Closed davisannie closed 3 years ago
That package ID is no longer being updated. For more recent versions, see:
https://www.nuget.org/packages/SQLitePCLRaw.lib.e_sqlcipher/
which is still not current, but it's much closer. :-)
Thanks for you prompt response Eric
On Thu, 3 Dec 2020 at 10:55 PM, Eric Sink notifications@github.com wrote:
That package ID is no longer being updated. For more recent versions, see:
https://www.nuget.org/packages/SQLitePCLRaw.lib.e_sqlcipher/
which is still not current, but it's much closer. :-)
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ericsink/SQLitePCL.raw/issues/382#issuecomment-738160690, or unsubscribe https://github.com/notifications/unsubscribe-auth/AR7MLS7MKFSEPCHSQWT4D5LSS7CYPANCNFSM4ULVGHAQ .
I tried SQLitePCLRaw.bundle_e_sqlcipher 2.0.4 with EF3.1.10 however this updates the sqlite3 to 3.28, which still leaves us with 2 critical vulnerabilities. Is there anything planned to update sqlite3 to the latest and greatest version?
Yes, the unsupported and unofficial e_sqlcipher builds are currently based on a version of SQLCipher based on 3.28.0. I do plan to update them, and hopefully soon, but in the meantime, you can always purchase official supported builds from Zetetic.
Thanks Eric.
See #390
Outdated sqlite3 in sqlcipher.dll - (Nuget - SQLitePCLRaw.lib.sqlcipher.windows 1.1.14) is causing critical vulnerabilities on blackduck binary analysis tool. Current version of sqllite3 on sqlcipher dll is 3.4.2. The recommendation is to update sqlcipher.dll to latest version of sqllite3 to 3.33.0