3scale · mayorova · Mar 19, 2026 · Mar 19, 2026 · Mar 19, 2026 · Mar 23, 2026
diff --git a/Gemfile b/Gemfile
@@ -20,8 +20,6 @@ gem "activejob-uniqueness"
 # Needed for XML serialization of ActiveRecord::Base
 gem 'activemodel-serializers-xml'
 
-gem 'protected_attributes_continued', '~> 1.9.0'
-
 gem 'rails-observers'
 
 gem 'strong_migrations', '~> 2.1.0'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -618,8 +618,6 @@ GEM
       bigdecimal
       logger
       rb_sys (~> 0.9.117)
-    protected_attributes_continued (1.9.0)
-      activemodel (>= 5.0)
     pry (0.15.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
@@ -1101,7 +1099,6 @@ DEPENDENCIES
   prawn
   prawn-svg
   prawn-table!
-  protected_attributes_continued (~> 1.9.0)
   pry-byebug (>= 3.11.0)
   pry-doc (>= 0.8)
   pry-rails

diff --git a/app/events/applications/application_deleted_event.rb b/app/events/applications/application_deleted_event.rb
@@ -5,7 +5,7 @@ class Applications::ApplicationDeletedEvent < ApplicationRelatedEvent
   # @param [Cinstance] application
   # :reek:NilCheck but proxy can be nil at this point
   def self.create(application)
-    service = application.service || Service.new({id: application.service_id}, without_protection: true)
+    service = application.service || Service.new(id: application.service_id)
     new(
       application: MissingModel::MissingApplication.new(id: application.id),
       service_backend_id: service.backend_id,

diff --git a/app/events/zync_event.rb b/app/events/zync_event.rb
@@ -70,7 +70,7 @@ def self.type_for(model)
   def non_persisted_dependencies
     case record
     when Proxy, Cinstance
-      [Service.new({id: data[:service_id]}, without_protection: true)]
+      [Service.new(id: data[:service_id])]
     else
       NONE
     end

diff --git a/app/lib/backend_api_logic/service_extension.rb b/app/lib/backend_api_logic/service_extension.rb
@@ -33,7 +33,11 @@ def backend_api_config
       end
 
       def backend_api
-        @backend_api ||= backend_api_configs.first&.backend_api || account.backend_apis.build(system_name: service_system_name, name: "#{service_name} Backend", description: "Backend of #{service_name}")
+        # Return early if we already have a persisted backend_api
+        return @backend_api if @backend_api&.persisted?
+
+        # Try to get backend_api from backend_api_configs, or keep the memoized unpersisted one, or build a new one
+        @backend_api = backend_api_configs.first&.backend_api || @backend_api || build_backend_api
       end
 
       def update!(attrs = {})
@@ -52,6 +56,18 @@ def update(attrs = {})
       rescue ActiveRecord::RecordInvalid
         false
       end
+
+      private
+
+      def build_backend_api
+        # Build without adding to association to avoid polluting it with unpersisted records
+        BackendApi.new(
+          account: account,
+          system_name: service_system_name,
+          name: "#{service_name} Backend",
+          description: "Backend of #{service_name}"
+        )
+      end
     end
 
     def backend_api_proxy

diff --git a/app/lib/fields/fields.rb b/app/lib/fields/fields.rb
@@ -124,7 +124,7 @@ def initialize(attributes = nil, *args)
     # otherwise it raises exception on unknown (extra) fields
     # check http://api.rubyonrails.org/classes/ActiveRecord/AttributeAssignment.html#method-i-assign_attributes
 
-    def assign_attributes(extra_attributes, options = {})
+    def assign_attributes(extra_attributes)
       # dup the fields because we are mutating them (params hash)
       attributes = extra_attributes.present? ? extra_attributes.dup : {}
 
@@ -135,7 +135,7 @@ def assign_attributes(extra_attributes, options = {})
         self.extra_fields = fields_attributes
       end
 
