(zeppelin-site) branch master updated: Update security.md (#27)

[jongyoul]

This is an automated email from the ASF dual-hosted git repository.

jongyoul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin-site.git


The following commit(s) were added to refs/heads/master by this push:
     new d341ec5e0 Update security.md (#27)
d341ec5e0 is described below

commit d341ec5e04d1f0be87d56566d5f97f267d0b5c77
Author: PJ Fanning <pjfann...@users.noreply.github.com>
AuthorDate: Tue Jul 8 07:19:22 2025 +0100

    Update security.md (#27)
---
 security.md | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/security.md b/security.md
index fc7482c8f..08aaca070 100644
--- a/security.md
+++ b/security.md
@@ -1,7 +1,7 @@
 ---
 layout: page
 title: "Security"
-description: "This page explains what security characteristics can be expected 
from Zeppelin, what measures operators of a Zeppelin instance will have to 
take, and how to report any security issues found in the Zeppelin software."
+description: "This page explains what security characteristics can be expected 
from Apache Zeppelin, what measures operators of a Zeppelin instance will have 
to take, and how to report any security issues found in the Zeppelin software."
 group:
 ---
 <!--
@@ -22,7 +22,7 @@ limitations under the License.
 # Zeppelin Security
 
 This page explains what security characteristics can be expected from
-Zeppelin, what measures operators of a Zeppelin instance will have to
+Apache Zeppelin, what measures operators of a Zeppelin instance will have to
 take, and how to report any security issues found in the Zeppelin
 software.
 
@@ -42,6 +42,16 @@ running the Zeppelin server. As generic interpreters such as 
sh, Groovy,
 Java and Python make this especially trivial, we plan to disable the sh
 interpreter by default from version 0.11.1 onward.
 
+### JDBC Interpreter
+
+This is the component that we get the most Security reports about.
+Many JDBC drivers have support for specifying powerful query parameters in the
+JDBC URLs. Many of the driver jars have security issues that are fixed in newer
+versions. Zeppelin users should be very careful about which jars they add to 
their
+Zeppelin deployments. Always use the latest available jars and ensure that you
+set up Zeppelin on a secure network to stop malicious users gaining access to
+your deployment (see below).
+
 ### Zeppelin on Docker
 
 An exception to the above is when the Zeppelin interpreter