Files
drizzle-team--drizzle-orm/changelogs/drizzle-orm/0.45.2.md
T
2026-07-13 12:10:05 +08:00

5 lines
298 B
Markdown

- Fixed `sql.identifier()`, `sql.as()` escaping issues. Previously all the values passed to this functions were not properly escaped
causing a possible SQL Injection (CWE-89) vulnerability
Thanks to @EthanKim88, @0x90sh and @wgoodall01 for reaching out to us with a reproduction and suggested fix