Hey folks. Sorry for the multiple releases in such a short time span, but the security fixes released yesterday seem to have broken people's applications. I am not happy about that.
I've pushed a 3.0.9.rc1. Please test it against your application against this release candidate and report any regressions to the [rails core mailing list](http://groups.google.com/group/rubyonrails-core ). I would like to hear your feedback, good or bad.
I will release the final in 72hours if there are no reported regressions. If there are reported regressions, I will release another RC and the clock will start over.
## How to test
Update your Gemfile to point at Rails version 3.0.9.rc1, then do a `bundle update` and test out your application.
## CHANGES
Here are some of the major changes:
* MemCacheStore works with Ruby 1.9 and -Ku
* `mailto` SafeBuffer fixes
* `escape_javascript` SafeBuffer fixes
For an exaustive list, please check out the commits on [github](Comparing v3.0.8...v3.0.9.rc1 · rails/rails · GitHub ).
Thanks for your patience everyone!
<3 <3 <3
escape_javascript still doesn’t work like it has in previous versions.
You can see how it’s expected to work & what it outputs here: Twitpic
The code is here: http://bit.ly/leww2A
An upgrade to Haml 3.1.2 was also necessary for the new SafeBuffer changes.
Jesse
sikachu
June 9, 2011, 12:18am
3
Let me check. There wasn’t really anybody tainted to the function or making it not html_safe, except just changing regular expression term.
Mind open an issue?
If you’re using js views and partial html replacements, Rails 3.0.8
was totally broken. Right after the 3.0.8 release, 3.0.9rc1 was
released which partially addresses the problem. But, after upgrading,
you have to wrap every escape_javascript call with raw() if you want
your javascript to replace HTML. This was absolutely _not_ the case
with 3.0.7.
So, escape_javascript('<img src="lolcat.jpg" />') becomes
raw(escape_javascript('<img src="lolcat.jpg" />')).
Awesome. Thank you very much!
Greg3
June 9, 2011, 2:06am
7
Sorry about the breakage. We'll fix the problem and release another
release candidate.
Rails 3.0.8 and 3.0.9.rc1 breaks render :inline too
render :inline => raw @content
No longer functions anymore with either version.
Full trace:
activesupport (3.0.9.rc1) lib/active_support/core_ext/string/
output_safety.rb:122:in `sub!'
actionpack (3.0.9.rc1) lib/action_view/template.rb:198:in `compile'
actionpack (3.0.9.rc1) lib/action_view/template.rb:134:in `block in
render'
activesupport (3.0.9.rc1) lib/active_support/notifications.rb:54:in
`instrument'
actionpack (3.0.9.rc1) lib/action_view/template.rb:127:in `render'
actionpack (3.0.9.rc1) lib/action_view/render/rendering.rb:59:in
`block in _render_template'
activesupport (3.0.9.rc1) lib/active_support/notifications.rb:52:in
`block in instrument'
activesupport (3.0.9.rc1) lib/active_support/notifications/
instrumenter.rb:21:in `instrument'
activesupport (3.0.9.rc1) lib/active_support/notifications.rb:52:in
`instrument'
actionpack (3.0.9.rc1) lib/action_view/render/rendering.rb:56:in
`_render_template'
actionpack (3.0.9.rc1) lib/action_view/render/rendering.rb:26:in
`render'
app/views/pages/show.html.erb:1:in
`_app_views_pages_show_html_erb__2904213535306082214_17246046540__3583876390624022854'
