diff --git a/CHANGELOG.md b/CHANGELOG.md
index 123eebaf5a7c18ca5237cbaf66f2971ce5c28d1d..4c0b34a5209c980192935389b6460b5e56932ccf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,21 @@
 # Changelog
 
+## 2.1.2
+This release fixes a security vulnerability caused by the CORS implementation.
+Support for cross-origin requests has been removed. Use ARSnova version 2.2 or
+newer for proper CORS. (Reported by Rainer Rillke at Wikimedia)
+
+Additional changes:
+* Libraries have been upgraded to fix potential bugs
+
+## 2.0.4
+This release fixes a security vulnerability caused by the CORS implementation.
+Support for cross-origin requests has been removed. Use ARSnova version 2.2 or
+newer for proper CORS. (Reported by Rainer Rillke at Wikimedia)
+
+Additional changes:
+* Libraries have been upgraded to fix potential bugs
+
 ## 2.2.1
 This release fixes a security vulnerability in the account management API. It is
 highly recommended to upgrade if you are using database authentication.
diff --git a/pom.xml b/pom.xml
index e9bb4f553f2de489ea68b5eb4e9f32469211f236..98125c81296f5ae09280090c7bfdf4bdbb235b97 100644
--- a/pom.xml
+++ b/pom.xml
@@ -181,12 +181,12 @@
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>
-			<version>1.7.12</version>
+			<version>1.7.21</version>
 		</dependency>
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-log4j12</artifactId>
-			<version>1.7.12</version>
+			<version>1.7.21</version>
 		</dependency>
 		<dependency>
 			<groupId>log4j</groupId>
@@ -231,7 +231,7 @@
 		<dependency>
 			<groupId>com.corundumstudio.socketio</groupId>
 			<artifactId>netty-socketio</artifactId>
-			<version>1.7.7</version>
+			<version>1.7.8</version>
 		</dependency>
 		<dependency>
 			<groupId>javax.inject</groupId>
@@ -315,7 +315,7 @@
 			<plugin>
 				<groupId>org.eclipse.jetty</groupId>
 				<artifactId>jetty-maven-plugin</artifactId>
-				<version>9.2.13.v20150730</version>
+				<version>9.2.17.v20160517</version>
 				<configuration>
 					<scanIntervalSeconds>1</scanIntervalSeconds>
 					<webApp>
@@ -344,7 +344,7 @@
 			<plugin>
 				<groupId>org.codehaus.mojo</groupId>
 				<artifactId>sonar-maven-plugin</artifactId>
-				<version>2.6</version>
+				<version>3.0.2</version>
 			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
diff --git a/src/main/java/de/thm/arsnova/web/CorsFilter.java b/src/main/java/de/thm/arsnova/web/CorsFilter.java
deleted file mode 100644
index a250689f22770073b0cf9fb71a6a14126cf386f5..0000000000000000000000000000000000000000
--- a/src/main/java/de/thm/arsnova/web/CorsFilter.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * This file is part of ARSnova Backend.
- * Copyright (C) 2012-2015 The ARSnova Team
- *
- * ARSnova Backend is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * ARSnova Backend is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package de.thm.arsnova.web;
-
-import java.io.IOException;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.stereotype.Component;
-import org.springframework.web.filter.OncePerRequestFilter;
-
-/**
- * Sets response headers to allow CORS requests.
- */
-@Component
-public class CorsFilter extends OncePerRequestFilter {
-
-	@Override
-	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
-			throws ServletException, IOException {
-		response.addHeader("Access-Control-Allow-Credentials", "true");
-		response.addHeader("Access-Control-Allow-Methods", "GET");
-		response.addHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Requested-With");
-
-		if (request.getHeader("origin") != null) {
-			response.addHeader("Access-Control-Allow-Origin", request.getHeader("origin"));
-		}
-
-		filterChain.doFilter(request, response);
-	}
-}
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
index 9c71a5a4a2233deb0bc848ee71fd5aa8356532dc..073123ba956445654d67530a1e90f06839562490 100644
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -61,16 +61,6 @@
 		<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
 	</listener>
 
-	<filter>
-		<filter-name>corsFilter</filter-name>
-		<filter-class>de.thm.arsnova.web.CorsFilter</filter-class>
-		<async-supported>true</async-supported>
-	</filter>
-	<filter-mapping>
-		<filter-name>corsFilter</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
-
 	<mime-mapping>
 		<extension>manifest</extension>
 		<mime-type>text/cache-manifest</mime-type>