Releases · rails/rails

13 Sep 00:43

rafaelfranca

v7.1.0.beta1

699dfdb

7.1.0.beta1 Pre-release

Pre-release

Active Support

Add drb, mutex_m and base64 that are bundled gem candidates for Ruby 3.4

Yasuo Honda
When using cache format version >= 7.1 or a custom serializer, expired and
version-mismatched cache entries can now be detected without deserializing
their values.

Jonathan Hefner
Make all cache stores return a boolean for #delete

Previously the RedisCacheStore#delete would return 1 if the entry
exists and 0 otherwise. Now it returns true if the entry exists and false
otherwise, just like the other stores.

The FileStore would return nil if the entry doesn't exists and returns
false now as well.

Petrik de Heus

Active Support cache stores now support replacing the default compressor via
a :compressor option. The specified compressor must respond to deflate
and inflate. For example:

module MyCompressor
  def self.deflate(string)
    # compression logic...
  end

  def self.inflate(compressed)
    # decompression logic...
  end
end

config.cache_store = :redis_cache_store, { compressor: MyCompressor }

Jonathan Hefner

Active Support cache stores now support a :serializer option. Similar to
the :coder option, serializers must respond to dump and load. However,
serializers are only responsible for serializing a cached value, whereas
coders are responsible for serializing the entire ActiveSupport::Cache::Entry
instance. Additionally, the output from serializers can be automatically
compressed, whereas coders are responsible for their own compression.

Specifying a serializer instead of a coder also enables performance
optimizations, including the bare string optimization introduced by cache
format version 7.1.

The :serializer and :coder options are mutually exclusive. Specifying
both will raise an ArgumentError.

Jonathan Hefner
Fix ActiveSupport::Inflector.humanize(nil) raising NoMethodError: undefined method `end_with?' for nil:NilClass.

James Robinson

Don't show secrets for ActiveSupport::KeyGenerator#inspect.

Before:

ActiveSupport::KeyGenerator.new(secret).inspect
"#<ActiveSupport::KeyGenerator:0x0000000104888038 ... @secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >"

After:

ActiveSupport::KeyGenerator::Aes256Gcm(secret).inspect
"#<ActiveSupport::KeyGenerator:0x0000000104888038>"

Petrik de Heus

Improve error message when EventedFileUpdateChecker is used without a
compatible version of the Listen gem

Hartley McGuire
Add :report behavior for Deprecation

Setting config.active_support.deprecation = :report uses the error
reporter to report deprecation warnings to ActiveSupport::ErrorReporter.

Deprecations are reported as handled errors, with a severity of :warning.

Useful to report deprecations happening in production to your bug tracker.

Étienne Barrié
Rename Range#overlaps? to #overlap? and add alias for backwards compatibility

Christian Schmidt
Fix EncryptedConfiguration returning incorrect values for some Hash
methods

Hartley McGuire

Don't show secrets for MessageEncryptor#inspect.

Before:

ActiveSupport::MessageEncryptor.new(secret, cipher: "aes-256-gcm").inspect
"#<ActiveSupport::MessageEncryptor:0x0000000104888038 ... @secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >"

After:

ActiveSupport::MessageEncryptor.new(secret, cipher: "aes-256-gcm").inspect
"#<ActiveSupport::MessageEncryptor:0x0000000104888038>"

Petrik de Heus

Don't show contents for EncryptedConfiguration#inspect.

Before:

Rails.application.credentials.inspect
"#<ActiveSupport::EncryptedConfiguration:0x000000010d2b38e8 ... @config={:secret=>\"something secret\"} ... @key_file_contents=\"915e4ea054e011022398dc242\" ...>"

After:

Rails.application.credentials.inspect
"#<ActiveSupport::EncryptedConfiguration:0x000000010d2b38e8>"

Petrik de Heus

ERB::Util.html_escape_once always returns an html_safe string.

This method previously maintained the html_safe? property of a string on the return
value. Because this string has been escaped, however, not marking it as html_safe causes
entities to be double-escaped.