actionpack (3.0.9.rc1) lib/action_view/template.rb:135:in `block in
render'
activesupport (3.0.9.rc1) lib/active_support/notifications.rb:54:in
`instrument'
actionpack (3.0.9.rc1) lib/action_view/template.rb:127:in `render'
actionpack (3.0.9.rc1) lib/action_view/render/rendering.rb:59:in
`block in _render_template'
activesupport (3.0.9.rc1) lib/active_support/notifications.rb:52:in
`block in instrument'
activesupport (3.0.9.rc1) lib/active_support/notifications/
instrumenter.rb:21:in `instrument'
activesupport (3.0.9.rc1) lib/active_support/notifications.rb:52:in
`instrument'
actionpack (3.0.9.rc1) lib/action_view/render/rendering.rb:56:in
`_render_template'
actionpack (3.0.9.rc1) lib/action_view/render/rendering.rb:26:in
`render'
actionpack (3.0.9.rc1) lib/abstract_controller/rendering.rb:115:in
`_render_template'
actionpack (3.0.9.rc1) lib/abstract_controller/rendering.rb:109:in
`render_to_body'
actionpack (3.0.9.rc1) lib/action_controller/metal/renderers.rb:47:in
`render_to_body'
actionpack (3.0.9.rc1) lib/action_controller/metal/compatibility.rb:
55:in `render_to_body'
actionpack (3.0.9.rc1) lib/abstract_controller/rendering.rb:102:in
`render_to_string'
actionpack (3.0.9.rc1) lib/abstract_controller/rendering.rb:93:in
`render'
actionpack (3.0.9.rc1) lib/action_controller/metal/rendering.rb:17:in
`render'
actionpack (3.0.9.rc1) lib/action_controller/metal/instrumentation.rb:
40:in `block (2 levels) in render'
activesupport (3.0.9.rc1) lib/active_support/core_ext/benchmark.rb:
5:in `block in ms'
/home/ted/.rvm/rubies/ruby-1.9.2-p180/lib/ruby/1.9.1/benchmark.rb:
309:in `realtime'
activesupport (3.0.9.rc1) lib/active_support/core_ext/benchmark.rb:
5:in `ms'
actionpack (3.0.9.rc1) lib/action_controller/metal/instrumentation.rb:
40:in `block in render'
actionpack (3.0.9.rc1) lib/action_controller/metal/instrumentation.rb:
78:in `cleanup_view_runtime'
dm-rails (1.1.0) lib/dm-rails/railties/controller_runtime.rb:19:in
`cleanup_view_runtime'
actionpack (3.0.9.rc1) lib/action_controller/metal/instrumentation.rb:
39:in `render'
app/controllers/pages_controller.rb:30:in `show_url'
actionpack (3.0.9.rc1) lib/action_controller/metal/implicit_render.rb:
4:in `send_action'
actionpack (3.0.9.rc1) lib/abstract_controller/base.rb:150:in
`process_action'
actionpack (3.0.9.rc1) lib/action_controller/metal/rendering.rb:11:in
`process_action'
actionpack (3.0.9.rc1) lib/abstract_controller/callbacks.rb:18:in
`block in process_action'
activesupport (3.0.9.rc1) lib/active_support/callbacks.rb:451:in
`_run__1595386109040248870__process_action__3313148932168942018__callbacks'
activesupport (3.0.9.rc1) lib/active_support/callbacks.rb:410:in
`_run_process_action_callbacks'
activesupport (3.0.9.rc1) lib/active_support/callbacks.rb:94:in
`run_callbacks'
actionpack (3.0.9.rc1) lib/abstract_controller/callbacks.rb:17:in
`process_action'
actionpack (3.0.9.rc1) lib/action_controller/metal/instrumentation.rb:
30:in `block in process_action'
activesupport (3.0.9.rc1) lib/active_support/notifications.rb:52:in
`block in instrument'
activesupport (3.0.9.rc1) lib/active_support/notifications/
instrumenter.rb:21:in `instrument'
activesupport (3.0.9.rc1) lib/active_support/notifications.rb:52:in
`instrument'
actionpack (3.0.9.rc1) lib/action_controller/metal/instrumentation.rb:
29:in `process_action'
