10 files changed, 109 insertions, 25 deletions
diff --git a/guides/assets/images/favicon.ico b/guides/assets/images/favicon.ico
index faa10b4580..87192a8a07 100644
--- a/guides/assets/images/favicon.ico
+++ b/guides/assets/images/favicon.ico
diff --git a/guides/source/5_0_release_notes.md b/guides/source/5_0_release_notes.md
index 7c11fad7bf..a868c5f856 100644
--- a/guides/source/5_0_release_notes.md
+++ b/guides/source/5_0_release_notes.md
@@ -94,6 +94,10 @@ Please refer to the [Changelog][railties] for detailed changes.
 *   Deprecated `config.serve_static_files` in favor of `config.public_file_server.enabled`.
     ([Pull Request](https://github.com/rails/rails/pull/22173))
 
+*   Deprecated the tasks in the `rails` task namespace in favor of the `app` namespace.
+    (e.g. `rails:update` and `rails:template` tasks is renamed to `app:update` and `app:template`.)
+    ([Pull Request](https://github.com/rails/rails/pull/23439))
+
 ### Notable changes
 
 *   Added Rails test runner `bin/rails test`.
@@ -120,6 +124,23 @@ Please refer to the [Changelog][railties] for detailed changes.
     ([Pull Request](https://github.com/rails/rails/pull/22457),
      [Pull Request](https://github.com/rails/rails/pull/22288))
 
+*   New applications are generated with the evented file system monitor enabled
+    on Linux and Mac OS X. The feature can be opted out by passing
+    `--skip-listen` to the generator.
+    ([commit](https://github.com/rails/rails/commit/de6ad5665d2679944a9ee9407826ba88395a1003),
+    [commit](https://github.com/rails/rails/commit/94dbc48887bf39c241ee2ce1741ee680d773f202))
+
+*   Generate applications with an option to log to STDOUT in production
+    using the environment variable `RAILS_LOG_TO_STDOUT`.
+    ([Pull Request](https://github.com/rails/rails/pull/23734))
+
+*   Enable HSTS with IncludeSudomains header for new applications.
+    ([Pull Request](https://github.com/rails/rails/pull/23852))
+
+*   The application generator writes a new file `config/spring.rb`, which tells
+    Spring to watch additional common files.
+    ([commit](https://github.com/rails/rails/commit/b04d07337fd7bc17e88500e9d6bcd361885a45f8))
+
 
 Action Pack
 -----------
@@ -262,6 +283,17 @@ Please refer to the [Changelog][action-pack] for detailed changes.
     (Pull Request [1](https://github.com/rails/rails/pull/19377),
     [2](https://github.com/rails/rails/pull/23827))
 
+*   Added an option for per-form CSRF tokens.
+    ([Pull Request](https://github.com/rails/rails/pull/22275))
+
+*   Added request encoding and response parsing to integration tests.
+    ([Pull Request](https://github.com/rails/rails/pull/21671))
+
+*   Update default rendering policies when the controller action did
+    not explicitly indicate a response.
+    ([Pull Request](https://github.com/rails/rails/pull/23827))
+
+
 Action View
 -------------
 
@@ -286,8 +318,9 @@ Please refer to the [Changelog][action-view] for detailed changes.
 *   Changed the default template handler from `ERB` to `Raw`.
     ([commit](https://github.com/rails/rails/commit/4be859f0fdf7b3059a28d03c279f03f5938efc80))
 
-*   Collection rendering automatically caches and fetches multiple partials.
-    ([Pull Request](https://github.com/rails/rails/pull/18948))
+*   Collection rendering can cache and fetches multiple partials.
+    ([Pull Request](https://github.com/rails/rails/pull/18948),
+    [commit](https://github.com/rails/rails/commit/e93f0f0f133717f9b06b1eaefd3442bd0ff43985))
 
