Alibaba Cloud recently discovered remote code execution (RCE) vulnerabilities in Apache Log4j2 and reported the vulnerabilities to Apache. The vulnerabilities do not affect ApsaraDB for HBase Standard Edition or Performance-enhanced Edition, but affect ApsaraDB for HBase Solr.
Vulnerability description
For more information, see . Alibaba Cloud statement on the impact assessment of Apache Log4j2 RCE vulnerability (CVE-2021-44228).
Impacts
ApsaraDB for HBase Standard Edition and Performance-enhanced Edition do not use Apache Log4j2 and are not affected by the vulnerabilities.
Big DataHub Service (BDS) does not use Apache Log4j2 and is not affected by the vulnerabilities.
ApsaraDB for HBase Solr, which is discontinued and being phased out, is affected by the vulnerabilities.
Solutions
If you activated ApsaraDB for HBase Solr, submit a ticket to fix the vulnerabilities.