This new release makes Lotus a complete web framework for Ruby. It ships with the last important set of features that we planned: assets.
We have now everything we need to build web applications with Lotus.
As of Lotus v0.6.0, we now have a full set of features for assets management, such as:
- Preprocessors (Sass, Less, ES6, JSX, CoffeeScript, Opal, etc..)
- Compressors (YUI, UglifyJS2, Google Closure Compiler, Sass, etc..)
- Deployment (precompile, compress, checksum)
- Content Delivery Network
- Heroku support
- Third Party Gems (eg.
bootstrapgem will support soon Lotus out of the box)
- A new Rack middleware to serve static assets
- Lazy precompilation + cache in development mode
For each application under
apps/, now we can optionally have a special directory (eg.
apps/web/config/initializers) where to put Ruby source files to initialize that specific application.
v0.6.0, new projects and applications will be generated with that directory.
Thanks to Lucas Allan for this new feature.
[Read the guides]
Lotus projects now ship with two default Rake tasks:
The first is a lightweight way to load only the configurations of a project, while the latter loads the entire application.
We can use them as requirement for our Rake tasks:
# Rakefile # ... task print_info: :preload do puts ENV['LOTUS_ENV'] puts defined?(UserRepository) end task clear_users: :environment do UserRepository.clear end
We can invoke these new taks with:
bundle exec rake print_info # => "development" # => nil
bundle exec rake clear_users
[Read the guides]
We have introduced a new CLI command
It has the role of destroy applications (
apps/), actions, entities, repositories, migrations, mailers and their related testing code.
bundle exec lotus destroy action web home#index
Pluralizations can be customized by adding exceptions to default inflections.
Thanks to Neil Matatall to prevent timing attacks for CSRF tokens comparision, David Strauß for making body parsing compatible with JSON API, Karim Tarek and Liam Dawson for exception normalization across all our gems, Vladislav Zarakovsky for making Force SSL compliant with Rack SPEC, while Bernardo Farah fixed chunked responses, to Karim Kiatlottiavi for fixing HTML escape encoding, to Rodrigo Panachi for fixing CSRF form, to Hélio Costa and Pascal Betz for fixing how validations treat blank strings, to Cẩm Huỳnh for making
#html helper to accept blocks.
Ruby 2.0 and 2.1 are now deprecated. We took this decision because MRI 2.0 will reach End Of Life (EOL) next month and because keeping 2.1 around would mean to leave our internals complex because of "safe indifferent access".
Prior to MRI 2.2,
Symbol instances weren't garbage collected.
This has caused security problems for Ruby applications.
If not properly filtered, untrusted input could've been lead to attacks where the server memory is entirely consumed by Ruby VM due to
To prevent this kind of attack, we always used strings for incoming HTTP parameters.
At the same time, we wanted to offer convenient access to these params via symbols (eg
To make this possible we had to carefully filter and convert data over and over.
By dropping 2.1, we can simplify our internal code because we don't have to worry about GC and symbols security threats. At the same time we can provide minor perf improvements due to the lack of these conversions.
There are several breaking changes due to assets features.
If you're upgrading from an earlier version, please make sure to read the detailed upgrade guide that we prepared. It will take a few minutes to get up and running again.
Our focus for the next release (
v0.7.0) will be about
We want to make stronger and flexible the way we validate and persist data.
We recognized it's too verbose to always require database mapping even if it can be avoided (eg with SQL databases). It's not necessary to instantiate an entity to write a record, repositories can directly accept data and persist it.
We want to simplify our day to day life with Lotus.