rusqlite v0.23.0 Release Notes
Release Date: 2020-04-23 // almost 4 years ago-
๐ The release primarily contains a number of security/memory safety fixes, which were mostly found due to an audit of the unsafe code in the crate. An advisory will be published for these shortly.
0๏ธโฃ They mostly impact APIs exposed through
features, so while there are a lot of them, if you're using rusqlite under default features, you're fine. None of them impact libsqlite3-sys.๐ It's a major release as these APIs were fundamentally unsound and could not be fixed without breaking changes.
- ๐ Make VTab / VTabCursor
unsafe traitas implementing them on the wrong type is unsound c9ef5bd. (Note that a safe VTab API is planned in the future). - ๐ Make
create_moduletake a &'static Module as that's what the reference was treated as. 3c6b57f - ๐ Make
UnlockNotificationhold the Mutex while notifying the CondVar. Also, ensure&mutis not used to reference a value shared across another thread. 45fd77e - ๐ Fix potential format string vuln in rusqlite::trace::log 2327d3b
- Auxdata API has been changed and has new bounds.
- ๐ Fix use-after-free in sessions.rs in ac30e16
๐ Non-safety changes in this release:
- โก๏ธ Bundled SQLite has been updated to 3.31.1 22564d3
- Non-unicode paths are now handled properly, at least on unix #692
- ๐ Functions using va_list are excluded from the bundled bindings, as these are platform specific. You can still use them if you enable the buildtime_bindgen feature. 288aa96
- โฌ๏ธ An unchecked_transaction function has been added which allows opting-out of compile time transaction checking. Despite it's name, it's still checked, it just downgrades a compilation error to a runtime one: #693
- std::error::Error::source is implemented in favor of std::error::Error::cause for all error types.
- ๐ Make VTab / VTabCursor