  • Clear url helpers when reloading routes.

    Santiago Pastorino

  • Revert the shorthand routes scoped with :module option fix This added a regression since it is changing the URL mapping. This makes the stable release backward compatible.

    Rafael Mendonça França

  • Revert the assert_template fix to not pass with ever string that matches the template name. This added a regression since people were relying on this buggy behavior. This will introduce back #3849 but this stable release will be backward compatible. Fixes #8068.

    Rafael Mendonça França

  • Revert the rename of internal variable on ActionController::TemplateAssertions to prevent naming collisions. This added a regression related with shoulda-matchers, since it is expecting the instance variable @layouts. This will introduce back #7459 but this stable release will be backward compatible. Fixes #8068.

    Rafael Mendonça França

  • Accept :remote as symbolic option for link_to helper. Riley Lynch

  • Warn when the :locals option is passed to assert_template outside of a view test case Fix #3415

    Yves Senn

  • Rename internal variables on ActionController::TemplateAssertions to prevent naming collisions. @partials, @templates and @layouts are now prefixed with an underscore. Fix #7459

    Yves Senn

  • resource and resources don’t modify the passed options hash Fix #7777

    Yves Senn

  • Precompiled assets include aliases from foo.js to foo/index.js and vice versa.

    # Precompiles phone-<digest>.css and aliases phone/index.css to phone.css.
    config.assets.precompile = [ 'phone.css' ]
    
    # Precompiles phone/index-<digest>.css and aliases phone.css to phone/index.css.
    config.assets.precompile = [ 'phone/index.css' ]
    
    # Both of these work with either precompile thanks to their aliases.
    <%= stylesheet_link_tag 'phone', media: 'all' %>
    <%= stylesheet_link_tag 'phone/index', media: 'all' %>
    

    Jeremy Kemper

  • assert_template is no more passing with what ever string that matches with the template name.

    Before when we have a template /layout/hello.html.erb, assert_template was passing with any string that matches. This behavior allowed false positive like:

    assert_template "layout"
    assert_template "out/hello"
    

    Now it only passes with:

    assert_template "layout/hello"
    assert_template "hello"
    

    Fixes #3849.

    Hugolnx

  • Handle ActionDispatch::Http::UploadedFile like Rack::Test::UploadedFile, don’t call to_param on it. Since Rack::Test::UploadedFile isn’t API compatible this is needed to test file uploads that rely on tempfile being available.

    Tim Vandecasteele

  • Fixed a bug with shorthand routes scoped with the :module option not adding the module to the controller as described in issue #6497. This should now work properly:

    scope :module => "engine" do
      get "api/version" # routes to engine/api#version
    end
    

    Luiz Felipe Garcia Pereira

  • Respect config.digest = false for asset_path

    Previously, the asset_path internals only respected the :digest option, but ignored the global config setting. This meant that config.digest = false could not be used in conjunction with config.compile = false this corrects the behavior.

    Peter Wagenet

  • Fix #7646, the log now displays the correct status code when an exception is raised.

    Yves Senn

  • Fix handling of date selects when using both disabled and discard options. Fixes #7431.

    Vasiliy Ermolovich

  • Fix select_tag when option_tags is nil. Fixes #7404.

    Sandeep Ravichandran

  • javascript_include_tag :all will now not include application.js if the file does not exists. Prem Sichanugrist

  • Support cookie jar options (e.g., domain :all) for all session stores. Fixes GH#3047, GH#2483.

    Ravil Bayramgalin

  • Performance Improvement to send_file: Avoid having to pass an open file handle as the response body. Rack::Sendfile will usually intercept the response and just uses the path directly, so no reason to open the file. This performance improvement also resolves an issue with jRuby encodings, and is the reason for the backport, see issue #6844.

