diff --git a/.github/workflows/create_release.yml b/.github/workflows/create_release.yml
index d9d2a38..3bb12b1 100644
--- a/.github/workflows/create_release.yml
+++ b/.github/workflows/create_release.yml
@@ -11,17 +11,22 @@ on:
 
 jobs:
   create_release:
-    runs-on: ubuntu-20.04  # newest available distribution, aka focal
+    runs-on: ubuntu-22.04  # newest available distribution, aka jellyfish
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           # Prevent use of implicit GitHub Actions read-only token GITHUB_TOKEN. We don't deploy on
           # the tag MAJOR.MINOR.PATCH event, but we still need to deploy the maven-release-plugin master commit.
           token: ${{ secrets.GH_TOKEN }}
-          fetch-depth: 1  # only need the base commit as license check isn't run
+          fetch-depth: 1  # only need the HEAD commit as license check isn't run
+      - name: Setup java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'zulu'  # zulu as it supports a wide version range
+          java-version: '11'  # earliest LTS and last that can compile the 1.6 release profile.
       - name: Cache local Maven repository
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 411edac..e4069ac 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -14,20 +14,34 @@ on:
 
 jobs:
   deploy:
-    runs-on: ubuntu-20.04  # newest available distribution, aka focal
+    runs-on: ubuntu-22.04  # newest available distribution, aka jellyfish
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
-          fetch-depth: 1  # only needed to get the sha label
+          # Prevent use of implicit GitHub Actions read-only token GITHUB_TOKEN.
+          # We push Javadocs to the gh-pages branch on commit.
+          token: ${{ secrets.GH_TOKEN }}
+          fetch-depth: 0  # allow build-bin/idl_to_gh_pages to get the full history
+      - name: Setup java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'zulu'  # zulu as it supports a wide version range
+          java-version: '11'  # earliest LTS and last that can compile the 1.6 release profile.
       - name: Cache local Maven repository
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-maven-
       - name: Deploy
         env:
+          # GH_USER=<user that created GH_TOKEN>
+          GH_USER: ${{ secrets.GH_USER }}
+          # GH_TOKEN=<hex token value>
+          #   - pushes gh-pages during build-bin/javadoc_to_gh_pages
+          #   - create via https://github.com/settings/tokens
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
           GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
           # GPG_PASSPHRASE=<passphrase for GPG_SIGNING_KEY>
           #   - referenced in .settings.xml
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 49040c1..1339232 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -15,21 +15,58 @@ on:
     paths-ignore: '**/*.md'
 
 jobs:
+  test-javadoc:
+    name: Test JavaDoc Builds
+    runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish
+    if: "!contains(github.event.head_commit.message, 'maven-release-plugin')"
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # full git history for license check
+      - name: Setup java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'zulu'  # zulu as it supports a wide version range
+          java-version: '11'  # earliest LTS and last that can compile the 1.6 release profile.
+      - name: Cache local Maven repository
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-jdk-11-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-jdk-11-maven-
+      - name: Build JavaDoc
+        run: ./mvnw clean javadoc:aggregate -Prelease
+
   test:
-    runs-on: ubuntu-20.04  # newest available distribution, aka focal
+    name: test (JDK ${{ matrix.java_version }})
+    runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish
     if: "!contains(github.event.head_commit.message, 'maven-release-plugin')"
+    strategy:
+      fail-fast: false  # don't fail fast as sometimes failures are operating system specific
+      matrix:  # use latest available versions and be consistent on all workflows!
+        include:
+          - java_version: 11  # Last that can compile brave to 1.6
+            maven_args: -Prelease -Dgpg.skip -Dmaven.javadoc.skip=true
+          - java_version: 21  # Most recent LTS
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # full git history for license check
+      - name: Setup java
+        uses: actions/setup-java@v4
         with:
-          fetch-depth: 0  # full git history for license check
+          distribution: 'zulu'  # zulu as it supports a wide version range
+          java-version: ${{ matrix.java_version }}
       - name: Cache local Maven repository
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-maven-
-      # We can't cache Docker without using buildx because GH actions restricts /var/lib/docker
-      # That's ok because DOCKER_PARENT_IMAGE is always ghcr.io and local anyway.
+          key: ${{ runner.os }}-jdk-${{ matrix.java_version }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-jdk-${{ matrix.java_version }}-maven-
+      # Don't attempt to cache Docker. Sensitive information can be stolen
+      # via forks, and login session ends up in ~/.docker. This is ok because
+      # we publish DOCKER_PARENT_IMAGE to ghcr.io, hence local to the runner.
       - name: Test
         run: build-bin/configure_test && build-bin/test
diff --git a/.mvn/wrapper/maven-wrapper.jar b/.mvn/wrapper/maven-wrapper.jar
index 2cc7d4a..cb28b0e 100644
Binary files a/.mvn/wrapper/maven-wrapper.jar and b/.mvn/wrapper/maven-wrapper.jar differ
diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties
index 642d572..346d645 100644
--- a/.mvn/wrapper/maven-wrapper.properties
+++ b/.mvn/wrapper/maven-wrapper.properties
@@ -1,2 +1,18 @@
-distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip
-wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.6/apache-maven-3.9.6-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar
diff --git a/build-bin/docker/configure_docker b/build-bin/docker/configure_docker
index 3b654cd..750d30e 100755
--- a/build-bin/docker/configure_docker
+++ b/build-bin/docker/configure_docker
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright 2017-2020 The OpenZipkin Authors
+# Copyright 2017-2024 The OpenZipkin Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 # in compliance with the License. You may obtain a copy of the License at
@@ -25,13 +25,8 @@ set -ue
 # * checks.disable=true - saves time and a docker.io pull of alpine
 # * ryuk doesn't count against docker.io rate limits because Docker approved testcontainers as OSS
 echo checks.disable=true >> ~/.testcontainers.properties
-# * upgrade ryuk until https://github.com/testcontainers/testcontainers-java/pull/3630
-echo ryuk.container.image=testcontainers/ryuk:0.3.1 >> ~/.testcontainers.properties
 
 # We don't use any docker.io images, but add a Google's mirror in case something implicitly does
 # * See https://cloud.google.com/container-registry/docs/pulling-cached-images
 echo '{ "registry-mirrors": ["https://mirror.gcr.io"] }' | sudo tee /etc/docker/daemon.json
 sudo service docker restart
-
-# * Ensure buildx and related features are disabled
-mkdir -p ${HOME}/.docker && echo '{"experimental":"disabled"}' > ${HOME}/.docker/config.json
diff --git a/build-bin/git/login_git b/build-bin/git/login_git
index b0ab0fb..1af00df 100755
--- a/build-bin/git/login_git
+++ b/build-bin/git/login_git
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright 2017-2020 The OpenZipkin Authors
+# Copyright 2017-2024 The OpenZipkin Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 # in compliance with the License. You may obtain a copy of the License at
diff --git a/build-bin/git/version_from_trigger_tag b/build-bin/git/version_from_trigger_tag
index 95c6ca6..5687c9e 100755
--- a/build-bin/git/version_from_trigger_tag
+++ b/build-bin/git/version_from_trigger_tag
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright 2017-2020 The OpenZipkin Authors
+# Copyright 2017-2024 The OpenZipkin Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 # in compliance with the License. You may obtain a copy of the License at
@@ -13,8 +13,6 @@
 # the License.
 #
 
-set -ue
-
 # This script echos a `MAJOR.MINOR.PATCH` version tag based on..
 #  * arg1: XXXXX- prefix
 #  * arg2: XXXXX-MAJOR.MINOR.PATCH git trigger tag
@@ -23,6 +21,8 @@ set -ue
 #
 # Note: In CI, `build-bin/git/login_git` must be called before invoking this.
 
+set -ue
+
 trigger_tag_prefix=${1?required. Ex docker- to match docker-1.2.3}
 trigger_tag=${2?trigger_tag is required. Ex ${trigger_tag_prefix}1.2.3}
 
diff --git a/build-bin/gpg/configure_gpg b/build-bin/gpg/configure_gpg
index cacfae4..fa90991 100755
--- a/build-bin/gpg/configure_gpg
+++ b/build-bin/gpg/configure_gpg
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright 2017-2020 The OpenZipkin Authors
+# Copyright 2017-2024 The OpenZipkin Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 # in compliance with the License. You may obtain a copy of the License at
@@ -13,10 +13,10 @@
 # the License.
 #
 
-set -ue
-
 # This script prepares GPG, needed to sign jars for Sonatype deployment during `maven_deploy`
 
+set -ue
+
 # ensure GPG commands work non-interactively
 export GPG_TTY=$(tty)
 # import signing key used for jar files
diff --git a/build-bin/maven/maven_deploy b/build-bin/maven/maven_deploy
index 86a9550..a8d2015 100755
--- a/build-bin/maven/maven_deploy
+++ b/build-bin/maven/maven_deploy
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright 2017-2020 The OpenZipkin Authors
+# Copyright 2017-2024 The OpenZipkin Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 # in compliance with the License. You may obtain a copy of the License at
diff --git a/build-bin/maven/maven_go_offline b/build-bin/maven/maven_go_offline
index c999856..7314556 100755
--- a/build-bin/maven/maven_go_offline
+++ b/build-bin/maven/maven_go_offline
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright 2017-2020 The OpenZipkin Authors
+# Copyright 2017-2024 The OpenZipkin Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 # in compliance with the License. You may obtain a copy of the License at
diff --git a/build-bin/maven/maven_opts b/build-bin/maven/maven_opts
index 9396cc2..6d89fe5 100755
--- a/build-bin/maven/maven_opts
+++ b/build-bin/maven/maven_opts
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright 2017-2020 The OpenZipkin Authors
+# Copyright 2017-2024 The OpenZipkin Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 # in compliance with the License. You may obtain a copy of the License at
diff --git a/build-bin/maven/maven_release b/build-bin/maven/maven_release
index bbce51d..fd45c0c 100755
--- a/build-bin/maven/maven_release
+++ b/build-bin/maven/maven_release
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright 2017-2020 The OpenZipkin Authors
+# Copyright 2017-2024 The OpenZipkin Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 # in compliance with the License. You may obtain a copy of the License at
diff --git a/cassandra-driver/pom.xml b/cassandra-driver/pom.xml
index 82ee20b..dd41132 100644
--- a/cassandra-driver/pom.xml
+++ b/cassandra-driver/pom.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!--
 
-    Copyright 2017-2020 The OpenZipkin Authors
+    Copyright 2017-2024 The OpenZipkin Authors
 
     Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
     in compliance with the License. You may obtain a copy of the License at
@@ -30,8 +30,6 @@
     <module.name>brave.cassandra.driver</module.name>
 
     <main.basedir>${project.basedir}/..</main.basedir>
-
-    <mockito.version>3.6.28</mockito.version>
   </properties>
 
   <dependencies>
diff --git a/cassandra-driver/src/main/java/brave/cassandra/driver/TracingSession.java b/cassandra-driver/src/main/java/brave/cassandra/driver/TracingSession.java
index acbdf4b..9076b42 100644
--- a/cassandra-driver/src/main/java/brave/cassandra/driver/TracingSession.java
+++ b/cassandra-driver/src/main/java/brave/cassandra/driver/TracingSession.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2020 The OpenZipkin Authors
+ * Copyright 2017-2024 The OpenZipkin Authors
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License. You may obtain a copy of the License at
diff --git a/cassandra-driver/src/test/java/brave/cassandra/driver/ITTracingSession.java b/cassandra-driver/src/test/java/brave/cassandra/driver/ITTracingSession.java
index 677e973..d232178 100644
--- a/cassandra-driver/src/test/java/brave/cassandra/driver/ITTracingSession.java
+++ b/cassandra-driver/src/test/java/brave/cassandra/driver/ITTracingSession.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2020 The OpenZipkin Authors
+ * Copyright 2017-2024 The OpenZipkin Authors
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License. You may obtain a copy of the License at
@@ -31,37 +31,41 @@
 import com.datastax.driver.core.exceptions.DriverInternalError;
 import java.nio.ByteBuffer;
 import java.util.Map;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Test;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Test;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Mockito;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
 
 import static brave.Span.Kind.CLIENT;
 import static brave.propagation.SamplingFlags.NOT_SAMPLED;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.junit.Assume.assumeTrue;
+import static org.junit.jupiter.api.Assumptions.assumeTrue;
 import static org.mockito.Mockito.spy;
 
-public class ITTracingSession extends ITRemote {
-  // Takes a while to startup, so we make this a class rule
-  @ClassRule public static CassandraContainer cassandra = new CassandraContainer();
+@Testcontainers(disabledWithoutDocker = true)
+@Tag("docker")
+class ITTracingSession extends ITRemote {
+  @Container CassandraContainer cassandra = new CassandraContainer();
 
   CassandraClientTracing cassandraTracing;
   Cluster cluster;
   Session session, spiedSession;
   PreparedStatement prepared;
 
-  @Before public void setup() {
+  @BeforeEach public void setup() {
     cluster = Cluster.builder().addContactPointsWithPorts(cassandra.contactPoint()).build();
     session = newSession(CassandraClientTracing.newBuilder(tracing).propagationEnabled(true));
   }
 
-  @After public void close() {
+  @AfterEach public void close() throws Exception {
     if (cluster != null) cluster.close();
+    super.close();
   }
 
   Session newSession(CassandraClientTracing.Builder builder) {
@@ -72,7 +76,7 @@ Session newSession(CassandraClientTracing.Builder builder) {
     return result;
   }
 
-  @Test public void makesChildOfCurrentSpan() {
+  @Test void makesChildOfCurrentSpan() {
     TraceContext parent = newTraceContext(SamplingFlags.SAMPLED);
     try (Scope scope = currentTraceContext.newScope(parent)) {
       invokeBoundStatement();
@@ -85,7 +89,7 @@ Session newSession(CassandraClientTracing.Builder builder) {
   }
 
   // CASSANDRA-12835 particularly is in 3.11, which fixes simple (non-bound) statement tracing
-  @Test public void propagatesTraceIds_regularStatement() {
+  @Test void propagatesTraceIds_regularStatement() {
     session.execute("SELECT release_version from system.local");
 
     TraceContext extracted = extractB3Header();
@@ -93,7 +97,7 @@ Session newSession(CassandraClientTracing.Builder builder) {
     assertSameIds(testSpanHandler.takeRemoteSpan(CLIENT), extracted);
   }
 
-  @Test public void propagatesTraceIds() {
+  @Test void propagatesTraceIds() {
     invokeBoundStatement();
 
     TraceContext extracted = extractB3Header();
@@ -101,7 +105,7 @@ Session newSession(CassandraClientTracing.Builder builder) {
     assertSameIds(testSpanHandler.takeRemoteSpan(CLIENT), extracted);
   }
 
-  @Test public void propagationDisabledByDefault() {
+  @Test void propagationDisabledByDefault() {
     session.close();
     session = newSession(CassandraClientTracing.newBuilder(tracing));
 
@@ -113,7 +117,7 @@ Session newSession(CassandraClientTracing.Builder builder) {
     assertThat(extractB3Header()).isNull();
   }
 
-  @Test public void propagatesSampledFalse() {
+  @Test void propagatesSampledFalse() {
     try (Scope unsampled = currentTraceContext.newScope(newTraceContext(NOT_SAMPLED))) {
       invokeBoundStatement();
     }
@@ -124,20 +128,20 @@ Session newSession(CassandraClientTracing.Builder builder) {
     // test rule ensures no span was sampled
   }
 
-  @Test public void reportsClientKindToZipkin() {
+  @Test void reportsClientKindToZipkin() {
     invokeBoundStatement();
 
     testSpanHandler.takeRemoteSpan(CLIENT);
   }
 
-  @Test public void defaultSpanNameIsQuery() {
+  @Test void defaultSpanNameIsQuery() {
     invokeBoundStatement();
 
     assertThat(testSpanHandler.takeRemoteSpan(CLIENT).name())
         .isEqualTo("bound-statement");
   }
 
-  @Test public void reportsSpanOnTransportException() {
+  @Test void reportsSpanOnTransportException() {
     cluster.close();
 
     assertThatThrownBy(this::invokeBoundStatement)
@@ -147,16 +151,16 @@ Session newSession(CassandraClientTracing.Builder builder) {
         "Could not send request, session is closed");
   }
 
-  @Test public void addsErrorTag_onCanceledFuture() {
+  @Test void addsErrorTag_onCanceledFuture() throws Exception {
     ResultSetFuture resp = session.executeAsync("SELECT release_version from system.local");
-    assumeTrue("lost race on cancel", resp.cancel(true));
+    assumeTrue(resp.cancel(true), "lost race on cancel");
 
     close(); // blocks until the cancel finished
 
     testSpanHandler.takeRemoteSpanWithErrorMessage(CLIENT, "Task was cancelled.");
   }
 
-  @Test public void reportsServerAddress() {
+  @Test void reportsServerAddress() {
     invokeBoundStatement();
 
     MutableSpan span = testSpanHandler.takeRemoteSpan(CLIENT);
@@ -165,7 +169,7 @@ Session newSession(CassandraClientTracing.Builder builder) {
     assertThat(span.remotePort()).isEqualTo(cassandra.contactPoint().getPort());
   }
 
-  @Test public void customSampler() {
+  @Test void customSampler() {
     cassandraTracing =
         cassandraTracing.toBuilder().sampler(CassandraClientSampler.NEVER_SAMPLE).build();
     session = TracingSession.create(cassandraTracing, ((TracingSession) session).delegate);
@@ -175,7 +179,7 @@ Session newSession(CassandraClientTracing.Builder builder) {
     // test rule ensures no span was sampled
   }
 
