diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 37425c09ba..e9c730831a 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -33,8 +33,7 @@ jobs:
       - uses: "goreleaser/goreleaser-action@v6"
         with:
           distribution: "goreleaser-pro"
-          # Pinned because of a regression in 2.3.0
-          version: &goreleaser_version "2.2.0"
+          version: &goreleaser_version "2.3.2"
           args: "release --clean --config=.goreleaser.windows.yml"
         env:
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 1964cf1220..6a0210d4d8 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -71,12 +71,11 @@ jobs:
         id: "goreleaser"
         with:
           distribution: "goreleaser-pro"
-          # Pinned because of a regression in 2.2.0
-          version: "2.2.0"
+          version: "2.3.2"
           args: "release --clean --split --snapshot --single-target --skip=chocolatey"
         env:
           GORELEASER_KEY: "${{ secrets.GORELEASER_KEY }}"
       - name: "Obtain container image to scan"
-        run: 'echo "IMAGE_VERSION=$(jq .version dist/linux_amd64/metadata.json --raw-output)" >> $GITHUB_ENV'
+        run: 'echo "IMAGE_VERSION=$(jq .version dist/linux_amd64_v1/metadata.json --raw-output)" >> $GITHUB_ENV'
       - name: "run trivy on release image"
         run: "docker run -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image --format table --exit-code 1 --ignore-unfixed --vuln-type os,library --no-progress --severity CRITICAL,HIGH,MEDIUM authzed/spicedb:v${{ env.IMAGE_VERSION }}-amd64"