1 files changed, 45 insertions, 6 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 78ac05389c..f004a4fce7 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,12 +1,25 @@
 ## Rails 4.0.0 (unreleased) ##
 
-* Adds support for layouts when rendering a partial with a given collection. *serabe*
+*   Changed default value for `config.action_view.embed_authenticity_token_in_remote_forms`
+    to `false`. This change breaks remote forms that need to work also without javascript,
+    so if you need such behavior, you can either set it to `true` or explicitly pass
+    `:authenticity_token => true` in form options
 
-* Allows the route helper `root` to take a string argument. For example, `root 'pages#main'`. *bcardarella*
+*   Added ActionDispatch::SSL middleware that when included force all the requests to be under HTTPS protocol. *Rafael Mendonça França*
 
-* Forms of persisted records use always PATCH (via the `_method` hack). *fxn*
+*   Add `include_hidden` option to select tag. With `:include_hidden => false` select with `multiple` attribute doesn't generate hidden input with blank value. *Vasiliy Ermolovich*
 
-* For resources, both PATCH and PUT are routed to the `update` action. *fxn*
+*   Removed default `size` option from the `text_field`, `search_field`, `telephone_field`, `url_field`, `email_field` helpers. *Philip Arndt*
+
+*   Removed default `cols` and `rows` options from the `text_area` helper. *Philip Arndt*
+
+*   Adds support for layouts when rendering a partial with a given collection. *serabe*
+
+*   Allows the route helper `root` to take a string argument. For example, `root 'pages#main'`. *bcardarella*
+
+*   Forms of persisted records use always PATCH (via the `_method` hack). *fxn*
+
+*   For resources, both PATCH and PUT are routed to the `update` action. *fxn*
 
 *   Don't ignore `force_ssl` in development. This is a change of behavior - use a `:if` condition to recreate the old behavior.
 
@@ -83,6 +96,9 @@
 *   check_box with `:form` html5 attribute will now replicate the `:form`
     attribute to the hidden field as well. *Carlos Antonio da Silva*
 
+*   Turn off verbose mode of rack-cache, we still have X-Rack-Cache to
+    check that info. Closes #5245. *Santiago Pastorino*
+
 *   `label` form helper accepts :for => nil to not generate the attribute. *Carlos Antonio da Silva*
 
 *   Add `:format` option to number_to_percentage *Rodrigo Flores*
@@ -111,8 +127,27 @@
 
 *   `favicon_link_tag` helper will now use the favicon in app/assets by default. *Lucas Caton*
 
-*    `ActionView::Helpers::TextHelper#highlight` now defaults to the
-     HTML5 `mark` element. *Brian Cardarella*
+*   `ActionView::Helpers::TextHelper#highlight` now defaults to the
+    HTML5 `mark` element. *Brian Cardarella*
+
+
+## Rails 3.2.3 (unreleased) ##
+
+*   Add `config.action_view.embed_authenticity_token_in_remote_forms` (defaults to true) which allows to set if authenticity token will be included by default in remote forms. If you change it to false, you can still force authenticity token by passing `:authenticity_token => true` in form options *Piotr Sarnacki*
+
+*   Do not include the authenticity token in forms where remote: true as ajax forms use the meta-tag value *DHH*
+
+*   Upgrade rack-cache to 1.2. *José Valim*
+
+*   ActionController::SessionManagement is removed. *Santiago Pastorino*
+
+*   Since the router holds references to many parts of the system like engines, controllers and the application itself, inspecting the route set can actually be really slow, therefore we default alias inspect to to_s. *José Valim*
+
+*   Add a new line after the textarea opening tag. Closes #393 *Rafael Mendonça França*
+
+*   Always pass a respond block from to responder. We should let the responder decide what to do with the given overridden response block, and not short circuit it. *Prem Sichanugrist*
+
+*   Fixes layout rendering regression from 3.2.2. *José Valim*
 
 
 ## Rails 3.2.2 (March 1, 2012) ##
@@ -305,6 +340,7 @@
     returned by the class method attribute_names will be wrapped. This fixes
     the wrapping of nested attributes by adding them to attr_accessible.
 
+
 ## Rails 3.1.4 (March 1, 2012) ##
 
 *   Skip assets group in Gemfile and all assets configurations options
@@ -321,6 +357,7 @@
 
 *   Assets should use the request protocol by default or default to relative if no request is available *Jonathan del Strother*
 
+
 ## Rails 3.1.3 (November 20, 2011) ##
 
 *   Downgrade sprockets to ~> 2.0.3. Using 2.1.0 caused regressions.
@@ -330,6 +367,7 @@
 
     *Jon Leighton*
 
+
 ## Rails 3.1.2 (November 18, 2011) ##
 
 *   Fix XSS security vulnerability in the `translate` helper method. When using interpolation
@@ -371,6 +409,7 @@
 
 *   Ensure users upgrading from 3.0.x to 3.1.x will properly upgrade their flash object in session (issues #3298 and #2509)
 
+
 ## Rails 3.1.1 (October 07, 2011) ##
 
 *   javascript_path and stylesheet_path now refer to /assets if asset pipelining