Ruby on Rails 8.1 Released

Remove deprecated passing a Time object to Time#since.

Rafael Mendonça França

Remove deprecated Benchmark.ms method. It is now defined in the benchmark gem.

Rafael Mendonça França

Remove deprecated addition for Time instances with ActiveSupport::TimeWithZone.

Rafael Mendonça França

Remove deprecated support for to_time to preserve the system local time. It will now always preserve the receiver
timezone.

Rafael Mendonça França

Deprecate config.active_support.to_time_preserves_timezone.

Rafael Mendonça França

Standardize event name formatting in assert_event_reported error messages.

The event name in failure messages now uses .inspect (e.g., name: "user.created")
to match assert_events_reported and provide type clarity between strings and symbols.
This only affects tests that assert on the failure message format itself.

George Ma

Fix Enumerable#sole to return the full tuple instead of just the first element of the tuple.

Olivier Bellone

Fix parallel tests hanging when worker processes die abruptly.

Previously, if a worker process was killed (e.g., OOM killed, kill -9) during parallel
test execution, the test suite would hang forever waiting for the dead worker.

Joshua Young

Add config.active_support.escape_js_separators_in_json.

Introduce a new framework default to skip escaping LINE SEPARATOR (U+2028) and PARAGRAPH SEPARATOR (U+2029) in JSON.

Historically these characters were not valid inside JavaScript literal strings but that changed in ECMAScript 2019.
As such it's no longer a concern in modern browsers: https://caniuse.com/mdn-javascript_builtins_json_json_superset.

Étienne Barrié, Jean Boussier

Fix NameError when class_attribute is defined on instance singleton classes.

Previously, calling class_attribute on an instance's singleton class would raise
a NameError when accessing the attribute through the instance.

Joshua Young

Introduce ActiveSupport::Testing::EventReporterAssertions#with_debug_event_reporting
to enable event reporter debug mode in tests.

The previous way to enable debug mode is by using #with_debug on the
event reporter itself, which is too verbose. This new helper will help
clear up any confusion on how to test debug events.

Gannon McGibbon

Add ActiveSupport::StructuredEventSubscriber for consuming notifications and
emitting structured event logs. Events may be emitted with the #emit_event
or #emit_debug_event methods.

Adrianna Chang

ActiveSupport::FileUpdateChecker does not depend on Time.now to prevent unecessary reloads with time travel test helpers

Jan Grodowski

Add ActiveSupport::Cache::Store#namespace= and #namespace.

Can be used as an alternative to Store#clear in some situations such as parallel
testing.

Nick Schwaderer

Create parallel_worker_id helper for running parallel tests. This allows users to
know which worker they are currently running in.

Nick Schwaderer

Make the cache of ActiveSupport::Cache::Strategy::LocalCache::Middleware updatable.

If the cache client at Rails.cache of a booted application changes, the corresponding
mounted middleware needs to update in order for request-local caches to be setup properly.
Otherwise, redundant cache operations will erroneously hit the datastore.

Gannon McGibbon

Add assert_events_reported test helper for ActiveSupport::EventReporter.

This new assertion allows testing multiple events in a single block, regardless of order:

George Ma

Add ActiveSupport::TimeZone#standard_name method.

Bogdan Gusiev

Add Structured Event Reporter, accessible via Rails.event.

The Event Reporter provides a unified interface for producing structured events in Rails
applications:

It supports adding tags to events:

As well as context:

Events are emitted to subscribers. Applications register subscribers to
control how events are serialized and emitted. Subscribers must implement
an #emit method, which receives the event hash:

Adrianna Chang

Make ActiveSupport::Logger #freeze-friendly.

Joshua Young

Make ActiveSupport::Gzip.compress deterministic based on input.

ActiveSupport::Gzip.compress used to include a timestamp in the output,
causing consecutive calls with the same input data to have different output
if called during different seconds. It now always sets the timestamp to 0
so that the output is identical for any given input.

Rob Brackett

Given an array of Thread::Backtrace::Location objects, the new method
ActiveSupport::BacktraceCleaner#clean_locations returns an array with the
clean ones:

Filters and silencers receive strings as usual. However, the path
attributes of the locations in the returned array are the original,
unfiltered ones, since locations are immutable.

Xavier Noria

Improve CurrentAttributes and ExecutionContext state managment in test cases.

Previously these two global state would be entirely cleared out whenever calling
into code that is wrapped by the Rails executor, typically Action Controller or
Active Job helpers:

Now re-entering the executor properly save and restore that state.

Jean Boussier

The new method ActiveSupport::BacktraceCleaner#first_clean_location
returns the first clean location of the caller's call stack, or nil.
Locations are Thread::Backtrace::Location objects. Useful when you want to
report the application-level location where something happened as an object.

Xavier Noria

FileUpdateChecker and EventedFileUpdateChecker ignore changes in Gem.path now.