    Jeremy Kemper & Erich Menge

Active Model

  • Due to a change in builder, nil values and empty strings now generates closed tags, so instead of this:

    <pseudonyms nil=\"true\"></pseudonyms>
    

    It generates this:

    <pseudonyms nil=\"true\"/>
    

    Carlos Antonio da Silva

Active Record

  • Fix issue with collection associations calling first(n)/last(n) and attempting to set the inverse association when :inverse_of was used. Fixes #8087.

    Carlos Antonio da Silva

  • Fix ActiveRecord#update_column return value.

    Aliaxandr

  • Fix bug when Column is trying to type cast boolean values to integer. Fixes #8067.

    Rafael Mendonça França

  • Fix bug where rake db:test:prepare tries to load the structure.sql into development database. Fixes #8032.

    Grace Liu + Rafael Mendonça França

  • Fixed support for DATABASE_URL environment variable for rake db tasks. Grace Liu

  • Fix bug where update_columns and update_column would not let you update the primary key column.

    Henrik Nyh

  • Decode URI encoded attributes on database connection URLs.

    Shawn Veader

  • Fix AR#dup to nullify the validation errors in the dup’ed object. Previously the original and the dup’ed object shared the same errors.

    • Christian Seiler*
  • Synchronize around deleting from the reserved connections hash. Fixes #7955

  • PostgreSQL adapter correctly fetches default values when using multiple schemas and domains in a db. Fixes #7914

    Arturo Pie

  • Fix deprecation notice when loading a collection association that selects columns from other tables, if a new record was previously built using that association.

    Ernie Miller

  • The postgres adapter now supports tables with capital letters. Fix #5920

    Yves Senn

  • CollectionAssociation#count returns 0 without querying if the parent record is not persisted.

    Before:

    person.pets.count
    # SELECT COUNT(*) FROM "pets" WHERE "pets"."person_id" IS NULL
    # => 0
    

    After:

    person.pets.count
    # fires without sql query
    # => 0
    

    Francesco Rodriguez

  • Fix reset_counters crashing on has_many :through associations. Fix #7822.

    lulalala

  • ConnectionPool recognizes checkout_timeout spec key as taking precedence over legacy wait_timeout spec key, can be used to avoid conflict with mysql2 use of wait_timeout. Closes #7684.

    jrochkind

  • Rename field_changed? to _field_changed? so that users can create a field named field

    Akira Matsuda, backported by Steve Klabnik

  • Fix creation of through association models when using collection=[] on a has_many :through association from an unsaved model. Fix #7661.

    Ernie Miller

  • Explain only normal CRUD sql (select / update / insert / delete). Fix problem that explains unexplainable sql. Closes #7544 #6458.

    kennyj

  • Backport test coverage to ensure that PostgreSQL auto-reconnect functionality remains healthy.

    Steve Jorgensen

  • Use config[‘encoding’] instead of config[‘charset’] when executing databases.rake in the mysql/mysql2. A correct option for a database.yml is ‘encoding’.

    kennyj

  • Fix ConnectionAdapters::Column.type_cast_code integer conversion, to always convert values to integer calling #to_i. Fixes #7509.

    Thiago Pradi

  • Fix time column type casting for invalid time string values to correctly return nil.

    Adam Meehan

  • Fix becomes when using a configured inheritance_column.

    Yves Senn

  • Fix reset_counters when there are multiple belongs_to association with the same foreign key and one of them have a counter cache. Fixes #5200.

    Dave Desrochers

  • Round usec when comparing timestamp attributes in the dirty tracking. Fixes #6975.

    kennyj

  • Use inversed parent for first and last child of has_many association.

    Ravil Bayramgalin

  • Fix Column.microseconds and Column.fast_string_to_date to avoid converting timestamp seconds to a float, since it occasionally results in inaccuracies with microsecond-precision times. Fixes #7352.

    Ari Pollak

  • Fix increment!, decrement!, toggle! that was skipping callbacks. Fixes #7306.

    Rafael Mendonça França

  • Fix AR#create to return an unsaved record when AR::RecordInvalid is raised. Fixes #3217.

