Rails 5.2.0 RC1: Active Storage, Redis Cache Store, HTTP/2 Early Hints, CSP, Credentials

It’s been two months since the first beta release of Rails 5.2, and we’ve spent the time since to improve, polish, and tweak the release in all sorts of lovely ways for this first release candidate.

Our headline feature, the new Active Storage framework, has been expanded with deeper content-type identification, as well as a ton of other improvements. It also had a few extra months of battle-testing in production at both Basecamp and elsewhere. It’s a very solid framework out the box.

During the beta, we’ve also managed to squeeze in a few additional improvements. Like super-fast fixture loading, custom error handling on Active Job discarding, and call-site logging for Active Record queries in development. The wheels never stop turning!

So we’re getting close. Basecamp and lots of other shops have already been running the Rails 5.2 beta in production for months. Our target for either the next release candidate or final, depending on the severity of issues that may pop up, is before the end of February. But since this is a release candidate, we’ll already now move rails/master to rails/5-2-stable, and thus free up rails/master to target Rails 6.0 development.

Thanks again to everyone who continue to pour their love and support into Ruby on Rails!

Recap of the highlights of Rails 5.2 from the beta announcement

It’s been too hard to deal with file uploads in Rails for too long. Sure, there’s been a lot of fine plugins available, but it was overdue that we incorporated something right into the framework. So now we have!

With the new Active Storage framework in Rails 5.2, we’ve solved for the modern approach of uploading files straight to the cloud. Out of the box, there’s support for Amazon’s S3, Google’s Cloud Storage, and Microsoft Azure Cloud File Storage.

If you’re dealing with images, you can create variants on the fly. If you’re dealing with videos or PDFs, you can create previews on the fly. And regardless of the type, you can analyze uploads for metadata extraction asynchronously.

Active Storage was extracted from Basecamp 3 by George Claghorn and yours truly. So not only is the framework already used in production, it was born from production. There’s that Extraction Design guarantee stamp alright!

Speaking of extractions, Jeremy Daer has untangled the long jungle twine of hacks we were using at Basecamp to employ Redis for general partial, fragment, and other Rails caching jobs. There’s a sparkling new Redis Cache Store that incorporates all those years of veteran hacks into a cohesive unit that anyone can use.

This new Redis Cache Store supports Redis::Distributed, for Memcached-like sharding across Redises. It’s fault tolerant, so will treat failures like misses, rather than kill the request with an exception. It even supports distributed MGETs for that full partial collection caching goodness.

This comes together with a massive leap forward for cache efficiency with key recycling and compression both available by default. For Basecamp, it meant improving the cache lifetime by two orders of magnitude! We went from having caches trashed in as little as a day to having caches last for months. If you’re using partial caching and the nesting doll strategy, your cache lifetime will improve dramatically between these two changes.

We’ve also embraced the cherry of HTTP/2 with early hints through the work of Aaron Patterson and Eileen Uchitelle. This means we can automatically instruct the web server to send required style sheet and JavaScript assets early. Which means faster full page delivery, as who wouldn’t want that?

On the topic of performance, Rails now ships with Bootsnap in the default Gemfile, created by our friends at Shopify. It generally reduces application boot times by over 50%.

Rails has always been in the forefront of making your web applications more secure, leading the way with built-in CSRF and XSS protection and we’ve enhanced that further in Rails 5.2 with the addition of a new DSL that allows you to configure a Content Security Policy for your application. You can configure a global default policy and then override it on a per-resource basis and even use lambdas to inject per-request values into the header such as account subdomains in a multi-tenant application.

But it’s not all just new starry-eyed wonders. In Rails 5.1, we added encrypted secrets. These secrets were like the old secrets but, uhm, more secret, because, you know, ENCRYPTION! Confusing? Yes. Why would you want secrets that weren’t really secret? Well, you don’t.

In Rails 5.2, we’ve rectified the mess by deprecating the two different kinds of secrets and introduced a new shared concept called Credentials. Credentials, like AWS access keys and other forms of logins and passwords, were the dominant use case for secrets, so why not just call a spade a spade. So spade it is!

