Friday, November 1, 2024

Default Regexp.timeout and more!

Posted by Greg

Hi, it’s Greg. Let’s explore this week’s changes in the Rails codebase.

Cast query_cache value when using URL configuration for Active Record
When configuring the Active Record connection with DATABASE_URL, due to not casting the value to an integer, the query cache was not set to the given value. This pull request fixes this issue.

Default Regexp.timeout to 1s
This pull requests sets Regexp.timeout to 1 second by default to improve security over Regexp Denial-of-Service attacks. If a timeout was already configured in the application, Rails won’t override it.

Authenticate the Action Cable connection too
The new authentication generator will add authentication to Action Cable too now.

Expand documentation of .attributes_for_inspect
This pull request adds more documentation to the .attributes_for_inspect method of Active Record.

Fix bundle install for vendored gems
This change fixes an issue with the generated Dockerfile to copy the vendor folder to the image, otherwise vendored gems threw an error due to not being on the filesystem.

Improve accessibility of Rails Guides
The accessibility of the Rails Guides is improved further. There are quite a bit of changes, read the description for all the details.

You can view the whole list of changes here. We had 33 contributors to the Rails codebase this past week!

Until next time!

Subscribe to get these updates mailed to you.