We just upgraded to rails 4.1.13 from 4.0.1. We've dragged our feet at implementing strong parameters. As such, we are still using the protected_attributes gem so we can use the old behavior.

Now, we are getting an ActiveModel::ForbiddenAttributesError. I do not understand why, since we are using the protected_attributes gem..

You can basically use the following code snippet to mark attributes safe for mass assignment other than the id attribute of your model

attr_protected :id

Please note that doing so makes all the attributes other than id of your model safe for mass assignment. If most of the attributes of your model can be mass assigned, I think using attr_protected instead of using attr_accessible makes more sense as it does the same job without writing more lines of code.