Releases: rails/rails
v7.0.5
Active Support
-
Fixes TimeWithZone ArgumentError.
Niklas Häusele
Active Model
- No changes.
Active Record
-
Type cast
#attribute_changed?
:from
and:to
options.Andrew Novoselac
-
Fix
index_exists?
when column is an array.Eileen M. Uchitelle
-
Handle
Date
objects for PostgreSQLtimestamptz
columns.Alex Ghiculescu
-
Fix collation for changing column to non-string.
Hartley McGuire
-
Map through subtype in
PostgreSQL::OID::Array
.Jonathan Hefner
-
Store correct environment in
internal_metadata
when run railsdb:prepare
.fatkodima
-
Make sure
ActiveRecord::Relation#sum
works with objects that implement#coerce
without deprecation.Alex Ghiculescu
-
Fix retrieving foreign keys referencing tables named like keywords in PostgreSQL and MySQL.
fatkodima
-
Support UUIDs in Disable Joins.
Samuel Cochran
-
Fix Active Record's explain for queries starting with comments.
fatkodima
-
Fix incorrectly preloading through association records when middle association has been loaded.
Joshua Young
-
Fix where.missing and where.associated for parent/child associations.
fatkodima
-
Fix Enumerable#in_order_of to preserve duplicates.
fatkodima
-
Fix autoincrement on primary key for mysql.
Eileen M. Uchitelle
-
Restore ability to redefine column in
create_table
for Rails 5.2 migrations.fatkodima
-
Fix schema cache dumping of virtual columns.
fatkodima
-
Fix Active Record grouped calculations on joined tables on column present in both tables.
fatkodima
-
Fix mutation detection for serialized attributes backed by binary columns.
Jean Boussier
-
Fix a bug where using groups and counts with long table names would return incorrect results.
Shota Toguchi, Yusaku Ono
-
Fix erroneous nil default precision on virtual datetime columns.
Prior to this change, virtual datetime columns did not have the same
default precision as regular datetime columns, resulting in the following
being erroneously equivalent:t.virtual :name, type: datetime, as: "expression" t.virtual :name, type: datetime, precision: nil, as: "expression"
This change fixes the default precision lookup, so virtual and regular
datetime column default precisions match.Sam Bostock
-
Fix a case where the query cache can return wrong values. See #46044
Aaron Patterson
Action View
-
FormBuilder#id
finds id set byform_for
andform_with
.Matt Polito
-
Allow all available locales for template lookups.
Ben Dilley
-
Choices of
select
can optionally contain html attributes as the last element
of the child arrays when using grouped/nested collections<%= form.select :foo, [["North America", [["United States","US"],["Canada","CA"]], { disabled: "disabled" }]] %> # => <select><optgroup label="North America" disabled="disabled"><option value="US">United States</option><option value="CA">Canada</option></optgroup></select>
Chris Gunther
Action Pack
-
Do not return CSP headers for 304 Not Modified responses.
Tobias Kraze
-
Fix
EtagWithFlash
when there is noFlash
middleware available.fatkodima
-
Fix content-type header with
send_stream
.Elliot Crosby-McCullough
-
Address Selenium
:capabilities
deprecation warning.Ron Shinall
-
Fix cookie domain for domain: all on two letter single level TLD.
John Hawthorn
-
Don't double log the
controller
,action
, ornamespaced_controller
when usingActiveRecord::QueryLog
Previously if you set
config.active_record.query_log_tags
to an array that included
:controller
,:namespaced_controller
, or:action
, that item would get logged twice.
This bug has been fixed.Alex Ghiculescu
-
Rescue
EOFError
exception fromrack
on a multipart request.Nikita Vasilevsky
-
Rescue
JSON::ParserError
in Cookies json deserializer to discards marshal dumps:Without this change, if
action_dispatch.cookies_serializer
is set to:json
and
the app tries to read a:marshal
serialized cookie, it would error out which wouldn't
clear the cookie and force app users to manually clear it in their browser.(See #45127 for original bug discussion)
Nathan Bardoux
Active Job
-
Make delayed job
display_name
failsafe.codez
-
Don't double log the
job
when usingActiveRecord::QueryLog
Previously if you set
config.active_record.query_log_tags
to an array that included
:job
, the job name would get logged twice. This bug has been fixed.Alex Ghiculescu
Action Mailer
- No changes.