Ermolaev Andrey, zzak

The new method ActiveSupport::BacktraceCleaner#first_clean_frame returns
the first clean frame of the caller's backtrace, or nil. Useful when you
want to report the application-level frame where something happened as a
string.

Xavier Noria

Always clear CurrentAttributes instances.

Previously CurrentAttributes instance would be reset at the end of requests.
Meaning its attributes would be re-initialized.

This is problematic because it assume these objects don't hold any state
other than their declared attribute, which isn't always the case, and
can lead to state leak across request.

Now CurrentAttributes instances are abandoned at the end of a request,
and a new instance is created at the start of the next request.

Jean Boussier, Janko Marohnić

Add public API for before_fork_hook in parallel testing.

Introduces a public API for calling the before fork hooks implemented by parallel testing.

Eileen M. Uchitelle

Implement ability to skip creating parallel testing databases.

With parallel testing, Rails will create a database per process. If this isn't
desirable or you would like to implement databases handling on your own, you can
now turn off this default behavior.

To skip creating a database per process, you can change it via the
parallelize method:

or via the application configuration:

Eileen M. Uchitelle

Allow to configure maximum cache key sizes

When the key exceeds the configured limit (250 bytes by default), it will be truncated and
the digest of the rest of the key appended to it.

Note that previously ActiveSupport::Cache::RedisCacheStore allowed up to 1kb cache keys before
truncation, which is now reduced to 250 bytes.

fatkodima

Use UNLINK command instead of DEL in ActiveSupport::Cache::RedisCacheStore for non-blocking deletion.

Aron Roh

Add Cache#read_counter and Cache#write_counter

Alex Ghiculescu

Introduce ActiveSupport::Testing::ErrorReporterAssertions#capture_error_reports

Captures all reported errors from within the block that match the given
error class.

Andrew Novoselac

Introduce ActiveSupport::ErrorReporter#add_middleware

When reporting an error, the error context middleware will be called with the reported error
and base execution context. The stack may mutate the context hash. The mutated context will
then be passed to error subscribers. Middleware receives the same parameters as ErrorReporter#report.

Andrew Novoselac, Sam Schmidt

Change execution wrapping to report all exceptions, including Exception.

If a more serious error like SystemStackError or NoMemoryError happens,
the error reporter should be able to report these kinds of exceptions.

Gannon McGibbon

ActiveSupport::Testing::Parallelization.before_fork_hook allows declaration of callbacks that
are invoked immediately before forking test workers.

Mike Dalessio

Allow the #freeze_time testing helper to accept a date or time argument.

Joshua Young

ActiveSupport::JSON now accepts options

It is now possible to pass options to ActiveSupport::JSON:

matthaigh27

ActiveSupport::Testing::NotificationAssertions's assert_notification now matches against payload subsets by default.

Previously the following assertion would fail due to excess key vals in the notification payload. Now with payload subset matching, it will pass.

Additionally, you can now persist a matched notification for more customized assertions.

Nicholas La Roux

Deprecate String#mb_chars and ActiveSupport::Multibyte::Chars.

These APIs are a relic of the Ruby 1.8 days when Ruby strings weren't encoding
aware. There is no legitimate reasons to need these APIs today.

Jean Boussier

Deprecate ActiveSupport::Configurable

Sean Doyle

nil.to_query("key") now returns key.

Previously it would return key=, preventing round tripping with Rack::Utils.parse_nested_query.

Erol Fornoles

Avoid wrapping redis in a ConnectionPool when using ActiveSupport::Cache::RedisCacheStore if the :redis
option is already a ConnectionPool.

Joshua Young

Alter ERB::Util.tokenize to return :PLAIN token with full input string when string doesn't contain ERB tags.

Martin Emde

Fix a bug in ERB::Util.tokenize that causes incorrect tokenization when ERB tags are preceded by multibyte characters.

Martin Emde

Add ActiveSupport::Testing::NotificationAssertions module to help with testing ActiveSupport::Notifications.

Nicholas La Roux, Yishu See, Sean Doyle

ActiveSupport::CurrentAttributes#attributes now will return a new hash object on each call.

Previously, the same hash object was returned each time that method was called.

fatkodima

ActiveSupport::JSON.encode supports CIDR notation.

Previously:

After this change:

Taketo Takashima

Make ActiveSupport::FileUpdateChecker faster when checking many file-extensions.

Jonathan del Strother

Fix SQLite3 data loss during table alterations with CASCADE foreign keys.

When altering a table in SQLite3 that is referenced by child tables with
ON DELETE CASCADE foreign keys, ActiveRecord would silently delete all
data from the child tables. This occurred because SQLite requires table
recreation for schema changes, and during this process the original table
is temporarily dropped, triggering CASCADE deletes on child tables.

The root cause was incorrect ordering of operations. The original code
wrapped disable_referential_integrity inside a transaction, but
PRAGMA foreign_keys cannot be modified inside a transaction in SQLite -
attempting to do so simply has no effect. This meant foreign keys remained
enabled during table recreation, causing CASCADE deletes to fire.

