Information
The Cassandra installation version, along with the patches, should be the most recent that is compatible with organization's operational needs. When obtaining and installing software packages (typically via apt-get or you can compile the source code), it's imperative that packages (or the source code, tarball) are sourced only from valid and authorized repositories.
For Cassandra, a short list of valid repositories may include:
The official apache cassandra website: http://cassandra.apache.org/
DataStax Enterprise: https://www.datastax.com/
Rationale:
Using the most recent version of Cassandra can help limit the possibilities for vulnerabilities in the software, the installation version applied during setup should be established according to the needs of the organization. Ensure you are using a release that is covered by a level of support which includes regular updates to address vulnerabilities.
Solution
Upgrade to the latest version of the Cassandra software:
For each node in the cluster:
Using the nodetool drain command to push all memtables data to SSTables.
Stop Cassandra services.
Backup the data set and all of your Cassandra configuration files.
Download/Update Java if needed.
Download/Update Python if needed.
Download the binaries for the latest Cassandra revision from the Cassandra Download Page.
Install new version of Cassandra.
Configure new version of Cassandra, taking into account all of your previous settings in your config files(cassandra.yml, cassandrea-env.sh, etc).
Start Cassandra services.
Check logs for warnings, errors.
Using the nodetool to upgrade your SSTables.
Using the nodetool command to check status of cluster.
References:
http://cassandra.apache.org/doc/latest/getting_started/installing.html#prerequisites