Vulnerability NVD - CVE-2023-7104 was recently flagged in our application, We’re using a version of SQLCipher built on SQLite 3.39.2. Is there a plan / timeline to upgrade SQLCipher to SQLite 3.44 ?
Hi @JimBretti,
This CVE is isolated to the session extension to SQLite, so if your application does not utilize that feature you would not be impacted. Additionally, a new public release of SQLCipher 4.5.6 is forthcoming and will be based on SQLite upstream 3.44.2.
2 Likes