The Neo4j Aura March SECOND release is now rolling out—starting with AuraDB Free and gradually extending to higher-tier instances.
This second release in March reveals excited new security features and Cypher 25 updates!
🔐 Introducing Attribute-Based Access Control (ABAC)
You can now define dynamic, context-aware access rules using Cypher 25.
- How it works:Access is granted based on real-time attributes from your OIDC SSO tokens or environmental factors (like time of day).
- The Benefit:No more static roles. Secure your data with precision based on who the user is and when they are connecting.
🧑🏻💻Cypher 25: New Path Modes & Visibility
We’ve added several features to make your queries safer and more transparent:
- ACYCLIC Path Mode: You can now specify that a node cannot be traversed more than once in a pattern match, avoiding loops.
- LOAD CSV Progress Tracking: UseSHOW TRANSACTIONSto see real-time progress metrics for ingestion jobs.
- GQL Conformance: We’ve added thePROPERTY_EXISTS()function to keep your code aligned with the latest GQL standards.
🚛 Fleet Manager Updates
These apply if you are running Self-managed Neo4j instances, and upgraded the Neo4j version of your instances to 2026.03:
- Built-in Fleet Manager: You won't need a plug-in to use Fleet Manager to manage your Self-managed Neo4j instances on Aura console anymore. It is ready by default.
- Query Log Aggregation: You can now view aggregate query logs directly in the Aura console. Ensuredb.logs.query.obfuscate_literals=trueis set to enable this.
🛠️ Bug and Security Fixes
- Updated Jetty to v12.0.33 to resolve CVE-2026-1605.
- Fixed a rare bug in the pipelined runtime involving EXISTS subqueries that could cause incorrect intermediate results.
- Dynamic lookups now use locking index seeks when required, whereas previously they were vulnerable to constraint violations if used concurrently in a merge context.
For full details of all updates and fixes in this release, please visit: Release Notes: Neo4j Aura Database – March 2026.