Back to Vector

25591 Clickhouse Identifier Escaping.Fix

changelog.d/25591_clickhouse_identifier_escaping.fix.md

0.57.0343 B
Original Source

Fixed SQL injection via identifier names in the clickhouse sink. The database and table config values are now passed as ClickHouse query parameters with the Identifier type ({database:Identifier}.{table:Identifier}), letting the server handle quoting rather than relying on client-side string escaping.

authors: pront thomasqueirozb