diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..c2b928dc
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,44 @@
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+      timezone: "UTC"
+    groups:
+      java-test-dependencies:
+        patterns:
+          - "org.junit.jupiter:*"
+          - "org.mockito:*"
+          - "org.hamcrest:*"
+          - "com.google.jimfs:jimfs"
+      maven-build-plugins:
+        patterns:
+          - "org.apache.maven.plugins:*"
+          - "org.jacoco:jacoco-maven-plugin"
+          - "org.owasp:dependency-check-maven"
+      java-production-dependencies:
+        patterns:
+          - "*"
+        exclude-patterns:
+          - "org.apache.maven.plugins:*"
+          - "org.jacoco:jacoco-maven-plugin"
+          - "org.owasp:dependency-check-maven"
+          - "org.junit.jupiter:*"
+          - "org.mockito:*"
+          - "org.hamcrest:*"
+          - "com.google.jimfs:jimfs"
+
+
+  - package-ecosystem: "github-actions"
+    directory: "/" # even for `.github/workflows`
+    schedule:
+      interval: "monthly"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
+    labels:
+      - "ci"
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8d9f79be..fa25f713 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -5,11 +5,11 @@ jobs:
   build:
     name: Build and Test
     runs-on: ubuntu-latest
-    if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
            fetch-depth: 0
+           show-progress: false
       - uses: actions/setup-java@v3
         with:
           java-version: 17
@@ -29,7 +29,7 @@ jobs:
           mvn -B verify
           jacoco:report
           org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
-          -Pcoverage,dependency-check
+          -Pcoverage
           -Dsonar.projectKey=cryptomator_cryptofs
           -Dsonar.organization=cryptomator
           -Dsonar.host.url=https://sonarcloud.io
@@ -40,12 +40,10 @@ jobs:
         with:
           name: artifacts
           path: target/*.jar
-      - name: Create Release
-        uses: actions/create-release@v1 #NOTE: action is archived and unmaintained
+      - name: Create release
         if: startsWith(github.ref, 'refs/tags/')
-        env:
-          GITHUB_TOKEN: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} # release as "cryptobot"
+        uses: softprops/action-gh-release@v1
         with:
-          tag_name: ${{ github.ref }}
-          release_name: Release ${{ github.ref }}
+          token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
+          generate_release_notes: true
           prerelease: true
\ No newline at end of file
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index c9c1a68c..b90c55f8 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -13,11 +13,13 @@ jobs:
   analyse:
     name: Analyse
     runs-on: ubuntu-latest
-    if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
+    # dependeabot has on push events only read-only access, but codeql requires write access
+    if: ${{ !(github.actor == 'dependabot[bot]' && contains(fromJSON('["push"]'), github.event_name)) }}
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 2
+        show-progress: false
     - uses: actions/setup-java@v3
       with:
         java-version: 17
@@ -27,7 +29,7 @@ jobs:
       uses: github/codeql-action/init@v2
       with:
         languages: java
-    - name: Build and Test
+    - name: Build
       run: mvn -B install -DskipTests
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2
\ No newline at end of file
diff --git a/.github/workflows/publish-central.yml b/.github/workflows/publish-central.yml
index 35deee11..3260070c 100644
--- a/.github/workflows/publish-central.yml
+++ b/.github/workflows/publish-central.yml
@@ -10,9 +10,10 @@ jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: "refs/tags/${{ github.event.inputs.tag }}"
+          show-progress: false
       - uses: actions/setup-java@v3
         with:
           java-version: 17
diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml
index 6a9b3e33..37166beb 100644
--- a/.github/workflows/publish-github.yml
+++ b/.github/workflows/publish-github.yml
@@ -7,7 +7,9 @@ jobs:
     runs-on: ubuntu-latest
     if: startsWith(github.ref, 'refs/tags/') # only allow publishing tagged versions
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+        with:
+          show-progress: false
       - uses: actions/setup-java@v3
         with:
           java-version: 17
diff --git a/.idea/misc.xml b/.idea/misc.xml
index 58ff93ce..67e1e611 100644
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -1,5 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
+  <component name="ExternalStorageConfigurationManager" enabled="true" />
   <component name="MavenProjectsManager">
     <option name="originalFiles">
       <list>
diff --git a/pom.xml b/pom.xml
index 831af0b3..1b93bbea 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,7 +2,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>cryptofs</artifactId>
-	<version>2.6.7</version>
+	<version>2.6.8</version>
 	<name>Cryptomator Crypto Filesystem</name>
 	<description>This library provides the Java filesystem provider used by Cryptomator.</description>
 	<url>https://github.com/cryptomator/cryptofs</url>
@@ -20,19 +20,21 @@
 		<!-- dependencies -->
 		<cryptolib.version>2.1.2</cryptolib.version>
 		<jwt.version>4.4.0</jwt.version>
-		<dagger.version>2.44.2</dagger.version>
-		<guava.version>32.0.0-jre</guava.version>
-		<caffeine.version>3.1.4</caffeine.version>
-		<slf4j.version>2.0.3</slf4j.version>
+		<dagger.version>2.48.1</dagger.version>
+		<guava.version>32.1.3-jre</guava.version>
+		<caffeine.version>3.1.8</caffeine.version>
+		<slf4j.version>2.0.9</slf4j.version>
 
