diff --git a/core/src/main/java/com/google/zxing/aztec/encoder/HighLevelEncoder.java b/core/src/main/java/com/google/zxing/aztec/encoder/HighLevelEncoder.java
index 903d02ea8..8d8d2fc24 100644
--- a/core/src/main/java/com/google/zxing/aztec/encoder/HighLevelEncoder.java
+++ b/core/src/main/java/com/google/zxing/aztec/encoder/HighLevelEncoder.java
@@ -171,7 +171,7 @@ public final class HighLevelEncoder {
     if (charset != null) {
       CharacterSetECI eci = CharacterSetECI.getCharacterSetECI(charset);
       if (null == eci) {
-        throw new IllegalArgumentException("No ECI code for character set " + charset.toString());
+        throw new IllegalArgumentException("No ECI code for character set " + charset);
       }
       initialState = initialState.appendFLGn(eci.getValue());
     }
diff --git a/core/src/main/java/com/google/zxing/datamatrix/decoder/DecodedBitStreamParser.java b/core/src/main/java/com/google/zxing/datamatrix/decoder/DecodedBitStreamParser.java
index 01a14e78b..a805a72ae 100644
--- a/core/src/main/java/com/google/zxing/datamatrix/decoder/DecodedBitStreamParser.java
+++ b/core/src/main/java/com/google/zxing/datamatrix/decoder/DecodedBitStreamParser.java
@@ -90,9 +90,9 @@ final class DecodedBitStreamParser {
     StringBuilder result = new StringBuilder(100);
     StringBuilder resultTrailer = new StringBuilder(0);
     List<byte[]> byteSegments = new ArrayList<>(1);
-    int symbologyModifier = 0;
     Mode mode = Mode.ASCII_ENCODE;
-    Set<Integer> fnc1Positions = new HashSet<Integer>(); // Would be replaceable by looking directly at 'bytes', if we're sure to not having to account for multi byte values.
+    Set<Integer> fnc1Positions = new HashSet<>(); // Would be replaceable by looking directly at 'bytes', if we're sure to not having to account for multi byte values.
+    int symbologyModifier;
     boolean isECIencoded = false;
     do {
       if (mode == Mode.ASCII_ENCODE) {
diff --git a/core/src/main/java/com/google/zxing/qrcode/decoder/DecodedBitStreamParser.java b/core/src/main/java/com/google/zxing/qrcode/decoder/DecodedBitStreamParser.java
index ff11e81a4..bba9e4494 100644
--- a/core/src/main/java/com/google/zxing/qrcode/decoder/DecodedBitStreamParser.java
+++ b/core/src/main/java/com/google/zxing/qrcode/decoder/DecodedBitStreamParser.java
@@ -58,7 +58,7 @@ final class DecodedBitStreamParser {
     List<byte[]> byteSegments = new ArrayList<>(1);
     int symbolSequence = -1;
     int parityData = -1;
-    int symbologyModifier = 1;
+    int symbologyModifier;
 
     try {
       CharacterSetECI currentCharacterSetECI = null;
diff --git a/pom.xml b/pom.xml
index 2fc99c7c4..959f14917 100644
--- a/pom.xml
+++ b/pom.xml
@@ -66,7 +66,7 @@
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
     <java.version>1.8</java.version>
     <android.home>${env.ANDROID_HOME}</android.home>
-    <proguard.version>7.0.1</proguard.version>
+    <proguard.version>7.1.0-beta4</proguard.version>
     <proguard.plugin.version>2.3.1</proguard.plugin.version>
     <!-- This can't reference project.version as some subprojects version differently -->
     <zxing.version>3.4.2-SNAPSHOT</zxing.version>
@@ -252,7 +252,7 @@
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-release-plugin</artifactId>
-          <version>3.0.0-M1</version>
+          <version>3.0.0-M4</version>
           <configuration>
             <mavenExecutorId>forked-path</mavenExecutorId>
             <tagNameFormat>zxing-@{project.version}</tagNameFormat>
@@ -278,12 +278,12 @@
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-project-info-reports-plugin</artifactId>
-          <version>3.1.1</version>
+          <version>3.1.2</version>
         </plugin>
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-gpg-plugin</artifactId>
-          <version>1.6</version>
+          <version>3.0.1</version>
           <executions>
             <execution>
               <id>sign-artifacts</id>
@@ -442,7 +442,7 @@
             <dependency>
               <groupId>com.puppycrawl.tools</groupId>
               <artifactId>checkstyle</artifactId>
-              <version>8.41.1</version>
+              <version>8.42</version>
             </dependency>
           </dependencies>
         </plugin>
@@ -509,7 +509,7 @@
         <plugin>
           <groupId>org.jacoco</groupId>
           <artifactId>jacoco-maven-plugin</artifactId>
-          <version>0.8.6</version>
+          <version>0.8.7</version>
           <executions>
             <execution>
               <goals>
@@ -672,17 +672,6 @@
     <tag>HEAD</tag>
   </scm>
 
-  <pluginRepositories>
-    <pluginRepository>
-      <snapshots>
-        <enabled>false</enabled>
-      </snapshots>
-      <id>bintray-guardsquare-proguard</id>
-      <name>bintray</name>
-      <url>https://dl.bintray.com/guardsquare/proguard</url>
-    </pluginRepository>
-  </pluginRepositories>
-
   <distributionManagement>
     <repository>
       <id>sonatype-nexus-staging</id>
diff --git a/src/checkstyle/checkstyle.xml b/src/checkstyle/checkstyle.xml
index 28be2e705..a89615b99 100644
--- a/src/checkstyle/checkstyle.xml
+++ b/src/checkstyle/checkstyle.xml
@@ -126,7 +126,7 @@
     <module name="WhitespaceAround">
       <property name="allowEmptyConstructors" value="true"/>
     </module>
-    <module name="UnnecessaryParentheses"/>
+    <!-- <module name="UnnecessaryParentheses"/> -->
 
