1 files changed, 32 insertions, 0 deletions

diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md
index 4ddafddbe0..847ae7f237 100644
--- a/activemodel/CHANGELOG.md
+++ b/activemodel/CHANGELOG.md
@@ -1,5 +1,32 @@
 ## Rails 4.0.0 (unreleased) ##
 
+*   Changed `AM::Serializers::JSON.include_root_in_json' default value to false.
+    Now, AM Serializers and AR objects have the same default behaviour. Fixes #6578.
+
+        class User < ActiveRecord::Base; end
+
+        class Person
+          include ActiveModel::Model
+          include ActiveModel::AttributeMethods
+          include ActiveModel::Serializers::JSON
+
+          attr_accessor :name, :age
+
+          def attributes
+            instance_values
+          end
+        end
+
+        user.as_json
+        => {"id"=>1, "name"=>"Konata Izumi", "age"=>16, "awesome"=>true}
+        # root is not included
+
+        person.as_json
+        => {"name"=>"Francesco", "age"=>22}
+        # root is not included
+
+    *Francesco Rodriguez*
+
 *   Passing false hash values to `validates` will no longer enable the corresponding validators *Steve Purcell*
 
 *   `ConfirmationValidator` error messages will attach to `:#{attribute}_confirmation` instead of `attribute` *Brian Cardarella*
@@ -10,6 +37,11 @@
 
 *   Trim down Active Model API by removing `valid?` and `errors.full_messages` *José Valim*
 
+*   When `^` or `$` are used in the regular expression provided to `validates_format_of` and the :multiline option is not set to true, an exception will be raised. This is to prevent security vulnerabilities when using `validates_format_of`. The problem is described in detail in the Rails security guide.
+
+## Rails 3.2.6 (Jun 12, 2012) ##
+
+*   No changes.
 
 ## Rails 3.2.5 (Jun 1, 2012) ##