Ruby on Rails
raise_on_missing_translations
not working correctly with the
translate
method in controllers after the patch for CVE-2024-26143.Fix possible XSS vulnerability with the translate
method in controllers
CVE-2024-26143
Fix ReDoS in Accept header parsing
CVE-2024-26142
Fix possible XSS vulnerability with the translate
method in controllers
CVE-2024-26143
Disables the session in ActiveStorage::Blobs::ProxyController
and ActiveStorage::Representations::ProxyController
in order to allow caching by default in some CDNs as CloudFlare
Fixes #44136
Bruno Prieto
Disables the session in ActiveStorage::Blobs::ProxyController
and ActiveStorage::Representations::ProxyController
in order to allow caching by default in some CDNs as CloudFlare
Fixes #44136
Bruno Prieto
Handle nil backtrace_locations
in ActiveSupport::SyntaxErrorProxy
.
Eugene Kenny
Fix ActiveSupport::JSON.encode
to prevent duplicate keys.
If the same key exist in both String and Symbol form it could lead to the same key being emitted twice.
Manish Sharma
Fix ActiveSupport::Cache::Store#read_multi
when using a cache namespace
and local cache strategy.
Mark Oleson
Fix Time.now/DateTime.now/Date.today
to return results in a system timezone after #travel_to
.
There is a bug in the current implementation of #travel_to: it remembers a timezone of its argument, and all stubbed methods start returning results in that remembered timezone. However, the expected behaviour is to return results in a system timezone.
Aleksei Chernenkov
Fix :unless_exist
option for MemoryStore#write
(et al) when using a
cache namespace.
S. Brent Faulkner
Fix ActiveSupport::Deprecation to handle blaming generated code.
Jean Boussier, fatkodima
Fix Migrations with versions older than 7.1 validating options given to
add_reference
.
Hartley McGuire
Ensure reload
sets correct owner for each association.
Dmytro Savochkin
Fix view runtime for controllers with async queries.
fatkodima
Fix load_async
to work with query cache.
fatkodima
Fix polymorphic belongs_to
to correctly use parent's query_constraints
.
fatkodima
Fix Preloader
to not generate a query for already loaded association with query_constraints
.
fatkodima
Fix multi-database polymorphic preloading with equivalent table names.
When preloading polymorphic associations, if two models pointed to two tables with the same name but located in different databases, the preloader would only load one.
Ari Summer
Fix encrypted_attribute?
to take into account context properties passed to encrypts
.
Maxime Réty
Fix find_by
to work correctly in presence of composite primary keys.
fatkodima
Fix async queries sometimes returning a raw result if they hit the query cache.
ShipPart.async_count
could return a raw integer rather than a Promise
if it found the result in the query cache.
fatkodima
Fix Relation#transaction
to not apply a default scope.
The method was incorrectly setting a default scope around its block:
Post.where(published: true).transaction do
Post.count # SELECT COUNT(*) FROM posts WHERE published = FALSE;
end
Jean Boussier
Fix calling async_pluck
on a none
relation.
Model.none.async_pluck(:id)
was returning a naked value
instead of a promise.
Jean Boussier
Fix calling load_async
on a none
relation.
Model.none.load_async
was returning a broken result.
Lucas Mazza
TrilogyAdapter: ignore host
if socket
parameter is set.
This allows to configure a connection on a UNIX socket via DATABASE_URL:
DATABASE_URL=trilogy://does-not-matter/my_db_production?socket=/var/run/mysql.sock
Jean Boussier
Fix has_secure_token
calls the setter method on initialize.
Abeid Ahmed
Allow using object_id
as a database column name.
It was available before rails 7.1 and may be used as a part of polymorphic relationship to object
where object
can be any other database record.
Mikhail Doronin
Fix rails db:create:all
to not touch databases before they are created.
fatkodima
Better handle SyntaxError in Action View.
Mario Caropreso
Fix word_wrap
with empty string.
Jonathan Hefner
Rename ActionView::TestCase::Behavior::Content
to ActionView::TestCase::Behavior::RenderedViewContent
.
Make RenderedViewContent
inherit from String
. Make private API with :nodoc:
.
Sean Doyle
Fix detection of required strict locals.
Further fix render @collection
compatibility with strict locals
Jean Boussier
Fix including Rails.application.routes.url_helpers
directly in an
ActiveSupport::Concern.
Jonathan Hefner
Fix system tests when using a Chrome binary that has been downloaded by Selenium.
Jonathan Hefner
Do not trigger immediate loading of ActiveJob::Base
when loading ActiveJob::TestHelper
.
Maxime Réty
Preserve the serialized timezone when deserializing ActiveSupport::TimeWithZone
arguments.
