Rails 5.2.0 beta: Active Storage, Redis Cache Store, HTTP/2 Early Hints, CSP, Credentials

It’s been too hard to deal with file uploads in Rails for too long. Sure, there’s been a lot of fine plugins available, but it was overdue that we incorporated something right into the framework. So now we have!

With the new Active Storage framework in Rails 5.2, we’ve solved for the modern approach of uploading files straight to the cloud. Out of the box, there’s support for Amazon’s S3, Google’s Cloud Storage, and Microsoft Azure Cloud File Storage.

If you’re dealing with images, you can create variants on the fly. If you’re dealing with videos or PDFs, you can create previews on the fly. And regardless of the type, you can analyze uploads for metadata extraction asynchronously.

Active Storage was extracted from Basecamp 3 by George Claghorn and yours truly. So not only is the framework already used in production, it was born from production. There’s that Extraction Design guarantee stamp alright!

Speaking of extractions, Jeremy Daer has untangled the long jungle twine of hacks we were using at Basecamp to employ Redis for general partial, fragment, and other Rails caching jobs. There’s a sparkling new Redis Cache Store that incorporates all those years of veteran hacks into a cohesive unit that anyone can use.

This new Redis Cache Store supports Redis::Distributed, for Memcached-like sharding across Redises. It’s fault tolerant, so will treat failures like misses, rather than kill the request with an exception. It even supports distributed MGETs for that full partial collection caching goodness.

This comes together with a massive leap forward for cache efficiency with key recycling and compression both available by default. For Basecamp, it meant improving the cache lifetime by two orders of magnitude! We went from having caches trashed in as little as a day to having caches last for months. If you’re using partial caching and the nesting doll strategy, your cache lifetime will improve dramatically between these two changes.

We’ve also embraced the cherry of HTTP/2 with early hints through the work of Aaron Patterson and Eileen Uchitelle. This means we can automatically instruct the web server to send required style sheet and JavaScript assets early. Which means faster full page delivery, as who wouldn’t want that?

On the topic of performance, Rails now ships with Bootsnap in the default Gemfile, created by our friends at Shopify. It generally reduces application boot times by over 50%.

Rails has always been in the forefront of making your web applications more secure, leading the way with built-in CSRF and XSS protection and we’ve enhanced that further in Rails 5.2 with the addition of a new DSL that allows you to configure a Content Security Policy for your application. You can configure a global default policy and then override it on a per-resource basis and even use lambdas to inject per-request values into the header such as account subdomains in a multi-tenant application.

But it’s not all just new starry-eyed wonders. In Rails 5.1, we added encrypted secrets. These secrets were like the old secrets but, uhm, more secret, because, you know, ENCRYPTION! Confusing? Yes. Why would you want secrets that weren’t really secret? Well, you don’t.

In Rails 5.2, we’ve rectified the mess by deprecating the two different kinds of secrets and introduced a new shared concept called Credentials. Credentials, like AWS access keys and other forms of logins and passwords, were the dominant use case for secrets, so why not just call a spade a spade. So spade it is!

Credentials are always encrypted. This means they’re safe to check into revision control, as long as you keep the key out of it. That means atomic deploys, no need to mess with a flurry of environment variables, and other benefits of having all credentials that the app needs in one place, safe and secure.

In addition, we’ve opened up the API underlying Credentials, so you can easily deal with other encrypted configurations, keys, and files.

Since Rails 5.1, we’ve also made great strides with Webpacker. So Rails 5.2 is meant to pair beautifully with the new Webpacker 3.0 release. Rails has fully embraced modern JavaScript with a pre-configured build pipeline run by Webpack. We keep strengthening that relationship.

And of course there’s about five bajillion other fixes, improvements, and tweaks in this new, big release of Rails. It’s been lovingly tendered over the past seven months or so since Rails 5.1. We’re so happy to share all this with you, and as always thank the many, many contributors for their continued effort to make Rails the wonderful framework that it is.

This is the first beta release of Rails 5.2. We are still putting the final touches on everything, but you are strongly encouraged to give it a spin! Please try to both upgrade existing apps and start new apps on it. We need your help for a solid release. Note that Basecamp is already running the latest in production, so while there might still be some issues, it’s already in respectable shape.

Note also that this is likely to be the last “minor” (pretty major for a minor, if you ask me!) release of the 5-series. Our next target will be Rails 6.0!

This Week in Rails: expiring counters, flush db connections, connection fork safety and more!

Hi! Prathamesh here! Let’s see what we have in store today from the Rails world.

This Week’s Contributors

This week we had 25 contributors. 8 of them were first time contributors!!!! 🎉

Support expiring counters for Memcached Store

This change adds supports for passing expires_in options to the #increment and #decrement methods of the Memcached  store.

Flush idle database connections automatically

A new configuration to flush the idle database connections after a specified period. Defaults to 300 seconds. This change will ensure that you don’t have idle database connections hanging around in your connection pool.

Improve Active Record connection fork safety

This change ensures that forked children don’t send quit/shutdown/goodbye messages to the server on connections that belonged to their parent. It will prevent the connection leakagethat might happen when connections are not closed when workers are forked from parent process.

Generate ids by default for form_with helper

When form_with was introduced the auto generation of ids was disabled. Labels don’t play well in such cases when the inputs don’t have ids and it also made it harder to test the forms. This change enables the auto-generation of ids by default and allows to disable it using a config.

Pass informative arguments to all calls of ActiveRecord::RecordNotFound error

ActiveRecord::RecordNotFoundError accepts arguments such as primary_key, model_name and the arguments besides the error message. This change makes all the calls to this error uniform by passing these arguments wherever they were missing.

Make secure_compare method not leak length information

This change makes sure that even in case of variable length strings, the ActiveSupport::SecurityUtils.secure_compare doesn’t leak the length information.

That’s all we’ve got for this week, but do check out the full list of changes yourself. Over and out! See you next week ✌️

This Week in Rails: Better Source Code Formatting, Improved Ajax API and more!

Hi! Tim here! About to bring you the latest in all things Rails….

This Week’s Contributors

This week we had 12 contributors, including 1 for the very first time! Huge thanks to all of you!

Make beforeSend optional in Rails.ajax

Rails.ajax requires a beforeSend parameter but for some this means having to supply a no-op function. It can now be omitted entirely, thanks to this enhancement!

Prevent source line wrapping in rescue layout

You may be used to seeing source extracts in development mode when encountering runtime errors. Long lines currently get wrapped, but this change aids readability by letting you scroll instead.

That’s all we’ve got for this week, but do check out the full list of changes yourself. Wishing you all a Happy Friday, many Friday Hugs, and not too many Hallowe’en candy hangovers! Over and out!

This Week in Rails: 5.1 deprecations removed, SystemTestCase load hook and more!

Hey there, it’s Kasper, bringing you the latest edition of This Week in Rails!

Remove Rails 5.1 deprecations from the code

All the code that was deprecated in Rails 5.1 is now removed in one fell swoop by the Rails 5.2 release manager — now you know how these removals are handled too, so please don’t send individual removal PRs.

Psssst: it also brings us another step closer to the first 5.2 beta.

Add SystemTestCase load hook

Allows gems or app code to hook in when
ActionDispatch::SystemTestCase has been fully loaded.

Add allow_other_host option to redirect_back

When passed false, the new allow_other_host option will restrict redirect_back links to just the current host, so users will only stay on your site.

It’s not on by default, so users can enjoy a trip off-world on another host.

That’s it for this now! As always, there isn’t enough time to cover every change if you’d like check out the full list of changes yourself.

This Week in Rails: PhantomJS replaced with Chrome headless, bugfixes and more!

Hi there! It’s Kir, bringing you a new edition of This Week in Rails!

Replace PhantomJS with Selenium/Chrome headless

PhantomJS has been abandoned. At the same time Chrome provides native support for headless mode that is now the recommended way.

Allow symbol list for ignored_columns

This PR fixes a bug when assigning symbols to ignored_columns in Active Record was ignored. Now the accessor accepts both strings and symbols.

Fix ajax callbacks in UJS

Previously, returning false from the ajax:beforeSend callback didn’t cancel the request as it was expected.

That’s it for this now! As always, there isn’t enough time to cover every change if you’d like check out the full list of changes yourself.

This Week in Rails: Redis 4.0 support, fixes and more!

Hello everyone! This is Roque bringing you the latest news from the Rails world.

redis-rb 4.0 support

Adds support to Redis greater or equal to 3.3, and less than 5.

This Week’s Contributors

25 people contributed to Rails the past week! If you’d like to join them, why not check out the list of open issues?

Introduce blob representation to Active Storage

Returns an ActiveStorage::Preview instance to preview a blob, or an ActiveStorage::Variant instance for an image.

Safer redirect_back method

The allow_other_host can now block redirects to a different host. The option is true by default to make it backward compatible.

Fix Active Support cache clean up

Rails was using the stored keys to remove files, instead of the filenames.

Fix Active Job to yield error when rescheduling fails

The retry_on method now yields the actual error to the block instead of the exception class.

That’s it for this week, as always, we couldn’t cover all of the changes, but feel free to check the commits. If you’d like to join them, check out the list of open issues. Until next week!

This Week in Rails: HTTP/2 Early hints, friendly error message and more!

Hi there! It’s Prathamesh from Pune, enjoying rain 🌧, sipping ☕️ coffee  and bringing you latest news from the Rails world. Let’s get started!

This Week’s Contributors

13 people contributed to Rails the past week! If you’d like to join them, why not check out the list of open issues?

HTTP2 early hints support for Rails

Early Hints is a new HTTP status code that allows your application to send links to assets that you would like to load early. The spec is still in draft but Rails is ready to support it along with Puma. Check this blog post to know more about this feature.

Friendly error message when unsubscribing from non-existent Action Cable subscription

If for some reason the frontend code tries to unsubscribe from a non existing Action Cable subscription, then a friendly error message will be displayed:

Unable to find subscription with identifier: {“channel”:”SomeChannel”}.

Earlier, it used to show:

NoMethodError - undefined method `unsubscribe_from_channel’ for nil:NilClass

Feel free to check out the full list of changes.

Thanks to the 13 people contributed to Rails last week. If you’d like to join them, check out the list of open issues. Until next week 👋 

This Week in Rails: getting closer to Rails 5.2 beta

Hi there! It’s Claudio from sunny Los Angeles. Step by step we are getting closer to the first beta of Rails 5.2. Check out the changes that occurred in Ra-Ra-Rails-land last week.

Rails 4.2.10 released

Unless more regressions are found this will likely be the last release for Rails 4.2.

This Week’s Contributors

28 people contributed to Rails the past week! If you’d like to join them, why not check out the list of open issues?

Preview PDFs and videos

If you use Active Storage, you can now easily provide image previews for PDF files and videos!

Add Key Rotation to MessageEncryptor and MessageVerifier and simplify the Cookies middleware

This PR introduces ActiveSupport::KeyRotator which provides an interface for easily rotating between different encryption ciphers or message digests, salts, and secrets.

Implement change_table_comment and change_column_comment for MySQL

The two methods were only implemented for PostgreSQL.

Ensure HWIA#transform_keys returns HWIA

Makes #transform_keys coherent with other methods of HashWithIndifferentAccess such as #transform_values, #select and #reject.

Treat Set as an Array in Relation#where

You can now safely use Set in your Active Record query, e.g.: 

User.where(id: Set.new([1, 2]))

Feel free to check out the full list of changes.

Thanks to the 28 people contributed to Rails last week. If you’d like to join them, check out the list of open issues.