Credentials are always encrypted. This means they’re safe to check into revision control, as long as you keep the key out of it. That means atomic deploys, no need to mess with a flurry of environment variables, and other benefits of having all credentials that the app needs in one place, safe and secure.

In addition, we’ve opened up the API underlying Credentials, so you can easily deal with other encrypted configurations, keys, and files.

Since Rails 5.1, we’ve also made great strides with Webpacker. So Rails 5.2 is meant to pair beautifully with the new Webpacker 3.0 release. Rails has fully embraced modern JavaScript with a pre-configured build pipeline run by Webpack. We keep strengthening that relationship.

Faster fixtures, PostgreSQL foreign tables and more!

Hi there! This is Prathamesh, bringing you the latest edition of This Week in Rails, covering highlights from the Rails community, as well as changes recently made to the framework. Let’s dive in!

This Week’s Contributors

This week there were 22 contributors to Rails including contributions from 4 first-timers. Thanks!

Multi-statement query for inserting fixtures

This change constructs a single query for inserting fixtures from different tables. This change reduced the time to load around 700 fixtures from 15 seconds to 8 seconds! 🏎

Custom handling of exceptions that are discarded

This change allows a job that is discarded to be handled by a custom handler. The retry_on already provides the ability for a custom handler and now same has been added to discard_on handler.

Support for PostgreSQL foreign tables

With this change, it will be possible to work with models backed by foreign tables present in external PostgreSQL servers.

That’s it for this week. Many more changes were introduced to Rails than were featured here, check out the full week of commit activity to learn more!

Until next time!

Happy New Year! Ruby 2.5, bugfixes, and more!

Happy New Year, Rubyists on Rails! This is Tim here bringing you all the latest in Rails from the Holiday and New Year period. We hope you got to unwind during this time of year (if that is your thing) and are well rested for all that 2018 has to bring. Rails, on the other hand, saw a flurry of activity including many, many bug fixes. So, without further ado…..

This Week’s Contributors

Since our last issue, 36 people gave the gift of Pull Request 🎁 to Rails. 6 of those contributed for the very first time! A big thank you to everyone who contributed during a time that is typically reserved for performing upgrades and fixes to extended family members’ devices.

Ruby 2.5.0 added to Rails CI matrix

Ruby 2.5.0 was released on December 25 2017, bringing many exciting changes. Rails has been confirmed to work with this new Ruby as it has been officially added to its testing matrix.

RailsConf 2018 CFP is now open

RailsConf is calling for proposals for its 2018 conference which will be held in Pittsburgh. The deadline is January 19th, so now’s the time to get that proposal in!

Add bulk ALTER support for PostgreSQL

Bulk ALTER support has existed for MySQL’s adapter for many years. This change adds support for the PostgreSQL adapter, meaning that multiple column changes can now be aggregated into a single statement.

Add support for combined MiniMagick transformations

This change added support for MiniMagick’s combine_options, allowing Active Storage to apply changes like center-weighted cropping that combine multiple options into a single step.

Fix infinity value in PostgreSQL range type

This fixed an issue whereby an infinity value would not be serialized correctly in a PostgreSQL range type column.

Fix foreign key replacement in inverse association

This fixes an issue where foreign keys would not get updated correctly when an object changed the target of its belongs_to relationship.

Force :attachment as content disposition for some content types

The default behavior for ActiveStorage::Blob#service_url is to use an :inline value for disposition. There are certain distinct content types, however, for which this does not make sense. This change identifies those cases and prevents them from inheriting this default behavior.

Fix validation callbacks on multiple contexts

This fixed an issue where callbacks would not fire correctly when multiple contexts were passed to valid? , save , etc..

Support added for multiple encodings in String#blank?

Previously, if you called String#blank? on, for example, an UTF-16LE-encoded string, it would raise an Encoding::CompatibilityError exception. It will now return the right thing!

Fix assert_changes to always assert on change

If you had called assert_changes with a to argument, you may have been surprised to find that it was sufficient to match only the resultant value for it to pass, even if nothing changed. This revision fixes that by failing in the event that nothing changed, as would be expected.

Consistently raise MissingAttributeError for missing attributes

Normally if you select a subset of a record’s attributes and then try to reference an unselected attribute, you will get a MissingAttributeError. However, if you then save‘d the record and called that same attribute, you may be surprised to get nil instead. This revision fixes that by always raising an error.

That’s it for this week! Even though this was a bumper issue, there were as always many, many more changes I wanted to talk about that I could not list. But you can check them all out here! Until next time….

This Week in Rails: New security headers and many improvements

Hello everyone! This is Kir and Greg bringing you the latest news from the Rails world.

This Week’s Contributors

57 people contributed to Rails the past 2 weeks! If you’d like to join them, why not check out the list of open issues?

New security headers added

X-Download-Options and X-Permitted-Cross-Domain-Policies are now in the default header list.

Fix an edge case in rails db:create

Previously, when the schema cache was present and the database was not created yet, rails db:create would get a connection failure.

StreamingTemplateRenderer failed to forward I18n.locale

This commit fixes an issue when you use render stream: true and your current locale is not forwarded to the renderer.

Quote colum_names when building select

This PR makes sure the column names are quoted to avoid SQL syntax errors when there is a from clause used, and there are ignored columns set.

Cleanup variants in Active Storage

Active Storage will now destroy variants together with main blob when it’s deleted.

Custom server in system tests

With this PR, Rails won’t override your custom capybara server configuration, so for example you can use Unicorn instead of Puma .

Provide instant feedback when booting

From now on when you call rails s or rails console there is an instant feedback in the console to show Rails is booting.

Optimizing information_schema query for foreign_keys

By using CONSTRAINT_SCHEMA key for information_schema.referential_constraints there are performance improvements for Active Record.

Initial support for running Rails on FIPS-certified systems

This PR enables to set the hash function used by Rails from MD5 to FIPS supported ones by changing the active_support.use_fips_approved_hash_function configuration.

Log the original call site for an Active Record query

This change allows you to enable the logging of what line of application code is triggering SQL queries.

That’s it for this week, as always, we couldn’t cover all of the changes, but feel free to check the commits. If you’d like to join them, check out the list of open issues. Until next week!

This Week in Rails: Rails 5.2 beta, new PostgreSQL features, preload link and more!

Hello everyone! This is Roque bringing you the latest news from the Rails world.

Rails 5.2.0 beta released 🎉

This release includes Active Storage, a new framework provided by Rails to make it easier to upload and process files.

This Week’s Contributors

24 people contributed to Rails the past week! If you’d like to join them, why not check out the list of open issues?

Add support for PostgreSQL operator classes to add_index

The operator classes identify database operators to be used by the index for the columns. You can assign the same operator to all columns, or not. It currently only supports PostgreSQL.

Add ability to create PostgreSQL foreign keys without validation

Normally, PostgresSQL verifies that all rows in a table satisfy its foreign keys constraints. With this option, you can create these constraints without the overhead of checking if they are valid.

The helper creates a link tag with the preload keyword that allows you to basically define resources that pages will need very soon after loading. In addition, Rails will send HTTP2 Early Hints if the proxy server supports it, helping the fetch process.

Prevent Active Record scopes with reserved names

An error will be raised when defining scopes with names already defined by ActiveRecord::Relation instance methods.

That’s it for this week, as always, we couldn’t cover all of the changes, but feel free to check the commits. If you’d like to join them, check out the list of open issues. Until next week!

Rails 5.2.0 beta: Active Storage, Redis Cache Store, HTTP/2 Early Hints, CSP, Credentials

It’s been too hard to deal with file uploads in Rails for too long. Sure, there’s been a lot of fine plugins available, but it was overdue that we incorporated something right into the framework. So now we have!

