Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Update changelogs to add entries about strong_parameters integration

  • Loading branch information...
commit 1f4c89fbde85a07cb3eba9888eb1f9f226d3a1f0 1 parent 7c2d33b
Guillermo Iguaran authored
14 actionpack/CHANGELOG.md
View
@@ -1,5 +1,19 @@
## Rails 4.0.0 (unreleased) ##
+* Add `ActionController::StrongParameters`, this module converts `params` hash into
+ an instance of ActionController::Parameters that allows whitelisting of permitted
+ parameters. Non-permitted parameters are forbidden to be used in Active Model by default
+ For more details check the documentation of the module or the
+ [strong_parameters gem](https://github.com/rails/strong_parameters)
+
+ *DHH + Guillermo Iguaran*
+
+* Remove Integration between `attr_accessible`/`attr_protected` and
+ `ActionController::ParamsWrapper`. ParamWrapper now wraps all the parameters returned
+ by the class method attribute_names
+
+ *Guillermo Iguaran*
+
* Fix #7646, the log now displays the correct status code when an exception is raised.
*Yves Senn*
11 activemodel/CHANGELOG.md
View
@@ -1,5 +1,16 @@
## Rails 4.0.0 (unreleased) ##
+* Add `ActiveModel::ForbiddenAttributesProtection`, a simple module to
+ protect attributes from mass assignment when non-permitted attributes are passed.
+
+ *DHH + Guillermo Iguaran*
+
+* `ActiveModel::MassAssignmentSecurity` has been extracted from Active Model and the
+ `protected_attributes` gem should be added to Gemfile in order to use
+ `attr_accessible` and `attr_protected` macros in your models.
+
+ *Guillermo Iguaran*
+
* Due to a change in builder, nil values and empty strings now generates
closed tags, so instead of this:
14 activerecord/CHANGELOG.md
View
@@ -1,5 +1,19 @@
## Rails 4.0.0 (unreleased) ##
+* `ActiveModel::ForbiddenAttributesProtection` is included by default
+ in Active Record models. Check the docs of `ActiveModel::ForbiddenAttributesProtection`
+ for more details.
+
+ *Guillermo Iguaran*
+
+* Remove integration between Active Record and
+ `ActiveModel::MassAssignmentSecurity`, `protected_attributes` gem
+ should be added to use `attr_accessible`/`attr_protected`. Mass
+ assignment options has been removed from all the AR methods that
+ used it (ex. AR::Base.new, AR::Base.create, AR::Base#update_attributes, etc)
+
+ *Guillermo Iguaran*
+
* Fix the return of querying with an empty hash.
Fix #6971.
11 railties/CHANGELOG.md
View
@@ -1,5 +1,16 @@
## Rails 4.0.0 (unreleased) ##
+* Add `config.action_controller.permit_all_parameters` to disable
+ StrongParameters protection, it's false by default.
+
+ *Guillermo Iguaran*
+
+* Remove `config.active_record.whitelist_attributes` and
+ `config.active_record.mass_assignment_sanitizer` from new applications since
+ MassAssignmentSecurity has been extracted from Rails.
+
+ *Guillermo Iguaran*
+
* Change `rails new` and `rails plugin new` generators to name the `.gitkeep` files
as `.keep` in a more SCM-agnostic way.
Please sign in to comment.
Something went wrong with that request. Please try again.