-      super(attributes, options)
+      super(attributes)
     end
 
     alias attributes= assign_attributes

diff --git a/app/lib/fields/provider.rb b/app/lib/fields/provider.rb
@@ -11,9 +11,8 @@ def initialize(provider)
       def for(klass)
         columns = klass.column_names
         defined = fields_definitions.by_target(klass.name.underscore).map(&:name)
-        protected =  klass.protected_attributes.to_a
 
-        ((columns + defined) - protected).uniq
+        (columns + defined).uniq
       end
 
       protected

diff --git a/app/lib/finance/billing.rb b/app/lib/finance/billing.rb
@@ -8,7 +8,7 @@ def initialize(invoice)
 
     def create_line_item(params)
       bill do
-        @invoice.line_items.create(params, {without_protection: true})
+        @invoice.line_items.create(params)
       end
     rescue Invoice::InvalidInvoiceStateException
       line_item_with_error(params, :invalid_invoice_state)
@@ -18,7 +18,7 @@ def create_line_item(params)
 
     def create_line_item!(params)
       bill do
-        @invoice.line_items.create!(params, {without_protection: true})
+        @invoice.line_items.create!(params)
       end
     end
 
@@ -37,7 +37,7 @@ def bill
     end
 
     def line_item_with_error(params, error_type)
-      LineItem.new(params, {without_protection: true}).tap do |line_item|
+      LineItem.new(params).tap do |line_item|
         line_item.errors.add(:base, error_type.to_sym)
       end
     end

diff --git a/app/lib/logic/cms.rb b/app/lib/logic/cms.rb
@@ -64,7 +64,7 @@ def cms_toolbar_intro_visible?
       end
 
       def create_cms_assets
-        self.builtin_sections.create!({ title: 'Root', system_name: 'root', parent_id: nil }, without_protection: true)
+        self.builtin_sections.create!(title: 'Root', system_name: 'root', parent_id: nil)
         # TODO: add SimpleLayout logic here
       end
     end

diff --git a/app/lib/signup/impersonation_admin_builder.rb b/app/lib/signup/impersonation_admin_builder.rb
@@ -6,14 +6,12 @@ def self.build(account:)
       config = ThreeScale.config.impersonation_admin
       username = config[:username]
       impersonation_admin = account.users.new(
-        {
-          username: username,
-          email: "#{username}+#{account.internal_domain}@#{config[:domain]}",
-          first_name: '3scale',
-          last_name: 'Admin',
-          state: 'active'
-        },
-        without_protection: true)
+        username: username,
+        email: "#{username}+#{account.internal_domain}@#{config[:domain]}",
+        first_name: '3scale',
+        last_name: 'Admin',
+        state: 'active'
+      )
       impersonation_admin.role = :admin
       impersonation_admin.signup_type = :minimal
       impersonation_admin

diff --git a/app/models/account_setting.rb b/app/models/account_setting.rb
@@ -11,9 +11,6 @@ def self.find_sti_class(type_name)
     self
   end
 
-  # TODO: remove attr_accessible once protected_attributes_continued gem is removed
-  attr_accessible :type, :value, :account, :tenant_id
-
   belongs_to :account, inverse_of: :account_settings
 
   audited associated_with: :account

diff --git a/app/models/cms/template.rb b/app/models/cms/template.rb
@@ -94,7 +94,7 @@ def current
 
   def build_version(attrs = {})
     version = versions.build
-    version.assign_attributes(version_attributes.merge(attrs), :without_protection => true)
+    version.assign_attributes(version_attributes.merge(attrs))
     version
   end
 

diff --git a/app/models/cms/template/version.rb b/app/models/cms/template/version.rb
@@ -32,10 +32,8 @@ def diff(other)
   end
 
   def revert_attributes
-    accessible = template.class.accessible_attributes.delete('draft').add('updated_at').add('updated_by')
-
-    accessible << state.to_s
-    attributes.slice *accessible
+    accessible = [:updated_at, :updated_by, state.to_s]
+    attributes.slice(*accessible)
   end
 
 end
diff --git a/app/models/contract.rb b/app/models/contract.rb
@@ -4,7 +4,7 @@ class Contract < ApplicationRecord
   # https://github.com/collectiveidea/audited/blob/f03c5b5d1717f2ebec64032d269316dc74476056/lib/audited/auditor.rb#L305-L311
   self.table_name = 'cinstances'
 
