adding security notifications to CHANGELOGs

author: Aaron Patterson <aaron.patterson@gmail.com> 2012-05-31 10:23:39 -0700
committer: Aaron Patterson <aaron.patterson@gmail.com> 2012-05-31 10:23:39 -0700
commit: 44aca7b29502995b3e2ed94f7288646f134ff612 (patch)
tree: e19a96ec4624baa32064ff1807a8ffe3a083b96e /actionpack/CHANGELOG.md
parent: 71827489e90f91da18ebac68c2d9e10379220a43 (diff)
download: rails-44aca7b29502995b3e2ed94f7288646f134ff612.tar.gz
rails-44aca7b29502995b3e2ed94f7288646f134ff612.tar.bz2
rails-44aca7b29502995b3e2ed94f7288646f134ff612.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 1ec3a954fb..6f737001de 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -21,6 +21,9 @@
 
 *   Fix the redirect when it receive blocks with arity of 1. Closes #5677
 
+*   Strip [nil] from parameters hash. Thanks to Ben Murphy for
+    reporting this! CVE-2012-2660
+
 ## Rails 3.2.3 (March 30, 2012) ##
 
 *   Allow to lazy load `default_form_builder` by passing a `String` instead of a constant. *Piotr Sarnacki*
author	Aaron Patterson <aaron.patterson@gmail.com>	2012-05-31 10:23:39 -0700
committer	Aaron Patterson <aaron.patterson@gmail.com>	2012-05-31 10:23:39 -0700
commit	44aca7b29502995b3e2ed94f7288646f134ff612 (patch)
tree	e19a96ec4624baa32064ff1807a8ffe3a083b96e /actionpack/CHANGELOG.md
parent	71827489e90f91da18ebac68c2d9e10379220a43 (diff)
download	rails-44aca7b29502995b3e2ed94f7288646f134ff612.tar.gz rails-44aca7b29502995b3e2ed94f7288646f134ff612.tar.bz2 rails-44aca7b29502995b3e2ed94f7288646f134ff612.zip