Hi everyone again!!! Rails versions 6.0.4.4, and 6.1.4.4, have been released! This release wasn’t a security release. There was a bug in the previous release such that requests in development with a port number wouldn’t be considered “authorized” requests. Requests to “127.0.0.1:3000” and custom hosts should work in this new version. I’m sorry about the inconvenience and I hope this upgrade is smooth. Thanks everyone! Rafael $ shasum *6.0.4.4* ec84233bc33aca91429664efadf0376bedc9789a actioncable-6.0.4.4.gem 5225bfdff98beb47659dd61fa630d6fb92f03922 actionmailbox-6.0.4.4.gem de8a6fe37b4c1f ..read more

Hi everyone again!!! Rails versions 6.0.4.3, 6.1.4.3, and 7.0.0.rc3 have been released! This release wasn’t a security release. There was a bug in the default configuration of the previous release such that requests in development with a port number wouldn’t be considered “authorized” requests. Requests to “localhost:3000” should work in this new version. I’m sorry about the inconvenience and I hope this upgrade is smooth. Thanks everyone! -Aaron ❤️ $ shasum *6.0.4.3* 0ba4b54347d2573b8d0ac7954ede05aca6ac8588 actioncable-6.0.4.3.gem 31609fc522ea460f1a3fbc3ea42b6f37f8210ed1 actionmailbox-6.0 ..read more

Hi everyone!!! Rails versions 6.0.4.2, 6.1.4.2, and 7.0.0.rc2 have been released! These releases contain important security fixes, so please update when you can! This release just contains one security fix which you can read about here: [CVE-2021-44528] Possible Open Redirect in Host Authorization Middleware Here are the checksums for the gems: $ shasum -a 256 *-6.0.4.2.gem 724b4f42fd285a8c10208ee97b3ec3f64c061adfc1d9220c1c4d721ae6138085 actioncable-6.0.4.2.gem 1f003fb2c4cdf1add64163bf8c2c189683d485107caa46505f23263164276d2c actionmailbox-6.0.4.2.gem 4b422ce5ecbd0c964acd8b9188029156d89eb ..read more

Hi! Robin here, with the latest news from the Ruby on Rails world! Rails 7.0 RC1: New JavaScript Answers, At-Work Encryption, Query Origin Logging, Zeitwerk Exclusively With tons of new features and improvements like new ways to deal with JavaScript or at-work encryption, this new version of Rails should be released before Christmas! ?? It would be great if you could try to install it and report any bug or regression you may find. You can follow these steps to upgrade your applications. Compile ERB templates with frozen string literal enabled If your application renders heavy templates, a bran ..read more

We’re almost ready to declare Rails 7 done! The feedback since the first alpha release has been wonderful, we’ve eliminated a slew of issues, and we’ve seen Basecamp, HEY, GitHub, and Shopify all run in production on this alpha series. So we now feel so confident that this is nearly ready that we’re skipping straight from alpha to release candidate. This is RC1. Please help us do the final testing of all this new stuff so we can ensure a solid final release of Rails 7 this year! All New Answers On The Front-End After almost five years with Webpacker as our default answer to writing modern Java ..read more

Hey, Wojtek here with recent additions to Rails. All of them today for FREE, for you. Thank you all the contributors for making Rails. Those from one-time to day by day committers. Add compose method to Active Storage Blob Concatenating multiple blobs is now possible. Support custom metadata on Active Storage Setting custom metadata on blobs are now persisted to remote storage. Allow to configure the list of columns to update in upsert_all Before, you could only customize the update SQL sentence via :on_duplicate. There is now a new option :update_only that lets you provide a list of columns t ..read more

Hey, this is Greg, bringing you the latest news about Ruby on Rails. Support <form> elements without [action] By default, when a form is declared without an action attribute, browsers will encode the form’s fields into the current URL. Prior to this commit, none of the form construction variations supported declaring a form without an action attribute, form_with, form_for, and form_tag all default to url_for({}) when a url or action option is omitted, but with this change, when they are set to false, the form will be rendered without an action attribute. Support authenticity_token option ..read more

Hey! Robin here with the latest news from the Ruby on Rails world. Support accepts_nested_attributes_for for delegated types Rails 6.1 introduced delegated types to ease handling some polymorphic relationships. This pull request makes using accepts_nested_attributes_for on such types a piece of cake. Use nested queries doing UPDATE with GROUP BY and HAVING on MySQL Since MySQL doesn’t support UPDATE with GROUP BY and HAVING clauses, this patch fixes such scenario to rely on a sub-query. A similar patch has been merged to deal with DELETE queries. Raise a specific error on unsafe redirects Rail ..read more

? Trick or treat, zzak here after a week off with lots of goodies! ? Rails Autoloader Migration Guide: From Classic to Zeitwerk This new guide has all you need to know to switch the autoloader for Rails 6.x and 7.0 applications! Add ActiveRecord::Base.prohibit_shard_swapping This new method prohibits swapping shards within the given block. This can be useful if you’re using sharding to provide database isolation on a per-request basis. Add support for setting the schema/structure dump filepath in the config This PR adds the ability to specify the path used for schema dump files. For those usin ..read more

Hey, Wojtek here with last week updates from the Ruby on Rails world. Set timestamps on insert_all/upsert_all record creation The timestamps will be automatically set when using bulk insert/upsert. This behaviour can be disabled by the record_timestamps config on the model class. Treat html suffix in controller translation When translation key ending with _html is used it will be marked as HTML safe in the same way as in the views. Add support for FILTER clause to Arel Can be used with PostgreSQL and SQlite databases to use FILTER clause. Better Action Text plain text output for nested lists F ..read more