The bug reported in CASSANDRA-16735 [1] was known to cause corruption thought to be recoverable but can, in fact, induce *non-recoverable* corruption in some partitions. If you are not yet on 3.0.23, 3.0.24, 3.11.9, or 3.11.10, it is recommended you wait to upgrade until the Cassandra community releases 3.0.25 and 3.11.11. Once released, skip directly from 3.0.22 to 3.0.25 or from 3.11.8 to 3.11.11. For those already on the affected versions, the Cassandra community is working to release 3.0.25 and 3.11.11 immediately. Immediate upgrade to 3.0.25 or 3.11.11 is recommended and all schema changes should be stopped until the upgrade is complete.
While the issue has been known for some time, the severity of the issue was not well understood. This understanding has improved and with that we are suggesting the above actions for all users. The issue was introduced by a fix for CASSANDRA-15899 [2] which affected all versions up to and including 3.0.22 and 3.11.8. The fix for CASSANDRA-16735 was to revert the patch made in CASSANDRA-15899 meaning clusters will continue to be susceptible to this transient issue. In summary: - 3.0.22 and before/3.11.8 and before - susceptible to CASSANDRA-15899 which carries considerably less risk relative to CASSANDRA-16735. - 3.0.23, 3.0.24, 3.11.9, 3.11.10 - has the CASSANDRA-15899 patch that introduces the bug reported in CASSANDRA-16735. This makes Cassandra susceptible to non-recoverable corruption and should be upgraded immediately. - 3.0.25, 3.11.11 - has CASSANDRA-15899 patch reverted by patch in CASSANDRA-16735 -- no longer susceptible to unrecoverable corruption but continues to be susceptible to CASSANDRA-15899. [1] https://issues.apache.org/jira/browse/CASSANDRA-16735 [2] https://issues.apache.org/jira/browse/CASSANDRA-15899
