惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Attack and Defense Labs
Attack and Defense Labs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V
Vulnerabilities – Threatpost
Simon Willison's Weblog
Simon Willison's Weblog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Project Zero
Project Zero
P
Palo Alto Networks Blog
G
GRAHAM CLULEY
www.infosecurity-magazine.com
www.infosecurity-magazine.com
H
Hacker News: Front Page
Help Net Security
Help Net Security
S
Schneier on Security
A
Arctic Wolf
Know Your Adversary
Know Your Adversary
L
LINUX DO - 热门话题
Security Archives - TechRepublic
Security Archives - TechRepublic
L
LangChain Blog
T
The Exploit Database - CXSecurity.com
V2EX - 技术
V2EX - 技术
罗磊的独立博客
雷峰网
雷峰网
酷 壳 – CoolShell
酷 壳 – CoolShell
有赞技术团队
有赞技术团队
P
Privacy & Cybersecurity Law Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Last Week in AI
Last Week in AI
人人都是产品经理
人人都是产品经理
C
Cybersecurity and Infrastructure Security Agency CISA
T
Threat Research - Cisco Blogs
C
Cyber Attacks, Cyber Crime and Cyber Security
J
Java Code Geeks
量子位
大猫的无限游戏
大猫的无限游戏
C
Check Point Blog
云风的 BLOG
云风的 BLOG
SecWiki News
SecWiki News
Hacker News: Ask HN
Hacker News: Ask HN
B
Blog RSS Feed
Hugging Face - Blog
Hugging Face - Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Troy Hunt's Blog
U
Unit 42
N
Netflix TechBlog - Medium
阮一峰的网络日志
阮一峰的网络日志
The Register - Security
The Register - Security
Recorded Future
Recorded Future
爱范儿
爱范儿
Webroot Blog
Webroot Blog
Engineering at Meta
Engineering at Meta

Ruby on Rails: Compress the complexity of modern web apps

Safer to_i coercion, custom to_fs formats, and more! This Week in Rails: May 16, 2026 This Week in Rails: May 8, 2026 This Week in Rails: May 1, 2026 Active Record gets better every week Great big Rails World 2026 update: CFP, Corporate Support tickets, workshops Query command for database queries and more Explicit query: and body: kwargs for integration tests and more! Speedup ActiveRecord::LogSubscriber#sql_color and more! This Week in Rails: March 27, 2026 Rails Versions 8.0.5 and 8.1.3 have been released! Rails Versions 7.2.3.1, 8.0.4.1, and 8.1.2.1 have been released! This Week in Rails: March 20, 2026 Validate URI scheme in Action Text and more This Week in Rails: March 6, 2026 Planning Center is the newest Rails Foundation Contributing member Action Text gets Markdown conversion, editor links in devcontainers, and more! BARRA seeks Rails developer Joe Agliozzo is looking for a Rails developer The rise of lighttpd as the alternative web server When longer is better and more is more Snowdevil: First e-tailer on Rails Natural selection for frameworks in Ruby vs Java Address book tutorial in Portuguese Becoming a better programmer with Rails 10 Things Every Java Programmer Should Know About Ruby Really Getting Started in Rails Off the Treadmill, Onto the Rails Rails 0.9.5: A world of fixes and tweaks Rich clients with Rails and XUL Pedrosa on Rails vs WebWork: 'Language DOES matter' 'Ruby on Rails is unbelievably good' Celebrating six months anniversary! Speeding up CGI access to Gem Rails CD Baby leaves PHP behind for Ruby on Rails "I think Ruby on Rails is way over hyped" Programmer needed for JSP to Rails conversion Beyond the 10,000th gem install of Rails 'That application is so stupid' Matz takes note of Ta-da and Rails Rails tutorial on O'Reilly's ONLamp Welcome Slashdotters! Ta-da goes international with UTF-8 Make your Ta-da list today Rails 0.9.4.1: Cleaning up the mess Rails 0.9.4: Caching, filters, SQLite3... An unusual high presence of Macs Having problems running tests under 1.8.2? It\'s all about the applications But what does Rails go web services with XML-RPC prototype Rails runs through XP Cincinnati RedHanded out-evangelizes the evangelizer Rails on Lighttpd with FastCGI Have a codefest and collect cash from RubyCentral Jamis Buck is working on Basecamp S5 Presents competes with SoapBX 3,000 people are doing 10,804 things... Using the Rails to impress potential employers Brian discovers the default logging goodness SoapBX: Presentations powered by S5, Textile, Rails Road Map: The rails leading to 1.0 Tracks: A Getting Things Done implementation Nicholas presents the Directors Rails 0.9.3: Optimistic locking, dynamic finders, 1.8.2 Ruby on the German Rails 43things in 5,204 lines of Ruby on Rails Watch for huge requests on default FCGI How the redesign of the website came to be Are you watching the health of your software? "Some amazing web apps appear on Ruby on Rails" Learning Ruby on Rails with 43things The Robot Co-op takes 43things.com live! Giving up on Java for lack of love Setting up EliteJournal on TextDrive without a vhost Celebrating 219 applied patches since 0.7 Escaping Java but not its thinking "Simple design that even my grandma can understand" Rails logo remixed by Olivier Hericord Rake 0.4.14 includes fix for Ruby 1.8.2 Splitting off the research patches Running rake tests with Ruby 1.8.2 Marten opens Epilog for Trac'ing Drew McLellan predicts Rails celebrates more than 10,000 downloads Variations on a railed theme Securing your Rails: Keep it secret, keep it safe Available for hire? Collaboa and EliteJournal joins the Trac Playing Active Records on MS SQLServer and DB2 Open sourcing the Rails logo Rails: Technology of the Year #1 Reacting to customer requests in real time Extracting missing content from wiki backups Ruby on Rails has its web presence overhauled 43 things makes The Seattle Times 5.gets David Heinemeier Hansson Ruby 1.8.2 finally sees the light of day Rails 0.9: Fast development, breakpoints, validations Rails 0.9.1: Small, but important bugfix for Action Pack
RFC 9110 Accept headers, dotenv fixes, and Ractor safety
vipulnsward · 2026-06-26 · via Ruby on Rails: Compress the complexity of modern web apps

