惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
WordPress大学
WordPress大学
博客园 - 【当耐特】
Engineering at Meta
Engineering at Meta
IT之家
IT之家
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
美团技术团队
S
SegmentFault 最新的问题
The GitHub Blog
The GitHub Blog
Martin Fowler
Martin Fowler
Recorded Future
Recorded Future
H
Help Net Security
aimingoo的专栏
aimingoo的专栏
Y
Y Combinator Blog
博客园_首页
A
About on SuperTechFans
MongoDB | Blog
MongoDB | Blog
阮一峰的网络日志
阮一峰的网络日志
V
Visual Studio Blog
D
DataBreaches.Net
人人都是产品经理
人人都是产品经理
大猫的无限游戏
大猫的无限游戏
B
Blog
The Register - Security
The Register - Security
I
InfoQ
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
雷峰网
雷峰网
Last Week in AI
Last Week in AI
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
Blog — PlanetScale
Blog — PlanetScale
N
Netflix TechBlog - Medium
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
有赞技术团队
有赞技术团队
Stack Overflow Blog
Stack Overflow Blog
Jina AI
Jina AI
Security Archives - TechRepublic
Security Archives - TechRepublic
Hacker News - Newest:
Hacker News - Newest: "LLM"
U
Unit 42
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
W
WeLiveSecurity
Latest news
Latest news
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 叶小钗
L
Lohrmann on Cybersecurity
博客园 - Franky
Recent Commits to openclaw:main
Recent Commits to openclaw:main
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO

Ruby on Rails: Compress the complexity of modern web apps

This Week in Rails: May 16, 2026 This Week in Rails: May 8, 2026 This Week in Rails: May 1, 2026 Active Record gets better every week Great big Rails World 2026 update: CFP, Corporate Support tickets, workshops Query command for database queries and more Explicit query: and body: kwargs for integration tests and more! Speedup ActiveRecord::LogSubscriber#sql_color and more! This Week in Rails: March 27, 2026 Rails Versions 8.0.5 and 8.1.3 have been released! Rails Versions 7.2.3.1, 8.0.4.1, and 8.1.2.1 have been released! This Week in Rails: March 20, 2026 Validate URI scheme in Action Text and more This Week in Rails: March 6, 2026 Planning Center is the newest Rails Foundation Contributing member Action Text gets Markdown conversion, editor links in devcontainers, and more! Florian Weber launches bellybutton.de BARRA seeks Rails developer Joe Agliozzo is looking for a Rails developer The rise of lighttpd as the alternative web server When longer is better and more is more Snowdevil: First e-tailer on Rails Natural selection for frameworks in Ruby vs Java Address book tutorial in Portuguese Becoming a better programmer with Rails 10 Things Every Java Programmer Should Know About Ruby Really Getting Started in Rails Off the Treadmill, Onto the Rails Rails 0.9.5: A world of fixes and tweaks Rich clients with Rails and XUL Pedrosa on Rails vs WebWork: 'Language DOES matter' 'Ruby on Rails is unbelievably good' Celebrating six months anniversary! Speeding up CGI access to Gem Rails CD Baby leaves PHP behind for Ruby on Rails "I think Ruby on Rails is way over hyped" Programmer needed for JSP to Rails conversion Beyond the 10,000th gem install of Rails 'That application is so stupid' Matz takes note of Ta-da and Rails Rails tutorial on O'Reilly's ONLamp Welcome Slashdotters! Ta-da goes international with UTF-8 Make your Ta-da list today Rails 0.9.4.1: Cleaning up the mess Rails 0.9.4: Caching, filters, SQLite3... An unusual high presence of Macs Having problems running tests under 1.8.2? It\'s all about the applications But what does Rails go web services with XML-RPC prototype Rails runs through XP Cincinnati RedHanded out-evangelizes the evangelizer Rails on Lighttpd with FastCGI Have a codefest and collect cash from RubyCentral Jamis Buck is working on Basecamp S5 Presents competes with SoapBX 3,000 people are doing 10,804 things... Using the Rails to impress potential employers Brian discovers the default logging goodness SoapBX: Presentations powered by S5, Textile, Rails Road Map: The rails leading to 1.0 Tracks: A Getting Things Done implementation Nicholas presents the Directors Rails 0.9.3: Optimistic locking, dynamic finders, 1.8.2 Ruby on the German Rails 43things in 5,204 lines of Ruby on Rails Watch for huge requests on default FCGI How the redesign of the website came to be Are you watching the health of your software? "Some amazing web apps appear on Ruby on Rails" Learning Ruby on Rails with 43things The Robot Co-op takes 43things.com live! Giving up on Java for lack of love Setting up EliteJournal on TextDrive without a vhost Celebrating 219 applied patches since 0.7 Escaping Java but not its thinking "Simple design that even my grandma can understand" Rails logo remixed by Olivier Hericord Rake 0.4.14 includes fix for Ruby 1.8.2 Splitting off the research patches Running rake tests with Ruby 1.8.2 Marten opens Epilog for Trac'ing Drew McLellan predicts Rails celebrates more than 10,000 downloads Variations on a railed theme Securing your Rails: Keep it secret, keep it safe Available for hire? Collaboa and EliteJournal joins the Trac Playing Active Records on MS SQLServer and DB2 Open sourcing the Rails logo Rails: Technology of the Year #1 Reacting to customer requests in real time Extracting missing content from wiki backups Ruby on Rails has its web presence overhauled 43 things makes The Seattle Times 5.gets David Heinemeier Hansson Ruby 1.8.2 finally sees the light of day Rails 0.9: Fast development, breakpoints, validations Rails 0.9.1: Small, but important bugfix for Action Pack
Safer to_i coercion, custom to_fs formats, and more!
Emmanuel Hayford · 2026-05-23 · via Ruby on Rails: Compress the complexity of modern web apps

