aboutsummaryrefslogtreecommitdiffstats
path: root/guides
diff options
context:
space:
mode:
Diffstat (limited to 'guides')
-rw-r--r--guides/source/5_0_release_notes.md73
-rw-r--r--guides/source/action_mailer_basics.md12
-rw-r--r--guides/source/configuring.md2
-rw-r--r--guides/source/security.md2
4 files changed, 80 insertions, 9 deletions
diff --git a/guides/source/5_0_release_notes.md b/guides/source/5_0_release_notes.md
index 8f664d4215..a868c5f856 100644
--- a/guides/source/5_0_release_notes.md
+++ b/guides/source/5_0_release_notes.md
@@ -94,6 +94,10 @@ Please refer to the [Changelog][railties] for detailed changes.
* Deprecated `config.serve_static_files` in favor of `config.public_file_server.enabled`.
([Pull Request](https://github.com/rails/rails/pull/22173))
+* Deprecated the tasks in the `rails` task namespace in favor of the `app` namespace.
+ (e.g. `rails:update` and `rails:template` tasks is renamed to `app:update` and `app:template`.)
+ ([Pull Request](https://github.com/rails/rails/pull/23439))
+
### Notable changes
* Added Rails test runner `bin/rails test`.
@@ -120,6 +124,23 @@ Please refer to the [Changelog][railties] for detailed changes.
([Pull Request](https://github.com/rails/rails/pull/22457),
[Pull Request](https://github.com/rails/rails/pull/22288))
+* New applications are generated with the evented file system monitor enabled
+ on Linux and Mac OS X. The feature can be opted out by passing
+ `--skip-listen` to the generator.
+ ([commit](https://github.com/rails/rails/commit/de6ad5665d2679944a9ee9407826ba88395a1003),
+ [commit](https://github.com/rails/rails/commit/94dbc48887bf39c241ee2ce1741ee680d773f202))
+
+* Generate applications with an option to log to STDOUT in production
+ using the environment variable `RAILS_LOG_TO_STDOUT`.
+ ([Pull Request](https://github.com/rails/rails/pull/23734))
+
+* Enable HSTS with IncludeSudomains header for new applications.
+ ([Pull Request](https://github.com/rails/rails/pull/23852))
+
+* The application generator writes a new file `config/spring.rb`, which tells
+ Spring to watch additional common files.
+ ([commit](https://github.com/rails/rails/commit/b04d07337fd7bc17e88500e9d6bcd361885a45f8))
+
Action Pack
-----------
@@ -262,6 +283,17 @@ Please refer to the [Changelog][action-pack] for detailed changes.
(Pull Request [1](https://github.com/rails/rails/pull/19377),
[2](https://github.com/rails/rails/pull/23827))
+* Added an option for per-form CSRF tokens.
+ ([Pull Request](https://github.com/rails/rails/pull/22275))
+
+* Added request encoding and response parsing to integration tests.
+ ([Pull Request](https://github.com/rails/rails/pull/21671))
+
+* Update default rendering policies when the controller action did
+ not explicitly indicate a response.
+ ([Pull Request](https://github.com/rails/rails/pull/23827))
+
+
Action View
-------------
@@ -286,8 +318,9 @@ Please refer to the [Changelog][action-view] for detailed changes.
* Changed the default template handler from `ERB` to `Raw`.
([commit](https://github.com/rails/rails/commit/4be859f0fdf7b3059a28d03c279f03f5938efc80))
-* Collection rendering automatically caches and fetches multiple partials.
- ([Pull Request](https://github.com/rails/rails/pull/18948))
+* Collection rendering can cache and fetches multiple partials.
+ ([Pull Request](https://github.com/rails/rails/pull/18948),
+ [commit](https://github.com/rails/rails/commit/e93f0f0f133717f9b06b1eaefd3442bd0ff43985))
* Allow defining explicit collection caching using a `# Template Collection: ...`
directive inside templates.
@@ -300,6 +333,9 @@ Please refer to the [Changelog][action-view] for detailed changes.
button on submit to prevent double submits.
([Pull Request](https://github.com/rails/rails/pull/21135))
+* Collection rendering can cache and fetch multiple partials at once.
+ ([Pull Request](https://github.com/rails/rails/pull/21135))
+
Action Mailer
-------------
@@ -333,7 +369,9 @@ Please refer to the [Changelog][action-mailer] for detailed changes.
the mailer queue name.
([Pull Request](https://github.com/rails/rails/pull/18587))
-* Added `config.action_mailer.perform_caching` configuration to determine whether your templates should perform caching or not.
+* Added support for fragment caching in Action Mailer views.
+ Added new config option `config.action_mailer.perform_caching` to determine
+ whether your templates should perform caching or not.
([Pull Request](https://github.com/rails/rails/pull/22825))
@@ -453,6 +491,10 @@ Please refer to the [Changelog][active-record] for detailed changes.
`offset` method on relation instead.
([Pull Request](https://github.com/rails/rails/pull/22053))
+* Deprecated `{insert|update|delete}_sql` in `DatabaseStatements`.
+ Use the `{insert|update|delete}` public methods instead.
+ ([Pull Request](https://github.com/rails/rails/pull/23086))
+
### Notable changes
* Added a `foreign_key` option to `references` while creating the table.
@@ -554,6 +596,9 @@ Please refer to the [Changelog][active-record] for detailed changes.
model behavior.
