diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5b68a5b3f..3f18a9a86 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,7 @@ All notable changes to this project will be documented in this file.
   util-linux-core contains a basic set of Linux utilities, including the
   command logger which allows to enter messages into the system log.
 - vector: Add version 0.43.1 ([#980]).
+- druid: Add version 30.0.1 and 31.0.1 ([#984])
 - opa: Add version 1.0.1 ([#981], [#1000]).
 - statsd-exporter: Bump version to 0.28.0 ([#982]).
 - git-sync: Bump version to 4.4.0 ([#990]).
@@ -36,7 +37,7 @@ All notable changes to this project will be documented in this file.
 - kafka: Bump 3.8.0 to 3.8.1 ([#995]).
 - Update registry references to oci ([#989]).
 - trino-storage-connector: Move the build out of trino/ for easier patching ([#996]).
-- druid 26.0.0: Migrate to patchable ([#1003]).
+- BREAKING: druid: Bump opa-authorizer to 0.6.0 for all versions ([#984])
 
 ### Removed
 
@@ -47,6 +48,7 @@ All notable changes to this project will be documented in this file.
 - trino-cli: Remove version 469 ([#999]).
 - trino-storage-connector: Remove version 469 ([#999]).
 - nifi: Remove 2.0.0 ([#1006]).
+- druid: Remove 26.0.0 ([#984])
 
 ### Fixed
 
@@ -66,9 +68,10 @@ All notable changes to this project will be documented in this file.
 [#980]: https://github.com/stackabletech/docker-images/pull/980
 [#981]: https://github.com/stackabletech/docker-images/pull/981
 [#982]: https://github.com/stackabletech/docker-images/pull/982
+[#984]: https://github.com/stackabletech/docker-images/pull/984
+[#988]: https://github.com/stackabletech/docker-images/pull/988
 [#989]: https://github.com/stackabletech/docker-images/pull/989
 [#990]: https://github.com/stackabletech/docker-images/pull/990
-[#988]: https://github.com/stackabletech/docker-images/pull/988
 [#991]: https://github.com/stackabletech/docker-images/pull/991
 [#992]: https://github.com/stackabletech/docker-images/pull/992
 [#993]: https://github.com/stackabletech/docker-images/pull/993
diff --git a/druid/Dockerfile b/druid/Dockerfile
index 6cc597774..de5137591 100644
--- a/druid/Dockerfile
+++ b/druid/Dockerfile
@@ -18,7 +18,7 @@ RUN <<EOF
 microdnf update
 
 # python-pyyaml:
-#   This note was last checked for version 30.0.0
+#   This note was last checked for version 31.0.1
 #   Required for the compilation of Druid.
 #   This requirement is documented in docs/development/build.md and version 5.1 or later is required.
 #   UBI 9 ships with 5.4.x so that should be fine
diff --git a/druid/stackable/patches/26.0.0/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch b/druid/stackable/patches/26.0.0/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch
deleted file mode 100644
index 1bb778624..000000000
--- a/druid/stackable/patches/26.0.0/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From 6a6cd8806bffe6b8f5da14d0d9f9b75fb79ac3cd Mon Sep 17 00:00:00 2001
-From: Lars Francke <git@lars-francke.de>
-Date: Thu, 12 Dec 2024 17:59:17 +0100
-Subject: Updates all dependencies that have a new patch release available.
-
----
- extensions-core/avro-extensions/pom.xml       |  2 +-
- extensions-core/kubernetes-extensions/pom.xml |  2 +-
- extensions-core/orc-extensions/pom.xml        |  2 +-
- extensions-core/parquet-extensions/pom.xml    |  2 +-
- extensions-core/protobuf-extensions/pom.xml   |  2 +-
- pom.xml                                       | 20 +++++++++----------
- 6 files changed, 15 insertions(+), 15 deletions(-)
-
-diff --git a/extensions-core/avro-extensions/pom.xml b/extensions-core/avro-extensions/pom.xml
-index 35b154a469..a9eb0c6851 100644
---- a/extensions-core/avro-extensions/pom.xml
-+++ b/extensions-core/avro-extensions/pom.xml
-@@ -35,7 +35,7 @@
- 
-   <properties>
-     <schemarepo.version>0.1.3</schemarepo.version>
--    <confluent.version>5.5.1</confluent.version>
-+    <confluent.version>5.5.15</confluent.version>
-   </properties>
- 
-   <repositories>
-diff --git a/extensions-core/kubernetes-extensions/pom.xml b/extensions-core/kubernetes-extensions/pom.xml
-index aeac095d53..105f7f0d76 100644
---- a/extensions-core/kubernetes-extensions/pom.xml
-+++ b/extensions-core/kubernetes-extensions/pom.xml
-@@ -34,7 +34,7 @@
-   </parent>
- 
-   <properties>
--    <kubernetes.client.version>11.0.1</kubernetes.client.version>
-+    <kubernetes.client.version>11.0.4</kubernetes.client.version>
-   </properties>
- 
-   <dependencies>
-diff --git a/extensions-core/orc-extensions/pom.xml b/extensions-core/orc-extensions/pom.xml
-index cb1ed09c7a..f118b6c385 100644
---- a/extensions-core/orc-extensions/pom.xml
-+++ b/extensions-core/orc-extensions/pom.xml
-@@ -31,7 +31,7 @@
-     </parent>
-     <modelVersion>4.0.0</modelVersion>
-     <properties>
--        <orc.version>1.7.6</orc.version>
-+        <orc.version>1.7.10</orc.version>
-     </properties>
-     <dependencies>
-         <dependency>
-diff --git a/extensions-core/parquet-extensions/pom.xml b/extensions-core/parquet-extensions/pom.xml
-index 79ad46b038..be95251485 100644
---- a/extensions-core/parquet-extensions/pom.xml
-+++ b/extensions-core/parquet-extensions/pom.xml
-@@ -33,7 +33,7 @@
-   <modelVersion>4.0.0</modelVersion>
- 
-   <properties>
--    <parquet.version>1.12.0</parquet.version>
-+    <parquet.version>1.12.3</parquet.version>
-   </properties>
-   <dependencies>
-     <dependency>
-diff --git a/extensions-core/protobuf-extensions/pom.xml b/extensions-core/protobuf-extensions/pom.xml
-index 77fe703838..fdbc6703ab 100644
---- a/extensions-core/protobuf-extensions/pom.xml
-+++ b/extensions-core/protobuf-extensions/pom.xml
-@@ -34,7 +34,7 @@
-   </parent>
- 
-   <properties>
--    <confluent.version>6.0.1</confluent.version>
-+    <confluent.version>6.0.15</confluent.version>
-     <commons-io.version>2.11.0</commons-io.version>
-   </properties>
- 
-diff --git a/pom.xml b/pom.xml
-index f5001910e1..2364f27dc4 100644
---- a/pom.xml
-+++ b/pom.xml
-@@ -74,7 +74,7 @@
-         <maven.compiler.target>1.8</maven.compiler.target>
-         <java.version>8</java.version>
-         <project.build.resourceEncoding>UTF-8</project.build.resourceEncoding>
--        <aether.version>0.9.0.M2</aether.version>
-+        <aether.version>0.9.1.v20140329</aether.version>
-         <apache.curator.version>5.4.0</apache.curator.version>
-         <apache.kafka.version>3.4.0</apache.kafka.version>
-         <apache.ranger.version>2.0.0</apache.ranger.version>
-@@ -90,13 +90,13 @@
-         <datasketches.version>3.2.0</datasketches.version>
-         <datasketches.memory.version>2.0.0</datasketches.memory.version>
-         <derby.version>10.14.2.0</derby.version>
--        <dropwizard.metrics.version>4.0.0</dropwizard.metrics.version>
-+        <dropwizard.metrics.version>4.0.7</dropwizard.metrics.version>
-         <errorprone.version>2.11.0</errorprone.version>
-         <fastutil.version>8.5.4</fastutil.version>
-         <guava.version>16.0.1</guava.version>
-         <guice.version>4.1.0</guice.version>
-         <hamcrest.version>1.3</hamcrest.version>
--        <jetty.version>9.4.48.v20220622</jetty.version>
-+        <jetty.version>9.4.54.v20240208</jetty.version>
-         <jersey.version>1.19.4</jersey.version>
-         <jackson.version>2.10.5.20201202</jackson.version>
-         <codehaus.jackson.version>1.9.13</codehaus.jackson.version>
-@@ -104,18 +104,18 @@
-         <mysql.version>5.1.49</mysql.version>
-         <mariadb.version>2.7.3</mariadb.version>
-         <netty3.version>3.10.6.Final</netty3.version>
--        <netty4.version>4.1.86.Final</netty4.version>
--        <postgresql.version>42.4.1</postgresql.version>
--        <protobuf.version>3.21.7</protobuf.version>
-+        <netty4.version>4.1.111.Final</netty4.version>
-+        <postgresql.version>42.4.5</postgresql.version>
-+        <protobuf.version>3.21.12</protobuf.version>
-         <resilience4j.version>1.3.1</resilience4j.version>
-         <slf4j.version>1.7.36</slf4j.version>
-         <hadoop.compile.version>2.8.5</hadoop.compile.version>
-         <mockito.version>4.3.1</mockito.version>
--        <aws.sdk.version>1.12.317</aws.sdk.version>
--        <caffeine.version>2.8.0</caffeine.version>
--        <jacoco.version>0.8.7</jacoco.version>
-+        <aws.sdk.version>1.12.754</aws.sdk.version>
-+        <caffeine.version>2.8.8</caffeine.version>
-+        <jacoco.version>0.8.12</jacoco.version>
-         <hibernate-validator.version>5.2.5.Final</hibernate-validator.version>
--        <httpclient.version>4.5.13</httpclient.version>
-+        <httpclient.version>4.5.14</httpclient.version>
-         <!-- When upgrading ZK, edit docs and integration tests as well (integration-tests/docker-base/setup.sh) -->
-         <zookeeper.version>3.5.10</zookeeper.version>
-         <checkerframework.version>2.5.7</checkerframework.version>
diff --git a/druid/stackable/patches/26.0.0/patchable.toml b/druid/stackable/patches/26.0.0/patchable.toml
deleted file mode 100644
index 264c71a6a..000000000
--- a/druid/stackable/patches/26.0.0/patchable.toml
+++ /dev/null
@@ -1,2 +0,0 @@
-upstream = "https://github.com/apache/druid.git"
-base = "7cffb81a8e124d5f218f9af16ad685acf5e9c67c"
diff --git a/druid/stackable/patches/26.0.0/0001-Removes-all-traces-of-the-druid-ranger-extension.patch b/druid/stackable/patches/30.0.1/0001-Removes-all-traces-of-the-druid-ranger-extension.patch
similarity index 60%
rename from druid/stackable/patches/26.0.0/0001-Removes-all-traces-of-the-druid-ranger-extension.patch
rename to druid/stackable/patches/30.0.1/0001-Removes-all-traces-of-the-druid-ranger-extension.patch
index 1e8e17aba..e483b6144 100644
--- a/druid/stackable/patches/26.0.0/0001-Removes-all-traces-of-the-druid-ranger-extension.patch
+++ b/druid/stackable/patches/30.0.1/0001-Removes-all-traces-of-the-druid-ranger-extension.patch
@@ -1,18 +1,18 @@
-From 098e0333cb3977164c62ab0f29aafaf9b1ac6c7c Mon Sep 17 00:00:00 2001
+From 1f18905f78c9c46c7c12c1d705547f00ddbfa1ab Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
 Date: Wed, 10 Jul 2024 17:07:13 +0200
 Subject: Removes all traces of the druid ranger extension
 