Hi, I’m Emmanuel Hayford. Rails had a busy week, so grab a tea and let’s get into it.

The 2026 Ruby on Rails Community Survey is open
Open through July 3rd. Anonymous, and takes about 10 to 12 minutes, results published free. This year goes deeper on tools, deployment, team shape, and how AI is (or isn’t) showing up in your workflow.

Limit the size of strings we call to_i on in ActiveRecord
Calling to_i on a very long string can be a DoS vector. Active Model now caps auto-integer coercion to the first _limit * 4 bytes of the input, where _limit is the column’s storage size: 16 bytes for a default 4-byte integer, 32 bytes for an 8-byte bigint. That’s comfortably more than the digits any in-range value can have, with room left for a sign or a typical slug suffix. Without the multiplier, slug-style routes (Post.where(id: params[:id]) where the id arrives as 123-hello-world) would break.

Introduce ActiveSupport::TimeFormats and ActiveSupport::DateFormats
Custom to_fs formats can now be registered without mutating the global Time::DATE_FORMATS and Date::DATE_FORMATS hashes. The old constants still work for backward compatibility, but they’re deprecated and slated for removal in the next version of Rails.

ActiveSupport::TimeFormats.register(:month_and_year, "%B %Y")
ActiveSupport::DateFormats.register(:short_ordinal, ->(date) { date.strftime("%B #{date.day.ordinalize}") })

Time.now.to_fs(:month_and_year)  # => "February 2024"
Date.today.to_fs(:short_ordinal) # => "February 21st"

Add ActionController::Parameters#deep_transform_values
Mirrors the Hash method, including a bang variant and propagation of permitted?.

params = ActionController::Parameters.new(
  user: {
    email: "  ALICE@EXAMPLE.COM  ",
    profile: { bio: "  Hello world  " }
  }
)

params.deep_transform_values { |v| v.is_a?(String) ? v.strip.downcase : v }

Don’t bump lock_version on records during blob analysis
A new block helper, ActiveRecord::Locking::Optimistic.preserve_lock_version_on_touch, suppresses the lock_version bump (and the matching WHERE lock_version = X constraint) on touches fired inside it. updated_at still updates so cache keys keep invalidating. ActiveStorage::Blob#touch_attachments now wraps its cascade with the helper, since blob analysis doesn’t actually modify any parent field and the bump was a frequent source of StaleObjectError on concurrent uploads.

Reset lock_version after a nested savepoint rollback
restore_transaction_record_state short-circuited on every nested savepoint rollback, leaving the optimistic locking column at the value _update_row had bumped it to inside the savepoint. The next save would then raise StaleObjectError. The PR adds a locking-aware branch that rebuilds lock_version from the snapshot’s original_value, so both the WHERE clause and the dirty tracking on the next save behave as if the savepoint’s increment never happened. Two regression tests in OptimisticLockingRollbackTest cover the inner-rollback and outer-commit cases.

Fix label for not matching input id when a collection value is nil
With a nil entry in the collection, collection_radio_buttons and collection_check_boxes produced an input with id="user_active" but a label with for="user_active_", so clicking the label didn’t select the radio. sanitize_attribute_name now skips the underscore separator when the sanitized value is empty, so the IDs line up. The bug had been there since the helper was first introduced in 2012.

Add enforced: option for foreign keys on PostgreSQL 18.4+
add_foreign_key accepts enforced: false to create a NOT ENFORCED constraint, useful for bulk DML that loads the referenced and referencing tables in arbitrary order. PostgreSQL marks NOT ENFORCED constraints as NOT VALID internally, so the schema dumper outputs both enforced: false and validate: false. A new change_foreign_key toggles enforcement on an existing constraint, replacing raw ALTER TABLE ... ALTER CONSTRAINT SQL. Rails requires PostgreSQL 18.4+ here because earlier 18.x versions lost deferrability on these constraints.

Use NOT ENFORCED in disable_referential_integrity on PostgreSQL 18.4+
On PostgreSQL 18.4 and later, disable_referential_integrity toggles NOT ENFORCED and ENFORCED instead of DISABLE TRIGGER ALL and ENABLE TRIGGER ALL. That requires only table ownership rather than superuser privileges. The toggle and restore are wrapped in a single transaction so a failure inside the block can’t leave originally-enforced constraints stuck in a NOT ENFORCED state. check_all_foreign_keys_valid! skips NOT ENFORCED constraints, since VALIDATE CONSTRAINT doesn’t apply to them.

Allow array values for .in_order_of
Passing an array of values inside .in_order_of groups records together in the resulting CASE expression, so a single ranking can collapse multiple states into the same bucket and still combine with later order clauses.

Post.in_order_of(:state, [[:published, :canceled], :archived]).order(created_at: :desc)

Support proc and symbol for NumericalityValidator’s :in option
validates_numericality_of :price, in: ... now accepts a proc or a symbol, in addition to a literal range, so the bound can depend on the record’s own state.

validates_numericality_of :price, in: ->(o) { 0..o.max_price }

validates_numericality_of :price, in: :price_range

def price_range
  0..max_price
end

Load image processing backend upfront
image_processing autoloads the configured backend on demand, so the first variant after every deploy paid the cost of loading it. The backend is now loaded at boot, which removes that first-request penalty and improves copy-on-write sharing for preforking servers. About 19MB of image_processing/vips now lives in shared memory across forked workers.

Parallelize exist? checks and uploads in MirrorService#mirror
Both phases now run on the existing thread pool via Concurrent::Promise. The file is read once into a frozen string and each mirror gets its own StringIO, with io.rewind guarding against EOF on yield. With a simulated 50ms cloud round-trip, mirroring to five backends drops from roughly 250ms to 50ms.

Allow create_join_table to accept a primary key
create_join_table now accepts a :primary_key option. When provided, id is automatically set to :primary_key so the join table actually has one. Default behavior is unchanged.

create_join_table :assemblies, :parts, primary_key: [:assembly_id, :part_id]

Add exclusion_constraint_exists? and unique_constraint_exists? helpers
The same idempotency check that has long existed for check constraints, foreign keys, and indexes is now available for exclusion and unique constraints.

