diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6c4c1f62794ea2086b06ed593ef42483f899d5b0..e002acc4c7ccaa5ab6c1f9e80248195254b6b55d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,12 @@
 # Changelog
 
-## 2.0
+## 2.0.1
+This release introduces the following changes:
+* Updates dependency for Socket.IO support to fix memory leaks
+* Usernames for student's questions and free text answers are no longer exposed
+  by API responses
+
+## 2.0.0
 ARSnova 2.0 has been in development for more than two years. Further releases
 can be expected much more frequently.
 
diff --git a/pom.xml b/pom.xml
index e93356d18d4efc486070cf6eaa9e1ff23b19afee..3af7747888c914831882d5f753abc8c66f3ec143 100644
--- a/pom.xml
+++ b/pom.xml
@@ -256,7 +256,7 @@
 		<dependency>
 			<groupId>com.corundumstudio.socketio</groupId>
 			<artifactId>netty-socketio</artifactId>
-			<version>1.7.2</version>
+			<version>1.7.3</version>
 		</dependency>
 		<dependency>
 			<groupId>javax.inject</groupId>
@@ -345,7 +345,7 @@
 			<plugin>
 				<groupId>org.eclipse.jetty</groupId>
 				<artifactId>jetty-maven-plugin</artifactId>
-				<version>9.2.2.v20140723</version>
+				<version>9.2.3.v20140905</version>
 				<configuration>
 					<scanIntervalSeconds>1</scanIntervalSeconds>
 					<webApp>
diff --git a/src/main/java/de/thm/arsnova/controller/LoginController.java b/src/main/java/de/thm/arsnova/controller/LoginController.java
index 5bc1ae09ed3eba3e198671d275352d3b036423a6..c0cd572c60027e037b0ddcbee477561e861d1865 100644
--- a/src/main/java/de/thm/arsnova/controller/LoginController.java
+++ b/src/main/java/de/thm/arsnova/controller/LoginController.java
@@ -71,68 +71,43 @@ public class LoginController extends AbstractController {
 	private static final int MAX_USERNAME_LENGTH = 15;
 	private static final int MAX_GUESTHASH_LENGTH = 10;
 
-	@Value("${customization.path}")
-	private String customizationPath;
+	@Value("${customization.path}") private String customizationPath;
 
-	@Value("${security.guest.enabled}")
-	private String guestEnabled;
+	@Value("${security.guest.enabled}") private String guestEnabled;
+	@Value("${security.guest.lecturer.enabled}") private String guestLecturerEnabled;
+	@Value("${security.guest.order}") private int guestOrder;
 
-	@Value("${security.guest.lecturer.enabled}")
-	private String guestLecturerEnabled;
+	@Value("${security.custom-login.enabled}") private String customLoginEnabled;
+	@Value("${security.custom-login.title:University}") private String customLoginTitle;
+	@Value("${security.custom-login.login-dialog-path}") private String customLoginDialog;
+	@Value("${security.custom-login.image:}") private String customLoginImage;
+	@Value("${security.custom-login.order}") private int customLoginOrder;
 
-	@Value("${security.custom-login.enabled}")
-	private String customLoginEnabled;
+	@Value("${security.user-db.enabled}") private String dbAuthEnabled;
+	@Value("${security.user-db.title:ARSnova}") private String dbAuthTitle;
+	@Value("${security.user-db.login-dialog-path}") private String dbAuthDialog;
+	@Value("${security.user-db.image:}") private String dbAuthImage;
+	@Value("${security.user-db.order}") private int dbAuthOrder;
 
-	@Value("${security.custom-login.title:University}")
-	private String customLoginTitle;
+	@Value("${security.ldap.enabled}") private String ldapEnabled;
+	@Value("${security.ldap.title:LDAP}") private String ldapTitle;
+	@Value("${security.ldap.login-dialog-path}") private String ldapDialog;
+	@Value("${security.ldap.image:}") private String ldapImage;
+	@Value("${security.ldap.order}") private int ldapOrder;
 
-	@Value("${security.custom-login.login-dialog-path}")
-	private String customLoginDialog;
+	@Value("${security.cas.enabled}") private String casEnabled;
+	@Value("${security.cas.title:CAS}") private String casTitle;
+	@Value("${security.cas.image:}") private String casImage;
+	@Value("${security.cas.order}") private int casOrder;
 
-	@Value("${security.custom-login.image:}")
-	private String customLoginImage;
+	@Value("${security.facebook.enabled}") private String facebookEnabled;
+	@Value("${security.facebook.order}") private int facebookOrder;
 
-	@Value("${security.user-db.enabled}")
-	private String dbAuthEnabled;
+	@Value("${security.google.enabled}") private String googleEnabled;
+	@Value("${security.google.order}") private int googleOrder;
 
-	@Value("${security.user-db.title:ARSnova}")
-	private String dbAuthTitle;
-
-	@Value("${security.user-db.login-dialog-path}")
-	private String dbAuthDialog;
-
-	@Value("${security.user-db.image:}")
-	private String dbAuthImage;
-
-	@Value("${security.ldap.enabled}")
-	private String ldapEnabled;
-
-	@Value("${security.ldap.title:LDAP}")
-	private String ldapTitle;
-
-	@Value("${security.ldap.login-dialog-path}")
-	private String ldapDialog;
-
-	@Value("${security.ldap.image:}")
-	private String ldapImage;
-
-	@Value("${security.cas.enabled}")
-	private String casEnabled;
-
-	@Value("${security.cas.title:CAS}")
-	private String casTitle;
-
-	@Value("${security.cas.image:}")
-	private String casImage;
-
-	@Value("${security.facebook.enabled}")
-	private String facebookEnabled;
-
-	@Value("${security.google.enabled}")
-	private String googleEnabled;
-
-	@Value("${security.twitter.enabled}")
-	private String twitterEnabled;
+	@Value("${security.twitter.enabled}") private String twitterEnabled;
+	@Value("${security.twitter.order}") private int twitterOrder;
 
