Planet Ruby News

Thursday, 28. April 2016

Bundler News

The new index format, Fastly, and Bundler 1.12

A new version of Bundler has arrived! With 1.12, we’re shipping one huge change and several smaller changes—the short version is that Bundler is getting faster and more capable.

The new index format

The biggest change landing in this release is the fabled new index format, which has been in development for over two years. It has required significant work on Bundler and the Bundler API w

A new version of Bundler has arrived! With 1.12, we’re shipping one huge change and several smaller changes—the short version is that Bundler is getting faster and more capable.

The new index format

The biggest change landing in this release is the fabled new index format, which has been in development for over two years. It has required significant work on Bundler and the Bundler API webapp, but it also lays the foundation for years of speed, stability, and security. In addition to the speed increases provided by the format itself, we’re also serving the new index directly from the Fastly CDN. That means Bundler will be able to talk to a server located nearby, no matter where you are in the world. We expect that to make a huge difference, especially in Oceania and Africa. 🎉

exec performance

On top of the new index, we also made specific improvements to the performance of bundle exec. It now avoids running Kernel.exec if possible, and only evaluates the Gemfile one time, instead of twice. Added together, these changes should speed up any bundle exec command by around 0.25 seconds!

outdated by version size

Another new feature is the ability to run bundle outdated with the flags --major, --minor, and --patch. Using those flags, you can limit Bundler to only show you new versions that are both allowed by your Gemfile and also meet the criteria of only changing the major, minor, or patch version of the gem. You can combine them to get only minor and patch updates, or even only major and patch updates (but I have no idea why you would want to do that).

Ruby versions

Our final big feature is support for locking Ruby versions! That means that you can put ruby "~> 2.3" in your Gemfile, and Bundler will save your exact Ruby version (say, 2.3.1) into your Gemfile.lock. You can update the ruby version by running bundle update --ruby, and that will update the lock to match your current version of Ruby the same way Bundler currently updates gem versions.

Minor changes include adding support for Ruby 2.4, RubyGems 2.6.3, and support for the Ruby 2.3 feature of freezing all string literals.

Changelog

We added a bunch of other small tweaks, features, and bugfixes, so be sure to check out the changelog for the entire list!

Updating

To get the newest version of Bundler, run gem install bundler. If you have any issues, please check out our issues guide and let us know!


Version 1.11 released

Bundler 1.11 is here! Six and a half months after the last big release, we’re finally ready to ship 1.11.

I know it’s been a while, but there’s a pretty good reason for that. Over the summer, the team was busy supervising four Google Summer of Code students:

  • We made a significant amount of progress on the new compact gem index, which ought to ship in 1.12 in the near futu

Bundler 1.11 is here! Six and a half months after the last big release, we’re finally ready to ship 1.11.

I know it’s been a while, but there’s a pretty good reason for that. Over the summer, the team was busy supervising four Google Summer of Code students:

  • We made a significant amount of progress on the new compact gem index, which ought to ship in 1.12 in the near future.
  • We improved the Bundler website and online documentation.
  • We’ve created a solid base for Bundler 2.0.
  • We prototyped a new plugin system.

In addition, the Bundler Core team has spent a lot of time focusing on the development experience of bundler itself. The bundler codebase is over five years old, and contains code from over 400 contributors. That can make it rather daunting to start contributing, and also makes it hard to ensure that all of the code in bundler is up to the same standards (and is fit to last for the next five years!). In order to make things more consistent, we’ve introduced RuboCop (and thus a style guide), we’ve instituted a build bot to ensure that master is never failing, and have decided to subject 100% of the new code introduced to code review. This is a big step forward, and lets me confidently say that this will be our best release yet!

That out of the way, what’s actually in this long-awaited release?

New features

First up, we’ve combed through a few years worth of bundler issues, and have improved the error messaging for every single one of them. Our goal is to never show an exception with a backtrace, and instead present a friendly and helpful error message when things go awry – and we’re now pretty close to that.

The dependency resolver has also seen a few updates. Continuing the theme of improved errors, version conflicts will now do a better job of reporting what versions of every gem have been activated, making it even easier to figure out the best way to resolve said conflict. Additionally, resolution has been sped up by over 25x in pathological cases. That’s a pretty nice win.

Finally, we’ve laid the groundwork for resolving gems based on the current version of Ruby. Once the new index is rolled out, Bundler will make sure to choose gems whose required_ruby_version matches the Ruby you are running on.

Bugfixes

The real meat of this release comes in the bugfix section, however. Across almost four hundred commits, we’ve squashed upwards of fifty unique bugs. Meaning this version of bundler should be the fastest, most stable version we’ve ever released.

What’s Next

As I mentioned earlier, this long gap between releases doesn’t mean we’re slowing down development – quite the opposite, in fact! We’re actively working on bundler 1.12 and 2.0 at this very moment, and are incredibly exited to get the new index into people’s hands as fast as we possibly can.

Updating

To install the last release of Bundler, you can run:

$ [sudo] gem install bundler

For all the details, don’t miss the Changelog!


Version 1.10 released

Bundler 1.10 is out! In fact, Bundler 1.10.5 is out today, so we thought it was high time to let everyone know about it.

This release comes with a bunch of new features: the lock command, support for inline gemfiles in scripts, the ability to disable post-install messages, optional groups, conditional gem installation, dramatically improved outdated output, and

Bundler 1.10 is out! In fact, Bundler 1.10.5 is out today, so we thought it was high time to let everyone know about it.

This release comes with a bunch of new features: the lock command, support for inline gemfiles in scripts, the ability to disable post-install messages, optional groups, conditional gem installation, dramatically improved outdated output, and the option to force installed gems to be downloaded and installed again.

日本語訳 / Japanese translation

New features

First up, the new lock command. Running bundle lock will resolve the Gemfile and write a Gemfile.lock, but will not download or install any gems.

Next, for single-file scripts that still depend on gems, a gemfile method is provided by require "bundler/inline". This method will not generate a lock, so be careful what gem versions you allow! Check out the inline docs for details and examples.

Are you tired of being told to HTTParty hard? This option’s for you. Run bundle config ignore_messages.httparty true to silence HTTParty for good, or run bundle config ignore_messages true to turn off all messages forever.

Who needs a jetpack future when you can have optional groups? The long-requested ability to create groups of gems that are not installed by default is finally here. Mark a group as optional using group :name, optional: true do, and then opt in to installing an optional group with bundle install --with name.

At the same time as adding the long-awaited optional groups, we added groups that can be installed (or not) completely automatically! Provide a lambda or proc to determine if gems in the install_if group should be installed, and they will be. Or not. For an example, check out the Gemfile documentation. The idea for this feature came entirely from discussions with Ruby Together members. If you’d like to see more features like this one, or even suggest some of your own, join Ruby Together today.

That’s not all! There are several more smaller changes, including better support for gems with native extensions on RubyGems 2.2. Check out the full 1.10 changelog for the entire list.

BUNDLED WITH

This release also contains a change that has been somewhat controversial: Bundler 1.10 will add the Bundler version to the Gemfile.lock.

While the intended workflow involves only one lock change per Bundler version, the results in real life have been very frustrating. The extremely short explanation is that the problem will disappear once the entire team (rather than only part of the team) upgrades to Bundler 1.9.10 or higher.

Here’s the long explanation: Bundler 1.10 adds the BUNDLED WITH section to the lock, while Bundler 1.9 removes it. When a team includes some developers on 1.9 or older, and some developers on 1.10 or higher, it’s easy to end up in a situation with commits changing the lock back and forth. The simplest way to stop that problem is to upgrade to 1.10 by running gem install bundler. When Bundler 1.10 or higher sees a BUNDLED WITH section, it will leave it in the file.

This change turned out to be a lot more problematic than we were expecting because of the way Spring works. Knowing what I know now, I would have rolled out this change completely differently to reduce this problem, but it’s too late for that now. :/ We designed the change to only activate when you run an “install” command, like bundle install or bundle update. If you just use bundle exec, the lock does not change. We didn’t count on Spring, which runs bundle install --local all the time in the background without notifying users. To stop that from happening, we’ve released a version of Bundler (1.10.4) that works around Spring.

The last issue is that some developers refuse to upgrade from 1.9 to 1.10, for whatever reason, keeping the problem alive. To address that, we’re releasing a final update to 1.9 later today that will simply ignore the BUNDLED WITH section, rather than deleting it.

The reason that we made the change is pretty straightforward: It has been a long-term source of bug reports that users are often on a version of Bundler so old it won’t work for a project, but they have no way to tell. We’ve wanted to fix this by tracking the Bunder version in the lock file since right after 1.0.0 came out. Unfortunately, there was a bug in the 1.0.x lock parser that meant we had to wait until 1.0 fell out of use. We also need to start tracking the Bundler version in the bundle now because we plan to release 2.0 (with big improvements, but breaking some backwards compatibility).

At this point in the explanation, several people have then asked if we could just track the minor version, without the bugfix version. What if it was just 1.10? Would that give most of the benefits without the git churn? Despite this, there are two factors that made us decide to stick with patch level.

First, and most importantly, as soon as everyone is on 1.10+, the churn completely disappears. Version 1.10.1 will not change a lock that says it was bundled with 1.10.3. The absolute worst case once everyone has upgraded to Bundler 1.9.10 or higher is a single commit per version of Bundler, followed by no git churn.

Second, Bundler patch level releases definitely fix bugs, and oftentimes those bugs are big enough to break bundle install for certain subsets of users. Only tracking minor version would be similar to only tracking the minor version of Rails—it’s not really feasible to say “oh, you can use any 4.2.x version of Rails”, because the x allows security holes, breaking bugs, and other problems.

So, in conclusion, the change was never intended to be this disruptive, we’re doing what we can to reduce the impact, and the problem should be completely resolved by updating Bundler to 1.10 (or even the latest 1.9 release, if some of your team want to stay on 1.9).

Thanks for the feedback, everyone!


Hello, Bundler 1.9!

A mere month and a half after the release of Bundler 1.8, we’re happy to announce our next act: Bundler 1.9.

While the CHANGELOG for this version might seem rather short (and light on big new features), there is one cool thing to talk about: Molinillo. Molinillo is a new dependency resolution algorithm developed for CocoaPods – the Cocoa dependency manager. Now, Bundler shares its depend

A mere month and a half after the release of Bundler 1.8, we’re happy to announce our next act: Bundler 1.9.

While the CHANGELOG for this version might seem rather short (and light on big new features), there is one cool thing to talk about: Molinillo. Molinillo is a new dependency resolution algorithm developed for CocoaPods – the Cocoa dependency manager. Now, Bundler shares its dependency resolver – one of the most integral parts of a dependency manager – with CocoaPods, with the core logic being independently documented and tested. Molinillo was developed thanks to a generous grant from Stripe for the express purpose of being a generic dependency resolution algorithm that was sharable across different code bases – specifically CocoaPods and Bundler (and possibly even RubyGems)!

Dependencies in Bundler?

