From a06d14925b0a81f76bc487dcbf8963f15eeed103 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 11 Jun 2026 00:54:05 +0000
Subject: [PATCH 01/13] Document Microsoft.Data.Sqlite SQLite3MC bundle as
breaking change (efcore#38402)
---
.../ef-core-11.0/breaking-changes.md | 50 ++++++++++++++++++-
1 file changed, 49 insertions(+), 1 deletion(-)
diff --git a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
index d2b096990e..736ec44869 100644
--- a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
+++ b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
@@ -2,7 +2,7 @@
title: Breaking changes in EF Core 11 (EF11) - EF Core
description: List of breaking changes introduced in Entity Framework Core 11 (EF11)
author: roji
-ms.date: 03/27/2026
+ms.date: 06/11/2026
uid: core/what-is-new/ef-core-11.0/breaking-changes
---
@@ -334,6 +334,7 @@ if (entity.OwnedCollection is { Count: 0 })
|:----------------------------------------------------------------------------------------------------------|------------|
| [Encryption-enabled SQLite packages have been removed](#sqlite-encryption-removed) | Medium |
| [Some SQLitePCLRaw bundle packages have been removed](#sqlite-bundles-removed) | Medium |
+| [Microsoft.Data.Sqlite now bundles SQLite3 Multiple Ciphers](#sqlite-bundles-mc) | Low |
### Medium-impact changes
@@ -442,3 +443,50 @@ static void Init()
> [!NOTE]
> If you are using `SQLitePCLRaw.bundle_e_sqlite3`, no changes are required—just update the version number. See the [SQLitePCLRaw 3.0 Release Notes](https://github.com/ericsink/SQLitePCL.raw/blob/main/v3.md) for details.
+
+### Low-impact changes
+
+
+
+#### Microsoft.Data.Sqlite now bundles SQLite3 Multiple Ciphers
+
+[Tracking Issue dotnet/efcore#38402](https://github.com/dotnet/efcore/pull/38402)
+
+##### Old behavior
+
+The `Microsoft.Data.Sqlite` package referenced `SQLitePCLRaw.bundle_e_sqlite3`, which provides the standard `e_sqlite3` native SQLite build. This build has no encryption support, so setting a password (for example, via `SqliteConnectionStringBuilder.Password` or the `Password` connection-string keyword) failed at runtime.
+
+##### New behavior
+
+Starting with `Microsoft.Data.Sqlite` 11.0, the package references `SQLite3MC.PCLRaw.bundle`, which provides the `e_sqlite3mc` native build ([SQLite3 Multiple Ciphers](https://github.com/utelle/SQLite3MultipleCiphers)). This bundles an encryption-capable SQLite build by default, so encryption (including setting a password) now works out of the box.
+
+This change applies only to the `Microsoft.Data.Sqlite` package. The EF Core SQLite provider (`Microsoft.EntityFrameworkCore.Sqlite`) intentionally continues to use `bundle_e_sqlite3`.
+
+##### Why
+
+The no-cost `SQLitePCLRaw.bundle_e_sqlcipher` package was deprecated and removed (see [Encryption-enabled SQLite packages have been removed](#sqlite-encryption-removed)), leaving users without a built-in, no-cost SQLite encryption option. SQLite3 Multiple Ciphers is an actively maintained, no-cost project that restores encryption support, so it was adopted as the default native build for `Microsoft.Data.Sqlite`.
+
+##### Mitigations
+
+For most applications, **no action is required**. SQLite3 Multiple Ciphers is a superset of SQLite that behaves identically to the standard build for unencrypted databases—it only applies encryption when you explicitly supply a key or password. Existing unencrypted databases continue to open and work unchanged.
+
+Review the following cases, which may require action in some applications:
+
+- **Native library and provider name change.** The bundled native library is now `e_sqlite3mc` (rather than `e_sqlite3`), and the provider initialized by the bundle is `SQLite3Provider_e_sqlite3mc`. This matters if your application:
+ - References a specific native asset filename (for example, `e_sqlite3`) in publishing, trimming, AOT, or single-file configuration. Update those references to `e_sqlite3mc`.
+ - Explicitly initializes a provider via `SQLitePCL.Batteries_V2.Init()` or `SQLitePCL.raw.SetProvider(...)`, or references `SQLitePCLRaw.bundle_e_sqlite3` directly alongside `Microsoft.Data.Sqlite`. Ensure a single provider is configured to avoid conflicts.
+
+- **Platform (RID) coverage.** SQLite3 Multiple Ciphers ships native binaries for a different set of runtime identifiers than `bundle_e_sqlite3`. If you target a platform that the new bundle doesn't include, the native library may fail to load at runtime. In that case, revert to the standard build as described below.
+
+- **App size.** The native binaries differ in size, so published application size may change slightly.
+
+- **Reserved encryption keywords.** SQLite3 Multiple Ciphers reserves certain connection-string/URI parameters and PRAGMAs (such as `key`, `hexkey`, and `cipher`) for encryption configuration. This is unlikely to affect typical applications, but if you happened to use these names for unrelated purposes, behavior may differ.
+
+- **Dependency auditing.** A new transitive package (`SQLite3MC.PCLRaw.bundle`) and a new native binary are introduced. Update any package allow-lists, SBOMs, or security/compliance tooling accordingly.
+
+If you want to keep using the standard, non-encrypted `e_sqlite3` build, reference `Microsoft.Data.Sqlite.Core` together with `SQLitePCLRaw.bundle_e_sqlite3` instead of the `Microsoft.Data.Sqlite` meta-package:
+
+```xml
+
+
+```
From 8e3cdd66c12442792fbedf19f2cdbaaf7d78f07a Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 11 Jun 2026 00:54:52 +0000
Subject: [PATCH 02/13] Correct tracking link text from Issue to PR
---
.../core/what-is-new/ef-core-11.0/breaking-changes.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
index 736ec44869..b104dea200 100644
--- a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
+++ b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
@@ -450,7 +450,7 @@ static void Init()
#### Microsoft.Data.Sqlite now bundles SQLite3 Multiple Ciphers
-[Tracking Issue dotnet/efcore#38402](https://github.com/dotnet/efcore/pull/38402)
+[Tracking PR dotnet/efcore#38402](https://github.com/dotnet/efcore/pull/38402)
##### Old behavior
From 4bffb7567cdcb28c676aea7593233b1acaba8693 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 11 Jun 2026 01:14:45 +0000
Subject: [PATCH 03/13] Clarify primary rationale: timely security updates on
NuGet.org, encryption is a bonus
---
.../core/what-is-new/ef-core-11.0/breaking-changes.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
index b104dea200..e4fb82d042 100644
--- a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
+++ b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
@@ -458,13 +458,13 @@ The `Microsoft.Data.Sqlite` package referenced `SQLitePCLRaw.bundle_e_sqlite3`,
##### New behavior
-Starting with `Microsoft.Data.Sqlite` 11.0, the package references `SQLite3MC.PCLRaw.bundle`, which provides the `e_sqlite3mc` native build ([SQLite3 Multiple Ciphers](https://github.com/utelle/SQLite3MultipleCiphers)). This bundles an encryption-capable SQLite build by default, so encryption (including setting a password) now works out of the box.
+Starting with `Microsoft.Data.Sqlite` 11.0, the package references `SQLite3MC.PCLRaw.bundle`, which provides the `e_sqlite3mc` native build ([SQLite3 Multiple Ciphers](https://github.com/utelle/SQLite3MultipleCiphers)). This build receives updates—including upstream SQLite security fixes—on NuGet.org more promptly than `bundle_e_sqlite3`. As an added bonus, it is encryption-capable by default, so encryption (including setting a password) now works out of the box.
This change applies only to the `Microsoft.Data.Sqlite` package. The EF Core SQLite provider (`Microsoft.EntityFrameworkCore.Sqlite`) intentionally continues to use `bundle_e_sqlite3`.
##### Why
-The no-cost `SQLitePCLRaw.bundle_e_sqlcipher` package was deprecated and removed (see [Encryption-enabled SQLite packages have been removed](#sqlite-encryption-removed)), leaving users without a built-in, no-cost SQLite encryption option. SQLite3 Multiple Ciphers is an actively maintained, no-cost project that restores encryption support, so it was adopted as the default native build for `Microsoft.Data.Sqlite`.
+The primary reason for the switch is maintenance and security: new versions of the `e_sqlite3` native build are no longer published to NuGet.org through `SQLitePCLRaw.bundle_e_sqlite3` in a timely manner, which means security fixes in upstream SQLite can be delayed. SQLite3 Multiple Ciphers is an actively maintained project that tracks upstream SQLite releases and ships updated builds promptly, so it was adopted as the default native build for `Microsoft.Data.Sqlite`. As an added bonus, it also restores a no-cost SQLite encryption option, which had been lost when the `SQLitePCLRaw.bundle_e_sqlcipher` package was deprecated and removed (see [Encryption-enabled SQLite packages have been removed](#sqlite-encryption-removed)).
##### Mitigations
From 5d4c41aa113ae47ab73eb9b04c64621d756b184d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Jun 2026 22:07:49 +0000
Subject: [PATCH 04/13] Update SQLite3MC breaking change guidance and fix links
---
.../core/what-is-new/ef-core-11.0/breaking-changes.md | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
index e4fb82d042..09e5257a7b 100644
--- a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
+++ b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
@@ -122,7 +122,7 @@ If your application uses composite keys whose values can contain the characters
- **Existing data**: Documents previously stored in Cosmos DB have `id` values using the old escape sequences (e.g. `Post|1|^2F`). After upgrading to EF Core 11, EF will generate unescaped `id` values (e.g. `Post|1|/`) and will no longer find those existing documents. To continue accessing existing data without migration, opt back into the old behavior using the `AppContext` switch described above—however, be aware that the id-collision bug will still be present.
-- **New data**: If you are creating a new application or database, avoid using these illegal characters in key values, as they are not valid in Cosmos DB resource `id` values. See the [Azure documentation](https://learn.microsoft.com/dotnet/api/microsoft.azure.documents.resource.id) for details.
+- **New data**: If you are creating a new application or database, avoid using these illegal characters in key values, as they are not valid in Cosmos DB resource `id` values. See the [Azure documentation](/dotnet/api/microsoft.azure.documents.resource.id) for details.
