[NOID] Update lettuce-core to 6.5.4.RELEASE to mitigate CVE-2024-47535, CVE-2025-24970 and CVE-2025-25193

Lojjs · Lojjs · commit ce824d80ae6f · 2025-10-03T16:38:51.000+02:00
diff --git a/LICENSES.txt b/LICENSES.txt
@@ -32,6 +32,7 @@ Apache-2.0
   commons-beanutils-1.9.4.jar
   commons-cli-1.5.0.jar
   commons-codec-1.16.1.jar
+  commons-codec-1.18.0.jar
   commons-collections-3.2.2.jar
   commons-collections4-4.4.jar
   commons-compress-1.26.0.jar
@@ -58,7 +59,7 @@ Apache-2.0
   ehcache-3.8.2.jar
   error_prone_annotations-2.18.0.jar
   failureaccess-1.0.1.jar
-  flatbuffers-java-23.5.26.jar
+  flatbuffers-java-25.2.10.jar
   fst-2.50.jar
   gson-2.9.0.jar
   guava-32.0.1-jre.jar
@@ -99,22 +100,21 @@ Apache-2.0
   jPowerShell-3.0.jar
   jProcesses-1.6.5.jar
   jackson-annotations-2.15.2.jar
-  jackson-annotations-2.17.2.jar
+  jackson-annotations-2.18.3.jar
   jackson-core-2.15.2.jar
-  jackson-core-2.17.2.jar
+  jackson-core-2.18.3.jar
   jackson-databind-2.15.2.jar
-  jackson-databind-2.17.2.jar
-  jackson-dataformat-cbor-2.17.2.jar
-  jackson-dataformat-csv-2.17.2.jar
-  jackson-dataformat-yaml-2.17.0.jar
-  jackson-datatype-jsr310-2.17.0.jar
-  jackson-datatype-jsr310-2.17.2.jar
+  jackson-databind-2.18.3.jar
+  jackson-dataformat-cbor-2.18.3.jar
+  jackson-dataformat-csv-2.18.3.jar
+  jackson-dataformat-yaml-2.18.3.jar
+  jackson-datatype-jsr310-2.18.3.jar
   jackson-jaxrs-base-2.15.2.jar
-  jackson-jaxrs-base-2.17.2.jar
+  jackson-jaxrs-base-2.18.3.jar
   jackson-jaxrs-json-provider-2.15.2.jar
-  jackson-jaxrs-json-provider-2.17.2.jar
+  jackson-jaxrs-json-provider-2.18.3.jar
   jackson-module-jaxb-annotations-2.15.2.jar
-  jackson-module-jaxb-annotations-2.17.2.jar
+  jackson-module-jaxb-annotations-2.18.3.jar
   jakarta.validation-api-2.0.2.jar
   jamm-0.3.3.jar
   javapoet-1.13.0.jar
@@ -164,11 +164,11 @@ Apache-2.0
   mercator_2.12-0.2.1.jar
   metrics-core-3.2.4.jar
   netty-all-4.1.100.Final.jar
-  netty-buffer-4.1.119.Final.jar
-  netty-codec-4.1.119.Final.jar
+  netty-buffer-4.1.126.Final.jar
+  netty-codec-4.1.126.Final.jar
   netty-codec-dns-4.1.100.Final.jar
   netty-codec-haproxy-4.1.100.Final.jar
-  netty-codec-http-4.1.119.Final.jar
+  netty-codec-http-4.1.126.Final.jar
   netty-codec-http2-4.1.100.Final.jar
   netty-codec-memcache-4.1.100.Final.jar
   netty-codec-mqtt-4.1.100.Final.jar
@@ -177,24 +177,24 @@ Apache-2.0
   netty-codec-socks-4.1.100.Final.jar
   netty-codec-stomp-4.1.100.Final.jar
   netty-codec-xml-4.1.100.Final.jar
-  netty-common-4.1.119.Final.jar
-  netty-handler-4.1.119.Final.jar
+  netty-common-4.1.126.Final.jar
+  netty-handler-4.1.126.Final.jar
   netty-handler-proxy-4.1.100.Final.jar
   netty-handler-ssl-ocsp-4.1.100.Final.jar
-  netty-resolver-4.1.119.Final.jar
+  netty-resolver-4.1.126.Final.jar
   netty-resolver-dns-4.1.100.Final.jar
   netty-resolver-dns-classes-macos-4.1.100.Final.jar
   netty-resolver-dns-native-macos-4.1.100.Final-osx-aarch_64.jar
   netty-resolver-dns-native-macos-4.1.100.Final-osx-x86_64.jar
-  netty-transport-4.1.119.Final.jar
-  netty-transport-classes-epoll-4.1.119.Final.jar
+  netty-transport-4.1.126.Final.jar
+  netty-transport-classes-epoll-4.1.126.Final.jar
   netty-transport-classes-kqueue-4.1.100.Final.jar
-  netty-transport-native-epoll-4.1.119.Final-linux-aarch_64.jar
-  netty-transport-native-epoll-4.1.119.Final-linux-x86_64.jar
