The Cassandra team is pleased to announce the release of Apache Cassandra version 4.0.17.
This release is a critical security release, fixing an issue found in [1] and addressing CVE-2025-23015 [2]. Release 4.0.16 intended to fix CVE-2025-23015[2] but did not. This release 4.0.17 does. Apache Cassandra is a fully distributed database. It is the right choice when you need scalability and high availability without compromising performance. https://cassandra.apache.org/ Downloads of source and binary distributions are listed in our download section: https://cassandra.apache.org/download/ This version is a critical bug fix release[3] on the 4.0 series. As always, please pay attention to the release notes[4] and let us know[5] if you were to encounter any problem. [WARNING] Debian and RedHat package repositories have moved! Debian /etc/apt/sources.list.d/cassandra.sources.list and RedHat /etc/yum.repos.d/cassandra.repo files must be updated to the new repository URLs. For Debian it is now https://debian.cassandra.apache.org . For RedHat it is now https://redhat.cassandra.apache.org/40x/ . Enjoy! [1]: https://issues.apache.org/jira/browse/CASSANDRA-20090 [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23015 [3]: CHANGES.txt https://github.com/apache/cassandra/blob/cassandra-4.0.17/CHANGES.txt [4]: NEWS.txt https://github.com/apache/cassandra/blob/cassandra-4.0.17/NEWS.txt [5]: https://issues.apache.org/jira/browse/CASSANDRA
