SQLite 3.26.0 security update

Question

SQLite 3.26.0 security update

brodycj opened this issue 6 years ago · 3 comments

SQLite 3.26.0 update is needed due to a known vulnerability, as discussed in:

It should be possible to apply this patch to SQLCipher as described in https://discuss.zetetic.net/t/sqlcipher-sqlite-update/2470.

I would like to do this before the SQLCipher 4 update, which has breaking changes.

Answer 1 · 2018-12-18T20:00:03.000Z

How will this affect the current usage, also when can we expect the changes

Answer 2 · 2018-12-18T20:11:31.000Z

How will this affect the current usage

Should be the same as upgrading from an older version of SQLite to SQLite 3.26.0. The window functions feature should be available but I am not sure when I will explicitly test it.

when can we expect the changes

Hopefully within the next 1-2 weeks, in parallel to some other commitments.

In case anyone would like to purchase priority update support please contact sales@litehelpers.net.

Answer 3 · 2018-12-20T16:07:25.000Z

I published version 0.1.12-rc3 which has FTS3 and FTS5 security updates from SQLite 3.26.0.

Full SQLite 3.26.0 security update will come with SQLCipher 4.0.1 update (#80).