If upgrade Tomcat to 7.0.100, the tomcat/conf/server.xml and the web.xml in Kylin WEB-INF also need be updated, otherwise the service couldn't start successfully; Please refer to this:
https://github.com/apache/kylin/commit/74f1f6b7e660891d9460e2b1b083f541b4543a06 Best regards, Shaofeng Shi 史少锋 Apache Kylin PMC Email: shaofeng...@apache.org Apache Kylin FAQ: https://kylin.apache.org/docs/gettingstarted/faq.html Join Kylin user mail group: user-subscr...@kylin.apache.org Join Kylin dev mail group: dev-subscr...@kylin.apache.org George Ni <n...@apache.org> 于2020年2月22日周六 下午1:01写道: > Hi Kylin users, > > On February 20, China National Vulnerability Database (CNVD) published a > severe vulnerability in Apache Tomcat’s Apache JServ Protocol (or AJP). For > Apache Kylin uses Tomcat as the web container and tomcat 7.0.91 is packaged > in Kylin's release package, Kylin also has this security issue. > > I strongly recommend you take one of the two solutions below for your > Kylin servers to avoid this security issue: > > 1. Download and install Tomcat 7.0.100 in Kylin > 2. Simply comment it out from the $KYLIN_HOME/tomcat/conf/server.xml > file, find comment the following configuration (the specific port may be > different according to the initial configuration, the protocol is confirmed > as protocol="AJP/1.3") > > <Connector port="9009" protocol="AJP/1.3" redirectPort="9443" /> > > Then restart your Kylin instances. > > We'll upgrade the packed Tomcat in Kylin's next releases. > > --------------------- > > Best regards, > > > > Ni Chunen / George > >