 		<!-- test dependencies -->
-		<junit.jupiter.version>5.9.1</junit.jupiter.version>
-		<mockito.version>4.9.0</mockito.version>
+		<junit.jupiter.version>5.10.1</junit.jupiter.version>
+		<mockito.version>5.2.0</mockito.version>
 		<hamcrest.version>2.2</hamcrest.version>
+		<jimfs.version>1.3.0</jimfs.version>
 
 		<!-- build plugin dependencies -->
-		<dependency-check.version>8.1.2</dependency-check.version>
-		<jacoco.version>0.8.8</jacoco.version>
+		<dependency-check.version>9.0.1</dependency-check.version>
+		<junit-tree-reporter.version>1.2.1</junit-tree-reporter.version>
+		<jacoco.version>0.8.11</jacoco.version>
 		<nexus-staging.version>1.6.13</nexus-staging.version>
 	</properties>
 
@@ -131,7 +133,7 @@
 		<dependency>
 			<groupId>com.google.jimfs</groupId>
 			<artifactId>jimfs</artifactId>
-			<version>1.2</version>
+			<version>${jimfs.version}</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
@@ -141,7 +143,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.10.1</version>
+				<version>3.11.0</version>
 				<configuration>
 					<showWarnings>true</showWarnings>
 					<annotationProcessorPaths>
@@ -156,11 +158,24 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-surefire-plugin</artifactId>
-				<version>3.0.0-M7</version>
+				<version>3.2.2</version>
+				<dependencies>
+					<dependency>
+						<groupId>me.fabriciorby</groupId>
+						<artifactId>maven-surefire-junit5-tree-reporter</artifactId>
+						<version>${junit-tree-reporter.version}</version>
+					</dependency>
+				</dependencies>
 				<configuration>
 					<systemPropertyVariables>
 						<org.slf4j.simpleLogger.defaultLogLevel>ERROR</org.slf4j.simpleLogger.defaultLogLevel>
 					</systemPropertyVariables>
+					<consoleOutputReporter>
+						<disable>true</disable>
+					</consoleOutputReporter>
+					<statelessTestsetInfoReporter
+							implementation="org.apache.maven.plugin.surefire.extensions.junit5.JUnit5StatelessTestsetInfoTreeReporter">
+					</statelessTestsetInfoReporter>
 				</configuration>
 			</plugin>
 			<plugin>
@@ -170,7 +185,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-source-plugin</artifactId>
-				<version>3.2.1</version>
+				<version>3.3.0</version>
 				<executions>
 					<execution>
 						<id>attach-sources</id>
@@ -182,7 +197,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>3.4.1</version>
+				<version>3.6.2</version>
 				<executions>
 					<execution>
 						<id>attach-javadocs</id>
@@ -283,7 +298,7 @@
 				<plugins>
 					<plugin>
 						<artifactId>maven-gpg-plugin</artifactId>
-						<version>3.0.1</version>
+						<version>3.1.0</version>
 						<executions>
 							<execution>
 								<id>sign-artifacts</id>
diff --git a/src/main/java/org/cryptomator/cryptofs/CryptoPathMapper.java b/src/main/java/org/cryptomator/cryptofs/CryptoPathMapper.java
index 8e3b8120..c725611e 100644
--- a/src/main/java/org/cryptomator/cryptofs/CryptoPathMapper.java
+++ b/src/main/java/org/cryptomator/cryptofs/CryptoPathMapper.java
@@ -8,7 +8,7 @@
  *******************************************************************************/
 package org.cryptomator.cryptofs;
 