 ---
- distribution/pom.xml | 4 ----
+ distribution/pom.xml | 2 --
  pom.xml              | 1 -
- 2 files changed, 5 deletions(-)
+ 2 files changed, 3 deletions(-)
 
 diff --git a/distribution/pom.xml b/distribution/pom.xml
-index eec26171af..a6e72cf2c2 100644
+index 1ebfa31f84..9c2cfc8753 100644
 --- a/distribution/pom.xml
 +++ b/distribution/pom.xml
-@@ -255,8 +255,6 @@
+@@ -252,8 +252,6 @@
                                          <argument>-c</argument>
                                          <argument>org.apache.druid.extensions:druid-pac4j</argument>
                                          <argument>-c</argument>
@@ -21,20 +21,11 @@ index eec26171af..a6e72cf2c2 100644
                                          <argument>org.apache.druid.extensions:druid-kubernetes-extensions</argument>
                                          <argument>-c</argument>
                                          <argument>org.apache.druid.extensions:druid-catalog</argument>
-@@ -439,8 +437,6 @@
-                                         <argument>-c</argument>
-                                         <argument>org.apache.druid.extensions:druid-pac4j</argument>
-                                         <argument>-c</argument>
--                                        <argument>org.apache.druid.extensions:druid-ranger-security</argument>
--                                        <argument>-c</argument>
-                                         <argument>org.apache.druid.extensions:druid-kubernetes-extensions</argument>
-                                         <argument>${druid.distribution.pulldeps.opts}</argument>
-                                     </arguments>
 diff --git a/pom.xml b/pom.xml
-index 0c6294f5ed..a33c6bd521 100644
+index 17cd202ea6..08a3f24210 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -186,7 +186,6 @@
+@@ -198,7 +198,6 @@
          <module>extensions-core/simple-client-sslcontext</module>
          <module>extensions-core/druid-basic-security</module>
          <module>extensions-core/google-extensions</module>
diff --git a/druid/stackable/patches/26.0.0/0002-Include-Prometheus-emitter-in-distribution.patch b/druid/stackable/patches/30.0.1/0002-Include-Prometheus-emitter-in-distribution.patch
similarity index 95%
rename from druid/stackable/patches/26.0.0/0002-Include-Prometheus-emitter-in-distribution.patch
rename to druid/stackable/patches/30.0.1/0002-Include-Prometheus-emitter-in-distribution.patch
index 269b870f8..9ed01f6ff 100644
--- a/druid/stackable/patches/26.0.0/0002-Include-Prometheus-emitter-in-distribution.patch
+++ b/druid/stackable/patches/30.0.1/0002-Include-Prometheus-emitter-in-distribution.patch
@@ -1,6 +1,6 @@
-From cb547abec8bb002984bcb598c75f5031ea9513e1 Mon Sep 17 00:00:00 2001
+From b449a870c7cf546117aba0a64c1b1487e036ab14 Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
-Date: Wed, 10 Jul 2024 17:07:13 +0200
+Date: Mon, 17 Feb 2025 16:42:34 +0100
 Subject: Include Prometheus emitter in distribution
 
 ---
@@ -8,10 +8,10 @@ Subject: Include Prometheus emitter in distribution
  1 file changed, 46 insertions(+)
 
 diff --git a/distribution/pom.xml b/distribution/pom.xml
-index a6e72cf2c2..3ab13d5d11 100644
+index 9c2cfc8753..08b4121287 100644
 --- a/distribution/pom.xml
 +++ b/distribution/pom.xml
-@@ -637,6 +637,52 @@
+@@ -464,6 +464,52 @@
                  </plugins>
              </build>
          </profile>
diff --git a/druid/stackable/patches/26.0.0/0003-Stop-building-unused-extensions.patch b/druid/stackable/patches/30.0.1/0003-Stop-building-unused-extensions.patch
similarity index 75%
rename from druid/stackable/patches/26.0.0/0003-Stop-building-unused-extensions.patch
rename to druid/stackable/patches/30.0.1/0003-Stop-building-unused-extensions.patch
index a46cccaf7..08e568794 100644
--- a/druid/stackable/patches/26.0.0/0003-Stop-building-unused-extensions.patch
+++ b/druid/stackable/patches/30.0.1/0003-Stop-building-unused-extensions.patch
@@ -1,20 +1,20 @@
-From 2722e90c01f02f804f1030f6aa91d07638e5e0a3 Mon Sep 17 00:00:00 2001
+From 087a8e2324d938871c012097446f106daba7d6a7 Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
-Date: Thu, 12 Dec 2024 17:59:17 +0100
+Date: Mon, 17 Feb 2025 16:42:34 +0100
 Subject: Stop building unused extensions.
 
