I see that proclaim is using the sqlite database components. Can you confirm what version is being distributed? SQLite has released updated version 3.26.0 of its software to address the issue. Are there plans to update to the latest version?
https://thehackernews.com/2018/12/sqlite-vulnerability.html
--DH
3.12, but its not the stock dll
Whilst security is always a concern, and FL are good at fixing issues like this, however I believe risk to us is low, and we should be so worthy that our sermons were indeed targets for hackers .
The lead author of SQLite has this to say about it https://twitter.com/DRichardHipp/status/1073779742552350720 :
Reports of an RCE vulnerability in SQLite are greatly exaggerated. Some clever gray-hats found a way to get RCE using maliciously crafted SQL. So, IF you allow random internet users to run arbitrary SQL on your system, you should upgrade. Otherwise, you are not at risk.
Proclaim does not use SQLite in such a way that it permits execution of arbitrary SQL, so it is not vulnerable to the attack (as we understand it).
We generally do update third-party libraries on a regular basis to ensure that we have the latest bug fixes so SQLite will be updated at some point in the future; however, we have decided that it does not need to be done urgently.
