Hello devs and users,
I would like to follow up on the recent, valuable discussion regarding the
Apache Zeppelin security model, initiated by the ASF Security Team.
We believe the most practical path forward is to proceed with the proposal
to simplify and clarify our security model. This means th
Hello ASF Security Team,
Thank you for initiating this discussion and for your proposals regarding
Apache Zeppelin's security posture.
Based on my experience operating Zeppelin in production environments, I
agree with the premise that users accessing the same instance must be
trusted. Given the d
Hello,
As shared before[0], the ASF security team is concerned about the ability
of the Zeppelin project to respond to security issues.
In the vast majority of Zeppelin deployments, either the network or Shiro
needs to be configured to make sure only trusted users have access. Those
users must be
