aboutsummaryrefslogtreecommitdiffstats
path: root/railties
Commit message (Collapse)AuthorAgeFilesLines
* Routes from Engine Railties should not be an infinite loopAaron Patterson2018-09-261-0/+6
|
* Eager load supports individual filesAaron Patterson2018-09-262-4/+8
| | | | Also we want to eager load routes before anything else.
* Eagerly define attribute methods in productionEugene Kenny2018-09-241-0/+47
| | | | | | | | | | | | | The attribute methods for a model are currently defined lazily the first time that model is instantiated, even when `config.eager_load` is true. This means the first request to use each model incurs the cost, which usually involves a database round trip to fetch the schema definition. By defining the attribute methods for all models while the application is booting, we move that work out of any individual request. When using a forking web server, this also reduces the number of times the schema definition is queried by doing it once in the parent process instead of from each forked process during their first request.
* Merge pull request #33949 from sjain1107/no-private-defKasper Timm Hansen2018-09-231-8/+10
|\ | | | | Remove private def
| * Remove private defSakshi Jain2018-09-231-8/+10
| |
* | Enable `Performance/UnfreezeString` copyuuji.yaginuma2018-09-239-9/+9
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In Ruby 2.3 or later, `String#+@` is available and `+@` is faster than `dup`. ```ruby # frozen_string_literal: true require "bundler/inline" gemfile(true) do source "https://rubygems.org" gem "benchmark-ips" end Benchmark.ips do |x| x.report('+@') { +"" } x.report('dup') { "".dup } x.compare! end ``` ``` $ ruby -v benchmark.rb ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux] Warming up -------------------------------------- +@ 282.289k i/100ms dup 187.638k i/100ms Calculating ------------------------------------- +@ 6.775M (± 3.6%) i/s - 33.875M in 5.006253s dup 3.320M (± 2.2%) i/s - 16.700M in 5.032125s Comparison: +@: 6775299.3 i/s dup: 3320400.7 i/s - 2.04x slower ```
* Make sure this test check the issue solved in #31135Rafael Mendonça França2018-09-221-6/+12
| | | | | | | | | | | | | | | Before this change this test was passing even if we revert #31135. The reason for that is that `app 'development'` will load the environment in the test process and it is happening before db_create_and_drop is called. This was not asserting that the environment was loaded in the db:create task itself. To test it we enhance the db:create task with a block that writes to a tmp file the value of the config. If the environment is loaded before that task enhancement runs the content of the file will have "true" insteand of "false".
* Switch to supports_cache_versioning? check to a class methodschneems2018-09-202-2/+4
| | | | | - Moving the `supports_cache_versioning?` check to a class method. - Shorten the method doc. - Expand on the error message.
* [close #33907] Error when using "recyclable" cache keys with a store that ↵schneems2018-09-202-0/+17
| | | | | | | | | | | | | | does not support it If you are using the "in cache versioning" also known as "recyclable cache keys" the cache store must be aware of this scheme, otherwise you will generate cache entries that never invalidate. This PR adds a check to the initialization process to ensure that if recyclable cache keys are being used via ``` config.active_record.cache_versioning = true ``` Then the cache store needs to show that it supports this versioning scheme. Cache stores can let Rails know that they support this scheme by adding a method `supports_in_cache_versioning?` and returning true.
* Fixed to RAILS_MASTER_KEY as a default env key for decrypting.Wojciech Wnętrzak2018-09-204-12/+8
| | | | | Fixes mistake left in https://github.com/rails/rails/pull/33521/files#diff-2a29095afcfe2c683b82a779a94c2208R59 and misunderstanding in https://github.com/rails/rails/commit/d69b04de0ff33237209afea6f6cac3ab27934908
* Fix env name for master keyyuuji.yaginuma2018-09-203-3/+3
| | | | When using environment specific credentials, `RAILS_MASTER_KEY` is not used.
* Support environment specific credentials file. (#33521)Wojciech Wnętrzak2018-09-197-29/+163
| | | | | | For `production` environment look first for `config/credentials/production.yml.enc` file that can be decrypted by `ENV["RAILS_MASTER_KEY"]` or `config/credentials/production.key` master key. Edit given environment credentials file by command `rails credentials:edit --environment production`. Default behavior can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`.
* Add test for `config.active_storage.routes_prefix`yuuji.yaginuma2018-09-151-0/+18
| | | | Follow up #33883.
