Rails adds :strict option to the default SQLite database.yml file

SQLite can be configured to be strict to circumvent some of its quirks. Rails can now specify this in the default database.yml file.

Rails now validates options used in migration functions

Previously erroneous options were silently ignored in migration functions such as "create_table" or "add_column", now they raise an error.

Rails now allows specifying the HTTP status code in assert_redirected_to

The assertion statement previous was only able to assert that the request was redirected, but not the status code.

Rails adds source attribute to its ErrorReporting API

Subscribers can now filter error reports based on source, making it easier to ignore internal errors or focus on specific errors.

Rails raises exception when config.active_storage.service is not explicitly set

Developers are no longer presented vague errors when config.active_storage.service is not set. Instead a clear exception is raised.

Rails now supports infinite range options in LengthValidators

Models that need to be validated for length can use infinite ranges in :in / :within options

Rails no longer produces false-positive query cache hits when querying with mutable bound parameters

ActiveRecord now dups and freezes complex types when making query attributes which prevents false-positive query cache hits.

Rails now allows EML files to be downloaded from the email preview

An option to download .eml files directly from the browser when using the email preview feature will now be available in Rails 7.0.

Rails improves the "in_order_of" querying method

The query that previously only used to allow symbolic column names, now handles string values.

How to enable Rails CSRF Protection?

Let’s find out what cross-site request forgery (CSRF) is, how it works in Rails, and understand how we can prevent CSRF vulnerabilities.