New vulnerability have discovered recently.Does it affect our products?Is there a repair plan?
We’re definitely aware of the OpenSSL v1.1.1m release due to CVE-2022-0778. The good news is that SQLCipher doesn’t include any functionality related to TLS, certificate parsing, public key parsing, or Elliptic Curve cryptography. As a result SQLCipher 4.5.1 is not affected by this problem.
That said, we are working on integrating and testing OpenSSL 1.1.1n for the next release of SQLCipher.