Planet Ruby News

Updated Saturday, 21 April 2018 07:30
{}
Phusion News ( Feed )
Friday, 20 April 2018
Next-level customer interaction in just 6 steps
At Phusion we care deeply about providing the best possible sales and support experience to our users. We decided to share our onboarding guide for customer success managers.
Next-level customer interaction in just 6 steps

At Phusion we care deeply about customer success and invest time and tools (more on that in a next post) to provide our users with the best possible sales and support experience. The following is a “best practices” guide we use when onboarding new team members, originally written by Tara Lingard (edits by Phusion).

Mirroring Technique

The mirroring technique is used to make you more relatable in communication where the receiver won’t be able to hear the inflection in your voice, or see your body language. Over the phone (and in person) you can mirror things like tone and speed of speech. Over email you can mirror things like language, level of formality and commonly used phrases.

To master the mirroring technique you have to pay close attention to not only what the other person is saying, but how they are saying it. Keep these things in mind:

  • Language: what terms does the customer use to refer to the product, their subscription, their problem or other things.
  • Level of formality: is the customer writing extremely formally, do they use emoji, are they speaking very shortly, do they seems very grateful, are they annoyed?
  • Commonly used phrases: how do they greet you, how to they sign-off on their emails, do they always start with “how are you?”.

Customer email example 1

Please cancel.

It would be better to reply with something shorter and more formal, just stating the facts:

Hi Customer,

Thanks for contacting us, I have set your subscription to cancel.

Please let me know if there is anything else I can do for you.

Regards,

Customer email example 2

Hi person,

I am wondering if you can help me out, Our Company was acquired and we’ve moved offices, is it possible to change the address that appears on the invoice before we are billed again to (address info)? Thanks!! Have a great week :)

Your reply could be more fun here. This person is polite and informal so we can do the same:

Hi Customer,

We’re happy to hear from you! I’ve updated the address to the new one in (city name) and that will appear on all invoices in the future. Can you let me know if I should also update the company name, phone number, names of contacts or email address on your account?

Thanks Customer! Have a great week too!

(You can also add something like “hope the weather in New City is better than in Amsterdam!” too if you’re feeling fun - of course the “New City” has to be a place that is actually warm/nice).

Cheers,

Personal touch

Adding a personal touch to email, phone or in person communication is a great way to build rapport with a customer. Think of this like going to a restaurant and having the staff remember you from last time – it feels good to have a personal connection to the people you are doing business with.

If you’ve had multiple phone calls with the same customer:
“Shall I call you at the usual time: Wednesday (21) around 2PM?”

If you worked to convert a customer and they are contacting us to renewal/upgrade:
“I hope everything is going great with Company Name”
or: “I hope everything in City Name is nice”

Other soundbites adding that personal touch:

  • Great hearing from you again!
  • Enjoy the holidays!*
  • Have a nice long weekend.

* Be wary of referencing religious holidays as you might alienate or offend people.

Keep it simple

There is a lot of evidence to show that most systems work best if they are kept simple, rather than being complicated. In keeping communications simple we’re ensuring that the recipient (customer) understands the message. If the customer is unsure of the message then communication was unsuccessful.

Keeping communication simple requires a lot of empathy; to successfully deliver the intended message you need to be able to put yourself in the shoes of the recipient (customer) and read what you’ve written from their perspective. When reviewing an email draft ask yourself: does this make sense for a customer? And: is all this information really relevant to the customer?

Two things to keep in mind:

  • The customer doesn't have all the knowledge we do, they might not understand something that we think is described very simply.
  • We use different details to describe a situation internally than we should externally.

Always answer questions

This is a pretty simple one, but is sometimes forgotten. We need to always answer the customers direct questions. This should be done with the other points in this guide in mind (keep answers simple, be empathetic, mirror your answer to the customers question).

An example of this, the customer might say:

I don’t know where to see my account information. I want to sign up with two more servers, where can I do that. How to I change my email and name? What if I want to get help with something?

Now, let’s go over this email. The customer is obviously quite confused, they’re speaking pretty informally, they want to do an update, they want to keep their account info up to date, and it looks like they’re asking about how they get support (since they’re already emailing customer support I would guess they’re wondering about getting technical support).

First thing we should do is check their account: Are they an active customer, are they up for renewal anytime soon, have they contacted us before, is this person the person on the account?

That is a lot to keep in mind just for one email, but these are the things that take email communications to the next level. Your reply might look something like this:

Hi Customer,

I’m happy to help you out with these questions.

You can find all your account information (contact information and subscription information) in the customer area under the top tab called “My Account”. You can also add more servers to your account in the customer area through the “My subscriptions & billing” tab. Lastly, if you need technical help please refer to this page, and for any other issues or questions please contact me!

Thanks for getting in touch, have a great week.

What did we do in this email?
Mirroring: we referred to upgrading their usage as “add more servers” like they did, and referred to support as “help” like they did.

Personal touch: Instead of saying a generic “thanks for contacting us” greeting we said “I’m happy to help with these questions” which is a lot more personal, and instead of saying “for customer support/administration support you can email customersuccess@company.com” we said “for any other issues or questions please contact me!”.

Keep it simple: Instead of addressing their questions 1-by-1 in order they asked, we grouped the answers in a way that would be very simple for them to understand and provided links to make it even easier.

Double check & collaborate

Be sure to double check every email you write to look for any errors or opportunities to improve the email. Small errors can be easy to skip over, so have someone else review your emails from time to time as well. Everyone on the sales & CSM team should be reading each others’ tickets when they can, to try to spot places for improvement, errors, common issues with customers and to give positive feedback.

CTA - Call to Action

CTA’s are used in a lot of places, a good example of this is in marketing emails: if we send out a mass email for a new product that email is not just going to describe the new product - it’s going to end with a good CTA like “sign up for the new product now” or “get a quote for adding this to your team” or “start a free trial today”.

Here are a few examples of CTA we’ve used when communicating with our customers:

  • Please let me know if you have any questions about the attached price estimation.
  • Please inform me when you’ve reviewed the quote and we can move forward with payment.
  • Can you provide me with a breakdown of your situation?

The purpose of the CTA is in the name: we want action so we ask the customer for action. Another reason to do this is to reiterate a point simply or again at the end of the email (particuarily if it’s a long email) so the recipient knows what it is we need from them.

On that note: we’re looking for a Customer Success Manager to join our team. Make sure to check out our careers page!

{}
Phusion News ( Feed )
Thursday, 19 April 2018
Hiring: Customer Success Manager
Phusion B.V. is hiring a Customer Success Manager to create and maintain friendly relationships with all of their customers around the globe.
Hiring: Customer Success Manager

Phusion was founded with the belief that server maintenance shouldn’t be difficult. Over half a million websites worldwide use Passenger to improve web app performance, boost productivity, and maximize security.

We are looking for a quick-thinking and self-organized person to fill the role of Customer Success Manager.

What will you do?

As a Customer Success Manager you will essentially become the voice on behalf of Phusion, focused on creating and maintaining friendly relationships with all of our customers around the globe!

Your main tasks are:

  • Respond to customer’s account questions within the agreed timeframe,
    either by phone, email, or a support ticketing system.
  • Maintain and update accurate account information,
    on a regular basis within the assigned customer database (account management).
  • Renew, retain & upgrade accounts
    ... as well as up-sell, all assigned accounts with favourable terms and conditions.
  • Drive customer references, testimonials and case studies
    Create and execute survey strategies, compile responses, analyze the results and draw conclusions to be presented to the team.
  • Document and implement procedures
    Manage newly added customer success tasks.
  • Identify common customer challenges
    Proactively suggest better solutions.
  • Relay / escalate problems to engineering and DevRel
    Keeping customers happy is a joint effort.
  • Execute and maintain customer programs
    Client Referral & Affiliate programs (inbound sales).

Who are we looking for?

The ideal candidate:

  • Holds a Bachelor’s degree or equivalent experience
  • Has at least 3 years working experience,
    providing customer support or equivalent history of increasing general customer satisfaction.
  • Has excellent written and verbal business communication skills,
    English native, or near-native, proficiency is a must.
  • Thrives in a multitasking environment,
    able to adjust priorities on-the-fly.
  • Demonstrates ability to communicate credibly and effectively with customers,
    of all levels within an organization, including the executive and C-level.
  • Has affinity with IT,
    able to assign customers technical questions, and respond to frequently asked questions.
  • Has keen eye for detail,
    attention for the little things is what seperates a good Customer Succes Manager from a great one.
  • Lives within a reasonable distance to our office in Amsterdam.
    Remote is an option when you can demonstrate you can handle the challenges that come with remote work.

The following aspects are highly appreciated:

  • Familiarity with selling software products
    (bonus points: server tools).
  • Work experience within the SaaS industry
  • Work experience with enterprise sales & support
  • Willingness to work on a flexible schedule
    (most of our clients are based in the United States).

What does Phusion have to offer you?

