Rails 3.0.9 has been released!

CCH : From Riding Rails

Posted by aaronp June 16, 2011 @ 10:27 AM
Hi everybody!
Rails 3.0.9 has been released! Since I am at Nordic Ruby, I will deem this Nordic Ruby Edition. ;-)
The main boogs fixed in this release are problems dealing with modifications of SafeBuffers.
gem install rails or update your Gemfile and bundle update while it's hot!

CHANGES

The major changes in this release of Rails are bug fixes surrounding modifications to SafeBuffer strings. We had places that were modifying SafeBuffers and those places raised exceptions after the security fixes in the 3.0.8 release.
We've since updated those code paths, and now we have this nice release for you today!
Please check the CHANGELOG files in each section on github for more details.
For an exhaustive list of the commits in this release, please see github.

Gem checksums

SHA-1:

• fb8f3c0b6c866dbad05ec33baf2af7e851f9d745 actionmailer-3.0.9.gem
• 9bc2c05463962320d0497bb2e30f4ffa66ed4f79 actionpack-3.0.9.gem
• 2c1004747a22f756722cf95605398bf9ba6244ed activemodel-3.0.9.gem
• 285759d41c79460a3f49d26d8a0b3f8c9279e868 activerecord-3.0.9.gem
• 28f2b296525caeca1341467b5f1bbb90de88aaa7 activesupport-3.0.9.gem
• 09d52fdcbeefba31dd267d3d7484332ec30f7539 rails-3.0.9.gem
• 8b46dbeddb56e2e4b4ebfb5312fe81eb865a47e7 railties-3.0.9.gem

Please enjoy this release of Rails!

Rails 3.0.5 has been released!

 CCH: From Riding Rails Blog

Posted by spastorino February 27, 2011 @ 03:52 PM

Aaron Patterson showed us some tenderlove this week by releasing Rails 3.0.5. Have a peek at what got updated.

Bugs Fixed

• Fix when gzip returns a UTF-8 string on Ruby 1.9, when it is actually binary. commit

• Active Record limit values will not escape Arel SQL Literal nodes. commit

• Relation#where calls will always produce AND statements regardless of how conditions hashes behaves (reverting 00693209ecc).

• Observer callbacks will only be executed once when using STI classes in ActiveRecord. commit

Deprecations Added:

• Deprecate Relation#& alias for Relation#merge. commit

• Deprecated support for interpolated association conditions with the :conditions => ‘foo = #{bar}’ syntax, and added the new interpolation syntax which is :conditions => proc { “foo = #{bar}” }. commit

This is not a complete list of changes. The complete list of changes can be found here

SHA1 Checksums:

• actionmailer-3.0.5.gem b25750c8126aa21db27d7b0ee829b2e94e525ebc

• actionpack-3.0.5.gem 0a6f7f9ac2960ff224c913877a2917e1bea80df3

• activemodel-3.0.5.gem 1556900a7afa1cdcdf4641edbcdd2c24f98bb2de

• activerecord-3.0.5.gem 33dd05d7362931564f6f15ea7130cc27a5fc09e8

• activeresource-3.0.5.gem 758f893cbb7ef945c857bf4ca044b94017bdc437

• activesupport-3.0.5.gem 195fa3f7fa044134703a655cdb906edb515286c4

• rails-3.0.5.gem 32322bf9952d76c5fa0054c8533c0c58609f40aa

• railties-3.0.5.gem 3dddf14736dec991c3dbbe2d89495613e72c19c7

Rails for Zombies

Posted by Gregg Pollack November 18, 2010 @ 07:01 PM on Riding Rails


This morning my team over at Envy Labs released a free online tutorial called Rails for Zombies. The website combines screencasts with in-browser coding to provide an interactive learning experience teaching the basics of Ruby on Rails.

Learning Rails for the first time should be fun, and Rails for Zombies allows you to get your feet wet without any setup or configuration. At the moment the application has five episodes. Each episode consists of a single screencast followed by a group of exercises which must be completed before moving forward. Once you complete all the labs, you unlock a hidden video which shows you where to go to continue your Rails learning.
If you have any friends who need to get started with Rails, hopefully this will help.

.Rails 3.0.3: Faster Active Record plus fixes Released on 15 Nov 2010

Posted by David November 15, 2010 @ 07:34 PM on Riding Rails
How about some free speed? Well, here you go. Rails 3.0.3 includes a much faster version of Active Record that reclaims the performance lost when we went from Rails 2.3.x to 3.x and then some. Aaron Patterson has done a phenomenal job benchmarking, tweaking, and tuning the ARel engine that underpins Active Record 3 and the result is Teh Snappy.
You can read more about Aaron’s work in his ARel 2.0 write-up. If you dare, you can also have a look at his RubyConf slides that went over the rewrite and speed-up in even greater detail (warning: there are slides of boys kissing!).
In addition to the free speed, we’ve also included a truckload of minor fixes. So everything just works better and faster. What more can you ask for? Oh, that it’s a drop-in replacement for Rails 3.0—there are no API changes. You got it.
See all the changes on Github. Install the latest version using gem install rails. Or bind yourself to the v3.0.3 tag.
Enjoy!
Note: Active Record 3.0.3 is mistakenly reporting its tiny version as 1 instead of 3. This has no impact on anything you do unless you were specifically checking that tiny version. But if it bothers you lots, it’s fixed on the 3-0-stable branch.

Security Vulnerability in Nested Attributes code in Ruby On Rails 2.3.9 and 3.0.0

Posted by michael October 15, 2010 @ 02:35 AM on Riding Rails


There is a vulnerability in the nested attributes handling code in some versions of Ruby on Rails. An attacker could manipulate form parameters and make changes to records other than those the developer intended. This vulnerability has been assigned the identifier CVE-2010-3933.

• Versions Affected: 3.0.0, 2.3.9
• Not affected: Versions earlier than 2.3.9 and applications which do not use accepts_nested_attributes_for
• Fixed Versions: 3.0.1, 2.3.10

Impact

An attacker could change parameter names for form inputs and make changes to arbitrary records in the system. All users running an affected release should upgrade immediately.

Releases

The 3.0.1 and 2.3.10 releases are available at the normal locations. The 3.0.1 release consists solely of 3.0.0 with the security issue fixed, 3.0.2 will follow shortly and include other bugfixes as well as this fix. 2.3.10 is a regular release in the 2.3 series.

Workarounds

There are no feasible workarounds for this issue.

Patches

To aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

• Patch for 2.3 series
• Patch for 3.0 series

Please note that only the 2.3.x and 3.0.x series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible.

Credits

Thanks to Matti Paksula and Juha Suuraho of Enemy & Sons Ltd for reporting the vulnerability to us and helping verify the fix.

Ruby on Rails 2.3.9 Released on 4th September 2010

Posted by Jeremy Kemper September 04, 2010 @ 09:45 PM

We’ve released Ruby on Rails 2.3.9 (gem and git tag) to extend the 2.3.8 bridge a few steps closer to Rails 3 and Ruby 1.9. If your app runs on Rails 2.3.9 without deprecation warnings, you’re looking good for an upgrade to Rails 3.

Deprecations

• Changes i18n named-interpolation syntax from the deprecated Hello {{name}} to the 1.9-native Hello %{name}.
• Replaces Kernel#returning with Object#tap which is native to Ruby 1.8.7.
• Renames Array#random_element to Array#sample which is native to Ruby 1.9.
• Renames config.load_paths and .load_once_paths to the more accurate config.autoload_paths and .autoload_once_paths.

Along with these deprecations come a broad array of bugfixes and minor tweaks. Read the commit log for the full story.
Onward to 3.1!