Rails Daily: PostgreSQL 18 Support and Security Updates
Rails merged 10 pull requests with major PostgreSQL 18.4+ improvements including NOT ENFORCED foreign keys and referential integrity changes. A security fix limits string-to-integer conversion to prevent DoS attacks.
Duration: PT1M47S
Transcript
Good morning, this is Rails Daily for Tuesday, May 20th, 2026.
Yahonda merged two significant PostgreSQL 18.4+ improvements. The first adds an enforced option for foreign keys, allowing table owners to toggle enforcement without superuser privileges. The second updates disable_referential_integrity to use NOT ENFORCED instead of DISABLE TRIGGER ALL, also removing the superuser requirement.
Aaron Patterson merged a security fix limiting the size of strings passed to to_i in ActiveRecord. The change prevents potential DoS attacks by restricting auto-integer coercion to 16 bytes for default integers and 32 bytes for bigints.
Fatkodima contributed two database enhancements: adding exclusion_constraint_exists and unique_constraint_exists helpers for PostgreSQL, and merging Shouichi's pull request to accept Tempfile as an ActiveStorage attachable.
Kyle Keesling fixed a query cache invalidation bug where UPDATE statements going through update_with_result weren't properly clearing the cache, affecting PostgreSQL tables with generated stored columns.
Thomas Sevestre added proc and symbol support for NumericalityValidator's in option, enabling dynamic range validation based on object state or methods.
Janko optimized Active Storage by loading image processing backends upfront, eliminating first-variant processing delays and improving memory usage in preforking servers.
Additional changes include documentation fixes for ActiveModel DateTime type and stabilized migration tests.
What's next: The PostgreSQL 18 integration continues advancing Rails database capabilities. Security improvements show ongoing attention to potential attack vectors.
That's today's Rails update. Back tomorrow with more from the Rails repository.