From 0aa9f92216a2051c6b8a9f80d443a5cbefd5d986 Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Tue, 28 Oct 2025 15:55:52 +0100
Subject: [PATCH 01/13] chore(vector): Init patchable

---
 vector/stackable/patches/0.49.0/patchable.toml | 2 ++
 vector/stackable/patches/patchable.toml        | 2 ++
 2 files changed, 4 insertions(+)
 create mode 100644 vector/stackable/patches/0.49.0/patchable.toml
 create mode 100644 vector/stackable/patches/patchable.toml

diff --git a/vector/stackable/patches/0.49.0/patchable.toml b/vector/stackable/patches/0.49.0/patchable.toml
new file mode 100644
index 000000000..69f9321d1
--- /dev/null
+++ b/vector/stackable/patches/0.49.0/patchable.toml
@@ -0,0 +1,2 @@
+mirror = "https://github.com/stackabletech/vector.git"
+base = "dc7e79278323d1323bcafe3741d7e258b0c37fb4"
diff --git a/vector/stackable/patches/patchable.toml b/vector/stackable/patches/patchable.toml
new file mode 100644
index 000000000..650141e52
--- /dev/null
+++ b/vector/stackable/patches/patchable.toml
@@ -0,0 +1,2 @@
+upstream = "https://github.com/vectordotdev/vector.git"
+default-mirror = "https://github.com/stackabletech/vector.git"

From 668a12203e08bd7cb2d0dc1ecea498cdb460dff2 Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Thu, 30 Oct 2025 10:51:32 +0100
Subject: [PATCH 02/13] chore(stackable-devel): Make a special variant for
 Vector so that a different rust toolchain can be selected

---
 stackable-devel/Dockerfile       | 3 ++-
 stackable-devel/boil-config.toml | 6 ++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/stackable-devel/Dockerfile b/stackable-devel/Dockerfile
index 12faf9fb0..b31e54dfc 100644
--- a/stackable-devel/Dockerfile
+++ b/stackable-devel/Dockerfile
@@ -43,7 +43,8 @@ COPY stackable-base/stackable/curlrc /root/.curlrc
 # This SHOULD be kept in sync with operator-templating and other tools to reduce build times
 # Find the latest version here: https://doc.rust-lang.org/stable/releases.html
 # renovate: datasource=github-releases packageName=rust-lang/rust
-ENV RUST_DEFAULT_TOOLCHAIN_VERSION=1.89.0
+ARG RUST_DEFAULT_TOOLCHAIN_VERSION=1.89.0
+ENV RUST_DEFAULT_TOOLCHAIN_VERSION=${RUST_DEFAULT_TOOLCHAIN_VERSION}
 # Find the latest version here: https://crates.io/crates/cargo-cyclonedx
 # renovate: datasource=crate packageName=cargo-cyclonedx
 ENV CARGO_CYCLONEDX_CRATE_VERSION=0.5.7
diff --git a/stackable-devel/boil-config.toml b/stackable-devel/boil-config.toml
index d5849a8d6..b58145429 100644
--- a/stackable-devel/boil-config.toml
+++ b/stackable-devel/boil-config.toml
@@ -1 +1,7 @@
 [versions."1.0.0"]
+
+# Used specifically by vector
+[versions."vector-build".build-arguments]
+# Use what upstream vector uses:
+# https://github.com/vectordotdev/vector/blob/v0.49.0/rust-toolchain.toml
+rust-default-toolchain-version = "1.88.0"

From d7543bf6308d2d102e70a3f92e5f64561a7f0f92 Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Thu, 30 Oct 2025 11:05:32 +0100
Subject: [PATCH 03/13] chore(stackable-devel): Add note about moving the
 version to boil-config.toml once renovate can check there (for consistency)

---
 stackable-devel/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/stackable-devel/Dockerfile b/stackable-devel/Dockerfile
index b31e54dfc..6f1e7b4d8 100644
--- a/stackable-devel/Dockerfile
+++ b/stackable-devel/Dockerfile
@@ -42,6 +42,7 @@ COPY stackable-base/stackable/curlrc /root/.curlrc
 
 # This SHOULD be kept in sync with operator-templating and other tools to reduce build times
 # Find the latest version here: https://doc.rust-lang.org/stable/releases.html
+# TODO (@NickLarsenNZ): Move the version into boil-config.toml once renovate can look there
 # renovate: datasource=github-releases packageName=rust-lang/rust
 ARG RUST_DEFAULT_TOOLCHAIN_VERSION=1.89.0
 ENV RUST_DEFAULT_TOOLCHAIN_VERSION=${RUST_DEFAULT_TOOLCHAIN_VERSION}

From c6faa7679cdf3d1c018b7b8690ae22cd14a8b225 Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Thu, 30 Oct 2025 11:06:18 +0100
Subject: [PATCH 04/13] chore(nix): Add rust and cargo dependencies

Otherwise cargo can't be found

```
error: the 'cargo' binary, normally provided by the 'cargo' component, is not applicable to the '1.89.0-x86_64-unknown-linux-gnu' toolchain
```
---
 shell.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/shell.nix b/shell.nix
index 51e7cfaca..3b217e7b6 100644
--- a/shell.nix
+++ b/shell.nix
@@ -5,6 +5,11 @@
 }:
 
 pkgs.mkShell {
+  packages = [
+    pkgs.cargo
+    pkgs.rustc
+  ];
+
   buildInputs = [
     # Required by patchable
     pkgs.openssl

From 494787bc8ea03cc31809b44fe717d48c84125720 Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Thu, 30 Oct 2025 11:07:46 +0100
Subject: [PATCH 05/13] chore(vector): Build from source (based on
 ubi9-rust-builder)

