Documentation Source Text

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Changes to pages/bindptr.in.

    26     26   communicate non-SQL values between subcomponents or between the extension
    27     27   and the application.  Some examples:
    28     28   
    29     29   <ul>
    30     30   <li><p>
    31     31   In the [FTS3] extension, the 
    32     32   [FTS MATCH|MATCH operator] (which does the full-text search)
    33         -needs to communicate details of matching entrys to the [snippet()], [offsets()],
           33  +needs to communicate details of matching entries 
           34  +to the [snippet()], [offsets()],
    34     35   and [matchinfo()] functions so that those functions can convert the details
    35     36   of the match into useful output.
    36     37   
    37     38   <li><p>
    38     39   In order for an application to 
    39     40   [Extending FTS5|add new extensions to FTS5], such as new tokenizers, 
    40     41   the application needs a pointer to the "fts5_api" object.
................................................................................
   100    101   a hostile agent is able to inject arbitrary SQL text into the application,
   101    102   then that agent is already in full control of the application, so
   102    103   letting the hostile agent forge a pointer does not give the agent
   103    104   any new capability.
   104    105   
   105    106   <p>
   106    107   For most cases, it is true that potential attackers have no way of injecting
   107         -arbitrary SQL, and so most uses of SQLite are immute to the attack above.
          108  +arbitrary SQL, and so most uses of SQLite are immune to the attack above.
   108    109   But there are some notable exceptions.  To wit:
   109    110   
   110    111   <ul>
   111    112   <li><p>
   112    113   The [https://en.wikipedia.org/wiki/Web_SQL_Database|WebSQL] interface
   113    114   to webkit allowed any webpage to to run arbitrary SQL in the browser
   114    115   for Chrome and Safari.  That arbitrary SQL was supposed to be run inside

Changes to pages/changes.in.

    17     17   proc chng {date desc {options {}}} {
    18     18     global nChng aChng xrefChng
    19     19     set aChng($nChng) [list $date $desc $options]
    20     20     set xrefChng($date) $nChng
    21     21     incr nChng
    22     22   }
    23     23   
    24         -chng {2017-08-01 (3.20.0)} {
           24  +chng {2017-07-26 (3.20.0)} {
    25     25   <li> Update the text of error messages returned by [sqlite3_errmsg()] for some
    26     26        error codes.
    27     27   <li> Add new [pointer passing interfaces].
    28     28   <li> Backwards-incompatible changes to some extensions in order to take 
    29     29        advantage of the improved security offered by the new 
    30     30        [pointer passing interfaces]:
    31     31        <ul>

Changes to pages/news.in.

    14     14     hd_puts "<h3>$date - $title</h3>"
    15     15     regsub -all "\n( *\n)+" $text "</p>\n\n<p>" txt
    16     16     regsub -all {[Tt]icket #(\d+)} $txt \
    17     17         {<a href="http://www.sqlite.org/cvstrac/tktview?tn=\1">\0</a>} txt
    18     18     hd_resolve "<blockquote>$txt</blockquote>"
    19     19     hd_puts "<hr width=\"50%\">"
    20     20   }
           21  +
           22  +newsitem {2017-07-26} {Release 3.20.0} {
           23  +SQLite [version 3.20.0] is a regularly secheduled maintenance release
           24  +of SQLite.
           25  +<p>
           26  +This release contains many minor enhancements, including:
           27  +<ul>
           28  +<li> Several new extensions
           29  +<li> Enhancements to the "sqlite3.exe" command-line shell
           30  +<li> Query planner enhancements
           31  +<li> Miscellaneous code optimizations for improved performance
           32  +</ul>
           33  +<p>
           34  +See the [version 3.20.0|release notes] for more information.
           35  +}
    21     36   
    22     37   newsitem {2017-06-17} {Release 3.18.2} {
    23     38   SQLite [version 3.18.2] is another backport of a bug fix found
    24     39   in SQLite [version 3.19.0], specifically the fix for
    25     40   ticket [https://sqlite.org/src/info/61fe9745|61fe9745].  Changes
    26     41   against [version 3.18.0] are minimal.
    27     42   }

Changes to pages/whyc.in.

    77     77   </tr>
    78     78   </table>
    79     79   </center>
    80     80   
    81     81   <p>
    82     82   In a more complete build, SQLite also uses library routines like
    83     83   malloc() and free() and operating system interfaces for opening, reading,
    84         -writing, and closing files.  But even then, the number of dependences
           84  +writing, and closing files.  But even then, the number of dependencies
    85     85   is very small.  Other "modern" language, in contrast, often require
    86     86   multi-megabyte runtimes loaded with thousands and thousands of interfaces.
    87     87   
    88     88   <h2>Stability</h2>
    89     89   
    90     90   <p>
    91     91   The C language is old and boring.
    92     92   It is a well-known and well-understood language.
    93     93   This is exactly what one wants when developing a module like SQLite.
    94     94   Writing a small, fast, and reliable database engine is hard enough as it
    95     95   is without the implementation language changing out from under you with
    96     96   each update to the implementation language specification.