diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..2257e2d
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,45 @@
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    groups:
+      java-test-dependencies:
+        patterns:
+          - "org.junit.jupiter:*"
+          - "org.mockito:*"
+          - "org.hamcrest:*"
+          - "org.openjdk.jmh:*"
+      maven-build-plugins:
+        patterns:
+          - "org.apache.maven.plugins:*"
+          - "org.codehaus.mojo:exec-maven-plugin"
+          - "org.jacoco:jacoco-maven-plugin"
+          - "org.owasp:dependency-check-maven"
+          - "org.sonatype.plugins:nexus-staging-maven-plugin"
+      java-production-dependencies:
+        patterns:
+          - "*"
+        exclude-patterns:
+          - "org.junit.jupiter:*"
+          - "org.mockito:*"
+          - "org.hamcrest:*"
+          - "org.openjdk.jmh:*"
+          - "org.apache.maven.plugins:*"
+          - "org.codehaus.mojo:exec-maven-plugin"
+          - "org.jacoco:jacoco-maven-plugin"
+          - "org.owasp:dependency-check-maven"
+          - "org.sonatype.plugins:nexus-staging-maven-plugin"
+
+
+  - package-ecosystem: "github-actions"
+    directory: "/" # even for `.github/workflows`
+    schedule:
+      interval: "monthly"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
+    labels:
+      - "ci"
\ No newline at end of file
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 2c4e4a0..dff3a25 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -5,18 +5,17 @@ jobs:
   build:
     name: Build and Test
     runs-on: ubuntu-latest
-    if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - uses: actions/setup-java@v3
+      - uses: actions/setup-java@v4
         with:
-          java-version: 11
+          java-version: 22
           distribution: 'temurin'
           cache: 'maven'
       - name: Cache SonarCloud packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
@@ -30,23 +29,21 @@ jobs:
           mvn -B verify
           jacoco:report
           org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
-          -Pcoverage,dependency-check
+          -Pcoverage
           -Dsonar.projectKey=cryptomator_cryptolib
           -Dsonar.organization=cryptomator
           -Dsonar.host.url=https://sonarcloud.io
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: artifacts
           path: target/*.jar
       - name: Create Release
-        uses: actions/create-release@v1 # NOTE: action is unmaintained and repo archived
+        uses: softprops/action-gh-release@v2
         if: startsWith(github.ref, 'refs/tags/')
-        env:
-          GITHUB_TOKEN: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} # release as "cryptobot"
         with:
-          tag_name: ${{ github.ref }}
-          release_name: Release ${{ github.ref }}
-          prerelease: true
\ No newline at end of file
+          prerelease: true
+          token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
+          generate_release_notes: true
\ No newline at end of file
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 223b46a..c687448 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -13,21 +13,20 @@ jobs:
   analyse:
     name: Analyse
     runs-on: ubuntu-latest
-    if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 2
-    - uses: actions/setup-java@v3
+    - uses: actions/setup-java@v4
       with:
-        java-version: 11
+        java-version: 22
         distribution: 'temurin'
         cache: 'maven'
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: java
     - name: Build and Test
       run: mvn -B install -DskipTests
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
\ No newline at end of file
+      uses: github/codeql-action/analyze@v3
\ No newline at end of file
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
new file mode 100644
index 0000000..31dd104
--- /dev/null
+++ b/.github/workflows/dependency-check.yml
@@ -0,0 +1,20 @@
+name: OWASP Maven Dependency Check
+on:
+  schedule:
+    - cron: '0 12 * * 0'
+  push:
+    branches:
+      - 'release/**'
+  workflow_dispatch:
+
+
+jobs:
+  check-dependencies:
+    uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@v1
+    with:
+      runner-os: 'ubuntu-latest'
+      java-distribution: 'temurin'
+      java-version: 22
+    secrets:
+      nvd-api-key: ${{ secrets.NVD_API_KEY }}
+      slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.github/workflows/publish-central.yml b/.github/workflows/publish-central.yml
index 526cc8d..f075bc2 100644
--- a/.github/workflows/publish-central.yml
+++ b/.github/workflows/publish-central.yml
@@ -10,12 +10,12 @@ jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: "refs/tags/${{ github.event.inputs.tag }}"
-      - uses: actions/setup-java@v3
+      - uses: actions/setup-java@v4
         with:
-          java-version: 11
+          java-version: 22
           distribution: 'temurin'
           cache: 'maven'
           server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
@@ -24,10 +24,11 @@ jobs:
           gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
           gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
       - name: Enforce project version ${{ github.event.inputs.tag }}
-        run: mvn versions:set -B -DnewVersion=${{ github.event.inputs.tag }}
+        run: mvn versions:set -B -DnewVersion=$GIT_TAG
       - name: Deploy
         run: mvn deploy -B -DskipTests -Psign,deploy-central --no-transfer-progress
         env:
+          GIT_TAG: ${{ github.event.inputs.tag }}
           MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
           MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
\ No newline at end of file
diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml
index d195008..b590555 100644
--- a/.github/workflows/publish-github.yml
+++ b/.github/workflows/publish-github.yml
@@ -7,10 +7,10 @@ jobs:
     runs-on: ubuntu-latest
     if: startsWith(github.ref, 'refs/tags/') # only allow publishing tagged versions
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-java@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
         with:
-          java-version: 11
+          java-version: 22
           distribution: 'temurin'
           cache: 'maven'
           gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
diff --git a/.idea/misc.xml b/.idea/misc.xml
index 4d8efc6..a6632ff 100644
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -1,5 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
+  <component name="ExternalStorageConfigurationManager" enabled="true" />
   <component name="MavenProjectsManager">
     <option name="originalFiles">
       <list>
@@ -7,5 +8,5 @@
       </list>
     </option>
   </component>
-  <component name="ProjectRootManager" version="2" languageLevel="JDK_1_8" default="false" project-jdk-name="11" project-jdk-type="JavaSDK" />
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_1_8" project-jdk-name="22" project-jdk-type="JavaSDK" />
 </project>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index a1bd32d..a4080bc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,7 +2,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>cryptolib</artifactId>
-	<version>2.1.2</version>
+	<version>2.2.0</version>
 	<name>Cryptomator Crypto Library</name>
 	<description>This library contains all cryptographic functions that are used by Cryptomator.</description>
 	<url>https://github.com/cryptomator/cryptolib</url>
@@ -18,22 +18,22 @@
 		<maven.compiler.release>8</maven.compiler.release>
 
 		<!-- dependencies -->
-		<gson.version>2.8.9</gson.version>
-		<guava.version>31.0.1-jre</guava.version>
-		<siv-mode.version>1.4.4</siv-mode.version>
-		<bouncycastle.version>1.70</bouncycastle.version>
-		<slf4j.version>1.7.35</slf4j.version>
+		<gson.version>2.10.1</gson.version>
+		<guava.version>33.1.0-jre</guava.version>
+		<siv-mode.version>1.5.2</siv-mode.version>
+		<bouncycastle.version>1.78.1</bouncycastle.version>
+		<slf4j.version>2.0.13</slf4j.version>
 
 		<!-- test dependencies -->
-		<junit.jupiter.version>5.8.2</junit.jupiter.version>
-		<mockito.version>4.3.1</mockito.version>
+		<junit.jupiter.version>5.10.2</junit.jupiter.version>
+		<mockito.version>5.11.0</mockito.version>
 		<hamcrest.version>2.2</hamcrest.version>
-		<jmh.version>1.34</jmh.version>
+		<jmh.version>1.37</jmh.version>
 
 		<!-- build plugin dependencies -->
-		<dependency-check.version>6.5.3</dependency-check.version>
-		<jacoco.version>0.8.7</jacoco.version>
-		<nexus-staging.version>1.6.8</nexus-staging.version>
+		<dependency-check.version>9.1.0</dependency-check.version>
+		<jacoco.version>0.8.12</jacoco.version>
+		<nexus-staging.version>1.6.13</nexus-staging.version>
 	</properties>
 