 By default Druid builds all community extensions and then discards them
 while assembling the final distribution. This patch removes unused
 extensions from the build.
 ---
- pom.xml | 32 ++++----------------------------
- 1 file changed, 4 insertions(+), 28 deletions(-)
+ pom.xml | 32 +-------------------------------
+ 1 file changed, 1 insertion(+), 31 deletions(-)
 
 diff --git a/pom.xml b/pom.xml
-index a33c6bd521..f5001910e1 100644
+index 08a3f24210..e8585349f4 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -188,34 +188,10 @@
+@@ -200,39 +200,9 @@
          <module>extensions-core/google-extensions</module>
          <module>extensions-core/druid-catalog</module>
          <module>extensions-core/testing-tools</module>
@@ -41,31 +41,17 @@ index a33c6bd521..f5001910e1 100644
 -        <module>extensions-contrib/momentsketch</module>
 -        <module>extensions-contrib/moving-average-query</module>
 -        <module>extensions-contrib/tdigestsketch</module>
+-        <module>extensions-contrib/ddsketch</module>
 -        <module>extensions-contrib/influxdb-emitter</module>
 -        <module>extensions-contrib/gce-extensions</module>
 -        <module>extensions-contrib/aliyun-oss-extensions</module>
          <module>extensions-contrib/prometheus-emitter</module>
 -        <module>extensions-contrib/opentelemetry-emitter</module>
 -        <module>extensions-contrib/kubernetes-overlord-extensions</module>
-+
+-        <module>extensions-contrib/druid-iceberg-extensions</module>
+-        <module>extensions-contrib/druid-deltalake-extensions</module>
+-        <module>extensions-contrib/spectator-histogram</module>
+-        <module>extensions-contrib/rabbit-stream-indexing-service</module>
+ 
          <!-- distribution packaging -->
          <module>distribution</module>
-         <!-- Revised integration tests -->
-@@ -233,7 +209,7 @@
-                <enabled>false</enabled>
-             </snapshots>
-         </repository>
--        
-+
-         <!-- Only used by core, but moved to root for parallel build dependency resolution -->
-         <repository>
-             <id>sigar</id>
-@@ -243,7 +219,7 @@
-             </snapshots>
-         </repository>
-     </repositories>
--    
-+
-     <pluginRepositories>
-         <pluginRepository>
-             <id>${repoOrgId}</id>
diff --git a/druid/stackable/patches/30.0.1/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch b/druid/stackable/patches/30.0.1/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch
new file mode 100644
index 000000000..6c3c75c4d
--- /dev/null
+++ b/druid/stackable/patches/30.0.1/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch
@@ -0,0 +1,154 @@
+From cf05fadf57c308bf782844226d7fd133ec200189 Mon Sep 17 00:00:00 2001
+From: Lars Francke <git@lars-francke.de>
+Date: Mon, 17 Feb 2025 16:42:49 +0100
+Subject: Updates all dependencies that have a new patch release available.
+
+---
+ extensions-core/druid-pac4j/pom.xml           |  5 +++-
+ extensions-core/kubernetes-extensions/pom.xml |  2 +-
+ extensions-core/orc-extensions/pom.xml        |  2 +-
+ extensions-core/parquet-extensions/pom.xml    |  2 +-
+ pom.xml                                       | 29 ++++++++++---------
+ processing/pom.xml                            |  2 +-
+ 6 files changed, 24 insertions(+), 18 deletions(-)
+
+diff --git a/extensions-core/druid-pac4j/pom.xml b/extensions-core/druid-pac4j/pom.xml
+index 1f95186c19..7961274438 100644
+--- a/extensions-core/druid-pac4j/pom.xml
++++ b/extensions-core/druid-pac4j/pom.xml
+@@ -38,7 +38,10 @@
+ 
+     <!-- Following must be updated along with any updates to pac4j version. One can find the compatible version of nimbus libraries in org.pac4j:pac4j-oidc dependencies-->
+     <nimbus.lang.tag.version>1.7</nimbus.lang.tag.version>
+-    <nimbus.jose.jwt.version>9.37.2</nimbus.jose.jwt.version>
++    <!-- A breaking change was introduced in nimbus-jose-jwt 9.0 where net.minidev.json.JSONObject method arguments and return types were replaced, causing errors during OIDC callback:
++         https://github.com/stackabletech/druid-operator/issues/595
++         https://bitbucket.org/connect2id/nimbus-jose-jwt/src/9.0/CHANGELOG.txt -->
++    <nimbus.jose.jwt.version>8.22.1</nimbus.jose.jwt.version>
+     <oauth2.oidc.sdk.version>8.22</oauth2.oidc.sdk.version>
+   </properties>
+ 
+diff --git a/extensions-core/kubernetes-extensions/pom.xml b/extensions-core/kubernetes-extensions/pom.xml
+index 33c8a0b2f6..17f288b868 100644
+--- a/extensions-core/kubernetes-extensions/pom.xml
++++ b/extensions-core/kubernetes-extensions/pom.xml
+@@ -34,7 +34,7 @@
+   </parent>
+ 
+   <properties>
+-    <kubernetes.client.version>19.0.0</kubernetes.client.version>
++    <kubernetes.client.version>19.0.1</kubernetes.client.version>
+   </properties>
+ 
+ 
+diff --git a/extensions-core/orc-extensions/pom.xml b/extensions-core/orc-extensions/pom.xml
+index 47e178d19e..fd985b9061 100644
+--- a/extensions-core/orc-extensions/pom.xml
++++ b/extensions-core/orc-extensions/pom.xml
+@@ -31,7 +31,7 @@
+     </parent>
+     <modelVersion>4.0.0</modelVersion>
+     <properties>
+-        <orc.version>1.7.6</orc.version>
++        <orc.version>1.7.10</orc.version>
+     </properties>
+     <dependencies>
+         <dependency>
+diff --git a/extensions-core/parquet-extensions/pom.xml b/extensions-core/parquet-extensions/pom.xml
+index b2b7c2ff04..f8d213d63c 100644
+--- a/extensions-core/parquet-extensions/pom.xml
++++ b/extensions-core/parquet-extensions/pom.xml
+@@ -201,7 +201,7 @@
+         </dependency>
+       </dependencies>
+       <properties>
+-        <parquet.version>1.13.0</parquet.version>
++        <parquet.version>1.13.1</parquet.version>
+       </properties>
+     </profile>
+   </profiles>
+diff --git a/pom.xml b/pom.xml
+index e8585349f4..e1b83dac70 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -74,7 +74,7 @@
+         <maven.compiler.target>1.8</maven.compiler.target>
+         <java.version>8</java.version>
+         <project.build.resourceEncoding>UTF-8</project.build.resourceEncoding>
+-        <aether.version>0.9.0.M2</aether.version>
++        <aether.version>0.9.1.v20140329</aether.version>
+         <apache.curator.version>5.5.0</apache.curator.version>
+         <apache.kafka.version>3.6.1</apache.kafka.version>
+         <!-- when updating apache ranger, verify the usage of aws-bundle-sdk vs aws-logs-sdk
+@@ -91,25 +91,28 @@
+         <calcite.version>1.35.0</calcite.version>
+         <confluent.version>6.2.12</confluent.version>
+         <datasketches.version>4.2.0</datasketches.version>
+-        <datasketches.memory.version>2.2.0</datasketches.memory.version>
++        <datasketches.memory.version>2.2.1</datasketches.memory.version>
+         <derby.version>10.14.2.0</derby.version>
+-        <dropwizard.metrics.version>4.2.22</dropwizard.metrics.version>
++        <dropwizard.metrics.version>4.2.26</dropwizard.metrics.version>
+         <errorprone.version>2.20.0</errorprone.version>
+-        <fastutil.version>8.5.4</fastutil.version>
++        <!-- An additional null check was introduced in fastutils 8.5.7 that breaks data ingestion tasks:
++             https://github.com/stackabletech/druid-operator/issues/595
++             https://github.com/vigna/fastutil/commit/598a4fd064e193be69ea324aa86947477c82ede8 -->
++        <fastutil.version>8.5.6</fastutil.version>
+         <guava.version>32.0.1-jre</guava.version>
+         <guice.version>4.1.0</guice.version>
+         <hamcrest.version>1.3</hamcrest.version>
+         <jetty.version>9.4.54.v20240208</jetty.version>
+         <jersey.version>1.19.4</jersey.version>
+-        <jackson.version>2.12.7.20221012</jackson.version>
++        <jackson.version>2.12.7.20240502</jackson.version>
+         <codehaus.jackson.version>1.9.13</codehaus.jackson.version>
+         <log4j.version>2.22.1</log4j.version>
+         <mysql.version>8.2.0</mysql.version>
+         <mariadb.version>2.7.3</mariadb.version>
+         <netty3.version>3.10.6.Final</netty3.version>
+-        <netty4.version>4.1.108.Final</netty4.version>
+-        <postgresql.version>42.7.2</postgresql.version>
+-        <protobuf.version>3.24.0</protobuf.version>
++        <netty4.version>4.1.111.Final</netty4.version>
++        <postgresql.version>42.7.3</postgresql.version>
++        <protobuf.version>3.24.4</protobuf.version>
+         <resilience4j.version>1.3.1</resilience4j.version>
+         <slf4j.version>1.7.36</slf4j.version>
+         <jna.version>5.13.0</jna.version>
+@@ -119,17 +122,17 @@
+         <!-- mockito-inline artifact was removed in mockito 5.3 (mockito 5.x is required for Java >17),
+              however it is required in some cases when running against mockito 4.x (mockito 4.x is required for Java <11. We use the following property to pick the proper artifact based on Java version (see pre-java-11 profile) -->
+         <mockito.inline.artifact>core</mockito.inline.artifact>
+-        <aws.sdk.version>1.12.638</aws.sdk.version>
+-        <caffeine.version>2.8.0</caffeine.version>
+-        <jacoco.version>0.8.7</jacoco.version>
++        <aws.sdk.version>1.12.754</aws.sdk.version>
++        <caffeine.version>2.8.8</caffeine.version>
++        <jacoco.version>0.8.12</jacoco.version>
+         <hibernate-validator.version>6.2.5.Final</hibernate-validator.version>
+-        <httpclient.version>4.5.13</httpclient.version>
++        <httpclient.version>4.5.14</httpclient.version>
+         <!-- When upgrading ZK, edit docs and integration tests as well (integration-tests/docker-base/setup.sh) -->
+         <zookeeper.version>3.8.4</zookeeper.version>
+         <checkerframework.version>2.5.7</checkerframework.version>
+         <com.google.apis.client.version>2.2.0</com.google.apis.client.version>
+         <com.google.http.client.apis.version>1.42.3</com.google.http.client.apis.version>
+-        <com.google.apis.compute.version>v1-rev20230606-2.0.0</com.google.apis.compute.version>
++        <com.google.apis.compute.version>v1-rev20240618-2.0.0</com.google.apis.compute.version>
+         <com.google.cloud.storage.version>2.29.1</com.google.cloud.storage.version>
+         <jdk.strong.encapsulation.argLine><!-- empty placeholder --></jdk.strong.encapsulation.argLine>
+         <jdk.security.manager.allow.argLine><!-- empty placeholder --></jdk.security.manager.allow.argLine>
+diff --git a/processing/pom.xml b/processing/pom.xml
+index fcc16a65c5..2f5fb45890 100644
+--- a/processing/pom.xml
++++ b/processing/pom.xml
+@@ -36,7 +36,7 @@
+     <sigar.base.version>1.6.5</sigar.base.version>
+     <sigar.version>${sigar.base.version}.132</sigar.version>
+     <ipaddress.version>5.3.4</ipaddress.version>
+-    <oshi.version>6.4.4</oshi.version>
++    <oshi.version>6.4.13</oshi.version>
+   </properties>
+ 
+   <dependencies>
diff --git a/druid/stackable/patches/26.0.0/0005-Include-jackson-dataformat-xml-dependency.patch b/druid/stackable/patches/30.0.1/0005-Include-jackson-dataformat-xml-dependency.patch
similarity index 86%
rename from druid/stackable/patches/26.0.0/0005-Include-jackson-dataformat-xml-dependency.patch
rename to druid/stackable/patches/30.0.1/0005-Include-jackson-dataformat-xml-dependency.patch
index e2876fc7a..dc3775693 100644
--- a/druid/stackable/patches/26.0.0/0005-Include-jackson-dataformat-xml-dependency.patch
+++ b/druid/stackable/patches/30.0.1/0005-Include-jackson-dataformat-xml-dependency.patch
@@ -1,6 +1,6 @@
-From 1e4c0f607abfe1362941af5f53e04cd0b845f41f Mon Sep 17 00:00:00 2001
+From 1f1d47e9ab58fe2d4549225f182f3ff381971c20 Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
-Date: Thu, 12 Dec 2024 17:59:17 +0100
+Date: Mon, 17 Feb 2025 16:42:49 +0100
 Subject: Include jackson-dataformat-xml dependency.
 
