All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.
The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.
It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
The topic_id param is now required using strong_parameters' #require method. If the parameter is missing ActionController::ParameterMissing will be raised instead of Discourse::InvalidParameters.
Amazon S3 uploads are currently hardcoded to use https, where they should probably use whatever protocol the rest of the site is using. Removing the protocol and just using "//" links should accomplish that.
Régis Hanol
Ian Christian Myers
Sam
Shane Liesegang
Wojciech Kocjan
Gosha Arinich
Neil Lalonde
Jakub Arnold
Robin Ward