activesupport 7.0.8 → 7.1.0

data/CHANGELOG.md

@@ -1,565 +1,1074 @@
-## Rails 7.0.8 (September 09, 2023) ##
+## Rails 7.1.0 (October 05, 2023) ##
 
-*   Fix `TimeWithZone` still using deprecated `#to_s` when `ENV` or `config` to
-    disable it are set.
+*   No changes.
 
-    *Hartley McGuire*
 
-*   Fix CacheStore#write_multi when using a distributed Redis cache with a connection pool.
+## Rails 7.1.0.rc2 (October 01, 2023) ##
 
-    Fixes [#48938](https://github.com/rails/rails/issues/48938).
+*   Fix `AS::MessagePack` with `ENV["RAILS_MAX_THREADS"]`.
 
-    *Jonathan del Strother*
+    *Jonathan Hefner*
 
 
-## Rails 7.0.7.2 (August 22, 2023) ##
+## Rails 7.1.0.rc1 (September 27, 2023) ##
 
-*   No changes.
+*   Add a new public API for broadcasting logs
 
+    This feature existed for a while but was until now a private API.
+    Broadcasting log allows to send log message to difference sinks (STDOUT, a file ...) and
+    is used by default in the development environment to write logs both on STDOUT and in the
+    "development.log" file.
 
-## Rails 7.0.7.1 (August 22, 2023) ##
+    Basic usage:
 
-*   Use a temporary file for storing unencrypted files while editing
+    ```ruby
+    stdout_logger = Logger.new(STDOUT)
+    file_logger = Logger.new("development.log")
+    broadcast = ActiveSupport::BroadcastLogger.new(stdout_logger, file_logger)
 
-    [CVE-2023-38037]
+    broadcast.info("Hello!") # The "Hello!" message is written on STDOUT and in the log file.
+    ```
 
+    Adding other sink(s) to the broadcast:
 
-## Rails 7.0.7 (August 09, 2023) ##
+    ```ruby
+    broadcast = ActiveSupport::BroadcastLogger.new
+    broadcast.broadcast_to(Logger.new(STDERR))
+    ```
 
-*   Fix `Cache::NullStore` with local caching for repeated reads.
+    Remove a sink from the broadcast:
 
-    *fatkodima*
+    ```ruby
+    stdout_logger = Logger.new(STDOUT)
+    broadcast = ActiveSupport::BroadcastLogger.new(stdout_logger)
 
-*   Fix `to_s` with no arguments not respecting custom `:default` formats
+    broadcast.stop_broadcasting_to(stdout_logger)
+    ```
 
-    *Hartley McGuire*
+    *Edouard Chin*
 
-*   Fix `ActiveSupport::Inflector.humanize(nil)` raising ``NoMethodError: undefined method `end_with?' for nil:NilClass``.
+*   Fix Range#overlap? not taking empty ranges into account on Ruby < 3.3
 
-    *James Robinson*
+    *Nobuyoshi Nakada*, *Shouichi Kamiya*, *Hartley McGuire*
 
-*   Fix `Enumerable#sum` for `Enumerator#lazy`.
+*   Use Ruby 3.3 Range#overlap? if available
 
-    *fatkodima*, *Matthew Draper*, *Jonathan Hefner*
+    *Yasuo Honda*
 
-*   Improve error message when EventedFileUpdateChecker is used without a
-    compatible version of the Listen gem
 
-    *Hartley McGuire*
+## Rails 7.1.0.beta1 (September 13, 2023) ##
 
+*   Add `bigdecimal` as Active Support dependency that is a bundled gem candidate for Ruby 3.4.
 
-## Rails 7.0.6 (June 29, 2023) ##
+    `bigdecimal` 3.1.4 or higher version will be installed.
+    Ruby 2.7 and 3.0 users who want `bigdecimal` version 2.0.0 or 3.0.0 behavior as a default gem,
+    pin the `bigdecimal` version in your application Gemfile.
 
-*   Fix `EncryptedConfiguration` returning incorrect values for some `Hash`
-    methods
+    *Koichi ITO*
 
-    *Hartley McGuire*
+*   Add `drb`, `mutex_m` and `base64` that are bundled gem candidates for Ruby 3.4
 
-*   Fix arguments being destructed `Enumerable#many?` with block.
+    *Yasuo Honda*
 
-    *Andrew Novoselac*
+*   When using cache format version >= 7.1 or a custom serializer, expired and
+    version-mismatched cache entries can now be detected without deserializing
+    their values.
 
-*   Fix humanize for strings ending with id.
+    *Jonathan Hefner*
 
-    *fatkodima*
+*   Make all cache stores return a boolean for `#delete`
 
+    Previously the `RedisCacheStore#delete` would return `1` if the entry
+    exists and `0` otherwise. Now it returns true if the entry exists and false
+    otherwise, just like the other stores.
 
-## Rails 7.0.5.1 (June 26, 2023) ##
+    The `FileStore` would return `nil` if the entry doesn't exists and returns
+    `false` now as well.
 
-*   No changes.
+    *Petrik de Heus*
 
+*   Active Support cache stores now support replacing the default compressor via
+    a `:compressor` option. The specified compressor must respond to `deflate`
+    and `inflate`. For example:
 
-## Rails 7.0.5 (May 24, 2023) ##
+      ```ruby
+      module MyCompressor
+        def self.deflate(string)
+          # compression logic...
+        end
 
-*   Fixes TimeWithZone ArgumentError.
+        def self.inflate(compressed)
+          # decompression logic...
+        end
+      end
 
-    *Niklas Häusele*
+      config.cache_store = :redis_cache_store, { compressor: MyCompressor }
+      ```
 
+    *Jonathan Hefner*
 
-## Rails 7.0.4.3 (March 13, 2023) ##
+*   Active Support cache stores now support a `:serializer` option. Similar to
+    the `:coder` option, serializers must respond to `dump` and `load`. However,
+    serializers are only responsible for serializing a cached value, whereas
+    coders are responsible for serializing the entire `ActiveSupport::Cache::Entry`
+    instance.  Additionally, the output from serializers can be automatically
+    compressed, whereas coders are responsible for their own compression.
 
-*   Implement SafeBuffer#bytesplice
+    Specifying a serializer instead of a coder also enables performance
+    optimizations, including the bare string optimization introduced by cache
+    format version 7.1.
 
-    [CVE-2023-28120]
+    The `:serializer` and `:coder` options are mutually exclusive. Specifying
+    both will raise an `ArgumentError`.
 
+    *Jonathan Hefner*
 
-## Rails 7.0.4.2 (January 24, 2023) ##
+*   Fix `ActiveSupport::Inflector.humanize(nil)` raising ``NoMethodError: undefined method `end_with?' for nil:NilClass``.
 
-*   No changes.
+    *James Robinson*
 
+*   Don't show secrets for `ActiveSupport::KeyGenerator#inspect`.
 
