docrails, back to the roots

A bit of history

docrails is a branch of Ruby on Rails thought for quick doc fixes that gets cross-merged with master regularly, please have a look at What is docrails? for more on docrails.

When Pratik Naik created docrails back in 2008, he offered commit bit to anyone interested (this is the original announcement). Let me express my admiration for this idea. You know, in open source the commit bit is seen as the precious treasure only given to a few, and Pratik goes and puts this upside down to encourage contributions to the documentation. Genius!

And it went even further. GitHub was very kind to flip a private backend flag for docrails that enabled public write access, you didn’t even have to ask for commit bit, you could clone and push without asking for permission.

The idea proved to work, trust people and you’ll get trust back. Tons of people, including yours truly, have been able to contribute and improve the API and the guides with a workflow that is trivial compared to the friction of pull requests. Is about the same effort for Rails committers, patches have to be equally reviewed, but much less for contributors, which is fantastic.

Back to the roots

GitHub had to change their infrastructure recently and they needed to get rid of that hackish flag (only used by three projects). We are very grateful to them for providing it all this time. Thanks guys!

With the flag out now we are back to the roots. docrails is now owned by the Rails organization and has thus moved from lifo/docrails to rails/docrails. You can either ask for commit bit if you’d like to contribute to docrails regularly (please contact anyone from the core team), or else propose documentation changes to Rails itself via pull requests to rails/rails.

Please, do not open pull requests in docrails, documentation belongs to Rails and is maintained and evolved alongside the source code, the purpose of docrails is precisely to give you a way to bypass pull requests altogether.

Rails 4.0: Release Candidate 2 released!

We’re almost at the end of the road for Rails 4.0.0. This is intended to be the last release candidate before the final version is released. We have just under a hundred commits in since RC1. All just fixing regressions since the last release.

As last time, please give this release candidate an honest try. This is the version we’re going to ship on June 25th unless people find and report blocking issues. Please report all the issues you find on the Rails issue tracker.

As always, install the release with gem install rails --version 4.0.0.rc2 --no-ri --no-rdoc or depend on the v4.0.0.rc2 tag. You can also follow the 4-0-0 branch. 4-0-0-stable is now targeting 4.0.1 and master is targeting 4.1.

Go West, friends!

2013 Rails Google Summer of Code Projects

Google has announced the accepted projects for the Summer of Code 2013 and Rails has been granted five slots. Here’s what our students will be working on this summer:

Genadi Samokovarov will be working on adding a web-based console for development, debugging and testing your Rails applications. He will be mentored by Rails Core Team member Guillermo Iguaran.

Łukasz Strzałkowski will be working on seperating Action View from Action Pack and adding support for custom view classes. He will be mentored by Piotr Sarnacki, who was a Rails Summer of Code student in 2010 and has been a consistent contributor to Rails.

Ujjwal Thaakar will be working on adding support to Rails for bulk/collection actions with RESTful resources. He will be mentored by Rails Core Team member Andrew White.

Kasper Timm Hansen will be working on replacing the venerable html-scanner in the Rails HTML Sanitization API with Loofah and adding improvements to the API. He will be mentored by Rails Core Team member Rafael França.

John Wang will be working on refactoring the configuration and initialization of Rails applications. He will be mentored by Rails Core Team member Santiago Pastorino.

We’d like to thank all of the students and mentors who participated in the Summer of Code selection process - it was tough to get down to five projects, considering all the great proposals we had. We’re looking forward to seeing what all of our students bring to Rails this summer and we hope not to lose touch with others who are also excited about the prospects for Rails 4.0.

Rails 4.0: Release Candidate 1 released!

Just in time for the opening of RailsConf, we managed to push out the first release candidate of Rails 4.0. This incorporates no less than 1,368 commits since beta 1. You can see the full list of changes on Github. If you’re interested in a high-level review of what’s in Rails 4.0, please see the announcement we made for beta 1.

