Currently in neo4j 4.4.16, jackson version 2.13.2 is used. We have a extension for neo4j and few vulnerabilities are reported. Can we upgrade it to 2.16.1? Is it okay to use 2.15.2?, as that is our current version.
Per the 4.4 changelog Neo4j 4.4 changelog · neo4j/neo4j Wiki · GitHub there are many other CVE/vulnerabilities addressed post 4.4.16. So it might be best to upgrade Neo4j itself and thus get multiple CVEs closed up