+1 (non-binding) Verified: - SHA-512 checksums match for source + both binaries - GPG signatures good, signed by Jongyoul Lee ([email protected]), key in the project KEYS file - Git tag v0.12.1-rc1 matches commit ae9cb72ffaa6b3c007f57b152e2a3eb2208b910a - Built from source on JDK 11: ./mvnw clean package -DskipTests -> BUILD SUCCESS
Thanks for preparing the release! Chanho Lee On 2026/06/05 10:28:08 Jongyoul Lee wrote: > Hello, > > This is a call for vote on releasing Apache Zeppelin 0.12.1 (RC1). > > Apache Zeppelin 0.12.1 is a maintenance release containing important > security fixes, dependency upgrades, and stability improvements. > > The release candidate is available at: > https://dist.apache.org/repos/dist/dev/zeppelin/zeppelin-0.12.1-rc1/ > > The Maven staging repository is: > https://repository.apache.org/content/repositories/orgapachezeppelin-1350/ > > The git tag is v0.12.1-rc1 (ae9cb72ffaa6b3c007f57b152e2a3eb2208b910a) > https://github.com/apache/zeppelin/tree/v0.12.1-rc1 > > Release notes are available at: > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316221&version=12355786 > > *** Highlights of this release *** > - Security & Hardening: > * Incomplete path traversal fix resolved (CVE-2024-31860) > * Fixed JWT validation issue where tokens without expiration were > incorrectly validated > * Fixed watcherSockets memory leak in WebSocket connections > - New Features & Improvements: > * Upgraded Web angular frontend to Angular 12 (Webpack 5) and strict > template mode > * Added support for dark mode in New UI > * Migrated Windows build CI to GitHub Actions > - Bug Fixes & Refactoring: > * 70+ bug fixes across core modules, Spark/Flink/Python/File interpreters > > The vote will be open for at least 72 hours and until the necessary > number of votes are reached. > > Please vote: > [ ] +1 Approve the release > [ ] 0 No opinion > [ ] -1 Do not approve the release (please explain why) > > How to verify the release: > 1. Download artifacts, signatures, and checksums from the staging URL. > 2. Import KEYS: > $ curl https://dist.apache.org/repos/dist/release/zeppelin/KEYS | > gpg --import > 3. Verify GPG signature: > $ gpg --verify zeppelin-0.12.1.tgz.asc zeppelin-0.12.1.tgz > 4. Verify checksum: > $ shasum -a 512 zeppelin-0.12.1.tgz > 5. Build from source: > $ ./mvnw clean package -DskipTests > > For more detailed information on verifying Apache releases, please refer to: > https://www.apache.org/info/verification.html > > Thanks, > Jongyoul Lee >
