Hello @soeren. Thanks for getting in touch about SQLCipher. In order to keep up to date on SQLCipher Community Edition, we would recommend the following:
- Subscribe to the SQLCipher “Updates” category here on discuss.zetetic.net. We would recommend that you enable email notifications, so that you get immediate notices of any updates that are posted.
- Follow the SQLCipher project(s) on GitHub, so that you can be notified of any commits, updates, and issues posted there.
- You may also want to track SQLite’s upstream development and bug tracker as well.
With respect to CVE postings, there are two things to keep an eye on. One would be SQLite, on which SQLCipher is based. CVEs for SQLite could also affect SQLCipher packages based on the same upstream version of SQLite (though not always). We do not duplicate CVEs with SQLite to avoid redundancy. Of course if there were major security issues with SQLCipher itself that did not originate through SQLite, those would warrant their own separate CVEs.
If you are using SQLCipher as an important component in your software, you may also want to consider either Commercial Edition with CipherCare or the SQLCipher Enterprise program. A major benefit of these offerings is that you get support directly from the SQLCipher development team, as well as proactive notifications related to upgrades and other important issues.
Unfortunately we do not offer CipherCare coverage for community edition at this time.