We do use FTS3 and don't provide execution of arbitrary SQL in our product code (of course, SQL injection is also not possible), but clients could write their own customizations via plugins.
--- Vladimir -----Original Message----- From: sqlite-users [mailto:sqlite-users-boun...@mailinglists.sqlite.org] On Behalf Of Warren Young Sent: Monday, January 28, 2019 21:05 To: SQLite mailing list <sqlite-users@mailinglists.sqlite.org> Subject: Re: [sqlite] Claimed vulnerability in SQLite: Info or Intox? On Jan 28, 2019, at 1:26 AM, Vladimir Barbu <vladimir.ba...@schneider-electric-dms.com> wrote: > > This vulnerability has been addressed in SQLite 3.26.0. When could we expect > new version (official) of System.Data.SQLite which uses 3.26.0? Are you both using FTS3 *and* letting your users execute arbitrary SQL? Most of the time, the latter is a vulnerability in and of itself. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
