Security releases for Rails 3.2 – 4.x

This week, the Rails team released Rails 3.2.20, 4.0.11, 4.1.7, and 4.2.0.beta3 to address a security issue. These releases contain only the relevant security patch to make upgrading easier.

Rails 4.2.0.beta4 has been released!

In addition to the security releases, a new beta for 4.2.0 was also released, containing all the issues that was reported and fixed since beta2. If all goes well, we should see a Release Candidate for 4.2 very soon!

Please welcome the latest Rails committer

After months of dedicated contributions, @sgrif is now a member of the Rails committers team. Congratulations, Sean!

This week's Rails contributors

This week, 31 contributors made their mark on the Rails codebase and improved the framework for everyone.

`--skip-turbolinks` is back!

We previously reported about a new --skip-gems option in the Rails generator. It was ultimately decided that it was easy enough to remove a single entry from the Gemfile, and it wasn't worthwhile to introduce a new option (and the associated complexity) for that purpose.

On the bright side, the more intuitive and convenient --skip-turbolinks option is back!

Bloated gems

It was reported that the filiesize of the gems in the 4.2.0.beta4 release was unexpectedly large. This was caused by the guides output getting included in the gems by accident. The problem should now be corrected for all future releases.

Fixed circularity check

You have probably bumped into the "Circular dependency detected" message at some point . With this commit, the error message in some of these cases should be more accurate (thus more helpful). See @fxn's comment for more background.

New deprecation for booleans in Active Record

Currently, Active Record maintains a whitelist of "truthy" values, so that when you assigned anything outside of that list to a boolean attribute, it will be type casted to false. In the future, this behavior will be flipped to better match how Ruby handles truthiness.