 	@Autowired(required = false)
 	private DaoAuthenticationProvider daoProvider;
@@ -323,6 +298,7 @@ public class LoginController extends AbstractController {
 				"Guest",
 				null
 			);
+			sdesc.setOrder(guestOrder);
 			if (!"true".equals(guestLecturerEnabled)) {
 				sdesc.setAllowLecturer(false);
 			}
@@ -330,62 +306,76 @@ public class LoginController extends AbstractController {
 		}
 
 		if ("true".equals(customLoginEnabled) && !"".equals(customLoginDialog)) {
-			services.add(new ServiceDescription(
+			ServiceDescription sdesc = new ServiceDescription(
 				"custom",
 				customLoginTitle,
 				customizationPath + "/" + customLoginDialog + "?redirect={0}",
 				customLoginImage
-			));
+			);
+			sdesc.setOrder(customLoginOrder);
+			services.add(sdesc);
 		}
 
 		if ("true".equals(dbAuthEnabled) && !"".equals(dbAuthDialog)) {
-			services.add(new ServiceDescription(
+			ServiceDescription sdesc = new ServiceDescription(
 				"arsnova",
 				dbAuthTitle,
 				customizationPath + "/" + dbAuthDialog + "?redirect={0}",
 				dbAuthImage
-			));
+			);
+			sdesc.setOrder(dbAuthOrder);
+			services.add(sdesc);
 		}
 
 		if ("true".equals(ldapEnabled) && !"".equals(ldapDialog)) {
-			services.add(new ServiceDescription(
+			ServiceDescription sdesc = new ServiceDescription(
 				"ldap",
 				ldapTitle,
 				customizationPath + "/" + ldapDialog + "?redirect={0}",
 				ldapImage
-			));
+			);
+			sdesc.setOrder(ldapOrder);
+			services.add(sdesc);
 		}
 
 		if ("true".equals(casEnabled)) {
-			services.add(new ServiceDescription(
+			ServiceDescription sdesc = new ServiceDescription(
 				"cas",
 				casTitle,
 				MessageFormat.format(dialogUrl, "cas")
-			));
+			);
+			sdesc.setOrder(casOrder);
+			services.add(sdesc);
 		}
 
 		if ("true".equals(facebookEnabled)) {
-			services.add(new ServiceDescription(
+			ServiceDescription sdesc = new ServiceDescription(
 				"facebook",
 				"Facebook",
 				MessageFormat.format(dialogUrl, "facebook")
-			));
+			);
+			sdesc.setOrder(facebookOrder);
+			services.add(sdesc);
 		}
 
 		if ("true".equals(googleEnabled)) {
-			services.add(new ServiceDescription(
+			ServiceDescription sdesc = new ServiceDescription(
 				"google",
 				"Google",
 				MessageFormat.format(dialogUrl, "google")
-			));
+			);
+			sdesc.setOrder(googleOrder);
+			services.add(sdesc);
 		}
 
 		if ("true".equals(twitterEnabled)) {
-			services.add(new ServiceDescription(
+			ServiceDescription sdesc = new ServiceDescription(
 				"twitter",
 				"Twitter",
 				MessageFormat.format(dialogUrl, "twitter")
-			));
+			);
+			sdesc.setOrder(twitterOrder);
+			services.add(sdesc);
 		}
 
 		return services;
diff --git a/src/main/java/de/thm/arsnova/entities/Answer.java b/src/main/java/de/thm/arsnova/entities/Answer.java
index d2361ed901256dfb1906f059d87ef92d6ffea750..ceb1821d7583318201fa0c4bda525cdbbce566d3 100644
--- a/src/main/java/de/thm/arsnova/entities/Answer.java
+++ b/src/main/java/de/thm/arsnova/entities/Answer.java
@@ -1,5 +1,7 @@
 package de.thm.arsnova.entities;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
 public class Answer {
 
 	private String _id;
@@ -86,6 +88,10 @@ public class Answer {
 		this.piRound = piRound;
 	}
 
+	/* TODO: use JsonViews instead of JsonIgnore when supported by Spring (4.1)
+	 * http://wiki.fasterxml.com/JacksonJsonViews
+	 * https://jira.spring.io/browse/SPR-7156 */
+	@JsonIgnore
 	public final String getUser() {
 		return user;
 	}
diff --git a/src/main/java/de/thm/arsnova/entities/InterposedQuestion.java b/src/main/java/de/thm/arsnova/entities/InterposedQuestion.java
index c316a259812a52b05f45a87099866a43d5544e23..a08b136ae2b43be9ca73e7cb3bd0a97b3a6323a1 100644
--- a/src/main/java/de/thm/arsnova/entities/InterposedQuestion.java
+++ b/src/main/java/de/thm/arsnova/entities/InterposedQuestion.java
@@ -19,6 +19,8 @@
 
 package de.thm.arsnova.entities;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
 public class InterposedQuestion {
 
 	private String _id;
@@ -85,6 +87,10 @@ public class InterposedQuestion {
 		this.timestamp = timestamp;
 	}
 
+	/* TODO: use JsonViews instead of JsonIgnore when supported by Spring (4.1)
+	 * http://wiki.fasterxml.com/JacksonJsonViews
+	 * https://jira.spring.io/browse/SPR-7156 */
+	@JsonIgnore
 	public String getCreator() {
 		return creator;
 	}