-  @Test public void supportsCustomization() {
+  @Test void supportsCustomization() {
     cassandraTracing = cassandraTracing.toBuilder().parser(new CassandraClientParser() {
       @Override public String spanName(Statement statement) {
         return "query";
diff --git a/cassandra-tests/pom.xml b/cassandra-tests/pom.xml
index 5c8ac56..821f979 100644
--- a/cassandra-tests/pom.xml
+++ b/cassandra-tests/pom.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 
-    Copyright 2017-2020 The OpenZipkin Authors
+    Copyright 2017-2024 The OpenZipkin Authors
 
     Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
     in compliance with the License. You may obtain a copy of the License at
@@ -29,8 +29,6 @@
     <main.basedir>${project.basedir}/..</main.basedir>
     <main.java.version>1.8</main.java.version>
     <main.signature.artifact>java18</main.signature.artifact>
-
-    <okhttp.version>4.9.0</okhttp.version>
   </properties>
 
   <dependencies>
@@ -41,9 +39,10 @@
     </dependency>
 
     <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>${junit.version}</version>
+      <groupId>org.junit.jupiter</groupId>
+      <artifactId>junit-jupiter-api</artifactId>
+      <version>${junit-jupiter.version}</version>
+      <scope>provided</scope>
     </dependency>
     <dependency>
       <groupId>org.assertj</groupId>
@@ -57,7 +56,7 @@
     </dependency>
     <dependency>
       <groupId>org.testcontainers</groupId>
-      <artifactId>testcontainers</artifactId>
+      <artifactId>junit-jupiter</artifactId>
       <version>${testcontainers.version}</version>
     </dependency>
   </dependencies>
diff --git a/cassandra-tests/src/main/java/cassandra/CassandraContainer.java b/cassandra-tests/src/main/java/cassandra/CassandraContainer.java
index 40bbc0e..4ca1e9c 100644
--- a/cassandra-tests/src/main/java/cassandra/CassandraContainer.java
+++ b/cassandra-tests/src/main/java/cassandra/CassandraContainer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2020 The OpenZipkin Authors
+ * Copyright 2017-2024 The OpenZipkin Authors
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License. You may obtain a copy of the License at
@@ -23,14 +23,11 @@
 
 import static org.testcontainers.utility.DockerImageName.parse;
 
-// mostly waiting for https://github.com/testcontainers/testcontainers-java/issues/3537
 public class CassandraContainer extends GenericContainer<CassandraContainer> {
   public CassandraContainer() {
-    super(parse("ghcr.io/openzipkin/zipkin-cassandra:2.23.2"));
-    if ("true".equals(System.getProperty("docker.skip"))) {
-      throw new AssumptionViolatedException("${docker.skip} == true");
-    }
+    super(parse("ghcr.io/openzipkin/zipkin-cassandra:2.23.7"));
     waitStrategy = Wait.forHealthcheck();
+    addExposedPort(9042);
     withStartupTimeout(Duration.ofMinutes(2));
     withLogConsumer(new Slf4jLogConsumer(LoggerFactory.getLogger(CassandraContainer.class)));
   }
diff --git a/cassandra-tests/src/main/java/cassandra/ForwardHttpSpansToHandler.java b/cassandra-tests/src/main/java/cassandra/ForwardHttpSpansToHandler.java
index cffb354..283d666 100644
--- a/cassandra-tests/src/main/java/cassandra/ForwardHttpSpansToHandler.java
+++ b/cassandra-tests/src/main/java/cassandra/ForwardHttpSpansToHandler.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2020 The OpenZipkin Authors
+ * Copyright 2017-2024 The OpenZipkin Authors
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License. You may obtain a copy of the License at
@@ -24,9 +24,9 @@
 import okhttp3.mockwebserver.RecordedRequest;
 import okio.Buffer;
 import okio.GzipSource;
-import org.junit.rules.TestRule;
-import org.junit.runner.Description;
-import org.junit.runners.model.Statement;
+import org.junit.jupiter.api.extension.AfterAllCallback;
+import org.junit.jupiter.api.extension.BeforeAllCallback;
+import org.junit.jupiter.api.extension.ExtensionContext;
 import zipkin2.Annotation;
 import zipkin2.Span;
 import zipkin2.codec.SpanBytesDecoder;
@@ -37,7 +37,7 @@
  * instrumentation that do not expose {@link SpanHandler} or run in Docker.
  */
 // Temporary until moved into brave-tests.
-public class ForwardHttpSpansToHandler implements TestRule {
+public class ForwardHttpSpansToHandler implements BeforeAllCallback, AfterAllCallback {
   final MockWebServer zipkin = new MockWebServer();
 
   /**
@@ -62,8 +62,12 @@ public ForwardHttpSpansToHandler(SpanHandler spanHandler) {
     zipkin.setDispatcher(new ZipkinDispatcher(spanHandler));
   }
 
-  @Override public Statement apply(Statement base, Description description) {
-    return zipkin.apply(base, description);
+  @Override public void beforeAll(ExtensionContext extensionContext) throws Exception {
+    zipkin.start();
+  }
+
+  @Override public void afterAll(ExtensionContext extensionContext) throws Exception {
+    zipkin.shutdown();
   }
 
   static final class ZipkinDispatcher extends Dispatcher {
diff --git a/cassandra-tests/src/main/java/cassandra/ForwardingSpanHandler.java b/cassandra-tests/src/main/java/cassandra/ForwardingSpanHandler.java
index 3884aff..697411d 100644
--- a/cassandra-tests/src/main/java/cassandra/ForwardingSpanHandler.java
+++ b/cassandra-tests/src/main/java/cassandra/ForwardingSpanHandler.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2020 The OpenZipkin Authors
+ * Copyright 2017-2024 The OpenZipkin Authors
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License. You may obtain a copy of the License at
diff --git a/cassandra/pom.xml b/cassandra/pom.xml
index d7eae0d..134aaee 100644
--- a/cassandra/pom.xml
+++ b/cassandra/pom.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!--
 
-    Copyright 2017-2020 The OpenZipkin Authors
+    Copyright 2017-2024 The OpenZipkin Authors
 
     Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
     in compliance with the License. You may obtain a copy of the License at
@@ -59,7 +59,7 @@
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>
-      <version>1.7.30</version>
+      <version>1.7.36</version>
       <scope>provided</scope>
     </dependency>
 
diff --git a/cassandra/src/main/java/brave/cassandra/Tracing.java b/cassandra/src/main/java/brave/cassandra/Tracing.java
index 759d022..ec910bd 100644
--- a/cassandra/src/main/java/brave/cassandra/Tracing.java
+++ b/cassandra/src/main/java/brave/cassandra/Tracing.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2020 The OpenZipkin Authors
+ * Copyright 2017-2024 The OpenZipkin Authors
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License. You may obtain a copy of the License at
@@ -27,8 +27,8 @@
 import org.apache.cassandra.tracing.TraceState;
 import org.apache.cassandra.tracing.TraceStateImpl;
 import org.apache.cassandra.utils.FBUtilities;
-import zipkin2.Call;
-import zipkin2.CheckResult;
+import zipkin2.reporter.Call;
+import zipkin2.reporter.CheckResult;
 import zipkin2.reporter.brave.AsyncZipkinSpanHandler;
 import zipkin2.reporter.urlconnection.URLConnectionSender;
 
@@ -99,8 +99,8 @@ static void maybeFailFast(Throwable error) {
    * payload. If that's possible, it re-uses the trace identifiers and starts a server span.
    * Otherwise, a new trace is created.
    */
-  @Override protected final UUID newSession(
-      UUID sessionId, TraceType traceType, Map<String, ByteBuffer> customPayload) {
+  @Override protected UUID newSession(UUID sessionId, TraceType traceType,
+      Map<String, ByteBuffer> customPayload) {
     // override instead of call from super as otherwise we cannot store a reference to the span
     assert get() == null;
 
@@ -118,10 +118,10 @@ static void maybeFailFast(Throwable error) {
     return sessionId;
   }
 
-  @Override protected final TraceState newTraceState(
-      InetAddress coordinator, UUID sessionId, TraceType traceType) {
+  @Override
+  protected TraceState newTraceState(InetAddress inetAddress, UUID timeUUID, TraceType traceType) {
     assert false : "we don't expect this to be ever reached as we override newSession";
-    return new TraceStateImpl(coordinator, sessionId, traceType);
+    return new TraceStateImpl(coordinator, timeUUID, traceType);
   }
 
   /** This extracts the RPC span encoded in the custom payload, or starts a new trace */
@@ -193,7 +193,8 @@ protected void parseRequest(
   static final class ZipkinTraceState extends TraceState {
     final Span incoming;
 
-    ZipkinTraceState(InetAddress coordinator, UUID sessionId, TraceType traceType, Span incoming) {
+    ZipkinTraceState(InetAddress coordinator, UUID sessionId,
+        org.apache.cassandra.tracing.Tracing.TraceType traceType, Span incoming) {
       super(coordinator, sessionId, traceType);
       this.incoming = incoming;
     }
diff --git a/cassandra/src/test/java/brave/cassandra/ITTracing.java b/cassandra/src/test/java/brave/cassandra/ITTracing.java
index 6ccefd8..03c7130 100644
--- a/cassandra/src/test/java/brave/cassandra/ITTracing.java
+++ b/cassandra/src/test/java/brave/cassandra/ITTracing.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2020 The OpenZipkin Authors
+ * Copyright 2017-2024 The OpenZipkin Authors
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License. You may obtain a copy of the License at
@@ -27,12 +27,12 @@
 import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.function.Function;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Test;
-import org.junit.rules.DisableOnDebug;
-import org.junit.rules.Timeout;
-import org.testcontainers.Testcontainers;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
 import org.testcontainers.containers.GenericContainer;
 import org.testcontainers.utility.MountableFile;
 import zipkin2.reporter.Reporter;
@@ -45,35 +45,33 @@
 import static java.util.Collections.singletonMap;
 import static org.assertj.core.api.Assertions.assertThat;
 
-public class ITTracing extends ITRemote {
+@Testcontainers(disabledWithoutDocker = true)
+@Tag("docker")
+class ITTracing extends ITRemote {
   // swap references on each method instead of starting Cassandra for each test
   static SpanHandler currentSpanHandler = SpanHandler.NOOP;
 
-  @Before public void setCurrentSpanHandler() {
+  @BeforeEach public void setCurrentSpanHandler() {
     currentSpanHandler = testSpanHandler;
   }
 
-  @ClassRule public static ForwardHttpSpansToHandler zipkin =
+  @RegisterExtension public static ForwardHttpSpansToHandler zipkin =
       new ForwardHttpSpansToHandler(new ForwardingSpanHandler() {
         @Override protected SpanHandler delegate() {
           return currentSpanHandler;
         }
       });
 
-  @ClassRule public static CassandraContainer cassandra = copyTracingLibs(new CassandraContainer()
+  @Container CassandraContainer cassandra = copyTracingLibs(new CassandraContainer()
       .withEnv("LOGGING_LEVEL", "WARN")
       .withEnv("JAVA_OPTS", javaOpts(zipkin.httpPort()))
   );
 
-  public ITTracing() {
-    globalTimeout = new DisableOnDebug(Timeout.seconds(120)); // Cassandra takes longer than 20s
-  }
-
-  @Test public void doesntTraceWhenTracingDisabled() {
+  @Test void doesntTraceWhenTracingDisabled() {
     execute(session -> session.prepare("SELECT release_version from system.local").bind());
   }
 
-  @Test public void startsNewTraceWhenTracingEnabled() {
+  @Test void startsNewTraceWhenTracingEnabled() {
     execute(session -> session
         .prepare("SELECT release_version from system.local")
         .enableTracing()
@@ -83,14 +81,14 @@ public ITTracing() {
     testSpanHandler.takeRemoteSpan(SERVER);
   }
 
-  @Test public void startsNewTraceWhenTracingEnabled_noPayload() {
+  @Test void startsNewTraceWhenTracingEnabled_noPayload() {
     execute(session -> session
         .prepare("SELECT release_version from system.local").enableTracing().bind());
 
     testSpanHandler.takeRemoteSpan(SERVER);
   }
 
-  @Test public void samplingDisabled() {
+  @Test void samplingDisabled() {
     execute(session -> session
         .prepare("SELECT release_version from system.local")
         .setOutgoingPayload(singletonMap("b3", ByteBuffer.wrap(new byte[] {'0'})))
@@ -99,7 +97,7 @@ public ITTracing() {
     // test rule ensures no span was sampled
   }
 
-  @Test public void usesExistingTraceId() {
+  @Test void usesExistingTraceId() {
     TraceContext context = newTraceContext(SAMPLED);
     execute(session -> session
         .prepare("SELECT release_version from system.local")
@@ -111,14 +109,14 @@ public ITTracing() {
     assertChildOf(testSpanHandler.takeRemoteSpan(SERVER), context);
   }
 
-  @Test public void reportsServerKindToZipkin() {
+  @Test void reportsServerKindToZipkin() {
     execute(session -> session
         .prepare("SELECT release_version from system.local").enableTracing().bind());
 
     testSpanHandler.takeRemoteSpan(SERVER);
   }
 
-  @Test public void defaultSpanNameIsType() {
+  @Test void defaultSpanNameIsType() {
     execute(session -> session
         .prepare("SELECT release_version from system.local").enableTracing().bind());
 
@@ -126,7 +124,7 @@ public ITTracing() {
         .isEqualTo("query");
   }
 
-  @Test public void defaultRequestTags() {
+  @Test void defaultRequestTags() {
     execute(session -> session
         .prepare("SELECT release_version from system.local").enableTracing().bind());
 
@@ -134,7 +132,7 @@ public ITTracing() {
         .containsOnlyKeys("cassandra.request", "cassandra.session_id");
   }
 
-  @Test public void reportsClientAddress() {
+  @Test void reportsClientAddress() {
     execute(session -> session
         .prepare("SELECT release_version from system.local").enableTracing().bind());
 
@@ -188,7 +186,7 @@ static MountableFile codeSource(Class<?> clazz) {
   static String javaOpts(int zipkinHttpPort) {
     // TODO: would be nicer if Testcontainers.exposeHostPort(int) and returned the input
     // https://github.com/testcontainers/testcontainers-java/issues/3538
-    Testcontainers.exposeHostPorts(zipkinHttpPort);
+    org.testcontainers.Testcontainers.exposeHostPorts(zipkinHttpPort);
     String zipkinEndpoint =
         "http://host.testcontainers.internal:" + zipkinHttpPort + "/api/v2/spans";
 
diff --git a/cassandra/src/test/java/brave/cassandra/TracingTest.java b/cassandra/src/test/java/brave/cassandra/TracingTest.java
index 431c62c..426cd48 100644
--- a/cassandra/src/test/java/brave/cassandra/TracingTest.java
+++ b/cassandra/src/test/java/brave/cassandra/TracingTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2020 The OpenZipkin Authors
+ * Copyright 2017-2024 The OpenZipkin Authors
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License. You may obtain a copy of the License at
@@ -17,8 +17,8 @@
 import brave.test.TestSpanHandler;
 import java.nio.ByteBuffer;
 import java.util.Collections;
-import org.junit.After;
-import org.junit.Test;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -29,22 +29,22 @@ public class TracingTest {
       .currentTraceContext(currentTraceContext).addSpanHandler(spans).build();
   Tracing cassandraTracing = new Tracing(tracing);
 
-  @After public void tearDown() {
+  @AfterEach public void tearDown() {
     tracing.close();
     currentTraceContext.close();
   }
 
-  @Test public void spanFromPayload_startsTraceOnNullPayload() {
+  @Test void spanFromPayload_startsTraceOnNullPayload() {
     assertThat(cassandraTracing.spanFromPayload(tracing.tracer(), null))
         .isNotNull();
   }
 
-  @Test public void spanFromPayload_startsTraceOnAbsentB3SingleEntry() {
+  @Test void spanFromPayload_startsTraceOnAbsentB3SingleEntry() {
     assertThat(cassandraTracing.spanFromPayload(tracing.tracer(), Collections.emptyMap()))
         .isNotNull();
   }
 
-  @Test public void spanFromPayload_resumesTraceOnB3SingleEntry() {
+  @Test void spanFromPayload_resumesTraceOnB3SingleEntry() {
     assertThat(cassandraTracing.spanFromPayload(tracing.tracer(), Collections.singletonMap("b3",
         ByteBuffer.wrap(new byte[] {'0'}))))
         .extracting(brave.Span::isNoop)
diff --git a/mvnw b/mvnw
index 41c0f0c..8d937f4 100755
--- a/mvnw
+++ b/mvnw
@@ -19,7 +19,7 @@
 # ----------------------------------------------------------------------------
 
 # ----------------------------------------------------------------------------
-# Maven Start Up Batch script
+# Apache Maven Wrapper startup batch script, version 3.2.0
 #
 # Required ENV vars:
 # ------------------
@@ -27,7 +27,6 @@
 #
 # Optional ENV vars
 # -----------------
-#   M2_HOME - location of maven2's installed home dir
 #   MAVEN_OPTS - parameters passed to the Java VM when running Maven
 #     e.g. to debug Maven itself, use
 #       set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
@@ -36,6 +35,10 @@
 
 if [ -z "$MAVEN_SKIP_RC" ] ; then
 
+  if [ -f /usr/local/etc/mavenrc ] ; then
+    . /usr/local/etc/mavenrc
+  fi
+
   if [ -f /etc/mavenrc ] ; then
     . /etc/mavenrc
   fi
@@ -50,7 +53,7 @@ fi
 cygwin=false;
 darwin=false;
 mingw=false
-case "`uname`" in
+case "$(uname)" in
   CYGWIN*) cygwin=true ;;
   MINGW*) mingw=true;;
   Darwin*) darwin=true
@@ -58,9 +61,9 @@ case "`uname`" in
     # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
     if [ -z "$JAVA_HOME" ]; then
       if [ -x "/usr/libexec/java_home" ]; then
-        export JAVA_HOME="`/usr/libexec/java_home`"
+        JAVA_HOME="$(/usr/libexec/java_home)"; export JAVA_HOME
       else
-        export JAVA_HOME="/Library/Java/Home"
+        JAVA_HOME="/Library/Java/Home"; export JAVA_HOME
       fi
     fi
     ;;
@@ -68,68 +71,38 @@ esac
 
 if [ -z "$JAVA_HOME" ] ; then
   if [ -r /etc/gentoo-release ] ; then
-    JAVA_HOME=`java-config --jre-home`
+    JAVA_HOME=$(java-config --jre-home)
   fi
 fi
 