-import com.github.benmanes.caffeine.cache.Cache;
+import com.github.benmanes.caffeine.cache.AsyncCache;
 import com.github.benmanes.caffeine.cache.Caffeine;
 import com.github.benmanes.caffeine.cache.LoadingCache;
 import com.google.common.io.BaseEncoding;
@@ -20,7 +20,6 @@
 
 import javax.inject.Inject;
 import java.io.IOException;
-import java.io.UncheckedIOException;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.FileAlreadyExistsException;
 import java.nio.file.Files;
@@ -31,6 +30,7 @@
 import java.time.Duration;
 import java.util.Objects;
 import java.util.Optional;
+import java.util.concurrent.CompletableFuture;
 
 import static org.cryptomator.cryptofs.common.Constants.DATA_DIR_NAME;
 
@@ -48,7 +48,7 @@ public class CryptoPathMapper {
 	private final LongFileNameProvider longFileNameProvider;
 	private final VaultConfig vaultConfig;
 	private final LoadingCache<DirIdAndName, String> ciphertextNames;
-	private final Cache<CryptoPath, CiphertextDirectory> ciphertextDirectories;
+	private final AsyncCache<CryptoPath, CiphertextDirectory> ciphertextDirectories;
 
 	private final CiphertextDirectory rootDirectory;
 
@@ -60,7 +60,7 @@ public class CryptoPathMapper {
 		this.longFileNameProvider = longFileNameProvider;
 		this.vaultConfig = vaultConfig;
 		this.ciphertextNames = Caffeine.newBuilder().maximumSize(MAX_CACHED_CIPHERTEXT_NAMES).build(this::getCiphertextFileName);
-		this.ciphertextDirectories = Caffeine.newBuilder().maximumSize(MAX_CACHED_DIR_PATHS).expireAfterWrite(MAX_CACHE_AGE).build();
+		this.ciphertextDirectories = Caffeine.newBuilder().maximumSize(MAX_CACHED_DIR_PATHS).expireAfterWrite(MAX_CACHE_AGE).buildAsync();
 		this.rootDirectory = resolveDirectory(Constants.ROOT_DIR_ID);
 	}
 
@@ -123,7 +123,7 @@ public CiphertextFilePath getCiphertextFilePath(CryptoPath cleartextPath) throws
 		String cleartextName = cleartextPath.getFileName().toString();
 		return getCiphertextFilePath(parent.path, parent.dirId, cleartextName);
 	}
-	
+
 	public CiphertextFilePath getCiphertextFilePath(Path parentCiphertextDir, String parentDirId, String cleartextName) {
 		String ciphertextName = ciphertextNames.get(new DirIdAndName(parentDirId, cleartextName));
 		Path c9rPath = parentCiphertextDir.resolve(ciphertextName);
@@ -140,14 +140,13 @@ private String getCiphertextFileName(DirIdAndName dirIdAndName) {
 	}
 
 	public void invalidatePathMapping(CryptoPath cleartextPath) {
-		ciphertextDirectories.invalidate(cleartextPath);
+		ciphertextDirectories.asMap().remove(cleartextPath);
 	}
-	
+
 	public void movePathMapping(CryptoPath cleartextSrc, CryptoPath cleartextDst) {
-		CiphertextDirectory cachedValue = ciphertextDirectories.getIfPresent(cleartextSrc);
+		var cachedValue = ciphertextDirectories.asMap().remove(cleartextSrc);
 		if (cachedValue != null) {
 			ciphertextDirectories.put(cleartextDst, cachedValue);
-			ciphertextDirectories.invalidate(cleartextSrc);
 		}
 	}
 
@@ -157,17 +156,15 @@ public CiphertextDirectory getCiphertextDir(CryptoPath cleartextPath) throws IOE
 		if (parentPath == null) {
 			return rootDirectory;
 		} else {
-			try {
-				return ciphertextDirectories.get(cleartextPath, p -> {
-					try {
-						Path dirFile = getCiphertextFilePath(p).getDirFilePath();
-						return resolveDirectory(dirFile);
-					} catch (IOException e) {
-						throw new UncheckedIOException(e);
-					}
-				});
-			} catch (UncheckedIOException e) {
-				throw new IOException(e);
+			var lazyEntry = new CompletableFuture<CiphertextDirectory>();
+			var priorEntry = ciphertextDirectories.asMap().putIfAbsent(cleartextPath, lazyEntry);
+			if (priorEntry != null) {
+				return priorEntry.join();
+			} else {
+				Path dirFile = getCiphertextFilePath(cleartextPath).getDirFilePath();
+				CiphertextDirectory cipherDir = resolveDirectory(dirFile);
+				lazyEntry.complete(cipherDir);
+				return cipherDir;
 			}
 		}
 	}
diff --git a/src/test/java/org/cryptomator/cryptofs/CryptoFileSystemImplTest.java b/src/test/java/org/cryptomator/cryptofs/CryptoFileSystemImplTest.java
index 12cc3ef2..e694130f 100644
--- a/src/test/java/org/cryptomator/cryptofs/CryptoFileSystemImplTest.java
+++ b/src/test/java/org/cryptomator/cryptofs/CryptoFileSystemImplTest.java
@@ -49,6 +49,7 @@
 import java.nio.file.attribute.BasicFileAttributes;
 import java.nio.file.attribute.DosFileAttributeView;
 import java.nio.file.attribute.DosFileAttributes;
+import java.nio.file.attribute.FileAttribute;
 import java.nio.file.attribute.FileOwnerAttributeView;
 import java.nio.file.attribute.FileTime;
 import java.nio.file.attribute.GroupPrincipal;
@@ -71,6 +72,7 @@
 import static org.hamcrest.Matchers.contains;
 import static org.hamcrest.Matchers.containsInAnyOrder;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.isA;
 import static org.mockito.Mockito.doAnswer;
 import static org.mockito.Mockito.doNothing;
 import static org.mockito.Mockito.doThrow;
@@ -454,7 +456,7 @@ public void setup() throws IOException {
 			when(ciphertextPath.getFilePath()).thenReturn(ciphertextFilePath);
 			when(openCryptoFiles.getOrCreate(ciphertextFilePath)).thenReturn(openCryptoFile);
 			when(ciphertextFilePath.getName(3)).thenReturn(mock(CryptoPath.class, "path.c9r"));
-			when(openCryptoFile.newFileChannel(any(), any())).thenReturn(fileChannel);
+			when(openCryptoFile.newFileChannel(any(), any(FileAttribute[].class))).thenReturn(fileChannel);
 		}
 
 		@Nested
@@ -861,7 +863,7 @@ public class Copy {
 			private final CryptoPath cleartextTargetParent = mock(CryptoPath.class, "cleartextTargetParent");
 			private final Path ciphertextTargetParent = mock(Path.class, "ciphertextTargetParent");
 			private final Path ciphertextTargetDirParent = mock(Path.class, "ciphertextTargetDirParent");
-			private final FileChannel ciphertextTargetDirFileChannel = mock(FileChannel.class);
+			private final FileChannel ciphertextTargetDirDirFileFileChannel = mock(FileChannel.class);
 
 			@BeforeEach
 			public void setup() throws IOException, ReflectiveOperationException {
@@ -872,7 +874,7 @@ public void setup() throws IOException, ReflectiveOperationException {
 
 				when(cryptoPathMapper.getCiphertextDir(cleartextTargetParent)).thenReturn(new CiphertextDirectory("41", ciphertextTargetParent));
 				when(cryptoPathMapper.getCiphertextDir(cleartextDestination)).thenReturn(new CiphertextDirectory("42", ciphertextDestinationDir));
-				when(physicalFsProv.newFileChannel(Mockito.same(ciphertextDestinationDirFile), Mockito.anySet(), Mockito.any())).thenReturn(ciphertextTargetDirFileChannel);
+				when(physicalFsProv.newFileChannel(Mockito.same(ciphertextDestinationDirFile), Mockito.anySet(), Mockito.any())).thenReturn(ciphertextTargetDirDirFileFileChannel);
 			}
 
 			@Test
@@ -954,6 +956,7 @@ public void copyFile() throws IOException {
 
 			@Test
 			public void copyDirectory() throws IOException {
+				when(physicalFsProv.newFileChannel(Mockito.eq(ciphertextDestinationDirFile), Mockito.any(), any(FileAttribute[].class))).thenReturn(ciphertextTargetDirDirFileFileChannel);
 				when(cryptoPathMapper.getCiphertextFileType(cleartextSource)).thenReturn(CiphertextFileType.DIRECTORY);
 				when(cryptoPathMapper.getCiphertextFileType(cleartextDestination)).thenThrow(NoSuchFileException.class);
 				Mockito.doThrow(new NoSuchFileException("ciphertextDestinationDirFile")).when(physicalFsProv).checkAccess(ciphertextDestinationFile);
@@ -961,7 +964,7 @@ public void copyDirectory() throws IOException {
 				inTest.copy(cleartextSource, cleartextDestination);
 