NOTE: The ubi9-rust-builder could not be used as it contains `ONBUILD`
steps which we need to run after patchable does it's thing. Also it is
specifically designed for operators and their layout (under `rust/` and
using workspaces).
---
 shared/copy_artifacts.sh          |   3 +
 vector/Dockerfile                 |  89 +++++++-
 vector/boil-config.toml           |   4 +
 vector/copy_artifacts.sh          |  10 +
 vector/licenses/STACKABLE_LICENSE |  43 ++++
 vector/licenses/VECTOR_LICENSE    | 362 ++++++++++++++++++++++++++++++
 6 files changed, 508 insertions(+), 3 deletions(-)
 create mode 100755 vector/copy_artifacts.sh
 create mode 100644 vector/licenses/STACKABLE_LICENSE
 create mode 100644 vector/licenses/VECTOR_LICENSE

diff --git a/shared/copy_artifacts.sh b/shared/copy_artifacts.sh
index e69c04215..e603dbd2a 100755
--- a/shared/copy_artifacts.sh
+++ b/shared/copy_artifacts.sh
@@ -1,5 +1,8 @@
 #!/usr/bin/env bash
 
+# WARNING: This is currently specific to stackable-operators due to the path to
+# the source (under `rust/`).
+
 # Copy over the binary
 cp "$1" /app
 
diff --git a/vector/Dockerfile b/vector/Dockerfile
index 7705b1e30..2255a1ab9 100644
--- a/vector/Dockerfile
+++ b/vector/Dockerfile
@@ -1,6 +1,89 @@
 # syntax=docker/dockerfile:1.16.0@sha256:e2dd261f92e4b763d789984f6eab84be66ab4f5f08052316d8eb8f173593acf7
 # check=error=true
 
+FROM local-image/stackable-devel AS vector-builder
+
+ARG PRODUCT_VERSION
+ARG RELEASE_VERSION
+ARG STACKABLE_USER_UID
+ARG PROTOC_VERSION
+
+RUN <<EOF
+microdnf update
+microdnf install \
+    `# vector docs say we need these (trying automake instead of autotools)` \
+    cmake \
+    automake \
+    `# openssl libs and related packages required by the build` \
+    perl \
+    findutils \
+    openssl-devel \
+    pkg-config \
+    `# tar needed to create the source code snapshot before building the Rust code` \
+    tar \
+    `# needed for rdkafka-sys` \
+    cyrus-sasl-devel
+microdnf clean all
+rm -rf /var/cache/yum
+EOF
+
+# Container Storage Interface is defined using GRPC/Protobuf, our operators that use it (secret-operator/listener-operator) require
+# protoc via Prost (https://github.com/tokio-rs/prost).
+WORKDIR /opt/protoc
+# Prost does not document which version of protoc it expects (https://docs.rs/prost-build/0.12.4/prost_build/), so this should be the latest upstream version
+# (within reason).
+RUN ARCH=$(arch | sed 's/^aarch64$/aarch_64/') \
+  && curl --fail --location --output protoc.zip "https://repo.stackable.tech/repository/packages/protoc/protoc-${PROTOC_VERSION}-linux-${ARCH}.zip" \
+  && unzip protoc.zip \
+  && rm protoc.zip
+ENV PROTOC=/opt/protoc/bin/protoc
+
+WORKDIR /stackable
+
+COPY --chown=${STACKABLE_USER_UID}:0 vector/stackable/patches/patchable.toml /stackable/src/vector/stackable/patches/patchable.toml
+COPY --chown=${STACKABLE_USER_UID}:0 vector/stackable/patches/${PRODUCT_VERSION} /stackable/src/vector/stackable/patches/${PRODUCT_VERSION}
+
+# Build artifacts will be available in /app.
+RUN mkdir /app
+
+# This script is designed for operator, and their source path.
+# So we can't use it. Instead we use a modified version.
+# COPY shared/copy_artifacts.sh /
+COPY vector/copy_artifacts.sh /
+
+RUN <<EOF
+cd "$(/stackable/patchable --images-repo-root=src checkout vector ${PRODUCT_VERSION})"
+
+NEW_VERSION="${PRODUCT_VERSION}-stackable${RELEASE_VERSION}"
+
+# Create snapshot of the source code including custom patches
+tar -czf /stackable/vector-${NEW_VERSION}-src.tar.gz .
+
+# rust build here?
+. "$HOME/.cargo/env"
+# cargo auditable --quiet build --release --workspace
+cargo auditable --quiet build --release
+
+# Generate SBOMs and copy them to /app (via a script)
+cargo cyclonedx --all --spec-version 1.5 --describe binaries
+
+# -maxdepth 1: The interesting binaries are all directly in ${BUILD_DIR}.
+# -regex filters out tests
+# - exec copies matching files to /app
+find target/release \
+  -regextype egrep \
+  -maxdepth 1 \
+  -executable \
+  -type f \
+  ! -regex ".*\-[a-fA-F0-9]{16,16}$" \
+  -exec /copy_artifacts.sh {} \;
+
+echo "The following files will be copied to the runtime image: $(ls /app)"
+
+# Set correct permissions
+chmod -R g=u /stackable
+EOF
+
 FROM local-image/stackable-base
 
 ARG PRODUCT_VERSION
@@ -9,6 +92,9 @@ ARG INOTIFY_TOOLS
 ARG TARGETARCH
 ARG STACKABLE_USER_UID
 
+COPY --chown=${STACKABLE_USER_UID}:0 opa/licenses /licenses
+COPY --from=vector-builder --chown=${STACKABLE_USER_UID}:0 /app/* /usr/local/bin/
+
 # Init Jobs/Pods often start a Vector Sidecar Container which collects the logs.
 # As soon as an Init Container is done it'll need to tell the Vector sidecar that it can now also stop
 # This happens by writing a "shutdown file" in a shared volume
@@ -18,10 +104,7 @@ RUN <<EOF
 ARCH="${TARGETARCH/amd64/x86_64}"
 ARCH="${ARCH/arm64/aarch64}"
 rpm --install \
-    "https://repo.stackable.tech/repository/packages/vector/vector-${PRODUCT_VERSION}-${RPM_RELEASE}.${ARCH}.rpm" \
     "https://repo.stackable.tech/repository/packages/inotify-tools/inotify-tools-${INOTIFY_TOOLS}.${ARCH}.rpm"
-mkdir /licenses
-cp /usr/share/licenses/vector-${PRODUCT_VERSION}/LICENSE /licenses/VECTOR_LICENSE
 