-if [ -z "$M2_HOME" ] ; then
-  ## resolve links - $0 may be a link to maven's home
-  PRG="$0"
-
-  # need this for relative symlinks
-  while [ -h "$PRG" ] ; do
-    ls=`ls -ld "$PRG"`
-    link=`expr "$ls" : '.*-> \(.*\)$'`
-    if expr "$link" : '/.*' > /dev/null; then
-      PRG="$link"
-    else
-      PRG="`dirname "$PRG"`/$link"
-    fi
-  done
-
-  saveddir=`pwd`
-
-  M2_HOME=`dirname "$PRG"`/..
-
-  # make it fully qualified
-  M2_HOME=`cd "$M2_HOME" && pwd`
-
-  cd "$saveddir"
-  # echo Using m2 at $M2_HOME
-fi
-
 # For Cygwin, ensure paths are in UNIX format before anything is touched
 if $cygwin ; then
-  [ -n "$M2_HOME" ] &&
-    M2_HOME=`cygpath --unix "$M2_HOME"`
   [ -n "$JAVA_HOME" ] &&
-    JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+    JAVA_HOME=$(cygpath --unix "$JAVA_HOME")
   [ -n "$CLASSPATH" ] &&
-    CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+    CLASSPATH=$(cygpath --path --unix "$CLASSPATH")
 fi
 
 # For Mingw, ensure paths are in UNIX format before anything is touched
 if $mingw ; then
-  [ -n "$M2_HOME" ] &&
-    M2_HOME="`(cd "$M2_HOME"; pwd)`"
-  [ -n "$JAVA_HOME" ] &&
-    JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
+  [ -n "$JAVA_HOME" ] && [ -d "$JAVA_HOME" ] &&
+    JAVA_HOME="$(cd "$JAVA_HOME" || (echo "cannot cd into $JAVA_HOME."; exit 1); pwd)"
 fi
 
 if [ -z "$JAVA_HOME" ]; then
-  javaExecutable="`which javac`"
-  if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
+  javaExecutable="$(which javac)"
+  if [ -n "$javaExecutable" ] && ! [ "$(expr "\"$javaExecutable\"" : '\([^ ]*\)')" = "no" ]; then
     # readlink(1) is not available as standard on Solaris 10.
-    readLink=`which readlink`
-    if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
+    readLink=$(which readlink)
+    if [ ! "$(expr "$readLink" : '\([^ ]*\)')" = "no" ]; then
       if $darwin ; then
-        javaHome="`dirname \"$javaExecutable\"`"
-        javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
+        javaHome="$(dirname "\"$javaExecutable\"")"
+        javaExecutable="$(cd "\"$javaHome\"" && pwd -P)/javac"
       else
-        javaExecutable="`readlink -f \"$javaExecutable\"`"
+        javaExecutable="$(readlink -f "\"$javaExecutable\"")"
       fi
-      javaHome="`dirname \"$javaExecutable\"`"
-      javaHome=`expr "$javaHome" : '\(.*\)/bin'`
+      javaHome="$(dirname "\"$javaExecutable\"")"
+      javaHome=$(expr "$javaHome" : '\(.*\)/bin')
       JAVA_HOME="$javaHome"
       export JAVA_HOME
     fi
@@ -145,7 +118,7 @@ if [ -z "$JAVACMD" ] ; then
       JAVACMD="$JAVA_HOME/bin/java"
     fi
   else
-    JAVACMD="`which java`"
+    JAVACMD="$(\unset -f command 2>/dev/null; \command -v java)"
   fi
 fi
 
@@ -159,12 +132,9 @@ if [ -z "$JAVA_HOME" ] ; then
   echo "Warning: JAVA_HOME environment variable is not set."
 fi
 
-CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
-
 # traverses directory structure from process work directory to filesystem root
 # first directory with .mvn subdirectory is considered project base directory
 find_maven_basedir() {
-
   if [ -z "$1" ]
   then
     echo "Path not specified to find_maven_basedir"
@@ -180,96 +150,99 @@ find_maven_basedir() {
     fi
     # workaround for JBEAP-8937 (on Solaris 10/Sparc)
     if [ -d "${wdir}" ]; then
-      wdir=`cd "$wdir/.."; pwd`
+      wdir=$(cd "$wdir/.." || exit 1; pwd)
     fi
     # end of workaround
   done
-  echo "${basedir}"
+  printf '%s' "$(cd "$basedir" || exit 1; pwd)"
 }
 
 # concatenates all lines of a file
 concat_lines() {
   if [ -f "$1" ]; then
-    echo "$(tr -s '\n' ' ' < "$1")"
+    # Remove \r in case we run on Windows within Git Bash
+    # and check out the repository with auto CRLF management
+    # enabled. Otherwise, we may read lines that are delimited with
+    # \r\n and produce $'-Xarg\r' rather than -Xarg due to word
+    # splitting rules.
+    tr -s '\r\n' ' ' < "$1"
+  fi
+}
+
+log() {
+  if [ "$MVNW_VERBOSE" = true ]; then
+    printf '%s\n' "$1"
   fi
 }
 
-BASE_DIR=`find_maven_basedir "$(pwd)"`
+BASE_DIR=$(find_maven_basedir "$(dirname "$0")")
 if [ -z "$BASE_DIR" ]; then
   exit 1;
 fi
 
+MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}; export MAVEN_PROJECTBASEDIR
+log "$MAVEN_PROJECTBASEDIR"
+
 ##########################################################################################
 # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
 # This allows using the maven wrapper in projects that prohibit checking in binary data.
 ##########################################################################################
-if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then
-    if [ "$MVNW_VERBOSE" = true ]; then
-      echo "Found .mvn/wrapper/maven-wrapper.jar"
-    fi
+wrapperJarPath="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar"
+if [ -r "$wrapperJarPath" ]; then
+    log "Found $wrapperJarPath"
 else
-    if [ "$MVNW_VERBOSE" = true ]; then
-      echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
-    fi
+    log "Couldn't find $wrapperJarPath, downloading it ..."
+
     if [ -n "$MVNW_REPOURL" ]; then
-      jarUrl="$MVNW_REPOURL/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
+      wrapperUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
     else
-      jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
+      wrapperUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
     fi
-    while IFS="=" read key value; do
-      case "$key" in (wrapperUrl) jarUrl="$value"; break ;;
+    while IFS="=" read -r key value; do
+      # Remove '\r' from value to allow usage on windows as IFS does not consider '\r' as a separator ( considers space, tab, new line ('\n'), and custom '=' )
+      safeValue=$(echo "$value" | tr -d '\r')
+      case "$key" in (wrapperUrl) wrapperUrl="$safeValue"; break ;;
       esac
-    done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties"
-    if [ "$MVNW_VERBOSE" = true ]; then
-      echo "Downloading from: $jarUrl"
-    fi
-    wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar"
+    done < "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties"
+    log "Downloading from: $wrapperUrl"
+
     if $cygwin; then
-      wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"`
+      wrapperJarPath=$(cygpath --path --windows "$wrapperJarPath")
     fi
 
     if command -v wget > /dev/null; then
-        if [ "$MVNW_VERBOSE" = true ]; then
-          echo "Found wget ... using wget"
-        fi
+        log "Found wget ... using wget"
+        [ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--quiet"
         if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
-            wget "$jarUrl" -O "$wrapperJarPath"
+            wget $QUIET "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
         else
-            wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath"
+            wget $QUIET --http-user="$MVNW_USERNAME" --http-password="$MVNW_PASSWORD" "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
         fi
     elif command -v curl > /dev/null; then
-        if [ "$MVNW_VERBOSE" = true ]; then
-          echo "Found curl ... using curl"
-        fi
+        log "Found curl ... using curl"
+        [ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--silent"
         if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
-            curl -o "$wrapperJarPath" "$jarUrl" -f
+            curl $QUIET -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath"
         else
-            curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f
+            curl $QUIET --user "$MVNW_USERNAME:$MVNW_PASSWORD" -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath"
         fi
-
     else
-        if [ "$MVNW_VERBOSE" = true ]; then
-          echo "Falling back to using Java to download"
-        fi
-        javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
+        log "Falling back to using Java to download"
+        javaSource="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.java"
+        javaClass="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.class"
         # For Cygwin, switch paths to Windows format before running javac
         if $cygwin; then
-          javaClass=`cygpath --path --windows "$javaClass"`
+          javaSource=$(cygpath --path --windows "$javaSource")
+          javaClass=$(cygpath --path --windows "$javaClass")
         fi
-        if [ -e "$javaClass" ]; then
-            if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
-                if [ "$MVNW_VERBOSE" = true ]; then
-                  echo " - Compiling MavenWrapperDownloader.java ..."
-                fi
-                # Compiling the Java class
-                ("$JAVA_HOME/bin/javac" "$javaClass")
+        if [ -e "$javaSource" ]; then
+            if [ ! -e "$javaClass" ]; then
+                log " - Compiling MavenWrapperDownloader.java ..."
+                ("$JAVA_HOME/bin/javac" "$javaSource")
             fi
-            if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
-                # Running the downloader
-                if [ "$MVNW_VERBOSE" = true ]; then
-                  echo " - Running MavenWrapperDownloader.java ..."
-                fi
-                ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
+            if [ -e "$javaClass" ]; then
+                log " - Running MavenWrapperDownloader.java ..."
+                ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$wrapperUrl" "$wrapperJarPath") || rm -f "$wrapperJarPath"
             fi
         fi
     fi
@@ -278,33 +251,58 @@ fi
 # End of extension
 ##########################################################################################
 
