Dynatrace does not enforce the latest upstream available versions of the component binaries. It's perfectly fine as they do intensive compatibility testing. You should tread Dynatrace Managed as a black box and not worry about particular versions.
Thanks Julius for the response... if its just me im fine with it.. but the audit was able to highlight this and we need to respond accordingly =). If there is no plan for any update on the component mentioned, a response from dynatrace product team would be good. anyway i already raise a ticket for this.
Open a chat within the product if you have any concerns. Any upgrades of the built-in Dynatrace Managed components are unsupported and will most likely result in a broken Dynatrace Managed installation. Dynatrace also always quicky patches security vulnerabilities of the built-in components.
We currently ship Dynatrace Managed with Cassandra 3 and Python 3 (Updated from 2.7 in Managed 1.202). They are not the latest but work reliably and are supported by Dynatrace. If there are critical security vulnerabilities or bugs we try to ship it as soon as possible. Let me know if you have any further questions.