-## Rails 7.0.4.1 (January 17, 2023) ##
+    Before:
 
-*   Avoid regex backtracking in Inflector.underscore
+    ```ruby
+    ActiveSupport::KeyGenerator.new(secret).inspect
+    "#<ActiveSupport::KeyGenerator:0x0000000104888038 ... @secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >"
+    ```
 
-    [CVE-2023-22796]
+    After:
 
+    ```ruby
+    ActiveSupport::KeyGenerator::Aes256Gcm(secret).inspect
+    "#<ActiveSupport::KeyGenerator:0x0000000104888038>"
+    ```
 
-## Rails 7.0.4 (September 09, 2022) ##
+    *Petrik de Heus*
 
-*   Ensure `ActiveSupport::Testing::Isolation::Forking` closes pipes
+*   Improve error message when EventedFileUpdateChecker is used without a
+    compatible version of the Listen gem
 
-    Previously, `Forking.run_in_isolation` opened two ends of a pipe. The fork
-    process closed the read end, wrote to it, and then terminated (which
-    presumably closed the file descriptors on its end). The parent process
-    closed the write end, read from it, and returned, never closing the read
-    end.
+    *Hartley McGuire*
 
-    This resulted in an accumulation of open file descriptors, which could
-    cause errors if the limit is reached.
+*   Add `:report` behavior for Deprecation
 
-    *Sam Bostock*
+    Setting `config.active_support.deprecation = :report` uses the error
+    reporter to report deprecation warnings to `ActiveSupport::ErrorReporter`.
 
-*   Redis cache store is now compatible with redis-rb 5.0.
+    Deprecations are reported as handled errors, with a severity of `:warning`.
 
-    *Jean Boussier*
+    Useful to report deprecations happening in production to your bug tracker.
 
-*   Fix `NoMethodError` on custom `ActiveSupport::Deprecation` behavior.
+    *Étienne Barrié*
 
-    `ActiveSupport::Deprecation.behavior=` was supposed to accept any object
-    that responds to `call`, but in fact its internal implementation assumed that
-    this object could respond to `arity`, so it was restricted to only `Proc` objects.
+*   Rename `Range#overlaps?` to `#overlap?` and add alias for backwards compatibility
 
-    This change removes this `arity` restriction of custom behaviors.
+    *Christian Schmidt*
 
-    *Ryo Nakamura*
+*   Fix `EncryptedConfiguration` returning incorrect values for some `Hash`
+    methods
 
+    *Hartley McGuire*
 
-## Rails 7.0.3.1 (July 12, 2022) ##
+*   Don't show secrets for `MessageEncryptor#inspect`.
 
-*   No changes.
+    Before:
 
+    ```ruby
+    ActiveSupport::MessageEncryptor.new(secret, cipher: "aes-256-gcm").inspect
+    "#<ActiveSupport::MessageEncryptor:0x0000000104888038 ... @secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >"
+    ```
 
-## Rails 7.0.3 (May 09, 2022) ##
+    After:
 
-*   No changes.
+    ```ruby
+    ActiveSupport::MessageEncryptor.new(secret, cipher: "aes-256-gcm").inspect
+    "#<ActiveSupport::MessageEncryptor:0x0000000104888038>"
+    ```
 
+    *Petrik de Heus*
 
-## Rails 7.0.2.4 (April 26, 2022) ##
+*   Don't show contents for `EncryptedConfiguration#inspect`.
 
-*   Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
+    Before:
+    ```ruby
+    Rails.application.credentials.inspect
+    "#<ActiveSupport::EncryptedConfiguration:0x000000010d2b38e8 ... @config={:secret=>\"something secret\"} ... @key_file_contents=\"915e4ea054e011022398dc242\" ...>"
+    ```
 
-    Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
-    in names of tags and names of attributes, following the specification of XML.
+    After:
+    ```ruby
+    Rails.application.credentials.inspect
+    "#<ActiveSupport::EncryptedConfiguration:0x000000010d2b38e8>"
+    ```
 
-    *Álvaro Martín Fraguas*
+    *Petrik de Heus*
 
-## Rails 7.0.2.3 (March 08, 2022) ##
+*   `ERB::Util.html_escape_once` always returns an `html_safe` string.
 
-*   No changes.
+    This method previously maintained the `html_safe?` property of a string on the return
+    value. Because this string has been escaped, however, not marking it as `html_safe` causes
+    entities to be double-escaped.
 
+    As an example, take this view snippet:
 
-## Rails 7.0.2.2 (February 11, 2022) ##
+      ```html
+      <p><%= html_escape_once("this & that &amp; the other") %></p>
+      ```
 
-*   Fix Reloader method signature to work with the new Executor signature
+    Before this change, that would be double-escaped and render as:
 
+      ```html
+      <p>this &amp;amp; that &amp;amp; the other</p>
+      ```
 
-## Rails 7.0.2.1 (February 11, 2022) ##
+    After this change, it renders correctly as:
 
-*   No changes.
+      ```html
+      <p>this &amp; that &amp; the other</p>
+      ```
 
+    Fixes #48256
 
-## Rails 7.0.2 (February 08, 2022) ##
+    *Mike Dalessio*
 
-*   Fix `ActiveSupport::EncryptedConfiguration` to be compatible with Psych 4
+*   Deprecate `SafeBuffer#clone_empty`.
 
-    *Stephen Sugden*
+    This method has not been used internally since Rails 4.2.0.
 
-*   Improve `File.atomic_write` error handling.
+    *Mike Dalessio*
 
-    *Daniel Pepper*
+*   `MessageEncryptor`, `MessageVerifier`, and `config.active_support.message_serializer`
+    now accept `:message_pack` and `:message_pack_allow_marshal` as serializers.
+    These serializers require the [`msgpack` gem](https://rubygems.org/gems/msgpack)
+    (>= 1.7.0).
 
+    The Message Pack format can provide improved performance and smaller payload
+    sizes. It also supports round-tripping some Ruby types that are not supported
+    by JSON. For example:
 
-## Rails 7.0.1 (January 06, 2022) ##
+      ```ruby
+      verifier = ActiveSupport::MessageVerifier.new("secret")
+      data = [{ a: 1 }, { b: 2 }.with_indifferent_access, 1.to_d, Time.at(0, 123)]
+      message = verifier.generate(data)
 
-*   Fix `Class#descendants` and `DescendantsTracker#descendants` compatibility with Ruby 3.1.
+      # BEFORE with config.active_support.message_serializer = :json
+      verifier.verified(message)
+      # => [{"a"=>1}, {"b"=>2}, "1.0", "1969-12-31T18:00:00.000-06:00"]
+      verifier.verified(message).map(&:class)
+      # => [Hash, Hash, String, String]
 
-    [The native `Class#descendants` was reverted prior to Ruby 3.1 release](https://bugs.ruby-lang.org/issues/14394#note-33),
-    but `Class#subclasses` was kept, breaking the feature detection.
+      # AFTER with config.active_support.message_serializer = :message_pack
+      verifier.verified(message)
+      # => [{:a=>1}, {"b"=>2}, 0.1e1, 1969-12-31 18:00:00.000123 -0600]
+      verifier.verified(message).map(&:class)
+      # => [Hash, ActiveSupport::HashWithIndifferentAccess, BigDecimal, Time]
+      ```
 
-    *Jean Boussier*
+    The `:message_pack` serializer can fall back to deserializing with
+    `ActiveSupport::JSON` when necessary, and the `:message_pack_allow_marshal`
+    serializer can fall back to deserializing with `Marshal` as well as
+    `ActiveSupport::JSON`. Additionally, the `:marshal`, `:json`, and
+    `:json_allow_marshal` serializers can now fall back to deserializing with
+    `ActiveSupport::MessagePack` when necessary. These behaviors ensure old
+    messages can still be read so that migration is easier.
 
