Ruby on Rails

Syndicate content
Updated: 35 min 20 sec ago

Rails 4.0.11.1 and 4.1.7.1 have been released

Wed, 11/19/2014 - 19:16

Hi everyone!

Rails 4.0.11.1 and 4.1.7.1 have been released!

These two releases contain only security fix that was already released as 4.0.12 and 4.1.8. You can read more about the issue here (CVE-2014-7829).

4.0.12 and 4.1.8 were inadvertently based on their respective stable branches, and so incorporated additional changes beyond those necessary to resolve the security issue. In keeping with our security policy, it is our intention to include only the minimum necessary changes in security releases, to ensure everyone can upgrade without fear of regressions. As those releases included unrelated changes, we are providing new releases, based on the previous release, which contain only the security fix itself.

If you have already successfully upgraded to 4.0.12 or 4.1.8, no further action is required. Otherwise, if you are still on 4.0.11 or 4.1.7, please do upgrade to 4.0.11.1 or 4.1.7.1 at your earliest convenience.

The 3.2.21 release did incorporate a second change, but that change was intended: by policy, minor security-relevant bugs (which do not independently warrant a security release) are occasionally backported to 3-2-stable, and rolled into a subsequent security release.

The commits for 4.0.11.1 can be found here, and the commits for 4.1.7.1 can be found here.

Here are the checksums for 4.0.11.1:

$ shasum *4.0.11.1* f35d8d54b15b83b25aa6a46aa57b58cd9888b5cc actionmailer-4.0.11.1.gem 9d656c7959dc913fc208fa7ffdab265b73abb8f1 actionpack-4.0.11.1.gem bde6aa4985bff22ca7046f5ad855ccacee3e345e activemodel-4.0.11.1.gem 26d91f7d7f5cf828d25503326f6fe598f275cca3 activerecord-4.0.11.1.gem 2040d73aeb8ec84945e5ac5a1e060a703770f0a4 activesupport-4.0.11.1.gem 1dde2b45a0039ccef166030bdbc1948fa899a5e5 rails-4.0.11.1.gem 86cc0c06139bc085e830fbd0994a0bf7480e68dc railties-4.0.11.1.gem

Here are the checksums for 4.1.7.1:

$ shasum *4.1.7.1* 3e0c627e2f35293c7f963586ddedad84fe140c3b actionmailer-4.1.7.1.gem 038d1dd8eab2471f44cf456cbb8f94f4e413e069 actionpack-4.1.7.1.gem 6a6e2a188b58855748e0f400d6c562a779e76130 actionview-4.1.7.1.gem 6dcfeca9cb28490a4d3fde1cfbb9d14850130167 activemodel-4.1.7.1.gem b1d5b4bab0873e712f270fdb7ad8acb81d487a73 activerecord-4.1.7.1.gem 0af0c9e374f1a83f06db82457c219b29556233ca activesupport-4.1.7.1.gem 1fbef83600552fc18d83e61c39da752c7d6ba07c rails-4.1.7.1.gem f50d5902047d96b8836c3f6376ed9c212506268b railties-4.1.7.1.gem

<3<3<3<3

Rails 3.2.21, 4.0.12, and 4.1.8 have been released

Mon, 11/17/2014 - 15:44

Hello everyone!!! It's that time again.

I would like to announce that Rails 3.2.21, 4.0.12, and 4.1.8 have been released. These releases contain a security fix where the existence of arbitrary files on the file system can be leaked, but the contents of the file will not be leaked. The issue generally only impacts people who are using Rails to serve static assets, and will generally not impact people who use a proxy to serve static assets. This issue is similar to CVE-2014-7818, but is slightly different. You can read more about the issue here (CVE-2014-7829).

For ease of upgrading, the only changes in these releases are the security fixes.

