acts_as_audited security update
Thanks to Michael Schuerig for pointing out that malicious users could unassociate your audit records due to the use of has\_many in acts\_as\_audited. has\_many :audits creates an attribute accessor called audit\_ids on the model objects that you declare acts\_as\_audited, which could allow users to pass an array of ids that would overwrite the actual audit records.
This has been fixed by adding attr\_protected :audit\_ids, which protects it from mass assignment. If you're not using SVN externals, make sure you get the latest version.
This content is open source.
Suggest Improvements.
I am Brandon Keepers, and I work at