Codebook Google Drive Permission Change

2024-03-04 01:00:00 -0500

Codebook adopted early support for Google Drive as a third-party synchronization service in 2013. To minimize the level of access Codebook has to a user’s Google Drive account, we have introduced a change with our latest release which limits Codebook’s permission to access only the data files we create and upload to Google Drive.

This change will require all users who sync Codebook with Google Drive to authenticate Codebook with Google again. Codebook will remove the previous Google Drive authorization token and upon initiating a sync with Google Drive will request authorization for a more limited access scope where the files Codebook stores are located within an area called user AppData. Codebook will no longer have access to a user’s full Google Drive folder share going forward.

Previous Codebook clients utilize an API key with Google Drive scheduled to retire in 30 days, this will prevent older clients from syncing with Google Drive without an update. We recommend all users update Codebook on every platform at their earliest convenience to have access to this improved security position.

SQLCipher 4.5.6 Release

2024-01-17 07:00:00 -0500

We are pleased to announce that SQLCipher 4.5.6 is now available. It includes the following notable changes:

SQLCipher Core

  • Updates baseline to upstream SQLite 3.44.2.
  • Improves PRAGMA cipher_integrity_check to report expected page size if invalid.
  • Implements PRAGMA page_size compatibility with PRAGMA cipher_page_size so both will operate properly on encrypted databases.

SQLCipher Commercial and Enterprise

There are a large number of enhancements to the Commercial and Enterprise packages for this release:

  • Important Breaking Change: Renames the packages for Windows UAP (zetetic-sqlcipher-windows-uap) to Windows UWP (zetetic-sqlcipher-uwp) to reflect current Microsoft Naming for the Universal Windows Platform. As a result of this change, NuGet Package References will need to be updated in dependent projects.
  • Minimum packaging for UWP and Windows updated to Visual Studio 2019.
  • All SQLCipher non-FIPS packages that use the OpenSSL Cryptographic Provider are now using OpenSSL 3.0.12 LTS.
  • Builds are now compiled with SQLITE_ENABLE_API_ARMOR for additional security.
  • Additional improvement to .NET MAUI reference projects for wider compatibility with .NET 7 and 8.
  • Updates minimum version for macOS example projects to support current Xcode requirements.
  • Adjusts iOS framework code signing to avoid verification error under new versions of Xcode.
  • Adds a new SQLCipher.framework for macOS.

Availability

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active support subscription from the Customer Downloads fulfillment site. Licensees will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.

SQLCipher 4.5.5 Release

2023-08-31 08:00:00 -0400

We are pleased to announce that SQLCipher 4.5.5 is now available. It includes the following notable changes:

SQLCipher Core

  • Updates baseline to upstream SQLite 3.42.0
  • Does not allow key to be set again on a connection after it has been successfully used for an encryption or decryption operation to prevent accidental database corruption
  • Raises an error if a rekey operation is attempted on an unencrypted database
  • Raises an error when a key or rekey operation is passed an empty key
  • Minor improvements to constant time functions
  • Miscellaneous code and comment cleanup

SQLCipher Android

Important Deprecation Notice: We officially announced the availability of the new SQLCipher for Android API in early 2022. The new library features significantly improved performance, support for concurrent database access with connection pooling and WAL, and a simplified internal API based on the AndroidBindings project. It has been widely used in production applications and many active projects have already migrated to the new packages.

As of this release of SQLCipher, 4.5.5, the legacy SQLCipher for Android Package (android-database-sqlcipher) is officially deprecated. We have already shifted development focus almost exclusively to the new project. In addition, we are no longer distributing pre-built Community Edition packages of the legacy library via Maven Central. Developers using the Community Edition of android-database-sqlcipher are strongly encouraged to migrate to the new SQLCipher for Android sqlcipher-android project. The source code for legacy project will remain online indefinitely on GitHub for developers who wish to build the legacy library from source.

Our hope is that this Community Edition deprecation will help encourage rapid adoption of the new SQLCipher for Android package, especially as legacy developers seek to update to underlying OpenSSL 3 LTS support. Instructions for migrating from android-database-sqlcipher to sqlcipher-android may be found here.

SQLCipher Commercial and Enterprise

There are a large number of enhancements to the Commercial and Enterprise packages for this release:

  • All SQLCipher non-FIPS packages that use the OpenSSL Cryptographic Provider are now using OpenSSL 3.0.10 LTS
  • Adds armhf (32 bit) and arm64 support to SQLCipher for Linux, SQLCipher for Linux .NET, and SQLCipher for JDBC packages
  • Adds static libraries (libsqlcipher.a) to SQLCipher for Linux package
  • Continued improvement to .NET MAUI and Xamarin in SQLCipher for iOS .NET to add support for iOS arm64 simulator
  • Updates SQLCipher for Windows System.Data.SQLite to use System.Data.SQLite 1.0.118 as baseline
  • SQLCipher for JDBC now uses xerial/sqlite-jdbc release 3.42.0.0 as baseline
  • Updates SQLitePCL.raw dependencies for all .NET packages to version 2.1.5
  • Updates minimum versions in all iOS and macOS example projects to support current Xcode requirements

Availability

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active support subscription from the Customer Downloads fulfillment site. Licensees will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.

