https://github.com/rails/rails/pull/15868/files#r14135210

[Guides] Sentence break for clarity [ci-skip]

Fix incorrect unsubscription.

Use `#bytesize` instead of `#size` when checking for cookie overflow

Although the cookie values happens to be ASCII strings because they are
Base64 encoded, it is semantically incorrect to check for the number of the
characters in the cookie, when we actually want to check for the number of the
bytes it consists of.

Furthermore it is unecessary coupling with the current implementation that
uses Base64 for encoding the values.

Also reordered some of the items to put newer ones on top (same order as
CHANGELOGs), which makes it easier to diff while we are still working on it.

Removed the single space character for Safari

`render nothing: true` or rendering a `nil` body no longer add a single
space to the response body.

The old behavior was added as a workaround for a bug in an early version of
Safari, where the HTTP headers are not returned correctly if the response
body has a 0-length. This is been fixed since and the workaround is no
longer necessary.

Use `render body: ' '` if the old behavior is desired.

  Address CVE-2014-4671 (JSONP Flash exploit)

* 'rosetta_flash' of https://github.com/gcampbell/rails:
  Address CVE-2014-4671 (JSONP Flash exploit)

Conflicts:
	actionpack/CHANGELOG.md

Force encoding of US-ASCII to UTF-8 in unescape_uri.

Because URI paths may contain non US-ASCII characters we need to force
the encoding of any unescaped URIs to UTF-8 if they are US-ASCII.
This essentially replicates the functionality of the monkey patch to
URI.parser.unescape in active_support/core_ext/uri.rb.

Fixes #16104.

[ci skip] Fixed link to strong params in Getting Started section 5.6.

[ci skip] Document millisecond precision change in ActiveSupport::TimeWithZone#as_json

Reduce number of subscriptions created.

Since 68574151 we are using #safe_join to
join the content when an Array is given, so we must include the dependent
module here to make sure it's available when this module is used alone.

This was making Simple Form tests to fail with current master due to the
missing dependency.

Adds a comment before JSONP callbacks. See
http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more
details on the exploit in question.

[ci skip] Fix 4.2 release notes list items. [Matthew Draper & Juanito Fatas]

[ci skip] Fix 4.2 release notes rendered display.

Use proper possessive punctuation [ci skip]

correct markdown usage [ci skip]

This updates rails to use edge rack

Add changelog for PR #14899

The changelog entry for #14899 was missing.

Include fixtures to prevent foreign key violation.

Warm up cache to prevent assertion failure.

Remove PG's definition of `type_cast`

Don't rely on the sql type to quote XML columns in PG