<!doctype html> <html lang="en"> <head> <title>Ruby on Rails &mdash; New Maintenance policy, CVE releases, Rails World talks and more!</title> <meta charset="utf-8" /> <meta content="ie=edge" http-equiv="x-ua-compatible" /> <meta name="handheldfriendly" content="true" /> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="description" content="Hey everyone, Happy Friday!" /> <meta property="og:site_name" content="Ruby on Rails" /> <meta property="og:title" content="New Maintenance policy, CVE releases, Rails World talks and more!" /> <meta property="og:description" content="Hey everyone, Happy Friday!" /> <meta property="og:image" content="https://rubyonrails.org/assets/images/this-week-in-rails.png" /> <meta property="og:url" content="https://rubyonrails.org/2024/10/18/this-week-in-rails" /> <meta property="og:type" content="article" /> <meta name="twitter:title" content="New Maintenance policy, CVE releases, Rails World talks and more!" /> <meta name="twitter:description" content="Hey everyone, Happy Friday!" /> <meta name="twitter:image" content="https://rubyonrails.org/assets/images/this-week-in-rails.png" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:creator" content="@rails" /> <meta name="twitter:image:alt" content="Ruby on Rails" /> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "BlogPosting", "mainEntityOfPage": { "@type": "WebPage", "@id": "https://rubyonrails.org/2024/10/18/this-week-in-rails" }, "name": "Ruby on Rails", "headline": "New Maintenance policy, CVE releases, Rails World talks and more!", "description": "Hey everyone, Happy Friday!", "url": "https://rubyonrails.org/2024/10/18/this-week-in-rails", "image": "https://rubyonrails.org/assets/images/this-week-in-rails.png", "author": { "@type": "Person", "name": "vipulnsward" }, "datePublished": "2024-10-18T00:00:00+00:00" } </script> <script defer data-domain="rubyonrails.org" src="https://plausible.io/js/script.js"></script> <link rel="icon" href="/assets/images/favicon.png" /> <link rel="stylesheet" href="/assets/css/style.css" /> <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="The official Ruby on Rails blog"> </head> <body> <nav class="nav"> <a class="nav__logo" href="/" aria-label="Ruby on Rails"></a> </nav> <div class="layout"> <div class="post common-padding--bottom common-padding--top-small"> <div class="container"> <div class="post__headline common-headline"> <h5>Friday, October 18, 2024</h5> <h2>New Maintenance policy, CVE releases, Rails World talks and more!</h2> <h6>Posted by vipulnsward</h6> </div> <div class="post__content common-content common-content--post"> <p>Hey everyone, Happy Friday!</p> <p><a href="https://www.saeloun.com/team/vipul">Vipul</a> here with the latest updates for This Week in Rails. Let’s dive in!</p> <p><a href="https://rubyonrails.org/2024/10/15/rails-world-2024-recap">Rails World talks are out!</a><br /> Check out the recap of these talks in this <a href="https://rubyonrails.org/2024/10/15/rails-world-2024-recap">blog post</a>, or head over <a href="https://www.youtube.com/watch?v=-cEn_83zRFw&amp;list=PLHFP2OPUpCeb182aDN5cKZTuyjn3Tdbqx">to Rails’ YouTube</a> for the full playlist.</p> <p><a href="https://rubyonrails.org/2024/10/15/new-maintenance-policy-and-eol-annouments">New Rails maintenance policy and end of maintenance announcements</a><br /> These changes are designed to provide clarity on support timelines and help to plan Rails upgrades effectively. Full details of the new policy can be found on the <a href="https://rubyonrails.org/maintenance">Rails website.</a></p> <p><a href="https://rubyonrails.org/2024/10/15/Rails-Versions-7-0-8-5-7-1-4-1-and-7-2-1-1-have-been-released">Rails Versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1 have been released!</a><br /> These are security patches addressing 4 possible ReDoS (Regular expression Denial of Service) attacks. All of these only affect Ruby versions below 3.2, so if you are using any of these old Rubies, its time to update Rails versions at your earliest convenience.