Rails 6.0.3.4 has been released! It is a security release and addresses a possible XSS attack vector in Actionable Exceptions. You can read more about the issue here and check the commit with the fix here.
A follow-up PR for the above improvement, because the original solution broke `includes?` when an offset was provided, but this change covers that case and falls back to loading the relation in case an offset is provided.
This PR allows one to set the default Cache-Control header to reflect the simple no-store directive exclusively and all other cache directives are dropped when that's set.
20 people contributed to Rails the past week! If you want to be part of that, check out the list of open issues! Until next week!