As an example, take this view snippet:
```
<%= html_escape_once("this & that &amp; the other") %>
```
Before this change, that would be double-escaped and render as:
```
this &amp;amp; that &amp;amp; the other
```
After this change, it renders correctly as:
```
this &amp; that &amp; the other
```
Fixes #48256

Mike Dalessio
Deprecate SafeBuffer#clone_empty.

This method has not been used internally since Rails 4.2.0.

Mike Dalessio
MessageEncryptor, MessageVerifier, and config.active_support.message_serializer
now accept :message_pack and :message_pack_allow_marshal as serializers.
These serializers require the msgpack gem
(>= 1.7.0).

The Message Pack format can provide improved performance and smaller payload
sizes. It also supports round-tripping some Ruby types that are not supported
by JSON. For example:
```
verifier = ActiveSupport::MessageVerifier.new("secret")
data = [{ a: 1 }, { b: 2 }.with_indifferent_access, 1.to_d, Time.at(0, 123)]
message = verifier.generate(data)

# BEFORE with config.active_support.message_serializer = :json
verifier.verified(message)
# => [{"a"=>1}, {"b"=>2}, "1.0", "1969-12-31T18:00:00.000-06:00"]
verifier.verified(message).map(&:class)
# => [Hash, Hash, String, String]

# AFTER with config.active_support.message_serializer = :message_pack
verifier.verified(message)
# => [{:a=>1}, {"b"=>2}, 0.1e1, 1969-12-31 18:00:00.000123 -0600]
verifier.verified(message).map(&:class)
# => [Hash, ActiveSupport::HashWithIndifferentAccess, BigDecimal, Time]
```
The :message_pack serializer can fall back to deserializing with
ActiveSupport::JSON when necessary, and the :message_pack_allow_marshal
serializer can fall back to deserializing with Marshal as well as
ActiveSupport::JSON. Additionally, the :marshal, :json, and
:json_allow_marshal serializers can now fall back to deserializing with
ActiveSupport::MessagePack when necessary. These behaviors ensure old
messages can still be read so that migration is easier.

Jonathan Hefner
A new 7.1 cache format is available which includes an optimization for
bare string values such as view fragments.

The 7.1 cache format is used by default for new apps, and existing apps
can enable the format by setting config.load_defaults 7.1 or by setting
config.active_support.cache_format_version = 7.1 in config/application.rb
or a config/environments/*.rb file.

Cache entries written using the 6.1 or 7.0 cache formats can be read
when using the 7.1 format. To perform a rolling deploy of a Rails 7.1
upgrade, wherein servers that have not yet been upgraded must be able to
read caches from upgraded servers, leave the cache format unchanged on the
first deploy, then enable the 7.1 cache format on a subsequent deploy.

Jonathan Hefner
Active Support cache stores can now use a preconfigured serializer based on
ActiveSupport::MessagePack via the :serializer option:
```
config.cache_store = :redis_cache_store, { serializer: :message_pack }
```
The :message_pack serializer can reduce cache entry sizes and improve
performance, but requires the msgpack gem
(>= 1.7.0).

The :message_pack serializer can read cache entries written by the default
serializer, and the default serializer can now read entries written by the
:message_pack serializer. These behaviors make it easy to migrate between
serializer without invalidating the entire cache.

Jonathan Hefner

Object#deep_dup no longer duplicate named classes and modules.

Before:

hash = { class: Object, module: Kernel }
hash.deep_dup # => {:class=>#<Class:0x00000001063ffc80>, :module=>#<Module:0x00000001063ffa00>}

After:

hash = { class: Object, module: Kernel }
hash.deep_dup # => {:class=>Object, :module=>Kernel}

Jean Boussier

Consistently raise an ArgumentError if the ActiveSupport::Cache key is blank.

Joshua Young
Deprecate usage of the singleton ActiveSupport::Deprecation.

