cancel
Showing results for 
Search instead for 
Did you mean: 

Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.

3.5.0.10 tag missing

We found that version 3.5.0.10 was released in Maven, but there was no corresponding tag in github.And this version shows a vulnerability on Maven [CVE-2022-37423] [CVE-2021-42767]

1)What is the reason for tag's absence?

  • a、This version code has problems, such as the loophole, compatibility and interface issues, etc.
  • b、This version has functional problems, such as unreasonable function planning, basic function cannot be used
  • c、Forgot to tag
  • d、Don't care or is too trouble
  • e、others,_

2) To solve this problem, we propose a method that can find the true commit of version to help developers quickly locate the problem code and fix the bug. Here are the possible true commits given by our method. Can you confirm whether or not the actual commits are included, and if not, which ones?

['e7ec3ab5b6e2f7452fad92d04d8b8a1474040e70', 'ef3974fc072a2582fde944f0c1241e525920d355', '910a73851ded9431473358b1eb0e0229c44e6937']

❤️This question is very important to our research. Thank you for your time!

1 REPLY 1

@cchengjie 

 

Correct.  3.5.0.10 is not available.

But why?   Neo4j 3.5.x is End of Lifed.  Further as 3.5.9 was releases Sept 2019 https://neo4j.com/release-notes/database/neo4j-3-5-9/ and presumably 3.5.10 was made available shortly there after is there a requirement to use software which is 3 yrs old and when there is newer software available.   If you must stay on a Neo4j 3.5.x release our latest is 3.5.35 https://neo4j.com/release-notes/database/neo4j-3-5-35.    If not and if you are going to upgrade it would be in your best interest to go to Neo4j 4.4.10 https://neo4j.com/release-notes/database/neo4j-4-4-10/