diff --git a/app/controllers/issue_categories_controller.rb b/app/controllers/issue_categories_controller.rb
index 4f9300ab..cafbf8ae 100644
--- a/app/controllers/issue_categories_controller.rb
+++ b/app/controllers/issue_categories_controller.rb
@@ -23,7 +23,8 @@ class IssueCategoriesController < ApplicationController
   verify :method => :post, :only => :destroy
 
   def new
-    @category = @project.issue_categories.build(params[:category])
+    @category = @project.issue_categories.build
+    @category.safe_attributes = params[:category]
     if request.post?
       if @category.save
         respond_to do |format|
@@ -50,7 +51,8 @@ class IssueCategoriesController < ApplicationController
   end
 
   def edit
-    if request.post? and @category.update_attributes(params[:category])
+    @category.safe_attributes = params[:category]
+    if request.post? and @category.save
       flash[:notice] = l(:notice_successful_update)
       redirect_to :controller => 'projects', :action => 'settings', :tab => 'categories', :id => @project
     end
diff --git a/app/models/issue_category.rb b/app/models/issue_category.rb
index 9fe34f9f..274d712d 100644
--- a/app/models/issue_category.rb
+++ b/app/models/issue_category.rb
@@ -13,6 +13,7 @@
 #++
 
 class IssueCategory < ActiveRecord::Base
+  include Redmine::SafeAttributes
   belongs_to :project
   belongs_to :assigned_to, :class_name => 'User', :foreign_key => 'assigned_to_id'
   has_many :issues, :foreign_key => 'category_id', :dependent => :nullify
@@ -21,6 +22,8 @@ class IssueCategory < ActiveRecord::Base
   validates_uniqueness_of :name, :scope => [:project_id]
   validates_length_of :name, :maximum => 30
 
+  safe_attributes 'name', 'assigned_to_id'
+
   alias :destroy_without_reassign :destroy
 
   # Destroy the category