Neo4j 4.4 changelog

4.4.36

Cypher

• Backup metadata scripts and SHOW PRIVILEGES AS COMMANDS will now correctly escape special characters in procedure, function and settings globs.

Security

• Update netty bom to 4.1.111 to address CVE-2024-29025

Docker

• set default locale of C.UTF-8

4.4.35

Kernel

• Improved the performance of Consistency Checker on stores with many labels.
• Update log message to error level when index recovery cleanup fails

Cypher

• Backup metadata scripts and SHOW PRIVILEGES AS COMMANDS will now correctly escape special characters in node, relationship, property and usernames.

Browser

• Fix bug where csv strings were triple quoted
• Ensure credentials are not left in form after disconnect
• Avoid running SHOW ALIASES to show only non-composite aliases in database dropdown
• Fix csv export of 100k+ rows
• Fix formatting of large duration values

4.4.34

Clustering

• fix a native memory leak caused when reading raft log

Docker

• Updated ubi8 deprecation warning and removed option for suppressing the warning

4.4.33

Clustering

• Return false in "available" http endpoint, if database is in "Story copying" state

Docker

• set permissions on /var/lib/neo4j/bin to 755

4.4.32

Kernel

• Fixed transaction logs metrics that weren't incremented in cluster settings

Docker

• added docker default configuration for recovery address to match similar overrides for raft and discovery addresses

Misc

• Make sure not to reorder WITH clauses containing expensive or non-deterministic expressions
• CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') https://cwe.mitre.org/data/definitions/835.html

4.4.31

Kernel

• Fixes a bug in neo4j-admin report where the command would only collect information for the default database, and transaction logs could be missed.
• Fixes the error Temporary store is dislocated. /.../, when executing neo4j-admin import in an docker container.
• Constraint indexes waiting for their owning constraint to be created will no longer come online upon a restart.

Cypher

• Improve caching when obfuscating literals in the query log.
• Fix a bug where in some circumstances when OpenID Connect discovery was configured, values from the discovery endpoint could displace values from neo4j.conf which should take precedence.
• Fix invalid streaming time presented in cypher-shell and browser. See neo4j/neo4j#13380.

4.4.30

Cypher

• Fix an issue in pipelined runtime that could cause a query to perform unnecessary work if planned with a PruningVarExpand operator followed by a Limit.

• Improve the transaction termination response time of queries with long running expansions of variable-length path patterns with distinct end-nodes.

• Wrap internal parser errors in SyntaxException and improve EOF error message

  This way, the errors will have the Neo4j status Neo.ClientError.Statement.SyntaxError instead of Neo.Database.General.UnknownError, meaning they will stop polluting the debug log.

Clustering

• Fix an issue in store copy that could cause store inconsistencies in rare cases. In these cases the transaction range after a store copy was calculated too small, leading to misaligned store files after recovery. With this change the range should be safely calculated.

4.4.29

Kernel

• Prevent background sampling of large indexes from blocking shutdown

Cypher

• Solve https://github.com/neo4j/neo4j/issues/13113 by allowing convertible types in reduce. E.g. RETURN reduce(a=[1], b in "a" | a+b) will return [1, "a"] instead of failing with a type error.
• Fix bug in type checking where the resulting type of a list concatenation could vary depending on which list was to the left and right, respectively, as reported in https://github.com/neo4j/neo4j/issues/13093
• Update Apache Shiro to 1.13.0

Security

• backup privileges from the PUBLIC role (and users) if they are related to the database being backed up

Browser

• Add setting to specify read transactions on cypher queries
• Ensure right protocol is used for http reachablity check
• Fix element-id showing incorrectly in table
• Respect visible field in SSO provider configuration
• Only show non-composite aliases in database dropdown
• Update outdated documentation links

Misc

• Throws a type mismatch error in semantic checking instead of at runtime when Map Projections are done on types that are not: MAP, NODE or RELATIONSHIP, fixing the issue: https://github.com/neo4j/neo4j/issues/12997

4.4.28

Kernel

• Fixed a bug in the high limit format where records were not correctly read from the transaction log in certain situations.

Cypher

• Users using only native authorization will no longer retain the PUBLIC role when they are suspended.
• Fix problem with rand() being evaluated multiple times, see Github issue: https://github.com/neo4j/neo4j/issues/13296

Docker

• replaced gosu with su-exec for better security traceability

Misc

• Bump jetty to 9.4.53.v20231009 for CVE-2023-36478. Please note: this CVE only impacts HTTP/2 and since the server does not support HTTP/2, it is not affected.

4.4.27

Kernel

• Fixes an issue where terminating the creation of a Constraint, would not also terminate the creation of the backing Index.
• Fixes an issue where neo4j-admin import could run on an online database. This could result in not seeing the imported data until after a restart.

Cypher

• Fix possible deadlock in transaction termination
• Improved planning of pattern predicates that previously weren't using Argument.
• Solve a bug where Cypher queries containing related equalities in different scopes, e.g. WHERE any(x IN [1, 2, 3] WHERE a.prop = toInteger(x)) AND a.prop = b.prop would fail with Variable ... not defined. Disable the transitiveEqualities rewriter if the WHERE clause contains multiple scopes.

Docker

• Bugfix where neo4j.conf without a trailing new line would get NEO4J_PLUGINS settings wrongly appended causing startup failure.

4.4.26

Cypher

• Track memory of de-referenced nodes and relationships in ProduceResult. This fix will avoid some out of memory errors in queries that returns lots of nodes or relationships. For example in queries like MATCH (n) RETURN collect(n). When returning entities, all their properties and labels will be populated in ProduceResult operator which can cause lots of memory allocations. Before this change we would not track this memory towards the transaction limits.

Clustering

• "Remove transaction size limit in Raft. Before this change, large transactions could be written to the raft log but not read. This could lead to unexpected behaviours, for example a leader could stop sending entries to its followers."

Browser

• Fix plan view for DbHits over 32 bit integer max
• Handle more database states
• Expand completion detail by default
• Ensure sso access token is always refreshed on expiry

4.4.25

Kernel

• Better handle transaction log corruption where header is missing.

