The Django team released security fixes related to potential SQL injections. We've audited the Open Zaak code and found no vulnerable code paths that make this exploitable.

To track this and prevent it in the future, I've created a Github issue: https://github.com/open-zaak/open-zaak/issues/1136