-
-
Notifications
You must be signed in to change notification settings - Fork 815
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SQLite binaries should be upgraded to latest patched sqlite 3.32.1, due critical and high vulnerabilities #1340
Comments
SQLite has a default maximum number of variables when using IN queries. This causes SQLite to fail when too many entries match the initial sql query. See https://www.sqlite.org/limits.html#max_variable_number for more information. Currently, sqlite3 version 4.2.0 uses sqlite binary 3.24.0, which has `SQLITE_MAXIMUM_VARIABLE_NUMBER = 999`. Upgrading to sqlite >= 3.32 would allow for that maximum number to be 32766, but that hasn't been done yet. Track progress of that upgrade in TryGhost/node-sqlite3#1340.
SQLite has a default maximum number of variables when using IN queries. This causes SQLite to fail when too many entries match the initial sql query. See https://www.sqlite.org/limits.html#max_variable_number for more information. Currently, sqlite3 version 4.2.0 uses sqlite binary 3.24.0, which has `SQLITE_MAXIMUM_VARIABLE_NUMBER = 999`. Upgrading to sqlite >= 3.32 would allow for that maximum number to be 32766, but that hasn't been done yet. Track progress of that upgrade in TryGhost/node-sqlite3#1340.
Ah, just saw #1341 and the comment that it will be release soon, thx :-) |
One more PR #1353 that points to the latest sqlite distribution 3.32.3 |
Updating to the latest 3.32 versions would also mean that by default the variable limit increases from 999 to 32766 which would be amazing. |
This release was published so I'm going to close the issue 🙂 |
Hi Mapbox team,
Recently our company internal docker image scanner reported a bunch of critical and high vulnerabilities related to the sqlite binaries version 3.31.1 which is used by the sqlite3 npm package version 4.2.0.
The list of vulnerabilities is:
Is there any planned activity to perform the upgrade of the latest sqlite distribution version 3.32.1 from 2020-05-25?
Looking forward your soon feedback.
Thank you in advance.
The text was updated successfully, but these errors were encountered: