+1 (binding) Signatures and checksum are good. Manually tested with Hadoop 3.4.3 and Spark 4.0.2, Spark notebook examples works well.
Thanks, Cheng Pan > On Jun 6, 2026, at 18:14, HyeonUk Kang <[email protected]> wrote: > > +1 (non-binding) > > Verified: > - Downloaded artifacts from staging > - GPG signature verified against KEYS > - SHA-512 checksum matches > - Built from source successfully: ./mvnw clean package -DskipTests > -> BUILD SUCCESS > - Smoke tested locally: started Zeppelin, executed Spark and JDBC paragraphs > > Thanks for driving the release ! > > HyeonUk Kang > > 2026년 6월 5일 (금) 오후 7:28, Jongyoul Lee <[email protected]>님이 작성: >> >> Hello, >> >> This is a call for vote on releasing Apache Zeppelin 0.12.1 (RC1). >> >> Apache Zeppelin 0.12.1 is a maintenance release containing important >> security fixes, dependency upgrades, and stability improvements. >> >> The release candidate is available at: >> https://dist.apache.org/repos/dist/dev/zeppelin/zeppelin-0.12.1-rc1/ >> >> The Maven staging repository is: >> https://repository.apache.org/content/repositories/orgapachezeppelin-1350/ >> >> The git tag is v0.12.1-rc1 (ae9cb72ffaa6b3c007f57b152e2a3eb2208b910a) >> https://github.com/apache/zeppelin/tree/v0.12.1-rc1 >> >> Release notes are available at: >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316221&version=12355786 >> >> *** Highlights of this release *** >> - Security & Hardening: >> * Incomplete path traversal fix resolved (CVE-2024-31860) >> * Fixed JWT validation issue where tokens without expiration were >> incorrectly validated >> * Fixed watcherSockets memory leak in WebSocket connections >> - New Features & Improvements: >> * Upgraded Web angular frontend to Angular 12 (Webpack 5) and strict >> template mode >> * Added support for dark mode in New UI >> * Migrated Windows build CI to GitHub Actions >> - Bug Fixes & Refactoring: >> * 70+ bug fixes across core modules, Spark/Flink/Python/File interpreters >> >> The vote will be open for at least 72 hours and until the necessary >> number of votes are reached. >> >> Please vote: >> [ ] +1 Approve the release >> [ ] 0 No opinion >> [ ] -1 Do not approve the release (please explain why) >> >> How to verify the release: >> 1. Download artifacts, signatures, and checksums from the staging URL. >> 2. Import KEYS: >> $ curl https://dist.apache.org/repos/dist/release/zeppelin/KEYS | >> gpg --import >> 3. Verify GPG signature: >> $ gpg --verify zeppelin-0.12.1.tgz.asc zeppelin-0.12.1.tgz >> 4. Verify checksum: >> $ shasum -a 512 zeppelin-0.12.1.tgz >> 5. Build from source: >> $ ./mvnw clean package -DskipTests >> >> For more detailed information on verifying Apache releases, please refer to: >> https://www.apache.org/info/verification.html >> >> Thanks, >> Jongyoul Lee