## Low-impact changes
@@ -458,9 +458,9 @@ The `Microsoft.Data.Sqlite` package referenced `SQLitePCLRaw.bundle_e_sqlite3`,
##### New behavior
-Starting with `Microsoft.Data.Sqlite` 11.0, the package references `SQLite3MC.PCLRaw.bundle`, which provides the `e_sqlite3mc` native build ([SQLite3 Multiple Ciphers](https://github.com/utelle/SQLite3MultipleCiphers)). This build receives updates—including upstream SQLite security fixes—on NuGet.org more promptly than `bundle_e_sqlite3`. As an added bonus, it is encryption-capable by default, so encryption (including setting a password) now works out of the box.
+Starting with `Microsoft.Data.Sqlite` 11.0, the package references `SQLite3MC.PCLRaw.bundle`, which provides the `e_sqlite3mc` native build ([SQLite3 Multiple Ciphers](https://github.com/utelle/SQLite3MultipleCiphers)). This build receives updates—including upstream SQLite security fixes—on NuGet.org more promptly than `bundle_e_sqlite3`. As an added bonus, it is encryption-capable by default, so encryption (including setting a password) now works out of the box. See the [SQLite3 Multiple Ciphers documentation](https://github.com/utelle/SQLite3MultipleCiphers-NuGet#passphrase-based-database-encryption-support) for details on enabling passphrase-based database encryption.
-This change applies only to the `Microsoft.Data.Sqlite` package. The EF Core SQLite provider (`Microsoft.EntityFrameworkCore.Sqlite`) intentionally continues to use `bundle_e_sqlite3`.
+This change applies only to the `Microsoft.Data.Sqlite` package. The EF Core SQLite provider (`Microsoft.EntityFrameworkCore.Sqlite`) now references `SQLitePCLRaw.bundle_e_sqlite3`.
##### Why
@@ -474,15 +474,12 @@ Review the following cases, which may require action in some applications:
- **Native library and provider name change.** The bundled native library is now `e_sqlite3mc` (rather than `e_sqlite3`), and the provider initialized by the bundle is `SQLite3Provider_e_sqlite3mc`. This matters if your application:
- References a specific native asset filename (for example, `e_sqlite3`) in publishing, trimming, AOT, or single-file configuration. Update those references to `e_sqlite3mc`.
- - Explicitly initializes a provider via `SQLitePCL.Batteries_V2.Init()` or `SQLitePCL.raw.SetProvider(...)`, or references `SQLitePCLRaw.bundle_e_sqlite3` directly alongside `Microsoft.Data.Sqlite`. Ensure a single provider is configured to avoid conflicts.
- **Platform (RID) coverage.** SQLite3 Multiple Ciphers ships native binaries for a different set of runtime identifiers than `bundle_e_sqlite3`. If you target a platform that the new bundle doesn't include, the native library may fail to load at runtime. In that case, revert to the standard build as described below.
-- **App size.** The native binaries differ in size, so published application size may change slightly.
-
- **Reserved encryption keywords.** SQLite3 Multiple Ciphers reserves certain connection-string/URI parameters and PRAGMAs (such as `key`, `hexkey`, and `cipher`) for encryption configuration. This is unlikely to affect typical applications, but if you happened to use these names for unrelated purposes, behavior may differ.
-- **Dependency auditing.** A new transitive package (`SQLite3MC.PCLRaw.bundle`) and a new native binary are introduced. Update any package allow-lists, SBOMs, or security/compliance tooling accordingly.
+- **Double-quoted string literal support.** `e_sqlite3mc` doesn't include SQLite's legacy support for double-quoted string literals. If your SQL uses double quotes for string values, change it to use single quotes; double quotes should be used only for identifiers.
If you want to keep using the standard, non-encrypted `e_sqlite3` build, reference `Microsoft.Data.Sqlite.Core` together with `SQLitePCLRaw.bundle_e_sqlite3` instead of the `Microsoft.Data.Sqlite` meta-package:
From b64c35cc2b56bd8654f65284d749168dd8419b92 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Jun 2026 22:08:32 +0000
Subject: [PATCH 05/13] Clarify EF Core SQLite provider bundle reference
---
.../core/what-is-new/ef-core-11.0/breaking-changes.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
index 09e5257a7b..05a1bd91df 100644
--- a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
+++ b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
@@ -460,7 +460,7 @@ The `Microsoft.Data.Sqlite` package referenced `SQLitePCLRaw.bundle_e_sqlite3`,
Starting with `Microsoft.Data.Sqlite` 11.0, the package references `SQLite3MC.PCLRaw.bundle`, which provides the `e_sqlite3mc` native build ([SQLite3 Multiple Ciphers](https://github.com/utelle/SQLite3MultipleCiphers)). This build receives updates—including upstream SQLite security fixes—on NuGet.org more promptly than `bundle_e_sqlite3`. As an added bonus, it is encryption-capable by default, so encryption (including setting a password) now works out of the box. See the [SQLite3 Multiple Ciphers documentation](https://github.com/utelle/SQLite3MultipleCiphers-NuGet#passphrase-based-database-encryption-support) for details on enabling passphrase-based database encryption.
-This change applies only to the `Microsoft.Data.Sqlite` package. The EF Core SQLite provider (`Microsoft.EntityFrameworkCore.Sqlite`) now references `SQLitePCLRaw.bundle_e_sqlite3`.
+This change applies only to the `Microsoft.Data.Sqlite` package. In EF Core 11, the EF Core SQLite provider (`Microsoft.EntityFrameworkCore.Sqlite`) references `SQLitePCLRaw.bundle_e_sqlite3`, rather than `SQLite3MC.PCLRaw.bundle`.
##### Why
From 89d5b92b2900377fddb45cd22c781516d7bd4b69 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Jun 2026 22:09:18 +0000
Subject: [PATCH 06/13] Explain EF Core SQLite provider remains on standard
bundle
---
.../core/what-is-new/ef-core-11.0/breaking-changes.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
index 05a1bd91df..0f3ef0e5d6 100644
--- a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
+++ b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
@@ -460,7 +460,7 @@ The `Microsoft.Data.Sqlite` package referenced `SQLitePCLRaw.bundle_e_sqlite3`,
Starting with `Microsoft.Data.Sqlite` 11.0, the package references `SQLite3MC.PCLRaw.bundle`, which provides the `e_sqlite3mc` native build ([SQLite3 Multiple Ciphers](https://github.com/utelle/SQLite3MultipleCiphers)). This build receives updates—including upstream SQLite security fixes—on NuGet.org more promptly than `bundle_e_sqlite3`. As an added bonus, it is encryption-capable by default, so encryption (including setting a password) now works out of the box. See the [SQLite3 Multiple Ciphers documentation](https://github.com/utelle/SQLite3MultipleCiphers-NuGet#passphrase-based-database-encryption-support) for details on enabling passphrase-based database encryption.
-This change applies only to the `Microsoft.Data.Sqlite` package. In EF Core 11, the EF Core SQLite provider (`Microsoft.EntityFrameworkCore.Sqlite`) references `SQLitePCLRaw.bundle_e_sqlite3`, rather than `SQLite3MC.PCLRaw.bundle`.
+This change applies only to the `Microsoft.Data.Sqlite` package. In EF Core 11, the EF Core SQLite provider (`Microsoft.EntityFrameworkCore.Sqlite`) references `SQLitePCLRaw.bundle_e_sqlite3`, rather than `SQLite3MC.PCLRaw.bundle`, since the EF Core provider doesn't expose SQLite encryption support and continues to use the standard SQLite build by default.
##### Why
From 8cdebf2798e725bff56bba987dbe71c32f859cf0 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Jun 2026 22:10:08 +0000
Subject: [PATCH 07/13] Add detection guidance for SQLite double-quoted strings
---
.../core/what-is-new/ef-core-11.0/breaking-changes.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
index 0f3ef0e5d6..3f78bedfff 100644
--- a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
+++ b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
@@ -460,7 +460,7 @@ The `Microsoft.Data.Sqlite` package referenced `SQLitePCLRaw.bundle_e_sqlite3`,
Starting with `Microsoft.Data.Sqlite` 11.0, the package references `SQLite3MC.PCLRaw.bundle`, which provides the `e_sqlite3mc` native build ([SQLite3 Multiple Ciphers](https://github.com/utelle/SQLite3MultipleCiphers)). This build receives updates—including upstream SQLite security fixes—on NuGet.org more promptly than `bundle_e_sqlite3`. As an added bonus, it is encryption-capable by default, so encryption (including setting a password) now works out of the box. See the [SQLite3 Multiple Ciphers documentation](https://github.com/utelle/SQLite3MultipleCiphers-NuGet#passphrase-based-database-encryption-support) for details on enabling passphrase-based database encryption.
-This change applies only to the `Microsoft.Data.Sqlite` package. In EF Core 11, the EF Core SQLite provider (`Microsoft.EntityFrameworkCore.Sqlite`) references `SQLitePCLRaw.bundle_e_sqlite3`, rather than `SQLite3MC.PCLRaw.bundle`, since the EF Core provider doesn't expose SQLite encryption support and continues to use the standard SQLite build by default.
+This change applies only to the `Microsoft.Data.Sqlite` package. In EF Core 11, the EF Core SQLite provider (`Microsoft.EntityFrameworkCore.Sqlite`) references `SQLitePCLRaw.bundle_e_sqlite3`, rather than `SQLite3MC.PCLRaw.bundle`, since the EF Core provider doesn't expose SQLite encryption support and continues to use the standard SQLite build by default to preserve existing EF Core application behavior.
##### Why
@@ -479,7 +479,7 @@ Review the following cases, which may require action in some applications:
- **Reserved encryption keywords.** SQLite3 Multiple Ciphers reserves certain connection-string/URI parameters and PRAGMAs (such as `key`, `hexkey`, and `cipher`) for encryption configuration. This is unlikely to affect typical applications, but if you happened to use these names for unrelated purposes, behavior may differ.
-- **Double-quoted string literal support.** `e_sqlite3mc` doesn't include SQLite's legacy support for double-quoted string literals. If your SQL uses double quotes for string values, change it to use single quotes; double quotes should be used only for identifiers.
+- **Double-quoted string literal support.** `e_sqlite3mc` doesn't include SQLite's legacy support for double-quoted string literals. If your SQL uses double quotes for string values, change it to use single quotes; double quotes should be used only for identifiers. Review raw SQL in your application (for example, SQL passed to `FromSql`, `ExecuteSql`, or migrations operations), and use SQL logging or integration tests to identify affected commands.
If you want to keep using the standard, non-encrypted `e_sqlite3` build, reference `Microsoft.Data.Sqlite.Core` together with `SQLitePCLRaw.bundle_e_sqlite3` instead of the `Microsoft.Data.Sqlite` meta-package:
From 537ffc4e20f8a2c6ab5bcc688b69c15bccb89390 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Jun 2026 22:10:54 +0000
Subject: [PATCH 08/13] Improve readability of SQLite3MC new behavior text
---
.../core/what-is-new/ef-core-11.0/breaking-changes.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
index 3f78bedfff..2817b46a84 100644
--- a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
+++ b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
@@ -458,7 +458,9 @@ The `Microsoft.Data.Sqlite` package referenced `SQLitePCLRaw.bundle_e_sqlite3`,
##### New behavior
-Starting with `Microsoft.Data.Sqlite` 11.0, the package references `SQLite3MC.PCLRaw.bundle`, which provides the `e_sqlite3mc` native build ([SQLite3 Multiple Ciphers](https://github.com/utelle/SQLite3MultipleCiphers)). This build receives updates—including upstream SQLite security fixes—on NuGet.org more promptly than `bundle_e_sqlite3`. As an added bonus, it is encryption-capable by default, so encryption (including setting a password) now works out of the box. See the [SQLite3 Multiple Ciphers documentation](https://github.com/utelle/SQLite3MultipleCiphers-NuGet#passphrase-based-database-encryption-support) for details on enabling passphrase-based database encryption.
+Starting with `Microsoft.Data.Sqlite` 11.0, the package references `SQLite3MC.PCLRaw.bundle`, which provides the `e_sqlite3mc` native build ([SQLite3 Multiple Ciphers](https://github.com/utelle/SQLite3MultipleCiphers)). This build receives updates—including upstream SQLite security fixes—on NuGet.org more promptly than `bundle_e_sqlite3`.
+
+As an added bonus, the new build is encryption-capable by default, so encryption (including setting a password) now works out of the box. See the [SQLite3 Multiple Ciphers documentation](https://github.com/utelle/SQLite3MultipleCiphers-NuGet#passphrase-based-database-encryption-support) for details on enabling passphrase-based database encryption.
This change applies only to the `Microsoft.Data.Sqlite` package. In EF Core 11, the EF Core SQLite provider (`Microsoft.EntityFrameworkCore.Sqlite`) references `SQLitePCLRaw.bundle_e_sqlite3`, rather than `SQLite3MC.PCLRaw.bundle`, since the EF Core provider doesn't expose SQLite encryption support and continues to use the standard SQLite build by default to preserve existing EF Core application behavior.
From 1751a00970112063e03974eb494009c1fce93644 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Jun 2026 22:11:38 +0000
Subject: [PATCH 09/13] Refine EF Core SQLite provider bundle wording
---
.../core/what-is-new/ef-core-11.0/breaking-changes.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
index 2817b46a84..ab8c56d11c 100644
--- a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
+++ b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
@@ -462,7 +462,7 @@ Starting with `Microsoft.Data.Sqlite` 11.0, the package references `SQLite3MC.PC
As an added bonus, the new build is encryption-capable by default, so encryption (including setting a password) now works out of the box. See the [SQLite3 Multiple Ciphers documentation](https://github.com/utelle/SQLite3MultipleCiphers-NuGet#passphrase-based-database-encryption-support) for details on enabling passphrase-based database encryption.
-This change applies only to the `Microsoft.Data.Sqlite` package. In EF Core 11, the EF Core SQLite provider (`Microsoft.EntityFrameworkCore.Sqlite`) references `SQLitePCLRaw.bundle_e_sqlite3`, rather than `SQLite3MC.PCLRaw.bundle`, since the EF Core provider doesn't expose SQLite encryption support and continues to use the standard SQLite build by default to preserve existing EF Core application behavior.
+This change applies only to the `Microsoft.Data.Sqlite` package. In EF Core 11, the EF Core SQLite provider (`Microsoft.EntityFrameworkCore.Sqlite`) continues to reference `SQLitePCLRaw.bundle_e_sqlite3` rather than `SQLite3MC.PCLRaw.bundle` to preserve existing EF Core application behavior, since the provider doesn't expose SQLite encryption support.
##### Why
From 4e639845a65f267ac744b0554bb82c01baabb73b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Jun 2026 22:43:26 +0000
Subject: [PATCH 10/13] Address SQLite3MC documentation feedback
---
.../ef-core-11.0/breaking-changes.md | 37 +++++++++++++------
1 file changed, 26 insertions(+), 11 deletions(-)
diff --git a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
index ab8c56d11c..c6cc83e594 100644
--- a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
+++ b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
@@ -360,10 +360,10 @@ The previous no-cost `SQLitePCLRaw.bundle_e_sqlcipher` package was barely mainta
If you need SQLite encryption, you have the following options:
+- **SQLite3 Multiple Ciphers**: Starting with Microsoft.Data.Sqlite 11.0, the default SQLite build supports encryption and can be configured in a way that's compatible with `SQLitePCLRaw.bundle_e_sqlcipher`. See [Microsoft.Data.Sqlite now bundles SQLite3 Multiple Ciphers](#sqlite-bundles-mc). NuGet packages are also available from [SQLite3MultipleCiphers-NuGet](https://github.com/utelle/SQLite3MultipleCiphers-NuGet).
+ - When encrypting a new database or opening an existing database that was encrypted with SQLCipher, you must configure the cipher scheme in the connection string using URI parameters—for example: `Data Source=file:example.db?cipher=sqlcipher&legacy=4;Password=`. See [How to open an existing database encrypted with SQLCipher](https://github.com/utelle/SQLite3MultipleCiphers-NuGet#how-to-open-an-existing-database-encrypted-with-sqlcipher) for details.
