We are pleased to announce that SQLCipher 4.6.1 is now available.

Continuing with the recent improvements to SQLCipher’s logging subsystem, the new PRAGMA cipher_log_source can be used to filter log output on higher verbosity levels by specifying a log source of CORE, MEMORY, MUTEX, or PROVIDER. Applications can now tune exactly which types of messages should be logged, most useful in the context of TRACE and DEBUG level logging where the volume of log messages is very high.

In addition to the logging changes, there are a very large number of additional improvements, fixes, and updates in this release.

SQLCipher Core / Community

• Updates baseline to upstream SQLite 3.46.1
• Significant refactor to merge crypto.h, crypto.c, and crypto_impl.c into a single sqlcipher.c source file for simplicity.
• Updates minimum working set size on Windows to increase lockable pages
• Adds new PRAGMA cipher_log_source for filtering log output on higher verbosity levels
• Improves log output by including the log level and source prior to message
• Improves error logging in PRAGMA cipher_migrate
• Fixes issue where log level and target would be overwritten if set prior to initialization
• Corrects Podspec license element to use specific BSD 3 Clause
• Fixes default log output to console for macOS
• SQLCipher for Android now supports binding NULL parameters

SQLCipher Commercial and Enterprise

• Adds support for ARM and ARM64 architectures in SQLCipher for Windows .NET
• Significantly improves performance of random byte generation
• Enables statement and bytecode vtab support
• Updates all reference and sample projects for .NET 8
• Updates Linux packages to be built with a more modern OS, now targeting minimum GLIBC 2.28
• Updates SQLCipher for JDBC to use sqlite-jdbc 3.46.0.1 as baseline
• Fixes SQLCipher for JDBC support for macOS on Apple Silicon (ARM64)
• Adds support for 16 KB page sizes for Android non-FIPS packages
• Fixes an issue with the macOS FIPS package when using xcodebuild -exportArchive (contact support for details)
• Updates FIPS 140-2 validated cryptographic modules on Android, macOS, Windows, and Linux to 3.0.13b
• Updates to use sqlite-net upstream 1.9.172
• OpenSSL based non-FIPS packages use OpenSSL 3.0.14 LTS for this release

Availability

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active support subscription from the Customer Downloads fulfillment site. Licensees will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.

We are excited to announce that SQLCipher 4.6.0 is now available.

The most substantial change in this version relates to default logging behavior. A log feature was added into SQLCipher two years ago in version 4.5.1, and has been improved upon since then, but logging was disabled by default. Starting in 4.6.0 the default configuration will emit ERROR and WARN level log messages upon initialization. Default log output is sent to logcat for Android, Console for iOS and macOS, and stderr for all other platforms.

It is our hope that this default logging will help integrating applications more quickly identify common issues (e.g. incorrect key material) and provide improved visibility of rarer error cases. Log output at the ERROR and WARN level have been carefully reviewed to ensure that sensitive data is not exposed.

Since this represents a behavioral change in SQLCipher the minor version number has been incremented. Applications that wish to suppress log output can execute the following PRAGMA statement as the first operation in a process:

PRAGMA cipher_log_level = NONE;

Additional log configuration is possible using cipher_log and cipher_log_level PRAGMAs.

In addition to the logging changes, there are a few other updates:

SQLCipher Core

• Fixes Apple Privacy Manifest by removing empty NSPrivacyCollectedDataType from PrivacyInfo.xcprivacy
• Moves Swift support defines for podspec user_target_xcconfig so they only apply to the consuming project using CocoaPods
• The baseline upstream SQLite remains on 3.45.3 for this release

SQLCipher Commercial and Enterprise

• Improves Android FIPS examples to enable useLegacyPackaging and extractNativeLibs to ensure .so files are properly extracted
• Fixes an issue with FIPS packages that could lead to an initialization failure for paths containing spaces
• Fixes Apple Privacy Manifest by removing empty NSPrivacyCollectedDataType from PrivacyInfo.xcprivacy
• Dependent packages continue to use OpenSSL 3.0.13 LTS for this release

Availability

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active support subscription from the Customer Downloads fulfillment site. Licensees will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.