  • Lunch, drinks and snacks when you’re in the office,
  • Flexible work hours and locations,
  • Travel allowance for day-to-day and conference travel,
  • Some of the best hardware to allow you to perform your tasks efficiently,
  • Relaxed and fun company culture - karaoke and games included.

See our Careers Page for the full breakdown or swing by the office to see what we’re really like.

Hiring: Customer Success Manager

"I am part of a remarkable company, facing interesting challenges on a global market, with a lot of room to take responsibility and further develop my skills."

Daniel KnoppelPassenger Lead
Hiring: Customer Success Manager

"I have the opportunity to work with smart, fun, young people from different parts of the world. Everyone who works here has the responsibility of making Phusion great! I am very proud of being a Phusioneer."

Katya van Rijn-PortilloOffice Manager

Sound like you?

Are you an experienced customer-facing candidate who is also extremely self-motivated, fun to work with, and generally just a pretty awesome individual? WE WANT YOU! Please send your resume along with a cover letter to jobs@phusion.nl and we will get back to you shortly. Talk soon! :)

Who’s responsible for the software we build?
Turns out running a company isn't just about money, fame or even cool products and happy customers. We have a social responsibility towards our employees and society at large.
Who’s responsible for the software we build?

On Tuesday April 17 I got to speak at the Amsterdam.rb Amsterdam Ruby User Group, hosted by the friendly folks at Salonized. In the midst of Phusion reviewing their company mission statement* and the GDPR deadline in sight I decided to discuss a topic that hits close to home on both aspects. Who is responsible for morality in the stuff we build?

Who is responsible for the software we build? from Phusion B.V. on Vimeo.

The timing of the talk couldn’t have been better, after DHH’s (creator of Ruby on Rails, Founder & CTO at Basecamp) keynote earlier that day, at RailsConf 2018 in Pittsburgh.

"Software has never harmed more people. It has also never helped more people. The two aren't inextricably linked. We have responsibility to make sure that people aren't hurt."

David Heinemeier Hansson — RailsConf 2018

"Software is eating the world, but who is writing that software? You are. You have a moral and ethical responsibility" #railsconf pic.twitter.com/8zR8HdSqOa

— Stella Miranda (@fashionate) April 17, 2018

Cycling from our office to the meetup venue, after watching the Railsconf live stream by confreaks, I felt more and more convinced we (as Phusion and as ‘builders of the web’) have a responsibility to provide a framework for thinking about the ethical implication of our creations.

Many (software) companies start out as a few guys (unfortunately predominantly ‘guys’) wanting to build cool stuff while making good money. Fast forward 10 years and one of those companies - our company, Phusion - has a head count of 10, an office in the center of Amsterdam and customers worldwide. Turns out running a company isn't just about money, fame or even cool products and happy customers. We have a social responsibility towards our employees and society at large.

We've seen companies suffer recently for a lack of that social responsibility (data breaches at Equifax, Facebook, Uber, etc). Public outrage was strong but also burned out quickly as the news cycled. For a while, the same quick fizzle seemed to be happening with the Cambridge Analytica scandal. However, this time was different. Now, in a positive turn, Silicon Valley veterans are openly questioning the things they built and helped build. That's not to say this bubble of interest for ethical software doesn't have an expiration date as well. Even with the #deletefacebook campaign still strong and Mark Zuckerberg failing to answer even the most basic questions from Congress and the Senate, Facebook's stock is on the rise again.

Yet I’m optimistic to where this discussion will lead, after the feedback from the Amsterdam.rb crowd and the thoughtful questions they posed. I’d be happy to hear from you as well, on Twitter.

* If you enjoy reading about company purpose and the search thereafter, consider following my personal blog.

{}
Phusion News ( Feed )
Monday, 16 April 2018
Phusion Passenger migrated servers, here’s why (and how)
Moving the Phusion Passenger website to a dedicated server was part of a bigger effort to better separate out Phusion services, but by no means a walk in the park. Here's what we learned.
Phusion Passenger migrated servers, here’s why (and how)

A month ago one of our servers ran out of disk space during a long weekend - because this kind of stuff never happens during working hours, am I right? We caught the issue pretty late (thank you for your patience!), freed up a ton of disk space and did a hard reset. We immediately decided that, to omit similar issues in the future, we’d need to migrate www.phusionpassenger.com to its own dedicated server.

For all kinds of legacy reasons some of the services we’re using ran on a single server. Moving the Phusion Passenger website to a dedicated server was part of a bigger effort to better separate out these services, making sure we’re less dependant on ‘all other things being normal’.

Last week we completed the migration of www.phusionpassenger.com - or, more precisely: the proxy for enterprise packages, our Docs, the naked domain and staging. Services that remain on the ‘old’ server include our blog and the Heroku Status Service tool.

Writing the Ansible playbook

To automate the provisioning of the server we used Ansible, a Red Hat product. Before using Ansible we used Chef Cookbooks to provision servers. Dissatisfied with Chef Cookbooks we decided to give Ansible a chance. Idempotency was an important argument, and Ansible is agentless, so there’s no need for Chef to be installed on the target machine.

You will only need ssh and Python enabled on the target server. You don’t need to upload cookbooks to the server, you can run a local playbook and that will be the single source of truth.

We requested a letsencrypt certificate on the old server and copied that to the new server. We then updated the renewal config file to reflect the new letsencrypt account id.

To transfer the database, we wrote a small Shell script that creates a dump, scp's it to the new server and imports it there:

#!/usr/bin/env bash

# create dump as the website user
su -c "pg_dump --clean --serializable-deferrable website" website > /home/website/website.psql
# copy dump to new server
scp /home/website/website.psql website@<NEW_SERVER_IP>:/home/website/website.psql
# copy import dump on new server
ssh website@<NEW_SERVER_IP> 'psql website < /home/website/website.psql'
nginx -s reload

We set up a proxy in nginx, redirecting all traffic from the old server to the new server. Right before we forwarded all traffic to the new server, we copied the database from the old server to the new server, to minimize data loss:

listen $OLD_IP:443 ssl http2;
server_name www.phusionpassenger.com;
ssl on;
ssl_certificate www.phusionpassenger.com.crt;
ssl_certificate_key www.phusionpassenger.com.key;
include ssl-defaults.conf;
root /var/www/website/current/public;

location / {
  proxy_set_header Host $host;
  proxy_http_version 1.1;
  proxy_buffering off;
  proxy_pass https://$NEW_IP$request_uri;
  proxy_redirect https://www.phusionpassenger.com/ /;
}

Lessons learned

We did not automate the dns changes as the migration was just a one-time event and automating dns changes would take significantly more time than doing those manually. After the dns was updated we just had to wait for the changes to take effect. Because of the proxy'ing on the old server this part of the migration would be seamless.

The dns for both the naked domain (phusionpassenger.com) and the website domain (www.phusionpassenger.com) were updated to the new ip address. In due time when every client has updated its entries for these domains every request will be directed at the new server.

Issues we ran into include:

  • The SSL_ciphers changed and support for TLS1.0 and TLS1.1 was dropped. Updating the cipherlist fixed it but not before causing issues for at least one enterprise customer.
  • The Apt-repo was inaccessible due to incomplete deployment (more specifically: the packages had been signed again, but the gpg signing key was missing), as reported by a handful of customers.

Next time around we could prevent above issues by installing Passenger from the aptitude repo on the staging server, for all supported Ubuntu versions, and test this against staging (which was already migrated several days before production).

Another lesson learned is that as we don't have (much) data on our customers environments (for very good reasons), we should probably send an email before undergoing something major like a server migration, even if it is likely to have no effect on the customer side.

Next steps

We will transition to a highly available infrastructure with multiple servers. At the time of the migration traffic wasn't high by any means and we weren't expecting the APT repo to become critical part of users' deployment pipelines. We’ve learned that customers use it as critical infrastructure, in part because out deb/rpm packages have become much more popular than we anticipated.

We did not deem phusionpassenger.com uptime mission critical, therefore its maintenance and evolution wasn't prioritized over product development (remember, we are a bootstrapped company and as such resources are tight). We’ve learned it's time to step up our game and make it highly available, as a service to our customers and users. We're doing this iteratively, and this migration is the first step. In the meantime, if this stuff keeps you up at night, you might want to look into setting up a private mirror.

{}
Ruby on Rails News ( Feed )
Sunday, 15 April 2018
Rails 5.2.0, performance optimizations, space-saving compression and more!
And now a Rails 🌩 News Flash 🌩! (Hint: we’ve got some big news this week, if you hadn’t heard). We take you now, live, to our reporter on the scene, Tim, for all the latest and greatest this week.

And now a Rails 🌩 News Flash 🌩! (Hint: we’ve got some big news this week, if you hadn’t heard). We take you now, live, to our reporter on the scene, Tim, for all the latest and greatest this week.

Rails 5.2.0 is out!