-  netty-transport-native-epoll-4.1.119.Final.jar
+  netty-transport-native-epoll-4.1.126.Final-linux-aarch_64.jar
+  netty-transport-native-epoll-4.1.126.Final-linux-x86_64.jar
+  netty-transport-native-epoll-4.1.126.Final.jar
   netty-transport-native-kqueue-4.1.100.Final-osx-aarch_64.jar
   netty-transport-native-kqueue-4.1.100.Final-osx-x86_64.jar
-  netty-transport-native-unix-common-4.1.119.Final.jar
+  netty-transport-native-unix-common-4.1.126.Final.jar
   netty-transport-rxtx-4.1.100.Final.jar
   netty-transport-sctp-4.1.100.Final.jar
   netty-transport-udt-4.1.100.Final.jar
@@ -218,7 +218,7 @@ Apache-2.0
   shiro-crypto-hash-1.13.0.jar
   shiro-event-1.13.0.jar
   shiro-lang-1.13.0.jar
-  snakeyaml-2.2.jar
+  snakeyaml-2.3.jar
   snappy-java-1.1.10.4.jar
   websocket-api-9.4.53.v20231009.jar
   websocket-client-9.4.53.v20231009.jar
@@ -1872,7 +1872,7 @@ Eclipse Distribution License - v 1.0
   istack-commons-runtime-3.0.8.jar
   jakarta.activation-api-1.2.1.jar
   jakarta.activation-api-1.2.2.jar
-  jakarta.xml.bind-api-2.3.3.jar
+  jakarta.xml.bind-api-2.3.2.jar
   jaxb-runtime-2.3.2.jar
   jersey-client-2.34.jar
   jersey-container-servlet-2.34.jar
@@ -2832,7 +2832,7 @@ MIT
   bcutil-jdk18on-1.78.1.jar
   bcutil-jdk18on-1.78.jar
   cassandra-1.17.6.jar
-  checker-qual-3.42.0.jar
+  checker-qual-3.33.0.jar
   chromadb-1.19.7.jar
   couchbase-1.17.6.jar
   database-commons-1.17.6.jar
@@ -2855,7 +2855,7 @@ MIT
   qdrant-1.19.7.jar
   reactive-streams-1.0.4.jar
   slf4j-api-1.7.36.jar
-  slf4j-api-2.0.11.jar
+  slf4j-api-2.0.17.jar
   slf4j-nop-1.7.30.jar
   slf4j-reload4j-1.7.36.jar
   testcontainers-1.19.7.jar
diff --git a/NOTICE.txt b/NOTICE.txt
@@ -62,6 +62,7 @@ Apache-2.0
   commons-beanutils-1.9.4.jar
   commons-cli-1.5.0.jar
   commons-codec-1.16.1.jar
+  commons-codec-1.18.0.jar
   commons-collections-3.2.2.jar
   commons-collections4-4.4.jar
   commons-compress-1.26.0.jar
@@ -88,7 +89,7 @@ Apache-2.0
   ehcache-3.8.2.jar
   error_prone_annotations-2.18.0.jar
   failureaccess-1.0.1.jar
-  flatbuffers-java-23.5.26.jar
+  flatbuffers-java-25.2.10.jar
   fst-2.50.jar
   gson-2.9.0.jar
   guava-32.0.1-jre.jar
@@ -129,22 +130,21 @@ Apache-2.0
   jPowerShell-3.0.jar
   jProcesses-1.6.5.jar
   jackson-annotations-2.15.2.jar
-  jackson-annotations-2.17.2.jar
+  jackson-annotations-2.18.3.jar
   jackson-core-2.15.2.jar
-  jackson-core-2.17.2.jar
+  jackson-core-2.18.3.jar
   jackson-databind-2.15.2.jar
-  jackson-databind-2.17.2.jar
-  jackson-dataformat-cbor-2.17.2.jar
-  jackson-dataformat-csv-2.17.2.jar
-  jackson-dataformat-yaml-2.17.0.jar
-  jackson-datatype-jsr310-2.17.0.jar
-  jackson-datatype-jsr310-2.17.2.jar
+  jackson-databind-2.18.3.jar
+  jackson-dataformat-cbor-2.18.3.jar
+  jackson-dataformat-csv-2.18.3.jar
+  jackson-dataformat-yaml-2.18.3.jar
+  jackson-datatype-jsr310-2.18.3.jar
   jackson-jaxrs-base-2.15.2.jar
-  jackson-jaxrs-base-2.17.2.jar
+  jackson-jaxrs-base-2.18.3.jar
   jackson-jaxrs-json-provider-2.15.2.jar
-  jackson-jaxrs-json-provider-2.17.2.jar
+  jackson-jaxrs-json-provider-2.18.3.jar
   jackson-module-jaxb-annotations-2.15.2.jar
-  jackson-module-jaxb-annotations-2.17.2.jar
+  jackson-module-jaxb-annotations-2.18.3.jar
   jakarta.validation-api-2.0.2.jar
   jamm-0.3.3.jar
   javapoet-1.13.0.jar
@@ -194,11 +194,11 @@ Apache-2.0
   mercator_2.12-0.2.1.jar