Here are the checksums for the gems:

[aaron@TC release]$ shasum *3.2.21* 5f59bb7e463fa3a443593bdd650a258b34ae8db6 actionmailer-3.2.21.gem 1f7ffef317f7808aa3f6b3f63f292c136a827b7c actionpack-3.2.21.gem aaf186bc935b66e52e43a5e5c8b0af37b0444ccc activemodel-3.2.21.gem 9e5645ea4536238a3fec7f04e6f74a22db9057ec activerecord-3.2.21.gem fe64a4b4d5a0680ce2b05e4fb75d325454671c5f activeresource-3.2.21.gem 0a503dfc64a73980b18d799f9b80f02b3b1645b7 activesupport-3.2.21.gem b757a3161412742fd9f0323ff7ab6b31212e115c rails-3.2.21.gem 9cb5de52049319e1c837be75deaab0eba3695e42 railties-3.2.21.gem [aaron@TC release]$ shasum *4.0.12* c62e361241fd26a7e31ed3a9c87489bc5a86b12f actionmailer-4.0.12.gem f63c9d0e7a637c114b96cd864c12641e09eed373 actionpack-4.0.12.gem 2e9a64d08b9bcef0953132f1b9d4f295dfa167a4 activemodel-4.0.12.gem d3e59b3c9a0c5fc9045783905f53e49d4d6bc1ba activerecord-4.0.12.gem 6bf2468d9466b019d2ffaf21e44cb7a4d4ed8dde activesupport-4.0.12.gem d759db3bb1420c02c97852358e425b4a168198ff rails-4.0.12.gem 729345b543653507dfea3d2e158a870d49260548 railties-4.0.12.gem [aaron@TC release]$ shasum *4.1.8* db4fc0a8ac77332b96947480db7ff529c18ead44 actionmailer-4.1.8.gem 24cd5ff7bcc78a2d4997ebe6bc962f09e394f59e actionpack-4.1.8.gem 0c22174fbe03bf461aad27bf8ddebf7ae93988fa actionview-4.1.8.gem 2b2b98b8dfd96012b443a2ddf3cbf4267c378c4d activemodel-4.1.8.gem f263ff5ee5a4436184390aaf825d5072c71afc4e activerecord-4.1.8.gem c25e858743372f197ecfdbbbc5b1dbd71934947a activesupport-4.1.8.gem 4b96a78c669b7122f9ad905ee8f36772ac1bd8d9 rails-4.1.8.gem cbae764aa4a635f37c7bb52c84028dc032e1afea railties-4.1.8.gem [aaron@TC release]$

Happy RubyConf and have a great day!!! <3

[ANN] Rails 4.2.0.beta4 has been released!

Thu, 10/30/2014 - 22:00

The Rails team has just released Rails 4.2.0.beta4.

In addition to the security fixes in 4.2.0.beta3, this new release includes a number of bug fixes for issues reported since the 4.2.0.beta2 release.

If all goes according to plan, this should be the last beta release for 4.2.0 before we move into the Release Candidates phase. We would like to thank all of the early adopters who participated in the beta testing and reported issues, as well as the 64 contributors who submitted patches to help our team address these bugs.

Happy upgrading!

Rails 3.2.20, 4.0.11, 4.1.7, and 4.2.0.beta3 have been released

Thu, 10/30/2014 - 18:16

Hello everyone!!! It's that time again.

I would like to announce that Rails 3.2.20, 4.0.11, 4.1.7, and 4.2.0.beta3 have been released. These releases contain a security fix where the existence of arbitrary files on the file system can be leaked, but the contents of the file will not be leaked. The issue generally only impacts people who are using Rails to serve static assets, and will generally not impact people who use a proxy to serve static assets. You can read more about the issue here (CVE-2014-7818). A release of sprockets has also been made to help with this issue. You can read about it here (CVE-2014-7819).

For ease of upgrading, the only changes in these releases are the security fixes.

Here are the checksums for the gems:

[aaron@TC release]$ shasum *3.2.20* b14ca1ad923e035ab2a7785e657c5653447c3149 actionmailer-3.2.20.gem d6fea767996a954e4bc95fd0ca101ec912fcb093 actionpack-3.2.20.gem 97f5bb424aee73fbbd319baab3fd35c3f5eeb5f4 activemodel-3.2.20.gem 32d76836675a4c88685c3904271b16d9d2338ce9 activerecord-3.2.20.gem 640d83a96accc24e6afcae3cc5b253e5d355983f activeresource-3.2.20.gem d1d0a19a589c62278e7d9ac4275d5f8d75df20b3 activesupport-3.2.20.gem f8b4d3c56d89760c02b37d4c67efd31dedd4df80 rails-3.2.20.gem 41c272d53dd748407210a2270ad17bc7c9f30594 railties-3.2.20.gem [aaron@TC release]$ shasum *4.0.11* 9718b62f4428a7e4bbf66df4ac57dd82d197905a actionmailer-4.0.11.gem f1aec3d29e781e3beb685852db00ecf495150077 actionpack-4.0.11.gem 2ba4ceeff0a76df850d6294e2e1da703f3f6e7cb activemodel-4.0.11.gem 714dca99a452adfec76b507241896ffd7978a254 activerecord-4.0.11.gem 2791791c5c1eeefb3eee76712656bf674a20867d activesupport-4.0.11.gem 56bb306d4f0309dcf3a804a97104a3ee26b64b94 rails-4.0.11.gem 243e265c879db8876cce8688374cb7f9bb752d7d railties-4.0.11.gem [aaron@TC release]$ shasum *4.1.7* 4e4ce2530ff8773af784340e17e925b3b2c8cb20 actionmailer-4.1.7.gem 81628e433ca4335409677a33cfe9b56627f6ae1a actionpack-4.1.7.gem 7dc2626f5bc85379c55e49a712f5c0e060340ca8 actionview-4.1.7.gem 83c8be73d22973c843d43a988b27a449d2ca8a9d activemodel-4.1.7.gem 001156373c248a20c69bcf1451d6f7166dac3ddb activerecord-4.1.7.gem 217f25a911f8e89cd2834849232555cbc47ca850 activesupport-4.1.7.gem a1d9bb181d718e7f6cf380136425444e627c2345 rails-4.1.7.gem 1b9c8d08afc8fa77786fef13c54d4e6985cdc6d6 railties-4.1.7.gem [aaron@TC release]$ shasum *4.2.0* e5d608e8ce32abdd73c73c91fd34cb8f7075a251 actionmailer-4.2.0.beta3.gem 2e2034c285943777ad325c35292e202a46b937c2 actionpack-4.2.0.beta3.gem a008833cd1045c926fb6f36ee03e3d34499a0aa9 actionview-4.2.0.beta3.gem 02f4438363419c59b33d85b2dda4d4cf741a6098 activejob-4.2.0.beta3.gem c8a7dc2134c885ad3b23d4c36be95abc1ec1b769 activemodel-4.2.0.beta3.gem 192e33ab3b9d54954ff834ce6ee7f67a9197cb36 activerecord-4.2.0.beta3.gem 00437ab52df0ed0dd9afe571d083c92c3cdbe361 activesupport-4.2.0.beta3.gem ca81d6ac9fdd658775d32a6dbfe248ee13f5c87b rails-4.2.0.beta3.gem cc302e363248e4bc2d245201f922c576f9fe6f15 railties-4.2.0.beta3.gem

Have a great day!!! <3

[ANN] Rails 4.2.0.beta2 has been released!

Mon, 09/29/2014 - 19:00

Happy Monday everyone!

Today the Rails team is happy to announce that we have released Rails 4.2.0.beta2.

Thanks to all the early adopters who have participated in the first round of beta testing, we have identified a number of bugs, regressions and other imperfections in the codebase. These problems have since been fixed and included in this release.

Security Issues

This release also includes two security patches.

Web Console 2.0.0.beta4

Along with the Rails 4.2.0.beta2 release we also released Web Console 2.0.0.beta4 which includes a security fix.

If you are already using Web Console in development we recommend you to upgrade to this new version of the gem.

Active Job vulnerability

We also fixed an Active Job bug that allowed String arguments to be deserialized as if they were Global IDs, an object injection security vulnerability.