As last time, please give this release candidate an honest try. This is pretty much the version we’re going to ship unless people find and report blocking issues. Depending on how much stuff is unearthed, we expect that the final version could drop in as little as 3-4 weeks. Please report all the issues you find on the Rails issue tracker.

We’re still working on the upgrade guide from 3.2 to 4.0, but that’s a good place to start for help on how to do it. We’re also so lucky to have many authors and screencasters ready with material for 4.0. In the books department, you’ll find Rails 4.0-ready versions of Agile Web Development with Rails and Crafting Rails Applications. For screencasts, checkout the new Rails 4: Zombie Outlaws and Mike Clark’s Rails 4 class. There’s new material and books coming out all the time from a variety of other authors and broadcasters, so we’re really in good shape with training material timed for the release this time!

As always, install the release with gem install rails --version 4.0.0.rc1 --no-ri --no-rdoc or depend on the v4.0.0.rc1 tag. We also have a new 4-0-stable branch. Master is now safe to move on to developing features for 4.1.

Go West, friends!

Google Summer of Code 2013

We’re pleased to announce, Ruby on Rails has been accepted into Google Summer of Code 2013 as a mentoring organization. What does this mean to you? Potentially, if you’re the right person, you can get paid to work on Rails this summer! The “right person” in this case is one who is at least 18 years old (sorry, Google’s rule, not ours!) on or before May 27, 2013; a full or part-time college student; and passionate about improving Rails.

We’re building a potential list of project ideas on a GitHub wiki, but we welcome other interesting proposals. If your proposal gets accepted, Google will pay you $5000 over the course of three months to work on the code. If you’re interested, head over to the GSoC site and start reading about the process. Student applications can be submitted starting April 22 and the deadline is May 3.

If you’re wondering what’s involved in becoming a GSoC student then the Google Student Guide has all the details on what’s expected and what you will gain from taking part. Any further questions can be directed either to the mailing list or to me directly.

What if you’re not a student? You can still help out by discussing ideas on the special mailing list we’ve setup for this year’s program. Or if you’ve got previous experience of contributing to Rails and are ready to make a strong commitment to help out the next generation of developers, you can apply to be a mentor.

We’re looking forward to working with this year’s students, and expecting some outstanding contributions to Rails as a result!

[SEC] [ANN] Rails 3.2.13, 3.1.12, and 2.3.18 have been released!

Hi everyone!

Rails versions 3.2.13, 3.1.12, and 2.3.18 have been released. These releases contain important security fixes. It is recommended users upgrade as soon as possible.

Please check out these links for the security fixes:

All versions of Rails are impacted by one or more of these security issues, but per our maintenance policy, only versions 3.2.13, 3.1.12, and 2.3.18 have been released. You can find patches for older versions on each stable branch on GitHub:

as well as with the security advisories.

For other changes in each particular release, please see the CHANGELOG corresponding to that version. For all commits in each release, please follow the links below:

Here are the checksums for the released gems:


[aaron@higgins dist]$ shasum *3.2.13.gem
72b14536f1717121e8b2a5aa5a06c6194e02c87c  actionmailer-3.2.13.gem
a21166f7c364ff7825bf83f9757c33cc44fa0c00  actionpack-3.2.13.gem
9fa309dee3f87a53764db3aaefe3bbf6f9724ad2  activemodel-3.2.13.gem
469f6b4456d7fa1bf0336d488ad5878a6842e2da  activerecord-3.2.13.gem
0c89382354ffc5b4438ed37434b50d7cbc71d569  activeresource-3.2.13.gem
cdf230b698b28ae1cffb325ecbb9e219645ed68b  activesupport-3.2.13.gem
3785dc8d2af1521baddf2d90b67a9b61b2b31604  rails-3.2.13.gem
ff0607812bead596492272e4a4306ae3e950bdf4  railties-3.2.13.gem


