SQLite Critical Vulnerability

FYI SQLite has a vulnerability. I came across this today article today. Sharing for visibility. Not clear at the moment if this exposes XOJO based apps, but the article does mention proof of concepts against Chromium.

https://thehackernews.com/2018/12/sqlite-vulnerability.html?m=1

Well, Xojo Inc. will probably update to newer SQLite version soon for the next release.

And if you need, I can soon rebuild a MBS Xojo SQL Plugin to user newer SQLite version.
I think currently we have 3.25.2

Hi Christian, it’s probably not a bad idea to do that. They thankfully aren’t sharing implementation details on this to allow everyone to upgrade but wouldn’t be the first time something ends up in the wild in advance of wide adoption of the update given the wide adoption of the target.

Ah, I see 3.26 is available.
So let’s rebuild here :slight_smile:

Turns out 3.26.0 is already in my SQL Plugin. :slight_smile:

I don’t think this issue has anything to do with SQLite, from what I’m seeing on the SQLite Users’ Mailing List. And it would surprise me if it had. They’ll be blaming sin() and cos() next.