 This allows us to use XmlLayout for Log4jV2.
@@ -12,10 +12,10 @@ build.
  1 file changed, 5 insertions(+)
 
 diff --git a/server/pom.xml b/server/pom.xml
-index fdc6f1f548..9f18e614e9 100644
+index cfa6b8f9f5..4e36bc9438 100644
 --- a/server/pom.xml
 +++ b/server/pom.xml
-@@ -195,6 +195,11 @@
+@@ -205,6 +205,11 @@
              <groupId>org.apache.logging.log4j</groupId>
              <artifactId>log4j-core</artifactId>
          </dependency>
diff --git a/druid/stackable/patches/26.0.0/0006-Stop-building-the-tar.gz-distribution.patch b/druid/stackable/patches/30.0.1/0006-Stop-building-the-tar.gz-distribution.patch
similarity index 89%
rename from druid/stackable/patches/26.0.0/0006-Stop-building-the-tar.gz-distribution.patch
rename to druid/stackable/patches/30.0.1/0006-Stop-building-the-tar.gz-distribution.patch
index 00a9e9719..f2474299a 100644
--- a/druid/stackable/patches/26.0.0/0006-Stop-building-the-tar.gz-distribution.patch
+++ b/druid/stackable/patches/30.0.1/0006-Stop-building-the-tar.gz-distribution.patch
@@ -1,6 +1,6 @@
-From c7d74ad665618125e09f365bae0ecaa2876b6a87 Mon Sep 17 00:00:00 2001
+From 719e70a5143f7fc3143186a2e277495be7eada72 Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
-Date: Thu, 12 Dec 2024 17:59:17 +0100
+Date: Mon, 17 Feb 2025 16:42:49 +0100
 Subject: Stop building the tar.gz distribution.
 
 All we do is build Druid tar and gzip it only to immediately uncompress it
diff --git a/druid/stackable/patches/26.0.0/0007-Update-CycloneDX-plugin.patch b/druid/stackable/patches/30.0.1/0007-Update-CycloneDX-plugin.patch
similarity index 77%
rename from druid/stackable/patches/26.0.0/0007-Update-CycloneDX-plugin.patch
rename to druid/stackable/patches/30.0.1/0007-Update-CycloneDX-plugin.patch
index 89e466782..ac98de27e 100644
--- a/druid/stackable/patches/26.0.0/0007-Update-CycloneDX-plugin.patch
+++ b/druid/stackable/patches/30.0.1/0007-Update-CycloneDX-plugin.patch
@@ -1,4 +1,4 @@
-From 56541040ce6a5c36d53fdda71316d2a7ab8245c0 Mon Sep 17 00:00:00 2001
+From aff63a7572dd88797be111e8ab04d443bf125369 Mon Sep 17 00:00:00 2001
 From: Lukas Voetmand <lukas.voetmand@stackable.tech>
 Date: Fri, 6 Sep 2024 17:53:52 +0200
 Subject: Update CycloneDX plugin
@@ -8,15 +8,15 @@ Subject: Update CycloneDX plugin
  1 file changed, 5 insertions(+), 1 deletion(-)
 
 diff --git a/pom.xml b/pom.xml
-index 2364f27dc4..c902899304 100644
+index e1b83dac70..7cf5ffda15 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -1533,7 +1533,11 @@
+@@ -1700,7 +1700,11 @@
              <plugin>
                  <groupId>org.cyclonedx</groupId>
                  <artifactId>cyclonedx-maven-plugin</artifactId>
--                <version>2.7.5</version>
-+                <version>2.8.1</version>
+-                <version>2.7.9</version>
++                <version>2.8.0</version>
 +                <configuration>
 +                    <projectType>application</projectType>
 +                    <schemaVersion>1.5</schemaVersion>
diff --git a/druid/stackable/patches/26.0.0/0008-Fix-CVE-2024-36114.patch b/druid/stackable/patches/30.0.1/0008-Fix-CVE-2024-36114.patch
similarity index 89%
rename from druid/stackable/patches/26.0.0/0008-Fix-CVE-2024-36114.patch
rename to druid/stackable/patches/30.0.1/0008-Fix-CVE-2024-36114.patch
index 766d53a5f..240d7f409 100644
--- a/druid/stackable/patches/26.0.0/0008-Fix-CVE-2024-36114.patch
+++ b/druid/stackable/patches/30.0.1/0008-Fix-CVE-2024-36114.patch
@@ -1,9 +1,9 @@
-From a8442f203b70216cd7b3ec9cefe8f7627fa0d7e2 Mon Sep 17 00:00:00 2001
+From 3c4e883753763d3b76b05b438b65feff345d3fb2 Mon Sep 17 00:00:00 2001
 From: Malte Sander <malte.sander.it@gmail.com>
 Date: Thu, 12 Dec 2024 17:59:17 +0100
 Subject: Fix CVE-2024-36114
 
