docs/14-gotchas.md in activeadmin-1.0.0.pre2 vs docs/14-gotchas.md in activeadmin-1.0.0.pre3

@@ -1,7 +1,13 @@
 #Gotchas
 
+## Security
+
+### Spreadsheet applications vulnerable to unescaped CSV data
+
+If your CSV export includes untrusted data provided by your users, it's possible that they could include an executable formula that could call arbitrary commands on your computer. See [#4256](https://github.com/activeadmin/activeadmin/issues/4256) for more details.
+
 ## Session Commits & Asset Pipeline
 
 When configuring the asset pipeline ensure that the asset prefix 
 (`config.assets.prefix`) is not the same as the namespace of ActiveAdmin 
 (default namespace is `/admin`). If they are the same Sprockets will prevent the 
@@ -11,11 +17,11 @@
 For more information see the following post: 
 [http://www.intridea.com/blog/2013/3/20/rails-assets-prefix-may-disable-your-session](http://www.intridea.com/blog/2013/3/20/rails-assets-prefix-may-disable-your-session)
 
 ## Helpers
 
-There are two knowing gotchas with helpers. This hopefully will help you to
+There are two known gotchas with helpers. This hopefully will help you to
 find a solution.
 
 ### Helpers are not reloading in development
 
 This is a known and still open [issue](https://github.com/activeadmin/activeadmin/issues/697)
@@ -51,13 +57,13 @@
 end
 ```
 
 ## CSS
 
-In order to avoid the override of your application style with the Active Admin one, you can do one of this things:
+In order to avoid the override of your application style with the Active Admin one, you can do one of these things:
 * You can properly move the generated file `active_admin.scss` from `app/assets/stylesheets` to `vendor/assets/stylesheets`.
-* You can remove all `require_tree` comands from your root level css files, where the `active_admin.scss` is in the tree.
+* You can remove all `require_tree` commands from your root level css files, where the `active_admin.scss` is in the tree.
 
 ## Conflicts
 
 ### With gems that provides a `search` class method on a model
 
@@ -87,6 +93,8 @@
 ### Sunspot Solr
 
 ```ruby
 YourModel.solr_search
 ```
+## Authentication & Application Controller
 
+The `ActiveAdmin::BaseController` inherits from the `ApplicationController`. Any authentication method(s) specified in the `ApplicationController` callbacks will be called instead of the authentication method in the active admin config file. For example, if the ApplicationController has a callback `before_action :custom_authentication_method` and the config file's authentication method is `config.authentication_method = :authenticate_active_admin_user`, then `custom_authentication_method` will be called instead of `authenticate_active_admin_user`.