 	<licenses>
@@ -63,7 +63,7 @@
 
 		<dependency>
 			<groupId>org.bouncycastle</groupId>
-			<artifactId>bcpkix-jdk15on</artifactId>
+			<artifactId>bcpkix-jdk18on</artifactId>
 			<version>${bouncycastle.version}</version>
 			<!-- see maven-shade-plugin; we don't want this as a transitive dependency in other projects -->
 			<optional>true</optional>
@@ -131,7 +131,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-enforcer-plugin</artifactId>
-				<version>3.0.0</version>
+				<version>3.4.1</version>
 				<executions>
 					<execution>
 						<id>enforce-java</id>
@@ -141,8 +141,8 @@
 						<configuration>
 							<rules>
 								<requireJavaVersion>
-									<message>You need at least JDK 11.0.3 to build this project.</message>
-									<version>[11.0.3,)</version>
+									<message>You need at least JDK 22 to build this project.</message>
+									<version>[22,)</version>
 								</requireJavaVersion>
 							</rules>
 						</configuration>
@@ -151,7 +151,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.9.0</version>
+				<version>3.13.0</version>
 				<configuration>
 					<encoding>UTF-8</encoding>
 					<showWarnings>true</showWarnings>
@@ -171,11 +171,25 @@
 							<multiReleaseOutput>true</multiReleaseOutput>
 						</configuration>
 					</execution>
+					<execution>
+						<id>java22</id>
+						<phase>compile</phase>
+						<goals>
+							<goal>compile</goal>
+						</goals>
+						<configuration>
+							<release>22</release>
+							<compileSourceRoots>
+								<compileSourceRoot>${project.basedir}/src/main/java22</compileSourceRoot>
+							</compileSourceRoots>
+							<multiReleaseOutput>true</multiReleaseOutput>
+						</configuration>
+					</execution>
 				</executions>
 			</plugin>
 			<plugin>
 				<artifactId>maven-shade-plugin</artifactId>
-				<version>3.4.0</version>
+				<version>3.5.3</version>
 				<executions>
 					<execution>
 						<phase>package</phase>
@@ -213,7 +227,7 @@
 			<plugin>
 				<groupId>org.codehaus.mojo</groupId>
 				<artifactId>exec-maven-plugin</artifactId>
-				<version>3.1.0</version>
+				<version>3.2.0</version>
 				<executions>
 					<execution>
 						<phase>package</phase>
@@ -228,6 +242,7 @@
 								<argument>--update</argument>
 								<argument>--file=${project.build.directory}/${project.build.finalName}.jar</argument>
 								<argument>META-INF/versions/9/module-info.class</argument>
+								<argument>META-INF/versions/22/module-info.class</argument>
 							</arguments>
 						</configuration>
 					</execution>
@@ -236,12 +251,12 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-surefire-plugin</artifactId>
-				<version>3.0.0-M5</version>
+				<version>3.2.5</version>
 			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-jar-plugin</artifactId>
-				<version>3.2.2</version>
+				<version>3.4.1</version>
 				<configuration>
 					<archive>
 						<manifestEntries>
@@ -253,7 +268,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-source-plugin</artifactId>
-				<version>3.2.1</version>
+				<version>3.3.1</version>
 				<executions>
 					<execution>
 						<id>attach-sources</id>
@@ -265,7 +280,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>3.3.1</version>
+				<version>3.6.3</version>
 				<executions>
 					<execution>
 						<id>attach-javadocs</id>
@@ -317,17 +332,19 @@
 						<artifactId>dependency-check-maven</artifactId>
 						<version>${dependency-check.version}</version>
 						<configuration>
-							<cveValidForHours>24</cveValidForHours>
+							<nvdValidForHours>24</nvdValidForHours>
 							<failBuildOnCVSS>0</failBuildOnCVSS>
 							<skipTestScope>true</skipTestScope>
 							<detail>true</detail>
 							<suppressionFile>suppression.xml</suppressionFile>
+							<nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
 						</configuration>
 						<executions>
 							<execution>
 								<goals>
 									<goal>check</goal>
 								</goals>
+								<phase>validate</phase>
 							</execution>
 						</executions>
 					</plugin>
@@ -368,7 +385,7 @@
 				<plugins>
 					<plugin>
 						<artifactId>maven-gpg-plugin</artifactId>
-						<version>3.0.1</version>
+						<version>3.2.4</version>
 						<executions>
 							<execution>
 								<id>sign-artifacts</id>
diff --git a/src/main/java22/module-info.java b/src/main/java22/module-info.java
new file mode 100644
index 0000000..06e5d6a
--- /dev/null
+++ b/src/main/java22/module-info.java
@@ -0,0 +1,27 @@
+import org.cryptomator.cryptolib.api.CryptorProvider;
+
+/**
+ * This module provides the highlevel cryptographic API used by Cryptomator.
+ *
+ * @uses CryptorProvider See {@link CryptorProvider#forScheme(CryptorProvider.Scheme)}
+ * @provides CryptorProvider Providers for {@link org.cryptomator.cryptolib.api.CryptorProvider.Scheme#SIV_CTRMAC SIV/CTR-then-MAC}
+ * and {@link org.cryptomator.cryptolib.api.CryptorProvider.Scheme#SIV_GCM SIV/GCM}
+ */
+module org.cryptomator.cryptolib {
+	requires static org.bouncycastle.provider; // will be shaded
+	requires static org.bouncycastle.pkix; // will be shaded
+	requires org.cryptomator.siv;
+	requires com.google.gson;
+	requires transitive com.google.common;
+	requires org.slf4j;
+
+	exports org.cryptomator.cryptolib.api;
+	exports org.cryptomator.cryptolib.common;
+
+	opens org.cryptomator.cryptolib.common to com.google.gson;
+
+	uses CryptorProvider;
+
+	provides CryptorProvider
+			with org.cryptomator.cryptolib.v1.CryptorProviderImpl, org.cryptomator.cryptolib.v2.CryptorProviderImpl;
+}
\ No newline at end of file
diff --git a/suppression.xml b/suppression.xml
index b4e9da1..a831953 100644
--- a/suppression.xml
+++ b/suppression.xml
@@ -3,8 +3,9 @@
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
 	<suppress>
 		<notes><![CDATA[
-        Incorrectly matched CPE
-        ]]></notes>
+			Incorrectly matched CPE
+			]]>
+		</notes>
 		<gav regex="true">org\.cryptomator:.*</gav>
 		<cpe>cpe:/a:cryptomator:cryptomator</cpe>
 		<cve>CVE-2022-25366</cve>
@@ -12,10 +13,11 @@
 
 	<suppress>
 		<notes><![CDATA[
-  		Suppress false positive, because com.google.common.io.Files.getTempDir() is not used
-   ]]></notes>
+			Suppress false positive, because com.google.common.io.Files.getTempDir() is not used
+			]]>
+		</notes>
 		<packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
 		<vulnerabilityName>CVE-2020-8908</vulnerabilityName>
 		<cve>CVE-2020-8908</cve>
 	</suppress>
-</suppressions>
\ No newline at end of file
+</suppressions>