7.2.0.beta2

Active Support

• Define Digest::UUID.nil_uuid, which returns the so-called nil UUID.

  Xavier Noria

Active Model

• No changes.

Active Record

• The payload of sql.active_record Active Support notifications now has the current transaction in the :transaction key.

  Xavier Noria

• The payload of transaction.active_record Active Support notifications now has the transaction the event is related to in the :transaction key.

  Xavier Noria

• Define ActiveRecord::Transaction#uuid, which returns a UUID for the database transaction. This may be helpful when tracing database activity. These UUIDs are generated only on demand.

  Xavier Noria

Action View

• No changes.

Action Pack

• Include the HTTP Permissions-Policy on non-HTML Content-Types
  [CVE-2024-28103]

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• Bring ActionCable::Connection::TestCookieJar in alignment with ActionDispatch::Cookies::CookieJar in regards to setting the cookie value.

  Before:

  cookies[:foo] = { value: "bar" }
  puts cookies[:foo] # => { value: "bar" }

  After:

  cookies[:foo] = { value: "bar" }
  puts cookies[:foo] # => "bar"

  Justin Ko

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• Sanitize ActionText HTML ContentAttachment in Trix edit view
  [CVE-2024-32464]

Railties

• No changes.

7.1.3.4

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Include the HTTP Permissions-Policy on non-HTML Content-Types
  [CVE-2024-28103]

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• Sanitize ActionText HTML ContentAttachment in Trix edit view
  [CVE-2024-32464]

Railties

• No changes.

7.0.8.4

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Include the HTTP Permissions-Policy on non-HTML Content-Types
  [CVE-2024-28103]

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• No changes.

6.1.7.8

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Include the HTTP Permissions-Policy on non-HTML Content-Types
  [CVE-2024-28103]

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• No changes.

7.2.0.beta1

Active Support

• Support duration type in ActiveSupport::XmlMini.

  heka1024

• Remove deprecated ActiveSupport::Notifications::Event#children and ActiveSupport::Notifications::Event#parent_of?.

  Rafael Mendonça França

• Remove deprecated support to call the following methods without passing a deprecator:

  • deprecate
  • deprecate_constant
  • ActiveSupport::Deprecation::DeprecatedObjectProxy.new
  • ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy.new
  • ActiveSupport::Deprecation::DeprecatedConstantProxy.new
  • assert_deprecated
  • assert_not_deprecated
  • collect_deprecations

  Rafael Mendonça França

• Remove deprecated ActiveSupport::Deprecation delegation to instance.

  Rafael Mendonça França

• Remove deprecated SafeBuffer#clone_empty.

  Rafael Mendonça França

• Remove deprecated #to_default_s from Array, Date, DateTime and Time.

  Rafael Mendonça França

• Remove deprecated support to passing Dalli::Client instances to MemCacheStore.

  Rafael Mendonça França

• Remove deprecated config.active_support.use_rfc4122_namespaced_uuids.

  Rafael Mendonça França

• Remove deprecated config.active_support.remove_deprecated_time_with_zone_name.

  Rafael Mendonça França

• Remove deprecated config.active_support.disable_to_s_conversion.

  Rafael Mendonça França

• Remove deprecated support to bolding log text with positional boolean in ActiveSupport::LogSubscriber#color.

  Rafael Mendonça França

• Remove deprecated constants ActiveSupport::LogSubscriber::CLEAR and ActiveSupport::LogSubscriber::BOLD.

  Rafael Mendonça França

• Remove deprecated support for config.active_support.cache_format_version = 6.1.

  Rafael Mendonça França

• Remove deprecated :pool_size and :pool_timeout options for the cache storage.

  Rafael Mendonça França

• Warn on tests without assertions.

  ActiveSupport::TestCase now warns when tests do not run any assertions.
  This is helpful in detecting broken tests that do not perform intended assertions.

  fatkodima

• Support hexBinary type in ActiveSupport::XmlMini.

  heka1024

• Deprecate ActiveSupport::ProxyObject in favor of Ruby's built-in BasicObject.

  Earlopain

• stub_const now accepts a exists: false parameter to allow stubbing missing constants.

  Jean Boussier

• Make ActiveSupport::BacktraceCleaner copy filters and silencers on dup and clone.

  Previously the copy would still share the internal silencers and filters array,
  causing state to leak.

  Jean Boussier

• Updating Astana with Western Kazakhstan TZInfo identifier.

  Damian Nelson

• Add filename support for ActiveSupport::Logger.logger_outputs_to?.

  logger = Logger.new('/var/log/rails.log')
  ActiveSupport::Logger.logger_outputs_to?(logger, '/var/log/rails.log')

  Christian Schmidt

• Include IPAddr#prefix when serializing an IPAddr using the
  ActiveSupport::MessagePack serializer.

  This change is backward and forward compatible — old payloads can
  still be read, and new payloads will be readable by older versions of Rails.

  Taiki Komaba

• Add default: support for ActiveSupport::CurrentAttributes.attribute.

  class Current < ActiveSupport::CurrentAttributes
    attribute :counter, default: 0
  end

  Sean Doyle

• Remove deprecated support for the pre-Ruby 2.4 behavior of to_time returning a Time object with local timezone.

  Rafael Mendonça França

• Deprecate config.active_support.to_time_preserves_timezone.

  Rafael Mendonça França

• Deprecate DateAndTime::Compatibility.preserve_timezone.

  Rafael Mendonça França

• Yield instance to Object#with block.

  client.with(timeout: 5_000) do |c|
    c.get("/commits")
  end

  Sean Doyle

• Use logical core count instead of physical core count to determine the
  default number of workers when parallelizing tests.

