Use of Outdated Vulnerable Component

Hi all,

I am using the sqlCipher version “net.zetetic:android-database-sqlcipher:4.0.1@aar”. So, regarding this, our security team reported which mentioned below.

Use of Outdated Vulnerable Component - SQLite and OpenSSL:
2 issues: sqlite version 3.26.0 and openssl version `1.1.1

Could you please verify this report statement? I checked our latest sqlcipher version 4.5.3, do I need to increase the sqlcipher version?

Also searched regarding this in the Android document side they mentioned like:
“The version of SQLite depends on the version of Android”. but I mentioned in my manifest file target Api 33.

Thank you.

Hi @Abu_Basith,

The latest version of SQLCipher for Android is 4.5.4 and utilizes OpenSSL 1.1.1t for non-FIPS based packages. The latest SQLCipher for Android is supported on Android API 33.

Ok, thank you so much @developernotes .