Gavin King ( https://hibernate.atlassian.net/secure/ViewProfile.jspa?accountId=557058%... ) *created* an issue Hibernate ORM ( https://hibernate.atlassian.net/browse/HHH?atlOrigin=eyJpIjoiOGY2ODVkNWI4... ) / Improvement ( https://hibernate.atlassian.net/browse/HHH-16830?atlOrigin=eyJpIjoiOGY2OD... ) HHH-16830 ( https://hibernate.atlassian.net/browse/HHH-16830?atlOrigin=eyJpIjoiOGY2OD... ) apply filters to 'find()' method ( https://hibernate.atlassian.net/browse/HHH-16830?atlOrigin=eyJpIjoiOGY2OD... ) Issue Type: Improvement Assignee: Unassigned Created: 20/Jun/2023 12:48 PM Priority: Major Reporter: Gavin King ( https://hibernate.atlassian.net/secure/ViewProfile.jspa?accountId=557058%... ) We recently rolled back a change which added filter restrictions to to-one association joins and to the find() method. The reason we rolled it back was because it had the potential to corrupt to-one associations, causing them to be set to null. We’ve noted several times that it does actually make sense to apply the filter condition to the where clause of a query resulting from find() (though not to the on conditions which join to-one associations). This has come to a head, since users are complaining that this almost amounts to some kind of a “security” hole since filters are used to implement discriminator-based multi-tenancy. I agree, and I think we need to fix this. The question I’m not certain about is this: do we make this the new default behavior for filters, changing the semantics that have been around for an extremely long time, or do we make this new behavior an opt-in thing? ( https://hibernate.atlassian.net/browse/HHH-16830#add-comment?atlOrigin=ey... ) Add Comment ( https://hibernate.atlassian.net/browse/HHH-16830#add-comment?atlOrigin=ey... ) Get Jira notifications on your phone! Download the Jira Cloud app for Android ( https://play.google.com/store/apps/details?id=com.atlassian.android.jira.... ) or iOS ( https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=Em... ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100227- sha1:8ffa416 )