SQLite Fixes Security Flaw
Written by Kay Ewbank   
Tuesday, 26 May 2020

SQLite has been updated twice in quick succession, firstly a planned release that adds support for approximate Analyze using the Pragma analysis_limit command, then an update to fix a longstanding flaw that allows malicious SQL statements to crash the process running SQLite. 

SQLite is an in-process library that implements a self-contained, serverless, transactional SQL database engine. It supports full text search and has extensions offering JSON support. The entire SQL database with multiple tables, indexes, triggers, and views, is contained in a single disk file. The developers say SQLite is the most used database engine in the world, as it is built into all mobile phones, major web browsers and most operating systems. 

sqliteThe unscheduled release is version 3.321, and fixes two long-standing bugs that allow malicious SQL statements to crash the process that is running SQLite. These bugs were announced by a third-party approximately 24 hours after the 3.32.0 release but are not specific to the 3.32.0 release.

The 3.32 release improvements include the addition of an approximate analyze. By default, the Analyze command carries out a full scan of every index. This can be slow for large databases, so you can now use the Pragma analysis_limit command to limit the amount of scanning performed by Analyze, so it will run faster, even on very large database files. Pragma statements are SQL extensions specific to SQLite The Analyze Pragma lets you set a limit for the approximate number of rows examined in each index by the Analyze command. The results of analysis are not as good when only part of each index is examined, but the results are usually good enough. Setting N to 100 or 1000 allows the Analyze command to run very quickly, even on multi-gigabyte database files.

Other improvements to the release include support for SQL's Iif statement, and a change to the Insert and Update statements so that they now always apply column affinity before computing Check constraints.

sqlite

More Information

SQLite Site

Related Articles

SQLite Improves Nulls Support

SQLite Introduces Vacuum Into

SQLite Adds Zipfile Support

SQLite 3.20 Improves Query Planner

SQLite 3.17 Adds SHA1 Extensions 

SQLite 3.16 Adds Pragma Functions  

SQLite 3.15 Adds Row Value Support

Portable Version Of DB Browser For SQLite

SQLite 3.9 

SQLite Updated

LiteCLI - SQLite Client with Autocomplete

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner

Apache Pinot 1.4 Improves Multistage Engine
14/10/2025

Apache Pinot 1.4 has been released with significant improvements to the Multistage Engine, Pauseless Consumption and Time Series Engine among a wide range of other enhancements. Pinot is a real-time d [ ... ]


+ Full Story
PostgreSQL 18 Released - What's New?
13/10/2025

PostgreSQL 18 was released on September 25, boosting a
many great features. If you check out the official release statement you'll find that there's a lot to digest, so we'll focus on just a  [ ... ]


+ Full Story
More News

pico book

 

Comments




or email your comment to: comments@i-programmer.info