diff --git a/pom.xml b/pom.xml
index 37187903d..661519330 100644
--- a/pom.xml
+++ b/pom.xml
@@ -134,9 +134,9 @@
         <version.findsecbugs>2.0.0-M3</version.findsecbugs>
         <version.fluido>2.0.0-M9</version.fluido>
         <version.powermock>2.0.9</version.powermock>
-        <version.spotbugs>4.8.5</version.spotbugs>
-        <version.spotbugs.maven>4.8.5.0</version.spotbugs.maven>
-        <version.surefire>3.2.5</version.surefire>
+        <version.spotbugs>4.8.6</version.spotbugs>
+        <version.spotbugs.maven>4.8.6.2</version.spotbugs.maven>
+        <version.surefire>3.3.0</version.surefire>
         <project.java.target>1.8</project.java.target>
             <!-- TODO: Be sure to update. Should be date of previous official release -->
             <!-- Exact date in the form 'yyyy-dd-yy 00:00:00' should be used. You can find the previous release date -->
@@ -233,7 +233,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-collections4</artifactId>
-            <version>4.5.0-M1</version>
+            <version>4.5.0-M2</version>
         </dependency>
         <dependency>
             <groupId>org.apache-extras.beanshell</groupId>
@@ -243,7 +243,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.7.5</version>
+            <version>1.7.6</version>
             <exclusions>
                 <!-- excluded because we directly import newer version below. -->
                 <exclusion>
@@ -274,21 +274,6 @@
             <version>1.4.01</version>
         </dependency>
 
-        <!--
-             FORCE SPECIFIC VERSIONS OF TRANSITIVE DEPENDENCIES EXCLUDED ABOVE.
-             This is to force patched versions of these libraries with known CVEs against them.
-        -->
-        <dependency>
-            <!-- We include this, because Commons File Upload still includes an
-                 old one, but AntiSamy 1.7.4 includes a newer one (2.14.0), which causes the goal
-                 org.apache.maven.plugins:maven-enforcer-plugin:3.3.0:enforce to fail
-                 in DependencyConvergence.
-            -->
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>2.15.1</version>
-        </dependency>
-
         <!-- SpotBugs dependencies -->
         <dependency>
             <groupId>com.github.spotbugs</groupId>
@@ -423,17 +408,17 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-dependency-plugin</artifactId>
-                    <version>3.6.1</version>
+                    <version>3.7.1</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-release-plugin</artifactId>
-                    <version>3.0.1</version>
+                    <version>3.1.0</version>
                 </plugin>
                 <plugin>
                      <groupId>org.codehaus.mojo</groupId>
                      <artifactId>versions-maven-plugin</artifactId>
-                     <version>2.16.2</version>
+                     <version>2.17.0</version>
                      <configuration>
                          <rulesUri>file:${project.basedir}/versionRuleset.xml</rulesUri>
                      </configuration>
@@ -488,7 +473,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-clean-plugin</artifactId>
-                <version>3.3.2</version>
+                <version>3.4.0</version>
             </plugin>
 
             <plugin>
@@ -543,7 +528,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-enforcer-plugin</artifactId>
-                <version>3.4.1</version>
+                <version>3.5.0</version>
                 <dependencies>
                   <dependency>
                     <groupId>org.codehaus.mojo</groupId>
@@ -553,7 +538,7 @@
                   <dependency>
                     <groupId>org.codehaus.mojo</groupId>
                     <artifactId>animal-sniffer-enforcer-rule</artifactId>
-                    <version>1.23</version>
+                    <version>1.24</version>
                   </dependency>
                 </dependencies>
 
@@ -636,7 +621,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
-                <version>3.4.1</version>
+                <version>3.4.2</version>
                 <configuration>
                     <archive>
                         <manifest>
@@ -648,9 +633,9 @@
             </plugin>
 
             <plugin>
-               <groupId>org.apache.maven.plugins</groupId>
-               <artifactId>maven-javadoc-plugin</artifactId>
-               <version>3.6.3</version>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+               <version>3.7.0</version>
                <configuration>
                  <source>8</source>
                  <doclint>none</doclint>
@@ -668,19 +653,19 @@
             <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-jxr-plugin</artifactId>
-              <version>3.3.2</version>
+              <version>3.4.0</version>
             </plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-pmd-plugin</artifactId>
-                <version>3.22.0</version>
+                <version>3.23.0</version>
             </plugin>
 
             <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-project-info-reports-plugin</artifactId>
-               <version>3.5.0</version>
+               <version>3.6.1</version>
             </plugin>
 
             <plugin>
@@ -694,7 +679,7 @@
                      The skin is referenced in src/site/site.xml. -->
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-site-plugin</artifactId>
-                <version>4.0.0-M14</version>
+                <version>4.0.0-M15</version>
                 <dependencies>
                     <dependency>
                         <groupId>org.apache.maven.skins</groupId>
@@ -755,7 +740,7 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>9.2.0</version>
+                <version>10.0.2</version>
                 <configuration>
                     <nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
                     <failBuildOnCVSS>1.0</failBuildOnCVSS>
diff --git a/src/main/resources/META-INF/esapi.tld b/src/main/resources/META-INF/esapi.tld
index 596acb9c8..1a730f420 100644
--- a/src/main/resources/META-INF/esapi.tld
+++ b/src/main/resources/META-INF/esapi.tld
@@ -7,7 +7,7 @@
   ~ Enterprise Security API (ESAPI) project. For details, please see
   ~ <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
   ~
-  ~ Copyright (c) 2007 - The OWASP Foundation
+  ~ Copyright (c) 2007-2024 - The OWASP Foundation
   ~
   ~ The ESAPI is published by OWASP under the BSD license. You should read and accept the
   ~ LICENSE before you use, modify, and/or redistribute this software.
@@ -22,7 +22,7 @@
 	xsi:schemaLocation="
 		http://java.sun.com/xml/ns/j2ee
 		http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
-	version="2.0">
+	version="2.x">
 	<description>
 		OWASP Enterprise Security API (ESAPI) provides
 		a JSP Tag Library that supplies easy access to
@@ -30,6 +30,8 @@
 		functions. These can be used to properly escape user
 		supplied data at display time so that it cannot be used
 		in injection attacks like Cross Site Scripting (XSS).
+        This tag library applies to all of ESAPI 2.x versions. Its
+        interface hasn't changed since 2.0.
 	</description>
 	<display-name>OWASP ESAPI</display-name>
 	<tlib-version>2.0</tlib-version>