The fix reverses the order to follow the official SQLite 12-step ALTER TABLE
procedure: disable_referential_integrity now wraps the transaction instead
of being wrapped by it. This ensures foreign keys are properly disabled
before the transaction starts and re-enabled after it commits, preventing
CASCADE deletes while maintaining data integrity through atomic transactions.

Ruy Rocha

Add replicas to test database parallelization setup.

Setup and configuration of databases for parallel testing now includes replicas.

This fixes an issue when using a replica database, database selector middleware,
and non-transactional tests, where integration tests running in parallel would select
the base test database, i.e. db_test, instead of the numbered parallel worker database,
i.e. db_test_{n}.

Adam Maas

Support virtual (not persisted) generated columns on PostgreSQL 18+

PostgreSQL 18 introduces virtual (not persisted) generated columns,
which are now the default unless the stored: true option is explicitly specified on PostgreSQL 18+.

Yasuo Honda

Optimize schema dumping to prevent duplicate file generation.

ActiveRecord::Tasks::DatabaseTasks.dump_all now tracks which schema files
have already been dumped and skips dumping the same file multiple times.
This improves performance when multiple database configurations share the
same schema dump path.

Mikey Gough, Hartley McGuire

Add structured events for Active Record:

• active_record.strict_loading_violation
• active_record.sql

Gannon McGibbon

Add support for integer shard keys.

Nony Dutton

Add ActiveRecord::Base.only_columns

Similar in use case to ignored_columns but listing columns to consider rather than the ones
to ignore.

Can be useful when working with a legacy or shared database schema, or to make safe schema change
in two deploys rather than three.

Anton Kandratski

Use PG::Connection#close_prepared (protocol level Close) to deallocate
prepared statements when available.

To enable its use, you must have pg >= 1.6.0, libpq >= 17, and a PostgreSQL
database version >= 17.

Hartley McGuire, Andrew Jackson

Fix query cache for pinned connections in multi threaded transactional tests

When a pinned connection is used across separate threads, they now use a separate cache store
for each thread.

This improve accuracy of system tests, and any test using multiple threads.

Heinrich Lee Yu, Jean Boussier

Fix time attribute dirty tracking with timezone conversions.

Time-only attributes now maintain a fixed date of 2000-01-01 during timezone conversions,
preventing them from being incorrectly marked as changed due to date shifts.

This fixes an issue where time attributes would be marked as changed when setting the same time value
due to timezone conversion causing internal date shifts.

Prateek Choudhary

Skip calling PG::Connection#cancel in cancel_any_running_query
when using libpq >= 18 with pg < 1.6.0, due to incompatibility.
Rollback still runs, but may take longer.

Yasuo Honda, Lars Kanis

Don't add id_value attribute alias when attribute/column with that name already exists.

Rob Lewis

Remove deprecated :unsigned_float and :unsigned_decimal column methods for MySQL.

Rafael Mendonça França

Remove deprecated :retries option for the SQLite3 adapter.

Rafael Mendonça França

Introduce new database configuration options keepalive, max_age, and
min_connections -- and rename pool to max_connections to match.

There are no changes to default behavior, but these allow for more specific
control over pool behavior.

Matthew Draper, Chris AtLee, Rachael Wright-Munn

Move LIMIT validation from query generation to when limit() is called.

Hartley McGuire, Shuyang

Add ActiveRecord::CheckViolation error class for check constraint violations.

Ryuta Kamizono

Add ActiveRecord::ExclusionViolation error class for exclusion constraint violations.

When an exclusion constraint is violated in PostgreSQL, the error will now be raised
as ActiveRecord::ExclusionViolation instead of the generic ActiveRecord::StatementInvalid,
making it easier to handle these specific constraint violations in application code.

This follows the same pattern as other constraint violation error classes like
RecordNotUnique for unique constraint violations and InvalidForeignKey for
foreign key constraint violations.

Ryuta Kamizono

Attributes filtered by filter_attributes will now also be filtered by filter_parameters
so sensitive information is not leaked.

Jill Klang

Add connection.current_transaction.isolation API to check current transaction's isolation level.

Returns the isolation level if it was explicitly set via the isolation: parameter
or through ActiveRecord.with_transaction_isolation_level, otherwise returns nil.
Nested transactions return the parent transaction's isolation level.

Kir Shatrov

Fix #merge with #or or #and and a mixture of attributes and SQL strings resulting in an incorrect query.

Before:

After:

Joshua Young

Make schema dumper to account for ActiveRecord.dump_schemas when dumping in :ruby format.

fatkodima

Add :touch option to update_column/update_columns methods.

Dmitrii Ivliev

Optimize Active Record batching further when using ranges.

Tested on a PostgreSQL table with 10M records and batches of 10k records, the generation
of relations for the 1000 batches was 4.8x faster (6.8s vs. 1.4s), used 900x
less bandwidth (180MB vs. 0.2MB) and allocated 45x less memory (490MB vs. 11MB).