Hi, it’s Vipul. This week was heavy on fixes: config parsing, association edge cases, caller-owned state, and more Ractor safety.

Add RFC 9110 compliant Accept header content negotiation opt-in
New opt-in: config.action_dispatch.respect_accept_header_rfc9110. Default: off. Enable it when you want RFC-compliant media type specificity and quality handling, for example Accept: application/json, */* returning JSON. If your app relies on old browser-like fallbacks, leave it off until you test real browser Accept headers in your app and CI.

Strip inline comments from unquoted dotenv values
Unquoted dotenv values now strip whitespace-prefixed inline comments before interpolation and command execution. So PORT=5432 # primary resolves to 5432, while URL=http://host#frag and quoted values still keep their # content. No action needed unless your app relied on trailing comments being part of unquoted values.

Fix Rails.application.dotenvs(path) to honor an explicit path argument
Rails.application.dotenvs(path) now memoizes by path instead of returning the first dotenv configuration it saw. The default .env file remains cached, and custom dotenv files now work as expected. Useful when reading multiple dotenv files in one process.

Fix create_or_find_by scope pollution on the non-transactional retry
This completes the earlier create_or_find_by fix by covering the branch that runs outside an open transaction. On a uniqueness retry, Rails now uses rewhere(attributes).take! there too, so a caller scope no longer pollutes the lookup and turns an existing record into RecordNotFound. Create keeps the caller scope; the retry lookup drops it.

Validate offset value at call time like limit
offset now mirrors limit and raises ArgumentError for invalid values instead of silently coercing "abc" to OFFSET 0. Clean numeric strings still work. Bad input now fails where it enters the relation.

Avoid mutating params hash passed to ActionDispatch::Http::URL.url_for
url_for no longer deletes nil-valued entries from the caller’s params: hash. That fixes corrupted request.query_parameters and avoids FrozenError when the hash is frozen. Rails no longer mutates caller-owned state here.

Fix Http::Headers#merge mutating the original request
ActionDispatch::Http::Headers#merge is documented to return a new headers object, but it was still mutating the original request env. The implementation now duplicates the env before merging, so the method follows its contract. Merging headers should not change the original request.

Avoid mutating the override options passed to ActiveModel::Errors#import
Errors#import now duplicates override options before normalizing :attribute and :type. Rails duplicates first, then normalizes internally.

Don’t share the actions Hash across ActionableError subclasses
ActionableError.action now uses copy-on-write for the _actions class attribute. An action registered on one subclass no longer leaks into the parent or sibling subclasses. Same direction: no shared mutable defaults.

Split template lookup into raising and non-raising
Action View lookup now has a non-raising #find path, replacing places that had to call find_all(...).first or rescue exceptions. It also adds an #any_formats? finder, keeping more of the template lookup behavior inside LookupContext. Less exception-driven lookup.

Support polymorphic associations with custom primary keys through :inverse_of
Polymorphic associations with an explicit :inverse_of now respect custom primary keys from the inverse association. This helps applications where associated records use identifiers like uuid or slug instead of the default id.

Fix inverse matching for association composite primary keys
Composite primary-key associations got another fix. Inverse matching now uses the association’s active_record_primary_key when that is what the foreign key maps to.

Fix associations on a new record when the owner has a composite primary key
foreign_key_present? now checks each component of a composite key instead of treating the key array as one attribute name. That fixes has_many and has_one lookups on new records when all key columns are present.

Make ActiveRecord::Base.primary_key a class attribute
primary_key, like table_name, is now a class attribute. Overriding it on an abstract class or STI base now behaves like applications would expect: subclasses inherit the override. Less surprise for abstract models and STI.

Parse intentional JSON comments with allow_comments: true
Rails bumped json to 2.20.0 and now opts in to allow_comments: true where comments are expected. That keeps the Active Support serializer fallback and devcontainer JSONC handling ready for stricter json 3.0 behavior. Good cleanup before json 3.0 tightens behavior.

Remove the use of $, as a default value for safe_join
safe_join now defaults sep to nil instead of reading Ruby’s deprecated global output field separator. This behavior was undocumented in Rails, and Ruby has warned about setting $, for years. Simple default. Better default.

Ractor safety continues
More internals moved to the boring pattern we want: freeze defaults, copy-on-write, avoid shared mutable state. Touched areas include TimeFormats, rescue handlers, parameter encodings, view cache dependencies, ExecutionContext.after_change, and the Active Record Railtie. Some Active Record and Active Model memoization was also removed. If your app patches internals with global mutation, audit those patches. Prefer frozen defaults, copy-on-write, or explicit duplication.

You can view the whole list of changes here.
We had 24 contributors to the Rails codebase this past week!

Until next time!

Subscribe to get these updates mailed to you.