[Snyk] Security upgrade org.neo4j:neo4j from 3.4.0 to 4.2.8

[Robbie1977]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	HTTP Request Smuggling SNYK-JAVA-IONETTY-473214	org.neo4j:neo4j: 3.4.0 -> 4.2.8	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	HTTP Request Smuggling SNYK-JAVA-IONETTY-559515	org.neo4j:neo4j: 3.4.0 -> 4.2.8	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	HTTP Request Smuggling SNYK-JAVA-IONETTY-559516	org.neo4j:neo4j: 3.4.0 -> 4.2.8	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316638	org.neo4j:neo4j: 3.4.0 -> 4.2.8	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316639	org.neo4j:neo4j: 3.4.0 -> 4.2.8	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316640	org.neo4j:neo4j: 3.4.0 -> 4.2.8	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316641	org.neo4j:neo4j: 3.4.0 -> 4.2.8	No	No Known Exploit
	489/1000 Why? Has a fix available, CVSS 5.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-32473	org.neo4j:neo4j: 3.4.0 -> 4.2.8	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-460507	org.neo4j:neo4j: 3.4.0 -> 4.2.8	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Information Exposure SNYK-JAVA-ORGBOUNCYCASTLE-1035561	org.neo4j:neo4j: 3.4.0 -> 4.2.8	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Timing Attack SNYK-JAVA-ORGBOUNCYCASTLE-1296075	org.neo4j:neo4j: 3.4.0 -> 4.2.8	No	No Known Exploit
	561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Cryptographic Issues SNYK-JAVA-ORGBOUNCYCASTLE-2841508	org.neo4j:neo4j: 3.4.0 -> 4.2.8	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Insecure Encryption SNYK-JAVA-ORGBOUNCYCASTLE-32369	org.neo4j:neo4j: 3.4.0 -> 4.2.8	No	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-ORGBOUNCYCASTLE-32412	org.neo4j:neo4j: 3.4.0 -> 4.2.8	No	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Privilege Escalation SNYK-JAVA-ORGNEO4J-1535217	org.neo4j:neo4j: 3.4.0 -> 4.2.8	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-JAVA-ORGNEO4J-1579724	org.neo4j:neo4j: 3.4.0 -> 4.2.8	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Denial of Service (DoS)
🦉 Denial of Service (DoS)
🦉 More lessons are available in Snyk Learn