19 Jan
2022
19 Jan
'22
6:51 p.m.
Here's a PR with what I suggest: https://github.com/qos-ch/reload4j/pull/26 JdbcPatternParserTest shows how it parses the current pattern into "text for the prepared statement" and "arguments for it" in JdbcPatternParserTest. I believe it fixes the CVE, and it keeps the code compatible with previous usages. Vladimir