diff --git a/pom.xml b/pom.xml
index d9554ac96..a56818b80 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,7 +11,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.6.6</version>
+        <version>2.7.1</version>
     </parent>
 
     <name>WebGoat</name>
@@ -119,7 +119,6 @@
         <webwolf.port>9090</webwolf.port>
 
         <!-- Shared properties with plugins and version numbers across submodules-->
-        <ant.version>1.6.5</ant.version>
         <asciidoctorj.version>2.5.2</asciidoctorj.version>
         <bootstrap.version>3.3.7</bootstrap.version>
         <cglib.version>2.2</cglib.version> <!-- do not update necessary for lesson -->
@@ -181,16 +180,6 @@
                 <artifactId>cglib-nodep</artifactId>
                 <version>${cglib.version}</version>
             </dependency>
-            <dependency>
-                <groupId>ant</groupId>
-                <artifactId>ant-launcher</artifactId>
-                <version>${ant.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>ant</groupId>
-                <artifactId>ant</artifactId>
-                <version>${ant.version}</version>
-            </dependency>
             <dependency>
                 <groupId>xml-resolver</groupId>
                 <artifactId>xml-resolver</artifactId>
@@ -452,14 +441,6 @@
             <groupId>cglib</groupId>
             <artifactId>cglib-nodep</artifactId>
         </dependency>
-        <dependency>
-            <groupId>ant</groupId>
-            <artifactId>ant-launcher</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>ant</groupId>
-            <artifactId>ant</artifactId>
-        </dependency>
         <dependency>
             <groupId>xml-resolver</groupId>
             <artifactId>xml-resolver</artifactId>
diff --git a/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java
index 9bc444627..7b502c887 100644
--- a/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java
+++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java
@@ -164,9 +164,10 @@ public class MD5 {
      * @since ostermillerutils 1.00.00
      */
     public static byte[] getHash(File f) throws IOException {
-        InputStream is = new FileInputStream(f);
-        byte[] hash = getHash(is);
-        is.close();
+        byte[] hash = null;
+        try (InputStream is = new FileInputStream(f)) {
+            hash = getHash(is);
+        }
         return hash;
     }
 
@@ -179,9 +180,10 @@ public class MD5 {
      * @since ostermillerutils 1.00.00
      */
     public static String getHashString(File f) throws IOException {
-        InputStream is = new FileInputStream(f);
-        String hash = getHashString(is);
-        is.close();
+        String hash = null;
+        try (InputStream is = new FileInputStream(f)) {
+            hash = getHashString(is);
+        }
         return hash;
     }
 
@@ -515,7 +517,7 @@ public class MD5 {
      * @since ostermillerutils 1.00.00
      */
     private static String toHex(byte hash[]) {
-        StringBuffer buf = new StringBuffer(hash.length * 2);
+        StringBuilder buf = new StringBuilder(hash.length * 2);
         for (byte element : hash) {
             int intVal = element & 0xff;
             if (intVal < 0x10) {
diff --git a/src/main/java/org/owasp/webgoat/lessons/client_side_filtering/Salaries.java b/src/main/java/org/owasp/webgoat/lessons/client_side_filtering/Salaries.java
index 55843baff..8ad86e647 100644
--- a/src/main/java/org/owasp/webgoat/lessons/client_side_filtering/Salaries.java
+++ b/src/main/java/org/owasp/webgoat/lessons/client_side_filtering/Salaries.java
@@ -76,10 +76,14 @@ public class Salaries {
         File d = new File(webGoatHomeDirectory, "ClientSideFiltering/employees.xml");
         XPathFactory factory = XPathFactory.newInstance();
         XPath path = factory.newXPath();
+        int columns = 5;
+        List<Map<String, Object>> json = new ArrayList<>();
+        java.util.Map<String, Object> employeeJson = new HashMap<>();
+
         try (InputStream is = new FileInputStream(d)) {
             InputSource inputSource = new InputSource(is);
 
-            StringBuffer sb = new StringBuffer();
+            StringBuilder sb = new StringBuilder();
 
             sb.append("/Employees/Employee/UserID | ");
             sb.append("/Employees/Employee/FirstName | ");
@@ -89,22 +93,19 @@ public class Salaries {
 
             String expression = sb.toString();
             nodes = (NodeList) path.evaluate(expression, inputSource, XPathConstants.NODESET);
+            for (int i = 0; i < nodes.getLength(); i++) {
+                if (i % columns == 0) {
+                    employeeJson = new HashMap<>();
+                    json.add(employeeJson);
+                }
+                Node node = nodes.item(i);
+                employeeJson.put(node.getNodeName(), node.getTextContent());
+            }
         } catch (XPathExpressionException e) {
             log.error("Unable to parse xml", e);
         } catch (IOException e) {
             log.error("Unable to read employees.xml at location: '{}'", d);
         }
-        int columns = 5;
-        List json = new ArrayList();
-        java.util.Map<String, Object> employeeJson = new HashMap<>();
-        for (int i = 0; i < nodes.getLength(); i++) {
-            if (i % columns == 0) {
-                employeeJson = new HashMap<>();
-                json.add(employeeJson);
-            }
-            Node node = nodes.item(i);
-            employeeJson.put(node.getNodeName(), node.getTextContent());
-        }
         return json;
     }
 }
diff --git a/src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswordsAssignment.java b/src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswordsAssignment.java
index ac8ba7f1f..c8108237f 100644
--- a/src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswordsAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswordsAssignment.java
@@ -42,7 +42,7 @@ public class SecurePasswordsAssignment extends AssignmentEndpoint {
     @ResponseBody
     public AttackResult completed(@RequestParam String password) {
         Zxcvbn zxcvbn = new Zxcvbn();
-        StringBuffer output = new StringBuffer();
+        StringBuilder output = new StringBuilder();
         DecimalFormat df = new DecimalFormat("0", DecimalFormatSymbols.getInstance(Locale.ENGLISH));
         df.setMaximumFractionDigits(340);
         Strength strength = zxcvbn.measure(password);
diff --git a/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java
index 819b460fe..943d44570 100644
--- a/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java
@@ -68,7 +68,7 @@ public class SqlInjectionLesson6a extends AssignmentEndpoint {
 
                 if ((results != null) && (results.first())) {
                     ResultSetMetaData resultsMetaData = results.getMetaData();
-                    StringBuffer output = new StringBuffer();
+                    StringBuilder output = new StringBuilder();
 
                     output.append(SqlInjectionLesson5a.writeTable(results, resultsMetaData));
 
diff --git a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java
index a4b5e94ab..bc5141068 100644
--- a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java
@@ -54,7 +54,7 @@ public class SqlInjectionLesson10 extends AssignmentEndpoint {
     }
 
     protected AttackResult injectableQueryAvailability(String action) {
-        StringBuffer output = new StringBuffer();
+        StringBuilder output = new StringBuilder();
         String query = "SELECT * FROM access_log WHERE action LIKE '%" + action + "%'";
 
         try (Connection connection = dataSource.getConnection()) {
diff --git a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java
index 9bc3a335d..4a8d5f250 100644
--- a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java
@@ -60,7 +60,7 @@ public class SqlInjectionLesson2 extends AssignmentEndpoint {
         try (var connection = dataSource.getConnection()) {
             Statement statement = connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY);
             ResultSet results = statement.executeQuery(query);
-            StringBuffer output = new StringBuffer();
+            StringBuilder output = new StringBuilder();
 
             results.first();
 
diff --git a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java
index eba5c2f98..e67275535 100644
--- a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java
@@ -64,7 +64,7 @@ public class SqlInjectionLesson3 extends AssignmentEndpoint {
                         CONCUR_READ_ONLY);
                 statement.executeUpdate(query);
                 ResultSet results = checkStatement.executeQuery("SELECT * FROM employees WHERE last_name='Barnett';");
-                StringBuffer output = new StringBuffer();
+                StringBuilder output = new StringBuilder();
                 // user completes lesson if the department of Tobi Barnett now is 'Sales'
                 results.first();
                 if (results.getString("department").equals("Sales")) {
diff --git a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java
index 42ef23b84..101725c92 100644
--- a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java
@@ -63,7 +63,7 @@ public class SqlInjectionLesson4 extends AssignmentEndpoint {
                 statement.executeUpdate(query);
                 connection.commit();
                 ResultSet results = statement.executeQuery("SELECT phone from employees;");
-                StringBuffer output = new StringBuffer();
+                StringBuilder output = new StringBuilder();
                 // user completes lesson if column phone exists
                 if (results.first()) {
                     output.append("<span class='feedback-positive'>" + query + "</span>");
diff --git a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java
index fc1b37a72..c7514ff10 100644
--- a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java
@@ -72,7 +72,7 @@ public class SqlInjectionLesson5b extends AssignmentEndpoint {
 
