Release Date: 25 September 2024

Aura September 2024

Neo4j 5.24 database feature updates for Aura  Important Notice: We are aware of an issue relating to changes to the query notification service in 5.24, which can lead to outdated version of SDN/OGM returning java.lang.NullPointerException errors. To avoid this, please ensure that you are using an up-to-date version of SDN/OGM.

Highlights

Kernel



    
 	
  • Neo4j-admin backup/restore can use a new option –temp-path to specify the temporary directory used when sending/receiving data to cloud object stores. For documentation, see Operations Manual (Backup). 
    • 
 	
  • Neo4j-admin import can use a new option –schema to specify the Cypher schema commands to create indexes/constraints during the import process. For documentation, see Operations Manual (Full import). 
    • 



Surface for Developers and Data Scientists


    
 	
  • Added the ability to dynamically reference labels and properties in SET and REMOVE clauses. For example: SET n[$prop], REMOVE n[$prop], SET n:$($label) and REMOVE n:$($label). For documentation, see SET and REMOVE
    • 
 	
  • Added the GQL conformant OPTIONAL keyword to procedure and subquery calls. If no results are returned from the procedure or subquery, OPTIONAL CALL will return null instead of an empty result. For documentation, see Optional procedure calls and Optional subquery calls.
    • 
 	
  • Allow ORDER BY, SKIP/OFFSET, and LIMIT to be standalone clauses. Before, they could be used only in combination with RETURN,  WITH,  or YIELD; now, they can be used anywhere in a query. The keyword OFFSET is a synonym for SKIP. These are now GQL conformant statements. For documentation, see LIMIT, ORDER BY, SKIP and OFFSET
    • 



Security


    
 	
  • Authentication and authorization providers can now be controlled at a user-level with Cypher by setting the Auth Providers option on each user.  This allows each individual user to be authenticated and authorized by a combination of local user management and external user management via LDAP and Single Sign-On (SSO). 
    • 



This removes the limitations that exist today when managing users externally. Administrators who’ve linked a local user to an external user can now:



    
 	
  • 

      
 	
    • Define a ‘HOME DATABASE’ for the user
      • 
 	
    • SUSPEND the user’s access using cypher
      • 
 	
    • Map an external user to RBAC permissions locally 
      • 
 	
    • Allow the user to authenticate to the database with a user friendly name while mapping a unique identifier in an external identity provider.
      • 

    

    • 



Example that links a local user to an external SSO user, and sets a role for the user. 



CREATE USER ian  # This is a local user

SET AUTH 'oidc-mysso' {SET ID ‘60a0-d58d-4353….’}  # Linked to a SSO user

GRANT ROLE READER TO ian # RBAC applied to the linked user 

 

For documentation see Operations Manual (User auth providers). 



    
 	
  • Remove all privileges from natively authenticated users who are deleted mid-session, making the behaviour consistent with being suspended mid-session.
    • 


 

Fixes


    
 	
  • 

      
 	
    • Kernel Fixes

        
 	
      • Block format import performance has been improved in cases with a high ratio between relationship data and page cache.
        • 
 	
      • Fixed a bug that slowed down format migration. The bug has the effect that in some circumstances element ids were preserved during format migration. Please note that you cannot rely on element id preservation during format migration and compaction.
        • 
 	
      • Fixed a bug only present in 5.23 that sometimes caused an invalid in-memory state regarding latest committed id after concurrent transactions. Symptoms can include failing backups with messages like: java.lang.IllegalArgumentException: Not a valid range. Range to [xx] must be higher or equal to range from [xx]. Can be fixed in 5.23 by restarting the server.
        • 
 	
      • Fixed an issue in  block format  where relationship ids could be incorrectly reused instantly after deletion.
        • 
 	
      • Fixed an issue in  block format  where the creation of label/relationship/property names larger than 8KB could lead to database panic.
        • 

      

      • 
 	
    • Cypher Fixes

        
 	
      • OIDC HTTP discovery parsing is more tolerant of missing mandatory fields in the IdP discovery response. These missing values can still be overridden by configuration. 
        • 
 	
      • Fixes issues with incorrect evaluation order of UNION in some updating queries. 
        • 

      

      • 
 	
    • Driver fixes

        
 	
      • Fixes a bug where duplicated HTTP headers were returned when returning browser content.
        • 

      

      • 

    

    • 



    
 	
  • 

      
 	
    • Surface fixes

        
 	
      • Making error messages more general when natively authenticated users are deleted or suspended mid-session. 
        • 

      

      • 

    

    • 


Please refer to the changelog for full details of the changes.

 				
					


		

				
Recent Aura Releases


See All Aura Releases →