Finally, note to self, probably still don’t use SQLite if you have a good alternative? Twice is suspicious, although they did fix the bug same day and it wasn’t ever released.
SQLite is well-known for its incredibly thorough test suite and relatively few CVEs, and with ~156kloc (excluding tests) it’s not a very large project, so I think this would be an over-reaction. I’d guess that other databases have more and worse security vulnerabilities due to their attack surface—see MySQL with its ~4.4mloc (including tests). Big Sleep was probably now used on SQLite because it’s a fairly small project of which large parts can fit into an LLMs’ context window.
Maybe someone will try to translate the SQLite code to Rust or Zig using LLMs—until then we’re stuck.
SQLite is well-known for its incredibly thorough test suite and relatively few CVEs, and with ~156kloc (excluding tests) it’s not a very large project, so I think this would be an over-reaction. I’d guess that other databases have more and worse security vulnerabilities due to their attack surface—see MySQL with its ~4.4mloc (including tests). Big Sleep was probably now used on SQLite because it’s a fairly small project of which large parts can fit into an LLMs’ context window.
Maybe someone will try to translate the SQLite code to Rust or Zig using LLMs—until then we’re stuck.