Maxime Réty, fatkodima

Include current character length in error messages for index and table name length validations.

Joshua Young

Add rename_schema method for PostgreSQL.

T S Vallender

Implement support for deprecating associations:

With that, Active Record will report any usage of the posts association.

Three reporting modes are supported (:warn, :raise, and :notify), and
backtraces can be enabled or disabled. Defaults are :warn mode and
disabled backtraces.

Please, check the docs for further details.

Xavier Noria

PostgreSQL adapter create DB now supports locale_provider and locale.

Bengt-Ove Hollaender

Use ntuples to populate row_count instead of count for Postgres

Jonathan Calvert

Fix checking whether an unpersisted record is include?d in a strictly
loaded has_and_belongs_to_many association.

Hartley McGuire

Add ability to change transaction isolation for all pools within a block.

This functionality is useful if your application needs to change the database
transaction isolation for a request or action.

Calling ActiveRecord.with_transaction_isolation_level(level) {} in an around filter or
middleware will set the transaction isolation for all pools accessed within the block,
but not for the pools that aren't.

This works with explicit and implicit transactions:

Eileen M. Uchitelle

Raise ActiveRecord::MissingRequiredOrderError when order dependent finder methods (e.g. #first, #last) are
called without order values on the relation, and the model does not have any order columns (implicit_order_column,
query_constraints, or primary_key) to fall back on.

This change will be introduced with a new framework default for Rails 8.1, and the current behavior of not raising
an error has been deprecated with the aim of removing the configuration option in Rails 8.2.

Joshua Young

:class_name is now invalid in polymorphic belongs_to associations.

Reason is :class_name does not make sense in those associations because
the class name of target records is dynamic and stored in the type column.

Existing polymorphic associations setting this option can just delete it.
While it did not raise, it had no effect anyway.

Xavier Noria

Add support for multiple databases to db:migrate:reset.

Joé Dupuis

Add affected_rows to ActiveRecord::Result.

Jenny Shen

Enable passing retryable SqlLiterals to #where.

Hartley McGuire

Set default for primary keys in insert_all/upsert_all.

Previously in Postgres, updating and inserting new records in one upsert wasn't possible
due to null primary key values. nil primary key values passed into insert_all/upsert_all
are now implicitly set to the default insert value specified by adapter.

Jenny Shen

Add a load hook active_record_database_configurations for ActiveRecord::DatabaseConfigurations

Mike Dalessio

Use TRUE and FALSE for SQLite queries with boolean columns.

Hartley McGuire

Bump minimum supported SQLite to 3.23.0.

Hartley McGuire

Allow allocated Active Records to lookup associations.

Previously, the association cache isn't setup on allocated record objects, so association
lookups will crash. Test frameworks like mocha use allocate to check for stubbable instance
methods, which can trigger an association lookup.

Gannon McGibbon

Encryption now supports support_unencrypted_data: true being set per-attribute.

Previously this only worked if ActiveRecord::Encryption.config.support_unencrypted_data == true.
Now, if the global config is turned off, you can still opt in for a specific attribute.

Alex Ghiculescu

Model generator no longer needs a database connection to validate column types.

Mike Dalessio

Allow signed ID verifiers to be configurable via Rails.application.message_verifiers

Prior to this change, the primary way to configure signed ID verifiers was
to set signed_id_verifier on each model class:

And if the developer did not set signed_id_verifier, a verifier would be
instantiated with a secret derived from secret_key_base and the following
options:

Thus it was cumbersome to rotate configuration for all verifiers.

This change defines a new Rails config: config.active_record.use_legacy_signed_id_verifier.
The default value is :generate_and_verify, which preserves the previous
behavior. However, when set to :verify, signed ID verifiers will use
configuration from Rails.application.message_verifiers (specifically,
Rails.application.message_verifiers["active_record/signed_id"]) to
generate and verify signed IDs, but will also verify signed IDs using the
older configuration.

To avoid complication, the new behavior only applies when signed_id_verifier_secret
is not set on a model class or any of its ancestors. Additionally,
signed_id_verifier_secret is now deprecated. If you are currently setting
signed_id_verifier_secret on a model class, you can set signed_id_verifier
instead:

To ease migration, signed_id_verifier has also been changed to behave as a
class_attribute (i.e. inheritable), but only when signed_id_verifier_secret
is not set:

Note, however, that it is recommended to eventually migrate from
model-specific verifiers to a unified configuration managed by
Rails.application.message_verifiers. ActiveSupport::MessageVerifier#rotate
can facilitate that transition. For example:

Ali Sepehri, Jonathan Hefner

Prepend extra_flags in postgres' structure_load

When specifying structure_load_flags with a postgres adapter, the flags
were appended to the default flags, instead of prepended.
This caused issues with flags not being taken into account by postgres.