* Remove mysql2 gem version requirement "< 0.6.0"Yasuo Honda2018-09-142-2/+2
| | | | Suggested at https://github.com/rails/rails/pull/33876#issuecomment-421176221
* Bump MySQL version requirement to 5.5.8 in the template filesYasuo Honda2018-09-132-2/+2
| | | | Follow-up #33853
* Validate if `utf8mb4` character set and longer index key prefix is supportedYasuo Honda2018-09-131-1/+0
| | | | | | | | | | | Once #33608 merged If users create a new database using MySQL 5.1.x, it will fail to create databases since MySQL 5.1 does not know `utf8mb4` character set. This pull request removes `encoding: utf8mb4` from `mysql.yml.tt` to let create_database method handles default character set by MySQL server version. `supports_longer_index_key_prefix?` method will need to validate if MySQL 5.5 and 5.6 server configured correctly to support longer index key prefix, but not yet.
* Add a test that exercice better the behavior we expect in the query cacheRafael Mendonça França2018-09-121-2/+43
| | | | | | | In production the query cache was already being loaded before the first request even without #33856, so added a test to make sure of it. This new test is passing even if #33856 is reverted.
* Build string set when `filter_attributes` is assignedbogdanvlviv2018-09-121-1/+2
| | | | | | | | | It would allow `filter_attributes` to be reused across multiple calls to `#inspect` or `#pretty_print`. - Add `require "set"` - Remove `filter_attributes` instance reader. I think there is no need to keep it.
* Fix query cache to load before first requestEileen Uchitelle2018-09-121-0/+33
| | | | | | | | | | | | | | | | In a test app we observed that the query cache was not enabled on the first request. This was because the query cache hooks are installed on load and active record is loaded in the middle of the first request. If we remove the `on_load` from the railtie the query cache hooks will be installed before the first request, allowing the cache to be enabled on that first request. This is ok because query cache doesn't load anything else, only itself so we're not eager loading all of active record before the first request, just the query cache hooks. [Eileen M. Uchitelle & Matthew Draper]
* Merge pull request #33819 from kevindew/yarn-pathRafael França2018-09-111-1/+1
|\ | | | | Run yarn install relative to Rails.root
| * Run yarn install relative to Rails.rootKevin Dew2018-09-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We may not always have binstubs relative to the directory we are running the rake task from. The particular case for this is with a mountable Rails engine and dummy app that is created to test it. This sets all the tasks up to run under an `app` namespace in railties/lib/rails/tasks/engine.rake This change resolves a problem whereby running `app:yarn:install` would have no effect as it would try to run in the plugins bin directory rather than the test/dummy/bin. This also means that it installs from test/dummy/package.json and into test/dummy/node_modules which is behaviour consistent with a normal Rails app. On a rails engine: ``` ➜ tmp rails plugin new rails-plugin --mountable ➜ tmp cd rails-plugin ``` Before this change: ``` ➜ rails-plugin rake app:yarn:install ➜ rails-plugin ``` After this change: ``` ➜ rails-plugin rake app:yarn:install yarn install v1.9.4 info No lockfile found. [1/4] 🔍 Resolving packages... [2/4] 🚚 Fetching packages... [3/4] 🔗 Linking dependencies... [4/4] 📃 Building fresh packages... ✨ Done in 0.07s. ``` When this change is ran against a normal rails install there is not a behavioural change: ``` ➜ tmp rails new full-app ➜ tmp cd full-app ➜ full-app git:(master) ✗ rake yarn:install yarn install v1.9.4 info No lockfile found. [1/4] 🔍 Resolving packages... [2/4] 🚚 Fetching packages... [3/4] 🔗 Linking dependencies... [4/4] 📃 Building fresh packages... ✨ Done in 0.09s. ```
* | Merge pull request #33483 from DylanReile/masterRafael França2018-09-111-0/+2
|\ \ | | | | | | Disable content security policy for mailer previews
| * | Disable content security policy for mailer previewsDylan Reile2018-07-301-0/+2
| | |
* | | Merge pull request #33815 from mberlanda/mberlanda/enhance-config-forRafael França2018-09-112-3/+53
|\ \ \ | | | | | | | | Use ActiveSupport::InheritableOptions and deep_symbolize_keys in config_for
| * | | refacto: config_for with ActiveSupport::InheritableOptions and symbolized keysMauro Berlanda2018-09-112-3/+53
| | |/ | |/|
* | | use "minitest" consistentlyXavier Noria2018-09-113-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | The name of the minitest library is spelled that way: regular font, and lowercase. Lowercase is used even at the beginning of sentences, see http://docs.seattlerb.org/minitest/ I double-checked this with @zenspider too (thanks!).