    Dave Yeu

  • Remove unnecessary transaction when assigning has_one associations with a nil or equal value. Fix #7191.

    kennyj

  • Allow store to work with an empty column. Fix #4840.

    Jeremy Walker

  • Remove prepared statement from system query in postgresql adapter. Fix #5872.

    Ivan Evtuhovich

  • Make sure :environment task is executed before db:schema:load or db:structure:load Fixes #4772.

    Seamus Abshere

Active Resource

  • No changes

Active Support

  • Add logger.push_tags and .pop_tags to complement logger.tagged:

    class Job
      def before
        Rails.logger.push_tags :jobs, self.class.name
      end
    
      def after
        Rails.logger.pop_tags 2
      end
    end
    

    Jeremy Kemper

  • Add %:z and %::z format string support to ActiveSupport::TimeWithZone#strftime. [fixes #6962] kennyj

Railties

  • Revert “Respect children paths filter settings” This reverts commit 53778ec2d716f860646fd43957fd53c8db4da2fe. Closes #8146

    Santiago Pastorino

  • Don’t eager-load app/assets and app/views Elia Schito

  • Update supported ruby versions error message in ruby_version_check.rb Lihan Li

SHA-1

  • 0b460ffdac39cee7f3321bb430e212c2a42b5dec actionmailer-3.2.9.gem
  • 8c3657514132ae21d2da2abcad896d8f37c4f1ca actionpack-3.2.9.gem
  • 3e95d49bca396663d0cc4e94056f2d4e20923200 activemodel-3.2.9.gem
  • 92f9f3aad6ae63786cc916baedda46801b423aab activerecord-3.2.9.gem
  • fff833587b753eb0d17e7102f635e769138113f5 activeresource-3.2.9.gem
  • 0989647ca08bb01bf3ab9490ea9b623f4deb065d activesupport-3.2.9.gem
  • b2172077c391721bc008723fec92c986c6881e62 rails-3.2.9.gem
  • bd3e0418546e142cf6afb7fc0e0240545ec96e5c railties-3.2.9.gem

You can find a list of changes between v3.2.8 and v3.2.9 here

Thanks to everyone!

Rails 3.2.9.rc3 has been released!

Hi everyone,

Rails 3.2.9.rc3 has been released. If no regressions are found I will release 3.2.9 final this Monday 12th. If you find a regression open an issue on github and mention me on it, mail me or tweet me, whatever but let me know :).

CHANGES since 3.2.9.rc2

Action Mailer

  • No changes

Action Pack

  • Lock sprockets to 2.2.x REASON: We had some pending fixes in sprockets and sass-rails to make possible to use sprockets version > 2.2. We will do a more conservative sprockets upgrade for this release. In a next release we can relax the dependency again. See #8099 for more information.

    Guillermo Iguaran

  • Clear url helpers when reloading routes.

    Santiago Pastorino

  • Revert the shorthand routes scoped with :module option fix This added a regression since it is changing the URL mapping. This makes the stable release backward compatible.

    Rafael Mendonça França

Active Model

  • No changes

Active Record

  • No changes

Active Resource

  • No changes

Active Support

  • No changes

Railties

  • Revert “Respect children paths filter settings” This reverts commit 53778ec2d716f860646fd43957fd53c8db4da2fe. Closes #8146

    Santiago Pastorino

SHA-1

  • e830dbe5d93f6ea6ed8e32ac75e5c5a5dd4bd0fa actionmailer-3.2.9.rc3.gem
  • f50456d082164447d149540a144515877cd714b2 actionpack-3.2.9.rc3.gem
  • 60eca0f399779799e8ea7a8be6b68f3101fe5fe4 activemodel-3.2.9.rc3.gem
  • 0cfec8581690d4a6072c686464ddd66e80ac094e activerecord-3.2.9.rc3.gem
  • 5414975de41a1dfbb6dbd9cd74b53969c63f2e96 activeresource-3.2.9.rc3.gem
  • e67293cf746f315cc631155c28d3891a3532bb74 activesupport-3.2.9.rc3.gem
  • 8e62b4db1249024bbb1ea3a87fee701a0cfa5674 rails-3.2.9.rc3.gem
  • 6b4365046903bcd60c99f81bd48cccd1b3faae39 railties-3.2.9.rc3.gem