-See https://github.com/stackabletech/vulnerabilities/issues/834
+see https://github.com/stackabletech/vulnerabilities/issues/834
 
 Aircompressor is a library with ports of the Snappy, LZO, LZ4, and
 Zstandard compression algorithms to Java. All decompressor
@@ -26,11 +26,11 @@ known workarounds for this issue.
  1 file changed, 6 insertions(+)
 
 diff --git a/pom.xml b/pom.xml
-index c902899304..6c24bdc0b2 100644
+index 7cf5ffda15..f27713d5fd 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -233,6 +233,12 @@
- 
+@@ -255,6 +255,12 @@
+     </pluginRepositories>
      <dependencyManagement>
          <dependencies>
 +            <!-- Mitigate CVE-2024-36114: See https://github.com/stackabletech/vulnerabilities/issues/834 -->
diff --git a/druid/stackable/patches/26.0.0/0009-Update-FMPP-version.patch b/druid/stackable/patches/30.0.1/0009-Update-FMPP-version.patch
similarity index 88%
rename from druid/stackable/patches/26.0.0/0009-Update-FMPP-version.patch
rename to druid/stackable/patches/30.0.1/0009-Update-FMPP-version.patch
index 90ea19709..2580e05e1 100644
--- a/druid/stackable/patches/26.0.0/0009-Update-FMPP-version.patch
+++ b/druid/stackable/patches/30.0.1/0009-Update-FMPP-version.patch
@@ -1,4 +1,4 @@
-From 2d634afe93690d295ddf69751b03e824cbd9f934 Mon Sep 17 00:00:00 2001
+From 64f5d9955d31695a0bbb98bc70233cca49939bfb Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
 Date: Thu, 12 Dec 2024 06:35:21 +0100
 Subject: Update FMPP version
@@ -12,10 +12,10 @@ which we don't want.
  1 file changed, 7 insertions(+)
 
