惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

TaoSecurity Blog
TaoSecurity Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
F
Fortinet All Blogs
Cisco Talos Blog
Cisco Talos Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
S
Secure Thoughts
美团技术团队
雷峰网
雷峰网
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
C
CXSECURITY Database RSS Feed - CXSecurity.com
Engineering at Meta
Engineering at Meta
人人都是产品经理
人人都是产品经理
月光博客
月光博客
T
Tor Project blog
P
Privacy & Cybersecurity Law Blog
Recorded Future
Recorded Future
I
Intezer
博客园 - 【当耐特】
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
GbyAI
GbyAI
罗磊的独立博客
V
V2EX
Google DeepMind News
Google DeepMind News
D
DataBreaches.Net
Last Week in AI
Last Week in AI
T
Tailwind CSS Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
A
About on SuperTechFans
Scott Helme
Scott Helme
Vercel News
Vercel News
Spread Privacy
Spread Privacy
T
Threat Research - Cisco Blogs
Recent Announcements
Recent Announcements
Hacker News: Ask HN
Hacker News: Ask HN
C
CERT Recently Published Vulnerability Notes
G
Google Developers Blog
B
Blog
博客园 - 叶小钗
WordPress大学
WordPress大学
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Jina AI
Jina AI
IT之家
IT之家
C
Cybersecurity and Infrastructure Security Agency CISA
P
Palo Alto Networks Blog
小众软件
小众软件
博客园 - Franky
Microsoft Azure Blog
Microsoft Azure Blog
AWS News Blog
AWS News Blog

Ruby on Rails: Compress the complexity of modern web apps

Safer to_i coercion, custom to_fs formats, and more! This Week in Rails: May 16, 2026 This Week in Rails: May 8, 2026 This Week in Rails: May 1, 2026 Active Record gets better every week Great big Rails World 2026 update: CFP, Corporate Support tickets, workshops Query command for database queries and more Explicit query: and body: kwargs for integration tests and more! Speedup ActiveRecord::LogSubscriber#sql_color and more! This Week in Rails: March 27, 2026 Rails Versions 8.0.5 and 8.1.3 have been released! Rails Versions 7.2.3.1, 8.0.4.1, and 8.1.2.1 have been released! This Week in Rails: March 20, 2026 Validate URI scheme in Action Text and more This Week in Rails: March 6, 2026 Planning Center is the newest Rails Foundation Contributing member Action Text gets Markdown conversion, editor links in devcontainers, and more! BARRA seeks Rails developer Joe Agliozzo is looking for a Rails developer The rise of lighttpd as the alternative web server When longer is better and more is more Snowdevil: First e-tailer on Rails Natural selection for frameworks in Ruby vs Java Address book tutorial in Portuguese Becoming a better programmer with Rails 10 Things Every Java Programmer Should Know About Ruby Really Getting Started in Rails Off the Treadmill, Onto the Rails Rails 0.9.5: A world of fixes and tweaks Rich clients with Rails and XUL Pedrosa on Rails vs WebWork: 'Language DOES matter' 'Ruby on Rails is unbelievably good' Celebrating six months anniversary! Speeding up CGI access to Gem Rails CD Baby leaves PHP behind for Ruby on Rails "I think Ruby on Rails is way over hyped" Programmer needed for JSP to Rails conversion Beyond the 10,000th gem install of Rails 'That application is so stupid' Matz takes note of Ta-da and Rails Rails tutorial on O'Reilly's ONLamp Welcome Slashdotters! Ta-da goes international with UTF-8 Make your Ta-da list today Rails 0.9.4.1: Cleaning up the mess Rails 0.9.4: Caching, filters, SQLite3... An unusual high presence of Macs Having problems running tests under 1.8.2? It\'s all about the applications But what does Rails go web services with XML-RPC prototype Rails runs through XP Cincinnati RedHanded out-evangelizes the evangelizer Rails on Lighttpd with FastCGI Have a codefest and collect cash from RubyCentral Jamis Buck is working on Basecamp S5 Presents competes with SoapBX 3,000 people are doing 10,804 things... Using the Rails to impress potential employers Brian discovers the default logging goodness SoapBX: Presentations powered by S5, Textile, Rails Road Map: The rails leading to 1.0 Tracks: A Getting Things Done implementation Nicholas presents the Directors Rails 0.9.3: Optimistic locking, dynamic finders, 1.8.2 Ruby on the German Rails 43things in 5,204 lines of Ruby on Rails Watch for huge requests on default FCGI How the redesign of the website came to be Are you watching the health of your software? "Some amazing web apps appear on Ruby on Rails" Learning Ruby on Rails with 43things The Robot Co-op takes 43things.com live! Giving up on Java for lack of love Setting up EliteJournal on TextDrive without a vhost Celebrating 219 applied patches since 0.7 Escaping Java but not its thinking "Simple design that even my grandma can understand" Rails logo remixed by Olivier Hericord Rake 0.4.14 includes fix for Ruby 1.8.2 Splitting off the research patches Running rake tests with Ruby 1.8.2 Marten opens Epilog for Trac'ing Drew McLellan predicts Rails celebrates more than 10,000 downloads Variations on a railed theme Securing your Rails: Keep it secret, keep it safe Available for hire? Collaboa and EliteJournal joins the Trac Playing Active Records on MS SQLServer and DB2 Open sourcing the Rails logo Rails: Technology of the Year #1 Reacting to customer requests in real time Extracting missing content from wiki backups Ruby on Rails has its web presence overhauled 43 things makes The Seattle Times 5.gets David Heinemeier Hansson Ruby 1.8.2 finally sees the light of day Rails 0.9: Fast development, breakpoints, validations Rails 0.9.1: Small, but important bugfix for Action Pack
Rails 3.2.9 has been released!
David Heinemeier Hansson · 2012-11-12 · via Ruby on Rails: Compress the complexity of modern web apps