5.2.0 is officially among us, a little bit ahead of RailsConf this year. If you can’t wait until then to find out everything that this new release brings, do go read the original blog post that accompanied the release for all the details!

This Week’s Contributors

48 people contributed to Rails in the last two weeks, including an incredible 11 for the first time! A big thank you to all of you!

If you’d like to see yourself on that board, why not check out the list of open issues, or get involved in the core discussion list.

API controlIers now get a set of default headers

Though you may not need all these headers, there are specific instances where you may want them to enhance security, so it makes sense to have this configured on by default.

An optimization for the Query Cache middleware

This nice little optimization eliminated some array allocations, that you may benefit from if you have a large number of connection pools.

Avoid generating full changes hash on every save

By asking the mutation tracker for the list of changed attributes, some work can be skipped when generating the changes hash. This may be most noticeable for serialized attributes, for which calling #original_value can be significantly more expensive.

Fix ActiveSupport::Cache compression

A regression was found whereby compressed items in the cache store were taking up more space than their original, uncompressed versions. That is now fixed thanks to the great detective work shown in this PR!

As always there were many more changes to the Rails codebase than we can cover here. But you can read all about them here! Until next week!

{}
Ruby on Rails News ( Feed )
Monday, 09 April 2018
Rails 5.2.0 FINAL: Active Storage, Redis Cache Store, HTTP/2 Early Hints, CSP, Credentials
Nearly 14 years since the first public version of Rails, it’s our pleasure to release yet another major upgrade to the framework in the form of 5.2.0 final. We’ve been diligently polishing Active Storage and the other big new components for stable release, and it’s great to see so many applications a

Nearly 14 years since the first public version of Rails, it’s our pleasure to release yet another major upgrade to the framework in the form of 5.2.0 final. We’ve been diligently polishing Active Storage and the other big new components for stable release, and it’s great to see so many applications already running the release candidates in production. Basecamp and Shopify have both been running Rails 5.2.0 for quite a while.

This release comes just in time for RailsConf, which features sessions on the new encrypted credentials, a code review of Active Storage, advice on how to upgrade to a new Rails version, and a lot of Webpack talks.

You can read in even more detail about everything that’s new in Rails 5.2 in the newly finished release notes.

Note that rails/master development is now targeting Rails 6.0.

Many thanks to Rails core, Rails contributors, and everyone else who’ve helped with code, documentation, bug reports, and whatever else to get Rails 5.2.0 out the door. It’s amazing to have over 400 code contributors with fingerprints on this release.

Feature highlights

It’s been too hard to deal with file uploads in Rails for too long. Sure, there’s been a lot of fine plugins available, but it was overdue that we incorporated something right into the framework. So now we have!

With the new Active Storage framework in Rails 5.2, we’ve solved for the modern approach of uploading files straight to the cloud. Out of the box, there’s support for Amazon’s S3, Google’s Cloud Storage, and Microsoft Azure Cloud File Storage.

If you’re dealing with images, you can create variants on the fly. If you’re dealing with videos or PDFs, you can create previews on the fly. And regardless of the type, you can analyze uploads for metadata extraction asynchronously.

Active Storage was extracted from Basecamp 3 by George Claghorn and yours truly. So not only is the framework already used in production, it was born from production. There’s that Extraction Design guarantee stamp alright!

Speaking of extractions, Jeremy Daer has untangled the long jungle twine of hacks we were using at Basecamp to employ Redis for general partial, fragment, and other Rails caching jobs. There’s a sparkling new Redis Cache Store that incorporates all those years of veteran hacks into a cohesive unit that anyone can use.

This new Redis Cache Store supports Redis::Distributed, for Memcached-like sharding across Redises. It’s fault tolerant, so will treat failures like misses, rather than kill the request with an exception. It even supports distributed MGETs for that full partial collection caching goodness.

This comes together with a massive leap forward for cache efficiency with key recycling and compression both available by default. For Basecamp, it meant improving the cache lifetime by two orders of magnitude! We went from having caches trashed in as little as a day to having caches last for months. If you’re using partial caching and the nesting doll strategy, your cache lifetime will improve dramatically between these two changes.

We’ve also embraced the cherry of HTTP/2 with early hints through the work of Aaron Patterson and Eileen Uchitelle. This means we can automatically instruct the web server to send required style sheet and JavaScript assets early. Which means faster full page delivery, as who wouldn’t want that?

On the topic of performance, Rails now ships with Bootsnap in the default Gemfile, created by our friends at Shopify. It generally reduces application boot times by over 50%.

Rails has always been in the forefront of making your web applications more secure, leading the way with built-in CSRF and XSS protection and we’ve enhanced that further in Rails 5.2 with the addition of a new DSL that allows you to configure a Content Security Policy for your application. You can configure a global default policy and then override it on a per-resource basis and even use lambdas to inject per-request values into the header such as account subdomains in a multi-tenant application.

But it’s not all just new starry-eyed wonders. In Rails 5.1, we added encrypted secrets. These secrets were like the old secrets but, uhm, more secret, because, you know, ENCRYPTION! Confusing? Yes. Why would you want secrets that weren’t really secret? Well, you don’t.

In Rails 5.2, we’ve rectified the mess by deprecating the two different kinds of secrets and introduced a new shared concept called Credentials. Credentials, like AWS access keys and other forms of logins and passwords, were the dominant use case for secrets, so why not just call a spade a spade. So spade it is!

Credentials are always encrypted. This means they’re safe to check into revision control, as long as you keep the key out of it. That means atomic deploys, no need to mess with a flurry of environment variables, and other benefits of having all credentials that the app needs in one place, safe and secure.

In addition, we’ve opened up the API underlying Credentials, so you can easily deal with other encrypted configurations, keys, and files.

Since Rails 5.1, we’ve also made great strides with Webpacker. So Rails 5.2 is meant to pair beautifully with the new Webpacker 3.0 release. Rails has fully embraced modern JavaScript with a pre-configured build pipeline run by Webpack. We keep strengthening that relationship.

March 2018 RubyGems Updates

Welcome to the RubyGems monthly update! As part of our efforts at Ruby Together, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in March.

RubyGems.org News

This month, RubyGems.org saw ongoing syst

Welcome to the RubyGems monthly update! As part of our efforts at Ruby Together, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in March.

RubyGems.org News

This month, RubyGems.org saw ongoing system updates, security patches, and general maintenance. Thank you @dwradcliffe for all your hard work!

RubyGems News

RubyGems saw another 25 pull requests merged in March. We started implementing the plan for RubyGems 3, improved a common and annoying warning, and fixed many, many bugs.

In March, RubyGems gained 73 new commits, contributed by 8 authors. There were 860 additions and 1,092 deletions across 66 files.

Learn more about contributing to RubyGems by visiting the RubyGems Contributing Guide. We welcome all kinds of contributions, including bug fixes, feature implementation, writing and/or updating documentation, and bug triage.

{}
Bundler News ( Feed )
Friday, 09 March 2018
February 2018 Bundler Update

Welcome to the Bundler monthly update!

Bundler saw some fixes in February thanks to contributors @nholden, @voxik, @cpgo, @deivid-rodriguez, and @alyssais. Fixes this month included a fix for certain instances of the “perhaps the lockfile is corrupted?” error, as well as clear enforcement

Welcome to the Bundler monthly update!

Bundler saw some fixes in February thanks to contributors @nholden, @voxik, @cpgo, @deivid-rodriguez, and @alyssais. Fixes this month included a fix for certain instances of the “perhaps the lockfile is corrupted?” error, as well as clear enforcement steps for the code of conduct. We also received an awesome proposal to give the add command superpowers, and add a remove command.

This month, Bundler gained 23 new commits, contributed by 8 authors. There were 291 additions and 59 deletions across 50 files.

Interested in contributing to Bundler? We always welcome contributions in the forms of triaging bugs, adding new features, writing docs, and engaging with the wider community. Visit the Bundler Contributor Guidelines on GitHub to get started.

Bundler 1.15: Bundle Oh So Fast
What’s new in Bundler 1.15?

Hot on the heels of the many small fixes in Bundler 1.14, we’re pushing out 1.15. The list of changes is much shorter, but we think you’re going to love it all the same, since this time around we’ve focused on making Bundler a whole heck of a lot faster.

Speed

What’s new in Bundler 1.15?

Hot on the heels of the many small fixes in Bundler 1.14, we’re pushing out 1.15. The list of changes is much shorter, but we think you’re going to love it all the same, since this time around we’ve focused on making Bundler a whole heck of a lot faster.

Speed

Due to Julian Nadeau’s prompting, we’ve made loading up Bundler fast. Up to a half a second faster than before, on every bundle exec, require "bundler/setup", Bundler.setup, and Bundler.require. This is going to save developers a lot of time, given how often we tend to run things!

The mere act of initializing a Gemfile has been sped up by turning array lookups into hash table accesses, making expensive comparisons lazy, and generally avoiding object allocation.

