Shell interpreter in v0.11.1 is not installed

Hello, after switching from Zeppelin 0.11.0 to version 0.11.1, I noticed that the Shell interpreter had disappeared from the config, while my Docker file remained the same (using netinst binary). Also, I noted at least one commit related to somewhat removal of Shell interpreter.[1] 1) Am I m

Re: Shell interpreter in v0.11.1 is not installed

Hello, Thank you for checking it. For 0.11.1, it was obliterated including deploying the 0.11.1 binary to the maven repository. Thus, installing it via install-interpreter.sh is impossible as well. Unfortunately, we don't plan to include it on official deployments until all shell interpreter secu

CVE-2024-31860: Apache Zeppelin: Path traversal vulnerability

Severity: low Affected versions: - Apache Zeppelin 0.9.0 before 0.11.0 Description: Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access.  This

CVE-2021-28656: Apache Zeppelin: CSRF vulnerability in the Credentials page

Severity: low Affected versions: - Apache Zeppelin through 0.9.0 Description: Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versi

CVE-2022-47894: Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE

Severity: moderate Affected versions: - Apache Zeppelin SAP 0.8.0 before 0.11.0 Description: Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fi

CVE-2024-31862: Apache Zeppelin: Denial of service with invalid notebook name

Severity: moderate Affected versions: - Apache Zeppelin 0.10.1 before 0.11.0 Description: Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to

CVE-2024-31863: Apache Zeppelin: Replacing other users notebook, bypassing any permissions

Severity: moderate Affected versions: - Apache Zeppelin 0.10.1 before 0.11.0 Description: Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to versi