Action Cable
-
Restore Action Cable Redis pub/sub listener on connection failure.
Vladimir Dementyev
Active Storage
- No changes.
Action Mailbox
- No changes.
Action Text
-
Fix
ActionText::Attachable#as_json
.Alexandre Ruban
Railties
-
Add puma app server to Gemfile in order to start test/dummy.
Donapieppo
-
Rails console now disables
IRB
's autocompletion feature in production by default.Setting
IRB_USE_AUTOCOMPLETE=true
can override this default.Stan Lo
-
Send 303 See Other status code back for the destroy action on newly generated
scaffold controllers.Tony Drake
v7.0.4.3
Active Support
-
Implement SafeBuffer#bytesplice
Active Model
- No changes.
Active Record
- No changes.
Action View
-
Ignore certain data-* attributes in rails-ujs when element is contenteditable
Action Pack
- No changes.
Active Job
- No changes.
Action Mailer
- No changes.
Action Cable
- No changes.
Active Storage
- No changes.
Action Mailbox
- No changes.
Action Text
- No changes.
Railties
- No changes.
v6.1.7.3
Active Support
-
Implement SafeBuffer#bytesplice
Active Model
- No changes.
Active Record
- No changes.
Action View
-
Ignore certain data-* attributes in rails-ujs when element is contenteditable
Action Pack
- No changes.
Active Job
- No changes.
Action Mailer
- No changes.
Action Cable
- No changes.
Active Storage
- No changes.
Action Mailbox
- No changes.
Action Text
- No changes.
Railties
- No changes.
v7.0.4.2
Active Support
- No changes.
Active Model
- No changes.
Active Record
- No changes.
Action View
- No changes.
Action Pack
-
Fix
domain: :all
for two letter TLDThis fixes a compatibility issue introduced in our previous security
release when usingdomain: :all
with a two letter but single level top
level domain domain (like.ca
, rather than.co.uk
).
Active Job
- No changes.
Action Mailer
- No changes.
Action Cable
- No changes.
Active Storage
- No changes.
Action Mailbox
- No changes.
Action Text
- No changes.
Railties
- No changes.
v6.1.7.2
Active Support
- No changes.
Active Model
- No changes.
Active Record
- No changes.
Action View
- No changes.
Action Pack
-
Fix
domain: :all
for two letter TLDThis fixes a compatibility issue introduced in our previous security
release when usingdomain: :all
with a two letter but single level top
level domain domain (like.ca
, rather than.co.uk
).
Active Job
- No changes.
Action Mailer
- No changes.
Action Cable
- No changes.
Active Storage
- No changes.
Action Mailbox
- No changes.
Action Text
- No changes.
Railties
- No changes.
v7.0.4.1
This is a security release. More information is available in our security announcements forum: https://discuss.rubyonrails.org/c/security-announcements/9
Active Support
-
Avoid regex backtracking in Inflector.underscore
Active Model
- No changes.
Active Record
-
Make sanitize_as_sql_comment more strict
Though this method was likely never meant to take user input, it was
attempting sanitization. That sanitization could be bypassed with
carefully crafted input.This commit makes the sanitization more robust by replacing any
occurrances of "/" or "/" with "/ " or " /". It also performs a
first pass to remove one surrounding comment to avoid compatibility
issues for users relying on the existing removal.This also clarifies in the documentation of annotate that it should not
be provided user input. -
Added integer width check to PostgreSQL::Quoting
Given a value outside the range for a 64bit signed integer type
PostgreSQL will treat the column type as numeric. Comparing
integer values against numeric values can result in a slow
sequential scan.This behavior is configurable via
ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.
Action View
- No changes.
Action Pack
-
Fix sec issue with _url_host_allowed?
Disallow certain strings from
_url_host_allowed?
to avoid a redirect
to malicious sites. -
Avoid regex backtracking on If-None-Match header
-
Use string#split instead of regex for domain parts
Active Job
- No changes.
Action Mailer
- No changes.
Action Cable
- No changes.
Active Storage
- No changes.
Action Mailbox
- No changes.
Action Text
- No changes.
Railties
- No changes.
v6.1.7.1
Active Support
-
Avoid regex backtracking in Inflector.underscore
Active Model
- No changes.
Active Record
-
Make sanitize_as_sql_comment more strict
Though this method was likely never meant to take user input, it was
attempting sanitization. That sanitization could be bypassed with
carefully crafted input.This commit makes the sanitization more robust by replacing any
occurrances of "/" or "/" with "/ " or " /". It also performs a
first pass to remove one surrounding comment to avoid compatibility
issues for users relying on the existing removal.This also clarifies in the documentation of annotate that it should not
be provided user input. -
Added integer width check to PostgreSQL::Quoting
Given a value outside the range for a 64bit signed integer type
PostgreSQL will treat the column type as numeric. Comparing
integer values against numeric values can result in a slow
sequential scan.This behavior is configurable via
ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.
Action View
- No changes.
Action Pack
-
Avoid regex backtracking on If-None-Match header
-
Use string#split instead of regex for domain parts
Active Job
- No changes.
Action Mailer
- No changes.
Action Cable
- No changes.
Active Storage
- No changes.
Action Mailbox
- No changes.
Action Text
- No changes.
Railties
- No changes.
v6.0.6.1
Active Support
- No changes.
Active Model
- No changes.
Active Record
-
Make
sanitize_as_sql_comment
more strictThough this method was likely never meant to take user input, it was
attempting sanitization. That sanitization could be bypassed with
carefully crafted input.This commit makes the sanitization more robust by replacing any
occurrances of "/" or "/" with "/ " or " /". It also performs a
first pass to remove one surrounding comment to avoid compatibility
issues for users relying on the existing removal.This also clarifies in the documentation of annotate that it should not
be provided user input.
Action View
- No changes.
Action Pack
- No changes.
Active Job
- No changes.
Action Mailer
- No changes.
Action Cable
- No changes.
Active Storage
- No changes.
Action Mailbox
- No changes.
Action Text
- No changes.
Railties
- No changes.
v7.0.4
Active Support
-
Redis cache store is now compatible with redis-rb 5.0.
Jean Boussier
-
Fix
NoMethodError
on customActiveSupport::Deprecation
behavior.ActiveSupport::Deprecation.behavior=
was supposed to accept any object
that responds tocall
, but in fact its internal implementation assumed that
this object could respond toarity
, so it was restricted to onlyProc
objects.This change removes this
arity
restriction of custom behaviors.Ryo Nakamura
Active Model
-
Handle name clashes in attribute methods code generation cache.
When two distinct attribute methods would generate similar names,
the first implementation would be incorrectly re-used.class A attribute_method_suffix "_changed?" define_attribute_methods :x end class B attribute_method_suffix "?" define_attribute_methods :x_changed end
Jean Boussier
Active Record
-
Symbol is allowed by default for YAML columns
Étienne Barrié
-
Fix
ActiveRecord::Store
to serialize as a regular HashPreviously it would serialize as an
ActiveSupport::HashWithIndifferentAccess
which is wasteful and cause problem with YAML safe_load.Jean Boussier
-
Add
timestamptz
as a time zone aware type for PostgreSQLThis is required for correctly parsing
timestamp with time zone
values in your database.If you don't want this, you can opt out by adding this initializer:
ActiveRecord::Base.time_zone_aware_types -= [:timestamptz]
Alex Ghiculescu
-
Fix supporting timezone awareness for
tsrange
andtstzrange
array columns.# In database migrations add_column :shops, :open_hours, :tsrange, array: true # In app config ActiveRecord::Base.time_zone_aware_types += [:tsrange] # In the code times are properly converted to app time zone Shop.create!(open_hours: [Time.current..8.hour.from_now])
Wojciech Wnętrzak
-
Resolve issue where a relation cache_version could be left stale.
Previously, when
reset
was called on a relation object it did not reset the cache_versions
ivar. This led to a confusing situation where despite having the correct data the relation
still reported a stale cache_version.Usage:
developers = Developer.all developers.cache_version Developer.update_all(updated_at: Time.now.utc + 1.second) developers.cache_version # Stale cache_version developers.reset developers.cache_version # Returns the current correct cache_version
Fixes #45341.