* | | Merge pull request #33785 from bogdanvlviv/follow-up-33773-33779Rafael França2018-09-111-1/+1
|\ \ \ | | | | | | | | Clarify changelog entry added in #33779 [ci skip]
| * | | Clarify changelog entry added in #33779 [ci skip]bogdanvlviv2018-09-031-1/+1
| | | | | | | | | | | | | | | | Related to #33773
* | | | Use utf8mb4 character set by default for MySQL database (#33608)Yasuo Honda2018-09-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Use utf8mb4 character set by default `utf8mb4` character set supports supplementary characters including emoji. `utf8` character set with 3-Byte encoding is not enough to support them. There was a downside of 4-Byte length character set with MySQL 5.5 and 5.6: "ERROR 1071 (42000): Specified key was too long; max key length is 767 bytes" for Rails string data type which is mapped to varchar(255) type. MySQL 5.7 supports 3072 byte key prefix length by default. * Remove `DEFAULT COLLATE` from Active Record unit test databases There should be no "one size fits all" collation in MySQL 5.7. Let MySQL server choose the default collation for Active Record unit test databases. Users can choose their best collation for their databases by setting `options[:collation]` based on their requirements. * InnoDB FULLTEXT indexes support since MySQL 5.6 it does not have to use MyISAM storage engine whose maximum key length is 1000 bytes. Using MyISAM storag engine with utf8mb4 character set would cause "Specified key was too long; max key length is 1000 bytes" https://dev.mysql.com/doc/refman/5.6/en/innodb-fulltext-index.html * References "10.9.1 The utf8mb4 Character Set (4-Byte UTF-8 Unicode Encoding)" https://dev.mysql.com/doc/refman/5.7/en/charset-unicode-utf8mb4.html "10.9.2 The utf8mb3 Character Set (3-Byte UTF-8 Unicode Encoding)" https://dev.mysql.com/doc/refman/5.7/en/charset-unicode-utf8.html "14.8.1.7 Limits on InnoDB Tables" https://dev.mysql.com/doc/refman/5.7/en/innodb-restrictions.html > If innodb_large_prefix is enabled (the default), the index key prefix limit is 3072 bytes > for InnoDB tables that use DYNAMIC or COMPRESSED row format. * CI against MySQL 5.7 Followed this instruction and changed root password to empty string. https://docs.travis-ci.com/user/database-setup/#MySQL-57 * The recommended minimum version of MySQL is 5.7.9 to support utf8mb4 character set and `innodb_default_row_format` MySQL 5.7.9 introduces `innodb_default_row_format` to support 3072 byte length index by default. Users do not have to change MySQL database configuration to support Rails string type. https://dev.mysql.com/doc/refman/5.7/en/innodb-parameters.html#sysvar_innodb_default_row_format https://dev.mysql.com/doc/refman/5.7/en/innodb-restrictions.html > If innodb_large_prefix is enabled (the default), > the index key prefix limit is 3072 bytes for InnoDB tables that use DYNAMIC or COMPRESSED row format. * The recommended minimum version of MariaDB is 10.2.2 MariaDB 10.2.2 is the first version of MariaDB supporting `innodb_default_row_format` Also MariaDB says "MySQL 5.7 is compatible with MariaDB 10.2". - innodb_default_row_format https://mariadb.com/kb/en/library/xtradbinnodb-server-system-variables/#innodb_default_row_format - "MariaDB versus MySQL - Compatibility" https://mariadb.com/kb/en/library/mariadb-vs-mysql-compatibility/ > MySQL 5.7 is compatible with MariaDB 10.2 - "Supported Character Sets and Collations" https://mariadb.com/kb/en/library/supported-character-sets-and-collations/
* | | | Use correct variableyuuji.yaginuma2018-09-112-6/+6
| | | | | | | | | | | | | | | | Follow up of 3e81490717a314437f9123d86fa3e9dc55558e95.