We also now only validate git gems when they are first downloaded & installed, meaning projects with many git gems won’t be validating each and every one of them over and over again.

Finally, we’ve managed to avoid evaluating the full .gemspec of all the gems that are being loaded when running on RubyGems 2.5 and above. Taking advantage of a feature called stub specifications, Bundler is able to grab all of the information it needs from the first two lines of a serialized gemspec file, without evaluating the rest. This represents a massive time savings for very large Gemfiles.

New Commands

We’ve added 4 new commands that have been on our wish list for a long time.

bundle info

This command prints out basic information about the given gem, and is intended to replace bundle show once Bundler 2 rolls around.

bundle issue

Have you ever been frustrated by a Bundler issue that wasn’t a crash? Have you found it difficult to figure out what information to put in a new GitHub issue? Well, no more! bundle issue will gather all of the information present in the error template, on demand.

bundle add

Bundler has long included the bundle inject command, which has been a source of some confusion. inject has always been intended to serve as plumbing for other tooling, doing a whole bunch of verification along with adding a new gem line to the Gemfile. Due to popular demand, we’ve extracted that latter part out into the bundle add command, making it easier than ever to automate adding dependencies to your Gemfile.

bundle pristine

Have you ever accidentally edited an installed gem’s files and wished you had a way to undo that? Mirroring the gem pristine command, Bundler now supports bundle pristine, restoring all of the gems in your Gemfile to pristine condition.

More Man Pages

Documentation improvements are amongst my favorite contributions, and Liz Abinate came through big for us this release. We now have man pages for every single Bundler command. This means that bundler.io will also have documentation for all of the Bundler commands. We hope to do a better job of keeping our documentation up-to-date in the future, and this release is a great starting point for that effort.

Various improvements

In addition to those larger additions, we made some smaller tweaks with the aim of smoothing and improving the overall experience of using Bundler:

  • bundle update will now print gems whose versions are regressing in yellow.
  • bundle inject has gained --source and --group options.
  • bundle config has a --parseable option, suitable for use in scripts.
  • Resolver version conflicts will only list relevant dependencies.
  • When installing a gem fails, Bundler will print out the reason why that gem was being installed in the first place.
  • Bundler will let you know when a new version of itself is available. How meta.
  • bundle update works a lot better now when only unlocking a single gem.

We also fixed over 20 separate bugs, and you can read about every single one of them in the Bundler 1.15 changelog.

How To Upgrade

Run gem install bundler to upgrade to the newest version of Bundler.

Monthly update for December and yearly update for 2017

Welcome to the Bundler monthly (and yearly) update! We’ve been writing monthly updates about Bundler for several years as part of the Ruby Together monthly updates, and finally realized that we should be posting those monthly updates here, as well. Here’s to many more monthly updates to come!

Welcome to the Bundler monthly (and yearly) update! We’ve been writing monthly updates about Bundler for several years as part of the Ruby Together monthly updates, and finally realized that we should be posting those monthly updates here, as well. Here’s to many more monthly updates to come!

As you may have noticed, Bundler didn’t end up shipping with Ruby 2.5. The Ruby language core team has yet to announce why they decided to remove Bundler a few hours before Ruby 2.5 was released on Christmas Day. Hopefully, we’ll find out the story there soon.

In the meantime, Bundler 1.16.1 has been released, with fixes or workarounds for all known issues. If you were waiting to upgrade to version 1.16, give it a try now! If you’re still seeing issues on version 1.16.1, please let us know! We care a lot about fixing bugs and maintaining backwards compatibility, but we need to hear from users in order to know when bugs have crept in. <3

In December, Bundler gained 59 new commits, contributed by 8 authors. There were 419 additions and 301 deletions across 36 files.

In 2017, Bundler gained two new maintainers, Colby Swandale and hsbt. We shipped 21 releases total, which included 3 feature releases. Those releases included 1,392 commits, by 31 authors, with 21,892 additions and 5,860 deletions across 1,140 changed files.

Thanks especially to Bundler’s new contributors in 2017: Abu Nashir, Adam Wanninger, Adrian Gomez, Alessandro Dal Grande, Alex Taylor, Artyom Khramov, Ashish Sehra, Atsushi Yamamoto, Brian Christian, Daniel P. Clark, Daniel Ritz, Daniel Trierweiler, David Radcliffe, Dennis Suratna, Elia Schito, emsk, Eric Boehs, Erik Johnson, fotanus, Frederico, Frederico Bittencourt, Glenn Espinosa, Greg Werbin, Grey Baker, HippoDippo, Igor Bozato, Ivan Kuchin, Jack LaBarba, Jan Krutisch, Jared Kauppila, Jonathan Pike, Juan Barreneche, Julian Nadeau, Justin Myers, Kaycee, Keiji Yoshimi, Kerri Miller, leslie.wen, Mal Graty, Michael Deering, Michael Pitman, mpd, Noah Kantrowitz, Nobuyoshi Nakada, okkez, Olle Jonsson, Patricia Arbona, Paul Nikitochkin, Piotr Kuczynski, robcole, Robert Soly, Sebastian Nowak, Shayon Mukherjee, Stefan Sedich, Stephanie Morillo, Tejas Bubane, Tristan Hill, Urabe, Shyouhei, Wade Tandy, Will Jordan, and Zach Ahn.

Until next month,
André and the Bundler team

Making gem development a little better

You may have experienced this before: you’re excited about a gem, and want to contribute to its development. You clone the gem repo and run bundle install only to see the horror of installation issues or a failing test suite. What to do? Do you debug this unsure of how deep the rabbit

You may have experienced this before: you’re excited about a gem, and want to contribute to its development. You clone the gem repo and run bundle install only to see the horror of installation issues or a failing test suite. What to do? Do you debug this unsure of how deep the rabbit hole goes, or perhaps leave it for another day as you’re short on time?

Recently David Rodriguez brought up the issue and explained one way to prevent this: by having gem repositories lock versions of gem dependencies like we do in app development. The team listened to his proposal and reconsidered the original motivation behind not locking versions of gem dependencies, the impact to gem developers, and whether those reasons were still valid today.

Starting with Bundler 1.16, the default for a new gem template created by Bundler no longer adds Gemfile.lock to .gitignore, thereby allowing the lock file to be committed into the Git repository. Locking the versions of gem dependencies lets gem developers install a known working setup across different systems for development and save time by not having to debug broken installations. With a little CI configuration, gems can still be tested against new version dependencies (see CI recommendations below). We believe gem developers and the OSS community can benefit more by reducing hurdles for contributors. Some gem authors like Rails and Devise have been checking in the lock file into Git for some time now.

The change only applies to new gems created using Bundler by running bundle gem to create a new gem skeleton. Bundler will not change the lock file’s presence in .gitignore for existing gems.

We’d like to thank David for bringing this issue to our attention and implementing the changes to Bundler!

CI recommendations

There are (at least) two ways to ensure the gem is still tested against the latest versions of dependencies in the CI, even after the Gemfile.lock is checked in to the gem repo.

Option 1: Delete the lockfile when testing

One way is to delete the lockfile before running the test suite. This will test the build against the latest version of the gem dependencies, giving you a preview of what your users will experience when they install the gem. The easiest way to do this is to add one line to travis.yml:

before_install: "rm Gemfile.lock"

This means the CI only runs with the latest dependencies, and so the results may not match what gem developers see on their local machines. You can work around this problem by running the tests twice or setting up a Travis build matrix, to see test results for both, with and without a lockfile.

Option 2: Let a bot handle it

The easiest way to make sure new versions are tested with the gem is to ask a friendly bot to update the Gemfile.lock and open a PR anytime one of the dependencies release a new version. Friendly bot options include Dependabot (by Bundler contributor @greysteil), Depfu, and others. Having a separate PR for every version bump makes it easy to tell which gems and versions caused failures, if any. They also make it easy to update a version in the lockfile, secure in the knowledge that the tests have already passed with the new version.

Bundler 1.16: 2.0 Is So Close!
What’s new in Bundler 1.16?

A short summer after the performance-focused Bundler 1.15 release, we’ve shipped 1.16. Before we get to the list of changes, we want to share a very exciting announcement: Bundler 2.0 is right around the corner! We anticipate that v1.16 will be the last 1.x release, an

What’s new in Bundler 1.16?

A short summer after the performance-focused Bundler 1.15 release, we’ve shipped 1.16. Before we get to the list of changes, we want to share a very exciting announcement: Bundler 2.0 is right around the corner! We anticipate that v1.16 will be the last 1.x release, and details about the transition to 2.0 can be found below.

Improved Resolver

Thanks to the heroic efforts of Grey Baker, the Molinillo library Bundler uses for dependency resolution has once again been overhauled. By replacing the heuristic-focused “swapping” algorithm with one that can consider groups of gems at once, Grey managed to eliminate many bugs around dependency resolution, all while making resolution faster than ever before.

Speed

Following on the heels of the speed boosts in 1.15, we’ve continued to make the performance of Bundler a top priority. We’ve managed to reduce the number of times a Gemfile needs to be evaled when running bundle install. Additionally, running bundle install when no installation needs to be done is several times faster, bringing it within a few hundred ms of bundle check.

Various improvements

In addition to those larger additions, we made some smaller tweaks with the aim of smoothing and improving the overall experience of using Bundler:

  • bundle pristine will now allow passing a list of gems to pristine
  • gemfiles are evaluated one fewer time when running bundle install

We also fixed over 20 separate bugs, and you can read about every single one of them in the Bundler 1.16 changelog.

Kicking off the transition to Bundler 2

As this announcement is being written, Bundler 2 has landed on the master branch. We anticipate having the first pre-release of 2.0 available on RubyGems soon. However! (and this is a big however), the Bundler team is committed to making the transition from Bundler 1 to Bundler 2 as smooth as possible. No one will be forced to upgrade to Bundler 2, and existing projects will be able to continue using Bundler 1 until they decide that switching to Bundler 2 is worth it.

On the other hand, for those of you chomping at the bit to get ready, we have good news. Bundler 1.16 contains our current slate of changes for 2.0, but disabled behind feature flags. This also means that 1.16 has intimate knowledge of the parts of Bundler that will be changing, and by setting the BUNDLE_MAJOR_DEPRECATIONS environment variable (or the major_deprecations config setting), Bundler 1.16 will let you know if you’re relying on behavior that will change in Bundler 2. If you want to try it out, you can enable the changes that will ship in 2.0, and follow the deprecation guides to migrate to the future behavior today.

In future blog posts, we’ll introduce the philosophy of Bundler 2, explain the reasons behind each of the breaking changes we made, and provide a detailed migration guide for those of you who prefer stable, documented releases. :)

How To Upgrade To 1.16

Run gem install bundler to upgrade to the newest version of Bundler.

Bundler 1.14: So many fixes
What’s new in Bundler 1.14?

We somehow missed writing up an announcement when Bundler 1.14 was initially released, but several people kindly pointed out the problem. Just 48 days late, here’s what’s new in Bundler 1.14! In this feature release, we added several small features, and fixed a giant p

What’s new in Bundler 1.14?

We somehow missed writing up an announcement when Bundler 1.14 was initially released, but several people kindly pointed out the problem. Just 48 days late, here’s what’s new in Bundler 1.14! In this feature release, we added several small features, and fixed a giant pile of bugs.

Conservative updates

Building on the previous fine controls for the update command, the illustrious @chrismo worked his way through many gnarly possible usage combinations to implement the update --conservative flag. Using the conservative flag allows bundle update GEM to update the version of GEM, but prevents Bundler from updating the versions of any of the gems that GEM depends on. For a more in-depth discussion of why this is useful, check out the discussion of overlapping dependencies in the update command man page.

Checksum validation

As part of the compact index format provided by RubyGems.org, Bundler now has access to checksums for every .gem file. Starting with version 1.14, Bundler actively validates those checksums against downloaded .gem files before installing them. Hooray! 🎉

Improved platform support

Courtesy of some intensive work by @segiddins, Bundler is getting better at handling applications that will be run on more than one platform, like both Unix and Windows. To start with, Bundler will now print a warning if your Gemfile includes any gems that will never be installed due to a platform block. For gems that need to be compiled even though the author has uploaded a binary gem, the force_ruby_platform config setting has you covered. Lastly, the new config setting specific_platform tells Bundler to consider platforms during dependency resolution. This setting should significantly improve things for users installing a single bundle on more than one platform. We expect the specific_platform setting to become the default behavior in Bundler 2.0.

Improved required Ruby versions

Building on the support for Ruby and RubyGems version that was added in 1.13, Bundler 1.14 improves resolver error messages. If any gem conflicts with your Ruby or RubyGems version, the error message will now show both the conflicting dependencies and the chain of parent dependencies that led to the conflict.

Various improvements

In addition to those larger additions, we made some smaller tweaks with the aim of smoothing and improving the overall experience of using Bundler:

  • Installing gems using sudo will now always prompt for a password, even if the sudo password is cached from an earlier command
  • The Gemfile method platform now supports Ruby 2.5, allowing arguments like :ruby_25 or :mri_25.
  • The “lockfile is missing dependencies” error (triggered by certain old lock files that were missing information) is no longer fatal. We now print instructions on how to repair the Gemfile, and install using one thread.
  • Running require "bundler" is now about five times faster than it used to be.
  • Bundler now works when run by users without a home directory.
  • The output from bundle env is now preformatted as Markdown for pasting into a GitHub issue.
  • After Bundler 2.0 is (eventually) released, Bundler 1.14 and greater will be able to automatically switch to Bundler 2.0+ for apps that need it.

We also fixed over 60 separate bugs, and you can read about every single one of them in the Bundler 1.14 changelog.

How To Upgrade

Run gem install bundler to upgrade to the newest version of Bundler.

{}
Phusion News ( Feed )
Wednesday, 04 April 2018
Passenger 5.2.3: macOS compilation fix, full $TMPDIR support
Passenger 5.2.3 solves a macOS compilation issue and makes it possible to run on a read-only filesystem with a custom /tmp dir. There's also a few minor fixes.
Passenger 5.2.3: macOS compilation fix, full $TMPDIR support

Version 5.2.3 of the Passenger application server for Ruby, Node.js, Meteor and Python has been released. We've fixed a macOS build issue and removed hardcoded references to /tmp. Python 3 support was improved and a few minor issues fixed.

The 5.2 series brings a major internal overhaul of configuration management, which is the first step in deep inspection and on-the-fly reconfiguration of Passenger. The 5.x series of Passenger in general brings a plethora of improvements in uptime maximization, security and efficiency.

Please be aware that you can enjoy enterprise features and sponsor the open source development directly by buying Phusion Passenger Enterprise.

macOS compilation fix

The passenger-config compile-nginx-engine command failed to complete on macOS >= 10.13 due to a missing require call in our code. The command is relevant for users who compile Passenger from source, which also happens under the hood with the Passenger Enterprise Homebrew formula.

Full $TMPDIR support

Passenger already respected the value of the TMPDIR environment variable as the location of the /tmp dir in most cases. We've gotten rid of the remaining cases that hardcoded /tmp (GH-2052), so that it is for example now possible to run Passenger on a read-only filesystem with a custom /tmp dir.

Various improvements & fixes

  • Fuse Panel support: fixes a few bugs with handling small log files and with apps that don't output any messages.
  • Python app support: fixes a Python 3 compatibility issue w.r.t. writing data over the socket.
  • Fixes a small memory corruption issue (dangling pointer) in the ApplicationPool subsystem.
  • Updated PCRE version to 8.42 (was: 8.41) across the board.

Installing 5.2.3

Please see the installation guide.

Upgrading to 5.2.3

We strongly advise staying up to date with the latest version.

See also the upgrade notes below!

Passenger 5.2.3: macOS compilation fix, full $TMPDIR support
OS X
Passenger 5.2.3: macOS compilation fix, full $TMPDIR support
Debian
Passenger 5.2.3: macOS compilation fix, full $TMPDIR support
Ubuntu
Passenger 5.2.3: macOS compilation fix, full $TMPDIR support
Heroku
Passenger 5.2.3: macOS compilation fix, full $TMPDIR support
Red Hat
Passenger 5.2.3: macOS compilation fix, full $TMPDIR support
CentOS
Passenger 5.2.3: macOS compilation fix, full $TMPDIR support
Ruby gem
Passenger 5.2.3: macOS compilation fix, full $TMPDIR support
Tarball
Passenger 5.2.3: macOS compilation fix, full $TMPDIR support
Docker

If you are upgrading from 4.x, please read the 5.0 upgrade notes to learn about potential upgrade caveats.

RubyMine 2018.1 Released: Improved Performance, Run Anything, Postfix Completion, and More
Hi everyone, RubyMine 2018.1 (181.3204.562), the first major release of the year, is now available. Learn about all the new features on our What’s new page, or you can read a brief summary below: Faster and smarter IDE Run anything … Continue reading →

Hi everyone,

RubyMine 2018.1 (181.3204.562), the first major release of the year, is now available. Learn about all the new features on our What’s new page, or you can read a brief summary below:


Faster and smarter IDE

  • The redesigned core static analysis engine improves the performance of the IDE. In particular, code autocompletion suggestions, code inspection (Code | Inspect Code), and other features related to code analysis now respond better and complete faster. More.
  • Improved Code Insight for block variables: a block passed as a parameter is now properly resolved from the receiver block’s body. More.

Run anything

  • The new Run anything action (Double Ctrl) provides a unified way to instantly run rake tasks, rails s, or basically any script or console command. More.
  • Press Shift while using the Run anything action, and it will switch to the Debug anything mode, allowing you to run debug configurations.

