Skip to content
Browse files

Announcing Lotus v0.6.0

  • Loading branch information...
jodosha committed Jan 11, 2016
1 parent 9b2005a commit 144c8cc690c47f4e9c8cd6d241bd6fbcf9c0794b
@@ -81,7 +81,7 @@ We strongly suggest to use [EcmaScript 6]( for your nex
It is not yet fully [supported]( by browser vendors, but it's the future of JavaScript.

As of today, you need to transpile ES6 code into something understandable by current browsers, which is ES5.
For this purpose we support [Babel]( Make sure to require `'lotus/assets/es6'` to enable it.
For this purpose we support [Babel]( <strike>Make sure to require `'lotus/assets/es6'` to enable it.</strike>

## Sources

@@ -107,7 +107,7 @@ This release will ship with a new command: `lotus assets precompile`; which can

Assets are loaded from the sources of each application (including third party gems) and preprocessed or copied into the public directory of the project.

Each asset is compressed using [YUI Compressor]( (which requires **Java 1.4+**).
Each asset is compressed using <strike>[YUI Compressor]( (which requires **Java 1.4+**)</strike> one of the supported engines: YUI, UglifyJS2, Google Closure, Sass.
With this step we shrink the file size, to let browser to download them faster.

As last step, we produce another version of the same file that includes the checksum of the assets in the name (see the example below).
@@ -0,0 +1,132 @@
title: Announcing Lotus v0.6.0
date: 2016-01-12 15:42 UTC
tags: announcements
author: Luca Guidi
image: true
excerpt: >
Features: Assets, custom initializers, default Rake tasks, and destroy command.

This new release makes Lotus a complete web framework for Ruby.
It ships with the last important set of features for assets.

**We have now everything we need to build web applications with Lotus.**

## Features

### Assets

As of Lotus v0.6.0, we now have a full set of features for assets management, such as:

* [Helpers](/guides/helpers/assets)
* [Preprocessors](/guides/assets/preprocessors) ([Sass](, [Less](, [ES6](, [JSX](, [CoffeeScript](, [Opal](, etc..)
* [Compressors](/guides/assets/compressors) ([YUI](, [UglifyJS2](, [Google Closure Compiler](, [Sass](, etc..)
* [Deployment](/guides/command-line/assets) (precompile, compress, checksum)
* [Content Delivery Network](/guides/assets/content-delivery-network)
* [Heroku support](/blog/2015-12-29-introducing-assets.html)
* [Third Party Gems](/guides/assets/overview) (eg. `bootstrap` gem will support soon Lotus out of the box)
* A new [Rack middleware](/guides/assets/overview) to serve static assets
* Lazy precompilation + cache in development mode

Thanks to [Leigh Halliday](, [Gonzalo Rodríguez-Baltanás Díaz](, [deepj](, [Michael Deol](, [Benjamin Klotz](, [Kleber Correia]( for their contributions and help.

[Read the [guides](/guides/assets/overview) and the [announcement](/blog/2015-12-29-introducing-assets.html)]

### Custom Initializers

For each application under `apps/`, now we can **optionally** have a special directory (eg. `apps/web/config/initializers`) where to put Ruby source files to initialize that specific application.
Starting from `v0.6.0`, new projects and applications will be generated with that directory.

Thanks to [Lucas Allan]( for this new feature.

[Read the [guides](/guides/applications/initializers)]

### Default Rake Tasks

Lotus projects now ship with two default Rake tasks: `:preload` and `:environment`.
The first is a lightweight way to load **only** the configurations of a project, while the latter loads the entire application.
We can use them as requirement for our Rake tasks:

# Rakefile
# ...
task clear_users: :environment do

We can invoke this new taks with:

bundle exec rake clear_users

[Read the [guides](/guides/applications/rake)]

### Destroy Command

We have introduced a new CLI command `lotus destroy`.
It has the role of destroy applications (`apps/`), actions, entities, repositories, migrations, mailers and their related testing code.

bundle exec lotus destroy action web home#index

Thanks to [Tadeu Valentt]( and [Lucas Allan]( for this feature.