All usage of ActiveSupport::Deprecation as a singleton is deprecated, the most common one being
ActiveSupport::Deprecation.warn. Gem authors should now create their own deprecator (ActiveSupport::Deprecation
object), and use it to emit deprecation warnings.

Calling any of the following without specifying a deprecator argument is also deprecated:
- Module.deprecate
- deprecate_constant
- DeprecatedObjectProxy
- DeprecatedInstanceVariableProxy
- DeprecatedConstantProxy
- deprecation-related test assertions
Use of ActiveSupport::Deprecation.silence and configuration methods like behavior=, `disallowe...

Assets 2

09 Sep 19:38

rafaelfranca

v7.0.8

fc734f2

7.0.8

Active Support

Fix TimeWithZone still using deprecated #to_s when ENV or config to
disable it are set.

Hartley McGuire
Fix CacheStore#write_multi when using a distributed Redis cache with a connection pool.

Fixes #48938.

Jonathan del Strother

Active Model

No changes.

Active Record

Fix change_column not setting precision: 6 on datetime columns when
using 7.0+ Migrations and SQLite.

Hartley McGuire

Fix unscope is not working in specific case

Before:

Post.where(id: 1...3).unscope(where: :id).to_sql # "SELECT `posts`.* FROM `posts` WHERE `posts`.`id` >= 1 AND `posts`.`id` < 3"

After:

Post.where(id: 1...3).unscope(where: :id).to_sql # "SELECT `posts`.* FROM `posts`"

Fixes #48094.

Kazuya Hatanaka

Fix associations to a STI model including a class_name parameter

class Product < ApplicationRecord
  has_many :requests, as: :requestable, class_name: "ProductRequest", dependent: :destroy
end

# STI tables
class Request < ApplicationRecord
  belongs_to :requestable, polymorphic: true

  validate :request_type, presence: true
end

class ProductRequest < Request
  belongs_to :user
end

Accessing such association would lead to:

table_metadata.rb:22:in `has_column?': undefined method `key?' for nil:NilClass (NoMethodError)

Romain Filinto

Fix change_table setting datetime precision for 6.1 Migrations

Hartley McGuire
Fix change_column setting datetime precision for 6.1 Migrations

Hartley McGuire

Action View

Fix form_for missing the hidden _method input for models with a
namespaced route.

Hartley McGuire
Fix render collection: @records, cache: true inside jbuilder templates

The previous fix that shipped in 7.0.7 assumed template fragments are always strings,
this isn't true with jbuilder.

Jean Boussier

Action Pack

Fix HostAuthorization potentially displaying the value of the
X_FORWARDED_HOST header when the HTTP_HOST header is being blocked.

Hartley McGuire, Daniel Schlosser

Active Job

Fix Active Job log message to correctly report a job failed to enqueue
when the adapter raises an ActiveJob::EnqueueError.

Ben Sheldon

Action Mailer

No changes.

Action Cable

No changes.

Active Storage

No changes.

Action Mailbox

No changes.

Action Text

No changes.

Railties

Omit webdrivers gem dependency from Gemfile template

Sean Doyle

Assets 2

22 Aug 20:23

tenderlove

v7.0.7.2

3668b4b

7.0.7.2

No changes between this and 7.0.7.2. This release was just to fix file permissions in the previous release.

Assets 2

22 Aug 17:34

tenderlove

v7.0.7.1

c92caef

7.0.7.1

Active Support

Use a temporary file for storing unencrypted files while editing

[CVE-2023-38037]

Active Model

No changes.

Active Record

No changes.

Action View

No changes.

Action Pack

No changes.

Active Job

No changes.

Action Mailer

No changes.

Action Cable

No changes.

Active Storage

No changes.

Action Mailbox

No changes.

Action Text

No changes.

Railties

No changes.

Assets 2

22 Aug 20:23

tenderlove

v6.1.7.6

56bcc0a

v6.1.7.6

No changes between this and 6.1.7.5. This release was just to fix file permissions in the previous release.

Assets 2

22 Aug 17:33

tenderlove

v6.1.7.5

3a1b615

6.1.7.5 Release

Active Support

Use a temporary file for storing unencrypted files while editing

[CVE-2023-38037]

Active Model

No changes.