                 if ((results != null) && (results.first() == true)) {
                     ResultSetMetaData resultsMetaData = results.getMetaData();
-                    StringBuffer output = new StringBuffer();
+                    StringBuilder output = new StringBuilder();
 
                     output.append(SqlInjectionLesson5a.writeTable(results, resultsMetaData));
                     results.last();
diff --git a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java
index 949ba155e..90c1c911d 100644
--- a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java
@@ -56,7 +56,7 @@ public class SqlInjectionLesson8 extends AssignmentEndpoint {
     }
 
     protected AttackResult injectableQueryConfidentiality(String name, String auth_tan) {
-        StringBuffer output = new StringBuffer();
+        StringBuilder output = new StringBuilder();
         String query = "SELECT * FROM employees WHERE last_name = '" + name + "' AND auth_tan = '" + auth_tan + "'";
 
         try (Connection connection = dataSource.getConnection()) {
@@ -98,7 +98,7 @@ public class SqlInjectionLesson8 extends AssignmentEndpoint {
         ResultSetMetaData resultsMetaData = results.getMetaData();
         int numColumns = resultsMetaData.getColumnCount();
         results.beforeFirst();
-        StringBuffer table = new StringBuffer();
+        StringBuilder table = new StringBuilder();
         table.append("<table>");
 
         if (results.next()) {
diff --git a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java
index 77dab2cea..16b60b19d 100644
--- a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java
@@ -57,7 +57,7 @@ public class SqlInjectionLesson9 extends AssignmentEndpoint {
     }
 
     protected AttackResult injectableQueryIntegrity(String name, String auth_tan) {
-        StringBuffer output = new StringBuffer();
+        StringBuilder output = new StringBuilder();
         String query = "SELECT * FROM employees WHERE last_name = '" + name + "' AND auth_tan = '" + auth_tan + "'";
         try (Connection connection = dataSource.getConnection()) {
             try {
@@ -86,7 +86,7 @@ public class SqlInjectionLesson9 extends AssignmentEndpoint {
         }
     }
 
-    private AttackResult checkSalaryRanking(Connection connection, StringBuffer output) {
+    private AttackResult checkSalaryRanking(Connection connection, StringBuilder output) {
         try {
             String query = "SELECT * FROM employees ORDER BY salary DESC";
             try (Statement statement = connection.createStatement(TYPE_SCROLL_SENSITIVE, CONCUR_UPDATABLE);
diff --git a/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java
index 5b797db24..6f12b3d9d 100644
--- a/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java
+++ b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java
@@ -43,7 +43,7 @@ public class SSRFTask1 extends AssignmentEndpoint {
 
     protected AttackResult stealTheCheese(String url) {
         try {
-            StringBuffer html = new StringBuffer();
+            StringBuilder html = new StringBuilder();
 
             if (url.matches("images/tom.png")) {
                 html.append("<img class=\"image\" alt=\"Tom\" src=\"images/tom.png\" width=\"25%\" height=\"25%\">");
diff --git a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java
index 6c679c819..9a7c1135a 100644
--- a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java
@@ -61,7 +61,7 @@ public class CrossSiteScriptingLesson5a extends AssignmentEndpoint {
         double totalSale = QTY1.intValue() * 69.99 + QTY2.intValue() * 27.99 + QTY3.intValue() * 1599.99 + QTY4.intValue() * 299.99;
 
         userSessionData.setValue("xss-reflected1-complete", "false");
-        StringBuffer cart = new StringBuffer();
+        StringBuilder cart = new StringBuilder();
         cart.append("Thank you for shopping at WebGoat. <br />Your support is appreciated<hr />");
         cart.append("<p>We have charged credit card:" + field1 + "<br />");
         cart.append("                             ------------------- <br />");
diff --git a/src/main/resources/lessons/client_side_filtering/lessonSolutions/en/ClientSideFiltering.html b/src/main/resources/lessons/client_side_filtering/lessonSolutions/en/ClientSideFiltering.html
index 3a67cfb18..3dc36ab2d 100644
--- a/src/main/resources/lessons/client_side_filtering/lessonSolutions/en/ClientSideFiltering.html
+++ b/src/main/resources/lessons/client_side_filtering/lessonSolutions/en/ClientSideFiltering.html
@@ -51,7 +51,7 @@ even if it is hidden it is easy to find the sensitive date. In this
 stage you will add a filter to the XPath queries. In this file you will find 
 following construct:<br><br></p>
 <code>
-	StringBuffer sb = new StringBuffer();<br>
+	StringBuilder sb = new StringBuilder();<br>
 	
 	sb.append("/Employees/Employee/UserID | ");<br>
 	sb.append("/Employees/Employee/FirstName | ");<br>
@@ -66,7 +66,7 @@ This string will be used for the XPath query. You have to guarantee that a mange
 can see employees which are working for him. To archive this you can use
 filters in XPath. Following code will exactly do this:</p>
 <code>
-	StringBuffer sb = new StringBuffer();<br>
+	StringBuilder sb = new StringBuilder();<br>
 	
 	sb.append("/Employees/Employee[Managers/Manager/text() = " + userId + "]/UserID | ");<br>
 	sb.append("/Employees/Employee[Managers/Manager/text() = " + userId + "]/FirstName | ");<br>
@@ -81,4 +81,4 @@ Now only information is sent to your client you are authorized for. You can clic
 </p>
 
 </body>
-</html>
\ No newline at end of file
+</html>
diff --git a/src/main/resources/webgoat/static/js/libs/mode-java.js b/src/main/resources/webgoat/static/js/libs/mode-java.js
index 779ede26c..3374fdcf0 100644
--- a/src/main/resources/webgoat/static/js/libs/mode-java.js
+++ b/src/main/resources/webgoat/static/js/libs/mode-java.js
@@ -831,7 +831,7 @@ var JavaHighlightRules = function() {
         "Readable|Runtime|StringBuilder|Math|IncompatibleClassChangeError|"+
         "NoSuchMethodError|ThreadLocal|RuntimePermission|ArithmeticException|"+
         "NullPointerException|Long|Integer|Short|Byte|Double|Number|Float|"+
-        "Character|Boolean|StackTraceElement|Appendable|StringBuffer|"+
+        "Character|Boolean|StackTraceElement|Appendable|StringBuilder|"+
         "Iterable|ThreadGroup|Runnable|Thread|IllegalMonitorStateException|"+
         "StackOverflowError|OutOfMemoryError|VirtualMachineError|"+
         "ArrayStoreException|ClassCastException|LinkageError|"+
diff --git a/src/main/resources/webgoat/static/js/libs/text.js b/src/main/resources/webgoat/static/js/libs/text.js
index 4c311edce..2743b46c7 100644
--- a/src/main/resources/webgoat/static/js/libs/text.js
+++ b/src/main/resources/webgoat/static/js/libs/text.js
@@ -311,14 +311,14 @@ define(['module'], function (module) {
             typeof Packages !== 'undefined' && typeof java !== 'undefined')) {
         //Why Java, why is this so awkward?
         text.get = function (url, callback) {
-            var stringBuffer, line,
+            var stringBuilder, line,
                 encoding = "utf-8",
                 file = new java.io.File(url),
                 lineSeparator = java.lang.System.getProperty("line.separator"),
                 input = new java.io.BufferedReader(new java.io.InputStreamReader(new java.io.FileInputStream(file), encoding)),
                 content = '';
             try {
-                stringBuffer = new java.lang.StringBuffer();
+                stringBuilder = new java.lang.StringBuilder();
                 line = input.readLine();
 
                 // Byte Order Mark (BOM) - The Unicode Standard, version 3.0, page 324
@@ -334,15 +334,15 @@ define(['module'], function (module) {
                 }
 
                 if (line !== null) {
-                    stringBuffer.append(line);
+                    stringBuilder.append(line);
                 }
 
                 while ((line = input.readLine()) !== null) {
-                    stringBuffer.append(lineSeparator);
-                    stringBuffer.append(line);
+                    stringBuilder.append(lineSeparator);
+                    stringBuilder.append(line);
                 }
                 //Make sure we return a JavaScript string and not a Java string.
-                content = String(stringBuffer.toString()); //String
+                content = String(stringBuilder.toString()); //String
             } finally {
                 input.close();
             }