Postfix code completion

  • The newly added postfix code completion lets you transform an existing expression without the need to move your caret about in the code making it possible to easily reverse, alter, or supplement statements. More.

Inline diagrams in Markdown

  • Markdown preview now renders inline diagrams! Insert puml before your diagram code in an .md file and RubyMine will properly identify the syntax and display the diagram in the preview pane. More.

Debugger

  • The debugger now provides a more user-friendly way to set up exception breakpoints which will suspend execution when a certain type of exception is raised.
  • If you don’t want the debugger to stop at every exception raised, hit the plus button and choose which types of exceptions should be triggered. More.

JavaScript

  • TypeScript improvements. The new version supports the latest TypeScript features, improves the Implement Members action, and adds a new Surround with type guard quick-fix for unresolved properties.
  • Vue improvements. Create new Vue components from existing ones: select the part of the template you want to reuse and use Refactor | Extract or press Alt-Enter and select Extract Vue Component.
  • CSS improvements. Cmd/Ctrl-click on the class name in HTML can now navigate not only to its declaration in the compiled CSS file linked to the HTML file, but also to the Sass, SCSS, or Less source.

More JavaScript improvements available in RubyMine 2018.1

Version Control

  • The new release features partial Git commits, which allow you to include code chunks into a commit using the check-boxes, and associate the code chunks with different changelists. More.
  • Three new actions were added to make it easier to use the rebasing procedure from the IDE: Abort Rebase, Continue Rebase and Skip Commit. More.

Other improvements:

  • New Open in terminal action. More.
  • Navigate through identifier occurrences. More.
  • Comment out HTML and Ruby in .html.erb. More.
  • The navigation bar is now enabled by default. More.
  • IDE Settings Sync plugin. More.
  • By default RubyMine now completes current statements on pressing Enter.
  • Improved documentation UI.

Download RubyMine 2018.1

See the release notes for the full list of improvements, and please report any issues you encounter.

{}
Ruby on Rails News ( Feed )
Saturday, 31 March 2018
New Rails bug fix releases, closer to multi dbs and more!
Hey there, esteemed readers of Rails’ public repo tea leaves. It’s Kasper bringing you the latest hot cup to steel transcendence from.

Hey there, esteemed readers of Rails’ public repo tea leaves. It’s Kasper bringing you the latest hot cup to steel transcendence from.

This Week’s Contributors

Here goes a hey-o to the 16 contributors this week! You can make the list no doubt, try finding an open issue.

Rails 5.0.7 and 5.1.6 are out

New bug fix releases are out, so you can upgrade your apps today.

Easy Multi databases: basic rake tasks

For applications with multiple databases you always had to create your own rake tasks. No more! One of the stepping stones for Rails 6.0 to have multi db support out of the box is in.

Compare dates with before? and after?

To compare two dates and/or times we’d use the standard < and > operators. Now date arithmetic is a little easier with today.before?(tomorrow) and today.after?(yesterday). Thus joining today.between?(yesterday, tomorrow). Your app now has no excuse not to show up on time!

Allow prefixing store attributes

In the vein of delegate :name, to: :person, prefix: true adding person_name, your store attributes now houses the same trick to squash duplicate accessors. Also sports specific prefixes to really clear the path of method name clashing.

Favor app-wide config.force_ssl for HTTPS

Rails has long had a way to incrementally force users onto HTTPS, a controller level force_ssl! Times have changed and Rails 6.0 deprecates that option in favor of the app-wide config.force_ssl so every endpoint will use HTTPS.

There were many more changes to Rails’ codebase, which you can check out here.
Until next week!

{}
Ruby on Rails News ( Feed )
Thursday, 29 March 2018
Rails 5.0.7 and 5.1.6 have been released
Hi everyone,

Hi everyone,

I am happy to announce that Rails 5.0.7 and 5.1.6 have been released.

CHANGES since 5.0.6

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 5.1.5

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-256

If you’d like to verify that your gem is the same as the one I’ve uploaded, please use these SHA-256 hashes.

Here are the checksums for 5.0.7:

$ shasum -a 256 *-5.0.7.gem
c023d1df2fd6f5e1ac042ad6a0338e8a2c4d1404484f8fe77121b81f10b75f2c  actioncable-5.0.7.gem
5f9b12f26ae8906d20b9f4784644853121a3b03f74a396943677fc30f91c2e35  actionmailer-5.0.7.gem
08e0d4582d1b37cc059aca1d19cd271e7bb575265093c4a99cb79d80dcb0d196  actionpack-5.0.7.gem
eb20007cc9ee40ee7a2f96147e9776394f72d59979b23da15f444a9906c17b8b  actionview-5.0.7.gem
e8a15b73302c02352da9463b134daf037841fec7d5d5c2ec97487456f96bb8d5  activejob-5.0.7.gem
fe35b1bbfb140c7416723e3a7d7ef2a78e8921739863d8a917a93131e2b7cc87  activemodel-5.0.7.gem
c6349cd59e29118aaed5d4d2414e87b427affd28925b7fe1559cb45a21152366  activerecord-5.0.7.gem
a595a42311ea13ce994b1feea3325cbbb1ac5c0bf40cd96c89797882121da7fb  activesupport-5.0.7.gem
76815a2a7e99c83b53ea52325c5bbc5ca15e25ecdfb741ea329ca153cf11ff84  rails-5.0.7.gem
e08b95ec3dbb708f9d449a01c083c66d47ddba2f373e4a2fd1bde2c7a92fdb48  railties-5.0.7.gem

Here are the checksums for 5.1.6:

$ shasum -a 256 *-5.1.6.gem
2e678b45852f242e5897a0d4e43dca1088fb3d5c350592b22768b502a085261f  actioncable-5.1.6.gem
ecbc307e66102b1406fba38f6d7c869fd763cafa98b02fd4f6049fd41d663de9  actionmailer-5.1.6.gem
8dcd333263bdea533de7ac8e087f530f20bde6167c3c02060b82630b90aee26f  actionpack-5.1.6.gem
0181e71b9d307425605c50aa70358148aa0dff270bf2e07dbb87acb3d3a7ddcd  actionview-5.1.6.gem
a291963337402f3dcd5aee1dff3fd980256742bb0cfa06c47315257d11d69a0a  activejob-5.1.6.gem
7e3d2904a524a18c4f710a170243eac706279a36142289431d3c504df665c881  activemodel-5.1.6.gem
1da0546d452cc9b25b900bc2616b57d1e41e24039c33466b46d7add27fdf13c7  activerecord-5.1.6.gem
94d2f2a9fe1a7421165e0014eaa4c8eb2d229f72dc9815cf7c2f0c595f05b521  activesupport-5.1.6.gem
b8301a87151de3feb7cbdf57a66842bb668493f4cec464fd0f67d4c7173b6051  rails-5.1.6.gem
482a97c40ff61f4e8aed5f449a5f54fcb3890ddd53c3a7dc0efd02a9da139e79  railties-5.1.6.gem

As always, huge thanks to the many contributors who helped with this release.

New: Fuse Panel for Phusion Passenger
Today Phusion introduces a GUI for Passenger (open source and enterprise), providing tools to monitor, administer, analyze and troubleshoot your apps.

The smarter and simpler command center for your applications

New: Fuse Panel for Phusion Passenger

Over the past 10 years we at Phusion have made amazing strides with Passenger development and saw hundreds of thousands of you build amazing applications, websites and companies. In recent years we’ve heard you say “It just works” which is great to hear - but it also means it’s time to put more focus on something that doesn’t work. We took all your feedback to heart and have developed a new solution to work alongside Passenger.

New: Fuse Panel for Phusion Passenger

Today we’re introducing a graphical user interface for the Passenger app server. Whether you’re running Passenger open source or you’re one of our enterprise customers, the Fuse Panel’s aim is to provide tools to monitor, administer, analyze and troubleshoot your apps. While we are in beta the tool is available for free for everyone.

Fuse Panel Launch Edition

Not only does Passenger “just work” but over the past 10 years we’ve also added a lot of options and features like live monitoring, settings management, process management, live troubleshooting and support hailing. The Fuse Panel offers a graphical view of all existing configuration options in one organized place so you don’t have to worry about missing out on stability or performance optimization.

Avoid slowing down your work flow digging through forums, reading documentation or recalling terminal commands to find the answers you’re looking for. The Fuse Panel illustrates everything effortlessly in a graphical web based platform.

If Passenger doesn’t function in the way you expect utilize the configuration debugging tool in the Fuse Panel to get to the bottom of your issue!

NEW in Passenger Fuse Panel: Log Viewing and Log Splitting

Clean up your logs with per application log viewing and splitting, this much-requested feature (since 2014) will only be available through the Fuse Panel beta. Easily switch between various apps' different log channels, both stdout/stderr output and regular log files. No more opening multiple terminal apps and running tail -f.

To inspect the logs of one of your applications that’s running on Passenger, click on the app you’d like to inspect in the sidebar, and then click the "logs" tab in the main view area. Logs update in near real-time.

