diff options
author | Bernard Potocki <bernard.potocki@imanel.org> | 2013-12-05 12:08:34 +0100 |
---|---|---|
committer | Bernard Potocki <bernard.potocki@imanel.org> | 2013-12-05 12:08:34 +0100 |
commit | e8572cf2f94872d81e7145da31d55c6e1b074247 (patch) | |
tree | 71e189336045cd62ef04ace0a571d8ef7169fa93 /actionpack/CHANGELOG.md | |
parent | 67998001b60e2bb960d8776266fb7a56fa6be2ba (diff) | |
download | rails-e8572cf2f94872d81e7145da31d55c6e1b074247.tar.gz rails-e8572cf2f94872d81e7145da31d55c6e1b074247.tar.bz2 rails-e8572cf2f94872d81e7145da31d55c6e1b074247.zip |
Add configuration option to optionally disable deep_munge
Diffstat (limited to 'actionpack/CHANGELOG.md')
-rw-r--r-- | actionpack/CHANGELOG.md | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 112a787d3b..90b4bf40c7 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,15 @@ +* Add option to skip deep_munge + + Some of users would prefer to skip deep_munge while parsing params. + With this flag you can return to pre-3.2.10 behavior: + + config.action_dispatch.perform_deep_munge = false + + Please be aware of possible security issue when using this option: + [CVE-2013-0155](https://groups.google.com/forum/#!topic/rubyonrails-security/t1WFuuQyavI) + + *Bernard Potocki* + * Introducing Variants We often want to render different html/json/xml templates for phones, |