 				verify(readonlyFlag, atLeast(1)).assertWritable();
-				verify(ciphertextTargetDirFileChannel).write(any(ByteBuffer.class));
+				verify(ciphertextTargetDirDirFileFileChannel).write(any(ByteBuffer.class));
 				verify(physicalFsProv).createDirectory(ciphertextDestinationDir);
 				verify(dirIdProvider, Mockito.never()).delete(Mockito.any());
 				verify(cryptoPathMapper, Mockito.never()).invalidatePathMapping(Mockito.any());
@@ -981,7 +984,7 @@ public void copyDirectoryReplaceExisting() throws IOException {
 				inTest.copy(cleartextSource, cleartextDestination, StandardCopyOption.REPLACE_EXISTING);
 
 				verify(readonlyFlag).assertWritable();
-				verify(ciphertextTargetDirFileChannel, Mockito.never()).write(any(ByteBuffer.class));
+				verify(ciphertextTargetDirDirFileFileChannel, Mockito.never()).write(any(ByteBuffer.class));
 				verify(physicalFsProv, Mockito.never()).createDirectory(Mockito.any());
 				verify(dirIdProvider, Mockito.never()).delete(Mockito.any());
 				verify(cryptoPathMapper, Mockito.never()).invalidatePathMapping(Mockito.any());
@@ -1001,8 +1004,9 @@ public void moveDirectoryCopyBasicAttributes() throws IOException {
 				when(srcAttrs.lastModifiedTime()).thenReturn(lastModifiedTime);
 				when(srcAttrs.lastAccessTime()).thenReturn(lastAccessTime);
 				when(srcAttrs.creationTime()).thenReturn(createTime);
-				when(physicalFsProv.readAttributes(Mockito.same(ciphertextSourceDir), Mockito.same(BasicFileAttributes.class), Mockito.any())).thenReturn(srcAttrs);
-				when(physicalFsProv.getFileAttributeView(Mockito.same(ciphertextDestinationDir), Mockito.same(BasicFileAttributeView.class), Mockito.any())).thenReturn(dstAttrView);
+				when(physicalFsProv.readAttributes(Mockito.same(ciphertextSourceDir), Mockito.same(BasicFileAttributes.class), any(LinkOption[].class))).thenReturn(srcAttrs);
+				when(physicalFsProv.getFileAttributeView(Mockito.same(ciphertextDestinationDir), Mockito.same(BasicFileAttributeView.class), any(LinkOption[].class))).thenReturn(dstAttrView);
+				when(physicalFsProv.newFileChannel(Mockito.same(ciphertextDestinationDirFile), Mockito.anySet(), any(FileAttribute[].class))).thenReturn(ciphertextTargetDirDirFileFileChannel);
 
 				inTest.copy(cleartextSource, cleartextDestination, StandardCopyOption.COPY_ATTRIBUTES);
 
@@ -1020,8 +1024,9 @@ public void moveDirectoryCopyFileOwnerAttributes() throws IOException {
 				FileOwnerAttributeView srcAttrsView = mock(FileOwnerAttributeView.class);
 				FileOwnerAttributeView dstAttrView = mock(FileOwnerAttributeView.class);
 				when(srcAttrsView.getOwner()).thenReturn(owner);
-				when(physicalFsProv.getFileAttributeView(Mockito.same(ciphertextSourceDir), Mockito.same(FileOwnerAttributeView.class), Mockito.any())).thenReturn(srcAttrsView);
-				when(physicalFsProv.getFileAttributeView(Mockito.same(ciphertextDestinationDir), Mockito.same(FileOwnerAttributeView.class), Mockito.any())).thenReturn(dstAttrView);
+				when(physicalFsProv.getFileAttributeView(Mockito.same(ciphertextSourceDir), Mockito.same(FileOwnerAttributeView.class), any(LinkOption[].class))).thenReturn(srcAttrsView);
+				when(physicalFsProv.getFileAttributeView(Mockito.same(ciphertextDestinationDir), Mockito.same(FileOwnerAttributeView.class), any(LinkOption[].class))).thenReturn(dstAttrView);
+				when(physicalFsProv.newFileChannel(Mockito.same(ciphertextDestinationDirFile), Mockito.anySet(), any(FileAttribute[].class))).thenReturn(ciphertextTargetDirDirFileFileChannel);
 
 				inTest.copy(cleartextSource, cleartextDestination, StandardCopyOption.COPY_ATTRIBUTES);
 