 *   Allow defining explicit collection caching using a `# Template Collection: ...`
     directive inside templates.
@@ -300,6 +333,9 @@ Please refer to the [Changelog][action-view] for detailed changes.
     button on submit to prevent double submits.
     ([Pull Request](https://github.com/rails/rails/pull/21135))
 
+*   Collection rendering can cache and fetch multiple partials at once.
+    ([Pull Request](https://github.com/rails/rails/pull/21135))
+
 
 Action Mailer
 -------------
@@ -333,7 +369,9 @@ Please refer to the [Changelog][action-mailer] for detailed changes.
     the mailer queue name.
     ([Pull Request](https://github.com/rails/rails/pull/18587))
 
-*   Added `config.action_mailer.perform_caching` configuration to determine whether your templates should perform caching or not.
+*   Added support for fragment caching in Action Mailer views.
+    Added new config option `config.action_mailer.perform_caching` to determine
+    whether your templates should perform caching or not.
     ([Pull Request](https://github.com/rails/rails/pull/22825))
 
 
@@ -453,6 +491,10 @@ Please refer to the [Changelog][active-record] for detailed changes.
     `offset` method on relation instead.
     ([Pull Request](https://github.com/rails/rails/pull/22053))
 
+*   Deprecated `{insert|update|delete}_sql` in `DatabaseStatements`.
+    Use the `{insert|update|delete}` public methods instead.
+    ([Pull Request](https://github.com/rails/rails/pull/23086))
+
 ### Notable changes
 
 *   Added a `foreign_key` option to `references` while creating the table.
@@ -554,6 +596,9 @@ Please refer to the [Changelog][active-record] for detailed changes.
     model behavior.
     ([Pull Request](https://github.com/rails/rails/pull/22567))
 
+*   Added ActiveRecord `#second_to_last` and `#third_to_last` methods.
+    ([Pull Request](https://github.com/rails/rails/pull/23583))
+
 
 Active Model
 ------------
@@ -621,15 +666,20 @@ Please refer to the [Changelog][active-job] for detailed changes.
 *   A generated job now inherits from `app/jobs/application_job.rb` by default.
     ([Pull Request](https://github.com/rails/rails/pull/19034))
 
-*   Allow `DelayedJob`, `Sidekiq`, `qu`, and `que` to report the job id back to
-    `ActiveJob::Base` as `provider_job_id`.
+*   Allow `DelayedJob`, `Sidekiq`, `qu`, `que`, and `queue_classic` to report
+    the job id back to `ActiveJob::Base` as `provider_job_id`.
     ([Pull Request](https://github.com/rails/rails/pull/20064),
-     [Pull Request](https://github.com/rails/rails/pull/20056))
+     [Pull Request](https://github.com/rails/rails/pull/20056),
+     [commit](https://github.com/rails/rails/commit/68e3279163d06e6b04e043f91c9470e9259bbbe0))
 
 *   Implement a simple `AsyncJob` processor and associated `AsyncAdapter` that
     queue jobs to a `concurrent-ruby` thread pool.
     ([Pull Request](https://github.com/rails/rails/pull/21257))
 
+*   Change the default adapter from inline to async. It's a better default as
+    tests will then not mistakenly come to rely on behavior happening
+    synchronously.
+    ([commit](https://github.com/rails/rails/commit/625baa69d14881ac49ba2e5c7d9cac4b222d7022))
 
 Active Support
 --------------
@@ -698,6 +748,13 @@ Please refer to the [Changelog][active-support] for detailed changes.
     Deprecated `ActiveSupport::Cache::LocaleCache#set_cache_value` in favor of `write_cache_value`.
     ([Pull Request](https://github.com/rails/rails/pull/22215))
 
+*   Deprecated passing arguments to `assert_nothing_raised`.
+    ([Pull Request](https://github.com/rails/rails/pull/23789))
+
+*   Deprecated `Module.local_constants` in favor of `Module.constants(false)`.
+    ([Pull Request](https://github.com/rails/rails/pull/23936))
+
+
 ### Notable changes
 
 *   Added `#verified` and `#valid_message?` methods to
@@ -767,6 +824,17 @@ Please refer to the [Changelog][active-support] for detailed changes.
     class and module variables that live per-thread.
     ([Pull Request](https://github.com/rails/rails/pull/22630))
 
+*   Added `Array#second_to_last` and `Array#third_to_last` methods.
+    ([Pull Request](https://github.com/rails/rails/pull/23583))
+
+*   Added `#on_weekday?` method to `Date`, `Time`, and `DateTime`.
+    ([Pull Request](https://github.com/rails/rails/pull/23687))
+
+*   Publish `ActiveSupport::Executor` and `ActiveSupport::Reloader` APIs to allow
+    components and libraries to manage, and participate in, the execution of
+    application code, and the application reloading process.
+    ([Pull Request](https://github.com/rails/rails/pull/23807))
+
 
 Credits
 -------
diff --git a/guides/source/action_controller_overview.md b/guides/source/action_controller_overview.md
index 9ef2c1a441..8997363fce 100644
--- a/guides/source/action_controller_overview.md
+++ b/guides/source/action_controller_overview.md
@@ -700,7 +700,7 @@ class LoginsController < ApplicationController
 end
 ```
 
-Now, the `LoginsController`'s `new` and `create` actions will work as before without requiring the user to be logged in. The `:only` option is used to only skip this filter for these actions, and there is also an `:except` option which works the other way. These options can be used when adding filters too, so you can add a filter which only runs for selected actions in the first place.
+Now, the `LoginsController`'s `new` and `create` actions will work as before without requiring the user to be logged in. The `:only` option is used to skip this filter only for these actions, and there is also an `:except` option which works the other way. These options can be used when adding filters too, so you can add a filter which only runs for selected actions in the first place.
 
 ### After Filters and Around Filters
 
diff --git a/guides/source/action_mailer_basics.md b/guides/source/action_mailer_basics.md
index 558c16f5b0..5346b7c32b 100644
--- a/guides/source/action_mailer_basics.md
+++ b/guides/source/action_mailer_basics.md
@@ -204,10 +204,14 @@ class UsersController < ApplicationController
 end
 ```
 
-NOTE: Active Job's default behavior is to execute jobs ':inline'. So, you can use
-`deliver_later` now to send emails, and when you later decide to start sending
-them from a background job, you'll only need to set up Active Job to use a queueing
-backend (Sidekiq, Resque, etc).
+NOTE: Active Job's default behavior is to execute jobs via the `:async` adapter. So, you can use
+`deliver_later` now to send emails asynchronously.
+Active Job's default adapter runs jobs with an in-process thread pool.
+It's well-suited for the development/test environments, since it doesn't require
+any external infrastructure, but it's a poor fit for production since it drops
+pending jobs on restart.
+If you need a persistent backend, you will need to use an Active Job adapter
+that has a persistent backend (Sidekiq, Resque, etc).
 
 If you want to send emails right away (from a cronjob for example) just call
 `deliver_now`:
diff --git a/guides/source/active_support_core_extensions.md b/guides/source/active_support_core_extensions.md
index b994c863d1..d7f9201b26 100644
--- a/guides/source/active_support_core_extensions.md
+++ b/guides/source/active_support_core_extensions.md
@@ -632,8 +632,6 @@ module ActiveSupport
     mattr_accessor :load_once_paths
     mattr_accessor :autoloaded_constants
     mattr_accessor :explicitly_unloadable_constants
-    mattr_accessor :logger
-    mattr_accessor :log_activity
     mattr_accessor :constant_watch_stack
     mattr_accessor :constant_watch_stack_mutex
   end
diff --git a/guides/source/active_support_instrumentation.md b/guides/source/active_support_instrumentation.md
index 0fd0112c9f..03af3cf819 100644
--- a/guides/source/active_support_instrumentation.md
+++ b/guides/source/active_support_instrumentation.md
@@ -112,6 +112,7 @@ Action Controller
 | `:controller` | The controller name                                       |
 | `:action`     | The action                                                |
 | `:params`     | Hash of request parameters without any filtered parameter |
+| `:headers`    | Request headers                                           |
 | `:format`     | html/js/json/xml etc                                      |
 | `:method`     | HTTP request verb                                         |
 | `:path`       | Request path                                              |
@@ -121,6 +122,7 @@ Action Controller
   controller: "PostsController",
   action: "new",
   params: { "action" => "new", "controller" => "posts" },
+  headers: #<ActionDispatch::Http::Headers:0x0055a67a519b88>,
   format: :html,
   method: "GET",
   path: "/posts/new"
@@ -134,6 +136,7 @@ Action Controller
 | `:controller`   | The controller name                                       |
 | `:action`       | The action                                                |
 | `:params`       | Hash of request parameters without any filtered parameter |
+| `:headers`      | Request headers                                           |
 | `:format`       | html/js/json/xml etc                                      |
 | `:method`       | HTTP request verb                                         |
 | `:path`         | Request path                                              |
@@ -146,6 +149,7 @@ Action Controller
   controller: "PostsController",
   action: "index",
   params: {"action" => "index", "controller" => "posts"},
+  headers: #<ActionDispatch::Http::Headers:0x0055a67a519b88>,
   format: :html,
   method: "GET",
   path: "/posts",
diff --git a/guides/source/asset_pipeline.md b/guides/source/asset_pipeline.md
index c3b9e4c2ed..cc3da47db9 100644
--- a/guides/source/asset_pipeline.md
+++ b/guides/source/asset_pipeline.md
@@ -25,13 +25,9 @@ It allows assets in your application to be automatically combined with assets
 from other gems. For example, jquery-rails includes a copy of jquery.js
 and enables AJAX features in Rails.
 