+    *Jonathan Hefner*
 
-## Rails 7.0.0 (December 15, 2021) ##
+*   A new `7.1` cache format is available which includes an optimization for
+    bare string values such as view fragments.
 
-*   Fix `ActiveSupport::Duration.build` to support negative values.
+    The `7.1` cache format is used by default for new apps, and existing apps
+    can enable the format by setting `config.load_defaults 7.1` or by setting
+    `config.active_support.cache_format_version = 7.1` in `config/application.rb`
+    or a `config/environments/*.rb` file.
 
-    The algorithm to collect the `parts` of the `ActiveSupport::Duration`
-    ignored the sign of the `value` and accumulated incorrect part values. This
-    impacted `ActiveSupport::Duration#sum` (which is dependent on `parts`) but
-    not `ActiveSupport::Duration#eql?` (which is dependent on `value`).
+    Cache entries written using the `6.1` or `7.0` cache formats can be read
+    when using the `7.1` format. To perform a rolling deploy of a Rails 7.1
+    upgrade, wherein servers that have not yet been upgraded must be able to
+    read caches from upgraded servers, leave the cache format unchanged on the
+    first deploy, then enable the `7.1` cache format on a subsequent deploy.
 
-    *Caleb Buxton*, *Braden Staudacher*
+    *Jonathan Hefner*
 
+*   Active Support cache stores can now use a preconfigured serializer based on
+    `ActiveSupport::MessagePack` via the `:serializer` option:
 
-## Rails 7.0.0.rc3 (December 14, 2021) ##
+      ```ruby
+      config.cache_store = :redis_cache_store, { serializer: :message_pack }
+      ```
 
-*   No changes.
+    The `:message_pack` serializer can reduce cache entry sizes and improve
+    performance, but requires the [`msgpack` gem](https://rubygems.org/gems/msgpack)
+    (>= 1.7.0).
 
+    The `:message_pack` serializer can read cache entries written by the default
+    serializer, and the default serializer can now read entries written by the
+    `:message_pack` serializer. These behaviors make it easy to migrate between
+    serializer without invalidating the entire cache.
 
-## Rails 7.0.0.rc2 (December 14, 2021) ##
+    *Jonathan Hefner*
 
-*   No changes.
+*   `Object#deep_dup` no longer duplicate named classes and modules.
 
-## Rails 7.0.0.rc1 (December 06, 2021) ##
+    Before:
 
-*   Deprecate passing a format to `#to_s` in favor of `#to_formatted_s` in `Array`, `Range`, `Date`, `DateTime`, `Time`,
-    `BigDecimal`, `Float` and, `Integer`.
+    ```ruby
+    hash = { class: Object, module: Kernel }
+    hash.deep_dup # => {:class=>#<Class:0x00000001063ffc80>, :module=>#<Module:0x00000001063ffa00>}
+    ```
 
-    *Rafael Mendonça França*
+    After:
+
+    ```ruby
+    hash = { class: Object, module: Kernel }
+    hash.deep_dup # => {:class=>Object, :module=>Kernel}
+    ```
+
+    *Jean Boussier*
+
+*   Consistently raise an `ArgumentError` if the `ActiveSupport::Cache` key is blank.
 
-*   Document `ActiveSupport::Testing::Deprecation`.
+    *Joshua Young*
 
-    *Sam Bostock & Sam Jordan*
+*   Deprecate usage of the singleton `ActiveSupport::Deprecation`.
 
-*   Add `Pathname#existence`.
+    All usage of `ActiveSupport::Deprecation` as a singleton is deprecated, the most common one being
+    `ActiveSupport::Deprecation.warn`. Gem authors should now create their own deprecator (`ActiveSupport::Deprecation`
+    object), and use it to emit deprecation warnings.
+
+    Calling any of the following without specifying a deprecator argument is also deprecated:
+      * Module.deprecate
+      * deprecate_constant
+      * DeprecatedObjectProxy
+      * DeprecatedInstanceVariableProxy
+      * DeprecatedConstantProxy
+      * deprecation-related test assertions
+
+    Use of `ActiveSupport::Deprecation.silence` and configuration methods like `behavior=`, `disallowed_behavior=`,
+    `disallowed_warnings=` should now be aimed at the [application's deprecators](https://api.rubyonrails.org/classes/Rails/Application.html#method-i-deprecators).
 
     ```ruby
-    Pathname.new("file").existence&.read
+    Rails.application.deprecators.silence do
+      # code that emits deprecation warnings
+    end
     ```
 
-    *Timo Schilling*
+    If your gem has a Railtie or Engine, it's encouraged to add your deprecator to the application's deprecators, that
+    way the deprecation related configuration options will apply to it as well, e.g.
+    `config.active_support.report_deprecations` set to `false` in the production environment will also disable your
+    deprecator.
+
+    ```ruby
+    initializer "my_gem.deprecator" do |app|
+      app.deprecators[:my_gem] = MyGem.deprecator
+    end
+    ```
+
+    *Étienne Barrié*
+
+*   Add `Object#with` to set and restore public attributes around a block
+
+    ```ruby
+    client.timeout # => 5
+    client.with(timeout: 1) do
+      client.timeout # => 1
+    end
+    client.timeout # => 5
+    ```
+
+    *Jean Boussier*
+
+*   Remove deprecated support to generate incorrect RFC 4122 UUIDs when providing a namespace ID that is not one of the
+    constants defined on `Digest::UUID`.
+
+    *Rafael Mendonça França*
 
-*   Remove deprecate `ActiveSupport::Multibyte::Unicode.default_normalization_form`.
+*   Deprecate `config.active_support.use_rfc4122_namespaced_uuids`.
 
     *Rafael Mendonça França*
 
-*   Remove deprecated support to use `Range#include?` to check the inclusion of a value in
-    a date time range is deprecated.
+*   Remove implicit conversion of objects into `String` by `ActiveSupport::SafeBuffer`.
 
     *Rafael Mendonça França*
 
-*   Remove deprecated `URI.parser`.
+*   Remove deprecated `active_support/core_ext/range/include_time_with_zone` file.
 
     *Rafael Mendonça França*
 
-*   Remove deprecated `config.active_support.use_sha1_digests`.
+*   Deprecate `config.active_support.remove_deprecated_time_with_zone_name`.
 
     *Rafael Mendonça França*
 
-*   Invoking `Object#with_options` without a `&block` argument returns the
-    `ActiveSupport::OptionMerger` instance.
+*   Remove deprecated override of `ActiveSupport::TimeWithZone.name`.
 
-    *Sean Doyle*
+    *Rafael Mendonça França*
 
-*   `Rails.application.executor` hooks can now be called around every test
+*   Deprecate `config.active_support.disable_to_s_conversion`.
 
