This new release makes Lotus a complete web framework for Ruby. It ships with the last important set of features that we planned: assets.

We have now everything we need to build web applications with Lotus.

Features

Assets

As of Lotus v0.6.0, we now have a full set of features for assets management, such as:

Thanks to Leigh Halliday, Gonzalo Rodríguez-Baltanás Díaz, deepj, Michael Deol, Benjamin Klotz, Kleber Correia for their contributions and help.

[Read the guides and the announcement]

Custom Initializers

For each application under apps/, now we can optionally have a special directory (eg. apps/web/config/initializers) where to put Ruby source files to initialize that specific application. Starting from v0.6.0, new projects and applications will be generated with that directory.

Thanks to Lucas Allan for this new feature.

[Read the guides]

Default Rake Tasks

Lotus projects now ship with two default Rake tasks: :preload and :environment. The first is a lightweight way to load only the configurations of a project, while the latter loads the entire application. We can use them as requirement for our Rake tasks:

# Rakefile
# ...

task print_info: :preload do
  puts ENV['LOTUS_ENV']
  puts defined?(UserRepository)
end

task clear_users: :environment do
  UserRepository.clear
end

We can invoke these new taks with:

bundle exec rake print_info
# => "development"
# => nil
bundle exec rake clear_users

[Read the guides]

Destroy Command

We have introduced a new CLI command lotus destroy. It has the role of destroy applications (apps/), actions, entities, repositories, migrations, mailers and their related testing code.

bundle exec lotus destroy action web home#index

Thanks to Tadeu Valentt and Lucas Allan for this feature.

Minor Changes & Improvements

Pluralizations can be customized by adding exceptions to default inflections.

Action generator is now smarter and it can generate a route with the right HTTP verb, according to our REST conventions. Thanks to Sean Collins.

Special thanks goes to Tadeu Valentt, Pascal Betz, Andrey Deryabin, Anton Davydov, Caius Durling, Jason Charnes, Sean Collins, and Ken Gullaksen for their work to make our CLI stronger than ever.

Thanks to Neil Matatall to prevent timing attacks for CSRF tokens comparision, David Strauß for making body parsing compatible with JSON API, Karim Tarek and Liam Dawson for exception normalization across all our gems, Vladislav Zarakovsky for making Force SSL compliant with Rack SPEC, while Bernardo Farah fixed chunked responses, to Karim Kiatlottiavi for fixing HTML escape encoding, to Rodrigo Panachi for fixing CSRF form, to Hélio Costa and Pascal Betz for fixing how validations treat blank strings, to Cẩm Huỳnh for making #html helper to accept blocks.

We're thankful for the help that Hiếu Nguyễn, Taylor Finnell, Andrey Deryabin, Cainã Costa, Shin-ichi Ueda, Martin Rubi offered for other minor improvement and fixes.

Deprecations

Ruby 2.0 & 2.1

Ruby 2.0 and 2.1 are now deprecated. We took this decision because MRI 2.0 will reach End Of Life (EOL) next month and because keeping 2.1 around would mean to leave our internals complex because of "safe indifferent access".

Prior to MRI 2.2, Symbol instances weren't garbage collected. This has caused security problems for Ruby applications. If not properly filtered, untrusted input could've been lead to attacks where the server memory is entirely consumed by Ruby VM due to Symbol abuse.

To prevent this kind of attack, we always used strings for incoming HTTP parameters. At the same time, we wanted to offer convenient access to these params via symbols (eg params[:id]). To make this possible we had to carefully filter and convert data over and over.

By dropping 2.1, we can simplify our internal code because we don't have to worry about GC and symbols security threats. At the same time we can provide minor perf improvements due to the lack of these conversions.

Breaking Changes

There are several breaking changes due to assets features.

If you're upgrading from an earlier version, please make sure to read the detailed upgrade guide that we prepared. It will take a few minutes to get up and running again.

What's Next?

Our focus for the next release (v0.7.0) will be about Lotus::Model and Lotus::Validations. We want to make stronger and flexible the way we validate and persist data.

We recognized it's too verbose to always require database mapping even if it can be avoided (eg with SQL databases). It's not necessary to instantiate an entity to write a record, repositories can directly accept data and persist it.

We want to simplify our day to day life with Lotus.