* Support the use of underscored symbols when registering interceptors and Please check [4-1-stable](https://github.com/rails/rails/blob/4-1-stable/actionmailer/CHANGELOG.md) for previous changes.
observers like we do elsewhere within Rails.
*Andrew White*
* Add the ability to intercept emails before previewing in a similar fashion
to how emails can be intercepted before delivery.
Fixes #13622.
class CSSInlineStyler
def self.previewing_email(message)
# inline CSS styles
ActionMailer::Base.register_preview_interceptor CSSInlineStyler
*Andrew White*
* Add mailer previews feature based on 37 Signals mail_view gem.
*Andrew White*
* Calling `mail()` without arguments serves as getter for the current mail
message and keeps previously set headers.
Fixes #13090.
class MailerWithCallback < ActionMailer::Base
after_action :a_callback
def welcome
mail subject: "subject", to: ["joe@example.com"]
def a_callback
mail # => returns the current mail message
*Yves Senn*
* Instrument the generation of Action Mailer messages. The time it takes to
generate a message is written to the log.
*Daniel Schierbeck*
* Invoke mailer defaults as procs only if they are procs, do not convert with
`to_proc`. That an object is convertible to a proc does not mean it's meant
to be always used as a proc.
Fixes #11533.
*Alex Tsukernik*
Please check [4-0-stable](https://github.com/rails/rails/blob/4-0-stable/actionmailer/CHANGELOG.md) for previous changes.
* Introduce `render :html` as an option to render HTML content with a content Please check [4-1-stable](https://github.com/rails/rails/blob/4-1-stable/actionpack/CHANGELOG.md) for previous changes.
type of `text/html`. This rendering option calls `ERB::Util.html_escape`
internally to escape unsafe HTML string, so you will have to mark your
string as html safe if you have any HTML tag in it.
Please see #12374 for more detail.
*Prem Sichanugrist*
* Introduce `render :plain` as an option to render content with a content type
of `text/plain`. This is the preferred option if you are planning to render
a plain text content.
Please see #12374 for more detail.
*Prem Sichanugrist*
* Introduce `render :body` as an option for sending a raw content back to
browser. Note that this rendering option will unset the default content type
and does not include "Content-Type" header back in the response.
You should only use this option if you are expecting the "Content-Type"
header to not be set. More information on "Content-Type" header can be found
on RFC 2616, section 7.2.1.
Please see #12374 for more detail.
*Prem Sichanugrist*
* Set stream status to 500 (or 400 on BadRequest) when an error is thrown
before commiting.
Fixes #12552.
*Kevin Casey*
* Add new config option `config.action_dispatch.cookies_serializer` for
specifying a serializer for the signed and encrypted cookie jars.
The possible values are:
* `:json` - serialize cookie values with `JSON`
* `:marshal` - serialize cookie values with `Marshal`
* `:hybrid` - transparently migrate existing `Marshal` cookie values to `JSON`
For new apps `:json` option is added by default and `:marshal` is used
when no option is specified to maintain backwards compatibility.
*Łukasz Sarnacki*, *Matt Aimonetti*, *Guillermo Iguaran*, *Godfrey Chan*, *Rafael Mendonça França*
* `FlashHash` now behaves like a `HashWithIndifferentAccess`.
*Guillermo Iguaran*
* Set the `:shallow_path` scope option as each scope is generated rather than
waiting until the `shallow` option is set. Also make the behavior of the
`:shallow` resource option consistent with the behavior of the `shallow` method.
Fixes #12498.
*Andrew White*, *Aleksi Aalto*
* Properly require `action_view` in `AbstractController::Rendering` to prevent
uninitialized constant error for `ENCODING_FLAG`.
*Philipe Fatio*
* Do not discard query parameters that form a hash with the same root key as
the `wrapper_key` for a request using `wrap_parameters`.
*Josh Jordan*
* Ensure that `request.filtered_parameters` is reset between calls to `process`
in `ActionController::TestCase`.
Fixes #13803.
*Andrew White*
* Fix `rake routes` error when `Rails::Engine` with empty routes is mounted.
Fixes #13810.
*Maurizio De Santis*
* Log which keys were affected by deep munge.
Deep munge solves CVE-2013-0155 security vulnerability, but its
behaviour is definately confusing, so now at least information
about for which keys values were set to nil is visible in logs.
