diff --git a/batik-build.tar.xz b/batik-build.tar.xz
index 23958be..7a73559 100644
--- a/batik-build.tar.xz
+++ b/batik-build.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:229103e967025713d46c8149da8a86d0f84cc9cd09fc832118ec846ece7fa982
-size 9792
+oid sha256:7ced40cc9700c67da74db56a647c8c5e6fc9498bb0462372c113c387190bd767
+size 10132
diff --git a/batik-src-1.15.tar.gz b/batik-src-1.15.tar.gz
deleted file mode 100644
index aaa9caa..0000000
--- a/batik-src-1.15.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d743d3aaae918ef704e0f30b9b86c65d96dbae06896e882a7b3ea37ad3873054
-size 13495199
diff --git a/batik-src-1.17.tar.gz b/batik-src-1.17.tar.gz
new file mode 100644
index 0000000..730ef62
--- /dev/null
+++ b/batik-src-1.17.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:555a9b1cbfa2cc7cd69b35cb46ad28e8a06befb1d5d2465de56ef3f1ddbbc11e
+size 13578640
diff --git a/xmlgraphics-batik-nosourcetarget.patch b/xmlgraphics-batik-nosourcetarget.patch
deleted file mode 100644
index 0318743..0000000
--- a/xmlgraphics-batik-nosourcetarget.patch
+++ /dev/null
@@ -1,47 +0,0 @@
---- batik-1.15/build.xml	2023-10-25 17:01:52.414466777 +0200
-+++ batik-1.15/build.xml	2023-10-25 17:03:22.921750305 +0200
-@@ -94,8 +94,6 @@
-     <property name="debug"              value="on"/>
-     <property name="optimize"           value="on"/>
-     <property name="deprecation"        value="on"/>
--    <property name="javac.source" value="1.7"/>
--    <property name="javac.target" value="1.7"/>
-     <property name="src"                value="sources"/>
-     <property name="src-internal-codec" value="sources-internal-codec"/>
-     <property name="resources"          value="resources"/>
-@@ -712,7 +710,7 @@
- 
-     <echo message="debug ${debug}, optimize ${optimize}, deprecation ${deprecation}"/>
- 
--    <javac source="${javac.source}" target="${javac.target}" destdir="${dest}"  deprecation="${deprecation}" 
-+    <javac destdir="${dest}"  deprecation="${deprecation}" 
-            debug="${debug}" optimize="${optimize}" encoding="UTF-8">
-       <src path="${testsrc}"/>
-       <src path="batik-test/src/main/java"/>
-@@ -743,7 +741,7 @@
- 
-     <echo message="debug ${debug}, optimize ${optimize}, deprecation ${deprecation}"/>
- 
--    <javac source="${javac.source}" target="${javac.target}" srcdir="${samples}/tests/resources/java/sources" destdir="${samples}/tests/resources/java/classes"  deprecation="${deprecation}" 
-+    <javac srcdir="${samples}/tests/resources/java/sources" destdir="${samples}/tests/resources/java/classes"  deprecation="${deprecation}" 
-            debug="${debug}" optimize="${optimize}" encoding="UTF-8">
-       <classpath>
-         <pathelement location="${dest}"/>
-@@ -753,7 +751,7 @@
-       </classpath>
-     </javac>
- 
--    <javac source="${javac.source}" target="${javac.target}" srcdir="${testresources}" destdir="${testresources}/classes"  deprecation="${deprecation}" 
-+    <javac srcdir="${testresources}" destdir="${testresources}/classes"  deprecation="${deprecation}" 
-            debug="${debug}" optimize="${optimize}" encoding="UTF-8">
-       <classpath>
-         <pathelement location="${dest}"/>
-@@ -999,7 +997,7 @@
-   </target>
- 
-   <target name="compile" depends="init, compile-prepare, compile-copy-resources" unless="compile.done">
--    <javac source="${javac.source}" target="${javac.target}" destdir="${dest}" deprecation="${deprecation}" 
-+    <javac destdir="${dest}" deprecation="${deprecation}" 
-            debug="${debug}" optimize="${optimize}" encoding="UTF-8"
-            includeAntRuntime="true">
-       <src path="batik-anim/src/main/java"/>
diff --git a/xmlgraphics-batik.changes b/xmlgraphics-batik.changes
index d493e78..21ac244 100644
--- a/xmlgraphics-batik.changes
+++ b/xmlgraphics-batik.changes
@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Fri Mar  1 19:02:03 UTC 2024 - Fridrich Strba <fstrba@suse.com>
+
+- Upgrade to version 1.17
+  * BATIK-1346: Allow configuration of rhino whitelist
+  * BATIK-1347: Switch to empty whitelist for rhino (CVE-2022-44730)
+  * BATIK-1349: Block loading external resource by default
+    (CVE-2022-44729)
+- Upgrade to version 1.16
+  * Java 8 or later is minimum runtime required
+  * BATIK-1338: Block loading jar inside svg (CVE-2022-41704,
+    bsc#1204704)
+  * BATIK-1345: Restrict what java classes can be run thru rhino
+    (CVE-2022-42890, bsc#1204709)
+- Removed patch:
+  * xmlgraphics-batik-nosourcetarget.patch
+    + not needed since Java 8 compatibility is now the default
+
+-------------------------------------------------------------------
+Thu Feb 29 07:18:22 UTC 2024 - Fridrich Strba <fstrba@suse.com>
+
+- Allow building with this spec-file on systems that don't have the
+  mvn_install_pom macros defined and release version requirement
+  of javapackages-local
+- Require the xmlgraphics-commons, xml-commons-apis a rhino by their
+  names, since they are on the classpath by their location in the
+  scripts. Require them in the subpackages that contain the scripts.
+- Require javapackages-tools in subpackages that contain scripts
+  created by jpackage_script macro. The scripts need functions from
+  javapackages-tools
+
 -------------------------------------------------------------------
 Wed Feb 21 10:55:53 UTC 2024 - Gus Kenion <gus.kenion@suse.com>
 