Cypher

• Fix bug in fused pipelined runtime that could lead to lost updates if a property was cached. For example when running queries like MATCH (n) WITH n.prop AS oldValue SET n.prop = n.prop + 1 WITH n.prop AS newValue RETURN * concurrently. Note, Cypher will not always prevent lost updates, see documentation for more details.
• Fixes two bugs around durations with fractional components. Negation was not properly propagated to the components, so that "-P0.5Y" was presented as 6 months rather than -6 months. Fractional minutes > 60 was not properly converted into hours, so that 1 h 72.5 min was presented as 1h 12 min 30s instead of 2h 12 min 30s.
• Update Apache Shiro to 1.12.0
• Fixes neo4j/neo4j#13155, neo4j/neo4j#13189 and neo4j/neo4j#13191 where shadowing variables in SKIP and LIMIT caused unexpected errors.

Browser

• SSO papercuts (more logs & make downloading them easier)
• Fix bug where :auto hint would not show
• fix bug where metadata was incorrectly formated

4.4.24

Kernel

• Upgraded Bouncy Castle to v1.75 to mitigate CVE-2023-33201

Clustering

• Fix performRecoveryWithLogPruning to always use LogProvider

Misc

• Update netty to 4.1.94-Final to address CVE-2023-34462

4.4.23

Kernel

• Fix a bug in certain queries using PERIODIC COMMIT that reads a 'lucene+native' index. The bug caused a QueryExecutionKernelException: This selector has been closederror if the first batch does not read from the index. Affects all runtimes, but in pipelined it is easy to reproduce if periodic commit batch size is smaller than internal.cypher.pipelined.batch_size_big.

Cypher

• Fixes https://github.com/neo4j/neo4j/issues/13163 by making deprecation checks more type safe.

Misc

• Fixes a bug where impersonated user isn't cleared correctly on failure.

4.4.22

Kernel

• Upgraded jackson to 2.15.2 to mitigate sonatype-2022-6438
• Reduced overheads when running on operation systems with 64K memory page sizes.

Cypher

• Fixed a bug where predicates with uppercase NODES() and RELATIONSHIPS() functions would be planned as a Filter after VarExpand/ShortestPath instead of being applied directly during path search.

Browser

• Gracefully handle when some databases are unavailable
• Faster bootup & better connection handling
• improve sysinfo frame consistency
• Debug connectivity touch ups
• prevent briefly storing credentials before reading setting

Docker

• Added new docker image based on redhat/ubi8-minimal
• Added neo4j-admin report functionality to 5.x and 4.4 images.

Misc

• Fix error when returning discovery information on bolt endpoint.

4.4.21

Kernel

• Fix issue where consistency check could take a very long time due to internal caches growing a lot and subsequently taking a very long time to clear.

Cypher

• Reduce memory footprint of cached queries with lots of expressions.
• Fixes bug where updates would not always get applied before a LIMIT 0 or a WHERE false.

Packaging

• Fixed java dependencies to use java-11 metapackage provided by both openjdk and oracle java.

Misc

• Update jetty to 9.4.51.v20230217 for CVE-2023-26048

4.4.20

Kernel

• Upgraded Jettison version to 1.5.4 to fix CVE-2023-1436
• Fix a bug where some data would be lost from index during a full online backup. The data would still be present in the store, but index would be inconsistent. Affected index types are FULLTEXT or TEXT and the data would only be lost on the backup client, the server would still have the correct data.

Cypher

• Using map projections, e.g, RETURN n{.p1, p2: 2}, on composite databases could lead to wrong results.
• fix bug when reusing variable names in merge clauses with multiple relationships

Browser

• Add codes to frame notifications
• Add :debug-connectivity frame to help debugging bolt connections
• fix bug where plan view downloads got very low resolution
• Align text table display of nodes with cypher shell

4.4.19

Kernel

• Fixes an issue where recovery would temporarily hold onto more memory than necessary, making it more likely for recovery to run out of heap on recovering very large transactions.
• Improve error message for unsupported java versions

Cypher

• The JWT claim specified in dbms.security.oidc.<provider>.claims.groups may now also contain a single group returned as a string as well as a list of groups as was previously required.
• Fixes bug with error message "Unexpected error: out of bounds for object " when having ORDER BY with a literal in certain cases.
• Fixed a bug where a query containing predicate without dependencies on any pattern variables would fail at runtime.
• Fix bug for MERGE queries in pipelined runtime.
• Fix memory consumption issue of longer running queries in slotted and interpreted runtime.

Security

• Fixed a bug where dropping a remote alias would not clean up access privileges on it correctly, resulting in any user with a role having that privilege failing to authorize.

Docker

• JVM additional configuration set by environment variable will now stop overriding default jvm configurations.

4.4.18

Cypher

• Fix bug where planning of IN predicates with empty lists (e.g. 5 IN []) would throw exception.

Docker

• Invalid NEO4J_PLUGINS values now produces a helpful error message.

  For example: NEO4J_PLUGINS='["gds"]' will now return:

  "gds" is not a known Neo4j plugin. Options are:
  apoc
  apoc-core
  bloom
  graph-algorithms
  graph-data-science
  graphql
  n10s
  streams
  

• Docker now allows users to accept an evaluation license if they do not have a commercial license.

