Skip to content

[release/9.0] Switch Microsoft.Data.Sqlite and EFCore.Sqlite to SQLite3MC.PCLRaw.bundle#38544

Open
ViveliDuCh wants to merge 3 commits into
release/9.0from
backport/sqlite3mc-to-release/9.0
Open

[release/9.0] Switch Microsoft.Data.Sqlite and EFCore.Sqlite to SQLite3MC.PCLRaw.bundle#38544
ViveliDuCh wants to merge 3 commits into
release/9.0from
backport/sqlite3mc-to-release/9.0

Conversation

@ViveliDuCh

@ViveliDuCh ViveliDuCh commented Jul 1, 2026

Copy link
Copy Markdown
Member

Fixes #38257
Backports #38402, #36551

Description

Backports #38402 to release/9.0, switching Microsoft.Data.Sqlite and Microsoft.EntityFrameworkCore.Sqlite to the encryption-capable SQLite3MC.PCLRaw.bundle (2.3.5) and, since 9.0 lacked #36551, also bumping SQLitePCLRaw to 3.0.3; breaking-change guidance is in dotnet/EntityFramework.Docs#5385.

Customer impact

Gives net9.0 customers an actively maintained, encryption-capable native SQLite by default, replacing the aging bundle_e_sqlite3 that was flagged against known SQLite CVEs in #38257.

How found

Raised by customers in #38257 asking that the vulnerable native SQLite dependency be updated or replaced.

Regression

No. This is a deliberate security/servicing alignment with net11.0 and a documented breaking change, not a regression fix.

Testing

Added a Microsoft.Data.Sqlite.sqlite3mc.Tests project and pointed EFCore.Sqlite.FunctionalTests / EFCore.Design.Tests at SQLite3MC so CI exercises the shipped bundle.

Risk

Low-to-moderate; it swaps the default native SQLite engine but mirrors the change already validated in net11.0 preview 6 (#38402) and lets customers opt back into bundle_e_sqlite3 per the published guidance.

Links

Copilot AI review requested due to automatic review settings July 1, 2026 00:16
@ViveliDuCh ViveliDuCh self-assigned this Jul 1, 2026

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Backports the switch of the shipped SQLite native bundle to SQLite3MC.PCLRaw.bundle onto release/9.0, along with the prerequisite SQLitePCLRaw 3.x packaging changes, to address the SQLite CVEs tracked in #38257.

Changes:

  • Update product packages (Microsoft.Data.Sqlite, EFCore.Sqlite) and select test projects to reference SQLite3MC.PCLRaw.bundle, and bump SQLitePCLRawVersion to 3.0.3.
  • Rework test provider/bundle references for the removed SQLitePCLRaw 3.x bundles (move sqlite3/winsqlite3 tests to SQLitePCLRaw.core + SQLitePCLRaw.provider.*, introduce sqlite3mc test project, remove legacy e_sqlite3mc test project).
  • Wire solution/package plumbing for the above (CPM version properties, solution/project list updates, InternalsVisibleTo updates).

Reviewed changes

Copilot reviewed 18 out of 18 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
test/Microsoft.Data.Sqlite.Tests/TestUtilities/SqliteTestFramework.cs Updates test-framework selection for the new provider matrix and adds provider initialization for non-bundle providers.
test/Microsoft.Data.Sqlite.Tests/SqliteConnectionTest.cs Adjusts conditional behavior for password/encryption support under the new SQLITE3MC symbol.
test/Microsoft.Data.Sqlite.Tests/Microsoft.Data.Sqlite.winsqlite3.Tests.csproj Switches from deprecated bundle_winsqlite3 to SQLitePCLRaw.core + SQLitePCLRaw.provider.winsqlite3.
test/Microsoft.Data.Sqlite.Tests/Microsoft.Data.Sqlite.Tests.csproj Adds a net462 RID and retains bundle_e_sqlite3 reference for the default test matrix.
test/Microsoft.Data.Sqlite.Tests/Microsoft.Data.Sqlite.sqlite3mc.Tests.csproj Retargets the encryption-capable test project to SQLite3MC.PCLRaw.bundle and defines SQLITE3MC.
test/Microsoft.Data.Sqlite.Tests/Microsoft.Data.Sqlite.sqlite3.Tests.csproj Switches from deprecated bundle_sqlite3 to SQLitePCLRaw.core + SQLitePCLRaw.provider.sqlite3.
test/Microsoft.Data.Sqlite.Tests/Microsoft.Data.Sqlite.e_sqlite3mc.Tests.csproj Removes the deprecated e_sqlite3mc test project.
test/EFCore.Sqlite.FunctionalTests/Query/PrimitiveCollectionsQuerySqliteTest.cs Marks a specific test as skipped (Issue #32561).
test/EFCore.Sqlite.FunctionalTests/EFCore.Sqlite.FunctionalTests.csproj Moves functional tests to run directly on SQLite3MC.PCLRaw.bundle.
test/EFCore.Design.Tests/EFCore.Design.Tests.csproj Updates bundle reference used by design tests.
test/Directory.Packages.props Replaces deprecated bundle package versions with provider package versions for tests (imports root CPM).
src/Microsoft.Data.Sqlite/Microsoft.Data.Sqlite.csproj Switches shipped product dependency to SQLite3MC.PCLRaw.bundle.
src/Microsoft.Data.Sqlite.Core/Properties/InternalsVisibleTo.cs Updates friend assemblies to match new/removed test projects.
src/EFCore.Sqlite/EFCore.Sqlite.csproj Switches shipped provider dependency to SQLite3MC.PCLRaw.bundle.
Microsoft.Data.Sqlite.slnf Updates the solution filter to remove deprecated test projects and include sqlite3mc tests.
eng/Versions.props Bumps SQLitePCLRawVersion and adds SQLite3MCPCLRawBundleVersion.
EFCore.sln Removes deprecated test projects and adds sqlite3mc tests to the main solution.
Directory.Packages.props Adds CPM version for SQLite3MC.PCLRaw.bundle and removes deprecated bundle_sqlite3 version entry.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread EFCore.sln Outdated
Comment thread test/Microsoft.Data.Sqlite.Tests/TestUtilities/SqliteTestFramework.cs Outdated
Comment thread test/EFCore.Design.Tests/EFCore.Design.Tests.csproj
@AndriySvyryd

Copy link
Copy Markdown
Member

The asserts in NorthwindAggregateOperatorsQueryTestBase should be changed to account for double rounding errors, see‎ https://github.com/dotnet/efcore/pull/38532/changes#diff-e0f7ef3829d5b8632fedd04284d951c116ac7f1ba7da7917517070202cd130af
Also update the Helix image - 719e274

…ounding tolerance, bump Helix image to ubuntu-22.04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants