Last checked and updated on 31 May 2026
What Is New in Ruby on Rails 5.2
| Category | Highlights |
|---|---|
| New Features | Active Storage, Redis cache store, Encrypted credentials, Content Security Policy DSL, HTTP/2 Early Hints |
| Improvements | Recyclable fragment cache keys, AEAD encrypted cookies, Default security headers, Bulk-insert fixtures, Connection pool reaper |
| Bug Fixes | Transaction rollback fixes, Eager-loading with joins, SQLite boolean serialization, Index ordering for MySQL/PostgreSQL, Fixed nested has_many :through |
| Deprecations | capify! generator method, rails dbconsole/environment argument, after_bundle callback, image_alt helper, Module#reachable?, secrets.secret_token |
| Breaking Changes | Removal of Erubis ERB handler, ApplicationRecord no longer generated by default, removal of several deprecated AR methods |
How does Active Storage simplify file uploads in Rails 5.2?
Active Storage gives you a unified API to attach files to any Active Record model and store them on cloud services or the local disk.
- Declare attachments with
has_one_attachedorhas_many_attached. - Supported services: Amazon S3, Google Cloud Storage, Microsoft Azure, and a built-in local disk service for dev/test.
- Mirroring lets you write to multiple services for backup or migration.
# app/models/user.rb
class User < ApplicationRecord
has_one_attached :avatar
end
# In a form
<%= form.file_field :avatar %>
# Attach from console
user.avatar.attach(io: File.open('/path/to/file.jpg'), filename: 'file.jpg')
In practice this removes the need for carrierwave or paperclip gems and centralises file handling in the Rails stack.
What is the new Credentials system and how does it replace secrets?
Rails 5.2 introduces config/credentials.yml.enc, an encrypted file that stores all production secrets.
- The file is encrypted with a master key stored in
config/master.keyor theRAILS_MASTER_KEYenv var. - It can hold API keys, third-party tokens, and even arbitrary encrypted configuration files.
- Rails.application.credentials replaces
Rails.application.secretsand the older encrypted secrets feature.
# Edit credentials
EDITOR="vim" bin/rails credentials:edit
# Access in code
Rails.application.credentials.dig(:aws, :access_key_id)
This matters if you want a single source of truth for secrets that lives safely in version control.
How have caching and fragment keys changed in Rails 5.2?
Rails 5.2 separates the cache key from a version component, enabling recyclable fragment caching.
ActiveRecord::Base#cache_versionprovides a stable version number for a record.#cache_keynow returns a deterministic key without a timestamp, reducing cache churn.- Fragment caches can now use
cache_versionto invalidate groups of fragments efficiently.
# In a view
<%= cache(@post) do %>
<%= render @post %>
<% end %>
# The underlying key looks like:
posts/123-202309150001
Most teams will see fewer cache misses after a deployment because unchanged fragments keep their keys.
What security defaults are added in Rails 5.2?
Rails 5.2 ships with a built-in Content Security Policy DSL and stronger default headers.
- Define a global CSP in
config/initializers/content_security_policy.rband override per-controller if needed. - AEAD encrypted cookies use AES-256-GCM, providing authenticated encryption.
- Default response headers now include
Referrer-Policy,X-Download-Options,X-Permitted-Cross-Domain-Policies, and an HSTS max-age of one year.
# config/initializers/content_security_policy.rb
Rails.application.config.content_security_policy do |policy|
policy.default_src :self, :https
policy.img_src :self, :data, "https://images.example.com"
policy.object_src :none
end
These defaults help you meet modern browser security expectations without extra configuration.
Frequently Asked Questions
Does upgrading to Rails 5.2 require changes to my existing secrets.yml?
Rails 5.2 encourages moving secrets to the encrypted credentials file, so you should migrate but existing secrets.yml will still work if present.
Can I use Active Storage with Amazon S3 out of the box?
Yes, just configure the S3 service in config/storage.yml and attach files as shown in the docs.
How do I enable Redis as the cache store in Rails 5.2?
Set config.cache_store = :redis_cache_store, { url: ENV['REDIS_URL'] } in your environment configuration.
What command starts the server with HTTP/2 Early Hints enabled?
bin/rails server --early-hints
Are there any breaking changes related to ApplicationRecord generation?
ApplicationRecord is no longer generated by default; you must run rails g application_record if you need it.
How can I rotate encryption keys for credentials?
You can generate a new master.key, re-encrypt the credentials file with bin/rails credentials:edit, and commit the new key securely.