* | | | Remove all references to slave in the codebaseRafael Mendonça França2018-09-104-30/+30
| |/ / |/| |
* | | Configuration item `config.filter_parameters` could also filter out ↵Zhang Kang2018-09-071-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sensitive value of database column when call `#inspect` * Why Some sensitive data will be exposed in log accidentally by calling `#inspect`, e.g. ```ruby @account = Account.find params[:id] payload = { account: @account } logger.info "payload will be #{ payload }" ``` All the information of `@account` will be exposed in log. * Solution Add a class attribute filter_attributes to specify which values of columns shouldn't be exposed. This attribute equals to `Rails.application.config.filter_parameters` by default. ```ruby Rails.application.config.filter_parameters += [:credit_card_number] Account.last.insepct # => #<Account id: 123, credit_card_number: [FILTERED] ...> ```
* | | Formatting CHANGELOGs [ci skip]Ryuta Kamizono2018-09-071-4/+4
| | | | | | | | | | | | Fixing code block rendering, indentation, backticks, etc.
* | | Use canonical name for block localyuuji.yaginuma2018-09-072-15/+15
| | | | | | | | | | | | | | | | | | | | | | | | `spec` is the same variable name as gemspec generated by bundler, and its intention is easier to understand than a one-letter variable. https://github.com/bundler/bundler/blob/00fd58eaa69015092ee272c4cb5aa92a5e7ee45c/lib/bundler/templates/newgem/newgem.gemspec.tt#L11 This is follow up on 1c59b4840c58097186022f68427c46e0046c5d0d. `spec` is already in use there.
* | | Generate a gem that can't be pushed to Rubygems.org by defaultRafael Mendonça França2018-09-061-0/+9
| | | | | | | | | | | | | | | This will avoid gems that are made to be private to be pushed to public repositories.
* | | Respect config setting when output deprecation notice in rake tasksyuuji.yaginuma2018-09-047-6/+9
|/ / | | | | | | | | | | | | | | | | The rake tasks which became deprecate now does not load the environment. Therefore, even if the application specifies the behavior of deprecating, the message is output to stderr ignoring the specification. It seems that this is not the expected behavior. We should respect the setting even in the rake tasks.
* | Update changelog with null_store defaultMichael Nelson2018-09-021-0/+4
| | | | | | | | [ci skip]
* | Merge pull request #33773 from mcnelson/null_cache_store_for_test_envGeorge Claghorn2018-09-021-0/+1
|\ \ | | | | | | Make null_store the default cache store in test environment config
| * | Set cache store as null_store for test environmentMichael Nelson2018-08-021-0/+1
| | |
* | | Merge pull request #33770 from eileencodes/multi-db-improvements-part-3Eileen M. Uchitelle2018-09-012-7/+37
|\ \ \ | | | | | | | | Part 3: Multi-db Improvements, identifying replica configurations
| * | | Convert configs_for to kwargs, add include_replicasEileen Uchitelle2018-08-312-7/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes the `configs_for` method from using traditional arguments to using kwargs. This is so I can add the `include_replicas` kwarg without having to always include `env_name` and `spec_name` in the method call. `include_replicas` defaults to false because everywhere internally in Rails we don't want replicas. `configs_for` is for iterating over configurations to create / run rake tasks, so we really don't ever need replicas in that case.
* | | | Remove needless test order configyuuji.yaginuma2018-09-011-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These were added for avoiding warnings and for testing in e4c529ea1d94ef548975e45b91a7fec045aeefbc and 6ea7065a18671872f1486cff3fdaeb4f78fa6332. Now the default is `:random`, and since the tests added with it are removed. That config is unnecessary.
* | | | Merge pull request #33743 from ↵Rafael França2018-08-312-15/+79
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | steakknife/steakknife/improve-template-generator-actions add github to template actions, template actions minor refactor
| * | | | add github to template actions, light DSL refactorBarry Allard2018-08-302-15/+79
| | | | |
* | | | | Emit warning for unknown inflection rule when generating model.Yoshiyuki Kinjo2018-08-314-3/+35
| |/ / / |/| | | | | | | | | | | | | | | | | | | For words like "abuse", Rails cannot derive its singular form from plural form "abuses" without defining custom inflection rule. `rails generate model` and its families now emit warning for this case.
