diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2c4620fc87..97dff642cb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 - Simplified collapse state management of the secondary navigation ([#1086](https://github.com/scm-manager/scm-manager/pull/1086)
 
+### Fixed
+- Authentication for write requests for repositories with anonymous read access ([#108](https://github.com/scm-manager/scm-manager/pull/1081))
+
+
 ## 2.0.0-rc6 - 2020-03-26
 ### Added
 - Extension point to add links to the repository cards from plug ins ([#1041](https://github.com/scm-manager/scm-manager/pull/1041))
diff --git a/pom.xml b/pom.xml
index 2054116a65..6a56a1fd5a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -912,7 +912,7 @@
     <jaxrs.version>2.1.1</jaxrs.version>
     <resteasy.version>4.5.2.Final</resteasy.version>
     <jersey-client.version>1.19.4</jersey-client.version>
-    <jackson.version>2.10.2</jackson.version>
+    <jackson.version>2.10.3</jackson.version>
     <guice.version>4.2.2</guice.version>
     <jaxb.version>2.3.1</jaxb.version>
     <hibernate-validator.version>6.1.2.Final</hibernate-validator.version>
@@ -944,7 +944,7 @@
     <project.test.javaLevel>8</project.test.javaLevel>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <netbeans.hint.license>SCM-MIT</netbeans.hint.license>
-    <jdk.classifier />
+    <jdk.classifier/>
     <org.mapstruct.version>1.3.1.Final</org.mapstruct.version>
 
     <!-- Sonar exclusions -->
diff --git a/scm-annotation-processor/pom.xml b/scm-annotation-processor/pom.xml
index 4881cf3110..eafc3f5c58 100644
--- a/scm-annotation-processor/pom.xml
+++ b/scm-annotation-processor/pom.xml
@@ -78,7 +78,7 @@
     <dependency>
       <groupId>org.kohsuke.metainf-services</groupId>
       <artifactId>metainf-services</artifactId>
-      <version>1.7</version>
+      <version>1.8</version>
     </dependency>
     
   </dependencies>
diff --git a/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java b/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
index a254edcb41..9cfa95c1d5 100644
--- a/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
+++ b/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
@@ -21,7 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE.
  */
-    
+
 package sonia.scm.web.filter;
 
 import org.apache.shiro.SecurityUtils;
@@ -35,7 +35,7 @@ import sonia.scm.repository.Repository;
 import sonia.scm.repository.RepositoryPermissions;
 import sonia.scm.repository.spi.ScmProviderHttpServlet;
 import sonia.scm.repository.spi.ScmProviderHttpServletDecorator;
-import sonia.scm.security.Role;
+import sonia.scm.security.Authentications;
 import sonia.scm.security.ScmSecurityException;
 import sonia.scm.util.HttpUtil;
 
@@ -177,7 +177,7 @@ public abstract class PermissionFilter extends ScmProviderHttpServletDecorator
     HttpServletResponse response, Subject subject)
     throws IOException
   {
-    if (subject.hasRole(Role.USER))
+    if (!Authentications.isAuthenticatedSubjectAnonymous())
     {
       sendNotEnoughPrivilegesError(request, response);
     }
diff --git a/scm-core/src/test/java/sonia/scm/web/filter/PermissionFilterTest.java b/scm-core/src/test/java/sonia/scm/web/filter/PermissionFilterTest.java
index ad21e501e7..5ba99bd2f1 100644
--- a/scm-core/src/test/java/sonia/scm/web/filter/PermissionFilterTest.java
+++ b/scm-core/src/test/java/sonia/scm/web/filter/PermissionFilterTest.java
@@ -21,7 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE.
  */
-    
+
 package sonia.scm.web.filter;
 
 import com.github.sdorra.shiro.ShiroRule;
@@ -82,6 +82,17 @@ public class PermissionFilterTest {
 
     permissionFilter.service(request, response, REPOSITORY);
 
+    verify(response).sendError(eq(403));
+    verify(delegateServlet, never()).service(request, response, REPOSITORY);
+  }
+
+  @Test
+  @SubjectAware(username = "_anonymous", password = "secret")
+  public void shouldBlockForAnonymousOnWriteRequestWithAuthenticationRequest() throws IOException, ServletException {
+    writeRequest = true;
+
+    permissionFilter.service(request, response, REPOSITORY);
+
     verify(response).sendError(eq(401), anyString());
     verify(delegateServlet, never()).service(request, response, REPOSITORY);
   }
diff --git a/scm-core/src/test/resources/sonia/scm/shiro.ini b/scm-core/src/test/resources/sonia/scm/shiro.ini
index fda268ec83..4bd34d3a41 100644
--- a/scm-core/src/test/resources/sonia/scm/shiro.ini
+++ b/scm-core/src/test/resources/sonia/scm/shiro.ini
@@ -4,6 +4,7 @@ admin = secret, admin
 writer = secret, repo_write
 reader = secret, repo_read
 unpriv = secret
+_anonymous = secret
 
 [roles]
 admin = *
diff --git a/scm-ui/ui-scripts/package.json b/scm-ui/ui-scripts/package.json
index 25f5b25023..8a26c95c41 100644
--- a/scm-ui/ui-scripts/package.json
+++ b/scm-ui/ui-scripts/package.json
@@ -14,10 +14,10 @@
     "babel-loader": "^8.0.6",
     "css-loader": "^3.2.0",
     "file-loader": "^4.2.0",
-    "mini-css-extract-plugin": "^0.8.0",
+    "mini-css-extract-plugin": "^0.9.0",
     "mustache": "^3.1.0",
     "optimize-css-assets-webpack-plugin": "^5.0.3",
-    "react-refresh": "^0.7.2",
+    "react-refresh": "^0.8.0",
     "sass": "^1.26.3",
     "sass-loader": "^8.0.0",
     "script-loader": "^0.7.2",
diff --git a/scm-webapp/pom.xml b/scm-webapp/pom.xml
index 24ba16333a..f7ae938b5b 100644
--- a/scm-webapp/pom.xml
+++ b/scm-webapp/pom.xml
@@ -204,7 +204,7 @@
     <dependency>
       <groupId>javax.xml.bind</groupId>
       <artifactId>jaxb-api</artifactId>
-      <version>2.3.0</version>
+      <version>2.3.1</version>
     </dependency>
 
     <dependency>