Misc

• Fixes an issue where returning empty maps throws an error on composite databases. Fixes github issue https://github.com/neo4j/neo4j/issues/13028

4.4.17

Kernel

• Fix reporting of JVM memory metrics

Cypher

• Adds eagerness when returning a full entity node if a node or relationships property or label has been updated.
• fix bug for list literals with in expressions
• Fix a bug where SKIP and LIMIT was ignored for simple COUNT(...) aggregation queries that was solved with a CountFromCountStore plan.
• Fixed a bug where an OPTIONAL MATCH with shortestPath, followed by DISTINCT, would fail during planning.
• Fix performance regression of IN expressions.
• Upgraded Apache Shiro from 1.10.0 to 1.11.0. This version includes fixes for CVE-2023-22602
• Fix a bug where group to role mappings defined for OpenID connect in dbms.security.oidc.<provider>.authorization.group_to_role_mapping were not matched correctly with claims containing capital letters.
• Fix bug in MERGE ()-[:R]-()

Browser

• Update driver
• Fix bug where email was not supported as a username in :server user list
• Fix performance issue with browser background metadata for rbac users
• Handle connections to composite databases
• Fix indent formatting in nested objects
• Fix relationship stylings not getting applied
• show alias name in database selector
• Clear metadata on switching database
• Add neo4j trial banners
• Allow setting parameters on composite databases
• Bugfix: role cluster role incorrectly reported as leader
• Ensure lost connection doesn't break browser
• Bugfix - :auto didn't handle newlines
• Update driver to 5.3.0

4.4.16

Kernel

• Initial checkpoint file version selection
• Bump jettison to 1.5.3

Cypher

• Introduced eagerness for overlap between writing a property and property function reads.
• Fixing security issues
• Fixes problems where Cypher queries with DELETE inside CALL would not return correct results. The fix was to insert a missing Eager operator.

Security

• Update netty to 4.1.86-Final to address CVE-2022-41881 and CVE-2022-41915

Browser

• Fix sysinfo depending on setting missing in 5.0
• Improve messaging around startup of newly created database
• fix northwind data not loading properly due to https redirect
• support connecting to cluster members missing default database

Docker

• Docker image will warn if password length is less than 8 characters before attempting to start Neo4j database.

4.4.15

Kernel

• Upgraded jettison to 1.5.1 to mitigate CVE-2022-40150 and CVE-2022-40149

Cypher

• We were not able to plan value hash joins when the properties are wrapped in a function call. This has been fixed now.
• Previously, the planner did not assume an expression like n.prop =~ ... to filter the results more than just the bare existence of n.prop. This was changed, such that the planner would prefer to apply these predicates earlier during the query evaluation.
• Fixed a bug where an updating query might get stuck in an infinite loop during planning.
• Fix error Exception closing multiple resources that could happen for plans using Expand(Into), see Github issue: neo4j/neo4j#12968

4.4.14

Apoc

Updates Apoc dependencies so that transitive dependency to commons-text does not get flagged as problematic for CVE-2022-42889. Fix bug in csv loader allowing quoted delimiters

4.4.13

Kernel

• Fix a bug where a failure in transaction event listener could cause faulty reuse of internal transaction object. Observed symptom is failing to open a new transaction due to what looks like a memory leak.
• Fix edge case where active transactions metrics were inconsistently decremented on closing a transaction, which lead to <prefix>.transaction.active_read to potentially appear negative.
• Bump commons-text 1.9 -> 1.10.0 so as to address CVE-2022-42889
• Fixes possible crashes when using very small page cache sizes
• Upgraded Lucene to version 8.11.2 to pick up security fixes

Cypher

• Fix a bug where SHOW DATABASES may not include all servers for a database if the servers have the same value for server.bolt.advertised_address
• Fix a bug in pipelined runtime that can cause incorrect row ordering in queries that leverage order and contain an aggregation.
• Fix bug where columns could be swapped for UNION queries.
• Upgraded Apache Shiro from 1.9.1 to 1.10.0
• Fix bitIndex < 0 errors during physical planning of complex queries with dynamic scheduling, like ordered union.
• Fix bug in Expand(Into) where we could fail to find existing relationships if the same node is expanded multiple times.

Clustering

• Fix bug where store copy failed to retry against certain remotes due to issues with address locking logic.

• Bug fix where the wrong artefact was chosen for databases with the same name but different database ids.

• Fixed leak of drivers and connection pools when server side routing

Misc

• Fix bug with map projection in Fabric, where the value of the map projection is returned outside a subquery. Fixes github issue https://github.com/neo4j/neo4j/issues/12939
• Fixes a memory leak issue when using the Transactional HTTP API (see: https://github.com/neo4j/neo4j/issues/12945)
• Various security fixes

4.4.12

Kernel

• Fix node degree calculation when relationships are removed in the same transaction

Cypher

• Fix issue where performance regressed for queries with "impossible predicates"
• Added logic to eagerize unstable nodes in subquery delete.
• Update the list of valid timezones to include Europe/Kyiv, as per IANA 2020b.
• Fixed bug where DROP DATABASE ... IF EXISTS and ALTER DATABASE ... IF EXISTS ... could give DatabaseNotFoundException when there exists a remote database alias with the name.
• Fix bug in pipelined runtime where some queries using AssertingMultiNodeIndexSeekOperator would fail incorrectly with Merge did not find a matching node.... For example in queries like UNWIND [0,1] AS id MERGE (n:A:B {id: id}), if there is a uniqueness constraint on the id property for both A and B labels.
• Fix bug in pipelined runtime where AssertingMultiNodeIndexSeekOperator failed to perform locking index seeks. This could lead to failures when running concurrent transactions in queries like MERGE (n:A:B {id: x}) when we have a uniqueness constraint on id for both labels A and B.
• Fixed bug for having * and order by id in same RETURN clause

Browser

• Touch up guides ✨styling✨
• Fix cluster detection on neo4j 4.3+
• Fix bug with incorrect version number & add git hash to overview in stand-alone deployment
• Zoom to cursor on scroll in visualization
• Make sure editor displays full database name
• Zoom graph to fit after initial visualization animation
• Clear credentials in connection form on disconnect
• Update :help articles on INDEX & CONSTRAINT
• Fix credential timeout without initial user interaction
• Fix links not being blue and not being highlighted in the sidebar

4.4.11

Kernel

• Greatly improves worst-case performance of scanning for deleted IDs to be reused for new records
• Fix possible integer overflow during consistency check
• Fixing an issue where 'CALL { ... } IN TRANSACTIONS' could leak inner transactions when the outer transaction was terminated during execution, e.g by timeout
• Jvm additional setting should not split inside quoted values

Cypher

• A primary alias was not created for fabric databases when they were created during startup. This led to the fabric database disappearing in some circumstances.