 diff --git a/sql/pom.xml b/sql/pom.xml
-index e2bbd8c7f8..a72f96a6ca 100644
+index 00ed50cf69..bad8096a59 100644
 --- a/sql/pom.xml
 +++ b/sql/pom.xml
-@@ -322,6 +322,13 @@
+@@ -384,6 +384,13 @@
        <plugin>
          <groupId>com.googlecode.fmpp-maven-plugin</groupId>
          <artifactId>fmpp-maven-plugin</artifactId>
diff --git a/druid/stackable/patches/30.0.1/0010-Fix-CVE-2023-34455.patch b/druid/stackable/patches/30.0.1/0010-Fix-CVE-2023-34455.patch
new file mode 100644
index 000000000..fab4b0f0d
--- /dev/null
+++ b/druid/stackable/patches/30.0.1/0010-Fix-CVE-2023-34455.patch
@@ -0,0 +1,43 @@
+From f246bea0ec12b167b4fb49dcf775527429715f77 Mon Sep 17 00:00:00 2001
+From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
+Date: Tue, 28 Jan 2025 17:29:59 +0100
+Subject: Fix CVE-2023-34455
+
+see https://github.com/stackabletech/vulnerabilities/issues/558
+
+At the end of build process, Druid downloads dependencies directly from a remote
+Maven repository ignoring existing patches that have been applyed locally.
+These dependencies include all transitive dependencies too.
+The hadoop client depends on a vulnerable version of the snappy library which
+is then also downloaded even though a newer version is already on the system.
+
+This patch removes the vulnerable jars.
+---
+ distribution/pom.xml | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/distribution/pom.xml b/distribution/pom.xml
+index 08b4121287..ba08137c26 100644
+--- a/distribution/pom.xml
++++ b/distribution/pom.xml
+@@ -259,6 +259,20 @@
+                                     </arguments>
+                                 </configuration>
+                             </execution>
++                            <execution>
++                                <id>fix-cve-2023-34455-remove-snappy</id>
++                                <phase>package</phase>
++                                <goals>
++                                    <goal>exec</goal>
++                                </goals>
++                                <configuration>
++                                  <executable>/usr/bin/rm</executable>
++                                    <arguments>
++                                      <argument>${project.build.directory}/hadoop-dependencies/hadoop-client-api/3.3.6/snappy-java-1.1.8.2.jar</argument>
++                                      <argument>${project.build.directory}/hadoop-dependencies/hadoop-client-runtime/3.3.6/snappy-java-1.1.8.2.jar</argument>
++                                    </arguments>
++                                </configuration>
++                            </execution>
+                         </executions>
+                     </plugin>
+                     <plugin>
diff --git a/druid/stackable/patches/30.0.1/patchable.toml b/druid/stackable/patches/30.0.1/patchable.toml
new file mode 100644
index 000000000..aad1cde81
--- /dev/null
+++ b/druid/stackable/patches/30.0.1/patchable.toml
@@ -0,0 +1,2 @@
+upstream = "https://github.com/apache/druid.git"
+base = "a30af7a91d528e5c3a90356a5592abc7119191c6"
diff --git a/druid/stackable/patches/31.0.1/0001-Removes-all-traces-of-the-druid-ranger-extension.patch b/druid/stackable/patches/31.0.1/0001-Removes-all-traces-of-the-druid-ranger-extension.patch
new file mode 100644
index 000000000..1a63c96b7
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/0001-Removes-all-traces-of-the-druid-ranger-extension.patch
@@ -0,0 +1,35 @@
+From ac257969aaf853835a5a410bb3d432c2b8d9f390 Mon Sep 17 00:00:00 2001
+From: Lars Francke <git@lars-francke.de>
+Date: Wed, 10 Jul 2024 17:07:13 +0200
+Subject: Removes all traces of the druid ranger extension
+
+---
+ distribution/pom.xml | 2 --
+ pom.xml              | 1 -
+ 2 files changed, 3 deletions(-)
+
+diff --git a/distribution/pom.xml b/distribution/pom.xml
+index dcb01abceb..1a4f7df716 100644
+--- a/distribution/pom.xml
++++ b/distribution/pom.xml
+@@ -252,8 +252,6 @@
+                                         <argument>-c</argument>
+                                         <argument>org.apache.druid.extensions:druid-pac4j</argument>
+                                         <argument>-c</argument>
+-                                        <argument>org.apache.druid.extensions:druid-ranger-security</argument>
+-                                        <argument>-c</argument>
+                                         <argument>org.apache.druid.extensions:druid-kubernetes-extensions</argument>
+                                         <argument>-c</argument>
+                                         <argument>org.apache.druid.extensions:druid-catalog</argument>
+diff --git a/pom.xml b/pom.xml
+index e5bcfafacb..807f9f11df 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -198,7 +198,6 @@
+         <module>extensions-core/simple-client-sslcontext</module>
+         <module>extensions-core/druid-basic-security</module>
+         <module>extensions-core/google-extensions</module>
+-        <module>extensions-core/druid-ranger-security</module>
+         <module>extensions-core/druid-catalog</module>
+         <module>extensions-core/testing-tools</module>
+         <!-- Community extensions -->
diff --git a/druid/stackable/patches/31.0.1/0002-Include-Prometheus-emitter-in-distribution.patch b/druid/stackable/patches/31.0.1/0002-Include-Prometheus-emitter-in-distribution.patch
new file mode 100644
index 000000000..beb5f4e94
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/0002-Include-Prometheus-emitter-in-distribution.patch
@@ -0,0 +1,66 @@
+From 484bd7f13890823fdfdcbec5bd21b046ac885015 Mon Sep 17 00:00:00 2001
+From: Lars Francke <git@lars-francke.de>
+Date: Mon, 17 Feb 2025 16:42:34 +0100
+Subject: Include Prometheus emitter in distribution
+
+---
+ distribution/pom.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 46 insertions(+)
+
+diff --git a/distribution/pom.xml b/distribution/pom.xml
+index 1a4f7df716..a28e34bb6a 100644
+--- a/distribution/pom.xml
++++ b/distribution/pom.xml
+@@ -464,6 +464,52 @@
+                 </plugins>
+             </build>
+         </profile>
++        <profile>
++            <id>stackable-bundle-contrib-exts</id>
++            <activation>
++                <activeByDefault>true</activeByDefault>
++            </activation>
++            <build>
++                <plugins>
++                    <plugin>
++                        <groupId>org.codehaus.mojo</groupId>
++                        <artifactId>exec-maven-plugin</artifactId>
++                        <executions>
++                            <execution>
++                                <id>pull-deps-contrib-exts</id>
++                                <phase>package</phase>
++                                <goals>
++                                    <goal>exec</goal>
++                                </goals>
++                                <configuration>
++                                    <executable>${project.parent.basedir}/examples/bin/run-java</executable>
++                                    <arguments>
++                                        <argument>-classpath</argument>
++                                        <classpath />
++                                        <argument>-Ddruid.extensions.loadList=[]</argument>
++                                        <argument>-Ddruid.extensions.directory=${project.build.directory}/extensions
++                                        </argument>
++                                        <argument>
++                                            -Ddruid.extensions.hadoopDependenciesDir=${project.build.directory}/hadoop-dependencies
++                                        </argument>
++                                        <argument>org.apache.druid.cli.Main</argument>
++                                        <argument>tools</argument>
++                                        <argument>pull-deps</argument>
++                                        <argument>--defaultVersion</argument>
++                                        <argument>${project.parent.version}</argument>
++                                        <argument>-l</argument>
++                                        <argument>${settings.localRepository}</argument>
++                                        <argument>--no-default-hadoop</argument>
++                                        <argument>-c</argument>
++                                        <argument>org.apache.druid.extensions.contrib:prometheus-emitter</argument>
++                                    </arguments>
++                                </configuration>
++                            </execution>
++                        </executions>
++                    </plugin>
++                </plugins>
++            </build>
++        </profile>
+         <profile>
+             <id>integration-test</id>
+             <activation>
diff --git a/druid/stackable/patches/31.0.1/0003-Stop-building-unused-extensions.patch b/druid/stackable/patches/31.0.1/0003-Stop-building-unused-extensions.patch
new file mode 100644
index 000000000..97fc3b900
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/0003-Stop-building-unused-extensions.patch
@@ -0,0 +1,57 @@
+From 540182e6a1169103cb77ff37d963186f23204800 Mon Sep 17 00:00:00 2001
+From: Lars Francke <git@lars-francke.de>
+Date: Mon, 17 Feb 2025 16:42:34 +0100
+Subject: Stop building unused extensions.
+
+By default Druid builds all community extensions and then discards them
+while assembling the final distribution. This patch removes unused
+extensions from the build.
+---
+ pom.xml | 32 +-------------------------------
+ 1 file changed, 1 insertion(+), 31 deletions(-)
+
+diff --git a/pom.xml b/pom.xml
+index 807f9f11df..e9e19f7920 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -200,39 +200,9 @@
+         <module>extensions-core/google-extensions</module>
+         <module>extensions-core/druid-catalog</module>
+         <module>extensions-core/testing-tools</module>
++
+         <!-- Community extensions -->
+-        <module>extensions-contrib/compressed-bigdecimal</module>
+-        <module>extensions-contrib/influx-extensions</module>
+-        <module>extensions-contrib/cassandra-storage</module>
+-        <module>extensions-contrib/dropwizard-emitter</module>
+-        <module>extensions-contrib/cloudfiles-extensions</module>
+-        <module>extensions-contrib/graphite-emitter</module>
+-        <module>extensions-contrib/distinctcount</module>
+-        <module>extensions-contrib/statsd-emitter</module>
+-        <module>extensions-contrib/time-min-max</module>
+-        <module>extensions-contrib/virtual-columns</module>
+-        <module>extensions-contrib/thrift-extensions</module>
+-        <module>extensions-contrib/ambari-metrics-emitter</module>
+-        <module>extensions-contrib/sqlserver-metadata-storage</module>
+-        <module>extensions-contrib/kafka-emitter</module>
+-        <module>extensions-contrib/redis-cache</module>
+-        <module>extensions-contrib/opentsdb-emitter</module>
+-        <module>extensions-contrib/materialized-view-maintenance</module>
+-        <module>extensions-contrib/materialized-view-selection</module>
+-        <module>extensions-contrib/momentsketch</module>
+-        <module>extensions-contrib/moving-average-query</module>
+-        <module>extensions-contrib/tdigestsketch</module>
+-        <module>extensions-contrib/ddsketch</module>
+-        <module>extensions-contrib/influxdb-emitter</module>
+-        <module>extensions-contrib/gce-extensions</module>
+-        <module>extensions-contrib/aliyun-oss-extensions</module>
+         <module>extensions-contrib/prometheus-emitter</module>
+-        <module>extensions-contrib/opentelemetry-emitter</module>
+-        <module>extensions-contrib/kubernetes-overlord-extensions</module>
+-        <module>extensions-contrib/druid-iceberg-extensions</module>
+-        <module>extensions-contrib/druid-deltalake-extensions</module>
+-        <module>extensions-contrib/spectator-histogram</module>
+-        <module>extensions-contrib/rabbit-stream-indexing-service</module>
+ 
+         <!-- distribution packaging -->
+         <module>distribution</module>
diff --git a/druid/stackable/patches/31.0.1/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch b/druid/stackable/patches/31.0.1/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch
new file mode 100644
index 000000000..f6d435ab6
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch
@@ -0,0 +1,151 @@
+From 14918ed4cad073b1e62ba26111352dafd2da3ae0 Mon Sep 17 00:00:00 2001
+From: Lars Francke <git@lars-francke.de>
+Date: Mon, 17 Feb 2025 16:42:49 +0100
+Subject: Updates all dependencies that have a new patch release available.
+
+---
+ extensions-core/druid-pac4j/pom.xml           |  2 +-
+ extensions-core/kubernetes-extensions/pom.xml |  2 +-
+ extensions-core/orc-extensions/pom.xml        |  2 +-
+ extensions-core/parquet-extensions/pom.xml    |  2 +-
+ pom.xml                                       | 31 ++++++++++---------
+ processing/pom.xml                            |  2 +-
+ 6 files changed, 22 insertions(+), 19 deletions(-)
+
+diff --git a/extensions-core/druid-pac4j/pom.xml b/extensions-core/druid-pac4j/pom.xml
+index 3693d28d67..8be5e4c355 100644
+--- a/extensions-core/druid-pac4j/pom.xml
++++ b/extensions-core/druid-pac4j/pom.xml
+@@ -34,7 +34,7 @@
+   </parent>
+ 
+   <properties>
+-    <pac4j.version>4.5.7</pac4j.version>
++    <pac4j.version>4.5.8</pac4j.version>
+ 
+     <!-- Following must be updated along with any updates to pac4j version. One can find the compatible version of nimbus libraries in org.pac4j:pac4j-oidc dependencies-->
+     <nimbus.lang.tag.version>1.7</nimbus.lang.tag.version>
+diff --git a/extensions-core/kubernetes-extensions/pom.xml b/extensions-core/kubernetes-extensions/pom.xml
+index 1e513ec8eb..7f43fdd108 100644
+--- a/extensions-core/kubernetes-extensions/pom.xml
++++ b/extensions-core/kubernetes-extensions/pom.xml
+@@ -34,7 +34,7 @@
+   </parent>
+ 
+   <properties>
+-    <kubernetes.client.version>19.0.0</kubernetes.client.version>
++    <kubernetes.client.version>19.0.2</kubernetes.client.version>
+   </properties>
+ 
+ 
+diff --git a/extensions-core/orc-extensions/pom.xml b/extensions-core/orc-extensions/pom.xml
+index 1b6a394728..bb4a9be716 100644
+--- a/extensions-core/orc-extensions/pom.xml
++++ b/extensions-core/orc-extensions/pom.xml
+@@ -31,7 +31,7 @@
+     </parent>
+     <modelVersion>4.0.0</modelVersion>
+     <properties>
+-        <orc.version>1.7.6</orc.version>
++        <orc.version>1.7.11</orc.version>
+     </properties>
+     <dependencies>
+         <dependency>
+diff --git a/extensions-core/parquet-extensions/pom.xml b/extensions-core/parquet-extensions/pom.xml
+index 0d18d9162d..a8f9e7d52e 100644
+--- a/extensions-core/parquet-extensions/pom.xml
++++ b/extensions-core/parquet-extensions/pom.xml
+@@ -201,7 +201,7 @@
+         </dependency>
+       </dependencies>
+       <properties>
+-        <parquet.version>1.13.0</parquet.version>
++        <parquet.version>1.13.1</parquet.version>
+       </properties>
+     </profile>
+   </profiles>
+diff --git a/pom.xml b/pom.xml
+index e9e19f7920..4408e55b9c 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -74,7 +74,7 @@
+         <maven.compiler.target>1.8</maven.compiler.target>
+         <java.version>8</java.version>
+         <project.build.resourceEncoding>UTF-8</project.build.resourceEncoding>
+-        <aether.version>0.9.0.M2</aether.version>
++        <aether.version>0.9.1.v20140329</aether.version>
+         <apache.curator.version>5.5.0</apache.curator.version>
+         <apache.kafka.version>3.9.0</apache.kafka.version>
+         <!-- when updating apache ranger, verify the usage of aws-bundle-sdk vs aws-logs-sdk
+@@ -90,24 +90,27 @@
+         <calcite.version>1.37.0</calcite.version>
+         <confluent.version>6.2.12</confluent.version>
+         <datasketches.version>4.2.0</datasketches.version>
+-        <datasketches.memory.version>2.2.0</datasketches.memory.version>
++        <datasketches.memory.version>2.2.1</datasketches.memory.version>
+         <derby.version>10.14.2.0</derby.version>
+-        <dropwizard.metrics.version>4.2.22</dropwizard.metrics.version>
++        <dropwizard.metrics.version>4.2.30</dropwizard.metrics.version>
+         <errorprone.version>2.20.0</errorprone.version>
+-        <fastutil.version>8.5.4</fastutil.version>
++        <!-- An additional null check was introduced in fastutils 8.5.7 that breaks data ingestion tasks:
++             https://github.com/stackabletech/druid-operator/issues/595
++             https://github.com/vigna/fastutil/commit/598a4fd064e193be69ea324aa86947477c82ede8 -->
++        <fastutil.version>8.5.6</fastutil.version>
+         <guava.version>32.0.1-jre</guava.version>
+         <guice.version>4.1.0</guice.version>
+         <hamcrest.version>1.3</hamcrest.version>
+-        <jetty.version>9.4.56.v20240826</jetty.version>
++        <jetty.version>9.4.57.v20241219</jetty.version>
+         <jersey.version>1.19.4</jersey.version>
+-        <jackson.version>2.12.7.20221012</jackson.version>
+-        <codehaus.jackson.version>1.9.13</codehaus.jackson.version>
++        <jackson.version>2.12.7.20240502</jackson.version>
++        <codehaus.jackson.version>1.9.14-MULE-002</codehaus.jackson.version>
+         <log4j.version>2.22.1</log4j.version>
+         <mysql.version>8.2.0</mysql.version>
+         <mariadb.version>2.7.3</mariadb.version>
+         <netty3.version>3.10.6.Final</netty3.version>
+-        <netty4.version>4.1.108.Final</netty4.version>
+-        <postgresql.version>42.7.2</postgresql.version>
++        <netty4.version>4.1.117.Final</netty4.version>
++        <postgresql.version>42.7.5</postgresql.version>
+         <protobuf.version>3.25.5</protobuf.version>
+         <resilience4j.version>1.3.1</resilience4j.version>
+         <slf4j.version>1.7.36</slf4j.version>
+@@ -118,17 +121,17 @@
+         <!-- mockito-inline artifact was removed in mockito 5.3 (mockito 5.x is required for Java >17),
+              however it is required in some cases when running against mockito 4.x (mockito 4.x is required for Java <11. We use the following property to pick the proper artifact based on Java version (see pre-java-11 profile) -->
+         <mockito.inline.artifact>core</mockito.inline.artifact>
+-        <aws.sdk.version>1.12.638</aws.sdk.version>
+-        <caffeine.version>2.8.0</caffeine.version>
+-        <jacoco.version>0.8.7</jacoco.version>
++        <aws.sdk.version>1.12.780</aws.sdk.version>
++        <caffeine.version>2.8.8</caffeine.version>
++        <jacoco.version>0.8.12</jacoco.version>
+         <hibernate-validator.version>6.2.5.Final</hibernate-validator.version>
+-        <httpclient.version>4.5.13</httpclient.version>
++        <httpclient.version>4.5.14</httpclient.version>
+         <!-- When upgrading ZK, edit docs and integration tests as well (integration-tests/docker-base/setup.sh) -->
+         <zookeeper.version>3.8.4</zookeeper.version>
+         <checkerframework.version>2.5.7</checkerframework.version>
+         <com.google.apis.client.version>2.2.0</com.google.apis.client.version>
+         <com.google.http.client.apis.version>1.42.3</com.google.http.client.apis.version>
+-        <com.google.apis.compute.version>v1-rev20230606-2.0.0</com.google.apis.compute.version>
++        <com.google.apis.compute.version>v1-rev20250107-2.0.0</com.google.apis.compute.version>
+         <com.google.cloud.storage.version>2.29.1</com.google.cloud.storage.version>
+         <jdk.strong.encapsulation.argLine><!-- empty placeholder --></jdk.strong.encapsulation.argLine>
+         <jdk.security.manager.allow.argLine><!-- empty placeholder --></jdk.security.manager.allow.argLine>
+diff --git a/processing/pom.xml b/processing/pom.xml
+index d5418dce93..716c1299f4 100644
+--- a/processing/pom.xml
++++ b/processing/pom.xml
+@@ -36,7 +36,7 @@
+     <sigar.base.version>1.6.5</sigar.base.version>
+     <sigar.version>${sigar.base.version}.132</sigar.version>
+     <ipaddress.version>5.3.4</ipaddress.version>
+-    <oshi.version>6.4.4</oshi.version>
++    <oshi.version>6.4.13</oshi.version>
+   </properties>
+ 
+   <dependencies>
diff --git a/druid/stackable/patches/31.0.1/0005-Include-jackson-dataformat-xml-dependency.patch b/druid/stackable/patches/31.0.1/0005-Include-jackson-dataformat-xml-dependency.patch
new file mode 100644
index 000000000..1a469fef8
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/0005-Include-jackson-dataformat-xml-dependency.patch
@@ -0,0 +1,29 @@
+From bb1dd6ace9f6112532e5c4ad7158f0703b5baf9a Mon Sep 17 00:00:00 2001
+From: Lars Francke <git@lars-francke.de>
+Date: Mon, 17 Feb 2025 16:42:49 +0100
+Subject: Include jackson-dataformat-xml dependency.
+
+This allows us to use XmlLayout for Log4jV2.
+By including it here as a dependency we can make sure that we always have
+the matching version and we don't need to include it manually later in the
+build.
+---
+ server/pom.xml | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/server/pom.xml b/server/pom.xml
+index 8f1bb2bd72..4c443f9ac4 100644
+--- a/server/pom.xml
++++ b/server/pom.xml
+@@ -205,6 +205,11 @@