Having dependencies inside Bundler itself is a bit crazy: Bundler is a dependency manager for gems, written in Ruby. How could it use gems itself? Well, it can’t really. But we can cheat a bit by shipping Molinillo’s source files inside the bundler gem. This has its own challenge – what if a gem (such as CocoaPods), requires a different version of molinillo (or thor, which is likewise vendored in Bundler)? The solution is to prefix the top-level namespace constant in the vendored gem with Bundler’s own namespace. The upshot of this song-and-dance is that Bundler can share open source libraries just like every other gem!

Updating

To install the last release of Bundler you can run:

$ [sudo] gem install bundler

For all the details, don’t miss the Changelog!


A New Bundler Website

Announcing… the new Bundler website! As part of Google Summer of Code 2016, Bundler has a new, prettier, and better website. The most visible changes are a completely new design and color scheme. In addition, the entire site is now responsive and easy to read on mobile devices using the Bootstrap framework.

The new Docs page provides a table of contents for the entire site, allowing you

Announcing… the new Bundler website! As part of Google Summer of Code 2016, Bundler has a new, prettier, and better website. The most visible changes are a completely new design and color scheme. In addition, the entire site is now responsive and easy to read on mobile devices using the Bootstrap framework.

The new Docs page provides a table of contents for the entire site, allowing you to choose between guides, command reference pages, and changelogs for each version. On each command page (e.g. bundle install), there is a new sidebar, allowing navigation not just between commands but also to previous versions of the same command.

There are also two new guides to go with the new website: Using Bundler In Applications written by me, and Developing a RubyGem using Bundler by Ryan Bigg (@radar).

The new site also includes some more improvements:

  • Command pages are now built from the Bundler repository instead of hand-written (where possible)
  • Commits to the master branch of bundler-site are now auto-deployed (via Travis)
  • Middleman has been updated to latest version
  • Every header in the guides and commands pages now has anchor links for navigation and reference
  • The site now supports multiple translations (although no translations have been completed yet)

Many thanks to Amy (@sailorhg), André (@indirect) and Samuel (@segiddins). Without their help, it wouldn’t have been possible.

Enjoy :D

~ Jakub (@kruczjak)


Bundler 1.13: The one with steady improvements

Bundler 1.13 is out! It’s been a steady stream of improvements over the last four months, and we’re shipping some new features, some improved features, and some experimental features. Now that we’ve shipped all of these changes, we’re starting to work at full speed on the upcoming 1.14 and 2.0 releases. While you wait, read on for the changes in 1.13 and then give it a try!

New features Su

Bundler 1.13 is out! It’s been a steady stream of improvements over the last four months, and we’re shipping some new features, some improved features, and some experimental features. Now that we’ve shipped all of these changes, we’re starting to work at full speed on the upcoming 1.14 and 2.0 releases. While you wait, read on for the changes in 1.13 and then give it a try!

New features

Support for required_ruby_version (with declared ruby)

One very nice addition is that gems with a required_ruby_version will now resolve correctly as long as your Gemfile contains a ruby declaration. This change is the culmination of years worth of work, including the new compact index released in Bundler 1.12. In the future, we’re also going to support gems with required Ruby versions in Gemfiles that don’t declare a Ruby requirement. Because of existing features (like the Gemfile Ruby declaration), we’re having to do some mork work so that everything can coexist harmoniously. In the meantime, set a Ruby version and you’ll get the right gem versions to install on your Ruby.

The bundle doctor command

We’ve also added a bundle doctor command, courtesy of @mistydemeo. Over time, the doctor command will try to solve common problems. Today, it is capable of detecting gems that have been compiled against libraries that no longer exist. For example, if you use Bundler to install the pg gem and then later run brew upgrade postgres, the gem will stop working. We’ve never had a good way to explain (or even detect) this kind of problem before, and now we’re able to fix it for you automatically.

Add options --add-platform and --remove-platform to the lock command

In the past, the only way to resolve your Gemfile on a new platform (like java or mswin) was to run bundle install on that platform. We’ve added explicit options to the lock command to allow managing platforms. Platforms can be added using bundle lock --add-platform NAME, and platforms can be removed using bundle lock --remove-platform NAME.

This makes it possible to (for example) develop on Windows and deploy to a Unix server. However! (and this is a pretty big however), gems on different platforms can have completely different code. Run your test suite on whatever platform you will use in production—it’s the only way to be sure.

Improved features

Auto-install for bundler/inline

When using bundler/inline, gems are now automatically installed. This makes it ridiculously easy to create and distribute single-file scripts that depend on gems. Highly recommended.

Dramatic resolver optimizations

The resolver has been fine-tuned. It allocates less objects, uses less memory, needs less GC time, and is all-around better. It is now able to find usable Gem versions noticably faster. In many cases, the improvement was about 4x. For one especially dramatic Gemfile, Bundler now runs 100x faster than it did before.

Better faster exec

The new exec command (added in v1.12) switched from always calling exec to calling load instead if possible. In version 1.13 we added a way to turn it off: bundle config exec_disable_load true. We also dramatically improved it process, adding support for JRuby, and setting process titles the same way they used to be set.

Improved usage of the compact index

We launched the compact index in v1.12. In this version, we’ve sped things up by using persistent HTTP for more than one request, fixed printing dots to indicate progress, and added support for legacy gems with capitalized names and users without a home directory.

Experimental features

This version also contains three experimental features, disabled by default: a plugin system, and version locking for Bundler itself.

Experimental plugin system

For a long time now, we’ve supported “command” plugins the same way that git does: if there is a command named bundle-foo, then Bundler will run it when you execute bundle foo. The experimental plugin system builds on top of that, providing a way to create new Bundler commands that hook into the Bundler CLI internals. The plugin system also supports “source” plugins, which means it should be possible to use gems from Subversion, Mercurial, S3, or anything else you can think of. In addition to source plugins, we’ve started adding new “lifecycle” hooks. That means plugins will be able to hook in and run their own code before, during, or after the install or update process.

Experimental Bundler version locking

Someday, Bundler 2.0 is going to break backwards compatibility. When that happens, we’re going to need a way for applications that use Bundler 1.x to keep working. We’re also going to need a way for applications that use Bundler 2.x to work in the first place. As a first step towards that glorious future, we’ve built a feature that allows Bundler to automatically run the version of Bundler locked in the Gemfile.lock. It adds an additional level of complexity, though, so we’ve disabling it by default in this version of Bundler. If you want to opt in, and have Bundler 1.13 automatically download, install, and run an older version of Bundler, here’s how it works:

First, export the environment variable BUNDLE_ENABLE_TRAMPOLINE. In the Bash shell, that means running export BUNDLE_ENABLE_TRAMPOLINE=true. Then, run bundle install and bundle exec as usual. You should notice that Bundler will automatically switch to the version of Bundler that is saved into the Gemfile.lock. To update the version of Bundler saved in the lockfile, run bundle update --bundler. That will overwrite the Bundler version in the lock with the newest version of Bundler installed on your machine.

Experimental conservative updates

bundle update received some new options to support conservative updates: --patch and --minor. “Conservative” meaning it will sort all available versions to prefer the latest patch releases from the current version, then the latest minor releases and then the latest major releases. These aren’t documented or formally supported yet while we allow the community some opportunity to weigh in on how these options should work. Join the discussion and give us your 2 cents so we can lock this in for 1.14. There’s even some outstanding issues you can contribute to!

Feedback for experimental features

These features are a really big deal, and we want to launch them at the same level of polish and stability that you’re used to getting from Bundler. We’ll get there, and when we do these features will be turned on by default. In the meantime, if you’d like to try them out, that would be awesome. We’d love to hear your feedback. <3

How To Upgrade

Run gem install bundler to upgrade to the newest version of Bundler.

Monday, 23. January 2017

RubyGems News

2.6.10 Released

RubyGems 2.6.10 includes bug fixes.

To update to the latest RubyGems you can run:

gem update --system

If you need to upgrade or downgrade please follow the how to upgrade/downgrade RubyGems instructions. To install RubyGems by hand see the Download RubyGems page.

Bug fixes:

  • Fix require calling the wrong gem

    RubyGems 2.6.10 includes bug fixes.

    To update to the latest RubyGems you can run:

    gem update --system
    

    If you need to upgrade or downgrade please follow the how to upgrade/downgrade RubyGems instructions. To install RubyGems by hand see the Download RubyGems page.

    Bug fixes:

    • Fix require calling the wrong gem method when it is overridden. Pull request #1822 by Samuel Giddins.

    SHA256 Checksums:

    • rubygems-2.6.10.tgz
      364c0eee8e0c9e8ab4879c5035832e5a27f0c97292d2264af5ae0020585280f0
    • rubygems-2.6.10.zip
      c20feec88c66577f704532d9d574d1e81c3dc56d402ca9a31a8de23b20346b11
    • rubygems-update-2.6.10.gem
      9d69bbba7af33cf21d4ed65e431978e7ee1f5d7b1c553570e3b50c129476b9a5

Ruby on Rails News

New Action Pack caching gems released

Hi everyone,

I’m happy to announce that new versions of the caching gems extracted from Rails 4.0 have been released.

Action Pack Page Caching (v1.1.0) CHANGES since 1.0.2
  • Support for Rails 5.0
  • Support for setting page_cache_directory at the controller instance level
  • Support for setting page_cache_directory using a proc, s

Hi everyone,

I’m happy to announce that new versions of the caching gems extracted from Rails 4.0 have been released.

Action Pack Page Caching (v1.1.0)

CHANGES since 1.0.2

  • Support for Rails 5.0
  • Support for setting page_cache_directory at the controller instance level
  • Support for setting page_cache_directory using a proc, symbol or callable object

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you’d like to verify that your gem is the same as the one I’ve uploaded, please use this SHA-1 hash.

$ shasum actionpack-page_caching-1.1.0.gem
b9626f7afeb1d69267d1fd6b7255a30be7c33d29  actionpack-page_caching-1.1.0.gem

Action Pack Action Caching (v1.2.0)

CHANGES since 1.1.1

  • Support for Rails 5.0
  • Respect Accept header when caching actions
  • Standardise behavior of options :layout and :cache_path when passed a proc, symbol or callable object

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you’d like to verify that your gem is the same as the one I’ve uploaded, please use this SHA-1 hash.

$ shasum actionpack-action_caching-1.2.0.gem
308c3acf35c0bdbf15e5c63b64aeda0ec817a269  actionpack-action_caching-1.2.0.gem

Many thanks to the numerous people who have contributed PRs and reported bugs.

Friday, 20. January 2017

JetBrains RubyMine News

RubyMine 2017.1 EAP 3: Updated New Ruby Class Dialog, Fixed Markdown

Hi all, Today we have updated our Early Access Program for the upcoming 2017.1 release. If you haven’t tried it yet, you’re welcome to download the newest RubyMine 2017.1 EAP3 from our What’s new page. In the previous EAP post … Continue reading →

Hi all,

Today we have updated our Early Access Program for the upcoming 2017.1 release. If you haven’t tried it yet, you’re welcome to download the newest RubyMine 2017.1 EAP3 from our What’s new page.

In the previous EAP post we announced quick gemset creation and RuboCop support. This small yet important update complements the previously announced EAP with the ability to create classes nested in the right modules by using the New Ruby Class dialog:

newclass1080

In other improvements, a hang in .md files that literally bugged some Mac users has been fixed.

As usually, you can check our Release notes for the full list of improvements.

Let us know what you think in the comments below, and use our tracker to submit your issues and feature requests.

Cheers!

Your RubyMine Team


RubyGems News

2.6.9 Released

RubyGems 2.6.9 includes bug fixes.

To update to the latest RubyGems you can run:

gem update --system

If you need to upgrade or downgrade please follow the how to upgrade/downgrade RubyGems instructions. To install RubyGems by hand see the Download RubyGems page.

Bug fixes:

  • Allow initializing versions with empty strings. Pull req

RubyGems 2.6.9 includes bug fixes.

To update to the latest RubyGems you can run:

gem update --system

If you need to upgrade or downgrade please follow the how to upgrade/downgrade RubyGems instructions. To install RubyGems by hand see the Download RubyGems page.

Bug fixes:

  • Allow initializing versions with empty strings. Pull request #1767 by Luis Sagastume.
  • Fix TypeError on 2.4. Pull request #1788 by Nobuyoshi Nakada.
  • Don’t output mkmf.log message if compilation didn’t fail. Pull request #1808 by Jeremy Evans.
  • Fixed broken links and overzealous URL encoding in gem server. Pull request #1809 by Nicole Orchard.
  • Update vendored Molinillo to 0.5.5. Pull request #1812 by Samuel Giddins.
  • RakeBuilder: avoid frozen string issue. Pull request #1819 by Olle Jonsson.

SHA256 Checksums:

  • rubygems-2.6.9.tgz
    2608a9f8447b3657fd96e3b2d91e1df3f0064efab6db56f00ecba744aba2bef5
  • rubygems-2.6.9.zip
    a5f4820520921c4e316167e39dfc56e0cfbcbb25a244caab1dd784c471ea3c9d
  • rubygems-update-2.6.9.gem
    021ba9ba5cb24f9073226df6479f8ab61ab3c477d8c7ac6600f1dbd7025746fd

Ruby on Rails News

This Week in Rails: DB adapters, Git, Action Cable and more!

Hello everyone! This is Roque bringing the latest news from the Rails community.

Remember, today is the last day to submit your RailsConf proposal. You have until 11:59 p.m. MST!

Now, let’s get started!

Featured This Week’s Rails Contributors

This week 33 people contributed to Rails. We also got 4 first time contributors. Welcome aboard folks and keep it going!

SQL

Hello everyone! This is Roque bringing the latest news from the Rails community.

Remember, today is the last day to submit your RailsConf proposal. You have until 11:59 p.m. MST!

Now, let’s get started!

This Week’s Rails Contributors

This week 33 people contributed to Rails. We also got 4 first time contributors. Welcome aboard folks and keep it going!

SQL Server adapter released for Rails 5

The 5.0.x version of the adapter is only for the latest 5.0 version of Rails. If you need the adapter for an older version of Rails, just install the latest version of the adapter that matches your Rails version (3.2.x to 4.1.x).

Git repo in new Rails projects

New projects will now be generated with a Git repo by default. Please use the option --skip-git if you choose to skip it.

Foreign Key Support for SQLite

Adds foreign key support for SQLite 3.6.19 (or greater) in create statements.

Improved

Improve the AS::NumericWithFormat#to_s memory allocation

Thanks to some good profiling, ActiveSupport::NumericWithFormat#to_s should behave better and not allocate too many objects. 🔎

Fixed

Add channel prefix support to Action Cable Redis adapter

Without channel prefix in Redis, apps using the same Redis server could have their communication compromised. You can now set the option channel_prefix in your cable.yml file. Please check the PR for details.

Make all Rails commands work in engines

The following commands are now working in engines: server, console, dbconsole and runner.

Generate migrations at custom path

New database migrations will be generated at the path set by config.paths["db/migrate"] if the option is defined.

Fix Module#parent_name on a frozen module

The method would throw a runtime error when called for a frozen module.

Wrapping up

That’s it from This Week in Rails! There were many other great contributions, too numerous to list here, but feel free to check them out!

Until next week!

Monday, 16. January 2017

JetBrains RubyMine News

RubyMine 2017.1 EAP 2: Create gemsets quickly & work with RuboCop

Hi everyone, RubyMine 2017.1 EAP 2 (171.2272.16) is out and available for download. Besides a number of bug fixes, this Early Access Program provides a way to create RVM gemsets for Rails applications right from the New Project wizard, and … Continue reading →

Hi everyone,

RubyMine 2017.1 EAP 2 (171.2272.16) is out and available for download. Besides a number of bug fixes, this Early Access Program provides a way to create RVM gemsets for Rails applications right from the New Project wizard, and features RuboCop support.

Creating Gemsets From the New Project Wizard

If you haven’t used gemsets before, you might want to know that a gemset is a container used to keep separate gems for each project. Gemsets allow you to change gems and their versions in one project without being afraid of affecting your other projects. Jump to the RVM documentation to learn how gemsets can improve your coding experience.

To create a gemset for your new Rails project in RubyMine, follow these steps:

Open RubyMine and click Create New Project from the Welcome screen (File | New Project). Choose a new Rails application.

creatiing_gemset_rubymine

As you can see in the GIF above, when you specify a name for your project, RubyMine automatically suggests a similarly named gemset. Click Create to have the IDE install a gemset for your new project. Leave the box checked so that the gems are put in this gemset when generating your Rails project.

Since you don’t have Rails set up in your newly created gemset, you can install any available version in the Rails Version field (this might take up to several minutes):

create_rails_cut

After installing Rails, click Create in the lower right corner of the New Project wizard. The IDE will generate your Rails application with all the gems mounted in the preconfigured gemset. The IDE will also create .ruby-gemset and .ruby-version files, specifying the gemset and the Ruby version used in the project.

Go to Preferences | Languages & Frameworks | Ruby SDK and Gems to see your SDK configurations and available gems:

Gemset_Preferences

Note that you may face issues when creating a gemset for a New Rails API. This problem will be fixed in the next stable release (v2017.1).

RuboCop Support

Now the IDE interacts with RuboCop, analyzing code in the background and displaying errors according to the RuboCop’s severity table:

SEVERITY_MAP.put("refactor", HighlightSeverity.WEAK_WARNING);
SEVERITY_MAP.put("convention", HighlightSeverity.WEAK_WARNING);
SEVERITY_MAP.put("warning", HighlightSeverity.WARNING);
SEVERITY_MAP.put("error", HighlightSeverity.ERROR);
SEVERITY_MAP.put("fatal", HighlightSeverity.ERROR);

RuboCop inspections are treated the same way as other code inspections:

rubocop

If the project SDK has the rubocop gem installed, the RuboCop inspection will be enabled by default. Otherwise, RubyMine will suggest to install the missing gem and enable the inspection:

rubocop_suggest

Other improvements

Here are some other improvements for this EAP:

  • The inspection of frozen strings modification has been fixed and now doesn’t show false warnings.
  • Underscores in the middle of the words now respect CamelHumps settings correctly in markdown files.
  • The ability to change language level for JRuby and Rubinius, which had previously been removed, has been reinstated.

Follow this link for the full list of changes.

Download the newest RubyMine EAP and share your feedback with us! Leave your comments below, and submit your feature requests and bug reports to our tracker.

Cheers!

Your RubyMine Team

Friday, 13. January 2017

Ruby on Rails News

This Week in Rails: Time, Duration fixes and more

Happy new year (yet again) ! And a Friday the 13th 👻

This is Vipul, bringing you the latest from just the second week of the year, which is shaping to be really busy.

Thanks to all the 27 contributors, in particular to the 4 people who contributed for the first time. Keep up the good work!

Here are the most relevant changes to Rails master for this week.

Improved Co

Happy new year (yet again) ! And a Friday the 13th 👻

This is Vipul, bringing you the latest from just the second week of the year, which is shaping to be really busy.

Thanks to all the 27 contributors, in particular to the 4 people who contributed for the first time. Keep up the good work!

Here are the most relevant changes to Rails master for this week.

Improved

Constant look-up would no longer fall back to top-level constant since Ruby 2.5

Since top-level constant lookup has been removed on Ruby 2.5, Rails takes care of relevant changes on its side, so that we rely on properly scoped constants, instead of relying on fallback lookup.

Fixed

Fix pool_from_any_process to use most recent specification

If a process is forked more than once, the Active Record connection pool was grabbing the oldest connection specification for a process, and not the most recent one.

This issue is not seen for single processes, but if you are forking the process multiple times, the wrong specification will be returned and incorrect connection will be used.

This change fixes the issue by reversing the list of specification names so we can grab the most recent one rather than the oldest.

Make time travel work with subclasses of Time/Date/Datetime

Previously when using time travel methods, travel_to, etc, and calling now on a subclass of e.g. Time, it would return an instance of Time instead of returning an instance of the subclass.

This change fixes the way we return the instance, so that we always return using the correct class.

Fix inconsistent parsing of Durations with both months and years

Previously the following code may fail or succeed depending on the current time.

ActiveSupport::Duration.parse(2.months.iso8601) == 2.months  
ActiveSupport::Duration.parse(3.years.iso8601) == 3.years

This change fixes the inconsistent parsing so that this comparison no longer fails.

Removed

Deprecate reflection class_name option to accept a class

The idea of class_name as an option of reflection is that passing a string would allow us to lazy autoload the class.

Using the class directly, with something like

belongs_to :client, class_name: Customer

is eagerloading models more than necessary and creating possible circular dependencies.

This option is now deprecated, pass strings of the class names instead.

Wrapping up

That’s it from Vipul . I hope you enjoyed this issue. 

If you haven’t already, start working on those RailsConf proposals, you have only 6 days left to submit a good talk!

Wednesday, 11. January 2017

JRuby News

JRuby 9.1.7.0 Released

The JRuby community is pleased to announce the release of JRuby 9.1.7.0

  • Homepage: www.jruby.org/
  • Download: www.jruby.org/download

JRuby 9000 is the newest major version of JRuby, representing years of effort and large-scale reboots of several JRuby subsystems. It is expected to be compatible with Ruby 2.x and stay in sync with C Ruby. JRuby 9.1.7.0 is

The JRuby community is pleased to announce the release of JRuby 9.1.7.0

JRuby 9000 is the newest major version of JRuby, representing years of effort and large-scale reboots of several JRuby subsystems. It is expected to be compatible with Ruby 2.x and stay in sync with C Ruby. JRuby 9.1.7.0 is our latest release…

Major features of JRuby 9000:

  • Ruby 2.x compatibility
  • A new optimizing runtime based on a traditional compiler design
  • New POSIX-friendly IO and Process
  • Fully ported encoding/transcoding logic from MRI

If you do find issues then report them on using our issue tracker at http://bugs.jruby.org. We also encourage users to join our IRC channel (#jruby on Freenode) and mailing lists. You may also follow @jruby on Twitter for updates.

  • Fixed spurious LinkageError when using multiple threads
  • Fixed several keyword argument issues
  • Fixed several parser issues
  • Reduced memory use of the JIT
  • Update Psych to 2.2.2
  • Update jruby-openssl to 0.9.18
  • 72 issues fixed for 9.1.7.0

Github Issues resolved for 9.1.7.0

  • #4433 - NullPointerException when creating tempfiles in rspec
  • #4431 - Set toplevel module
  • #4429 - corrupted JIT byte-code for method
  • #4427 - Don't allow null method names
  • #4426 - Calling super() outside of a method causes NPE
  • #4425 - Code behavior changes after being JITted at runtime
  • #4421 - Make StringIO thread-safe by synchronizing against ptr.
  • #4420 - [#4414] Fixes #4414. getVpValueWithPrec19 should raise FloatDomainErr…
  • #4418 - File.expand_path with uri:classloader still relative on Windows
  • #4417 - StringIO is not thread-safe (throws a Java exception)
  • #4416 - The i18n gem does not work in AOT mode
  • #4414 - NumberFormatException when divide BigDecimal by Float::NAN
  • #4410 - chunk_while not returning results equivalent to MRI ruby 2.3+ (jruby 9.1.6.0)
  • #4407 - Concurrent::ScheduledTask is broken on master JRuby
  • #4404 - Decreased coverage with 9.1.7.0 snapshot
  • #4390 - Specific arity jit cleanup
  • #4389 - Check permission to AccessibleObject#setAccessible(boolean) a better way
  • #4388 - Add call protocol to script body and separate non-protocol metas.
  • #4383 - warn with array should behave like puts with array
  • #4382 - Improve stack depth
  • #4381 - Remove unsafe-mock from our build altogether.
  • #4379 - Fix bigdecimal infinity round
  • #4378 - Update jnr.
  • #4369 - break within a block throws LocalJumpError in JRuby but succeeds in MRI Ruby
  • #4366 - Optimize getDefinedMessage by deduping during initialization
  • #4364 - Add regression test for shell exit
  • #4363 - Yard does not work in JRuby =>9.1.3.0
  • #4362 - change status array of ints to an int
  • #4361 - Unexpected value for `$?.exitstatus` when process exited successfully
  • #4356 - trivial: restkwargs => kwargs in FIXME comment
  • #4352 - Fix deadlock when tearing down runtime during debugging
  • #4350 - File.directory? of a uri:classloader resources ending in "/" incorrectly returns false
  • #4349 - -Xnative.enabled=false fails to load windows in kernel
  • #4348 - File.open with open mode a+ do not work
  • #4344 - Can't call a `Proc` which has a required keyword argument and a positional argument
  • #4342 - zsuper does not cope with n repeated _ well
  • #4341 - 9.1.6.0: block arguments *_ and &_ at the same time fails with DynamicScope1 only supports scopes with 1 variables
  • #4340 - Extended class clones and duplicates become unmarshable
  • #4339 - Class clones and duplicates raise StackOverflowError when listing their singleton class ancestors
  • #4336 - Fix unexpected java.lang.ArithmeticException when converting Rational to BigDecimal
  • #4332 - JRuby 9.1.6.0 tries to access O_TMPFILE under Windows
  • #4331 - Skip less specs
  • #4329 - Add missing PortUnreachable catch. Fixes #4104
  • #4324 - Crashing on attempt to convert Rational into BigDecimal
  • #4323 - Usage of `#[]=` assignment in method argument broken
  • #4321 - Fix marshaling Hash with default_proc set to nil
  • #4319 - JRuby can not interpret keyword argument when placed after positional argument in block
  • #4317 - range endpoints with () will generate an NPE
  • #4316 - --disable: should accept gem as alias for gems.
  • #4315 - 2.3 Syntax Failure: %s does not work in alias or undef
  • #4314 - 2.3 syntax failure: 'a b: 1' does not parse as method with kwarg
  • #4310 - Disable notifying travis-rubies of passing [skip ci]
  • #4308 - New syntax errors in 2.3.1/2.3.2 tests.
  • #4302 - Dumping Hash with default_proc that was reset
  • #4299 - Fixed Math.lgamma with input -0.0
  • #4286 - Interrupt ignores exception message
  • #4285 - Catch LinkageError during DynamicScope generation.
  • #4284 - MRI tests that do not appear to exist for MRI
  • #4280 - README: Ruby version manager docs link
  • #4276 - make ttymode and ttymode_yield helpers private
  • #4275 - ttymode, ttymode_yield should be private
  • #4268 - upgrade jruby-openssl to 0.9.18
  • #4266 - JRuby unable to find methods unless jar is in boot classpath
  • #4253 - Respond_to? returns private methods
  • #4196 - Update Psych to eliminate deprecated usage
  • #4123 - Fix IO#syswrite. Fixes #3799
  • #4104 - Resolv::DNS..getresource produces different errors then MRI
  • #4103 - JRuby fails in building from source when using openjdk-7-jdk trusty package
  • #3799 - Unix sockets raise exception on long writes
  • #3729 - Occasional ArrayIndexOutOfBoundsException from a line of Ruby that isn't doing array lookups
  • #2761 - JRuby 9k: simple script ~80% as fast as jruby 1.7.19
  • #2485 - proc with extra args incorrectly binds wrong post args

Tuesday, 10. January 2017

Phusion News

Passenger 5.1: a new milestone in robustness, security and efficiency

It’s been a little over a year-and-a-half since we released the first version of Passenger 5, the application server for Ruby, Python, Node.js and Meteor. It brought a large amount of major improvements.

Since then we have introduced many more major improvements. To celebrate this fact, we bumped

Passenger 5.1: a new milestone in robustness, security and efficiency

It’s been a little over a year-and-a-half since we released the first version of Passenger 5, the application server for Ruby, Python, Node.js and Meteor. It brought a large amount of major improvements.

Since then we have introduced many more major improvements. To celebrate this fact, we bumped the minor version number and are happy to announce version 5.1.1! It is the culmination of all the work that has gone into Passenger, with bugfixes, many big and small improvements, and is fully compatible with the 5.0.x line (no breaking changes).

The same period has also seen the growth of the Passenger team, as well as a significant expansion of the Passenger documentation with the introduction of the Passenger Library.

Passenger 5.1: a new milestone in robustness, security and efficiency

In this blog post we’re looking back at the improvements we’ve introduced in Passenger since 5.0.1. The regular description of changes since 5.0.30 can be found at the end, and includes two notable security fixes.

In an upcoming blog post we will look to the future and describe some of the exciting ideas we have in store for this year, so stay tuned!

A plethora of improvements

There are too many improvements to Passenger since version 5.0 to go into them all in-depth, so we've gathered and categorized them by how they help you to manage and run your application harder, better, faster, stronger.

Passenger 5.1: a new milestone in robustness, security and efficiency

Minimizing and preventing down time

Passenger has a lot of features for minimizing and preventing downtime in apps, such as rolling restarts and deployment error resistance.

After 5.0.1 we’ve further improved the robustness in challenging situations like running out of memory or crashing application code. Rolling restarts were changed to maintain an even more resource-friendly load profile.

Improvements after 5.0.1
Protection from response body processing crashes
Prevent the connection from stalling if the Ruby handler crashes while processing a Rack response body.
Resource friendly rolling restart (Enterprise)
Passenger Enterprise avoids system overload from processes that use a lot of resources during shutdown by waiting for total process exit before rolling restarting the next process.
Robust log file reopening
Passenger processes now avoid failure to open the log file by re-inheriting from the Watchdog when passenger-config reopen-logs is called.
Robustness when out-of-memory
Improved out-of-memory detection in various subroutines.
Clock time-stepping robustness
Improved Passenger Core robustness against significant system wallclock changes while Passenger is running, by switching to a monotonic clock.
Passenger 5.1: a new milestone in robustness, security and efficiency

Secure defaults and defense in depth

Passenger does the heavy lifting to provide a secure platform from which you can serve your app with confidence.

In this category one of the most notable improvements after 5.0.1 is the new Passenger security update check. This (optional) feature allows users to be notified in case there are any important Passenger-related security updates so that they can take timely action to keep their systems secure.

Security is high on our priority list and we constantly watch for potential vulnerabilities. For example, when Rails 5 was released, we did a number of tests that revealed a DoS vulnerability. Although Passenger’s design already protects users from this type of issue, we are happy the issue has been fixed in Rails.

Improvements after 5.0.1
Passenger security update check
Daily Passenger security update check to log a warning if there is a newer Passenger version with important security fixes.
Administrative tools can be used without sudo
Admin commands like passenger-status, passenger-config restart-app can be run without sudo, and operate only on apps that are owned by admin command user.
Secure HTTP header support (Node.js)
Our new “Secure HTTP headers” mechanism allows Passenger to send per-request information to the application that cannot be spoofed by the client. Supported in all modes.
CloudLinux LVE and CageFS integration
Users of Passenger + CloudLinux LVE and CageFS benefit from extra security checks and a new control option (PassengerLveMinUid). Contributor: Oleksiy Shchukin, CloudLinux Inc.
Secure error pages
  • New secure defaults for friendly error pages: off unless the environment is development.
  • When friendly error pages are set to off, Passenger never displays any backtraces.
Especially for the Nginx integration mode
Latest stable Nginx
Passenger packages include the latest Nginx stable version, so that you benefit from all the awesome improvements in Nginx as well. Currently this is Nginx 1.10.2 (versus 1.6.0 at the time of Passenger 5.0.1).
Passenger 5.1: a new milestone in robustness, security and efficiency

Faster & more efficient resource use

Passenger’s design and relentless optimization enables developers and administrators to get the most performance out of their hardware.

With a couple of new options, Passenger helps high-performance servers and applications shine even when under extremely demanding loads. Conditions on a single server such as hundreds of workers, 100K+ RPM with traffic bursts can be handled flawlessly. Another interesting option is that Node.js applications can now be autoscaled; similar to what was already possible for Ruby apps.

Improvements after 5.0.1
Massive concurrency
Three new options to help configure extremely high concurrency: socket_backlog, core_file_descriptor_ulimit and app_file_descriptor_ulimit.
Modernized performance & scaling defaults
  • Speed up disk buffering and request handling with larger mbuf block size (512 to 4096).
  • Handle higher concurrency by default with larger socket backlog size (1024 to 2048).
Fast fail (Node.js, Meteor)
Passenger now signals Node.js and Meteor apps when the client has disconnected during a request so they can stop spending resources on the response.
Dynamic process scaling (Node.js, Meteor)
Node.js and Meteor apps can now benefit from dynamic process scaling with the new force_max_concurrent_requests_per_process option.
Passenger 5.1: a new milestone in robustness, security and efficiency

Improve development efficiency

Passenger gives developers and administrators super powers so that they can do their jobs more efficiently.

We’ve added a ton of improvements in this category, such as new options and tools for diagnostics, validation and troubleshooting of configurations, applications and connections (e.g. Websockets). Configuration ease and flexibility, as well as maintenance-friendliness have been improved in various ways, like the possibility to configure Passenger Standalone through environment variables or via a refactored configuration template. This makes Passenger integrate better than ever with Heroku, Docker and 12-factor principles.

There are also special improvements like support for the Nginx dynamic module system, installation validation for Passenger + Apache and Docker-friendly logging for Passenger Standalone.

The list below shows the first few items, but you can expand it with the link below that to see all of the improvements.