Alice Loeser

Allow bypassing primary key/constraint addition in implicit_order_column

When specifying multiple columns in an array for implicit_order_column, adding
nil as the last element will prevent appending the primary key to order
conditions. This allows more precise control of indexes used by
generated queries. It should be noted that this feature does introduce the risk
of API misbehavior if the specified columns are not fully unique.

Issy Long

Allow setting the schema_format via database configuration.

Useful for multi-database setups when apps require different formats per-database.

T S Vallender

Support disabling indexes for MySQL v8.0.0+ and MariaDB v10.6.0+

MySQL 8.0.0 added an option to disable indexes from being used by the query
optimizer by making them "invisible". This allows the index to still be maintained
and updated but no queries will be permitted to use it. This can be useful for adding
new invisible indexes or making existing indexes invisible before dropping them
to ensure queries are not negatively affected.
See https://dev.mysql.com/blog-archive/mysql-8-0-invisible-indexes/ for more details.

MariaDB 10.6.0 also added support for this feature by allowing indexes to be "ignored"
in queries. See https://mariadb.com/kb/en/ignored-indexes/ for more details.

Active Record now supports this option for MySQL 8.0.0+ and MariaDB 10.6.0+ for
index creation and alteration where the new index option enabled: true/false can be
passed to column and index methods as below:

Merve Taner

Respect implicit_order_column in ActiveRecord::Relation#reverse_order.

Joshua Young

Add column types to ActiveRecord::Result for SQLite3.

Andrew Kane

Raise ActiveRecord::ReadOnlyError when pessimistically locking with a readonly role.

Joshua Young

Fix using the SQLite3Adapter's dbconsole method outside of a Rails application.

Hartley McGuire

Fix migrating multiple databases with ActiveRecord::PendingMigration action.

Gannon McGibbon

Enable automatically retrying idempotent association queries on connection
errors.

Hartley McGuire

Add allow_retry to sql.active_record instrumentation.

This enables identifying queries which queries are automatically retryable on connection errors.

Hartley McGuire

Better support UPDATE with JOIN for Postgresql and SQLite3

Previously when generating update queries with one or more JOIN clauses,
Active Record would use a sub query which would prevent to reference the joined
tables in the SET clause, for instance:

This is now supported as long as the relation doesn't also use a LIMIT, ORDER or
GROUP BY clause. This was supported by the MySQL adapter for a long time.

Jean Boussier

Introduce a before-fork hook in ActiveSupport::Testing::Parallelization to clear existing
connections, to avoid fork-safety issues with the mysql2 adapter.

Fixes #41776

Mike Dalessio, Donal McBreen

PoolConfig no longer keeps a reference to the connection class.

Keeping a reference to the class caused subtle issues when combined with reloading in
development. Fixes #54343.

Mike Dalessio

Fix SQL notifications sometimes not sent when using async queries.

In rare circumstances and under the right race condition, Active Support notifications
would no longer be dispatched after using an asynchronous query.
This is now fixed.

Edouard Chin

Eliminate queries loading dumped schema cache on Postgres

Improve resiliency by avoiding needing to open a database connection to load the
type map while defining attribute methods at boot when a schema cache file is
configured on PostgreSQL databases.

James Coleman

ActiveRecord::Coder::JSON can be instantiated

Options can now be passed to ActiveRecord::Coder::JSON when instantiating the coder. This allows:

matthaigh27

Deprecate using insert_all/upsert_all with unpersisted records in associations.

Using these methods on associations containing unpersisted records will now
show a deprecation warning, as the unpersisted records will be lost after
the operation.

Nick Schwaderer

Make column name optional for index_exists?.

This aligns well with remove_index signature as well, where
index name doesn't need to be derived from the column names.

Ali Ismayiliov

Change the payload name of sql.active_record notification for eager
loading from "SQL" to "#{model.name} Eager Load".

zzak

Enable automatically retrying idempotent #exists? queries on connection
errors.

Hartley McGuire, classidied

Deprecate usage of unsupported methods in conjunction with update_all:

update_all will now print a deprecation message if a query includes either WITH,
WITH RECURSIVE or DISTINCT statements. Those were never supported and were ignored
when generating the SQL query.

An error will be raised in a future Rails release. This behavior will be consistent
with delete_all which currently raises an error for unsupported statements.

Edouard Chin

The table columns inside schema.rb are now sorted alphabetically.

Previously they'd be sorted by creation order, which can cause merge conflicts when two
branches modify the same table concurrently.

John Duff

Introduce versions formatter for the schema dumper.

It is now possible to override how schema dumper formats versions information inside the
structure.sql file. Currently, the versions are simply sorted in the decreasing order.
Within large teams, this can potentially cause many merge conflicts near the top of the list.

Now, the custom formatter can be provided with a custom sorting logic (e.g. by hash values
of the versions), which can greatly reduce the number of conflicts.

fatkodima

Serialized attributes can now be marked as comparable.