@@ -1042,8 +1047,9 @@ public void moveDirectoryCopyPosixAttributes() throws IOException {
 				PosixFileAttributeView dstAttrView = mock(PosixFileAttributeView.class);
 				when(srcAttrs.group()).thenReturn(group);
 				when(srcAttrs.permissions()).thenReturn(permissions);
-				when(physicalFsProv.readAttributes(Mockito.same(ciphertextSourceDir), Mockito.same(PosixFileAttributes.class), Mockito.any())).thenReturn(srcAttrs);
-				when(physicalFsProv.getFileAttributeView(Mockito.same(ciphertextDestinationDir), Mockito.same(PosixFileAttributeView.class), Mockito.any())).thenReturn(dstAttrView);
+				when(physicalFsProv.readAttributes(Mockito.same(ciphertextSourceDir), Mockito.same(PosixFileAttributes.class), any(LinkOption[].class))).thenReturn(srcAttrs);
+				when(physicalFsProv.getFileAttributeView(Mockito.same(ciphertextDestinationDir), Mockito.same(PosixFileAttributeView.class), any(LinkOption[].class))).thenReturn(dstAttrView);
+				when(physicalFsProv.newFileChannel(Mockito.same(ciphertextDestinationDirFile), Mockito.anySet(), any(FileAttribute[].class))).thenReturn(ciphertextTargetDirDirFileFileChannel);
 
 				inTest.copy(cleartextSource, cleartextDestination, StandardCopyOption.COPY_ATTRIBUTES);
 
@@ -1064,8 +1070,9 @@ public void moveDirectoryCopyDosAttributes() throws IOException {
 				when(srcAttrs.isHidden()).thenReturn(true);
 				when(srcAttrs.isReadOnly()).thenReturn(true);
 				when(srcAttrs.isSystem()).thenReturn(true);
-				when(physicalFsProv.readAttributes(Mockito.same(ciphertextSourceDir), Mockito.same(DosFileAttributes.class), Mockito.any())).thenReturn(srcAttrs);
-				when(physicalFsProv.getFileAttributeView(Mockito.same(ciphertextDestinationDir), Mockito.same(DosFileAttributeView.class), Mockito.any())).thenReturn(dstAttrView);
+				when(physicalFsProv.readAttributes(Mockito.same(ciphertextSourceDir), Mockito.same(DosFileAttributes.class), any(LinkOption[].class))).thenReturn(srcAttrs);
+				when(physicalFsProv.getFileAttributeView(Mockito.same(ciphertextDestinationDir), Mockito.same(DosFileAttributeView.class), any(LinkOption[].class))).thenReturn(dstAttrView);
+				when(physicalFsProv.newFileChannel(Mockito.same(ciphertextDestinationDirFile), Mockito.anySet(), any(FileAttribute[].class))).thenReturn(ciphertextTargetDirDirFileFileChannel);
 
 				inTest.copy(cleartextSource, cleartextDestination, StandardCopyOption.COPY_ATTRIBUTES);
 
@@ -1091,7 +1098,7 @@ public void moveDirectoryReplaceExistingNonEmpty() throws IOException {
 					inTest.copy(cleartextSource, cleartextDestination, StandardCopyOption.REPLACE_EXISTING);
 				});
 				verify(readonlyFlag).assertWritable();
-				verify(ciphertextTargetDirFileChannel, Mockito.never()).write(any(ByteBuffer.class));
+				verify(ciphertextTargetDirDirFileFileChannel, Mockito.never()).write(any(ByteBuffer.class));
 				verify(physicalFsProv, Mockito.never()).createDirectory(Mockito.any());
 				verify(dirIdProvider, Mockito.never()).delete(Mockito.any());
 				verify(cryptoPathMapper, Mockito.never()).invalidatePathMapping(Mockito.any());
diff --git a/src/test/java/org/cryptomator/cryptofs/CryptoPathMapperTest.java b/src/test/java/org/cryptomator/cryptofs/CryptoPathMapperTest.java
index 76ac28f1..e2da36a8 100644
--- a/src/test/java/org/cryptomator/cryptofs/CryptoPathMapperTest.java
+++ b/src/test/java/org/cryptomator/cryptofs/CryptoPathMapperTest.java
@@ -14,6 +14,7 @@
 import org.cryptomator.cryptolib.api.FileNameCryptor;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 import org.mockito.ArgumentMatchers;
@@ -26,6 +27,8 @@
 import java.nio.file.Path;
 import java.nio.file.attribute.BasicFileAttributes;
 import java.nio.file.spi.FileSystemProvider;
+import java.util.stream.Collectors;
+import java.util.stream.IntStream;
 