Monday, November 12, 2012
Posted by spastorino

Hi everyone,

Rails 3.2.9 has been released without new changes since 3.2.9.rc3.

IMPORTANT!

A DoS attack was recently found in Ruby that uses specially-crafted input to dramatically reduce the performance of hashes, thus using up lots of CPU time. Rails applications may be vulnerable to an attacker sending a specially-crafted HTTP request to exploit this.

A good way to limit the effectiveness of such attacks is to configure your frontend servers to limit the size of the HTTP request line, headers and body. Nginx does this by default. Apache can be configured to do this by setting the LimitRequestBody directive.

In addition, all Ruby 1.9 users are recommended to upgrade to ruby-1.9.3 patchlevel 327 to get this security fix.

CHANGES since 3.2.8

Action Mailer

  • Do not render views when mail() isn’t called. Fix #7761

    Yves Senn

Action Pack

  • Lock sprockets to 2.2.x REASON: We had some pending fixes in sprockets and sass-rails to make possible to use sprockets version > 2.2. We will do a more conservative sprockets upgrade for this release. In a next release we can relax the dependency again. See #8099 for more information.

    Guillermo Iguaran

  • Clear url helpers when reloading routes.

    Santiago Pastorino

  • Revert the shorthand routes scoped with :module option fix This added a regression since it is changing the URL mapping. This makes the stable release backward compatible.

    Rafael Mendonça França

  • Revert the assert_template fix to not pass with ever string that matches the template name. This added a regression since people were relying on this buggy behavior. This will introduce back #3849 but this stable release will be backward compatible. Fixes #8068.

    Rafael Mendonça França

  • Revert the rename of internal variable on ActionController::TemplateAssertions to prevent naming collisions. This added a regression related with shoulda-matchers, since it is expecting the instance variable @layouts. This will introduce back #7459 but this stable release will be backward compatible. Fixes #8068.

    Rafael Mendonça França

  • Accept :remote as symbolic option for link_to helper. Riley Lynch

  • Warn when the :locals option is passed to assert_template outside of a view test case Fix #3415

    Yves Senn

  • Rename internal variables on ActionController::TemplateAssertions to prevent naming collisions. @partials, @templates and @layouts are now prefixed with an underscore. Fix #7459

    Yves Senn

  • resource and resources don’t modify the passed options hash Fix #7777

    Yves Senn

  • Precompiled assets include aliases from foo.js to foo/index.js and vice versa.

