SQL Injection
Alan DeKok
aland at deployingradius.com
Thu Sep 19 11:22:19 UTC 2024
On Sep 19, 2024, at 7:18 AM, Connor Herring <connorrjherring at gmail.com> wrote:
> I hadn't seen it saying it had been fixed. Aside from enabling auto-escape
> is there much else to be concerned about in relation to SQL injection?
The issue says:
Two vulnerabilities in the SQL module exist in all versions prior to 1.0.3. Sites not using the SQL module are not affected by this issue. However, we still recommend that all sites upgrade to version 1.0.3.
So... is it fixed in 1.0.3 or not?
As for other attacks, do you expect that we ship the server with known attacks that we don't care about?
Alan DeKok.
More information about the Freeradius-Users
mailing list