We’re pleased to announce the immediate availability of SQLCipher 4.9.0. This is a patch release and security update that:
SQLITE_OMIT_AUTOINIT defined.The SQLite 3.49.2 update fixes a bug that could allow someone with access to run arbitrary CREATE TABLE statements to trigger a memory error and process crash. The issue was introduced along with NOT NULL optimizations in SQLite 3.40.0 and subsequently incorporated into SQLCipher 4.5.4.
Since it is extremely unusual for secured applications to allow untrusted schema modifications, this may be classified as a moderate-severity issue. Applications that use SQLCipher 4.5.4 through 4.8.0 and allow untrusted schema modification are strongly advised to upgrade.
Important Note: Applications upgrading from versions of SQLCipher 4.6.1 or earlier should be aware that this version of SQLCipher incorporates several potential breaking changes from SQLCipher 4.7.0. Please carefully review the 4.7.0 release notes before upgrading.
SQLCipher 4.9.0 is available for download now. We strongly recommend testing your applications thoroughly with the new version before deploying to production.
Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active CipherCare support subscription from the Customer Downloads fulfillment site. Subscribers will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team. Commercial and Enterprise edition upgrades require a new license code from the SQLCipher fulfillment site for each version. Don’t forget to change the license code in your application(s) when you upgrade.
Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.
For feedback and questions, please visit our Community Forum or private support channels. Thank you for using SQLCipher!