-  audited allow_mass_assignment: true
+  audited
 
   # FIXME: This class should be an abstract class I think, but doing so makes plenty of tests fail
   # self.abstract_class = true

diff --git a/app/models/feature.rb b/app/models/feature.rb
@@ -2,7 +2,7 @@ class Feature < ApplicationRecord
 
   self.background_deletion = [:features_plans]
 
-  audited :allow_mass_assignment => true
+  audited
 
   #TODO: these need tests
   #OPTIMIZE subclassing a better solution for these 2

diff --git a/app/models/finance/billing_strategy.rb b/app/models/finance/billing_strategy.rb
@@ -11,7 +11,7 @@ class << self
     prepend NonAuditedColumns
   end
 
-  audited :allow_mass_assignment => true
+  audited
 
   attr_reader :failed_buyers
 

diff --git a/app/models/invoice.rb b/app/models/invoice.rb
@@ -14,7 +14,7 @@ class Invoice < ApplicationRecord
   enum creation_type: {manual: 'manual', background: 'background'}
 
   include AfterCommitQueue
-  audited :allow_mass_assignment => true
+  audited
   has_associated_audits
 
   class InvalidInvoiceStateException < RuntimeError; end

diff --git a/app/models/line_item.rb b/app/models/line_item.rb
@@ -5,7 +5,7 @@ class LineItem < ApplicationRecord
   belongs_to :contract, polymorphic: true
   belongs_to :metric, inverse_of: :line_items
 
-  audited associated_with: :invoice, allow_mass_assignment: true
+  audited associated_with: :invoice
 
   validates :name, :description, :type, :contract_type, length: { maximum: 255 }
   validates :type, inclusion: {in: [LineItem::PlanCost, LineItem::VariableCost].flat_map { |klass| [klass, klass.to_s]}, allow_blank: true}

diff --git a/app/models/mail_dispatch_rule.rb b/app/models/mail_dispatch_rule.rb
@@ -10,14 +10,15 @@ def self.fetch_with_retry!(options, &block)
     retries = 0
 
     begin
-      MailDispatchRule.find_or_create_by!(options, &block)
+      # Use find_by + create! directly to avoid transaction wrapper from create_or_find_by!
+      # This preserves the old behavior from protected_attributes_continued gem
+      # where records created in the block are committed even if the outer create fails
+      find_by(options) || create!(options, &block)
     rescue ActiveRecord::RecordNotUnique
-      if retries > 10
-        raise
-      else
-        retries += 1
-        retry
-      end
+      raise if retries > 10
+
+      retries += 1
+      retry
     end
   end
 end
diff --git a/app/models/metric.rb b/app/models/metric.rb
@@ -21,7 +21,7 @@ class Metric < ApplicationRecord
 
   has_many :proxy_rules, :dependent => :destroy, inverse_of: :metric
 
-  audited :allow_mass_assignment => true
+  audited
   has_system_name uniqueness_scope: %i[owner_type owner_id], human_name: :friendly_name
 
   acts_as_tree

diff --git a/app/models/payment_detail.rb b/app/models/payment_detail.rb
@@ -10,7 +10,7 @@ class PaymentDetail < ApplicationRecord
 
   belongs_to :account
 
-  audited allow_mass_assignment: true
+  audited
 
   validates :credit_card_partial_number, length: { :maximum => 4,
                                                    :allow_blank => true,

diff --git a/app/models/plan.rb b/app/models/plan.rb
@@ -16,7 +16,7 @@ class PeriodRangeCalculationError < StandardError; end
 
   has_system_name :uniqueness_scope => [ :type, :issuer_id, :issuer_type ]
 
-  audited :allow_mass_assignment => true
+  audited
   acts_as_list scope: %i[issuer_id issuer_type]
 
