According to the download <http://cassandra.apache.org/download/> page, Apache Cassandra 2.1 is supported with critical fixes only till Nov 2016 and and Apache Cassandra 2.2 is supported till Nov 2016.
I wanted to know what is the policy for such "unsupported" versions, especially related to kernel vulnerabilities / security threats from dependent libraries that are discovered after a project has reached the "unsupported" stage? Will the upstream versions of Apache Cassandra 2.1 and 2.2 still receive security updates / patches or is it entirely up to the end users to fix these? Thanks, Anmol
