From ea23f086c483f5c7b3415cfe4b923a668d0fd8f5 Mon Sep 17 00:00:00 2001
From: dervoeti <lukas.voetmand@stackable.tech>
Date: Wed, 29 Jan 2025 11:54:35 +0100
Subject: [PATCH 1/6] feat(druid): Add version 31.0.1

---
 CHANGELOG.md                                  |   2 +
 druid/Dockerfile                              |   2 +-
 .../31.0.1/01-remove-ranger-security.patch    |  33 ++++
 .../02-prometheus-emitter-from-source.patch   |  65 ++++++++
 .../03-stop-building-unused-extensions.patch  |  55 +++++++
 .../31.0.1/04-update-patch-dependencies.patch | 143 ++++++++++++++++++
 .../31.0.1/05-xmllayout-dependencies.patch    |  27 ++++
 .../patches/31.0.1/06-dont-build-targz.patch  |  23 +++
 .../patches/31.0.1/07-cyclonedx-plugin.patch  |  17 +++
 ...E-2024-36114-bump-aircompressor-0-27.patch |  37 +++++
 .../patches/31.0.1/09-update-fmpp.patch       |  21 +++
 .../31.0.1/10-cve-2023-34455-rm-snappy.patch  |  36 +++++
 druid/versions.py                             |   7 +
 13 files changed, 467 insertions(+), 1 deletion(-)
 create mode 100644 druid/stackable/patches/31.0.1/01-remove-ranger-security.patch
 create mode 100644 druid/stackable/patches/31.0.1/02-prometheus-emitter-from-source.patch
 create mode 100644 druid/stackable/patches/31.0.1/03-stop-building-unused-extensions.patch
 create mode 100644 druid/stackable/patches/31.0.1/04-update-patch-dependencies.patch
 create mode 100644 druid/stackable/patches/31.0.1/05-xmllayout-dependencies.patch
 create mode 100644 druid/stackable/patches/31.0.1/06-dont-build-targz.patch
 create mode 100644 druid/stackable/patches/31.0.1/07-cyclonedx-plugin.patch
 create mode 100644 druid/stackable/patches/31.0.1/08-CVE-2024-36114-bump-aircompressor-0-27.patch
 create mode 100644 druid/stackable/patches/31.0.1/09-update-fmpp.patch
 create mode 100644 druid/stackable/patches/31.0.1/10-cve-2023-34455-rm-snappy.patch

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 235f211b4..d4b770239 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ All notable changes to this project will be documented in this file.
   command logger which allows to enter messages into the system log.
 - vector: Add version 0.43.1 ([#980]).
 - opa: Add version 1.0.0 ([#981])
+- druid: Add version 31.0.1 ([#984])
 
 ### Removed
 
@@ -36,6 +37,7 @@ All notable changes to this project will be documented in this file.
 [#962]: https://github.com/stackabletech/docker-images/pull/962
 [#980]: https://github.com/stackabletech/docker-images/pull/980
 [#981]: https://github.com/stackabletech/docker-images/pull/981
+[#984]: https://github.com/stackabletech/docker-images/pull/984
 
 ## [24.11.1] - 2025-01-14
 
diff --git a/druid/Dockerfile b/druid/Dockerfile
index 6cc597774..de5137591 100644
--- a/druid/Dockerfile
+++ b/druid/Dockerfile
@@ -18,7 +18,7 @@ RUN <<EOF
 microdnf update
 
 # python-pyyaml:
-#   This note was last checked for version 30.0.0
+#   This note was last checked for version 31.0.1
 #   Required for the compilation of Druid.
 #   This requirement is documented in docs/development/build.md and version 5.1 or later is required.
 #   UBI 9 ships with 5.4.x so that should be fine
diff --git a/druid/stackable/patches/31.0.1/01-remove-ranger-security.patch b/druid/stackable/patches/31.0.1/01-remove-ranger-security.patch
new file mode 100644
index 000000000..14c4d1c5e
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/01-remove-ranger-security.patch
@@ -0,0 +1,33 @@
+Removes all traces of the druid ranger extension
+
+From: Lars Francke <git@lars-francke.de>
+
+
+---
+ 0 files changed
+
+diff --git a/distribution/pom.xml b/distribution/pom.xml
+index 0f17a8c877..d7cd645767 100644
+--- a/distribution/pom.xml
++++ b/distribution/pom.xml
+@@ -252,8 +252,6 @@
+                                         <argument>-c</argument>
+                                         <argument>org.apache.druid.extensions:druid-pac4j</argument>
+                                         <argument>-c</argument>
+-                                        <argument>org.apache.druid.extensions:druid-ranger-security</argument>
+-                                        <argument>-c</argument>
+                                         <argument>org.apache.druid.extensions:druid-kubernetes-extensions</argument>
+                                         <argument>-c</argument>
+                                         <argument>org.apache.druid.extensions:druid-catalog</argument>
+diff --git a/pom.xml b/pom.xml
+index cfca79dc6e..2acb812cbe 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -199,7 +199,6 @@
+         <module>extensions-core/simple-client-sslcontext</module>
+         <module>extensions-core/druid-basic-security</module>
+         <module>extensions-core/google-extensions</module>
+-        <module>extensions-core/druid-ranger-security</module>
+         <module>extensions-core/druid-catalog</module>
+         <module>extensions-core/testing-tools</module>
+         <!-- Community extensions -->
diff --git a/druid/stackable/patches/31.0.1/02-prometheus-emitter-from-source.patch b/druid/stackable/patches/31.0.1/02-prometheus-emitter-from-source.patch
new file mode 100644
index 000000000..8f0ca6795
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/02-prometheus-emitter-from-source.patch
@@ -0,0 +1,65 @@
+Include Prometheus emitter in distribution
+
+From: Lars Francke <git@lars-francke.de>
+
+
+---
+ 0 files changed
+
+diff --git a/distribution/pom.xml b/distribution/pom.xml
+index d7cd645767..eda1ddcfab 100644
+--- a/distribution/pom.xml
++++ b/distribution/pom.xml
+@@ -464,6 +464,52 @@
+                 </plugins>
+             </build>
+         </profile>
++        <profile>
++            <id>stackable-bundle-contrib-exts</id>
++            <activation>
++                <activeByDefault>true</activeByDefault>
++            </activation>
++            <build>
++                <plugins>
++                    <plugin>
++                        <groupId>org.codehaus.mojo</groupId>
++                        <artifactId>exec-maven-plugin</artifactId>
++                        <executions>
++                            <execution>
++                                <id>pull-deps-contrib-exts</id>
++                                <phase>package</phase>
++                                <goals>
++                                    <goal>exec</goal>
++                                </goals>
++                                <configuration>
++                                    <executable>${project.parent.basedir}/examples/bin/run-java</executable>
++                                    <arguments>
++                                        <argument>-classpath</argument>
++                                        <classpath />
++                                        <argument>-Ddruid.extensions.loadList=[]</argument>
++                                        <argument>-Ddruid.extensions.directory=${project.build.directory}/extensions
++                                        </argument>
++                                        <argument>
++                                            -Ddruid.extensions.hadoopDependenciesDir=${project.build.directory}/hadoop-dependencies
++                                        </argument>
++                                        <argument>org.apache.druid.cli.Main</argument>
++                                        <argument>tools</argument>
++                                        <argument>pull-deps</argument>
++                                        <argument>--defaultVersion</argument>
++                                        <argument>${project.parent.version}</argument>
++                                        <argument>-l</argument>
++                                        <argument>${settings.localRepository}</argument>
++                                        <argument>--no-default-hadoop</argument>
++                                        <argument>-c</argument>
++                                        <argument>org.apache.druid.extensions.contrib:prometheus-emitter</argument>
++                                    </arguments>
++                                </configuration>
++                            </execution>
++                        </executions>
++                    </plugin>
++                </plugins>
++            </build>
++        </profile>
+         <profile>
+             <id>integration-test</id>
+             <activation>
diff --git a/druid/stackable/patches/31.0.1/03-stop-building-unused-extensions.patch b/druid/stackable/patches/31.0.1/03-stop-building-unused-extensions.patch
new file mode 100644
index 000000000..7d0f91dd1
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/03-stop-building-unused-extensions.patch
@@ -0,0 +1,55 @@
+Stop building unused extensions.
+
+From: Lars Francke <git@lars-francke.de>
+
+By default Druid builds all community extensions and then discards them
+while assembling the final distribution. This patch removes unused
+extensions from the build.
+---
+ 0 files changed
+
+diff --git a/pom.xml b/pom.xml
+index 2acb812cbe..38e0ddc61a 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -201,39 +201,9 @@
+         <module>extensions-core/google-extensions</module>
+         <module>extensions-core/druid-catalog</module>
+         <module>extensions-core/testing-tools</module>
++
+         <!-- Community extensions -->
+-        <module>extensions-contrib/compressed-bigdecimal</module>
+-        <module>extensions-contrib/influx-extensions</module>
+-        <module>extensions-contrib/cassandra-storage</module>
+-        <module>extensions-contrib/dropwizard-emitter</module>
+-        <module>extensions-contrib/cloudfiles-extensions</module>
+-        <module>extensions-contrib/graphite-emitter</module>
+-        <module>extensions-contrib/distinctcount</module>
+-        <module>extensions-contrib/statsd-emitter</module>
+-        <module>extensions-contrib/time-min-max</module>
+-        <module>extensions-contrib/virtual-columns</module>
+-        <module>extensions-contrib/thrift-extensions</module>
+-        <module>extensions-contrib/ambari-metrics-emitter</module>
+-        <module>extensions-contrib/sqlserver-metadata-storage</module>
+-        <module>extensions-contrib/kafka-emitter</module>
+-        <module>extensions-contrib/redis-cache</module>
+-        <module>extensions-contrib/opentsdb-emitter</module>
+-        <module>extensions-contrib/materialized-view-maintenance</module>
+-        <module>extensions-contrib/materialized-view-selection</module>
+-        <module>extensions-contrib/momentsketch</module>
+-        <module>extensions-contrib/moving-average-query</module>
+-        <module>extensions-contrib/tdigestsketch</module>
+-        <module>extensions-contrib/ddsketch</module>
+-        <module>extensions-contrib/influxdb-emitter</module>
+-        <module>extensions-contrib/gce-extensions</module>
+-        <module>extensions-contrib/aliyun-oss-extensions</module>
+         <module>extensions-contrib/prometheus-emitter</module>
+-        <module>extensions-contrib/opentelemetry-emitter</module>
+-        <module>extensions-contrib/kubernetes-overlord-extensions</module>
+-        <module>extensions-contrib/druid-iceberg-extensions</module>
+-        <module>extensions-contrib/druid-deltalake-extensions</module>
+-        <module>extensions-contrib/spectator-histogram</module>
+-        <module>extensions-contrib/rabbit-stream-indexing-service</module>
+ 
+         <!-- distribution packaging -->
+         <module>distribution</module>
diff --git a/druid/stackable/patches/31.0.1/04-update-patch-dependencies.patch b/druid/stackable/patches/31.0.1/04-update-patch-dependencies.patch
new file mode 100644
index 000000000..364fe1cc5
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/04-update-patch-dependencies.patch
@@ -0,0 +1,143 @@
+Updates all dependencies that have a new patch release available.
+
+From: Lukas Krug <lukas.krug@stackable.tech>
+
+
+---
+diff --git a/extensions-core/druid-pac4j/pom.xml b/extensions-core/druid-pac4j/pom.xml
+index 3693d28..8be5e4c 100644
+--- a/extensions-core/druid-pac4j/pom.xml
++++ b/extensions-core/druid-pac4j/pom.xml
+@@ -34,7 +34,7 @@
+   </parent>
+ 
+   <properties>
+-    <pac4j.version>4.5.7</pac4j.version>
++    <pac4j.version>4.5.8</pac4j.version>
+ 
+     <!-- Following must be updated along with any updates to pac4j version. One can find the compatible version of nimbus libraries in org.pac4j:pac4j-oidc dependencies-->
+     <nimbus.lang.tag.version>1.7</nimbus.lang.tag.version>
+diff --git a/extensions-core/kubernetes-extensions/pom.xml b/extensions-core/kubernetes-extensions/pom.xml
+index 1e513ec..7f43fdd 100644
+--- a/extensions-core/kubernetes-extensions/pom.xml
++++ b/extensions-core/kubernetes-extensions/pom.xml
+@@ -34,7 +34,7 @@
+   </parent>
+ 
+   <properties>
+-    <kubernetes.client.version>19.0.0</kubernetes.client.version>
++    <kubernetes.client.version>19.0.2</kubernetes.client.version>
+   </properties>
+ 
+ 
+diff --git a/extensions-core/orc-extensions/pom.xml b/extensions-core/orc-extensions/pom.xml
+index 1b6a394..bb4a9be 100644
+--- a/extensions-core/orc-extensions/pom.xml
++++ b/extensions-core/orc-extensions/pom.xml
+@@ -31,7 +31,7 @@
+     </parent>
+     <modelVersion>4.0.0</modelVersion>
+     <properties>
+-        <orc.version>1.7.6</orc.version>
++        <orc.version>1.7.11</orc.version>
+     </properties>
+     <dependencies>
+         <dependency>
+diff --git a/extensions-core/parquet-extensions/pom.xml b/extensions-core/parquet-extensions/pom.xml
+index 0d18d91..a8f9e7d 100644
+--- a/extensions-core/parquet-extensions/pom.xml
++++ b/extensions-core/parquet-extensions/pom.xml
+@@ -201,7 +201,7 @@
+         </dependency>
+       </dependencies>
+       <properties>
+-        <parquet.version>1.13.0</parquet.version>
++        <parquet.version>1.13.1</parquet.version>
+       </properties>
+     </profile>
+   </profiles>
+diff --git a/pom.xml b/pom.xml
+index e5bcfaf..80861bc 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -74,7 +74,7 @@
+         <maven.compiler.target>1.8</maven.compiler.target>
+         <java.version>8</java.version>
+         <project.build.resourceEncoding>UTF-8</project.build.resourceEncoding>
+-        <aether.version>0.9.0.M2</aether.version>
++        <aether.version>0.9.1.v20140329</aether.version>
+         <apache.curator.version>5.5.0</apache.curator.version>
+         <apache.kafka.version>3.9.0</apache.kafka.version>
+         <!-- when updating apache ranger, verify the usage of aws-bundle-sdk vs aws-logs-sdk
+@@ -90,24 +90,27 @@
+         <calcite.version>1.37.0</calcite.version>
+         <confluent.version>6.2.12</confluent.version>
+         <datasketches.version>4.2.0</datasketches.version>
+-        <datasketches.memory.version>2.2.0</datasketches.memory.version>
++        <datasketches.memory.version>2.2.1</datasketches.memory.version>
+         <derby.version>10.14.2.0</derby.version>
+-        <dropwizard.metrics.version>4.2.22</dropwizard.metrics.version>
++        <dropwizard.metrics.version>4.2.30</dropwizard.metrics.version>
+         <errorprone.version>2.20.0</errorprone.version>
+-        <fastutil.version>8.5.4</fastutil.version>
++        <!-- An additional null check was introduced in fastutils 8.5.7 that breaks data ingestion tasks:
++             https://github.com/stackabletech/druid-operator/issues/595
++             https://github.com/vigna/fastutil/commit/598a4fd064e193be69ea324aa86947477c82ede8 -->
++        <fastutil.version>8.5.6</fastutil.version>
+         <guava.version>32.0.1-jre</guava.version>
+         <guice.version>4.1.0</guice.version>
+         <hamcrest.version>1.3</hamcrest.version>
+-        <jetty.version>9.4.56.v20240826</jetty.version>
++        <jetty.version>9.4.57.v20241219</jetty.version>
+         <jersey.version>1.19.4</jersey.version>
+-        <jackson.version>2.12.7.20221012</jackson.version>
+-        <codehaus.jackson.version>1.9.13</codehaus.jackson.version>
++        <jackson.version>2.12.7.20240502</jackson.version>
++        <codehaus.jackson.version>1.9.14-MULE-002</codehaus.jackson.version>
+         <log4j.version>2.22.1</log4j.version>
+         <mysql.version>8.2.0</mysql.version>
+         <mariadb.version>2.7.3</mariadb.version>
+         <netty3.version>3.10.6.Final</netty3.version>
+-        <netty4.version>4.1.108.Final</netty4.version>
+-        <postgresql.version>42.7.2</postgresql.version>
++        <netty4.version>4.1.117.Final</netty4.version>
++        <postgresql.version>42.7.5</postgresql.version>
+         <protobuf.version>3.25.5</protobuf.version>
+         <resilience4j.version>1.3.1</resilience4j.version>
+         <slf4j.version>1.7.36</slf4j.version>
+@@ -118,17 +118,17 @@
+         <!-- mockito-inline artifact was removed in mockito 5.3 (mockito 5.x is required for Java >17),
+              however it is required in some cases when running against mockito 4.x (mockito 4.x is required for Java <11. We use the following property to pick the proper artifact based on Java version (see pre-java-11 profile) -->
+         <mockito.inline.artifact>core</mockito.inline.artifact>
+-        <aws.sdk.version>1.12.638</aws.sdk.version>
+-        <caffeine.version>2.8.0</caffeine.version>
+-        <jacoco.version>0.8.7</jacoco.version>
++        <aws.sdk.version>1.12.780</aws.sdk.version>
++        <caffeine.version>2.8.8</caffeine.version>
++        <jacoco.version>0.8.12</jacoco.version>
+         <hibernate-validator.version>6.2.5.Final</hibernate-validator.version>
+-        <httpclient.version>4.5.13</httpclient.version>
++        <httpclient.version>4.5.14</httpclient.version>
+         <!-- When upgrading ZK, edit docs and integration tests as well (integration-tests/docker-base/setup.sh) -->
+         <zookeeper.version>3.8.4</zookeeper.version>
+         <checkerframework.version>2.5.7</checkerframework.version>
+         <com.google.apis.client.version>2.2.0</com.google.apis.client.version>
+         <com.google.http.client.apis.version>1.42.3</com.google.http.client.apis.version>
+-        <com.google.apis.compute.version>v1-rev20230606-2.0.0</com.google.apis.compute.version>
++        <com.google.apis.compute.version>v1-rev20250107-2.0.0</com.google.apis.compute.version>
+         <com.google.cloud.storage.version>2.29.1</com.google.cloud.storage.version>
+         <jdk.strong.encapsulation.argLine><!-- empty placeholder --></jdk.strong.encapsulation.argLine>
+         <jdk.security.manager.allow.argLine><!-- empty placeholder --></jdk.security.manager.allow.argLine>
+diff --git a/processing/pom.xml b/processing/pom.xml
+index affd900fe6..0daad4fa56 100644
+--- a/processing/pom.xml
++++ b/processing/pom.xml
+@@ -37,7 +37,7 @@
+     <sigar.base.version>1.6.5</sigar.base.version>
+     <sigar.version>${sigar.base.version}.132</sigar.version>
+     <ipaddress.version>5.3.4</ipaddress.version>
+-    <oshi.version>6.4.4</oshi.version>
++    <oshi.version>6.4.13</oshi.version>
+   </properties>
+ 
+   <dependencies>
diff --git a/druid/stackable/patches/31.0.1/05-xmllayout-dependencies.patch b/druid/stackable/patches/31.0.1/05-xmllayout-dependencies.patch
new file mode 100644
index 000000000..29d325dfc
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/05-xmllayout-dependencies.patch
@@ -0,0 +1,27 @@
+Include jackson-dataformat-xml dependency.
+
+From: Lars Francke <git@lars-francke.de>
+
+This allows us to use XmlLayout for Log4jV2.
+By including it here as a dependency we can make sure that we always have
+the matching version and we don't need to include it manually later in the
+build.
+---
+ 0 files changed
+
+diff --git a/server/pom.xml b/server/pom.xml
+index 410b51480e..b7dcf46111 100644
+--- a/server/pom.xml
++++ b/server/pom.xml
+@@ -205,6 +205,11 @@
+             <groupId>org.apache.logging.log4j</groupId>
+             <artifactId>log4j-core</artifactId>
+         </dependency>
++        <dependency>
++          <!-- This is an optional dependency of log4j which is needed to use XmlLayout -->
++          <groupId>com.fasterxml.jackson.dataformat</groupId>
++          <artifactId>jackson-dataformat-xml</artifactId>
++        </dependency>
+         <dependency>
+             <groupId>com.fasterxml.jackson.datatype</groupId>
+             <artifactId>jackson-datatype-joda</artifactId>
diff --git a/druid/stackable/patches/31.0.1/06-dont-build-targz.patch b/druid/stackable/patches/31.0.1/06-dont-build-targz.patch
new file mode 100644
index 000000000..1bed79fd1
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/06-dont-build-targz.patch
@@ -0,0 +1,23 @@
+Stop building the tar.gz distribution.
+
+From: Lars Francke <git@lars-francke.de>
+
+All we do is build Druid tar and gzip it only to immediately uncompress it
+again. So, instead we just skip the compression step entirely.
+---
+ distribution/src/assembly/assembly.xml |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/distribution/src/assembly/assembly.xml b/distribution/src/assembly/assembly.xml
+index ff8e0d2fdd..f9daa49e21 100644
+--- a/distribution/src/assembly/assembly.xml
++++ b/distribution/src/assembly/assembly.xml
+@@ -23,7 +23,7 @@
+           xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.0.0 http://maven.apache.org/xsd/assembly-2.0.0.xsd">
+     <id>bin</id>
+     <formats>
+-        <format>tar.gz</format>
++        <format>dir</format>
+     </formats>
+     <fileSets>
+         <fileSet>
diff --git a/druid/stackable/patches/31.0.1/07-cyclonedx-plugin.patch b/druid/stackable/patches/31.0.1/07-cyclonedx-plugin.patch
new file mode 100644
index 000000000..b2ddeebf6
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/07-cyclonedx-plugin.patch
@@ -0,0 +1,17 @@
+diff --git a/pom.xml b/pom.xml
+index 9051ed2..10a2c85 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -1728,7 +1728,11 @@
+             <plugin>
+                 <groupId>org.cyclonedx</groupId>
+                 <artifactId>cyclonedx-maven-plugin</artifactId>
+-                <version>2.7.9</version>
++                <version>2.8.0</version>
++                <configuration>
++                    <projectType>application</projectType>
++                    <schemaVersion>1.5</schemaVersion>
++                </configuration>
+                 <executions>
+                     <execution>
+                         <phase>package</phase>
diff --git a/druid/stackable/patches/31.0.1/08-CVE-2024-36114-bump-aircompressor-0-27.patch b/druid/stackable/patches/31.0.1/08-CVE-2024-36114-bump-aircompressor-0-27.patch
new file mode 100644
index 000000000..04999a574
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/08-CVE-2024-36114-bump-aircompressor-0-27.patch
@@ -0,0 +1,37 @@
+Fix CVE-2024-36114
+see https://github.com/stackabletech/vulnerabilities/issues/834
+
+Aircompressor is a library with ports of the Snappy, LZO, LZ4, and
+Zstandard compression algorithms to Java. All decompressor
+implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash
+the JVM for certain input, and in some cases also leak the content of
+other memory of the Java process (which could contain sensitive
+information). When decompressing certain data, the decompressors try to
+access memory outside the bounds of the given byte arrays or byte
+buffers. Because Aircompressor uses the JDK class sun.misc.Unsafe to
+speed up memory access, no additional bounds checks are performed and
+this has similar security consequences as out-of-bounds access in C or
+C++, namely it can lead to non-deterministic behavior or crash the JVM.
+Users should update to Aircompressor 0.27 or newer where these issues
+have been fixed. When decompressing data from untrusted users, this can
+be exploited for a denial-of-service attack by crashing the JVM, or to
+leak other sensitive information from the Java process. There are no
+known workarounds for this issue.
+
+diff --git a/pom.xml b/pom.xml
+index 9051ed24c5..e839295b61 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -283,6 +283,12 @@
+     </pluginRepositories>
+     <dependencyManagement>
+         <dependencies>
++            <!-- Mitigate CVE-2024-36114: See https://github.com/stackabletech/vulnerabilities/issues/834 -->
++            <dependency>
++                <groupId>io.airlift</groupId>
++                <artifactId>aircompressor</artifactId>
++                <version>0.27</version>
++            </dependency>
+             <!-- Compile Scope -->
+             <dependency>
+                 <groupId>commons-codec</groupId>
diff --git a/druid/stackable/patches/31.0.1/09-update-fmpp.patch b/druid/stackable/patches/31.0.1/09-update-fmpp.patch
new file mode 100644
index 000000000..3abb818da
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/09-update-fmpp.patch
@@ -0,0 +1,21 @@
+diff --git a/10-update-fmpp.patch b/10-update-fmpp.patch
+new file mode 100644
+index 0000000000..e69de29bb2
+diff --git a/sql/pom.xml b/sql/pom.xml
+index bdd29f3f91..e5ba89f655 100644
+--- a/sql/pom.xml
++++ b/sql/pom.xml
+@@ -322,6 +322,13 @@
+       <plugin>
+         <groupId>com.googlecode.fmpp-maven-plugin</groupId>
+         <artifactId>fmpp-maven-plugin</artifactId>
++        <dependencies>
++          <dependency>
++            <groupId>net.sourceforge.fmpp</groupId>
++            <artifactId>fmpp</artifactId>
++            <version>0.9.16</version>
++          </dependency>
++        </dependencies>
+         <executions>
+           <execution>
+             <id>generate-fmpp-sources</id>
diff --git a/druid/stackable/patches/31.0.1/10-cve-2023-34455-rm-snappy.patch b/druid/stackable/patches/31.0.1/10-cve-2023-34455-rm-snappy.patch
new file mode 100644
index 000000000..e4e440d0d
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/10-cve-2023-34455-rm-snappy.patch
@@ -0,0 +1,36 @@
+Fix CVE-2023-34455
+see https://github.com/stackabletech/vulnerabilities/issues/558
+
+At the end of build process, Druid downloads dependencies directly from a remote
+Maven repository ignoring existing patches that have been applyed locally.
+These dependencies include all transitive dependencies too.
+The hadoop client depends on a vulnerable version of the snappy library which
+is then also downloaded even though a newer version is already on the system.
+
+This patch removes the vulnerable jars.
+
+diff --git a/distribution/pom.xml b/distribution/pom.xml
+index d5918710ef..2d5bfc6ab4 100644
+--- a/distribution/pom.xml
++++ b/distribution/pom.xml
+@@ -259,6 +259,20 @@
+                                     </arguments>
+                                 </configuration>
+                             </execution>
++                            <execution>
++                                <id>fix-cve-2023-34455-remove-snappy</id>
++                                <phase>package</phase>
++                                <goals>
++                                    <goal>exec</goal>
++                                </goals>
++                                <configuration>
++                                  <executable>/usr/bin/rm</executable>
++                                    <arguments>
++                                      <argument>${project.build.directory}/hadoop-dependencies/hadoop-client-api/3.3.6/snappy-java-1.1.8.2.jar</argument>
++                                      <argument>${project.build.directory}/hadoop-dependencies/hadoop-client-runtime/3.3.6/snappy-java-1.1.8.2.jar</argument>
++                                    </arguments>
++                                </configuration>
++                            </execution>
+                         </executions>
+                     </plugin>
+                     <plugin>
diff --git a/druid/versions.py b/druid/versions.py
index ec14e455b..c5a7f33fc 100644
--- a/druid/versions.py
+++ b/druid/versions.py
@@ -12,4 +12,11 @@
         "java-devel": "17",
         "authorizer": "0.5.0",
     },
+    {
+        "product": "31.0.1",
+        # https://druid.apache.org/docs/31.0.1/operations/java/
+        "java-base": "17",
+        "java-devel": "17",
+        "authorizer": "0.7.0",
+    },
 ]

From 7f145efa3510217303f497470ad00d2b92152210 Mon Sep 17 00:00:00 2001
From: dervoeti <lukas.krug@stackable.tech>
Date: Wed, 26 Feb 2025 12:18:06 +0100
Subject: [PATCH 2/6] chore: bump opa-authorizer to 0.6.0

---
 CHANGELOG.md      | 4 ++++
 druid/versions.py | 6 +++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d4b770239..1105c0419 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+### Changed
+
+ - BREAKING: druid: Bump opa-authorizer to 0.6.0 for all versions ([#984])
+
 ### Added
 
 - nifi: Activate `include-hadoop` profile for NiFi version 2.* ([#958]).
diff --git a/druid/versions.py b/druid/versions.py
index c5a7f33fc..c2f85646f 100644
--- a/druid/versions.py
+++ b/druid/versions.py
@@ -3,20 +3,20 @@
         "product": "26.0.0",
         "java-base": "11",
         "java-devel": "11",
-        "authorizer": "0.5.0",
+        "authorizer": "0.6.0",
     },
     {
         "product": "30.0.0",
         # https://druid.apache.org/docs/30.0.0/operations/java/
         "java-base": "17",
         "java-devel": "17",
-        "authorizer": "0.5.0",
+        "authorizer": "0.6.0",
     },
     {
         "product": "31.0.1",
         # https://druid.apache.org/docs/31.0.1/operations/java/
         "java-base": "17",
         "java-devel": "17",
-        "authorizer": "0.7.0",
+        "authorizer": "0.6.0",
     },
 ]

From 0c3dbd31d1529b3f1041c2f6ccf28da00dba12c0 Mon Sep 17 00:00:00 2001
From: dervoeti <lukas.krug@stackable.tech>
Date: Wed, 26 Feb 2025 12:39:13 +0100
Subject: [PATCH 3/6] fix: changelog

---
 CHANGELOG.md | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3b8a49ef9..01e7d0b44 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,10 +4,6 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
-### Changed
-
- - BREAKING: druid: Bump opa-authorizer to 0.6.0 for all versions ([#984])
-
 ### Added
 
 - airflow: Add OPA support to Airflow ([#978]).
@@ -41,6 +37,7 @@ All notable changes to this project will be documented in this file.
 - Update registry references to oci ([#989]).
 - trino-storage-connector: Move the build out of trino/ for easier patching ([#996]).
 - druid 26.0.0: Migrate to patchable ([#1003]).
+- BREAKING: druid: Bump opa-authorizer to 0.6.0 for all versions ([#984])
 
 ### Removed
 
@@ -70,9 +67,9 @@ All notable changes to this project will be documented in this file.
 [#981]: https://github.com/stackabletech/docker-images/pull/981
 [#982]: https://github.com/stackabletech/docker-images/pull/982
 [#984]: https://github.com/stackabletech/docker-images/pull/984
+[#988]: https://github.com/stackabletech/docker-images/pull/988
 [#989]: https://github.com/stackabletech/docker-images/pull/989
 [#990]: https://github.com/stackabletech/docker-images/pull/990
-[#988]: https://github.com/stackabletech/docker-images/pull/988
 [#991]: https://github.com/stackabletech/docker-images/pull/991
 [#992]: https://github.com/stackabletech/docker-images/pull/992
 [#993]: https://github.com/stackabletech/docker-images/pull/993

From 8f26d8a312f549965c87ef22a418b8906bdbc91c Mon Sep 17 00:00:00 2001
From: dervoeti <lukas.krug@stackable.tech>
Date: Wed, 26 Feb 2025 17:51:23 +0100
Subject: [PATCH 4/6] drop druid 26 / add 30.0.1

---
 CHANGELOG.md                                  |   5 +-
 ...ndencies-that-have-a-new-patch-relea.patch | 134 ----------------
 druid/stackable/patches/26.0.0/patchable.toml |   2 -
 .../01-remove-ranger-security.patch}          |  27 +---
 .../02-prometheus-emitter-from-source.patch}  |  13 +-
 .../03-stop-building-unused-extensions.patch} |  38 ++---
 .../30.0.1/04-update-patch-dependencies.patch | 148 ++++++++++++++++++
 .../05-xmllayout-dependencies.patch}          |  12 +-
 .../06-dont-build-targz.patch}                |   7 +-
 .../07-cyclonedx-plugin.patch}                |  17 +-
 ...-2024-36114-bump-aircompressor-0-27.patch} |  17 +-
 .../09-update-fmpp.patch}                     |  18 +--
 .../30.0.1/10-cve-2023-34455-rm-snappy.patch  |  36 +++++
 druid/stackable/patches/30.0.1/series         |   9 ++
 druid/versions.py                             |  11 +-
 15 files changed, 247 insertions(+), 247 deletions(-)
 delete mode 100644 druid/stackable/patches/26.0.0/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch
 delete mode 100644 druid/stackable/patches/26.0.0/patchable.toml
 rename druid/stackable/patches/{26.0.0/0001-Removes-all-traces-of-the-druid-ranger-extension.patch => 30.0.1/01-remove-ranger-security.patch} (55%)
 rename druid/stackable/patches/{26.0.0/0002-Include-Prometheus-emitter-in-distribution.patch => 30.0.1/02-prometheus-emitter-from-source.patch} (90%)
 rename druid/stackable/patches/{26.0.0/0003-Stop-building-unused-extensions.patch => 30.0.1/03-stop-building-unused-extensions.patch} (74%)
 create mode 100644 druid/stackable/patches/30.0.1/04-update-patch-dependencies.patch
 rename druid/stackable/patches/{26.0.0/0005-Include-jackson-dataformat-xml-dependency.patch => 30.0.1/05-xmllayout-dependencies.patch} (75%)
 rename druid/stackable/patches/{26.0.0/0006-Stop-building-the-tar.gz-distribution.patch => 30.0.1/06-dont-build-targz.patch} (78%)
 rename druid/stackable/patches/{26.0.0/0007-Update-CycloneDX-plugin.patch => 30.0.1/07-cyclonedx-plugin.patch} (54%)
 rename druid/stackable/patches/{26.0.0/0008-Fix-CVE-2024-36114.patch => 30.0.1/08-CVE-2024-36114-bump-aircompressor-0-27.patch} (81%)
 rename druid/stackable/patches/{26.0.0/0009-Update-FMPP-version.patch => 30.0.1/09-update-fmpp.patch} (51%)
 create mode 100644 druid/stackable/patches/30.0.1/10-cve-2023-34455-rm-snappy.patch
 create mode 100644 druid/stackable/patches/30.0.1/series

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 01e7d0b44..35d24db42 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,7 +14,7 @@ All notable changes to this project will be documented in this file.
   util-linux-core contains a basic set of Linux utilities, including the
   command logger which allows to enter messages into the system log.
 - vector: Add version 0.43.1 ([#980]).
-- druid: Add version 31.0.1 ([#984])
+- druid: Add version 30.0.1 and 31.0.1 ([#984])
 - opa: Add version 1.0.1 ([#981], [#1000]).
 - statsd-exporter: Bump version to 0.28.0 ([#982]).
 - git-sync: Bump version to 4.4.0 ([#990]).
@@ -36,7 +36,6 @@ All notable changes to this project will be documented in this file.
 - kafka: Bump 3.8.0 to 3.8.1 ([#995]).
 - Update registry references to oci ([#989]).
 - trino-storage-connector: Move the build out of trino/ for easier patching ([#996]).
-- druid 26.0.0: Migrate to patchable ([#1003]).
 - BREAKING: druid: Bump opa-authorizer to 0.6.0 for all versions ([#984])
 
 ### Removed
@@ -48,6 +47,7 @@ All notable changes to this project will be documented in this file.
 - trino-cli: Remove version 469 ([#999]).
 - trino-storage-connector: Remove version 469 ([#999]).
 - nifi: Remove 2.0.0 ([#1006]).
+- druid: Remove 26.0.0 ([#984])
 
 ### Fixed
 
@@ -78,7 +78,6 @@ All notable changes to this project will be documented in this file.
 [#997]: https://github.com/stackabletech/docker-images/pull/997
 [#999]: https://github.com/stackabletech/docker-images/pull/999
 [#1000]: https://github.com/stackabletech/docker-images/pull/1000
-[#1003]: https://github.com/stackabletech/docker-images/pull/1003
 [#1006]: https://github.com/stackabletech/docker-images/pull/1006
 [#1007]: https://github.com/stackabletech/docker-images/pull/1007
 
diff --git a/druid/stackable/patches/26.0.0/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch b/druid/stackable/patches/26.0.0/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch
deleted file mode 100644
index 53c20d559..000000000
--- a/druid/stackable/patches/26.0.0/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From 4229d1c0d096e10dce72929224a7b4c2284fb417 Mon Sep 17 00:00:00 2001
-From: Lars Francke <git@lars-francke.de>
-Date: Thu, 12 Dec 2024 17:59:17 +0100
-Subject: Updates all dependencies that have a new patch release available.
-
----
- extensions-core/avro-extensions/pom.xml       |  2 +-
- extensions-core/kubernetes-extensions/pom.xml |  2 +-
- extensions-core/orc-extensions/pom.xml        |  2 +-
- extensions-core/parquet-extensions/pom.xml    |  2 +-
- extensions-core/protobuf-extensions/pom.xml   |  2 +-
- pom.xml                                       | 20 +++++++++----------
- 6 files changed, 15 insertions(+), 15 deletions(-)
-
-diff --git a/extensions-core/avro-extensions/pom.xml b/extensions-core/avro-extensions/pom.xml
-index 35b154a469..a9eb0c6851 100644
---- a/extensions-core/avro-extensions/pom.xml
-+++ b/extensions-core/avro-extensions/pom.xml
-@@ -35,7 +35,7 @@
- 
-   <properties>
-     <schemarepo.version>0.1.3</schemarepo.version>
--    <confluent.version>5.5.1</confluent.version>
-+    <confluent.version>5.5.15</confluent.version>
-   </properties>
- 
-   <repositories>
-diff --git a/extensions-core/kubernetes-extensions/pom.xml b/extensions-core/kubernetes-extensions/pom.xml
-index aeac095d53..105f7f0d76 100644
---- a/extensions-core/kubernetes-extensions/pom.xml
-+++ b/extensions-core/kubernetes-extensions/pom.xml
-@@ -34,7 +34,7 @@
-   </parent>
- 
-   <properties>
--    <kubernetes.client.version>11.0.1</kubernetes.client.version>
-+    <kubernetes.client.version>11.0.4</kubernetes.client.version>
-   </properties>
- 
-   <dependencies>
-diff --git a/extensions-core/orc-extensions/pom.xml b/extensions-core/orc-extensions/pom.xml
-index cb1ed09c7a..f118b6c385 100644
---- a/extensions-core/orc-extensions/pom.xml
-+++ b/extensions-core/orc-extensions/pom.xml
-@@ -31,7 +31,7 @@
-     </parent>
-     <modelVersion>4.0.0</modelVersion>
-     <properties>
--        <orc.version>1.7.6</orc.version>
-+        <orc.version>1.7.10</orc.version>
-     </properties>
-     <dependencies>
-         <dependency>
-diff --git a/extensions-core/parquet-extensions/pom.xml b/extensions-core/parquet-extensions/pom.xml
-index 79ad46b038..be95251485 100644
---- a/extensions-core/parquet-extensions/pom.xml
-+++ b/extensions-core/parquet-extensions/pom.xml
-@@ -33,7 +33,7 @@
-   <modelVersion>4.0.0</modelVersion>
- 
-   <properties>
--    <parquet.version>1.12.0</parquet.version>
-+    <parquet.version>1.12.3</parquet.version>
-   </properties>
-   <dependencies>
-     <dependency>
-diff --git a/extensions-core/protobuf-extensions/pom.xml b/extensions-core/protobuf-extensions/pom.xml
-index 77fe703838..fdbc6703ab 100644
---- a/extensions-core/protobuf-extensions/pom.xml
-+++ b/extensions-core/protobuf-extensions/pom.xml
-@@ -34,7 +34,7 @@
-   </parent>
- 
-   <properties>
--    <confluent.version>6.0.1</confluent.version>
-+    <confluent.version>6.0.15</confluent.version>
-     <commons-io.version>2.11.0</commons-io.version>
-   </properties>
- 
-diff --git a/pom.xml b/pom.xml
-index f5001910e1..2364f27dc4 100644
---- a/pom.xml
-+++ b/pom.xml
-@@ -74,7 +74,7 @@
-         <maven.compiler.target>1.8</maven.compiler.target>
-         <java.version>8</java.version>
-         <project.build.resourceEncoding>UTF-8</project.build.resourceEncoding>
--        <aether.version>0.9.0.M2</aether.version>
-+        <aether.version>0.9.1.v20140329</aether.version>
-         <apache.curator.version>5.4.0</apache.curator.version>
-         <apache.kafka.version>3.4.0</apache.kafka.version>
-         <apache.ranger.version>2.0.0</apache.ranger.version>
-@@ -90,13 +90,13 @@
-         <datasketches.version>3.2.0</datasketches.version>
-         <datasketches.memory.version>2.0.0</datasketches.memory.version>
-         <derby.version>10.14.2.0</derby.version>
--        <dropwizard.metrics.version>4.0.0</dropwizard.metrics.version>
-+        <dropwizard.metrics.version>4.0.7</dropwizard.metrics.version>
-         <errorprone.version>2.11.0</errorprone.version>
-         <fastutil.version>8.5.4</fastutil.version>
-         <guava.version>16.0.1</guava.version>
-         <guice.version>4.1.0</guice.version>
-         <hamcrest.version>1.3</hamcrest.version>
--        <jetty.version>9.4.48.v20220622</jetty.version>
-+        <jetty.version>9.4.54.v20240208</jetty.version>
-         <jersey.version>1.19.4</jersey.version>
-         <jackson.version>2.10.5.20201202</jackson.version>
-         <codehaus.jackson.version>1.9.13</codehaus.jackson.version>
-@@ -104,18 +104,18 @@
-         <mysql.version>5.1.49</mysql.version>
-         <mariadb.version>2.7.3</mariadb.version>
-         <netty3.version>3.10.6.Final</netty3.version>
--        <netty4.version>4.1.86.Final</netty4.version>
--        <postgresql.version>42.4.1</postgresql.version>
--        <protobuf.version>3.21.7</protobuf.version>
-+        <netty4.version>4.1.111.Final</netty4.version>
-+        <postgresql.version>42.4.5</postgresql.version>
-+        <protobuf.version>3.21.12</protobuf.version>
-         <resilience4j.version>1.3.1</resilience4j.version>
-         <slf4j.version>1.7.36</slf4j.version>
-         <hadoop.compile.version>2.8.5</hadoop.compile.version>
-         <mockito.version>4.3.1</mockito.version>
--        <aws.sdk.version>1.12.317</aws.sdk.version>
--        <caffeine.version>2.8.0</caffeine.version>
--        <jacoco.version>0.8.7</jacoco.version>
-+        <aws.sdk.version>1.12.754</aws.sdk.version>
-+        <caffeine.version>2.8.8</caffeine.version>
-+        <jacoco.version>0.8.12</jacoco.version>
-         <hibernate-validator.version>5.2.5.Final</hibernate-validator.version>
--        <httpclient.version>4.5.13</httpclient.version>
-+        <httpclient.version>4.5.14</httpclient.version>
-         <!-- When upgrading ZK, edit docs and integration tests as well (integration-tests/docker-base/setup.sh) -->
-         <zookeeper.version>3.5.10</zookeeper.version>
-         <checkerframework.version>2.5.7</checkerframework.version>
diff --git a/druid/stackable/patches/26.0.0/patchable.toml b/druid/stackable/patches/26.0.0/patchable.toml
deleted file mode 100644
index 264c71a6a..000000000
--- a/druid/stackable/patches/26.0.0/patchable.toml
+++ /dev/null
@@ -1,2 +0,0 @@
-upstream = "https://github.com/apache/druid.git"
-base = "7cffb81a8e124d5f218f9af16ad685acf5e9c67c"
diff --git a/druid/stackable/patches/26.0.0/0001-Removes-all-traces-of-the-druid-ranger-extension.patch b/druid/stackable/patches/30.0.1/01-remove-ranger-security.patch
similarity index 55%
rename from druid/stackable/patches/26.0.0/0001-Removes-all-traces-of-the-druid-ranger-extension.patch
rename to druid/stackable/patches/30.0.1/01-remove-ranger-security.patch
index 6823e2c61..14c4d1c5e 100644
--- a/druid/stackable/patches/26.0.0/0001-Removes-all-traces-of-the-druid-ranger-extension.patch
+++ b/druid/stackable/patches/30.0.1/01-remove-ranger-security.patch
@@ -1,18 +1,16 @@
-From a8bec93ee6d0a4364676333168229aa0ec56657e Mon Sep 17 00:00:00 2001
+Removes all traces of the druid ranger extension
+
 From: Lars Francke <git@lars-francke.de>
-Date: Thu, 12 Dec 2024 17:59:17 +0100
-Subject: Removes all traces of the druid ranger extension
+
 
 ---
- distribution/pom.xml | 4 ----
- pom.xml              | 1 -
- 2 files changed, 5 deletions(-)
+ 0 files changed
 
 diff --git a/distribution/pom.xml b/distribution/pom.xml
-index eec26171af..a6e72cf2c2 100644
+index 0f17a8c877..d7cd645767 100644
 --- a/distribution/pom.xml
 +++ b/distribution/pom.xml
-@@ -255,8 +255,6 @@
+@@ -252,8 +252,6 @@
                                          <argument>-c</argument>
                                          <argument>org.apache.druid.extensions:druid-pac4j</argument>
                                          <argument>-c</argument>
@@ -21,20 +19,11 @@ index eec26171af..a6e72cf2c2 100644
                                          <argument>org.apache.druid.extensions:druid-kubernetes-extensions</argument>
                                          <argument>-c</argument>
                                          <argument>org.apache.druid.extensions:druid-catalog</argument>
-@@ -439,8 +437,6 @@
-                                         <argument>-c</argument>
-                                         <argument>org.apache.druid.extensions:druid-pac4j</argument>
-                                         <argument>-c</argument>
--                                        <argument>org.apache.druid.extensions:druid-ranger-security</argument>
--                                        <argument>-c</argument>
-                                         <argument>org.apache.druid.extensions:druid-kubernetes-extensions</argument>
-                                         <argument>${druid.distribution.pulldeps.opts}</argument>
-                                     </arguments>
 diff --git a/pom.xml b/pom.xml
-index 0c6294f5ed..a33c6bd521 100644
+index cfca79dc6e..2acb812cbe 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -186,7 +186,6 @@
+@@ -199,7 +199,6 @@
          <module>extensions-core/simple-client-sslcontext</module>
          <module>extensions-core/druid-basic-security</module>
          <module>extensions-core/google-extensions</module>
diff --git a/druid/stackable/patches/26.0.0/0002-Include-Prometheus-emitter-in-distribution.patch b/druid/stackable/patches/30.0.1/02-prometheus-emitter-from-source.patch
similarity index 90%
rename from druid/stackable/patches/26.0.0/0002-Include-Prometheus-emitter-in-distribution.patch
rename to druid/stackable/patches/30.0.1/02-prometheus-emitter-from-source.patch
index 3bc040817..8f0ca6795 100644
--- a/druid/stackable/patches/26.0.0/0002-Include-Prometheus-emitter-in-distribution.patch
+++ b/druid/stackable/patches/30.0.1/02-prometheus-emitter-from-source.patch
@@ -1,17 +1,16 @@
-From c19288cd84492d76f924152f2d4f0d0fc0499ed6 Mon Sep 17 00:00:00 2001
+Include Prometheus emitter in distribution
+
 From: Lars Francke <git@lars-francke.de>
-Date: Thu, 12 Dec 2024 17:59:17 +0100
-Subject: Include Prometheus emitter in distribution
+
 
 ---
- distribution/pom.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 46 insertions(+)
+ 0 files changed
 
 diff --git a/distribution/pom.xml b/distribution/pom.xml
-index a6e72cf2c2..3ab13d5d11 100644
+index d7cd645767..eda1ddcfab 100644
 --- a/distribution/pom.xml
 +++ b/distribution/pom.xml
-@@ -637,6 +637,52 @@
+@@ -464,6 +464,52 @@
                  </plugins>
              </build>
          </profile>
diff --git a/druid/stackable/patches/26.0.0/0003-Stop-building-unused-extensions.patch b/druid/stackable/patches/30.0.1/03-stop-building-unused-extensions.patch
similarity index 74%
rename from druid/stackable/patches/26.0.0/0003-Stop-building-unused-extensions.patch
rename to druid/stackable/patches/30.0.1/03-stop-building-unused-extensions.patch
index 722e9e42a..7d0f91dd1 100644
--- a/druid/stackable/patches/26.0.0/0003-Stop-building-unused-extensions.patch
+++ b/druid/stackable/patches/30.0.1/03-stop-building-unused-extensions.patch
@@ -1,20 +1,18 @@
-From 85cacbcc47c88a56acd60d91fbf0412040523c8d Mon Sep 17 00:00:00 2001
+Stop building unused extensions.
+
 From: Lars Francke <git@lars-francke.de>
-Date: Thu, 12 Dec 2024 17:59:17 +0100
-Subject: Stop building unused extensions.
 
 By default Druid builds all community extensions and then discards them
 while assembling the final distribution. This patch removes unused
 extensions from the build.
 ---
- pom.xml | 32 ++++----------------------------
- 1 file changed, 4 insertions(+), 28 deletions(-)
+ 0 files changed
 
 diff --git a/pom.xml b/pom.xml
-index a33c6bd521..f5001910e1 100644
+index 2acb812cbe..38e0ddc61a 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -188,34 +188,10 @@
+@@ -201,39 +201,9 @@
          <module>extensions-core/google-extensions</module>
          <module>extensions-core/druid-catalog</module>
          <module>extensions-core/testing-tools</module>
@@ -41,31 +39,17 @@ index a33c6bd521..f5001910e1 100644
 -        <module>extensions-contrib/momentsketch</module>
 -        <module>extensions-contrib/moving-average-query</module>
 -        <module>extensions-contrib/tdigestsketch</module>
+-        <module>extensions-contrib/ddsketch</module>
 -        <module>extensions-contrib/influxdb-emitter</module>
 -        <module>extensions-contrib/gce-extensions</module>
 -        <module>extensions-contrib/aliyun-oss-extensions</module>
          <module>extensions-contrib/prometheus-emitter</module>
 -        <module>extensions-contrib/opentelemetry-emitter</module>
 -        <module>extensions-contrib/kubernetes-overlord-extensions</module>
-+
+-        <module>extensions-contrib/druid-iceberg-extensions</module>
+-        <module>extensions-contrib/druid-deltalake-extensions</module>
+-        <module>extensions-contrib/spectator-histogram</module>
+-        <module>extensions-contrib/rabbit-stream-indexing-service</module>
+ 
          <!-- distribution packaging -->
          <module>distribution</module>
-         <!-- Revised integration tests -->
-@@ -233,7 +209,7 @@
-                <enabled>false</enabled>
-             </snapshots>
-         </repository>
--        
-+
-         <!-- Only used by core, but moved to root for parallel build dependency resolution -->
-         <repository>
-             <id>sigar</id>
-@@ -243,7 +219,7 @@
-             </snapshots>
-         </repository>
-     </repositories>
--    
-+
-     <pluginRepositories>
-         <pluginRepository>
-             <id>${repoOrgId}</id>
diff --git a/druid/stackable/patches/30.0.1/04-update-patch-dependencies.patch b/druid/stackable/patches/30.0.1/04-update-patch-dependencies.patch
new file mode 100644
index 000000000..989b42620
--- /dev/null
+++ b/druid/stackable/patches/30.0.1/04-update-patch-dependencies.patch
@@ -0,0 +1,148 @@
+Updates all dependencies that have a new patch release available.
+
+From: Lars Francke <git@lars-francke.de>
+
+
+---
+ 0 files changed
+
+diff --git a/extensions-core/druid-pac4j/pom.xml b/extensions-core/druid-pac4j/pom.xml
+index 282e0e5b15..523a2ca305 100644
+--- a/extensions-core/druid-pac4j/pom.xml
++++ b/extensions-core/druid-pac4j/pom.xml
+@@ -38,7 +38,10 @@
+ 
+     <!-- Following must be updated along with any updates to pac4j version. One can find the compatible version of nimbus libraries in org.pac4j:pac4j-oidc dependencies-->
+     <nimbus.lang.tag.version>1.7</nimbus.lang.tag.version>
+-    <nimbus.jose.jwt.version>9.37.2</nimbus.jose.jwt.version>
++    <!-- A breaking change was introduced in nimbus-jose-jwt 9.0 where net.minidev.json.JSONObject method arguments and return types were replaced, causing errors during OIDC callback:
++         https://github.com/stackabletech/druid-operator/issues/595
++         https://bitbucket.org/connect2id/nimbus-jose-jwt/src/9.0/CHANGELOG.txt -->
++    <nimbus.jose.jwt.version>8.22.1</nimbus.jose.jwt.version>
+     <oauth2.oidc.sdk.version>8.22</oauth2.oidc.sdk.version>
+   </properties>
+ 
+diff --git a/extensions-core/kubernetes-extensions/pom.xml b/extensions-core/kubernetes-extensions/pom.xml
+index e3e77a99af..1304740ff3 100644
+--- a/extensions-core/kubernetes-extensions/pom.xml
++++ b/extensions-core/kubernetes-extensions/pom.xml
+@@ -35,7 +35,7 @@
+   </parent>
+ 
+   <properties>
+-    <kubernetes.client.version>19.0.0</kubernetes.client.version>
++    <kubernetes.client.version>19.0.1</kubernetes.client.version>
+   </properties>
+ 
+ 
+diff --git a/extensions-core/orc-extensions/pom.xml b/extensions-core/orc-extensions/pom.xml
+index b7eb007979..2c210c42c0 100644
+--- a/extensions-core/orc-extensions/pom.xml
++++ b/extensions-core/orc-extensions/pom.xml
+@@ -31,7 +31,7 @@
+     </parent>
+     <modelVersion>4.0.0</modelVersion>
+     <properties>
+-        <orc.version>1.7.6</orc.version>
++        <orc.version>1.7.10</orc.version>
+     </properties>
+     <dependencies>
+         <dependency>
+diff --git a/extensions-core/parquet-extensions/pom.xml b/extensions-core/parquet-extensions/pom.xml
+index 371d2e7673..ad0b874db0 100644
+--- a/extensions-core/parquet-extensions/pom.xml
++++ b/extensions-core/parquet-extensions/pom.xml
+@@ -201,7 +201,7 @@
+         </dependency>
+       </dependencies>
+       <properties>
+-        <parquet.version>1.13.0</parquet.version>
++        <parquet.version>1.13.1</parquet.version>
+       </properties>
+     </profile>
+   </profiles>
+diff --git a/pom.xml b/pom.xml
+index 73fb14c1fc..26b24b8c14 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -74,7 +74,7 @@
+         <maven.compiler.target>1.8</maven.compiler.target>
+         <java.version>8</java.version>
+         <project.build.resourceEncoding>UTF-8</project.build.resourceEncoding>
+-        <aether.version>0.9.0.M2</aether.version>
++        <aether.version>0.9.1.v20140329</aether.version>
+         <apache.curator.version>5.5.0</apache.curator.version>
+         <apache.kafka.version>3.6.1</apache.kafka.version>
+         <!-- when updating apache ranger, verify the usage of aws-bundle-sdk vs aws-logs-sdk
+@@ -91,25 +91,28 @@
+         <calcite.version>1.35.0</calcite.version>
+         <confluent.version>6.2.12</confluent.version>
+         <datasketches.version>4.2.0</datasketches.version>
+-        <datasketches.memory.version>2.2.0</datasketches.memory.version>
++        <datasketches.memory.version>2.2.1</datasketches.memory.version>
+         <derby.version>10.14.2.0</derby.version>
+-        <dropwizard.metrics.version>4.2.22</dropwizard.metrics.version>
++        <dropwizard.metrics.version>4.2.26</dropwizard.metrics.version>
+         <errorprone.version>2.20.0</errorprone.version>
+-        <fastutil.version>8.5.4</fastutil.version>
++        <!-- An additional null check was introduced in fastutils 8.5.7 that breaks data ingestion tasks:
++             https://github.com/stackabletech/druid-operator/issues/595
++             https://github.com/vigna/fastutil/commit/598a4fd064e193be69ea324aa86947477c82ede8 -->
++        <fastutil.version>8.5.6</fastutil.version>
+         <guava.version>32.0.1-jre</guava.version>
+         <guice.version>4.1.0</guice.version>
+         <hamcrest.version>1.3</hamcrest.version>
+         <jetty.version>9.4.54.v20240208</jetty.version>
+         <jersey.version>1.19.4</jersey.version>
+-        <jackson.version>2.12.7.20221012</jackson.version>
++        <jackson.version>2.12.7.20240502</jackson.version>
+         <codehaus.jackson.version>1.9.13</codehaus.jackson.version>
+         <log4j.version>2.22.1</log4j.version>
+         <mysql.version>5.1.49</mysql.version>
+         <mariadb.version>2.7.3</mariadb.version>
+         <netty3.version>3.10.6.Final</netty3.version>
+-        <netty4.version>4.1.108.Final</netty4.version>
+-        <postgresql.version>42.7.2</postgresql.version>
+-        <protobuf.version>3.24.0</protobuf.version>
++        <netty4.version>4.1.111.Final</netty4.version>
++        <postgresql.version>42.7.3</postgresql.version>
++        <protobuf.version>3.24.4</protobuf.version>
+         <resilience4j.version>1.3.1</resilience4j.version>
+         <slf4j.version>1.7.36</slf4j.version>
+         <jna.version>5.13.0</jna.version>
+@@ -120,17 +120,17 @@
+              however it is required in some cases when running against mockito 4.x (mockito 4.x is required for Java <11.
+              We use the following property to pick the proper artifact based on Java version (see pre-java-11 profile) -->
+         <mockito.inline.artifact>core</mockito.inline.artifact>
+-        <aws.sdk.version>1.12.638</aws.sdk.version>
+-        <caffeine.version>2.8.0</caffeine.version>
+-        <jacoco.version>0.8.7</jacoco.version>
++        <aws.sdk.version>1.12.754</aws.sdk.version>
++        <caffeine.version>2.8.8</caffeine.version>
++        <jacoco.version>0.8.12</jacoco.version>
+         <hibernate-validator.version>6.2.5.Final</hibernate-validator.version>
+-        <httpclient.version>4.5.13</httpclient.version>
++        <httpclient.version>4.5.14</httpclient.version>
+         <!-- When upgrading ZK, edit docs and integration tests as well (integration-tests/docker-base/setup.sh) -->
+         <zookeeper.version>3.8.4</zookeeper.version>
+         <checkerframework.version>2.5.7</checkerframework.version>
+         <com.google.apis.client.version>2.2.0</com.google.apis.client.version>
+         <com.google.http.client.apis.version>1.42.3</com.google.http.client.apis.version>
+-        <com.google.apis.compute.version>v1-rev20230606-2.0.0</com.google.apis.compute.version>
++        <com.google.apis.compute.version>v1-rev20240618-2.0.0</com.google.apis.compute.version>
+         <com.google.cloud.storage.version>2.29.1</com.google.cloud.storage.version>
+         <jdk.strong.encapsulation.argLine><!-- empty placeholder --></jdk.strong.encapsulation.argLine>
+         <jdk.security.manager.allow.argLine><!-- empty placeholder --></jdk.security.manager.allow.argLine>
+diff --git a/processing/pom.xml b/processing/pom.xml
+index affd900fe6..0daad4fa56 100644
+--- a/processing/pom.xml
++++ b/processing/pom.xml
+@@ -37,7 +37,7 @@
+     <sigar.base.version>1.6.5</sigar.base.version>
+     <sigar.version>${sigar.base.version}.132</sigar.version>
+     <ipaddress.version>5.3.4</ipaddress.version>
+-    <oshi.version>6.4.4</oshi.version>
++    <oshi.version>6.4.13</oshi.version>
+   </properties>
+ 
+   <dependencies>
diff --git a/druid/stackable/patches/26.0.0/0005-Include-jackson-dataformat-xml-dependency.patch b/druid/stackable/patches/30.0.1/05-xmllayout-dependencies.patch
similarity index 75%
rename from druid/stackable/patches/26.0.0/0005-Include-jackson-dataformat-xml-dependency.patch
rename to druid/stackable/patches/30.0.1/05-xmllayout-dependencies.patch
index 4032142ab..29d325dfc 100644
--- a/druid/stackable/patches/26.0.0/0005-Include-jackson-dataformat-xml-dependency.patch
+++ b/druid/stackable/patches/30.0.1/05-xmllayout-dependencies.patch
@@ -1,21 +1,19 @@
-From d55895a2525286a5198a3b327c3ce503bc852ead Mon Sep 17 00:00:00 2001
+Include jackson-dataformat-xml dependency.
+
 From: Lars Francke <git@lars-francke.de>
-Date: Thu, 12 Dec 2024 17:59:17 +0100
-Subject: Include jackson-dataformat-xml dependency.
 
 This allows us to use XmlLayout for Log4jV2.
 By including it here as a dependency we can make sure that we always have
 the matching version and we don't need to include it manually later in the
 build.
 ---
- server/pom.xml | 5 +++++
- 1 file changed, 5 insertions(+)
+ 0 files changed
 
 diff --git a/server/pom.xml b/server/pom.xml
-index fdc6f1f548..9f18e614e9 100644
+index 410b51480e..b7dcf46111 100644
 --- a/server/pom.xml
 +++ b/server/pom.xml
-@@ -195,6 +195,11 @@
+@@ -205,6 +205,11 @@
              <groupId>org.apache.logging.log4j</groupId>
              <artifactId>log4j-core</artifactId>
          </dependency>
diff --git a/druid/stackable/patches/26.0.0/0006-Stop-building-the-tar.gz-distribution.patch b/druid/stackable/patches/30.0.1/06-dont-build-targz.patch
similarity index 78%
rename from druid/stackable/patches/26.0.0/0006-Stop-building-the-tar.gz-distribution.patch
rename to druid/stackable/patches/30.0.1/06-dont-build-targz.patch
index 910a7a0a5..1bed79fd1 100644
--- a/druid/stackable/patches/26.0.0/0006-Stop-building-the-tar.gz-distribution.patch
+++ b/druid/stackable/patches/30.0.1/06-dont-build-targz.patch
@@ -1,12 +1,11 @@
-From d1ae8732e2eee44abb5c831f5363c69e75e64a9a Mon Sep 17 00:00:00 2001
+Stop building the tar.gz distribution.
+
 From: Lars Francke <git@lars-francke.de>
-Date: Thu, 12 Dec 2024 17:59:17 +0100
-Subject: Stop building the tar.gz distribution.
 
 All we do is build Druid tar and gzip it only to immediately uncompress it
 again. So, instead we just skip the compression step entirely.
 ---
- distribution/src/assembly/assembly.xml | 2 +-
+ distribution/src/assembly/assembly.xml |    2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/distribution/src/assembly/assembly.xml b/distribution/src/assembly/assembly.xml
diff --git a/druid/stackable/patches/26.0.0/0007-Update-CycloneDX-plugin.patch b/druid/stackable/patches/30.0.1/07-cyclonedx-plugin.patch
similarity index 54%
rename from druid/stackable/patches/26.0.0/0007-Update-CycloneDX-plugin.patch
rename to druid/stackable/patches/30.0.1/07-cyclonedx-plugin.patch
index 36756ca94..b2ddeebf6 100644
--- a/druid/stackable/patches/26.0.0/0007-Update-CycloneDX-plugin.patch
+++ b/druid/stackable/patches/30.0.1/07-cyclonedx-plugin.patch
@@ -1,22 +1,13 @@
-From ff7d6a5ea07ea30653b47f6ef6844103a7ac3349 Mon Sep 17 00:00:00 2001
-From: Lukas Voetmand <lukas.voetmand@stackable.tech>
-Date: Thu, 12 Dec 2024 17:59:17 +0100
-Subject: Update CycloneDX plugin
-
----
- pom.xml | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
 diff --git a/pom.xml b/pom.xml
-index 2364f27dc4..c902899304 100644
+index 9051ed2..10a2c85 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -1533,7 +1533,11 @@
+@@ -1728,7 +1728,11 @@
              <plugin>
                  <groupId>org.cyclonedx</groupId>
                  <artifactId>cyclonedx-maven-plugin</artifactId>
--                <version>2.7.5</version>
-+                <version>2.8.1</version>
+-                <version>2.7.9</version>
++                <version>2.8.0</version>
 +                <configuration>
 +                    <projectType>application</projectType>
 +                    <schemaVersion>1.5</schemaVersion>
diff --git a/druid/stackable/patches/26.0.0/0008-Fix-CVE-2024-36114.patch b/druid/stackable/patches/30.0.1/08-CVE-2024-36114-bump-aircompressor-0-27.patch
similarity index 81%
rename from druid/stackable/patches/26.0.0/0008-Fix-CVE-2024-36114.patch
rename to druid/stackable/patches/30.0.1/08-CVE-2024-36114-bump-aircompressor-0-27.patch
index 7368f95e7..04999a574 100644
--- a/druid/stackable/patches/26.0.0/0008-Fix-CVE-2024-36114.patch
+++ b/druid/stackable/patches/30.0.1/08-CVE-2024-36114-bump-aircompressor-0-27.patch
@@ -1,9 +1,5 @@
-From bdd52ae32874b686d6ddfa3179f6af787444662f Mon Sep 17 00:00:00 2001
-From: Malte Sander <malte.sander.it@gmail.com>
-Date: Thu, 12 Dec 2024 17:59:17 +0100
-Subject: Fix CVE-2024-36114
-
-See https://github.com/stackabletech/vulnerabilities/issues/834
+Fix CVE-2024-36114
+see https://github.com/stackabletech/vulnerabilities/issues/834
 
 Aircompressor is a library with ports of the Snappy, LZO, LZ4, and
 Zstandard compression algorithms to Java. All decompressor
@@ -21,16 +17,13 @@ have been fixed. When decompressing data from untrusted users, this can
 be exploited for a denial-of-service attack by crashing the JVM, or to
 leak other sensitive information from the Java process. There are no
 known workarounds for this issue.
----
- pom.xml | 6 ++++++
- 1 file changed, 6 insertions(+)
 
 diff --git a/pom.xml b/pom.xml
-index c902899304..6c24bdc0b2 100644
+index 9051ed24c5..e839295b61 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -233,6 +233,12 @@
- 
+@@ -283,6 +283,12 @@
+     </pluginRepositories>
      <dependencyManagement>
          <dependencies>
 +            <!-- Mitigate CVE-2024-36114: See https://github.com/stackabletech/vulnerabilities/issues/834 -->
diff --git a/druid/stackable/patches/26.0.0/0009-Update-FMPP-version.patch b/druid/stackable/patches/30.0.1/09-update-fmpp.patch
similarity index 51%
rename from druid/stackable/patches/26.0.0/0009-Update-FMPP-version.patch
rename to druid/stackable/patches/30.0.1/09-update-fmpp.patch
index 67120aec1..3abb818da 100644
--- a/druid/stackable/patches/26.0.0/0009-Update-FMPP-version.patch
+++ b/druid/stackable/patches/30.0.1/09-update-fmpp.patch
@@ -1,18 +1,8 @@
-From 736165ab0fe73e0bef765f2cfd21cd800baddbc1 Mon Sep 17 00:00:00 2001
-From: Lars Francke <git@lars-francke.de>
-Date: Thu, 12 Dec 2024 06:35:21 +0100
-Subject: Update FMPP version
-
-This is because FMPP Maven Plugin depends on FMPP in version 0.9.14
-which itself depends on a Freemarker version that has not been pinned.
-Instead it specifies a "range" which resolves to a SNAPSHOT version
-which we don't want.
----
- sql/pom.xml | 7 +++++++
- 1 file changed, 7 insertions(+)
-
+diff --git a/10-update-fmpp.patch b/10-update-fmpp.patch
+new file mode 100644
+index 0000000000..e69de29bb2
 diff --git a/sql/pom.xml b/sql/pom.xml
-index e2bbd8c7f8..a72f96a6ca 100644
+index bdd29f3f91..e5ba89f655 100644
 --- a/sql/pom.xml
 +++ b/sql/pom.xml
 @@ -322,6 +322,13 @@
diff --git a/druid/stackable/patches/30.0.1/10-cve-2023-34455-rm-snappy.patch b/druid/stackable/patches/30.0.1/10-cve-2023-34455-rm-snappy.patch
new file mode 100644
index 000000000..e4e440d0d
--- /dev/null
+++ b/druid/stackable/patches/30.0.1/10-cve-2023-34455-rm-snappy.patch
@@ -0,0 +1,36 @@
+Fix CVE-2023-34455
+see https://github.com/stackabletech/vulnerabilities/issues/558
+
+At the end of build process, Druid downloads dependencies directly from a remote
+Maven repository ignoring existing patches that have been applyed locally.
+These dependencies include all transitive dependencies too.
+The hadoop client depends on a vulnerable version of the snappy library which
+is then also downloaded even though a newer version is already on the system.
+
+This patch removes the vulnerable jars.
+
+diff --git a/distribution/pom.xml b/distribution/pom.xml
+index d5918710ef..2d5bfc6ab4 100644
+--- a/distribution/pom.xml
++++ b/distribution/pom.xml
+@@ -259,6 +259,20 @@
+                                     </arguments>
+                                 </configuration>
+                             </execution>
++                            <execution>
++                                <id>fix-cve-2023-34455-remove-snappy</id>
++                                <phase>package</phase>
++                                <goals>
++                                    <goal>exec</goal>
++                                </goals>
++                                <configuration>
++                                  <executable>/usr/bin/rm</executable>
++                                    <arguments>
++                                      <argument>${project.build.directory}/hadoop-dependencies/hadoop-client-api/3.3.6/snappy-java-1.1.8.2.jar</argument>
++                                      <argument>${project.build.directory}/hadoop-dependencies/hadoop-client-runtime/3.3.6/snappy-java-1.1.8.2.jar</argument>
++                                    </arguments>
++                                </configuration>
++                            </execution>
+                         </executions>
+                     </plugin>
+                     <plugin>
diff --git a/druid/stackable/patches/30.0.1/series b/druid/stackable/patches/30.0.1/series
new file mode 100644
index 000000000..0dc0d4cac
--- /dev/null
+++ b/druid/stackable/patches/30.0.1/series
@@ -0,0 +1,9 @@
+# This series applies on Git commit 0f4a8032d4f3c17fc8a7d3dba5fc272c1bd76c2b
+01-remove-ranger-security.patch
+02-prometheus-emitter-from-source.patch
+03-stop-building-unused-extensions.patch
+04-update-patch-dependencies.patch
+05-xmllayout-dependencies.patch
+06-dont-build-targz.patch
+07-cyclonedx-plugin.patch
+08-CVE-2024-36114-bump-aircompressor-0-27.patch
diff --git a/druid/versions.py b/druid/versions.py
index c2f85646f..ec46b26da 100644
--- a/druid/versions.py
+++ b/druid/versions.py
@@ -1,13 +1,14 @@
 versions = [
     {
-        "product": "26.0.0",
-        "java-base": "11",
-        "java-devel": "11",
+        "product": "30.0.0",
+        # https://druid.apache.org/docs/30.0.0/operations/java/
+        "java-base": "17",
+        "java-devel": "17",
         "authorizer": "0.6.0",
     },
     {
-        "product": "30.0.0",
-        # https://druid.apache.org/docs/30.0.0/operations/java/
+        "product": "30.0.1",
+        # https://druid.apache.org/docs/30.0.1/operations/java/
         "java-base": "17",
         "java-devel": "17",
         "authorizer": "0.6.0",

From 2a27d33d1f4b2293e2d4c7ac3653c1121d13fd64 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Natalie=20Klestrup=20R=C3=B6ijezon?= <nat@nullable.se>
Date: Thu, 27 Feb 2025 14:01:47 +0100
Subject: [PATCH 5/6] Convert Druid 30.0.1 patches to patchable

---
 ...races-of-the-druid-ranger-extension.patch} | 16 ++++----
 ...-Prometheus-emitter-in-distribution.patch} | 11 +++---
 ...003-Stop-building-unused-extensions.patch} | 12 +++---
 ...dencies-that-have-a-new-patch-relea.patch} | 38 +++++++++++--------
 ...e-jackson-dataformat-xml-dependency.patch} | 10 +++--
 ...op-building-the-tar.gz-distribution.patch} |  7 ++--
 ...tch => 0007-Update-CycloneDX-plugin.patch} | 13 ++++++-
 ...27.patch => 0008-Fix-CVE-2024-36114.patch} | 13 +++++--
 .../30.0.1/0009-Update-FMPP-version.patch     | 31 +++++++++++++++
 ...py.patch => 0010-Fix-CVE-2023-34455.patch} | 11 +++++-
 .../patches/30.0.1/09-update-fmpp.patch       | 21 ----------
 druid/stackable/patches/30.0.1/patchable.toml |  2 +
 druid/stackable/patches/30.0.1/series         |  9 -----
 13 files changed, 117 insertions(+), 77 deletions(-)
 rename druid/stackable/patches/30.0.1/{01-remove-ranger-security.patch => 0001-Removes-all-traces-of-the-druid-ranger-extension.patch} (79%)
 rename druid/stackable/patches/30.0.1/{02-prometheus-emitter-from-source.patch => 0002-Include-Prometheus-emitter-in-distribution.patch} (90%)
 rename druid/stackable/patches/30.0.1/{03-stop-building-unused-extensions.patch => 0003-Stop-building-unused-extensions.patch} (89%)
 rename druid/stackable/patches/30.0.1/{04-update-patch-dependencies.patch => 0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch} (85%)
 rename druid/stackable/patches/30.0.1/{05-xmllayout-dependencies.patch => 0005-Include-jackson-dataformat-xml-dependency.patch} (77%)
 rename druid/stackable/patches/30.0.1/{06-dont-build-targz.patch => 0006-Stop-building-the-tar.gz-distribution.patch} (78%)
 rename druid/stackable/patches/30.0.1/{07-cyclonedx-plugin.patch => 0007-Update-CycloneDX-plugin.patch} (63%)
 rename druid/stackable/patches/30.0.1/{08-CVE-2024-36114-bump-aircompressor-0-27.patch => 0008-Fix-CVE-2024-36114.patch} (84%)
 create mode 100644 druid/stackable/patches/30.0.1/0009-Update-FMPP-version.patch
 rename druid/stackable/patches/30.0.1/{10-cve-2023-34455-rm-snappy.patch => 0010-Fix-CVE-2023-34455.patch} (84%)
 delete mode 100644 druid/stackable/patches/30.0.1/09-update-fmpp.patch
 create mode 100644 druid/stackable/patches/30.0.1/patchable.toml
 delete mode 100644 druid/stackable/patches/30.0.1/series

diff --git a/druid/stackable/patches/30.0.1/01-remove-ranger-security.patch b/druid/stackable/patches/30.0.1/0001-Removes-all-traces-of-the-druid-ranger-extension.patch
similarity index 79%
rename from druid/stackable/patches/30.0.1/01-remove-ranger-security.patch
rename to druid/stackable/patches/30.0.1/0001-Removes-all-traces-of-the-druid-ranger-extension.patch
index 14c4d1c5e..e483b6144 100644
--- a/druid/stackable/patches/30.0.1/01-remove-ranger-security.patch
+++ b/druid/stackable/patches/30.0.1/0001-Removes-all-traces-of-the-druid-ranger-extension.patch
@@ -1,13 +1,15 @@
-Removes all traces of the druid ranger extension
-
+From 1f18905f78c9c46c7c12c1d705547f00ddbfa1ab Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
-
+Date: Wed, 10 Jul 2024 17:07:13 +0200
+Subject: Removes all traces of the druid ranger extension
 