([Pull Request](https://github.com/rails/rails/pull/22567))
+* Added ActiveRecord `#second_to_last` and `#third_to_last` methods.
+ ([Pull Request](https://github.com/rails/rails/pull/23583))
+
Active Model
------------
@@ -631,6 +676,10 @@ Please refer to the [Changelog][active-job] for detailed changes.
queue jobs to a `concurrent-ruby` thread pool.
([Pull Request](https://github.com/rails/rails/pull/21257))
+* Change the default adapter from inline to async. It's a better default as
+ tests will then not mistakenly come to rely on behavior happening
+ synchronously.
+ ([commit](https://github.com/rails/rails/commit/625baa69d14881ac49ba2e5c7d9cac4b222d7022))
Active Support
--------------
@@ -699,6 +748,13 @@ Please refer to the [Changelog][active-support] for detailed changes.
Deprecated `ActiveSupport::Cache::LocaleCache#set_cache_value` in favor of `write_cache_value`.
([Pull Request](https://github.com/rails/rails/pull/22215))
+* Deprecated passing arguments to `assert_nothing_raised`.
+ ([Pull Request](https://github.com/rails/rails/pull/23789))
+
+* Deprecated `Module.local_constants` in favor of `Module.constants(false)`.
+ ([Pull Request](https://github.com/rails/rails/pull/23936))
+
+
### Notable changes
* Added `#verified` and `#valid_message?` methods to
@@ -768,6 +824,17 @@ Please refer to the [Changelog][active-support] for detailed changes.
class and module variables that live per-thread.
([Pull Request](https://github.com/rails/rails/pull/22630))
+* Added `Array#second_to_last` and `Array#third_to_last` methods.
+ ([Pull Request](https://github.com/rails/rails/pull/23583))
+
+* Added `#on_weekday?` method to `Date`, `Time`, and `DateTime`.
+ ([Pull Request](https://github.com/rails/rails/pull/23687))
+
+* Publish `ActiveSupport::Executor` and `ActiveSupport::Reloader` APIs to allow
+ components and libraries to manage, and participate in, the execution of
+ application code, and the application reloading process.
+ ([Pull Request](https://github.com/rails/rails/pull/23807))
+
Credits
-------
diff --git a/guides/source/action_mailer_basics.md b/guides/source/action_mailer_basics.md
index 558c16f5b0..5346b7c32b 100644
--- a/guides/source/action_mailer_basics.md
+++ b/guides/source/action_mailer_basics.md
@@ -204,10 +204,14 @@ class UsersController < ApplicationController
end
```
-NOTE: Active Job's default behavior is to execute jobs ':inline'. So, you can use
-`deliver_later` now to send emails, and when you later decide to start sending
-them from a background job, you'll only need to set up Active Job to use a queueing
-backend (Sidekiq, Resque, etc).
+NOTE: Active Job's default behavior is to execute jobs via the `:async` adapter. So, you can use
+`deliver_later` now to send emails asynchronously.
+Active Job's default adapter runs jobs with an in-process thread pool.
+It's well-suited for the development/test environments, since it doesn't require
+any external infrastructure, but it's a poor fit for production since it drops
+pending jobs on restart.
+If you need a persistent backend, you will need to use an Active Job adapter
+that has a persistent backend (Sidekiq, Resque, etc).
If you want to send emails right away (from a cronjob for example) just call
`deliver_now`:
diff --git a/guides/source/configuring.md b/guides/source/configuring.md
index 33165ba166..e57d873719 100644
--- a/guides/source/configuring.md
+++ b/guides/source/configuring.md
@@ -583,7 +583,7 @@ There are a few configuration options available in Active Support:
`config.active_job` provides the following configuration options:
-* `config.active_job.queue_adapter` sets the adapter for the queueing backend. The default adapter is `:inline` which will perform jobs immediately. For an up-to-date list of built-in adapters see the [ActiveJob::QueueAdapters API documentation](http://api.rubyonrails.org/classes/ActiveJob/QueueAdapters.html).
+* `config.active_job.queue_adapter` sets the adapter for the queueing backend. The default adapter is `:async`. For an up-to-date list of built-in adapters see the [ActiveJob::QueueAdapters API documentation](http://api.rubyonrails.org/classes/ActiveJob/QueueAdapters.html).
```ruby
# Be sure to have the adapter's gem in your Gemfile
diff --git a/guides/source/security.md b/guides/source/security.md
index f4a9f64669..4883c1abe7 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -160,7 +160,7 @@ The most effective countermeasure is to _issue a new session identifier_ and dec
reset_session
```
-If you use the popular RestfulAuthentication plugin for user management, add reset_session to the SessionsController#create action. Note that this removes any value from the session, _you have to transfer them to the new session_.
+If you use the popular [Devise](https://rubygems.org/gems/devise) gem for user management, it will automatically expire sessions on sign in and sign out for you. If you roll your own, remember to expire the session after your sign in action (when the session is created). This will remove values from the session, therefore _you will have to transfer them to the new session_.
Another countermeasure is to _save user-specific properties in the session_, verify them every time a request comes in, and deny access, if the information does not match. Such properties could be the remote IP address or the user agent (the web browser name), though the latter is less user-specific. When saving the IP address, you have to bear in mind that there are Internet service providers or large organizations that put their users behind proxies. _These might change over the course of a session_, so these users will not be able to use your application, or only in a limited way.
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-24 10:50:23 +0000