*Łukasz Sarnacki*
* Automatically convert dashes to underscores for shorthand routes, e.g:
get '/our-work/latest'
When running `rake routes` you will get the following output:
Prefix Verb URI Pattern Controller#Action
our_work_latest GET /our-work/latest(.:format) our_work#latest
*Mikko Johansson*
* Automatically convert dashes to underscores for url helpers, e.g:
get '/contact-us' => 'pages#contact'
get '/about-us' => 'pages#about_us'
When running `rake routes` you will get the following output:
Prefix Verb URI Pattern Controller#Action
contact_us GET /contact-us(.:format) pages#contact
about_us GET /about-us(.:format) pages#about_us
*Amr Tamimi*
* Fix stream closing when sending file with `ActionController::Live` included.
Fixes #12381
*Alessandro Diaferia*
* Allow an absolute controller path inside a module scope. Fixes #12777.
namespace :foo do
# will route to BarController without the namespace.
get '/special', to: '/bar#index'
* Unique the segment keys array for non-optimized url helpers
In Rails 3.2 you only needed pass an argument for dynamic segment once so
unique the segment keys array to match the number of args. Since the number
of args is less than required parts the non-optimized code path is selected.
This means to benefit from optimized url generation the arg needs to be
specified as many times as it appears in the path.
Fixes #12808.
*Andrew White*
* Show full route constraints in error message.
When an optimized helper fails to generate, show the full route constraints
in the error message. Previously it would only show the contraints that were
required as part of the path.
Fixes #13592.
*Andrew White*
* Use a custom route visitor for optimized url generation. Fixes #13349.
*Andrew White*
* Allow engine root relative redirects using an empty string.
# application routes.rb
mount BlogEngine => '/blog'
# engine routes.rb
get '/welcome' => redirect('')
This now redirects to the path `/blog`, whereas before it would redirect
to the application root path. In the case of a path redirect or a custom
redirect if the path returned contains a host then the path is treated as
absolute. Similarly for option redirects, if the options hash returned
contains a `:host` or `:domain` key then the path is treated as absolute.
Fixes #7977.
*Andrew White*
* Fix `Encoding::CompatibilityError` when public path is UTF-8
In #5337 we forced the path encoding to ASCII-8BIT to prevent static file handling
from blowing up before an application has had chance to deal with possibly invalid
urls. However this has a negative side effect of making it an incompatible encoding
if the application's public path has UTF-8 characters in it.
To work around the problem we check to see if the path has a valid encoding once
it has been unescaped. If it is not valid then we can return early since it will
not match any file anyway.
Fixes #13518.
*Andrew White*
* `ActionController::Parameters#permit!` permits hashes in array values.
*Xavier Noria*
* Converts hashes in arrays of unfiltered params to unpermitted params.
Fixes #13382.
*Xavier Noria*
* New config option to opt out of params "deep munging" that was used to
address security vulnerability CVE-2013-0155. In your app config:
config.action_dispatch.perform_deep_munge = false
Take care to understand the security risk involved before disabling this.
[Read more.](https://groups.google.com/forum/#!topic/rubyonrails-security/t1WFuuQyavI)
*Bernard Potocki*
* `rake routes` shows routes defined under assets prefix.
*Ryunosuke SATO*
* Extend cross-site request forgery (CSRF) protection to GET requests with
JavaScript responses, protecting apps from cross-origin `<script>` tags.
*Jeremy Kemper*
* Fix generating a path for engine inside a resources block.
Fixes #8533.
*Piotr Sarnacki*
* Add `Mime::Type.register "text/vcard", :vcf` to the default list of mime types.
* Remove deprecated `ActionController::RecordIdentifier`, use
`ActionView::RecordIdentifier` instead.
* Fix regression when using `ActionView::Helpers::TranslationHelper#translate` with
This regression was introduced at ec16ba75a5493b9da972eea08bae630eba35b62f.
*Shota Fukumori (sora_h)*
* Introducing Variants
We often want to render different html/json/xml templates for phones,
tablets, and desktop browsers. Variants make it easy.
The request variant is a specialization of the request format, like `:tablet`,
`:phone`, or `:desktop`.
You can set the variant in a `before_action`:
request.variant = :tablet if request.user_agent =~ /iPad/
Respond to variants in the action just like you respond to formats:
respond_to do |format|
format.html do |html|
html.tablet # renders app/views/projects/show.html+tablet.erb
html.phone { extra_setup; render ... }
Provide separate templates for each format and variant:
You can also simplify the variants definition using the inline syntax:
respond_to do |format|
format.js { render "trash" }
format.html.phone { redirect_to progress_path }
format.html.none { render "trash" }
Variants also support common `any`/`all` block that formats have.
