From 44aca7b29502995b3e2ed94f7288646f134ff612 Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron.patterson@gmail.com>
Date: Thu, 31 May 2012 10:23:39 -0700
Subject: adding security notifications to CHANGELOGs

---
 actionpack/CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'actionpack')

diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 1ec3a954fb..6f737001de 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -21,6 +21,9 @@
 
 *   Fix the redirect when it receive blocks with arity of 1. Closes #5677
 
+*   Strip [nil] from parameters hash. Thanks to Ben Murphy for
+    reporting this! CVE-2012-2660
+
 ## Rails 3.2.3 (March 30, 2012) ##
 
 *   Allow to lazy load `default_form_builder` by passing a `String` instead of a constant. *Piotr Sarnacki*
-- 
cgit v1.2.3