</p> <p><a href="https://github.com/rails/rails/pull/53240">Fix db:migrate:reset task</a><br /> Before this fix <code class="language-plaintext highlighter-rouge">db:migrate:reset</code> was broken, because we started to load the schema before migrating. This prevented migrations from running. This patch empties the schema before migrating, ensuring that migrations run as expected.</p> <p><a href="https://github.com/rails/rails/pull/53298">Improve ActionController::TestCase to expose a binary encoded request.body</a><br /> This change improves <code class="language-plaintext highlighter-rouge">ActionController::TestCase</code> to expose a binary encoded <code class="language-plaintext highlighter-rouge">request.body</code>. The rack spec clearly states:</p> <blockquote> <p>The input stream is an IO-like object which contains the raw HTTP POST data. When applicable, its external encoding must be “ASCII-8BIT” and it must be opened in binary mode.</p> </blockquote> <p>Until now, its encoding was generally UTF-8, which doesn’t accurately reflect production behavior.</p> <p><a href="https://github.com/rails/rails/pull/53360">Fix marshalling of unsaved associated records in 7.1 format</a><br /> Before this change the 7.1 format would only marshal associated records if the association was loaded. But associations that would only contain unsaved records would be skipped.</p> <p><a href="https://github.com/rails/rails/pull/53329">Update vendored Trix version to 2.1.7</a><br /> This change updates vendored Trix version to <a href="https://github.com/basecamp/trix/releases/tag/v2.1.7">2.1.7</a>, which includes support for the upcoming security fix in <a href="https://github.com/rails/rails/pull/51729">#51729</a> and <a href="https://github.com/basecamp/trix/pull/1190">enhanced form support</a> (ElementInternals and HTML5 validations).</p> <p><a href="https://github.com/rails/rails/pull/53193">Do more params parsing on Rails instead of Rack</a><br /> Rack is looking at some minor changes to how they parse query strings. To be more independent of these upstream changes when handling various scenarios, this Pull Request introduces various improvements to handle parsing more on Rails side.</p> <p><a href="https://github.com/rails/rails/pull/52905">Revamped Action Mailer Guide</a><br /> This Pull Request updates and improves the “Action Mailer Basics” Rails Guide documentation. Check it out and suggest improvements if you are familiar around these parts.</p> <p><a href="https://github.com/rails/rails/pull/53316">Support Prism for ActionView::Template.spot</a><br /> This change adds support for the Prism parser with <code class="language-plaintext highlighter-rouge">ErrorHighlight</code> in Rails.</p> <p><a href="https://github.com/rails/rails/pull/53325">Fix NoMethodError when content type is set to nil in tests</a><br /> This Pull Request changes <code class="language-plaintext highlighter-rouge">ActionController::TestCase</code>’s content type check to account for nil content types, so Rails can raise a more descriptive <code class="language-plaintext highlighter-rouge">Unknown Content-Type</code> error instead of a slightly obscure <code class="language-plaintext highlighter-rouge">NoMethodError</code>.</p> <p><em>You can view the whole list of changes <a href="https://github.com/rails/rails/compare/@%7B2024-10-12%7D...main@%7B2024-10-18%7D">here</a>.</em> <em>We had <a href="https://contributors.rubyonrails.org/contributors/in-time-window/20241012-20241018">34 contributors</a> to the Rails codebase this past week!</em></p> <p>Until next time!</p> <p><em><a href="https://world.hey.com/this.week.in.rails">Subscribe</a> to get these updates mailed to you.</em></p> </div> </div> </div> </div> <footer class="footer common-background--grey common-padding--bottom common-padding--top common-shape--top-white-up-left"> <div class="footer__logo"><a href="/" aria-label="Ruby on Rails"></a></div> </footer> </body> </html>