-    This helps to better simulate request or job local state being reset around tests and prevents state
-    leaking from one test to another.
+    *Rafael Mendonça França*
 
-    However it requires the executor hooks executed in the test environment to be re-entrant.
+*   Remove deprecated option to passing a format to `#to_s` in `Array`, `Range`, `Date`, `DateTime`, `Time`,
+    `BigDecimal`, `Float` and, `Integer`.
 
-    To enable this, set `config.active_support.executor_around_test_case = true` (this is the default in Rails 7).
+    *Rafael Mendonça França*
 
-    *Jean Boussier*
+*   Remove deprecated `ActiveSupport::PerThreadRegistry`.
 
-*   `ActiveSupport::DescendantsTracker` now mostly delegate to `Class#descendants` on Ruby 3.1
+    *Rafael Mendonça França*
 
-    Ruby now provides a fast `Class#descendants` making `ActiveSupport::DescendantsTracker` mostly useless.
+*   Remove deprecated override of `Enumerable#sum`.
 
-    As a result the following methods are deprecated:
+    *Rafael Mendonça França*
 
-      - `ActiveSupport::DescendantsTracker.direct_descendants`
-      - `ActiveSupport::DescendantsTracker#direct_descendants`
+*   Deprecated initializing a `ActiveSupport::Cache::MemCacheStore` with an instance of `Dalli::Client`.
 
-    *Jean Boussier*
+    Deprecate the undocumented option of providing an already-initialized instance of `Dalli::Client` to `ActiveSupport::Cache::MemCacheStore`. Such clients could be configured with unrecognized options, which could lead to unexpected behavior. Instead, provide addresses as documented.
 
-*   Fix the `Digest::UUID.uuid_from_hash` behavior for namespace IDs that are different from the ones defined on `Digest::UUID`.
+    *aledustet*
 
-    The new behavior will be enabled by setting the
-    `config.active_support.use_rfc4122_namespaced_uuids` option to `true`
-    and is the default for new apps.
+*   Stub `Time.new()` in `TimeHelpers#travel_to`
 
-    The old behavior is the default for upgraded apps and will output a
-    deprecation warning every time a value that is different than one of
-    the constants defined on the `Digest::UUID` extension is used as the
-    namespace ID.
+      ```ruby
+      travel_to Time.new(2004, 11, 24) do
+        # Inside the `travel_to` block `Time.new` is stubbed
+        assert_equal 2004, Time.new.year
+      end
+      ```
 
-    *Alex Robbin*, *Erich Soares Machado*, *Eugene Kenny*
+    *fatkodima*
 
-*   `ActiveSupport::Inflector::Inflections#clear(:acronyms)` is now supported,
-    and `inflector.clear` / `inflector.clear(:all)` also clears acronyms.
+*   Raise `ActiveSupport::MessageEncryptor::InvalidMessage` from
+    `ActiveSupport::MessageEncryptor#decrypt_and_verify` regardless of cipher.
+    Previously, when a `MessageEncryptor` was using a non-AEAD cipher such as
+    AES-256-CBC, a corrupt or tampered message would raise
+    `ActiveSupport::MessageVerifier::InvalidSignature`.  Now, all ciphers raise
+    the same error:
 
-    *Alex Ghiculescu*, *Oliver Peate*
+      ```ruby
+      encryptor = ActiveSupport::MessageEncryptor.new("x" * 32, cipher: "aes-256-gcm")
+      message = encryptor.encrypt_and_sign("message")
+      encryptor.decrypt_and_verify(message.next)
+      # => raises ActiveSupport::MessageEncryptor::InvalidMessage
 
+      encryptor = ActiveSupport::MessageEncryptor.new("x" * 32, cipher: "aes-256-cbc")
+      message = encryptor.encrypt_and_sign("message")
+      encryptor.decrypt_and_verify(message.next)
+      # BEFORE:
+      # => raises ActiveSupport::MessageVerifier::InvalidSignature
+      # AFTER:
+      # => raises ActiveSupport::MessageEncryptor::InvalidMessage
+      ```
 
-## Rails 7.0.0.alpha2 (September 15, 2021) ##
+    *Jonathan Hefner*
 
-*   No changes.
+*   Support `nil` original values when using `ActiveSupport::MessageVerifier#verify`.
+    Previously, `MessageVerifier#verify` did not work with `nil` original
+    values, though both `MessageVerifier#verified` and
+    `MessageEncryptor#decrypt_and_verify` do:
 
+      ```ruby
+      encryptor = ActiveSupport::MessageEncryptor.new(secret)
+      message = encryptor.encrypt_and_sign(nil)
 
-## Rails 7.0.0.alpha1 (September 15, 2021) ##
+      encryptor.decrypt_and_verify(message)
+      # => nil
 
-*   `ActiveSupport::Dependencies` no longer installs a `const_missing` hook. Before this, you could push to the autoload paths and have constants autoloaded. This feature, known as the `classic` autoloader, has been removed.
+      verifier = ActiveSupport::MessageVerifier.new(secret)
+      message = verifier.generate(nil)
 
-    *Xavier Noria*
+      verifier.verified(message)
+      # => nil
 
-*   Private internal classes of `ActiveSupport::Dependencies` have been deleted, like `ActiveSupport::Dependencies::Reference`, `ActiveSupport::Dependencies::Blamable`, and others.
+      verifier.verify(message)
+      # BEFORE:
+      # => raises ActiveSupport::MessageVerifier::InvalidSignature
+      # AFTER:
+      # => nil
+      ```
 
-    *Xavier Noria*
+    *Jonathan Hefner*
 
-*   The private API of `ActiveSupport::Dependencies` has been deleted. That includes methods like `hook!`, `unhook!`, `depend_on`, `require_or_load`, `mechanism`, and many others.
+*   Maintain `html_safe?` on html_safe strings when sliced with `slice`, `slice!`, or `chr` method.
 
-    *Xavier Noria*
+    Previously, `html_safe?` was only maintained when the html_safe strings were sliced
+    with `[]` method. Now, `slice`, `slice!`, and `chr` methods will maintain `html_safe?` like `[]` method.
 
-*   Improves the performance of `ActiveSupport::NumberHelper` formatters by avoiding the use of exceptions as flow control.
+    ```ruby
+    string = "<div>test</div>".html_safe
+    string.slice(0, 1).html_safe? # => true
+    string.slice!(0, 1).html_safe? # => true
+    # maintain html_safe? after the slice!
+    string.html_safe? # => true
+    string.chr.html_safe? # => true
+    ```
 
-    *Mike Dalessio*
+    *Michael Go*
 
-*   Removed rescue block from `ActiveSupport::Cache::RedisCacheStore#handle_exception`
+*   Add `Object#in?` support for open ranges.
 
-    Previously, if you provided a `error_handler` to `redis_cache_store`, any errors thrown by
-    the error handler would be rescued and logged only. Removed the `rescue` clause from `handle_exception`
-    to allow these to be thrown.
+    ```ruby
+    assert Date.today.in?(..Date.tomorrow)
+    assert_not Date.today.in?(Date.tomorrow..)
+    ```
 
-    *Nicholas A. Stuart*
+    *Ignacio Galindo*
 
-*   Allow entirely opting out of deprecation warnings.
+*   `config.i18n.raise_on_missing_translations = true` now raises on any missing translation.
 
