From bb009732cefbb9e6ca2a95ba9d921f0b38a7e567 Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts@users.noreply.github.com>
Date: Sat, 20 Dec 2025 23:15:25 +0000
Subject: [PATCH 1/2] neo4j-2025.10/2025.10.1-r2: fix GHSA-vc5p-v9hr-52mj
 <!--ci-cve-scan:must-fix: GHSA-vc5p-v9hr-52mj-->

---
 neo4j-2025.10.yaml              | 2 +-
 neo4j-2025.10/pombump-deps.yaml | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/neo4j-2025.10.yaml b/neo4j-2025.10.yaml
index 0a42a7f80e5..6e63b0e63ed 100644
--- a/neo4j-2025.10.yaml
+++ b/neo4j-2025.10.yaml
@@ -1,7 +1,7 @@
 package:
   name: neo4j-2025.10
   version: "2025.10.1"
-  epoch: 2 # GHSA-84h7-rjj3-6jx4
+  epoch: 3 # GHSA-vc5p-v9hr-52mj
   description:
   copyright:
     - license: GPL-3.0-or-later
diff --git a/neo4j-2025.10/pombump-deps.yaml b/neo4j-2025.10/pombump-deps.yaml
index 5b99434eb5e..8e806ae8b9f 100644
--- a/neo4j-2025.10/pombump-deps.yaml
+++ b/neo4j-2025.10/pombump-deps.yaml
@@ -2,3 +2,6 @@ patches:
   - groupId: io.netty
     artifactId: netty-codec-http
     version: 4.2.8.Final
+  - groupId: org.apache.logging.log4j
+    artifactId: log4j-core
+    version: 2.25.3

From b7e731aa1ae7fed3148c39521997bab206022275 Mon Sep 17 00:00:00 2001
From: Ben Tasker <2900301+bentasker@users.noreply.github.com>
Date: Wed, 24 Dec 2025 15:27:16 +0000
Subject: [PATCH 2/2] fix: bump property so all log4j components are upgraded
 to the same version

Signed-off-by: Ben Tasker <2900301+bentasker@users.noreply.github.com>
---
 neo4j-2025.10/pombump-deps.yaml       | 3 ---
 neo4j-2025.10/pombump-properties.yaml | 2 ++
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/neo4j-2025.10/pombump-deps.yaml b/neo4j-2025.10/pombump-deps.yaml
index 8e806ae8b9f..5b99434eb5e 100644
--- a/neo4j-2025.10/pombump-deps.yaml
+++ b/neo4j-2025.10/pombump-deps.yaml
@@ -2,6 +2,3 @@ patches:
   - groupId: io.netty
     artifactId: netty-codec-http
     version: 4.2.8.Final
-  - groupId: org.apache.logging.log4j
-    artifactId: log4j-core
-    version: 2.25.3
diff --git a/neo4j-2025.10/pombump-properties.yaml b/neo4j-2025.10/pombump-properties.yaml
index 73a79e166f3..3d418b2e35c 100644
--- a/neo4j-2025.10/pombump-properties.yaml
+++ b/neo4j-2025.10/pombump-properties.yaml
@@ -1,3 +1,5 @@
 properties:
   - property: jersey.version
     value: 2.46
+  - property: log4j.version
+    value: 2.25.3