This is a security fix relating to https://access.redhat.com/security/cve/CVE-2020-25638 .
The flaw has been present in Hibernate ORM since many years, so many older versions are affected.
An upgrade is recommended, but if you are using a very old version which makes it difficult to upgrade to the latest supported versions (series 5.4 and 5.3 at time of writing this), you can disable SQL comments by setting:
This also is the default, so if you didn’t set the use_sql_comments at all you are not affected.
Hibernate ORM correctly sanitises Query parameters and the SQL it performs, but when the option use_sql_comments it will also include a comment in the SQL which is sent to the relational database; the comment itself could possibly include escape sequences, modifying the semantics of the executed SQL statement.