Feature Requests - What’s next?

The open beta allows us to gather a lot of feedback from our community (you!) which will help shape the future development of the Fuse Panel. In the short term we plan to improve the log streaming feature to include Passenger level logs (in addition to app-level logs), implement text search and highlighting functions as well as options for configuring log retention length.

If you have a preference for one or the other functionality, please take the survey and let us know: https://phusion.typeform.com/to/aYJzKM

Some other features we’ve got our eyes on are:

  • Metrics
    Processes-level (CPU, memory and uptime statistics), request-level (requests/min, queue sizes) or even custom application-provided metrics, via a simple API. Visualize the most important live metrics across the entire cluster via a simple dashboard, or dive into individual resources.
  • Error tracking
    Be notified of and keep track of HTTP errors and application exceptions. Minimize outages for your users.
  • Passenger bootstrapping
    Use Fuse Panel to boot new Passenger instances.
  • Command & control
    Restart and otherwise manipulate processes, application servers, containers and machines.
  • Application deployment & Application configuration management
    Inspect and modify application configuration from Fuse Panel. Toggle feature flags. Synchronize configuration files between multiple application instances.
  • Configuration and optimization advisor
    Automatically scan configuration for issues and optimization opportunities. Profile usage and traffic and use pattern detection (e.g. machine learning) to detect issues and to raise alerts.
  • Access control
    Allow multiple people access to designated resources with designated permissions.
  • API
    Machine friendly interface to fetch data and metrics from Fuse Panel.
  • Support for other application servers, third-party integrations and custom plugins
    Integrate with Slack, Twilio, email, Github, Prometheus and more, and allow extending Fuse Panel with arbitrary custom behavior via plugins.

Get Started in the Fuse Panel Beta

The Fuse Panel Beta takes less than 5 minutes to set up and is free and open to anyone running the latest version (5.2.2) of Passenger (open source or enterprise). We would love to hear what direction you hope we’re going with the Fuse Panel, please take a few minutes to complete our survey.

New: Fuse Panel for Phusion Passenger

Start monitoring your apps today!

{}
Ruby Lang News ( Feed )
Wednesday, 28 March 2018
Ruby 2.5.1 Released

Ruby 2.5.1 has been released.

This release includes some bug fixes and some security fixes.

  • CVE-2017-17742: HTTP response splitting in WEBrick
  • CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
  • CVE-

Ruby 2.5.1 has been released.

This release includes some bug fixes and some security fixes.

There are also some bug fixes. See commit logs for more details.

Download

  • https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.1.tar.gz

    SIZE:   15923244 bytes
    SHA1:   93fafd57a724974b951957c522cdc4478a6bdc2e
    SHA256: dac81822325b79c3ba9532b048c2123357d3310b2b40024202f360251d9829b1
    SHA512: 67badcd96fd3808cafd6bc86c970cd83aee7e5ec682f34e7353663d96211a6af314a4c818e537ec8ca51fbc0737aac4e28e0ebacf1a4d1e13db558b623a0f6b1
    
  • https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.1.zip

    SIZE:   19525307 bytes
    SHA1:   4fe511496f1eea0c3c1ac0c5f75ef11168ad1695
    SHA256: 5d8e490896c8353aa574be56ca9aa52c250390e76e36cd23df450c0434ada4d4
    SHA512: 490a52081e740b37f06215740734e9a6598ee9b492995b3161d720b5b05beadb4570aa526b3df01f686881b1e259aa7d4a59c1f398989dc2d5f8250342d986f7
    
  • https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.1.tar.bz2

    SIZE:   14000644 bytes
    SHA1:   251fdb5ac10783b036fe923aa7986be582062361
    SHA256: 0f5d20f012baca865381a055e73f22db814615fee3c68083182cb78a4b3b30cb
    SHA512: 82e799ecf7257a9f5fe8691c50a478b0f91bd4bdca50341c839634b0da5cd76c5556965cb9437264b66438434c94210c949fe9dab88cbc5b3b7fa34b5382659b
    
  • https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.1.tar.xz

    SIZE:   11348108 bytes
    SHA1:   0fb5da56f9e5fca45e36aa24ba842d935d1691c2
    SHA256: 886ac5eed41e3b5fc699be837b0087a6a5a3d10f464087560d2d21b3e71b754d
    SHA512: 31bacf58469953282cd5d8b51862dcf4b84dedb927c1871bc3fca32fc157fe49187631575a70838705fe246f4555647577a7ecc26894445a7d64de5503dc11b4
    

Release Comment

Many committers, developers, and users who provided bug reports helped us to make this release. Thanks for their contributions.

Posted by naruse on 28 Mar 2018

Ruby 2.4.4 Released

Ruby 2.4.4 has been released.

This release includes some bug fixes and some security fixes.

  • CVE-2017-17742: HTTP response splitting in WEBrick
  • CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
  • CVE-

Ruby 2.4.4 has been released.

This release includes some bug fixes and some security fixes.

There are also some bug fixes. See commit logs for more details.

Download

  • https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.4.tar.bz2

    SIZE:   12659705 bytes
    SHA1:   1cc548ba3eb821e29ab92ac13e1d5c7bf23b1526
    SHA256: 45a8de577471b90dc4838c5ef26aeb253a56002896189055a44dc680644243f1
    SHA512: ae632852a5f413561d8134e9ef3bb82adb37317696dd293ef92cb76709ecd45718f14116ecce35b12f1c2dd53ccae8dabc7a924a270072b697512d11f4922347
    
  • https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.4.tar.gz

    SIZE:   14225338 bytes
    SHA1:   ec82b0d53bd0adad9b19e6b45e44d54e9ec3f10c
    SHA256: 254f1c1a79e4cc814d1e7320bc5bdd995dc57e08727d30a767664619a9c8ae5a
    SHA512: fa1f6d3a4856046d4f9c3e652be225ae67f3e9ff0d117b6ed327d58cfb717fb9b1ce81d06a3302e486e7da0b5f67b16341666ceb02a554a428d221d008263ed8
    
  • https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.4.tar.xz

    SIZE:   10049304 bytes
    SHA1:   0eac83a0818e1d6bc661abd9f90457cff8868cff
    SHA256: 1d0034071d675193ca769f64c91827e5f54cb3a7962316a41d5217c7bc6949f0
    SHA512: 4dc112a149273d4221484ccbf1260c6c5fcad7e0a6e4bc91e4ef69cbc093d3191f7abd71420f80d680f8ea5d111e6803ba2af32166aa501913639e6d5696fde0
    
  • https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.4.zip

    SIZE:   15685143 bytes
    SHA1:   4ac11e6915c168a235b854014aa2a0d540cabd68
    SHA256: d0ca0561be0045f2e094f2ba94f1585e66e9c1e91fe6de3f3035f4d67dce7650
    SHA512: 79b655fda332d44097e108a76c4ff74f16930cd3ef3951c7988df325781aa0b3e724697107d964735f31a2457a835f08fa72c4eadd5ef7d3ccc1e6c9185f37e3
    

Release Comment

Many committers, developers, and users who provided bug reports helped us to make this release. Thanks for their contributions.

Posted by nagachika on 28 Mar 2018

Ruby 2.2.10 Released

Ruby 2.2.10 has been released. This release includes several security fixes. Please check the topics below for details.

  • CVE-2017-17742: HTTP response splitting in WEBrick
  • CVE-2018-8777: DoS by large request in WEBrick
  • CVE-2018-6914: Unintentional file and dire

Ruby 2.2.10 has been released. This release includes several security fixes. Please check the topics below for details.

Ruby 2.2 is under the state of the security maintenance phase, until the end of the March of 2018. After the date, maintenance of Ruby 2.2 will be ended. So, this release is expected to be the last release of Ruby 2.2. We will never make a new release of Ruby 2.2 unless Ruby 2.2.10 has a serious regression bug. We recommend you migrating to newer versions of Ruby, such as 2.5.

