As the title said, BABA discovered a security flaw in Apeche Log4J and reported to the software developer (vendor). The CCP is pissed off because it wants to know about the flaw first.
As the result, CCP pulled support for BABA cloud services for 6 months.
The real reason: CCP wants to know about the flaw first so it can take advantage of the security hole. What a bunch of crooks.