 # Create the directory /stackable/vector/var.
 # This directory is set by operator-rs in the parameter `data_dir`
diff --git a/vector/boil-config.toml b/vector/boil-config.toml
index 52170c411..0e016d6d5 100644
--- a/vector/boil-config.toml
+++ b/vector/boil-config.toml
@@ -1,6 +1,10 @@
 [versions."0.49.0".local-images]
+stackable-devel = "vector-build"
 stackable-base = "1.0.0"
 
 [versions."0.49.0".build-arguments]
+# See .scripts/upload_new_protoc_version.sh
+# Unsure which version is used by vector. They seem to install `buf` in workflows.
+protoc-version = "31.1"
 inotify-tools = "3.22.1.0-1.el9"
 rpm-release = "1"
diff --git a/vector/copy_artifacts.sh b/vector/copy_artifacts.sh
new file mode 100755
index 000000000..8d3e54465
--- /dev/null
+++ b/vector/copy_artifacts.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+# NOTE: This is a modified version of shared/copy_artifacts.sh
+
+# Copy over the binary
+cp "$1" /app
+
+# And now try to find a BOM file named like the binary + _bin.cdx.xml and copy it over as well if it exists
+base=$(basename "$1")
+find /src/ -type f -name "${base}_bin.cdx.xml" -exec cp {} /app \;
diff --git a/vector/licenses/STACKABLE_LICENSE b/vector/licenses/STACKABLE_LICENSE
new file mode 100644
index 000000000..1b9535c9e
--- /dev/null
+++ b/vector/licenses/STACKABLE_LICENSE
@@ -0,0 +1,43 @@
+Licensed under the Open Software License version 3.0
+
+1) Grant of Copyright License. Licensor grants You a worldwide, royalty-free, non-exclusive, sublicensable license, for the duration of the copyright, to do the following:
+
+a) to reproduce the Original Work in copies, either alone or as part of a collective work;
+
+b) to translate, adapt, alter, transform, modify, or arrange the Original Work, thereby creating derivative works ("Derivative Works") based upon the Original Work;
+
+c) to distribute or communicate copies of the Original Work and Derivative Works to the public, with the proviso that copies of Original Work or Derivative Works that You distribute or communicate shall be licensed under this Open Software License;
+
+d) to perform the Original Work publicly; and
+
+e) to display the Original Work publicly.
+
+2) Grant of Patent License. Licensor grants You a worldwide, royalty-free, non-exclusive, sublicensable license, under patent claims owned or controlled by the Licensor that are embodied in the Original Work as furnished by the Licensor, for the duration of the patents, to make, use, sell, offer for sale, have made, and import the Original Work and Derivative Works.
+
+3) Grant of Source Code License. The term "Source Code" means the preferred form of the Original Work for making modifications to it and all available documentation describing how to modify the Original Work. Licensor agrees to provide a machine-readable copy of the Source Code of the Original Work along with each copy of the Original Work that Licensor distributes. Licensor reserves the right to satisfy this obligation by placing a machine-readable copy of the Source Code in an information repository reasonably calculated to permit inexpensive and convenient access by You for as long as Licensor continues to distribute the Original Work.
+
+4) Exclusions From License Grant. Neither the names of Licensor, nor the names of any contributors to the Original Work, nor any of their trademarks or service marks, may be used to endorse or promote products derived from this Original Work without express prior permission of the Licensor. Except as expressly stated herein, nothing in this License grants any license to Licensor's trademarks, copyrights, patents, trade secrets or any other intellectual property. No patent license is granted to make, use, sell, offer for sale, have made, or import embodiments of any patent claims other than the licensed claims defined in Section 2. No license is granted to the trademarks of Licensor even if such marks are included in the Original Work. Nothing in this License shall be interpreted to prohibit Licensor from licensing under terms different from this License any Original Work that Licensor otherwise would have a right to license.
+
+5) External Deployment. The term "External Deployment" means the use, distribution, or communication of the Original Work or Derivative Works in any way such that the Original Work or Derivative Works may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network. As an express condition for the grants of license hereunder, You must treat any External Deployment by You of the Original Work or a Derivative Work as a distribution under section 1(c).
+
+6) Attribution Rights. You must retain, in the Source Code of any Derivative Works that You create, all copyright, patent, or trademark notices from the Source Code of the Original Work, as well as any notices of licensing and any descriptive text identified therein as an "Attribution Notice." You must cause the Source Code for any Derivative Works that You create to carry a prominent Attribution Notice reasonably calculated to inform recipients that You have modified the Original Work.
+
+7) Warranty of Provenance and Disclaimer of Warranty. Licensor warrants that the copyright in and to the Original Work and the patent rights granted herein by Licensor are owned by the Licensor or are sublicensed to You under the terms of this License with the permission of the contributor(s) of those copyrights and patent rights. Except as expressly stated in the immediately preceding sentence, the Original Work is provided under this License on an "AS IS" BASIS and WITHOUT WARRANTY, either express or implied, including, without limitation, the warranties of non-infringement, merchantability or fitness for a particular purpose. THE ENTIRE RISK AS TO THE QUALITY OF THE ORIGINAL WORK IS WITH YOU. This DISCLAIMER OF WARRANTY constitutes an essential part of this License. No license to the Original Work is granted by this License except under this disclaimer.
+
+8) Limitation of Liability. Under no circumstances and under no legal theory, whether in tort (including negligence), contract, or otherwise, shall the Licensor be liable to anyone for any indirect, special, incidental, or consequential damages of any character arising as a result of this License or the use of the Original Work including, without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses. This limitation of liability shall not apply to the extent applicable law prohibits such limitation.
+
+9) Acceptance and Termination. If, at any time, You expressly assented to this License, that assent indicates your clear and irrevocable acceptance of this License and all of its terms and conditions. If You distribute or communicate copies of the Original Work or a Derivative Work, You must make a reasonable effort under the circumstances to obtain the express assent of recipients to the terms of this License. This License conditions your rights to undertake the activities listed in Section 1, including your right to create Derivative Works based upon the Original Work, and doing so without honoring these terms and conditions is prohibited by copyright law and international treaty. Nothing in this License is intended to affect copyright exceptions and limitations (including "fair use" or "fair dealing"). This License shall terminate immediately and You may no longer exercise any of the rights granted to You by this License upon your failure to honor the conditions in Section 1(c).
+
+10) Termination for Patent Action. This License shall terminate automatically and You may no longer exercise any of the rights granted to You by this License as of the date You commence an action, including a cross-claim or counterclaim, against Licensor or any licensee alleging that the Original Work infringes a patent. This termination provision shall not apply for an action alleging patent infringement by combinations of the Original Work with other software or hardware.
+
+11) Jurisdiction, Venue and Governing Law. Any action or suit relating to this License may be brought only in the courts of a jurisdiction wherein the Licensor resides or in which Licensor conducts its primary business, and under the laws of that jurisdiction excluding its conflict-of-law provisions. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any use of the Original Work outside the scope of this License or after its termination shall be subject to the requirements and penalties of copyright or patent law in the appropriate jurisdiction. This section shall survive the termination of this License.
+
+12) Attorneys' Fees. In any action to enforce the terms of this License or seeking damages relating thereto, the prevailing party shall be entitled to recover its costs and expenses, including, without limitation, reasonable attorneys' fees and costs incurred in connection with such action, including any appeal of such action. This section shall survive the termination of this License.
+
+13) Miscellaneous. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable.
+
+14) Definition of "You" in This License. "You" throughout this License, whether in upper or lower case, means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License. For legal entities, "You" includes any entity that controls, is controlled by, or is under common control with you. For purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+15) Right to Use. You may use the Original Work in all ways not otherwise restricted or conditioned by this License or by law, and Licensor promises not to interfere with or be responsible for such uses by You.
+
