SQLite 3.29.0 released: the most widely deployed database

SQLite Remote Code Execution Vulnerability

Image: Wiki Common

SQLite is an in-process library that implements a self-containedserverlesszero-configurationtransactional SQL database engine. SQLite is the most widely deployed database in the world with more applications than we can count, including several high-profile projects.

SQLite is an embedded SQL database engine. Unlike most other SQL databases, SQLite does not have a separate server process. SQLite reads and writes directly to ordinary disk files. A complete SQL database with multiple tables, indices, triggers, and views, is contained in a single disk file. The database file format is cross-platform – you can freely copy a database between 32-bit and 64-bit systems or between big-endian and little-endian architectures. These features make SQLite a popular choice as an Application File Format. SQLite database files are a recommended storage format by the US Library of Congress. Think of SQLite not as a replacement for Oracle but as a replacement for fopen()

SQLite Remote Code Execution Vulnerability
Image: Wiki Common

SQLite is a compact library. With all features enabled, the library size can be less than 600KiB, depending on the target platform and compiler optimization settings. (64-bit code is larger. And some compiler optimizations such as aggressive function inlining and loop unrolling can cause the object code to be much larger.) There is a tradeoff between memory usage and speed. SQLite generally runs faster the more memory you give it. Nevertheless, performance is usually quite good even in low-memory environments. Depending on how it is used, SQLite can be faster than direct filesystem I/O.

Changelog v3.29.0

  1. Added the SQLITE_DBCONFIG_DQS_DML and SQLITE_DBCONFIG_DQS_DDL actions to sqlite3_db_config() for activating and deactivating the double-quoted string literal misfeature. Both defaults to “on” for legacy compatibility, but developers are encouraged to turn them “off”, perhaps using the -DSQLITE_DQS=0 compile-time option.
  2. -DSQLITE_DQS=0 is now a recommended compile-time option.
  3. Improvements to the query planner:
    1. Improved optimization of AND and OR operators when one or the other operand is a constant.
    2. Enhancements to the LIKE optimization for cases when the left-hand side column has numeric affinity.
  4. Added the “sqlite_dbdata” virtual table for extracting raw low-level content from an SQLite database, even a database that is corrupt.
  5. Enhancements to the CLI:
    1. Add the “.recover” command which tries to recover as much content as possible from a corrupt database file.
    2. Add the “.filectrl” command useful for testing.
    3. Add the long-standing “.testctrl” command to the “.help” menu.
    4. Added the “.dbconfig” command