8 files changed, 44 insertions, 14 deletions

diff --git a/guides/source/active_record_basics.md b/guides/source/active_record_basics.md
index d90ea2e26a..fad4c19827 100644
--- a/guides/source/active_record_basics.md
+++ b/guides/source/active_record_basics.md
@@ -115,7 +115,7 @@ to Active Record instances:
 * `created_at` - Automatically gets set to the current date and time when the
   record is first created.
 * `updated_at` - Automatically gets set to the current date and time whenever
-  the record is updated.
+  the record is created or updated.
 * `lock_version` - Adds [optimistic
   locking](http://api.rubyonrails.org/classes/ActiveRecord/Locking.html) to
   a model.
diff --git a/guides/source/active_record_migrations.md b/guides/source/active_record_migrations.md
index 5858ac375f..e2359a35f1 100644
--- a/guides/source/active_record_migrations.md
+++ b/guides/source/active_record_migrations.md
@@ -491,6 +491,10 @@ NOTE: Active Record only supports single column foreign keys. `execute` and
 `structure.sql` are required to use composite foreign keys. See
 [Schema Dumping and You](#schema-dumping-and-you).
 
+NOTE: At this time, only the mysql, mysql2 and postgresql adapters support
+foreign keys. Implementation for sqlite3 is partial, keys are created for new
+tables but not for existing tables via `ALTER TABLE` statement.
+
 Removing a foreign key is easy as well:
 
 ```ruby
diff --git a/guides/source/active_record_querying.md b/guides/source/active_record_querying.md
index 6233708ad5..a2890b9b7a 100644
--- a/guides/source/active_record_querying.md
+++ b/guides/source/active_record_querying.md
@@ -368,7 +368,7 @@ end
 
 **`:start`**
 
-By default, records are fetched in ascending order of the primary key, which must be an integer. The `:start` option allows you to configure the first ID of the sequence whenever the lowest ID is not the one you need. This would be useful, for example, if you wanted to resume an interrupted batch process, provided you saved the last processed ID as a checkpoint.
+By default, records are fetched in ascending order of the primary key. The `:start` option allows you to configure the first ID of the sequence whenever the lowest ID is not the one you need. This would be useful, for example, if you wanted to resume an interrupted batch process, provided you saved the last processed ID as a checkpoint.
 
 For example, to send newsletters only to users with the primary key starting from 2000:
 
diff --git a/guides/source/active_record_validations.md b/guides/source/active_record_validations.md
index afe837a97c..3f13ef8d10 100644
--- a/guides/source/active_record_validations.md
+++ b/guides/source/active_record_validations.md
@@ -927,6 +927,13 @@ class Account < ApplicationRecord
 end
 ```
 
+As `Lambdas` are a type of `Proc`, they can also be used to write inline
+conditions in a shorter way.
+
+```ruby
+validates :password, confirmation: true, unless: -> { password.blank? }
+```
+
 ### Grouping Conditional validations
 
 Sometimes it is useful to have multiple validations use one condition. It can
diff --git a/guides/source/development_dependencies_install.md b/guides/source/development_dependencies_install.md
index 057bcf2c1b..7a414f21fe 100644
--- a/guides/source/development_dependencies_install.md
+++ b/guides/source/development_dependencies_install.md
@@ -377,30 +377,38 @@ command inside of the `activestorage` directory to install the dependencies:
 yarn install
 ```
 
-Extracting previews, tested in ActiveStorage's test suite requires third-party
+Extracting previews, tested in Active Storage's test suite requires third-party
 applications, FFmpeg for video and muPDF for PDFs, and on macOS also XQuartz
-and Poppler. Without these applications installed, ActiveStorage tests will
+and Poppler. Without these applications installed, Active Storage tests will
 raise errors.
 
 On macOS you can run:
 
 ```bash
-brew install ffmpeg
-brew cask install xquartz
-brew install mupdf-tools
-brew install poppler
+$ brew install ffmpeg
+$ brew cask install xquartz
+$ brew install mupdf-tools
+$ brew install poppler
 ```
 
 On Ubuntu, you can run:
 