   # There is a race condition here, the record gets deleted but the callbacks were not triggered yet

diff --git a/app/models/pricing_rule.rb b/app/models/pricing_rule.rb
@@ -1,6 +1,6 @@
 class PricingRule < ApplicationRecord
   DECIMALS = 4
-  audited :allow_mass_assignment => true
+  audited
 
   belongs_to :plan
   belongs_to :metric

diff --git a/app/models/provider_constraints.rb b/app/models/provider_constraints.rb
@@ -1,7 +1,7 @@
 class ProviderConstraints < ApplicationRecord
   NO_LIMIT = Float::INFINITY
 
-  audited allow_mass_assignment: true
+  audited
 
   belongs_to :provider, class_name: 'Account'
 

diff --git a/app/models/settings.rb b/app/models/settings.rb
@@ -2,7 +2,7 @@ class Settings < ApplicationRecord
   include Symbolize
   belongs_to :account, inverse_of: :settings
 
-  audited allow_mass_assignment: true
+  audited
 
   validates :product, inclusion: { in: %w[connect enterprise].freeze }
   validates :change_account_plan_permission, :change_service_plan_permission, inclusion: { in: %w[request none credit_card request_credit_card direct].freeze }
@@ -37,8 +37,8 @@ def approval_required_disabled?
     not_custom_account_plans.size > 1 && account_plans_ui_visible?
   end
 
-  def assign_attributes(attrs, options = {})
-    super(sanitize_attributes(attrs), options)
+  def assign_attributes(attrs)
+    super(sanitize_attributes(attrs))
   end
 
   def update(attrs)

diff --git a/app/services/finance/stripe_payment_intent_update_service.rb b/app/services/finance/stripe_payment_intent_update_service.rb
@@ -41,6 +41,6 @@ def create_payment_transaction
       params: source_object
     }
 
-    payment_transactions.create(attributes, without_protection: true)
+    payment_transactions.create(attributes)
   end
 end
diff --git a/app/services/service_discovery/import_cluster_definitions_service.rb b/app/services/service_discovery/import_cluster_definitions_service.rb
@@ -91,7 +91,7 @@ def import_cluster_active_docs_to(service)
     end
 
     def build_api_doc_service(service)
-      service.api_docs_services.build({ name: cluster_service.name, published: true, discovered: true }, without_protection: true)
+      service.api_docs_services.build(name: cluster_service.name, published: true, discovered: true)
     end
 
     def valid_cluster_service_spec?(service)

diff --git a/app/workers/audited_worker.rb b/app/workers/audited_worker.rb
@@ -3,7 +3,7 @@ class AuditedWorker
 
   def perform(attributes)
     audit = Audited.audit_class.new
-    audit.assign_attributes(attributes, without_protection: true) # Rails 4 can remove the option
+    audit.assign_attributes(attributes)
     audit.save!
   end
 end
diff --git a/app/workers/backend_delete_service_worker.rb b/app/workers/backend_delete_service_worker.rb
@@ -11,7 +11,7 @@ def perform(event_id)
     event = EventStore::Repository.find_event!(event_id)
     service_id = event.service_id
     ThreeScale::Core::Service.delete_stats(service_id, {})
-    service = Service.new({id: service_id}, without_protection: true)
+    service = Service.new(id: service_id)
     service.delete_backend_service
   rescue ActiveRecord::RecordNotFound => exception
     System::ErrorReporting.report_error(exception, parameters: {event_id: event_id})

diff --git a/config/application.rb b/config/application.rb
@@ -131,8 +131,6 @@ def try_config_for(*args)
 
     config.logger = ActiveSupport::TaggedLogging.new(ActiveSupport::Logger.new(STDOUT)) if ENV['RAILS_LOG_TO_STDOUT'].present?
 
-    config.active_record.whitelist_attributes = false
-
     config.boot_time = Time.now
 
     # Configuration for the application, engines, and railties goes here.

diff --git a/config/initializers/protected_attributes_hacks.rb b/config/initializers/protected_attributes_hacks.rb
-Original file line number
+Diff line change
@@ Expand Up / @@ -11,7 +11,7 @@ class << self @@
         prepend NonAuditedColumns
       end
-      audited :allow_mass_assignment => true
+      audited
       attr_reader :failed_buyers
@@ Expand Down @@