-    Previously if you did `app.config.active_support.deprecation = :silence`, some work would
-    still be done on each call to `ActiveSupport::Deprecation.warn`. In very hot paths, this could
-    cause performance issues.
+    Previously it would only raise when called in a view or controller. Now it will raise
+    anytime `I18n.t` is provided an unrecognised key.
 
-    Now, you can make `ActiveSupport::Deprecation.warn` a no-op:
+    If you do not want this behaviour, you can customise the i18n exception handler. See the
+    upgrading guide or i18n guide for more information.
+
+    *Alex Ghiculescu*
+
+*   `ActiveSupport::CurrentAttributes` now raises if a restricted attribute name is used.
+
+    Attributes such as `set` and `reset` cannot be used as they clash with the
+    `CurrentAttributes` public API.
+
+    *Alex Ghiculescu*
+
+*   `HashWithIndifferentAccess#transform_keys` now takes a Hash argument, just
+    as Ruby's `Hash#transform_keys` does.
+
+    *Akira Matsuda*
+
+*   `delegate` now defines method with proper arity when delegating to a Class.
+    With this change, it defines faster method (3.5x faster with no argument).
+    However, in order to gain this benefit, the delegation target method has to
+    be defined before declaring the delegation.
 
     ```ruby
-    config.active_support.report_deprecations = false
+    # This defines 3.5 times faster method than before
+    class C
+      def self.x() end
+      delegate :x, to: :class
+    end
+
+    class C
+      # This works but silently falls back to old behavior because
+      # `delegate` cannot find the definition of `x`
+      delegate :x, to: :class
+      def self.x() end
+    end
     ```
 
-    This is the default in production for new apps. It is the equivalent to:
+    *Akira Matsuda*
 
-    ```ruby
-    config.active_support.deprecation = :silence
-    config.active_support.disallowed_deprecation = :silence
+*   `assert_difference` message now includes what changed.
+
+    This makes it easier to debug non-obvious failures.
+
+    Before:
+
+    ```
+    "User.count" didn't change by 32.
+    Expected: 1611
+      Actual: 1579
     ```
 
-    but will take a more optimised code path.
+    After:
 
-    *Alex Ghiculescu*
+    ```
+    "User.count" didn't change by 32, but by 0.
+    Expected: 1611
+      Actual: 1579
+    ```
 
-*   Faster tests by parallelizing only when overhead is justified by the number
-    of them.
+    *Alex Ghiculescu*
 
-    Running tests in parallel adds overhead in terms of database
-    setup and fixture loading. Now, Rails will only parallelize test executions when
-    there are enough tests to make it worth it.
+*   Add ability to match exception messages to `assert_raises` assertion
 
-    This threshold is 50 by default, and is configurable via config setting in
-    your test.rb:
+    Instead of this
+    ```ruby
+    error = assert_raises(ArgumentError) do
+      perform_service(param: 'exception')
+    end
+    assert_match(/incorrect param/i, error.message)
+    ```
 
+    you can now write this
     ```ruby
-    config.active_support.test_parallelization_threshold = 100
+    assert_raises(ArgumentError, match: /incorrect param/i) do
+      perform_service(param: 'exception')
+    end
     ```
 
-    It's also configurable at the test case level:
+    *fatkodima*
+
+*   Add `Rails.env.local?` shorthand for `Rails.env.development? || Rails.env.test?`.
+
+    *DHH*
+
+*   `ActiveSupport::Testing::TimeHelpers` now accepts named `with_usec` argument
+    to `freeze_time`, `travel`, and `travel_to` methods. Passing true prevents
+    truncating the destination time with `change(usec: 0)`.
+
+    *KevSlashNull*, and *serprex*
+
+*   `ActiveSupport::CurrentAttributes.resets` now accepts a method name
+
+    The block API is still the recommended approach, but now both APIs are supported:
 
     ```ruby
-    class ActiveSupport::TestCase
-      parallelize threshold: 100
+    class Current < ActiveSupport::CurrentAttributes
+      resets { Time.zone = nil }
+      resets :clear_time_zone
     end
     ```
 
-    *Jorge Manrubia*
+    *Alex Ghiculescu*
 
-*   OpenSSL constants are now used for Digest computations.
+*   Ensure `ActiveSupport::Testing::Isolation::Forking` closes pipes
 
-    *Dirkjan Bussink*
+    Previously, `Forking.run_in_isolation` opened two ends of a pipe. The fork
+    process closed the read end, wrote to it, and then terminated (which
+    presumably closed the file descriptors on its end). The parent process
+    closed the write end, read from it, and returned, never closing the read
+    end.
+
+    This resulted in an accumulation of open file descriptors, which could
+    cause errors if the limit is reached.
+
+    *Sam Bostock*
+
+*   Fix `Time#change` and `Time#advance` for times around the end of Daylight
+    Saving Time.
 
-*   `TimeZone.iso8601` now accepts valid ordinal values similar to Ruby's `Date._iso8601` method.
-    A valid ordinal value will be converted to an instance of `TimeWithZone` using the `:year`
-    and `:yday` fragments returned from `Date._iso8601`.
+    Previously, when `Time#change` or `Time#advance` constructed a time inside
+    the final stretch of Daylight Saving Time (DST), the non-DST offset would
+    always be chosen for local times:
 
     ```ruby
-    twz = ActiveSupport::TimeZone["Eastern Time (US & Canada)"].iso8601("21087")
-    twz.to_a[0, 6] == [0, 0, 0, 28, 03, 2021]
+    # DST ended just before 2021-11-07 2:00:00 AM in US/Eastern.
+    ENV["TZ"] = "US/Eastern"
+
+    time = Time.local(2021, 11, 07, 00, 59, 59) + 1
+    # => 2021-11-07 01:00:00 -0400
+    time.change(day: 07)
+    # => 2021-11-07 01:00:00 -0500
+    time.advance(seconds: 0)
+    # => 2021-11-07 01:00:00 -0500
+
+    time = Time.local(2021, 11, 06, 01, 00, 00)
+    # => 2021-11-06 01:00:00 -0400
+    time.change(day: 07)
+    # => 2021-11-07 01:00:00 -0500
+    time.advance(days: 1)
+    # => 2021-11-07 01:00:00 -0500
     ```
 
-    *Steve Laing*
+    And the DST offset would always be chosen for times with a `TimeZone`
+    object:
 