    # Precompiles phone-<digest>.css and aliases phone/index.css to phone.css.
    config.assets.precompile = [ 'phone.css' ]
    
    # Precompiles phone/index-<digest>.css and aliases phone.css to phone/index.css.
    config.assets.precompile = [ 'phone/index.css' ]
    
    # Both of these work with either precompile thanks to their aliases.
    <%= stylesheet_link_tag 'phone', media: 'all' %>
    <%= stylesheet_link_tag 'phone/index', media: 'all' %>
    

    Jeremy Kemper

  • assert_template is no more passing with what ever string that matches with the template name.

    Before when we have a template /layout/hello.html.erb, assert_template was passing with any string that matches. This behavior allowed false positive like:

    assert_template "layout"
    assert_template "out/hello"
    

    Now it only passes with:

    assert_template "layout/hello"
    assert_template "hello"
    

    Fixes #3849.

    Hugolnx

  • Handle ActionDispatch::Http::UploadedFile like Rack::Test::UploadedFile, don’t call to_param on it. Since Rack::Test::UploadedFile isn’t API compatible this is needed to test file uploads that rely on tempfile being available.

    Tim Vandecasteele

  • Fixed a bug with shorthand routes scoped with the :module option not adding the module to the controller as described in issue #6497. This should now work properly:

    scope :module => "engine" do
      get "api/version" # routes to engine/api#version
    end
    

    Luiz Felipe Garcia Pereira

  • Respect config.digest = false for asset_path

    Previously, the asset_path internals only respected the :digest option, but ignored the global config setting. This meant that config.digest = false could not be used in conjunction with config.compile = false this corrects the behavior.

    Peter Wagenet

  • Fix #7646, the log now displays the correct status code when an exception is raised.

    Yves Senn

  • Fix handling of date selects when using both disabled and discard options. Fixes #7431.

    Vasiliy Ermolovich

  • Fix select_tag when option_tags is nil. Fixes #7404.

    Sandeep Ravichandran

  • javascript_include_tag :all will now not include application.js if the file does not exists. Prem Sichanugrist

  • Support cookie jar options (e.g., domain :all) for all session stores. Fixes GH#3047, GH#2483.

    Ravil Bayramgalin

  • Performance Improvement to send_file: Avoid having to pass an open file handle as the response body. Rack::Sendfile will usually intercept the response and just uses the path directly, so no reason to open the file. This performance improvement also resolves an issue with jRuby encodings, and is the reason for the backport, see issue #6844.

    Jeremy Kemper & Erich Menge

Active Model

  • Due to a change in builder, nil values and empty strings now generates closed tags, so instead of this:

    <pseudonyms nil=\"true\"></pseudonyms>
    

    It generates this:

    <pseudonyms nil=\"true\"/>
    

    Carlos Antonio da Silva

Active Record

  • Fix issue with collection associations calling first(n)/last(n) and attempting to set the inverse association when :inverse_of was used. Fixes #8087.

    Carlos Antonio da Silva

  • Fix ActiveRecord#update_column return value.

    Aliaxandr

  • Fix bug when Column is trying to type cast boolean values to integer. Fixes #8067.

    Rafael Mendonça França

  • Fix bug where rake db:test:prepare tries to load the structure.sql into development database. Fixes #8032.

    Grace Liu + Rafael Mendonça França

  • Fixed support for DATABASE_URL environment variable for rake db tasks. Grace Liu

  • Fix bug where update_columns and update_column would not let you update the primary key column.

    Henrik Nyh

  • Decode URI encoded attributes on database connection URLs.

    Shawn Veader

  • Fix AR#dup to nullify the validation errors in the dup’ed object. Previously the original and the dup’ed object shared the same errors.

    • Christian Seiler*
  • Synchronize around deleting from the reserved connections hash. Fixes #7955

  • PostgreSQL adapter correctly fetches default values when using multiple schemas and domains in a db. Fixes #7914

    Arturo Pie

  • Fix deprecation notice when loading a collection association that selects columns from other tables, if a new record was previously built using that association.

    Ernie Miller

  • The postgres adapter now supports tables with capital letters. Fix #5920

    Yves Senn

  • CollectionAssociation#count returns 0 without querying if the parent record is not persisted.