+16) Modification of This License. This License is Copyright © 2005 Lawrence Rosen. Permission is granted to copy, distribute, or communicate this License without modification. Nothing in this License permits You to modify this License as applied to the Original Work or to Derivative Works. However, You may modify the text of this License and copy, distribute or communicate your modified version (the "Modified License") and apply it to other original works of authorship subject to the following conditions: (i) You may not indicate in any way that your Modified License is the "Open Software License" or "OSL" and you may not use those names in the name of your Modified License; (ii) You must replace the notice specified in the first paragraph above with the notice "Licensed under <insert your license name here>" or with a notice of your own that is not confusingly similar to the notice in this License; and (iii) You may not claim that your original works are open source software unless your Modified License has been approved by Open Source Initiative (OSI) and You comply with its license review and certification process.
diff --git a/vector/licenses/VECTOR_LICENSE b/vector/licenses/VECTOR_LICENSE
new file mode 100644
index 000000000..be2cc4dfb
--- /dev/null
+++ b/vector/licenses/VECTOR_LICENSE
@@ -0,0 +1,362 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. "Contributor"
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+
+     means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the terms of
+        a Secondary License.
+
+1.6. "Executable Form"
+
+     means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+
+     means a work that combines Covered Software with other material, in a
+     separate file or files, that is not Covered Software.
+
+1.8. "License"
+
+     means this document.
+
+1.9. "Licensable"
+
+     means having the right to grant, to the maximum extent possible, whether
+     at the time of the initial grant or subsequently, any and all of the
+     rights conveyed by this License.
+
+1.10. "Modifications"
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. "Patent Claims" of a Contributor
+
+      means any patent claim(s), including without limitation, method,
+      process, and apparatus claims, in any patent Licensable by such
+      Contributor that would be infringed, but for the grant of the License,
+      by the making, using, selling, offering for sale, having made, import,
+      or transfer of either its Contributions or its Contributor Version.
+
+1.12. "Secondary License"
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. "Source Code Form"
+
+      means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, "You" includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, "control" means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or
+        as part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its
+        Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution
+     become effective for each Contribution on the date the Contributor first
+     distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under
+     this License. No additional rights or licenses will be implied from the
+     distribution or licensing of Covered Software under this License.
+     Notwithstanding Section 2.1(b) above, no patent license is granted by a
+     Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party's
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of
+        its Contributions.
+
+     This License does not grant any rights in the trademarks, service marks,
+     or logos of any Contributor (except as may be necessary to comply with
+     the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this
+     License (see Section 10.2) or under the terms of a Secondary License (if
+     permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its
+     Contributions are its original creation(s) or it has sufficient rights to
+     grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under
+     applicable copyright doctrines of fair use, fair dealing, or other
+     equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under
+     the terms of this License. You must inform recipients that the Source
+     Code Form of the Covered Software is governed by the terms of this
+     License, and how they can obtain a copy of this License. You may not
+     attempt to alter or restrict the recipients' rights in the Source Code
+     Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this
+        License, or sublicense it under different terms, provided that the
+        license for the Executable Form does not attempt to limit or alter the
+        recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for
+     the Covered Software. If the Larger Work is a combination of Covered
+     Software with a work governed by one or more Secondary Licenses, and the
+     Covered Software is not Incompatible With Secondary Licenses, this
+     License permits You to additionally distribute such Covered Software
+     under the terms of such Secondary License(s), so that the recipient of
+     the Larger Work may, at their option, further distribute the Covered
+     Software under the terms of either this License or such Secondary
+     License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices
+     (including copyright notices, patent notices, disclaimers of warranty, or
+     limitations of liability) contained within the Source Code Form of the
+     Covered Software, except that You may alter any license notices to the
+     extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on
+     behalf of any Contributor. You must make it absolutely clear that any
+     such warranty, support, indemnity, or liability obligation is offered by
+     You alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute,
+   judicial order, or regulation then You must: (a) comply with the terms of
+   this License to the maximum extent possible; and (b) describe the
+   limitations and the code they affect. Such description must be placed in a
+   text file included with all distributions of the Covered Software under
+   this License. Except to the extent prohibited by statute or regulation,
+   such description must be sufficiently detailed for a recipient of ordinary
+   skill to be able to understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing
+     basis, if such Contributor fails to notify You of the non-compliance by
+     some reasonable means prior to 60 days after You have come back into
+     compliance. Moreover, Your grants from a particular Contributor are
+     reinstated on an ongoing basis if such Contributor notifies You of the
+     non-compliance by some reasonable means, this is the first time You have
+     received notice of non-compliance with this License from such
+     Contributor, and You become compliant prior to 30 days after Your receipt
+     of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions,
+     counter-claims, and cross-claims) alleging that a Contributor Version
+     directly or indirectly infringes any patent, then the rights granted to
+     You by any and all Contributors for the Covered Software under Section
+     2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an "as is" basis,
+   without warranty of any kind, either expressed, implied, or statutory,
+   including, without limitation, warranties that the Covered Software is free
+   of defects, merchantable, fit for a particular purpose or non-infringing.
+   The entire risk as to the quality and performance of the Covered Software
+   is with You. Should any Covered Software prove defective in any respect,
+   You (not any Contributor) assume the cost of any necessary servicing,
+   repair, or correction. This disclaimer of warranty constitutes an essential
+   part of this License. No use of  any Covered Software is authorized under
+   this License except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from
+   such party's negligence to the extent applicable law prohibits such
+   limitation. Some jurisdictions do not allow the exclusion or limitation of
+   incidental or consequential damages, so this exclusion and limitation may
+   not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts
+   of a jurisdiction where the defendant maintains its principal place of
+   business and such litigation shall be governed by laws of that
+   jurisdiction, without reference to its conflict-of-law provisions. Nothing
+   in this Section shall prevent a party's ability to bring cross-claims or
+   counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject
+   matter hereof. If any provision of this License is held to be
+   unenforceable, such provision shall be reformed only to the extent
+   necessary to make it enforceable. Any law or regulation which provides that
+   the language of a contract shall be construed against the drafter shall not
+   be used to construe this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version
+      of the License under which You originally received the Covered Software,
+      or under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a
+      modified version of this License if you rename the license and remove
+      any references to the name of the license steward (except to note that
+      such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+      Licenses If You choose to distribute Source Code Form that is
+      Incompatible With Secondary Licenses under the terms of this version of
+      the License, the notice described in Exhibit B of this License must be
+      attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file,
+then You may include the notice in a location (such as a LICENSE file in a
+relevant directory) where a recipient would be likely to look for such a
+notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - "Incompatible With Secondary Licenses" Notice
+
+      This Source Code Form is "Incompatible
+      With Secondary Licenses", as defined by
+      the Mozilla Public License, v. 2.0.