A not rare issue when working with serialized attributes is that the serialized representation of an object
can change over time. Either because you are migrating from one serializer to the other (e.g. YAML to JSON or to msgpack),
or because the serializer used subtly changed its output.

One example is libyaml that used to have some extra trailing whitespaces, and recently fixed that.
When this sorts of thing happen, you end up with lots of records that report being changed even though
they aren't, which in the best case leads to a lot more writes to the database and in the worst case lead to nasty bugs.

The solution is to instead compare the deserialized representation of the object, however Active Record
can't assume the deserialized object has a working == method. Hence why this new functionality is opt-in.

Jean Boussier

Fix MySQL default functions getting dropped when changing a column's nullability.

Bastian Bartmann

SQLite extensions can be configured in config/database.yml.

The database configuration option extensions: allows an application to load SQLite extensions
when using sqlite3 >= v2.4.0. The array members may be filesystem paths or the names of
modules that respond to .to_path:

Mike Dalessio

ActiveRecord::Middleware::ShardSelector supports granular database connection switching.

A new configuration option, class_name:, is introduced to
config.active_record.shard_selector to allow an application to specify the abstract connection
class to be switched by the shard selection middleware. The default class is
ActiveRecord::Base.

For example, this configuration tells ShardSelector to switch shards using
AnimalsRecord.connected_to:

Mike Dalessio

Reset relations after insert_all/upsert_all.

Bulk insert/upsert methods will now call reset if used on a relation, matching the behavior of update_all.

Milo Winningham

Use _N as a parallel tests databases suffixes

Peviously, -N was used as a suffix. This can cause problems for RDBMSes
which do not support dashes in database names.

fatkodima

Remember when a database connection has recently been verified (for
two seconds, by default), to avoid repeated reverifications during a
single request.

This should recreate a similar rate of verification as in Rails 7.1,
where connections are leased for the duration of a request, and thus
only verified once.

Matthew Draper

Allow to reset cache counters for multiple records.

It produces much fewer queries compared to the custom implementation using looping over ids.
Previously: O(ids.size * counters.size) queries, now: O(ids.size + counters.size) queries.

fatkodima

Add affected_rows to sql.active_record Notification.

Hartley McGuire

Fix sum when performing a grouped calculation.

User.group(:friendly).sum no longer worked. This is fixed.

Edouard Chin

Add support for enabling or disabling transactional tests per database.

A test class can now override the default use_transactional_tests setting
for individual databases, which can be useful if some databases need their
current state to be accessible to an external process while tests are running.

Matthew Cheetham, Morgan Mareve

Cast query_cache value when using URL configuration.

zzak

NULLS NOT DISTINCT works with UNIQUE CONSTRAINT as well as UNIQUE INDEX.

Ryuta Kamizono

PG::UnableToSend: no connection to the server is now retryable as a connection-related exception

Kazuma Watanabe

Submit test requests using as: :html with Content-Type: x-www-form-urlencoded

Sean Doyle

Add link-local IP ranges to ActionDispatch::RemoteIp default proxies.

Link-local addresses (169.254.0.0/16 for IPv4 and fe80::/10 for IPv6)
are now included in the default trusted proxy list, similar to private IP ranges.

Adam Daniels

remote_ip will no longer ignore IPs in X-Forwarded-For headers if they
are accompanied by port information.

Duncan Brown, Prevenios Marinos, Masafumi Koba, Adam Daniels

Add action_dispatch.verbose_redirect_logs setting that logs where redirects were called from.

Similar to active_record.verbose_query_logs and active_job.verbose_enqueue_logs, this adds a line in your logs that shows where a redirect was called from.

Example:

Dennis Paagman

Add engine route filtering and better formatting in bin/rails routes.

Allow engine routes to be filterable in the routing inspector, and
improve formatting of engine routing output.

Before:

After:

Dennis Paagman, Gannon McGibbon

Add structured events for Action Pack and Action Dispatch:

• action_dispatch.redirect
• action_controller.request_started
• action_controller.request_completed
• action_controller.callback_halted
• action_controller.rescue_from_handled
• action_controller.file_sent
• action_controller.redirected
• action_controller.data_sent
• action_controller.unpermitted_parameters
• action_controller.fragment_cache

Adrianna Chang

URL helpers for engines mounted at the application root handle SCRIPT_NAME correctly.

Fixed an issue where SCRIPT_NAME is not applied to paths generated for routes in an engine
mounted at "/".

Mike Dalessio

Update ActionController::Metal::RateLimiting to support passing method names to :by and :with

Sean Doyle

Optimize ActionDispatch::Http::URL.build_host_url when protocol is included in host.

When using URL helpers with a host that includes the protocol (e.g., { host: "https://example.com" }),
skip unnecessary protocol normalization and string duplication since the extracted protocol is already
in the correct format. This eliminates 2 string allocations per URL generation and provides a ~10%
performance improvement for this case.

Joshua Young, Hartley McGuire

Allow action_controller.logger to be disabled by setting it to nil or false instead of always defaulting to Rails.logger.

