Hello, This is a call for vote on releasing Apache Zeppelin 0.12.1 (RC1).
Apache Zeppelin 0.12.1 is a maintenance release containing important security fixes, dependency upgrades, and stability improvements. The release candidate is available at: https://dist.apache.org/repos/dist/dev/zeppelin/zeppelin-0.12.1-rc1/ The Maven staging repository is: https://repository.apache.org/content/repositories/orgapachezeppelin-1350/ The git tag is v0.12.1-rc1 (ae9cb72ffaa6b3c007f57b152e2a3eb2208b910a) https://github.com/apache/zeppelin/tree/v0.12.1-rc1 Release notes are available at: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316221&version=12355786 *** Highlights of this release *** - Security & Hardening: * Incomplete path traversal fix resolved (CVE-2024-31860) * Fixed JWT validation issue where tokens without expiration were incorrectly validated * Fixed watcherSockets memory leak in WebSocket connections - New Features & Improvements: * Upgraded Web angular frontend to Angular 12 (Webpack 5) and strict template mode * Added support for dark mode in New UI * Migrated Windows build CI to GitHub Actions - Bug Fixes & Refactoring: * 70+ bug fixes across core modules, Spark/Flink/Python/File interpreters The vote will be open for at least 72 hours and until the necessary number of votes are reached. Please vote: [ ] +1 Approve the release [ ] 0 No opinion [ ] -1 Do not approve the release (please explain why) How to verify the release: 1. Download artifacts, signatures, and checksums from the staging URL. 2. Import KEYS: $ curl https://dist.apache.org/repos/dist/release/zeppelin/KEYS | gpg --import 3. Verify GPG signature: $ gpg --verify zeppelin-0.12.1.tgz.asc zeppelin-0.12.1.tgz 4. Verify checksum: $ shasum -a 512 zeppelin-0.12.1.tgz 5. Build from source: $ ./mvnw clean package -DskipTests For more detailed information on verifying Apache releases, please refer to: https://www.apache.org/info/verification.html Thanks, Jongyoul Lee
