| Version | Supported |
|---|---|
| 0.1.x | Yes |
If you discover a security vulnerability, please report it privately via GitHub Security Advisories.
Do not open a public issue for security vulnerabilities.
sql-render uses a denylist + escape strategy for SQL injection protection, not parameterized queries. This is by design for engines that lack parameterized query support (e.g. Athena, Trino DDL). See the README for details.