diff --git a/.github/workflows/Semgrep.yml b/.github/workflows/Semgrep.yml
index 0347afd..6b1e0ac 100644
--- a/.github/workflows/Semgrep.yml
+++ b/.github/workflows/Semgrep.yml
@@ -27,7 +27,8 @@ jobs:
 
     container:
       # A Docker image with Semgrep installed. Do not change this.
-      image: returntocorp/semgrep
+      # Pinned by digest (LOC-6730 / INF-002) — tag-mutation is a supply-chain vector.
+      image: returntocorp/semgrep@sha256:9349edbadf90c3f3c0c3f55867625354e89680e6fa10d9034042af52fdb0e0d0
 
     # Skip any PR created by dependabot to avoid permission issues:
     if: (github.actor != 'dependabot[bot]')
diff --git a/README.md b/README.md
index fd71907..ea0369d 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ Add this dependency to your project's POM:
 <dependency>
     <groupId>com.browserstack</groupId>
     <artifactId>browserstack-local-java</artifactId>
-    <version>1.1.6</version>
+    <version>1.1.9</version>
 </dependency>
 ```
 
diff --git a/pom.xml b/pom.xml
index e91c84f..25a77c2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <groupId>com.browserstack</groupId>
     <artifactId>browserstack-local-java</artifactId>
     <packaging>jar</packaging>
-    <version>1.1.8</version>
+    <version>1.1.9</version>
 
     <name>browserstack-local-java</name>
     <description>Java bindings for BrowserStack Local</description>
diff --git a/src/main/java/com/browserstack/local/Local.java b/src/main/java/com/browserstack/local/Local.java
index e02bae1..d51c9b7 100644
--- a/src/main/java/com/browserstack/local/Local.java
+++ b/src/main/java/com/browserstack/local/Local.java
@@ -23,7 +23,7 @@ public class Local {
     private LocalProcess proc = null;
 
     // Current version of binding package, used for --source option of binary
-    private static final String packageVersion = "1.1.8";
+    private static final String packageVersion = "1.1.9";
     private final Map<String, String> parameters;
     private final Map<String, String> avoidValueParameters;
 
@@ -159,7 +159,7 @@ private void makeCommand(Map<String, String> options, String opCode) {
             if (IGNORE_KEYS.contains(parameter)) {
                 continue;
             }
-            if (avoidValueParameters.get(parameter) != null && opt.getValue().trim().toLowerCase() != "false") {
+            if (avoidValueParameters.get(parameter) != null && !"false".equals(opt.getValue().trim().toLowerCase())) {
                 command.add(avoidValueParameters.get(parameter));
             } else {
                 if (parameters.get(parameter) != null) {
diff --git a/src/main/java/com/browserstack/local/LocalBinary.java b/src/main/java/com/browserstack/local/LocalBinary.java
index b7abd79..0d387a0 100644
--- a/src/main/java/com/browserstack/local/LocalBinary.java
+++ b/src/main/java/com/browserstack/local/LocalBinary.java
@@ -214,7 +214,7 @@ private void fetchSourceUrl() throws LocalException {
           inputParams.put("auth_token", this.key);
           if (fallbackEnabled) {
               connection.setRequestProperty("X-Local-Fallback-Cloudflare", "true");
-              inputParams.put("error_message", downloadFailureThrowable.getMessage());
+              inputParams.put("error_message", downloadFailureThrowable.getClass().getName());
           }
           String jsonInputParams = inputParams.toString();