This is an automated email from the ASF dual-hosted git repository.
jongyoul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin-site.git
The following commit(s) were added to refs/heads/master by this push:
new 20ea5d6e5 remove 'exceptions' in security.md (#30)
20ea5d6e5 is described below
commit 20ea5d6e5f5d5cfe5b1cf697bcb09e7b6707bbab
Author: PJ Fanning <[email protected]>
AuthorDate: Wed Aug 13 06:16:41 2025 +0100
remove 'exceptions' in security.md (#30)
* remove 'exceptions' in security.md
* Update security.md
---
security.md | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/security.md b/security.md
index dc52ad4fc..9923776af 100644
--- a/security.md
+++ b/security.md
@@ -56,17 +56,18 @@ your deployment (see below).
### Zeppelin on Docker
-An exception to the above is when the Zeppelin interpreter
-is [run in a Docker
container](https://zeppelin.apache.org/docs/latest/quickstart/docker.html).
-This isolates the operating environment of the interpreter through the docker
container.
+When the Zeppelin interpreter is [run in a Docker
container](https://zeppelin.apache.org/docs/latest/quickstart/docker.html),
+this isolates the operating environment of the interpreter through the Docker
container.
+This isolation can provide an operational benefit on large deployments, but is
not intended as a security boundary:
+access to your Zeppelin instances should be restricted regardless of how they
are deployed.
### Zeppelin on Kubernetes
-A similar exception exists when Zeppelin is
-[deployed on
Kubernetes](https://zeppelin.apache.org/docs/latest/quickstart/kubernetes.html).
-In this case Zeppelin creates pods for individual interpreters,
-and also the Spark interpreter is auto configured to use Spark
-on Kubernetes in client mode.
+When Zeppelin is [deployed on
Kubernetes](https://zeppelin.apache.org/docs/latest/quickstart/kubernetes.html),
+Zeppelin creates pods for individual interpreters.
+Also, the Spark interpreter is auto configured to use Spark on Kubernetes in
client mode.
+This isolation can provide an operational benefit on large deployments, but is
not intended as a security boundary:
+access to your Zeppelin instances should be restricted regardless of how they
are deployed.
## JavaScript code execution in the browser
@@ -105,7 +106,7 @@ locations for these executables, such as PYTHON and
SPARK_HOME.
# Known Security Issues
It is always best to use the latest Apache Zeppelin
[release](https://zeppelin.apache.org/download.html).
-A good place to check for CVE announcments is the [Zeppelin users mailing
list](https://lists.apache.org/[email protected]).
+A good place to check for CVE announcements is the [Zeppelin users mailing
list](https://lists.apache.org/[email protected]).
Many third party sites maintain lists of CVEs by product. One example is
[OpenCVE](https://app.opencve.io/cve/?vendor=apache&product=zeppelin).
# Reporting Security Issues