 ```bash
-sudo apt-get update && install ffmpeg
-sudo apt-get update && install mupdf mupdf-tools
+$ sudo apt-get update
+$ sudo apt-get install ffmpeg
+$ sudo apt-get install mupdf mupdf-tools
 ```
 
 On Fedora or CentOS, just run:
 
 ```bash
-sudo yum install ffmpeg
-sudo yum install mupdf
+$ sudo yum install ffmpeg
+$ sudo yum install mupdf
+```
+
+FreeBSD users can just run:
+
+```bash
+# pkg install ffmpeg
+# pkg install mupdf
 ```
diff --git a/guides/source/routing.md b/guides/source/routing.md
index 23a5538d9b..8c69e2600b 100644
--- a/guides/source/routing.md
+++ b/guides/source/routing.md
@@ -506,7 +506,7 @@ resources :photos do
 end
 ```
 
-This will recognize `/photos/1/preview` with GET, and route to the `preview` action of `PhotosController`, with the resource id value passed in `params[:id]`. It will also create the `photo_preview_url` and `photo_preview_path` helpers.
+This will recognize `/photos/1/preview` with GET, and route to the `preview` action of `PhotosController`, with the resource id value passed in `params[:id]`. It will also create the `preview_photo_url` and `preview_photo_path` helpers.
 
 Within the block of member routes, each route name specifies the HTTP verb
 will be recognized. You can use `get`, `patch`, `put`, `post`, or `delete` here
diff --git a/guides/source/security.md b/guides/source/security.md
index 4e12a831a9..9fbd252bb7 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -419,7 +419,7 @@ WARNING: _Source code in uploaded files may be executed when placed in specific
 
 The popular Apache web server has an option called DocumentRoot. This is the home directory of the web site, everything in this directory tree will be served by the web server. If there are files with a certain file name extension, the code in it will be executed when requested (might require some options to be set). Examples for this are PHP and CGI files. Now think of a situation where an attacker uploads a file "file.cgi" with code in it, which will be executed when someone downloads the file.
 
-_If your Apache DocumentRoot points to Rails' /public directory, do not put file uploads in it_, store files at least one level downwards.
+_If your Apache DocumentRoot points to Rails' /public directory, do not put file uploads in it_, store files at least one level upwards.
 
 ### File Downloads
 
diff --git a/guides/source/upgrading_ruby_on_rails.md b/guides/source/upgrading_ruby_on_rails.md
index e3a254f82b..319bc09be3 100644
--- a/guides/source/upgrading_ruby_on_rails.md
+++ b/guides/source/upgrading_ruby_on_rails.md
@@ -1356,6 +1356,17 @@ config.middleware.insert_before(Rack::Lock, ActionDispatch::BestStandardsSupport
 
 Also check your environment settings for `config.action_dispatch.best_standards_support` and remove it if present.
 
+* Rails 4.0 allows configuration of HTTP headers by setting `config.action_dispatch.default_headers`. The defaults are as follows:
+
+```ruby
+  config.action_dispatch.default_headers = {
+    'X-Frame-Options' => 'SAMEORIGIN',
+    'X-XSS-Protection' => '1; mode=block'
+  }
+```
+
+Please note that if your application is dependent on loading certain pages in a `<frame>` or `<iframe>`, then you may need to explicitly set `X-Frame-Options` to `ALLOW-FROM ...` or `ALLOWALL`.
+
 * In Rails 4.0, precompiling assets no longer automatically copies non-JS/CSS assets from `vendor/assets` and `lib/assets`. Rails application and engine developers should put these assets in `app/assets` or configure `config.assets.precompile`.
 
 * In Rails 4.0, `ActionController::UnknownFormat` is raised when the action doesn't handle the request format. By default, the exception is handled by responding with 406 Not Acceptable, but you can override that now. In Rails 3, 406 Not Acceptable was always returned. No overrides.