It works for both inline:
respond_to do |format|
format.html.any { render text: "any" }
format.html.phone { render text: "phone" }
and block syntax:
respond_to do |format|
format.html do |variant|
variant.any(:tablet, :phablet){ render text: "any" }
variant.phone { render text: "phone" }
*Łukasz Strzałkowski*
* Fix render of localized templates without an explicit format using wrong
content header and not passing correct formats to template due to the
introduction of the `NullType` for mimes.
Templates like `hello.it.erb` were subject to this issue.
Fixes #13064.
*Angelo Capilleri*, *Carlos Antonio da Silva*
* Try to escape each part of a url correctly when using a redirect route.
Fixes #13110.
*Andrew White*
* Better error message for typos in assert_response argument.
When the response type argument to `assert_response` is not a known
response type, `assert_response` now throws an ArgumentError with a clear
message. This is intended to help debug typos in the response type.
*Victor Costan*
* Fix formatting for `rake routes` when a section is shorter than a header.
*Sıtkı Bağdat*
* Take a hash with options inside array in `#url_for`.
url_for [:new, :admin, :post, { param: 'value' }]
# => http://example.com/admin/posts/new?param=value
*Andrey Ognevsky*
* Add `session#fetch` method
fetch behaves like [Hash#fetch](http://www.ruby-doc.org/core-1.9.3/Hash.html#method-i-fetch).
It returns a value from the hash for the given key.
If the key can’t be found, there are several options:
* With no other arguments, it will raise an KeyError exception.
* If a default value is given, then that will be returned.
* If the optional code block is specified, then that will be run and its result returned.
*Damien Mathieu*
* Don't let strong parameters mutate the given hash via `fetch`
Create a new instance if the given parameter is a `Hash` instead of
passing it to the `convert_hashes_to_parameters` method since it is
overriding its default value.
*Brendon Murphy*, *Doug Cole*
* Add `params` option to `button_to` form helper, which renders the given hash
as hidden form fields.
*Andy Waite*
* Make assets helpers work in the controllers like it works in the views.
# config/application.rb
config.asset_host = 'http://mycdn.com'
# => http://mycdn.com/assets/fallback.png
Fixes #10051.
*Tima Maslyuchenko*
* Respect `SCRIPT_NAME` when using `redirect` with a relative path
# application routes.rb
mount BlogEngine => '/blog'
# engine routes.rb
get '/admin' => redirect('admin/dashboard')
This now redirects to the path `/blog/admin/dashboard`, whereas before it would've
generated an invalid url because there would be no slash between the host name and
the path. It also allows redirects to work where the application is deployed to a
subdirectory of a website.
Fixes #7977.
*Andrew White*
* Fixing repond_with working directly on the options hash
This fixes an issue where the respond_with worked directly with the given
options hash, so that if a user relied on it after calling respond_with,
the hash wouldn't be the same.
Fixes #12029.
* Fix `ActionDispatch::RemoteIp::GetIp#calculate_ip` to only check for spoofing
attacks if both `HTTP_CLIENT_IP` and `HTTP_X_FORWARDED_FOR` are set.
Fixes #10844.
*Tamir Duberstein*
* Strong parameters should permit nested number as key.
Fixes #12293.
* Fix regex used to detect URI schemes in `redirect_to` to be consistent with
RFC 3986.
*Derek Prior*
* Fix incorrect `assert_redirected_to` failure message for protocol-relative
*Derek Prior*
* Fix an issue where router can't recognize downcased url encoding path.
Fixes #12269.
* Fix custom flash type definition. Misusage of the `_flash_types` class variable
caused an error when reloading controllers with custom flash types.
Fixes #12057.
*Ricardo de Cillo*
* Do not break params filtering on `nil` values.
Fixes #12149.
*Vasiliy Ermolovich*
* Development mode exceptions are rendered in text format in case of XHR request.
*Kir Shatrov*
* Fix an issue where :if and :unless controller action procs were being run
before checking for the correct action in the :only and :unless options.
Fixes #11799.
*Nicholas Jakobsen*
* Fix an issue where `assert_dom_equal` and `assert_dom_not_equal` were
ignoring the passed failure message argument.
