18 files changed, 70 insertions, 5 deletions

diff --git a/actioncable/actioncable.gemspec b/actioncable/actioncable.gemspec
index 137fa64431..f4af0330d7 100644
--- a/actioncable/actioncable.gemspec
+++ b/actioncable/actioncable.gemspec
@@ -2,6 +2,9 @@
 
 version = File.read(File.expand_path("../RAILS_VERSION", __dir__)).strip
 
+# NOTE: There's no need to update dependencies for CVEs in minor
+# releases when users can simply run `bundle update vulnerable_gem`.
+
 Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.name        = "actioncable"
diff --git a/actionmailer/actionmailer.gemspec b/actionmailer/actionmailer.gemspec
index f2fb160bdd..efcdcf019a 100644
--- a/actionmailer/actionmailer.gemspec
+++ b/actionmailer/actionmailer.gemspec
@@ -2,6 +2,9 @@
 
 version = File.read(File.expand_path("../RAILS_VERSION", __dir__)).strip
 
+# NOTE: There's no need to update dependencies for CVEs in minor
+# releases when users can simply run `bundle update vulnerable_gem`.
+
 Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.name        = "actionmailer"
diff --git a/actionpack/actionpack.gemspec b/actionpack/actionpack.gemspec
index 1dc8abf746..4b9c729955 100644
--- a/actionpack/actionpack.gemspec
+++ b/actionpack/actionpack.gemspec
@@ -2,6 +2,9 @@
 
 version = File.read(File.expand_path("../RAILS_VERSION", __dir__)).strip
 
+# NOTE: There's no need to update dependencies for CVEs in minor
+# releases when users can simply run `bundle update vulnerable_gem`.
+
 Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.name        = "actionpack"
diff --git a/actionview/actionview.gemspec b/actionview/actionview.gemspec
index 49ee1a292b..938d8b4b90 100644
--- a/actionview/actionview.gemspec
+++ b/actionview/actionview.gemspec
@@ -2,6 +2,9 @@
 
 version = File.read(File.expand_path("../RAILS_VERSION", __dir__)).strip
 
+# NOTE: There's no need to update dependencies for CVEs in minor
+# releases when users can simply run `bundle update vulnerable_gem`.
+
 Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.name        = "actionview"
diff --git a/activejob/activejob.gemspec b/activejob/activejob.gemspec
index be6292f737..cc27deb338 100644
--- a/activejob/activejob.gemspec
+++ b/activejob/activejob.gemspec
@@ -2,6 +2,9 @@
 
 version = File.read(File.expand_path("../RAILS_VERSION", __dir__)).strip
 
+# NOTE: There's no need to update dependencies for CVEs in minor
+# releases when users can simply run `bundle update vulnerable_gem`.
+
 Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.name        = "activejob"
diff --git a/activemodel/activemodel.gemspec b/activemodel/activemodel.gemspec
index 7be466dc4c..22ca37071c 100644
--- a/activemodel/activemodel.gemspec
+++ b/activemodel/activemodel.gemspec
@@ -2,6 +2,9 @@
 
 version = File.read(File.expand_path("../RAILS_VERSION", __dir__)).strip
 
+# NOTE: There's no need to update dependencies for CVEs in minor
+# releases when users can simply run `bundle update vulnerable_gem`.
+
 Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.name        = "activemodel"
diff --git a/activerecord/activerecord.gemspec b/activerecord/activerecord.gemspec
index a857d00c05..2c049f21ea 100644
--- a/activerecord/activerecord.gemspec
+++ b/activerecord/activerecord.gemspec
@@ -2,6 +2,9 @@
 
 version = File.read(File.expand_path("../RAILS_VERSION", __dir__)).strip
 
+# NOTE: There's no need to update dependencies for CVEs in minor
+# releases when users can simply run `bundle update vulnerable_gem`.
+
 Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.name        = "activerecord"
diff --git a/activerecord/lib/active_record/attribute_methods.rb b/activerecord/lib/active_record/attribute_methods.rb
index 1e92ee3b96..fd8c1da842 100644
--- a/activerecord/lib/active_record/attribute_methods.rb
+++ b/activerecord/lib/active_record/attribute_methods.rb
@@ -328,7 +328,7 @@ module ActiveRecord
     #   person.attribute_for_inspect(:tag_ids)
     #   # => "[1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11]"
     def attribute_for_inspect(attr_name)
-      value = read_attribute(attr_name)
+      value = _read_attribute(attr_name)
       format_for_inspect(value)
     end
 
