|
|
|
|
|
|
by brene
58 days ago
|
|
|
Rene from Casco here. While our agents were performing a security test, they discovered a database takeover vulnerability. It's a good example of how SQL injection is still a test path that needs to be explicitly be validated. Really want to give props to the ElectricSQL team from issue reported to issue fixed and deployed, it took ~2 hours. |
|
|
This was a critical one to identify and patch: https://github.com/electric-sql/electric/security/advisories...
Just to repeat for visibility, if you're self-hosting the Electric sync service, upgrade to version >= 1.5.0 immediately.