diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0399437..fdb7cb3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -216,8 +216,10 @@ jobs:
       actions: read
       id-token: write
       contents: write
-    # Reusable workflow pinned to slsa-github-generator v2.0.0.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@5a775b367a56d5bd118a224a811bba288150a563 # v2.0.0
+    # Reusable workflow pinned to slsa-github-generator v2.1.0.
+    # v2.1.0 migrated to actions/artifact v4; v2.0.0 fails to attach the
+    # provenance after the artifact-v3 backend shutdown (empty UNTRUSTED_PATH).
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@f7dd8c54c2067bafc12ca7a55595d5ee9b75204a # v2.1.0
     with:
       base64-subjects: ${{ needs.hashes.outputs.hashes }}
       upload-assets: true