Upgrade sqlite dependency to 3.42.0.0 to mitigate CVE-2023-32697 #15114
Labels
C: Build
dependencies
Pull requests that update a dependency file
E: All Editions
P: High
R: Fixed
T: Defect
Projects
Milestone
Comments
lukaseder
added
T: Defect
C: Build
P: High
E: All Editions
dependencies
lukaseder
added a commit
that referenced
this issue
May 24, 2023
|
There don't seem to be any interesting improvements to the SQL dialect, so no new dialect is needed: https://www.sqlite.org/changes.html |
|
I was very wrong. There's a big, incompatible change! #15125 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Another one of these "high priority" CVE-2023-32697's has been published:
I mean, when an attacker gets control over the JDBC url, then a specific CVE isn't really the biggest problem I suspect? But alas, we make dependabot happy...
The text was updated successfully, but these errors were encountered: