upgrading_ruby_on_rails.html

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <title>Upgrading Ruby on Rails — Ruby on Rails Guides</title>
  <link rel="stylesheet" type="text/css" href="stylesheets/style.css" data-turbolinks-track="reload">
  <link rel="stylesheet" type="text/css" href="stylesheets/print.css" media="print">
  <link rel="stylesheet" type="text/css" href="stylesheets/syntaxhighlighter/shCore.css" data-turbolinks-track="reload">
  <link rel="stylesheet" type="text/css" href="stylesheets/syntaxhighlighter/shThemeRailsGuides.css" data-turbolinks-track="reload">
  <link rel="stylesheet" type="text/css" href="stylesheets/fixes.css" data-turbolinks-track="reload">
  <link href="images/favicon.ico" rel="shortcut icon" type="image/x-icon" />
  <script src="javascripts/syntaxhighlighter.js" data-turbolinks-track="reload"></script>
  <script src="javascripts/turbolinks.js" data-turbolinks-track="reload"></script>
  <script src="javascripts/guides.js" data-turbolinks-track="reload"></script>
  <script src="javascripts/responsive-tables.js" data-turbolinks-track="reload"></script>
</head>
<body class="guide">
  <div>
    <img src="images/edge_badge.png" alt="edge-badge" id="edge-badge" />
  </div>
  <div id="topNav">
    <div class="wrapper">
      <strong class="more-info-label">Veja mais em <a href="http://rubyonrails.org/">rubyonrails.org:</a> </strong>
      <span class="red-button more-info-button">
        Mais Ruby on Rails
      </span>
      <ul class="more-info-links s-hidden">
        <li class="more-info"><a href="https://weblog.rubyonrails.org/">Blog</a></li>
        <li class="more-info"><a href="https://guides.rubyonrails.org/">Guia</a></li>
        <li class="more-info"><a href="http://api.rubyonrails.org/">API</a></li>
        <li class="more-info"><a href="https://stackoverflow.com/questions/tagged/ruby-on-rails">Pedir ajuda</a></li>
        <li class="more-info"><a href="https://github.com/rails/rails">Contribuir no GitHub</a></li>
      </ul>
    </div>
  </div>
  <div id="header">
    <div class="wrapper clearfix">
      <h1><a href="index.html" title="Return to home page">Guides.rubyonrails.org</a></h1>
      <ul class="nav">
        <li><a class="nav-item" href="index.html">Home</a></li>
        <li class="guides-index guides-index-large">
          <a href="index.html" id="guidesMenu" class="guides-index-item nav-item">Guias</a>
          <div id="guides" class="clearfix" style="display: none;">
            <hr />
            <div class="guides-section-container">
                <div class="guides-section">
                  <dt>Comece Aqui</dt>
                </div>
                <div class="guides-section">
                  <dt>Models</dt>
                </div>
                <div class="guides-section">
                  <dt>Views</dt>
                </div>
                <div class="guides-section">
                  <dt>Controllers</dt>
                </div>
                <div class="guides-section">
                  <dt>Other Components</dt>
                </div>
                <div class="guides-section">
                  <dt>Digging Deeper</dt>
                </div>
                <div class="guides-section">
                  <dt>Extending Rails</dt>
                  <dd><a href="rails_on_rack.html">Rails on Rack</a></dd>
                  <dd><a href="generators.html">Creating and Customizing Rails Generators &amp; Templates</a></dd>
                </div>
                <div class="guides-section">
                  <dt>Contributions</dt>
                  <dd><a href="contributing_to_ruby_on_rails.html">Contributing to Ruby on Rails</a></dd>
                  <dd><a href="api_documentation_guidelines.html">API Documentation Guidelines</a></dd>
                  <dd><a href="ruby_on_rails_guides_guidelines.html">Guides Guidelines</a></dd>
                </div>
                <div class="guides-section">
                  <dt>Policies</dt>
                  <dd><a href="maintenance_policy.html">Maintenance Policy</a></dd>
                </div>
                <div class="guides-section">
                  <dt>Release Notes</dt>
                  <dd><a href="upgrading_ruby_on_rails.html">Upgrading Ruby on Rails</a></dd>
                  <dd><a href="5_2_release_notes.html">Version 5.2 - April 2018</a></dd>
                  <dd><a href="5_1_release_notes.html">Version 5.1 - April 2017</a></dd>
                  <dd><a href="5_0_release_notes.html">Version 5.0 - June 2016</a></dd>
                  <dd><a href="4_2_release_notes.html">Version 4.2 - December 2014</a></dd>
                  <dd><a href="4_1_release_notes.html">Version 4.1 - April 2014</a></dd>
                  <dd><a href="4_0_release_notes.html">Version 4.0 - June 2013</a></dd>
                  <dd><a href="3_2_release_notes.html">Version 3.2 - January 2012</a></dd>
                  <dd><a href="3_1_release_notes.html">Version 3.1 - August 2011</a></dd>
                  <dd><a href="3_0_release_notes.html">Version 3.0 - August 2010</a></dd>
                  <dd><a href="2_3_release_notes.html">Version 2.3 - March 2009</a></dd>
                  <dd><a href="2_2_release_notes.html">Version 2.2 - November 2008</a></dd>
                </div>
            </div>
          </div>
        </li>
        <li><a class="nav-item" href="contributing_to_ruby_on_rails.html">Contribua</a></li>
        <li class="guides-index guides-index-small">
          <select class="guides-index-item nav-item">
            <option value="index.html">Guias</option>
              <optgroup label="Comece Aqui">
              </optgroup>
              <optgroup label="Models">
              </optgroup>
              <optgroup label="Views">
              </optgroup>
              <optgroup label="Controllers">
              </optgroup>
              <optgroup label="Other Components">
              </optgroup>
              <optgroup label="Digging Deeper">
              </optgroup>
              <optgroup label="Extending Rails">
                  <option value="rails_on_rack.html">Rails on Rack</option>
                  <option value="generators.html">Creating and Customizing Rails Generators &amp; Templates</option>
              </optgroup>
              <optgroup label="Contributions">
                  <option value="contributing_to_ruby_on_rails.html">Contributing to Ruby on Rails</option>
                  <option value="api_documentation_guidelines.html">API Documentation Guidelines</option>
                  <option value="ruby_on_rails_guides_guidelines.html">Guides Guidelines</option>
              </optgroup>
              <optgroup label="Policies">
                  <option value="maintenance_policy.html">Maintenance Policy</option>
              </optgroup>
              <optgroup label="Release Notes">
                  <option value="upgrading_ruby_on_rails.html">Upgrading Ruby on Rails</option>
                  <option value="5_2_release_notes.html">Version 5.2 - April 2018</option>
                  <option value="5_1_release_notes.html">Version 5.1 - April 2017</option>
                  <option value="5_0_release_notes.html">Version 5.0 - June 2016</option>
                  <option value="4_2_release_notes.html">Version 4.2 - December 2014</option>
                  <option value="4_1_release_notes.html">Version 4.1 - April 2014</option>
                  <option value="4_0_release_notes.html">Version 4.0 - June 2013</option>
                  <option value="3_2_release_notes.html">Version 3.2 - January 2012</option>
                  <option value="3_1_release_notes.html">Version 3.1 - August 2011</option>
                  <option value="3_0_release_notes.html">Version 3.0 - August 2010</option>
                  <option value="2_3_release_notes.html">Version 2.3 - March 2009</option>
                  <option value="2_2_release_notes.html">Version 2.2 - November 2008</option>
              </optgroup>
          </select>
        </li>
      </ul>
    </div>
  </div>
  <hr class="hide" />

  <div id="feature">
    <div class="wrapper">
      <h2>Upgrading Ruby on Rails</h2><p>This guide provides steps to be followed when you upgrade your applications to a newer version of Ruby on Rails. These steps are also available in individual release guides.</p>

                <div id="subCol">
            <h3 class="chapter"><img src="images/chapters_icon.gif" alt="" />Chapters</h3>
            <ol class="chapters">
<li>
<a href="#general-advice">General Advice</a>

<ul>
<li><a href="#test-coverage">Test Coverage</a></li>
<li><a href="#the-upgrade-process">The Upgrade Process</a></li>
<li><a href="#ruby-versions">Ruby Versions</a></li>
<li><a href="#the-update-task">The Update Task</a></li>
<li><a href="#configure-framework-defaults">Configure Framework Defaults</a></li>
</ul>
</li>
<li>
<a href="#upgrading-from-rails-5-2-to-rails-6-0">Upgrading from Rails 5.2 to Rails 6.0</a>

<ul>
<li><a href="#force-ssl">Force SSL</a></li>
<li><a href="#purpose-in-signed-or-encrypted-cookie-is-now-embedded-in-the-cookies-values">Purpose in signed or encrypted cookie is now embedded in the cookies values</a></li>
</ul>
</li>
<li>
<a href="#upgrading-from-rails-5-1-to-rails-5-2">Upgrading from Rails 5.1 to Rails 5.2</a>

<ul>
<li><a href="#bootsnap">Bootsnap</a></li>
<li><a href="#expiry-in-signed-or-encrypted-cookie-is-now-embedded-in-the-cookies-values">Expiry in signed or encrypted cookie is now embedded in the cookies values</a></li>
</ul>
</li>
<li>
<a href="#upgrading-from-rails-5-0-to-rails-5-1">Upgrading from Rails 5.0 to Rails 5.1</a>

<ul>
<li><a href="#top-level-hashwithindifferentaccess-is-soft-deprecated">Top-level <code>HashWithIndifferentAccess</code> is soft-deprecated</a></li>
<li><a href="#application-secrets-now-loaded-with-all-keys-as-symbols"><code>application.secrets</code> now loaded with all keys as symbols</a></li>
</ul>
</li>
<li>
<a href="#upgrading-from-rails-4-2-to-rails-5-0">Upgrading from Rails 4.2 to Rails 5.0</a>

<ul>
<li><a href="#ruby-2-2-2-required">Ruby 2.2.2+ required</a></li>
<li><a href="#active-record-models-now-inherit-from-applicationrecord-by-default">Active Record Models Now Inherit from ApplicationRecord by Default</a></li>
<li><a href="#halting-callback-chains-via-throw-abort">Halting Callback Chains via <code>throw(:abort)</code></a></li>
<li><a href="#activejob-now-inherits-from-applicationjob-by-default">ActiveJob Now Inherits from ApplicationJob by Default</a></li>
<li><a href="#rails-controller-testing">Rails Controller Testing</a></li>
<li><a href="#autoloading-is-disabled-after-booting-in-the-production-environment">Autoloading is Disabled After Booting in the Production Environment</a></li>
<li><a href="#xml-serialization">XML Serialization</a></li>
<li><a href="#removed-support-for-legacy-mysql-database-adapter">Removed Support for Legacy <code>mysql</code> Database Adapter</a></li>
<li><a href="#removed-support-for-debugger">Removed Support for Debugger</a></li>
<li><a href="#use-rails-for-running-tasks-and-tests">Use <code>rails</code> for running tasks and tests</a></li>
<li><a href="#actioncontroller-parameters-no-longer-inherits-from-hashwithindifferentaccess"><code>ActionController::Parameters</code> No Longer Inherits from <code>HashWithIndifferentAccess</code></a></li>
<li><a href="#protect-from-forgery-now-defaults-to-prepend-false"><code>protect_from_forgery</code> Now Defaults to <code>prepend: false</code></a></li>
<li><a href="#default-template-handler-is-now-raw">Default Template Handler is Now RAW</a></li>
<li><a href="#added-wildcard-matching-for-template-dependencies">Added Wildcard Matching for Template Dependencies</a></li>
<li><a href="#actionview-helpers-recordtaghelper-moved-to-external-gem-record-tag-helper"><code>ActionView::Helpers::RecordTagHelper</code> moved to external gem (record_tag_helper)</a></li>
<li><a href="#removed-support-for-protected-attributes-gem">Removed Support for <code>protected_attributes</code> Gem</a></li>
<li><a href="#removed-support-for-activerecord-deprecated-finders-gem">Removed support for <code>activerecord-deprecated_finders</code> gem</a></li>
<li><a href="#activesupport-testcase-default-test-order-is-now-random"><code>ActiveSupport::TestCase</code> Default Test Order is Now Random</a></li>
<li><a href="#actioncontroller-live-became-a-concern"><code>ActionController::Live</code> became a <code>Concern</code></a></li>
<li><a href="#new-framework-defaults">New Framework Defaults</a></li>
<li><a href="#changes-with-json-jsonb-serialization">Changes with JSON/JSONB serialization</a></li>
</ul>
</li>
<li>
<a href="#upgrading-from-rails-4-1-to-rails-4-2">Upgrading from Rails 4.1 to Rails 4.2</a>

<ul>
<li><a href="#web-console">Web Console</a></li>
<li><a href="#responders">Responders</a></li>
<li><a href="#error-handling-in-transaction-callbacks">Error handling in transaction callbacks</a></li>
<li><a href="#ordering-of-test-cases">Ordering of test cases</a></li>
<li><a href="#serialized-attributes">Serialized attributes</a></li>
<li><a href="#production-log-level">Production log level</a></li>
<li><a href="#after-bundle-in-rails-templates"><code>after_bundle</code> in Rails templates</a></li>
<li><a href="#rails-html-sanitizer">Rails HTML Sanitizer</a></li>
<li><a href="#rails-dom-testing">Rails DOM Testing</a></li>
<li><a href="#masked-authenticity-tokens">Masked Authenticity Tokens</a></li>
<li><a href="#action-mailer">Action Mailer</a></li>
<li><a href="#foreign-key-support">Foreign Key Support</a></li>
</ul>
</li>
<li>
<a href="#upgrading-from-rails-4-0-to-rails-4-1">Upgrading from Rails 4.0 to Rails 4.1</a>

<ul>
<li><a href="#csrf-protection-from-remote-script-tags">CSRF protection from remote <code>&lt;script&gt;</code> tags</a></li>
<li><a href="#spring">Spring</a></li>
<li><a href="#config-secrets-yml"><code>config/secrets.yml</code></a></li>
<li><a href="#changes-to-test-helper">Changes to test helper</a></li>
<li><a href="#cookies-serializer">Cookies serializer</a></li>
<li><a href="#flash-structure-changes">Flash structure changes</a></li>
<li><a href="#changes-in-json-handling">Changes in JSON handling</a></li>
<li><a href="#usage-of-return-within-inline-callback-blocks">Usage of <code>return</code> within inline callback blocks</a></li>
<li><a href="#methods-defined-in-active-record-fixtures">Methods defined in Active Record fixtures</a></li>
<li><a href="#i18n-enforcing-available-locales">I18n enforcing available locales</a></li>
<li><a href="#mutator-methods-called-on-relation">Mutator methods called on Relation</a></li>
<li><a href="#changes-on-default-scopes">Changes on Default Scopes</a></li>
<li><a href="#rendering-content-from-string">Rendering content from string</a></li>
<li><a href="#postgresql-json-and-hstore-datatypes">PostgreSQL json and hstore datatypes</a></li>
<li><a href="#explicit-block-use-for-activesupport-callbacks">Explicit block use for <code>ActiveSupport::Callbacks</code></a></li>
</ul>
</li>
<li>
<a href="#upgrading-from-rails-3-2-to-rails-4-0">Upgrading from Rails 3.2 to Rails 4.0</a>

<ul>
<li><a href="#http-patch">HTTP PATCH</a></li>
<li><a href="#upgrading-from-rails-3-2-to-rails-4-0-gemfile">Gemfile</a></li>
<li><a href="#upgrading-from-rails-3-2-to-rails-4-0-vendor-plugins">vendor/plugins</a></li>
<li><a href="#upgrading-from-rails-3-2-to-rails-4-0-active-record">Active Record</a></li>
<li><a href="#active-resource">Active Resource</a></li>
<li><a href="#active-model">Active Model</a></li>
<li><a href="#action-pack">Action Pack</a></li>
<li><a href="#active-support">Active Support</a></li>
<li><a href="#helpers-loading-order">Helpers Loading Order</a></li>
<li><a href="#active-record-observer-and-action-controller-sweeper">Active Record Observer and Action Controller Sweeper</a></li>
<li><a href="#sprockets-rails">sprockets-rails</a></li>
<li><a href="#sass-rails">sass-rails</a></li>
</ul>
</li>
<li>
<a href="#upgrading-from-rails-3-1-to-rails-3-2">Upgrading from Rails 3.1 to Rails 3.2</a>

<ul>
<li><a href="#upgrading-from-rails-3-1-to-rails-3-2-gemfile">Gemfile</a></li>
<li><a href="#upgrading-from-rails-3-1-to-rails-3-2-config-environments-development-rb">config/environments/development.rb</a></li>
<li><a href="#upgrading-from-rails-3-1-to-rails-3-2-config-environments-test-rb">config/environments/test.rb</a></li>
<li><a href="#upgrading-from-rails-3-1-to-rails-3-2-vendor-plugins">vendor/plugins</a></li>
<li><a href="#upgrading-from-rails-3-1-to-rails-3-2-active-record">Active Record</a></li>
</ul>
</li>
<li>
<a href="#upgrading-from-rails-3-0-to-rails-3-1">Upgrading from Rails 3.0 to Rails 3.1</a>

<ul>
<li><a href="#gemfile">Gemfile</a></li>
<li><a href="#config-application-rb">config/application.rb</a></li>
<li><a href="#upgrading-from-rails-3-0-to-rails-3-1-config-environments-development-rb">config/environments/development.rb</a></li>
<li><a href="#config-environments-production-rb">config/environments/production.rb</a></li>
<li><a href="#upgrading-from-rails-3-0-to-rails-3-1-config-environments-test-rb">config/environments/test.rb</a></li>
<li><a href="#config-initializers-wrap-parameters-rb">config/initializers/wrap_parameters.rb</a></li>
<li><a href="#config-initializers-session-store-rb">config/initializers/session_store.rb</a></li>
<li><a href="#remove-cache-and-concat-options-in-asset-helpers-references-in-views">Remove :cache and :concat options in asset helpers references in views</a></li>
</ul>
</li>
</ol>

          </div>

    </div>
  </div>

  <div id="container">
    <div class="wrapper">
      <div id="mainCol">
        <h3 id="general-advice"><a class="anchorlink" href="#general-advice">1 General Advice</a></h3><p>Before attempting to upgrade an existing application, you should be sure you have a good reason to upgrade. You need to balance several factors: the need for new features, the increasing difficulty of finding support for old code, and your available time and skills, to name a few.</p><h4 id="test-coverage"><a class="anchorlink" href="#test-coverage">1.1 Test Coverage</a></h4><p>The best way to be sure that your application still works after upgrading is to have good test coverage before you start the process. If you don't have automated tests that exercise the bulk of your application, you'll need to spend time manually exercising all the parts that have changed. In the case of a Rails upgrade, that will mean every single piece of functionality in the application. Do yourself a favor and make sure your test coverage is good <em>before</em> you start an upgrade.</p><h4 id="the-upgrade-process"><a class="anchorlink" href="#the-upgrade-process">1.2 The Upgrade Process</a></h4><p>When changing Rails versions, it's best to move slowly, one minor version at a time, in order to make good use of the deprecation warnings. Rails version numbers are in the form Major.Minor.Patch. Major and Minor versions are allowed to make changes to the public API, so this may cause errors in your application. Patch versions only include bug fixes, and don't change any public API.</p><p>The process should go as follows:</p>
<ol>
<li>Write tests and make sure they pass.</li>
<li>Move to the latest patch version after your current version.</li>
<li>Fix tests and deprecated features.</li>
<li>Move to the latest patch version of the next minor version.</li>
</ol>
<p>Repeat this process until you reach your target Rails version. Each time you move versions, you will need to change the Rails version number in the <code>Gemfile</code> (and possibly other gem versions) and run <code>bundle update</code>. Then run the Update task mentioned below to update configuration files, then run your tests.</p><p>You can find a list of all released Rails versions <a href="https://rubygems.org/gems/rails/versions">here</a>.</p><h4 id="ruby-versions"><a class="anchorlink" href="#ruby-versions">1.3 Ruby Versions</a></h4><p>Rails generally stays close to the latest released Ruby version when it's released:</p>
<ul>
<li>Rails 6 requires Ruby 2.4.1 or newer.</li>
<li>Rails 5 requires Ruby 2.2.2 or newer.</li>
<li>Rails 4 prefers Ruby 2.0 and requires 1.9.3 or newer.</li>
<li>Rails 3.2.x is the last branch to support Ruby 1.8.7.</li>
<li>Rails 3 and above require Ruby 1.8.7 or higher. Support for all of the previous Ruby versions has been dropped officially. You should upgrade as early as possible.</li>
</ul>
<div class="info"><p>Ruby 1.8.7 p248 and p249 have marshalling bugs that crash Rails. Ruby Enterprise Edition has these fixed since the release of 1.8.7-2010.02. On the 1.9 front, Ruby 1.9.1 is not usable because it outright segfaults, so if you want to use 1.9.x, jump straight to 1.9.3 for smooth sailing.</p></div><h4 id="the-update-task"><a class="anchorlink" href="#the-update-task">1.4 The Update Task</a></h4><p>Rails provides the <code>app:update</code> command (<code>rake rails:update</code> on 4.2 and earlier). After updating the Rails version
in the <code>Gemfile</code>, run this command.
This will help you with the creation of new files and changes of old files in an
interactive session.</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
$ rails app:update
   identical  config/boot.rb
       exist  config
    conflict  config/routes.rb
Overwrite /myapp/config/routes.rb? (enter "h" for help) [Ynaqdh]
       force  config/routes.rb
    conflict  config/application.rb
Overwrite /myapp/config/application.rb? (enter "h" for help) [Ynaqdh]
       force  config/application.rb
    conflict  config/environment.rb
...

</pre>
</div>
<p>Don't forget to review the difference, to see if there were any unexpected changes.</p><h4 id="configure-framework-defaults"><a class="anchorlink" href="#configure-framework-defaults">1.5 Configure Framework Defaults</a></h4><p>The new Rails version might have different configuration defaults than the previous version. However, after following the steps described above, your application would still run with configuration defaults from the <em>previous</em> Rails version. That's because the value for <code>config.load_defaults</code> in <code>config/application.rb</code> has not been changed yet.</p><p>To allow you to upgrade to new defaults one by one, the update task has created a file <code>config/initializers/new_framework_defaults.rb</code>. Once your application is ready to run with new defaults, you can remove this file and flip the <code>config.load_defaults</code> value.</p><h3 id="upgrading-from-rails-5-2-to-rails-6-0"><a class="anchorlink" href="#upgrading-from-rails-5-2-to-rails-6-0">2 Upgrading from Rails 5.2 to Rails 6.0</a></h3><p>For more information on changes made to Rails 6.0 please see the <a href="6_0_release_notes.html">release notes</a>.</p><h4 id="force-ssl"><a class="anchorlink" href="#force-ssl">2.1 Force SSL</a></h4><p>The <code>force_ssl</code> method on controllers has been deprecated and will be removed in
Rails 6.1. You are encouraged to enable <code>config.force_ssl</code> to enforce HTTPS
connections throughout your application. If you need to exempt certain endpoints
from redirection, you can use <code>config.ssl_options</code> to configure that behavior.</p><h4 id="purpose-in-signed-or-encrypted-cookie-is-now-embedded-in-the-cookies-values"><a class="anchorlink" href="#purpose-in-signed-or-encrypted-cookie-is-now-embedded-in-the-cookies-values">2.2 Purpose in signed or encrypted cookie is now embedded in the cookies values</a></h4><p>To improve security, Rails now embeds the purpose information in encrypted or signed cookies value.
Rails can now thwart attacks that attempt to copy signed/encrypted value
of a cookie and use it as the value of another cookie.</p><p>This new embed information make those cookies incompatible with versions of Rails older than 6.0.</p><p>If you require your cookies to be read by 5.2 and older, or you are still validating your 6.0 deploy and want
to allow you to rollback set
<code>Rails.application.config.action_dispatch.use_cookies_with_metadata</code> to <code>false</code>.</p><h3 id="upgrading-from-rails-5-1-to-rails-5-2"><a class="anchorlink" href="#upgrading-from-rails-5-1-to-rails-5-2">3 Upgrading from Rails 5.1 to Rails 5.2</a></h3><p>For more information on changes made to Rails 5.2 please see the <a href="5_2_release_notes.html">release notes</a>.</p><h4 id="bootsnap"><a class="anchorlink" href="#bootsnap">3.1 Bootsnap</a></h4><p>Rails 5.2 adds bootsnap gem in the <a href="https://github.com/rails/rails/pull/29313">newly generated app's Gemfile</a>.
The <code>app:update</code> command sets it up in <code>boot.rb</code>. If you want to use it, then add it in the Gemfile,
otherwise change the <code>boot.rb</code> to not use bootsnap.</p><h4 id="expiry-in-signed-or-encrypted-cookie-is-now-embedded-in-the-cookies-values"><a class="anchorlink" href="#expiry-in-signed-or-encrypted-cookie-is-now-embedded-in-the-cookies-values">3.2 Expiry in signed or encrypted cookie is now embedded in the cookies values</a></h4><p>To improve security, Rails now embeds the expiry information also in encrypted or signed cookies value.</p><p>This new embed information make those cookies incompatible with versions of Rails older than 5.2.</p><p>If you require your cookies to be read by 5.1 and older, or you are still validating your 5.2 deploy and want
to allow you to rollback set
<code>Rails.application.config.action_dispatch.use_authenticated_cookie_encryption</code> to <code>false</code>.</p><h3 id="upgrading-from-rails-5-0-to-rails-5-1"><a class="anchorlink" href="#upgrading-from-rails-5-0-to-rails-5-1">4 Upgrading from Rails 5.0 to Rails 5.1</a></h3><p>For more information on changes made to Rails 5.1 please see the <a href="5_1_release_notes.html">release notes</a>.</p><h4 id="top-level-hashwithindifferentaccess-is-soft-deprecated"><a class="anchorlink" href="#top-level-hashwithindifferentaccess-is-soft-deprecated">4.1 Top-level <code>HashWithIndifferentAccess</code> is soft-deprecated</a></h4><p>If your application uses the top-level <code>HashWithIndifferentAccess</code> class, you
should slowly move your code to instead use <code>ActiveSupport::HashWithIndifferentAccess</code>.</p><p>It is only soft-deprecated, which means that your code will not break at the
moment and no deprecation warning will be displayed, but this constant will be
removed in the future.</p><p>Also, if you have pretty old YAML documents containing dumps of such objects,
you may need to load and dump them again to make sure that they reference
the right constant, and that loading them won't break in the future.</p><h4 id="application-secrets-now-loaded-with-all-keys-as-symbols"><a class="anchorlink" href="#application-secrets-now-loaded-with-all-keys-as-symbols">4.2 <code>application.secrets</code> now loaded with all keys as symbols</a></h4><p>If your application stores nested configuration in <code>config/secrets.yml</code>, all keys
are now loaded as symbols, so access using strings should be changed.</p><p>From:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
Rails.application.secrets[:smtp_settings]["address"]