[aaron@higgins dist]$ shasum *3.1.12.gem
b3f0ecee33032416170263508ccfb33d5dd65eef  actionmailer-3.1.12.gem
426fcf3f5d4e29ae6bf21f536a97d90d02bf73bb  actionpack-3.1.12.gem
2b01ba8bd85d67ded372f3908b694c1fa1ccb041  activemodel-3.1.12.gem
a3afc58fe3f7448ba09cdacb2046c9e10e474cb4  activerecord-3.1.12.gem
d3402193c0820f016b492162547194f942c96c1a  activeresource-3.1.12.gem
e25ed2f7e055d38b1bed482faf8b563a6b7e3899  activesupport-3.1.12.gem
75c2f85ed1e09d2bd1baa3efab5f097cdaef2a6b  rails-3.1.12.gem
618c5beb85124fbedfe41a72424079700f7a1d2c  railties-3.1.12.gem


[aaron@higgins dist]$ shasum *2.3.18.gem
09e361c4c96104303abad5faa4aec72ebe7c19d1  actionmailer-2.3.18.gem
deca0d8352858f734479b54162269e334faada21  actionpack-2.3.18.gem
e385b4b2e863592f9f06ca3248a67a18ea8c7e6c  activerecord-2.3.18.gem
ff4fb4a62c4d4007a6c596edf8f7055147948e60  activeresource-2.3.18.gem
1b9102fa31a47cf66b0c2583c99b707544d42054  activesupport-2.3.18.gem
f4aff07dce1db10ad6145e358344671cc482de70  rails-2.3.18.gem

Happy Monday!


[ANN] Rails 3.2.13.rc2 has been released!

Hi everybody.

I’d like to announce that Rails 3.2.13.rc2 has been released.

Rails 3.2.13.rc2 contains fixes for regressions found in rc1. Please test out rc2. If you find regressions between 3.2.13.rc2 and 3.2.12, please email the rails-core mailing list, or file an issue on GitHub.

If there aren’t any major regressions, 3.2.13 final will be released on March 13, 2013.



[ANN] Rails 3.2.13.rc1 has been released!

Hey everyone! I am pumped to announce that Rails 3.2.13.rc1 has been released! If no regressions are found I will release 3.2.13 final in two weeks, on March 13, 2013. If you find one, please Open an Issue on GitHub so that I can fix it before the final release.

This is a bugfix release, with 287 commits. There is one big thing that is technically a fix but is sort of a feature: Ruby 2.0 support. Big thanks to Prem Sichanugrist for putting that together! Please give your applications a try on Ruby 2.0 and let me know how that goes.

CHANGES since 3.2.12

Action Mailer

No changes.

Action Pack

  • Determine the controller#action from only the matched path when using the shorthand syntax. Previously the complete path was used, which led to problems with nesting (scopes and namespaces). Fixes #7554. Backport #9361.


    # this will route to questions#new
    scope ':locale' do
      get 'questions/new'

    Yves Senn

  • Fix assert_template with render :stream => true. Fix #1743. Backport #5288.

    Sergey Nartimov

  • Eagerly populate the http method loookup cache so local project inflections do not interfere with use of underscore method ( and we don’t need locks )

    Aditya Sanghi

  • BestStandardsSupport no longer duplicates X-UA-Compatible values on each request to prevent header size from blowing up.

    Edward Anderson

  • Fixed JSON params parsing regression for non-object JSON content.

    Dylan Smith

  • Prevent unnecessary asset compilation when using javascript_include_tag on files with non-standard extensions.

    Noah Silas

  • Fixes issue where duplicate assets can be required with sprockets.

    Jeremy Jackson

  • Bump rack dependency to 1.4.3, eliminate Rack::File headers deprecation warning.

    Sam Ruby + Carlos Antonio da Silva

  • Do not append second slash to root_url when using trailing_slash: true

    Fix #8700. Backport #8701.

    Example: # before root_url # =>

    # after
    root_url # =>

    Yves Senn

  • Fix a bug in content_tag_for that prevents it for work without a block.