We are excited to announce that SQLCipher 4.5.7 is now available. It includes the following notable changes:

SQLCipher Core

• Updates baseline to upstream SQLite 3.45.3
• Adds “device” logging and profile target using os_log for Apple and logcat on Android
• Updates podspec for current Xcode versions, improved Swift support, and Privacy Manifest
• Fixes issues compiling with SQLITE_OMIT_LOG macro
• Fixes a malformed man page caused by old merge conflict

SQLCipher Commercial and Enterprise

There are a large number of enhancements to the Commercial and Enterprise packages for this release:

• Uses a new optimized SQLCipher cryptographic provider implementation with substantially improved performance (up to 10% in testing)
• iOS shared xcframeworks now come with Privacy Manifests to meet upcoming Apple requirements
• Dependent packages now use OpenSSL 3.0.13 LTS
• SQLCipher Enterprise FIPS packages now use a new FIPS 140-2 Validated Cryptographic Module (contact support for additional details and upgrade instructions)
• Updates ADO.NET framework examples to target .NET Framework 8.1, NUnit3TestAdapter 4.5 and NUnit 4
• All .NET Maui reference projects are updated to use .NET 8
• Updates SQLitePCLRaw dependencies to use 2.1.8
• Updates to sqlite-jdbc to upstream 3.45.3.0

Availability

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active support subscription from the Customer Downloads fulfillment site. Licensees will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.

Codebook adopted early support for Google Drive as a third-party synchronization service in 2013. To minimize the level of access Codebook has to a user’s Google Drive account, we have introduced a change with our latest release which limits Codebook’s permission to access only the data files we create and upload to Google Drive.

This change will require all users who sync Codebook with Google Drive to authenticate Codebook with Google again. Codebook will remove the previous Google Drive authorization token and upon initiating a sync with Google Drive will request authorization for a more limited access scope where the files Codebook stores are located within an area called user AppData. Codebook will no longer have access to a user’s full Google Drive folder share going forward.

Previous Codebook clients utilize an API key with Google Drive scheduled to retire in 30 days, this will prevent older clients from syncing with Google Drive without an update. We recommend all users update Codebook on every platform at their earliest convenience to have access to this improved security position.

We are pleased to announce that SQLCipher 4.5.6 is now available. It includes the following notable changes:

SQLCipher Core

• Updates baseline to upstream SQLite 3.44.2.
• Improves PRAGMA cipher_integrity_check to report expected page size if invalid.
• Implements PRAGMA page_size compatibility with PRAGMA cipher_page_size so both will operate properly on encrypted databases.

SQLCipher Commercial and Enterprise

There are a large number of enhancements to the Commercial and Enterprise packages for this release:

• Important Breaking Change: Renames the packages for Windows UAP (zetetic-sqlcipher-windows-uap) to Windows UWP (zetetic-sqlcipher-uwp) to reflect current Microsoft Naming for the Universal Windows Platform. As a result of this change, NuGet Package References will need to be updated in dependent projects.
• Minimum packaging for UWP and Windows updated to Visual Studio 2019.
• All SQLCipher non-FIPS packages that use the OpenSSL Cryptographic Provider are now using OpenSSL 3.0.12 LTS.
• Builds are now compiled with SQLITE_ENABLE_API_ARMOR for additional security.
• Additional improvement to .NET MAUI reference projects for wider compatibility with .NET 7 and 8.
• Updates minimum version for macOS example projects to support current Xcode requirements.
• Adjusts iOS framework code signing to avoid verification error under new versions of Xcode.
• Adds a new SQLCipher.framework for macOS.

Availability

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active support subscription from the Customer Downloads fulfillment site. Licensees will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.