 public class CryptoPathMapperTest {
 
@@ -47,7 +50,7 @@ public void setup() {
 		Mockito.when(cryptor.fileNameCryptor()).thenReturn(fileNameCryptor);
 		Mockito.when(pathToVault.resolve("d")).thenReturn(dataRoot);
 		Mockito.when(vaultConfig.getShorteningThreshold()).thenReturn(220);
-		Mockito.when(fileSystem.getPath(ArgumentMatchers.anyString(), ArgumentMatchers.any())).thenAnswer(invocation -> {
+		Mockito.when(fileSystem.getPath(ArgumentMatchers.anyString(), ArgumentMatchers.any(String[].class))).thenAnswer(invocation -> {
 			String first = invocation.getArgument(0);
 			if (invocation.getArguments().length == 1) {
 				return cryptoPathFactory.getPath(fileSystem, first);
@@ -87,7 +90,7 @@ public void testPathEncryptionForFoo() throws IOException {
 		Mockito.when(d00.resolve("00")).thenReturn(d0000);
 		Mockito.when(d0000.resolve("oof.c9r")).thenReturn(d0000oof);
 		Mockito.when(d0000oof.resolve("dir.c9r")).thenReturn(d0000oofdir);
-		Mockito.when(fileNameCryptor.encryptFilename(Mockito.any(),Mockito.eq("foo"), Mockito.any())).thenReturn("oof");
+		Mockito.when(fileNameCryptor.encryptFilename(Mockito.any(), Mockito.eq("foo"), Mockito.any())).thenReturn("oof");
 		Mockito.when(dirIdProvider.load(d0000oofdir)).thenReturn("1");
 		Mockito.when(fileNameCryptor.hashDirectoryId("1")).thenReturn("0001");
 
@@ -133,6 +136,44 @@ public void testPathEncryptionForFooBar() throws IOException {
 		Assertions.assertEquals(d0002, path);
 	}
 
+	@DisplayName("Decrypts a deeply nested filepath")
+	@Test
+	public void testPathEncryptionDEEP() throws IOException {
+		Path d00 = Mockito.mock(Path.class, "d/00/");
+		Mockito.when(dataRoot.resolve("00")).thenReturn(d00);
+		Mockito.when(fileNameCryptor.hashDirectoryId("")).thenReturn("0000");
+
+		int maxNestingDepth = 97;
+
+		for (int depth = 0; depth < maxNestingDepth; depth++) {
+			var dirId = "%02d".formatted(depth);
+			var nextDirId = "%02d".formatted(depth + 1);
+			String pathPrefix = "d/00/" + dirId;
+			Path contentDir = Mockito.mock(Path.class, pathPrefix);
+			Path dirLinkDir = Mockito.mock(Path.class, pathPrefix + "/cipherDir" + dirId + ".c9r");
+			Path dirLinkFile = Mockito.mock(Path.class, pathPrefix + "/cipherDir" + dirId + ".c9r/dir.c9r");
+			Mockito.when(d00.resolve(dirId)).thenReturn(contentDir);
+			Mockito.when(contentDir.resolve("cipherDir" + dirId + ".c9r")).thenReturn(dirLinkDir);
+			Mockito.when(dirLinkDir.resolve("dir.c9r")).thenReturn(dirLinkFile);
+			Mockito.when(fileNameCryptor.encryptFilename(Mockito.any(), Mockito.eq(dirId), Mockito.any())).thenReturn("cipherDir" + dirId);
+			Mockito.when(dirIdProvider.load(dirLinkFile)).thenReturn(nextDirId);
+			Mockito.when(fileNameCryptor.hashDirectoryId(nextDirId)).thenReturn("%04d".formatted(depth + 1));
+		}
+
+		var finalDirId = "%02d".formatted(maxNestingDepth);
+		Path finalContentDir = Mockito.mock(Path.class, "d/00/" + finalDirId);
+		Path finalEncryptedFile = Mockito.mock(Path.class, "d/00/" + finalDirId + "/file.c9r");
+		Mockito.when(d00.resolve(finalDirId)).thenReturn(finalContentDir);
+		Mockito.when(finalContentDir.resolve("file.c9r")).thenReturn(finalEncryptedFile);
+		Mockito.when(fileNameCryptor.encryptFilename(Mockito.any(), Mockito.eq("cleartextFile"), Mockito.any())).thenReturn("file");
+
+		var testPath = "/" + IntStream.range(0, maxNestingDepth).mapToObj("%02d"::formatted).collect(Collectors.joining("/")) + "/cleartextFile";
+
+		CryptoPathMapper mapper = new CryptoPathMapper(pathToVault, cryptor, dirIdProvider, longFileNameProvider, vaultConfig);
+		Path path = mapper.getCiphertextFilePath(fileSystem.getPath(testPath)).getRawPath();
+		Assertions.assertEquals(finalEncryptedFile, path);
+	}
+
 	@Test
 	public void testPathEncryptionForFooBarBaz() throws IOException {
 		Path d00 = Mockito.mock(Path.class, "d/00/");
@@ -207,7 +248,7 @@ public void setup() throws IOException {
 			Mockito.when(dirFilePath.getFileSystem()).thenReturn(underlyingFileSystem);
 			Mockito.when(symlinkFilePath.getFileSystem()).thenReturn(underlyingFileSystem);
 			Mockito.when(contentsFilePath.getFileSystem()).thenReturn(underlyingFileSystem);
-			
+
 		}
 
