HBASE-26572 Upgrade to log4j 2.16.0 (#3943)

Signed-off-by: Duo Zhang <zhangduo@apache.org>
Signed-off-by: Pankaj Kumar <pankajkumar@apache.org>

bin/hbase-config.cmd

@@ -67,10 +67,6 @@ if exist "%HBASE_CONF_DIR%\hbase-env.cmd" (
   call "%HBASE_CONF_DIR%\hbase-env.cmd"
 )
 
-@rem Disable the JNDI. This feature has critical REC vulnerability.
-@rem when 2.x <= log4j.version <= 2.14.1
-set HBASE_OPTS=%HBASE_OPTS% -Dlog4j2.formatMsgNoLookups=true
-
 if not defined JAVA_HOME (
   echo Warning: JAVA_HOME environment variable is not set. Defaulting to c:\apps\java
   set JAVA_HOME=c:\apps\java

bin/hbase-config.sh

@@ -162,11 +162,7 @@ fi
 # memory usage to explode. Tune the variable down to prevent vmem explosion.
 export MALLOC_ARENA_MAX=${MALLOC_ARENA_MAX:-4}
 
-# Disable the JNDI. This feature has critical REC vulnerability
-# when 2.x <= log4j.version <= 2.14.1
-export HBASE_OPTS="$HBASE_OPTS -Dlog4j2.formatMsgNoLookups=true"
-
-# Now having JAVA_HOME defined is required 
+# Now having JAVA_HOME defined is required
 if [ -z "$JAVA_HOME" ]; then
     cat 1>&2 <<EOF
 +======================================================================+

pom.xml

@@ -1746,7 +1746,7 @@
     <hamcrest.version>1.3</hamcrest.version>
     <opentelemetry.version>1.0.1</opentelemetry.version>
     <opentelemetry-javaagent.version>1.0.1</opentelemetry-javaagent.version>
-    <log4j2.version>2.15.0</log4j2.version>
+    <log4j2.version>2.16.0</log4j2.version>
     <mockito-core.version>2.28.2</mockito-core.version>
     <protobuf.plugin.version>0.6.1</protobuf.plugin.version>
     <thrift.path>thrift</thrift.path>