diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
index 59b3361d..69e0c3ee 100644
--- a/.github/workflows/gradle.yml
+++ b/.github/workflows/gradle.yml
@@ -52,7 +52,7 @@ jobs:
           github-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: "🔧 Setup Gradle"
-        uses: gradle/gradle-build-action@v2.9.0
+        uses: gradle/gradle-build-action@v2.11.1
 
       - name: "❓ Optional setup step"
         run: |
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 63335e62..1a8f6632 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -115,9 +115,7 @@ jobs:
       artifacts-sha256: ${{ steps.set-hash.outputs.artifacts-sha256 }}
     steps:
       - name: Download artifacts-sha256
-        # Important: update actions/download-artifact to v4 only when generator_generic_slsa3.yml is also compatible.
-        # See https://github.com/slsa-framework/slsa-github-generator/issues/3068
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@v3
         with:
           name: artifacts-sha256
       # The SLSA provenance generator expects the hash digest of artifacts to be passed as a job
@@ -150,8 +148,6 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Download artifacts
-        # Important: update actions/download-artifact to v4 only when generator_generic_slsa3.yml is also compatible.
-        # See https://github.com/slsa-framework/slsa-github-generator/issues/3068
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: gradle-build-outputs