We’re pleased to announce the immediate availability of SQLCipher 4.11.0. This release includes a number of enhancements, platform improvements, and important deprecation notices.

SQLCipher Core

• Converts log output to UTF-16 when writing to stdout or stderr on Windows
• Fixes check for __has_feature to resolve issue with older compilers that don’t support it
• Replaces fortuna seeding mechanism for libtomcrypt with rng_get_bytes() to fix deadlock
• Fixes issues with scope, includes, and macros to support non-amalgamated builds (--disable-amalgamation)
• Fixes miscellaneous compiler warnings, arguments to provider free_ctx, and return values from sqlcipher_printf
• Updates SQLCipher for Android to use sqlite3_close_v2() (instead of sqlite3_close()) for improved resource cleanup and finalization
• Lowers the platform version requirements for SQLCipher.swift
• Removes CocoaPods support (SQLCipher.podspec.json)

Important Deprecation Notice: LibTomCrypt and NSS providers are now deprecated and will be removed in the next version. Applications using these providers should plan to migrate to alternative crypto providers.

Important Note: Applications upgrading from versions of SQLCipher 4.6.1 or earlier should be aware that this version of SQLCipher incorporates several potential breaking changes from SQLCipher 4.7.0. Please carefully review the 4.7.0 release notes before upgrading.

SQLCipher Commercial and Enterprise

• Enables SQLITE_ENABLE_UPDATE_DELETE_LIMIT, allowing use of LIMIT clauses on non-query statements
• Adds support for a System.Data.SQLite 2.x compatibility package in SQLCipher for .NET on Windows, macOS, and Linux
• Adds support for SQLitePCLRaw 3.x to all SQLCipher .NET packages
• Expands supported versions of tvOS and watchOS
• Updates all OpenSSL packages to use an optimized version of OpenSSL 3.5.4 (LTS)
• Updates all Windows build packages to use the latest VS2022 tooling
• Eliminates packaging of libfipscnf.so from SQLCipher Android FIPS packages for better interoperability

IMPORTANT: Upgrade Note for .NET

The integration library used for most .NET SQLCipher integrations, SQLitePCLRaw, has recently undergone a major update to version 3.x. The new version makes some substantial structural changes. In order to provide support for both the 2.x and 3.x series we have made corresponding changes to the SQLCipher for .NET packages to remove explicit 2.x dependencies.

Most existing projects using SQLCipher for .NET will have a dependency on SQLitePCLRaw 2.x, for example via a transitive dependency from Microsoft.Data.SQLite.Core, Microsoft.EntityFrameworkCore.Sqlite.Core, or sqlite-net-base. Because SQLCipher packages no longer include this dependency directly, these projects will now need to be updated to add an explicit dependency on the SQLitePCLRaw.bundle_zetetic package. Without this dependency, applications will fail to compile with the error:

error CS0234: The type or namespace name 'Batteries_V2' does not exist in the namespace 'SQLitePCL' (are you missing an assembly reference?)

To resolve this, add the following package reference to your project:

<PackageReference Include="SQLitePCLRaw.bundle_zetetic" Version="2.1.11" />

Once this dependency is added, no other code changes will be necessary for projects continuing to use SQLitePCLRaw 2.x.

Projects wishing to upgrade to SQLitePCLRaw 3.x early will find updated integration instructions in the documentation.

FIPS 140-3 Dual Release

Like with 4.10.0, this release uses a dual release strategy for SQLCipher Enterprise FIPS. SQLCipher 4.11.0 packages with the new FIPS 140-3 validated cryptographic module are available on the “Prerelease” tab of the Customer Downloads fulfillment site, while packages with the FIPS 140-2 module remain available on the “Release” tab. This is the second dual release, allowing organizations to test and validate the new module alongside existing deployments. Don’t forget to update your license code when upgrading.

Future releases of SQLCipher Enterprise FIPS will exclusively use the FIPS 140-3 module. The FIPS 140-2 module will be discontinued.

Upgrading and Availability

SQLCipher 4.11.0 is available for download now. We strongly recommend testing your applications thoroughly with the new version before deploying to production.

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active CipherCare support subscription from the Customer Downloads fulfillment site. Subscribers will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team. Commercial and Enterprise edition upgrades require a new license code from the SQLCipher fulfillment site for each version. Don’t forget to change the license code in your application(s) when you upgrade.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and Swift Package Manager for Apple platforms.

For feedback and questions, please visit our Community Forum or private support channels. Thank you for using SQLCipher!

We’re pleased to announce the immediate availability of SQLCipher 4.10.0. This release includes a number of enhancements and security updates.

