diff --git a/dd-java-agent/appsec/build.gradle b/dd-java-agent/appsec/build.gradle
index 479add282d8..bcc36fe36d1 100644
--- a/dd-java-agent/appsec/build.gradle
+++ b/dd-java-agent/appsec/build.gradle
@@ -15,7 +15,7 @@ dependencies {
   implementation project(':internal-api')
   implementation project(':communication')
   implementation project(':telemetry')
-  implementation group: 'io.sqreen', name: 'libsqreen', version: '9.1.1'
+  implementation group: 'io.sqreen', name: 'libsqreen', version: '10.0.0'
   implementation group: 'com.squareup.moshi', name: 'moshi', version: versions.moshi
 
   testImplementation deps.bytebuddy
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFModule.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFModule.java
index a11b99eb03e..1c87f5db8bc 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFModule.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFModule.java
@@ -101,10 +101,6 @@ private CtxAndAddresses(
       this.ctx = ctx;
       this.actionInfoMap = actionInfoMap;
     }
-
-    CtxAndAddresses withNewActions(Map<String, ActionInfo> actionInfoMap) {
-      return new CtxAndAddresses(this.addressesOfInterest, this.ctx, actionInfoMap);
-    }
   }
 
   static {
@@ -195,21 +191,8 @@ private void applyConfig(Object config_, AppSecModuleConfigurer.Reconfiguration
     }
 
     try {
-      if (config.dirtyStatus.isDirtyForDdwafUpdate()) {
-        // ddwaf_init/update
-        initializeNewWafCtx(reconf, config, curCtxAndAddresses);
-      } else if (config.dirtyStatus.isDirtyForActions()) {
-        // only internal actions change
-        // if we're here curCtxAndAddresses is not null
-        Map<String, ActionInfo> actionInfoMap =
-            calculateEffectiveActions(curCtxAndAddresses, config.getMergedUpdateConfig());
-        CtxAndAddresses newCtxAndAddresses = curCtxAndAddresses.withNewActions(actionInfoMap);
-        boolean success =
-            this.ctxAndAddresses.compareAndSet(curCtxAndAddresses, newCtxAndAddresses);
-        if (!success) {
-          throw new AppSecModuleActivationException("Concurrent update of WAF configuration");
-        }
-      }
+      // ddwaf_init/update
+      initializeNewWafCtx(reconf, config, curCtxAndAddresses);
     } catch (Exception e) {
       throw new AppSecModuleActivationException("Could not initialize/update waf", e);
     }
@@ -433,14 +416,13 @@ public void onDataAvailable(
           log.warn("WAF signalled result {}: {}", resultWithData.result, resultWithData.data);
         }
 
-        for (String action : resultWithData.actions) {
-          ActionInfo actionInfo = ctxAndAddr.actionInfoMap.get(action);
-          if (actionInfo == null) {
-            log.warn(
-                "WAF indicated action {}, but such action id is unknown (not one from {})",
-                action,
-                ctxAndAddr.actionInfoMap.keySet());
-          } else if ("block_request".equals(actionInfo.type)) {
+        for (Map.Entry<String, Map<String, Object>> action : resultWithData.actions.entrySet()) {
+          String actionType = action.getKey();
+          Map<String, Object> actionParams = action.getValue();
+
+          ActionInfo actionInfo = new ActionInfo(actionType, actionParams);
+
+          if ("block_request".equals(actionInfo.type)) {
             Flow.Action.RequestBlockingAction rba = createBlockRequestAction(actionInfo);
             flow.setAction(rba);
             break;
@@ -467,8 +449,15 @@ public void onDataAvailable(
 
     private Flow.Action.RequestBlockingAction createBlockRequestAction(ActionInfo actionInfo) {
       try {
-        int statusCode =
-            ((Number) actionInfo.parameters.getOrDefault("status_code", 403)).intValue();
+        int statusCode;
+        Object statusCodeObj = actionInfo.parameters.get("status_code");
+        if (statusCodeObj instanceof Number) {
+          statusCode = ((Number) statusCodeObj).intValue();
+        } else if (statusCodeObj instanceof String) {
+          statusCode = Integer.parseInt((String) statusCodeObj);
+        } else {
+          statusCode = 403;
+        }
         String contentType = (String) actionInfo.parameters.getOrDefault("type", "auto");
         BlockingContentType blockingContentType = BlockingContentType.AUTO;
         try {
@@ -485,8 +474,15 @@ private Flow.Action.RequestBlockingAction createBlockRequestAction(ActionInfo ac
 
     private Flow.Action.RequestBlockingAction createRedirectRequestAction(ActionInfo actionInfo) {
       try {
-        int statusCode =
-            ((Number) actionInfo.parameters.getOrDefault("status_code", 303)).intValue();
+        int statusCode;
+        Object statusCodeObj = actionInfo.parameters.get("status_code");
+        if (statusCodeObj instanceof Number) {
+          statusCode = ((Number) statusCodeObj).intValue();
+        } else if (statusCodeObj instanceof String) {
+          statusCode = Integer.parseInt((String) statusCodeObj);
+        } else {
+          statusCode = 303;
+        }
         if (statusCode < 300 || statusCode > 399) {
           statusCode = 303;
         }
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/powerwaf/PowerWAFModuleSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/powerwaf/PowerWAFModuleSpecification.groovy
index 306e3196fd1..fc161faa7dd 100644
--- a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/powerwaf/PowerWAFModuleSpecification.groovy
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/powerwaf/PowerWAFModuleSpecification.groovy
@@ -545,7 +545,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
     }
 
     then:
-    1 * reconf.reloadSubscriptions()
+    2 * reconf.reloadSubscriptions()
 
     when:
     dataListener.onDataAvailable(flow, ctx, ATTACK_BUNDLE, false)