diff --git a/CHANGELOG.md b/CHANGELOG.md
index f81160d115fbb75fba9c3807c4a35e93c2f6af6a..475a7c5724b396b2bb30c5965c74b37dfa9e37b2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## 2.3.4
+This release fixes a minor security vulnerability which allowed an attacker to
+remove a MotD from a session without being the creator.
+
+Additional changes:
+* Libraries have been upgraded to fix potential bugs
+
 ## 2.4.1
 This release fixes a security vulnerability caused by the CORS implementation.
 Origins allowed for CORS can now be set in the configuration via
diff --git a/pom.xml b/pom.xml
index 35ca3f4c085b8837a1a9cc4318938c1400637b84..9156d3fae9d35dbeb6ed41fbfcc136ea0369ad0f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -355,7 +355,7 @@
 			<plugin>
 				<groupId>org.codehaus.mojo</groupId>
 				<artifactId>sonar-maven-plugin</artifactId>
-				<version>3.0.2</version>
+				<version>3.2</version>
 			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
diff --git a/src/main/java/de/thm/arsnova/dao/CouchDBDao.java b/src/main/java/de/thm/arsnova/dao/CouchDBDao.java
index 77910b9725de70616d4862ab093599ebabdb6edc..e8c1ae5a2fecb0e3bc7766b3128c6b54def8cf1d 100644
--- a/src/main/java/de/thm/arsnova/dao/CouchDBDao.java
+++ b/src/main/java/de/thm/arsnova/dao/CouchDBDao.java
@@ -2534,12 +2534,11 @@ public class CouchDBDao implements IDatabaseDao, ApplicationEventPublisherAware
 
 			if (null != id) {
 				d = database.getDocument(id, rev);
-			}
-			if (motd.getMotdkey() == null) {
+			} else {
 				motd.setMotdkey(sessionService.generateKeyword());
+				d.put("motdkey", motd.getMotdkey());
 			}
 			d.put("type", "motd");
-			d.put("motdkey", motd.getMotdkey());
 			d.put("startdate", String.valueOf(motd.getStartdate().getTime()));
 			d.put("enddate", String.valueOf(motd.getEnddate().getTime()));
 			d.put("title", motd.getTitle());
diff --git a/src/main/java/de/thm/arsnova/services/MotdService.java b/src/main/java/de/thm/arsnova/services/MotdService.java
index a2acdf08ba7c3089693fce64511921219e5ea689..370739856f8091b35bc8f27185da40e497d50382 100644
--- a/src/main/java/de/thm/arsnova/services/MotdService.java
+++ b/src/main/java/de/thm/arsnova/services/MotdService.java
@@ -21,6 +21,7 @@ import de.thm.arsnova.dao.IDatabaseDao;
 import de.thm.arsnova.entities.Motd;
 import de.thm.arsnova.entities.MotdList;
 import de.thm.arsnova.entities.User;
+import de.thm.arsnova.exceptions.BadRequestException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -113,35 +114,47 @@ public class MotdService implements IMotdService {
 		}
 	}
 
-  @Override
-  @PreAuthorize("isAuthenticated() and hasPermission(1,'motd','admin')")
-  public Motd saveMotd(final Motd motd) {
-    return databaseDao.createOrUpdateMotd(motd);
-  }
+	@Override
+	@PreAuthorize("isAuthenticated() and hasPermission(1,'motd','admin')")
+	public Motd saveMotd(final Motd motd) {
+		return createOrUpdateMotd(motd);
+	}
 
 	@Override
 	@PreAuthorize("isAuthenticated() and hasPermission(#sessionkey, 'session', 'owner')")
 	public Motd saveSessionMotd(final String sessionkey, final Motd motd) {
-		return databaseDao.createOrUpdateMotd(motd);
+		return createOrUpdateMotd(motd);
 	}
 
-  @Override
-  @PreAuthorize("isAuthenticated() and hasPermission(1,'motd','admin')")
-  public Motd updateMotd(final Motd motd) {
-    return databaseDao.createOrUpdateMotd(motd);
-  }
+	@Override
+	@PreAuthorize("isAuthenticated() and hasPermission(1,'motd','admin')")
+	public Motd updateMotd(final Motd motd) {
+		return createOrUpdateMotd(motd);
+	}
 
 	@Override
 	@PreAuthorize("isAuthenticated() and hasPermission(#sessionkey, 'session', 'owner')")
 	public Motd updateSessionMotd(final String sessionkey, final Motd motd) {
+		return createOrUpdateMotd(motd);
+	}
+
+	private Motd createOrUpdateMotd(final Motd motd) {
+		if (motd.getMotdkey() != null) {
+			Motd oldMotd = databaseDao.getMotdByKey(motd.getMotdkey());
+			if (!(motd.get_id().equals(oldMotd.get_id()) && motd.getSessionkey().equals(oldMotd.getSessionkey())
+					&& motd.getAudience().equals(oldMotd.getAudience()))) {
+				throw new BadRequestException();
+			}
+		}
+
 		return databaseDao.createOrUpdateMotd(motd);
 	}
 
-  @Override
-  @PreAuthorize("isAuthenticated() and hasPermission(1,'motd','admin')")
-  public void deleteMotd(Motd motd) {
+	@Override
+	@PreAuthorize("isAuthenticated() and hasPermission(1,'motd','admin')")
+	public void deleteMotd(Motd motd) {
 		databaseDao.deleteMotd(motd);
-  }
+	}
 
 	@Override
 	@PreAuthorize("isAuthenticated() and hasPermission(#sessionkey, 'session', 'owner')")