SQLCipher Core

• Updates baseline to latest SQLite 3.50.4
• Allows compile time override of default log level via SQLCIPHER_LOG_LEVEL_DEFAULT macro
• Fixes detection of CommonCrypto version on macOS
• Improves CommonCrypto version detection on iOS
• Fixes issue with using -fsanitize=address on macOS

Note that the new SQLite 3.50.4 contains several security fixes. Applications that use SQLCipher and allow untrusted schema modification are advised to upgrade.

Important Note: Applications upgrading from versions of SQLCipher 4.6.1 or earlier should be aware that this version of SQLCipher incorporates several potential breaking changes from SQLCipher 4.7.0. Please carefully review the 4.7.0 release notes before upgrading.

Swift Package Manager Support

SQLCipher 4.10.0 introduces support for integration via Swift Package Manager with Xcode for Apple platforms like iOS and macOS. Please consider updating your projects to use Swift Package Manager today according the appropriate documentation:

1. Swift Package Manager for Community Edition
2. Swift Package Manager for Commercial & Enterprise
3. Swift Package Manager for Library Integrations

Swift Package Manager is replacing CocoaPods support. This is the last release where we will be publishing a Podspec for SQLCipher.

SQLCipher Commercial and Enterprise

• Fixes error handling KDF_NONE in sqlcipher_vle_pbkdf2 function
• Adds additional options for setting License Codes (see below)
• Improves FIPS module resolution logic for macOS bundles
• Significant improvements to virtually all integration example programs included with SQLCipher packages
• Remove deprecated example programs from packages
• Removes redundant zetetic- prefix from NuGet packages for .NET (see below)
• Consolidates iOS and macOS into a single Apple integration package

License Code Changes

SQLCipher Commercial and Enterprise Editions require integrating applications to unlock the software by providing the license code using PRAGMA cipher_license. This approach works well for most applications, but requires modification of the application code. Starting in this release, SQLCipher now supports several additional options for providing the license code. The license code value may now be set in:

• The environmental variable CIPHER_LICENSE
• A file named cipher_license in the same directory as the SQLCipher library
• A file named cipher_license in the same directory as the current executable
• A file named cipher_license in the same directory as the current working directory
• A file named cipher_license in the Resources directory next to the main library in a macOS bundle
• An arbitrary file path set using the CIPHER_LICENSE_FILE environmental variable

NuGet Package Name Changes

Commercial and Enterprise NuGet packages have been renamed in this release to remove the redundant zetetic- prefix. For example, the package previously named zetetic-sqlcipher-ios is now simply sqlcipher-ios. Similarly the package previously named zetetic-sqlite-net-base is now named sqlcipher-sqlite-net-base. Applications using SQLCipher NuGet packages can simply remove the references from the old packages, and add a new reference to the current package. Alternately, the value of the <PackageReference> tags can be modified in the application .csproj directly.

This is a packaging naming change only, so no code changes are required. The following is a complete list of package renames for reference:

• zetetic-sqlcipher-android => sqlcipher-android
• zetetic-sqlcipher-ios => sqlcipher-ios
• zetetic-sqlcipher-linux-fips => sqlcipher-linux-fips
• zetetic-sqlcipher-linux => sqlcipher-linux
• zetetic-sqlcipher-macos-fips => sqlcipher-macos-fips
• zetetic-sqlcipher-macos => sqlcipher-macos
• zetetic-sqlcipher-uwp => sqlcipher-uwp
• zetetic-sqlcipher-windows-fips => sqlcipher-windows-fips
• zetetic-sqlcipher-windows => sqlcipher-windows
• zetetic-sqlcipher-windows-system-data-sqlite => sqlcipher-windows-system-data-sqlite
• zetetic-sqlcipher-windows-vcrtforwarders => sqlcipher-windows-vcrtforwarders
• zetetic-sqlite-net-base => sqlcipher-sqlite-net-base

Apple Consolidation

SQLCipher Commercial and Enterprise packages for iOS and macOS are now consolidated into a single downloadable package. Integration is now simplified by requring on a single SQLCipher.xcframework package to be added, and the each platform will be unlocked with an appropriate License Code. As a result of this change packages previously available as separate sqlcipher-ios-X.X.X.zip and sqlcipher-macos-X.X.X.zip are now replaced by a sqlcipher-apple-X.X.X.zip for delivery.

Upgrading and Availability

SQLCipher 4.10.0 is available for download now. We strongly recommend testing your applications thoroughly with the new version before deploying to production.

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active CipherCare support subscription from the Customer Downloads fulfillment site. Subscribers will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team. Commercial and Enterprise edition upgrades require a new license code from the SQLCipher fulfillment site for each version. Don’t forget to change the license code in your application(s) when you upgrade.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and Swift Package Manager for Apple platforms.

For feedback and questions, please visit our Community Forum or private support channels. Thank you for using SQLCipher!

Google is now making 16KB page compatibility required for applications in the Play Store. To support this requirement, native libraries for Android must be specifically built to support 16KB page sizes.

