fix: #3605792 SQL injection via unvalidated operator in case-insensitive entity query array conditions
Closes #3605792