Fixes #11751.
*Ryan McGeary*
* Allow REMOTE_ADDR, HTTP_HOST and HTTP_USER_AGENT to be overridden from
the environment passed into `ActionDispatch::TestRequest.new`.
Fixes #11590.
*Andrew White*
* Fix an issue where Journey was failing to clear the named routes hash when the
routes were reloaded and since it doesn't overwrite existing routes then if a
route changed but wasn't renamed it kept the old definition. This was being
masked by the optimised url helpers so it only became apparent when passing an
options hash to the url helper.
*Andrew White*
* Skip routes pointing to a redirect or mounted application when generating urls
using an options hash as they aren't relevant and generate incorrect urls.
Fixes #8018.
*Andrew White*
* Move `MissingHelperError` out of the `ClassMethods` module.
*Yves Senn*
* Fix an issue where rails raise exception about missing helper where it
should throw `LoadError`. When helper file exists and only loaded file from
this helper does not exist rails should throw LoadError instead of
*Piotr Niełacny*
* Fix `ActionDispatch::ParamsParser#parse_formatted_parameters` to rewind body input stream on
parsing json params.
Fixes #11345.
*Yuri Bol*, *Paul Nikitochkin*
* Ignore spaces around delimiter in Set-Cookie header.
*Yamagishi Kazutoshi*
* Remove deprecated Rails application fallback for integration testing, set
`ActionDispatch.test_app` instead.
*Carlos Antonio da Silva*
* Remove deprecated `page_cache_extension` config.
*Francesco Rodriguez*
* Remove deprecated constants from Action Controller:
ActionController::AbstractRequest => ActionDispatch::Request
ActionController::Request => ActionDispatch::Request
ActionController::AbstractResponse => ActionDispatch::Response
ActionController::Response => ActionDispatch::Response
ActionController::Routing => ActionDispatch::Routing
ActionController::Integration => ActionDispatch::Integration
ActionController::IntegrationTest => ActionDispatch::IntegrationTest
*Carlos Antonio da Silva*
* Fix `Mime::Type.parse` when bad accepts header is looked up. Previously it
was setting `request.formats` with an array containing a `nil` value, which
raised an error when setting the controller formats.
Fixes #10965.
* Merge `:action` from routing scope and assign endpoint if both `:controller`
and `:action` are present. The endpoint assignment only occurs if there is
no `:to` present in the options hash so should only affect routes using the
shorthand syntax (i.e. endpoint is inferred from the path).
Fixes #9856.
*Yves Senn*, *Andrew White*
* Action View extracted from Action Pack.
*Piotr Sarnacki*, *Łukasz Strzałkowski*
Please check [4-0-stable](https://github.com/rails/rails/blob/4-0-stable/actionpack/CHANGELOG.md) for previous changes.
* Fix ActionView label translation for more than 10 nested elements. Please check [4-1-stable](https://github.com/rails/rails/blob/4-1-stable/actionview/CHANGELOG.md) for previous changes.
*Vladimir Krylov*
* Added `:plain`, `:html` and `:body` option for `render` method. Please see
Action Pack's release note for more detail.
*Prem Sichanugrist*
* Date select helpers accept a format string for the months selector via the
new option `:month_format_string`.
When rendered, the format string gets passed keys `:number` (integer), and
`:name` (string), in order to be able to interpolate them as in
'%{name} (%<number>02d)'
for example.
This option is motivated by #13618.
*Xavier Noria*
* Added `config.action_view.raise_on_missing_translations` to define whether an
error should be raised for missing translations.
Fixes #13196.
*Kassio Borges*
* Improved ERB dependency detection. New argument types and formattings for the `render`
calls can be matched.
Fixes #13074, #13116.
*João Britto*
* Use `display:none` instead of `display:inline` for hidden fields.
Fixes #6403.
*Gaelian Ditchburn*
* The `video_tag` helper accepts a number as `:size`.
The `:size` option of the `video_tag` helper now can be specified
with a stringified number. The `width` and `height` attributes of
the generated tag will be the same.
