Please report suspected security vulnerabilities in Apache Cassandra privately to the Apache Security Team at security@apache.org, following the ASF process at https://www.apache.org/security/. Do not open public GitHub issues or pull requests for security reports.

Apache Cassandra's security model - what is in and out of scope, the trust boundaries it assumes, the security properties the project provides and disclaims, and how findings are triaged - is documented in-repo at doc/modules/cassandra/pages/reference/security-model.adoc.