diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
index c773bbf..ec6ab64 100644
--- a/doc/changes/changelog.md
+++ b/doc/changes/changelog.md
@@ -1,5 +1,6 @@
# Changes
+* [2.1.7](changes_2.1.7.md)
* [2.1.6](changes_2.1.6.md)
* [2.1.5](changes_2.1.5.md)
* [2.1.4](changes_2.1.4.md)
diff --git a/doc/changes/changes_2.1.7.md b/doc/changes/changes_2.1.7.md
new file mode 100644
index 0000000..8518b94
--- /dev/null
+++ b/doc/changes/changes_2.1.7.md
@@ -0,0 +1,26 @@
+# Spark Connector 2.1.7, released 2024-05-14
+
+Code name: Fix CVEs in runtime dependencies
+
+## Summary
+This release fixes the following vulnerabilities in dependencies:
+CVE-2024-29131 & CVE-2024-29133 in org.apache.commons:commons-configuration2:jar:2.8.0:provided
+
+## Features
+
+* #224: CVE-2024-29131 & CVE-2024-29133 in org.apache.commons:commons-configuration2:jar:2.8.0:provided
+* Fix issues in spark 3.3 dependencies caused by spark-connector-common-java upgrade
+
+## Dependency Updates
+
+### Spark Exasol Connector With JDBC
+
+#### Compile Dependency Updates
+
+* Updated `com.exasol:spark-connector-common-java:2.0.1` to `2.0.5`
+
+### Spark Exasol Connector With S3
+
+#### Compile Dependency Updates
+
+* Updated `com.exasol:spark-connector-common-java:2.0.1` to `2.0.5`
diff --git a/exasol-jdbc/pom.xml b/exasol-jdbc/pom.xml
index b70b2f4..20b2556 100644
--- a/exasol-jdbc/pom.xml
+++ b/exasol-jdbc/pom.xml
@@ -52,8 +52,10 @@
guava
+
io.netty
netty-all
+ 4.1.109.Final
com.fasterxml.jackson.core
diff --git a/exasol-s3/pom.xml b/exasol-s3/pom.xml
index 67e833c..50e2f79 100644
--- a/exasol-s3/pom.xml
+++ b/exasol-s3/pom.xml
@@ -35,8 +35,10 @@
hadoop-client
+
io.netty
netty-all
+ 4.1.109.Final
software.amazon.awssdk
diff --git a/parent-pom/pom.xml b/parent-pom/pom.xml
index 7c21031..32171b3 100644
--- a/parent-pom/pom.xml
+++ b/parent-pom/pom.xml
@@ -15,7 +15,7 @@
pk_generated_parent.pom
- 2.1.6
+ 2.1.7
8
2.20.0
5.10.0
@@ -47,7 +47,7 @@
com.exasol
spark-connector-common-java
- 2.0.1
+ 2.0.5
org.apache.spark
@@ -79,6 +79,10 @@
log4j
log4j
+
+ org.apache.logging.log4j
+ log4j-slf4j-impl
+
io.netty
netty
@@ -216,6 +220,18 @@
${jackson.version}
provided
+
+ org.codehaus.janino
+ janino
+ ${janino.version}
+ provided
+
+
+ org.codehaus.janino
+ commons-compiler
+ ${janino.version}
+ provided
+
com.nimbusds
@@ -321,6 +337,12 @@
commons-compress
1.26.0
+
+
+ org.apache.commons
+ commons-configuration2
+ 2.10.1
+
org.apache.avro
@@ -516,6 +538,8 @@
2.13
3.3.6
2.15.4
+
+ 3.1.12
exasol-jdbc
@@ -534,6 +558,8 @@
2.13
3.3.6
2.14.2
+
+ 3.1.12
exasol-jdbc
@@ -549,6 +575,7 @@
2.12
3.3.4
2.14.2
+ 3.1.12
exasol-jdbc
@@ -568,6 +595,8 @@
Scala module 2.13.4 requires Jackson Databind version >= 2.13.0 and < 2.14.0
-->
2.13.4.2
+
+ 3.0.16
exasol-jdbc
@@ -582,6 +611,7 @@
2.12
3.3.2
2.13.4.2
+ 3.0.16
exasol-jdbc
diff --git a/pom.xml b/pom.xml
index e31381c..e4fc89b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -61,6 +61,7 @@
2.12
2.13.4.2
3.1.1
+ 3.0.16
exasol-jdbc
@@ -78,6 +79,7 @@
-->
2.13.4.2
3.1.1
+ 3.0.16
exasol-jdbc
@@ -94,6 +96,7 @@
2.13
2.14.2
3.1.2
+ 3.1.12
exasol-jdbc
@@ -111,6 +114,7 @@
2.13
2.15.4
3.1.2
+ 3.1.12
exasol-jdbc