RDF4J 4.1.1 and 4.0.5 are now available. RDF4J 4.1.1 is a patch release
fixing 13 bugs and 1 security vulnerability (CVE-2020-36518 in FasterXML
Jackson Databind). Two of the issues fixed in 4.1.1, including the security vulnerability, have been backported and released as 4.0.5.
For more details, have a look at the 4.1.1 release notes and 4.0.5 release notes.