Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

86 lines (52 sloc) 3.234 kb

Rails 4.0.0 (unreleased)

  • Use BCrypt's MIN_COST in the test environment for speedier tests when using has_secure_pasword.

    Brian Cardarella + Jeremy Kemper + Trevor Turk

  • Add ActiveModel::ForbiddenAttributesProtection, a simple module to protect attributes from mass assignment when non-permitted attributes are passed.

    DHH + Guillermo Iguaran

  • ActiveModel::MassAssignmentSecurity has been extracted from Active Model and the protected_attributes gem should be added to Gemfile in order to use attr_accessible and attr_protected macros in your models.

    Guillermo Iguaran

  • Due to a change in builder, nil values and empty strings now generates closed tags, so instead of this:

    <pseudonyms nil=\"true\"></pseudonyms>

    It generates this:

    <pseudonyms nil=\"true\"/>

    Carlos Antonio da Silva

  • Changed inclusion and exclusion validators to accept a symbol for :in option.

    This allows to use dynamic inclusion/exclusion values using methods, besides the current lambda/proc support.

    Gabriel Sobrinho

  • AM::Validation#validates ability to pass custom exception to :strict option.

    Bogdan Gusiev

  • Changed ActiveModel::Serializers::Xml::Serializer#add_associations to by default propagate :skip_types, :dasherize, :camelize keys to included associations. It can be overriden on each association by explicitly specifying the option on one or more associations

    Anthony Alberto

  • Changed `AM::Serializers::JSON.include_root_in_json' default value to false. Now, AM Serializers and AR objects have the same default behaviour. Fixes #6578.

    class User < ActiveRecord::Base; end
    class Person
      include ActiveModel::Model
      include ActiveModel::AttributeMethods
      include ActiveModel::Serializers::JSON
      attr_accessor :name, :age
      def attributes
    => {"id"=>1, "name"=>"Konata Izumi", "age"=>16, "awesome"=>true}
    # root is not included
    => {"name"=>"Francesco", "age"=>22}
    # root is not included

    Francesco Rodriguez

  • Passing false hash values to validates will no longer enable the corresponding validators Steve Purcell

  • ConfirmationValidator error messages will attach to :#{attribute}_confirmation instead of attribute Brian Cardarella

  • Added ActiveModel::Model, a mixin to make Ruby objects work with AP out of box Guillermo Iguaran

  • AM::Errors#to_json: support :full_messages parameter Bogdan Gusiev

  • Trim down Active Model API by removing valid? and errors.full_messages José Valim

  • When ^ or $ are used in the regular expression provided to validates_format_of and the :multiline option is not set to true, an exception will be raised. This is to prevent security vulnerabilities when using validates_format_of. The problem is described in detail in the Rails security guide Jan Berdajs + Egor Homakov

Please check 3-2-stable for previous changes.

Jump to Line
Something went wrong with that request. Please try again.