</pre>
</div>
<p>To:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
Rails.application.secrets[:smtp_settings][:address]

</pre>
</div>
<h3 id="upgrading-from-rails-4-2-to-rails-5-0"><a class="anchorlink" href="#upgrading-from-rails-4-2-to-rails-5-0">5 Upgrading from Rails 4.2 to Rails 5.0</a></h3><p>For more information on changes made to Rails 5.0 please see the <a href="5_0_release_notes.html">release notes</a>.</p><h4 id="ruby-2-2-2-required"><a class="anchorlink" href="#ruby-2-2-2-required">5.1 Ruby 2.2.2+ required</a></h4><p>From Ruby on Rails 5.0 onwards, Ruby 2.2.2+ is the only supported Ruby version.
Make sure you are on Ruby 2.2.2 version or greater, before you proceed.</p><h4 id="active-record-models-now-inherit-from-applicationrecord-by-default"><a class="anchorlink" href="#active-record-models-now-inherit-from-applicationrecord-by-default">5.2 Active Record Models Now Inherit from ApplicationRecord by Default</a></h4><p>In Rails 4.2, an Active Record model inherits from <code>ActiveRecord::Base</code>. In Rails 5.0,
all models inherit from <code>ApplicationRecord</code>.</p><p><code>ApplicationRecord</code> is a new superclass for all app models, analogous to app
controllers subclassing <code>ApplicationController</code> instead of
<code>ActionController::Base</code>. This gives apps a single spot to configure app-wide
model behavior.</p><p>When upgrading from Rails 4.2 to Rails 5.0, you need to create an
<code>application_record.rb</code> file in <code>app/models/</code> and add the following content:</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
class ApplicationRecord &lt; ActiveRecord::Base
  self.abstract_class = true
end

</pre>
</div>
<p>Then make sure that all your models inherit from it.</p><h4 id="halting-callback-chains-via-throw-abort"><a class="anchorlink" href="#halting-callback-chains-via-throw-abort">5.3 Halting Callback Chains via <code>throw(:abort)</code></a></h4><p>In Rails 4.2, when a 'before' callback returns <code>false</code> in Active Record
and Active Model, then the entire callback chain is halted. In other words,
successive 'before' callbacks are not executed, and neither is the action wrapped
in callbacks.</p><p>In Rails 5.0, returning <code>false</code> in an Active Record or Active Model callback
will not have this side effect of halting the callback chain. Instead, callback
chains must be explicitly halted by calling <code>throw(:abort)</code>.</p><p>When you upgrade from Rails 4.2 to Rails 5.0, returning <code>false</code> in those kind of
callbacks will still halt the callback chain, but you will receive a deprecation
warning about this upcoming change.</p><p>When you are ready, you can opt into the new behavior and remove the deprecation
warning by adding the following configuration to your <code>config/application.rb</code>:</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
ActiveSupport.halt_callback_chains_on_return_false = false

</pre>
</div>
<p>Note that this option will not affect Active Support callbacks since they never
halted the chain when any value was returned.</p><p>See <a href="https://github.com/rails/rails/pull/17227">#17227</a> for more details.</p><h4 id="activejob-now-inherits-from-applicationjob-by-default"><a class="anchorlink" href="#activejob-now-inherits-from-applicationjob-by-default">5.4 ActiveJob Now Inherits from ApplicationJob by Default</a></h4><p>In Rails 4.2, an Active Job inherits from <code>ActiveJob::Base</code>. In Rails 5.0, this
behavior has changed to now inherit from <code>ApplicationJob</code>.</p><p>When upgrading from Rails 4.2 to Rails 5.0, you need to create an
<code>application_job.rb</code> file in <code>app/jobs/</code> and add the following content:</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
class ApplicationJob &lt; ActiveJob::Base
end

</pre>
</div>
<p>Then make sure that all your job classes inherit from it.</p><p>See <a href="https://github.com/rails/rails/pull/19034">#19034</a> for more details.</p><h4 id="rails-controller-testing"><a class="anchorlink" href="#rails-controller-testing">5.5 Rails Controller Testing</a></h4><h5 id="extraction-of-some-helper-methods-to-rails-controller-testing"><a class="anchorlink" href="#extraction-of-some-helper-methods-to-rails-controller-testing">5.5.1 Extraction of some helper methods to <code>rails-controller-testing</code></a></h5><p><code>assigns</code> and <code>assert_template</code> have been extracted to the <code>rails-controller-testing</code> gem. To
continue using these methods in your controller tests, add <code>gem 'rails-controller-testing'</code> to
your <code>Gemfile</code>.</p><p>If you are using Rspec for testing, please see the extra configuration required in the gem's
documentation.</p><h5 id="new-behavior-when-uploading-files"><a class="anchorlink" href="#new-behavior-when-uploading-files">5.5.2 New behavior when uploading files</a></h5><p>If you are using <code>ActionDispatch::Http::UploadedFile</code> in your tests to
upload files, you will need to change to use the similar <code>Rack::Test::UploadedFile</code>
class instead.</p><p>See <a href="https://github.com/rails/rails/issues/26404">#26404</a> for more details.</p><h4 id="autoloading-is-disabled-after-booting-in-the-production-environment"><a class="anchorlink" href="#autoloading-is-disabled-after-booting-in-the-production-environment">5.6 Autoloading is Disabled After Booting in the Production Environment</a></h4><p>Autoloading is now disabled after booting in the production environment by
default.</p><p>Eager loading the application is part of the boot process, so top-level
constants are fine and are still autoloaded, no need to require their files.</p><p>Constants in deeper places only executed at runtime, like regular method bodies,
are also fine because the file defining them will have been eager loaded while booting.</p><p>For the vast majority of applications this change needs no action. But in the
very rare event that your application needs autoloading while running in
production mode, set <code>Rails.application.config.enable_dependency_loading</code> to
true.</p><h4 id="xml-serialization"><a class="anchorlink" href="#xml-serialization">5.7 XML Serialization</a></h4><p><code>ActiveModel::Serializers::Xml</code> has been extracted from Rails to the <code>activemodel-serializers-xml</code>
gem. To continue using XML serialization in your application, add <code>gem 'activemodel-serializers-xml'</code>
to your <code>Gemfile</code>.</p><h4 id="removed-support-for-legacy-mysql-database-adapter"><a class="anchorlink" href="#removed-support-for-legacy-mysql-database-adapter">5.8 Removed Support for Legacy <code>mysql</code> Database Adapter</a></h4><p>Rails 5 removes support for the legacy <code>mysql</code> database adapter. Most users should be able to
use <code>mysql2</code> instead. It will be converted to a separate gem when we find someone to maintain
it.</p><h4 id="removed-support-for-debugger"><a class="anchorlink" href="#removed-support-for-debugger">5.9 Removed Support for Debugger</a></h4><p><code>debugger</code> is not supported by Ruby 2.2 which is required by Rails 5. Use <code>byebug</code> instead.</p><h4 id="use-rails-for-running-tasks-and-tests"><a class="anchorlink" href="#use-rails-for-running-tasks-and-tests">5.10 Use <code>rails</code> for running tasks and tests</a></h4><p>Rails 5 adds the ability to run tasks and tests through <code>bin/rails</code> instead of rake. Generally
these changes are in parallel with rake, but some were ported over altogether. As the <code>rails</code>
command already looks for and runs <code>bin/rails</code>, we recommend you to use the shorter <code>rails</code>
over `bin/rails.</p><p>To use the new test runner simply type <code>rails test</code>.</p><p><code>rake dev:cache</code> is now <code>rails dev:cache</code>.</p><p>Run <code>rails</code> inside your application's directory to see the list of commands available.</p><h4 id="actioncontroller-parameters-no-longer-inherits-from-hashwithindifferentaccess"><a class="anchorlink" href="#actioncontroller-parameters-no-longer-inherits-from-hashwithindifferentaccess">5.11 <code>ActionController::Parameters</code> No Longer Inherits from <code>HashWithIndifferentAccess</code></a></h4><p>Calling <code>params</code> in your application will now return an object instead of a hash. If your
parameters are already permitted, then you will not need to make any changes. If you are using <code>map</code>
and other methods that depend on being able to read the hash regardless of <code>permitted?</code> you will
need to upgrade your application to first permit and then convert to a hash.</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
params.permit([:proceed_to, :return_to]).to_h

</pre>
</div>
<h4 id="protect-from-forgery-now-defaults-to-prepend-false"><a class="anchorlink" href="#protect-from-forgery-now-defaults-to-prepend-false">5.12 <code>protect_from_forgery</code> Now Defaults to <code>prepend: false</code></a></h4><p><code>protect_from_forgery</code> defaults to <code>prepend: false</code> which means that it will be inserted into
the callback chain at the point in which you call it in your application. If you want
<code>protect_from_forgery</code> to always run first, then you should change your application to use
<code>protect_from_forgery prepend: true</code>.</p><h4 id="default-template-handler-is-now-raw"><a class="anchorlink" href="#default-template-handler-is-now-raw">5.13 Default Template Handler is Now RAW</a></h4><p>Files without a template handler in their extension will be rendered using the raw handler.
Previously Rails would render files using the ERB template handler.</p><p>If you do not want your file to be handled via the raw handler, you should add an extension
to your file that can be parsed by the appropriate template handler.</p><h4 id="added-wildcard-matching-for-template-dependencies"><a class="anchorlink" href="#added-wildcard-matching-for-template-dependencies">5.14 Added Wildcard Matching for Template Dependencies</a></h4><p>You can now use wildcard matching for your template dependencies. For example, if you were
defining your templates as such:</p><div class="code_container">
<pre class="brush: ruby; html-script: true; gutter: false; toolbar: false">
&lt;% # Template Dependency: recordings/threads/events/subscribers_changed %&gt;
&lt;% # Template Dependency: recordings/threads/events/completed %&gt;
&lt;% # Template Dependency: recordings/threads/events/uncompleted %&gt;

</pre>
</div>
<p>You can now just call the dependency once with a wildcard.</p><div class="code_container">
<pre class="brush: ruby; html-script: true; gutter: false; toolbar: false">
&lt;% # Template Dependency: recordings/threads/events/* %&gt;

</pre>
</div>
<h4 id="actionview-helpers-recordtaghelper-moved-to-external-gem-record-tag-helper"><a class="anchorlink" href="#actionview-helpers-recordtaghelper-moved-to-external-gem-record-tag-helper">5.15 <code>ActionView::Helpers::RecordTagHelper</code> moved to external gem (record_tag_helper)</a></h4><p><code>content_tag_for</code> and <code>div_for</code> have been removed in favor of just using <code>content_tag</code>. To continue using the older methods, add the <code>record_tag_helper</code> gem to your <code>Gemfile</code>:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
gem 'record_tag_helper', '~&gt; 1.0'

</pre>
</div>
<p>See <a href="https://github.com/rails/rails/pull/18411">#18411</a> for more details.</p><h4 id="removed-support-for-protected-attributes-gem"><a class="anchorlink" href="#removed-support-for-protected-attributes-gem">5.16 Removed Support for <code>protected_attributes</code> Gem</a></h4><p>The <code>protected_attributes</code> gem is no longer supported in Rails 5.</p><h4 id="removed-support-for-activerecord-deprecated-finders-gem"><a class="anchorlink" href="#removed-support-for-activerecord-deprecated-finders-gem">5.17 Removed support for <code>activerecord-deprecated_finders</code> gem</a></h4><p>The <code>activerecord-deprecated_finders</code> gem is no longer supported in Rails 5.</p><h4 id="activesupport-testcase-default-test-order-is-now-random"><a class="anchorlink" href="#activesupport-testcase-default-test-order-is-now-random">5.18 <code>ActiveSupport::TestCase</code> Default Test Order is Now Random</a></h4><p>When tests are run in your application, the default order is now <code>:random</code>
instead of <code>:sorted</code>. Use the following config option to set it back to <code>:sorted</code>.</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# config/environments/test.rb
Rails.application.configure do
  config.active_support.test_order = :sorted
end