Accept Tempfile as ActiveStorage attachable
File was already accepted as an attachable, so Tempfile joins it.

http_cache_forever accepts an optional last_modified:
The default is still January 1st 2011, but you can pass a more relevant time when one exists. Active Storage’s ProxyController now uses the new keyword so its responses report a meaningful Last-Modified header.

Fix duplicate where conditions in create_or_find_by
On a relation that already has where conditions, when create_or_find_by catches a RecordNotUnique inside a transaction it retries the lookup with where(attributes).find_by!(attributes), applying the same attributes twice. If the prior scope and the create_or_find_by argument disagree on a column (for example a polluted CollectionProxy), the retry matches nothing and raises RecordNotFound. The retry now only applies the attributes once.

Preserve attachment changes when converting a record to another class via STI
Calling record.becomes(SubclassName) on an unsaved record with pending Active Storage attachments dropped those attachments on the new instance, because @attachment_changes wasn’t carried over (and still pointed at the original record). becomes now copies @attachment_changes to the new instance and rewires each change’s owning record, so a comment.becomes(ModeratedComment) keeps its attached image. Persisted records weren’t affected.

Fix bulk job and email enqueueing methods with no arguments
ActionMailer.deliver_all_later and ActiveJob.perform_all_later are defined inside files that only autoload once a mailer or job class is referenced, so calling either with an empty array in code that didn’t otherwise touch a mailer or job raised NoMethodError. The definitions now live where they get loaded eagerly enough for the empty-array call to work, so a dynamically-built (and possibly empty) batch enqueues cleanly.

Prevent the development welcome route from duplicating on route reload
The internal welcome route’s append block is now registered once per application boot, while keeping the existing append ordering so app-defined root routes still take precedence over the welcome page.

Expose all BatchEnumerator attributes
cursor, order, and use_ranges are now readable on BatchEnumerator, useful for gems that want to inspect or mirror the enumerator’s configuration.

Fix ShareLock ownership under :fiber isolation
ActiveSupport::Concurrency::ShareLock now keys ownership on ActiveSupport::IsolatedExecutionState.context, the same notion of “current execution” that CurrentAttributes and the rest of the framework already use. Behavior under the default :thread isolation is unchanged. @exclusive_thread becomes @exclusive_owner, the :thread key in the # :nodoc: raw state becomes :owner, and ActionDispatch::DebugLocks is updated to match (with a small fix so /rails/locks no longer crashes on Fiber#status).

Release reloader share on rack hijack in ActionDispatch::Executor
The executor now detects hijacked responses inside Executor#call (HTTP 101 upgrades and rack.hijack_io) and completes the executor state eagerly, instead of waiting for body close. The three direct state.complete! call sites are folded into a single idempotent finalize closure so the eager hijack path doesn’t double-complete alongside rack.response_finished. Long-lived hijack consumers like Action Cable already manage reload via before_class_unload, so releasing the share at hijack time is safe.

Use ... and anonymous splats where possible
A small refactor across the framework. Slightly fewer allocations, slightly nicer code.

[RF Docs] Active Record Query Interface This pull request is open for review: a substantial pass over the Active Record Query Interface guide. It works through dozens of review comments, links out to related guides (composite primary keys, security, the Rails API), uses booleans instead of 0 and 1 in examples, expands on create_or_find_by, mentions except alongside only, and reorganizes a few sections. Locking, transactions, eager loading and EXPLAIN are flagged as candidates for a future Performance guide. If you use these guides or care how Rails is taught to newcomers, take a look and leave feedback on the PR.

Escape “API” for the strong_parameters doc
A small docs fix: escape “API” with a backslash so it isn’t rendered as a link.

You can view the whole list of changes here. We had 47 contributors to the Rails codebase this past week!

Until next time!

Subscribe to get these updates mailed to you.