Joshua Young
Fix ActiveJob arguments serialization to correctly serialize String subclasses having custom serializers.
fatkodima
Fix N+1 query when fetching preview images for non-image assets.
Aaron Patterson & Justin Searls
Fix all Active Storage database related models to respect
ActiveRecord::Base.table_name_prefix
configuration.
Chedli Bourguiba
Fix ActiveStorage::Representations::ProxyController
not returning the proper
preview image variant for previewable files.
Chedli Bourguiba
Fix ActiveStorage::Representations::ProxyController
to proxy untracked
variants.
Chedli Bourguiba
Fix direct upload forms when submit button contains nested elements.
Marc Köhlbrugge
When using the preprocessed: true
option, avoid enqueuing transform jobs
for blobs that are not representable.
Chedli Bourguiba
Process preview image variant when calling ActiveStorage::Preview#processed
.
For example, attached_pdf.preview(:thumb).processed
will now immediately
generate the full-sized preview image and the :thumb
variant of it.
Previously, the :thumb
variant would not be generated until a further call
to e.g. processed.url
.
Chedli Bourguiba and Jonathan Hefner
Prevent ActiveRecord::StrictLoadingViolationError
when strict loading is
enabled and the variant of an Active Storage preview has already been
processed (for example, by calling ActiveStorage::Preview#url
).
Jonathan Hefner
Fix preprocessed: true
option for named variants of previewable files.
Nico Wenterodt
Make sure config.after_routes_loaded
hook runs on boot.
Rafael Mendonça França
Fix config.log_level
not being respected when using a BroadcastLogger
Édouard Chin
Fix isolated engines to take ActiveRecord::Base.table_name_prefix
into consideration.
This will allow for engine defined models, such as inside Active Storage, to respect
Active Record table name prefix configuration.
Chedli Bourguiba
The bin/rails app:template
command will no longer add potentially unwanted
gem platforms via bundle lock --add-platform=...
commands.
Jonathan Hefner
Fix :expires_in
option for RedisCacheStore#write_multi
.
fatkodima
Fix deserialization of non-string "purpose" field in Message serializer
Jacopo Beschi
Prevent global cache options being overwritten when setting dynamic options
inside a ActiveSupport::Cache::Store#fetch
block.
Yasha Krasnou
Fix missing require
resulting in NoMethodError
when running
bin/rails secrets:show
or bin/rails secrets:edit
.
Stephen Ierodiaconou
Ensure {down,up}case_first
returns non-frozen string.
Jonathan Hefner
Fix #to_fs(:human_size)
to correctly work with negative numbers.
Earlopain
Fix BroadcastLogger#dup
so that it duplicates the logger's broadcasts
.
Andrew Novoselac
Fix issue where bootstrap.rb
overwrites the level
of a BroadcastLogger
's broadcasts
.
Andrew Novoselac
Fix ActiveSupport::Cache
to handle outdated Marshal payload from Rails 6.1 format.
Active Support's Cache is supposed to treat a Marshal payload that can no longer be deserialized as a cache miss. It fail to do so for compressed payload in the Rails 6.1 legacy format.
Jean Boussier
Fix OrderedOptions#dig
for array indexes.
fatkodima
Fix time travel helpers to work when nested using with separate classes.
fatkodima
Fix delete_matched
for file cache store to work with keys longer than the
max filename size.
fatkodima and Jonathan Hefner
Fix compatibility with the semantic_logger
gem.
The semantic_logger
gem doesn't behave exactly like stdlib logger in that
SemanticLogger#level
returns a Symbol while stdlib Logger#level
returns an Integer.
This caused the various LogSubscriber
classes in Rails to break when assigned a
SemanticLogger
instance.
Jean Boussier, ojab
Make ==(other)
method of AttributeSet safe.
Dmitry Pogrebnoy
Fix renaming primary key index when renaming a table with a UUID primary key in PostgreSQL.
fatkodima
Fix where(field: values)
queries when field
is a serialized attribute
(for example, when field
uses ActiveRecord::Base.serialize
or is a JSON
column).
João Alves
Prevent marking broken connections as verified.
Daniel Colson
Don't mark Float::INFINITY as changed when reassigning it
When saving a record with a float infinite value, it shouldn't mark as changed
Maicol Bentancor
ActiveRecord::Base.table_name
now returns nil
instead of raising
"undefined method abstract_class?
for Object:Class".
a5-stable
Fix upserting for custom :on_duplicate
and :unique_by
consisting of all
inserts keys.
fatkodima
Fixed an issue where saving a
record could innappropriately dup
its attributes.
Jonathan Hefner
Dump schema only for a specific db for rollback/up/down tasks for multiple dbs.
fatkodima
Fix NoMethodError
when casting a PostgreSQL money
value that uses a
comma as its radix point and has no leading currency symbol. For example,
when casting "3,50"
.
