Update changelogs to add entries about strong_parameters integration

2012-09-19 17:10:32 -05:00 · 2012-09-19 17:10:32 -05:00 · 1f4c89fbde
commit 1f4c89fbde
parent 7c2d33bd86
4 changed files with 50 additions and 0 deletions
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@ -1,5 +1,19 @@
 ## Rails 4.0.0 (unreleased) ##

+*   Add `ActionController::StrongParameters`, this module converts `params` hash into
+    an instance of ActionController::Parameters that allows whitelisting of permitted 
+    parameters. Non-permitted parameters are forbidden to be used in Active Model by default
+    For more details check the documentation of the module or the 
+    [strong_parameters gem](https://github.com/rails/strong_parameters)
+
+    *DHH + Guillermo Iguaran*
+
+*   Remove Integration between `attr_accessible`/`attr_protected` and
+    `ActionController::ParamsWrapper`. ParamWrapper now wraps all the parameters returned 
+    by the class method attribute_names
+
+    *Guillermo Iguaran*
+
 *   Fix #7646, the log now displays the correct status code when an exception is raised.

    *Yves Senn*
--- a/activemodel/CHANGELOG.md
+++ b/activemodel/CHANGELOG.md
@ -1,5 +1,16 @@
 ## Rails 4.0.0 (unreleased) ##

+*   Add `ActiveModel::ForbiddenAttributesProtection`, a simple module to
+    protect attributes from mass assignment when non-permitted attributes are passed.
+
+    *DHH + Guillermo Iguaran*
+
+*   `ActiveModel::MassAssignmentSecurity` has been extracted from Active Model and the
+    `protected_attributes` gem should be added to Gemfile in order to use
+    `attr_accessible` and `attr_protected` macros in your models.
+
+    *Guillermo Iguaran*
+
 *   Due to a change in builder, nil values and empty strings now generates
    closed tags, so instead of this:

--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@ -1,5 +1,19 @@
 ## Rails 4.0.0 (unreleased) ##

+*   `ActiveModel::ForbiddenAttributesProtection` is included by default
+    in Active Record models. Check the docs of `ActiveModel::ForbiddenAttributesProtection`
+    for more details.
+
+    *Guillermo Iguaran*
+
+*   Remove integration between Active Record and
+    `ActiveModel::MassAssignmentSecurity`, `protected_attributes` gem
+    should be added to use `attr_accessible`/`attr_protected`. Mass
+    assignment options has been removed from all the AR methods that
+    used it (ex. AR::Base.new, AR::Base.create, AR::Base#update_attributes, etc)
+
+    *Guillermo Iguaran*
+
 *   Fix the return of querying with an empty hash.
    Fix #6971.

--- a/railties/CHANGELOG.md
+++ b/railties/CHANGELOG.md
@ -1,5 +1,16 @@
 ## Rails 4.0.0 (unreleased) ##

+*   Add `config.action_controller.permit_all_parameters` to disable
+    StrongParameters protection, it's false by default.
+
+    *Guillermo Iguaran*
+
+*   Remove `config.active_record.whitelist_attributes` and 
+    `config.active_record.mass_assignment_sanitizer` from new applications since
+    MassAssignmentSecurity has been extracted from Rails.
+
+    *Guillermo Iguaran*
+
 *   Change `rails new` and `rails plugin new` generators to name the `.gitkeep` files
    as `.keep` in a more SCM-agnostic way.