diff -r 33b6843fdf8a -r 82f71fb1758a src/main/java/de/uapcore/lightpit/modules/ProjectsModule.java
--- a/src/main/java/de/uapcore/lightpit/modules/ProjectsModule.java	Fri May 22 21:23:57 2020 +0200
+++ b/src/main/java/de/uapcore/lightpit/modules/ProjectsModule.java	Sat May 23 13:24:49 2020 +0200
@@ -113,14 +113,14 @@
         }
 
         void selectVersion(Version version) {
-            if (!version.getProject().equals(project)) throw new AssertionError("Nice, you implemented a bug!");
+            if (!Objects.equals(project, version.getProject())) throw new AssertionError("Nice, you implemented a bug!");
             this.version = version;
             this.issue = null;
             updateAttributes();
         }
 
         void selectIssue(Issue issue) {
-            if (!issue.getProject().equals(project)) throw new AssertionError("Nice, you implemented a bug!");
+            if (!Objects.equals(issue.getProject(), project)) throw new AssertionError("Nice, you implemented a bug!");
             this.issue = issue;
             this.version = null;
             updateAttributes();
@@ -266,7 +266,8 @@
         return ResponseType.HTML;
     }
 
-    private void configureEditVersionForm(HttpServletRequest req, SessionSelection selection) {
+    private void configureEditVersionForm(HttpServletRequest req, DataAccessObjects dao, SessionSelection selection) throws SQLException {
+        req.setAttribute("projects", dao.getProjectDao().list());
         req.setAttribute("version", selection.version);
         req.setAttribute("versionStatusEnum", VersionStatus.values());
 
@@ -277,15 +278,10 @@
     @RequestMapping(requestPath = "versions/edit", method = HttpMethod.GET)
     public ResponseType editVersion(HttpServletRequest req, HttpServletResponse resp, DataAccessObjects dao) throws IOException, SQLException {
         final var sessionSelection = new SessionSelection(req, dao);
-        if (sessionSelection.project == null) {
-            // TODO: remove this bullshit and only retrieve the object from session if we are creating a fresh version
-            resp.sendError(HttpServletResponse.SC_FORBIDDEN);
-            return ResponseType.NONE;
-        }
 
         sessionSelection.selectVersion(findByParameter(req, Integer.class, "id", dao.getVersionDao()::find)
                 .orElse(new Version(-1, sessionSelection.project)));
-        configureEditVersionForm(req, sessionSelection);
+        configureEditVersionForm(req, dao, sessionSelection);
 
         return ResponseType.HTML;
     }
@@ -293,11 +289,6 @@
     @RequestMapping(requestPath = "versions/commit", method = HttpMethod.POST)
     public ResponseType commitVersion(HttpServletRequest req, HttpServletResponse resp, DataAccessObjects dao) throws IOException, SQLException {
         final var sessionSelection = new SessionSelection(req, dao);
-        if (sessionSelection.project == null) {
-            // TODO: remove this bullshit and retrieve project id from hidden field
-            resp.sendError(HttpServletResponse.SC_FORBIDDEN);
-            return ResponseType.NONE;
-        }
 
         var version = new Version(-1, sessionSelection.project);
         try {
@@ -316,17 +307,17 @@
             LOG.warn("Form validation failure: {}", ex.getMessage());
             LOG.debug("Details:", ex);
             sessionSelection.selectVersion(version);
-            configureEditVersionForm(req, sessionSelection);
+            configureEditVersionForm(req, dao, sessionSelection);
         }
 
         return ResponseType.HTML;
     }
 
     private void configureEditIssueForm(HttpServletRequest req, DataAccessObjects dao, SessionSelection selection) throws SQLException {
+        req.setAttribute("projects", dao.getProjectDao().list());
         req.setAttribute("issue", selection.issue);
         req.setAttribute("issueStatusEnum", IssueStatus.values());
         req.setAttribute("issueCategoryEnum", IssueCategory.values());
-        req.setAttribute("versions", dao.getVersionDao().list(selection.project));
         req.setAttribute("users", dao.getUserDao().list());
 
         setContentPage(req, "issue-form");
@@ -336,11 +327,6 @@
     @RequestMapping(requestPath = "issues/edit", method = HttpMethod.GET)
     public ResponseType editIssue(HttpServletRequest req, HttpServletResponse resp, DataAccessObjects dao) throws IOException, SQLException {
         final var sessionSelection = new SessionSelection(req, dao);
-        if (sessionSelection.project == null) {
-            // TODO: remove this bullshit and only retrieve the object from session if we are creating a fresh issue
-            resp.sendError(HttpServletResponse.SC_FORBIDDEN);
-            return ResponseType.NONE;
-        }
 
         sessionSelection.selectIssue(findByParameter(req, Integer.class, "id",
                 dao.getIssueDao()::find).orElse(new Issue(-1, sessionSelection.project)));
@@ -351,12 +337,7 @@
 
     @RequestMapping(requestPath = "issues/commit", method = HttpMethod.POST)
     public ResponseType commitIssue(HttpServletRequest req, HttpServletResponse resp, DataAccessObjects dao) throws IOException, SQLException {
-        // TODO: remove this bullshit and store the project ID as hidden field
         final var sessionSelection = new SessionSelection(req, dao);
-        if (sessionSelection.project == null) {
-            resp.sendError(HttpServletResponse.SC_FORBIDDEN);
-            return ResponseType.NONE;
-        }
 
         Issue issue = new Issue(-1, sessionSelection.project);
         try {