diff --git a/activerecord/lib/active_record/core.rb b/activerecord/lib/active_record/core.rb
index da3e2549a2..50f3087c51 100644
--- a/activerecord/lib/active_record/core.rb
+++ b/activerecord/lib/active_record/core.rb
@@ -498,7 +498,7 @@ module ActiveRecord
       inspection = if defined?(@attributes) && @attributes
         self.class.attribute_names.collect do |name|
           if has_attribute?(name)
-            attr = read_attribute(name)
+            attr = _read_attribute(name)
             value = if attr.nil?
               attr.inspect
             else
@@ -528,7 +528,7 @@ module ActiveRecord
               pp.text attr_name
               pp.text ":"
               pp.breakable
-              value = read_attribute(attr_name)
+              value = _read_attribute(attr_name)
               value = inspection_filter.filter_param(attr_name, value) unless value.nil?
               pp.pp value
             end
diff --git a/activerecord/test/cases/attribute_methods_test.rb b/activerecord/test/cases/attribute_methods_test.rb
index 6c2e256447..0dbdd56ae6 100644
--- a/activerecord/test/cases/attribute_methods_test.rb
+++ b/activerecord/test/cases/attribute_methods_test.rb
@@ -56,6 +56,13 @@ class AttributeMethodsTest < ActiveRecord::TestCase
     assert_equal "[1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11]", t.attribute_for_inspect(:content)
   end
 
+  test "attribute_for_inspect with a non-primary key id attribute" do
+    t = topics(:first).becomes(TitlePrimaryKeyTopic)
+    t.title = "The First Topic Now Has A Title With\nNewlines And More Than 50 Characters"
+
+    assert_equal "1", t.attribute_for_inspect(:id)
+  end
+
   test "attribute_present" do
     t = Topic.new
     t.title = "hello there!"
diff --git a/activerecord/test/cases/core_test.rb b/activerecord/test/cases/core_test.rb
index f7fbf3ee8a..36e3d543cd 100644
--- a/activerecord/test/cases/core_test.rb
+++ b/activerecord/test/cases/core_test.rb
@@ -30,6 +30,11 @@ class CoreTest < ActiveRecord::TestCase
     assert_equal %(#<Topic id: 1, title: "The First Topic">), Topic.all.merge!(select: "id, title", where: "id = 1").first.inspect
   end
 
+  def test_inspect_instance_with_non_primary_key_id_attribute
+    topic = topics(:first).becomes(TitlePrimaryKeyTopic)
+    assert_match(/id: 1/, topic.inspect)
+  end
+
   def test_inspect_class_without_table
     assert_equal "NonExistentTable(Table doesn't exist)", NonExistentTable.inspect
   end
@@ -110,4 +115,11 @@ class CoreTest < ActiveRecord::TestCase
     PP.pp(subtopic.new, StringIO.new(actual))
     assert_equal "inspecting topic\n", actual
   end
+
+  def test_pretty_print_with_non_primary_key_id_attribute
+    topic = topics(:first).becomes(TitlePrimaryKeyTopic)
+    actual = +""
+    PP.pp(topic, StringIO.new(actual))
+    assert_match(/id: 1/, actual)
+  end
 end
diff --git a/activerecord/test/models/topic.rb b/activerecord/test/models/topic.rb
index 4aad6a4498..03430154db 100644
--- a/activerecord/test/models/topic.rb
+++ b/activerecord/test/models/topic.rb
@@ -138,6 +138,10 @@ class BlankTopic < Topic
   end
 end
 
