Closed T18970237136 closed 1 year ago
Yes, I'll take care of this early next week.
Note, the SQLite binaries that ship as part of SQLitePCLRaw are not compiled with SQLITE_ENABLE_STAT4
defined. Thus, they are not actually affected by the vulnerability.
May I request a new release with this commit (1362bb7). Our product is being flagged for this vulnerability in BlackDuck security scans.
I'm going to proceed with a release, but I need to update sqlcipher as well, and the build actions for the native code libraries are broken at the moment (see #508 ) I'm trying to figure out a workaround.
FWIW, version 2.1.1-pre20220822172036 contains the new version of SQLite. If there are no problems with it, I will publish it as a non-pre release next week.
Hi there! SQLite 3.39.2 was released which seems to contain a fix for a security vulnerability (CVE-2022-35737). Is there a chance to see an updated version of
SQLitePCLRaw.lib.e_sqlite3
soon?Thanks!