You can find a list of changes between v3.2.9.rc2 and v3.2.9.rc3 here and an exhaustive list of changes since v3.2.8 here.

Thanks to everyone!

Rails 3.2.9.rc2 has been released!

Hi everyone,

Rails 3.2.9.rc2 has been released. If no regressions are found I will release 3.2.9 final this Monday 5th. If you find a regression open an issue on github and mention me on it, mail me or tweet me, whatever but let me know :).

CHANGES since 3.2.9.rc1

Action Mailer

  • No changes

Action Pack

  • Revert the assert_template fix to not pass with ever string that matches the template name. This added a regression since people were relying on this buggy behavior. This will introduce back #3849 but this stable release will be backward compatible. Fixes #8068.

    Rafael Mendonça França

  • Revert the rename of internal variable on ActionController::TemplateAssertions to prevent naming collisions. This added a regression related with shoulda-matchers, since it is expecting the instance variable @layouts. This will introduce back #7459 but this stable release will be backward compatible. Fixes #8068.

    Rafael Mendonça França

Active Model

  • No changes

Active Record

  • Fix issue with collection associations calling first(n)/last(n) and attempting to set the inverse association when :inverse_of was used. Fixes #8087.

    Carlos Antonio da Silva

  • Fix ActiveRecord#update_column return value.

    Aliaxandr

  • Fix bug when Column is trying to type cast boolean values to integer. Fixes #8067.

    Rafael Mendonça França

  • Fix bug where rake db:test:prepare tries to load the structure.sql into development database. Fixes #8032.

    Grace Liu + Rafael Mendonça França

  • Fixed support for DATABASE_URL environment variable for rake db tasks. Grace Liu

Active Resource

  • No changes

Active Support

  • No changes

Railties

  • No changes

SHA-1

  • 3aaf1d1e6057177988b646b86650c5cb5bf0e16e actionmailer-3.2.9.rc2.gem
  • c2ff861876ed951a33c01caacf2c17301319c7b1 actionpack-3.2.9.rc2.gem
  • 642da29371a877fda18fc69c51daa882429d609a activemodel-3.2.9.rc2.gem
  • f695caa3cac3b1d3f316bfd7d8f0ec69d61211ae activerecord-3.2.9.rc2.gem
  • baec057af0cf2a6146b000282b86cf6eb87989e2 activeresource-3.2.9.rc2.gem
  • b15f9f13de730343448f35ed3b2f26af1ddd76e9 activesupport-3.2.9.rc2.gem
  • 40b5e77a5123545b4e4b6c2e993a30cdb3a38bae rails-3.2.9.rc2.gem
  • 7921cbcd52302d31188537fb62fa5c75c2be5b2d railties-3.2.9.rc2.gem

You can find a list of changes between v3.2.9.rc1 and v3.2.9.rc2 here and an exhaustive list of changes since v3.2.8 here.

Thanks to everyone!

Rails 3.2.9.rc1 has been released!

Hi everyone,

Rails 3.2.9.rc1 has been released. If no regressions are found I will release 3.2.9 final this Thursday 1st. If you find a regression open an issue on github and mention me on it, mail me or tweet me, whatever but let me know :).

CHANGES since 3.2.8

Action Mailer

  • Do not render views when mail() isn’t called. Fix #7761

    Yves Senn

Action Pack

  • Accept :remote as symbolic option for link_to helper. Riley Lynch

  • Warn when the :locals option is passed to assert_template outside of a view test case Fix #3415

    Yves Senn

  • Rename internal variables on ActionController::TemplateAssertions to prevent naming collisions. @partials, @templates and @layouts are now prefixed with an underscore. Fix #7459

    Yves Senn

  • resource and resources don’t modify the passed options hash Fix #7777

    Yves Senn

  • Precompiled assets include aliases from foo.js to foo/index.js and vice versa.

    # Precompiles phone-<digest>.css and aliases phone/index.css to phone.css.
    config.assets.precompile = [ 'phone.css' ]
    
    # Precompiles phone/index-<digest>.css and aliases phone.css to phone/index.css.
    config.assets.precompile = [ 'phone/index.css' ]
    
    # Both of these work with either precompile thanks to their aliases.
    <%= stylesheet_link_tag 'phone', media: 'all' %>
    <%= stylesheet_link_tag 'phone/index', media: 'all' %>
    

    Jeremy Kemper

  • assert_template is no more passing with what ever string that matches with the template name.

    Before when we have a template /layout/hello.html.erb, assert_template was passing with any string that matches. This behavior allowed false positive like:

    assert_template "layout"
    assert_template "out/hello"
    

    Now it only passes with:

    assert_template "layout/hello"
    assert_template "hello"
    

    Fixes #3849.

    Hugolnx

  • Handle ActionDispatch::Http::UploadedFile like Rack::Test::UploadedFile, don’t call to_param on it. Since Rack::Test::UploadedFile isn’t API compatible this is needed to test file uploads that rely on tempfile being available.

    Tim Vandecasteele

  • Fixed a bug with shorthand routes scoped with the :module option not adding the module to the controller as described in issue #6497. This should now work properly:

    scope :module => "engine" do
      get "api/version" # routes to engine/api#version
    end
    

    Luiz Felipe Garcia Pereira

  • Respect config.digest = false for asset_path

    Previously, the asset_path internals only respected the :digest option, but ignored the global config setting. This meant that config.digest = false could not be used in conjunction with config.compile = false this corrects the behavior.

    Peter Wagenet

  • Fix #7646, the log now displays the correct status code when an exception is raised.

    Yves Senn

  • Fix handling of date selects when using both disabled and discard options. Fixes #7431.

    Vasiliy Ermolovich

  • Fix select_tag when option_tags is nil. Fixes #7404.

    Sandeep Ravichandran

  • javascript_include_tag :all will now not include application.js if the file does not exists. Prem Sichanugrist

  • Support cookie jar options (e.g., domain :all) for all session stores. Fixes GH#3047, GH#2483.

    Ravil Bayramgalin

  • Performance Improvement to send_file: Avoid having to pass an open file handle as the response body. Rack::Sendfile will usually intercept the response and just uses the path directly, so no reason to open the file. This performance improvement also resolves an issue with jRuby encodings, and is the reason for the backport, see issue #6844.

    Jeremy Kemper & Erich Menge

Active Model

  • Due to a change in builder, nil values and empty strings now generates closed tags, so instead of this:

    <pseudonyms nil=\"true\"></pseudonyms>
    

    It generates this:

    <pseudonyms nil=\"true\"/>
    

    Carlos Antonio da Silva

Active Record

  • Fix bug where update_columns and update_column would not let you update the primary key column.

    Henrik Nyh

  • Decode URI encoded attributes on database connection URLs.

    Shawn Veader

  • Fix AR#dup to nullify the validation errors in the dup’ed object. Previously the original and the dup’ed object shared the same errors.

    • Christian Seiler*
  • Synchronize around deleting from the reserved connections hash. Fixes #7955

  • PostgreSQL adapter correctly fetches default values when using multiple schemas and domains in a db. Fixes #7914

    Arturo Pie

  • Fix deprecation notice when loading a collection association that selects columns from other tables, if a new record was previously built using that association.