</pre>
</div>
<h4 id="actioncontroller-live-became-a-concern"><a class="anchorlink" href="#actioncontroller-live-became-a-concern">5.19 <code>ActionController::Live</code> became a <code>Concern</code></a></h4><p>If you include <code>ActionController::Live</code> in another module that is included in your controller, then you
should also extend the module with <code>ActiveSupport::Concern</code>. Alternatively, you can use the <code>self.included</code> hook
to include <code>ActionController::Live</code> directly to the controller once the <code>StreamingSupport</code> is included.</p><p>This means that if your application used to have its own streaming module, the following code
would break in production mode:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# This is a work-around for streamed controllers performing authentication with Warden/Devise.
# See https://github.com/plataformatec/devise/issues/2332
# Authenticating in the router is another solution as suggested in that issue
class StreamingSupport
  include ActionController::Live # this won't work in production for Rails 5
  # extend ActiveSupport::Concern # unless you uncomment this line.

  def process(name)
    super(name)
  rescue ArgumentError =&gt; e
    if e.message == 'uncaught throw :warden'
      throw :warden
    else
      raise e
    end
  end
end

</pre>
</div>
<h4 id="new-framework-defaults"><a class="anchorlink" href="#new-framework-defaults">5.20 New Framework Defaults</a></h4><h5 id="active-record-belongs-to-required-by-default-option"><a class="anchorlink" href="#active-record-belongs-to-required-by-default-option">5.20.1 Active Record <code>belongs_to</code> Required by Default Option</a></h5><p><code>belongs_to</code> will now trigger a validation error by default if the association is not present.</p><p>This can be turned off per-association with <code>optional: true</code>.</p><p>This default will be automatically configured in new applications. If existing application
want to add this feature it will need to be turned on in an initializer.</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
config.active_record.belongs_to_required_by_default = true

</pre>
</div>
<h5 id="per-form-csrf-tokens"><a class="anchorlink" href="#per-form-csrf-tokens">5.20.2 Per-form CSRF Tokens</a></h5><p>Rails 5 now supports per-form CSRF tokens to mitigate against code-injection attacks with forms
created by JavaScript. With this option turned on, forms in your application will each have their
own CSRF token that is specific to the action and method for that form.</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
config.action_controller.per_form_csrf_tokens = true

</pre>
</div>
<h5 id="forgery-protection-with-origin-check"><a class="anchorlink" href="#forgery-protection-with-origin-check">5.20.3 Forgery Protection with Origin Check</a></h5><p>You can now configure your application to check if the HTTP <code>Origin</code> header should be checked
against the site's origin as an additional CSRF defense. Set the following in your config to
true:</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
config.action_controller.forgery_protection_origin_check = true

</pre>
</div>
<h5 id="allow-configuration-of-action-mailer-queue-name"><a class="anchorlink" href="#allow-configuration-of-action-mailer-queue-name">5.20.4 Allow Configuration of Action Mailer Queue Name</a></h5><p>The default mailer queue name is <code>mailers</code>. This configuration option allows you to globally change
the queue name. Set the following in your config:</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
config.action_mailer.deliver_later_queue_name = :new_queue_name

</pre>
</div>
<h5 id="support-fragment-caching-in-action-mailer-views"><a class="anchorlink" href="#support-fragment-caching-in-action-mailer-views">5.20.5 Support Fragment Caching in Action Mailer Views</a></h5><p>Set <code>config.action_mailer.perform_caching</code> in your config to determine whether your Action Mailer views
should support caching.</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
config.action_mailer.perform_caching = true

</pre>
</div>
<h5 id="configure-the-output-of-db-structure-dump"><a class="anchorlink" href="#configure-the-output-of-db-structure-dump">5.20.6 Configure the Output of <code>db:structure:dump</code></a></h5><p>If you're using <code>schema_search_path</code> or other PostgreSQL extensions, you can control how the schema is
dumped. Set to <code>:all</code> to generate all dumps, or to <code>:schema_search_path</code> to generate from schema search path.</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
config.active_record.dump_schemas = :all

</pre>
</div>
<h5 id="configure-ssl-options-to-enable-hsts-with-subdomains"><a class="anchorlink" href="#configure-ssl-options-to-enable-hsts-with-subdomains">5.20.7 Configure SSL Options to Enable HSTS with Subdomains</a></h5><p>Set the following in your config to enable HSTS when using subdomains:</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
config.ssl_options = { hsts: { subdomains: true } }

</pre>
</div>
<h5 id="preserve-timezone-of-the-receiver"><a class="anchorlink" href="#preserve-timezone-of-the-receiver">5.20.8 Preserve Timezone of the Receiver</a></h5><p>When using Ruby 2.4, you can preserve the timezone of the receiver when calling <code>to_time</code>.</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
ActiveSupport.to_time_preserves_timezone = false

</pre>
</div>
<h4 id="changes-with-json-jsonb-serialization"><a class="anchorlink" href="#changes-with-json-jsonb-serialization">5.21 Changes with JSON/JSONB serialization</a></h4><p>In Rails 5.0, how JSON/JSONB attributes are serialized and deserialized changed. Now, if
you set a column equal to a <code>String</code>, Active Record will no longer turn that string
into a <code>Hash</code>, and will instead only return the string. This is not limited to code
interacting with models, but also affects <code>:default</code> column settings in <code>db/schema.rb</code>.
It is recommended that you do not set columns equal to a <code>String</code>, but pass a <code>Hash</code>
instead, which will be converted to and from a JSON string automatically.</p><h3 id="upgrading-from-rails-4-1-to-rails-4-2"><a class="anchorlink" href="#upgrading-from-rails-4-1-to-rails-4-2">6 Upgrading from Rails 4.1 to Rails 4.2</a></h3><h4 id="web-console"><a class="anchorlink" href="#web-console">6.1 Web Console</a></h4><p>First, add <code>gem 'web-console', '~&gt; 2.0'</code> to the <code>:development</code> group in your <code>Gemfile</code> and run <code>bundle install</code> (it won't have been included when you upgraded Rails). Once it's been installed, you can simply drop a reference to the console helper (i.e., <code>&lt;%= console %&gt;</code>) into any view you want to enable it for. A console will also be provided on any error page you view in your development environment.</p><h4 id="responders"><a class="anchorlink" href="#responders">6.2 Responders</a></h4><p><code>respond_with</code> and the class-level <code>respond_to</code> methods have been extracted to the <code>responders</code> gem. To use them, simply add <code>gem 'responders', '~&gt; 2.0'</code> to your <code>Gemfile</code>. Calls to <code>respond_with</code> and <code>respond_to</code> (again, at the class level) will no longer work without having included the <code>responders</code> gem in your dependencies:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# app/controllers/users_controller.rb

class UsersController &lt; ApplicationController
  respond_to :html, :json

  def show
    @user = User.find(params[:id])
    respond_with @user
  end
end

</pre>
</div>
<p>Instance-level <code>respond_to</code> is unaffected and does not require the additional gem:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# app/controllers/users_controller.rb

class UsersController &lt; ApplicationController
  def show
    @user = User.find(params[:id])
    respond_to do |format|
      format.html
      format.json { render json: @user }
    end
  end
end

</pre>
</div>
<p>See <a href="https://github.com/rails/rails/pull/16526">#16526</a> for more details.</p><h4 id="error-handling-in-transaction-callbacks"><a class="anchorlink" href="#error-handling-in-transaction-callbacks">6.3 Error handling in transaction callbacks</a></h4><p>Currently, Active Record suppresses errors raised
within <code>after_rollback</code> or <code>after_commit</code> callbacks and only prints them to
the logs. In the next version, these errors will no longer be suppressed.
Instead, the errors will propagate normally just like in other Active
Record callbacks.</p><p>When you define an <code>after_rollback</code> or <code>after_commit</code> callback, you
will receive a deprecation warning about this upcoming change. When
you are ready, you can opt into the new behavior and remove the
deprecation warning by adding following configuration to your
<code>config/application.rb</code>:</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
config.active_record.raise_in_transactional_callbacks = true

</pre>
</div>
<p>See <a href="https://github.com/rails/rails/pull/14488">#14488</a> and
<a href="https://github.com/rails/rails/pull/16537">#16537</a> for more details.</p><h4 id="ordering-of-test-cases"><a class="anchorlink" href="#ordering-of-test-cases">6.4 Ordering of test cases</a></h4><p>In Rails 5.0, test cases will be executed in random order by default. In
anticipation of this change, Rails 4.2 introduced a new configuration option
<code>active_support.test_order</code> for explicitly specifying the test ordering. This
allows you to either lock down the current behavior by setting the option to
<code>:sorted</code>, or opt into the future behavior by setting the option to <code>:random</code>.</p><p>If you do not specify a value for this option, a deprecation warning will be
emitted. To avoid this, add the following line to your test environment:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# config/environments/test.rb
Rails.application.configure do
  config.active_support.test_order = :sorted # or `:random` if you prefer
end

</pre>
</div>
<h4 id="serialized-attributes"><a class="anchorlink" href="#serialized-attributes">6.5 Serialized attributes</a></h4><p>When using a custom coder (e.g. <code>serialize :metadata, JSON</code>),
assigning <code>nil</code> to a serialized attribute will save it to the database
as <code>NULL</code> instead of passing the <code>nil</code> value through the coder (e.g. <code>"null"</code>
when using the <code>JSON</code> coder).</p><h4 id="production-log-level"><a class="anchorlink" href="#production-log-level">6.6 Production log level</a></h4><p>In Rails 5, the default log level for the production environment will be changed
to <code>:debug</code> (from <code>:info</code>). To preserve the current default, add the following
line to your <code>production.rb</code>:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# Set to `:info` to match the current default, or set to `:debug` to opt-into
# the future default.
config.log_level = :info

</pre>
</div>
<h4 id="after-bundle-in-rails-templates"><a class="anchorlink" href="#after-bundle-in-rails-templates">6.7 <code>after_bundle</code> in Rails templates</a></h4><p>If you have a Rails template that adds all the files in version control, it
fails to add the generated binstubs because it gets executed before Bundler:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# template.rb
generate(:scaffold, "person name:string")
route "root to: 'people#index'"
rake("db:migrate")

git :init
git add: "."
git commit: %Q{ -m 'Initial commit' }

</pre>
</div>
<p>You can now wrap the <code>git</code> calls in an <code>after_bundle</code> block. It will be run
after the binstubs have been generated.</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# template.rb
generate(:scaffold, "person name:string")
route "root to: 'people#index'"
rake("db:migrate")

after_bundle do
  git :init
  git add: "."
  git commit: %Q{ -m 'Initial commit' }
end

</pre>
</div>
<h4 id="rails-html-sanitizer"><a class="anchorlink" href="#rails-html-sanitizer">6.8 Rails HTML Sanitizer</a></h4><p>There's a new choice for sanitizing HTML fragments in your applications. The
venerable html-scanner approach is now officially being deprecated in favor of
<a href="https://github.com/rails/rails-html-sanitizer"><code>Rails HTML Sanitizer</code></a>.</p><p>This means the methods <code>sanitize</code>, <code>sanitize_css</code>, <code>strip_tags</code> and
<code>strip_links</code> are backed by a new implementation.</p><p>This new sanitizer uses <a href="https://github.com/flavorjones/loofah">Loofah</a> internally. Loofah in turn uses Nokogiri, which
wraps XML parsers written in both C and Java, so sanitization should be faster
no matter which Ruby version you run.</p><p>The new version updates <code>sanitize</code>, so it can take a <code>Loofah::Scrubber</code> for
powerful scrubbing.
<a href="https://github.com/flavorjones/loofah#loofahscrubber">See some examples of scrubbers here</a>.</p><p>Two new scrubbers have also been added: <code>PermitScrubber</code> and <code>TargetScrubber</code>.
Read the <a href="https://github.com/rails/rails-html-sanitizer">gem's readme</a> for more information.</p><p>The documentation for <code>PermitScrubber</code> and <code>TargetScrubber</code> explains how you
can gain complete control over when and how elements should be stripped.</p><p>If your application needs to use the old sanitizer implementation, include <code>rails-deprecated_sanitizer</code> in your <code>Gemfile</code>:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
gem 'rails-deprecated_sanitizer'