• Fix bug with undirected relationship scans and self-loops

• Deprecation of CASE expressions matching on null values

• Fix error message when using DISTINCT in a function that does not accept DISTINCT https://github.com/neo4j/neo4j/issues/12910

• When debug logging is enabled, LdapRealm can attempt to directly log

  Neo4jPrincipal objects resulting in logging like org.neo4j.server.security.auth.Neo4jPrincipal@f1d6260f. Fix it to log the username as expected.

• fix issue where ExpandInto could return the wrong result

• code review and more accurate documentation of the Traversal API

• Disconnect driver session on exit in Cypher Shell.

Security

• Upgraded jetty to v9.4.48 in order to mitigate CVE-2022-2047 and CVE-2022-2048

Causal Clustering

• Updated descriptions of settings dbms.routing.enabled and dbms.routing.default_router
• Modified the routing table algorithm to deliver the routing for the home database when no databaseName is provided.

4.4.10

Kernel

• Clean usage of deprecated dbms.read_only in default neo4j.conf files.
• Fixes a bug where some transaction objects could be leaked instead of being released properly.

Cypher

• update neo4j-java-driver version to 4.4.9
• Fix overflow in resource manager. Users could get errors like java.lang.IllegalArgumentException: Expected positive long value, got -8589934576 because of an overflow when trying to grow the number of tracked resources.
• Fix a bug where SHOW TRANSACTIONS would fail when transaction metadata contains types that cannot be serialised to a property (e.g. List)
• Fix bitIndex < 0: -8 bug when ordering pipelines for dynamic scheduling of OrderedUnion
• Added rewriter for shortestPath and allShortestPaths with fixed length relationships to instead have a variable length of one [r*1..1].

Browser

• Modernize background queries & remove use of deprectated syntax
• Always send transaction metadata on cypher queries
• Read cluster role from SHOW DATABASES rather than deprecated dbms.cluster.role
• Make sure proper metadata is passed along with queries
• Handle upcoming setting renames in neo4j 5.0
• Fix PNG exports font
• Use SHOW TRANSACTIONS instead of dbms.listQueries in :queries
• Re-add metrics for successful queries
• (*) in property panel now shows node count, rather than total label count
• Add url param to preselect in connect frame

Docker

• Change base image to eclipse temurin JRE not JDK. The JDK is overkill and could introduce unnecessary security issues.

4.4.9

Kernel

• Fixes a bug where nodes not having the required property for a node key constraint could be created during the creation of the constraint. They would silently violate the constraint and leave the database with a non-fulfilled node key constraint

Cypher

• Fixed bug where eagerness was handled incorrectly for overlaps in labels for predicates.

• Do not plan distinct unions for overly large type disjunctions to avoid stack overflow errors

• Fixes a bug where routing table requests may have incorrectly returned a DatabaseNotFound exception during an upgrade from 4.3 to 4.4

  ---

  In 4.4, a :DatabaseName label was added to both existing :Database nodes, and also alias nodes. The CommunityTopologyGraphDbmsModel uses the :DatabaseName label in its CoreAPI queries when attempting to look up a DatabaseReference.Internal for a given string database name.

  The issue is that during a rolling upgrade from 4.3 to 4.4, on instances already running 4.4 the model code has been changed and the routing table procedure has been updated to use it but the :DatabaseName label has not yet been created because users have not completed their upgrade or called dbms.upgrade().

  This means that although a :Database node with the correct name exists, the model will return Optional.empty() instead of a database reference and the end user will see a DatabaseNotFound error.

  This PR fixes this by updating the model logic to also consider :Database nodes without the :DatabaseName label, should the correct name property match.

  Thanks to @mnd999 for noticing the issue and pairing on it.

• Fix bug in Reduce Expressions and List comprehensions hiding variables that should be in scope https://github.com/neo4j/neo4j/issues/12868

• OuterHashJoin gives wrong result if the joining nodes are from the outer apply. Fix: OuterHashJoin can only join on nodes which are introduced in the leaves of OuterHashJoin. Github issue https://github.com/neo4j/neo4j/issues/12836

• Fix issue in planning a query with multiple repeated predicates in the WHERE sub-clause, reported in https://github.com/neo4j/neo4j/issues/12877

• Upgrade Apache Shiro from 1.8.0 to 1.9.1. This version includes fixes for CVE-2022-32532.

• Logical plans where the same variable is introduced in multiple leaves can cause trouble with inserting eager, which might make the query end up with incorrect results. Before this fix we assumed that a variable was stable as long as it was stable on one leaf. Fix: A variable should be considered unstable if it is both unstable and stable. Fixes github issue: https://github.com/neo4j/neo4j/issues/12878

• Fix bug where, when there are two indexes on the same property, the planner would sometimes try to get a value from an index that doesn't support it

Packaging

• Changed neo4j.service behaviour to stop neo4j getting stuck in an endless restart loop when neo4j consistently errors on startup (for example if the neo4j.conf is misconfigured).
• Neo4j-Operations-Manager 1.0.0 is now included in <NEO4J_HOME>/products in Enterprise Edition.

Causal Clustering

• Fixing that a database can get stuck in store copying if it is stopped during store copy.
• Fixing the "There is nothing to send." error occuring in some scenarios at the end of a store copy.

Browser

• Modernize background queries & remove use of deprectated syntax
• Always send transaction metadata on cypher queries
• Read cluster role from SHOW DATABASES rather than deprecated dbms.cluster.role
• Make sure proper metadata is passed along with queries
• Handle upcoming setting renames in neo4j 5.0
• Fix PNG exports font
• Use SHOW TRANSACTIONS instead of dbms.listQueries in :queries
• Re-add metrics for successful queries
• (*) in property panel now shows node count, rather than total label count
• Add url param to preselect in connect frame

Docker

• Redhat are no longer supporting or updating the openjdk docker images that we use as base images. This means there will no longer be security updates to openjdk images after July 2022.

  • https://github.com/docker-library/openjdk/issues/505
  • https://github.com/docker-library/docs/pull/2162

  Switching Docker base image to eclipse-temurin AdoptOpenJDK java built on top of debian:bullseye-slim.

Misc

• Stop leaking passwords to the terminal when standard out is redirected. In situations like cypher-shell -u neo4j -f statements.cypher > out.txt.
• Fixed an edge case where a None.get exception was thrown when referencing a fabric graph inside a subquery, Github issue: neo4j/neo4j#12886

4.4.8

Kernel

• Fixes a bug in import to high_limit format where an interrupted import could fail on being resumed with Illegal secondary record reference

Cypher

• Aliases for Remote Database

• Fix potential Expected as string value 'substring', but got NO_VALUE'

  error when the output of reduce is used as input to another function.

• Github issue: neo4j/neo4j#12887, fix an issue with ltrim, rtrim, and trim.

• Fixes authorization bug when connecting to a local database alias using the drivers when fabric is enabled

• Fixed Comparison method violates its general contract error during planning.

• FOREACH should coerce single item to a list at runtime

• Fixed rare bug where self reference in equality (´WHERE n:L AND n.p = (n.p = n.p)´) caused stackoverflow error.

Causal Clustering

• Fix bug where prefetching log entries could get stuck, unable to read new entries from the log.

Browser

• Fix bug causing autocomplete to no longer work

Misc

• Fixed security issue with the HTTP Transactional API.

4.4.7

Kernel

• Core API blocked from creating composite point indexes. Only single-property point indexes are supported
• Closing relevant CSV metrics writers when database is shut down

Cypher

• added support for remote aliases, transparently proxying queries to remote neo4j instances.
• Fix bug in Cypher Shell where multi line queries with comments was parsed incorrectly.

Causal Clustering

• Fix bug where prefetching log entries could get stuck, unable to read new entries from the log.

Tools

• Ignore duplicate property keys in neo4j-admin copy

  The consistency checker will verify that a single node or relationship doesn't have the same property twice. E.g. A node has both n.name="foo" and n.name="bar". This will be reported as:

  ERROR The property chain contains multiple properties that have the same property key-id, which means that the entity has at least one duplicate property
  

  This case was not properly handled by neo4j-admin copy and the resulting store would still be inconsistent. Now we filter out duplicate properties, keeping the first value found, and discarding all subsequent values. All removals will be logged into the summary.

Browser

• Fix bug causing autocomplete to no longer work

4.4.6

Kernel

• Much faster rebuild of relationship group degrees store
• Fixing a bug when token index files were not excluded from file watching
• neo4j-admin import respects dbms.logs.debug.format setting

Cypher

• Map Factory timezone to UTC

• The aliases column returned by SHOW DATABASES should be typed list of strings and not string.

• Fix a rare bug where the output rows of some queries would be unordered, even though an ORDER BY had been correctly placed, see: https://github.com/neo4j/neo4j/issues/12840

• Fix bug where you could get an error message like Cannot put key x before first key y, for example in queries using SelectOrSemiApply or ConditionalApply and Limit.

• Fixed a bug where matching on the same variable multiple times would trigger an exception during planning or produce incorrect results.

• Fixed an error due to which very particular queries with the same predicate on both sides of an OR expression could not be planned.

• Update driver to version 4.4.4

• Use lists that are stored in properties as input to toIntegerList

• Usages of GetDegree wasn't obvious in the plan description. Now instead

  of size([pattern]) usages of GetDegree will be rendered with getDegree([pattern]).

• Update driver to 4.4.5

• Fix an issue with user-defined aggregation functions where the result-method could sometimes be called twice on the same row (incorrectly assuming the implementation to be idempotent)

• Before this change, pattern expressions in boolean contexts were marked as deprecated. This deprecation was removed.

• Always attempt to create database constraints in system graph during upgrade.

Security

• Update jackson-databind from 2.12.6 to 2.13.2.2 (and thus also com.fasterxml.jackson.* from 2.12.6 to 2.13.2), to address CVE-2020-36518

Browser

• Export plan txt and make download dropdown context dependent
• Set SSO as default if sso providers were present

4.4.5

Kernel

• Fixes an issue cleaning up registered metrics after a failure to start a database, preventing it from being start after that point within the same dbms session.
• Fixes an issue with token creation (labels, property keys and relationship types) in clustering where internal IDs of created tokens may not be unique, i.e. multiple members could end up creating tokens with the same internal IDs.
• Fixes a bug in neo4j-admin report command where using the heap classifier would make the command fail with Error: Failed to write heapdump.hprof

Cypher

• If a query was accessing values via the index (prop[...]), the planner would always assume that these were dynamic properties. and plan an Eager operator if there may have been a read-write-conflict. This is now changed if the index access is using literals like prop[0] or prop['key'].

• Fix bug in aggregations with LIMIT where query would fail with an array copy out of bounds error.

• Fix cache properties invalidation when row does not match the predicate in optional expand

• Remove support for US/Pacific-New timezone. Existing values that use unsupported timezone will be interpreted as US/Pacific

• Fix error of the kind arraycopy: last source index 1 out of bounds for long[0]

  which could occur when a CartesianProduct was planned under a NestedPlanExpression in pipelined runtime.

Packaging

• added licenses folder at /var/lib/neo4j/licenses in deb and rpm installers for consistency with documentation and tar.gz installation.

Causal Clustering

• Track size of log entries to avoid prefetch buffer exceeding memory constraints.
• Improve how long a booting node can be leader to a database before being available to process transactions by transferring leadership sooner.

Browser

• Upgrade to D3 v7
• Show hint about :auto on CALL {...} IN TRANSACTIONS
• Add missing 4.4 keywords
• Upgrade query plan view to D3 v7
• Reduce icon size to avoid scroll on single line values in table
• Display clustering data in :sysinfo frame again
• Enable setting :params on multiple lines
• Use shift, cmd or ctrl as mod key for wheel zoom
• Add zoom to fit button
• Bump driver to 4.4.2
• Zoom mod key info message
• Debounce writing to localstorage to improve performance
• Remove hard limit of 1000 nodes for visualisation
• Params template on missing paramters errors
• Make max record setting user configurable
• Handle null values in graph viz
• Improve causal cluster detection

4.4.4

Cypher

• Improved performance of queries containing UNWIND and CALL IN TRANSACTIONS
• Fix a memory leak of the runtime transactional context into the query plan cache
• update to driver version 4.4.3

Security

• Fix an issue where ExpandInto can call get degrees on a dense node when DENY privileges are present. This causes a large amount of unnecessary permissions checks to occur.

Misc

• Update netty to 4.1.73.Final to address CVE-2021-43797. Whilst the affected code is not used, this will prevent it from incorrectly flagging it in security scanning tools.
• Introduce access-mode header for Transactional HTTP API.

4.4.3

Kernel

• Fixes an issue in importer where large node IDs from CSV source that were additionally stored as node property may sometimes end up with the wrong value.
• Update Log4j to 2.17 to address CVE-2021-45105
• Close kernel transaction on periodic transaction context commit
• Fixes an issue where trailing spaces on dbms.jvm.additional configurations could cause neo4j not to start
• Fixes an importer issue where looking up an ID where there were multiple equal in different groups may result in ArrayIndexOutOfBoundsException.
• Update Log4j to 2.17.1 to address CVE-2021-44832

Cypher

• Fix Expected positive int value, got 0 error with CALL ... IN TRANSACTIONS

  when there were an empty map in scope.

• Fix bug in Cypher Shell :connect where username was ignored.

• Fix a bug that could trigger a null pointer exception in the slotted and pipelined runtimes for certain query plans where an OPTIONAL MATCH with a predicate containing OR was planned with a Union operator.

• Fix a bug where, in rare cases, reusing a variable that had previously been used as a path variable would fail during planning.

• Fix a bug in the heap memory tracking of intermediate results in the pipelined runtime, that could lead to underestimation of the heap usage for certain queries, and potentially trigger JVM out-of-memory errors for queries consuming too much memory.

• Fix a bug where, in rare cases, matching with an optional match on the same thing as a preceding match would fail during planning.

• Fix a bug where errors could be masked when using IS NULL or IS NOT NULL

Security

• During a rolling upgrade from 4.1 or earlier, roles don't have the privilege required to execute UDFs.

  These privileges are added to the PUBLIC role after the upgrade is done, but not during compatibility mode.

  This is the error when trying to execute a UDF:

  Executing a user defined function is not allowed for user 'XXX' with roles [PUBLIC, architect].
  

  This privilege is now in the list of temporary privileges which take effect during upgrades.

4.4.2

Kernel

• Update Log4j to 2.16.0 CVE-2021-45046

Cypher

• Fixed a bug where using values returned from a procedure would cause a type error like Type mismatch: expected Float, Integer or Duration but was Number.

4.4.1

Kernel

• Fix bolt connections to respect dynamic setting of dbms.transaction.timeout
• Fix false-positive "Potential direct memory leak"
• Fixes a bug in index transaction state where nodes/relationships created/changed in the same transaction could sometimes be returned several times for queries using composite indexes.
• Fixing an issue where custom config values in rare cases could be ignored
• neo4j-admin import does not accept any existing database (even empty ones). Supply --force to remove any files prior to import
• CSV Import: add support for array data types point[], date[], time[], datetime[], localtime[], localdatetime[], duration[]
• Fixes an issue where under very specific circumstances an upgraded database could get into a state where it had a chance to assign non-unique transaction IDs to committing transactions
• Update Log4j to 2.15.0 to address CVE-2021-44228

Cypher

• Bug fix: Neo4j now also accepts datetime expressions including an offset of times immediately after switching from summer time to winter time.
• Fix bug where planner would fail to find a sorted plan to fulfil order on two variables including aggregation, which would result in issuing an "Expected a sorted plan" error.
• Fix unnecessary Eager planned between MATCH and MERGE on different labels.
• Fixes exception "org.neo4j.exceptions.CypherTypeException: Property values can only be of primitive types or arrays thereof" thrown when concatenating a list with an empty list.
• local database aliases are now also allowed for read-only configuration.

Browser

• Animate opening/closing of properties view
• Truncate really long values in properties view
• Store remote guides in Local Storage
• Show current manuals instead of old if not connected to server
• Fix change log badge/notification doesn't appear until sidebar is opened
• Support new alias feature from neo4j 4.4
• Add brackets around array type in properties view

4.4.0

Kernel

• Add per method lifecycle to Neo4jExtension

• Add support for uniqueness constraint on multiple properties on remaining surfaces. This includes the Cypher command CREATE CONSTRAINT [name] ON (n:Label) ASSERT (n.prop1, n.prop2) IS UNIQUE and Core API.

• Fixes a bug in consistency checker that prevented all node indexes from using the index checking variant designed for larger indexes.

• Better handling of inconsistent property chains so that in the very unlikely event that a property record chain cannot be read properly a better failure will propagate to the user. It is also possible to delete entities with inconsistent property chains, at which point the entity's data will be logged to debug.log (only if user explicitly sets setting dbms.log_inconsistent_data_deletion=true.

• Improved performance of full text search when limit is specified

• Fixes an issue where enterprise fabric.graph.<name>.* settings would log warnings and be ignored

• The error message shown when an index hint cannot be fulfilled has changed. The new format is consistent with the syntax to create indexes.

• Fixing an issue where dropping a database and creating a new database with the same name could lead to the new database being unable to start

• Fix issue with relationship belonging to dense nodes in the high-limit format that could cause corruptions. This affects relationship types with ids larger than 65535.

• Preserve node ids in neo4j copy by default

• Enable ids_in_use.relationship_type metric by default. The metric was turned off as default by mistake with the introduction of the metrics.filter setting.

• This release introduces an optional mode for backup/restore which creates an immutable artifact with an API, and two backup types (full and differential) which can be composed at restore time.

• Fixes an issue with ID mappings in import/store-copy which could result in incomplete sorting in larger data sets.

• Much faster consistency checking of fulltext indexes

• Adds --auto-skip-subsequent-headers to neo4j-admin import to skip any header lines in subsequent files in file groups with more than one file.

• Adds ability to further limit amount of memory allocated by the consistency checker. By default 90% of available memory is used.

• Bump commons compress to 1.21

• Removes log4j from classpath to avoid version conflicts.

• Fixes issues with ID reuse where reusable IDs sometimes weren't prioritized during concurrent ID allocation and where allocating new IDs would happen instead, increasing the store file sizes unnecessarily.

• Prevent settings of type 'socket address' from parsing URIs as it is expecting values on the form hostname:port.

• Fixes an issue where neo4j-admin copy would not complete if there were "enough" deleted node records from the source database. The copy would hang in sorting the sourceDbNodeId --> targetDbNodeId data structure.

• Fixes a bug in consistency checker for composite node indexes with lucene+native-3.0 index provider. Consistency checker reported index inconsistencies for all entries in the index even though the values were correctly indexed.

• Fixes a NullPointerException which sometimes occurred when trying to resume an import

• Fixes a bug in consistency checker for indexes backing constraints. Consistency checker could in some rare cases report inconsistencies for an index backing a constraint even though the index was consistent.

  The inconsistency would be for node 0 and look something like this: ERROR There is another node in the unique index with the same property value(s). Node[0, ...] Inconsistent with: Index( ... ) null 0

• Fixes a bug in consistency checker where it could miss reporting inconsistencies in an index backing a constraint when running on limited memory.

• Fixes an issue where databases with a read-only workload were unable to take backups after upgrade

• Update windows service setting with update-service command

• Always prints current process id in system diagnostics

• fixes an issue where declaring multiple jvm arguments on one dbms.jvm.additional (e.g in docker) would be parsed incorrectly

• neo4j console now creates pid file during startup on unix

• Better error message on failed instance start

• Add new service that evaluate database size based on provided database id.

• Fixes an issue where a created node/relationship, which was also indexed and later deleted within the same transaction, would still be found by an index lookup after it was deleted.

• Introducing JAVA_OPTS environmental variable for admin commands

• Support writing to standard output by neo4j-admin dump and reading from standard input by neo4j-admin load

• DBMS information in neo4j.log at startup

• Fixes an overflow issue for Duration properties where specific values could lead to failed transactions or transaction log corruption.

• Deprecates the BTREE index type. BTREE is still the default type in 4.4, but will be removed in 5.0.

• Backup will now prune transaction logs based on the value of dbms.tx_log.rotation.retention_policy on the backup client

• Fixes another issue where a created node/relationship with several properties, which was also indexed (on at least one of the properties) and later deleted within the same transaction, would still be found by an index lookup after it was deleted.

• Allow procedures to set or read transactional status details

Cypher

• Fixed a bug where running an aggregating query through Fabric would fail with namespacing error.

• Handle integer overflow correctly in certain queries, for example RETURN --9223372036854775808.

• Don't generate warnings of type The database was unable to generate code for the query... when it is expected.

• Update the available Cypher versions from CYPHER 3.5, CYPHER 4.2 and CYPHER 4.3 to CYPHER 3.5, CYPHER 4.3 and CYPHER 4.4

• Fix leak of execution plan into data collector buffer

• Fix bug where the error "Can't change a seen value" could occur when planning a nested plan expression on an Apply-plan.

• Fail when using NaN as property value in MERGE queries.

• Allow ending a query in a procedure call, if that procedure call has no YIELD.

• Fix bug when counting multiple nodes with the same label.

• Cypher now allows sub-queries ending in an update clause instead of a RETURN clause. These so-called unit sub-queries are called for their side-effects only and do not return values to the enclosing query.

• Handle query obfuscation of of double negatives, i.e., -(-42)

• Fixes a bug for parameter names starting with a number.

• Fixes parser bug around spacing for subtractions of doubles

• Fix bug where matching on self-loop patterns would, in special cases, yield incorrect results.

• Fix bug where side effects in queries could be incorrectly limited by a LIMIT. This could only happen when updates were planned in the right hand side of a binary plan (e.g. CALL { CREATE (a) RETURN a}).

• • When performing an OPTIONAL MATCH, when returning distinct results (whether in the context of an aggregation or not), the results would be wrong. This could happen regardless of whether the query starts with the OPTIONAL MATCH or not. An example query that returned wrong results is: OPTIONAL MATCH (a:A)-[:KNOWS]->(b:B) RETURN count(DISTINCT a) AS count. This has been fixed.

    • When performing an OPTIONAL MATCH with 2 or more relationships of different relationship types, when returning DISTINCT results (whether in the context of an aggregation or not), the results could be wrong. An example query that returned wrong results is: OPTIONAL MATCH (a)-[r:R]->(b)-[r2:R2]->(c) RETURN count(DISTINCT a) as count. This has been fixed.

• Nullpointer exception was thrown when using MERGE with null property when a node key constraint was present

• Fix bug where you could get an error message like Cannot put key 14 before first key 21 for queries using nested FOREACH and MERGE.

• Allow to call length() with strings and lists in CYPHER 3.5 mode

• Prior to this change, the bolt server would always start an EXPLICIT transaction, unless running a query containing PERIODIC COMMIT without calling beginTransaction(). This is changed to only depend on whether or not beginTransaction() is used, independent of PERIODIC COMMIT. As a consequence, also non-transactional cypher queries will be run as IMPLICIT whereas before they would execute as EXPLICIT.

• Fix an issue where SHOW DATABASES would fail on a system database follower for external users

• Add serverID, databaseID, lastCommittedTxn, replicationLag columns to SHOW DATABASE. Also add support for brief / verbose so these columns will only appear if they are explicitly yielded or we get a YIELD *.

• Fix error from query using OPTIONAL MATCH and predicate with a pattern expression.

• Added support for node pattern predicates syntax in MATCH and inside pattern comprehensions.

  MATCH (a)-->(b WHERE b.prop > 123)-->(c) ... [ (a)-->(b WHERE b.prop > 123)-->(c) | ... ]

  Predicates inside a node pattern are only allowed to reference the node variable and symbols defined before the whole pattern.

• Fix memory problem for queries using OPTIONAL EXPAND and SKIP LIMIT

• Fix bug causing incorrect order of rows through a union subquery with pipelined runtime.

• Avoid long overflow for queries like RETURN duration({years: 293})

• Fix wrong result in PIPELINED runtime for some cases of OPTIONAL MATCH

• Fix bug in week/quarter date string parsing with signed year. For example date('+2015W05') or date('+2015Q1').

• Fix bug in time string parsing where comma was not a valid separator of the second decimal fraction. For example in expressions like time('12:01:01,123').

• Fail date parsing of strings that are ambiguous between date+month and ordinal dates, for example '2022-1'.

• Update constraint syntax from ON ... ASSERT to FOR ... REQUIRE

• Fix an instance where too many nodes were created

• Fix a bug where a LOAD CSV periodic commit query run with pipelined runtime could throw a ConcurrentModificationException.

• Fixed a bug where using exists() in a UNION query might fail with Variable not defined error.

• Fix bug where certain SET clauses containing property reads (e.g. SET n.prop = m.prop) could yield the wrong result.

• Fixed a bug where using length() in CYPHER 3.5 mode through Fabric would result in an error.

• Fixes a bug where queries like MATCH (a:A) RETURN count(a.prop) would return the wrong results if there is a uniqueness constraint on label A and property prop.

• Deprecate patterns like CREATE (a {prop:7})-[r:R {prop: a.prop}]->(b) where a variable introduced in the pattern is also referenced from the same pattern.

• Fix bug where certain adjacent SET clauses containing property reads (e.g. SET n.prop = n.prop + 1) could yield the wrong result.

• Deprecate the PERIODIC COMMIT hint. Transactional subqueries (e.g. CALL { ... } IN TRANSACTIONS) should be used instead.

• Introduce new function, point.withinBBox(point, lowerLeft, upperRight) that allows you to find spatial points that are within a bounding box without using inequality operators.

• Statement based history (instead of line by line) and support for :history clear

• An ALIAS provides an easy way to rename a database without having to drop it and recreate it. The objective of an ALIAS for a database is to create a unique, yet more flexible naming for databases. ALIASES for databases are used in the same way real database names are used

• New feature, CALL { ... } IN TRANSACTIONS, for running subqueries in separate transactions. Replacement for PERIODIC COMMIT.

• Include index type for index seek and index scan plans in plan description.

• Introduces a new administration command ALTER DATABASE SET ACCESS {READ ONLY | READ WRITE} and corresponding privileges SET DATABASE ACCESS ON DBMS and ALTER DATABASE ON DBMS.

• The function distance has been replaced with point.distance.

• Fix an issue where relationship traversal cursors could be improperly reused with the ExpandInto operator in pipelined runtime

• Comparing spatial points with <, <=, >, >= is deprecated. Please use point.withinBBox instead.

• New commands for listing and terminating transactions, that will replace the following procedures:

  • dbms.listQueries()
  • dbms.listTransactions()
  • dbms.killQueries()
  • dbms.killQuery()
  • dbms.killTransaction()
  • dbms.killTransactions()

  These procedures will be deprecated.

• Add :connect and :disconnect to cypher shell

• When using PERIODIC COMMIT or CALL { ... } IN TRANSACTIONS, the error message now contains information about how many transactions could commit successfully before the error happened.

• Add support for TEXT indexes, optimised for CONTAINS and ENDS WITH queries.

• Fix issue hanging queries in queries with MERGE followed by cardinality increasing operations.

• Cypher-shell command line argument --change-password now ask for user to confirm the new password.

• update to driver version 4.4.0

• Fix bug in cypher shell where it would fail to start in windows.

• Update to driver version 4.4.1

Packaging

• Moved the default run directory on linux systems from /run/neo4j to <neo4j-home>/run which is /var/lib/neo4j/run by default.
• Bloom and Graph Data Science plugins now packaged with Neo4j under the <NEO4J_HOME>/products folder of your installation.

Security

• Correct security log entries which were not appearing correctly in the log output in the community edition.

• Upgrade to Apache Shiro 1.8.0

• Implementing Single Sign-On capabilities in the Neo4j server, with integrations in key applications (Browser & Bloom) and through client drivers. This removes the need for custom integrations to enterprise identity providers, and routing-based workarounds (reverse proxy servers).

  SSO tokens can be supplied as part of the connection process across the drivers.

  Information required to obtain a relevant token can be obtained by clients. This will be provided as part of the payload of the Discovery API.

• Adds new User Impersonation feature:

  • Allows specially privileged users to act as another user without knowledge nor access to the impersonated user’s credentials.
  • Supports multi-database environments.
  • Added the new IMPERSONATE permission to support USER IMPERSONATION.
  • When impersonating, both the authenticated user and the executing user are tracked in the Query Log and the Security Log with the same format.

Causal Clustering

• No external extensions (like apoc) will be loaded during temporary database creation in clusters.
• Internal topology graph in system database
• Fix leak in the network code that could occur for some message sizes.
• performance improvements that prevent cluster followers from falling behind in some situations.
• Fixes an issue where IDs of deleted records would be reused quickly enough so that transactions on other cluster members might observe a record reused while reading its surrounding records
• Seed validation when starting clusters. Servers will now validate their databases seeds before starting the cluster.
• Very Large Cluster infrastructure

Browser

• Fix :auto for multistatement queries
• Ensure maxframes setting is respected
• Fix bug where relationship type styling was not applied in sidebar and properties view
• Limit initial maximum number of items shown in properties view (when large numbers of properties)
• Support for Neo4j 4.4 SSO, including discovery and refresh tokens
• Fix issue where fullscreen change didn't cause re-render
• Add count to labels/relationship types in the node properties overview
• Update neo4j driver to 4.4.0

Misc

• Fixed issue #12734 which prevents IO errors from being logged during write operations involving large values.
• Update netty to address CVE-2021-37136 and CVE-2021-37137
• Introduced protocol-level keep-alive messages to Bolt which may be configured via the dbms.connector.bolt.connection_keep_alive, dbms.connector.bolt.connection_keep_alive_for_requests, dbms.connector.bolt.connection_keep_alive_probes and dbms.connector.bolt.connection_keep_alive_streaming_scheduling_interval configuration properties.