Ruby on Rails: PostgreSQL 18 Support and Security Fixes
Rails merged 10 pull requests focusing on PostgreSQL 18.4+ support with new foreign key enforcement options and security improvements including DoS protection for integer coercion.
Duration: PT1M54S
Transcript
Good morning. This is your Ruby on Rails development briefing for May 20th, 2026.
Yesterday's activity centered on PostgreSQL 18 support and security enhancements. Yahonda merged two significant PostgreSQL updates: adding an enforced option for foreign keys on PostgreSQL 18.4+ that allows table owners to toggle enforcement without superuser privileges, and updating disable_referential_integrity to use NOT ENFORCED constraints instead of trigger disabling.
Kyle Keesling fixed a query cache invalidation bug affecting PostgreSQL generated stored columns. Aaron Patterson addressed a potential denial of service vector by limiting string lengths for automatic integer coercion in ActiveModel.
Fatkodima contributed two database improvements: adding exclusion_constraint_exists and unique_constraint_exists helper methods for idempotent migrations, and accepting Tempfile objects as ActiveStorage attachables alongside existing File support.
Thomas Sevestre enhanced numericality validation by adding proc and symbol support for the in option, allowing dynamic range validation. Janko optimized Active Storage performance by loading image processing backends upfront, reducing first-variant processing overhead and improving memory usage in preforking web servers.
The team also merged documentation fixes for DateTime type examples and stabilized regression tests for say_with_time functionality.
Looking ahead: PostgreSQL 18 adoption continues with enhanced foreign key management capabilities, and security hardening remains a priority for input validation. Performance optimizations are being applied across the storage layer.
That's your Rails update. Back tomorrow with more developments.