-*   `Time#change` and methods that call it (e.g. `Time#advance`) will now
-    return a `Time` with the timezone argument provided, if the caller was
-    initialized with a timezone argument.
-
-    Fixes [#42467](https://github.com/rails/rails/issues/42467).
+    ```ruby
+    Time.zone = "US/Eastern"
+
+    time = Time.new(2021, 11, 07, 02, 00, 00, Time.zone) - 3600
+    # => 2021-11-07 01:00:00 -0500
+    time.change(day: 07)
+    # => 2021-11-07 01:00:00 -0400
+    time.advance(seconds: 0)
+    # => 2021-11-07 01:00:00 -0400
+
+    time = Time.new(2021, 11, 8, 01, 00, 00, Time.zone)
+    # => 2021-11-08 01:00:00 -0500
+    time.change(day: 07)
+    # => 2021-11-07 01:00:00 -0400
+    time.advance(days: -1)
+    # => 2021-11-07 01:00:00 -0400
+    ```
 
-    *Alex Ghiculescu*
+    Now, `Time#change` and `Time#advance` will choose the offset that matches
+    the original time's offset when possible:
 
-*   Allow serializing any module or class to JSON by name.
+    ```ruby
+    ENV["TZ"] = "US/Eastern"
+
+    time = Time.local(2021, 11, 07, 00, 59, 59) + 1
+    # => 2021-11-07 01:00:00 -0400
+    time.change(day: 07)
+    # => 2021-11-07 01:00:00 -0400
+    time.advance(seconds: 0)
+    # => 2021-11-07 01:00:00 -0400
+
+    time = Time.local(2021, 11, 06, 01, 00, 00)
+    # => 2021-11-06 01:00:00 -0400
+    time.change(day: 07)
+    # => 2021-11-07 01:00:00 -0400
+    time.advance(days: 1)
+    # => 2021-11-07 01:00:00 -0400
+
+    Time.zone = "US/Eastern"
+
+    time = Time.new(2021, 11, 07, 02, 00, 00, Time.zone) - 3600
+    # => 2021-11-07 01:00:00 -0500
+    time.change(day: 07)
+    # => 2021-11-07 01:00:00 -0500
+    time.advance(seconds: 0)
+    # => 2021-11-07 01:00:00 -0500
+
+    time = Time.new(2021, 11, 8, 01, 00, 00, Time.zone)
+    # => 2021-11-08 01:00:00 -0500
+    time.change(day: 07)
+    # => 2021-11-07 01:00:00 -0500
+    time.advance(days: -1)
+    # => 2021-11-07 01:00:00 -0500
+    ```
 
-    *Tyler Rick*, *Zachary Scott*
+    *Kevin Hall*, *Takayoshi Nishida*, and *Jonathan Hefner*
 
-*   Raise `ActiveSupport::EncryptedFile::MissingKeyError` when the
-    `RAILS_MASTER_KEY` environment variable is blank (e.g. `""`).
+*   Fix MemoryStore to preserve entries TTL when incrementing or decrementing
 
-    *Sunny Ripert*
+    This is to be more consistent with how MemCachedStore and RedisCacheStore behaves.
 
-*   The `from:` option is added to `ActiveSupport::TestCase#assert_no_changes`.
+    *Jean Boussier*
 
-    It permits asserting on the initial value that is expected not to change.
+*   `Rails.error.handle` and `Rails.error.record` filter now by multiple error classes.
 
     ```ruby
-    assert_no_changes -> { Status.all_good? }, from: true do
-      post :create, params: { status: { ok: true } }
+    Rails.error.handle(IOError, ArgumentError) do
+      1 + '1' # raises TypeError
     end
+    1 + 1 # TypeErrors are not IOErrors or ArgumentError, so this will *not* be handled
     ```
 
-    *George Claghorn*
+    *Martin Spickermann*
+
+*   `Class#subclasses` and `Class#descendants` now automatically filter reloaded classes.
 
-*   Deprecate `ActiveSupport::SafeBuffer`'s incorrect implicit conversion of objects into string.
+    Previously they could return old implementations of reloadable classes that have been
+    dereferenced but not yet garbage collected.
 
-    Except for a few methods like `String#%`, objects must implement `#to_str`
-    to be implicitly converted to a String in string operations. In some
-    circumstances `ActiveSupport::SafeBuffer` was incorrectly calling the
-    explicit conversion method (`#to_s`) on them. This behavior is now
-    deprecated.
+    They now automatically filter such classes like `DescendantTracker#subclasses` and
+    `DescendantTracker#descendants`.
 
     *Jean Boussier*
 
-*   Allow nested access to keys on `Rails.application.credentials`.
+*   `Rails.error.report` now marks errors as reported to avoid reporting them twice.
 
-    Previously only top level keys in `credentials.yml.enc` could be accessed with method calls. Now any key can.
+    In some cases, users might want to report errors explicitly with some extra context
+    before letting it bubble up.
 
-    For example, given these secrets:
+    This also allows to safely catch and report errors outside of the execution context.
 
-    ```yml
-    aws:
-      access_key_id: 123
-      secret_access_key: 345
+    *Jean Boussier*
+
+*   Add `assert_error_reported` and `assert_no_error_reported`
+
+    Allows to easily asserts an error happened but was handled
+
+    ```ruby
+    report = assert_error_reported(IOError) do
+      # ...
+    end
+    assert_equal "Oops", report.error.message
+    assert_equal "admin", report.context[:section]
+    assert_equal :warning, report.severity
+    assert_predicate report, :handled?
     ```
 
-    `Rails.application.credentials.aws.access_key_id` will now return the same thing as
-    `Rails.application.credentials.aws[:access_key_id]`.
+    *Jean Boussier*
 
-    *Alex Ghiculescu*
+*   `ActiveSupport::Deprecation` behavior callbacks can now receive the
+    deprecator instance as an argument.  This makes it easier for such callbacks
+    to change their behavior based on the deprecator's state.  For example,
+    based on the deprecator's `debug` flag.
 
-*   Added a faster and more compact `ActiveSupport::Cache` serialization format.
+    3-arity and splat-args callbacks such as the following will now be passed
+    the deprecator instance as their third argument:
 
-    It can be enabled with `config.active_support.cache_format_version = 7.0` or
-    `config.load_defaults 7.0`. Regardless of the configuration Active Support
-    7.0 can read cache entries serialized by Active Support 6.1 which allows to
-    upgrade without invalidating the cache. However Rails 6.1 can't read the
-    new format, so all readers must be upgraded before the new format is enabled.
+    * `->(message, callstack, deprecator) { ... }`
+    * `->(*args) { ... }`
+    * `->(message, *other_args) { ... }`
 
-    *Jean Boussier*
+    2-arity and 4-arity callbacks such as the following will continue to behave
+    the same as before:
 
-*   Add `Enumerable#sole`, per `ActiveRecord::FinderMethods#sole`.  Returns the
-    sole item of the enumerable, raising if no items are found, or if more than
-    one is.
+    * `->(message, callstack) { ... }`
+    * `->(message, callstack, deprecation_horizon, gem_name) { ... }`
+    * `->(message, callstack, *deprecation_details) { ... }`
 
-    *Asherah Connor*
+    *Jonathan Hefner*
 
-*   Freeze `ActiveSupport::Duration#parts` and remove writer methods.
+*   `ActiveSupport::Deprecation#disallowed_warnings` now affects the instance on
+    which it is configured.
 