 
diff --git a/src/test/java/org/cryptomator/cryptofs/SymlinksTest.java b/src/test/java/org/cryptomator/cryptofs/SymlinksTest.java
index 0fa01436..5169dc64 100644
--- a/src/test/java/org/cryptomator/cryptofs/SymlinksTest.java
+++ b/src/test/java/org/cryptomator/cryptofs/SymlinksTest.java
@@ -17,6 +17,7 @@
 import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
 import java.nio.file.attribute.BasicFileAttributes;
+import java.nio.file.attribute.FileAttribute;
 import java.nio.file.spi.FileSystemProvider;
 
 public class SymlinksTest {
@@ -69,7 +70,7 @@ public void testCreateSymbolicLink() throws IOException {
 		inTest.createSymbolicLink(cleartextPath, target);
 
 		ArgumentCaptor<ByteBuffer> bytesWritten = ArgumentCaptor.forClass(ByteBuffer.class);
-		Mockito.verify(underlyingFsProvider).createDirectory(Mockito.eq(ciphertextPath), Mockito.any());
+		Mockito.verify(underlyingFsProvider).createDirectory(Mockito.eq(ciphertextPath), Mockito.any(FileAttribute[].class));
 		Mockito.verify(openCryptoFiles).writeCiphertextFile(Mockito.eq(symlinkFilePath), Mockito.any(), bytesWritten.capture());
 		Assertions.assertEquals("/symlink/target/path", StandardCharsets.UTF_8.decode(bytesWritten.getValue()).toString());
 	}
diff --git a/src/test/java/org/cryptomator/cryptofs/attr/AttributeProviderTest.java b/src/test/java/org/cryptomator/cryptofs/attr/AttributeProviderTest.java
index 85dd5916..d123f3df 100644
--- a/src/test/java/org/cryptomator/cryptofs/attr/AttributeProviderTest.java
+++ b/src/test/java/org/cryptomator/cryptofs/attr/AttributeProviderTest.java
@@ -62,9 +62,9 @@ public void setup() throws IOException {
 		ciphertextBasicAttr = Mockito.mock(BasicFileAttributes.class);
 		ciphertextPosixAttr = Mockito.mock(PosixFileAttributes.class);
 		ciphertextDosAttr = Mockito.mock(DosFileAttributes.class);
-		Mockito.when(provider.readAttributes(Mockito.same(ciphertextRawPath), Mockito.same(BasicFileAttributes.class), any())).thenReturn(ciphertextBasicAttr);
-		Mockito.when(provider.readAttributes(Mockito.same(ciphertextRawPath), Mockito.same(PosixFileAttributes.class), any())).thenReturn(ciphertextPosixAttr);
-		Mockito.when(provider.readAttributes(Mockito.same(ciphertextRawPath), Mockito.same(DosFileAttributes.class), any())).thenReturn(ciphertextDosAttr);
+		Mockito.when(provider.readAttributes(Mockito.same(ciphertextRawPath), Mockito.same(BasicFileAttributes.class), any(LinkOption[].class))).thenReturn(ciphertextBasicAttr);
+		Mockito.when(provider.readAttributes(Mockito.same(ciphertextRawPath), Mockito.same(PosixFileAttributes.class), any(LinkOption[].class))).thenReturn(ciphertextPosixAttr);
+		Mockito.when(provider.readAttributes(Mockito.same(ciphertextRawPath), Mockito.same(DosFileAttributes.class), any(LinkOption[].class))).thenReturn(ciphertextDosAttr);
 
 		Mockito.when(pathMapper.getCiphertextFileType(cleartextPath)).thenReturn(CiphertextFileType.FILE);
 		Mockito.when(pathMapper.getCiphertextFilePath(cleartextPath)).thenReturn(ciphertextPath);