*Kuldeep Aggarwal*
* Escape format, negative_format and units options of number helpers
Fixes: CVE-2014-0081
* A Cycle object should accept an array and cycle through it as it would with a set of
comma-separated objects.
arr = [1,2,3]
cycle(arr) # => '1'
cycle(arr) # => '2'
cycle(arr) # => '3'
Previously, it would return the array as a string, because it took the array as a
single object:
arr = [1,2,3]
cycle(arr) # => '[1,2,3]'
cycle(arr) # => '[1,2,3]'
cycle(arr) # => '[1,2,3]'
*Kristian Freeman*
* Label tags generated by collection helpers only inherit the `:index` and
`:namespace` from the input, because only these attributes modifies the
`for` attribute of the label. Also, the input attributes don't have
precedence over the label attributes anymore.
collection = [[1, true, { class: 'foo' }]]
f.collection_check_boxes :options, collection, :second, :first do |b|
b.label(class: 'my_custom_class')
# => <label class="foo" for="user_active_true">1</label>
collection = [[1, true, { class: 'foo' }]]
f.collection_check_boxes :options, collection, :second, :first do |b|
b.label(class: 'my_custom_class')
# => <label class="my_custom_class" for="user_active_true">1</label>
*Andriel Nuernberg*
* Fixed a long-standing bug in `json_escape` that causes quotation marks to be stripped.
This method also escapes the \u2028 and \u2029 unicode newline characters which are
treated as \n in JavaScript. This matches the behaviour of the AS::JSON encoder. (The
original change in the encoder was introduced in #10534.)
*Godfrey Chan*
* `ActionView::MissingTemplate` includes underscore when raised for a partial.
Fixes #13002.
*Yves Senn*
* Use `set_backtrace` instead of instance variable `@backtrace` in ActionView exceptions.
*Shimpei Makimoto*
* Fix `simple_format` escapes own output when passing `sanitize: true`.
*Paul Seidemann*
* Ensure `ActionView::Digestor.cache` is correctly cleaned up when
combining recursive templates with `ActionView::Resolver.caching = false`.
* Fix `collection_check_boxes` generated hidden input to use the name attribute provided
in the options hash.
*Angel N. Sciortino*
* Fix some edge cases for AV `select` helper with `:selected` option.
*Bogdan Gusiev*
* Ability to pass a block to the `select` helper.
<%= select(report, "campaign_ids") do %>
<% available_campaigns.each do |c| -%>
<%= content_tag(:option, c.name, value: c.id, data: { tags: c.tags.to_json }) %>
<% end -%>
<% end -%>
*Bogdan Gusiev*
* Handle `:namespace` form option in collection labels.
*Vasiliy Ermolovich*
* Fix `form_for` when both `namespace` and `as` options are present.
`as` option no longer overwrites `namespace` option when generating
html id attribute of the form element.
*Adam Niedzielski*
* Fix `excerpt` when `:separator` is `nil`.
*Paul Nikitochkin*
* Only cache template digests if `config.cache_template_loading` is true.
*Josh Lauer*, *Justin Ridgewell*
* Fixed a bug where the lookup details were not being taken into account
when caching the digest of a template - changes to the details now
cause a different cache key to be used.
*Daniel Schierbeck*
* Added an `extname` hash option for `javascript_include_tag` method.
# => <script src="/javascripts/templates.jst.js"></script>
javascript_include_tag('templates.jst', extname: false )
# => <script src="/javascripts/templates.jst"></script>
*Nathan Stitt*
* Fix `current_page?` when the URL contains escaped characters and the
original URL is using the hexadecimal lowercased.
*Rafael Mendonça França*
* Fix `text_area` to behave like `text_field` when `nil` is given as
f.text_field :field, value: nil #=> <input value="">
f.text_area :field, value: nil #=> <textarea>value of field</textarea>
f.text_area :field, value: nil #=> <textarea></textarea>
*Joel Cogen*
* Element of the `grouped_options_for_select` can
optionally contain html attributes as the last element of the array.
[["North America", [['United States','US'],"Canada"], data: { foo: 'bar' }]]
*Vasiliy Ermolovich*
* Fix default rendered format problem when calling `render` without :content_type option.
It should return :html. Fix #11393.
*Gleb Mazovetskiy*, *Oleg*, *kennyj*
* Fix `link_to` with block and url hashes.
link_to(action: 'bar', controller: 'foo') { content_tag(:span, 'Example site') }
# => "<a action=\"bar\" controller=\"foo\"><span>Example site</span></a>"
link_to(action: 'bar', controller: 'foo') { content_tag(:span, 'Example site') }
# => "<a href=\"/foo/bar\"><span>Example site</span></a>"
*Murahashi Sanemat Kenichi*
* Fix "Stack Level Too Deep" error when redering recursive partials.
Fixes #11340.
*Rafael Mendonça França*
* Added an `enforce_utf8` hash option for `form_tag` method.
Control to output a hidden input tag with name `utf8` without monkey
# => '<form>..<input name="utf8" type="hidden" value="&#x2713;" />..</form>'
# => '<form>..<input name="utf8" type="hidden" value="&#x2713;" />..</form>'
form_tag({}, { :enforce_utf8 => false })
# => '<form>....</form>'
* Remove the deprecated `include_seconds` argument from `distance_of_time_in_words`,
pass in an `:include_seconds` hash option to use this feature.
*Carlos Antonio da Silva*
* Remove deprecated block passing to `FormBuilder#new`.
*Vipul A M*
* Pick `DateField` `DateTimeField` and `ColorField` values from stringified options allowing use of symbol keys with helpers.
*Jon Rowe*
* Remove the deprecated `prompt` argument from `grouped_options_for_select`,
pass in a `:prompt` hash option to use this feature.
* Always escape the result of `link_to_unless` method.
link_to_unless(true, '<b>Showing</b>', 'github.com')
# => "<b>Showing</b>"
link_to_unless(true, '<b>Showing</b>', 'github.com')
# => "&lt;b&gt;Showing&lt;/b&gt;"
* Use a case insensitive URI Regexp for #asset_path.
This fix a problem where the same asset path using different case are generating
different URIs.
# => "<img alt=\"Google\" src=\"/assets/HTTP://google.com\" />"
# => "<img alt=\"Google\" src=\"http://google.com\" />"
# => "<img alt=\"Google\" src=\"HTTP://google.com\" />"
# => "<img alt=\"Google\" src=\"http://google.com\" />"
*David Celis*
* Element of the `collection_check_boxes` and `collection_radio_buttons` can
optionally contain html attributes as the last element of the array.
*Vasiliy Ermolovich*
* Update the HTML `BOOLEAN_ATTRIBUTES` in `ActionView::Helpers::TagHelper`
to conform to the latest HTML 5.1 spec. Add attributes `allowfullscreen`,
`default`, `inert`, `sortable`, `truespeed`, `typemustmatch`. Fix attribute
`seamless` (previously misspelled `seemless`).
*Alex Peattie*
* Fix an issue where partials with a number in the filename weren't being digested for cache dependencies.
*Bryan Ricker*
* First release, ActionView extracted from ActionPack.
*Piotr Sarnacki*, *Łukasz Strzałkowski*
Please check [4-0-stable (ActionPack's CHANGELOG)](https://github.com/rails/rails/blob/4-0-stable/actionpack/CHANGELOG.md) for previous changes.
* `#to_param` returns `nil` if `#to_key` returns `nil`. Fixes #11399. Please check [4-1-stable](https://github.com/rails/rails/blob/4-1-stable/activemodel/CHANGELOG.md) for previous changes.
*Yves Senn*
* Ability to specify multiple contexts when defining a validation.
class Person
include ActiveModel::Validations
attr_reader :name
validates_presence_of :name, on: [:verify, :approve]
person = Person.new
person.valid? # => true
person.valid?(:verify) # => false
person.errors.full_messages_for(:name) # => ["Name can't be blank"]
person.valid?(:approve) # => false
person.errors.full_messages_for(:name) # => ["Name can't be blank"]
*Vince Puzzella*
* `attribute_changed?` now accepts a hash to check if the attribute was
changed `:from` and/or `:to` a given value.
model.name_changed?(from: "Pete", to: "Ringo")
*Tejas Dinkar*
* Fix `has_secure_password` to honor bcrypt-ruby's cost attribute.
*T.J. Schuck*
* Updated the `ActiveModel::Dirty#changed_attributes` method to be indifferent between using
symbols and strings as keys.
*William Myers*
* Added new API methods `reset_changes` and `changes_applied` to `ActiveModel::Dirty`
that control changes state. Previsously you needed to update internal
instance variables, but now API methods are available.
*Bogdan Gusiev*
* Fix `has_secure_password` not to trigger `password_confirmation` validations
if no `password_confirmation` is set.
*Vladimir Kiselev*
* `inclusion` / `exclusion` validations with ranges will only use the faster
`Range#cover` for numerical ranges, and the more accurate `Range#include?`
for non-numerical ones.