From 9fbd9740dfa4b1daef71e996f5e1e8a0c93a738b Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Thu, 30 Oct 2025 11:10:41 +0100
Subject: [PATCH 06/13] chore(nix): Remove unused image-tools

---
 nix/sources.json | 18 +++---------------
 1 file changed, 3 insertions(+), 15 deletions(-)

diff --git a/nix/sources.json b/nix/sources.json
index 173ad8a90..c9f996359 100644
--- a/nix/sources.json
+++ b/nix/sources.json
@@ -1,26 +1,14 @@
 {
-    "image-tools": {
-        "branch": "main",
-        "description": "Tools to manipulate container images of the Stackable Data Platform",
-        "homepage": null,
-        "owner": "stackabletech",
-        "repo": "image-tools",
-        "rev": "bdaf1f13d53231ed903efa0a50a595d9d2c6d06e",
-        "sha256": "0d0vqrhscra3p1mfqdbc0d5hkvrfcw8skav8snfp74p2mqdgsyz1",
-        "type": "tarball",
-        "url": "https://github.com/stackabletech/image-tools/archive/bdaf1f13d53231ed903efa0a50a595d9d2c6d06e.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
     "nixpkgs": {
         "branch": "nixos-unstable",
         "description": "Nix Packages collection",
         "homepage": null,
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "62b852f6c6742134ade1abdd2a21685fd617a291",
-        "sha256": "04c6dkshw07bm2isv7rvl6xgr4hn7hqznr0v2kww6zjfz4awk4a7",
+        "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce",
+        "sha256": "0ixzzfdyrkm8mhfrgpdmq0bpfk5ypz63qnbxskj5xvfxvdca3ys3",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/62b852f6c6742134ade1abdd2a21685fd617a291.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     }
 }

From 99e13c957a17931cee32ad88218b1a1cf6ef6478 Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Thu, 30 Oct 2025 11:13:41 +0100
Subject: [PATCH 07/13] chore(issue_template/vector): Update instructions for
 version bumps

---
 .github/ISSUE_TEMPLATE/update-base-vector.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/update-base-vector.md b/.github/ISSUE_TEMPLATE/update-base-vector.md
index 8572e7287..6ea7c78c1 100644
--- a/.github/ISSUE_TEMPLATE/update-base-vector.md
+++ b/.github/ISSUE_TEMPLATE/update-base-vector.md
@@ -34,8 +34,9 @@ Add/Change/Remove anything that isn't applicable anymore
 ## Update tasks
 
 - [ ] Update `boil-config.toml` to reflect the agreed upon versions in the spreadsheet (including the removal of old versions).
+- [ ] Update the `stackable-devel/boil-config.toml` for the applicable toolchain version for the vector builder.
 - [ ] Update all `boil-config.toml` files which reference vector.
-- [ ] Upload new version (see `vector/upload_new_vector_version.sh`).
+- [ ] Add any patches required for this version (delete patches for removed versions).
 - [ ] Update other dependencies if applicable (eg: inotify_tools, etc).
 - [ ] Check other operators (getting_started / kuttl / supported-versions) for usage of the versions. Add the PR(s) to the list below.
 - [ ] Update the version in demos. Add the PR(s) to the list below.

From 918894f2068da7b21a2da48f4ce680439f600080 Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Thu, 30 Oct 2025 12:11:07 +0100
Subject: [PATCH 08/13] fix(vector): Cherry pick unmerged patch from
 https://github.com/vectordotdev/vector/pull/24028

