AT
Apache TinkerPop15mo ago
dt0007

neo4j-gremlin plugin support

Hi team, I'm currently using tinkerpop-server 3.6.4 docker image with the neo4j-gremlin plugin for backend (https://tinkerpop.apache.org/docs/current/reference/#neo4j-gremlin). I Recently grype scanned the image and I'm seeing lots of vulnerabilities. Vulnerabilities are introduced only when the neo4j-gremlin plugin is installed. Is there any way to update some of these vulnerable dependencies? Are you guys maintaining the plugin? https://mvnrepository.com/artifact/org.apache.tinkerpop/neo4j-gremlin/3.6.4 Grype scan results attached. Thanks.
No description
2 Replies
spmallette
spmallette15mo ago
neo4j-gremlin has been under considerable discussion lately, a discussion led by @colegreer mostly: https://discord.com/channels/838910279550238720/838910279550238723/1133514204050104360 in short, Neo4j no longer wishes to maintain the component that allows the integration, so we've opted to deprecate neo4j-gremlin. as it stands, the community seems to be leaning towards leaving it a part of TinkerPop 3.x but will likely be wholly removed in some major release in the future.
dt0007
dt000715mo ago
Thanks for the quick reply.
Want results from more Discord servers?
Add your server