[ANN] Rails 2.3.14

Hi everyone,

Rails 2.3.14 has been released. This release contains critical security fixes.

CHANGES

You can find an exhaustive list of changes on github. Here are some notable excerpts:

4 Security Fixes

Please follow the links to see specific information about each vulnerability, along with individual patches for fixing them.

Also remember to subscribe to the Ruby on Rails Security mailing list.

2 Bug Fixes

  • Rescue from RDoc task errors
  • OrderedHash can merge with blocks

THE END

Thanks! <3

[ANN] Rails 3.0.10.rc1 has been released!

Hi everyone,

Rails 3.0.10.rc1 has been released. As usual, please try out this release candidate and report any issues to the ruby on rails core mailing list. If no issues are found, we’ll release 3.0.10 on August 8th (around 5pm PDT).

If you do find issues, please send them to the rails core mailing list. If the release candidate is found to not be backwards compatible with the previous release, we’ll do another release candidate and postpone the final release date.

Remember that this is your chance to veto / postpone the rails release. Please take this opportunity to test!

CHANGES

You can find an exhaustive list of changes on github. Here are some notable excerpts:

From ActionPack:

  • Fixes an issue where cache sweepers with only after filters would have no controller object, it would raise undefined method controller_name for nil [jeroenj]

  • Ensure status codes are logged when exceptions are raised.

  • Subclasses of OutputBuffer are respected.

  • Fixed ActionView::FormOptionsHelper#select with :multiple => false

  • Avoid extra call to Cache#read in case of a fragment cache hit

From ActiveRecord:

  • Magic encoding comment added to schema.rb files

  • schema.rb is written as UTF-8 by default.

  • Ensuring an established connection when running rake db:schema:dump

  • Association conditions will not clobber join conditions.

  • Destroying a record will destroy the HABTM record before destroying itself. GH #402.

  • Make ActiveRecord::Batches#find_each to not return self.

  • Update table_exists? in PG to to always use current search_path or schema if explictly set.

THE END

Thanks!

-Aaron <3

Rails now tested on Travis CI

Setting up continuous integration for Rails has been a complicated undertaking in the past.

Rails needs to be tested against different Ruby versions and various modes (such as running test cases in isolation/non-isolation, running ActiveRecord with identitymap enabled/disabled). This made the test suite run for an isanely long time (up to 2 hours on 1.9.2 alone) and required regular maintenance by
the Rails core team.

Over the past weeks the folks at Travis CI have been working hard to provide a better experience to Rails continous integration and today we can happily announce that
Rails is now testing on Travis CI!

Travis CI is doing a great job in providing multi-ruby testing capabilities and it is dead-simple to use. There’s some great potential to this project and it might change the way we see open-source development and testing quite a bit.

So, if you are publishing any kind of open-source code, library or web application, we recommend you have a look at it. And if you have a spare hour once in a while then consider potentially jumping on board to help improve the code base.

Travis CI is using a separate physical worker server (and a quite beefy one!) for running workers dedicated to Rails builds. This server has kindly been sponsored by the great folks over at Enterprise Rails.

[Guest post by Josh Kalderimis & Sven Fuchs]

Rails 3.1 HackFest

Have you ever wanted to contribute back to Rails? This is the opportunity you’ve been looking for. We’re organizing a Rails 3.1 Hackfest on the weekend of July 23rd and 24th!!!

GOAL

The goal of this event is to have Rails 3.1 as the most stable version as possible. So, in this event we will focus on working on 3-1-stable branch of the project.

HOW

In order to achieve this we encourage you to:

  • Upgrade your existing apps to Rails 3.1 and report any existing issue if it doesn’t already exist
  • Test your favorite plugins/gems with Rails 3.1 and report any existing issue if it doesn’t already exist
  • Review all the open issues and pull requests
    • Check if issues can be reproduced
    • If so provide as many details as possible (for example it’s important for us to know which Rails version/s are affected. They could be 2-3-stable, 3-0-stable, 3-1-stable or master)
    • If it’s not possible to reproduce the issue, add a comment on github issue tracker indicating that
  • Provide test cases and patches for 3-1-stable blockers only (blockers will be tagged as ‘blocker’)
    • Follow the contributing to Ruby on Rails guide
    • Try to provide a failing test case (if you can’t figure out the whole solution)
    • Try to provide a full patch (tests, code and docs if needed)
  • Write documentation (guides, API), you can push modifications directly to docrails
  • Write blog posts about your experience using 3.1

Please note that since we are on the release candidate already, only patches for blocking issues will be accepted.

WHO

From the core team: Aaron Patterson (tenderlove), Xavier Noria (fxn) and Santiago Pastorino (spastorino), and the core contributors: Damien Mathieu (dmathieu), Prem Sichanugrist (sikachu) and Josh Kalderimis (joshk) will be around, so don’t hesitate to ask whatever questions you may have.

WHEN

The weekend of July 23rd and 24th, 2011

WHERE

On IRC:

Server: irc.freenode.net Channel: #rails-contrib

In real life:

What could be better than gathering together in real life and hacking (and drinking?) on the weekend!? It’s the best chance to get together and getting into the depth of Rails core. Contact your friends, your boss, your co-workers, and get them organized!

These are the places that have confirmed the gathering:

Keep watching this list as it continues to grow. See you on 23rd!

[ANN] Rails 3.0.9 has been released!

Hi everybody!

Rails 3.0.9 has been released! Since I am at Nordic Ruby, I will deem this Nordic Ruby Edition. ;-)

The main boogs fixed in this release are problems dealing with modifications of SafeBuffers.

gem install rails or update your Gemfile and bundle update while it’s hot!