  • Clear url helper methods when routes are reloaded by removing the methods explicitly rather than just clearing the module because it didn’t work properly and could be the source of a memory leak.

    Andrew White

  • Fix a bug in ActionDispatch::Request#raw_post that caused env['rack.input'] to be read but not rewound.

    Matt Venables

  • More descriptive error messages when calling render :partial with an invalid :layout argument.

    Fixes #8376.

    render :partial => 'partial', :layout => true
    # results in ActionView::MissingTemplate: Missing partial /true

    Yves Senn

  • Accept symbols as #send_data :disposition value. [Backport #8329] Elia Schito

  • Add i18n scope to distance_of_time_in_words. [Backport #7997] Steve Klabnik

  • Fix side effect of url_for changing the :controller string option. [Backport #6003] Before:

    controller = '/projects'
    url_for :controller => controller, :action => 'status'
    puts controller #=> 'projects'


    puts controller #=> '/projects'

    Nikita Beloglazov + Andrew White

  • Introduce ActionView::Template::Handlers::ERB.escape_whitelist. This is a list of mime types where template text is not html escaped by default. It prevents Jack & Joe from rendering as Jack &amp; Joe for the whitelisted mime types. The default whitelist contains text/plain. Fix #7976 [Backport #8235]

    Joost Baaij

  • BestStandardsSupport middleware now appends it’s X-UA-Compatible value to app’s returned value if any. Fix #8086 [Backport #8093]

    Nikita Afanasenko

  • prevent double slashes in engine urls when Rails.application.default_url_options[:trailing_slash] = true is set Fix #7842

    Yves Senn

  • Fix input name when :multiple => true and :index are set.


    check_box("post", "comment_ids", { :multiple => true, :index => "foo" }, 1)
    #=> <input name=\"post[foo][comment_ids]\" type=\"hidden\" value=\"0\" /><input id=\"post_foo_comment_ids_1\" name=\"post[foo][comment_ids]\" type=\"checkbox\" value=\"1\" />


    check_box("post", "comment_ids", { :multiple => true, :index => "foo" }, 1)
    #=> <input name=\"post[foo][comment_ids][]\" type=\"hidden\" value=\"0\" /><input id=\"post_foo_comment_ids_1\" name=\"post[foo][comment_ids][]\" type=\"checkbox\" value=\"1\" />

    Fix #8108

    Daniel Fox, Grant Hutchins & Trace Wax

Active Model

  • Specify type of singular association during serialization Steve Klabnik

Active Record

  • Reverted 921a296a3390192a71abeec6d9a035cc6d1865c8, ‘Quote numeric values compared to string columns.’ This caused several regressions.

    Steve Klabnik

  • Fix overriding of attributes by default_scope on ActiveRecord::Base#dup.

    Hiroshige UMINO

  • Fix issue with overriding Active Record reader methods with a composed object and using that attribute as the scope of a uniqueness_of validation. Backport #7072.

    Peter Brown

  • Sqlite now preserves custom primary keys when copying or altering tables. Fixes #9367. Backport #2312.

    Sean Scally + Yves Senn

  • Preloading has_many :through associations with conditions won’t cache the :through association. This will prevent invalid subsets to be cached. Fixes #8423. Backport #9252.


    class User
      has_many :posts
      has_many :recent_comments, -> { where('created_at > ?', 1.week.ago) }, :through => :posts
    a_user = User.includes(:recent_comments).first
    # this is preloaded
    # fetching the recent_comments through the posts association won't preload it.

    Yves Senn

  • Fix handling of dirty time zone aware attributes

    Previously, when time_zone_aware_attributes were enabled, after changing a datetime or timestamp attribute and then changing it back to the original value, changed_attributes still tracked the attribute as changed. This caused [attribute]_changed? and changed? methods to return true incorrectly.


    in_time_zone 'Paris' do
      order =
      original_time = Time.local(2012, 10, 10)
      order.shipped_at = original_time
      order.changed? # => false
      # changing value
      order.shipped_at = Time.local(2013, 1, 1)
      order.changed? # => true
      # reverting to original value
      order.shipped_at = original_time
      order.changed? # => false, used to return true

    Backport of #9073 Fixes #8898

    Lilibeth De La Cruz

  • Fix counter cache columns not updated when replacing has_many :through associations. Backport #8400. Fix #7630.

