1 files changed, 62 insertions, 1 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 36e8479441..9f0f214137 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,6 +1,67 @@
 ## Rails 4.0.0 (unreleased) ##
 
-*   Add .rb template handler, this handler simply allows arbitrary Ruby code as a template. *Guillermo Iguaran*
+*   Add `ActionController::StrongParameters`, this module converts `params` hash into
+    an instance of ActionController::Parameters that allows whitelisting of permitted 
+    parameters. Non-permitted parameters are forbidden to be used in Active Model by default
+    For more details check the documentation of the module or the 
+    [strong_parameters gem](https://github.com/rails/strong_parameters)
+
+    *DHH + Guillermo Iguaran*
+
+*   Remove Integration between `attr_accessible`/`attr_protected` and
+    `ActionController::ParamsWrapper`. ParamWrapper now wraps all the parameters returned 
+    by the class method attribute_names
+
+    *Guillermo Iguaran*
+
+*   Fix #7646, the log now displays the correct status code when an exception is raised.
+
+    *Yves Senn*
+
+*   Allow pass couple extensions to `ActionView::Template.register_template_handler` call. *Tima Maslyuchenko*
+
+*   Fixed a bug with shorthand routes scoped with the `:module` option not
+    adding the module to the controller as described in issue #6497.
+    This should now work properly:
+
+        scope :module => "engine" do
+          get "api/version" # routes to engine/api#version
+        end
+ 
+    *Luiz Felipe Garcia Pereira*
+
+*   Sprockets integration has been extracted from Action Pack and the `sprockets-rails` 
+    gem should be added to Gemfile (under the assets group) in order to use Rails asset
+    pipeline in future versions of Rails.
+
+    *Guillermo Iguaran*
+
+*   `ActionDispatch::Session::MemCacheStore` now uses `dalli` instead of the deprecated
+    `memcache-client` gem. As side effect the autoloading of unloaded classes objects
+    saved as values in session isn't supported anymore when mem_cache session store is
+    used, this can have an impact in apps only when config.cache_classes is false.
+
+    *Arun Agrawal + Guillermo Iguaran*
+
+*   Support multiple etags in If-None-Match header. *Travis Warlick*
+
+*   Allow to configure how unverified request will be handled using `:with`
+    option in `protect_from_forgery` method.
+
+    Valid unverified request handling methods are:
+
+    - `:exception` - Raises ActionController::InvalidAuthenticityToken exception.
+    - `:reset_session` - Resets the session.
+    - `:null_session` - Provides an empty session during request but doesn't
+      reset it completely. Used as default if `:with` option is not specified.
+
+    New applications are generated with:
+
+        protect_from_forgery :with => :exception
+
+    *Sergey Nartimov*
+
+*   Add .ruby template handler, this handler simply allows arbitrary Ruby code as a template. *Guillermo Iguaran*
 
 *   Add `separator` option for `ActionView::Helpers::TextHelper#excerpt`: