CVE-2022-39232 Discourse's older versions had an incomplete quote bug that could crash the browser in some cases.

Running rails console will show the logged output of the request method, allowing you to see the request and response sent by the server and app.

If you open the console and type in a quote, the console will show you an error like this:

Uninitialized constant App/Quote/Quote.html:1:in `send_json'

In most cases, this occurs when an incomplete quote is sent to the server. The fix is simple: just add the closing quote tag:

%# send_json(:message => 'Added ') %>

To prevent this from occurring in the future, the code has been updated to catch and prevent the crash.

If you encounter this issue starting with version 2.9.0.beta10, please create a ticket with the rails documentation.

The new way to build and deploy your Rails app

This new Rails release introduces a number of improvements to the process of building and deploying your applications. The most prominent change is the introduction of interactive console sessions for production application environments, which will allow developers to run commands on the server and see the results live.
This "console" session will be available in development, test and production environments and allow you to send requests directly to your Rails app's code. If you're not familiar with this feature, it's like running rails console:

% rails c
Which will open up an interactive session with your application's code. It can be helpful when trying to troubleshoot issues or debug a problem that seems difficult to locate. For example, if you're facing an issue with your app not starting up properly, rather than waiting for it to start working again by itself, you can type in commands in order to force it into working as intended while logged into your browser.
The other major improvement introduced in this release is Role Based Permissions control. This feature allows admins or groups of admins (admins are now called "managers" instead of "privileged users") to manage who has access and permission levels for different roles on different models within their system. They can set permissions on individual models or set them globally for all models within the system - so that any model created after the initial deployment would inherit those settings automatically when they become available. You still have full flexibility from within Active Record's User class:

2.9.0 Beta 4 - 14 December 2016

This is a major release, so please consider updating your application. We've updated the gem to the latest version and added the following changes:
- Adds support for Rails 5.2
- Enables config.cache_classes in config/environments/production.rb
- Updates rails console to show response body after redirecting by routing keys

Breaking Changes

There are a few breaking changes that have been made in the release of 2.9.0.beta10 that should be noted:

- The behavior for a form_for without a block and no :url has changed to instead render a form with an error message at the top of the page. This makes it easier to catch this case when you're using forms in your views and controllers.

3

Common Errors Users Make with Rails Console

There are 3 common errors users make with rails console:
#1 - Using quotes when they shouldn't be using quotes:
This is often caused by the user forgetting to end their line of code with a ")" or forgetting to type in a closing quote. The fix is simple: just add the closing quote tag:
%# send_json(:message => 'Added ') %>
#2 - Running a command with the wrong application name:
If you forget to specify an app name, you'll see this error:
Error in require 'rails/test_unit' (Errno::ENOENT): No such file or directory - /Users/jessie/.rvm/gems/ruby-2.4.0-preview3/gems/rails-test_unit-1.13.1/lib/rails/test_unit/.bundle
The fix here is to run rails console, then reload your browser window and try again. Once you've logged back in, try running the command again and verify that it works correctly this time around.   #3 - Using invalid characters when trying to pass a custom JSON field into a route helper:

Ruby on Rails Caching Issues

Since the release of Ruby on Rails 2.0, several caching issues have been reported. This includes a bug in Rails 2.3 that causes an infinite loop if your cache is set to expire too often and the App/Logger class not being able to purge entries properly.
The fix for the App/Logger issue is simple: just add the singleton methods to app_controller and app/controllers/application_controller .
If you encounter this issue starting with version 2.9.0, please create a ticket with the rails documentation.

Timeline

Published on: 09/29/2022 21:15:00 UTC
Last modified on: 10/05/2022 15:43:00 UTC

References