Dearest feature flagger,
I come today bearing good news. A new year and a new release! Only a patch, but it's got some nice bug fixes and other treats.
Redis Connection Pools
Let's lead with the 🔥.
I'm happy to report that the redis and redis cache adapters now work with a connection pool instance (cheers from the back I hear you). This is big for higher traffic apps that want to keep their connections to redis in check. It also went through several iterations and I like where it landed.
UI Escaping
Next, I did a big pass on escaping in the Flipper UI. We've long supported feature flag names with slashes, but this also makes hackery like "../../../blah" work (and securely).
Along the way I also discovered why Rack::Protection was causing issues for people. I originally included it only for authenticity token. But I realized on this release that including Rack::Protection includes a bunch of stuff by default, even if you provide use :authenticity_token.
To fix this, I now include only Rack::Protection::AuthenticityToken. This should help with peoples issues behind a proxy and stuff like that.
Default Initializer
This is a neat one. Flipper now comes with a stock initializer (if you run flipper:setup task) that includes a bunch of settings commented out. I always liked how devise and pagy do this as it helps make people aware of the various settings. Not all settings are in this first pass, but it's a good start.
Cloud
Just a couple of things in here for cloud. First, I chilled out the telemetry backoff policy and reduced to one submission thread. This one was giving me heart burn.
The rare times we've had API issues, the backoff policy got real aggressive. And because there were two submission threads it would immediately double our traffic at the worst time (when we were having an issue).
The new policy retries between 30 and 120 seconds plus some jitter so everyone doesn't phone home at once. It also increases the queue size to 20 so we can retain 20 minutes of data in memory in your app while we keep retrying.
The other minor fix was for the poll cold start. If you are using an adapter that isn't persistent (like the memory adapter), there was a moment where you could be checking flags while the poll is happening in a background thread. It would appear like all your flags were false.
Again, this is not a common or recommended use case and was never reported by anyone, but I knew it existed so I fixed it up.
Wrap Up
We had someone contribute adding our funding_uri to the rubygem spec. And I went through all the ruby warnings and fixed them (a fun exercise). But that's pretty much it.
I hope you all find these useful. And be ready for more. I've been feeling some flipper inspiration of late and I'm hoping to make some time to tackle some bigger features soon.
Sincerely,
Nunes
P.S. We also released 1.3.2 with rails 8 support, but I forgot to let you know here.