+             <groupId>org.apache.logging.log4j</groupId>
+             <artifactId>log4j-core</artifactId>
+         </dependency>
++        <dependency>
++          <!-- This is an optional dependency of log4j which is needed to use XmlLayout -->
++          <groupId>com.fasterxml.jackson.dataformat</groupId>
++          <artifactId>jackson-dataformat-xml</artifactId>
++        </dependency>
+         <dependency>
+             <groupId>com.fasterxml.jackson.datatype</groupId>
+             <artifactId>jackson-datatype-joda</artifactId>
diff --git a/druid/stackable/patches/31.0.1/0006-Stop-building-the-tar.gz-distribution.patch b/druid/stackable/patches/31.0.1/0006-Stop-building-the-tar.gz-distribution.patch
new file mode 100644
index 000000000..41fc73a3f
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/0006-Stop-building-the-tar.gz-distribution.patch
@@ -0,0 +1,24 @@
+From e91413a596de7c72e659a0da45522f8d84a6372b Mon Sep 17 00:00:00 2001
+From: Lars Francke <git@lars-francke.de>
+Date: Mon, 17 Feb 2025 16:42:49 +0100
+Subject: Stop building the tar.gz distribution.
+
+All we do is build Druid tar and gzip it only to immediately uncompress it
+again. So, instead we just skip the compression step entirely.
+---
+ distribution/src/assembly/assembly.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/distribution/src/assembly/assembly.xml b/distribution/src/assembly/assembly.xml
+index ff8e0d2fdd..f9daa49e21 100644
+--- a/distribution/src/assembly/assembly.xml
++++ b/distribution/src/assembly/assembly.xml
+@@ -23,7 +23,7 @@
+           xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.0.0 http://maven.apache.org/xsd/assembly-2.0.0.xsd">
+     <id>bin</id>
+     <formats>
+-        <format>tar.gz</format>
++        <format>dir</format>
+     </formats>
+     <fileSets>
+         <fileSet>
diff --git a/druid/stackable/patches/31.0.1/0007-Update-CycloneDX-plugin.patch b/druid/stackable/patches/31.0.1/0007-Update-CycloneDX-plugin.patch
new file mode 100644
index 000000000..52880e32c
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/0007-Update-CycloneDX-plugin.patch
@@ -0,0 +1,26 @@
+From 245dbf0bff4e386db6b27d079fe5baff6180732c Mon Sep 17 00:00:00 2001
+From: Lukas Voetmand <lukas.voetmand@stackable.tech>
+Date: Fri, 6 Sep 2024 17:53:52 +0200
+Subject: Update CycloneDX plugin
+
+---
+ pom.xml | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/pom.xml b/pom.xml
+index 4408e55b9c..5c99e69381 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -1707,7 +1707,11 @@
+             <plugin>
+                 <groupId>org.cyclonedx</groupId>
+                 <artifactId>cyclonedx-maven-plugin</artifactId>
+-                <version>2.7.9</version>
++                <version>2.8.0</version>
++                <configuration>
++                    <projectType>application</projectType>
++                    <schemaVersion>1.5</schemaVersion>
++                </configuration>
+                 <executions>
+                     <execution>
+                         <phase>package</phase>
diff --git a/druid/stackable/patches/31.0.1/0008-Fix-CVE-2024-36114.patch b/druid/stackable/patches/31.0.1/0008-Fix-CVE-2024-36114.patch
new file mode 100644
index 000000000..5915ad3a9
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/0008-Fix-CVE-2024-36114.patch
@@ -0,0 +1,45 @@
+From f36f1491c4d3658a8ebdc74e90fdbfa949546abe Mon Sep 17 00:00:00 2001
+From: Malte Sander <malte.sander.it@gmail.com>
+Date: Thu, 12 Dec 2024 17:59:17 +0100
+Subject: Fix CVE-2024-36114
+
+Fix CVE-2024-36114
+see https://github.com/stackabletech/vulnerabilities/issues/834
+
+Aircompressor is a library with ports of the Snappy, LZO, LZ4, and
+Zstandard compression algorithms to Java. All decompressor
+implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash
+the JVM for certain input, and in some cases also leak the content of
+other memory of the Java process (which could contain sensitive
+information). When decompressing certain data, the decompressors try to
+access memory outside the bounds of the given byte arrays or byte
+buffers. Because Aircompressor uses the JDK class sun.misc.Unsafe to
+speed up memory access, no additional bounds checks are performed and
+this has similar security consequences as out-of-bounds access in C or
+C++, namely it can lead to non-deterministic behavior or crash the JVM.
+Users should update to Aircompressor 0.27 or newer where these issues
+have been fixed. When decompressing data from untrusted users, this can
+be exploited for a denial-of-service attack by crashing the JVM, or to
+leak other sensitive information from the Java process. There are no
+known workarounds for this issue.
+---
+ pom.xml | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/pom.xml b/pom.xml
+index 5c99e69381..88fdfcb09a 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -256,6 +256,12 @@
+     </pluginRepositories>
+     <dependencyManagement>
+         <dependencies>
++            <!-- Mitigate CVE-2024-36114: See https://github.com/stackabletech/vulnerabilities/issues/834 -->
++            <dependency>
++                <groupId>io.airlift</groupId>
++                <artifactId>aircompressor</artifactId>
++                <version>0.27</version>
++            </dependency>
+             <!-- Compile Scope -->
+             <dependency>
+                 <groupId>commons-codec</groupId>
diff --git a/druid/stackable/patches/31.0.1/0009-Update-FMPP-version.patch b/druid/stackable/patches/31.0.1/0009-Update-FMPP-version.patch
new file mode 100644
index 000000000..0ff41331f
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/0009-Update-FMPP-version.patch
@@ -0,0 +1,36 @@
+From 15f604cc0c9f953df95be8a4c38d5dcc0b595051 Mon Sep 17 00:00:00 2001
+From: Lars Francke <git@lars-francke.de>
+Date: Thu, 12 Dec 2024 06:35:21 +0100
+Subject: Update FMPP version
+
+This is because FMPP Maven Plugin depends on FMPP in version 0.9.14
+which itself depends on a Freemarker version that has not been pinned.
+Instead it specifies a "range" which resolves to a SNAPSHOT version
+which we don't want.
+---
+ 10-update-fmpp.patch | 0
+ sql/pom.xml          | 7 +++++++
+ 2 files changed, 7 insertions(+)
+ create mode 100644 10-update-fmpp.patch
+
+diff --git a/10-update-fmpp.patch b/10-update-fmpp.patch
+new file mode 100644
+index 0000000000..e69de29bb2
+diff --git a/sql/pom.xml b/sql/pom.xml
+index 56ed03f5c2..d0d19dd854 100644
+--- a/sql/pom.xml
++++ b/sql/pom.xml
+@@ -365,6 +365,13 @@
+       <plugin>
+         <groupId>com.googlecode.fmpp-maven-plugin</groupId>
+         <artifactId>fmpp-maven-plugin</artifactId>
++        <dependencies>
++          <dependency>
++            <groupId>net.sourceforge.fmpp</groupId>
++            <artifactId>fmpp</artifactId>
++            <version>0.9.16</version>
++          </dependency>
++        </dependencies>
+         <executions>
+           <execution>
+             <id>generate-fmpp-sources</id>
diff --git a/druid/stackable/patches/31.0.1/0010-Fix-CVE-2023-34455.patch b/druid/stackable/patches/31.0.1/0010-Fix-CVE-2023-34455.patch
new file mode 100644
index 000000000..c69d2f85e
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/0010-Fix-CVE-2023-34455.patch
@@ -0,0 +1,43 @@
+From 90f6dd1211a4d4ced8b3a75b7549b1e68e4b6ee6 Mon Sep 17 00:00:00 2001
+From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
+Date: Tue, 28 Jan 2025 17:29:59 +0100
+Subject: Fix CVE-2023-34455
+
+see https://github.com/stackabletech/vulnerabilities/issues/558
+
+At the end of build process, Druid downloads dependencies directly from a remote
+Maven repository ignoring existing patches that have been applyed locally.
+These dependencies include all transitive dependencies too.
+The hadoop client depends on a vulnerable version of the snappy library which
+is then also downloaded even though a newer version is already on the system.
+
+This patch removes the vulnerable jars.
+---
+ distribution/pom.xml | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/distribution/pom.xml b/distribution/pom.xml
+index a28e34bb6a..4ab7837538 100644
+--- a/distribution/pom.xml
++++ b/distribution/pom.xml
+@@ -259,6 +259,20 @@
+                                     </arguments>
+                                 </configuration>
+                             </execution>
++                            <execution>
++                                <id>fix-cve-2023-34455-remove-snappy</id>
++                                <phase>package</phase>
++                                <goals>
++                                    <goal>exec</goal>
++                                </goals>
++                                <configuration>
++                                  <executable>/usr/bin/rm</executable>
++                                    <arguments>
++                                      <argument>${project.build.directory}/hadoop-dependencies/hadoop-client-api/3.3.6/snappy-java-1.1.8.2.jar</argument>
++                                      <argument>${project.build.directory}/hadoop-dependencies/hadoop-client-runtime/3.3.6/snappy-java-1.1.8.2.jar</argument>
++                                    </arguments>
++                                </configuration>
++                            </execution>
+                         </executions>
+                     </plugin>
+                     <plugin>
diff --git a/druid/stackable/patches/31.0.1/patchable.toml b/druid/stackable/patches/31.0.1/patchable.toml
new file mode 100644
index 000000000..97ae47d66
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/patchable.toml
@@ -0,0 +1,2 @@
+upstream = "https://github.com/apache/druid.git"
+base = "520482cb9638e452b0553595b4f29bb397a63758"
diff --git a/druid/versions.py b/druid/versions.py
index ec14e455b..ec46b26da 100644
--- a/druid/versions.py
+++ b/druid/versions.py
@@ -1,15 +1,23 @@
 versions = [
-    {
-        "product": "26.0.0",
-        "java-base": "11",
-        "java-devel": "11",
-        "authorizer": "0.5.0",
-    },
     {
         "product": "30.0.0",
         # https://druid.apache.org/docs/30.0.0/operations/java/
         "java-base": "17",
         "java-devel": "17",
-        "authorizer": "0.5.0",
+        "authorizer": "0.6.0",
+    },
+    {
+        "product": "30.0.1",
+        # https://druid.apache.org/docs/30.0.1/operations/java/
+        "java-base": "17",
+        "java-devel": "17",
+        "authorizer": "0.6.0",
+    },
+    {
+        "product": "31.0.1",
+        # https://druid.apache.org/docs/31.0.1/operations/java/
+        "java-base": "17",
+        "java-devel": "17",
+        "authorizer": "0.6.0",
     },
 ]