    Matthew Robertson

  • Don’t update column_defaults when calling destructive methods on column with default value. Backport c517602. Fix #6115.

    Piotr Sarnacki + Aleksey Magusev + Alan Daud

  • When #count is used in conjunction with #uniq we perform count(:distinct => true). Fix #6865.


    relation.uniq.count # => SELECT COUNT(DISTINCT *)

    Yves Senn + Kaspar Schiess

  • Fix ActiveRecord::Relation#pluck when columns or tables are reserved words. Backport #7536. Fix #8968.

    Ian Lesperance + Yves Senn + Kaspar Schiess

  • Don’t run explain on slow queries for database adapters that don’t support it. Backport #6197.

    Blake Smith

  • Revert round usec when comparing timestamp attributes in the dirty tracking. Fixes #8460.

    Andrew White

  • Revert creation of through association models when using collection=[] on a has_many :through association from an unsaved model. Fix #7661, #8269.

    Ernie Miller

  • Fix undefined method to_i when calling new on a scope that uses an Array; Fix FloatDomainError when setting integer column to NaN. Fixes #8718, #8734, #8757.

    Jason Stirk + Tristan Harward

  • Serialized attributes can be serialized in integer columns. Fix #8575.

    Rafael Mendonça França

  • Keep index names when using alter_table with sqlite3. Fix #3489. Backport #8522.

    Yves Senn

  • Recognize migrations placed in directories containing numbers and ‘rb’. Fix #8492. Backport of #8500.

    Yves Senn

  • Add ActiveRecord::Base.cache_timestamp_format class attribute to control the format of the timestamp value in the cache key. This allows users to improve the precision of the cache key. Fixes #8195.

    Rafael Mendonça França

  • Add :nsec date format. This can be used to improve the precision of cache key. Please note that this format only works with Ruby 1.9, Ruby 1.8 will ignore it completely.

    Jamie Gaskins

  • Unscope update_column(s) query to ignore default scope.

    When applying default_scope to a class with a where clause, using update_column(s) could generate a query that would not properly update the record due to the where clause from the default_scope being applied to the update query.

    class User < ActiveRecord::Base
      default_scope where(active: true)
    user = User.first = false!
    user.update_column(:active, true) # => false

    In this situation we want to skip the default_scope clause and just update the record based on the primary key. With this change:

    user.update_column(:active, true) # => true

    Backport of #8436 fix.

    Carlos Antonio da Silva

  • Fix performance problem with primary_key method in PostgreSQL adapter when having many schemas. Uses pg_constraint table instead of pg_depend table which has many records in general. Fix #8414


  • Do not instantiate intermediate Active Record objects when eager loading. These records caused after_find to run more than expected. Fix #3313 Backport of #8403

    Yves Senn

  • Fix pluck to work with joins. Backport of #4942.

    Carlos Antonio da Silva

  • Fix a problem with translate_exception method in a non English environment. Backport of #6397.


  • Fix dirty attribute checks for TimeZoneConversion with nil and blank datetime attributes. Setting a nil datetime to a blank string should not result in a change being flagged. Fixes #8310. Backport of #8311.

    Alisdair McDiarmid

  • Prevent mass assignment to the type column of polymorphic associations when using build. Fixes #8265. Backport of #8291.

    Yves Senn

  • When running migrations on Postgresql, the :limit option for binary and text columns is silently dropped. Previously, these migrations caused sql exceptions, because Postgresql doesn’t support limits on these types.

    Victor Costan

  • #pluck can be used on a relation with select clause. Fixes #7551. Backport of #8176.

