Merge branch 'master' into adequaterecord

* master: (70 commits)
  [ci skip] Added link to ruby-lang.org installation.
  Use the index on hidden field
  `collection_check_boxes` respects `:index` option for the hidden filed name.
  docs, double meaning of `serialize` argument. Closes #14284.
  Just call read_attribute, no need to use `send`.
  - Fix lingering reference to `:text` instead of the newer `:plain` - Section references `form_tag` instead of the `form_for` used in the example
  again, read_attribute is public, so just call it
  read_attribute is public, so we should just call it
  Disable assest cache store in docs [ci skip]
  Make counter cache decrementation on destroy idempotent
  Write the failing test case for concurrent counter cache
  [ci skip] Use plain underscore instead of "\_".
  Update documentation to use Rails.application instead
  Add a changelog entry for #14546 [ci skip]
  Move tests for deep_dup and duplicable to object directory
  Missing 'are' in note - [ci skip]
  CollectionHelpers now accepts a readonly option
  Fix a few typos [ci skip]
  Bundle tzinfo-data on :x64_mingw (64-bit Ruby on Windows).
  don't bother with an offset if the offset is zero
  ...

1 files changed, 2 insertions, 2 deletions

diff --git a/guides/source/security.md b/guides/source/security.md
index 9603fb4a4d..15b28664b7 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -151,7 +151,7 @@ The most effective countermeasure is to _issue a new session identifier_ and dec
 reset_session
 ```
 
-If you use the popular RestfulAuthentication plugin for user management, add reset\_session to the SessionsController#create action. Note that this removes any value from the session, _you have to transfer them to the new session_.
+If you use the popular RestfulAuthentication plugin for user management, add reset_session to the SessionsController#create action. Note that this removes any value from the session, _you have to transfer them to the new session_.
 
 Another countermeasure is to _save user-specific properties in the session_, verify them every time a request comes in, and deny access, if the information does not match. Such properties could be the remote IP address or the user agent (the web browser name), though the latter is less user-specific. When saving the IP address, you have to bear in mind that there are Internet service providers or large organizations that put their users behind proxies. _These might change over the course of a session_, so these users will not be able to use your application, or only in a limited way.
 
@@ -314,7 +314,7 @@ def sanitize_filename(filename)
 end
 ```
 
-A significant disadvantage of synchronous processing of file uploads (as the attachment\_fu plugin may do with images), is its _vulnerability to denial-of-service attacks_. An attacker can synchronously start image file uploads from many computers which increases the server load and may eventually crash or stall the server.
+A significant disadvantage of synchronous processing of file uploads (as the attachment_fu plugin may do with images), is its _vulnerability to denial-of-service attacks_. An attacker can synchronously start image file uploads from many computers which increases the server load and may eventually crash or stall the server.
 
 The solution to this is best to _process media files asynchronously_: Save the media file and schedule a processing request in the database. A second process will handle the processing of the file in the background.