NOTE: I removed async/await parts from the original patch as that comes after 0.49.0

```sh
pushd $(cargo patchable checkout vector 0.49.0)

git remote add lfrancke https://github.com/lfrancke/vector

git fetch lfrancke

git cherry-pick 3ce729073f23631dd7b5525be640b5fa15af0223
and git cherry-pick --continue
git commit --amend

popd
cargo patchable export vector 0.49.0
```
---
 ...e-multi-chars-delimiters-fail-to-be-.patch | 267 ++++++++++++++++++
 1 file changed, 267 insertions(+)
 create mode 100644 vector/stackable/patches/0.49.0/0001-Fix-problem-where-multi-chars-delimiters-fail-to-be-.patch

diff --git a/vector/stackable/patches/0.49.0/0001-Fix-problem-where-multi-chars-delimiters-fail-to-be-.patch b/vector/stackable/patches/0.49.0/0001-Fix-problem-where-multi-chars-delimiters-fail-to-be-.patch
new file mode 100644
index 000000000..7d0a19af0
--- /dev/null
+++ b/vector/stackable/patches/0.49.0/0001-Fix-problem-where-multi-chars-delimiters-fail-to-be-.patch
@@ -0,0 +1,267 @@
+From 87e178e98713539ac5e543c34520cc7aca3d8c03 Mon Sep 17 00:00:00 2001
+From: Lars Francke <git@lars-francke.de>
+Date: Mon, 20 Oct 2025 08:36:40 +0200
+Subject: Fix problem where multi-chars delimiters fail to be parsed if they
+ happen right at a buffer boundary.
+
+This can be removed when we use the version of Vector that includes this
+fix.
+See: https://github.com/vectordotdev/vector/pull/24028
+
+NOTE: async/await removed from the patch, because async is added after
+0.49.0.
+---
+ lib/file-source/src/buffer.rs | 209 ++++++++++++++++++++++++++++++++--
+ 1 file changed, 202 insertions(+), 7 deletions(-)
+
+diff --git a/lib/file-source/src/buffer.rs b/lib/file-source/src/buffer.rs
+index 55dd48133..1ef892aaf 100644
+--- a/lib/file-source/src/buffer.rs
++++ b/lib/file-source/src/buffer.rs
+@@ -48,6 +48,12 @@ pub fn read_until_with_max_size<'a, R: BufRead + ?Sized>(
+     let delim_finder = Finder::new(delim);
+     let delim_len = delim.len();
+     let mut discarded_for_size_and_truncated = Vec::new();
++    // The following line from the upstream change is only needed once the funciton becomes async
++    // let mut reader = Box::new(reader);
++
++    // Track partial delimiter matches across buffer boundaries
++    let mut partial_delim: BytesMut = BytesMut::with_capacity(delim_len);
++
+     loop {
+         let available: &[u8] = match reader.fill_buf() {
+             Ok(n) => n,
+@@ -55,6 +61,35 @@ pub fn read_until_with_max_size<'a, R: BufRead + ?Sized>(
+             Err(e) => return Err(e),
+         };
+ 
++        // First, check if we have a partial delimiter from the previous iteration
++        if !partial_delim.is_empty() {
++            let expected_suffix = &delim[partial_delim.len()..];
++            let expected_suffix_len = expected_suffix.len();
++
++            if available.len() >= expected_suffix_len
++                && &available[..expected_suffix_len] == expected_suffix
++            {
++                // Complete delimiter found! Consume the suffix
++                reader.consume(expected_suffix_len);
++                *position += expected_suffix_len as u64;
++                total_read += expected_suffix_len;
++                partial_delim.clear();
++
++                // Found a complete delimiter, return the current buffer
++                return Ok(ReadResult {
++                    successfully_read: Some(total_read),
++                    discarded_for_size_and_truncated,
++                });
++            } else {
++                // Not a complete delimiter after all. Add partial_delim to output buffer
++                if !discarding {
++                    buf.extend_from_slice(&partial_delim);
++                }
++                partial_delim.clear();
++                // Continue processing current available buffer
++            }
++        }
++
+         let (done, used) = {
+             match delim_finder.find(available) {
+                 Some(i) => {
+@@ -64,13 +99,47 @@ pub fn read_until_with_max_size<'a, R: BufRead + ?Sized>(
+                     (true, i + delim_len)
+                 }
+                 None => {
+-                    if !discarding {
+-                        buf.extend_from_slice(available);
++                    // No delimiter found in current buffer. Check if buffer ends with a
++                    // partial delimiter match. For multi-byte delimiters like \r\n, we need
++                    // to handle the case where the delimiter is split across buffer boundaries.
++                    let mut partial_match_len = 0;
++                    if !available.is_empty() && delim_len > 1 {
++                        // Check if the end matches a prefix of the delimiter.
++                        // We iterate from longest to shortest prefix and break on first match.
++                        // Performance: For typical 2-byte delimiters (CRLF), this is 1 iteration.
++                        // For longer delimiters, this runs O(delim_len) times but only occurs
++                        // at buffer boundaries (~every 8KB), making the impact negligible.
++                        for prefix_len in (1..delim_len).rev() {
++                            if available.len() >= prefix_len
++                                && available.ends_with(&delim[..prefix_len])
++                            {
++                                partial_match_len = prefix_len;
++                                break;
++                            }
++                        }
+                     }
++
++                    let bytes_to_copy = available.len() - partial_match_len;
++
++                    if !discarding && bytes_to_copy > 0 {
++                        buf.extend_from_slice(&available[..bytes_to_copy]);
++                    }
++
++                    // If we found a potential partial delimiter, save it for the next iteration
++                    if partial_match_len > 0 {
++                        partial_delim.clear();
++                        partial_delim.extend_from_slice(&available[bytes_to_copy..]);
++                    }
++
+                     (false, available.len())
+                 }
+             }
+         };
++
++        // Check if we're at EOF before we start processing
++        // (for borrow checker, has to come before `consume`)