    Example:[:approved, :id]).order(:id).pluck(:id)

    Yves Senn

  • Use nil? instead of blank? to check whether dynamic finder with a bang should raise RecordNotFound. Fixes #7238.

    Nikita Afanasenko

  • Fix deleting from a HABTM join table upon destroying an object of a model with optimistic locking enabled. Fixes #5332.

    Nick Rogers

  • Use query cache/uncache when using ENV[“DATABASE_URL”]. Fixes #6951. Backport of #8074.


  • Do not create useless database transaction when building has_one association.


    User.has_one :profile

    Backport of #8154.

    Bogdan Gusiev

  • AR::Base#attributes_before_type_cast now returns unserialized values for serialized attributes.

    Nikita Afanasenko

  • Fix issue that raises NameError when overriding the accepts_nested_attributes in child classes.


    class Shared::Person < ActiveRecord::Base
      has_one :address
      accepts_nested_attributes :address, :reject_if => :all_blank
    class Person < Shared::Person
      accepts_nested_attributes :address
    #=> NameError: method `address_attributes=' not defined in Person


    #=> Person(id: integer, ...)

    Fixes #8131.

    Gabriel Sobrinho, Ricardo Henrique

Active Resource

No changes.

Active Support

  • Fix DateTime comparison with DateTime::Infinity object.

    Dan Kubb

  • Remove surrogate unicode character encoding from ActiveSupport::JSON.encode The encoding scheme was broken for unicode characters outside the basic multilingual plane; since json is assumed to be UTF-8, and we already force the encoding to UTF-8 simply pass through the un-encoded characters.

    Brett Carter

  • Fix mocha v0.13.0 compatibility. James Mead

  • #as_json isolates options when encoding a hash. [Backport #8185] Fix #8182

    Yves Senn

  • Handle the possible Permission Denied errors atomic.rb might trigger due to its chown and chmod calls. [Backport #8027]

    Daniele Sluijters


No changes.

Full listing

To see the full list of changes, check out all the commits on GitHub.


If you’d like to verify that your gem is the same as the one I’ve uploaded, please use these SHA-1 hashes:

  • 6a33c2d10abb5512499addb675df658e179f2e79 actionmailer-3.2.13.rc1.gem
  • 11d8303470698c5b0ac68f187a15093c07383c89 actionpack-3.2.13.rc1.gem
  • a72dafd8b1e3372cc4dda9015b93bf5509b25baa activemodel-3.2.13.rc1.gem
  • 3c6463ab11658b5ab0fe6a4ad06eb52968ef4492 activerecord-3.2.13.rc1.gem
  • 06cec200b95dc1f64614cd03432e9ab06742a865 activeresource-3.2.13.rc1.gem
  • 5ff59cacae5295baf30a6fb8fb656037f22af3c2 activesupport-3.2.13.rc1.gem
  • facf4549445922d9dc2a836283ae928fa52df4f8 rails-3.2.13.rc1.gem
  • 55e44f621efbf531d9ccade6d27259f7dabae167 railties-3.2.13.rc1.gem


Rails 4.0: Beta 1 released!

Hot on the heels of the first production version of Ruby 2.0 comes the first beta version of Rails 4.0. The two form a great pair and are already running in production on a number of applications, including Basecamp Breeze. In fact, Ruby 2.0 is the preferred Ruby to use with Rails 4.0.

The purpose of this beta is to get as many people as possible to try to upgrade from Rails 3.2 and earlier and to get an adventurous few to start new applications directly on Rails 4.0. That’s the only way we’re going to suss out all the issues and ensure that we can launch a solid final release. So please help us with that if you can!

Rails 4.0 is packed with new goodies and farewells to old goodies past their expiration date.

A big focus has been on making it dead simple to build modern web applications that are screaming fast without needing to go the client-side JS/JSON server route. Much of this work was pioneered for Rails in the new version of Basecamp and focuses on three aspects:

  1. Make it super easy to do Russian Doll-caching through key-based expiration with automatic dependency management of nested templates (explored first in the cache_digests plugin).
  2. Speed-up the client-side with Turbolinks, which essentially turns your app into a single-page javascript application in terms of speed, but with none of the developmental drawbacks (except, maybe, compatibility issues with some existing JavaScript packages).
  3. Declarative etags makes it even easier to ensure you’re taking advantage of HTTP freshness.