Download

  • https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.10.tar.bz2

    SIZE:   13365461 bytes
    SHA1:   72ee1dcfd96199d2c3092b77db7a7f439c0abd08
    SHA256: a54204d2728283c9eff0cf81d654f245fa5b3447d0824f1a6bc3b2c5c827381e
    SHA512: f8ec96c2a5f4ecf22052ee0b1029989ded52d7bf5d41be24fef67e732e76f72119302240bca08f0547510a9cd29e941a32e263cad9c8a2bf80023d6bc97b2373
    
  • https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.10.tar.gz

    SIZE:   16694179 bytes
    SHA1:   b0207c861f3fa41cbe4909ecb89bd2fcac81fe7c
    SHA256: cd51019eb9d9c786d6cb178c37f6812d8a41d6914a1edaf0050c051c75d7c358
    SHA512: 051124922240d2e20e74903b9c629fa897279072d2aa9b0a4e3a02331b843fa9c97c16e7073d6faec1b9f2024c3a7e36346014c30eee256f0715c5de226b5db8
    
  • https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.10.tar.xz

    SIZE:   10508612 bytes
    SHA1:   c46737f81df819c3d7423df5c644431b3fcb8fee
    SHA256: bf77bcb7e6666ccae8d0882ea12b05f382f963f0a9a5285a328760c06a9ab650
    SHA512: 1f35458f2b1c334e64aecf42cd1df3b223fef119b6ad23394285d9f2e72da26b3ba5418950694c4a8c0b4afc43672f78459f2f7281a595cff0967eb239662ae4
    
  • https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.10.zip

    SIZE:   18540424 bytes
    SHA1:   0f4b9c6695d000cb456fe8b89f8bf6d42fb95069
    SHA256: 6933eb989afb1b916c438d8eeecff1cfb0a6569c07e7190beca56b10b822207a
    SHA512: dfaa9a76170b0eed9cb2bf41178f2193dd3428492413b1616aaabd67ec35b9b7705b422b0fdfe38b18a1800bbce3ba161b53d229d307ea7f5c0269ef3d031980
    

Release Comment

Thanks to everyone who reported vulnerabilities, fixed the vulnerabilities and helped with this release.

Posted by usa on 28 Mar 2018

Ruby 2.3.7 Released

Ruby 2.3.7 has been released.

This release includes about 70 bug fixes after the previous release, and also includes several security fixes. Please check the topics below for details.

  • CVE-2017-17742: HTTP response splitting in WEBrick
  • CVE-2018-8777: DoS by large

Ruby 2.3.7 has been released.

This release includes about 70 bug fixes after the previous release, and also includes several security fixes. Please check the topics below for details.

See the ChangeLog for details.

After this release, we will end the normal maintenance phase of Ruby 2.3, and start the security maintenance phase of it. This means that after the release of 2.3.7 we will never backport any bug fixes to 2.3 except security fixes. The term of the security maintenance phase is scheduled for 1 year. By the end of this term, official support of Ruby 2.3 will be over. Therefore, we recommend that you start planning to upgrade to Ruby 2.5 or 2.4.

Download

  • https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.7.tar.bz2

    SIZE:   14421177 bytes
    SHA1:   3bb88965405da5e4de2432eeb445fffa8a66fb33
    SHA256: 18b12fafaf37d5f6c7139c1b445355aec76baa625a40300598a6c8597fc04d8e
    SHA512: e72754f7703f0706c4b0bccd053035536053451fe069a55427984cc0bc5692b86bd51c243c5f62f78527c66b08300d2e4aa19b73e6ded13d6020aa2450e66a7d
    
  • https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.7.tar.gz

    SIZE:   17859100 bytes
    SHA1:   540996fec64984ab6099e34d2f5820b14904f15a
    SHA256: 35cd349cddf78e4a0640d28ec8c7e88a2ae0db51ebd8926cd232bb70db2c7d7f
    SHA512: 1ceccf00981d6d60e7587e89a04cc028f976950313ee445db5afd03e323472d3e69a35423733b24f9cbd9729f034cf80d2233b5c159764839f5bee4ca7052fe0
    
  • https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.7.tar.xz

    SIZE:   11438124 bytes
    SHA1:   c489248730cbce7721edd3e97de81e68eec938b2
    SHA256: c61f8f2b9d3ffff5567e186421fa191f0d5e7c2b189b426bb84498825d548edb
    SHA512: fd91c8db3d3aa4cc962a62f27b4d1a71f6b5567ab836e6dbfbbb1553eb269d11e12faf9e36af6c489c33b54fd89dab99bfe81a563158b704877f0628d6f5bc5a
    
  • https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.7.zip

    SIZE:   19911423 bytes
    SHA1:   ec6870b39125238d8d57d642225592896ed3b6d9
    SHA256: ffa42eeff928624a05dc7ad39426c855c6e9a757417f17b6fe9e54664ec91012
    SHA512: c85255a7f43c7df2fb11be4f9aa96e2ae70a94d3e963ccff4d8c1349ad6d455d9a436812efb24c91e451e68b8f81e5d335c6d5811b2a0e945a7070c305054434
    

Release Comment

Thanks to everyone who helped with this release.

The maintenance of Ruby 2.3, including this release, is based on the “Agreement for the Ruby stable version” of the Ruby Association.

Posted by usa on 28 Mar 2018

Passenger 5.2.2: passenger_base_uri fixed, new Phusion product spoiler
Passenger 5.2.2. fixes a regression preventing the use of multiple passenger_base_uri's, and improves some internals. We're also adding something new to the Phusion product portfolio.
Passenger 5.2.2: passenger_base_uri fixed, new Phusion product spoiler

Version 5.2.2 of the Passenger application server for Ruby, Node.js, Meteor and Python has been released. We've fixed a regression and added some internal improvements. Something new and exciting also lurks on the horizon..!

The 5.2 series brings a major internal overhaul of configuration management, which is the first step in deep inspection and on-the-fly reconfiguration of Passenger. The 5.x series of Passenger in general brings a plethora of improvements in uptime maximization, security and efficiency.

Please be aware that you can enjoy enterprise features and sponsor the open source development directly by buying Phusion Passenger Enterprise.

Multiple passenger_base_uri's fixed

Users reported no longer being able to configure multiple passenger_base_uri in Passenger 5.2. The base uri setting helps deploy applications to custom sub-uri's on the same server. The issue was triggered by config refactoring and has now been fixed.

Improved support for RAM-pricing on Heroku

A friendly Heroku engineer noticed our recent RAM-based pricing plan support and pointed us to a more robust way of checking dyno RAM limit (via cgroups), so we added support for that. Thanks Troels!

Internal tooling

The web server config manifest can be dumped to a specified file, to aid further development of improvements to the Passenger configuration system.

New addition to the Phusion portfolio

Passenger 5.2.2: passenger_base_uri fixed, new Phusion product spoiler
A patch-level increment with such few changes must mean that Passenger developers were otherwise engaged this last month. And indeed we were. We will be releasing an exciting new product preview in the next few days, so stay tuned!

Installing 5.2.2

Please see the installation guide.

Upgrading to 5.2.2

We strongly advise staying up to date with the latest version.

See also the upgrade notes below!

Passenger 5.2.2: passenger_base_uri fixed, new Phusion product spoiler
OS X
Passenger 5.2.2: passenger_base_uri fixed, new Phusion product spoiler
Debian
Passenger 5.2.2: passenger_base_uri fixed, new Phusion product spoiler
Ubuntu
Passenger 5.2.2: passenger_base_uri fixed, new Phusion product spoiler
Heroku
Passenger 5.2.2: passenger_base_uri fixed, new Phusion product spoiler
Red Hat
Passenger 5.2.2: passenger_base_uri fixed, new Phusion product spoiler
CentOS
Passenger 5.2.2: passenger_base_uri fixed, new Phusion product spoiler
Ruby gem
Passenger 5.2.2: passenger_base_uri fixed, new Phusion product spoiler
Tarball
Passenger 5.2.2: passenger_base_uri fixed, new Phusion product spoiler
Docker

If you are upgrading from 4.x, please read the 5.0 upgrade notes to learn about potential upgrade caveats.

Download issue with old gem version

Old versions of gem (below 2.2.0, released in 2013) may fail to download the Passenger Enterprise gem from our rubygem hosting software (Gem in a box).

ERROR: Could not find a valid gem 'passenger-enterprise-server' (= 5.1.4), here is why:
 Unable to download data from https://..@www.phusionpassenger.com/enterprise_gems/
 - bad response Unauthorized 401 

If this happens, please upgrade to a newer version of gem:

gem install rubygems-update; update_rubygems
CVE-2018-8777: DoS by large request in WEBrick

There is a out-of-memory DoS vulnerability with a large request in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2018-8777.

Details

If an attacker sends a large request which contains huge HTTP headers, WEBrick try to process it on memory, so the

There is a out-of-memory DoS vulnerability with a large request in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2018-8777.

Details

If an attacker sends a large request which contains huge HTTP headers, WEBrick try to process it on memory, so the request causes the out-of-memory DoS attack.

All users running an affected release should upgrade immediately.

Affected Versions

  • Ruby 2.2 series: 2.2.9 and earlier
  • Ruby 2.3 series: 2.3.6 and earlier
  • Ruby 2.4 series: 2.4.3 and earlier
  • Ruby 2.5 series: 2.5.0 and earlier
  • Ruby 2.6 series: 2.6.0-preview1
  • prior to trunk revision r62965

Credit

Thanks to Eric Wong e@80x24.org for reporting the issue.

History

  • Originally published at 2018-03-28 14:00:00 (UTC)

Posted by usa on 28 Mar 2018


pluto.models/1.4.0, feed.parser/1.0.0, feed.filter/1.1.1 - Ruby/2.0.0 (2014-11-13/x86_64-linux) on Rails/4.2.0 (production)