</pre>
</div>
<h4 id="rails-dom-testing"><a class="anchorlink" href="#rails-dom-testing">6.9 Rails DOM Testing</a></h4><p>The <a href="http://api.rubyonrails.org/v4.1/classes/ActionDispatch/Assertions/TagAssertions.html"><code>TagAssertions</code> module</a> (containing methods such as <code>assert_tag</code>), <a href="https://github.com/rails/rails/blob/6061472b8c310158a2a2e8e9a6b81a1aef6b60fe/actionpack/lib/action_dispatch/testing/assertions/dom.rb">has been deprecated</a> in favor of the <code>assert_select</code> methods from the <code>SelectorAssertions</code> module, which has been extracted into the <a href="https://github.com/rails/rails-dom-testing">rails-dom-testing gem</a>.</p><h4 id="masked-authenticity-tokens"><a class="anchorlink" href="#masked-authenticity-tokens">6.10 Masked Authenticity Tokens</a></h4><p>In order to mitigate SSL attacks, <code>form_authenticity_token</code> is now masked so that it varies with each request.  Thus, tokens are validated by unmasking and then decrypting.  As a result, any strategies for verifying requests from non-rails forms that relied on a static session CSRF token have to take this into account.</p><h4 id="action-mailer"><a class="anchorlink" href="#action-mailer">6.11 Action Mailer</a></h4><p>Previously, calling a mailer method on a mailer class will result in the
corresponding instance method being executed directly. With the introduction of
Active Job and <code>#deliver_later</code>, this is no longer true. In Rails 4.2, the
invocation of the instance methods are deferred until either <code>deliver_now</code> or
<code>deliver_later</code> is called. For example:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
class Notifier &lt; ActionMailer::Base
  def notify(user, ...)
    puts "Called"
    mail(to: user.email, ...)
  end
end

mail = Notifier.notify(user, ...) # Notifier#notify is not yet called at this point
mail = mail.deliver_now           # Prints "Called"

</pre>
</div>
<p>This should not result in any noticeable differences for most applications.
However, if you need some non-mailer methods to be executed synchronously, and
you were previously relying on the synchronous proxying behavior, you should
define them as class methods on the mailer class directly:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
class Notifier &lt; ActionMailer::Base
  def self.broadcast_notifications(users, ...)
    users.each { |user| Notifier.notify(user, ...) }
  end
end

</pre>
</div>
<h4 id="foreign-key-support"><a class="anchorlink" href="#foreign-key-support">6.12 Foreign Key Support</a></h4><p>The migration DSL has been expanded to support foreign key definitions. If
you've been using the Foreigner gem, you might want to consider removing it.
Note that the foreign key support of Rails is a subset of Foreigner. This means
that not every Foreigner definition can be fully replaced by its Rails
migration DSL counterpart.</p><p>The migration procedure is as follows:</p>
<ol>
<li>remove <code>gem "foreigner"</code> from the <code>Gemfile</code>.</li>
<li>run <code>bundle install</code>.</li>
<li>run <code>bin/rake db:schema:dump</code>.</li>
<li>make sure that <code>db/schema.rb</code> contains every foreign key definition with
the necessary options.</li>
</ol>
<h3 id="upgrading-from-rails-4-0-to-rails-4-1"><a class="anchorlink" href="#upgrading-from-rails-4-0-to-rails-4-1">7 Upgrading from Rails 4.0 to Rails 4.1</a></h3><h4 id="csrf-protection-from-remote-script-tags"><a class="anchorlink" href="#csrf-protection-from-remote-script-tags">7.1 CSRF protection from remote <code>&lt;script&gt;</code> tags</a></h4><p>Or, "whaaat my tests are failing!!!?" or "my <code>&lt;script&gt;</code> widget is busted!!"</p><p>Cross-site request forgery (CSRF) protection now covers GET requests with
JavaScript responses, too. This prevents a third-party site from remotely
referencing your JavaScript with a <code>&lt;script&gt;</code> tag to extract sensitive data.</p><p>This means that your functional and integration tests that use</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
get :index, format: :js

</pre>
</div>
<p>will now trigger CSRF protection. Switch to</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
xhr :get, :index, format: :js

</pre>
</div>
<p>to explicitly test an <code>XmlHttpRequest</code>.</p><div class="note"><p>Your own <code>&lt;script&gt;</code> tags are treated as cross-origin and blocked by
default, too. If you really mean to load JavaScript from <code>&lt;script&gt;</code> tags,
you must now explicitly skip CSRF protection on those actions.</p></div><h4 id="spring"><a class="anchorlink" href="#spring">7.2 Spring</a></h4><p>If you want to use Spring as your application preloader you need to:</p>
<ol>
<li>Add <code>gem 'spring', group: :development</code> to your <code>Gemfile</code>.</li>
<li>Install spring using <code>bundle install</code>.</li>
<li>Springify your binstubs with <code>bundle exec spring binstub --all</code>.</li>
</ol>
<div class="note"><p>User defined rake tasks will run in the <code>development</code> environment by
default. If you want them to run in other environments consult the
<a href="https://github.com/rails/spring#rake">Spring README</a>.</p></div><h4 id="config-secrets-yml"><a class="anchorlink" href="#config-secrets-yml">7.3 <code>config/secrets.yml</code></a></h4><p>If you want to use the new <code>secrets.yml</code> convention to store your application's
secrets, you need to:</p>
<ol>
<li>
<p>Create a <code>secrets.yml</code> file in your <code>config</code> folder with the following content:</p>
<div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
development:
  secret_key_base:

test:
  secret_key_base:

production:
  secret_key_base: &lt;%= ENV["SECRET_KEY_BASE"] %&gt;

</pre>
</div>
</li>
<li><p>Use your existing <code>secret_key_base</code> from the <code>secret_token.rb</code> initializer to
set the SECRET_KEY_BASE environment variable for whichever users running the
Rails application in production mode. Alternatively, you can simply copy the existing
<code>secret_key_base</code> from the <code>secret_token.rb</code> initializer to <code>secrets.yml</code>
under the <code>production</code> section, replacing '&lt;%= ENV["SECRET_KEY_BASE"] %&gt;'.</p></li>
<li><p>Remove the <code>secret_token.rb</code> initializer.</p></li>
<li><p>Use <code>rake secret</code> to generate new keys for the <code>development</code> and <code>test</code> sections.</p></li>
<li><p>Restart your server.</p></li>
</ol>
<h4 id="changes-to-test-helper"><a class="anchorlink" href="#changes-to-test-helper">7.4 Changes to test helper</a></h4><p>If your test helper contains a call to
<code>ActiveRecord::Migration.check_pending!</code> this can be removed. The check
is now done automatically when you <code>require 'rails/test_help'</code>, although
leaving this line in your helper is not harmful in any way.</p><h4 id="cookies-serializer"><a class="anchorlink" href="#cookies-serializer">7.5 Cookies serializer</a></h4><p>Applications created before Rails 4.1 uses <code>Marshal</code> to serialize cookie values into
the signed and encrypted cookie jars. If you want to use the new <code>JSON</code>-based format
in your application, you can add an initializer file with the following content:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
Rails.application.config.action_dispatch.cookies_serializer = :hybrid

</pre>
</div>
<p>This would transparently migrate your existing <code>Marshal</code>-serialized cookies into the
new <code>JSON</code>-based format.</p><p>When using the <code>:json</code> or <code>:hybrid</code> serializer, you should beware that not all
Ruby objects can be serialized as JSON. For example, <code>Date</code> and <code>Time</code> objects
will be serialized as strings, and <code>Hash</code>es will have their keys stringified.</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
class CookiesController &lt; ApplicationController
  def set_cookie
    cookies.encrypted[:expiration_date] = Date.tomorrow # =&gt; Thu, 20 Mar 2014
    redirect_to action: 'read_cookie'
  end

  def read_cookie
    cookies.encrypted[:expiration_date] # =&gt; "2014-03-20"
  end
end

</pre>
</div>
<p>It's advisable that you only store simple data (strings and numbers) in cookies.
If you have to store complex objects, you would need to handle the conversion
manually when reading the values on subsequent requests.</p><p>If you use the cookie session store, this would apply to the <code>session</code> and
<code>flash</code> hash as well.</p><h4 id="flash-structure-changes"><a class="anchorlink" href="#flash-structure-changes">7.6 Flash structure changes</a></h4><p>Flash message keys are
<a href="https://github.com/rails/rails/commit/a668beffd64106a1e1fedb71cc25eaaa11baf0c1">normalized to strings</a>. They
can still be accessed using either symbols or strings. Looping through the flash
will always yield string keys:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
flash["string"] = "a string"
flash[:symbol] = "a symbol"

# Rails &lt; 4.1
flash.keys # =&gt; ["string", :symbol]

# Rails &gt;= 4.1
flash.keys # =&gt; ["string", "symbol"]

</pre>
</div>
<p>Make sure you are comparing Flash message keys against strings.</p><h4 id="changes-in-json-handling"><a class="anchorlink" href="#changes-in-json-handling">7.7 Changes in JSON handling</a></h4><p>There are a few major changes related to JSON handling in Rails 4.1.</p><h5 id="multijson-removal"><a class="anchorlink" href="#multijson-removal">7.7.1 MultiJSON removal</a></h5><p>MultiJSON has reached its <a href="https://github.com/rails/rails/pull/10576">end-of-life</a>
and has been removed from Rails.</p><p>If your application currently depends on MultiJSON directly, you have a few options:</p>
<ol>
<li><p>Add 'multi_json' to your <code>Gemfile</code>. Note that this might cease to work in the future</p></li>
<li><p>Migrate away from MultiJSON by using <code>obj.to_json</code>, and <code>JSON.parse(str)</code> instead.</p></li>
</ol>
<div class="warning"><p>Do not simply replace <code>MultiJson.dump</code> and <code>MultiJson.load</code> with
<code>JSON.dump</code> and <code>JSON.load</code>. These JSON gem APIs are meant for serializing and
deserializing arbitrary Ruby objects and are generally <a href="http://www.ruby-doc.org/stdlib-2.2.2/libdoc/json/rdoc/JSON.html#method-i-load">unsafe</a>.</p></div><h5 id="json-gem-compatibility"><a class="anchorlink" href="#json-gem-compatibility">7.7.2 JSON gem compatibility</a></h5><p>Historically, Rails had some compatibility issues with the JSON gem. Using
<code>JSON.generate</code> and <code>JSON.dump</code> inside a Rails application could produce
unexpected errors.</p><p>Rails 4.1 fixed these issues by isolating its own encoder from the JSON gem. The
JSON gem APIs will function as normal, but they will not have access to any
Rails-specific features. For example:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
class FooBar
  def as_json(options = nil)
    { foo: 'bar' }
  end
end

&gt;&gt; FooBar.new.to_json # =&gt; "{\"foo\":\"bar\"}"
&gt;&gt; JSON.generate(FooBar.new, quirks_mode: true) # =&gt; "\"#&lt;FooBar:0x007fa80a481610&gt;\""

</pre>
</div>
<h5 id="new-json-encoder"><a class="anchorlink" href="#new-json-encoder">7.7.3 New JSON encoder</a></h5><p>The JSON encoder in Rails 4.1 has been rewritten to take advantage of the JSON
gem. For most applications, this should be a transparent change. However, as
part of the rewrite, the following features have been removed from the encoder:</p>
<ol>
<li>Circular data structure detection</li>
<li>Support for the <code>encode_json</code> hook</li>
<li>Option to encode <code>BigDecimal</code> objects as numbers instead of strings</li>
</ol>
<p>If your application depends on one of these features, you can get them back by
adding the <a href="https://github.com/rails/activesupport-json_encoder"><code>activesupport-json_encoder</code></a>
gem to your <code>Gemfile</code>.</p><h5 id="json-representation-of-time-objects"><a class="anchorlink" href="#json-representation-of-time-objects">7.7.4 JSON representation of Time objects</a></h5><p><code>#as_json</code> for objects with time component (<code>Time</code>, <code>DateTime</code>, <code>ActiveSupport::TimeWithZone</code>)
now returns millisecond precision by default. If you need to keep old behavior with no millisecond
precision, set the following in an initializer:</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
ActiveSupport::JSON::Encoding.time_precision = 0

</pre>
</div>
<h4 id="usage-of-return-within-inline-callback-blocks"><a class="anchorlink" href="#usage-of-return-within-inline-callback-blocks">7.8 Usage of <code>return</code> within inline callback blocks</a></h4><p>Previously, Rails allowed inline callback blocks to use <code>return</code> this way:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
class ReadOnlyModel &lt; ActiveRecord::Base
  before_save { return false } # BAD
end

</pre>
</div>
<p>This behavior was never intentionally supported. Due to a change in the internals
of <code>ActiveSupport::Callbacks</code>, this is no longer allowed in Rails 4.1. Using a
<code>return</code> statement in an inline callback block causes a <code>LocalJumpError</code> to
be raised when the callback is executed.</p><p>Inline callback blocks using <code>return</code> can be refactored to evaluate to the
returned value:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
class ReadOnlyModel &lt; ActiveRecord::Base
  before_save { false } # GOOD
end

</pre>
</div>
<p>Alternatively, if <code>return</code> is preferred it is recommended to explicitly define
a method:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
class ReadOnlyModel &lt; ActiveRecord::Base
  before_save :before_save_callback # GOOD

  private
    def before_save_callback
      return false
    end
end

</pre>
</div>
<p>This change applies to most places in Rails where callbacks are used, including
Active Record and Active Model callbacks, as well as filters in Action
Controller (e.g. <code>before_action</code>).</p><p>See <a href="https://github.com/rails/rails/pull/13271">this pull request</a> for more
details.</p><h4 id="methods-defined-in-active-record-fixtures"><a class="anchorlink" href="#methods-defined-in-active-record-fixtures">7.9 Methods defined in Active Record fixtures</a></h4><p>Rails 4.1 evaluates each fixture's ERB in a separate context, so helper methods
defined in a fixture will not be available in other fixtures.</p><p>Helper methods that are used in multiple fixtures should be defined on modules
included in the newly introduced <code>ActiveRecord::FixtureSet.context_class</code>, in
<code>test_helper.rb</code>.</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
module FixtureFileHelpers
  def file_sha(path)
    Digest::SHA2.hexdigest(File.read(Rails.root.join('test/fixtures', path)))
  end
end
ActiveRecord::FixtureSet.context_class.include FixtureFileHelpers

</pre>
</div>
<h4 id="i18n-enforcing-available-locales"><a class="anchorlink" href="#i18n-enforcing-available-locales">7.10 I18n enforcing available locales</a></h4><p>Rails 4.1 now defaults the I18n option <code>enforce_available_locales</code> to <code>true</code>. This
means that it will make sure that all locales passed to it must be declared in
the <code>available_locales</code> list.</p><p>To disable it (and allow I18n to accept <em>any</em> locale option) add the following
configuration to your application:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
config.i18n.enforce_available_locales = false

</pre>
</div>
<p>Note that this option was added as a security measure, to ensure user input
cannot be used as locale information unless it is previously known. Therefore,
it's recommended not to disable this option unless you have a strong reason for
doing so.</p><h4 id="mutator-methods-called-on-relation"><a class="anchorlink" href="#mutator-methods-called-on-relation">7.11 Mutator methods called on Relation</a></h4><p><code>Relation</code> no longer has mutator methods like <code>#map!</code> and <code>#delete_if</code>. Convert
to an <code>Array</code> by calling <code>#to_a</code> before using these methods.</p><p>It intends to prevent odd bugs and confusion in code that call mutator
methods directly on the <code>Relation</code>.</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# Instead of this
Author.where(name: 'Hank Moody').compact!

