Closed NoahTheDuke closed 1 year ago
Yeah... this is a BIG DEAL for us.
We ran into the exact problem described above
public.migratus
, which got sanitized down to publicmigratus
which is a different tabledrop schema public cascade
I can't stress enough, that this was a MASSIVE change, masquerading as a small upgrade.
Also, I'd be curious to understand the attack vector this is designed to prevent. If I have access to supply the migration config, I would assume I have a lot of access. Is there really a unique attack vector here worth preventing?
Afterword: We've taken the step of having our first rollback NOT delete stuff, to prevent this issue going forward. But also, we can't upgrade to the latest version, since you won't let us use the table name we prefer. So as @NoahTheDuke mentioned, I think there needs to be a work around here (or we'll be pegged on our current version forever 😢 )
Thank you!!!!!
My
:migration-table-name
is"public.migratus"
. After updating from 1.3.3 to 1.4.4, migratus stripped it to bepublicmigratus
. This is a pretty big change and feels like it should have been highlighted in the changelog. If this change is permanent, can a new flag be added to not sanitize the table name?https://github.com/yogthos/migratus/blob/fbb27047b0bae88af406e6c5a5eca565d653652b/src/migratus/database.clj#L37
Originating PR