CHANGES

The major changes in this release of Rails are bug fixes surrounding modifications to SafeBuffer strings. We had places that were modifying SafeBuffers and those places raised exceptions after the security fixes in the 3.0.8 release.

We’ve since updated those code paths, and now we have this nice release for you today!

Please check the CHANGELOG files in each section on github for more details.

For an exhaustive list of the commits in this release, please see github.

Gem checksums

SHA-1:

  • fb8f3c0b6c866dbad05ec33baf2af7e851f9d745 actionmailer-3.0.9.gem
  • 9bc2c05463962320d0497bb2e30f4ffa66ed4f79 actionpack-3.0.9.gem
  • 2c1004747a22f756722cf95605398bf9ba6244ed activemodel-3.0.9.gem
  • 285759d41c79460a3f49d26d8a0b3f8c9279e868 activerecord-3.0.9.gem
  • 28f2b296525caeca1341467b5f1bbb90de88aaa7 activesupport-3.0.9.gem
  • 09d52fdcbeefba31dd267d3d7484332ec30f7539 rails-3.0.9.gem
  • 8b46dbeddb56e2e4b4ebfb5312fe81eb865a47e7 railties-3.0.9.gem

Please enjoy this release of Rails!

<3 <3 <3

[ANN] Rails 3.1.0.rc4 has been released!

I’ve pushed a 3.1.0.rc4. Please test it against your application against this release candidate and report any regressions to the rails core mailing list. I would like to hear your feedback, good or bad. Especially if it’s good. <3 <3

In two weeks, if there are no show stopping issues I will release the final version. If we do find regressions, I will publish another release candidate and we’ll put another two weeks on the clock.

However, I will not wait two weeks between release candidates. I want to get the final done as quickly as possible, so I’ll try to release RCs as quickly as possible.

CHANGES

Here are some of the major changes to the RC branch:

  • escape_javascript safebuffer fixes
  • json_escape safebuffer fixes
  • RDoc / ruby-debug conflict fixes.
  • arel_table is cached unless the table_name changes

For an exaustive list, please check out the commits on github.

<3 <3 <3

[ANN] Rails 3.0.9.rc3 has been released!

I’ve pushed an rc3. Yes, we skipped one. I screwed up the rc2, so I yanked it, and we’re going straight to rc3. Good thing it’s just a release candidate, right? ;-)

As usual, please test this against your application and report any regressions to the rails core mailing list. I would like to hear your feedback, good or bad.

I will release the final in 72hours if there are no reported regressions. If there are reported regressions, I will release another RC and the clock will start over.

CHANGES

Here are some of the major changes since 3.0.9.rc1:

  • escape_javascript safebuffer fixes
  • json_escape safebuffer fixes
  • RDoc / ruby-debug conflict fixes.

For an exaustive list, please check out the commits on github.

<3 <3 <3

[ANN] Rails 3.1.0.rc3 has been released!

Hey folks. Sorry for the multiple releases in such a short time span, but the security fixes released yesterday seem to have broken people’s applications. Even though this is a release candidate, I am not happy about breaking stuff.

I’ve pushed a 3.1.0.rc3. Please test it against your application against this release candidate and report any regressions to the rails core mailing list. I would like to hear your feedback, good or bad. Especially if it’s good. <3 <3

In two weeks, if there are no show stopping issues I will release the final version. If we do find regressions, I will publish another release candidate and we’ll put another two weeks on the clock.

However, I will not wait two weeks between release candidates. I want to get the final done as quickly as possible, so I’ll try to release RCs as quickly as possible.

CHANGES

Here are some of the major changes to the RC branch:

  • mailto SafeBuffer fixes
  • escape_javascript SafeBuffer fixes
  • Multiple sources in sprocket helpers

For an exaustive list, please check out the commits on github.

Thanks for your patience everyone!

<3 <3 <3

[ANN] Rails 3.0.9.rc1 has been released!

Hey folks. Sorry for the multiple releases in such a short time span, but the security fixes released yesterday seem to have broken people’s applications. I am not happy about that.

I’ve pushed a 3.0.9.rc1. Please test it against your application against this release candidate and report any regressions to the rails core mailing list. I would like to hear your feedback, good or bad.

I will release the final in 72hours if there are no reported regressions. If there are reported regressions, I will release another RC and the clock will start over.

CHANGES

Here are some of the major changes:

  • MemCacheStore works with Ruby 1.9 and -Ku
  • mailto SafeBuffer fixes
  • escape_javascript SafeBuffer fixes

For an exaustive list, please check out the commits on github.

Thanks for your patience everyone!

<3 <3 <3

[ANN] Rails 3.1.0.rc2 has been released!

Security Issues!

This release contains fixes for possible XSS problems in your rails application. It is unlikely that your application is vulnerable, but you should take precautions by updating your application.

For more information about the XSS issue that was fixed in this release, please read this blog post.

WELCOME!

Hi everyone! I’ve released Rails version 3.1.0.rc2!

Please download our latest release candidate and give it a whirl!

Two weeks from today, we’ll either release another rc, or release 3.1.0 final (depending on the reported issues).

CHANGES

  • Fixing Rake 0.9.x integration
  • Fixing rubygems deprecation warnings
  • Sprockets was updated

MORE IMPORTANT CHANGES

  • Much whitespace was removed
  • Many typos were fixed
  • Queens English was changed to American English
  • Many grammar errors removed

For an exaustive list of changes, see the log on github.