diff --git a/src/borg/archive.py b/src/borg/archive.py
index a9c145d49..ba95a0867 100644
--- a/src/borg/archive.py
+++ b/src/borg/archive.py
@@ -1944,9 +1944,6 @@ class ArchiveChecker:
             def valid_item(obj):
                 if not isinstance(obj, StableDict):
                     return False, 'not a dictionary'
-                # A bug in Attic up to and including release 0.13 added a (meaningless) b'acl' key to every item.
-                # We ignore it here, should it exist. See test_attic013_acl_bug for details.
-                obj.pop(b'acl', None)
                 keys = set(obj)
                 if not required_item_keys.issubset(keys):
                     return False, 'missing required keys: ' + list_keys_safe(required_item_keys - keys)
diff --git a/src/borg/archiver.py b/src/borg/archiver.py
index 49516fff6..a4cddd7b0 100644
--- a/src/borg/archiver.py
+++ b/src/borg/archiver.py
@@ -344,6 +344,12 @@ class Archiver:
                repository, manifest, key, cache,
                other_repository=None, other_manifest=None, other_key=None):
         """archives transfer from other repository"""
+
+        def upgrade_item(item):
+            """upgrade item as needed, get rid of legacy crap"""
+            item._dict.pop('acl', None)  # remove remnants of bug in attic <= 0.13
+            return item
+
         dry_run = args.dry_run
 
         args.consider_checkpoints = True
@@ -384,9 +390,8 @@ class Archiver:
                         if not dry_run:
                             item.chunks = chunks  # overwrite! IDs and sizes are same, csizes are likely different
                             archive.stats.nfiles += 1
-                    # TODO: filter the item data, get rid of legacy crap
                     if not dry_run:
-                        archive.add_item(item)
+                        archive.add_item(upgrade_item(item))
                 if not dry_run:
                     additional_metadata = {}
                     # keep all metadata except archive version and stats. also do not keep
diff --git a/src/borg/testsuite/archiver.py b/src/borg/testsuite/archiver.py
index 450ba1757..5889b12ab 100644
--- a/src/borg/testsuite/archiver.py
+++ b/src/borg/testsuite/archiver.py
@@ -3907,35 +3907,6 @@ class ArchiverCheckTestCase(ArchiverTestCaseBase):
             repository.commit(compact=False)
         self.cmd('check', self.repository_location, exit_code=1)
 
-    def test_attic013_acl_bug(self):
-        # Attic up to release 0.13 contained a bug where every item unintentionally received
-        # a b'acl'=None key-value pair.
-        # This bug can still live on in Borg repositories (through borg upgrade).
-        class Attic013Item:
-            def as_dict(self):
-                return {
-                    # These are required
-                    b'path': '1234',
-                    b'mtime': 0,
-                    b'mode': 0,
-                    b'user': b'0',
-                    b'group': b'0',
-                    b'uid': 0,
-                    b'gid': 0,
-                    # acl is the offending key.
-                    b'acl': None,
-                }
-
-        archive, repository = self.open_archive('archive1')
-        with repository:
-            manifest, key = Manifest.load(repository, Manifest.NO_OPERATION_CHECK)
-            with Cache(repository, key, manifest) as cache:
-                archive = Archive(repository, key, manifest, '0.13', cache=cache, create=True)
-                archive.items_buffer.add(Attic013Item())
-                archive.save()
-        self.cmd('check', self.repository_location, exit_code=0)
-        self.cmd('list', self.repository_location + '::0.13', exit_code=0)
-
 
 class ManifestAuthenticationTest(ArchiverTestCaseBase):
     def spoof_manifest(self, repository):