Please report suspected security vulnerabilities in Apache Zeppelin privately to the Apache Security Team at security@apache.org, following the ASF process at https://www.apache.org/security/. Do not open public GitHub issues or pull requests for security reports.

Apache Zeppelin's security threat model — what is in and out of scope, the security properties the project provides and disclaims, the adversary model, the configuration knobs whose defaults change the security envelope, and how findings are triaged — is documented in THREAT_MODEL.md.

Note that Apache Zeppelin executes user-supplied notebook code through its interpreters by design; that capability is the product's primary function, and the threat model is about who may reach it and with what isolation. See THREAT_MODEL.md §3, §9, and §11a.

Operator-facing security configuration — authentication via Apache Shiro, notebook authorization, interpreter user impersonation, and HTTPS / HTTP security headers — is documented on the project website: https://zeppelin.apache.org/docs/latest/setup/security/