Rails is of course still a great JSON server for people who want to build client-side JS views, but with the progress we’ve made for Rails 4.0, you certainly won’t need to go down that route just to have a super fast application.

We’ve also added live streaming for persistent connections and Rails 4.0 is now safe for threaded servers out of the box (no more need for config.threadsafe!).

Active Record has received a ton of love as well to make everything related to scoping and the query structure more consistent.

Given all the fun we’ve had with security issues, we have some great updates there as well:

  • Session store is now encrypted by default (formerly just signed).
  • Strong Parameters take over from attr_protected (now a plugin) to guard against foreign parameters.
  • Security headers like X-Frame-Options, X-XSS-Protection, X-Content-Type-Options are on by default with solid values.
  • XML Parameter parsing has been sent to a plugin.

On top of these new features and fixes, we have hundreds more of all sorts. Everything has been combed over, streamlined, simplified, and we’ve extracted out lots of old APIs and things that just don’t fit “most people most of the time”.

Active Resource, Active Record Observers, and Action Pack page and action caching are all examples of things that are no longer in core, but lives on in plugins.

We encourage you to peruse the CHANGELOGs for all the Rails frameworks and delight over the hundreds of improvements we’ve made to Rails 4.0: Action Pack, Active Model, Active Record, Active Support, Rails.

Now let’s all work together to ensure the release is final and enjoy the bad-ass combination of Ruby on Rails 24! (Or 42?). Please report all the issues you find on the Rails issue tracker. We’re still working on the upgrade guide from 3.2 to 4.0, but that’s a good place to start for help on how to do it. As always, install betas with gem install rails --version 4.0.0.beta1 --no-ri --no-rdoc (–pre and ri generation is busted on RubyGems 2.0 at the moment) or depend on the v4.0.0.beta1 tag.

Maintenance policy for Ruby on Rails

Since the most recent patch releases there has been some confusion about what versions of Ruby on Rails are currently supported, and when people can expect new versions. Our maintenance policy is as follows.

Support of the Rails framework is divided into four groups: New features, bug fixes, security issues, and severe security issues. They are handled as follows, all versions in x.y.z format:

New Features

New Features are only added to the master branch and will not be made available in point releases.

Bug fixes

Only the latest release series will receive bug fixes. When enough bugs are fixed and its deemed worthy to release a new gem, this is the branch it happens from.

Currently included series: 3.2.z

After the Rails 4 release: 4.0.z

Security issues:

The current release series and the next most recent one will receive patches and new versions in case of a security issue.

These releases are created by taking the last released version, applying the security patches, and releasing. Those patches are then applied to the end of the x-y-stable branch. For example, a theoretical 1.2.3 security release would be built from 1.2.2, and then added to the end of 1-2-stable. This means that security releases are easy to upgrade to if you’re running the latest version of Rails.

Currently included series: 3.2.z, 3.1.z

After the Rails 4 release: 4.0.z, 3.2.z

Severe security issues:

For severe security issues we will provide new versions as above, and also the last major release series will receive patches and new versions. The classification of the security issue is judged by the core team.

Currently included series: 3.2.z, 3.1.z, 2.3.z

After the Rails 4 release: 4.0.z, 3.2.z

Unsupported Release Series

When a release series is no longer supported, it’s your own responsibility to deal with bugs and security issues. We may provide back-ports of the fixes and publish them to git, however there will be no new versions released. If you are not comfortable maintaining your own versions, you should upgrade to a supported version.

You should also be aware that Ruby 1.8 will reach End of Life in June 2013, no further Ruby security releases will be provided after that point. If your application is only compatible Ruby 1.8 you should upgrade accordingly.