Dear Zeppelin community, As you know, the Apache Software Foundation really cares about our users' security, and protects them by defining sensible release and security processes. These indirectly also protect our committers, shielding individuals from personal liability. Additionally, we have a security committee to assist PMCs with the process of triage and followup. Some of this process is necessarily done in private; as we practice responsible disclosure.
We see potential security issues are being reported privately to the Zeppelin PMC, but the PMC is struggling to triage (and, if necessary, fix and disclose) them in a timely manner. If we cannot turn this trend around soon, Zeppelin will have to start the Apache Attic process. On behalf of the PMC: would anyone be interested in significantly helping out here? If so, please contact priv...@zeppelin.apache.org with secur...@apache.org in Cc. Kind regards, The ASF Security Team
