CVE-2022-0778 in v4.5.0

New vulnerability have discovered recently.Does it affect our products?Is there a repair plan?

Hi @MyGithubDeng

We’re definitely aware of the OpenSSL v1.1.1m release due to CVE-2022-0778. The good news is that SQLCipher doesn’t include any functionality related to TLS, certificate parsing, public key parsing, or Elliptic Curve cryptography. As a result SQLCipher 4.5.1 is not affected by this problem.

That said, we are working on integrating and testing OpenSSL 1.1.1n for the next release of SQLCipher.