# Now you have to do this
authors = Author.where(name: 'Hank Moody').to_a
authors.compact!

</pre>
</div>
<h4 id="changes-on-default-scopes"><a class="anchorlink" href="#changes-on-default-scopes">7.12 Changes on Default Scopes</a></h4><p>Default scopes are no longer overridden by chained conditions.</p><p>In previous versions when you defined a <code>default_scope</code> in a model
it was overridden by chained conditions in the same field. Now it
is merged like any other scope.</p><p>Before:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
class User &lt; ActiveRecord::Base
  default_scope { where state: 'pending' }
  scope :active, -&gt; { where state: 'active' }
  scope :inactive, -&gt; { where state: 'inactive' }
end

User.all
# SELECT "users".* FROM "users" WHERE "users"."state" = 'pending'

User.active
# SELECT "users".* FROM "users" WHERE "users"."state" = 'active'

User.where(state: 'inactive')
# SELECT "users".* FROM "users" WHERE "users"."state" = 'inactive'

</pre>
</div>
<p>After:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
class User &lt; ActiveRecord::Base
  default_scope { where state: 'pending' }
  scope :active, -&gt; { where state: 'active' }
  scope :inactive, -&gt; { where state: 'inactive' }
end

User.all
# SELECT "users".* FROM "users" WHERE "users"."state" = 'pending'

User.active
# SELECT "users".* FROM "users" WHERE "users"."state" = 'pending' AND "users"."state" = 'active'

User.where(state: 'inactive')
# SELECT "users".* FROM "users" WHERE "users"."state" = 'pending' AND "users"."state" = 'inactive'

</pre>
</div>
<p>To get the previous behavior it is needed to explicitly remove the
<code>default_scope</code> condition using <code>unscoped</code>, <code>unscope</code>, <code>rewhere</code> or
<code>except</code>.</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
class User &lt; ActiveRecord::Base
  default_scope { where state: 'pending' }
  scope :active, -&gt; { unscope(where: :state).where(state: 'active') }
  scope :inactive, -&gt; { rewhere state: 'inactive' }
end

User.all
# SELECT "users".* FROM "users" WHERE "users"."state" = 'pending'

User.active
# SELECT "users".* FROM "users" WHERE "users"."state" = 'active'

User.inactive
# SELECT "users".* FROM "users" WHERE "users"."state" = 'inactive'

</pre>
</div>
<h4 id="rendering-content-from-string"><a class="anchorlink" href="#rendering-content-from-string">7.13 Rendering content from string</a></h4><p>Rails 4.1 introduces <code>:plain</code>, <code>:html</code>, and <code>:body</code> options to <code>render</code>. Those
options are now the preferred way to render string-based content, as it allows
you to specify which content type you want the response sent as.</p>
<ul>
<li>
<code>render :plain</code> will set the content type to <code>text/plain</code>
</li>
<li>
<code>render :html</code> will set the content type to <code>text/html</code>
</li>
<li>
<code>render :body</code> will <em>not</em> set the content type header.</li>
</ul>
<p>From the security standpoint, if you don't expect to have any markup in your
response body, you should be using <code>render :plain</code> as most browsers will escape
unsafe content in the response for you.</p><p>We will be deprecating the use of <code>render :text</code> in a future version. So please
start using the more precise <code>:plain</code>, <code>:html</code>, and <code>:body</code> options instead.
Using <code>render :text</code> may pose a security risk, as the content is sent as
<code>text/html</code>.</p><h4 id="postgresql-json-and-hstore-datatypes"><a class="anchorlink" href="#postgresql-json-and-hstore-datatypes">7.14 PostgreSQL json and hstore datatypes</a></h4><p>Rails 4.1 will map <code>json</code> and <code>hstore</code> columns to a string-keyed Ruby <code>Hash</code>.
In earlier versions, a <code>HashWithIndifferentAccess</code> was used. This means that
symbol access is no longer supported. This is also the case for
<code>store_accessors</code> based on top of <code>json</code> or <code>hstore</code> columns. Make sure to use
string keys consistently.</p><h4 id="explicit-block-use-for-activesupport-callbacks"><a class="anchorlink" href="#explicit-block-use-for-activesupport-callbacks">7.15 Explicit block use for <code>ActiveSupport::Callbacks</code></a></h4><p>Rails 4.1 now expects an explicit block to be passed when calling
<code>ActiveSupport::Callbacks.set_callback</code>. This change stems from
<code>ActiveSupport::Callbacks</code> being largely rewritten for the 4.1 release.</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# Previously in Rails 4.0
set_callback :save, :around, -&gt;(r, &amp;block) { stuff; result = block.call; stuff }

# Now in Rails 4.1
set_callback :save, :around, -&gt;(r, block) { stuff; result = block.call; stuff }

</pre>
</div>
<h3 id="upgrading-from-rails-3-2-to-rails-4-0"><a class="anchorlink" href="#upgrading-from-rails-3-2-to-rails-4-0">8 Upgrading from Rails 3.2 to Rails 4.0</a></h3><p>If your application is currently on any version of Rails older than 3.2.x, you should upgrade to Rails 3.2 before attempting one to Rails 4.0.</p><p>The following changes are meant for upgrading your application to Rails 4.0.</p><h4 id="http-patch"><a class="anchorlink" href="#http-patch">8.1 HTTP PATCH</a></h4><p>Rails 4 now uses <code>PATCH</code> as the primary HTTP verb for updates when a RESTful
resource is declared in <code>config/routes.rb</code>. The <code>update</code> action is still used,
and <code>PUT</code> requests will continue to be routed to the <code>update</code> action as well.
So, if you're using only the standard RESTful routes, no changes need to be made:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
resources :users

</pre>
</div>
<div class="code_container">
<pre class="brush: ruby; html-script: true; gutter: false; toolbar: false">
&lt;%= form_for @user do |f| %&gt;

</pre>
</div>
<div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
class UsersController &lt; ApplicationController
  def update
    # No change needed; PATCH will be preferred, and PUT will still work.
  end
end

</pre>
</div>
<p>However, you will need to make a change if you are using <code>form_for</code> to update
a resource in conjunction with a custom route using the <code>PUT</code> HTTP method:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
resources :users, do
  put :update_name, on: :member
end

</pre>
</div>
<div class="code_container">
<pre class="brush: ruby; html-script: true; gutter: false; toolbar: false">
&lt;%= form_for [ :update_name, @user ] do |f| %&gt;

</pre>
</div>
<div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
class UsersController &lt; ApplicationController
  def update_name
    # Change needed; form_for will try to use a non-existent PATCH route.
  end
end

</pre>
</div>
<p>If the action is not being used in a public API and you are free to change the
HTTP method, you can update your route to use <code>patch</code> instead of <code>put</code>:</p><p><code>PUT</code> requests to <code>/users/:id</code> in Rails 4 get routed to <code>update</code> as they are
today. So, if you have an API that gets real PUT requests it is going to work.
The router also routes <code>PATCH</code> requests to <code>/users/:id</code> to the <code>update</code> action.</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
resources :users do
  patch :update_name, on: :member
end

</pre>
</div>
<p>If the action is being used in a public API and you can't change to HTTP method
being used, you can update your form to use the <code>PUT</code> method instead:</p><div class="code_container">
<pre class="brush: ruby; html-script: true; gutter: false; toolbar: false">
&lt;%= form_for [ :update_name, @user ], method: :put do |f| %&gt;

</pre>
</div>
<p>For more on PATCH and why this change was made, see <a href="https://weblog.rubyonrails.org/2012/2/26/edge-rails-patch-is-the-new-primary-http-method-for-updates/">this post</a>
on the Rails blog.</p><h5 id="a-note-about-media-types"><a class="anchorlink" href="#a-note-about-media-types">8.1.1 A note about media types</a></h5><p>The errata for the <code>PATCH</code> verb <a href="http://www.rfc-editor.org/errata_search.php?rfc=5789">specifies that a 'diff' media type should be
used with <code>PATCH</code></a>. One
such format is <a href="https://tools.ietf.org/html/rfc6902">JSON Patch</a>. While Rails
does not support JSON Patch natively, it's easy enough to add support:</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
# in your controller
def update
  respond_to do |format|
    format.json do
      # perform a partial update
      @article.update params[:article]
    end

    format.json_patch do
      # perform sophisticated change
    end
  end
end

# In config/initializers/json_patch.rb:
Mime::Type.register 'application/json-patch+json', :json_patch

</pre>
</div>
<p>As JSON Patch was only recently made into an RFC, there aren't a lot of great
Ruby libraries yet. Aaron Patterson's
<a href="https://github.com/tenderlove/hana">hana</a> is one such gem, but doesn't have
full support for the last few changes in the specification.</p><h4 id="upgrading-from-rails-3-2-to-rails-4-0-gemfile"><a class="anchorlink" href="#upgrading-from-rails-3-2-to-rails-4-0-gemfile">8.2 Gemfile</a></h4><p>Rails 4.0 removed the <code>assets</code> group from <code>Gemfile</code>. You'd need to remove that
line from your <code>Gemfile</code> when upgrading. You should also update your application
file (in <code>config/application.rb</code>):</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# Require the gems listed in Gemfile, including any gems
# you've limited to :test, :development, or :production.
Bundler.require(*Rails.groups)

</pre>
</div>
<h4 id="upgrading-from-rails-3-2-to-rails-4-0-vendor-plugins"><a class="anchorlink" href="#upgrading-from-rails-3-2-to-rails-4-0-vendor-plugins">8.3 vendor/plugins</a></h4><p>Rails 4.0 no longer supports loading plugins from <code>vendor/plugins</code>. You must replace any plugins by extracting them to gems and adding them to your <code>Gemfile</code>. If you choose not to make them gems, you can move them into, say, <code>lib/my_plugin/*</code> and add an appropriate initializer in <code>config/initializers/my_plugin.rb</code>.</p><h4 id="upgrading-from-rails-3-2-to-rails-4-0-active-record"><a class="anchorlink" href="#upgrading-from-rails-3-2-to-rails-4-0-active-record">8.4 Active Record</a></h4>
<ul>
<li><p>Rails 4.0 has removed the identity map from Active Record, due to <a href="https://github.com/rails/rails/commit/302c912bf6bcd0fa200d964ec2dc4a44abe328a6">some inconsistencies with associations</a>. If you have manually enabled it in your application, you will have to remove the following config that has no effect anymore: <code>config.active_record.identity_map</code>.</p></li>
<li><p>The <code>delete</code> method in collection associations can now receive <code>Integer</code> or <code>String</code> arguments as record ids, besides records, pretty much like the <code>destroy</code> method does. Previously it raised <code>ActiveRecord::AssociationTypeMismatch</code> for such arguments. From Rails 4.0 on <code>delete</code> automatically tries to find the records matching the given ids before deleting them.</p></li>
<li><p>In Rails 4.0 when a column or a table is renamed the related indexes are also renamed. If you have migrations which rename the indexes, they are no longer needed.</p></li>
<li><p>Rails 4.0 has changed <code>serialized_attributes</code> and <code>attr_readonly</code> to class methods only. You shouldn't use instance methods since it's now deprecated. You should change them to use class methods, e.g. <code>self.serialized_attributes</code> to <code>self.class.serialized_attributes</code>.</p></li>
<li><p>When using the default coder, assigning <code>nil</code> to a serialized attribute will save it
to the database as <code>NULL</code> instead of passing the <code>nil</code> value through YAML (<code>"--- \n...\n"</code>).</p></li>
<li><p>Rails 4.0 has removed <code>attr_accessible</code> and <code>attr_protected</code> feature in favor of Strong Parameters. You can use the <a href="https://github.com/rails/protected_attributes">Protected Attributes gem</a> for a smooth upgrade path.</p></li>
<li><p>If you are not using Protected Attributes, you can remove any options related to
this gem such as <code>whitelist_attributes</code> or <code>mass_assignment_sanitizer</code> options.</p></li>
<li><p>Rails 4.0 requires that scopes use a callable object such as a Proc or lambda:</p></li>
</ul>
<div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
  scope :active, where(active: true)

