* Token generation for CSRF protection has been simplified; now Rails uses a simple random string generated by +ActiveSupport::SecureRandom+ rather than mucking around with session IDs.
* +auto_link+ now properly applies options (such as +:target+ and +:class+) to generated e-mail links.
* The +autolink+ helper has been refactored to make it a bit less messy and more intuitive.
* +current_page?+ now works properly even when there are multiple query parameters in the URL.
h3. Active Support
...
...
@@ -482,6 +483,9 @@ h4. Other Railties Changes
* The dbconsole script now lets you use an all-numeric password without crashing.
* +Rails.root+ now returns a +Pathname+ object, which means you can use it directly with the +join+ method to "clean up existing code":http://afreshcup.com/2008/12/05/a-little-rails_root-tidiness/ that uses +File.join+.
* Various files in /public that deal with CGI and FCGI dispatching are no longer generated in every Rails application by default (you can still get them if you need them by adding +--with-dispatches+ when you run the +rails+ command, or add them later with +rake rails:generate_dispatchers+).
* Rails Guides have been converted from AsciiDoc to Textile markup.
* Scaffolded views and controllers have been cleaned up a bit.
* +script/server+ now accepts a <tt>--path</tt> argument to mount a Rails application from a specific path.
