Rails 7.0.4.3 (March 13, 2023)

  • Implement SafeBuffer#bytesplice

    [CVE-2023-28120]

Rails 7.0.4.2 (January 24, 2023)

  • No changes.

Rails 7.0.4.1 (January 17, 2023)

  • Avoid regex backtracking in Inflector.underscore

    [CVE-2023-22796]

Rails 7.0.4 (September 09, 2022)

  • Redis cache store is now compatible with redis-rb 5.0.

    Jean Boussier

  • Fix NoMethodError on custom ActiveSupport::Deprecation behavior.

    ActiveSupport::Deprecation.behavior= was supposed to accept any object
    that responds to call, but in fact its internal implementation assumed that
    this object could respond to arity, so it was restricted to only Proc objects.

    This change removes this arity restriction of custom behaviors.

    Ryo Nakamura

Rails 7.0.3.1 (July 12, 2022)

  • No changes.

Rails 7.0.3 (May 09, 2022)

  • No changes.

Rails 7.0.2.4 (April 26, 2022)

  • Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

    Add the method ERB::Util.xml_name_escape to escape dangerous characters
    in names of tags and names of attributes, following the specification of XML.

    Álvaro Martín Fraguas

Rails 7.0.2.3 (March 08, 2022)

  • No changes.

Rails 7.0.2.2 (February 11, 2022)

  • Fix Reloader method signature to work with the new Executor signature

Rails 7.0.2.1 (February 11, 2022)

  • No changes.

Rails 7.0.2 (February 08, 2022)

  • Fix ActiveSupport::EncryptedConfiguration to be compatible with Psych 4

    Stephen Sugden

  • Improve File.atomic_write error handling.

    Daniel Pepper

Rails 7.0.1 (January 06, 2022)

Rails 7.0.0 (December 15, 2021)

  • Fix ActiveSupport::Duration.build to support negative values.

    The algorithm to collect the parts of the ActiveSupport::Duration
    ignored the sign of the value and accumulated incorrect part values. This
    impacted ActiveSupport::Duration#sum (which is dependent on parts) but
    not ActiveSupport::Duration#eql? (which is dependent on value).

    Caleb Buxton, Braden Staudacher

Rails 7.0.0.rc3 (December 14, 2021)

  • No changes.

Rails 7.0.0.rc2 (December 14, 2021)

  • No changes.

Rails 7.0.0.rc1 (December 06, 2021)

  • Deprecate passing a format to #to_s in favor of #to_formatted_s in Array, Range, Date, DateTime, Time,
    BigDecimal, Float and, Integer.

    Rafael Mendonça França

  • Document ActiveSupport::Testing::Deprecation.

    Sam Bostock & Sam Jordan

  • Add Pathname#existence.

    Pathname.new("file").existence&.read
    

    Timo Schilling

  • Remove deprecate ActiveSupport::Multibyte::Unicode.default_normalization_form.

    Rafael Mendonça França

  • Remove deprecated support to use Range#include? to check the inclusion of a value in
    a date time range is deprecated.

    Rafael Mendonça França

  • Remove deprecated URI.parser.

    Rafael Mendonça França

  • Remove deprecated config.active_support.use_sha1_digests.

    Rafael Mendonça França

  • Invoking Object#with_options without a &block argument returns the
    ActiveSupport::OptionMerger instance.

    Sean Doyle

  • Rails.application.executor hooks can now be called around every test

    This helps to better simulate request or job local state being reset around tests and prevents state
    leaking from one test to another.

    However it requires the executor hooks executed in the test environment to be re-entrant.

    To enable this, set config.active_support.executor_around_test_case = true (this is the default in Rails 7).

    Jean Boussier

  • ActiveSupport::DescendantsTracker now mostly delegate to Class#descendants on Ruby 3.1

    Ruby now provides a fast Class#descendants making ActiveSupport::DescendantsTracker mostly useless.

    As a result the following methods are deprecated:

    • ActiveSupport::DescendantsTracker.direct_descendants
    • ActiveSupport::DescendantsTracker#direct_descendants

    Jean Boussier

  • Fix the Digest::UUID.uuid_from_hash behavior for namespace IDs that are different from the ones defined on Digest::UUID.

    The new behavior will be enabled by setting the
    config.active_support.use_rfc4122_namespaced_uuids option to true
    and is the default for new apps.

    The old behavior is the default for upgraded apps and will output a
    deprecation warning every time a value that is different than one of
    the constants defined on the Digest::UUID extension is used as the
    namespace ID.

    Alex Robbin, Erich Soares Machado, Eugene Kenny

  • ActiveSupport::Inflector::Inflections#clear(:acronyms) is now supported,
    and inflector.clear / inflector.clear(:all) also clears acronyms.

    Alex Ghiculescu, Oliver Peate

Rails 7.0.0.alpha2 (September 15, 2021)

  • No changes.

Rails 7.0.0.alpha1 (September 15, 2021)

  • ActiveSupport::Dependencies no longer installs a const_missing hook. Before this, you could push to the autoload paths and have constants autoloaded. This feature, known as the classic autoloader, has been removed.

    Xavier Noria

  • Private internal classes of ActiveSupport::Dependencies have been deleted, like ActiveSupport::Dependencies::Reference, ActiveSupport::Dependencies::Blamable, and others.

    Xavier Noria

  • The private API of ActiveSupport::Dependencies has been deleted. That includes methods like hook!, unhook!, depend_on, require_or_load, mechanism, and many others.

    Xavier Noria

  • Improves the performance of ActiveSupport::NumberHelper formatters by avoiding the use of exceptions as flow control.

    Mike Dalessio

  • Removed rescue block from ActiveSupport::Cache::RedisCacheStore#handle_exception

    Previously, if you provided a error_handler to redis_cache_store, any errors thrown by
    the error handler would be rescued and logged only. Removed the rescue clause from handle_exception
    to allow these to be thrown.

    Nicholas A. Stuart

  • Allow entirely opting out of deprecation warnings.

    Previously if you did app.config.active_support.deprecation = :silence, some work would
    still be done on each call to ActiveSupport::Deprecation.warn. In very hot paths, this could
    cause performance issues.

    Now, you can make ActiveSupport::Deprecation.warn a no-op:

    config.active_support.report_deprecations = false
    

    This is the default in production for new apps. It is the equivalent to:

    config.active_support.deprecation = :silence
    config.active_support.disallowed_deprecation = :silence
    

    but will take a more optimised code path.

    Alex Ghiculescu

  • Faster tests by parallelizing only when overhead is justified by the number
    of them.

    Running tests in parallel adds overhead in terms of database
    setup and fixture loading. Now, Rails will only parallelize test executions when
    there are enough tests to make it worth it.

    This threshold is 50 by default, and is configurable via config setting in
    your test.rb:

    config.active_support.test_parallelization_threshold = 100
    

    It’s also configurable at the test case level:

    class ActiveSupport::TestCase
      parallelize threshold: 100
    end
    

    Jorge Manrubia

  • OpenSSL constants are now used for Digest computations.

    Dirkjan Bussink

  • TimeZone.iso8601 now accepts valid ordinal values similar to Ruby’s Date._iso8601 method.
    A valid ordinal value will be converted to an instance of TimeWithZone using the :year
    and :yday fragments returned from Date._iso8601.

    twz = ActiveSupport::TimeZone["Eastern Time (US & Canada)"].iso8601("21087")
    twz.to_a[0, 6] == [0, 0, 0, 28, 03, 2021]
    

    Steve Laing

  • Time#change and methods that call it (e.g. Time#advance) will now
    return a Time with the timezone argument provided, if the caller was
    initialized with a timezone argument.

    Fixes #42467.

    Alex Ghiculescu

  • Allow serializing any module or class to JSON by name.

    Tyler Rick, Zachary Scott

  • Raise ActiveSupport::EncryptedFile::MissingKeyError when the
    RAILS_MASTER_KEY environment variable is blank (e.g. "").

    Sunny Ripert

  • The from: option is added to ActiveSupport::TestCase#assert_no_changes.

    It permits asserting on the initial value that is expected not to change.

    assert_no_changes -> { Status.all_good? }, from: true do
      post :create, params: { status: { ok: true } }
    end
    

    George Claghorn

  • Deprecate ActiveSupport::SafeBuffer‘s incorrect implicit conversion of objects into string.

    Except for a few methods like String#%, objects must implement #to_str
    to be implicitly converted to a String in string operations. In some
    circumstances ActiveSupport::SafeBuffer was incorrectly calling the
    explicit conversion method (#to_s) on them. This behavior is now
    deprecated.

    Jean Boussier

  • Allow nested access to keys on Rails.application.credentials.