  # becomes
  scope :active, -&gt; { where active: true }

</pre>
</div>

<ul>
<li><p>Rails 4.0 has deprecated <code>ActiveRecord::Fixtures</code> in favor of <code>ActiveRecord::FixtureSet</code>.</p></li>
<li><p>Rails 4.0 has deprecated <code>ActiveRecord::TestCase</code> in favor of <code>ActiveSupport::TestCase</code>.</p></li>
<li><p>Rails 4.0 has deprecated the old-style hash based finder API. This means that
methods which previously accepted "finder options" no longer do.  For example, <code>Book.find(:all, conditions: { name: '1984' })</code> has been deprecated in favor of <code>Book.where(name: '1984')</code></p></li>
<li>
<p>All dynamic methods except for <code>find_by_...</code> and <code>find_by_...!</code> are deprecated.
Here's how you can handle the changes:</p>
<ul>
<li>
<code>find_all_by_...</code>           becomes <code>where(...)</code>.</li>
<li>
<code>find_last_by_...</code>          becomes <code>where(...).last</code>.</li>
<li>
<code>scoped_by_...</code>             becomes <code>where(...)</code>.</li>
<li>
<code>find_or_initialize_by_...</code> becomes <code>find_or_initialize_by(...)</code>.</li>
<li>
<code>find_or_create_by_...</code>     becomes <code>find_or_create_by(...)</code>.</li>
</ul>
</li>
<li><p>Note that <code>where(...)</code> returns a relation, not an array like the old finders. If you require an <code>Array</code>, use <code>where(...).to_a</code>.</p></li>
<li><p>These equivalent methods may not execute the same SQL as the previous implementation.</p></li>
<li><p>To re-enable the old finders, you can use the <a href="https://github.com/rails/activerecord-deprecated_finders">activerecord-deprecated_finders gem</a>.</p></li>
<li><p>Rails 4.0 has changed to default join table for <code>has_and_belongs_to_many</code> relations to strip the common prefix off the second table name. Any existing <code>has_and_belongs_to_many</code> relationship between models with a common prefix must be specified with the <code>join_table</code> option. For example:</p></li>
</ul>
<div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
CatalogCategory &lt; ActiveRecord::Base
  has_and_belongs_to_many :catalog_products, join_table: 'catalog_categories_catalog_products'
end

CatalogProduct &lt; ActiveRecord::Base
  has_and_belongs_to_many :catalog_categories, join_table: 'catalog_categories_catalog_products'
end

</pre>
</div>

<ul>
<li>Note that the prefix takes scopes into account as well, so relations between <code>Catalog::Category</code> and <code>Catalog::Product</code> or <code>Catalog::Category</code> and <code>CatalogProduct</code> need to be updated similarly.</li>
</ul>
<h4 id="active-resource"><a class="anchorlink" href="#active-resource">8.5 Active Resource</a></h4><p>Rails 4.0 extracted Active Resource to its own gem. If you still need the feature you can add the <a href="https://github.com/rails/activeresource">Active Resource gem</a> in your <code>Gemfile</code>.</p><h4 id="active-model"><a class="anchorlink" href="#active-model">8.6 Active Model</a></h4>
<ul>
<li><p>Rails 4.0 has changed how errors attach with the <code>ActiveModel::Validations::ConfirmationValidator</code>. Now when confirmation validations fail, the error will be attached to <code>:#{attribute}_confirmation</code> instead of <code>attribute</code>.</p></li>
<li><p>Rails 4.0 has changed <code>ActiveModel::Serializers::JSON.include_root_in_json</code> default value to <code>false</code>. Now, Active Model Serializers and Active Record objects have the same default behavior. This means that you can comment or remove the following option in the <code>config/initializers/wrap_parameters.rb</code> file:</p></li>
</ul>
<div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# Disable root element in JSON by default.
# ActiveSupport.on_load(:active_record) do
#   self.include_root_in_json = false
# end

</pre>
</div>
<h4 id="action-pack"><a class="anchorlink" href="#action-pack">8.7 Action Pack</a></h4>
<ul>
<li>Rails 4.0 introduces <code>ActiveSupport::KeyGenerator</code> and uses this as a base from which to generate and verify signed cookies (among other things). Existing signed cookies generated with Rails 3.x will be transparently upgraded if you leave your existing <code>secret_token</code> in place and add the new <code>secret_key_base</code>.</li>
</ul>
<div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
  # config/initializers/secret_token.rb
  Myapp::Application.config.secret_token = 'existing secret token'
  Myapp::Application.config.secret_key_base = 'new secret key base'

</pre>
</div>
<p>Please note that you should wait to set <code>secret_key_base</code> until you have 100% of your userbase on Rails 4.x and are reasonably sure you will not need to rollback to Rails 3.x. This is because cookies signed based on the new <code>secret_key_base</code> in Rails 4.x are not backwards compatible with Rails 3.x. You are free to leave your existing <code>secret_token</code> in place, not set the new <code>secret_key_base</code>, and ignore the deprecation warnings until you are reasonably sure that your upgrade is otherwise complete.</p><p>If you are relying on the ability for external applications or JavaScript to be able to read your Rails app's signed session cookies (or signed cookies in general) you should not set <code>secret_key_base</code> until you have decoupled these concerns.</p>
<ul>
<li>Rails 4.0 encrypts the contents of cookie-based sessions if <code>secret_key_base</code> has been set. Rails 3.x signed, but did not encrypt, the contents of cookie-based session. Signed cookies are "secure" in that they are verified to have been generated by your app and are tamper-proof. However, the contents can be viewed by end users, and encrypting the contents eliminates this caveat/concern without a significant performance penalty.</li>
</ul>
<p>Please read <a href="https://github.com/rails/rails/pull/9978">Pull Request #9978</a> for details on the move to encrypted session cookies.</p>
<ul>
<li><p>Rails 4.0 removed the <code>ActionController::Base.asset_path</code> option. Use the assets pipeline feature.</p></li>
<li><p>Rails 4.0 has deprecated <code>ActionController::Base.page_cache_extension</code> option. Use <code>ActionController::Base.default_static_extension</code> instead.</p></li>
<li><p>Rails 4.0 has removed Action and Page caching from Action Pack. You will need to add the <code>actionpack-action_caching</code> gem in order to use <code>caches_action</code> and the <code>actionpack-page_caching</code> to use <code>caches_page</code> in your controllers.</p></li>
<li><p>Rails 4.0 has removed the XML parameters parser. You will need to add the <code>actionpack-xml_parser</code> gem if you require this feature.</p></li>
<li><p>Rails 4.0 changes the default <code>layout</code> lookup set using symbols or procs that return nil. To get the "no layout" behavior, return false instead of nil.</p></li>
<li><p>Rails 4.0 changes the default memcached client from <code>memcache-client</code> to <code>dalli</code>. To upgrade, simply add <code>gem 'dalli'</code> to your <code>Gemfile</code>.</p></li>
<li><p>Rails 4.0 deprecates the <code>dom_id</code> and <code>dom_class</code> methods in controllers (they are fine in views). You will need to include the <code>ActionView::RecordIdentifier</code> module in controllers requiring this feature.</p></li>
<li><p>Rails 4.0 deprecates the <code>:confirm</code> option for the <code>link_to</code> helper. You should
instead rely on a data attribute (e.g. <code>data: { confirm: 'Are you sure?' }</code>).
This deprecation also concerns the helpers based on this one (such as <code>link_to_if</code>
or <code>link_to_unless</code>).</p></li>
<li><p>Rails 4.0 changed how <code>assert_generates</code>, <code>assert_recognizes</code>, and <code>assert_routing</code> work. Now all these assertions raise <code>Assertion</code> instead of <code>ActionController::RoutingError</code>.</p></li>
<li><p>Rails 4.0 raises an <code>ArgumentError</code> if clashing named routes are defined. This can be triggered by explicitly defined named routes or by the <code>resources</code> method. Here are two examples that clash with routes named <code>example_path</code>:</p></li>
</ul>
<div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
  get 'one' =&gt; 'test#example', as: :example
  get 'two' =&gt; 'test#example', as: :example

</pre>
</div>
<div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
  resources :examples
  get 'clashing/:id' =&gt; 'test#example', as: :example

</pre>
</div>
<p>In the first case, you can simply avoid using the same name for multiple
routes. In the second, you can use the <code>only</code> or <code>except</code> options provided by
the <code>resources</code> method to restrict the routes created as detailed in the
<a href="routing.html#restricting-the-routes-created">Routing Guide</a>.</p>
<ul>
<li>Rails 4.0 also changed the way unicode character routes are drawn. Now you can draw unicode character routes directly. If you already draw such routes, you must change them, for example:</li>
</ul>
<div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
get Rack::Utils.escape('こんにちは'), controller: 'welcome', action: 'index'

</pre>
</div>
<p>becomes</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
get 'こんにちは', controller: 'welcome', action: 'index'

</pre>
</div>

<ul>
<li>Rails 4.0 requires that routes using <code>match</code> must specify the request method. For example:</li>
</ul>
<div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
  # Rails 3.x
  match '/' =&gt; 'root#index'

  # becomes
  match '/' =&gt; 'root#index', via: :get

  # or
  get '/' =&gt; 'root#index'

</pre>
</div>

<ul>
<li>Rails 4.0 has removed <code>ActionDispatch::BestStandardsSupport</code> middleware, <code>&lt;!DOCTYPE html&gt;</code> already triggers standards mode per <a href="https://msdn.microsoft.com/en-us/library/jj676915(v=vs.85).aspx">https://msdn.microsoft.com/en-us/library/jj676915(v=vs.85).aspx</a> and ChromeFrame header has been moved to <code>config.action_dispatch.default_headers</code>.</li>
</ul>
<p>Remember you must also remove any references to the middleware from your application code, for example:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# Raise exception
config.middleware.insert_before(Rack::Lock, ActionDispatch::BestStandardsSupport)

</pre>
</div>
<p>Also check your environment settings for <code>config.action_dispatch.best_standards_support</code> and remove it if present.</p>
<ul>
<li>Rails 4.0 allows configuration of HTTP headers by setting <code>config.action_dispatch.default_headers</code>. The defaults are as follows:</li>
</ul>
<div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
  config.action_dispatch.default_headers = {
    'X-Frame-Options' =&gt; 'SAMEORIGIN',
    'X-XSS-Protection' =&gt; '1; mode=block'
  }