With the new Active Storage framework in Rails 5.2, we’ve solved for the modern approach of uploading files straight to the cloud. Out of the box, there’s support for Amazon’s S3, Google’s Cloud Storage, and Microsoft Azure Cloud File Storage.

If you’re dealing with images, you can create variants on the fly. If you’re dealing with videos or PDFs, you can create previews on the fly. And regardless of the type, you can analyze uploads for metadata extraction asynchronously.

Active Storage was extracted from Basecamp 3 by George Claghorn and yours truly. So not only is the framework already used in production, it was born from production. There’s that Extraction Design guarantee stamp alright!

Speaking of extractions, Jeremy Daer has untangled the long jungle twine of hacks we were using at Basecamp to employ Redis for general partial, fragment, and other Rails caching jobs. There’s a sparkling new Redis Cache Store that incorporates all those years of veteran hacks into a cohesive unit that anyone can use.

This new Redis Cache Store supports Redis::Distributed, for Memcached-like sharding across Redises. It’s fault tolerant, so will treat failures like misses, rather than kill the request with an exception. It even supports distributed MGETs for that full partial collection caching goodness.

This comes together with a massive leap forward for cache efficiency with key recycling and compression both available by default. For Basecamp, it meant improving the cache lifetime by two orders of magnitude! We went from having caches trashed in as little as a day to having caches last for months. If you’re using partial caching and the nesting doll strategy, your cache lifetime will improve dramatically between these two changes.

We’ve also embraced the cherry of HTTP/2 with early hints through the work of Aaron Patterson and Eileen Uchitelle. This means we can automatically instruct the web server to send required style sheet and JavaScript assets early. Which means faster full page delivery, as who wouldn’t want that?

On the topic of performance, Rails now ships with Bootsnap in the default Gemfile, created by our friends at Shopify. It generally reduces application boot times by over 50%.

Rails has always been in the forefront of making your web applications more secure, leading the way with built-in CSRF and XSS protection and we’ve enhanced that further in Rails 5.2 with the addition of a new DSL that allows you to configure a Content Security Policy for your application. You can configure a global default policy and then override it on a per-resource basis and even use lambdas to inject per-request values into the header such as account subdomains in a multi-tenant application.

But it’s not all just new starry-eyed wonders. In Rails 5.1, we added encrypted secrets. These secrets were like the old secrets but, uhm, more secret, because, you know, ENCRYPTION! Confusing? Yes. Why would you want secrets that weren’t really secret? Well, you don’t.

In Rails 5.2, we’ve rectified the mess by deprecating the two different kinds of secrets and introduced a new shared concept called Credentials. Credentials, like AWS access keys and other forms of logins and passwords, were the dominant use case for secrets, so why not just call a spade a spade. So spade it is!

Credentials are always encrypted. This means they’re safe to check into revision control, as long as you keep the key out of it. That means atomic deploys, no need to mess with a flurry of environment variables, and other benefits of having all credentials that the app needs in one place, safe and secure.

In addition, we’ve opened up the API underlying Credentials, so you can easily deal with other encrypted configurations, keys, and files.

Since Rails 5.1, we’ve also made great strides with Webpacker. So Rails 5.2 is meant to pair beautifully with the new Webpacker 3.0 release. Rails has fully embraced modern JavaScript with a pre-configured build pipeline run by Webpack. We keep strengthening that relationship.

And of course there’s about five bajillion other fixes, improvements, and tweaks in this new, big release of Rails. It’s been lovingly tendered over the past seven months or so since Rails 5.1. We’re so happy to share all this with you, and as always thank the many, many contributors for their continued effort to make Rails the wonderful framework that it is.

This is the first beta release of Rails 5.2. We are still putting the final touches on everything, but you are strongly encouraged to give it a spin! Please try to both upgrade existing apps and start new apps on it. We need your help for a solid release. Note that Basecamp is already running the latest in production, so while there might still be some issues, it’s already in respectable shape.

Note also that this is likely to be the last “minor” (pretty major for a minor, if you ask me!) release of the 5-series. Our next target will be Rails 6.0!

