diff --git a/dependencies.md b/dependencies.md
index 8fcd3d6..4becf75 100644
--- a/dependencies.md
+++ b/dependencies.md
@@ -7,7 +7,7 @@
| -------------------------------- | ------------------------------------------------------------------------------------------------------------ |
| [error-reporting-java][0] | [MIT License][1] |
| [Jakarta JSON Processing API][2] | [Eclipse Public License 2.0][3]; [GNU General Public License, version 2 with the GNU Classpath Exception][4] |
-| [JSON-B API][5] | [Eclipse Public License 2.0][3]; [GNU General Public License, version 2 with the GNU Classpath Exception][4] |
+| [Jakarta JSON Binding API][5] | [Eclipse Public License 2.0][3]; [GNU General Public License, version 2 with the GNU Classpath Exception][4] |
## Test Dependencies
@@ -64,7 +64,7 @@
[2]: https://github.com/eclipse-ee4j/jsonp
[3]: https://projects.eclipse.org/license/epl-2.0
[4]: https://projects.eclipse.org/license/secondary-gpl-2.0-cp
-[5]: https://jakartaee.github.io/jsonb-api
+[5]: https://projects.eclipse.org/projects/ee4j.jsonb/jakarta.json.bind-api
[6]: https://junit.org/
[7]: https://www.eclipse.org/legal/epl-v20.html
[8]: http://hamcrest.org/JavaHamcrest/
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
index d77d98a..79702b7 100644
--- a/doc/changes/changelog.md
+++ b/doc/changes/changelog.md
@@ -1,5 +1,6 @@
# Changes
+* [4.0.1](changes_4.0.1.md)
* [4.0.0](changes_4.0.0.md)
* [3.2.4](changes_3.2.4.md)
* [3.2.3](changes_3.2.3.md)
diff --git a/doc/changes/changes_4.0.1.md b/doc/changes/changes_4.0.1.md
new file mode 100644
index 0000000..cf5ca58
--- /dev/null
+++ b/doc/changes/changes_4.0.1.md
@@ -0,0 +1,43 @@
+# BucketFS Java 4.0.1, released 2026-??-??
+
+Code name: Fixed vulnerability CVE-2026-9563 in org.eclipse.parsson:parsson:jar:1.1.7:runtime
+
+## Summary
+
+This release fixes the following vulnerability:
+
+### CVE-2026-9563 (CWE-400) in dependency `org.eclipse.parsson:parsson:jar:1.1.7:runtime`
+In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memory by processing very large documents, including large arrays, objects, strings, numbers, whitespace, or nested structures, resulting in a denial of service. Eclipse Parsson 1.1.8 introduces a configurable maximum parsing limit with a default limit of 15 million parser-consumed characters.
+#### References
+* https://guide.sonatype.com/vulnerability/CVE-2026-9563?component-type=maven&component-name=org.eclipse.parsson%2Fparsson&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
+* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2026-9563
+* https://github.com/eclipse-ee4j/parsson/pull/169
+* https://gitlab.eclipse.org/security/vulnerability-reports/-/work_items/444
+
+## Security
+
+* #85: Fixed vulnerability CVE-2026-9563 in dependency `org.eclipse.parsson:parsson:jar:1.1.7:runtime`
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Updated `com.exasol:error-reporting-java:1.0.1` to `1.0.2`
+* Updated `jakarta.json.bind:jakarta.json.bind-api:3.0.1` to `3.0.2`
+
+### Runtime Dependency Updates
+
+* Updated `org.eclipse.parsson:parsson:1.1.7` to `1.1.9`
+
+### Test Dependency Updates
+
+* Updated `com.exasol:exasol-testcontainers:7.1.7` to `7.3.0`
+* Updated `org.junit.jupiter:junit-jupiter-api:5.13.4` to `6.1.1`
+* Updated `org.junit.jupiter:junit-jupiter-params:5.13.4` to `6.1.1`
+* Updated `org.mockito:mockito-junit-jupiter:5.20.0` to `5.23.0`
+* Updated `org.slf4j:slf4j-jdk14:2.0.17` to `2.0.18`
+* Updated `org.testcontainers:junit-jupiter:1.21.3` to `1.21.4`
+
+### Plugin Dependency Updates
+
+* Updated `com.exasol:project-keeper-maven-plugin:5.4.2` to `5.7.2`
diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom
index 6887f5b..e796741 100644
--- a/pk_generated_parent.pom
+++ b/pk_generated_parent.pom
@@ -3,7 +3,7 @@
4.0.0
com.exasol
bucketfs-java-generated-parent
- 4.0.0
+ 4.0.1
pom
UTF-8
diff --git a/pom.xml b/pom.xml
index 50edb07..5aa340c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,7 +2,7 @@
4.0.0
bucketfs-java
- 4.0.0
+ 4.0.1
BucketFS Java
Java library for automating tasks on Exasol's BucketFS.
https://github.com/exasol/bucketfs-java/
@@ -33,7 +33,7 @@
com.exasol
error-reporting-java
- 1.0.1
+ 1.0.2
@@ -44,14 +44,14 @@
org.eclipse.parsson
parsson
- 1.1.7
+ 1.1.9
runtime
jakarta.json.bind
jakarta.json.bind-api
- 3.0.1
+ 3.0.2
org.eclipse
@@ -63,13 +63,13 @@
org.junit.jupiter
junit-jupiter-api
- 5.13.4
+ 6.1.1
test
org.junit.jupiter
junit-jupiter-params
- 5.13.4
+ 6.1.1
test
@@ -81,26 +81,26 @@
org.mockito
mockito-junit-jupiter
- 5.20.0
+ 5.23.0
test
com.exasol
exasol-testcontainers
- 7.1.7
+ 7.3.0
test
org.testcontainers
junit-jupiter
- 1.21.3
+ 1.21.4
test
org.slf4j
slf4j-jdk14
- 2.0.17
+ 2.0.18
test
@@ -122,7 +122,7 @@
com.exasol
project-keeper-maven-plugin
- 5.4.2
+ 5.7.2
@@ -147,7 +147,7 @@
bucketfs-java-generated-parent
com.exasol
- 4.0.0
+ 4.0.1
pk_generated_parent.pom