</pre>
</div>
<p>Please note that if your application is dependent on loading certain pages in a <code>&lt;frame&gt;</code> or <code>&lt;iframe&gt;</code>, then you may need to explicitly set <code>X-Frame-Options</code> to <code>ALLOW-FROM ...</code> or <code>ALLOWALL</code>.</p>
<ul>
<li><p>In Rails 4.0, precompiling assets no longer automatically copies non-JS/CSS assets from <code>vendor/assets</code> and <code>lib/assets</code>. Rails application and engine developers should put these assets in <code>app/assets</code> or configure <code>config.assets.precompile</code>.</p></li>
<li><p>In Rails 4.0, <code>ActionController::UnknownFormat</code> is raised when the action doesn't handle the request format. By default, the exception is handled by responding with 406 Not Acceptable, but you can override that now. In Rails 3, 406 Not Acceptable was always returned. No overrides.</p></li>
<li><p>In Rails 4.0, a generic <code>ActionDispatch::ParamsParser::ParseError</code> exception is raised when <code>ParamsParser</code> fails to parse request params. You will want to rescue this exception instead of the low-level <code>MultiJson::DecodeError</code>, for example.</p></li>
<li><p>In Rails 4.0, <code>SCRIPT_NAME</code> is properly nested when engines are mounted on an app that's served from a URL prefix. You no longer have to set <code>default_url_options[:script_name]</code> to work around overwritten URL prefixes.</p></li>
<li><p>Rails 4.0 deprecated <code>ActionController::Integration</code> in favor of <code>ActionDispatch::Integration</code>.</p></li>
<li><p>Rails 4.0 deprecated <code>ActionController::IntegrationTest</code> in favor of <code>ActionDispatch::IntegrationTest</code>.</p></li>
<li><p>Rails 4.0 deprecated <code>ActionController::PerformanceTest</code> in favor of <code>ActionDispatch::PerformanceTest</code>.</p></li>
<li><p>Rails 4.0 deprecated <code>ActionController::AbstractRequest</code> in favor of <code>ActionDispatch::Request</code>.</p></li>
<li><p>Rails 4.0 deprecated <code>ActionController::Request</code> in favor of <code>ActionDispatch::Request</code>.</p></li>
<li><p>Rails 4.0 deprecated <code>ActionController::AbstractResponse</code> in favor of <code>ActionDispatch::Response</code>.</p></li>
<li><p>Rails 4.0 deprecated <code>ActionController::Response</code> in favor of <code>ActionDispatch::Response</code>.</p></li>
<li><p>Rails 4.0 deprecated <code>ActionController::Routing</code> in favor of <code>ActionDispatch::Routing</code>.</p></li>
</ul>
<h4 id="active-support"><a class="anchorlink" href="#active-support">8.8 Active Support</a></h4><p>Rails 4.0 removes the <code>j</code> alias for <code>ERB::Util#json_escape</code> since <code>j</code> is already used for <code>ActionView::Helpers::JavaScriptHelper#escape_javascript</code>.</p><h5 id="cache"><a class="anchorlink" href="#cache">8.8.1 Cache</a></h5><p>The caching method changed between Rails 3.x and 4.0. You should <a href="https://guides.rubyonrails.org/caching_with_rails.html#activesupport-cache-store">change the cache namespace</a> and roll out with a cold cache.</p><h4 id="helpers-loading-order"><a class="anchorlink" href="#helpers-loading-order">8.9 Helpers Loading Order</a></h4><p>The order in which helpers from more than one directory are loaded has changed in Rails 4.0. Previously, they were gathered and then sorted alphabetically. After upgrading to Rails 4.0, helpers will preserve the order of loaded directories and will be sorted alphabetically only within each directory. Unless you explicitly use the <code>helpers_path</code> parameter, this change will only impact the way of loading helpers from engines. If you rely on the ordering, you should check if correct methods are available after upgrade. If you would like to change the order in which engines are loaded, you can use <code>config.railties_order=</code> method.</p><h4 id="active-record-observer-and-action-controller-sweeper"><a class="anchorlink" href="#active-record-observer-and-action-controller-sweeper">8.10 Active Record Observer and Action Controller Sweeper</a></h4><p><code>ActiveRecord::Observer</code> and <code>ActionController::Caching::Sweeper</code> have been extracted to the <code>rails-observers</code> gem. You will need to add the <code>rails-observers</code> gem if you require these features.</p><h4 id="sprockets-rails"><a class="anchorlink" href="#sprockets-rails">8.11 sprockets-rails</a></h4>
<ul>
<li>
<code>assets:precompile:primary</code> and <code>assets:precompile:all</code> have been removed. Use <code>assets:precompile</code> instead.</li>
<li>The <code>config.assets.compress</code> option should be changed to <code>config.assets.js_compressor</code> like so for instance:</li>
</ul>
<div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
config.assets.js_compressor = :uglifier

</pre>
</div>
<h4 id="sass-rails"><a class="anchorlink" href="#sass-rails">8.12 sass-rails</a></h4>
<ul>
<li>
<code>asset-url</code> with two arguments is deprecated. For example: <code>asset-url("rails.png", image)</code> becomes <code>asset-url("rails.png")</code>.</li>
</ul>
<h3 id="upgrading-from-rails-3-1-to-rails-3-2"><a class="anchorlink" href="#upgrading-from-rails-3-1-to-rails-3-2">9 Upgrading from Rails 3.1 to Rails 3.2</a></h3><p>If your application is currently on any version of Rails older than 3.1.x, you
should upgrade to Rails 3.1 before attempting an update to Rails 3.2.</p><p>The following changes are meant for upgrading your application to the latest
3.2.x version of Rails.</p><h4 id="upgrading-from-rails-3-1-to-rails-3-2-gemfile"><a class="anchorlink" href="#upgrading-from-rails-3-1-to-rails-3-2-gemfile">9.1 Gemfile</a></h4><p>Make the following changes to your <code>Gemfile</code>.</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
gem 'rails', '3.2.21'

group :assets do
  gem 'sass-rails',   '~&gt; 3.2.6'
  gem 'coffee-rails', '~&gt; 3.2.2'
  gem 'uglifier',     '&gt;= 1.0.3'
end

</pre>
</div>
<h4 id="upgrading-from-rails-3-1-to-rails-3-2-config-environments-development-rb"><a class="anchorlink" href="#upgrading-from-rails-3-1-to-rails-3-2-config-environments-development-rb">9.2 config/environments/development.rb</a></h4><p>There are a couple of new configuration settings that you should add to your development environment:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# Raise exception on mass assignment protection for Active Record models
config.active_record.mass_assignment_sanitizer = :strict

# Log the query plan for queries taking more than this (works
# with SQLite, MySQL, and PostgreSQL)
config.active_record.auto_explain_threshold_in_seconds = 0.5

</pre>
</div>
<h4 id="upgrading-from-rails-3-1-to-rails-3-2-config-environments-test-rb"><a class="anchorlink" href="#upgrading-from-rails-3-1-to-rails-3-2-config-environments-test-rb">9.3 config/environments/test.rb</a></h4><p>The <code>mass_assignment_sanitizer</code> configuration setting should also be added to <code>config/environments/test.rb</code>:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# Raise exception on mass assignment protection for Active Record models
config.active_record.mass_assignment_sanitizer = :strict

</pre>
</div>
<h4 id="upgrading-from-rails-3-1-to-rails-3-2-vendor-plugins"><a class="anchorlink" href="#upgrading-from-rails-3-1-to-rails-3-2-vendor-plugins">9.4 vendor/plugins</a></h4><p>Rails 3.2 deprecates <code>vendor/plugins</code> and Rails 4.0 will remove them completely. While it's not strictly necessary as part of a Rails 3.2 upgrade, you can start replacing any plugins by extracting them to gems and adding them to your <code>Gemfile</code>. If you choose not to make them gems, you can move them into, say, <code>lib/my_plugin/*</code> and add an appropriate initializer in <code>config/initializers/my_plugin.rb</code>.</p><h4 id="upgrading-from-rails-3-1-to-rails-3-2-active-record"><a class="anchorlink" href="#upgrading-from-rails-3-1-to-rails-3-2-active-record">9.5 Active Record</a></h4><p>Option <code>:dependent =&gt; :restrict</code> has been removed from <code>belongs_to</code>. If you want to prevent deleting the object if there are any associated objects, you can set <code>:dependent =&gt; :destroy</code> and return <code>false</code> after checking for existence of association from any of the associated object's destroy callbacks.</p><h3 id="upgrading-from-rails-3-0-to-rails-3-1"><a class="anchorlink" href="#upgrading-from-rails-3-0-to-rails-3-1">10 Upgrading from Rails 3.0 to Rails 3.1</a></h3><p>If your application is currently on any version of Rails older than 3.0.x, you should upgrade to Rails 3.0 before attempting an update to Rails 3.1.</p><p>The following changes are meant for upgrading your application to Rails 3.1.12, the last 3.1.x version of Rails.</p><h4 id="gemfile"><a class="anchorlink" href="#gemfile">10.1 Gemfile</a></h4><p>Make the following changes to your <code>Gemfile</code>.</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
gem 'rails', '3.1.12'
gem 'mysql2'

# Needed for the new asset pipeline
group :assets do
  gem 'sass-rails',   '~&gt; 3.1.7'
  gem 'coffee-rails', '~&gt; 3.1.1'
  gem 'uglifier',     '&gt;= 1.0.3'
end

# jQuery is the default JavaScript library in Rails 3.1
gem 'jquery-rails'

</pre>
</div>
<h4 id="config-application-rb"><a class="anchorlink" href="#config-application-rb">10.2 config/application.rb</a></h4><p>The asset pipeline requires the following additions:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
config.assets.enabled = true
config.assets.version = '1.0'

</pre>
</div>
<p>If your application is using an "/assets" route for a resource you may want change the prefix used for assets to avoid conflicts:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# Defaults to '/assets'
config.assets.prefix = '/asset-files'

</pre>
</div>
<h4 id="upgrading-from-rails-3-0-to-rails-3-1-config-environments-development-rb"><a class="anchorlink" href="#upgrading-from-rails-3-0-to-rails-3-1-config-environments-development-rb">10.3 config/environments/development.rb</a></h4><p>Remove the RJS setting <code>config.action_view.debug_rjs = true</code>.</p><p>Add these settings if you enable the asset pipeline:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# Do not compress assets
config.assets.compress = false

# Expands the lines which load the assets
config.assets.debug = true

</pre>
</div>
<h4 id="config-environments-production-rb"><a class="anchorlink" href="#config-environments-production-rb">10.4 config/environments/production.rb</a></h4><p>Again, most of the changes below are for the asset pipeline. You can read more about these in the <a href="asset_pipeline.html">Asset Pipeline</a> guide.</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# Compress JavaScripts and CSS
config.assets.compress = true

# Don't fallback to assets pipeline if a precompiled asset is missed
config.assets.compile = false

# Generate digests for assets URLs
config.assets.digest = true

# Defaults to Rails.root.join("public/assets")
# config.assets.manifest = YOUR_PATH

# Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
# config.assets.precompile += %w( admin.js admin.css )

# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# config.force_ssl = true

</pre>
</div>
<h4 id="upgrading-from-rails-3-0-to-rails-3-1-config-environments-test-rb"><a class="anchorlink" href="#upgrading-from-rails-3-0-to-rails-3-1-config-environments-test-rb">10.5 config/environments/test.rb</a></h4><p>You can help test performance with these additions to your test environment:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# Configure static asset server for tests with Cache-Control for performance
config.public_file_server.enabled = true
config.public_file_server.headers = {
  'Cache-Control' =&gt; 'public, max-age=3600'
}

</pre>
</div>
<h4 id="config-initializers-wrap-parameters-rb"><a class="anchorlink" href="#config-initializers-wrap-parameters-rb">10.6 config/initializers/wrap_parameters.rb</a></h4><p>Add this file with the following contents, if you wish to wrap parameters into a nested hash. This is on by default in new applications.</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# Be sure to restart your server when you modify this file.
# This file contains settings for ActionController::ParamsWrapper which
# is enabled by default.

# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
ActiveSupport.on_load(:action_controller) do
  wrap_parameters format: [:json]
end

# Disable root element in JSON by default.
ActiveSupport.on_load(:active_record) do
  self.include_root_in_json = false
end

</pre>
</div>
<h4 id="config-initializers-session-store-rb"><a class="anchorlink" href="#config-initializers-session-store-rb">10.7 config/initializers/session_store.rb</a></h4><p>You need to change your session key to something new, or remove all sessions:</p><div class="code_container">
<pre class="brush: ruby; gutter: false; toolbar: false">
# in config/initializers/session_store.rb
AppName::Application.config.session_store :cookie_store, key: 'SOMETHINGNEW'

</pre>
</div>
<p>or</p><div class="code_container">
<pre class="brush: plain; gutter: false; toolbar: false">
$ bin/rake db:sessions:clear

</pre>
</div>
<h4 id="remove-cache-and-concat-options-in-asset-helpers-references-in-views"><a class="anchorlink" href="#remove-cache-and-concat-options-in-asset-helpers-references-in-views">10.8 Remove :cache and :concat options in asset helpers references in views</a></h4>
<ul>
<li>With the Asset Pipeline the :cache and :concat options aren't used anymore, delete these options from your views.</li>
</ul>


        <h3>Feedback</h3>
        <p>
          You're encouraged to help improve the quality of this guide.
        </p>
        <p>
          Please contribute if you see any typos or factual errors.
          To get started, you can read our <a href="https://edgeguides.rubyonrails.org/contributing_to_ruby_on_rails.html#contributing-to-the-rails-documentation">documentation contributions</a> section.
        </p>
        <p>
          You may also find incomplete content or stuff that is not up to date.
          Please do add any missing documentation for master. Make sure to check
          <a href="https://edgeguides.rubyonrails.org">Edge Guides</a> first to verify
          if the issues are already fixed or not on the master branch.
          Check the <a href="ruby_on_rails_guides_guidelines.html">Ruby on Rails Guides Guidelines</a>
          for style and conventions.
        </p>
        <p>
          If for whatever reason you spot something to fix but cannot patch it yourself, please
          <a href="https://github.com/rails/rails/issues">open an issue</a>.
        </p>
        <p>And last but not least, any kind of discussion regarding Ruby on Rails
          documentation is very welcome on the <a href="https://groups.google.com/forum/#!forum/rubyonrails-docs">rubyonrails-docs mailing list</a>.
        </p>
      </div>
    </div>
  </div>

  <hr class="hide" />
  <div id="footer">
    <div class="wrapper">
      <p>This work is licensed under a <a href="https://creativecommons.org/licenses/by-sa/4.0/">Creative Commons Attribution-ShareAlike 4.0 International</a> License</p>
<p>"Rails", "Ruby on Rails", and the Rails logo are trademarks of David Heinemeier Hansson. All rights reserved.</p>

    </div>
  </div>
</body>
</html>