diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index e51e7a8..8f4c5b9 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -5,44 +5,33 @@ on:
   push:
     branches:
       - master
+      - '*'
 
 jobs:
   phpstan:
     name: PHPStan
     runs-on: ubuntu-latest
-
     steps:
-      - uses: actions/checkout@v2
-
-      - uses: php-actions/composer@v5
-
+      - uses: actions/checkout@v4
+      - uses: php-actions/composer@v6
       - name: PHPStan
         uses: chindit/actions-phpstan@master
         with:
-          # Arguments to add to PHPStan
           arguments: 'src/'
 
   phpunit:
     name: PHPUnit
     runs-on: ubuntu-latest
-
     strategy:
       matrix:
-        php-version:
-          - 7.1
-          - 7.2
-          - 7.3
-          - 7.4
-          - 8.0
-        dependencies:
-          - highest
+        php-version: [7.1, 7.2, 7.3, 7.4, 8.0]
+        dependencies: [highest]
         include:
           - php-version: 7.1
             dependencies: lowest
-
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install PHP
         uses: shivammathur/setup-php@v2
@@ -52,65 +41,33 @@ jobs:
           ini-values: zend.assertions=1
 
       - name: Install dependencies with Composer
-        uses: ramsey/composer-install@v1
+        uses: ramsey/composer-install@v2
         with:
           dependency-versions: ${{ matrix.dependencies }}
 
-      - name: Install Codeclimate binary
-        run: |
-          curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > cc-test-reporter
-          chmod +x ./cc-test-reporter
-
-      - name: Run Codeclimate before-build
-        run: ./cc-test-reporter before-build
-
       - name: Run PHPUnit
         run: vendor/bin/phpunit --coverage-clover=clover.xml
 
-      - name: Upload coverage file artifact
-        uses: actions/upload-artifact@v2
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v4
         with:
-          name: ${{ matrix.php-version }}-${{ matrix.dependencies }}
-          path: clover.xml
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./clover.xml
+          fail_ci_if_error: false
 
-      - name: Run Codeclimate format-coverage
-        run: ./cc-test-reporter format-coverage -o codeclimate.json
-
-      - name: Upload coverage file artifact
+      - name: Upload clover artifact
         uses: actions/upload-artifact@v4
         with:
-          name: ${{ matrix.php-version }}-${{ matrix.dependencies }}
-          path: codeclimate.json
-
-
-  codeclimate-upload:
-    name: Upload coverage to Codeclimate
-    runs-on: ubuntu-latest
-    needs:
-      - phpunit
-    env:
-      CC_TEST_REPORTER_ID: e33b74ed1f59947df361652193b6575db0afc663dcbc73af89a0cf16f2443d24
-    steps:
-      - name: Download coverage files
-        uses: actions/download-artifact@v2
-        with:
-          path: coverage
-      - name: Install Codeclimate binary
-        run: |
-          curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > cc-test-reporter
-          chmod +x ./cc-test-reporter
-      - run: ./cc-test-reporter sum-coverage coverage/*/codeclimate.json
-      - run: ./cc-test-reporter upload-coverage
-
+          name: clover-${{ matrix.php-version }}-${{ matrix.dependencies }}
+          path: clover.xml
 
   coveralls-upload:
     name: Upload coverage to Coveralls
     runs-on: ubuntu-latest
-    needs:
-      - phpunit
+    needs: phpunit
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install PHP
         uses: shivammathur/setup-php@v2
@@ -118,8 +75,8 @@ jobs:
           php-version: 7.4
           coverage: none
 
-      - name: Download coverage files
-        uses: actions/download-artifact@v2
+      - name: Download all artifacts
+        uses: actions/download-artifact@v4
         with:
           path: build/logs
 
@@ -129,4 +86,4 @@ jobs:
       - name: Upload coverage results to Coveralls
         env:
           COVERALLS_REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: php-coveralls --coverage_clover=build/logs/*/clover.xml -v
+        run: php-coveralls --coverage_clover="build/logs/clover-*/clover.xml" -v
diff --git a/src/Memo/FoxproMemo.php b/src/Memo/FoxproMemo.php
index 1c97ff7..b3597c2 100644
--- a/src/Memo/FoxproMemo.php
+++ b/src/Memo/FoxproMemo.php
@@ -51,6 +51,12 @@ public function get(int $pointer): ?MemoObject
         $info = unpack('N', $this->fp->read(self::BLOCK_TYPE_LENGTH)); //todo figure out type-enums
 
         $memoLength = unpack('N', $this->fp->read(self::BLOCK_LENGTH_LENGTH));
+        
+        // Safety check: prevent reading corrupted/huge memo fields (max 100MB)
+        if ($memoLength[1] > 104857600) {
+            throw new \Exception("Corrupted FPT file: memo field size {$memoLength[1]} bytes exceeds 100MB limit");
+        }
+        
         $result = $this->fp->read($memoLength[1]);
 
         $info = $this->guessDataType($result);