SQLCipher 4.5.4 Release

2023-04-27 08:00:00 -0400

We are pleased to announce that SQLCipher 4.5.4 is now available. It includes the following notable changes:

SQLCipher Core

  • Updates baseline to use SQLite 3.41.2
  • When using an OpenSSL cryptographic provider, PRAGMA cipher_provider_version will return the version loaded at runtime instead of at compile time
  • Improves guarding against cryptographic provider initialization failure
  • A new encrypted database which is ATTACHed as the first operation after keying the main database will have the same salt as main database
  • CocoaPods minimum platform versions are now iOS 11.0, macOS 10.13, tvOS 11.0, and watchOS 7.0

SQLCipher Android

  • Breaking Change: Android Database SQLite Exception classes are now used for compatibility with Android Support and Room. All SQLCipher exception classes have been removed. All Android users should adjust their code to import the appropriate exceptions from android.database.* and android.database.sqlite.* after upgrading.
  • Breaking Change: Updates android.sqlitex dependency to version 2.2.0. Integrators should adjust the dependencies block in build.gradle accordingly.
  • Breaking Change: Minimum supported SDK version updated to 21 on 32 bit platforms for compatibility with upstream SQLite changes
  • Fix issue where the use of an incorrect encryption key could be mistakenly identified as database corruption
  • All builds updated to use latest LTS version r25c

SQLCipher Commercial and Enterprise

There are a large number of enhancements to the Commercial and Enterprise packages for this release:

  • Breaking Change: Android packages have been renamed to remove the -release suffix from .aar files. Integrators should adjust the dependencies block in build.gradle accordingly.
  • Improves .NET MAUI support targeting iOS and Android to avoid legacy Xamarin dependencies
  • Improves and allows multi target support for Maui and Legacy Xamarin
  • Updates NuGet packages to remove deprecated features
  • Linux packages now support distributions with older glibc versions (>=2.17) including RedHat 7 and Centos 7
  • Adds new example projects for SQLCipher for Android packages
  • Removes Windows 8.1 support from SQLCipher for Cordova (platform is no longer supported by Microsoft)
  • non-FIPS packages using OpenSSL now include 1.1.1t, except Windows UAP which uses OpenSSL 1.1.1s
  • Enables Fortify Source for OpenSSL on older Android platforms
  • Updates to sqlite-net 1.8.116 as baseline for the zetetic-sqlite-net-core package
  • Updates SQLitePCL.raw dependencies for all .NET packages to version 2.1.4
  • SQLCipher for JDBC now uses xerial/sqlite-jdbc release 3.41.2.1 as baseline

Availability

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active support subscription from the Customer Downloads fulfillment site. Licensees will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.

SQLCipher 4.5.3 Release

2022-12-19 07:00:00 -0500

We are pleased to announce that SQLCipher 4.5.3 is now available. It includes the following noteable changes:

SQLCipher Core

  • Updates baseline to use SQLite 3.39.4

SQLCipher Commercial and Enterprise

There are a large number of enhancements to the Commercial and Enterprise packages for this release:

  • Enables support for the REGXEP operator
  • Introduces new built in math functions
  • Improves support for .NET Maui to include cross platform single-project app support for Windows, macOS (Catalyst), iOS, and Android (including a reference application)
  • Updates .NET example applications to target latest .NET Core LTS, Microsoft.Data.Sqlite.Core, Microsoft.EntityFrameworkCore.Sqlite.Core, and SQLitePCL.raw
  • Removes armv7 and armv7s architectures for iOS and targets SDK 11 to support Xcode 14
  • Renames packages from sqlcipher-xamarin-ios and sqlcipher-xamarin-android to sqlcipher-ios-net and sqlcipher-android-net respectively (Xamarin is still supported, this change is only to avoid naming confusion)
  • Updates non-FIPS packages using OpenSSL to 1.1.1s
  • Updates SQLitePCL.raw dependencies to version 2.1.3
  • Updates System.Data.SQLite baseline to version 1.0.117
  • Updates JDBC baseline to latest release Important Note: For applications using the JDBC driver, previously the built-in log() function computed the natural logarithm, but it now computes base-10 logarithm

Deprecation Notice: SQLCipher for Cordova 4.5.3 will be the last version to support Windows 8.1. Due to the upcoming end of extended support by Microsoft it will not be included in future releases.

Availability

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active support subscription from the Customer Downloads fulfillment site. Licensees will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.