-export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
-if [ "$MVNW_VERBOSE" = true ]; then
-  echo $MAVEN_PROJECTBASEDIR
+# If specified, validate the SHA-256 sum of the Maven wrapper jar file
+wrapperSha256Sum=""
+while IFS="=" read -r key value; do
+  case "$key" in (wrapperSha256Sum) wrapperSha256Sum=$value; break ;;
+  esac
+done < "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties"
+if [ -n "$wrapperSha256Sum" ]; then
+  wrapperSha256Result=false
+  if command -v sha256sum > /dev/null; then
+    if echo "$wrapperSha256Sum  $wrapperJarPath" | sha256sum -c > /dev/null 2>&1; then
+      wrapperSha256Result=true
+    fi
+  elif command -v shasum > /dev/null; then
+    if echo "$wrapperSha256Sum  $wrapperJarPath" | shasum -a 256 -c > /dev/null 2>&1; then
+      wrapperSha256Result=true
+    fi
+  else
+    echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available."
+    echo "Please install either command, or disable validation by removing 'wrapperSha256Sum' from your maven-wrapper.properties."
+    exit 1
+  fi
+  if [ $wrapperSha256Result = false ]; then
+    echo "Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised." >&2
+    echo "Investigate or delete $wrapperJarPath to attempt a clean download." >&2
+    echo "If you updated your Maven version, you need to update the specified wrapperSha256Sum property." >&2
+    exit 1
+  fi
 fi
+
 MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
 
 # For Cygwin, switch paths to Windows format before running java
 if $cygwin; then
-  [ -n "$M2_HOME" ] &&
-    M2_HOME=`cygpath --path --windows "$M2_HOME"`
   [ -n "$JAVA_HOME" ] &&
-    JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+    JAVA_HOME=$(cygpath --path --windows "$JAVA_HOME")
   [ -n "$CLASSPATH" ] &&
-    CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+    CLASSPATH=$(cygpath --path --windows "$CLASSPATH")
   [ -n "$MAVEN_PROJECTBASEDIR" ] &&
-    MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
+    MAVEN_PROJECTBASEDIR=$(cygpath --path --windows "$MAVEN_PROJECTBASEDIR")
 fi
 
 # Provide a "standardized" way to retrieve the CLI args that will
 # work with both Windows and non-Windows executions.
-MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
+MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $*"
 export MAVEN_CMD_LINE_ARGS
 
 WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
 
+# shellcheck disable=SC2086 # safe args
 exec "$JAVACMD" \
   $MAVEN_OPTS \
+  $MAVEN_DEBUG_OPTS \
   -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
-  "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+  "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
   ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
diff --git a/mvnw.cmd b/mvnw.cmd
index 8611571..f80fbad 100644
--- a/mvnw.cmd
+++ b/mvnw.cmd
@@ -1,182 +1,205 @@
-@REM ----------------------------------------------------------------------------
-@REM Licensed to the Apache Software Foundation (ASF) under one
-@REM or more contributor license agreements.  See the NOTICE file
-@REM distributed with this work for additional information
-@REM regarding copyright ownership.  The ASF licenses this file
-@REM to you under the Apache License, Version 2.0 (the
-@REM "License"); you may not use this file except in compliance
-@REM with the License.  You may obtain a copy of the License at
-@REM
-@REM    http://www.apache.org/licenses/LICENSE-2.0
-@REM
-@REM Unless required by applicable law or agreed to in writing,
-@REM software distributed under the License is distributed on an
-@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-@REM KIND, either express or implied.  See the License for the
-@REM specific language governing permissions and limitations
-@REM under the License.
-@REM ----------------------------------------------------------------------------
-
-@REM ----------------------------------------------------------------------------
-@REM Maven Start Up Batch script
-@REM
-@REM Required ENV vars:
-@REM JAVA_HOME - location of a JDK home dir
-@REM
-@REM Optional ENV vars
-@REM M2_HOME - location of maven2's installed home dir
-@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
-@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
-@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
-@REM     e.g. to debug Maven itself, use
-@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
-@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
-@REM ----------------------------------------------------------------------------
-
-@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
-@echo off
-@REM set title of command window
-title %0
-@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
-@if "%MAVEN_BATCH_ECHO%" == "on"  echo %MAVEN_BATCH_ECHO%
-
-@REM set %HOME% to equivalent of $HOME
-if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
-
-@REM Execute a user defined script before this one
-if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
-@REM check for pre script, once with legacy .bat ending and once with .cmd ending
-if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
-if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
-:skipRcPre
-
-@setlocal
-
-set ERROR_CODE=0
-
-@REM To isolate internal variables from possible post scripts, we use another setlocal
-@setlocal
-
-@REM ==== START VALIDATION ====
-if not "%JAVA_HOME%" == "" goto OkJHome
-
-echo.
-echo Error: JAVA_HOME not found in your environment. >&2
-echo Please set the JAVA_HOME variable in your environment to match the >&2
-echo location of your Java installation. >&2
-echo.
-goto error
-
-:OkJHome
-if exist "%JAVA_HOME%\bin\java.exe" goto init
-
-echo.
-echo Error: JAVA_HOME is set to an invalid directory. >&2
-echo JAVA_HOME = "%JAVA_HOME%" >&2
-echo Please set the JAVA_HOME variable in your environment to match the >&2
-echo location of your Java installation. >&2
-echo.
-goto error
-
-@REM ==== END VALIDATION ====
-
-:init
-
-@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
-@REM Fallback to current working directory if not found.
-
-set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
-IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
-
-set EXEC_DIR=%CD%
-set WDIR=%EXEC_DIR%
-:findBaseDir
-IF EXIST "%WDIR%"\.mvn goto baseDirFound
-cd ..
-IF "%WDIR%"=="%CD%" goto baseDirNotFound
-set WDIR=%CD%
-goto findBaseDir
-
-:baseDirFound
-set MAVEN_PROJECTBASEDIR=%WDIR%
-cd "%EXEC_DIR%"
-goto endDetectBaseDir
-
-:baseDirNotFound
-set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
-cd "%EXEC_DIR%"
-
-:endDetectBaseDir
-
-IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
-
-@setlocal EnableExtensions EnableDelayedExpansion
-for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
-@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
-
-:endReadAdditionalConfig
-
-SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
-set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
-set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
-
-set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
-
-FOR /F "tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
-    IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
-)
-
-@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
-@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
-if exist %WRAPPER_JAR% (
-    if "%MVNW_VERBOSE%" == "true" (
-        echo Found %WRAPPER_JAR%
-    )
-) else (
-    if not "%MVNW_REPOURL%" == "" (
-        SET DOWNLOAD_URL="%MVNW_REPOURL%/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
-    )
-    if "%MVNW_VERBOSE%" == "true" (
-        echo Couldn't find %WRAPPER_JAR%, downloading it ...
-        echo Downloading from: %DOWNLOAD_URL%
-    )
-
-    powershell -Command "&{"^
-		"$webclient = new-object System.Net.WebClient;"^
-		"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
-		"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
-		"}"^
-		"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^
-		"}"
-    if "%MVNW_VERBOSE%" == "true" (
-        echo Finished downloading %WRAPPER_JAR%
-    )
-)
-@REM End of extension
-
-@REM Provide a "standardized" way to retrieve the CLI args that will
-@REM work with both Windows and non-Windows executions.
-set MAVEN_CMD_LINE_ARGS=%*
-
-%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
-if ERRORLEVEL 1 goto error
-goto end
-
-:error
-set ERROR_CODE=1
-
-:end
-@endlocal & set ERROR_CODE=%ERROR_CODE%
-
-if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
-@REM check for post script, once with legacy .bat ending and once with .cmd ending
-if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
-if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
-:skipRcPost
-
-@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
-if "%MAVEN_BATCH_PAUSE%" == "on" pause
-
-if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
-
-exit /B %ERROR_CODE%
+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements.  See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership.  The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License.  You may obtain a copy of the License at
+@REM
+@REM    http://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied.  See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Apache Maven Wrapper startup batch script, version 3.2.0
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM     e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM set title of command window
+title %0
+@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on"  echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %*
+if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %*
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+set WRAPPER_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
+
+FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
+    IF "%%A"=="wrapperUrl" SET WRAPPER_URL=%%B
+)
+
+@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
+if exist %WRAPPER_JAR% (
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Found %WRAPPER_JAR%
+    )
+) else (
+    if not "%MVNW_REPOURL%" == "" (
+        SET WRAPPER_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
+    )
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Couldn't find %WRAPPER_JAR%, downloading it ...
+        echo Downloading from: %WRAPPER_URL%
+    )
+
+    powershell -Command "&{"^
+		"$webclient = new-object System.Net.WebClient;"^
+		"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
+		"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
+		"}"^
+		"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%WRAPPER_URL%', '%WRAPPER_JAR%')"^
+		"}"
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Finished downloading %WRAPPER_JAR%
+    )
+)
+@REM End of extension
+
+@REM If specified, validate the SHA-256 sum of the Maven wrapper jar file
+SET WRAPPER_SHA_256_SUM=""
+FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
+    IF "%%A"=="wrapperSha256Sum" SET WRAPPER_SHA_256_SUM=%%B
+)
+IF NOT %WRAPPER_SHA_256_SUM%=="" (
+    powershell -Command "&{"^
+       "$hash = (Get-FileHash \"%WRAPPER_JAR%\" -Algorithm SHA256).Hash.ToLower();"^
+       "If('%WRAPPER_SHA_256_SUM%' -ne $hash){"^
+       "  Write-Output 'Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised.';"^
+       "  Write-Output 'Investigate or delete %WRAPPER_JAR% to attempt a clean download.';"^
+       "  Write-Output 'If you updated your Maven version, you need to update the specified wrapperSha256Sum property.';"^
+       "  exit 1;"^
+       "}"^
+       "}"
+    if ERRORLEVEL 1 goto error
+)
+
+@REM Provide a "standardized" way to retrieve the CLI args that will
+@REM work with both Windows and non-Windows executions.
+set MAVEN_CMD_LINE_ARGS=%*
+
+%MAVEN_JAVA_EXE% ^
+  %JVM_CONFIG_MAVEN_PROPS% ^
+  %MAVEN_OPTS% ^
+  %MAVEN_DEBUG_OPTS% ^
+  -classpath %WRAPPER_JAR% ^
+  "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^
+  %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat"
+if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%"=="on" pause
+
+if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE%
+
+cmd /C exit /B %ERROR_CODE%
diff --git a/pom.xml b/pom.xml
index 6820ce2..966f84f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 
-    Copyright 2017-2020 The OpenZipkin Authors
+    Copyright 2017-2024 The OpenZipkin Authors
 
     Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
     in compliance with the License. You may obtain a copy of the License at
@@ -86,44 +86,54 @@
     <main.basedir>${project.basedir}</main.basedir>
 
     <!-- default bytecode version for src/main -->
-    <main.java.version>1.8</main.java.version>
-    <main.signature.artifact>java18</main.signature.artifact>
+    <maven.compiler.source>1.8</maven.compiler.source>
+    <maven.compiler.target>1.8</maven.compiler.target>
+    <!-- We don't use animal-sniffer anymore as release obviates it.
+         See https://github.com/mojohaus/animal-sniffer/issues/62 -->
+    <maven.compiler.release>8</maven.compiler.release>
 
-    <cassandra-driver-core.version>3.10.2</cassandra-driver-core.version>
-    <brave.version>5.13.3</brave.version>
+    <!-- Tests use the floor Java version (used in release) -->
+    <maven.compiler.testSource>11</maven.compiler.testSource>
+    <maven.compiler.testTarget>11</maven.compiler.testTarget>
+    <maven.compiler.testRelease>11</maven.compiler.testRelease>
 
-    <junit.version>4.13.1</junit.version>
-    <junit-jupiter.version>5.7.0</junit-jupiter.version>
-    <assertj.version>3.18.1</assertj.version>
-    <testcontainers.version>1.15.1</testcontainers.version>
+    <cassandra-driver-core.version>3.11.2</cassandra-driver-core.version>
+    <brave.version>5.18.0</brave.version>
 
     <!-- override to set exclusions per-project -->
     <errorprone.args />
-    <errorprone.version>2.4.0</errorprone.version>
-    <log4j.version>2.14.0</log4j.version>
+    <errorprone.version>2.24.1</errorprone.version>
+    <log4j.version>2.22.1</log4j.version>
+    <okhttp.version>4.12.0</okhttp.version>
+
+    <junit-jupiter.version>5.10.1</junit-jupiter.version>
+    <assertj.version>3.25.1</assertj.version>
+    <mockito.version>5.8.0</mockito.version>
+    <testcontainers.version>1.19.3</testcontainers.version>
 
     <license.skip>${skipTests}</license.skip>
+    <maven-surefire-plugin.argLine />
+    <maven-failsafe-plugin.argLine />
 
-    <animal-sniffer-maven-plugin.version>1.19</animal-sniffer-maven-plugin.version>
     <go-offline-maven-plugin.version>1.2.8</go-offline-maven-plugin.version>
     <!-- TODO: cleanup any redundant ignores now also in the 4.0 release (once final) -->
-    <license-maven-plugin.version>4.0.rc2</license-maven-plugin.version>
-    <maven-bundle-plugin.version>5.1.1</maven-bundle-plugin.version>
-    <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
+    <license-maven-plugin.version>4.3</license-maven-plugin.version>
+    <maven-bundle-plugin.version>5.1.9</maven-bundle-plugin.version>
+    <maven-compiler-plugin.version>3.12.1</maven-compiler-plugin.version>
     <!-- Use same version as https://github.com/openzipkin/docker-java -->
-    <maven-dependency-plugin.version>3.1.2</maven-dependency-plugin.version>
-    <maven-deploy-plugin.version>3.0.0-M1</maven-deploy-plugin.version>
-    <maven-enforcer-plugin.version>3.0.0-M3</maven-enforcer-plugin.version>
+    <maven-dependency-plugin.version>3.6.1</maven-dependency-plugin.version>
+    <maven-deploy-plugin.version>3.1.1</maven-deploy-plugin.version>
+    <maven-enforcer-plugin.version>3.4.1</maven-enforcer-plugin.version>
     <!-- Use same version as https://github.com/openzipkin/docker-java -->
-    <maven-help-plugin.version>3.2.0</maven-help-plugin.version>
-    <maven-install-plugin.version>3.0.0-M1</maven-install-plugin.version>
-    <maven-javadoc-plugin.version>3.2.0</maven-javadoc-plugin.version>
-    <maven-jar-plugin.version>3.2.0</maven-jar-plugin.version>
-    <maven-release-plugin.version>3.0.0-M1</maven-release-plugin.version>
-    <maven-shade-plugin.version>3.2.4</maven-shade-plugin.version>
-    <maven-source-plugin.version>3.2.1</maven-source-plugin.version>
-    <maven-surefire-plugin.version>3.0.0-M5</maven-surefire-plugin.version>
-    <nexus-staging-maven-plugin.version>1.6.8</nexus-staging-maven-plugin.version>
+    <maven-help-plugin.version>3.4.0</maven-help-plugin.version>
+    <maven-install-plugin.version>3.1.1</maven-install-plugin.version>
+    <maven-javadoc-plugin.version>3.6.3</maven-javadoc-plugin.version>
+    <maven-jar-plugin.version>3.3.0</maven-jar-plugin.version>
+    <maven-release-plugin.version>3.0.1</maven-release-plugin.version>
+    <maven-shade-plugin.version>3.5.1</maven-shade-plugin.version>
+    <maven-source-plugin.version>3.3.0</maven-source-plugin.version>
+    <maven-surefire-plugin.version>3.2.3</maven-surefire-plugin.version>
+    <nexus-staging-maven-plugin.version>1.6.13</nexus-staging-maven-plugin.version>
   </properties>
 
   <dependencyManagement>
@@ -131,6 +141,7 @@
       <dependency>
         <groupId>org.apache.cassandra</groupId>
         <artifactId>cassandra-all</artifactId>
+        <!-- Matches last zipkin test image (v2.23.7) -->
         <version>3.11.9</version>
         <exclusions>
           <exclusion>
@@ -143,11 +154,10 @@
           </exclusion>
         </exclusions>
       </dependency>
-      <!-- testcontainers 1.15+ no longer shades docker-java. This means conflicts with jackson. -->
       <dependency>
         <groupId>com.fasterxml.jackson</groupId>
         <artifactId>jackson-bom</artifactId>
-        <version>2.12.0</version>
+        <version>2.16.1</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -164,62 +174,48 @@
       <version>${brave.version}</version>
     </dependency>
 
