eclipsefdn-api-common issueshttps://gitlab.eclipse.org/eclipsefdn/it/api/eclipsefdn-api-common/-/issues2024-03-20T18:01:36Zhttps://gitlab.eclipse.org/eclipsefdn/it/api/eclipsefdn-api-common/-/issues/2Update SQL generators to use sanitization of strings used in query2024-03-20T18:01:36ZMartin Lowemartin.lowe@eclipse-foundation.orgUpdate SQL generators to use sanitization of strings used in queryWe currently use prepared statements to sanitize our fields and block injection based attacks. There is a few fields where, with enough effort, the checks could potentially be circumvented. An example of this is the field name in the ord...We currently use prepared statements to sanitize our fields and block injection based attacks. There is a few fields where, with enough effort, the checks could potentially be circumvented. An example of this is the field name in the order by clause of the HQLGenerator class. Usage of this class is still rare, so the risk is low but we should fix this hole sooner rather than later.Martin Lowemartin.lowe@eclipse-foundation.orgMartin Lowemartin.lowe@eclipse-foundation.orghttps://gitlab.eclipse.org/eclipsefdn/it/api/eclipsefdn-api-common/-/issues/3Some entities aren't having ID references updated on persistence2023-04-11T17:31:26ZMartin Lowemartin.lowe@eclipse-foundation.orgSome entities aren't having ID references updated on persistenceEntities created with the IDENTITY generation strategy are not being properly updated before the flush of the transaction session. This causes the entity to have a NULL value for an ID that exists in the database. This doesn't seem to im...Entities created with the IDENTITY generation strategy are not being properly updated before the flush of the transaction session. This causes the entity to have a NULL value for an ID that exists in the database. This doesn't seem to impact IDs generated by other built-in strategies.