Fixes range validations like `:a..:f` that used to pass with values like `:be`.
Fixes #10593.
*Charles Bergeron*
* Fix regression in `has_secure_password`. When a password is set, but a
confirmation is an empty string, it would incorrectly save.
*Steve Klabnik* and *Phillip Calvin*
* Deprecate `Validator#setup`. This should be done manually now in the validator's constructor.
*Nick Sutterer*
Please check [4-0-stable](https://github.com/rails/rails/blob/4-0-stable/activemodel/CHANGELOG.md) for previous changes.
* Fixed missing line and shadow on service pages(404, 422, 500). Please check [4-1-stable](https://github.com/rails/rails/blob/4-1-stable/guides/CHANGELOG.md) for previous changes.
*Dmitry Korotkov*
* Removed repetitive th tags. Instead of them added one th tag with a colspan attribute.
*Sıtkı Bağdat*
* Added the Rails maintenance policy to the guides.
*Matias Korhonen*
Please check [4-0-stable](https://github.com/rails/rails/blob/4-0-stable/guides/CHANGELOG.md) for previous changes.
* Do not crash when `config/secrets.yml` is empty. Please check [4-1-stable](https://github.com/rails/rails/blob/4-1-stable/railties/CHANGELOG.md) for previous changes.
*Yves Senn*
* Set `dump_schema_after_migration` config values in production.
Set `config.active_record.dump_schema_after_migration` as false
in the generated `config/environments/production.rb` file.
*Emil Soman*
* Added Thor-action for creation of migrations.
Fixes #13588, #12674.
*Gert Goet*
* Ensure that `bin/rails` is a file before trying to execute it.
Fixes #13825.
* Use single quotes in generated files.
*Cristian Mircea Messel*, *Chulki Lee*
* The `Gemfile` of new applications depends on SDoc ~> 0.4.0.
*Xavier Noria*
* `test_help.rb` now automatically checks/maintains your test database
schema. (Use `config.active_record.maintain_test_schema = false` to
*Jon Leighton*
* Configure `secrets.yml` and `database.yml` to read configuration
from the system environment by default for production.
*José Valim*
* `config.assets.raise_runtime_errors` is set to true by default
This option has been introduced in
and defaults to true in new applications in development.
*Richard Schneeman*
* Generates `html` and `text` templates for mailers by default.
*Kassio Borges*
* Move `secret_key_base` from `config/initializers/secret_token.rb`
to `config/secrets.yml`.
`secret_key_base` is now saved in `Rails.application.secrets.secret_key_base`
and it fallbacks to the value of `config.secret_key_base` when it is not
present in `config/secrets.yml`.
`config/initializers/secret_token.rb` is not generated by default
in new applications.
*Guillermo Iguaran*
* Generate a new `secrets.yml` file in the `config` folder for new
applications. By default, this file contains the application's `secret_key_base`,
but it could also be used to store other secrets such as access keys for external
The secrets added to this file will be accessible via `Rails.application.secrets`.
For example, with the following `secrets.yml`:
secret_key_base: 3b7cd727ee24e8444053437c36cc66c3
some_api_key: SOMEKEY
`Rails.application.secrets.some_api_key` will return `SOMEKEY` in the development
*Guillermo Iguaran*
* Add `ENV['DATABASE_URL']` support in `rails dbconsole`. Fixes #13320.
*Huiming Teo*
* Add `Application#message_verifier` method to return a message verifier.
This verifier can be used to generate and verify signed messages in the application.
message = Rails.application.message_verifier(:sensitive_data).generate('my sensible data')
# => 'my sensible data'
It is recommended not to use the same verifier for different things, so you can get different
verifiers passing the name argument.
message = Rails.application.message_verifier(:cookies).generate('my sensible cookie data')
See the `ActiveSupport::MessageVerifier` documentation for more information.
*Rafael Mendonça França*
* The [Spring application
preloader](https://github.com/rails/spring) is now installed
by default for new applications. It uses the development group of
the Gemfile, so will not be installed in production.
*Jon Leighton*
* Uses .railsrc while creating new plugin if it is available.
Fixes #10700.
*Prathamesh Sonpatki*
* Remove turbolinks when generating a new application based on a template that skips it.
Skips turbolinks adding `add_gem_entry_filter { |gem| gem.name != "turbolinks" }`
to the template.
