8 files changed, 53 insertions, 13 deletions

diff --git a/Gemfile.lock b/Gemfile.lock
index 1a5ca8d49e..a7da2311b6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -70,7 +70,7 @@ PATH
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-      zeitwerk (~> 1.4)
+      zeitwerk (~> 1.4, >= 1.4.2)
     rails (6.0.0.beta3)
       actioncable (= 6.0.0.beta3)
       actionmailbox (= 6.0.0.beta3)
@@ -517,7 +517,7 @@ GEM
     websocket-extensions (0.1.3)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (1.4.0)
+    zeitwerk (1.4.2)
 
 PLATFORMS
   java
diff --git a/actiontext/lib/action_text/attribute.rb b/actiontext/lib/action_text/attribute.rb
index f9a604096c..ddc6822a4c 100644
--- a/actiontext/lib/action_text/attribute.rb
+++ b/actiontext/lib/action_text/attribute.rb
@@ -26,7 +26,7 @@ module ActionText
       def has_rich_text(name)
         class_eval <<-CODE, __FILE__, __LINE__ + 1
           def #{name}
-            self.rich_text_#{name} ||= ActionText::RichText.new(name: "#{name}", record: self)
+            rich_text_#{name} || build_rich_text_#{name}
           end
 
           def #{name}=(body)
diff --git a/actiontext/test/unit/model_test.rb b/actiontext/test/unit/model_test.rb
index f4328ba2ce..af53f88caa 100644
--- a/actiontext/test/unit/model_test.rb
+++ b/actiontext/test/unit/model_test.rb
@@ -67,4 +67,12 @@ class ActionText::ModelTest < ActiveSupport::TestCase
     message.update! review_attributes: { id: message.review.id, content: "Great work!" }
     assert_equal "Great work!", message.review.reload.content.to_plain_text
   end
+
+  test "building content lazily on existing record" do
+    message = Message.create!(subject: "Greetings")
+
+    assert_no_difference -> { ActionText::RichText.count } do
+      assert_kind_of ActionText::RichText, message.content
+    end
+  end
 end
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md
index 6717004ceb..43688fc8a7 100644
--- a/actionview/CHANGELOG.md
+++ b/actionview/CHANGELOG.md
@@ -2,7 +2,7 @@
 
 *   Only accept formats from registered mime types
 
-    A lack of filtering on mime types could allow an a attacker to read
+    A lack of filtering on mime types could allow an attacker to read
     arbitrary files on the target server or to perform a denial of service
     attack.
 
diff --git a/activerecord/lib/active_record/autosave_association.rb b/activerecord/lib/active_record/autosave_association.rb
index d77d76cb1e..fe94662543 100644
--- a/activerecord/lib/active_record/autosave_association.rb
+++ b/activerecord/lib/active_record/autosave_association.rb
@@ -457,10 +457,16 @@ module ActiveRecord
       # If the record is new or it has changed, returns true.
       def record_changed?(reflection, record, key)
         record.new_record? ||
-          (record.has_attribute?(reflection.foreign_key) && record[reflection.foreign_key] != key) ||
+          association_foreign_key_changed?(reflection, record, key) ||
           record.will_save_change_to_attribute?(reflection.foreign_key)
       end
 
+      def association_foreign_key_changed?(reflection, record, key)
+        return false if reflection.through_reflection?
+
+        record.has_attribute?(reflection.foreign_key) && record[reflection.foreign_key] != key
+      end
+
       # Saves the associated record if it's new or <tt>:autosave</tt> is enabled.
       #
       # In addition, it will destroy the association if it was marked for destruction.
diff --git a/activerecord/test/cases/autosave_association_test.rb b/activerecord/test/cases/autosave_association_test.rb
index 54eb885f6a..1a0732c14b 100644
--- a/activerecord/test/cases/autosave_association_test.rb
+++ b/activerecord/test/cases/autosave_association_test.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "cases/helper"
+require "models/author"
 require "models/bird"
 require "models/post"
 require "models/comment"
@@ -1319,21 +1320,45 @@ end
 class TestAutosaveAssociationOnAHasOneThroughAssociation < ActiveRecord::TestCase
   self.use_transactional_tests = false unless supports_savepoints?
 
-  def setup
-    super
+  def create_member_with_organization
     organization = Organization.create
-    @member = Member.create
-    MemberDetail.create(organization: organization, member: @member)
+    member = Member.create
+    MemberDetail.create(organization: organization, member: member)
+
+    member
   end
 
   def test_should_not_has_one_through_model
-    class << @member.organization
+    member = create_member_with_organization
+
+    class << member.organization
+      def save(*args)
+        super
+        raise "Oh noes!"
+      end
+    end
+    assert_nothing_raised { member.save }
+  end
+
+  def create_author_with_post_with_comment
+    Author.create! name: "David" # make comment_id not match author_id
+    author = Author.create! name: "Sergiy"
+    post = Post.create! author: author, title: "foo", body: "bar"
+    Comment.create! post: post, body: "cool comment"
+
+    author
+  end
+
+  def test_should_not_reversed_has_one_through_model
+    author = create_author_with_post_with_comment
+
+    class << author.comment_on_first_post
       def save(*args)
         super
         raise "Oh noes!"
       end
     end
-    assert_nothing_raised { @member.save }
+    assert_nothing_raised { author.save }
   end
 end
 
diff --git a/activesupport/activesupport.gemspec b/activesupport/activesupport.gemspec
index 51f5086cca..be041944f6 100644
--- a/activesupport/activesupport.gemspec
+++ b/activesupport/activesupport.gemspec
@@ -34,5 +34,5 @@ Gem::Specification.new do |s|
   s.add_dependency "tzinfo",          "~> 1.1"
   s.add_dependency "minitest",        "~> 5.1"
   s.add_dependency "concurrent-ruby", "~> 1.0", ">= 1.0.2"
-  s.add_dependency "zeitwerk",        "~> 1.4"
+  s.add_dependency "zeitwerk",        "~> 1.4", ">= 1.4.2"
 end
diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index 6bc6c548d2..038284ebdd 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -409,7 +409,8 @@ module Rails
     # The secret_key_base is used as the input secret to the application's key generator, which in turn
     # is used to create all MessageVerifiers/MessageEncryptors, including the ones that sign and encrypt cookies.
     #
-    # In test and development, this is simply derived as a MD5 hash of the application's name.
+    # In development and test, this is randomly generated and stored in a
+    # temporary file in <tt>tmp/development_secret.txt</tt>.
     #
     # In all other environments, we look for it first in ENV["SECRET_KEY_BASE"],
     # then credentials.secret_key_base, and finally secrets.secret_key_base. For most applications,