actionpack (3.0.9.rc1) lib/action_controller/metal/rescue.rb:17:in
`process_action'
actionpack (3.0.9.rc1) lib/abstract_controller/base.rb:119:in
`process'
actionpack (3.0.9.rc1) lib/abstract_controller/rendering.rb:41:in
`process'
actionpack (3.0.9.rc1) lib/action_controller/metal.rb:138:in
`dispatch'
actionpack (3.0.9.rc1) lib/action_controller/metal/rack_delegation.rb:
14:in `dispatch'
actionpack (3.0.9.rc1) lib/action_controller/metal.rb:178:in `block in
action'
actionpack (3.0.9.rc1) lib/action_dispatch/routing/route_set.rb:62:in
`call'
actionpack (3.0.9.rc1) lib/action_dispatch/routing/route_set.rb:62:in
`dispatch'
actionpack (3.0.9.rc1) lib/action_dispatch/routing/route_set.rb:27:in
`call'
rack-mount (0.6.14) lib/rack/mount/route_set.rb:148:in `block in call'
rack-mount (0.6.14) lib/rack/mount/code_generation.rb:93:in `block in
recognize'
rack-mount (0.6.14) lib/rack/mount/code_generation.rb:68:in
`optimized_each'
rack-mount (0.6.14) lib/rack/mount/code_generation.rb:92:in
`recognize'
rack-mount (0.6.14) lib/rack/mount/route_set.rb:139:in `call'
actionpack (3.0.9.rc1) lib/action_dispatch/routing/route_set.rb:493:in
`call'
actionpack (3.0.9.rc1) lib/action_dispatch/middleware/
best_standards_support.rb:17:in `call'
actionpack (3.0.9.rc1) lib/action_dispatch/middleware/head.rb:14:in
`call'
rack (1.2.3) lib/rack/methodoverride.rb:24:in `call'
actionpack (3.0.9.rc1) lib/action_dispatch/middleware/params_parser.rb:
21:in `call'
actionpack (3.0.9.rc1) lib/action_dispatch/middleware/flash.rb:182:in
`call'
actionpack (3.0.9.rc1) lib/action_dispatch/middleware/session/
abstract_store.rb:149:in `call'
actionpack (3.0.9.rc1) lib/action_dispatch/middleware/cookies.rb:
302:in `call'
actionpack (3.0.9.rc1) lib/action_dispatch/middleware/callbacks.rb:
46:in `block in call'
activesupport (3.0.9.rc1) lib/active_support/callbacks.rb:416:in
`_run_call_callbacks'
actionpack (3.0.9.rc1) lib/action_dispatch/middleware/callbacks.rb:
44:in `call'
rack (1.2.3) lib/rack/sendfile.rb:107:in `call'
actionpack (3.0.9.rc1) lib/action_dispatch/middleware/remote_ip.rb:
48:in `call'
actionpack (3.0.9.rc1) lib/action_dispatch/middleware/
show_exceptions.rb:47:in `call'
railties (3.0.9.rc1) lib/rails/rack/logger.rb:13:in `call'
rack (1.2.3) lib/rack/runtime.rb:17:in `call'
activesupport (3.0.9.rc1) lib/active_support/cache/strategy/
local_cache.rb:72:in `call'
rack (1.2.3) lib/rack/lock.rb:11:in `block in call'
<internal:prelude>:10:in `synchronize'
rack (1.2.3) lib/rack/lock.rb:11:in `call'
actionpack (3.0.9.rc1) lib/action_dispatch/middleware/static.rb:30:in
`call'
railties (3.0.9.rc1) lib/rails/application.rb:168:in `call'
railties (3.0.9.rc1) lib/rails/application.rb:77:in `method_missing'
railties (3.0.9.rc1) lib/rails/rack/log_tailer.rb:14:in `call'
rack (1.2.3) lib/rack/content_length.rb:13:in `call'
rack (1.2.3) lib/rack/handler/webrick.rb:52:in `service'
/home/ted/.rvm/rubies/ruby-1.9.2-p180/lib/ruby/1.9.1/webrick/
httpserver.rb:111:in `service'
/home/ted/.rvm/rubies/ruby-1.9.2-p180/lib/ruby/1.9.1/webrick/
httpserver.rb:70:in `run'
/home/ted/.rvm/rubies/ruby-1.9.2-p180/lib/ruby/1.9.1/webrick/server.rb:
183:in `block in start_thread'
sikachu
June 10, 2011, 12:42am
10
Still broken in rails 3.0.9.rc3
https://github.com/rails/rails/issues/1633 - I hope I did this well enough.