diff options
Diffstat (limited to 'railties/CHANGELOG.md')
-rw-r--r-- | railties/CHANGELOG.md | 81 |
1 files changed, 73 insertions, 8 deletions
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index e55217c5c4..109c4836d5 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -1,3 +1,66 @@ +* New applications get `config.cache_classes = false` in `config/environments/test.rb` + unless `--skip-spring`. + + *Xavier Noria* + +* Autoloading during initialization is deprecated. + + *Xavier Noria* + +* Only force `:async` ActiveJob adapter to `:inline` during seeding. + + *BatedUrGonnaDie* + +* The `connection` option of `rails dbconsole` command is deprecated in + favor of `database` option. + + *Yuji Yaginuma* + +* Replace `chromedriver-helper` gem with `webdrivers` in default Gemfile. + `chromedriver-helper` is deprecated as of March 31, 2019 and won't + receive any further updates. + + *Guillermo Iguaran‮* + +* Applications running in `:zeitwerk` mode that use `bootsnap` need + to upgrade `bootsnap` to at least 1.4.2. + + *Xavier Noria* + +* Add `config.disable_sandbox` option to Rails console. + + This setting will disable `rails console --sandbox` mode, preventing + developer from accidentally starting a sandbox console, + which when left inactive, can cause the database server to run out of memory. + + *Prem Sichanugrist* + +* Add `-e/--environment` option to `rails initializers`. + + *Yuji Yaginuma* + + +## Rails 6.0.0.beta3 (March 11, 2019) ## + +* Generate random development secrets + + A random development secret is now generated to tmp/development_secret.txt + + This avoids an issue where development mode servers were vulnerable to + remote code execution. + + Fixes CVE-2019-5420 + + *Eileen M. Uchitelle*, *Aaron Patterson*, *John Hawthorn* + + +## Rails 6.0.0.beta2 (February 25, 2019) ## + +* Fix non-symbol access to nested hashes returned from `Rails::Application.config_for` + being broken by allowing non-symbol access with a deprecation notice. + + *Ufuk Kayserilioglu* + * Fix deeply nested namespace command printing. *Gannon McGibbon* @@ -37,7 +100,9 @@ gsub Gemfile ``` - The change command copies a template `config/database.yml` with the target database adapter into your app, and replaces your database gem with the target database gem. + The change command copies a template `config/database.yml` with + the target database adapter into your app, and replaces your database gem + with the target database gem. *Gannon McGibbon* @@ -61,9 +126,9 @@ *George Claghorn* -* Introduce guard against DNS rebinding attacks +* Introduce guard against DNS rebinding attacks. - The `ActionDispatch::HostAuthorization` is a new middleware that prevent + The `ActionDispatch::HostAuthorization` is a new middleware that prevents against DNS rebinding and other `Host` header attacks. It is included in the development environment by default with the following configuration: @@ -75,7 +140,7 @@ In other environments `Rails.application.config.hosts` is empty and no `Host` header checks will be done. If you want to guard against header - attacks on production, you have to manually whitelist the allowed hosts + attacks on production, you have to manually permit the allowed hosts with: Rails.application.config.hosts << "product.com" @@ -88,7 +153,7 @@ # `beta1.product.com`. Rails.application.config.hosts << /.*\.product\.com/ - A special case is supported that allows you to whitelist all sub-domains: + A special case is supported that allows you to permit all sub-domains: # Allow requests from subdomains like `www.product.com` and # `beta1.product.com`. @@ -171,7 +236,7 @@ The encryption key can be in `ENV["RAILS_MASTER_KEY"]` or `config/credentials/production.key`. Environment credentials overrides can be edited with `rails credentials:edit --environment production`. - If no override is setup for the passed environment, it will be created. + If no override is set up for the passed environment, it will be created. Additionally, the default lookup paths can be overwritten with these configs: @@ -261,9 +326,9 @@ *Jose Luis Duran* -* Deprecate support for using the `HOST` environment to specify the server IP. +* Deprecate support for using the `HOST` environment variable to specify the server IP. - The `BINDING` environment should be used instead. + The `BINDING` environment variable should be used instead. Fixes #29516. |