(druid) branch 36.0.0 updated: changes related to 36 release (#18975)

Mon, 02 Feb 2026 11:33:29 -0800 

This is an automated email from the ASF dual-hosted git repository.

kgyrtkirk pushed a commit to branch 36.0.0
in repository https://gitbox.apache.org/repos/asf/druid.git


The following commit(s) were added to refs/heads/36.0.0 by this push:
     new c5477f71e93 changes related to 36 release (#18975)
c5477f71e93 is described below

commit c5477f71e933d93d98199c594fe797f7ef809ff1
Author: Zoltan Haindrich <[email protected]>
AuthorDate: Mon Feb 2 20:06:18 2026 +0100

    changes related to 36 release (#18975)
    
    (cherry picked from commit 3761e4f3d15b89b49487cd39312bbfc475e9bad3)
---
 embedded-tests/pom.xml                  |  7 ++++++
 owasp-dependency-check-suppressions.xml |  2 ++
 quidem-ut/README.md                     |  4 ++--
 quidem-ut/pom.xml                       | 38 +++++++++++++++++++++------------
 4 files changed, 35 insertions(+), 16 deletions(-)

diff --git a/embedded-tests/pom.xml b/embedded-tests/pom.xml
index 0a3b5c1b392..ae11da40652 100644
--- a/embedded-tests/pom.xml
+++ b/embedded-tests/pom.xml
@@ -578,6 +578,13 @@
           <excludedGroups>docker-test</excludedGroups>
         </configuration>
       </plugin>
+      <plugin>
+        <groupId>org.owasp</groupId>
+        <artifactId>dependency-check-maven</artifactId>
+        <configuration>
+          <skip>true</skip>
+        </configuration>
+      </plugin>
     </plugins>
   </build>
 
diff --git a/owasp-dependency-check-suppressions.xml 
b/owasp-dependency-check-suppressions.xml
index 133f4cd90df..743ceb160f6 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -144,6 +144,8 @@
     <cve>CVE-2024-22201</cve> <!--  This seems to be a legitimate 
vulnerability. We would need to go to a hadoop-client which was not yet 
released  -->
     <cve>CVE-2025-52999</cve> <!--  This is vulneraability in all versions of 
hadoop-client-runtime and has not been fixed by hadoop yet -->
     <cve>CVE-2024-9823</cve> <!-- This is in hadoop's shadded jetty. no 
version of hadoop has updated to fixed version. It is a jetty server vuln, 
which should not be exploitable in hadoop client code -->
+    <cve>CVE-2025-27821</cve> <!-- native hdfs vulnerability -->
+    <cve>CVE-2025-5115</cve> <!-- netty issue in shaded hadoop -->
   </suppress>
 
   <!-- those are false positives, no other tools report any of those CVEs in 
the hadoop package -->
diff --git a/quidem-ut/README.md b/quidem-ut/README.md
index 18d5f16b34b..b76191097db 100644
--- a/quidem-ut/README.md
+++ b/quidem-ut/README.md
@@ -60,12 +60,12 @@ git clone https://github.com/apache/druid
   ```
 * launch the broker instance with:
   ```bash
-  mvn exec:exec -pl quidem-ut -Dquidem.record.autostart=true
+  mvn exec:exec -pl quidem-ut -Pquidem -Dquidem.record.autostart=true
   ```
   * the broker will be running at http://localhost:12345
   * the used test configuration backend can configured by supplying 
`quidem.uri`
     ```bash
-    mvn exec:exec -pl quidem-ut 
-Dquidem.uri=druidtest:///?componentSupplier=ThetaSketchComponentSupplier
+    mvn exec:exec -pl quidem-ut -Pquidem 
-Dquidem.uri=druidtest:///?componentSupplier=ThetaSketchComponentSupplier
     ``` 
   * new record files can be started by calling 
http://localhost:12345/quidem/start
     * if `quidem.record.autostart` is omitted recording will not start
diff --git a/quidem-ut/pom.xml b/quidem-ut/pom.xml
index af6e1035ce0..14afbe638fc 100644
--- a/quidem-ut/pom.xml
+++ b/quidem-ut/pom.xml
@@ -541,20 +541,30 @@
                     <skip>true</skip>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>exec-maven-plugin</artifactId>
-                <configuration>
-                    <executable>java</executable>
-                    <arguments>
-                        <argument>-classpath</argument>
-                        <classpath />
-                        <argument>-Dquidem.uri=${quidem.uri}</argument>
-                        
<argument>-Dquidem.record.autostart=${quidem.record.autostart}</argument>
-                        <argument>org.apache.druid.quidem.Launcher</argument>
-                    </arguments>
-                </configuration>
-            </plugin>
         </plugins>
     </build>
+
+    <profiles>
+        <profile>
+            <id>quidem</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>exec-maven-plugin</artifactId>
+                        <configuration>
+                            <executable>java</executable>
+                            <arguments>
+                                <argument>-classpath</argument>
+                                <classpath />
+                                <argument>-Dquidem.uri=${quidem.uri}</argument>
+                                
<argument>-Dquidem.record.autostart=${quidem.record.autostart}</argument>
+                                
<argument>org.apache.druid.quidem.Launcher</argument>
+                            </arguments>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
 </project>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to