ONgDB 3.4.9

Release Date: 14 October 2018

ONgDB 3.4.9 is a maintenance release with an important security fix and some fixes.

Mac/Linux ongdb-enterprise-3.4.9-unix.tar.gz
Windows 64 bit ongdb-enterprise-3.4.9-windows.zip
Windows 32 bit ongdb-enterprise-3.4.9-windows.zip
Docker Image
ONgDB 3.4.9 Docker Hub

 
docker run \
       --publish=7474:7474 --publish=7687:7687 \
       --volume=$HOME/neo4j/data:/data \
       graphfoundation/ongdb-enterprise:3.4.9

Go to:  http://localhost:7474

Security Update

ONgdB 3.4.x LDAP Security Vulnerability when using StartTLS and System Account

We have very recently discovered a bug that results in a security vulnerability in ONgDB 3.4 versions that use LDAP authentication with StartTLS and use a System Account for authentication. The issue was reported in GitHub issue 12047.

We have fixed this issue in ONgDB 3.4.9, which we advise you to upgrade to as soon as possible.

Scope: This affects all ONgDB 3.4.x versions that use LDAP for authentication, and have configured to use StartTLS (dbms.security.ldap.use_starttls=true) and are using System Account (dbms.security.ldap.authorization.use_system_account=true). Note, that both of these settings are false by default, so only those who have explicitly set these are affected. Users of LDAPS are not affected. Earlier versions of ONgDB are also not affected.

Workaround: It’s possible to work around the issue without upgrading the software. To do this, comment out the “use StartTLS” configuration parameter in the ONgDB.conf file on all ONgDB 3.4.x servers in your cluster and restart each instance for this to take effect. This can be done in a rolling fashion without downtime. Later, once you are able to upgrade to 3.4.9, upgrade to that version (in a rolling fashion if in a clustered environment), uncomment the configuration parameter to enable StartTLS, and restart the database.

Other Fixes and Improvements

  • Incremental online backup now leaves the resulting backed up store in a fully recovered state. This fixes problems with seeding a Causal Cluster with a store from an incremental online backup.
  • Cypher fix for ORDER BY + LIMIT 0 when using slotted runtime
  • Browser now correctly handles :queries in clustered environments when not all members could be reached

Detailed Changes and Docs

For the complete list of all changes, please see the changelog. Look for 3.4 Developer manual here, and 3.4 Operations manual here.