Rails Daily: Weekly Recap - Security Hardening & Database Enhancements

This week brought critical security improvements to Action Text's markdown processing and significant database migration enhancements for MySQL users. The Rails team also addressed several instrumentation bugs affecting async query execution.

Duration: PT2M38S

Episode overview

This episode is a short developer briefing from Rails Daily.

It explains recent repository work in plain language.

  • Show: Rails Daily
  • Published: 2026-03-15T10:28:41Z
  • Audio duration: PT2M38S

Transcript excerpt

This excerpt keeps the crawler page concise. Listen to the episode or use the RSS feed for the full update.

Good morning. This is Rails Daily for March 8th through 15th, 2026.

Fifteen pull requests merged with sixteen additional commits this week.

Starting with security improvements, Mike Dalessio merged a critical fix for Action Text's markdown link conversion. The change validates URI schemes to prevent dangerous JavaScript and HTML data URIs from bypassing sanitization in the markdown pipeline. This addresses a potential security vulnerability where…

On the database front, dominikdarnel delivered a substantial enhancement to MySQL migration capabilities. Rails now supports MySQL's LOCK option alongside the existing algorithm parameter for DDL operations. More importantly, both algorithm and lock options now work with column operations like add_column and…

Several instrumentation fixes landed this week. Rosa identified and resolved an issue where async query execution could permanently break query logging on request threads. The FutureResult#execute_or_skip method wasn't restoring the previous instrumenter after completion, causing stale EventBuffer instances to…

Infrastructure improvements included optimizations to the generated Dockerfile template. The changes merge node_modules…

Nearby episodes from Rails Daily

  1. Weekly Recap - Performance & Infrastructure Improvements
  2. Code Quality and Performance Fixes
  3. Database Performance and Code Cleanup
  4. ActionText Editor Updates and Test Improvements
  5. MySQL and PostgreSQL Database Enhancements
  6. Security Fixes and SQLite Improvements
  7. Async Query Instrumentation Fix and Auth Generator Update
  8. ActionPack Test Cleanup