Hello, friend!
Huawei has released a warning and workaround, but it is still being updated. If you are in a hurry, use the existing workaround and perform the workaround again after a stable version is released.
Notice on the HWPSIRT-2021-94301 Vulnerability in FusionInsight HD and MRS
Product Line | Cloud BU | Product Family/SPDT | EI services |
Product Model | MapReduce Service | Release Date | 2021-12-16 |
Version Involved | FusionInsight HD 6.5.1 MapReduce Service 3.0.2-ESL.2 MapReduce Service 3.1.2-ESL.1 |
Workarounds:
HWPSIRT-2021-94301: Apache has released an RC version to fix the vulnerability. The affected service party can temporarily prevent this problem by adding log4j2.formatMsgNoLookups=True to the log4j2.ini file to disable JDNI parsing.
Select either of the following configurations:
(1) JVM parameter -Dlog4j2.formatMsgNoLookups=true
(2) log4j2.formatMsgNoLookups=True
Solutions:
Huawei Vulnerability ID | Affected Product Version | Product Version Where This Vulnerability Is Resolved | Patch/Version Release Date | Solution Description |
HWPSIRT-2021-94301 | MapReduce Service 3.1.2-ESL.1 | N/A | N/A | The notice may be updated. Please stay tuned. |
HWPSIRT-2021-94301 | MapReduce Service 3.0.2-ESL.2 | N/A | N/A | The notice may be updated. Please stay tuned. |
HWPSIRT-2021-94301 | FusionInsight HD 6.5.1 | N/A | N/A | The notice may be updated. Please stay tuned. |
For more details, see Notice on the HWPSIRT-2021-94301 Vulnerability in FusionInsight HD and MRS.
If the operation is required, contact the local TAC.
Hope this helps!