We are using sqlcipher:4.5.1@arr in one of our project and we are getting OpenSSL 1.1.1m vulnerability.
As per our security guideline it should use at-least OpenSSL 1.1.1n or 1.1.1o.
Could you please help us to resolve it or share information, if any future release are planned to fix this issue.
Hello @Randhir_Kumar - SQLCipher is not impacted by any of the CVEs against 1.1.1m. However we are planning to upgrade OpenSSL in the next release. If you are a commercial edition or enterprise licensee you can contact our support about prerelease access.
Thank you for quick response.
Can you please share any tentative date for next release?
Hello @Randhir_Kumar - we don’t have a tentative date scheduled key. Keep an eye here on the discussion site and blog for further announcements.