https://bugzilla.redhat.com/show_bug.cgi?id=1693453
--- Doc Text *updated* by RaTasha Tillery-Smith rtillery@redhat.com --- A flaw was found in Hibernate, where it improperly escaped wildcards in its implementation of JPQL LIKE expressions when running against an MS-SQL Server. This flaw allows for possible SQL injection, leading to possible information disclosure.