I know I’m a little bit late on this one but I’m going to do it anyway. Ruby on Rails 7.1 shipped on 10/2023. The Rails teams still try to ship exciting new features and improvements.

Rails is known to prioritize productivity, performance, and writing beautiful code, this new version is not an exception. Let’s dive into some of the most thrilling additions to Rails 7.1 and provide examples for a clearer understanding.

JavaScript Responses as First-Class Citizens

Rails 7.1 enhances its support for modern JavaScript, allowing developers to write more interactive and responsive applications with ease. This means you can easily return JavaScript code from your controller actions. Yes it’s not that new but it’s good to remember you can do this easily. There’s also turbo and hotwire, more on that latter.


class PostsController < ApplicationController
  def create
    @post = Post.new(post_params)
    if @post.save
      respond_to do |format|
        format.html { redirect_to @post }
        format.js # Automatically looks for a corresponding .js.erb file
      render :new, status: :unprocessable_entity

Thanks to format.js block, if a JavaScript request is made to the create action, Rails will automatically search for a create.js.erb file in the views/posts directory, allowing you to easily manage JavaScript responses.

Encrypted Attributes

Security is a real thing for every developer and product owner nowadays. Rails 7.1 introduces encrypted attributes, making it easier to add another layer of security to your applications. This feature allows developers to encrypt model attributes directly in the database, ensuring that sensitive information is protected.


class User < ApplicationRecord
  encrypts :email, :ssn

With this single line, the User model will encrypt email and ssn attributes. Rails will handle the encryption and decryption automatically, hiding the complexity from developers and making it easy to work with encrypted data.

So if you’re database is stolen, you know that these attributes are encrypted and will be harder to be decoded and disclosed.

At-Work Encryption

Building on top of encrypted attributes, “at-work” encryption support in Rails 7.1 ensures that data can be encrypted not only at rest but also when it’s being used. This feature is particularly useful for highly sensitive applications that require an additional layer of security.


class SensitiveDocument < ApplicationRecord
  encrypts :body, at_work: true

In this example, the body attribute of the SensitiveDocument model would be encrypted even when it’s loaded into memory, ensuring that sensitive information remains secure through the entire lifecycle of the data.

That’s another level of security since even if the attacker can read your system memory, those data will be encrypted.

And yes I know that if the whole system is compromised there’s a lot of chances that the attacker have access to encrypt keys and so on. But it’s still another level of security.

Improvements to Hotwire & Turbo

Lastly, Rails 7.1 continues to strengthen its integration with Hotwire and Turbo, providing developers with improved tools for building rich, interactive user interfaces without the complexity of traditional SPA frameworks.


In Rails 7.1, improvements to Turbo Streams allow for more intuitive and flexible partial updates to the DOM, enabling real-time updates to the user interface with minimal code and optimal performance.

I like to think Elixir and Phoenix are pushing this forward.

turbo_stream.update "message_1", partial: "messages/message", locals: { message: @message }

In this line of Turbo Stream, we update a specific DOM element by its ID with a partial, seamlessly rendering updates in real-time.

Rails 7.1 is yet another step forward in making web development more efficient, secure, and enjoyable. With its blend of new features aimed at enhancing productivity, security, and performance, developers are empowered to build sophisticated, modern web applications with ease.

Other nicities


Now a first-class citizen. When you bootstrap a new app you’ll have a Dockerfile at the root of you project that allows to run your app in a container with no further configuation.

Authentification template

Something I also know as a Phoenixcore feature. When you bootstrap an app (or even afterward), you can generate some kind of authentication scaffold you can build on.

Really handy if you don’t need a full-fledge authentication system with X oauth systems or specific mechanisms.

It based upon has_secure_password an so on.

ActiveRecord async queries extended

I can’t remember when it was introduced but since some releases Rails (ActiveRecord) can trigger async queries that helps to avoid blocking in controller actions or methods. This has been extended with even more methods.


Rails seems to be more and more stable and focus on tooling that will help developers work on daily basis.

Don’t forget there’s alternatives in the Ruby ecosystem such as Hanami. The community is much smaller and there’s a long way to go but don’t be to closed-minded. Ruby ecosystem is really nice and it’s not limited to Ruby on Rails.




Have comments or want to discuss this topic?

Send an email to ~bounga/public-inbox@lists.sr.ht