Release Date: 26 September 2025

Release (1.13.1)

Overview

This release is a security update, fixing known vulnerabilities in components used in Neo4j Ops Manager. It also includes upgrades to the components used in building Neo4j Ops Manager.

Highlights

• org.springframework.security:spring-security-core to 6.5.4  to fix CVE-2025-41248
• org.apache.tomcat.embed:tomcat-embed-core to 11.0.10 to fix CVE-2025-48989

Internal version changes

• github.com/prometheus/common to 0.65.0
• com.networknt:json-schema-validator to 1.5.8
• golang.org/x/crypto to 0.42.0
• spring-security-config.version to 6.5.3
• grpc to 1.75.1
• io.github.classgraph:classgraph to 4.8.180 
• docker-java.version to 3.6.0
• Security upgrade org.apache.commons:commons-lang3 to 3.18.0
• jsoup to 1.21.1 
• kardianos/service to 1.2.4
• neo4j-migrations-spring-boot-starter to 2.18.1
• docker to 28.3.3 
• caffeine to 3.2.2
• google.golang.org/protobuf to 1.36.9
• spf13/cobra to 1.10.1 
• neo4j-go-driver/v5 to 5.28.3
• org.springframework.security:spring-security-web to 6.5.3 
• Use latest ubuntu in dockerfiles