The Neo4j Aura January release is now rolling out—starting with AuraDB Free and gradually extending to higher-tier instances.
This release focused on security patches and improvements in Cypher.
🛡️ Security fixes
We have patched the following libraries to resolve vulnerabilities:
- LZ4: Updated tov1.10.1(Resolves CVE-2025-66566).
- Jersey: Updated tov2.46(Resolves CVE-2025-12383).
🐞 Cypher Bug fixes
- Improved Memory Tracking: Fixed an issue whereDISTINCToperations could underestimate heap usage. This ensures that queries exceeding memory pool limits return a recoverable error rather than triggering a JVMOutOfMemoryError.
- Parallel Runtime Optimization: Resolved a bug where failed queries in the parallel runtime held onto heap memory longer than necessary.
- Subquery Fix: Fixed a "slot configuration" error when using subquery expressions inallReduce()initializers.
- Entity Mapping: Fixed a bug where entities returned inside a map or list were incorrectly evaluated due to a missing eager operator.
For full details of all updates and fixes in this release, please visit: Release Notes: Neo4j Aura Database – January 2025.