neo4j/neo4j-python-driver

Compatibility with Bolt 1

brunocek opened this issue · 1 comments

Feature Request

Have neo4j driver compatible with Bolt 1.

Pitch

When trying to connect to ongdb (free fork for neo4j enterprise), one will get that it is compatible only with '3.0', '4.1', '4.2', '4.3', '4.4', '5.0', '5.1', '5.2', '5.3', '5.4'.

The release notes of version 5.1 contains a table of compatibility. It says version 3.5 and 4.0 are the two last ones that support certainly Bolt 1.7.
( https://pypi.org/project/neo4j/5.1.0/ )

Release notes for 4.1 to 5.0 will hold the description of how to use Bolt 1.7, but as we see in 5.1, they actually don't know if it works or not. That use would meet the requirements well enough, but any other way is also acceptable.

driver = GraphDatabase.driver("neo4j://localhost:7687", auth=("neo4j", "password"), encrypted=False)


Also discussed on:

Hi and thanks for reaching out with a feature request.

Here's the TL;DR answer: sorry, but we won't fix this because of risk and cost.

Now the long anser, in case you or anyone reading this later cares.

Firstly, you're mixing versions of different things. There are 3 versions at play here:

  • The driver version
  • The (neo4j) server version
  • The bolt protocol version they negotiate.

Their numbers don't necessarily align and changes in versioning policies over the years made knowing what is compatible with what rather difficult. I'll try to summarize.

Bolt was introduced with Neo4j server version 3.0. It came with the first bolt version (1.0). You can track what bolt versions which server version supports here.

As of driver version and which bolt versions they support... this becomes more tricky. For driver versions 1.7 and below, I do actually not know what bolt versions they support. This was before my time at Neo4j and these ancient versions of the lib aren't supported any longer.

I hope you understand that from an economical standpoint we cannot offer indefinite support and updated for too old software versions. Neo4j server version 3.5 and older are EOL (end of life). Meaning we do not support them any longer. Therefore, we don't expect anyone to still run such old DMBS versions and hence, we don't expect to see any bolt version before 4.0 in the wild. The fact that the current driver version still supports bolt 3 is just on a best effort basis and not part of the public API contract. We will take the liberty to remove it (even in a minor release), should it become a maintenance burden in the future.

Economical in this case refers to developer time (giving support, debugging, fixing, etc.), but also compute resources to test such old versions. Speaking of which: the old bolt versions the driver doesn't officially support (bolt 3.0, and 4.0-4.3) are not actually tested in our CI pipelines. As documented in the API docs, there's no guarantee that the current driver works wich such old DBMS versions.

Lastly, even if we were ok with paying the price of maintaining historic bolt versions, there's a technical hurdle here. If you read up on the bolt version negotiation handshake, you'll realize, that the driver can only offer up to 4 bolt versions to the server for negotiation (newer versions can contain version ranges, but only to some extent). This means, that there is no way for the driver to contact a server and offer all bolt versions from 1.0 all the way up to the current 5.4. Workarounds like closing the connection and trying again with older versions might be possible, but again, not worth the cost of developing, testing, and maintaining such code.