-    Durations are meant to be value objects and should not be mutated.
+    This means that individual `ActiveSupport::Deprecation` instances can be
+    configured with their own disallowed warnings, and the global
+    `ActiveSupport::Deprecation.disallowed_warnings` now only affects the global
+    `ActiveSupport::Deprecation.warn`.
 
-    *Andrew White*
+    **Before**
 
-*   Fix `ActiveSupport::TimeZone#utc_to_local` with fractional seconds.
+    ```ruby
+    ActiveSupport::Deprecation.disallowed_warnings = ["foo"]
+    deprecator = ActiveSupport::Deprecation.new("2.0", "MyCoolGem")
+    deprecator.disallowed_warnings = ["bar"]
+
+    ActiveSupport::Deprecation.warn("foo") # => raise ActiveSupport::DeprecationException
+    ActiveSupport::Deprecation.warn("bar") # => print "DEPRECATION WARNING: bar"
+    deprecator.warn("foo")                 # => raise ActiveSupport::DeprecationException
+    deprecator.warn("bar")                 # => print "DEPRECATION WARNING: bar"
+    ```
 
-    When `utc_to_local_returns_utc_offset_times` is false and the time
-    instance had fractional seconds the new UTC time instance was out by
-    a factor of 1,000,000 as the `Time.utc` constructor takes a usec
-    value and not a fractional second value.
+    **After**
 
-    *Andrew White*
+    ```ruby
+    ActiveSupport::Deprecation.disallowed_warnings = ["foo"]
+    deprecator = ActiveSupport::Deprecation.new("2.0", "MyCoolGem")
+    deprecator.disallowed_warnings = ["bar"]
+
+    ActiveSupport::Deprecation.warn("foo") # => raise ActiveSupport::DeprecationException
+    ActiveSupport::Deprecation.warn("bar") # => print "DEPRECATION WARNING: bar"
+    deprecator.warn("foo")                 # => print "DEPRECATION WARNING: foo"
+    deprecator.warn("bar")                 # => raise ActiveSupport::DeprecationException
+    ```
+
+    Note that global `ActiveSupport::Deprecation` methods such as `ActiveSupport::Deprecation.warn`
+    and `ActiveSupport::Deprecation.disallowed_warnings` have been deprecated.
+
+    *Jonathan Hefner*
+
+*   Add italic and underline support to `ActiveSupport::LogSubscriber#color`
 
-*   Add `expires_at` argument to `ActiveSupport::Cache` `write` and `fetch` to set a cache entry TTL as an absolute time.
+    Previously, only bold text was supported via a positional argument.
+    This allows for bold, italic, and underline options to be specified
+    for colored logs.
 
     ```ruby
-    Rails.cache.write(key, value, expires_at: Time.now.at_end_of_hour)
+    info color("Hello world!", :red, bold: true, underline: true)
     ```
 
+    *Gannon McGibbon*
+
+*   Add `String#downcase_first` method.
+
+    This method is the corollary of `String#upcase_first`.
+
+    *Mark Schneider*
+
+*   `thread_mattr_accessor` will call `.dup.freeze` on non-frozen default values.
+
+    This provides a basic level of protection against different threads trying
+    to mutate a shared default object.
+
+    *Jonathan Hefner*
+
+*   Add `raise_on_invalid_cache_expiration_time` config to `ActiveSupport::Cache::Store`
+
+    Specifies if an `ArgumentError` should be raised if `Rails.cache` `fetch` or
+    `write` are given an invalid `expires_at` or `expires_in` time.
+
+    Options are `true`, and `false`. If `false`, the exception will be reported
+    as `handled` and logged instead. Defaults to `true` if `config.load_defaults >= 7.1`.
+
+     *Trevor Turk*
+
+*   `ActiveSupport::Cache:Store#fetch` now passes an options accessor to the block.
+
+    It makes possible to override cache options:
+
+        Rails.cache.fetch("3rd-party-token") do |name, options|
+          token = fetch_token_from_remote
+          # set cache's TTL to match token's TTL
+          options.expires_in = token.expires_in
+          token
+        end
+
+    *Andrii Gladkyi*, *Jean Boussier*
+
+*   `default` option of `thread_mattr_accessor` now applies through inheritance and
+    also across new threads.
+
+    Previously, the `default` value provided was set only at the moment of defining
+    the attribute writer, which would cause the attribute to be uninitialized in
+    descendants and in other threads.
+
+    Fixes #43312.
+
+    *Thierry Deo*
+
+*   Redis cache store is now compatible with redis-rb 5.0.
+
     *Jean Boussier*
 
-*   Deprecate `ActiveSupport::TimeWithZone.name` so that from Rails 7.1 it will use the default implementation.
+*   Add `skip_nil:` support to `ActiveSupport::Cache::Store#fetch_multi`.
 
-    *Andrew White*
+    *Daniel Alfaro*
 
-*   Deprecates Rails custom `Enumerable#sum` and `Array#sum` in favor of Ruby's native implementation which
-    is considerably faster.
+*   Add `quarter` method to date/time
 
-    Ruby requires an initializer for non-numeric type as per examples below:
+    *Matt Swanson*
 
-    ```ruby
-    %w[foo bar].sum('')
-    # instead of %w[foo bar].sum
+*   Fix `NoMethodError` on custom `ActiveSupport::Deprecation` behavior.
 
-    [[1, 2], [3, 4, 5]].sum([])
-    # instead of [[1, 2], [3, 4, 5]].sum
-    ```
+    `ActiveSupport::Deprecation.behavior=` was supposed to accept any object
+    that responds to `call`, but in fact its internal implementation assumed that
+    this object could respond to `arity`, so it was restricted to only `Proc` objects.
 
-    *Alberto Mota*
+    This change removes this `arity` restriction of custom behaviors.
 
-*   Tests parallelization is now disabled when running individual files to prevent the setup overhead.
+    *Ryo Nakamura*
 
-    It can still be enforced if the environment variable `PARALLEL_WORKERS` is present and set to a value greater than 1.
+*   Support `:url_safe` option for `MessageEncryptor`.
 
-    *Ricardo Díaz*
+    The `MessageEncryptor` constructor now accepts a `:url_safe` option, similar
+    to the `MessageVerifier` constructor.  When enabled, this option ensures
+    that messages use a URL-safe encoding.
 
-*   Fix proxying keyword arguments in `ActiveSupport::CurrentAttributes`.
+    *Jonathan Hefner*
 
-    *Marcin Kołodziej*
+*   Add `url_safe` option to `ActiveSupport::MessageVerifier` initializer
 
-*   Add `Enumerable#maximum` and `Enumerable#minimum` to easily calculate the maximum or minimum from extracted
-    elements of an enumerable.
+    `ActiveSupport::MessageVerifier.new` now takes optional `url_safe` argument.
+    It can generate URL-safe strings by passing `url_safe: true`.
 
     ```ruby
-    payments = [Payment.new(5), Payment.new(15), Payment.new(10)]
-
-    payments.minimum(:price) # => 5
-    payments.maximum(:price) # => 15
+    verifier = ActiveSupport::MessageVerifier.new(url_safe: true)
+    message = verifier.generate(data) # => URL-safe string
     ```
 
-    This also allows passing enumerables to `fresh_when` and `stale?` in Action Controller.
-    See PR [#41404](https://github.com/rails/rails/pull/41404) for an example.
+    This option is `false` by default to be backwards compatible.
 