    Ernie Miller

  • The postgres adapter now supports tables with capital letters. Fix #5920

    Yves Senn

  • CollectionAssociation#count returns 0 without querying if the parent record is not persisted.

    Before:

    person.pets.count
    # SELECT COUNT(*) FROM "pets" WHERE "pets"."person_id" IS NULL
    # => 0
    

    After:

    person.pets.count
    # fires without sql query
    # => 0
    

    Francesco Rodriguez

  • Fix reset_counters crashing on has_many :through associations. Fix #7822.

    lulalala

  • ConnectionPool recognizes checkout_timeout spec key as taking precedence over legacy wait_timeout spec key, can be used to avoid conflict with mysql2 use of wait_timeout. Closes #7684.

    jrochkind

  • Rename field_changed? to _field_changed? so that users can create a field named field

    Akira Matsuda, backported by Steve Klabnik

  • Fix creation of through association models when using collection=[] on a has_many :through association from an unsaved model. Fix #7661.

    Ernie Miller

  • Explain only normal CRUD sql (select / update / insert / delete). Fix problem that explains unexplainable sql. Closes #7544 #6458.

    kennyj

  • Backport test coverage to ensure that PostgreSQL auto-reconnect functionality remains healthy.

    Steve Jorgensen

  • Use config[‘encoding’] instead of config[‘charset’] when executing databases.rake in the mysql/mysql2. A correct option for a database.yml is ‘encoding’.

    kennyj

  • Fix ConnectionAdapters::Column.type_cast_code integer conversion, to always convert values to integer calling #to_i. Fixes #7509.

    Thiago Pradi

  • Fix time column type casting for invalid time string values to correctly return nil.

    Adam Meehan

  • Fix becomes when using a configured inheritance_column.

    Yves Senn

  • Fix reset_counters when there are multiple belongs_to association with the same foreign key and one of them have a counter cache. Fixes #5200.

    Dave Desrochers

  • Round usec when comparing timestamp attributes in the dirty tracking. Fixes #6975.

    kennyj

  • Use inversed parent for first and last child of has_many association.

    Ravil Bayramgalin

  • Fix Column.microseconds and Column.fast_string_to_date to avoid converting timestamp seconds to a float, since it occasionally results in inaccuracies with microsecond-precision times. Fixes #7352.

    Ari Pollak

  • Fix increment!, decrement!, toggle! that was skipping callbacks. Fixes #7306.

    Rafael Mendonça França

  • Fix AR#create to return an unsaved record when AR::RecordInvalid is raised. Fixes #3217.

    Dave Yeu

  • Remove unnecessary transaction when assigning has_one associations with a nil or equal value. Fix #7191.

    kennyj

  • Allow store to work with an empty column. Fix #4840.

    Jeremy Walker

  • Remove prepared statement from system query in postgresql adapter. Fix #5872.

    Ivan Evtuhovich

  • Make sure :environment task is executed before db:schema:load or db:structure:load Fixes #4772.

    Seamus Abshere

Active Resource

  • No changes

Active Support

  • Add logger.push_tags and .pop_tags to complement logger.tagged:

    class Job
      def before
        Rails.logger.push_tags :jobs, self.class.name
      end
    
      def after
        Rails.logger.pop_tags 2
      end
    end
    

    Jeremy Kemper

  • Add %:z and %::z format string support to ActiveSupport::TimeWithZone#strftime. [fixes #6962] kennyj

