changes related to 36 release (#18975)

(cherry picked from commit 3761e4f)

Author: kgyrtkirk

embedded-tests/pom.xml

@@ -578,6 +578,13 @@
           <excludedGroups>docker-test</excludedGroups>
         </configuration>
       </plugin>
+      <plugin>
+        <groupId>org.owasp</groupId>
+        <artifactId>dependency-check-maven</artifactId>
+        <configuration>
+          <skip>true</skip>
+        </configuration>
+      </plugin>
     </plugins>
   </build>
 

owasp-dependency-check-suppressions.xml

@@ -144,6 +144,8 @@
     <cve>CVE-2024-22201</cve> <!--  This seems to be a legitimate vulnerability. We would need to go to a hadoop-client which was not yet released  -->
     <cve>CVE-2025-52999</cve> <!--  This is vulneraability in all versions of hadoop-client-runtime and has not been fixed by hadoop yet -->
     <cve>CVE-2024-9823</cve> <!-- This is in hadoop's shadded jetty. no version of hadoop has updated to fixed version. It is a jetty server vuln, which should not be exploitable in hadoop client code -->
+    <cve>CVE-2025-27821</cve> <!-- native hdfs vulnerability -->
+    <cve>CVE-2025-5115</cve> <!-- netty issue in shaded hadoop -->
   </suppress>
 
   <!-- those are false positives, no other tools report any of those CVEs in the hadoop package -->

quidem-ut/README.md

@@ -60,12 +60,12 @@ git clone https://github.com/apache/druid
   ```
 * launch the broker instance with:
   ```bash
-  mvn exec:exec -pl quidem-ut -Dquidem.record.autostart=true
+  mvn exec:exec -pl quidem-ut -Pquidem -Dquidem.record.autostart=true
   ```
   * the broker will be running at http://localhost:12345
   * the used test configuration backend can configured by supplying `quidem.uri`
     ```bash
-    mvn exec:exec -pl quidem-ut -Dquidem.uri=druidtest:///?componentSupplier=ThetaSketchComponentSupplier
+    mvn exec:exec -pl quidem-ut -Pquidem -Dquidem.uri=druidtest:///?componentSupplier=ThetaSketchComponentSupplier
     ``` 
   * new record files can be started by calling http://localhost:12345/quidem/start
     * if `quidem.record.autostart` is omitted recording will not start

quidem-ut/pom.xml

@@ -541,20 +541,30 @@
                     <skip>true</skip>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>exec-maven-plugin</artifactId>
-                <configuration>
-                    <executable>java</executable>
-                    <arguments>
-                        <argument>-classpath</argument>
-                        <classpath />
-                        <argument>-Dquidem.uri=${quidem.uri}</argument>
-                        <argument>-Dquidem.record.autostart=${quidem.record.autostart}</argument>
-                        <argument>org.apache.druid.quidem.Launcher</argument>
-                    </arguments>
-                </configuration>
-            </plugin>
         </plugins>
     </build>
+
+    <profiles>
+        <profile>
+            <id>quidem</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>exec-maven-plugin</artifactId>
+                        <configuration>
+                            <executable>java</executable>
+                            <arguments>
+                                <argument>-classpath</argument>
+                                <classpath />
+                                <argument>-Dquidem.uri=${quidem.uri}</argument>
+                                <argument>-Dquidem.record.autostart=${quidem.record.autostart}</argument>
+                                <argument>org.apache.druid.quidem.Launcher</argument>
+                            </arguments>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
 </project>