Closed davisannie closed 3 years ago
ericsink
commented
3 years ago That package ID is no longer being updated. For more recent versions, see:
https://www.nuget.org/packages/SQLitePCLRaw.lib.e_sqlcipher/
which is still not current, but it's much closer. :-)
davisannie
commented
3 years ago Thanks for you prompt response Eric
On Thu, 3 Dec 2020 at 10:55 PM, Eric Sink notifications@github.com wrote:
That package ID is no longer being updated. For more recent versions, see:
https://www.nuget.org/packages/SQLitePCLRaw.lib.e_sqlcipher/
which is still not current, but it's much closer. :-)
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ericsink/SQLitePCL.raw/issues/382#issuecomment-738160690, or unsubscribe https://github.com/notifications/unsubscribe-auth/AR7MLS7MKFSEPCHSQWT4D5LSS7CYPANCNFSM4ULVGHAQ .
davisannie
commented
3 years ago I tried SQLitePCLRaw.bundle_e_sqlcipher 2.0.4 with EF3.1.10 however this updates the sqlite3 to 3.28, which still leaves us with 2 critical vulnerabilities. Is there anything planned to update sqlite3 to the latest and greatest version?
ericsink
commented
3 years ago Yes, the unsupported and unofficial e_sqlcipher builds are currently based on a version of SQLCipher based on 3.28.0. I do plan to update them, and hopefully soon, but in the meantime, you can always purchase official supported builds from Zetetic.
davisannie
commented
3 years ago Thanks Eric.
ericsink
commented
3 years ago See #390
Outdated sqlite3 in sqlcipher.dll - (Nuget - SQLitePCLRaw.lib.sqlcipher.windows 1.1.14) is causing critical vulnerabilities on blackduck binary analysis tool. Current version of sqllite3 on sqlcipher dll is 3.4.2. The recommendation is to update sqlcipher.dll to latest version of sqllite3 to 3.33.0