Breaking Changes

In addition to the security and bug fixes, some of the new APIs have also been refined after further testing in real-world applications. This resulted in the following list of breaking changes that are not backwards-compatible with 4.2.0.beta1:

Active Job

The Active Job API has been overhauled:

# The enqueueing method has changed from +enqueue+ to +perform_later+. # # In 4.2.0.beta1: MyJob.enqueue(*args) # # In 4.2.0.beta2: MyJob.perform_later(*args) # The ways jobs are scheduled has changed. # # In 4.2.0.beta1: MyJob.enqueue_at(Date.tomorrow.noon, record) MyJob.enqueue_in(1.week, record) # # In 4.2.0.beta2: MyJob.set(wait_until: Date.tomorrow.noon).perform_later(record) MyJob.set(wait: 1.week).perform_later(record) # # You can also specify a queue to enqueue the job onto with this new API: MyJob.set(queue: :low_priority).perform_later(record) Action Mailer

The Action Mailer API has also undergone some changes:

# Two new methods +#deliver_now+ and +#deliver_now!+ were introduced for # clarity. +#deliver+ and +#deliver!+ have been deprecated and applications are # encouraged to use the +#deliver_*+ instead. # # In 4.2.0.beta1: Notifier.welcome(User.first).deliver! # # In 4.2.0.beta2: Notifier.welcome(User.first).deliver_now! # The options for +#deliver_later+ and +#deliver_later!+ has changed to match # those on Active Job. # # In 4.2.0.beta1: Notifier.welcome(User.first).deliver_later!(in: 1.hour) Notifier.welcome(User.first).deliver_later!(at: 10.hours.from_now) # # In 4.2.0.beta2: Notifier.welcome(User.first).deliver_later!(wait: 1.hour) Notifier.welcome(User.first).deliver_later!(wait_until: 10.hours.from_now) Action Controller render behavior change

Historically, calling render "foo/bar" in a controller action is equivalent to calling render file: "foo/bar". Since beta 2, this has been changed to mean render template: "foo/bar" instead. This is due to a number of potential security issues with the old default behavior. If you need to render a file, please change your code to use the explicit form (render file: "foo/bar") instead.

Full list of changes

As always, you can browse the Rails source code repository on GitHub to view the full list of changes that were included in this release.

Acknowledgement

The Rails team would like to thank the 66 people who contributed patches to make this release possible!

[ANN] Rails 4.1.6 and 4.0.10 have been released!

Fri, 09/12/2014 - 18:40

Hi everyone,

I am happy to announce that Rails 4.1.6 and 4.0.10 have been released.

We are planning to produce one more bug fix release in the 4.0 series, targeted for early December. In keeping with our maintenance policy, after the upcoming release of 4.2.0, the 4.0 series will be retired. It will not receive further updates for either bug fixes or security issues. All users are urged to migrate to 4.1 as soon as possible.

CHANGES since 4.0.9

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.1.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.0.10:

$ shasum *4.0.10* 4bd4b8a2be1a2a649f46e37b6dff3a2d8f86fd7d actionmailer-4.0.10.gem 45d76f39092149e46c31f9226dae71b3faa52012 actionpack-4.0.10.gem 08150685a471db48b240618b378ff22e3a9b7811 activemodel-4.0.10.gem ed3f6b184b4b62b501e0d7876d8e2f946fe0ed31 activerecord-4.0.10.gem 7c886c946e835cbbfb09dc4b4daf7f1bf05db952 activesupport-4.0.10.gem a2b8e24d83d5395f9532fcdbfa5c441d3f86e060 rails-4.0.10.gem 533c0589dadb4fc3bd5723bb9944464b545a88f3 railties-4.0.10.gem

Here are the checksums for 4.1.6:

$ shasum *4.1.6* d6ab3d0aecb1cf97bd5a1050356b3151e4e8ef42 actionmailer-4.1.6.gem ba7233c749a2229e11ef02acea2d114719ceac71 actionpack-4.1.6.gem ed67c703dfb7d95e391da21f4f2aab52ae7bbfe4 actionview-4.1.6.gem 1a9ca827740d5e3e254b26886b19ea9094b407c5 activemodel-4.1.6.gem 69d77feb4ce141551875e2a4167d0f5529bd0526 activerecord-4.1.6.gem dc838a42455b674b95c15bf7433552ffdf777a4f activesupport-4.1.6.gem 8f2ebf38a0a8d70d8f19916e0b51ece8a954ff8d rails-4.1.6.gem c9b10576113567011d37fa28aa4e5ca99b2e4fd9 railties-4.1.6.gem

I'd like to thank you all, every contributor who helped with this release.

[ANN] Rails 4.1.6.rc2 and 4.0.10.rc2 have been released!

Mon, 09/08/2014 - 18:35

Hi everyone,

I am happy to announce that Rails 4.1.6.rc2 and 4.0.10.rc2 have been released.

If no regressions are found expect the final release this Thursday, on September 11, 2014. If you find one, please open an issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 4.0.9

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.1.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.0.10.rc2:

$ shasum *4.0.10.rc2* 16be6057a1af45d0eaf9e5bb95f0980f0498ed38 actionmailer-4.0.10.rc2.gem b736f6ec57f14a08611bf94e9170a102bbcd235e actionpack-4.0.10.rc2.gem 7508c684dcfa38fca79640f7196fd437c6945be7 activemodel-4.0.10.rc2.gem aef89eeadb957dac5ec21cce6e640f13fad301f0 activerecord-4.0.10.rc2.gem 1b6d2dfd4d69605d58de34eaa68bf9c98fedb581 activesupport-4.0.10.rc2.gem 7e3de742b723def7e0026b89e8c744822f66fe23 rails-4.0.10.rc2.gem bb4f5083436987907c38dc019261b3477386b4b9 railties-4.0.10.rc2.gem

Here are the checksums for 4.1.6.rc2:

$ shasum *4.1.6.rc2* 8fbbefa7a1f87569b54b6b0444ccb42b112b8b4e actionmailer-4.1.6.rc2.gem 81c84fed39c32a013da3da7181eb81b41084c62f actionpack-4.1.6.rc2.gem e750e2a53c16b3312a049c044c9f7d5e7ed1f228 actionview-4.1.6.rc2.gem 8f034fa15a6c364d818e28a0bdd5bc4bcc691025 activemodel-4.1.6.rc2.gem 8259ec18fbaaec162c4eaf344f2a4507322e049b activerecord-4.1.6.rc2.gem c220cbad51271b9a2c4e2ef390a0060e66127323 activesupport-4.1.6.rc2.gem 1578350d0c58c5c5ce3e771541336c76728b9c34 rails-4.1.6.rc2.gem d70a87ccb0d002b4c44cade8ce30a8ae6394313e railties-4.1.6.rc2.gem

I'd like to thank you all, every contributor who helped with this release.

Senny and Godfrey to Rails core, Yehuda to alumni

Wed, 09/03/2014 - 18:30

The Rails core team has just accepted Yves "Senny" Senn and Godfrey Chan into its ranks.

Yves had his first patch committed to Rails back in 2011 and has since racked up 1256 commits of improvements to the framework. He's a developer with 4teamwork from Bern, Switzerland, and we couldn't be happier to recognize his great work by admission to Rails core!

Godfrey Chan has been on a tear this year to help making everything Rails better. A lot of work and commits and reviews have come from Chan to ensure Rails 4.2 is the best it can be. He had his first commit in 2012, and has since racked up another 255. Welcome as well!

Finally, Yehuda Katz is retiring from active core participation and will join the hallowed halls of the Rails alumni. We thank him dearly for all he has done to improve Rails and Ruby. It's been a pleasure to argue with him endlessly over things big and small, and doubt that's going to stop just because he's now alumni.

Thanks to Yves, Godfrey, and Yehuda, and to everyone else working on improving Rails, for their service. The community is grateful!

Rails 4.2.0 beta1: Active Job, Deliver Later, Adequate Record, Web Console

Wed, 08/20/2014 - 03:30

We're putting the final touches on the first major new release of Rails in its second decade of life. While most software would be in a retirement home after a decade of operation, Rails has never been more fit, and this release is packed with goodies that'll make your work even easier, your apps even faster, and the whole experience even better.

Active Job, ActionMailer #deliver_later

The headline feature for Rails 4.2 is the brand new Active Job framework, and its integrations. Active Job is an adapter layer on top of queuing systems like Resque, Delayed Job, Sidekiq, and more. You can write your jobs to Active Job, and they'll run on all these queues with no changes.

With an always-configured queue in place (though the default is just an inline runner), we can build on top of that where it makes sense. And the first place it makes sense is to send Action Mailer emails asynchronously. So we're introducing the #deliver_later method, which will do just that: Add your email to be sent as a job to a queue, so you don't bog down the controller or model. Voila!

The cherry on top is our new GlobalID library. It makes it easy to pass Active Record objects to jobs by serializing them in a generic form. This means you no longer have to manually pack and unpack your Active Records by passing ids. Just give the job the straight AR object, and it'll serialize it using GlobalID, and deserialize it at run time. So much easier!

Special thanks go out to Cristian Bica and Abdelkader Boudih for their outstanding work bringing this trinity of improvements to Rails!

Adequate Record

Aaron Patterson is always hunting for performance bounties in Rails, and with an improvement project called Adequate Record for Active Record, he's come up good. A lot of common queries are now no less than twice as fast in Rails 4.2! This is a great step forward for performance. While computers are constantly getting cheaper and performance is improving, nobody ever said "hey, get that free speed out of my framework". So there you go: Some free speed, buddy!

Web Console

Out of the wonderful Google Summer of Code for Rails campaign comes Web Console. It's an IRB console available in the browser. In development mode, you can go to /console and do your work right there.

Now that's neat, but what's insanely useful is that this console is automatically available on all exception pages! So when something is bust, you'll now instantly be able to inspect the state of affairs. It even allows you to jump between the different points in the backtrace, and you'll be able to inspect things right at that point.

It's a wonderful improvement to the debugging workflow. Thanks to Genadi Samokovarov and Ryan Dao for their work on this project.

Everything else

Some quick highlights from the rest of all the wonder that is Rails 4.2:

  • Template digests are now automatically included when calculating etags for caching. So caches are bust when the template changes.
  • respond_with has moved out and into its own proper home with the responders gem.
  • Support for real foreign keys! add_foreign_key/remove_foreign_key are now available in migrations.
  • A ton of bug fixes and minor improvements to Active Record.
  • Added config.x.whatever.you_want = true for custom configuration of your app in config/environments/*, config/application.rb, and initializers.
  • Added Rails::Application.config_for(:some_yaml) to load YAML configurations store in config/ easily.

We're working on a set of preliminary release notes too.

Maintenance consequences and Rails 5.0!

As per our maintenance policy, the release of Rails 4.2 will mean that bug fixes will only apply to 4-2-stable, regular security issues to 4.2.x, 4.1.x, and severe security issues to 4.2.x, 4.1.x, and 3.2.x. In addition to these already stated commitments, the honorable Rafael Fran├ža has agreed to also apply bug fixes to 4-1-stable. So everyone still on 4.1 and unable to move quickly can thank Rafael!

Rails 4.2 will also mark the last big release in the 4.x series. After release, we're going to work towards the big Rails 5.0! This means rails/master will have that target as soon as the release candidates for 4.2 start, and 4-2-stable is created.

Rails 5.0 is in most likelihood going to target Ruby 2.2. There's a bunch of optimizations coming in Ruby 2.2 that are going to be very nice, but most importantly for Rails, symbols are going to be garbage collected. This means we can shed a lot of weight related to juggling strings when we accept input from the outside world. It also means that we can convert fully to keyword arguments and all the other good stuff from the latest Ruby.

The release target for Rails 5.0 is currently spring/summer of 2015. So there's a while yet, but we're putting this out there for people to know, so gem maintainers and other Ruby implementations can know where we're going.

Please help us make Rails 4.2 solid!

We rely on the feedback from everyone in the community to flush out bugs and upgrade issues ahead of a big release like this. So please give Rails 4.2 a try on your app, and if you're starting a new app today, you should probably use the beta1 for that, if you're just the least bit savvy with Rails.

Issues can be recorded on the Github issues tracker.

Already, 476 people have contributed to this new release of Rails. Please do become one of them!

[ANN] Rails 4.1.6.rc1 and 4.0.10.rc1 have been released!

Tue, 08/19/2014 - 21:05

Hi everyone,

I am happy to announce that Rails 4.1.6.rc1 and 4.0.10.rc1 have been released.

If no regressions are found expect the final release this Friday, on August 22, 2014. If you find one, please open an issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 4.0.9

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 4.1.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you'd like to verify that your gem is the same as the one I've uploaded, please use these SHA-1 hashes.

Here are the checksums for 4.0.10.rc1:

$ shasum *4.0.10.rc1* fa4efa72a6b89c6dcf55280f6bbfab00564982e8 actionmailer-4.0.10.rc1.gem bfbb408c6c2ab89eafda1b84a33f83a9f58eda8c actionpack-4.0.10.rc1.gem f1bedb27e877ca6493541a69491910ce70a34ed0 activemodel-4.0.10.rc1.gem f211a80fc134f38f4eb2d503b3ca7e92a83eabed activerecord-4.0.10.rc1.gem e751d258407d02c3f8790775ffa99f0895c56704 activesupport-4.0.10.rc1.gem 34b8908b2738e78917a434b45ae9fe82b4908425 rails-4.0.10.rc1.gem a2d4ee8203ce07785b15b367ffe31f9ea96268a7 railties-4.0.10.rc1.gem

Here are the checksums for 4.1.6.rc1:

$ shasum *4.1.6.rc1* 3589d4ea69a04f87ea5335994a43f8d814c6c8df actionmailer-4.1.6.rc1.gem b51d28e356c58d08d2f65a3a4912a2911b9d4ffe actionpack-4.1.6.rc1.gem f2a8ba7e7ca8fa9e74688cbca3af1e8d48b23de7 actionview-4.1.6.rc1.gem 9a2778d02bd596d629eca6265f0a6d7cecb7d2ef activemodel-4.1.6.rc1.gem 681023c5764cb1336b6d74bf2ff76efd9c1386b7 activerecord-4.1.6.rc1.gem 85c4e30b5b0eba99c9d43049206591250aed2072 activesupport-4.1.6.rc1.gem fd10c0533065471768d8fe4b7e7ba81738c607dd rails-4.1.6.rc1.gem ec05790e0d256a474f0eaf3ae61e9556e71f1b18 railties-4.1.6.rc1.gem

I'd like to thank you all, every contributor who helped with this release.

Rails 4.0.9 and 4.1.5 have been released!

Mon, 08/18/2014 - 17:16

Hi everyone!

Rails 4.0.9 and 4.1.5 have been released!

These two releases contain a security fix, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue.

The security fix for 4.0.9 and 4.1.5 is:

the commits for 4.0.9 can be found here, and the commits for 4.1.5 can be found here.

Here are the checksums for 4.0.9:

$ shasum *4.0.9* 2034a17791be885e8e4e6211c26447614c830e62 actionmailer-4.0.9.gem 00b13c7dfe94af6ede24c6c1652ff4bc2aee9ef8 actionpack-4.0.9.gem 0a16de437de79128846d5a5fc73a0a0d6ebe369e activemodel-4.0.9.gem 3d1884dff4fa64267d7c840dbaaac3eafc6fc0a9 activerecord-4.0.9.gem eb27657cf79c4c13f7b4c4f7aa69a8a171f4e68c activesupport-4.0.9.gem 2bdba9c61f8860d1883ed5803591dc603b7312fb rails-4.0.9.gem f90c7f3104d9d63992d53331990e33c1d832e7c0 railties-4.0.9.gem

Here are the checksums for 4.1.5:

$ shasum *4.1.5* 798edeca54bb9ca1ba91b7669fccb4d2bb41f404 actionmailer-4.1.5.gem 2354a982938658cfafd6097a406ac43facb80c70 actionpack-4.1.5.gem eb71ffc6ea7537d6066483b6ff5d1edf51f0c344 actionview-4.1.5.gem 15a24e5a1e9191541cc7b24bc1f74e3a0293cf97 activemodel-4.1.5.gem 27cd6cc6a3b52eb5966171e5959b0505f411e8ce activerecord-4.1.5.gem 44a53eac3e7851c2311cce42f63c966ea05b5552 activesupport-4.1.5.gem 7fa52337ec2b659abfb5b5678125ba0d3b5cbce7 rails-4.1.5.gem 6ffdb1e19734460ded12f9a66f8390ea071f6727 railties-4.1.5.gem

<3<3<3<3