Rails 4.2.10 released

Hi everyone,

I am happy to announce that Rails 4.2.10 final has been released!

As noted in the rc1 post, Rails 4.2 is no longer supported except for severe security patches, but the last release introduced a couple regressions that warranted a release. Unless more regressions are found this will likely be the last bug fix release for Rails 4.2. :champagne:

CHANGES since 4.2.9

The following gems had changes since 4.2.9. Changes are listed below, or you can read the CHANGELOG’s on GitHub:

Fix regression in behavior of normalize_path.

In Rails 5 there was a change to ensure the encoding of the original string in a path was maintained. This was incorrectly backported to Rails 4.2 which caused a regression.

Relation#joins is no longer affected by the target model’s current_scope, with the exception of unscoped. Fixes #29338.

The remaining gems (Action Mailer, Action View, Active Job, Active Model, Active Support, and Railties) had no changes.

Full list of changes

To see the full list of changes, check out all the commits on GitHub.


If you’d like to verify that your gem is the same as the one I’ve uploaded, please use these SHA-256 hashes.

Here are the checksums for 4.2.10:

$ shasum -a 256 *-4.2.10.gem
a93cedc87c05e4360dee32777872a9b851295e96d8a32b96ebc13e7c95967ec7  actionmailer-4.2.10.gem
fd6625bcb84dbfb48d7e7f6ab7d2b88ede925a455db02fbaec5047d57a7eca50  actionpack-4.2.10.gem
1bae4a0385ba7384ed2ae4eddff80076f0c6b21cfc9d60cf0767723feb153dcb  actionview-4.2.10.gem
e80776a73ba5cc32fefb372f11db289153b954c91db378ad689ad1896f515a82  activejob-4.2.10.gem
3b513adc4f7483da117d25ac6505cc46794b4eb457b28597014975a97a929b30  activemodel-4.2.10.gem
3218dbfa6f46df8e820577d56a21a3c9b9bb3f32410803a4357200b756594c5a  activerecord-4.2.10.gem
275b14e515eb8c924bafa734417ec053a57f177ae9d3369f753d6f4437922268  activesupport-4.2.10.gem
141067e1dd4ec59d7a49e54936b68d8e44d8616515625dcf0387405a276d6b97  rails-4.2.10.gem
3709315c522a2729bb7dcf97c05acc2d47b61521cac450ee03143321b1abde6a  railties-4.2.10.gem

As always, huge thanks to the many contributors who helped with this release.

This Week in Rails: New credentials configuration, bugfixes and more!

Hi there! It’s Greg, bringing you a double-edition of This Week in Rails!

This Week’s Contributors

28 people contributed to Rails the past two weeks! If you’d like to join them, why not check out the list of open issues?

Rails 4.2.10.rc1 released

Although Rails 4.2 is not officially supported anymore, this release fixes some regressions introduced by the previous one. If no new regressions found, the final should be released mid next week.

Introducing config/credentials.yml.enc

Rails 5.2 will introduce a new credentials configuration file to store encrypted data like API keys and the secret key base. This will eventually replace Rails.application.secrets and the encrypted secrets introduced in Rails 5.1.

Add with_attached_* scope

To avoid N+1 queries when using Active Storage, this PR added with_attached_* scope to the has_one_attached macro.

ActiveRecord::Associations::Preloader memoization improvement

With this change the association pre-loader became slightly faster.

Implement change_table_comment and change_column_comment for MySQL

change_table_comment and change_column_comment are implemented for the MySQL adapter as well now.

Fix Active Storage direct upload in Firefox

Direct upload in Firefox was not working because it can’t handle click events on input[type=submit], but this PR fixed the problem.

Capybara puma server configuration fix

This PR fixes an issue when the config/puma.rb configuration is loaded for system tests.

That’s it for this now! As always, there isn’t enough time to cover every change if you’d like check out the full list of changes yourself.