SQLCipher 4.17.0 Release

2026-07-08 08:00:00 -0400

We’re pleased to announce the immediate availability of SQLCipher 4.17.0. This is intended primarily as a maintenance release focused on dependency updates, cleanup, and bug fixes, along with a few minor improvements. However, it also updates the SQLite baseline to incorporate fixes for upstream CVEs that affected earlier versions.

SQLCipher Changes

  • Updates the upstream SQLite baseline to the latest patch release 3.53.3
  • Normalizes error reporting so an incorrect key always returns SQLITE_NOTADB, even when the first operation modifies the schema
  • Improves error handling and fixes CSPRNG reinitialization in the LibTomCrypt cryptographic provider
  • Improves thread safety for debug memory counters and xoshiro PRNG state to avoid spurious Thread Sanitizer warnings
  • Adds an optional SQLCIPHER_OMIT_MALLOC build macro to aid analysis under Address Sanitizer
  • Several miscellaneous fixes and general improvements

SQLCipher Commercial and Enterprise packages include the following changes:

  • Updates OpenSSL-based cryptographic providers to 3.5.7 LTS
  • Updates SQLCipher for .NET (SDS) to track the latest System.Data.SQLite upstream release (2.0.3)
  • Updates SQLCipher for JDBC to track the latest upstream sqlite-jdbc release (3.53.2.0)
  • Raises the minimum macOS deployment target to 10.10 for the JDBC driver on macOS
  • Raises the minimum macOS deployment target to 10.13 for non-JDBC macOS-specific libraries

Upstream SQLite CVEs

The new SQLite 3.53.3 baseline fixes two memory corruption issues in the FTS5 full-text search extension, CVE-2026-11822 and CVE-2026-11824. These can be triggered by a FTS5 query running against a database that contains specially attacker-crafted data. They also require the application to have disabled defensive mode (SQLITE_DBCONFIG_DEFENSIVE). Further details are available on the SQLite CVE list.

For SQLCipher users, the practical risk of these CVEs is low. Because SQLCipher databases are encrypted, an attacker can’t construct malicious database contents needed to trigger these issues without knowing the database key. Therefore, applications that maintain strong key controls and work with their own encrypted databases (i.e. not ones supplied by third parties) have very little exposure. However, we still recommend upgrading to address these fixes, especially for applications that could possibly open databases from untrusted sources.

Cryptographic Provider Matrix

The table below summarizes the cryptographic providers used across SQLCipher packages and platforms:

Edition Platform Cryptographic Provider
Community (non-FIPS) Android based on LibTomCrypt 1.18.2
Community (non-FIPS) Apple Common Crypto (version varies by OS)
Commercial & Enterprise (non-FIPS) Apple Common Crypto (version varies by OS)
Commercial & Enterprise (non-FIPS) Other Platforms OpenSSL 3.5.7 LTS
Enterprise FIPS All Platforms SQLCipher Cryptographic Module
Based on OpenSSL 3.5.7 LTS

Upgrading and Availability

SQLCipher 4.17.0 is available for download now, and we recommend upgrading to incorporate these improvements. As always, test your applications thoroughly with the new version before deploying to production.

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active subscription from the Customer Downloads fulfillment site. Subscribers will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team. Commercial and Enterprise edition upgrades require a new license code from the SQLCipher fulfillment site for each version. Don’t forget to change the license code in your application(s) when you upgrade.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and Swift Package Manager for Apple platforms.

For feedback and questions, please visit our Community Forum or private support channels. Thank you for using SQLCipher!