Active Record

No changes.

Action View

No changes.

Action Pack

No changes.

Active Job

No changes.

Action Mailer

No changes.

Action Cable

No changes.

Active Storage

No changes.

Action Mailbox

No changes.

Action Text

No changes.

Railties

No changes.

Assets 2

10 Aug 00:02

rafaelfranca

v7.0.7

522c86f

7.0.7

Active Support

Fix Cache::NullStore with local caching for repeated reads.

fatkodima
Fix to_s with no arguments not respecting custom :default formats

Hartley McGuire
Fix ActiveSupport::Inflector.humanize(nil) raising NoMethodError: undefined method `end_with?' for nil:NilClass.

James Robinson
Fix Enumerable#sum for Enumerator#lazy.

fatkodima, Matthew Draper, Jonathan Hefner
Improve error message when EventedFileUpdateChecker is used without a
compatible version of the Listen gem

Hartley McGuire

Active Model

Error.full_message now strips ":base" from the message.

zzak
Add a load hook for ActiveModel::Model (named active_model) to match the load hook for
ActiveRecord::Base and allow for overriding aspects of the ActiveModel::Model class.

Active Record

Restores functionality to the missing method when using enums and fixes.

paulreece
Fix StatementCache::Substitute with serialized type.

ywenc
Fix :db_runtime on notification payload when application have multiple databases.

Eileen M. Uchitelle
Correctly dump check constraints for MySQL 8.0.16+.

Steve Hill
Fix ActiveRecord::QueryMethods#in_order_of to include nils, to match the
behavior of Enumerable#in_order_of.

For example, Post.in_order_of(:title, [nil, "foo"]) will now include posts
with nil titles, the same as Post.all.to_a.in_order_of(:title, [nil, "foo"]).

fatkodima
Revert "Fix autosave associations with validations added on :base of the associated objects."

This change intended to remove the :base attribute from the message,
but broke many assumptions which key these errors were stored.

zzak
Fix #previously_new_record? to return true for destroyed records.

Before, if a record was created and then destroyed, #previously_new_record? would return true.
Now, any UPDATE or DELETE to a record is considered a change, and will result in #previously_new_record?
returning false.

Adrianna Chang
Revert breaking changes to has_one relationship deleting the old record before the new one is validated.

zzak
Fix support for Active Record instances being uses in queries.

As of 7.0.5, query arguments were deep duped to avoid mutations impacting
the query cache, but this had the adverse effect to clearing the primary key when
the query argument contained an ActiveRecord::Base instance.

This broke the noticed gem.

Jean Boussier

Action View

Fix render collection: @records, cache: true to cache fragments as bare strings

Previously it would incorrectly cache them as Action View buffers.

Jean Boussier
Don't double-encode nested field_id and field_name index values

Pass index: @options as a default keyword argument to field_id and
field_name view helper methods.

Sean Doyle

Action Pack

No changes.

Active Job

No changes.

Action Mailer

No changes.

Action Cable

No changes.

Active Storage

No changes.

Action Mailbox

No changes.

Action Text

No changes.

Railties

Update default scaffold templates to set 303 (See Other) as status code
on redirect for the update action for XHR requests other than GET or POST
to avoid issues (e.g browsers trying to follow the redirect using the
original request method resulting in double PATCH/PUT)

Guillermo Iguaran

Assets 2

29 Jun 21:03

rafaelfranca

v7.0.6

593893c

7.0.6

Active Support

Fix EncryptedConfiguration returning incorrect values for some Hash
methods

Hartley McGuire
Fix arguments being destructed Enumerable#many? with block.

Andrew Novoselac
Fix humanize for strings ending with id.

fatkodima

Active Model

No changes.

Active Record

Fix autosave associations with validations added on :base of the associated objects.

fatkodima
Fix result with anonymous PostgreSQL columns of different type from json.