- **SQLite Encryption Extension (SEE)**: This is the official encryption implementation from the SQLite team. A paid license is required. See [https://sqlite.org/com/see.html](https://sqlite.org/com/see.html) for details. NuGet packages are available through [SourceGear's SQLite build service](https://github.com/ericsink/SQLitePCL.raw/wiki/SQLite-encryption-options-for-use-with-SQLitePCLRaw).
- **SQLCipher**: Purchase supported builds from [Zetetic](https://www.zetetic.net/sqlcipher/), or build the [open source code](https://github.com/sqlcipher/sqlcipher) yourself.
-- **SQLite3 Multiple Ciphers**: NuGet packages are available from [SQLite3MultipleCiphers-NuGet](https://github.com/utelle/SQLite3MultipleCiphers-NuGet).
- - When encrypting a new database or opening an existing database that was encrypted with SQLCipher, you must configure the cipher scheme in the connection string using URI parameters—for example: `Data Source=file:example.db?cipher=sqlcipher&legacy=4;Password=`. See [How to open an existing database encrypted with SQLCipher](https://github.com/utelle/SQLite3MultipleCiphers-NuGet#how-to-open-an-existing-database-encrypted-with-sqlcipher) for details.
For more details, see [SQLite encryption options for use with SQLitePCLRaw](https://github.com/ericsink/SQLitePCL.raw/wiki/SQLite-encryption-options-for-use-with-SQLitePCLRaw) and [SQLitePCLRaw 3.0 Release Notes](https://github.com/ericsink/SQLitePCL.raw/blob/main/v3.md).
@@ -379,7 +379,7 @@ Previously, the `SQLitePCLRaw.bundle_sqlite3`, `SQLitePCLRaw.bundle_winsqlite3`,
##### New behavior
-Starting with SQLitePCLRaw 3.0 (used by Microsoft.Data.Sqlite 11.0), these bundle packages have been removed. If your application depended on one of these bundles, you must now reference the corresponding provider package and explicitly initialize it.
+Starting with SQLitePCLRaw 3.0 (used by Microsoft.Data.Sqlite 11.0), these bundle packages have been removed. If your application depended on one of these bundles, use one of the following migration paths.
##### Why
@@ -387,9 +387,7 @@ Each of these bundle packages contained only a single line of configuration code
##### Mitigations
-Replace the removed bundle package with the corresponding provider package and add explicit initialization code.
-
-**If using `bundle_sqlite3` or `bundle_winsqlite3`**, replace the package reference:
+**If using `bundle_sqlite3` or `bundle_winsqlite3`**, replace the removed bundle package with the corresponding provider package:
```xml
@@ -419,6 +417,16 @@ static void Init()
}
```
+**If using `bundle_e_sqlite3mc`**, replace the package reference with `SQLite3MC.PCLRaw.bundle`:
+
+```xml
+
+
+
+
+
+```
+
**If using `bundle_green`**, the recommended migration path is to switch to `SQLitePCLRaw.bundle_e_sqlite3`. Alternatively, use `SQLitePCLRaw.config.e_sqlite3` paired with a separate native library package like `SourceGear.sqlite3`, which allows you to update the SQLite version independently:
```xml
@@ -458,15 +466,15 @@ The `Microsoft.Data.Sqlite` package referenced `SQLitePCLRaw.bundle_e_sqlite3`,
##### New behavior
-Starting with `Microsoft.Data.Sqlite` 11.0, the package references `SQLite3MC.PCLRaw.bundle`, which provides the `e_sqlite3mc` native build ([SQLite3 Multiple Ciphers](https://github.com/utelle/SQLite3MultipleCiphers)). This build receives updates—including upstream SQLite security fixes—on NuGet.org more promptly than `bundle_e_sqlite3`.
+Starting with `Microsoft.Data.Sqlite` 11.0, the package references `SQLite3MC.PCLRaw.bundle`, which provides the `e_sqlite3mc` native build ([SQLite3 Multiple Ciphers](https://github.com/utelle/SQLite3MultipleCiphers)). This build receives updates on NuGet.org more promptly than `bundle_e_sqlite3`.
-As an added bonus, the new build is encryption-capable by default, so encryption (including setting a password) now works out of the box. See the [SQLite3 Multiple Ciphers documentation](https://github.com/utelle/SQLite3MultipleCiphers-NuGet#passphrase-based-database-encryption-support) for details on enabling passphrase-based database encryption.
+As an added bonus, encryption (including setting a password) now works out of the box. See the [SQLite3 Multiple Ciphers documentation](https://github.com/utelle/SQLite3MultipleCiphers-NuGet#passphrase-based-database-encryption-support) for details on enabling passphrase-based database encryption.
-This change applies only to the `Microsoft.Data.Sqlite` package. In EF Core 11, the EF Core SQLite provider (`Microsoft.EntityFrameworkCore.Sqlite`) continues to reference `SQLitePCLRaw.bundle_e_sqlite3` rather than `SQLite3MC.PCLRaw.bundle` to preserve existing EF Core application behavior, since the provider doesn't expose SQLite encryption support.
+This change also applies to the EF Core SQLite provider (`Microsoft.EntityFrameworkCore.Sqlite`), which references `SQLite3MC.PCLRaw.bundle` through `Microsoft.Data.Sqlite`.
##### Why
-The primary reason for the switch is maintenance and security: new versions of the `e_sqlite3` native build are no longer published to NuGet.org through `SQLitePCLRaw.bundle_e_sqlite3` in a timely manner, which means security fixes in upstream SQLite can be delayed. SQLite3 Multiple Ciphers is an actively maintained project that tracks upstream SQLite releases and ships updated builds promptly, so it was adopted as the default native build for `Microsoft.Data.Sqlite`. As an added bonus, it also restores a no-cost SQLite encryption option, which had been lost when the `SQLitePCLRaw.bundle_e_sqlcipher` package was deprecated and removed (see [Encryption-enabled SQLite packages have been removed](#sqlite-encryption-removed)).
+The primary reason for the switch is maintenance and security: new versions of the `e_sqlite3` native build are no longer published to NuGet.org through `SQLitePCLRaw.bundle_e_sqlite3` in a timely manner, which means security fixes in upstream SQLite can be delayed. SQLite3 Multiple Ciphers is an actively maintained project that tracks upstream SQLite releases and ships updated builds promptly, so it was adopted as the default native build for `Microsoft.Data.Sqlite`. As an added bonus, it also supports encryption, so it can replace the `SQLitePCLRaw.bundle_e_sqlcipher` package that was deprecated and removed (see [Encryption-enabled SQLite packages have been removed](#sqlite-encryption-removed)).
##### Mitigations
@@ -477,7 +485,7 @@ Review the following cases, which may require action in some applications:
- **Native library and provider name change.** The bundled native library is now `e_sqlite3mc` (rather than `e_sqlite3`), and the provider initialized by the bundle is `SQLite3Provider_e_sqlite3mc`. This matters if your application:
- References a specific native asset filename (for example, `e_sqlite3`) in publishing, trimming, AOT, or single-file configuration. Update those references to `e_sqlite3mc`.
-- **Platform (RID) coverage.** SQLite3 Multiple Ciphers ships native binaries for a different set of runtime identifiers than `bundle_e_sqlite3`. If you target a platform that the new bundle doesn't include, the native library may fail to load at runtime. In that case, revert to the standard build as described below.
+- **Platform (RID) coverage.** SQLite3 Multiple Ciphers doesn't currently include native binaries for every runtime identifier covered by `SourceGear.sqlite3`; for example, `linux-riscv64`, `linux-musl-riscv64`, and `linux-musl-s390x` aren't included. If you target a platform that the new bundle doesn't include, the native library may fail to load at runtime. In that case, revert to the standard build as described below.
- **Reserved encryption keywords.** SQLite3 Multiple Ciphers reserves certain connection-string/URI parameters and PRAGMAs (such as `key`, `hexkey`, and `cipher`) for encryption configuration. This is unlikely to affect typical applications, but if you happened to use these names for unrelated purposes, behavior may differ.
@@ -489,3 +497,10 @@ If you want to keep using the standard, non-encrypted `e_sqlite3` build, referen
```
+
+For EF Core, reference `Microsoft.EntityFrameworkCore.Sqlite.Core` instead of `Microsoft.EntityFrameworkCore.Sqlite` and add the standard bundle:
+
+```xml
+
+
+```
From da2c2ec63fb785813603968c95015c0431c55660 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Jun 2026 22:44:15 +0000
Subject: [PATCH 11/13] Refine SQLite3MC doc wording
---
.../core/what-is-new/ef-core-11.0/breaking-changes.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
index c6cc83e594..bdca4e7db4 100644
--- a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
+++ b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
@@ -360,7 +360,7 @@ The previous no-cost `SQLitePCLRaw.bundle_e_sqlcipher` package was barely mainta
If you need SQLite encryption, you have the following options:
-- **SQLite3 Multiple Ciphers**: Starting with Microsoft.Data.Sqlite 11.0, the default SQLite build supports encryption and can be configured in a way that's compatible with `SQLitePCLRaw.bundle_e_sqlcipher`. See [Microsoft.Data.Sqlite now bundles SQLite3 Multiple Ciphers](#sqlite-bundles-mc). NuGet packages are also available from [SQLite3MultipleCiphers-NuGet](https://github.com/utelle/SQLite3MultipleCiphers-NuGet).
+- **SQLite3 Multiple Ciphers**: Starting with Microsoft.Data.Sqlite 11.0, the default SQLite build supports encryption and can be configured to use SQLCipher-compatible encryption. See [Microsoft.Data.Sqlite now bundles SQLite3 Multiple Ciphers](#sqlite-bundles-mc). NuGet packages are also available from [SQLite3MultipleCiphers-NuGet](https://github.com/utelle/SQLite3MultipleCiphers-NuGet).
- When encrypting a new database or opening an existing database that was encrypted with SQLCipher, you must configure the cipher scheme in the connection string using URI parameters—for example: `Data Source=file:example.db?cipher=sqlcipher&legacy=4;Password=`. See [How to open an existing database encrypted with SQLCipher](https://github.com/utelle/SQLite3MultipleCiphers-NuGet#how-to-open-an-existing-database-encrypted-with-sqlcipher) for details.
- **SQLite Encryption Extension (SEE)**: This is the official encryption implementation from the SQLite team. A paid license is required. See [https://sqlite.org/com/see.html](https://sqlite.org/com/see.html) for details. NuGet packages are available through [SourceGear's SQLite build service](https://github.com/ericsink/SQLitePCL.raw/wiki/SQLite-encryption-options-for-use-with-SQLitePCLRaw).