*Lauro Caetano*
* Instrument an `load_config_initializer.railties` event on each load of configuration initializer
from `config/initializers`. Subscribers should be attached before `load_config_initializers`
initializer completed.
Registering subscriber examples:
# config/application.rb
module RailsApp
class Application < Rails::Application
ActiveSupport::Notifications.subscribe('load_config_initializer.railties') do |*args|
event = ActiveSupport::Notifications::Event.new(*args)
puts "Loaded initializer #{event.payload[:initializer]} (#{event.duration}ms)"
# my_engine/lib/my_engine/engine.rb
module MyEngine
class Engine < ::Rails::Engine
config.before_initialize do
ActiveSupport::Notifications.subscribe('load_config_initializer.railties') do |*args|
event = ActiveSupport::Notifications::Event.new(*args)
puts "Loaded initializer #{event.payload[:initializer]} (#{event.duration}ms)"
*Paul Nikitochkin*
* Support for Pathnames in eager load paths.
*Mike Pack*
* Fixed missing line and shadow on service pages(404, 422, 500).
*Dmitry Korotkov*
* `BACKTRACE` environment variable to show unfiltered backtraces for
test failures.
$ BACKTRACE=1 ruby -Itest ...
# or with rake
$ BACKTRACE=1 bin/rake
*Yves Senn*
* Removal of all javascript stuff (gems and files) when generating a new
application using the `--skip-javascript` option.
*Robin Dupret*
* Make the application name snake cased when it contains spaces
The application name is used to fill the `database.yml` and
`session_store.rb` files ; previously, if the provided name
contained whitespaces, it led to unexpected names in these files.
*Robin Dupret*
* Added `--model-name` option to `ScaffoldControllerGenerator`.
* Expose MiddlewareStack#unshift to environment configuration.
*Ben Pickles*
* `rails server` will only extend the logger to output to STDOUT
in development environment.
*Richard Schneeman*
* Don't require passing path to app before options in `rails new`
and `rails plugin new`
*Piotr Sarnacki*
* rake notes now searches *.less files
*Josh Crowder*
* Generate nested route for namespaced controller generated using
`rails g controller`.
Fixes #11532.
rails g controller admin/dashboard index
# Before:
get "dashboard/index"
# After:
namespace :admin do
get "dashboard/index"
*Prathamesh Sonpatki*
* Fix the event name of action_dispatch requests.
*Rafael Mendonça França*
* Make `config.log_level` work with custom loggers.
*Max Shytikov*
* Changed stylesheet load order in the stylesheet manifest generator.
Fixes #11639.
*Pawel Janiak*
* Added generated unit test for generator generator using new
`test:generators` rake task.
*Josef Šimánek*
* Removed `update:application_controller` rake task.
*Josef Šimánek*
* Fix `rake environment` to do not eager load modules
*Paul Nikitochkin*
* Fix `rake notes` to look into `*.sass` files
*Yuri Artemev*
* Removed deprecated `Rails.application.railties.engines`.
*Arun Agrawal*
* Removed deprecated threadsafe! from Rails Config.
*Paul Nikitochkin*
* Remove deprecated `ActiveRecord::Generators::ActiveModel#update_attributes` in
favor of `ActiveRecord::Generators::ActiveModel#update`.
*Vipul A M*
* Remove deprecated `config.whiny_nils` option.
*Vipul A M*
* Rename `commands/plugin_new.rb` to `commands/plugin.rb` and fix references
*Richard Schneeman*
* Fix `rails plugin --help` command.
*Richard Schneeman*
* Omit turbolinks configuration completely on skip_javascript generator option.
*Nikita Fedyashev*
* Removed deprecated rake tasks for running tests: `rake test:uncommitted` and
`rake test:recent`.
*John Wang*
* Clearing autoloaded constants triggers routes reloading.
Fixes #10685.
*Xavier Noria*
* Fixes bug with scaffold generator with `--assets=false --resource-route=false`.
Fixes #9525.
*Arun Agrawal*
* Rails::Railtie no longer forces the Rails::Configurable module on everything
that subclasses it. Instead, the methods from Rails::Configurable have been
moved to class methods in Railtie and the Railtie has been made abstract.
*John Wang*
* Changes repetitive th tags to use colspan attribute in `index.html.erb` template.
*Sıtkı Bağdat*
Please check [4-0-stable](https://github.com/rails/rails/blob/4-0-stable/railties/CHANGELOG.md) for previous changes.