Roberto Miranda

Remove deprecated support to a route to multiple paths.

Rafael Mendonça França

Remove deprecated support for using semicolons as a query string separator.

Before:

After:

Rafael Mendonça França

Remove deprecated support to skipping over leading brackets in parameter names in the parameter parser.

Before:

After:

Rafael Mendonça França

Deprecate Rails.application.config.action_dispatch.ignore_leading_brackets.

Rafael Mendonça França

Raise ActionController::TooManyRequests error from ActionController::RateLimiting

Requests that exceed the rate limit raise an ActionController::TooManyRequests error.
By default, Action Dispatch rescues the error and responds with a 429 Too Many Requests status.

Sean Doyle

Add .md/.markdown as Markdown extensions and add a default markdown: renderer:

DHH

Add headers to engine routes inspection command

Petrik de Heus

Add "Copy as text" button to error pages

Mikkel Malmberg

Add scope: option to rate_limit method.

Previously, it was not possible to share a rate limit count between several controllers, since the count was by
default separate for each controller.

Now, the scope: option solves this problem.

ArthurPV, Kamil Hanus

Add support for rack.response_finished callbacks in ActionDispatch::Executor.

The executor middleware now supports deferring completion callbacks to later
in the request lifecycle by utilizing Rack's rack.response_finished mechanism,
when available. This enables applications to define rack.response_finished callbacks
that may rely on state that would be cleaned up by the executor's completion callbacks.

Adrianna Chang, Hartley McGuire

Produce a log when rescue_from is invoked.

Steven Webb, Jean Boussier

Allow hosts redirects from hosts Rails configuration

Kevin Robatel

rate_limit.action_controller notification has additional payload

additional values: count, to, within, by, name, cache_key

Jonathan Rochkind

Add JSON support to the built-in health controller.

The health controller now responds to JSON requests with a structured response
containing status and timestamp information. This makes it easier for monitoring
tools and load balancers to consume health check data programmatically.

Francesco Loreti, Juan Vásquez

Allow to open source file with a crash from the browser.

Igor Kasyanchuk

Always check query string keys for valid encoding just like values are checked.

Casper Smits

Always return empty body for HEAD requests in PublicExceptions and
DebugExceptions.

This is required by Rack::Lint (per RFC9110).

Hartley McGuire

Add comprehensive support for HTTP Cache-Control request directives according to RFC 9111.

Provides a request.cache_control_directives object that gives access to request cache directives:

Example usage:

egg528

Add assert_in_body/assert_not_in_body as the simplest way to check if a piece of text is in the response body.

DHH

Include cookie name when calculating maximum allowed size.

Hartley McGuire

Implement must-understand directive according to RFC 9111.

The must-understand directive indicates that a cache must understand the semantics of the response status code, or discard the response. This directive is enforced to be used only with no-store to ensure proper cache behavior.

heka1024

The JSON renderer doesn't escape HTML entities or Unicode line separators anymore.

Using render json: will no longer escape <, >, &, U+2028 and U+2029 characters that can cause errors
when the resulting JSON is embedded in JavaScript, or vulnerabilities when the resulting JSON is embedded in HTML.

Since the renderer is used to return a JSON document as application/json, it's typically not necessary to escape
those characters, and it improves performance.

Escaping will still occur when the :callback option is set, since the JSON is used as JavaScript code in this
situation (JSONP).

You can use the :escape option or set config.action_controller.escape_json_responses to true to restore the
escaping behavior.

Étienne Barrié, Jean Boussier

Load lazy route sets before inserting test routes

Without loading lazy route sets early, we miss after_routes_loaded callbacks, or risk
invoking them with the test routes instead of the real ones if another load is triggered by an engine.

Gannon McGibbon

Raise AbstractController::DoubleRenderError if head is called after rendering.

After this change, invoking head will lead to an error if response body is already set:

Iaroslav Kurbatov

The Cookie Serializer can now serialize an Active Support SafeBuffer when using message pack.

Such code would previously produce an error if an application was using messagepack as its cookie serializer.

Edouard Chin

Fix Rails.application.reload_routes! from clearing almost all routes.

When calling Rails.application.reload_routes! inside a middleware of
a Rake task, it was possible under certain conditions that all routes would be cleared.
If ran inside a middleware, this would result in getting a 404 on most page you visit.
This issue was only happening in development.

Edouard Chin

Add resource name to the ArgumentError that's raised when invalid :only or :except options are given to #resource or #resources

This makes it easier to locate the source of the problem, especially for routes drawn by gems.

Before:

After:

Jeremy Green

A route pointing to a non-existing controller now returns a 500 instead of a 404.

A controller not existing isn't a routing error that should result
in a 404, but a programming error that should result in a 500 and
be reported.

Until recently, this was hard to untangle because of the support
for dynamic :controller segment in routes, but since this is
deprecated and will be removed in Rails 8.1, we can now easily
not consider missing controllers as routing errors.

Jean Boussier

Add check_collisions option to ActionDispatch::Session::CacheStore.

Newly generated session ids use 128 bits of randomness, which is more than
enough to ensure collisions can't happen, but if you need to harden sessions
even more, you can enable this option to check in the session store that the id
is indeed free you can enable that option. This however incurs an extra write
on session creation.

Shia

In ExceptionWrapper, match backtrace lines with built templates more often,
allowing improved highlighting of errors within do-end blocks in templates.
Fix for Ruby 3.4 to match new method labels in backtrace.

Martin Emde

Allow setting content type with a symbol of the Mime type.

Petrik de Heus

Suggest bin/rails action_text:install from Action Dispatch error page

Sean Doyle

Remove deprecated STATS_DIRECTORIES.

Rafael Mendonça França

Remove deprecated bin/rake stats command.

Rafael Mendonça França

Remove deprecated rails/console/methods.rb file.

Rafael Mendonça França

Don't generate system tests by default.

Rails scaffold generator will no longer generate system tests by default. To enable this pass --system-tests=true or generate them with bin/rails generate system_test name_of_test.

Eileen M. Uchitelle

Optionally skip bundler-audit.

Skips adding the bin/bundler-audit & config/bundler-audit.yml if the gem is not installed when bin/rails app:update runs.

Passes an option to --skip-bundler-audit when new apps are generated & adds that same option to the --minimal generator flag.

Jill Klang

Show engine routes in /rails/info/routes as well.

Petrik de Heus

Exclude asset_path configuration from Kamal deploy.yml for API applications.

API applications don't serve assets, so the asset_path configuration in deploy.yml
is not needed and can cause 404 errors on in-flight requests. The asset_path is now
only included for regular Rails applications that serve assets.

Saiqul Haq

Reverted the incorrect default config.public_file_server.headers config.

If you created a new application using Rails 8.1.0.beta1, make sure to regenerate
config/environments/production.rb, or to manually edit the config.public_file_server.headers
configuration to just be:

Jean Boussier

Add command rails credentials:fetch PATH to get the value of a credential from the credentials file.

Matthew Nguyen, Jean Boussier

Generate static BCrypt password digests in fixtures instead of dynamic ERB expressions.

Previously, fixtures with password digest attributes used <%= BCrypt::Password.create("secret") %>,
which regenerated the hash on each test run. Now generates a static hash with a comment
showing how to recreate it.

Nate Smith, Cassia Scheffer

Broaden the .gitignore entry when adding a credentials key to ignore all key files.

Greg Molnar

Remove unnecessary ruby-version input from ruby/setup-ruby

TangRufus

Add --reset option to bin/setup which will call db:reset as part of the setup.

DHH

Add RuboCop cache restoration to RuboCop job in GitHub Actions workflow templates.

Lovro Bikić

Skip generating mailer-related files in authentication generator if the application does
not use ActionMailer

Rami Massoud

Introduce bin/ci for running your tests, style checks, and security audits locally or in the cloud.

The specific steps are defined by a new DSL in config/ci.rb.

Optionally use gh-signoff to
set a green PR status - ready for merge.

Jeremy Daer, DHH

Generate session controller tests when running the authentication generator.

Jerome Dalbert

Add bin/bundler-audit and config/bundler-audit.yml for discovering and managing known security problems with app gems.

DHH

Rails no longer generates a bin/bundle binstub when creating new applications.

The bin/bundle binstub used to help activate the right version of bundler.
This is no longer necessary as this mechanism is now part of Rubygem itself.

Edouard Chin

Add a SessionTestHelper module with sign_in_as(user) and sign_out test helpers when
running rails g authentication. Simplifies authentication in integration tests.

Bijan Rahnema

Rate limit password resets in authentication generator

This helps mitigate abuse from attackers spamming the password reset form.

Chris Oliver

Update rails new --minimal option

Extend the --minimal flag to exclude recently added features:
skip_brakeman, skip_ci, skip_docker, skip_kamal, skip_rubocop, skip_solid and skip_thruster.

eelcoj

Add application-name metadata to application layout

The following metatag will be added to app/views/layouts/application.html.erb

Steve Polito

Use secret_key_base from ENV or credentials when present locally.

When ENV["SECRET_KEY_BASE"] or
Rails.application.credentials.secret_key_base is set for test or
development, it is used for the Rails.config.secret_key_base,
instead of generating a tmp/local_secret.txt file.

Petrik de Heus

Introduce RAILS_MASTER_KEY placeholder in generated ci.yml files

Steve Polito

Colorize the Rails console prompt even on non standard environments.

Lorenzo Zabot

Don't enable YJIT in development and test environments

Development and test environments tend to reload code and redefine methods (e.g. mocking),
hence YJIT isn't generally faster in these environments.

Ali Ismayilov, Jean Boussier

Only include PermissionsPolicy::Middleware if policy is configured.

Petrik de Heus