Oleksandr Avoiants
Preserve timestamp when setting an ActiveSupport::TimeWithZone value to timestamptz attribute.

fatkodima

Fix where on association with has_one/has_many polymorphic relations.

Before:

Treasure.where(price_estimates: PriceEstimate.all)
#=> SELECT (...) WHERE "treasures"."id" IN (SELECT "price_estimates"."estimate_of_id" FROM "price_estimates")

Later:

Treasure.where(price_estimates: PriceEstimate.all)
#=> SELECT (...) WHERE "treasures"."id" IN (SELECT "price_estimates"."estimate_of_id" FROM "price_estimates" WHERE "price_estimates"."estimate_of_type" = 'Treasure')

Lázaro Nixon

Fix decrementing counter caches on optimistically locked record deletion

fatkodima
Ensure binary-destined values have binary encoding during type cast.

Matthew Draper
Preserve existing column default functions when altering table in SQLite.

fatkodima
Remove table alias added when using where.missing or where.associated.

fatkodima
Fix Enumerable#in_order_of to only flatten first level to preserve nesting.

Miha Rekar

Action View

No changes.

Action Pack

No changes.

Active Job

Fix error Active Job passed class with permitted?.

Alex Baldwin

Action Mailer

No changes.

Action Cable

Fix Action Cable Redis configuration with sentinels.

Dmitriy Ivliev

Active Storage

Fix retrieving rotation value from FFmpeg on version 5.0+.

In FFmpeg version 5.0+ the rotation value has been removed from tags.
Instead the value can be found in side_data_list. Along with
this update it's possible to have values of -90, -270 to denote the video
has been rotated.

Haroon Ahmed

Action Mailbox

No changes.

Action Text

No changes.

Railties

Avoid escaping paths when editing credentials.

Jonathan Hefner

Assets 2

26 Jun 21:48

tenderlove

v7.0.5.1

cdd14ce

v7.0.5.1

Active Support

No changes.

Active Model

No changes.

Active Record

No changes.

Action View

No changes.

Action Pack

Raise an exception if illegal characters are provide to redirect_to
[CVE-2023-28362]

Zack Deveau

Active Job

No changes.

Action Mailer

No changes.

Action Cable

No changes.

Active Storage

No changes.

Action Mailbox

No changes.

Action Text

No changes.

Railties

No changes.

Assets 2

26 Jun 21:33

tenderlove

v6.1.7.4

7d949d7

v6.1.7.4

Active Support

No changes.

Active Model

No changes.

Active Record

No changes.

Action View

No changes.

Action Pack

Raise an exception if illegal characters are provide to redirect_to
[CVE-2023-28362]

Zack Deveau

Active Job

No changes.

Action Mailer

No changes.

Action Cable

No changes.

Active Storage

No changes.

Action Mailbox

No changes.

Action Text

No changes.

Railties

No changes.

Assets 2

Releases: rails/rails

7.1.0.beta1

Active Support

7.0.8

Active Support

Active Model

Active Record

Action View

Action Pack

Active Job

Action Mailer

Action Cable

Active Storage

Action Mailbox

Action Text

Railties

7.0.7.2

7.0.7.1

Active Support

Active Model

Active Record

Action View

Action Pack

Active Job

Action Mailer

Action Cable

Active Storage

Action Mailbox

Action Text

Railties

v6.1.7.6

6.1.7.5 Release

Active Support

Active Model

Active Record

Action View

Action Pack

Active Job

Action Mailer

Action Cable

Active Storage

Action Mailbox

Action Text

Railties

7.0.7

Active Support

Active Model

Active Record

Action View

Action Pack

Active Job

Action Mailer

Action Cable

Active Storage

Action Mailbox

Action Text

Railties

7.0.6

Active Support

Active Model

Active Record

Action View

Action Pack

Active Job

Action Mailer

Action Cable

Active Storage

Action Mailbox

Action Text

Railties

v7.0.5.1

Active Support

Active Model

Active Record

Action View

Action Pack

Active Job

Action Mailer

Action Cable

Active Storage