-
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>${junit.version}</version>
-      <scope>test</scope>
-    </dependency>
-
     <dependency>
       <groupId>org.junit.jupiter</groupId>
       <artifactId>junit-jupiter</artifactId>
       <version>${junit-jupiter.version}</version>
       <scope>test</scope>
     </dependency>
-    <dependency>
-      <groupId>org.junit.vintage</groupId>
-      <artifactId>junit-vintage-engine</artifactId>
-      <version>${junit-jupiter.version}</version>
-      <scope>test</scope>
-    </dependency>
-    <!-- Current versions of JUnit5 provide the above junit-jupiter artifact for convenience, but we
-         may still have transitive dependencies on these older artifacts and have to make sure
-         they're all using the same version. -->
-    <dependency>
-      <groupId>org.junit.jupiter</groupId>
-      <artifactId>junit-jupiter-api</artifactId>
-      <version>${junit-jupiter.version}</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.junit.jupiter</groupId>
-      <artifactId>junit-jupiter-engine</artifactId>
-      <version>${junit-jupiter.version}</version>
-      <scope>test</scope>
-    </dependency>
     <dependency>
       <groupId>org.assertj</groupId>
       <artifactId>assertj-core</artifactId>
       <version>${assertj.version}</version>
+      <exclusions>
+        <!-- Use newer bytebuddy from mockito, which is JRE 21 compatible.
+             TODO: remove when assertj releases a new version -->
+        <exclusion>
+          <groupId>net.bytebuddy</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
+      </exclusions>
       <scope>test</scope>
     </dependency>
-    <!-- route jul over log4j2 during tests -->
+    <!-- Main code uses jul and tests log with log4j -->
+    <dependency>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-core</artifactId>
+      <version>${log4j.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <!-- route jul over log4j2 during integration tests -->
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-jul</artifactId>
       <version>${log4j.version}</version>
       <scope>test</scope>
     </dependency>
-    <!-- route log4j over log4j2 during tests -->
+    <!-- route log4j over log4j2 during integration tests -->
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-1.2-api</artifactId>
       <version>${log4j.version}</version>
       <scope>test</scope>
     </dependency>
-    <!-- route slf4j over log4j2 during tests -->
+    <!-- route slf4j over log4j2 during integration tests -->
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-slf4j-impl</artifactId>
@@ -231,16 +227,6 @@
   <build>
     <pluginManagement>
       <plugins>
-        <!-- mvn -N io.takari:maven:wrapper generates the ./mvnw script -->
-        <plugin>
-          <groupId>io.takari</groupId>
-          <artifactId>maven</artifactId>
-          <version>0.7.7</version>
-          <configuration>
-            <maven>3.6.3</maven>
-          </configuration>
-        </plugin>
-
         <!-- mvn de.qaware.maven:go-offline-maven-plugin:resolve-dependencies -->
         <plugin>
           <groupId>de.qaware.maven</groupId>
@@ -249,13 +235,6 @@
           <configuration>
             <!-- Add dependencies indirectly referenced by build plugins -->
             <dynamicDependencies>
-              <DynamicDependency>
-                <groupId>org.codehaus.mojo.signature</groupId>
-                <artifactId>${main.signature.artifact}</artifactId>
-                <version>1.0</version>
-                <type>signature</type>
-                <repositoryType>MAIN</repositoryType>
-              </DynamicDependency>
               <DynamicDependency>
                 <groupId>com.mycila</groupId>
                 <artifactId>license-maven-plugin-git</artifactId>
@@ -283,8 +262,6 @@
           <version>${maven-compiler-plugin.version}</version>
           <inherited>true</inherited>
           <configuration>
-            <source>${main.java.version}</source>
-            <target>${main.java.version}</target>
             <fork>true</fork>
             <showWarnings>true</showWarnings>
           </configuration>
@@ -372,7 +349,7 @@
 
         <plugin>
           <artifactId>maven-remote-resources-plugin</artifactId>
-          <version>1.7.0</version>
+          <version>3.1.0</version>
         </plugin>
       </plugins>
     </pluginManagement>
@@ -388,27 +365,6 @@
         <version>${maven-help-plugin.version}</version>
       </plugin>
 
-      <plugin>
-        <groupId>org.codehaus.mojo</groupId>
-        <artifactId>animal-sniffer-maven-plugin</artifactId>
-        <version>${animal-sniffer-maven-plugin.version}</version>
-        <configuration>
-          <signature>
-            <groupId>org.codehaus.mojo.signature</groupId>
-            <artifactId>${main.signature.artifact}</artifactId>
-            <version>1.0</version>
-          </signature>
-          <checkTestClasses>false</checkTestClasses>
-        </configuration>
-        <executions>
-          <execution>
-            <goals>
-              <goal>check</goal>
-            </goals>
-          </execution>
-        </executions>
-      </plugin>
-
       <plugin>
         <artifactId>maven-surefire-plugin</artifactId>
         <version>${maven-surefire-plugin.version}</version>
@@ -420,6 +376,7 @@
           <classpathDependencyExcludes>
             <classpathDependencyExclude>org.apache.logging.log4j:log4j-jul</classpathDependencyExclude>
           </classpathDependencyExcludes>
+          <argLine>${maven-surefire-plugin.argLine}</argLine>
         </configuration>
       </plugin>
 
@@ -441,15 +398,9 @@
           <reuseForks>false</reuseForks>
           <!-- workaround to SUREFIRE-1831 -->
           <useModulePath>false</useModulePath>
-          <!-- Brave and OkHttp MockWebServer log with java.util.logging. Adding the bridge allows
-               allows us to change scope and format via log4j2.properties -->
-          <systemPropertyVariables>
-            <java.util.logging.manager>org.apache.logging.log4j.jul.LogManager</java.util.logging.manager>
-          </systemPropertyVariables>
-          <!-- Corrupted STDOUT by directly writing to native stream in forked JVM SUREFIRE-1614 -->
-          <forkNode implementation="org.apache.maven.plugin.surefire.extensions.SurefireForkNodeFactory" />
           <!-- Ensure scope leak cause ends up in the console -->
           <trimStackTrace>false</trimStackTrace>
+          <argLine>${maven-failsafe-plugin.argLine}</argLine>
         </configuration>
       </plugin>
 
@@ -465,7 +416,9 @@
             <configuration>
               <rules>
                 <requireJavaVersion>
-                  <version>[11,16)</version>
+                  <!-- Change this to control LTS JDK versions allowed to build
+                       the project. Keep in sync with .github/workflows -->
+                  <version>[11,12),[17,18),[21,22)</version>
                 </requireJavaVersion>
               </rules>
             </configuration>
@@ -553,9 +506,10 @@
 
   <profiles>
     <profile>
-      <id>error-prone</id>
+      <id>error-prone-11+</id>
       <activation>
-        <activeByDefault>true</activeByDefault>
+        <!-- Only LTS versions -->
+        <jdk>[11,12),[17,18),[21,22)</jdk>
       </activation>
       <build>
         <plugins>
@@ -564,8 +518,6 @@
             <version>${maven-compiler-plugin.version}</version>
             <inherited>true</inherited>
             <configuration>
-              <source>${main.java.version}</source>
-              <target>${main.java.version}</target>
               <fork>true</fork>
               <showWarnings>true</showWarnings>
             </configuration>
@@ -582,6 +534,17 @@
                   <compilerArgs>
                     <arg>-XDcompilePolicy=simple</arg>
                     <arg>-Xplugin:ErrorProne ${errorprone.args}</arg>
+                    <!-- below needed for JDK16+ per https://errorprone.info/docs/installation -->
+                    <arg>-J--add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED</arg>
+                    <arg>-J--add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED</arg>
+                    <arg>-J--add-exports=jdk.compiler/com.sun.tools.javac.main=ALL-UNNAMED</arg>
+                    <arg>-J--add-exports=jdk.compiler/com.sun.tools.javac.model=ALL-UNNAMED</arg>
+                    <arg>-J--add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED</arg>
+                    <arg>-J--add-exports=jdk.compiler/com.sun.tools.javac.processing=ALL-UNNAMED</arg>
+                    <arg>-J--add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED</arg>
+                    <arg>-J--add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED</arg>
+                    <arg>-J--add-opens=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED</arg>
+                    <arg>-J--add-opens=jdk.compiler/com.sun.tools.javac.comp=ALL-UNNAMED</arg>
                   </compilerArgs>
                   <annotationProcessorPaths>
                     <processorPath>
@@ -609,16 +572,17 @@
             <configuration>
               <serverId>ossrh</serverId>
               <nexusUrl>https://oss.sonatype.org/</nexusUrl>
-              <!-- Double the normal timeout even though we haven't had a problem in this project.
-                   The only outcome of timing out client side is trying again. -->
-              <stagingProgressTimeoutMinutes>10</stagingProgressTimeoutMinutes>
+              <!-- Recent slowdowns with Sonatype staging have pushed latencies over 10-20 minutes.
+                   Increasing the timeout avoids failures and retries, which still often fail when
+                   Sonatype servers are overloaded. -->
+              <stagingProgressTimeoutMinutes>30</stagingProgressTimeoutMinutes>
               <autoReleaseAfterClose>true</autoReleaseAfterClose>
             </configuration>
           </plugin>
 
           <plugin>
             <artifactId>maven-gpg-plugin</artifactId>
-            <version>1.6</version>
+            <version>3.1.0</version>
             <executions>
               <execution>
                 <id>sign-artifacts</id>