Railties

  • Don’t eager-load app/assets and app/views Elia Schito

  • Update supported ruby versions error message in ruby_version_check.rb Lihan Li

SHA-1

  • 24af6eff6b7c647d04eee9585184ba89f0746d40 actionmailer-3.2.9.rc1.gem
  • c34ea8f12308c9f6fc4d6b31ce8caa2a562b210a actionpack-3.2.9.rc1.gem
  • 8b3171fdde905c76a541286192e6cef211d83a70 activemodel-3.2.9.rc1.gem
  • 0752e47880da4bb9be2b0309bce5a444a9271420 activerecord-3.2.9.rc1.gem
  • d8c1eeedbf3bc33d1560700cc70cb1752cdc811a activeresource-3.2.9.rc1.gem
  • 8ad917f70cc3b0a04864c8aa705a0e4997736872 activesupport-3.2.9.rc1.gem
  • 6fdc627a032f1f3ded7830e044298e20fd3fc6ce rails-3.2.9.rc1.gem
  • 444da0c3f2a1e3200d2a613973062c2d3e4ad7d0 railties-3.2.9.rc1.gem

You can find a list of changes between v3.2.8 and v3.2.9.rc1 here

Thanks to everyone!

Rails 3.2.8 has been released!

Good news everyone! Rails version 3.2.8 has been released.

IMPORTANT

This version contains three important security fixes, please upgrade immediately.

One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using select_tag’s prompt option and strip_tags helper from ActionPack.

We are also removing all the deprecation warnings that we introduced in 3.2.x. We have decided to stop introducing API deprecations in all point releases going forward. From now on, it’ll only happen in majors/minors.

CHANGES since 3.2.7

Action Mailer

  • No changes

Action Pack

  • html_escape should escape single quotes. Santiago Pastorino

  • Reverted the deprecation of :confirm. Rafael Mendonça França

  • Reverted the deprecation of :disable_with. Rafael Mendonça França

  • Reverted the deprecation of :mouseover option to image_tag. Rafael Mendonça França

  • Reverted the deprecation of button_to_function and link_to_function helpers. Rafael Mendonça França

Active Model

  • No changes

Active Record

  • Do not set RAILS_ENV to “development” when using db:test:prepare and related rake tasks. This was causing the truncation of the development database data when using RSpec. In RC2 was fixed again when using config.active_record.schema_format = :sql Rafael Mendonça França

  • Do not consider the numeric attribute as changed if the old value is zero and the new value is not a string. Fixes #7237. Rafael Mendonça França

  • Removes the deprecation of update_attribute. fxn

  • Reverted the deprecation of composed_of. Rafael Mendonça França

  • Reverted the deprecation of *_sql association options. They will be deprecated in 4.0 instead. Jon Leighton

  • Do not eager load AR session store. ActiveRecord::SessionStore depends on the abstract store in Action Pack. Eager loading this class would break client code that eager loads Active Record standalone. Fixes #7160

    Xavier Noria

  • Do not set RAILS_ENV to “development” when using db:test:prepare and related rake tasks. This was causing the truncation of the development database data when using RSpec. Fixes #7175.

    Rafael Mendonça França

Active Resource

  • No changes

Active Support

  • Fix ActiveSupport integration with Mocha > 0.12.1. Mike Gunderloy

  • Reverted the deprecation of ActiveSupport::JSON::Variable. Rafael Mendonça França

Railties

  • ERB scaffold generator use the :data => { :confirm => "Text" } syntax instead of :confirm. Rafael Mendonça França

SHA-1

  • 20525face84f3cdc8b0fc039e0f75ec4963e3677 actionmailer-3.2.8.gem
  • ccc63cc2fcb3131b92d45cf5834aa629857d7258 actionpack-3.2.8.gem
  • df7fb9febe248201fd1ad741a2044324f4c90cc9 activemodel-3.2.8.gem
  • 96e876f625b98915d2b1994c06ea057bf7dd23b8 activerecord-3.2.8.gem
  • 195e1e4653e6e06f469ea20e181727ef9d940ee7 activeresource-3.2.8.gem
  • e5136f556b62343425cc147a8990bd043430354d activesupport-3.2.8.gem
  • 35581ffc256d73d217537170b0e116cf4545752e rails-3.2.8.gem
  • e44accc5d057866087856a521398250fe082b70b railties-3.2.8.gem

You can find an exhaustive list of changes on github.

Thanks to everyone!