Ruby on Rails

Ruby on Rails provides all the tools needed to develop web-apps that can run on CGI, FastCGI and on the mod_ruby.

Ruby on Rails, also known as Rails, gives the developer a pure-Ruby development environment.

The framework was initially developed by David Heinemeier Hansson from his work on Basecamp.

Since then, Ruby on Rails has become an inspiration for most MVC frameworks around, being ported to numerous programming languages and environments.

To install, it is recommended to use RubyGems.

System requirements

• Ruby 1.8.7 / 1.9.2 or higher
• RubyGems

What is new in this release:

• Active Job
• Asynchronous mails
• Adequate Record
• Web Console
• Foreign key support

What is new in version 4.2.6 / 3.2.22.2 / 5.0.0.beta4:

• Active Job
• Asynchronous mails
• Adequate Record
• Web Console
• Foreign key support

What is new in version 4.2.6 / 3.2.22.2 / 5.0.0.beta3:

• Active Job
• Asynchronous mails
• Adequate Record
• Web Console
• Foreign key support

What is new in version 4.2.5 / 3.2.22:

• Active Job
• Asynchronous mails
• Adequate Record
• Web Console
• Foreign key support

What is new in version 4.2.4 / 3.2.22:

• Active Job
• Asynchronous mails
• Adequate Record
• Web Console
• Foreign key support

What is new in version 4.2.3 / 3.2.22:

• Active Job
• Asynchronous mails
• Adequate Record
• Web Console
• Foreign key support

What is new in version 4.2.1 / 3.2.21:

• Active Job
• Asynchronous mails
• Adequate Record
• Web Console
• Foreign key support

What is new in version 4.2.0 / 3.2.21 / 4.2.1.rc1:

• Active Job
• Asynchronous mails
• Adequate Record
• Web Console
• Foreign key support

What is new in version 4.1.5:

• Fixed a vulnerability in the create_with method in Active Record.

What is new in version 4.1.3 / 3.2.19:

• Security fixes:
• SQL Injection Vulnerability in 'bitstring' quoting.
• SQL Injection Vulnerability in 'range' quoting.

What is new in version 4.1.0:

• Spring - the application preloader.
• Variants allows you to have different templates and action responses for the same mime type (say, HTML).
• Enums wraps the pattern of having a status field constrained to just a few options.
• Mailer previews make it dead simple to visually iterate over your Action Mailer views with test data.
• secrets.yml, which gives you one place and one convenient interface to access secrets that have been set either via ENV variables or deployment scripts.

What is new in version 4.0.3 / 3.2.17 / 4.1.0.beta2:

• These three releases contain important security fixes.

What is new in version 4.0.2 / 3.2.16:

• These two releases contain important security fixes.

What is new in version 4.0.1:

• This release comes up with an important change on how Active Record handles subsequent order calls.

What is new in version 4.0.0:

• Make it super easy to do Russian Doll-caching through key-based expiration with automatic dependency management of nested templates (explored first in the cache_digests plugin).
• Speed-up the client-side with Turbolinks, which essentially turns your app into a single-page javascript application in terms of speed, but with none of the developmental drawbacks (except, maybe, compatibility issues with some existing JavaScript packages).
• Declarative etags makes it even easier to ensure you're taking advantage of HTTP freshness.

What is new in version 3.2.13 / 2.3.18:

• Security fixes:
• Symbol DoS vulnerability in Active Record
• XSS vulnerability in sanitize_css in Action Pack
• XML Parsing Vulnerability affecting JRuby users
• XSS Vulnerability in the sanitize helper of Ruby on Rails

What is new in version 4.0 Beta 1:

• Session store is now encrypted by default (formerly just signed).
• Strong Parameters take over from attr_protected (now a plugin) to guard against foreign parameters.
• Security headers like X-Frame-Options, X-XSS-Protection, X-Content-Type-Options are on by default with solid values.
• XML Parameter parsing has been sent to a plugin.

What is new in version 3.2.12 / 2.3.17:

• 3.2.12 contains one security fix, and 2.3.17 contains two security fixes.

What is new in version 3.2.11 / 2.3.15:

• These releases contain two extremely critical security fixes.

What is new in version 3.2.10:

• Fixed security loophole so options hashes should only be extracted if there are extra parameters.

What is new in version 3.2.2:

• Log files are always flushed.
• Failing tests will exit with nonzero status code.
• Elimination of calls to deprecated methods.
• Query cache instrumentation includes bindings in the payload.
• Hidden checkbox values are not set if the value is nil.
• Various Ruby 2.0 compatibility fixes.

What is new in version 3.2.1:

• Some fixes and doc improvements.

What is new in version 3.2.0:

• Faster dev mode & routing
• Tagged logger
• Active Record Store

What is new in version 3.2.0 RC2:

• ActiveSupport::Base64 is deprecated in favor of ::Base64.
• Added font_path helper method.
• Depends on rack ~> 1.4.0.
• Added :gzip option to caches_page. The default option can be configured globally using page_cache_compression.

