Because of the security, the CVE of sqlcipher should be fixed in my software. although Sqlcipher(4.3.0) wasnt publish any CVE, the integrated upstream Sqlite 3.30.1 has introduced fews of it. Could any one tell me how to fix the CVE of integrated upstream Sqlite 3.30.1? or how to acknowlege the security bug had been fixed?
Thanks~~
Hello @WenYuLuo - SQLCipher 4.3.0 is based on SQLite 3.30.1. An future release will likely be based on 3.31.1. If you have an urgent need to update you could patch the source yourself, though we generally do not recommend doing so.
thanks for reply!
because of the different baseline, i failed to modify the source code according the patch published in sqlite offical web. it appeared some compile error like some macro undeclared. Does any guide for patching ? I would appreciate it if you could provide.
thanks for reply! @sjlombardo
because of the different baseline, i failed to modify the source code according the patch published in sqlite offical web. it appeared some compile error like some macro undeclared. Does any guide for patching ? I would appreciate it if you could provide.
Hello @WenYuLuo - this thread includes one option for patching / updating, but please note the risks involved: