Aura and CVE-2021-44228
Scheduled Maintenance Report for Neo4j Aura
Completed
The scheduled maintenance has been completed.
Posted Dec 13, 2021 - 18:38 UTC
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Dec 13, 2021 - 18:37 UTC
Scheduled
In Neo4j AuraDB the issue known as CVE-2021-44228 has been mitigated. Aura deployed a configuration fix on Friday 10th December that was applied to all existing Aura Databases. All newly created Databases will also have the configuration fix.
Our effort to review and monitor the situation with our security team is ongoing, however, at present we have not found any signs of intrusion or exploitation of this vulnerability.

As a precautionary measure, it is best practice to ensure you change database passwords regularly, especially if you had not previously changed from the default ones generated at creation.

Please contact our support team (https://aura.support.neo4j.com/hc/en-us) if you would like to discuss anything further in the meantime.

For the vulnerability and impact assessment on Neo4j , see
https://neo4j.com/security/log4j/
Posted Dec 13, 2021 - 18:35 UTC
This scheduled maintenance affected: AuraDB - Enterprise (*.databases.neo4j.io).