-The asset pipeline is technically no longer a core feature from Rails 4 onwards -- it has
-been extracted out of the framework into the
-[sprockets-rails](https://github.com/rails/sprockets-rails) gem.
-
-The asset pipeline is enabled by default.
-
-You can disable the asset pipeline while creating a new application by
+The asset pipeline is implemented by the
+[sprockets-rails](https://github.com/rails/sprockets-rails) gem,
+and is enabled by default. You can disable it while creating a new application by
 passing the `--skip-sprockets` option.
 
 ```bash
diff --git a/guides/source/configuring.md b/guides/source/configuring.md
index d3a87c3820..e57d873719 100644
--- a/guides/source/configuring.md
+++ b/guides/source/configuring.md
@@ -108,7 +108,7 @@ numbers. New applications filter out passwords by adding the following `config.f
 
 * `config.force_ssl` forces all requests to be served over HTTPS by using the `ActionDispatch::SSL` middleware, and sets `config.action_mailer.default_url_options` to be `{ protocol: 'https' }`. This can be configured by setting `config.ssl_options` - see the [ActionDispatch::SSL documentation](http://edgeapi.rubyonrails.org/classes/ActionDispatch/SSL.html) for details.
 
-* `config.log_formatter` defines the formatter of the Rails logger. This option defaults to an instance of `ActiveSupport::Logger::SimpleFormatter` for all modes except production, where it defaults to `Logger::Formatter`.
+* `config.log_formatter` defines the formatter of the Rails logger. This option defaults to an instance of `ActiveSupport::Logger::SimpleFormatter` for all modes except production, where it defaults to `Logger::Formatter`. If you are setting a value for `config.logger` you must manually pass the value of your formatter to your logger before it is wrapped in an `ActiveSupport::TaggedLogging` instance, Rails will not do it for you.
 
 * `config.log_level` defines the verbosity of the Rails logger. This option
 defaults to `:debug` for all environments. The available log levels are: `:debug`,
@@ -116,7 +116,21 @@ defaults to `:debug` for all environments. The available log levels are: `:debug
 
 * `config.log_tags` accepts a list of: methods that the `request` object responds to, a `Proc` that accepts the `request` object, or something that responds to `to_s`. This makes it easy to tag log lines with debug information like subdomain and request id - both very helpful in debugging multi-user production applications.
 
-* `config.logger` accepts a logger conforming to the interface of Log4r or the default Ruby `Logger` class. Defaults to an instance of `ActiveSupport::Logger`.
+* `config.logger` is the logger that will be used for `Rails.logger` and any related Rails logging such as `ActiveRecord::Base.logger`. It defaults to an instance of `ActiveSupport::TaggedLogging` that wraps an instance of `ActiveSupport::Logger` which outputs a log to the `log/` directory. You can supply a custom logger, to get full compatability you must follow these guidelines:
+  * To support a formatter you must manually assign a formatter from the `config.log_formatter` value to the logger.
+  * To support tagged loggs the log instance must be wrapped with `ActiveSupport::TaggedLogging`.
+  * To support silencing the logger must include `LoggerSilence` and `ActiveSupport::LoggerThreadSafeLevel` modules. The `ActiveSupport::Logger` class already includes these modules.
+
+    ```ruby
+    class MyLogger < ::Logger
+      include ActiveSupport::LoggerThreadSafeLevel
+      include LoggerSilence
+    end
+
+    mylogger           = MyLogger.new(STDOUT)
+    mylogger.formatter = config.log_formatter
+    config.logger = ActiveSupport::TaggedLogging.new(mylogger)
+    ```
 
 * `config.middleware` allows you to configure the application's middleware. This is covered in depth in the [Configuring Middleware](#configuring-middleware) section below.
 
@@ -569,7 +583,7 @@ There are a few configuration options available in Active Support:
 
 `config.active_job` provides the following configuration options:
 
-* `config.active_job.queue_adapter` sets the adapter for the queueing backend. The default adapter is `:inline` which will perform jobs immediately. For an up-to-date list of built-in adapters see the [ActiveJob::QueueAdapters API documentation](http://api.rubyonrails.org/classes/ActiveJob/QueueAdapters.html).
+* `config.active_job.queue_adapter` sets the adapter for the queueing backend. The default adapter is `:async`. For an up-to-date list of built-in adapters see the [ActiveJob::QueueAdapters API documentation](http://api.rubyonrails.org/classes/ActiveJob/QueueAdapters.html).
 
     ```ruby
     # Be sure to have the adapter's gem in your Gemfile
diff --git a/guides/source/security.md b/guides/source/security.md
index f4a9f64669..4883c1abe7 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -160,7 +160,7 @@ The most effective countermeasure is to _issue a new session identifier_ and dec
 reset_session
 ```
 
-If you use the popular RestfulAuthentication plugin for user management, add reset_session to the SessionsController#create action. Note that this removes any value from the session, _you have to transfer them to the new session_.
+If you use the popular [Devise](https://rubygems.org/gems/devise) gem for user management, it will automatically expire sessions on sign in and sign out for you. If you roll your own, remember to expire the session after your sign in action (when the session is created). This will remove values from the session, therefore _you will have to transfer them to the new session_.
 
 Another countermeasure is to _save user-specific properties in the session_, verify them every time a request comes in, and deny access, if the information does not match. Such properties could be the remote IP address or the user agent (the web browser name), though the latter is less user-specific. When saving the IP address, you have to bear in mind that there are Internet service providers or large organizations that put their users behind proxies. _These might change over the course of a session_, so these users will not be able to use your application, or only in a limited way.
 
diff --git a/guides/source/upgrading_ruby_on_rails.md b/guides/source/upgrading_ruby_on_rails.md
index d5576be6f2..0c1e00100b 100644
--- a/guides/source/upgrading_ruby_on_rails.md
+++ b/guides/source/upgrading_ruby_on_rails.md
@@ -417,7 +417,7 @@ secrets, you need to:
 
 3. Remove the `secret_token.rb` initializer.
 
-4. Use `rails secret` to generate new keys for the `development` and `test` sections.
+4. Use `rake secret` to generate new keys for the `development` and `test` sections.
 
 5. Restart your server.