Just to clarify... This is not a security issue at all. Any possible "injection" problems here come about from the application allowing direct user input to be concatenated to the query string. That is just bad practice; its bad practice in any query language I know of, not just HQL.
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
Just to clarify... This is not a security issue at all. Any possible "injection" problems here come about from the application allowing direct user input to be concatenated to the query string. That is just bad practice; its bad practice in any query language I know of, not just HQL.