- **SQLCipher**: Purchase supported builds from [Zetetic](https://www.zetetic.net/sqlcipher/), or build the [open source code](https://github.com/sqlcipher/sqlcipher) yourself.
@@ -474,7 +474,7 @@ This change also applies to the EF Core SQLite provider (`Microsoft.EntityFramew
##### Why
-The primary reason for the switch is maintenance and security: new versions of the `e_sqlite3` native build are no longer published to NuGet.org through `SQLitePCLRaw.bundle_e_sqlite3` in a timely manner, which means security fixes in upstream SQLite can be delayed. SQLite3 Multiple Ciphers is an actively maintained project that tracks upstream SQLite releases and ships updated builds promptly, so it was adopted as the default native build for `Microsoft.Data.Sqlite`. As an added bonus, it also supports encryption, so it can replace the `SQLitePCLRaw.bundle_e_sqlcipher` package that was deprecated and removed (see [Encryption-enabled SQLite packages have been removed](#sqlite-encryption-removed)).
+The primary reason for the switch is maintenance and security: new versions of the `e_sqlite3` native build are no longer published to NuGet.org through `SQLitePCLRaw.bundle_e_sqlite3` in a timely manner, which means security fixes in upstream SQLite can be delayed. SQLite3 Multiple Ciphers is an actively maintained project that tracks upstream SQLite releases and ships updated builds promptly, so it was adopted as the default native build for `Microsoft.Data.Sqlite`. As an added bonus, it also supports encryption. This means it can replace the `SQLitePCLRaw.bundle_e_sqlcipher` package that was deprecated and removed (see [Encryption-enabled SQLite packages have been removed](#sqlite-encryption-removed)).
##### Mitigations
From dde283b11c4c36cfc819aa4cfbf831b2097ecad8 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Jun 2026 22:45:01 +0000
Subject: [PATCH 12/13] Clarify SQLite3MC RID fallback guidance
---
.../core/what-is-new/ef-core-11.0/breaking-changes.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
index bdca4e7db4..9da4eae647 100644
--- a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
+++ b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
@@ -485,7 +485,7 @@ Review the following cases, which may require action in some applications:
- **Native library and provider name change.** The bundled native library is now `e_sqlite3mc` (rather than `e_sqlite3`), and the provider initialized by the bundle is `SQLite3Provider_e_sqlite3mc`. This matters if your application:
- References a specific native asset filename (for example, `e_sqlite3`) in publishing, trimming, AOT, or single-file configuration. Update those references to `e_sqlite3mc`.
-- **Platform (RID) coverage.** SQLite3 Multiple Ciphers doesn't currently include native binaries for every runtime identifier covered by `SourceGear.sqlite3`; for example, `linux-riscv64`, `linux-musl-riscv64`, and `linux-musl-s390x` aren't included. If you target a platform that the new bundle doesn't include, the native library may fail to load at runtime. In that case, revert to the standard build as described below.
+- **Platform (RID) coverage.** SQLite3 Multiple Ciphers doesn't currently include native binaries for every runtime identifier covered by `SourceGear.sqlite3`; for example, `linux-riscv64`, `linux-musl-riscv64`, and `linux-musl-s390x` aren't included. If you target a platform that the new bundle doesn't include, the native library may fail to load at runtime. In that case, revert to the standard build using the package references below.
- **Reserved encryption keywords.** SQLite3 Multiple Ciphers reserves certain connection-string/URI parameters and PRAGMAs (such as `key`, `hexkey`, and `cipher`) for encryption configuration. This is unlikely to affect typical applications, but if you happened to use these names for unrelated purposes, behavior may differ.
From fba6624f84dc02e15198d553f80a6fe5e0448df9 Mon Sep 17 00:00:00 2001
From: Andriy Svyryd
Date: Fri, 12 Jun 2026 15:53:32 -0700
Subject: [PATCH 13/13] Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
.../core/what-is-new/ef-core-11.0/breaking-changes.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
index 9da4eae647..7003c5e680 100644
--- a/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
+++ b/entity-framework/core/what-is-new/ef-core-11.0/breaking-changes.md
@@ -466,7 +466,7 @@ The `Microsoft.Data.Sqlite` package referenced `SQLitePCLRaw.bundle_e_sqlite3`,
##### New behavior
-Starting with `Microsoft.Data.Sqlite` 11.0, the package references `SQLite3MC.PCLRaw.bundle`, which provides the `e_sqlite3mc` native build ([SQLite3 Multiple Ciphers](https://github.com/utelle/SQLite3MultipleCiphers)). This build receives updates on NuGet.org more promptly than `bundle_e_sqlite3`.
+Starting with `Microsoft.Data.Sqlite` 11.0, the package references `SQLite3MC.PCLRaw.bundle`, which provides the `e_sqlite3mc` native build ([SQLite3 Multiple Ciphers](https://github.com/utelle/SQLite3MultipleCiphers)). This build receives updates on NuGet.org more promptly than `SQLitePCLRaw.bundle_e_sqlite3`.
As an added bonus, encryption (including setting a password) now works out of the box. See the [SQLite3 Multiple Ciphers documentation](https://github.com/utelle/SQLite3MultipleCiphers-NuGet#passphrase-based-database-encryption-support) for details on enabling passphrase-based database encryption.