    Before:

    person.pets.count
    # SELECT COUNT(*) FROM "pets" WHERE "pets"."person_id" IS NULL
    # => 0
    

    After:

    person.pets.count
    # fires without sql query
    # => 0
    

    Francesco Rodriguez

  • Fix reset_counters crashing on has_many :through associations. Fix #7822.

    lulalala

  • ConnectionPool recognizes checkout_timeout spec key as taking precedence over legacy wait_timeout spec key, can be used to avoid conflict with mysql2 use of wait_timeout. Closes #7684.

    jrochkind

  • Rename field_changed? to _field_changed? so that users can create a field named field

    Akira Matsuda, backported by Steve Klabnik

  • Fix creation of through association models when using collection=[] on a has_many :through association from an unsaved model. Fix #7661.

    Ernie Miller

  • Explain only normal CRUD sql (select / update / insert / delete). Fix problem that explains unexplainable sql. Closes #7544 #6458.

    kennyj

  • Backport test coverage to ensure that PostgreSQL auto-reconnect functionality remains healthy.

    Steve Jorgensen

  • Use config[‘encoding’] instead of config[‘charset’] when executing databases.rake in the mysql/mysql2. A correct option for a database.yml is ‘encoding’.

    kennyj

  • Fix ConnectionAdapters::Column.type_cast_code integer conversion, to always convert values to integer calling #to_i. Fixes #7509.

    Thiago Pradi

  • Fix time column type casting for invalid time string values to correctly return nil.

    Adam Meehan

  • Fix becomes when using a configured inheritance_column.

    Yves Senn

  • Fix reset_counters when there are multiple belongs_to association with the same foreign key and one of them have a counter cache. Fixes #5200.

    Dave Desrochers

  • Round usec when comparing timestamp attributes in the dirty tracking. Fixes #6975.

    kennyj

  • Use inversed parent for first and last child of has_many association.

    Ravil Bayramgalin

  • Fix Column.microseconds and Column.fast_string_to_date to avoid converting timestamp seconds to a float, since it occasionally results in inaccuracies with microsecond-precision times. Fixes #7352.

    Ari Pollak

  • Fix increment!, decrement!, toggle! that was skipping callbacks. Fixes #7306.

    Rafael Mendonça França

  • Fix AR#create to return an unsaved record when AR::RecordInvalid is raised. Fixes #3217.

    Dave Yeu

  • Remove unnecessary transaction when assigning has_one associations with a nil or equal value. Fix #7191.

    kennyj

  • Allow store to work with an empty column. Fix #4840.

    Jeremy Walker

  • Remove prepared statement from system query in postgresql adapter. Fix #5872.

    Ivan Evtuhovich

  • Make sure :environment task is executed before db:schema:load or db:structure:load Fixes #4772.

    Seamus Abshere

Active Resource

  • No changes

Active Support

  • Add logger.push_tags and .pop_tags to complement logger.tagged:

    class Job
      def before
        Rails.logger.push_tags :jobs, self.class.name
      end
    
      def after
        Rails.logger.pop_tags 2
      end
    end
    

    Jeremy Kemper

  • Add %:z and %::z format string support to ActiveSupport::TimeWithZone#strftime. [fixes #6962] kennyj

Railties

  • Revert “Respect children paths filter settings” This reverts commit 53778ec2d716f860646fd43957fd53c8db4da2fe. Closes #8146

    Santiago Pastorino

  • Don’t eager-load app/assets and app/views Elia Schito

  • Update supported ruby versions error message in ruby_version_check.rb Lihan Li

SHA-1

  • 0b460ffdac39cee7f3321bb430e212c2a42b5dec actionmailer-3.2.9.gem
  • 8c3657514132ae21d2da2abcad896d8f37c4f1ca actionpack-3.2.9.gem
  • 3e95d49bca396663d0cc4e94056f2d4e20923200 activemodel-3.2.9.gem
  • 92f9f3aad6ae63786cc916baedda46801b423aab activerecord-3.2.9.gem
  • fff833587b753eb0d17e7102f635e769138113f5 activeresource-3.2.9.gem
  • 0989647ca08bb01bf3ab9490ea9b623f4deb065d activesupport-3.2.9.gem
  • b2172077c391721bc008723fec92c986c6881e62 rails-3.2.9.gem
  • bd3e0418546e142cf6afb7fc0e0240545ec96e5c railties-3.2.9.gem

You can find a list of changes between v3.2.8 and v3.2.9 here

Thanks to everyone!