While the modern SQLCipher for Android library has fully supported 16KB page sizes since version 4.6.1, the legacy Community Edition of android-database-sqlcipher is no longer supported or receiving published updates. It was deprecated in 2022 and reached end-of-life in 2023. As a result, applications still using the android-database-sqlcipher Community Edition package will not be able to meet Google’s new requirement.

There are two supported options for affected applications:

1. Upgrade to the new sqlcipher-android library - As the official replacement library, it has been already updated for 16KB page size support. There are steps involved in migrating, but most applications should only require minor modifications. As a bonus, applications will see improved stability and better performance from the new library.

2. License SQLCipher for Android Commercial Edition - We continue to provide limited, post-end-of-life, support for the legacy library to commercial customers. This includes an android-database-sqlcipher compatibility package with 16KB page size support. It will meet Google’s new mandate. If you are interested, please contact us to discuss options, or license directly online.

We recommend that applications address these requirements as a priority, as Android 15 is now rolling out to devices.

We’re pleased to announce the immediate availability of SQLCipher 4.9.0. This is a patch release and security update that:

1. Updates the SQLite baseline to SQLite 3.49.2 to address a security issue in the upstream SQLite library.
2. Fixes a small resource leak related to library cleanup when compiling with SQLITE_OMIT_AUTOINIT defined.

The SQLite 3.49.2 update fixes a bug that could allow someone with access to run arbitrary CREATE TABLE statements to trigger a memory error and process crash. The issue was introduced along with NOT NULL optimizations in SQLite 3.40.0 and subsequently incorporated into SQLCipher 4.5.4.

Since it is extremely unusual for secured applications to allow untrusted schema modifications, this may be classified as a moderate-severity issue. Applications that use SQLCipher 4.5.4 through 4.8.0 and allow untrusted schema modification are strongly advised to upgrade.

Important Note: Applications upgrading from versions of SQLCipher 4.6.1 or earlier should be aware that this version of SQLCipher incorporates several potential breaking changes from SQLCipher 4.7.0. Please carefully review the 4.7.0 release notes before upgrading.

Upgrading and Availability

SQLCipher 4.9.0 is available for download now. We strongly recommend testing your applications thoroughly with the new version before deploying to production.

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active CipherCare support subscription from the Customer Downloads fulfillment site. Subscribers will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team. Commercial and Enterprise edition upgrades require a new license code from the SQLCipher fulfillment site for each version. Don’t forget to change the license code in your application(s) when you upgrade.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.

For feedback and questions, please visit our Community Forum or private support channels. Thank you for using SQLCipher!

We’re pleased to announce SQLCipher 4.8.0, which is a minor update that builds on the recent 4.7.0 release and incorporates several incremental fixes and improvements.

Important Note: Applications upgrading from versions of SQLCipher 4.6.1 or earlier should be aware that this version of SQLCipher incorporates several potential breaking changes from SQLCipher 4.7.0. Please carefully review the 4.7.0 release notes before upgrading.

SQLCipher Core

The following changes are included in SQLCipher core:

• Fixes regression in PRAGMA cipher_migrate which would raise an error when migrate was called on a current version database (i.e. migration was not necessary). This restores the old behavior where the spurious operation would be ignored.
• Improves selective locking for shared cache mode connections (note: use of shared cache is strongly discouraged)
• Reduces initial memory allocation requirement for private heap
• Add tracking and debug logging of private heap usage statistics
• Removes invasive changes to process working set size on Windows
• sqlcipher-android allows custom logging targets via the Logger class (uses logcat for compatibility by default)

Commercial and Enterprise Editions

The following changes are included in noted SQLCipher Commercial or Enterprise packages:

• Updates .NET references to Microsoft.EntityFrameworkCore.Sqlite.Core and Microsoft.Data.Sqlite.Core references to 9.0.4 to eliminate NuGet vulnerability warnings related to earlier version’s dependencies on System.Text.Json.
• Allows reference WinUI project to automatically use SQLCipher Windows .NET FIPS packages when present
• Removes the now unnecessary slf4j-api dependency from the SQLCipher for JDBC example project
• Improves the SQLCipher for Linux FIPS examples related to ARM 32-bit builds
• Improves the SQLCipher for Linux examples for multi-architecture compilation

Upgrading and Availability

SQLCipher 4.8.0 is available for download now. We strongly recommend testing your applications thoroughly with the new version before deploying to production.

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active CipherCare support subscription from the Customer Downloads fulfillment site. Subscribers will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team. Commercial and Enterprise edition upgrades require a new license code from the SQLCipher fulfillment site for each version. Don’t forget to change the license code in your application(s) when you upgrade.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.

For feedback and questions, please visit our Community Forum or private support channels.