Improvements after 5.0.1
Analyzing stuck applications or websockets
passenger-status --show=server now reports last_data_send_time and last_data_receive_time which can be used to troubleshoot long-running requests (for example, to see if a websocket heartbeat is stuck).
Diagnostics for stuck processes (Enterprise)
The max_request_time_reached hook allows you to run diagnostics on a process that that took too long to respond to a request.
Thread ID in logging (Enterprise)
When running a Rails app in multithreaded mode, Rails logs are automatically tagged with the current thread number to distinguish logs generated by different threads.
Rails server integration
Passenger can now be started with rails server just like other Rails servers.
Minimum Kernel requirement lifted
RPM packages no longer require kernel 2.6.39 on RHEL 6 / CentOS 6, and are compatible with the latest SELinux changes.
Application restarting convenience & Capistrano
passenger-config restart-app received several improvements:
  • parameter . can be used to restart the app in the current working directory.
  • (Capistrano) new option --ignore-passenger-not-running that allows the command to exit without signaling an error if Passenger is not yet running, or none of the running apps belong to the invoking user.
  • interactive menu allowing you to select the app to restart.
Passenger 5.1: a new milestone in robustness, security and efficiency

Staying ahead of the curve

Passenger embraces modern technologies and multiple platforms to prevent lock-in and to stay ahead of the curve.

As technology moves forward through time, Passenger keeps up. For example, you can use our Passenger APT/RPM packages for the latest couple of versions of Debian, Ubuntu, Red Hat Enterprise Linux and CentOS; which includes the recently released Ubuntu 16.10 and RHEL 7.3. Passenger also supports the newly released JRuby 9.0.0.0 as well as Rails 5 + Action Cable, and a number of smaller improvements like support for IPv6 across all the different integration modes.

Improvements after 5.0.1
Packages for Debian, Ubuntu, CentOS, Red Hat Enterprise Linux
  • Debian 8 "Jessie"
  • Ubuntu 15.04 "Vivid Vervet", Ubuntu 16.04 “Xenial Xerus”, Ubuntu 16.10 “Yakkety Yak”
  • CentOS 6, 7
  • RHEL 6, 7
RHEL 7.3 / SELinux compatibility
The RPM package builder was updated to support (breaking) SELinux changes in RHEL 7.3.
Passing settings to non-bundled Meteor apps
Meteor’s new way of specifying settings for (non-bundled) apps is now supported.
Support SHA256 digests for the Rails asset pipeline
This means that software like the new Sprockets 3.x works seamlessly.
Platform build support
  • OS X 10.11 "El Capitan", macOS 10.12 "Sierra"
  • Debian GNU/kFreeBSD (contributor: stevenc99)
  • IBM power 8 (libev config.sub and config.guess updated)
Support added for JRuby 9.0.0.0
Node.js graceful shutdown
Passenger now calls process.emit('message', 'shutdown') before it shuts down an application process, allowing some compatibility with the Cluster module API.

Passenger 5.1: a new milestone in robustness, security and efficiency

Changes from 5.0.30 to 5.1.1

For your convenience we've listed the improvements and bugfixes specifically since version 5.0.30 below. This includes two notable vulnerabilities that were addressed in 5.1.0. Version 5.1.0 and 5.1.1 were released in short succession due to a fix for Rails 5.0.1 Action Cable, so we’re covering them both in one blogpost.

CVE-2016-1247

On the 25th of October, an issue with the default permissions in the upstream Nginx APT package was made public. It allows local users with access to the web server user account to gain root privileges via a symlink attack on the error log. The fix has been applied to the Phusion Nginx APT-package.

Predictable tmp File Path Vulnerability

On the 1st of November, Jeremy Evans reported a file overwrite vulnerability caused by a predictable temporary file being written by passenger-install-nginx-module. With access to the system, a user could plant a symlink in /tmp that resulted in a chosen-file overwrite attempt whenever passenger-install-nginx-module was run, using the access rights of the executing user, potentially even with chosen content. Files written to the tmp directory now have randomized path components to fix this vulnerability.

Other bugfixes

Passenger 5.1.0
Fixes a file overwrite vulnerability caused by a predictable temporary file being written by passenger-install-nginx-module. Thanks to Jeremy Evans for reporting this.
Fixes permissions issue on Linux when setting OOM score after lowering privileges. Closes GH-1858.
Fixes unaligned memory access in base64 decoder on platforms that have strict aliasing requirements (non x86/x86_64). Closes GH-1646.
passenger-install-apache-module now suggests the correct apache package on Ubuntu Xenial. Closes GH-1884.
Fixes compilation on Linux when a non-glibc C library is in use. Closes GH-1870.
Fixes an issue where passenger-config couldn't restart an app if the TMPDIR variable was set to /tmp
Especially for the Nginx mode
Updates to APT package builder (Debian & Ubuntu) with fix for www-data to root privilege escalation via log file handling (CVE-2016-1247/USN-3114-1).
Updates to RPM package builder (CentOS & RHEL) with fix for 1.10.x system nginx package overriding the nginx from the Passenger repo. Closes GH-1895.
Especially for the Apache mode
Fixes PassengerShowVersionInHeader option. Thanks to Sebastian Welther for contributing this.
Especially for the Standalone mode
The TempDirToucher will now spend most of its time with reduced privileges, except when it's actively touching files. This allows it to be killed when Passenger is quit in most circumstances. Closes GH-1678.
Fixes starting Passenger as a non-extant user. Closes GH-1849.
Passenger 5.1.1
The precompiled version of the PassengerAgent binary (used for e.g. gem installs) now configures (statically linked) libcurl with system keystore, so that the new security update check can successfully validate certs.
Fixes some false positives (logging) from the new Node and Meteor cluster warning system. Logging is less repetitive and has extra debug info. Closes GH-1905.
Updates the upload-progress module in the Nginx Debian package. The module version that we linked against in 5.1.0 was 0.9.2, but due to a bug in that version the module didn't work.
Especially for Passenger Enterprise
Add missing flying-passenger integration mode to security update check.
Especially for the Apache mode
Introduces a small delay to prevent running the Security Update Checker twice at startup.

Improvements

Passenger 5.1.0
Introduces daily Passenger security update check to warn (error log) if there are newer Passenger versions with important security fixes (describing what was discovered, what is affected, which version has the fix).
Passenger now reports when you try to use Node.js or Meteor clustering, and tries to continue with just a nonfunctional shim in place, so that if your code uses the clustering APIs your app may still work.
Improved look of the error pages for failing to spawn an application (development & production mode), and Error ID is now also shown in production mode.
Ubuntu 16.10 (Yakkety) support.
passenger-install-nginx-module and the standalone compiler now add the http v2, realip and addition module flags for Nginx (just like the APT/RPM/autobuilder already had). Closes GH-1788.
RPM package builder now compatible with (breaking) SELinux change in RHEL 7.3.
RPM packages no longer require kernel 2.6.39 on RHEL 6 / CentOS 6, and are compatible with SELinux changes.
Updates libev config.sub and config.guess to support newer platforms such as the IBM power 8.
Upgrades union_station_hooks_core to version 2.1.2.
Especially for Passenger Enterprise
When running a Rails app in multithreaded mode, Passenger Enterprise automatically tags Rails logs with the current thread number. This makes it possible to distinguish logs generated by different threads.
Especially for the Nginx mode
The preferred Nginx version is now 1.10.2 (previously 1.10.1).
Especially for the Standalone mode
Allows raw json envvars in Passengerfile.json. Closes GH-1837.
Enable ipv6 support by default in builtin nginx. Closes GH-1873.
Make the max_requests option available on the command line as well.
Passenger 5.1.1
The security update check now reports whether libcurl + SSL backend are statically linked to Passenger, in which case the check also needs to warn about relevant OpenSSL vulnerabilities in the linked library.
Increases the allowed line lengths emitted by apps at startup.
Adds support for the unary 'not' operator in the Union Station filter language.
Fixes support for Rails 5.0.1 Action Cable. Specifically, we now support the options argument in the write_nonblock method in hijacked Rack IO sockets.

Installing 5.1.1

Please see the installation guide.

Upgrading to 5.1.1

We strongly advise staying up to date with the latest version.

Passenger 5.1: a new milestone in robustness, security and efficiency
macOS
Passenger 5.1: a new milestone in robustness, security and efficiency
Debian
Passenger 5.1: a new milestone in robustness, security and efficiency
Ubuntu
Passenger 5.1: a new milestone in robustness, security and efficiency
Heroku
Passenger 5.1: a new milestone in robustness, security and efficiency
Red Hat
Passenger 5.1: a new milestone in robustness, security and efficiency
CentOS
Passenger 5.1: a new milestone in robustness, security and efficiency
Ruby gem
Passenger 5.1: a new milestone in robustness, security and efficiency
Tarball
Passenger 5.1: a new milestone in robustness, security and efficiency
Docker

Upgrade notes

  • If you are upgrading from version 4, please see the Passenger 5 upgrade notes for potential caveats.

  • If you are getting a download error during a gem install, ensure you have a version of gem >= 2.2.0 (2013), for instance by running gem install rubygems-update; update_rubygems.

  • If you are using Capistrano and capistrano-passenger, please ensure that capistrano-passenger is upgraded to 0.2.0 or newer to avoid "NoMethodError: undefined method `[]' for nil:NilClass".

Final

Passenger's core is open source. Please fork or watch us on Github. :)

Passenger 5.1: a new milestone in robustness, security and efficiency

Passenger ensures that your Ruby, Python, Node.js and Meteor apps, microservices, and APIs are served with outstanding reliability, performance and control. For additional features and premium support, check out the enterprise edition.

Friday, 06. January 2017

Ruby on Rails News

This Week in Rails: Starting the year with over 100 commits

Happy new year! How was your holiday break? Did you receive nice presents? In case you missed it, Ruby 2.4.0 was released on Christmas day so if you haven’t done it yet… rbenv install 2.4.0 right now!

The first week of 2017 has seen more than 100 commits to rails/rails. Congratulations to all the 32 contributors, in particular to the 8 people who contributed for the first t

Happy new year! How was your holiday break? Did you receive nice presents? In case you missed it, Ruby 2.4.0 was released on Christmas day so if you haven’t done it yet… rbenv install 2.4.0 right now!

The first week of 2017 has seen more than 100 commits to rails/rails. Congratulations to all the 32 contributors, in particular to the 8 people who contributed for the first time. Keep up the good work!

Here are the most relevant changes to rails master for this week.

New

Allow to set custom content type for email attachments

With Action Mailer it’s now easy to specify the content type of your attachments. E.g.: mail(body: "\<h1\>Hello\</h1\>", content_type: "text/html").

Added option to ActiveRecord::CounterCache methods

You can now ask Active Record to update specific timestamp columns when incrementing, decrementing, resetting, or updating counter caches.

Default Rails.env to development when missing

If your app does not set RAILS_ENV or RACK_ENV then the value of Rails.env will fall back to development rather than just being an empty string.

Improved

Improve Array#sum with Ruby refinements

Array#sum was defined in Rails with a monkey-patch. Ruby 2.0 introduced refinements for better encapsulation. This is the first PR where they are being used in rails/rails.

Ensure Rails 4.2 works with Ruby 2.4

Some tests and code have been fixed and backported to 4-2-stable so that running Rails 4.2 on Ruby 2.4 will not raise any error. 

Change return value of duplicable?