Austen Madden
-
Fix
load_async
when called on an association proxy.Calling
load_async
directly an association would schedule
a query but never use it.comments = post.comments.load_async # schedule a query comments.to_a # perform an entirely new sync query
Now it does use the async query, however note that it doesn't
cause the association to be loaded.Jean Boussier
-
Fix eager loading for models without primary keys.
Anmol Chopra, Matt Lawrence, and Jonathan Hefner
-
rails db:schema:{dump,load}
now checksENV["SCHEMA_FORMAT"]
before configSince
rails db:structure:{dump,load}
was deprecated there wasn't a simple
way to dump a schema to both SQL and Ruby formats. You can now do this with
an environment variable. For example:SCHEMA_FORMAT=sql rake db:schema:dump
Alex Ghiculescu
-
Fix Hstore deserialize regression.
edsharp
Action View
-
Guard against
ActionView::Helpers::FormTagHelper#field_name
calls with nil
object_name
arguments. For example:<%= fields do |f| %> <%= f.field_name :body %> <% end %>
Sean Doyle
-
Strings returned from
strip_tags
are correctly taggedhtml_safe?
Because these strings contain no HTML elements and the basic entities are escaped, they are safe
to be included as-is as PCDATA in HTML content. Tagging them as html-safe avoids double-escaping
entities when being concatenated to a SafeBuffer during rendering.Fixes rails/rails-html-sanitizer#124
Mike Dalessio
Action Pack
-
Prevent
ActionDispatch::ServerTiming
from overwriting existing values inServer-Timing
.Previously, if another middleware down the chain set
Server-Timing
header,
it would overwritten byActionDispatch::ServerTiming
.Jakub Malinowski
Active Job
-
Update
ActiveJob::QueueAdapters::QueAdapter
to remove deprecation warning.Remove a deprecation warning introduced in que 1.2 to prepare for changes in
que 2.0 necessary for Ruby 3 compatibility.Damir Zekic and Adis Hasovic
Action Mailer
- No changes.
Action Cable
-
The Redis adapter is now compatible with redis-rb 5.0
Compatibility with redis-rb 3.x was dropped.
Jean Boussier
-
The Action Cable server is now mounted with
anchor: true
.This means that routes that also start with
/cable
will no longer clash with Action Cable.Alex Ghiculescu
Active Storage
-
Fixes proxy downloads of files over 5MiB
Previously, trying to view and/or download files larger than 5mb stored in
services like S3 via proxy mode could return corrupted files at around
5.2mb or cause random halts in the download. Now,
ActiveStorage::Blobs::ProxyController
correctly handles streaming these
larger files from the service to the client without any issues.Fixes #44679
Felipe Raul
Action Mailbox
- No changes.
Action Text
- No changes.
Railties
-
config.allow_concurrency = false
now use aMonitor
instead of aMutex
This allows to enable
config.active_support.executor_around_test_case
even
whenconfig.allow_concurrency
is disabled.Jean Boussier
-
Skip Active Storage and Action Mailer if Active Job is skipped.
Étienne Barrié
-
Correctly check if frameworks are disabled when running app:update.
Étienne Barrié and Paulo Barros
-
Fixed
config.active_support.cache_format_version
never being applied.Rails 7.0 shipped with a new serializer for Rails.cache, but the associated config
wasn't working properly. Note that even after this fix, it can only be applied from
theapplication.rb
file.Alex Ghiculescu
v6.1.7
Active Support
- No changes.
Active Model
- No changes.
Active Record
-
Symbol is allowed by default for YAML columns
Étienne Barrié
-
Fix
ActiveRecord::Store
to serialize as a regular HashPreviously it would serialize as an
ActiveSupport::HashWithIndifferentAccess
which is wasteful and cause problem with YAML safe_load.Jean Boussier
-
Fix PG.connect keyword arguments deprecation warning on ruby 2.7
Fixes #44307.
Nikita Vasilevsky
Action View
- No changes.
Action Pack
- No changes.
Active Job
- No changes.
Action Mailer
- No changes.
Action Cable
- No changes.
Active Storage
-
Respect Active Record's primary_key_type in Active Storage migrations. Backported from 7.0.
fatkodima
Action Mailbox
- No changes.
Action Text
- No changes.
Railties
- No changes.