diff options
| -rw-r--r-- | actionpack/CHANGELOG.md | 14 | ||||
| -rw-r--r-- | activemodel/CHANGELOG.md | 11 | ||||
| -rw-r--r-- | activerecord/CHANGELOG.md | 14 | ||||
| -rw-r--r-- | railties/CHANGELOG.md | 11 |
4 files changed, 50 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 7212e3a289..9f0f214137 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,5 +1,19 @@ ## Rails 4.0.0 (unreleased) ## +* Add `ActionController::StrongParameters`, this module converts `params` hash into + an instance of ActionController::Parameters that allows whitelisting of permitted + parameters. Non-permitted parameters are forbidden to be used in Active Model by default + For more details check the documentation of the module or the + [strong_parameters gem](https://github.com/rails/strong_parameters) + + *DHH + Guillermo Iguaran* + +* Remove Integration between `attr_accessible`/`attr_protected` and + `ActionController::ParamsWrapper`. ParamWrapper now wraps all the parameters returned + by the class method attribute_names + + *Guillermo Iguaran* + * Fix #7646, the log now displays the correct status code when an exception is raised. *Yves Senn* diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md index d7041055a4..2c966943ee 100644 --- a/activemodel/CHANGELOG.md +++ b/activemodel/CHANGELOG.md @@ -1,5 +1,16 @@ ## Rails 4.0.0 (unreleased) ## +* Add `ActiveModel::ForbiddenAttributesProtection`, a simple module to + protect attributes from mass assignment when non-permitted attributes are passed. + + *DHH + Guillermo Iguaran* + +* `ActiveModel::MassAssignmentSecurity` has been extracted from Active Model and the + `protected_attributes` gem should be added to Gemfile in order to use + `attr_accessible` and `attr_protected` macros in your models. + + *Guillermo Iguaran* + * Due to a change in builder, nil values and empty strings now generates closed tags, so instead of this: diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index b064d6f511..756a0d7196 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,5 +1,19 @@ ## Rails 4.0.0 (unreleased) ## +* `ActiveModel::ForbiddenAttributesProtection` is included by default + in Active Record models. Check the docs of `ActiveModel::ForbiddenAttributesProtection` + for more details. + + *Guillermo Iguaran* + +* Remove integration between Active Record and + `ActiveModel::MassAssignmentSecurity`, `protected_attributes` gem + should be added to use `attr_accessible`/`attr_protected`. Mass + assignment options has been removed from all the AR methods that + used it (ex. AR::Base.new, AR::Base.create, AR::Base#update_attributes, etc) + + *Guillermo Iguaran* + * Fix the return of querying with an empty hash. Fix #6971. diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index 1c28ac7476..acd2077c2d 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -1,5 +1,16 @@ ## Rails 4.0.0 (unreleased) ## +* Add `config.action_controller.permit_all_parameters` to disable + StrongParameters protection, it's false by default. + + *Guillermo Iguaran* + +* Remove `config.active_record.whitelist_attributes` and + `config.active_record.mass_assignment_sanitizer` from new applications since + MassAssignmentSecurity has been extracted from Rails. + + *Guillermo Iguaran* + * Change `rails new` and `rails plugin new` generators to name the `.gitkeep` files as `.keep` in a more SCM-agnostic way. |