What is new in version 3.2 RC1:

• Faster dev mode & routing
• Explain queries
• Tagged logger
• Active Record Store

What is new in version 3.1.3:

• This release mainly contains fixes for regressions that popped up in 3.1.2.

What is new in version 3.1.2:

• Fixed possible XSS vulnerability in the translate helper method in Ruby on Rails.

What is new in version 3.1.0:

• Streaming.
• Reversible Migrations.
• Assets Pipeline.
• jQuery as the default JavaScript library.

What is new in version 3.1.0 RC8:

• This is the final release candidate before the 3.1.0. final.

What is new in version 3.1.0 RC6 / 3.0.10 / 2.3.14:

• 4 Security Fixes:
• Filter Skipping bugs
• SQL Injection issues
• Parse error in strip_tags
• UTF-8 escaping vulnerability

What is new in version 3.0.10.rc1:

• Fixes an issue where cache sweepers with only after filters would have no controller object, it would raise undefined method controller_name for nil
• Ensure status codes are logged when exceptions are raised.
• Subclasses of OutputBuffer are respected.
• Fixed ActionView::FormOptionsHelper#select with :multiple => false
• Avoid extra call to Cache#read in case of a fragment cache hit
• Magic encoding comment added to schema.rb files
• schema.rb is written as UTF-8 by default.
• Ensuring an established connection when running rake db:schema:dump
• Association conditions will not clobber join conditions.
• Destroying a record will destroy the HABTM record before destroying itself.
• Make ActiveRecord::Batches#find_each to not return self.
• Update table_exists? in PG to to always use current search_path or schema if explicitly set.

What is new in version 3.0.9:

• The major changes in this release of Rails are bug fixes surrounding modifications to SafeBuffer strings.

What is new in version 3.1.0 RC4:

• escape_javascript safebuffer fixes.
• json_escape safebuffer fixes.
• RDoc / ruby-debug conflict fixes.
• arel_table is cached unless the table_name changes.

What is new in version 2.3.12:

• Security issues:
• There are security issues in the rails_xss plugin, and they were fixed in with this release. Please make sure to upgrade your rails_xss plugin.
• Changes:
• The main changes in this release are fixing compatibility issues with Rubygems 1.8.5.

What is new in version 3.1.0 RC 1:

• jQuery is now the default
• DRY migrations that know how to revert themselves. Cleaner, nicer migrations.
• Engines can now have their own routing and helper scope. They can also take advantage of the asset pipeline (more documentation on this soon). Read the story behind mountable engines (even if the asset stuff is now out of date).
• It's not enabled by default because of some important caveats that are still to be ironed out, but if you can deal with those, it's a great way to cut down on the number of queries your app will trigger. Faster is better!
• Active Record now uses cached prepared statements, which is a big boost for PostgreSQL in all cases and a boost for MySQL on complex statements.
• This makes it possible to use HTTP caching with conditional get as a replacement for page caching (which we'll soon factor into a plugin and remove from core).
• Much nicer test output courtesy of the Turn gem. It's on with new applications by default on Ruby 1.9.
• It's now easier than ever to keep your app safe with force_ssl. Either per-app or per-controller.
• attr_protected now accepts roles, so it's easier do deal with admin/non-admin splits and more.
• Dead-simple BCrypt-based passwords. Now there's no excuse not to roll your own authentication scheme.
• Serialize objects with JSON or whatever else you'd like.

What is new in version 3.0.7:

• activesupport:
• Hash.from_xml no longer loses attributes on tags containing only whitespace.
• activerecord:
• Destroying records via nested attributes works independent of reject_if LH #6006.
• Delegate any? and many? to Model.scoped for consistency.
• Quote the ORDER BY clause in batched finds - fixes #6620.
• Change exists? so records are not instantiated - fixes #6127. This prevents after_find and after_initialize callbacks being triggered when checking for record existence.
• Fix performance bug with attribute accessors which only occurred on Ruby 1.8.7, and ensure we cache type-casted values when the column returned from the db contains non-standard chars.
• Fix a performance regression introduced here 86acbf1cc050c8fa8c74a10c735e467fb6fd7df8 related to read_attribute method.
• actionmailer:
• remove AM delegating register_observer and register_interceptor to Mail.

What is new in version 3.0.5:

• Fix when gzip returns a UTF-8 string on Ruby 1.9, when it is actually binary.
• Active Record limit values will not escape Arel SQL Literal nodes.
• Relation#where calls will always produce AND statements regardless of how conditions hashes behaves (reverting 00693209ecc).
• Observer callbacks will only be executed once when using STI classes in ActiveRecord.

What is new in version 3.0.4 / 2.3.11:

• Two new versions of Ruby On Rails have been released including a number of bug fixes that contain fixes for some security issues.

Requirements:

• Ruby 1.8.7 / 1.9.2 or higher
• RubyGems