Hi Kylin users, On February 20, China National Vulnerability Database (CNVD) published a severe vulnerability in Apache Tomcat’s Apache JServ Protocol (or AJP). For Apache Kylin uses Tomcat as the web container and tomcat 7.0.91 is packaged in Kylin's release package, Kylin also has this security issue.
I strongly recommend you take one of the two solutions below for your Kylin servers to avoid this security issue: 1. Download and install Tomcat 7.0.100 in Kylin 2. Simply comment it out from the $KYLIN_HOME/tomcat/conf/server.xml file, find comment the following configuration (the specific port may be different according to the initial configuration, the protocol is confirmed as protocol="AJP/1.3") <Connector port="9009" protocol="AJP/1.3" redirectPort="9443" /> Then restart your Kylin instances. We'll upgrade the packed Tomcat in Kylin's next releases. --------------------- Best regards, Ni Chunen / George