## Minor Changes &amp; Improvements

Pluralizations can be [customized]( by adding exceptions to default inflections.

Special thanks goes to [Tadeu Valentt](, [Pascal Betz](, [Andrey Deryabin](, [Anton Davydov](, [Caius Durling](, [Jason Charnes](, [Sean Collins](, and [Ken Gullaksen]( for their work to make our CLI stronger than ever.

Thanks to [Neil Matatall]( to prevent timing attacks for CSRF tokens comparision, [David Strauß]( for making body parsing compatible with JSON API, [Karim Tarek]( and [Liam Dawson]( for exception normalization across all our gems, [Vladislav Zarakovsky]( for making Force SSL compliant with Rack SPEC, while [Bernardo Farah]( fixed chunked responses, to [Karim Kiatlottiavi]( for fixing HTML escape encoding, to [Rodrigo Panachi]( for fixing CSRF form, to [Hélio Costa]( and [Pascal Betz]( for fixing how validations treat blank strings, to [Cam Huynh]( for making `#html` helper to accept blocks.

We're thankful for the help that [Hiếu Nguyễn](, [Taylor Finnell](, [Andrey Deryabin](, [Cainã Costa](, [Shin-ichi Ueda](, [Martin Rubi]( offered for other minor improvement and fixes.

## Deprecations

### Ruby 2.0 &amp; 2.1

Ruby 2.0 and 2.1 are now deprecated.
We took this decision because MRI 2.0 will reach End Of Life (EOL) next month and because keeping 2.1 around would mean to keep our internals complex because of _"safe indifferent access"_.

Prior to MRI 2.2, `Symbol` instances weren't garbage collected.
This has caused security problems for Ruby applications, because if not properly filtered, untrusted input could've been lead to attacks where the server memory got entirely consumed by Ruby VM due to `Symbol` abuse.

To prevent this kind of attacks, we always used strings for incoming HTTP parameters.
At the same time, we wanted to offer convenient access to these params via symbols (eg `params[:id]`).
To make this possible we had to carefully filter and convert data over and over.

By dropping 2.1, we can simplify our internal code because we don't have to worry about GC and symbols security threats.
At the same time we can provide minor perf improvements due to the lack of these conversions.

## Breaking Changes

There are several breaking changes due to assets features.

**Please make sure to read the detailed [upgrade guide](/guides/upgrade-notes/v060) that we prepared.**

## What's Next?

Our focus for the next release (`v0.7.0`) will be about `Lotus::Model` and `Lotus::Validations`.
We want to make **stronger** and **flexible** the way we validate and persist data.

We recognized it's **too verbose** to always require **database mapping** even if it can be avoided (eg with SQL databases).
It's **not necessary** to instantiate an entity to write a record, repositories can **directly accept data** and persist it.

In other words, we want to **simplify** our day to day life with Lotus.

<div style="display: inline">

<iframe src="" frameborder="0" scrolling="0" width="160px" height="30px"></iframe>

<a href="" class="hn-button" data-title="Announcing Lotus v0.6.0" data-url="" data-count="horizontal" data-style="facebook">Vote on Hacker News</a>
<script type="text/javascript">var HN=[];HN.factory=function(e){return function(){HN.push([e].concat(,0)))};},HN.on=HN.factory("on"),HN.once=HN.factory("once"),"off"),HN.emit=HN.factory("emit"),HN.load=function(){var e="hn-button.js";if(document.getElementById(e))return;var t=document.createElement("script");,t.src="//";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(t,n)},HN.load();</script>
<script type="text/javascript">
reddit_url = "";
<script type="text/javascript" src="//"></script>
Binary file not shown.

0 comments on commit 144c8cc

Please sign in to comment.
You can’t perform that action at this time.