This Week in Rails: expiring counters, flush db connections, connection fork safety and more!

Hi! Prathamesh here! Let’s see what we have in store today from the Rails world.

This Week’s Contributors

This week we had 25 contributors. 8 of them were first time contributors!!!! 🎉

Support expiring counters for Memcached Store

This change adds supports for passing expires_in options to the #increment and #decrement methods of the Memcached  store.

Flush idle database connections automatically

A new configuration to flush the idle database connections after a specified period. Defaults to 300 seconds. This change will ensure that you don’t have idle database connections hanging around in your connection pool.

Improve Active Record connection fork safety

This change ensures that forked children don’t send quit/shutdown/goodbye messages to the server on connections that belonged to their parent. It will prevent the connection leakagethat might happen when connections are not closed when workers are forked from parent process.

Generate ids by default for form_with helper

When form_with was introduced the auto generation of ids was disabled. Labels don’t play well in such cases when the inputs don’t have ids and it also made it harder to test the forms. This change enables the auto-generation of ids by default and allows to disable it using a config.

Pass informative arguments to all calls of ActiveRecord::RecordNotFound error

ActiveRecord::RecordNotFoundError accepts arguments such as primary_key, model_name and the arguments besides the error message. This change makes all the calls to this error uniform by passing these arguments wherever they were missing.

Make secure_compare method not leak length information

This change makes sure that even in case of variable length strings, the ActiveSupport::SecurityUtils.secure_compare doesn’t leak the length information.

That’s all we’ve got for this week, but do check out the full list of changes yourself. Over and out! See you next week ✌️

This Week in Rails: Better Source Code Formatting, Improved Ajax API and more!

Hi! Tim here! About to bring you the latest in all things Rails….

This Week’s Contributors

This week we had 12 contributors, including 1 for the very first time! Huge thanks to all of you!

Make beforeSend optional in Rails.ajax

Rails.ajax requires a beforeSend parameter but for some this means having to supply a no-op function. It can now be omitted entirely, thanks to this enhancement!

Prevent source line wrapping in rescue layout

You may be used to seeing source extracts in development mode when encountering runtime errors. Long lines currently get wrapped, but this change aids readability by letting you scroll instead.

That’s all we’ve got for this week, but do check out the full list of changes yourself. Wishing you all a Happy Friday, many Friday Hugs, and not too many Hallowe’en candy hangovers! Over and out!

This Week in Rails: 5.1 deprecations removed, SystemTestCase load hook and more!

Hey there, it’s Kasper, bringing you the latest edition of This Week in Rails!

Remove Rails 5.1 deprecations from the code

All the code that was deprecated in Rails 5.1 is now removed in one fell swoop by the Rails 5.2 release manager — now you know how these removals are handled too, so please don’t send individual removal PRs.

Psssst: it also brings us another step closer to the first 5.2 beta.

Add SystemTestCase load hook

Allows gems or app code to hook in when
ActionDispatch::SystemTestCase has been fully loaded.

Add allow_other_host option to redirect_back

When passed false, the new allow_other_host option will restrict redirect_back links to just the current host, so users will only stay on your site.

It’s not on by default, so users can enjoy a trip off-world on another host.

That’s it for this now! As always, there isn’t enough time to cover every change if you’d like check out the full list of changes yourself.

This Week in Rails: PhantomJS replaced with Chrome headless, bugfixes and more!

Hi there! It’s Kir, bringing you a new edition of This Week in Rails!

Replace PhantomJS with Selenium/Chrome headless

PhantomJS has been abandoned. At the same time Chrome provides native support for headless mode that is now the recommended way.

Allow symbol list for ignored_columns

This PR fixes a bug when assigning symbols to ignored_columns in Active Record was ignored. Now the accessor accepts both strings and symbols.

Fix ajax callbacks in UJS

Previously, returning false from the ajax:beforeSend callback didn’t cancel the request as it was expected.

That’s it for this now! As always, there isn’t enough time to cover every change if you’d like check out the full list of changes yourself.