   metrics-core-3.2.4.jar
   netty-all-4.1.100.Final.jar
-  netty-buffer-4.1.119.Final.jar
-  netty-codec-4.1.119.Final.jar
+  netty-buffer-4.1.126.Final.jar
+  netty-codec-4.1.126.Final.jar
   netty-codec-dns-4.1.100.Final.jar
   netty-codec-haproxy-4.1.100.Final.jar
-  netty-codec-http-4.1.119.Final.jar
+  netty-codec-http-4.1.126.Final.jar
   netty-codec-http2-4.1.100.Final.jar
   netty-codec-memcache-4.1.100.Final.jar
   netty-codec-mqtt-4.1.100.Final.jar
@@ -207,24 +207,24 @@ Apache-2.0
   netty-codec-socks-4.1.100.Final.jar
   netty-codec-stomp-4.1.100.Final.jar
   netty-codec-xml-4.1.100.Final.jar
-  netty-common-4.1.119.Final.jar
-  netty-handler-4.1.119.Final.jar
+  netty-common-4.1.126.Final.jar
+  netty-handler-4.1.126.Final.jar
   netty-handler-proxy-4.1.100.Final.jar
   netty-handler-ssl-ocsp-4.1.100.Final.jar
-  netty-resolver-4.1.119.Final.jar
+  netty-resolver-4.1.126.Final.jar
   netty-resolver-dns-4.1.100.Final.jar
   netty-resolver-dns-classes-macos-4.1.100.Final.jar
   netty-resolver-dns-native-macos-4.1.100.Final-osx-aarch_64.jar
   netty-resolver-dns-native-macos-4.1.100.Final-osx-x86_64.jar
-  netty-transport-4.1.119.Final.jar
-  netty-transport-classes-epoll-4.1.119.Final.jar
+  netty-transport-4.1.126.Final.jar
+  netty-transport-classes-epoll-4.1.126.Final.jar
   netty-transport-classes-kqueue-4.1.100.Final.jar
-  netty-transport-native-epoll-4.1.119.Final-linux-aarch_64.jar
-  netty-transport-native-epoll-4.1.119.Final-linux-x86_64.jar
-  netty-transport-native-epoll-4.1.119.Final.jar
+  netty-transport-native-epoll-4.1.126.Final-linux-aarch_64.jar
+  netty-transport-native-epoll-4.1.126.Final-linux-x86_64.jar
+  netty-transport-native-epoll-4.1.126.Final.jar
   netty-transport-native-kqueue-4.1.100.Final-osx-aarch_64.jar
   netty-transport-native-kqueue-4.1.100.Final-osx-x86_64.jar
-  netty-transport-native-unix-common-4.1.119.Final.jar
+  netty-transport-native-unix-common-4.1.126.Final.jar
   netty-transport-rxtx-4.1.100.Final.jar
   netty-transport-sctp-4.1.100.Final.jar
   netty-transport-udt-4.1.100.Final.jar
@@ -248,7 +248,7 @@ Apache-2.0
   shiro-crypto-hash-1.13.0.jar
   shiro-event-1.13.0.jar
   shiro-lang-1.13.0.jar
-  snakeyaml-2.2.jar
+  snakeyaml-2.3.jar
   snappy-java-1.1.10.4.jar
   websocket-api-9.4.53.v20231009.jar
   websocket-client-9.4.53.v20231009.jar
@@ -324,7 +324,7 @@ Eclipse Distribution License - v 1.0
   istack-commons-runtime-3.0.8.jar
   jakarta.activation-api-1.2.1.jar
   jakarta.activation-api-1.2.2.jar
-  jakarta.xml.bind-api-2.3.3.jar
+  jakarta.xml.bind-api-2.3.2.jar
   jaxb-runtime-2.3.2.jar
   jersey-client-2.34.jar
   jersey-container-servlet-2.34.jar
@@ -434,7 +434,7 @@ MIT
   bcutil-jdk18on-1.78.1.jar
   bcutil-jdk18on-1.78.jar
   cassandra-1.17.6.jar
-  checker-qual-3.42.0.jar
+  checker-qual-3.33.0.jar
   chromadb-1.19.7.jar
   couchbase-1.17.6.jar
   database-commons-1.17.6.jar
@@ -457,7 +457,7 @@ MIT
   qdrant-1.19.7.jar
   reactive-streams-1.0.4.jar
   slf4j-api-1.7.36.jar
-  slf4j-api-2.0.11.jar
+  slf4j-api-2.0.17.jar
   slf4j-nop-1.7.30.jar
   slf4j-reload4j-1.7.36.jar
   testcontainers-1.19.7.jar
diff --git a/docs/asciidoc/modules/ROOT/pages/database-integration/redis.adoc b/docs/asciidoc/modules/ROOT/pages/database-integration/redis.adoc
@@ -45,7 +45,7 @@ Here is a list of all available Redis procedures:
 == Install Dependencies
 