In Ruby 2.4, NilClass, FalseClass, TrueClass, Symbol and Numeric all support dup. For consistency, duplicable? will now return true for all these classes.

Fixed

Serialize JSON attribute value nil as SQL NULL

The way in which a nil JSON payload is stored in a database was inadvertently changed in Rails 5.0. This fix maps nil to SQL NULL, exactly as how it was in Rails 4.x.

Fix generator command for nested namespaced rails engines

If the name of your Rails engine has a hyphen then this PR (fixing the path of namespaced controllers) is for you! 

Update cookies helper on all HTTP requests

This fixes a regression by which cookies were only updated on GET requests. Now we will update the helper for all requests.

Removed

Remove support for MySQL

MySQL 5.0 reached “end of life” more than five years ago. Rails now requires at least version 5.1.10.

Remove previously deprecated code

By now, you should have already dropped any reference to Rake’s db:test:clone, Configuration’s serve_static_files and static_cache_control and ActiveRecord’s uniq, uniq!, uniq_value, insert_sql, update_sql, delete_sql.

Wrapping up

That’s it from Claudio. I hope you enjoyed this issue. And now… let me go back to writing my RailsConf proposal… I only have 14 days left to submit a good talk!

See you all in Phoenix at the end of April!

Thursday, 29. December 2016

JetBrains RubyMine News

RubyMine 2017.1 EAP: Puppet Project Structure

Hi all, We’re glad to bring out RubyMine 2017.1 EAP (171.2014.20) containing both new features and significant bug fixes. In this post we’d like to highlight a new feature for Puppet: Puppet Project Structure. Puppet Project Structure In the recently released RubyMine … Continue reading →

Hi all,

We’re glad to bring out RubyMine 2017.1 EAP (171.2014.20) containing both new features and significant bug fixes. In this post we’d like to highlight a new feature for Puppet: Puppet Project Structure.

Puppet Project Structure

In the recently released RubyMine 2016.3, we announced more intelligent Puppet support, which provides better code completion and navigation along with other fundamental capabilities. But in this update, we think we have finally made a decent tool for developing Puppet modules, which are the most popular approach to Puppet development:

basic_picture_puppet_structure

If you use Puppet for your development operations, you are likely to deal with lots of interdependent modules and/or environments. Each module uses its own resources and classes, or, simply put, files that should be installed for every module in your project. This probably implies downloading these modules to your project and configuring them manually. Bearing this in mind, we have implemented a new project structure that allows you to work with Puppet projects in an intelligent fashion, right inside IDE:

puppet_structure

Here’s how it works:

First of all, open or create a Puppet project.

If you don’t have the librarian-puppet gem installed, the IDE will notify you and run the installation in the background:

librarian_notification
Starting with this EAP, RubyMine can find all modules/environments in the project automatically, based on dependencies files, and update the project structure if any has changed. Even if the IDE fails to update your project structure after installing additional modules into the project using the terminal, you can manually rescan the directory for modules or environments by using Scan for modules and environments from the context menu.

You’ve placed your modules and specified dependencies in metadata.json and, optionally, Puppetfile for modules, and/or Puppetfile for environments. Now simply right-click on any file or directory inside the module or environment to open context menu, and then click Install dependencies:

install_dependencies_output

Now you can see the installed modules in the .dependencies subdir for modules or modules subdir for environments.

What is important here is that the navigation and completion for each module will work in strict accordance with dependencies. For example, if you are editing one module depending on puppetlabs-nginx, and another module depending on puppetlabs-apache, then you’ll see either nginx or apache in completion:

mod1_ngnix

mod2_apache

The same logic applies to navigation actions like Go to declaration, Find usages, and so on:

navigation

Important! This EAP cannot handle dependencies versions. If two modules in your project depend on the same module with different versions and you’ve installed dependencies for both of them, navigation and completion may work wrong (resolve/complete from an incorrect version of dependency).

Another important note is that if some of your modules depend on module A, and you’ve got two copies of this module A (e.g. one in project root, and another in .dependencies directory), completion and resolve will work with the one in the project root. This has been done so that you can simultaneously work on a module and its dependency in the same project.

Download the newest EAP and share your feedback. Please post your comments below, and report any feature and bug requests to our tracker.

Cheers!


Your RubyMine Team

 

Sunday, 25. December 2016

Ruby Lang News

Ruby 2.4.0 Released

We are pleased to announce the release of Ruby 2.4.0.

Ruby 2.4.0 is the first stable release of the Ruby 2.4 series. It introduces many new features, for example:

Introduce hash table improvement (by Vladimir Makarov)

Improve the internal structure of hash table (st_table) by introducing open addressing and an inclusion order array. This improvement has been discussed with many

We are pleased to announce the release of Ruby 2.4.0.

Ruby 2.4.0 is the first stable release of the Ruby 2.4 series. It introduces many new features, for example:

Introduce hash table improvement (by Vladimir Makarov)

Improve the internal structure of hash table (st_table) by introducing open addressing and an inclusion order array. This improvement has been discussed with many people, especially with Yura Sokolov.

Binding#irb: Start a REPL session similar to binding.pry

While you are debugging, you may often use p to see the value of variables. With pry you can use binding.pry in your application to launch a REPL and run any Ruby code. r56624 introduces binding.irb which behaves like that with irb.

Unify Fixnum and Bignum into Integer

Though ISO/IEC 30170:2012 doesn’t specify details of the Integer class, Ruby had two visible Integer classes: Fixnum and Bignum. Ruby 2.4 unifies them into Integer. All C extensions which touch the Fixnum or Bignum class need to be fixed.

See also the ticket and akr’s slides.

String supports Unicode case mappings

String/Symbol#upcase/downcase/swapcase/capitalize(!) now handle Unicode case mappings instead of only ASCII case mappings.

Performance improvements

Ruby 2.4 also contains the following performance improvements including language changes:

Array#max, Array#min

[x, y].max and [x, y].min are optimized to not create a temporary array under certain conditions.

Regexp#match?

Added Regexp#match?, which executes a regexp match without creating a back reference object and changing $~ to reduce object allocation.

Other performance improvements

Debugging

Thread#report_on_exception and Thread.report_on_exception

Ruby ignores exceptions in threads unless another thread explicitly joins them. With report_on_exception = true, you can notice if a thread has died due to an unhandled exception.

Send us feedback what should be the default for report_on_exception and about report-on-GC, which shows a report when a thread is garbage collected without join.

Thread deadlock detection now shows threads with their backtrace and dependency

Ruby has deadlock detection around waiting threads, but its report doesn’t include enough information for debugging. Ruby 2.4’s deadlock detection shows threads with their backtrace and dependent threads.

Other notable changes since 2.3

  • Support OpenSSL 1.1.0 (drop support for 0.9.7 or prior)
  • ext/tk is now removed from stdlib Feature #8539
  • XMLRPC is now removed from stdlib Feature #12160

See NEWS or commit logs for details.

With those changes, 2523 files changed, 289129 insertions(+), 84670 deletions(-) since Ruby 2.3.0!

Merry Christmas, Happy Holidays, and enjoy programming with Ruby 2.4!

Download

  • https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.0.tar.bz2

    SIZE:   12572424 bytes
    SHA1:   944d2588308391b20a89642472454d1dfe7b2360
    SHA256: 440bbbdc49d08d3650f340dccb35986d9399177ad69a204def56e5d3954600cf
    SHA512: bef7bb53f63fb74073d071cc125fb67b273ed0779ef43c2d2969089b9ca21fff1bd012281c5b748f7a3c24dd26e71730d7248c05a01cb23ab2089eb4d02115fe
    
  • https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.0.tar.gz

    SIZE:   14104044 bytes
    SHA1:   d44a3c50a0e742341ed3033d5db79d865151a4f4
    SHA256: 152fd0bd15a90b4a18213448f485d4b53e9f7662e1508190aa5b702446b29e3d
    SHA512: 21c9f596b42dd9cba7a53963a59fed0c2e0c1eb960a4ac7087ea3eaa991ce9252d32639e1edcb75b1d709bc07c4820a6dc336ab427d0643c6e6498e0eacdbc8b
    
  • https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.0.tar.xz

    SIZE:   9906880 bytes
    SHA1:   038804bbd0e77508dd2510b729a9f3b325489b2e
    SHA256: 3a87fef45cba48b9322236be60c455c13fd4220184ce7287600361319bb63690
    SHA512: 975a5388592adc038461e0acebb6c0efee242891b2ea8621476401458efe2bc0fdd317d3bf99beb745b0b3808410efdff33862da29c95c027f457943721e3ab6
    
  • https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.0.zip

    SIZE:   15758757 bytes
    SHA1:   29e1bab11551011718c35a51827edcb55bd656fc
    SHA256: 5c2bbfa26fd6a15a2d70961874b0f3a386206fcc5f698e240dd8b0c9f0f18c5e
    SHA512: 31d932372ce490eeac0a70bc8dcf842909a90435422398d069c05cf01d994936064b8f4e60879e28a8655c1296eb8e180e348cb95e001ed6ca73cda0ff77de23
    

Posted by naruse on 25 Dec 2016

Wednesday, 21. December 2016

Phusion News

ActionCable under stress: Finding a DoS vulnerability in Rails 5 WebSockets Apps

In this article we will show you how Rails 5.0.0 ActionCable applications on Puma, the new default Rails app server, might be exposed to denial of service by slow clients. We will be using the OS X network shaping tools to simulate an attack, revealing the vulnerability.

In

ActionCable under stress: Finding a DoS vulnerability in Rails 5 WebSockets Apps

In this article we will show you how Rails 5.0.0 ActionCable applications on Puma, the new default Rails app server, might be exposed to denial of service by slow clients. We will be using the OS X network shaping tools to simulate an attack, revealing the vulnerability.

In our previous ActionCable article we talked about how we stress tested ActionCable and found and solved a couple of issues. Those issues have since been fixed and the fixes have been merged into Rails. In this article we report on another issue that we have found as a result of our stress testing efforts.

A fix for the issue we found was merged into Rails a couple of months ago and was recently released as part of Rails 5.0.1. Passenger users have never been affected by this issue.

What are slow clients and how can they cause Denial of Service?

The next few paragraphs will explain the basic theory and implications of slow clients. If you are already familiar with the slow client problem and how it is mitigated you can skip this section and scroll down to "Testing whether ActionCable is protected against slow clients". In that section we explain how we simulated an attack against Rails on both Puma and Passenger and found that applications on just Puma are vulnerable to DoS by slow clients.

The theory behind slow clients

ActionCable under stress: Finding a DoS vulnerability in Rails 5 WebSockets Apps

Slow clients are users of your web application that are on an internet connection that has low bandwidth. They might be connecting with their cell phone, or from a remote location or from an area that simply has bad internet connectivity. They might also be malicious attackers who deliberately limit their bandwidth to bring down your application.

There are two aspects of slow clients that can block your application. Both have to be dealt with in order to ensure reliable service; not just to the slow clients, but to all users of your application, slow or fast. Slow clients send their data slowly, and they receive their data slowly.

This means that in a naively written web application a thread or process that is servicing a request might spend seconds or even minutes receiving data, before it even has a chance to perform business logic or query a database. Then when it has finished building its response it might spend seconds or minutes again sending that response to the client.

Practical impact of slow clients

ActionCable under stress: Finding a DoS vulnerability in Rails 5 WebSockets Apps

Most Ruby application servers utilize a synchronous request/response I/O model with multiple worker processes and/or worker threads, so they are (partially) susceptible to this issue.

A worst-case scenario looks like this: imagine that your application server is configured to have 100 worker processes, designed to process thousands of requests per second. Now imagine a single attacker. Sending just a hundred severely bandwidth limited requests. As each of your 100 worker processes encounters a request from the attacker it is delayed for minutes, causing other requests to queue up.

Eventually all your processes will be busy taking minutes servicing just a single attacker request, and tens of thousands requests are queued up or dropped. A more persistent attacker might delay your application indefinitely using only minimal resources.

Threads mitigate this problem somewhat, as they are much less costly than processes, and so you can have more of them, but the basic problem still remains. The attacker will simply have to perform more of those cheap slow requests.

Mitigation via evented I/O buffering system

ActionCable under stress: Finding a DoS vulnerability in Rails 5 WebSockets Apps

In practice, Ruby application servers are already well-protected against slow clients on the receiving side by using an evented I/O buffering system that can handle a much larger I/O concurrency.

How do various Ruby application servers utilize an evented I/O buffering system?

  • Unicorn is typically deployed together with Nginx. Nginx uses evented I/O and acts a buffering reverse proxy. It protects against both slowly-sending and slowly-receiving clients.
  • Puma has a built-in evented I/O multiplexer which protects itself against slowly-sending clients. It does not protect against slowly-receiving clients, so in production deployments it is recommended to put Puma behind Nginx.
  • Passenger has a built-in evented I/O buffering system and automatically protects against slowly-sending and slowly-receiving clients, with and without Nginx.

The special problem of traditional slow client mitigation in combination with WebSockets

Nginx as a buffering reverse proxy has one weakness: it must receive the entire request from the client before it forwards the request to the application, and it must receive the entire response from the application before it sends any data to the client. This is normally not a problem, but it is a problem in combination with WebSockets. WebSocket frames must be immediately received from and sent to the client; otherwise it defeats the purpose of WebSockets.

This means that in order to make WebSockets (and ActionCable, which is based on WebSockets) work, Nginx’s I/O buffering system -- and thus slow client protection by Nginx -- must be disabled. ActionCable tries to mitigate this problem somewhat by providing its own evented I/O multiplexer for incoming WebSocket data. This means that ActionCable protects against slowly-sending WebSocket clients, but not against slowly-receiving WebSocket clients.

In the next sections we’ll provide a practical example of this problem. We will also show that Passenger does not suffer from this problem at all because it is capable of buffering I/O and immediately sending data to clients. Thus Passenger is capable of protecting the application against slowly-receiving and slowly-sending WebSocket clients.

Testing whether ActionCable is protected against slow clients

With the theory out of the way it is time to move on to the practical consequences. To ascertain whether a Rails application might be vulnerable to slow client attacks we have built a small application that sends a steady stream of data to any connected clients using ActionCable.

ActionCable under stress: Finding a DoS vulnerability in Rails 5 WebSockets Apps

Running this application and connecting four clients will result in the above image. Each of the clients reports their current delay. On an old MacBook that is about 10 milliseconds on average. Note that this delay includes some things like rendering and parsing the JSON objects, which are quite large for the purposes of this test, a normal application will have much smaller response times.

As we have established that the application is functioning correctly we can move on to the test conditions. To establish that there is a slow client problem we introduce a slow client and observe the response times in the other (fast) clients. If they remain the same or are minimally impacted we have not shown a problem. If they change and are significantly impacted we can conclude there is in fact a slow client problem.

Shaping network traffic on OS X

Since we do not have a 56k modem lying around and internet connections in The Netherlands are “unfortunately" very fast, we will have to simulate the network conditions of the slow client. Most modern operating systems come with tools for this, on OS X we can use pf.

First, we have to see whether pf is currently enabled by running:

sudo pfctl -s  

If it is not then it can be enabled by running:

sudo pfctl -e  

The next step is to create a dummynet like so:

(cat /etc/pf.conf && echo "dummynet-anchor \"mop\"" && echo "anchor \"mop\"") | sudo pfctl -f -

This extends the existing /etc/pf.conf with the dummynet and then instructs pf to use that configuration. If at any time you want to roll back to the original configuration you can issue the following two commands:

sudo dnctl flush  
sudo pfctl -f /etc/pf.conf  

Then we find out which connection we would like to throttle. In this example the clients are 4 instances of Chrome connected to our web server at port 3000, so we issue the following command to find out their outgoing port number:

sudo lsof -i -n -P | grep TCP | grep 3000  

This yields the port numbers we need, we pick one of them (in this example it is 58983) and insert that into the following instruction:

echo "dummynet in quick proto tcp from any to any port 58983 pipe 1" | sudo pfctl -a mop -f -  

Now all data from that port is routed through the dummy network. The last step is to reduce the flow of traffic:

sudo dnctl pipe 1 config bw 56kbit/s  

The effect should be immediate for the affected client, its delay should rise to multiple seconds.

Results

First we start the Rails application using the default server, which used to be WEBrick but is now the more production suitable Puma web server, like so:

./bin/rails s

Introduction of the slow client did not only result in an increased delay in that client but also in all of its peers. This means that it is vulnerable to the slow client problem, and as such is not suitable for exposing WebSockets directly to the internet without a protective reverse proxy. Unfortunately the most recommended reverse proxy, Nginx, does not offer this protection, as explained under “The special problem of traditional slow client mitigation in combination with WebSockets".

Starting the Rails application using Passenger and introducing a slow client does not result in a situation where all clients are affected by that slow client. This means that exposing a Passenger web server to the internet is safe in this regard, even without a buffering reverse proxy.

How Passenger deals with slow clients

To deal with slow clients Passenger puts a buffer between the application and the network. The buffer accepts data from the application immediately, storing it in memory or on the disk if the client can not receive the data fast enough. This enables the application to function as if it has a super fast client.

Because Passenger has an internal evented I/O architecture it does not have to dedicate threads or processes to the data streams filling these buffers. That means there's little overhead per connection allowing it to deal with many slow clients without a problem. Additionally while Passenger buffers it also sends the data to the client immediately so there is no delay perceived by the client.

Conclusion

We conducted an experiment by building a small demo application; and by using network traffic shaping, simulated the effects of slow clients the reliability of an ActionCable server. As a result of this experiment we concluded that an ActionCable application served by Puma is at risk of denial-of-service by slow clients that take up costly worker processes and threads.

The same application served by Passenger is not affected by slow clients as Passenger buffers outgoing data. Using Nginx as a reverse proxy in front of Puma does not solve this problem as Nginx’s buffering system is not compatible with WebSockets.

The issue was reported to the Puma and Rails teams, who responded by building a response buffer into Rails. This patch was merged and was recently released with Rails 5.0.1.

ActionCable under stress: Finding a DoS vulnerability in Rails 5 WebSockets Apps

Passenger ensures that your Ruby, Python, Node.js and Meteor apps, microservices, and APIs are served with outstanding reliability, performance and control. For additional features and premium support, check out the enterprise edition.

ActionCable under stress: Finding a DoS vulnerability in Rails 5 WebSockets Apps

Union Station is Phusion's brand new take on Passenger application monitoring and analytics. Union Station aims to help you easily find performance bottlenecks and errors in your application and to help you fix them. Sign up for a free trial today!


Ruby on Rails News

[ANN] Rails 5.0.1 has been released!

Hi everyone,

I am happy to announce that Rails 5.0.1 has been released.

CHANGES since 5.0.0

To view the changes for each gem, please read the changelogs on GitHub:

  • Action Cable CHANGELOG
  • Action Mailer CHANGELOG
  • Action Pack CHANGELOG
  • Action View CHANGELOG
  • Active Job CHANGELOG
  • Active Model CHANGELOG

Hi everyone,

I am happy to announce that Rails 5.0.1 has been released.

CHANGES since 5.0.0

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-1

If you’d like to verify that your gem is the same as the one I’ve uploaded, please use these SHA-1 hashes.

Here are the checksums for 5.0.1:

$ shasum *-5.0.1.gem
51a4112d989f9658c995ac0ef93a9d8dc9e7d1ff  actioncable-5.0.1.gem
839aa492e3d81568b9d5c4c9f2974a3964e12025  actionmailer-5.0.1.gem
240394cb1422317a6d2e4cfa057d2c5bf6c96c5a  actionpack-5.0.1.gem
c52c66c8c6a7f8af8e4912a9e4d1711eb8f8daff  actionview-5.0.1.gem
223ff0c1235c6d139707b623790eb00b39ef6c84  activejob-5.0.1.gem
9aeabd9d02f982c010bd59c3db9774d95494177b  activemodel-5.0.1.gem
ad285d6723c2d51df852b372b20b4f8a061ccbf6  activerecord-5.0.1.gem
5c546eca785ea25624b5a80f0304fbac9f2efe44  activesupport-5.0.1.gem
f9c5beee8106f3266937248058f676a7d0d8b44e  rails-5.0.1.gem
a8c264bccbad342e8e781a3fffab98466f3e4852  railties-5.0.1.gem

As always, huge thanks to the many contributors who helped with this release.

Tuesday, 20. December 2016

JetBrains RubyMine News

RubyMine 2016.3.1: Bug-Fix Update

Hi everyone, RubyMine 2016.3.1 is now released and available for download from our website. If you are running the earlier stable release, RubyMine 2016.3, you will soon be notified about the available patch-update. This update fixes several important bugs: Run … Continue reading →

Hi everyone,

RubyMine 2016.3.1 is now released and available for download from our website. If you are running the earlier stable release, RubyMine 2016.3, you will soon be notified about the available patch-update.

This update fixes several important bugs:

  • Run with Coverage works correctly on all operating systems.
  • Regained running RSpec tests within it..end blocks.
  • Fixed search by namespaced class name.
  • Fixed random freezes related to the Ruby UML Support Integration plugin.

This version also includes all bug-fixes from the RubyMine 2016.3.1 EAP announced earlier.

See our release notes for the full list of changes in RubyMine 2016.3.1.

We encourage you to share your thoughts in the comments section below, and submit any issues you encounter to our tracker. We’ll be glad to help!

Your RubyMine Team

Monday, 19. December 2016

Phusion News

Hired: Customer Success Manager

UPDATE: This position is filled and no longer available.

We are looking for an energetic, passionate and fun Customer Success Manager (full-time) to create and maintain stellar relationships with our customers. You will be mainly responsible for new Premium Support customer on-boarding, creating measurable retention and supporting our Enterprise customers.

Hired: Customer Success Manager

UPDATE: This position is filled and no longer available.

We are looking for an energetic, passionate and fun Customer Success Manager (full-time) to create and maintain stellar relationships with our customers. You will be mainly responsible for new Premium Support customer on-boarding, creating measurable retention and supporting our Enterprise customers. The ideal candidate will work remotely from Canada. In short, you’ll be the voice on behalf of Phusion to all of our clients around the globe!