-    *Ayrton De Craene*
+    *Shouichi Kamiya*
 
-*   `ActiveSupport::Cache::MemCacheStore` now accepts an explicit `nil` for its `addresses` argument.
+*   Enable connection pooling by default for `MemCacheStore` and `RedisCacheStore`.
+
+    If you want to disable connection pooling, set `:pool` option to `false` when configuring the cache store:
 
     ```ruby
-    config.cache_store = :mem_cache_store, nil
+    config.cache_store = :mem_cache_store, "cache.example.com", pool: false
+    ```
 
-    # is now equivalent to
+    *fatkodima*
 
-    config.cache_store = :mem_cache_store
+*   Add `force:` support to `ActiveSupport::Cache::Store#fetch_multi`.
 
-    # and is also equivalent to
+    *fatkodima*
 
-    config.cache_store = :mem_cache_store, ENV["MEMCACHE_SERVERS"] || "localhost:11211"
+*   Deprecated `:pool_size` and `:pool_timeout` options for configuring connection pooling in cache stores.
 
-    # which is the fallback behavior of Dalli
+    Use `pool: true` to enable pooling with default settings:
+
+    ```ruby
+    config.cache_store = :redis_cache_store, pool: true
     ```
 
-    This helps those migrating from `:dalli_store`, where an explicit `nil` was permitted.
+    Or pass individual options via `:pool` option:
 
-    *Michael Overmeyer*
+    ```ruby
+    config.cache_store = :redis_cache_store, pool: { size: 10, timeout: 2 }
+    ```
 
-*   Add `Enumerable#in_order_of` to put an Enumerable in a certain order by a key.
+    *fatkodima*
 
-    *DHH*
+*   Allow #increment and #decrement methods of `ActiveSupport::Cache::Store`
+    subclasses to set new values.
 
-*   `ActiveSupport::Inflector.camelize` behaves expected when provided a symbol `:upper` or `:lower` argument. Matches
-    `String#camelize` behavior.
+    Previously incrementing or decrementing an unset key would fail and return
+    nil. A default will now be assumed and the key will be created.
 
-    *Alex Ghiculescu*
+    *Andrej Blagojević*, *Eugene Kenny*
+
+*   Add `skip_nil:` support to `RedisCacheStore`
+
+    *Joey Paris*
 
-*   Raises an `ArgumentError` when the first argument of `ActiveSupport::Notification.subscribe` is
-    invalid.
+*   `ActiveSupport::Cache::MemoryStore#write(name, val, unless_exist:true)` now
+    correctly writes expired keys.
 
-    *Vipul A M*
+    *Alan Savage*
 
-*   `HashWithIndifferentAccess#deep_transform_keys` now returns a `HashWithIndifferentAccess` instead of a `Hash`.
+*   `ActiveSupport::ErrorReporter` now accepts and forward a `source:` parameter.
 
-    *Nathaniel Woodthorpe*
+    This allow libraries to signal the origin of the errors, and reporters
+    to easily ignore some sources.
 
-*   Consume dalli’s `cache_nils` configuration as `ActiveSupport::Cache`'s `skip_nil` when using `MemCacheStore`.
+    *Jean Boussier*
+
+*   Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
+
+    Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
+    in names of tags and names of attributes, following the specification of XML.
+
+    *Álvaro Martín Fraguas*
 
-    *Ritikesh G*
+*   Respect `ActiveSupport::Logger.new`'s `:formatter` keyword argument
 
-*   Add `RedisCacheStore#stats` method similar to `MemCacheStore#stats`. Calls `redis#info` internally.
+    The stdlib `Logger::new` allows passing a `:formatter` keyword argument to
+    set the logger's formatter. Previously `ActiveSupport::Logger.new` ignored
+    that argument by always setting the formatter to an instance of
+    `ActiveSupport::Logger::SimpleFormatter`.
 
-    *Ritikesh G*
+    *Steven Harman*
 
+*   Deprecate preserving the pre-Ruby 2.4 behavior of `to_time`
+
+    With Ruby 2.4+ the default for +to_time+ changed from converting to the
+    local system time to preserving the offset of the receiver. At the time Rails
+    supported older versions of Ruby so a compatibility layer was added to assist
+    in the migration process. From Rails 5.0 new applications have defaulted to
+    the Ruby 2.4+ behavior and since Rails 7.0 now only supports Ruby 2.7+
+    this compatibility layer can be safely removed.
+
+    To minimize any noise generated the deprecation warning only appears when the
+    setting is configured to `false` as that is the only scenario where the
+    removal of the compatibility layer has any effect.
+
+    *Andrew White*
+
+*   `Pathname.blank?` only returns true for `Pathname.new("")`
+
+    Previously it would end up calling `Pathname#empty?` which returned true
+    if the path existed and was an empty directory or file.
+
+    That behavior was unlikely to be expected.
+
+    *Jean Boussier*
+
+*   Deprecate `Notification::Event`'s `#children` and `#parent_of?`
+
+    *John Hawthorn*
+
+*   Change the default serializer of `ActiveSupport::MessageVerifier` from
+    `Marshal` to `ActiveSupport::JSON` when using `config.load_defaults 7.1`.
+
+    Messages serialized with `Marshal` can still be read, but new messages will
+    be serialized with `ActiveSupport::JSON`. For more information, see
+    https://guides.rubyonrails.org/v7.1/configuring.html#config-active-support-message-serializer.
+
+    *Saba Kiaei*, *David Buckley*, and *Jonathan Hefner*
+
+*   Change the default serializer of `ActiveSupport::MessageEncryptor` from
+    `Marshal` to `ActiveSupport::JSON` when using `config.load_defaults 7.1`.
+
+    Messages serialized with `Marshal` can still be read, but new messages will
+    be serialized with `ActiveSupport::JSON`. For more information, see
+    https://guides.rubyonrails.org/v7.1/configuring.html#config-active-support-message-serializer.
+
+    *Zack Deveau*, *Martin Gingras*, and *Jonathan Hefner*
+
+*   Add `ActiveSupport::TestCase#stub_const` to stub a constant for the duration of a yield.
+
+    *DHH*
+
+*   Fix `ActiveSupport::EncryptedConfiguration` to be compatible with Psych 4
+
+    *Stephen Sugden*
+
+*   Improve `File.atomic_write` error handling
+
+    *Daniel Pepper*
+
+*   Fix `Class#descendants` and `DescendantsTracker#descendants` compatibility with Ruby 3.1.
+
+    [The native `Class#descendants` was reverted prior to Ruby 3.1 release](https://bugs.ruby-lang.org/issues/14394#note-33),
+    but `Class#subclasses` was kept, breaking the feature detection.
+
+    *Jean Boussier*
 
-Please check [6-1-stable](https://github.com/rails/rails/blob/6-1-stable/activesupport/CHANGELOG.md) for previous changes.
+Please check [7-0-stable](https://github.com/rails/rails/blob/7-0-stable/activesupport/CHANGELOG.md) for previous changes.