SQLCipher 4.5.0 is now available. Please consult the full release announcement for complete details about the release, including important changes that applications upgrading to 4.5.0 must handle.
The following summarizes the most substantial changes to SQLCipher core:
- Updates baseline to use SQLite 3.36.0
- Changes the enhanced memory security feature to be DISABLED by default; once enabled by
PRAGMA cipher_memory_security = ON
, it can’t be turned off for the lifetime of the process - Changes
PRAGMA cipher_migrate
to permanently enter an error state if a migration fails - Fixes memory locking/unlocking issue with
realloc
implementation on hardened runtimes when memory security is enabled - Fixes
cipher_migrate
to cleanup the temporary database if a migration fails - Removes logging of non-string pointers when compiling with trace level logging
In addition, this release includes numerous updates for SQLCipher Commercial and Enterprise packages:
- The SQLCipher Statistics feature now includes detailed memory usage information. The
sqlcipher_stats
virtual table will now return current library memory use, high memory use, memory allocation, reallocation, and free times and counts. These statistics are inclusive of memory sanitization time, allowing for detailed profiling of the enhanced memory security feature. - Packages now use in-memory temporary storage by default, but allow an application to override that setting using
PRAGMA temp_store = FILE;
. Using FILE temporary storage may be necessary in certain circumstances, like performing a VACUUM on a very large database. - SQLite’s snapshot feature is now enabled.
- Java and .NET library wrappers have been updated to the latest available versions.
- non-FIPS packages using OpenSSL now include the latest release of 1.1.1l.