 The Redis procedures have dependencies on a client library that is not included in the APOC Library.
-You can download it from https://github.com/lettuce-io/lettuce-core/releases/tag/6.2.5.RELEASE[the lettuce-core repository](except for `netty` jars because they are already included within neo4j)
+You can download it from https://github.com/lettuce-io/lettuce-core/releases/tag/6.5.4.RELEASE[the lettuce-core repository](except for `netty` jars because they are already included within neo4j)
 or https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/download/{apoc-release}/apoc-redis-dependencies-{apoc-release}.jar[apoc repository]
 Once that file is downloaded, it should be placed in the `plugins` directory and the Neo4j Server restarted.
 
diff --git a/extra-dependencies/redis/build.gradle b/extra-dependencies/redis/build.gradle
@@ -19,7 +19,7 @@ jar {
 }
 
 dependencies {
-    implementation group: 'io.lettuce', name: 'lettuce-core', version: '6.2.5.RELEASE', {
+    implementation group: 'io.lettuce', name: 'lettuce-core', version: '6.5.4.RELEASE', {
         exclude group: 'io.netty'
     }
 }
diff --git a/full/build.gradle b/full/build.gradle
@@ -134,8 +134,8 @@ dependencies {
     compileOnly group: 'com.couchbase.client', name: 'java-client', version: '3.3.0', withoutJacksons
     testImplementation group: 'com.couchbase.client', name: 'java-client', version: '3.3.0', withoutJacksons
 
-    compileOnly group: 'io.lettuce', name: 'lettuce-core', version: '6.2.5.RELEASE'
-    testImplementation group: 'io.lettuce', name: 'lettuce-core', version: '6.2.5.RELEASE'
+    compileOnly group: 'io.lettuce', name: 'lettuce-core', version: '6.5.4.RELEASE'
+    testImplementation group: 'io.lettuce', name: 'lettuce-core', version: '6.5.4.RELEASE'
 
     compileOnly group: 'org.neo4j', name: 'neo4j', version: neo4jVersionEffective
 

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ jar {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`dependencies {`
`22`		`- implementation group: 'io.lettuce', name: 'lettuce-core', version: '6.2.5.RELEASE', {`
	`22`	`+ implementation group: 'io.lettuce', name: 'lettuce-core', version: '6.5.4.RELEASE', {`
`23`	`23`	`exclude group: 'io.netty'`
`24`	`24`	`}`
`25`	`25`	`}`