#none documentation updated [ci skip]

Annotated tags will provide us with Tagger and Time information.

allow video_tag to accept `size` as `Number` for square shaped videos

typo: should be 'DateTime.civil_from_format' and not 'DateTime.civil_from_fromat'

Prettify the removals from Action Controller in 4.1 release notes. [ci skip]

Remove the navigator for now. Its ugly and it promises more than it can deliver. These other views (properties, routes) are not designed to be loaded in isolation

Discuss Action Pack's new CSRF protection from remote script tags and what it means for your app. In short, update your tests if they don't already use the 'xhr :post' style.

CSRF protection from cross-origin <script> tags

Thanks to @homakov for sounding the alarm about JSONP-style data leaking

Create a blacklist to disallow mutator methods to be delegated to Array

Conflicts:
	guides/source/upgrading_ruby_on_rails.md

Release notes fixes [ci skip]

* Added release notes for secrets.yml and mentioned it in the highlights
* Added release notes for Mailer previews and mentioned it in the highlights
* Added release notes for Module#concerning
* Removed mention for AV extraction from the highlights
* Rearranged the major features to put highlighted features first
* Various improvements and typo fixes

[ci skip]

Default I18n.enforce_available_locales to true

We will default this option to true from now on to ensure users properly handle their list of available locales whenever necessary. This option was added as a security measure and thus Rails will follow it defaulting to secure option.

Also improve the handling of I18n config options in its railtie, taking the new enforce_available_locales option into account, by setting it as the last one in the process. This ensures no other configuration will trigger a deprecation warning due to that setting.

This change was necessary because the whitelist wouldn't work.
It would be painful for users trying to update their applications.

This blacklist intent to prevent odd bugs and confusion in code that call mutator
methods directely on the `Relation`.

[ci skip]

test case for #limit added - picking latest value from limit

As discussed with @fxn the release notes are a snapshot document.
The links going out to the API should represent that exact snapshot.
This means we always link to the full final release. For example
the 3.2 release notes link to http://api.rubyonrails.org/v3.2.0.

The option enforce_available_locales is only available on latest
versions, so require the last available one which has the option +
other related fixes and should not have backward compatibility issues.

We will default this option to true from now on to ensure users properly
handle their list of available locales whenever necessary. This option
was added as a security measure and thus Rails will follow it defaulting
to secure option.

Also improve the handling of I18n config options in its railtie, taking
the new enforce_available_locales option into account, by setting it as
the last one in the process. This ensures no other configuration will
trigger a deprecation warning due to that setting.

/cc @chancancode

Introduce Module#concerning

A natural, low-ceremony way to separate responsibilities within a class.

Imported from https://github.com/37signals/concerning#readme

Blast from the past, MySQL 4 era, when the password hashing style changed.