 ---
- 0 files changed
+ distribution/pom.xml | 2 --
+ pom.xml              | 1 -
+ 2 files changed, 3 deletions(-)
 
 diff --git a/distribution/pom.xml b/distribution/pom.xml
-index 0f17a8c877..d7cd645767 100644
+index 1ebfa31f84..9c2cfc8753 100644
 --- a/distribution/pom.xml
 +++ b/distribution/pom.xml
 @@ -252,8 +252,6 @@
@@ -20,10 +22,10 @@ index 0f17a8c877..d7cd645767 100644
                                          <argument>-c</argument>
                                          <argument>org.apache.druid.extensions:druid-catalog</argument>
 diff --git a/pom.xml b/pom.xml
-index cfca79dc6e..2acb812cbe 100644
+index 17cd202ea6..08a3f24210 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -199,7 +199,6 @@
+@@ -198,7 +198,6 @@
          <module>extensions-core/simple-client-sslcontext</module>
          <module>extensions-core/druid-basic-security</module>
          <module>extensions-core/google-extensions</module>
diff --git a/druid/stackable/patches/30.0.1/02-prometheus-emitter-from-source.patch b/druid/stackable/patches/30.0.1/0002-Include-Prometheus-emitter-in-distribution.patch
similarity index 90%
rename from druid/stackable/patches/30.0.1/02-prometheus-emitter-from-source.patch
rename to druid/stackable/patches/30.0.1/0002-Include-Prometheus-emitter-in-distribution.patch
index 8f0ca6795..9ed01f6ff 100644
--- a/druid/stackable/patches/30.0.1/02-prometheus-emitter-from-source.patch
+++ b/druid/stackable/patches/30.0.1/0002-Include-Prometheus-emitter-in-distribution.patch
@@ -1,13 +1,14 @@
-Include Prometheus emitter in distribution
-
+From b449a870c7cf546117aba0a64c1b1487e036ab14 Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
-
+Date: Mon, 17 Feb 2025 16:42:34 +0100
+Subject: Include Prometheus emitter in distribution
 
 ---
- 0 files changed
+ distribution/pom.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 46 insertions(+)
 
 diff --git a/distribution/pom.xml b/distribution/pom.xml
-index d7cd645767..eda1ddcfab 100644
+index 9c2cfc8753..08b4121287 100644
 --- a/distribution/pom.xml
 +++ b/distribution/pom.xml
 @@ -464,6 +464,52 @@
diff --git a/druid/stackable/patches/30.0.1/03-stop-building-unused-extensions.patch b/druid/stackable/patches/30.0.1/0003-Stop-building-unused-extensions.patch
similarity index 89%
rename from druid/stackable/patches/30.0.1/03-stop-building-unused-extensions.patch
rename to druid/stackable/patches/30.0.1/0003-Stop-building-unused-extensions.patch
index 7d0f91dd1..08e568794 100644
--- a/druid/stackable/patches/30.0.1/03-stop-building-unused-extensions.patch
+++ b/druid/stackable/patches/30.0.1/0003-Stop-building-unused-extensions.patch
@@ -1,18 +1,20 @@
-Stop building unused extensions.
-
+From 087a8e2324d938871c012097446f106daba7d6a7 Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
+Date: Mon, 17 Feb 2025 16:42:34 +0100
+Subject: Stop building unused extensions.
 
 By default Druid builds all community extensions and then discards them
 while assembling the final distribution. This patch removes unused
 extensions from the build.
 ---
- 0 files changed
+ pom.xml | 32 +-------------------------------
+ 1 file changed, 1 insertion(+), 31 deletions(-)
 
 diff --git a/pom.xml b/pom.xml
-index 2acb812cbe..38e0ddc61a 100644
+index 08a3f24210..e8585349f4 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -201,39 +201,9 @@
+@@ -200,39 +200,9 @@
          <module>extensions-core/google-extensions</module>
          <module>extensions-core/druid-catalog</module>
          <module>extensions-core/testing-tools</module>
diff --git a/druid/stackable/patches/30.0.1/04-update-patch-dependencies.patch b/druid/stackable/patches/30.0.1/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch
similarity index 85%
rename from druid/stackable/patches/30.0.1/04-update-patch-dependencies.patch
rename to druid/stackable/patches/30.0.1/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch
index 989b42620..6c3c75c4d 100644
--- a/druid/stackable/patches/30.0.1/04-update-patch-dependencies.patch
+++ b/druid/stackable/patches/30.0.1/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch
@@ -1,13 +1,19 @@
-Updates all dependencies that have a new patch release available.
-
+From cf05fadf57c308bf782844226d7fd133ec200189 Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
-
+Date: Mon, 17 Feb 2025 16:42:49 +0100
+Subject: Updates all dependencies that have a new patch release available.
 
 ---
- 0 files changed
+ extensions-core/druid-pac4j/pom.xml           |  5 +++-
+ extensions-core/kubernetes-extensions/pom.xml |  2 +-
+ extensions-core/orc-extensions/pom.xml        |  2 +-
+ extensions-core/parquet-extensions/pom.xml    |  2 +-
+ pom.xml                                       | 29 ++++++++++---------
+ processing/pom.xml                            |  2 +-
+ 6 files changed, 24 insertions(+), 18 deletions(-)
 
 diff --git a/extensions-core/druid-pac4j/pom.xml b/extensions-core/druid-pac4j/pom.xml
-index 282e0e5b15..523a2ca305 100644
+index 1f95186c19..7961274438 100644
 --- a/extensions-core/druid-pac4j/pom.xml
 +++ b/extensions-core/druid-pac4j/pom.xml
 @@ -38,7 +38,10 @@
@@ -23,10 +29,10 @@ index 282e0e5b15..523a2ca305 100644
    </properties>
  
 diff --git a/extensions-core/kubernetes-extensions/pom.xml b/extensions-core/kubernetes-extensions/pom.xml
-index e3e77a99af..1304740ff3 100644
+index 33c8a0b2f6..17f288b868 100644
 --- a/extensions-core/kubernetes-extensions/pom.xml
 +++ b/extensions-core/kubernetes-extensions/pom.xml
-@@ -35,7 +35,7 @@
+@@ -34,7 +34,7 @@
    </parent>
  
    <properties>
@@ -36,7 +42,7 @@ index e3e77a99af..1304740ff3 100644
  
  
 diff --git a/extensions-core/orc-extensions/pom.xml b/extensions-core/orc-extensions/pom.xml
-index b7eb007979..2c210c42c0 100644
+index 47e178d19e..fd985b9061 100644
 --- a/extensions-core/orc-extensions/pom.xml
 +++ b/extensions-core/orc-extensions/pom.xml
 @@ -31,7 +31,7 @@
@@ -49,7 +55,7 @@ index b7eb007979..2c210c42c0 100644
      <dependencies>
          <dependency>
 diff --git a/extensions-core/parquet-extensions/pom.xml b/extensions-core/parquet-extensions/pom.xml
-index 371d2e7673..ad0b874db0 100644
+index b2b7c2ff04..f8d213d63c 100644
 --- a/extensions-core/parquet-extensions/pom.xml
 +++ b/extensions-core/parquet-extensions/pom.xml
 @@ -201,7 +201,7 @@
@@ -62,7 +68,7 @@ index 371d2e7673..ad0b874db0 100644
      </profile>
    </profiles>
 diff --git a/pom.xml b/pom.xml
-index 73fb14c1fc..26b24b8c14 100644
+index e8585349f4..e1b83dac70 100644
 --- a/pom.xml
 +++ b/pom.xml
 @@ -74,7 +74,7 @@
@@ -98,7 +104,7 @@ index 73fb14c1fc..26b24b8c14 100644
 +        <jackson.version>2.12.7.20240502</jackson.version>
          <codehaus.jackson.version>1.9.13</codehaus.jackson.version>
          <log4j.version>2.22.1</log4j.version>
-         <mysql.version>5.1.49</mysql.version>
+         <mysql.version>8.2.0</mysql.version>
          <mariadb.version>2.7.3</mariadb.version>
          <netty3.version>3.10.6.Final</netty3.version>
 -        <netty4.version>4.1.108.Final</netty4.version>
@@ -110,9 +116,9 @@ index 73fb14c1fc..26b24b8c14 100644
          <resilience4j.version>1.3.1</resilience4j.version>
          <slf4j.version>1.7.36</slf4j.version>
          <jna.version>5.13.0</jna.version>
-@@ -120,17 +120,17 @@
-              however it is required in some cases when running against mockito 4.x (mockito 4.x is required for Java <11.
-              We use the following property to pick the proper artifact based on Java version (see pre-java-11 profile) -->
+@@ -119,17 +122,17 @@
+         <!-- mockito-inline artifact was removed in mockito 5.3 (mockito 5.x is required for Java >17),
+              however it is required in some cases when running against mockito 4.x (mockito 4.x is required for Java <11. We use the following property to pick the proper artifact based on Java version (see pre-java-11 profile) -->
          <mockito.inline.artifact>core</mockito.inline.artifact>
 -        <aws.sdk.version>1.12.638</aws.sdk.version>
 -        <caffeine.version>2.8.0</caffeine.version>
@@ -134,10 +140,10 @@ index 73fb14c1fc..26b24b8c14 100644
          <jdk.strong.encapsulation.argLine><!-- empty placeholder --></jdk.strong.encapsulation.argLine>
          <jdk.security.manager.allow.argLine><!-- empty placeholder --></jdk.security.manager.allow.argLine>
 diff --git a/processing/pom.xml b/processing/pom.xml
-index affd900fe6..0daad4fa56 100644
+index fcc16a65c5..2f5fb45890 100644
 --- a/processing/pom.xml
 +++ b/processing/pom.xml
-@@ -37,7 +37,7 @@
+@@ -36,7 +36,7 @@
      <sigar.base.version>1.6.5</sigar.base.version>
      <sigar.version>${sigar.base.version}.132</sigar.version>
      <ipaddress.version>5.3.4</ipaddress.version>
diff --git a/druid/stackable/patches/30.0.1/05-xmllayout-dependencies.patch b/druid/stackable/patches/30.0.1/0005-Include-jackson-dataformat-xml-dependency.patch
similarity index 77%
rename from druid/stackable/patches/30.0.1/05-xmllayout-dependencies.patch
rename to druid/stackable/patches/30.0.1/0005-Include-jackson-dataformat-xml-dependency.patch
index 29d325dfc..dc3775693 100644
--- a/druid/stackable/patches/30.0.1/05-xmllayout-dependencies.patch
+++ b/druid/stackable/patches/30.0.1/0005-Include-jackson-dataformat-xml-dependency.patch
@@ -1,16 +1,18 @@
-Include jackson-dataformat-xml dependency.
-
+From 1f1d47e9ab58fe2d4549225f182f3ff381971c20 Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
+Date: Mon, 17 Feb 2025 16:42:49 +0100
+Subject: Include jackson-dataformat-xml dependency.
 
 This allows us to use XmlLayout for Log4jV2.
 By including it here as a dependency we can make sure that we always have
 the matching version and we don't need to include it manually later in the
 build.
 ---
- 0 files changed
+ server/pom.xml | 5 +++++
+ 1 file changed, 5 insertions(+)
 
 diff --git a/server/pom.xml b/server/pom.xml
-index 410b51480e..b7dcf46111 100644
+index cfa6b8f9f5..4e36bc9438 100644
 --- a/server/pom.xml
 +++ b/server/pom.xml
 @@ -205,6 +205,11 @@
diff --git a/druid/stackable/patches/30.0.1/06-dont-build-targz.patch b/druid/stackable/patches/30.0.1/0006-Stop-building-the-tar.gz-distribution.patch
similarity index 78%
rename from druid/stackable/patches/30.0.1/06-dont-build-targz.patch
rename to druid/stackable/patches/30.0.1/0006-Stop-building-the-tar.gz-distribution.patch
index 1bed79fd1..f2474299a 100644
--- a/druid/stackable/patches/30.0.1/06-dont-build-targz.patch
+++ b/druid/stackable/patches/30.0.1/0006-Stop-building-the-tar.gz-distribution.patch
@@ -1,11 +1,12 @@
-Stop building the tar.gz distribution.
-
+From 719e70a5143f7fc3143186a2e277495be7eada72 Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
+Date: Mon, 17 Feb 2025 16:42:49 +0100
+Subject: Stop building the tar.gz distribution.
 
 All we do is build Druid tar and gzip it only to immediately uncompress it
 again. So, instead we just skip the compression step entirely.
 ---
- distribution/src/assembly/assembly.xml |    2 +-
+ distribution/src/assembly/assembly.xml | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/distribution/src/assembly/assembly.xml b/distribution/src/assembly/assembly.xml
diff --git a/druid/stackable/patches/30.0.1/07-cyclonedx-plugin.patch b/druid/stackable/patches/30.0.1/0007-Update-CycloneDX-plugin.patch
similarity index 63%
rename from druid/stackable/patches/30.0.1/07-cyclonedx-plugin.patch
rename to druid/stackable/patches/30.0.1/0007-Update-CycloneDX-plugin.patch
index b2ddeebf6..ac98de27e 100644
--- a/druid/stackable/patches/30.0.1/07-cyclonedx-plugin.patch
+++ b/druid/stackable/patches/30.0.1/0007-Update-CycloneDX-plugin.patch
@@ -1,8 +1,17 @@
+From aff63a7572dd88797be111e8ab04d443bf125369 Mon Sep 17 00:00:00 2001
+From: Lukas Voetmand <lukas.voetmand@stackable.tech>
+Date: Fri, 6 Sep 2024 17:53:52 +0200
+Subject: Update CycloneDX plugin
+
+---
+ pom.xml | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
 diff --git a/pom.xml b/pom.xml
-index 9051ed2..10a2c85 100644
+index e1b83dac70..7cf5ffda15 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -1728,7 +1728,11 @@
+@@ -1700,7 +1700,11 @@
              <plugin>
                  <groupId>org.cyclonedx</groupId>
                  <artifactId>cyclonedx-maven-plugin</artifactId>
diff --git a/druid/stackable/patches/30.0.1/08-CVE-2024-36114-bump-aircompressor-0-27.patch b/druid/stackable/patches/30.0.1/0008-Fix-CVE-2024-36114.patch
similarity index 84%
rename from druid/stackable/patches/30.0.1/08-CVE-2024-36114-bump-aircompressor-0-27.patch
rename to druid/stackable/patches/30.0.1/0008-Fix-CVE-2024-36114.patch
index 04999a574..240d7f409 100644
--- a/druid/stackable/patches/30.0.1/08-CVE-2024-36114-bump-aircompressor-0-27.patch
+++ b/druid/stackable/patches/30.0.1/0008-Fix-CVE-2024-36114.patch
@@ -1,4 +1,8 @@
-Fix CVE-2024-36114
+From 3c4e883753763d3b76b05b438b65feff345d3fb2 Mon Sep 17 00:00:00 2001
+From: Malte Sander <malte.sander.it@gmail.com>
+Date: Thu, 12 Dec 2024 17:59:17 +0100
+Subject: Fix CVE-2024-36114
+
 see https://github.com/stackabletech/vulnerabilities/issues/834
 
 Aircompressor is a library with ports of the Snappy, LZO, LZ4, and
@@ -17,12 +21,15 @@ have been fixed. When decompressing data from untrusted users, this can
 be exploited for a denial-of-service attack by crashing the JVM, or to
 leak other sensitive information from the Java process. There are no
 known workarounds for this issue.
+---
+ pom.xml | 6 ++++++
+ 1 file changed, 6 insertions(+)
 
 diff --git a/pom.xml b/pom.xml
-index 9051ed24c5..e839295b61 100644
+index 7cf5ffda15..f27713d5fd 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -283,6 +283,12 @@
+@@ -255,6 +255,12 @@
      </pluginRepositories>
      <dependencyManagement>
          <dependencies>
diff --git a/druid/stackable/patches/30.0.1/0009-Update-FMPP-version.patch b/druid/stackable/patches/30.0.1/0009-Update-FMPP-version.patch
new file mode 100644
index 000000000..2580e05e1
--- /dev/null
+++ b/druid/stackable/patches/30.0.1/0009-Update-FMPP-version.patch
@@ -0,0 +1,31 @@
+From 64f5d9955d31695a0bbb98bc70233cca49939bfb Mon Sep 17 00:00:00 2001
+From: Lars Francke <git@lars-francke.de>
+Date: Thu, 12 Dec 2024 06:35:21 +0100
+Subject: Update FMPP version
+
+This is because FMPP Maven Plugin depends on FMPP in version 0.9.14
+which itself depends on a Freemarker version that has not been pinned.
+Instead it specifies a "range" which resolves to a SNAPSHOT version
+which we don't want.
+---
+ sql/pom.xml | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/sql/pom.xml b/sql/pom.xml
+index 00ed50cf69..bad8096a59 100644
+--- a/sql/pom.xml
++++ b/sql/pom.xml
+@@ -384,6 +384,13 @@
+       <plugin>
+         <groupId>com.googlecode.fmpp-maven-plugin</groupId>
+         <artifactId>fmpp-maven-plugin</artifactId>
++        <dependencies>
++          <dependency>
++            <groupId>net.sourceforge.fmpp</groupId>
++            <artifactId>fmpp</artifactId>
++            <version>0.9.16</version>
++          </dependency>
++        </dependencies>
+         <executions>
+           <execution>
+             <id>generate-fmpp-sources</id>
diff --git a/druid/stackable/patches/30.0.1/10-cve-2023-34455-rm-snappy.patch b/druid/stackable/patches/30.0.1/0010-Fix-CVE-2023-34455.patch
similarity index 84%
rename from druid/stackable/patches/30.0.1/10-cve-2023-34455-rm-snappy.patch
rename to druid/stackable/patches/30.0.1/0010-Fix-CVE-2023-34455.patch
index e4e440d0d..fab4b0f0d 100644
--- a/druid/stackable/patches/30.0.1/10-cve-2023-34455-rm-snappy.patch
+++ b/druid/stackable/patches/30.0.1/0010-Fix-CVE-2023-34455.patch
@@ -1,4 +1,8 @@
-Fix CVE-2023-34455
+From f246bea0ec12b167b4fb49dcf775527429715f77 Mon Sep 17 00:00:00 2001
+From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
+Date: Tue, 28 Jan 2025 17:29:59 +0100
+Subject: Fix CVE-2023-34455
+
 see https://github.com/stackabletech/vulnerabilities/issues/558
 
 At the end of build process, Druid downloads dependencies directly from a remote
@@ -8,9 +12,12 @@ The hadoop client depends on a vulnerable version of the snappy library which
 is then also downloaded even though a newer version is already on the system.
 
 This patch removes the vulnerable jars.
+---
+ distribution/pom.xml | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
 
 diff --git a/distribution/pom.xml b/distribution/pom.xml
-index d5918710ef..2d5bfc6ab4 100644
+index 08b4121287..ba08137c26 100644
 --- a/distribution/pom.xml
 +++ b/distribution/pom.xml
 @@ -259,6 +259,20 @@
diff --git a/druid/stackable/patches/30.0.1/09-update-fmpp.patch b/druid/stackable/patches/30.0.1/09-update-fmpp.patch
deleted file mode 100644
index 3abb818da..000000000
--- a/druid/stackable/patches/30.0.1/09-update-fmpp.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff --git a/10-update-fmpp.patch b/10-update-fmpp.patch
-new file mode 100644
-index 0000000000..e69de29bb2
-diff --git a/sql/pom.xml b/sql/pom.xml
-index bdd29f3f91..e5ba89f655 100644
---- a/sql/pom.xml
-+++ b/sql/pom.xml
-@@ -322,6 +322,13 @@
-       <plugin>
-         <groupId>com.googlecode.fmpp-maven-plugin</groupId>
-         <artifactId>fmpp-maven-plugin</artifactId>
-+        <dependencies>
-+          <dependency>
-+            <groupId>net.sourceforge.fmpp</groupId>
-+            <artifactId>fmpp</artifactId>
-+            <version>0.9.16</version>
-+          </dependency>
-+        </dependencies>
-         <executions>
-           <execution>
-             <id>generate-fmpp-sources</id>
diff --git a/druid/stackable/patches/30.0.1/patchable.toml b/druid/stackable/patches/30.0.1/patchable.toml
new file mode 100644
index 000000000..aad1cde81
--- /dev/null
+++ b/druid/stackable/patches/30.0.1/patchable.toml
@@ -0,0 +1,2 @@
+upstream = "https://github.com/apache/druid.git"
+base = "a30af7a91d528e5c3a90356a5592abc7119191c6"
diff --git a/druid/stackable/patches/30.0.1/series b/druid/stackable/patches/30.0.1/series
deleted file mode 100644
index 0dc0d4cac..000000000
--- a/druid/stackable/patches/30.0.1/series
+++ /dev/null
@@ -1,9 +0,0 @@
-# This series applies on Git commit 0f4a8032d4f3c17fc8a7d3dba5fc272c1bd76c2b
-01-remove-ranger-security.patch
-02-prometheus-emitter-from-source.patch
-03-stop-building-unused-extensions.patch
-04-update-patch-dependencies.patch
-05-xmllayout-dependencies.patch
-06-dont-build-targz.patch
-07-cyclonedx-plugin.patch
-08-CVE-2024-36114-bump-aircompressor-0-27.patch

From 79ad10052f8357df8eb9f550a2076fdf527e276d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Natalie=20Klestrup=20R=C3=B6ijezon?= <nat@nullable.se>
Date: Thu, 27 Feb 2025 14:07:13 +0100
Subject: [PATCH 6/6] Convert Druid 31.0.1 patches to patchable

---
 ...races-of-the-druid-ranger-extension.patch} | 16 ++++++----
 ...-Prometheus-emitter-in-distribution.patch} | 11 ++++---
 ...003-Stop-building-unused-extensions.patch} | 12 ++++---
 ...dencies-that-have-a-new-patch-relea.patch} | 32 ++++++++++++-------
 ...e-jackson-dataformat-xml-dependency.patch} | 10 +++---
 ...op-building-the-tar.gz-distribution.patch} |  7 ++--
 ...tch => 0007-Update-CycloneDX-plugin.patch} | 13 ++++++--
 ...27.patch => 0008-Fix-CVE-2024-36114.patch} | 12 +++++--
 ...p.patch => 0009-Update-FMPP-version.patch} | 19 +++++++++--
 ...py.patch => 0010-Fix-CVE-2023-34455.patch} | 11 +++++--
 druid/stackable/patches/31.0.1/patchable.toml |  2 ++
 11 files changed, 101 insertions(+), 44 deletions(-)
 rename druid/stackable/patches/31.0.1/{01-remove-ranger-security.patch => 0001-Removes-all-traces-of-the-druid-ranger-extension.patch} (79%)
 rename druid/stackable/patches/31.0.1/{02-prometheus-emitter-from-source.patch => 0002-Include-Prometheus-emitter-in-distribution.patch} (90%)
 rename druid/stackable/patches/31.0.1/{03-stop-building-unused-extensions.patch => 0003-Stop-building-unused-extensions.patch} (89%)
 rename druid/stackable/patches/31.0.1/{04-update-patch-dependencies.patch => 0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch} (88%)
 rename druid/stackable/patches/31.0.1/{05-xmllayout-dependencies.patch => 0005-Include-jackson-dataformat-xml-dependency.patch} (77%)
 rename druid/stackable/patches/31.0.1/{06-dont-build-targz.patch => 0006-Stop-building-the-tar.gz-distribution.patch} (78%)
 rename druid/stackable/patches/31.0.1/{07-cyclonedx-plugin.patch => 0007-Update-CycloneDX-plugin.patch} (63%)
 rename druid/stackable/patches/31.0.1/{08-CVE-2024-36114-bump-aircompressor-0-27.patch => 0008-Fix-CVE-2024-36114.patch} (85%)
 rename druid/stackable/patches/31.0.1/{09-update-fmpp.patch => 0009-Update-FMPP-version.patch} (51%)
 rename druid/stackable/patches/31.0.1/{10-cve-2023-34455-rm-snappy.patch => 0010-Fix-CVE-2023-34455.patch} (84%)
 create mode 100644 druid/stackable/patches/31.0.1/patchable.toml

diff --git a/druid/stackable/patches/31.0.1/01-remove-ranger-security.patch b/druid/stackable/patches/31.0.1/0001-Removes-all-traces-of-the-druid-ranger-extension.patch
similarity index 79%
rename from druid/stackable/patches/31.0.1/01-remove-ranger-security.patch
rename to druid/stackable/patches/31.0.1/0001-Removes-all-traces-of-the-druid-ranger-extension.patch
index 14c4d1c5e..1a63c96b7 100644
--- a/druid/stackable/patches/31.0.1/01-remove-ranger-security.patch
+++ b/druid/stackable/patches/31.0.1/0001-Removes-all-traces-of-the-druid-ranger-extension.patch
@@ -1,13 +1,15 @@
-Removes all traces of the druid ranger extension
-
+From ac257969aaf853835a5a410bb3d432c2b8d9f390 Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
-
+Date: Wed, 10 Jul 2024 17:07:13 +0200
+Subject: Removes all traces of the druid ranger extension
 
 ---
- 0 files changed
+ distribution/pom.xml | 2 --
+ pom.xml              | 1 -
+ 2 files changed, 3 deletions(-)
 
 diff --git a/distribution/pom.xml b/distribution/pom.xml
-index 0f17a8c877..d7cd645767 100644
+index dcb01abceb..1a4f7df716 100644
 --- a/distribution/pom.xml
 +++ b/distribution/pom.xml
 @@ -252,8 +252,6 @@
@@ -20,10 +22,10 @@ index 0f17a8c877..d7cd645767 100644
                                          <argument>-c</argument>
                                          <argument>org.apache.druid.extensions:druid-catalog</argument>
 diff --git a/pom.xml b/pom.xml
-index cfca79dc6e..2acb812cbe 100644
+index e5bcfafacb..807f9f11df 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -199,7 +199,6 @@
+@@ -198,7 +198,6 @@
          <module>extensions-core/simple-client-sslcontext</module>
          <module>extensions-core/druid-basic-security</module>
          <module>extensions-core/google-extensions</module>
diff --git a/druid/stackable/patches/31.0.1/02-prometheus-emitter-from-source.patch b/druid/stackable/patches/31.0.1/0002-Include-Prometheus-emitter-in-distribution.patch
similarity index 90%
rename from druid/stackable/patches/31.0.1/02-prometheus-emitter-from-source.patch
rename to druid/stackable/patches/31.0.1/0002-Include-Prometheus-emitter-in-distribution.patch
index 8f0ca6795..beb5f4e94 100644
--- a/druid/stackable/patches/31.0.1/02-prometheus-emitter-from-source.patch
+++ b/druid/stackable/patches/31.0.1/0002-Include-Prometheus-emitter-in-distribution.patch
@@ -1,13 +1,14 @@
-Include Prometheus emitter in distribution
-
+From 484bd7f13890823fdfdcbec5bd21b046ac885015 Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
-
+Date: Mon, 17 Feb 2025 16:42:34 +0100
+Subject: Include Prometheus emitter in distribution
 
 ---
- 0 files changed
+ distribution/pom.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 46 insertions(+)
 
 diff --git a/distribution/pom.xml b/distribution/pom.xml
-index d7cd645767..eda1ddcfab 100644
+index 1a4f7df716..a28e34bb6a 100644
 --- a/distribution/pom.xml
 +++ b/distribution/pom.xml
 @@ -464,6 +464,52 @@
diff --git a/druid/stackable/patches/31.0.1/03-stop-building-unused-extensions.patch b/druid/stackable/patches/31.0.1/0003-Stop-building-unused-extensions.patch
similarity index 89%
rename from druid/stackable/patches/31.0.1/03-stop-building-unused-extensions.patch
rename to druid/stackable/patches/31.0.1/0003-Stop-building-unused-extensions.patch
index 7d0f91dd1..97fc3b900 100644
--- a/druid/stackable/patches/31.0.1/03-stop-building-unused-extensions.patch
+++ b/druid/stackable/patches/31.0.1/0003-Stop-building-unused-extensions.patch
@@ -1,18 +1,20 @@
-Stop building unused extensions.
-
+From 540182e6a1169103cb77ff37d963186f23204800 Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
+Date: Mon, 17 Feb 2025 16:42:34 +0100
+Subject: Stop building unused extensions.
 
 By default Druid builds all community extensions and then discards them
 while assembling the final distribution. This patch removes unused
 extensions from the build.
 ---
- 0 files changed
+ pom.xml | 32 +-------------------------------
+ 1 file changed, 1 insertion(+), 31 deletions(-)
 
 diff --git a/pom.xml b/pom.xml
-index 2acb812cbe..38e0ddc61a 100644
+index 807f9f11df..e9e19f7920 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -201,39 +201,9 @@
+@@ -200,39 +200,9 @@
          <module>extensions-core/google-extensions</module>
          <module>extensions-core/druid-catalog</module>
          <module>extensions-core/testing-tools</module>
diff --git a/druid/stackable/patches/31.0.1/04-update-patch-dependencies.patch b/druid/stackable/patches/31.0.1/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch
similarity index 88%
rename from druid/stackable/patches/31.0.1/04-update-patch-dependencies.patch
rename to druid/stackable/patches/31.0.1/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch
index 364fe1cc5..f6d435ab6 100644
--- a/druid/stackable/patches/31.0.1/04-update-patch-dependencies.patch
+++ b/druid/stackable/patches/31.0.1/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch
@@ -1,11 +1,19 @@
-Updates all dependencies that have a new patch release available.
-
-From: Lukas Krug <lukas.krug@stackable.tech>
-
+From 14918ed4cad073b1e62ba26111352dafd2da3ae0 Mon Sep 17 00:00:00 2001
+From: Lars Francke <git@lars-francke.de>
+Date: Mon, 17 Feb 2025 16:42:49 +0100
+Subject: Updates all dependencies that have a new patch release available.
 
 ---
+ extensions-core/druid-pac4j/pom.xml           |  2 +-
+ extensions-core/kubernetes-extensions/pom.xml |  2 +-
+ extensions-core/orc-extensions/pom.xml        |  2 +-
+ extensions-core/parquet-extensions/pom.xml    |  2 +-
+ pom.xml                                       | 31 ++++++++++---------
+ processing/pom.xml                            |  2 +-
+ 6 files changed, 22 insertions(+), 19 deletions(-)
+
 diff --git a/extensions-core/druid-pac4j/pom.xml b/extensions-core/druid-pac4j/pom.xml
-index 3693d28..8be5e4c 100644
+index 3693d28d67..8be5e4c355 100644
 --- a/extensions-core/druid-pac4j/pom.xml
 +++ b/extensions-core/druid-pac4j/pom.xml
 @@ -34,7 +34,7 @@
@@ -18,7 +26,7 @@ index 3693d28..8be5e4c 100644
      <!-- Following must be updated along with any updates to pac4j version. One can find the compatible version of nimbus libraries in org.pac4j:pac4j-oidc dependencies-->
      <nimbus.lang.tag.version>1.7</nimbus.lang.tag.version>
 diff --git a/extensions-core/kubernetes-extensions/pom.xml b/extensions-core/kubernetes-extensions/pom.xml
-index 1e513ec..7f43fdd 100644
+index 1e513ec8eb..7f43fdd108 100644
 --- a/extensions-core/kubernetes-extensions/pom.xml
 +++ b/extensions-core/kubernetes-extensions/pom.xml
 @@ -34,7 +34,7 @@
@@ -31,7 +39,7 @@ index 1e513ec..7f43fdd 100644
  
  
 diff --git a/extensions-core/orc-extensions/pom.xml b/extensions-core/orc-extensions/pom.xml
-index 1b6a394..bb4a9be 100644
+index 1b6a394728..bb4a9be716 100644
 --- a/extensions-core/orc-extensions/pom.xml
 +++ b/extensions-core/orc-extensions/pom.xml
 @@ -31,7 +31,7 @@
@@ -44,7 +52,7 @@ index 1b6a394..bb4a9be 100644
      <dependencies>
          <dependency>
 diff --git a/extensions-core/parquet-extensions/pom.xml b/extensions-core/parquet-extensions/pom.xml
-index 0d18d91..a8f9e7d 100644
+index 0d18d9162d..a8f9e7d52e 100644
 --- a/extensions-core/parquet-extensions/pom.xml
 +++ b/extensions-core/parquet-extensions/pom.xml
 @@ -201,7 +201,7 @@
@@ -57,7 +65,7 @@ index 0d18d91..a8f9e7d 100644
      </profile>
    </profiles>
 diff --git a/pom.xml b/pom.xml
-index e5bcfaf..80861bc 100644
+index e9e19f7920..4408e55b9c 100644
 --- a/pom.xml
 +++ b/pom.xml
 @@ -74,7 +74,7 @@
@@ -105,7 +113,7 @@ index e5bcfaf..80861bc 100644
          <protobuf.version>3.25.5</protobuf.version>
          <resilience4j.version>1.3.1</resilience4j.version>
          <slf4j.version>1.7.36</slf4j.version>
-@@ -118,17 +118,17 @@
+@@ -118,17 +121,17 @@
          <!-- mockito-inline artifact was removed in mockito 5.3 (mockito 5.x is required for Java >17),
               however it is required in some cases when running against mockito 4.x (mockito 4.x is required for Java <11. We use the following property to pick the proper artifact based on Java version (see pre-java-11 profile) -->
          <mockito.inline.artifact>core</mockito.inline.artifact>
@@ -129,10 +137,10 @@ index e5bcfaf..80861bc 100644
          <jdk.strong.encapsulation.argLine><!-- empty placeholder --></jdk.strong.encapsulation.argLine>
          <jdk.security.manager.allow.argLine><!-- empty placeholder --></jdk.security.manager.allow.argLine>
 diff --git a/processing/pom.xml b/processing/pom.xml
-index affd900fe6..0daad4fa56 100644
+index d5418dce93..716c1299f4 100644
 --- a/processing/pom.xml
 +++ b/processing/pom.xml
-@@ -37,7 +37,7 @@
+@@ -36,7 +36,7 @@
      <sigar.base.version>1.6.5</sigar.base.version>
      <sigar.version>${sigar.base.version}.132</sigar.version>
      <ipaddress.version>5.3.4</ipaddress.version>
diff --git a/druid/stackable/patches/31.0.1/05-xmllayout-dependencies.patch b/druid/stackable/patches/31.0.1/0005-Include-jackson-dataformat-xml-dependency.patch
similarity index 77%
rename from druid/stackable/patches/31.0.1/05-xmllayout-dependencies.patch
rename to druid/stackable/patches/31.0.1/0005-Include-jackson-dataformat-xml-dependency.patch
index 29d325dfc..1a469fef8 100644
--- a/druid/stackable/patches/31.0.1/05-xmllayout-dependencies.patch
+++ b/druid/stackable/patches/31.0.1/0005-Include-jackson-dataformat-xml-dependency.patch
@@ -1,16 +1,18 @@
-Include jackson-dataformat-xml dependency.
-
+From bb1dd6ace9f6112532e5c4ad7158f0703b5baf9a Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
+Date: Mon, 17 Feb 2025 16:42:49 +0100
+Subject: Include jackson-dataformat-xml dependency.
 
 This allows us to use XmlLayout for Log4jV2.
 By including it here as a dependency we can make sure that we always have
 the matching version and we don't need to include it manually later in the
 build.
 ---
- 0 files changed
+ server/pom.xml | 5 +++++
+ 1 file changed, 5 insertions(+)
 
 diff --git a/server/pom.xml b/server/pom.xml
-index 410b51480e..b7dcf46111 100644
+index 8f1bb2bd72..4c443f9ac4 100644
 --- a/server/pom.xml
 +++ b/server/pom.xml
 @@ -205,6 +205,11 @@
diff --git a/druid/stackable/patches/31.0.1/06-dont-build-targz.patch b/druid/stackable/patches/31.0.1/0006-Stop-building-the-tar.gz-distribution.patch
similarity index 78%
rename from druid/stackable/patches/31.0.1/06-dont-build-targz.patch
rename to druid/stackable/patches/31.0.1/0006-Stop-building-the-tar.gz-distribution.patch
index 1bed79fd1..41fc73a3f 100644
--- a/druid/stackable/patches/31.0.1/06-dont-build-targz.patch
+++ b/druid/stackable/patches/31.0.1/0006-Stop-building-the-tar.gz-distribution.patch
@@ -1,11 +1,12 @@
-Stop building the tar.gz distribution.
-
+From e91413a596de7c72e659a0da45522f8d84a6372b Mon Sep 17 00:00:00 2001
 From: Lars Francke <git@lars-francke.de>
+Date: Mon, 17 Feb 2025 16:42:49 +0100
+Subject: Stop building the tar.gz distribution.
 
 All we do is build Druid tar and gzip it only to immediately uncompress it
 again. So, instead we just skip the compression step entirely.
 ---
- distribution/src/assembly/assembly.xml |    2 +-
+ distribution/src/assembly/assembly.xml | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/distribution/src/assembly/assembly.xml b/distribution/src/assembly/assembly.xml
diff --git a/druid/stackable/patches/31.0.1/07-cyclonedx-plugin.patch b/druid/stackable/patches/31.0.1/0007-Update-CycloneDX-plugin.patch
similarity index 63%
rename from druid/stackable/patches/31.0.1/07-cyclonedx-plugin.patch
rename to druid/stackable/patches/31.0.1/0007-Update-CycloneDX-plugin.patch
index b2ddeebf6..52880e32c 100644
--- a/druid/stackable/patches/31.0.1/07-cyclonedx-plugin.patch
+++ b/druid/stackable/patches/31.0.1/0007-Update-CycloneDX-plugin.patch
@@ -1,8 +1,17 @@
+From 245dbf0bff4e386db6b27d079fe5baff6180732c Mon Sep 17 00:00:00 2001
+From: Lukas Voetmand <lukas.voetmand@stackable.tech>
+Date: Fri, 6 Sep 2024 17:53:52 +0200
+Subject: Update CycloneDX plugin
+
+---
+ pom.xml | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
 diff --git a/pom.xml b/pom.xml
-index 9051ed2..10a2c85 100644
+index 4408e55b9c..5c99e69381 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -1728,7 +1728,11 @@
+@@ -1707,7 +1707,11 @@
              <plugin>
                  <groupId>org.cyclonedx</groupId>
                  <artifactId>cyclonedx-maven-plugin</artifactId>
diff --git a/druid/stackable/patches/31.0.1/08-CVE-2024-36114-bump-aircompressor-0-27.patch b/druid/stackable/patches/31.0.1/0008-Fix-CVE-2024-36114.patch
similarity index 85%
rename from druid/stackable/patches/31.0.1/08-CVE-2024-36114-bump-aircompressor-0-27.patch
rename to druid/stackable/patches/31.0.1/0008-Fix-CVE-2024-36114.patch
index 04999a574..5915ad3a9 100644
--- a/druid/stackable/patches/31.0.1/08-CVE-2024-36114-bump-aircompressor-0-27.patch
+++ b/druid/stackable/patches/31.0.1/0008-Fix-CVE-2024-36114.patch
@@ -1,3 +1,8 @@
+From f36f1491c4d3658a8ebdc74e90fdbfa949546abe Mon Sep 17 00:00:00 2001
+From: Malte Sander <malte.sander.it@gmail.com>
+Date: Thu, 12 Dec 2024 17:59:17 +0100
+Subject: Fix CVE-2024-36114
+
 Fix CVE-2024-36114
 see https://github.com/stackabletech/vulnerabilities/issues/834
 
@@ -17,12 +22,15 @@ have been fixed. When decompressing data from untrusted users, this can
 be exploited for a denial-of-service attack by crashing the JVM, or to
 leak other sensitive information from the Java process. There are no
 known workarounds for this issue.
+---
+ pom.xml | 6 ++++++
+ 1 file changed, 6 insertions(+)
 
 diff --git a/pom.xml b/pom.xml
-index 9051ed24c5..e839295b61 100644
+index 5c99e69381..88fdfcb09a 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -283,6 +283,12 @@
+@@ -256,6 +256,12 @@
      </pluginRepositories>
      <dependencyManagement>
          <dependencies>
diff --git a/druid/stackable/patches/31.0.1/09-update-fmpp.patch b/druid/stackable/patches/31.0.1/0009-Update-FMPP-version.patch
similarity index 51%
rename from druid/stackable/patches/31.0.1/09-update-fmpp.patch
rename to druid/stackable/patches/31.0.1/0009-Update-FMPP-version.patch
index 3abb818da..0ff41331f 100644
--- a/druid/stackable/patches/31.0.1/09-update-fmpp.patch
+++ b/druid/stackable/patches/31.0.1/0009-Update-FMPP-version.patch
@@ -1,11 +1,26 @@
+From 15f604cc0c9f953df95be8a4c38d5dcc0b595051 Mon Sep 17 00:00:00 2001
+From: Lars Francke <git@lars-francke.de>
+Date: Thu, 12 Dec 2024 06:35:21 +0100
+Subject: Update FMPP version
+
+This is because FMPP Maven Plugin depends on FMPP in version 0.9.14
+which itself depends on a Freemarker version that has not been pinned.
+Instead it specifies a "range" which resolves to a SNAPSHOT version
+which we don't want.
+---
+ 10-update-fmpp.patch | 0
+ sql/pom.xml          | 7 +++++++
+ 2 files changed, 7 insertions(+)
+ create mode 100644 10-update-fmpp.patch
+
 diff --git a/10-update-fmpp.patch b/10-update-fmpp.patch
 new file mode 100644
 index 0000000000..e69de29bb2
 diff --git a/sql/pom.xml b/sql/pom.xml
-index bdd29f3f91..e5ba89f655 100644
+index 56ed03f5c2..d0d19dd854 100644
 --- a/sql/pom.xml
 +++ b/sql/pom.xml
-@@ -322,6 +322,13 @@
+@@ -365,6 +365,13 @@
        <plugin>
          <groupId>com.googlecode.fmpp-maven-plugin</groupId>
          <artifactId>fmpp-maven-plugin</artifactId>
diff --git a/druid/stackable/patches/31.0.1/10-cve-2023-34455-rm-snappy.patch b/druid/stackable/patches/31.0.1/0010-Fix-CVE-2023-34455.patch
similarity index 84%
rename from druid/stackable/patches/31.0.1/10-cve-2023-34455-rm-snappy.patch
rename to druid/stackable/patches/31.0.1/0010-Fix-CVE-2023-34455.patch
index e4e440d0d..c69d2f85e 100644
--- a/druid/stackable/patches/31.0.1/10-cve-2023-34455-rm-snappy.patch
+++ b/druid/stackable/patches/31.0.1/0010-Fix-CVE-2023-34455.patch
@@ -1,4 +1,8 @@
-Fix CVE-2023-34455
+From 90f6dd1211a4d4ced8b3a75b7549b1e68e4b6ee6 Mon Sep 17 00:00:00 2001
+From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
+Date: Tue, 28 Jan 2025 17:29:59 +0100
+Subject: Fix CVE-2023-34455
+
 see https://github.com/stackabletech/vulnerabilities/issues/558
 
 At the end of build process, Druid downloads dependencies directly from a remote
@@ -8,9 +12,12 @@ The hadoop client depends on a vulnerable version of the snappy library which
 is then also downloaded even though a newer version is already on the system.
 
 This patch removes the vulnerable jars.
+---
+ distribution/pom.xml | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
 
 diff --git a/distribution/pom.xml b/distribution/pom.xml
-index d5918710ef..2d5bfc6ab4 100644
+index a28e34bb6a..4ab7837538 100644
 --- a/distribution/pom.xml
 +++ b/distribution/pom.xml
 @@ -259,6 +259,20 @@
diff --git a/druid/stackable/patches/31.0.1/patchable.toml b/druid/stackable/patches/31.0.1/patchable.toml
new file mode 100644
index 000000000..97ae47d66
--- /dev/null
+++ b/druid/stackable/patches/31.0.1/patchable.toml
@@ -0,0 +1,2 @@
+upstream = "https://github.com/apache/druid.git"
+base = "520482cb9638e452b0553595b4f29bb397a63758"