Hey, this is Greg, bringing you the latest news about Ruby on Rails!
Rails 6.0.3.4 has been released! It is a security release and addresses a possible XSS attack vector in Actionable Exceptions.
You can read more about the issue here and check the commit with the fix here.
This PR introduces an `exists?` call instead of loading the entire relation into memory and that makes it better performing.

A follow-up PR for the above improvement, because the original solution broke `includes?` when an offset was provided, but this change covers that case and falls back to loading the relation in case an offset is provided.
With this change, it is possible to build conditions based on the record's attributes for a uniqueness validation.

This PR allows one to set the default Cache-Control header to reflect the simple no-store directive exclusively and all other cache directives are dropped when that's set.
20 people contributed to Rails the past week! If you want to be part of that, check out the list of open issues! Until next week!