Please create new release with native SQLite >= 3.32.1 to fix multiple CVE

[sseide]

As this jar file contains precompile libraries of sqlite it would be good to release a new version of the jdbc driver with updated native sqlite libraries.

The currently used version 3.31.1 is vulnerable to multiple different attacks ranging from medium up to critical as their respective CVE show:

• https://nvd.nist.gov/vuln/detail/CVE-2020-11656 - Score 9.8 Critcal
• https://nvd.nist.gov/vuln/detail/CVE-2020-13630 - Score 7.0 High
• https://nvd.nist.gov/vuln/detail/CVE-2020-11655 - Score 7.5 High
• https://nvd.nist.gov/vuln/detail/CVE-2020-9327 - Score 7.5 High
• https://nvd.nist.gov/vuln/detail/CVE-2020-13632 - Score 5.5 Medium
• https://nvd.nist.gov/vuln/detail/CVE-2020-13631 - Score 5.5 Medium
• https://nvd.nist.gov/vuln/detail/CVE-2020-13435 - Score 5.5 Medium
• https://nvd.nist.gov/vuln/detail/CVE-2020-13434 - Score 5.5 Medium

Even if not all of them may be exploitable from jdbc side there are more than enough critical fixes inside the native parts to make an new release of the jdbc driver.

Thanks in advance,
Stefan Seide

[xerial]

Thanks for the notice. Will check the latest SQLite version

[xerial]

Released sqlite-jdbc-3.32.3

[sseide]

Many Thanks for fast response!