diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 1524706..95d604c 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -16,7 +16,7 @@ env:
   WEB_APP_ADDRESS: https://app.code-intelligence.com
   # Directory in which the repository will be cloned.
   CHECKOUT_DIR: checkout-dir/
-  CIFUZZ_DOWNLOAD_URL: "https://github.com/CodeIntelligenceTesting/cifuzz/releases/latest/download/cifuzz_installer_linux_amd64"
+  CIFUZZ_DOWNLOAD_URL: "https://github.com/CodeIntelligenceTesting/cifuzz/releases/download/v2.18.0/cifuzz_installer_linux_amd64"
   CIFUZZ_INSTALL_DIR: ./cifuzz
   FUZZING_ARTIFACT: fuzzing-artifact.tar.gz
 jobs:
@@ -42,7 +42,7 @@ jobs:
           cd $CHECKOUT_DIR/
           $GITHUB_WORKSPACE/$CIFUZZ_INSTALL_DIR/bin/cifuzz bundle \
             --commit $GITHUB_SHA \
-            --branch $GITHUB_REF_NAME \
+            --branch $GITHUB_HEAD_REF \
             --output $GITHUB_WORKSPACE/$CHECKOUT_DIR/$FUZZING_ARTIFACT
         shell: "bash"
       - id: start-fuzzing
diff --git a/cifuzz.yaml b/cifuzz.yaml
index 8b17a35..efa84ae 100644
--- a/cifuzz.yaml
+++ b/cifuzz.yaml
@@ -24,6 +24,7 @@
 ## See https://llvm.org/docs/LibFuzzer.html#options
 engine-args:
   - --instrumentation_includes=com.example.**
+  - -rss_limit_mb=8192
 
 ## Maximum time to run fuzz tests. The default is to run indefinitely.
 #timeout: 30m
diff --git a/src/main/java/com/example/app/controller/GreetEndpointController.java b/src/main/java/com/example/app/controller/GreetEndpointController.java
index b37c1bf..1d87721 100644
--- a/src/main/java/com/example/app/controller/GreetEndpointController.java
+++ b/src/main/java/com/example/app/controller/GreetEndpointController.java
@@ -6,6 +6,7 @@
 import org.springframework.web.bind.annotation.RestController;
 
 import java.sql.Connection;
+import java.sql.PreparedStatement;
 import java.sql.SQLException;
 
 @RestController
@@ -16,11 +17,13 @@ public String greet(@RequestParam(required = false, defaultValue = "World") Stri
             try {
                 Connection conn = getDBConnection();
                 if (conn != null) {
-                    String query = String.format("INSERT INTO users (name) VALUES ('%s')", name);
-                    conn.createStatement().execute(query);
+                    PreparedStatement stmt = conn.prepareStatement("INSERT INTO users (name) VALUES (?)");
+                    stmt.setString(1, name);
+                    stmt.executeUpdate();
                     conn.close();
                 }
-            } catch (SQLException ignored) {}
+            } catch (SQLException ignored) {
+            }
         }
 
         return "Greetings " + name + "!";