diff --git a/doc/changes/changes_2.1.5.md b/doc/changes/changes_2.1.5.md
index e56dfd2..c335e06 100644
--- a/doc/changes/changes_2.1.5.md
+++ b/doc/changes/changes_2.1.5.md
@@ -1,12 +1,22 @@
# Error Code Model Java 2.1.5, released 2026-??-??
-Code name:
+Code name: Fixed vulnerability CVE-2026-9563 in org.eclipse.parsson:parsson:jar:1.1.7:runtime
## Summary
-## Features
+This release fixes the following vulnerability:
-* ISSUE_NUMBER: description
+### CVE-2026-9563 (CWE-400) in dependency `org.eclipse.parsson:parsson:jar:1.1.7:runtime`
+In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memory by processing very large documents, including large arrays, objects, strings, numbers, whitespace, or nested structures, resulting in a denial of service. Eclipse Parsson 1.1.8 introduces a configurable maximum parsing limit with a default limit of 15 million parser-consumed characters.
+#### References
+* https://guide.sonatype.com/vulnerability/CVE-2026-9563?component-type=maven&component-name=org.eclipse.parsson%2Fparsson&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
+* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2026-9563
+* https://github.com/eclipse-ee4j/parsson/pull/169
+* https://gitlab.eclipse.org/security/vulnerability-reports/-/work_items/444
+
+## Security
+
+* #29: Fixed vulnerability CVE-2026-9563 in dependency `org.eclipse.parsson:parsson:jar:1.1.7:runtime`
## Dependency Updates
@@ -14,14 +24,19 @@ Code name:
* Updated `com.exasol:error-reporting-java:1.0.1` to `1.0.2`
+### Runtime Dependency Updates
+
+* Updated `org.eclipse.parsson:parsson:1.1.7` to `1.1.9`
+
### Test Dependency Updates
-* Updated `org.junit.jupiter:junit-jupiter-params:5.13.4` to `5.14.3`
+* Updated `nl.jqno.equalsverifier:equalsverifier:3.19.4` to `4.5`
+* Updated `org.junit.jupiter:junit-jupiter-params:5.13.4` to `6.1.1`
### Plugin Dependency Updates
* Updated `com.exasol:error-code-crawler-maven-plugin:2.0.5` to `2.0.6`
-* Updated `com.exasol:project-keeper-maven-plugin:5.4.3` to `5.4.6`
+* Updated `com.exasol:project-keeper-maven-plugin:5.4.3` to `5.7.2`
* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.14.1` to `3.15.0`
* Updated `org.apache.maven.plugins:maven-resources-plugin:3.3.1` to `3.4.0`
* Updated `org.apache.maven.plugins:maven-source-plugin:3.2.1` to `3.4.0`
diff --git a/pom.xml b/pom.xml
index 1b11775..69f14ff 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@
org.eclipse.parsson
parsson
- 1.1.7
+ 1.1.9
runtime
@@ -34,14 +34,14 @@
nl.jqno.equalsverifier
equalsverifier
- 3.19.4
+ 4.5
test
org.junit.jupiter
junit-jupiter-params
- 5.14.3
+ 6.1.1
test
@@ -50,7 +50,7 @@
com.exasol
project-keeper-maven-plugin
- 5.4.6
+ 5.7.2