Does camunda sanitize variabales values before insert in database

Hello,
I have a question about variable insertion in database,

if someone try to do sql or script injection via camunda variables, are variables sanitiezd before insertion ?

Regards

Hi @sfaxianovic,

inserts and updates are done by parameterized SQL statements: camunda-bpm-platform/VariableInstance.xml at master · camunda/camunda-bpm-platform · GitHub.

You can find more details about variable and security here: Security Instructions | docs.camunda.org

Hope this helps, Ingo