My reason for removing shell interpreter is that one can easily do: %sh cat /etc/zeppelin/conf/shiro.ini
This would expose all the passwords in a normal system. I have been trying to disable sh interpreter ahead of this feature without great success. From: Jongyoul Lee <jongy...@gmail.com> Sent: Monday, April 29, 2024 7:30 PM To: Rutland, Nathan (CTR) <nathan.rutl...@mail.associates.cisa.dhs.gov> Cc: dev <d...@zeppelin.apache.org>; users <users@zeppelin.apache.org> Subject: Re: [VOTE] Revert Shell Interpreter CAUTION: This email originated from outside of CISA/DHS. DO NOT click links or open attachments unless you recognize and/or trust the sender. Contact your component SOC with questions or concerns. Hello, I planed to complete this vote today following general rules for Apache Zeppelin community history but I prolong this vote to one day more as we have one veto so that we wait for the reason. Best regards, Jongyoul Lee 2024년 4월 30일 (화) 오전 9:24, Jongyoul Lee <jongy...@gmail.com<mailto:jongy...@gmail.com>>님이 작성: Hello Nathan, Thank you for interests for this issue. By the way, I should have explained but all voter who gave -1 need to leave some comments about why they disagree this vote. It's the voting policy for all apache projects.[1] Best regards, Jongyoul Lee [1] https://www.apache.org/foundation/voting.html#Veto<https://urldefense.us/v3/__https:/www.apache.org/foundation/voting.html*Veto__;Iw!!BClRuOV5cvtbuNI!ADJCW-K2BWvFLcKduDDrZuDLcY_SnFpwZ1uA4DyNLIW8eXGx07SMJu23ydDmlrhAAX1t6bRpjnuThKFYhfoL1-aEtyirt5sktEur$> 2024년 4월 30일 (화) 오전 2:36, Rutland, Nathan (CTR) <nathan.rutl...@mail.associates.cisa.dhs.gov<mailto:nathan.rutl...@mail.associates.cisa.dhs.gov>>님이 작성: -1 From: Jongyoul Lee <jongy...@gmail.com<mailto:jongy...@gmail.com>> Sent: Saturday, April 27, 2024 7:21 AM To: users <users@zeppelin.apache.org<mailto:users@zeppelin.apache.org>>; dev <d...@zeppelin.apache.org<mailto:d...@zeppelin.apache.org>> Subject: [VOTE] Revert Shell Interpreter CAUTION: This email originated from outside of CISA/DHS. DO NOT click links or open attachments unless you recognize and/or trust the sender. Contact your component SOC with questions or concerns. Hello community, I propose the vote for reverting Shell interpreter. Please check the discussion thread[1] before you participate in this vote. [] +1 Including Shell interpreter again in the next Zeppelin release [] 0 no opinion [] -1 Removing Shell interpreter in the next Zeppelin release as it is Best regards, Jongyoul Lee [1] https://lists.apache.org/thread/opf3h6b0wc4pnsvqsy0b50vzmozd9qbn<https://urldefense.us/v3/__https:/lists.apache.org/thread/opf3h6b0wc4pnsvqsy0b50vzmozd9qbn__;!!BClRuOV5cvtbuNI!CtFUaJ9Py5GaMHmEN0yaMqbSrwRW7L2PzpnNIa2VEqCR9uhwd_ZtcD22qIG35Lls05f8The9HpIROCcowJlxkv_SASaxvJF9qXI-$>
