vulnerability in ruby-actionpack.
Major changes:
- Improved compatibility with Ruby 1.9
- RailsXss plugin availability
- Fixes for the Nokogiri backend for XmlMini
Changes since 2.1.1:
* Allow metal to live in plugins #2045 [Matthew Rudy]
* Added metal [Josh Peek]
* Remove script/performance/request in favour of the performance
integration tests. [Pratik Naik]
* Add a rake task to apply a template to an existing application :
rake rails:template LOCATION=~/template.rb [Pratik Naik]
* Add "-m/--template" option to Rails generator to apply a template to
the generated application. [Jeremy McAnally]
* Extracted the process scripts (inspector, reaper, spawner) into the
plugin irs_process_scripts [David Heinemeier Hansson]
* Changed Rails.root to return a Pathname object
* Added view path support for engines [David Heinemeier Hansson]
* Added that config/routes.rb files in engine plugins are
automatically loaded (and reloaded when they change in dev mode)
[David Heinemeier Hansson]
* Added app/[models|controllers|helpers] to the load path for plugins
that has an app directory (go engines ;)) [David Heinemeier Hansson]
* Add config.preload_frameworks to load all frameworks at
startup. Default to false so Rails autoloads itself as it's
used. Turn this on for Passenger and JRuby. Also turned on by
config.threadsafe! [Jeremy Kemper]
* Add a rake task to generate dispatchers : rake
rails:generate_dispatchers [Pratik Naik]
* "rails <app>" will not generate public/dispatch.cgi/fcgi/rb files by
default now. Please use "--with-dispatchers" option if you need
them. [Yaroslav Markin, Pratik Naik]
* Added rake rails:update:application_controller to renamed
application.rb to application_controller.rb -- included in rake
rails:update so upgrading to 2.3 will automatically trigger it #1439
[kastner]
* Added Rails.backtrace_cleaner as an accessor for the
Rails::BacktraceCleaner instance used by the framework to cut down
on backtrace noise and config/initializers/backtrace_silencers.rb to
add your own (or turn them all off) [David Heinemeier Hansson]
* Switch from Test::Unit::TestCase to ActiveSupport::TestCase. [Jeremy Kemper]
* Added config.i18n settings gatherer to config/environment,
auto-loading of all locales in config/locales/*.rb,yml, and
config/locales/en.yml as a sample locale [David Heinemeier Hansson]
* BACKWARDS INCOMPATIBLE: Renamed application.rb to
application_controller.rb and removed all the special casing that
was in place to support the former. You must do this rename in your
own application when you upgrade to this version [David Heinemeier
Hansson]
* Fixed plugin generator so that generated unit tests would subclass
ActiveSupport::TestCase, also introduced a helper script to reduce
the needed require statements #1137 [Mathias Meyer]
* Update Prototype to 1.6.0.3 [sam]
* Fixed that sqlite would report "db/development.sqlite3 already
exists" whether true or not on db:create #614 [Antonio Cangiano]
* Added config.threadsafe! to toggle allow concurrency settings and
disable the dependency loader [Josh Peek]
* Turn cache_classes on by default [Josh Peek]
* Added configurable eager load paths. Defaults to app/models,
app/controllers, and app/helpers [Josh Peek]
* Introduce simple internationalization support. [Ruby i18n team]
* Make script/plugin install <plugin> -r <revision> option work with
git based plugins. #257. [Tim Pope Jakub Kuźma]. Example:
* Added Rails.initialized? flag [Josh Peek]
* Make rake test:uncommitted work with Git. [Tim Pope]
* Added Thin support to script/server. #488 [Bob Klosinski]
* Fix script/about in production mode. #370 [Cheah Chu Yeow, Xavier
Noria, David Krmpotic]
* Add the gem load paths before the framework is loaded, so certain
gems like RedCloth and BlueCloth can be frozen.
* Fix discrepancies with loading rails/init.rb from gems.
* Plugins check for the gem init path (rails/init.rb) before the
standard plugin init path (init.rb) [Jacek Becela]
* Changed all generated tests to use the test/do declaration style
[David Heinemeier Hansson]
* Wrapped Rails.env in StringInquirer so you can do
Rails.env.development? [David Heinemeier Hansson]
* Fixed that RailsInfoController wasn't considering all requests local
in development mode (Edgard Castro) [#310 state:resolved]
Changes:
* Fix script/about in production mode. #370 [Cheah Chu Yeow, Xavier
Noria, David Krmpotic]
* Add the gem load paths before the framework is loaded, so certain
gems like RedCloth and BlueCloth can be frozen.
* Fix discrepancies with loading rails/init.rb from gems.
* Plugins check for the gem init path (rails/init.rb) before the
standard plugin init path (init.rb) [Jacek Becela]
* Wrapped Rails.env in StringInquirer so you can do
Rails.env.development? [DHH]
* Fixed that RailsInfoController wasn't considering all requests local
in development mode (Edgard Castro) [#310 state:resolved]
Changes:
* Fix :cookie_only to correctly avoid session fixation attacks (CVE-2007-6077)
* Fix regression where the association would not construct new finder
SQL on sav e causing bogus queries for "WHERE owner_id = NULL" even
after owner was saved.
Changes:
* Correct RAILS_GEM_VERSION regexp. Use =version gem requirement instead of
~>version so you don't get surprised by a beta gem in production. This
change means upgrading to 1.2.5 will require a boot.rb upgrade.
* Move custom inflections example so available before route generation.
* Add a new rake task to aid debugging of named routes.
* use Gem.find_name instead of search when freezing gems. Prevent false
positives for other gems with rails in the name. Closes#8729 [wselman]
* Fix syntax error in dispatcher than wrecked failsafe responses.
* Add Active Resource to rails:freeze:edge and drop Action Web Service.
* Give generate scaffold a more descriptive database message. Closes#7316
* Canonicalize RAILS_ROOT by using File.expand_path on Windows, which doesn't
have to worry about symlinks, and Pathname#realpath elsewhere, which
respects symlinks in relative paths but is incompatible with Windows. #6755
[Jeremy Kemper, trevor]
Changes:
* Fix gem deprecation warnings, which also means depending on RubyGems 0.9.0+
[Chad Fowler]
* Require the dispatcher for Rails::Configuration#to_prepare. [Rick]
Rails is a full-stack framework for developing database-backed web
applications according to the Model-View-Control pattern. From the
Ajax in the view, to the request and response in the controller, to
the domain model wrapping the database, Rails gives you a pure-Ruby
development environment. To go live, all you need to add is a
database and a web server.