Rails 4.0 goes to release candidate
The developers of the Ruby on Rails web framework have announced that the first Rails 4.0 release candidate is now available "just in time for the opening of RailsConf". Rails 4.0 is the first Rails release to prefer Ruby 2.0 and has a minimum requirement of Ruby 1.9.3. The release candidate includes over 1300 commits made since February's release of the first beta of Rails 4, all landing on top of the numerous changes made since Rails 3.2. The Rails team hope that developers can "give this release candidate an honest try".
Security issues have also been addressed with a now-encrypted Session store, Strong Parameters to protect against mass assignment attacks, better security header defaults, and the banishing of XML parameter parsing, which caused trouble earlier this year, to a plugin. ActionPack also has a KeyGenerator added to it, which is the basis for cookie signing and encryption.
The Rails developers are hoping that, unless blocking bugs are reported, this will be the version that is released in around three to four weeks. The upgrade guide covers how to move from 3.2 to 4.0, but is still a work in progress; it does, however, cover the elements of Rails 3.2 that are deprecated in Rails 4.0 and behavioural changes in the opinionated framework. Rails 4.0 RC1 can be installed with the command
gem install rails --version 4.0.0.rc1 --no-ri --no-rdoc. Rails is licensed under the MIT licence.