diff --git a/pom.xml b/pom.xml
index dd7111e..98bf9ec 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
     <groupId>ee.ria.tara</groupId>
     <artifactId>tara-server</artifactId>
     <packaging>war</packaging>
-    <version>1.4.7</version>
+    <version>1.4.8</version>
 
     <properties>
         <cas.version>5.3.9</cas.version>
@@ -138,7 +138,7 @@
             <dependency>
                 <groupId>com.fasterxml.jackson.core</groupId>
                 <artifactId>jackson-databind</artifactId>
-                <version>2.9.8</version>
+                <version>2.9.9</version>
             </dependency>
 
             <dependency>
diff --git a/src/main/java/ee/ria/sso/oidc/OidcAuthorizeRequestValidationServletFilter.java b/src/main/java/ee/ria/sso/oidc/OidcAuthorizeRequestValidationServletFilter.java
index 43528d8..e3464c5 100644
--- a/src/main/java/ee/ria/sso/oidc/OidcAuthorizeRequestValidationServletFilter.java
+++ b/src/main/java/ee/ria/sso/oidc/OidcAuthorizeRequestValidationServletFilter.java
@@ -14,13 +14,14 @@
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.URLEncoder;
-import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import java.util.Objects;
 import java.util.stream.Collectors;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 @Slf4j
 @AllArgsConstructor
 public class OidcAuthorizeRequestValidationServletFilter implements Filter {
@@ -62,11 +63,11 @@ private String getRedirectUrlToRelyingParty(HttpServletRequest request, OidcAuth
             StringBuilder sb = new StringBuilder();
             sb.append(redirectUri);
             sb.append(redirectUri.contains("?") ? "&" : "?");
-            sb.append(String.format("error=%s", URLEncoder.encode(e.getErrorCode(), StandardCharsets.UTF_8.name())));
-            sb.append(String.format("&error_description=%s", URLEncoder.encode(e.getErrorDescription(), StandardCharsets.UTF_8.name())));
+            sb.append(String.format("error=%s", URLEncoder.encode(e.getErrorCode(), UTF_8.name())));
+            sb.append(String.format("&error_description=%s", URLEncoder.encode(e.getErrorDescription(), UTF_8.name())));
             String state = request.getParameter(OidcAuthorizeRequestParameter.STATE.getParameterKey());
             if (StringUtils.isNotBlank(state)) {
-                sb.append(String.format("&state=%s", state));
+                sb.append(String.format("&state=%s", URLEncoder.encode(state, UTF_8.name())));
             }
 
             return sb.toString();
diff --git a/src/main/webapp/WEB-INF/classes/templates/fragments/head.html b/src/main/webapp/WEB-INF/classes/templates/fragments/head.html
index 9416f9d..b018185 100644
--- a/src/main/webapp/WEB-INF/classes/templates/fragments/head.html
+++ b/src/main/webapp/WEB-INF/classes/templates/fragments/head.html
@@ -1,7 +1,7 @@
 <head xmlns:th="http://www.w3.org/1999/xhtml">
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <link rel="icon" th:href="@{/favicon.ico}" type="image/x-icon"/>
+    <link rel="icon" href="/favicon.ico" type="image/x-icon"/>
     <link rel="stylesheet" href="/styles/main.css">
     <title th:text="#{label.page.title}"></title>
 </head>
diff --git a/src/test/java/ee/ria/sso/oidc/OidcAuthorizeRequestValidationServletFilterTest.java b/src/test/java/ee/ria/sso/oidc/OidcAuthorizeRequestValidationServletFilterTest.java
index ebd99f5..84c96bd 100644
--- a/src/test/java/ee/ria/sso/oidc/OidcAuthorizeRequestValidationServletFilterTest.java
+++ b/src/test/java/ee/ria/sso/oidc/OidcAuthorizeRequestValidationServletFilterTest.java
@@ -225,7 +225,7 @@ private void assertExceptionThrownWhenParameterValidationFails(OidcAuthorizeRequ
     private void assertRedirectWhenParameterValidationFails(String redirectUri, String expectedDelimiter, OidcAuthorizeRequestParameter... parameters) throws IOException, ServletException {
         MockHttpServletRequest servletRequest = new MockHttpServletRequest();
         servletRequest.addParameter("redirect_uri", redirectUri);
-        servletRequest.addParameter("state", "123456789abcdefghjiklmn");
+        servletRequest.addParameter("state", "123456789abcdefghjiklmn&additional=1");
 
         for (OidcAuthorizeRequestParameter parameter : parameters) {
             Mockito.doThrow(new OidcAuthorizeRequestValidator.InvalidRequestException(parameter, "test", "test description")).when(oidcRequestValidator).validateAuthenticationRequestParameters(Mockito.any());
@@ -234,7 +234,7 @@ private void assertRedirectWhenParameterValidationFails(String redirectUri, Stri
             servletFilter.doFilter(servletRequest, servletResponse, Mockito.mock(FilterChain.class));
 
             Assert.assertEquals(302, servletResponse.getStatus());
-            Assert.assertEquals(redirectUri + expectedDelimiter + "error=test&error_description=test+description&state=123456789abcdefghjiklmn", servletResponse.getRedirectedUrl());
+            Assert.assertEquals(redirectUri + expectedDelimiter + "error=test&error_description=test+description&state=123456789abcdefghjiklmn%26additional%3D1", servletResponse.getRedirectedUrl());
         }
     }