Your main tasks will be as follows:

  • Maintain high levels of customer engagement and satisfaction with a focus on measurable retention
  • Maintain current and accurate account information and contact information within assigned customer database
  • Drive customer references, testimonial and case study completion
  • Follow up on surveys, compile responses, analyze results and draw conclusions to be presented to the team
  • Respond to customer’s account questions within agreed timeframe (either by phone, email, or support tickets)
  • Identify common customer challenges and proactively suggest better solutions.
  • Relay / escalate problems to engineering team in a joint effort to keep customers happy.
  • Execute and maintain Client Referral programs
  • Execute and maintain Client Affiliate programs
  • Effectively renew and maintain all assigned accounts with favorable terms and conditions
  • Travel to client offices across North America to meet and assess risks and evaluate opportunities to upsell.

Required qualifications & skills:

  • Bachelor’s degree or equivalent experience. 1-3 years experience providing Customer Success or equivalent history of increasing customer satisfaction and retention.
  • Excellent written and verbal business communication skills in English. Native, or near-native, proficiency is a must.
  • Detail-oriented and analytical.
  • Demonstrated ability to communicate and present, as well as to credibly and effectively influence all levels of the organization, including the executive and C-level.
  • Ability and willingness to travel throughout North-America.

The following aspects are highly appreciated:

  • Thriving in a multitasking environment and ability to adjust priorities on-the-fly.
  • A willingness to work on a flexible schedule (as most of our clients are based in the United States).
  • Work experience within the SaaS industry.
  • We are located in Amsterdam but embrace remote working and are seeking someone, ideally, located within Canada.

About Phusion

Phusion is a software company dedicated to making awesome Unix server tools to power the modern web. Click here for more info.

What does Phusion have to offer you?

  • A welcoming horizontal work environment with opportunities to grow both as a person and professionally
    • Want to go to an IT networking conference like TNW? We’ll send you!
    • Want to take a particular training course to become even better at your job? We’d like to support you here as well.
  • An opportunity to work directly with some of the most amazing Fortune 500 companies we are fortunate enough to call our customers.
  • Flexible office hours at our homebase within walking distance to Amsterdam Centraal.

Do you fit the profile and are you extremely self-motivated, fun to work with, and generally just a pretty awesome individual? WE WANT YOU! So, please send your resume along with a cover letter to jobs@phusion.nl and we will get back to you shortly.


We're Hiring: Web Designer

We’re looking for a passionate and creative Web Designer to assist us in designing marketing websites for our products, as well as assist us in designing UIs for the products themselves. More specifically, the job position requires you to translate business requirements and targets into enticing pieces of art

We're Hiring: Web Designer

We’re looking for a passionate and creative Web Designer to assist us in designing marketing websites for our products, as well as assist us in designing UIs for the products themselves. More specifically, the job position requires you to translate business requirements and targets into enticing pieces of art that not only look good, but are a joy to work with as well. To that end, deep knowledge of aesthetics, web technologies and user experience are paramount. The ideal candidate has enough experience, knowledge and skills to hit the ground running and enough of a funnybone to enjoy Friday drinks with us.

Your main tasks will be as follows:

  • Tell a product story using design.
  • Translate our business requirements and targets to gorgeous marketing page designs.
  • Create UIs for our products in such a way that they end up being a joy to use.
  • Improve visitor-to-customer conversion with enticing web designs.
  • Conduct usability tests on our products and suggest / implement improvements.

Required qualifications, skills & traits:

  • A “can do” mentality, and works in a proactive manner: rather than waiting to be told what to do, you actively pursue telling us how things can be improved by providing mockups & reasoning.
  • Autonomous, but also comfortable working in multidisciplinary team environment.
  • Photoshop, Illustrator and Sketch are all second nature to you.
  • Able to cope with sprints, and as such, able to work in an effective and efficient manner.
  • Explores multiple concepts prior to settling on 1.
  • Familiar with current design paradigms and pride yourself in pushing the envelope when it comes to pursuing usability and aesthetics.
  • Take pride in your work, but are able to put business requirements above all else, even if it comes at the expense of throwing away something you’ve worked on for a while based on user feedback to “get it right”.
  • Believe that form follows function; you believe that usability should never lose out on “prettiness”.
  • A drive to keep learning new skills in an effort to expand their skillset.
  • Experience working on responsive designs for mobile and desktop (examples required).
  • Able to conduct usability testing via paper prototypes, mockups, clickthroughs etc...
  • Able to immerse themselves in domain specific knowledge; you believe that in order to be effective at designing a marketing page or UI for a product, you must first understand the product and its audience.
  • Strong understanding of designing with accessibility in mind, typography, color theory and composition.

The following aspects are highly appreciated:

  • Knowledge of HTML/CSS/JS and the ability to implement designs with the aforementioned technologies.
  • Ability to create and provide prototypes in Framer.js, Origami or equivalent software.
  • Knowledge of functional animation techniques to support UX.
  • Ability to conducting and evaluating A/B split testing.
  • Experience with writing copy.
  • Experience designing for print.

About Phusion

Phusion is a software company dedicated to making awesome Unix server tools to power the modern web. Click here for more info.

What does Phusion have to offer you?

  • A welcoming horizontal work environment with opportunities to grow both as a person and professionally
    • Want to go to an IT networking conference like TNW? We’ll send you!
    • Want to take a particular training course to become even better at your job? We’d like to support you here as well.
  • An opportunity to work directly with some of the most amazing Fortune 500 companies we are fortunate enough to call our customers.
  • Flexible office hours at our homebase within walking distance to Amsterdam Centraal.
  • Some of the best work hardware to allow you to perform your tasks quickly and efficiently; love Apple and want to work on a Macbook? Done deal. Prefer to work with Windows instead? We’ve got you too!

Do you think you’ve got the chops for this position? Are you also extremely self-motivated, fun to work with, and generally a pretty awesome individual? Then WE WANT YOU! Please send your résumé, cover letter, and portfolio to jobs@phusion.nl and we’ll get back to you shortly.

Monday, 12. December 2016

Ruby Lang News

Ruby 2.4.0-rc1 Released

We are pleased to announce the release of Ruby 2.4.0-rc1.

Ruby 2.4.0-rc1 is the first release candidate of Ruby 2.4.0. This rc1 is released to get feedback from the community. Feel free to send feedback since you can still fix the features.

Introduce hash table improvement (by Vladimir Makarov)

Improve the internal structure of hash table (st_table) by introducing open addressin

We are pleased to announce the release of Ruby 2.4.0-rc1.

Ruby 2.4.0-rc1 is the first release candidate of Ruby 2.4.0. This rc1 is released to get feedback from the community. Feel free to send feedback since you can still fix the features.

Introduce hash table improvement (by Vladimir Makarov)

Improve the internal structure of hash table (st_table) by introducing open addressing and an inclusion order array. This improvement has been discussed with many people, especially with Yura Sokolov.

Binding#irb: Start a REPL session similar to binding.pry

While you are debugging, you may often use p to see the value of variables. With pry you can use binding.pry in your application to launch a REPL and run any Ruby code. r56624 introduces binding.irb which behaves like that with irb.

Unify Fixnum and Bignum into Integer

Though ISO/IEC 30170:2012 doesn’t specify details of the Integer class, Ruby had two visible Integer classes: Fixnum and Bignum. Ruby 2.4 unifies them into Integer. All C extensions which touch the Fixnum or Bignum class need to be fixed.

See also the ticket and akr’s slides.

String supports Unicode case mappings

String/Symbol#upcase/downcase/swapcase/capitalize(!) now handle Unicode case mappings instead of only ASCII case mappings.

Performance improvements

Ruby 2.4 also contains the following performance improvements including language changes:

Array#max, Array#min

[x, y].max and [x, y].min are optimized to not create a temporary array under certain conditions.

Regexp#match?

Added Regexp#match?, which executes a regexp match without creating a back reference object and changing $~ to reduce object allocation.

Other performance improvements

Debugging

Thread#report_on_exception and Thread.report_on_exception

Ruby ignores exceptions in threads unless another thread explicitly joins them. With report_on_exception = true, you can notice if a thread has died due to an unhandled exception.

Send us feedback what should be the default for report_on_exception and about report-on-GC, which shows a report when a thread is garbage collected without join.

Thread deadlock detection now shows threads with their backtrace and dependency

Ruby has deadlock detection around waiting threads, but its report doesn’t include enough information for debugging. Ruby 2.4’s deadlock detection shows threads with their backtrace and dependent threads.

Try and enjoy programming with Ruby 2.4.0-rc1, and send us feedback!

Other notable changes since 2.3

  • Support OpenSSL 1.1.0 (drop support for 0.9.7 or prior)
  • ext/tk is now removed from stdlib Feature #8539
  • XMLRPC is now removed from stdlib Feature #12160

See NEWS or commit logs for details.

With those changes, 2519 files changed, 288606 insertions(+), 83896 deletions(-) since Ruby 2.3.0!

Download

  • https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.0-rc1.tar.bz2

    SIZE:   12512729 bytes
    SHA1:   a0439652a97a2406b691e8a1e586e2cf08c258ba
    SHA256: 3b156b20f9df0dd62cbeeb8e57e66ea872d2a5b55fabdef1889650122bcc2ea7
    SHA512: b43902ac7794487197df55a45256819d2e7540b77f1ed4eb68def3e0473ee98860a400862075bafadbde74f242e1dfe36a18cd6fe05ac42aae1ea6dddc9978ce
    
  • https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.0-rc1.tar.gz

    SIZE:   14098505 bytes
    SHA1:   6b242f9ec7b908c9aa26e497440684ba06d86927
    SHA256: e41ada7650eed2a5800534d1201ba7c88f1627085659df994f47ab4c5e327745
    SHA512: 26d3c60483ce2d6eaabd7077085102fad6633f18cf5d772bacf6f563670030cb7bba22d54d8b7dfa5eac8b52990371c4a6ad1c095dff6f6b3a7bbe1a8ffb3754
    
  • https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.0-rc1.tar.xz

    SIZE:   9930088 bytes
    SHA1:   7c404e8bec9859f708927f7203d4f42187e678b7
    SHA256: 3f014b3186d10676da6c512d14c65db23ccc4bf200fed9d7c6f9a58fd1e3295b
    SHA512: 22e209e28da1f2394f50c0a7dd5d0d4d4c0c5a6b5b0b02260fad0267a0940b98f0e2b0f36a44f87d1612555cb3022f43cd136a5186c7f87650aa20264408d415
    
  • https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.0-rc1.zip

    SIZE:   15785968 bytes
    SHA1:   7d82386434ccbb1701f2995286bf29c8b9179e01
    SHA256: 14e6910e36618cddffeb22bad5f1052f907dc31ec93d4aa945bca0905d8a52c4
    SHA512: 5dd89320d429e5bd5faf3709be7e5b70f7355304d6324d7ac13a69187e5f1446ad5988c8186bc33f4fea8934288294f9d16fea173f39b2b39967746c4b03d1d4
    

Release Comment

See also the release schedule and other information:

ReleaseEngineering24

Posted by naruse on 12 Dec 2016

pluto.models/1.4.0, feed.parser/1.0.0, feed.filter/1.1.1 - Ruby/2.0.0 (2014-11-13/x86_64-linux) on Rails/4.2.0 (production)