diff --git a/xmlgraphics-batik.spec b/xmlgraphics-batik.spec
index 7bf3cf0..de8aef4 100644
--- a/xmlgraphics-batik.spec
+++ b/xmlgraphics-batik.spec
@@ -17,10 +17,11 @@
 #
 
 
+%{!?mvn_install_pom:%global mvn_install_pom install -pm 0644}
 %define _buildshell /bin/bash
 %global classpath xmlgraphics-batik:rhino:xml-commons-apis:xml-commons-apis-ext:xmlgraphics-commons
 Name:           xmlgraphics-batik
-Version:        1.15
+Version:        1.17
 Release:        0
 Summary:        Scalable Vector Graphics for Java
 License:        Apache-2.0
@@ -31,18 +32,14 @@ Source1:        batik-build.tar.xz
 Source7:        %{name}.security.policy
 Patch0:         %{name}-nolinksinjavadoc.patch
 Patch1:         0001-Fix-imageio-codec-lookup.patch
-Patch2:         %{name}-nosourcetarget.patch
 BuildRequires:  ant
 BuildRequires:  fdupes
 BuildRequires:  java-devel >= 1.8
-BuildRequires:  javapackages-local >= 6
+BuildRequires:  javapackages-local
 BuildRequires:  rhino >= 1.6
 BuildRequires:  xml-commons-apis >= 1.3.03
 BuildRequires:  xmlgraphics-commons
 Requires:       %{name}-css = %{version}-%{release}
-Requires:       mvn(org.apache.xmlgraphics:xmlgraphics-commons)
-Requires:       mvn(xml-apis:xml-apis)
-Requires:       mvn(xml-apis:xml-apis-ext)
 Obsoletes:      batik < %{version}-%{release}
 Provides:       batik = %{version}-%{release}
 BuildArch:      noarch
@@ -66,6 +63,10 @@ CSS component of the Apache Batik SVG manipulation and rendering library.
 Summary:        Batik SVG browser
 Group:          Productivity/Graphics/Vector Editors
 Requires:       %{name} = %{version}-%{release}
+Requires:       javapackages-tools
+Requires:       rhino
+Requires:       xml-commons-apis
+Requires:       xmlgraphics-commons
 Obsoletes:      batik-squiggle < %{version}-%{release}
 Provides:       batik-squiggle = %{version}-%{release}
 
