Hello, recently new CVE-2022-4304, CVE-2022-4450,CVE-2022-0215,CVE-2022-0286 have been discovered in openssl. Do these affect our products?
Hello @chen_song - SQLCipher is not affected by any of these CVEs. SQLCipher does not use any of the impacted X.509, BIO, PEM, or RSA features.
When will SQLCipher upgrade OpenSSL to 1.1.1t?
It will be upgraded to 1.1.1t for our next release. We can’t share a release date at this time, but it is under development.
The last two CVE No. should be CVE-2023-xxx, not 2022.
Please check whether it is correct. @sjlombardo
Hello @longchao1201 - confirmed, those do not affect SQLCipher.