CourseAPI.java has this code with CQL injection:
The listingId variable is used without validation and without masking for CQL or SQL characters resulting in CQL and SQL injection.
to wrap correctly wrap and encode the linstingId.
For delete use RMB's PgUtil.delete to avoid duplicate code and to avoid any CQL and SQL injection.
is a full text search and is a wrong operator. Instead
should be used to make use of the b-tree index that RMB has automatically created for this foreign key field. This should be fixed when fixing the CQL/SQL injection issues.