@@ -77,6 +78,10 @@ in the content and select text items in the image and much more.
 Summary:        Batik SVG pretty printer
 Group:          Productivity/Graphics/Vector Editors
 Requires:       %{name} = %{version}-%{release}
+Requires:       javapackages-tools
+Requires:       rhino
+Requires:       xml-commons-apis
+Requires:       xmlgraphics-commons
 Obsoletes:      batik-svgpp < %{version}-%{release}
 Provides:       batik-svgpp = %{version}-%{release}
 
@@ -89,6 +94,10 @@ also be used to modify the DOCTYPE declaration on SVG files.
 Summary:        Batik SVG font converter
 Group:          Productivity/Graphics/Vector Editors
 Requires:       %{name} = %{version}-%{release}
+Requires:       javapackages-tools
+Requires:       rhino
+Requires:       xml-commons-apis
+Requires:       xmlgraphics-commons
 Obsoletes:      batik-ttf2svg < %{version}-%{release}
 Provides:       batik-ttf2svg = %{version}-%{release}
 
@@ -102,6 +111,10 @@ rendered exactly the same on all systems.
 Summary:        Batik SVG rasterizer
 Group:          Productivity/Graphics/Vector Editors
 Requires:       %{name} = %{version}-%{release}
+Requires:       javapackages-tools
+Requires:       rhino
+Requires:       xml-commons-apis
+Requires:       xmlgraphics-commons
 Obsoletes:      batik-rasterizer < %{version}-%{release}
 Provides:       batik-rasterizer = %{version}-%{release}
 
@@ -116,6 +129,10 @@ to be added easily.
 Summary:        Batik SVG slideshow
 Group:          Productivity/Graphics/Vector Editors
 Requires:       %{name} = %{version}-%{release}
+Requires:       javapackages-tools
+Requires:       rhino
+Requires:       xml-commons-apis
+Requires:       xmlgraphics-commons
 Obsoletes:      batik-slideshow < %{version}-%{release}
 Provides:       batik-slideshow = %{version}-%{release}
 
@@ -149,19 +166,13 @@ find -name '*.jar' -delete
 
 %patch -P 0 -p1
 %patch -P 1 -p1
-%patch -P 2 -p1
 
 cp -p %{SOURCE7} batik-svgrasterizer/src/main/resources/org/apache/batik/apps/rasterizer/resources/rasterizer.policy
 cp -p %{SOURCE7} batik-svgbrowser/src/main/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.policy
 
-# It's an uberjar, it shouldn't have requires
-%pom_xpath_inject pom:dependency '<optional>true</optional>' batik-all
-
 # eclipse expects xmlgraphics to be optional
 %pom_xpath_inject 'pom:dependency[pom:artifactId="xmlgraphics-commons"]' '<optional>true</optional>' batik-css
 
-%pom_remove_dep :batik-i18n batik-util
-
 for pom in `find -mindepth 2 -name pom.xml -not -path ./batik-all/pom.xml`; do
     %pom_add_plugin org.apache.felix:maven-bundle-plugin $pom "
         <extensions>true</extensions>
@@ -191,7 +202,6 @@ export OPT_JAR_LIST=:
     -f build-batik.xml -Dtest.skip=true \
 	package
 %{ant} \
-    -Dant.build.javac.source=8 -Dant.build.javac.target=8 \
     all-jar jars javadoc
 
 %install