Rails Daily: Template Security and CI Improvements
Two pull requests merged today addressing ActionView template encoding issues and GitHub Actions security permissions in generated Rails applications.
Duration: PT1M32S
Transcript
Good morning, this is Rails Daily for March 2nd, 2026.
Two key improvements landed in the Rails codebase today, addressing template handling and CI security.
Kataoka Tsuki merged a fix for an Encoding::CompatibilityError that occurred when using strict locals with non-ASCII default values in ActionView templates. The issue arose when templates loaded via File.binread contained characters like "café" in local variable declarations. The fix ensures proper encoding is applied to strict locals before template compilation, preventing compatibility errors between ASCII-8BIT and UTF-8 strings.
Taketo1113 merged changes to set read-only permissions for GitHub Actions workflows generated by the rails new command. This security improvement affects both standard Rails applications and plugin templates, ensuring that generated CI workflows follow GitHub's principle of least privilege by default.
Both fixes target common developer pain points - the first resolving encoding issues that could break internationalized applications, and the second implementing security best practices for new Rails projects from the start.
What's next: Watch for additional ActionView template improvements as encoding edge cases continue to surface. The GitHub Actions security update suggests the Rails team is prioritizing secure-by-default configurations for generated code.
That's your Rails update for today. Stay tuned for tomorrow's developments.