Andreas Reischuck and Jonathan Hefner
Re-enable support for using enum
with non-column-backed attributes.
Non-column-backed attributes must be previously declared with an explicit
type. For example:
class Post < ActiveRecord::Base
attribute :topic, :string
enum topic: %i[science tech engineering math]
end
Jonathan Hefner
Raise on foreign_key:
being passed as an array in associations
Nikita Vasilevsky
Return back maximum allowed PostgreSQL table name to 63 characters.
fatkodima
Fix detecting IDENTITY
columns for PostgreSQL < 10.
fatkodima
Fix the number_to_human_size
view helper to correctly work with negative numbers.
Earlopain
Automatically discard the implicit locals injected by collection rendering for template that can't accept them
When rendering a collection, two implicit variables are injected, which breaks templates with strict locals.
Now they are only passed if the template will actually accept them.
Yasha Krasnou, Jean Boussier
Fix @rails/ujs
calling start()
an extra time when using bundlers
Hartley McGuire, Ryunosuke Sato
Fix the capture
view helper compatibility with HAML and Slim
When a blank string was captured in HAML or Slim (and possibly other template engines) it would instead return the entire buffer.
Jean Boussier
Fix a race condition that could cause a Text file busy - chromedriver
error with parallel system tests
Matt Brictson
Fix StrongParameters#extract_value
to include blank values
Otherwise composite parameters may not be parsed correctly when one of the component is blank.
fatkodima, Yasha Krasnou, Matthias Eiglsperger
Add racc
as a dependency since it will become a bundled gem in Ruby 3.4.0
Hartley McGuire
Support handling Enumerator for non-buffered responses.
Zachary Scott
Compile ESM package that can be used directly in the browser as actiontext.esm.js
Matias Grunberg
Fix using actiontext.js with Sprockets
Matias Grunberg
Upgrade Trix to 2.0.7
Hartley McGuire
Fix using Trix with Sprockets
Hartley McGuire
Fix running db:system:change
when app has no Dockerfile.
Hartley McGuire
If you accessed config.eager_load_paths
and friends, later changes to
config.paths
were not reflected in the expected auto/eager load paths.
Now, they are.
This bug has been latent since Rails 3.
Fixes #49629.
Xavier Noria
Add support for keyword arguments when delegating calls to custom loggers from ActiveSupport::BroadcastLogger
.
Jenny Shen
NumberHelper
: handle objects responding to_d
.
fatkodima
Fix RedisCacheStore to properly set the TTL when incrementing or decrementing.
This bug was only impacting Redis server older than 7.0.
Thomas Countz
Fix MemoryStore to prevent race conditions when incrementing or decrementing.
Pierre Jambet
Fix auto populating IDENTITY columns for PostgreSQL.
fatkodima
Fix "ArgumentError: wrong number of arguments (given 3, expected 2)" when
down migrating rename_table
in older migrations.
fatkodima
Do not require the Action Text, Active Storage and Action Mailbox tables to be present when running when running test on CI.
Rafael Mendonça França
Updated @rails/ujs
files to ignore certain data-* attributes when element is contenteditable.
This fix was already landed in >= 7.0.4.3, < 7.1.0. [CVE-2023-23913]
Ryunosuke Sato
Don't log enqueuing details when the job wasn't enqueued.
Dustin Brown
Ensures the Rails generated Dockerfile uses correct ruby version and matches Gemfile.
Abhay Nikam
Fix AS::MessagePack
with ENV["RAILS_MAX_THREADS"]
.
Jonathan Hefner
Remove -shm and -wal SQLite files when rails db:drop
is run.
Niklas Häusele
Revert the change to raise an ArgumentError
when #accepts_nested_attributes_for
is declared more than once for
an association in the same class.
The reverted behavior broke the case where the #accepts_nested_attributes_for
was defined in a concern and
where overridden in the class that included the concern.
Rafael Mendonça França
Make sure scheduled_at
is a Time object when asserting enqueued jobs.
Rafael Mendonça França
Always set the Rails logger to be an instance of ActiveSupport::BroadcastLogger
.
Edouard Chin
Add a new public API for broadcasting logs
This feature existed for a while but was until now a private API. Broadcasting log allows to send log message to difference sinks (STDOUT, a file ...) and is used by default in the development environment to write logs both on STDOUT and in the "development.log" file.
Basic usage:
stdout_logger = Logger.new(STDOUT)
file_logger = Logger.new("development.log")
broadcast = ActiveSupport::BroadcastLogger.new(stdout_logger, file_logger)
broadcast.info("Hello!") # The "Hello!" message is written on STDOUT and in the log file.
Adding other sink(s) to the broadcast:
broadcast = ActiveSupport::BroadcastLogger.new
broadcast.broadcast_to(Logger.new(STDERR))
Remove a sink from the broadcast:
stdout_logger = Logger.new(STDOUT)
broadcast = ActiveSupport::BroadcastLogger.new(stdout_logger)
broadcast.stop_broadcasting_to(stdout_logger)
Edouard Chin
Fix Range#overlap? not taking empty ranges into account on Ruby < 3.3
Nobuyoshi Nakada, Shouichi Kamiya, Hartley McGuire
Use Ruby 3.3 Range#overlap? if available
Yasuo Honda
Remove change in the typography of user facing error messages. For example, “can’t be blank” is again “can't be blank”.
Rafael Mendonça França
Better naming for unique constraints support.
Naming unique keys leads to misunderstanding it's a short-hand of unique indexes. Just naming it unique constraints is not misleading.
In Rails 7.1.0.beta1 or before:
add_unique_key :sections, [:position], deferrable: :deferred, name: "unique_section_position"
remove_unique_key :sections, name: "unique_section_position"
Now:
add_unique_constraint :sections, [:position], deferrable: :deferred, name: "unique_section_position"
remove_unique_constraint :sections, name: "unique_section_position"
Ryuta Kamizono
Fix duplicate quoting for check constraint expressions in schema dump when using MySQL
A check constraint with an expression, that already contains quotes, lead to an invalid schema dump with the mysql2 adapter.
Fixes #42424.
Felix Tscheulin
Performance tune the SQLite3 adapter connection configuration
For Rails applications, the Write-Ahead-Log in normal syncing mode with a capped journal size, a healthy shared memory buffer and a shared cache will perform, on average, 2× better.
Stephen Margheim
Allow SQLite3 busy_handler
to be configured with simple max number of retries
Retrying busy connections without delay is a preferred practice for performance-sensitive applications. Add support for a database.yml
retries
integer, which is used in a simple busy_handler
function to retry busy connections without exponential backoff up to the max number of retries
.
Stephen Margheim
The SQLite3 adapter now supports supports_insert_returning?
Implementing the full supports_insert_returning?
contract means the SQLite3 adapter supports auto-populated columns (#48241) as well as custom primary keys.
Stephen Margheim
Ensure the SQLite3 adapter handles default functions with the ||
concatenation operator
Previously, this default function would produce the static string "'Ruby ' || 'on ' || 'Rails'"
.
Now, the adapter will appropriately receive and use "Ruby on Rails"
.
change_column_default "test_models", "ruby_on_rails", -> { "('Ruby ' || 'on ' || 'Rails')" }
Stephen Margheim
Dump PostgreSQL schemas as part of the schema dump.
Lachlan Sylvester
Introduce ActionView::TestCase.register_parser
register_parser :rss, -> rendered { RSS::Parser.parse(rendered) }
test "renders RSS" do
article = Article.create!(title: "Hello, world")
render formats: :rss, partial: article
assert_equal "Hello, world", rendered.rss.items.last.title
end
By default, register parsers for :html
and :json
.
Sean Doyle
Add support for #deep_merge
and #deep_merge!
to
ActionController::Parameters
.
Sean Doyle
Set scheduled_at
attribute as a Time object instead of epoch seconds, and serialize and deserialize the value
when enqueued. Assigning a numeric/epoch value to scheduled_at= is deprecated; use a Time object instead.
Deserializes enqueued_at
as a Time instead of ISO8601 String.
Ben Sheldon
Clarify the backoff strategy for the recommended :wait
option when retrying jobs
wait: :exponentially_longer
is waiting polynomially longer, so it is now recommended to use wait: :polynomially_longer
to keep the same behavior.
Victor Mours
Introduce ActionMailer::FormBuilder
Use the default_form_builder
method in mailers to set the default form builder
for templates rendered by that mailer. Matches the behaviour in Action Controller.
Alex Ghiculescu
Add expires_at
option to ActiveStorage::Blob#signed_id
.
rails_blob_path(user.avatar, disposition: "attachment", expires_at: 30.minutes.from_now)
<%= image_tag rails_blob_path(user.avatar.variant(resize: "100x100"), expires_at: 30.minutes.from_now) %>
Aki
Allow attaching File and Pathname when assigning attributes, e.g.
User.create!(avatar: File.open("image.jpg"))
User.create!(avatar: file_fixture("image.jpg"))
Dorian Marié
Require concurrent-ruby
in config/puma.rb
so that Puma can boot in
production when WEB_CONCURRENCY
is not explicitly specified.
Fixes #49323.
Matt Brictson
Raise error when generating attribute with dangerous name.
The following will now raise an error as save
and hash
are already
defined by Active Record.
$ bin/rails generate model Post save
$ bin/rails generate model Post hash
Petrik de Heus