 
     <!-- Modifier Checks                                    -->
diff --git a/zxingorg/pom.xml b/zxingorg/pom.xml
index 4fc513538..37506403a 100644
--- a/zxingorg/pom.xml
+++ b/zxingorg/pom.xml
@@ -73,7 +73,7 @@
   </parent>
 
   <properties>
-    <spring.version>5.3.5</spring.version>
+    <spring.version>5.3.7</spring.version>
   </properties>
 
   <build>
diff --git a/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java b/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java
index b588030fb..45b23b8f1 100644
--- a/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java
+++ b/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java
@@ -170,7 +170,7 @@ public final class DecodeServlet extends HttpServlet {
       for (CharSequence substring : blockedURLSubstrings) {
         if (imageURIString.contains(substring)) {
           log.info("Disallowed URI " + imageURIString);
-          errorResponse(request, response, "badurl");
+          errorResponse(request, response, HttpServletResponse.SC_FORBIDDEN, "badurl");
           return;
         }
       }
@@ -217,7 +217,7 @@ public final class DecodeServlet extends HttpServlet {
     if (host == null || host.startsWith("10.") || host.startsWith("192.168.") ||
         "127.0.0.1".equals(host) || "localhost".equals(host) ||
         destHostTracker.isBanned(host)) {
-      errorResponse(request, response, "badurl");
+      errorResponse(request, response, HttpServletResponse.SC_FORBIDDEN, "badurl");
       return;
     }
 
@@ -272,16 +272,22 @@ public final class DecodeServlet extends HttpServlet {
         errorResponse(request, response, "badurl");
         return;
       }
-      if (connection.getHeaderFieldInt(HttpHeaders.CONTENT_LENGTH, 0) > MAX_IMAGE_SIZE) {
+      int contentLength = connection.getHeaderFieldInt(HttpHeaders.CONTENT_LENGTH, -1);
+      if (contentLength <= 0) {
+        log.info("Bad content length: " + imageURIString);
+        errorResponse(request, response, HttpServletResponse.SC_LENGTH_REQUIRED, "badimage");
+        return;
+      }
+      if (contentLength > MAX_IMAGE_SIZE) {
         log.info("Too large: " + imageURIString);
-        errorResponse(request, response, "badimage");
+        errorResponse(request, response, HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE, "badimage");
         return;
       }
       // Assume we'll only handle image/* content types
       String contentType = connection.getContentType();
       if (contentType != null && !contentType.startsWith("image/")) {
         log.info("Wrong content type " + contentType + ": " + imageURIString);
-        errorResponse(request, response, "badimage");
+        errorResponse(request, response, HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, "badimage");
         return;
       }
 
@@ -346,10 +352,14 @@ public final class DecodeServlet extends HttpServlet {
     try {
       int height = image.getHeight();
       int width = image.getWidth();
-      if (height <= 1 || width <= 1 || height * width > MAX_PIXELS) {
-        log.info("Dimensions out of bounds: " + width + 'x' + height);
+      if (height <= 1 || width <= 1) {
+        log.info("Dimensions too small: " + width + 'x' + height);
         errorResponse(request, response, "badimage");
         return;
+      } else if (height * width > MAX_PIXELS) {
+        log.info("Dimensions too large: " + width + 'x' + height);
+        errorResponse(request, response, HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE, "badimage");
+        return;
       }
 
       processImage(image, request, response);
@@ -451,9 +461,15 @@ public final class DecodeServlet extends HttpServlet {
       request.getRequestDispatcher("decoderesult.jspx").forward(request, response);
     }
   }
+  private static void errorResponse(HttpServletRequest request,
+                                    HttpServletResponse response,
+                                    String key) throws ServletException, IOException {
+    errorResponse(request, response, HttpServletResponse.SC_BAD_REQUEST, key);
+  }
 
   private static void errorResponse(HttpServletRequest request,
                                     HttpServletResponse response,
+                                    int httpStatus,
                                     String key) throws ServletException, IOException {
     Locale locale = request.getLocale();
     if (locale == null) {
@@ -468,7 +484,7 @@ public final class DecodeServlet extends HttpServlet {
     if (dispatcher == null) {
       log.warning("Can't obtain RequestDispatcher");
     } else {
-      response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+      response.setStatus(httpStatus);
       dispatcher.forward(request, response);
     }
   }
diff --git a/zxingorg/src/main/java/com/google/zxing/web/DoSTracker.java b/zxingorg/src/main/java/com/google/zxing/web/DoSTracker.java
index 6777a16a8..ab38a5777 100644
--- a/zxingorg/src/main/java/com/google/zxing/web/DoSTracker.java
+++ b/zxingorg/src/main/java/com/google/zxing/web/DoSTracker.java
@@ -47,8 +47,8 @@ final class DoSTracker {
    *                exceeds this value, and upwards when below this value
    */
   DoSTracker(Timer timer,
-             final String name,
-             final int maxAccessesPerTime,
+             String name,
+             int maxAccessesPerTime,
              long accessTimeMS,
              int maxEntries,
              Double maxLoad) {
@@ -104,8 +104,6 @@ final class DoSTracker {
             maxAllowedCount = Math.max(maxAllowedCount, count);
             clearedEntries++;
           } else {
-            // Else it exceeded the max, so log it (again)
-            log.warning(name + ": Blocking " + entry.getKey() + " (" + count + " outstanding)");
             // Reduce count of accesses held against the host
             atomicCount.getAndAdd(-localMAPT);
             minDisallowedCount = Math.min(minDisallowedCount, count);