diff --git a/.gitignore b/.gitignore
index 1c4e81119d..4e5cd26788 100644
--- a/.gitignore
+++ b/.gitignore
@@ -64,3 +64,4 @@ dependencies.txt
 /.metals
 /sipi/images/082E/*
 /sipi/images/originals/082E/*
+/dependencies.bzl
diff --git a/third_party/dependencies.bzl b/third_party/dependencies.bzl
index 46b34fe335..b10a323687 100644
--- a/third_party/dependencies.bzl
+++ b/third_party/dependencies.bzl
@@ -10,7 +10,7 @@ def dependencies():
     # e.g., to reference use: @maven//com_typesafe_akka_akka_actor_2_13
     #
     # ATTENTION: Transitive dependencies need to be explicitly added
-    # to query: bazel query @maven//:all --output=build
+    # to query: bazel query @maven//:all --output=build > dependencies.bzl
     # or: bazel query @maven//:all | sort
     #
     maven_install(
@@ -50,11 +50,12 @@ def dependencies():
 
             # Logging
             "com.typesafe.scala-logging:scala-logging_2.13:3.9.4",
-            "ch.qos.logback:logback-classic:1.2.8",
-            "ch.qos.logback:logback-core:1.2.8",
+            "ch.qos.logback:logback-classic:1.2.9",
+            "ch.qos.logback:logback-core:1.2.9",
             "org.slf4j:log4j-over-slf4j:1.7.32",
             "org.slf4j:jcl-over-slf4j:1.7.32",
             "org.slf4j:slf4j-api:1.7.32",
+            "org.apache.logging.log4j:log4j:2.17.0", # needed by apache-jena-libs. explicitly setting latest version (log4shell) to override the one used by jena.
 
             # metrics
             "io.kamon:kamon-core_2.13:2.1.5",
@@ -103,8 +104,9 @@ def dependencies():
             # provides akka jackson (json) support
             "de.heikoseeberger:akka-http-circe_2.13:1.36.0",
             "com.fasterxml.jackson.module:jackson-module-scala_2.13:2.12.3",
-            "com.apicatalog:titanium-json-ld:0.8.5",
             "javax.json:javax.json-api:1.1.4",
+            # TODO: DEV-335 upgrade titanium to 1.1.0 and jakarta-json to 2.0.1
+            "com.apicatalog:titanium-json-ld:0.8.5",
             "org.glassfish:jakarta.json:1.1.6",
 
             # swagger (api documentation)
diff --git a/third_party/versions.bzl b/third_party/versions.bzl
index e0aedffbdf..cf6900a992 100644
--- a/third_party/versions.bzl
+++ b/third_party/versions.bzl
@@ -14,6 +14,6 @@ SIPI_IMAGE_DIGEST = "sha256:67a0e8c16a67914f2765a1c7906e781383b835cfe72cd19c763b
 
 # Jena Fuseki - digest takes precedence!
 FUSEKI_REPOSITORY = "daschswiss/apache-jena-fuseki"
-FUSEKI_VERSION = "2.0.4"  # contains Fuseki 4.3.1
+FUSEKI_VERSION = "2.0.5"  # contains Fuseki 4.3.2 (with log4j 2.16.0)
 FUSEKI_IMAGE = FUSEKI_REPOSITORY
-FUSEKI_IMAGE_DIGEST = "sha256:1987685b11048b00d69873d6eca6f36de32f66e41431f2b87906aa17473501b4"
+FUSEKI_IMAGE_DIGEST = "sha256:224b044b0486d78df123507efa1579d17c8455cabc26111dc1848c2049f57700"