SQLCipher 4.5.2 Release

2022-08-03 08:00:00 -0400

We are pleased to announce that SQLCipher 4.5.2 is now available. It includes the following major changes:

SQLCipher Core

  • Updates baseline to use SQLite 3.39.2. IMPORTANT: This version includes an upstream SQLite fix for CVE-2022-35737. We recommend any applications dealing with large string inputs (> 2GB) upgrade to the latest release.
  • Fixes issue where PRAGMA cipher_memory_security could report OFF when it was actually ON
  • Fixes unfreed allocation leak when using OpenSSL version 3.x
  • Simplifies OpenSSL multi-version conditional code
  • Adds support for building against recent versions of BoringSSL
  • Initial public beta release for the new SQLCipher for Android Refresh

SQLCipher Commercial and Enterprise

The following changes and enhancements are available for Commercial and Enterprise packages:

  • Java and .NET library wrappers have been updated to the latest available versions.
  • non-FIPS packages using OpenSSL now include the latest release of 1.1.1q
  • Fixes linking for .NET MAUI iOS targets

Availability

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active support subscription from the Customer Downloads fulfillment site. Licensees will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.