Release Notes
1. Upgrade notes
Before updating to this release, make sure your installation is at least on v0.31.0 and that you have completed all the steps required for that update. The steps for the patch releases (i.e. v0.31.1, v0.31.2, v0.31.3) should be already applied here, but there shouldn't be any problem running them two or more times.
As usual, we recommend that you have a full backup, of the database, application code and static files.
NOTE: Please note this release is updating Rails version from 7.2.2 to 8.1.2. Ensure you back up your SECRET_KEY_BASE env variable and also tmp/local_secret.txt if you have it.
On your local development environment, you may need to set your SECRET_KEY_BASE env variable to the same value as the one present in your tmp/local_secret.txt.
This also means that we're in the currently last supported version of Ruby on Rails 🎉🎉
One of the big highlights for this release is that almost all of the URLs are changing so we have the locale prefixed always. The old URLs should be automatically redirected, if that's not the case please open an issue so we can check it out.
To update, follow these steps:
1.1. Update your ruby version
If you're using rbenv, this is done with the following commands:
rbenv install 3.4.7
rbenv local 3.4.7You may need to change your .ruby-version file too.
If not, you need to adapt it to your environment, for instance by changing the decidim docker image to use ruby:3.4.7.
You can read more about this change on PR #15604.
1.2. Update your Gemfile
gem "decidim", "0.32.0.rc1"
gem "decidim-dev", "0.32.0.rc1"1.3. Run these commands
sudo apt install libvips libvips-tools # or the alternative installation process for your operating system. See "3.4. Replace image processing with imagemagick to libvips"
bundle update decidim
bin/rails decidim:upgrade
sed -i "s/config\.load_defaults 7\.2/config\.load_defaults 8.1/g" config/application.rb # see "2.1. Ruby on Rails update to 8.1"
wget https://raw.githubusercontent.com/decidim/decidim/refs/heads/release/0.32-stable/decidim-core/lib/decidim/shakapacker/shakapacker.yml -O config/shakapacker.yml -O config/shakapacker.yml # see "2.3. Shakapacker upgrade"
bin/rails db:migrate
bin/rails decidim:upgrade:encryption # see "5.1. Encryption mechanism changes"
echo "/public/sw.js*" >> .gitignore # see "2.5. Fix gitignore for ServiceWorker related files"
bin/rails decidim:upgrade:remove_deleted_users_left_data # see "3.1. Remove user data left behind by `Decidim::DestroyAccount`"
bin/rails decidim:upgrade:fix_deleted_members_follows # see "3.2. Remove the follows of former private users"
sed -i 's/Env.new("SMTP_STARTTLS_AUTO").to_boolean_string/Env.new("SMTP_STARTTLS_AUTO", true).present?/' config/environments/production.rb # see "3.5. Fix the "SMTP_STARTTLS_AUTO" env var in `production.rb`"
bin/rails data:migrateIn cases where you have done some developments, please check out these particular sections:
- run your test suite and be aware that there may be some incompatibilities with the Rails 8.1 update (see "2.1. Ruby on Rails update to 8.1")
- if you use Azure for your Active Storage configuration, you need to use another gem (see "2.1.1 Removal of official Azure support from Active Storage")
- if your tests had hard-coded URLs you may need to change them to use the URL helper (i.e. use "
some_route_path" instead of "/some/route") - if you are defining new filters or overriding our filters, you may need to adapt to the change described at "5.2. Refactor of filters"
- if you were defining some configure block (like
Decidim::YourModule.configure do |config|), you need to migrate to the new patter described at "5.3. Decidim Configuration changes"
1.4. Follow the steps and commands detailed in these notes
2. General notes
2.1. Ruby on Rails update to 8.1
This particular release is deploying a new Rails version, 8.1. As a result you need to update your application configuration. Before that, you need to run the following commands:
sed -i "s/config\.load_defaults 7\.2/config\.load_defaults 8.1/g" config/application.rb # see "2.1. Ruby on Rails update to 8.1"2.1.1 Removal of official Azure support from Active Storage
Rails core team decided to remove the Azure Active Storage support from Rails 8.1, as the official Azure libraries are not maintained since September 2024. If you are using Azure for your Active Storage, support, you could use the unofficial Azure Active Storage gem Azure Blob
You can read more about this change on PR:
2.2. Add locale to the URL
For a long time Decidim has been using internally the user browser to detect the language of the user. This has been changed to use the locale of the URL instead.
This improves the user experience by allowing the platform to send emails with the correct language, linking any resource to the correct language preferred by the user.
It also enables the users of multi language platforms to share the links to the resources within their own language.
/en/processes/here-slug/f/57/elections/5 # if seen in English
/ca/processes/here-slug/f/57/elections/5 # if seen in Catalan
You can read more about this change on PR #14432.
2.3. Shakapacker upgrade
In our efforts to improve the performance of the application, we are upgrading Shakapacker to version 9.7.0.
You will need to patch your shakapacker.yml file to adjust to the latest changes
wget https://raw.githubusercontent.com/decidim/decidim/refs/heads/release/0.32-stable/decidim-core/lib/decidim/shakapacker/shakapacker.yml -O config/shakapacker.ymlYou can read more about this change on PR #16516.
2.4. Module deprecations
As part of our ongoing efforts to improve and make simpler Decidim, the following modules will be deprecated in this version (v0.31) and removed in the next major version (v0.32):
Collaborative Drafts
The Collaborative Drafts feature in the Proposals module (decidim-proposals) is removed in v0.32. Organizations using this feature can switch to the new proposal co-authorship feature.
Sortitions (decidim-sortitions)
The Sortitions module (decidim-sortitions) is removed in v0.32. This module provided functionality to randomly select participants or proposals. Organizations relying on this feature should consider implementing alternative selection mechanisms.
Polls in Meetings (decidim-meetings polls functionality)
The Polls feature within the Meetings module (decidim-meetings) will be removed in a future version (to be determined). This feature allowed meeting organizers to create polls during meetings. Organizations using meeting polls should plan to use external polling tools (for instance, through Jitsi) or migrate to other voting mechanisms available in Decidim, such as the new Elections module (decidim-elections).
2.5. Fix gitignore for ServiceWorker related files
We detected a bug where some dynamic files are not added to the gitignore, so they could be committed to the repository. For fixing it, you need to add them to your gitignore file:
echo "/public/sw.js*" >> .gitignoreYou can read more about this change on PR #15601.
2.6. Data migration for organization short_name
A new data migration has been added to populate the short_name field for existing organizations. This field is required for the PWA (Progressive Web App) manifest to properly display the application name on mobile devices' home screens.
The migration automatically generates a short_name for each organization based on its name by removing spaces and truncating to 12 characters maximum. Organizations with names that result in less than 3 characters after processing will not have a short_name set and will need to be configured manually through the admin panel.
This migration runs automatically when executing bin/rails data:migrate as part of the upgrade process.
You can read more about this change on PR #15729.
2.7. Removal of User Group related fields
As we deprecated the User Group functionality in v0.31, we are performing some cleanup that will remove all the database fields related to the User Group functionality. This means that decidim_user_group_id fields in various tables will be removed.
We are also removing the decidim_user_group_memberships tables.
You can read more about this change on PR #16022.
3. One time actions
These are one time actions that need to be done after the code is updated in the production database.
3.1. Remove user data left behind by Decidim::DestroyAccount
When a user deletes their account and the Decidim::DestroyAccount command is executed, certain related data such as authorizations, versions, private exports, access grants, access tokens, notifications, and reminders were left behind. To fix this issue, we've added a new rake task to clean up the leftover data for previously deleted users.
bin/rails decidim:upgrade:remove_deleted_users_left_dataYou can read more about this change on PR #14731.
3.2. Remove the follows of former private users
To delete the follows of ex private users of non transparent assemblies or processes, run
bin/rails decidim:upgrade:fix_deleted_members_followsYou can read more about this change on PR #12878.
3.3. webpack-dev-server upgrade
Back in #15534 we upgraded webpack-dev-server to version 5.2.2. In order to successfully upgrade you need to edit your config/shakapacker.yml and remove the https option under dev_server key.
You can read more about this change on PR #15534, #15674.
3.4. Replace ImageMagick with libvips for image processing
We have upgraded our image processor within the application to libvips for speed and low memory usage.
Support for .ico favicon files has been removed. Applications that relied on ICO favicons must migrate to one of the supported Libvips image formats.
In order to install please run the following command:
sudo apt install libvips libvips-toolsThis works for Ubuntu Linux, other operating systems would need to do other command/package.
You can read more about this change on PR #15670.
3.5. Fix the "SMTP_STARTTLS_AUTO" env var in production.rb
It was detected a bug with the enable_starttls_auto configuration for the Action Mailer (SMTP) configuration. For fixing it you need to replace in config/environments/production.rb
If your config/environments/production.rb contains an SMTP configuration like this:
config.action_mailer.smtp_settings = {
# ... other settings ...
:enable_starttls_auto => Decidim::Env.new("SMTP_STARTTLS_AUTO").to_boolean_string,
# ... other settings ...
}You should update it to:
config.action_mailer.smtp_settings = {
# ... other settings ...
:enable_starttls_auto => Decidim::Env.new("SMTP_STARTTLS_AUTO", true).present?,
# ... other settings ...
}You can do this with the following command:
sed -i 's/Env.new("SMTP_STARTTLS_AUTO").to_boolean_string/Env.new("SMTP_STARTTLS_AUTO", true).present?/' config/environments/production.rbYou can read more about this change on PR #16491.
4. Scheduled tasks
Nothing
5. Changes in APIs
5.1. Encryption mechanism changes
As we have upgraded Rails from 7.0 we have improved the security of the application by upgrading the encryption mechanism from SHA1 to SHA256.
All the previously encrypted attributes can be decoded, but on the next record change, the new data will be saved as SHA256. To manually upgrade authorization data, or the initiative votes metadata, you will need to run the below task.
bin/rails decidim:upgrade:encryptionIf you need to update any data generated by a 3rd party module, you could create a rake task like the one below:
# frozen_string_literal: true
namespace :myapp do
namespace :upgrade do
task encryption: :environment do
Decidim::Namespace::Model.find_each do |instance|
decrypted = Decidim::AttributeEncryptor.decrypt(instance.encrypted_attribute)
instance.encrypted_attribute = Decidim::AttributeEncryptor.encrypt(decrypted)
instance.save!
end
end
end
end
Rake::Task["decidim:upgrade:encryption"].enhance do
Rake::Task["myapp:upgrade:encryption"].invoke
endYou can read more about this change on PR #14800.
5.2. Refactor of filters
As part of our ongoing efforts to improve and simplify Decidim, we have changed the way filters are being defined, mainly being forced by rack 3 upgrade.
Previously, the taxonomy filters were defined as follows:
"filter" => {
"with_any_taxonomies[4]" => [""]
}After the rack upgrade, the filters are defined as follows:
"filter" => {
"with_any_taxonomies" => { "4" => [""] }
}You can read more about this change on PR #16103.
5.3. Decidim Configuration changes
Once you have upgraded to this version, you may need to check your configuration. Previously, we were using ActiveSupport::Configurable to handle Decidim configuration. Now, this has been deprecated with Rails, and it will be removed in the next Rails version.
We went ahead and changed the way we handle Decidim configuration, trying to keep the same API as before.
Previously, you may had an initializer with some content like:
Decidim.configure do |config|
config.force_ssl = true
# some other configuration
endNow we try to keep the same, but if there is some kind of custom configuration that you may have, you will need to change it to:
Decidim.force_ssl = trueDecidim module developer instructions
If you are a module developer, you may want to change your plugin structure to remove ActiveSupport::Configurable calls.
If you were using something like:
module Decidim
module Ai
module SpamDetection
include ActiveSupport::Configurable
config_accessor :reporting_user_email do
"my default value"
end
# some other configuration
end
end
endYou can refactor to the following:
module Decidim
module Ai
module SpamDetection
mattr_accessor :reporting_user_email, default: "my default value"
# some other configuration
end
end
endTo keep the same API, you may want to add the following to your module definition
module Decidim
module Ai
module SpamDetection
class << self
def config = self
def configure
yield self
end
end
mattr_accessor :reporting_user_email, default: "my default value"
# some other configuration
end
end
endYou can read more about this change on PR #16366.