SQLCipher 4.5.0 Release

SQLCipher 4.5.0 is now available. Please consult the full release announcement for complete details about the release, including important changes that applications upgrading to 4.5.0 must handle.

The following summarizes the most substantial changes to SQLCipher core:

  • Updates baseline to use SQLite 3.36.0
  • Changes the enhanced memory security feature to be DISABLED by default; once enabled by PRAGMA cipher_memory_security = ON , it can’t be turned off for the lifetime of the process
  • Changes PRAGMA cipher_migrate to permanently enter an error state if a migration fails
  • Fixes memory locking/unlocking issue with realloc implementation on hardened runtimes when memory security is enabled
  • Fixes cipher_migrate to cleanup the temporary database if a migration fails
  • Removes logging of non-string pointers when compiling with trace level logging

In addition, this release includes numerous updates for SQLCipher Commercial and Enterprise packages:

  • The SQLCipher Statistics feature now includes detailed memory usage information. The sqlcipher_stats virtual table will now return current library memory use, high memory use, memory allocation, reallocation, and free times and counts. These statistics are inclusive of memory sanitization time, allowing for detailed profiling of the enhanced memory security feature.
  • Packages now use in-memory temporary storage by default, but allow an application to override that setting using PRAGMA temp_store = FILE; . Using FILE temporary storage may be necessary in certain circumstances, like performing a VACUUM on a very large database.
  • SQLite’s snapshot feature is now enabled.
  • Java and .NET library wrappers have been updated to the latest available versions.
  • non-FIPS packages using OpenSSL now include the latest release of 1.1.1l.