++        let at_eof = available.is_empty();
++
+         reader.consume(used);
+         *position += used as u64; // do this at exactly same time
+         total_read += used;
+@@ -94,11 +163,12 @@ pub fn read_until_with_max_size<'a, R: BufRead + ?Sized>(
+                 discarding = false;
+                 buf.clear();
+             }
+-        } else if used == 0 {
+-            // We've hit EOF but not yet seen a newline. This can happen when unlucky timing causes
+-            // us to observe an incomplete write. We return None here and let the loop continue
+-            // next time the method is called. This is safe because the buffer is specific to this
+-            // FileWatcher.
++        } else if used == 0 && at_eof {
++            // We've hit EOF but haven't seen a delimiter. This can happen when:
++            // 1. The file ends without a trailing delimiter
++            // 2. We're observing an incomplete write
++            //
++            // Return None to signal the caller to retry later.
+             return Ok(ReadResult {
+                 successfully_read: None,
+                 discarded_for_size_and_truncated,
+@@ -253,4 +323,129 @@ mod test {
+             .max_tests(2_000)
+             .quickcheck(qc_inner as fn(Vec<Vec<u8>>, u8, NonZeroU8) -> TestResult);
+     }
++
++    /// Generic test helper that tests delimiter splits across buffer boundaries
++    /// for any delimiter length. This function:
++    /// 1. Creates test data with delimiters positioned to split at buffer boundaries
++    /// 2. Tests multiple iterations to ensure state tracking works correctly
++    /// 3. Verifies all lines are correctly separated without merging
++    fn test_delimiter_boundary_split_helper(delimiter: &[u8], num_lines: usize) {
++        let delimiter_len = delimiter.len();
++
++        // Use a buffer capacity that will force splits
++        // We'll position delimiters to split at this boundary
++        let buffer_capacity = 10;
++
++        println!(
++            "\n=== Testing delimiter: {:?} (length: {}) ===",
++            String::from_utf8_lossy(delimiter),
++            delimiter_len
++        );
++        println!("Buffer capacity: {} bytes", buffer_capacity);
++
++        // Build test data where each delimiter is positioned to split across buffer boundary
++        // Strategy: For each line, calculate position so delimiter starts at boundary - (delimiter_len - 1)
++        let mut data = Vec::new();
++        let mut expected_lines = Vec::new();
++
++        for i in 0..num_lines {
++            // Create line content that positions the delimiter to split at buffer boundary
++            // We want the delimiter to straddle a buffer_capacity boundary
++
++            // Calculate how many bytes until the next buffer boundary
++            let current_pos = data.len();
++            let bytes_until_boundary = buffer_capacity - (current_pos % buffer_capacity);
++
++            // Create line content that will position delimiter to split
++            // We want (delimiter_len - 1) bytes before boundary, then 1 byte after
++            let line_content = if bytes_until_boundary > delimiter_len {
++                let content_len = bytes_until_boundary - (delimiter_len - 1);
++                format!("line{:0width$}", i, width = content_len.saturating_sub(4)).into_bytes()
++            } else {
++                // Not enough room in this buffer, pad to next boundary
++                let padding = bytes_until_boundary;
++                let extra_content = buffer_capacity - (delimiter_len - 1);
++                let mut content = vec![b'X'; padding];
++                content.extend_from_slice(
++                    format!("L{:0width$}", i, width = extra_content.saturating_sub(1)).as_bytes(),
++                );
++                content
++            };
++
++            println!(
++                "Line {}: '{}' (len: {}, data pos: {})",
++                i,
++                String::from_utf8_lossy(&line_content),
++                line_content.len(),
++                current_pos
++            );
++
++            expected_lines.push(line_content.clone());
++            data.extend_from_slice(&line_content);
++            data.extend_from_slice(delimiter);
++        }
++
++        println!("Total test data size: {} bytes\n", data.len());
++
++        // Now test reading this data
++        let cursor = Cursor::new(data);
++        let mut reader = BufReader::with_capacity(buffer_capacity, cursor);
++        let mut position = 0;
++        let max_size = 1024;
++
++        // Read each line and verify it matches expected
++        for (i, expected_line) in expected_lines.iter().enumerate() {
++            let mut buffer = BytesMut::new();
++            let result = read_until_with_max_size(
++                Box::pin(&mut reader),
++                &mut position,
++                delimiter,
++                &mut buffer,
++                max_size,
++            )
++            .unwrap();
++
++            assert_eq!(
++                buffer.as_ref(),
++                expected_line.as_slice(),
++                "Line {} should match expected content. Got: {:?}, Expected: {:?}",
++                i,
++                String::from_utf8_lossy(&buffer),
++                String::from_utf8_lossy(expected_line)
++            );
++
++            assert!(
++                result.successfully_read.is_some(),
++                "Should find delimiter for line {}",
++                i
++            );
++        }
++    }
++
++    #[test]
++    fn test_single_byte_delimiter_boundary() {
++        // Test single-byte delimiter (should work without any special handling)
++        test_delimiter_boundary_split_helper(b"\n", 5);
++    }
++
++    #[test]
++    fn test_two_byte_delimiter_boundary() {
++        // Test two-byte delimiter (CRLF case)
++        test_delimiter_boundary_split_helper(b"\r\n", 5);
++    }
++
++    #[test]
++    fn test_three_byte_delimiter_boundary() {
++        test_delimiter_boundary_split_helper(b"|||", 5);
++    }
++
++    #[test]
++    fn test_four_byte_delimiter_boundary() {
++        test_delimiter_boundary_split_helper(b"<|>|", 5);
++    }
++
++    #[test]
++    fn test_five_byte_delimiter_boundary() {
++        test_delimiter_boundary_split_helper(b"<<>>>", 5);
++    }
+ }