+class TitlePrimaryKeyTopic < Topic
+  self.primary_key = :title
+end
+
 module Web
   class Topic < ActiveRecord::Base
     has_many :replies, dependent: :destroy, foreign_key: "parent_id", class_name: "Web::Reply"
diff --git a/activestorage/activestorage.gemspec b/activestorage/activestorage.gemspec
index cb1bb00a25..0b879e270c 100644
--- a/activestorage/activestorage.gemspec
+++ b/activestorage/activestorage.gemspec
@@ -2,6 +2,9 @@
 
 version = File.read(File.expand_path("../RAILS_VERSION", __dir__)).strip
 
+# NOTE: There's no need to update dependencies for CVEs in minor
+# releases when users can simply run `bundle update vulnerable_gem`.
+
 Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.name        = "activestorage"
diff --git a/activesupport/activesupport.gemspec b/activesupport/activesupport.gemspec
index aa695c98b2..75b38f3552 100644
--- a/activesupport/activesupport.gemspec
+++ b/activesupport/activesupport.gemspec
@@ -2,6 +2,9 @@
 
 version = File.read(File.expand_path("../RAILS_VERSION", __dir__)).strip
 
+# NOTE: There's no need to update dependencies for CVEs in minor
+# releases when users can simply run `bundle update vulnerable_gem`.
+
 Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.name        = "activesupport"
diff --git a/activesupport/lib/active_support/testing/parallelization.rb b/activesupport/lib/active_support/testing/parallelization.rb
index c03a07873d..9c8dffa9d8 100644
--- a/activesupport/lib/active_support/testing/parallelization.rb
+++ b/activesupport/lib/active_support/testing/parallelization.rb
@@ -79,7 +79,14 @@ module ActiveSupport
                 reporter = job[2]
                 result   = Minitest.run_one_method(klass, method)
 
-                queue.record(reporter, result)
+                begin
+                  queue.record(reporter, result)
+                rescue DRb::DRbConnError
+                  result.failures.each do |failure|
+                    failure.exception = DRb::DRbRemoteError.new(failure.exception)
+                  end
+                  queue.record(reporter, result)
+                end
               end
             ensure
               run_cleanup(worker)
diff --git a/guides/source/debugging_rails_applications.md b/guides/source/debugging_rails_applications.md
index 7f7766e7d7..3a383cbd4d 100644
--- a/guides/source/debugging_rails_applications.md
+++ b/guides/source/debugging_rails_applications.md
@@ -232,7 +232,7 @@ irb(main):003:0> Article.pamplemousse
 => #<Comment id: 2, author: "1", body: "Well, actually...", article_id: 1, created_at: "2018-10-19 00:56:10", updated_at: "2018-10-19 00:56:10">
 ```
 
-Below each database statement you can see arrows pointing to the specific source filename (and line number) of the method that resulted in a database call. This can help you identity and address performance problems caused by N+1 queries: single database queries that generates multiple additional queries.
+Below each database statement you can see arrows pointing to the specific source filename (and line number) of the method that resulted in a database call. This can help you identify and address performance problems caused by N+1 queries: single database queries that generates multiple additional queries.
 
 Verbose query logs are enabled by default in the development environment logs after Rails 5.2.
 
diff --git a/guides/source/security.md b/guides/source/security.md
index bb996cc39c..66b922ea35 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -1235,6 +1235,11 @@ version:
 Rails.application.credentials.some_api_key! # => raises KeyError: :some_api_key is blank
 ```
 
+Dependency Management and CVEs
+------------------------------
+
+Please note that we do not accept patches for CVE version bumps. This is because application owners need to manually update their gems regardless of our efforts. Use `bundle update --conservative gem_name` to safely update vulnerable dependencies.
+
 Additional Resources
 --------------------
 
diff --git a/railties/railties.gemspec b/railties/railties.gemspec
index 6fdb4648c2..98155a35e3 100644
--- a/railties/railties.gemspec
+++ b/railties/railties.gemspec
@@ -2,6 +2,9 @@
 
 version = File.read(File.expand_path("../RAILS_VERSION", __dir__)).strip
 
+# NOTE: There's no need to update dependencies for CVEs in minor
+# releases when users can simply run `bundle update vulnerable_gem`.
+
 Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.name        = "railties"