Use of 'net.zetetic:android-database-sqlcipher:4.5.1@aar' give OpenSSL 1.1.1m vulnerability


We are using sqlcipher:4.5.1@arr in one of our project and we are getting OpenSSL 1.1.1m vulnerability.
As per our security guideline it should use at-least OpenSSL 1.1.1n or 1.1.1o.

Could you please help us to resolve it or share information, if any future release are planned to fix this issue.


Hello @Randhir_Kumar - SQLCipher is not impacted by any of the CVEs against 1.1.1m. However we are planning to upgrade OpenSSL in the next release. If you are a commercial edition or enterprise licensee you can contact our support about prerelease access.

Thank you for quick response.

Can you please share any tentative date for next release?

Hello @Randhir_Kumar - we don’t have a tentative date scheduled key. Keep an eye here on the discussion site and blog for further announcements.