From 854097119fb23daa6c2018ce94825c5fabe685c5 Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Thu, 30 Oct 2025 12:33:55 +0100
Subject: [PATCH 09/13] chore(vector): Add maintainer label

This seems to be added to other images, so I'm just copying that.
---
 vector/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/vector/Dockerfile b/vector/Dockerfile
index 2255a1ab9..7f6643a4c 100644
--- a/vector/Dockerfile
+++ b/vector/Dockerfile
@@ -92,6 +92,8 @@ ARG INOTIFY_TOOLS
 ARG TARGETARCH
 ARG STACKABLE_USER_UID
 
+LABEL maintainer="Stackable GmbH"
+
 COPY --chown=${STACKABLE_USER_UID}:0 opa/licenses /licenses
 COPY --from=vector-builder --chown=${STACKABLE_USER_UID}:0 /app/* /usr/local/bin/
 

From 7806d1fce640bc12e491bb0ae367b3c7608aa269 Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Thu, 30 Oct 2025 12:39:02 +0100
Subject: [PATCH 10/13] chore: Update changelog

---
 CHANGELOG.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9787e1715..f6e7c5bc5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -45,7 +45,7 @@ All notable changes to this project will be documented in this file.
 - stackable-base: Bump ubi9 base image ([#1253]).
 - stackable-devel: Bump ubi9 base image and update cargo-auditable to `0.7.0` ([#1253]).
 - stackable-devel: Bump Rust toolchain to `1.89.0` and cargo-auditable to `0.7.1` ([#1319]).
-- vector: Bump to `0.49.0` ([#1258]).
+- vector: Bump to `0.49.0` and build from source (applying patches) ([#1258], [#1323]).
 - airflow: Bump uvicorn dependency to `0.37.0` ([#1264]).
 - trino-cli: Bump to 477 ([#1285]).
 - tools: Bump dependency versions - kubectl to `1.34.1`, yq to `4.47.2`, and jq to `1.8.1` ([#1290]).
@@ -121,6 +121,7 @@ All notable changes to this project will be documented in this file.
 [#1319]: https://github.com/stackabletech/docker-images/pull/1319
 [#1320]: https://github.com/stackabletech/docker-images/pull/1320
 [#1322]: https://github.com/stackabletech/docker-images/pull/1322
+[#1323]: https://github.com/stackabletech/docker-images/pull/1323
 
 ## [25.7.0] - 2025-07-23
 

From 2efbef5c2b3f55521aa1eced50e316cd7919b018 Mon Sep 17 00:00:00 2001
From: Nick <10092581+NickLarsenNZ@users.noreply.github.com>
Date: Thu, 30 Oct 2025 15:27:39 +0100
Subject: [PATCH 11/13] Apply suggestions from code review

Co-authored-by: Techassi <sascha.lautenschlaeger@stackable.tech>
---
 vector/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vector/Dockerfile b/vector/Dockerfile
index 7f6643a4c..fedb8ddee 100644
--- a/vector/Dockerfile
+++ b/vector/Dockerfile
@@ -46,7 +46,7 @@ COPY --chown=${STACKABLE_USER_UID}:0 vector/stackable/patches/${PRODUCT_VERSION}
 # Build artifacts will be available in /app.
 RUN mkdir /app
 
-# This script is designed for operator, and their source path.
+# This script is designed for operators, and their source path.
 # So we can't use it. Instead we use a modified version.
 # COPY shared/copy_artifacts.sh /
 COPY vector/copy_artifacts.sh /

From e07edd3e703f76ad137b8ddeff2a39c8cca09e9c Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Thu, 30 Oct 2025 15:28:08 +0100
Subject: [PATCH 12/13] chore(vector): Remove unused upload script

---
 vector/upload_new_vector_version.sh | 65 -----------------------------
 1 file changed, 65 deletions(-)
 delete mode 100755 vector/upload_new_vector_version.sh

diff --git a/vector/upload_new_vector_version.sh b/vector/upload_new_vector_version.sh
deleted file mode 100755
index 2d71eb08c..000000000
--- a/vector/upload_new_vector_version.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/usr/bin/env bash
-#
-# Example usage:
-# upload_new_vector_version.sh 0.41.1 1 nexus-username /var/lib/rpm
-
-set -euo pipefail
-
-VERSION=${1:?"Missing version number argument (arg 1)"}
-RELEASE=${2:?"Missing release number argument (arg 2)"}
-NEXUS_USER=${3:?"Missing Nexus username argument (arg 3)"}
-RPM_PACKAGE_DB_PATH=${4:-"/var/lib/rpm"}
-
-ARCHITECTURES=(
-    x86_64
-    aarch64
-)
-
-major_version="${VERSION%%.*}"
-
-read -r -s -p "Nexus Password: " NEXUS_PASSWORD
-echo ""
-
-for arch in "${ARCHITECTURES[@]}"; do
-    file="vector-$VERSION-$RELEASE.$arch.rpm"
-
-    echo "Downloading $file from yum.vector.dev"
-    curl \
-        --fail \
-        --location \
-        --remote-name \
-        --silent \
-        "https://yum.vector.dev/stable/vector-$major_version/$arch/$file"
-
-    echo "Validating signature"
-    EXIT_STATUS=0
-    # `rpmkeys --checksig` also succeeds if the digests of an unsigned
-    # package are okay. Therefore, test explicitly if the output
-    # contains "digests signatures OK" to ensure that the package is
-    # signed.
-    rpmkeys \
-        --checksig \
-        --dbpath "$RPM_PACKAGE_DB_PATH" \
-        "$file" | \
-        grep "^$file: digests signatures OK\$" || \
-        EXIT_STATUS=$?
-    if [ $EXIT_STATUS -ne 0 ]; then
-      echo "ERROR: The signature could not be verified."
-    echo "--> NOTE: Make sure you have downloaded and added Datadog's \
-public key (https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public) \
-to the RPM package database:
-rpmkeys --import --dbpath $RPM_PACKAGE_DB_PATH DATADOG_APT_KEY_CURRENT.public"
-      exit 1
-    fi
-
-    echo "Uploading $file to Nexus"
-    curl --fail -o /dev/null --progress-bar -u "$NEXUS_USER:$NEXUS_PASSWORD" \
-        --upload-file "$file" \
-        'https://repo.stackable.tech/repository/packages/vector/'
-
-    echo "Removing downloaded $file"
-    rm "$file"
-done
-
-echo "Successfully uploaded new version of Vector ($VERSION) to Nexus"
-echo "https://repo.stackable.tech/service/rest/repository/browse/packages/vector/"

From 8ea9c1e373858fc9e5a6d1c9d21cc35c7aca8b7a Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Thu, 30 Oct 2025 15:30:49 +0100
Subject: [PATCH 13/13] chore(vector): Remove old comments, add new todo

---
 vector/Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/vector/Dockerfile b/vector/Dockerfile
index fedb8ddee..1246f49f1 100644
--- a/vector/Dockerfile
+++ b/vector/Dockerfile
@@ -59,9 +59,10 @@ NEW_VERSION="${PRODUCT_VERSION}-stackable${RELEASE_VERSION}"
 # Create snapshot of the source code including custom patches
 tar -czf /stackable/vector-${NEW_VERSION}-src.tar.gz .
 
-# rust build here?
 . "$HOME/.cargo/env"
-# cargo auditable --quiet build --release --workspace
+
+# Build vector with default features
+# TODO (@NickLarsenNZ): Consider reducing the feature-set to only what we need in the sidecar.
 cargo auditable --quiet build --release
 
 # Generate SBOMs and copy them to /app (via a script)