  Jonathan Hefner

• Fix Time.now/DateTime.now/Date.today to return results in a system timezone after #travel_to.

  There is a bug in the current implementation of #travel_to:
  it remembers a timezone of its argument, and all stubbed methods start
  returning results in that remembered timezone. However, the expected
  behavior is to return results in a system timezone.

  Aleksei Chernenkov

• Add ErrorReported#unexpected to report precondition violations.

  For example:

  def edit
    if published?
      Rails.error.unexpected("[BUG] Attempting to edit a published article, that shouldn't be possible")
      return false
    end
    # ...
  end

  The above will raise an error in development and test, but only report the error in production.

  Jean Boussier

• Make the order of read_multi and write_multi notifications for Cache::Store#fetch_multi operations match the order they are executed in.

  Adam Renberg Tamm

• Make return values of Cache::Store#write consistent.

  The return value was not specified before. Now it returns true on a successful write,
  nil if there was an error talking to the cache backend, and false if the write failed
  for another reason (e.g. the key already exists and unless_exist: true was passed).

  Sander Verdonschot

• Fix logged cache keys not always matching actual key used by cache action.

  Hartley McGuire

• Improve error messages of assert_changes and assert_no_changes.

  assert_changes error messages now display objects with .inspect to make it easier
  to differentiate nil from empty strings, strings from symbols, etc.
  assert_no_changes error messages now surface the actual value.

  pcreux

• Fix #to_fs(:human_size) to correctly work with negative numbers.

  Earlopain

• Fix BroadcastLogger#dup so that it duplicates the logger's broadcasts.

  Andrew Novoselac

• Fix issue where bootstrap.rb overwrites the level of a BroadcastLogger's broadcasts.

  Andrew Novoselac

• Fix compatibility with the semantic_logger gem.

  The semantic_logger gem doesn't behave exactly like stdlib logger in that
  SemanticLogger#level returns a Symbol while stdlib Logger#level returns an Integer.

  This caused the various LogSubscriber classes in Rails to break when assigned a
  SemanticLogger instance.

  Jean Boussier, ojab

• Fix MemoryStore to prevent race conditions when incrementing or decrementing.

  Pierre Jambet

• Implement HashWithIndifferentAccess#to_proc.

  Previously, calling #to_proc on HashWithIndifferentAccess object used inherited #to_proc
  method from the Hash class, which was not able to access values using indifferent keys.

  fatkodima

Active Model

• Fix a bug where type casting of string to Time and DateTime doesn't
  calculate minus minute value in TZ offset correctly.

  Akira Matsuda

• Port the type_for_attribute method to Active Model. Classes that include
  ActiveModel::Attributes will now provide this method. This method behaves
  the same for Active Model as it does for Active Record.

  class MyModel
    include ActiveModel::Attributes
  
    attribute :my_attribute, :integer
  end
  
  MyModel.type_for_attribute(:my_attribute) # => #<ActiveModel::Type::Integer ...>

  Jonathan Hefner

Active Record

• Fix inference of association model on nested models with the same demodularized name.

  E.g. with the following setup:

  class Nested::Post < ApplicationRecord
    has_one :post, through: :other
  end

  Before, #post would infer the model as Nested::Post, but now it correctly infers Post.

  Joshua Young

• PostgreSQL Cidr#change? detects the address prefix change.

  Taketo Takashima

• Change BatchEnumerator#destroy_all to return the total number of affected rows.

  Previously, it always returned nil.

  fatkodima

• Support touch_all in batches.

  Post.in_batches.touch_all

  fatkodima

• Add support for :if_not_exists and :force options to create_schema.

  fatkodima

• Fix index_errors having incorrect index in association validation errors.

  lulalala

• Add index_errors: :nested_attributes_order mode.

  This indexes the association validation errors based on the order received by nested attributes setter, and respects the reject_if configuration. This enables API to provide enough information to the frontend to map the validation errors back to their respective form fields.

  lulalala

• Add Rails.application.config.active_record.postgresql_adapter_decode_dates to opt out of decoding dates automatically with the postgresql adapter. Defaults to true.

  Joé Dupuis

• Association option query_constraints is deprecated in favor of foreign_key.

  Nikita Vasilevsky

• Add ENV["SKIP_TEST_DATABASE_TRUNCATE"] flag to speed up multi-process test runs on large DBs when all tests run within default transaction.

  This cuts ~10s from the test run of HEY when run by 24 processes against the 178 tables, since ~4,000 table truncates can then be skipped.

  DHH

• Added support for recursive common table expressions.

  Post.with_recursive(
    post_and_replies: [
      Post.where(id: 42),

...

7.1.3.3

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• Upgrade Trix to 2.1.1 to fix CVE-2024-34341.

  Rafael Mendonça França

Railties

• No changes.

7.0.8.2

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• Upgrade Trix to 1.3.2 to fix CVE-2024-34341.

  Rafael Mendonça França

Railties

• No changes.

v7.1.3.2

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Fix raise_on_missing_translations not working correctly with the
  translate method in controllers after the patch for CVE-2024-26143.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• No changes.

7.1.3.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Fix possible XSS vulnerability with the translate method in controllers

  CVE-2024-26143

• Fix ReDoS in Accept header parsing

  CVE-2024-26142

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• No changes.

7.0.8.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Fix possible XSS vulnerability with the translate method in controllers

  CVE-2024-26143

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• Disables the session in ActiveStorage::Blobs::ProxyController
  and ActiveStorage::Representations::ProxyController
  in order to allow caching by default in some CDNs as CloudFlare

  Fixes #44136

  Bruno Prieto

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• No changes.