* | | | Merge pull request #33637 from eileencodes/ar-connection-management-refactoringEileen M. Uchitelle2018-08-301-10/+10
|\ \ \ \ | | | | | | | | | | Refactor Active Record configurations
| * | | | Refactors Active Record connection managementEileen Uchitelle2018-08-301-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While the three-tier config makes it easier to define databases for multiple database applications, it quickly became clear to offer full support for multiple databases we need to change the way the connections hash was handled. A three-tier config means that when Rails needed to choose a default configuration (in the case a user doesn't ask for a specific configuration) it wasn't clear to Rails which the default was. I [bandaid fixed this so the rake tasks could work](#32271) but that fix wasn't correct because it actually doubled up the configuration hashes. Instead of attemping to manipulate the hashes @tenderlove and I decided that it made more sense if we converted the hashes to objects so we can easily ask those object questions. In a three tier config like this: ``` development: primary: database: "my_primary_db" animals: database; "my_animals_db" ``` We end up with an object like this: ``` @configurations=[ #<ActiveRecord::DatabaseConfigurations::HashConfig:0x00007fd1acbded10 @env_name="development",@spec_name="primary", @config={"adapter"=>"sqlite3", "database"=>"db/development.sqlite3"}>, #<ActiveRecord::DatabaseConfigurations::HashConfig:0x00007fd1acbdea90 @env_name="development",@spec_name="animals", @config={"adapter"=>"sqlite3", "database"=>"db/development.sqlite3"}> ]> ``` The configurations setter takes the database configuration set by your application and turns them into an `ActiveRecord::DatabaseConfigurations` object that has one getter - `@configurations` which is an array of all the database objects. The configurations getter returns this object by default since it acts like a hash in most of the cases we need. For example if you need to access the default `development` database we can simply request it as we did before: ``` ActiveRecord::Base.configurations["development"] ``` This will return primary development database configuration hash: ``` { "database" => "my_primary_db" } ``` Internally all of Active Record has been converted to use the new objects. I've built this to be backwards compatible but allow for accessing the hash if needed for a deprecation period. To get the original hash instead of the object you can either add `to_h` on the configurations call or pass `legacy: true` to `configurations. ``` ActiveRecord::Base.configurations.to_h => { "development => { "database" => "my_primary_db" } } ActiveRecord::Base.configurations(legacy: true) => { "development => { "database" => "my_primary_db" } } ``` The new configurations object allows us to iterate over the Active Record configurations without losing the known environment or specification name for that configuration. You can also select all the configs for an env or env and spec. With this we can always ask any object what environment it belongs to: ``` db_configs = ActiveRecord::Base.configurations.configurations_for("development") => #<ActiveRecord::DatabaseConfigurations:0x00007fd1acbdf800 @configurations=[ #<ActiveRecord::DatabaseConfigurations::HashConfig:0x00007fd1acbded10 @env_name="development",@spec_name="primary", @config={"adapter"=>"sqlite3", "database"=>"db/development.sqlite3"}>, #<ActiveRecord::DatabaseConfigurations::HashConfig:0x00007fd1acbdea90 @env_name="development",@spec_name="animals", @config={"adapter"=>"sqlite3", "database"=>"db/development.sqlite3"}> ]> db_config.env_name => "development" db_config.spec_name => "primary" db_config.config => { "adapter"=>"sqlite3", "database"=>"db/development.sqlite3" } ``` The configurations object is more flexible than the configurations hash and will allow us to build on top of the connection management in order to add support for primary/replica connections, sharding, and constructing queries for associations that live in multiple databases.
* | | | | Add migrations_paths option to migration generatorEileen Uchitelle2018-08-302-0/+24
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds an option to the migration generator to allow setting the migrations paths for that migration. This is useful for applications that use multiple databases and put migrations per database in their own directories. ``` bin/rails g migration CreateHouses address:string --migrations-paths=db/kingston_migrate invoke active_record create db/kingston_migrate/20180830151055_create_houses.rb ```
* | | | Merge pull request #33744 from bogdanvlviv/fixes-27852Ryuta Kamizono2018-08-301-1/+1
|\ \ \ \ | | | | | | | | | | Prevent leaking of user's DB credentials on `rails db:create` failure
| * | | | Prevent leaking of user's DB credentials on `rails db:create` failurebogdanvlviv2018-08-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue #27852 reports that when `rails db:create` fails, it causes leaking of user's DB credentials to $stderr. We print a DB's configuration hash in order to help users more quickly to figure out what could be wrong with his configuration. This commit changes message from "Couldn't create database for #{configuration.inspect}" to "Couldn't create '#{configuration['database']}' database. Please check your configuration.". There are two PRs that fixing it #27878, #27879, but they need a bit more work. I decided help to finish this and added Author of those PRs credit in this commit. Since it is a security issue, I think we should backport it to `5-2-stable`, and `5-1-stable`. Guided by https://edgeguides.rubyonrails.org/maintenance_policy.html#security-issues Fixes #27852 Closes #27879 Related to #27878 [Alexander Marrs & bogdanvlviv]