Rails core - Oct 2014 - 4.1.5 requires Model.where(hash_attributes) to use sanitized params

YIKES! Rails 4.1.5 requires safe params for  calling 
Model.where(object_that is_Hash).

I documented the details here:

http://forum.railsonmaui.com/t/rails-4-1-5-security-fix-breaks-model-where-attributes/110

Was it expected that we needed to worry about safe_params for Model.where 
starting with 4.1.5? Possibly that should go into the release notes?

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to rubyonrails-core+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-core@googlegroups.com.
Visit this group at http://groups.google.com/group/rubyonrails-core.
For more options, visit https://groups.google.com/d/optout.