    Previously only top level keys in credentials.yml.enc could be accessed with method calls. Now any key can.

    For example, given these secrets:

    aws:
      access_key_id: 123
      secret_access_key: 345
    

    Rails.application.credentials.aws.access_key_id will now return the same thing as
    Rails.application.credentials.aws[:access_key_id].

    Alex Ghiculescu

  • Added a faster and more compact ActiveSupport::Cache serialization format.

    It can be enabled with config.active_support.cache_format_version = 7.0 or
    config.load_defaults 7.0. Regardless of the configuration Active Support
    7.0 can read cache entries serialized by Active Support 6.1 which allows to
    upgrade without invalidating the cache. However Rails 6.1 can’t read the
    new format, so all readers must be upgraded before the new format is enabled.

    Jean Boussier

  • Add Enumerable#sole, per ActiveRecord::FinderMethods#sole. Returns the
    sole item of the enumerable, raising if no items are found, or if more than
    one is.

    Asherah Connor

  • Freeze ActiveSupport::Duration#parts and remove writer methods.

    Durations are meant to be value objects and should not be mutated.

    Andrew White

  • Fix ActiveSupport::TimeZone#utc_to_local with fractional seconds.

    When utc_to_local_returns_utc_offset_times is false and the time
    instance had fractional seconds the new UTC time instance was out by
    a factor of 1,000,000 as the Time.utc constructor takes a usec
    value and not a fractional second value.

    Andrew White

  • Add expires_at argument to ActiveSupport::Cache write and fetch to set a cache entry TTL as an absolute time.

    Rails.cache.write(key, value, expires_at: Time.now.at_end_of_hour)
    

    Jean Boussier

  • Deprecate ActiveSupport::TimeWithZone.name so that from Rails 7.1 it will use the default implementation.

    Andrew White

  • Deprecates Rails custom Enumerable#sum and Array#sum in favor of Ruby’s native implementation which
    is considerably faster.

    Ruby requires an initializer for non-numeric type as per examples below:

    %w[foo bar].sum('')
    # instead of %w[foo bar].sum
    
    [[1, 2], [3, 4, 5]].sum([])
    # instead of [[1, 2], [3, 4, 5]].sum
    

    Alberto Mota

  • Tests parallelization is now disabled when running individual files to prevent the setup overhead.

    It can still be enforced if the environment variable PARALLEL_WORKERS is present and set to a value greater than 1.

    Ricardo Díaz

  • Fix proxying keyword arguments in ActiveSupport::CurrentAttributes.

    Marcin Kołodziej

  • Add Enumerable#maximum and Enumerable#minimum to easily calculate the maximum or minimum from extracted
    elements of an enumerable.

    payments = [Payment.new(5), Payment.new(15), Payment.new(10)]
    
    payments.minimum(:price) # => 5
    payments.maximum(:price) # => 15
    

    This also allows passing enumerables to fresh_when and stale? in Action Controller.
    See PR #41404 for an example.

    Ayrton De Craene

  • ActiveSupport::Cache::MemCacheStore now accepts an explicit nil for its addresses argument.

    config.cache_store = :mem_cache_store, nil
    
    # is now equivalent to
    
    config.cache_store = :mem_cache_store
    
    # and is also equivalent to
    
    config.cache_store = :mem_cache_store, ENV["MEMCACHE_SERVERS"] || "localhost:11211"
    
    # which is the fallback behavior of Dalli
    

    This helps those migrating from :dalli_store, where an explicit nil was permitted.

    Michael Overmeyer

  • Add Enumerable#in_order_of to put an Enumerable in a certain order by a key.

    DHH

  • ActiveSupport::Inflector.camelize behaves expected when provided a symbol :upper or :lower argument. Matches
    String#camelize behavior.

    Alex Ghiculescu

  • Raises an ArgumentError when the first argument of ActiveSupport::Notification.subscribe is
    invalid.

    Vipul A M

  • HashWithIndifferentAccess#deep_transform_keys now returns a HashWithIndifferentAccess instead of a Hash.

    Nathaniel Woodthorpe

  • Consume dalli’s cache_nils configuration as ActiveSupport::Cache’s skip_nil when using MemCacheStore.

    Ritikesh G

  • Add RedisCacheStore#stats method similar to MemCacheStore#stats. Calls redis#info internally.

    Ritikesh G

Please check 6-1-stable for previous changes.