19 Sep
2024
19 Sep
'24
7:22 a.m.
On Sep 19, 2024, at 7:18 AM, Connor Herring <connorrjherring@gmail.com> wrote:
I hadn't seen it saying it had been fixed. Aside from enabling auto-escape is there much else to be concerned about in relation to SQL injection?
The issue says: Two vulnerabilities in the SQL module exist in all versions prior to 1.0.3. Sites not using the SQL module are not affected by this issue. However, we still recommend that all sites upgrade to version 1.0.3. So... is it fixed in 1.0.3 or not? As for other attacks, do you expect that we ship the server with known attacks that we don't care about? Alan DeKok.