diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5c356e809..e767b0cab 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -55,7 +55,7 @@ jobs:
 
     - name: Archive HTML test report on failure
       if: ${{ failure() }}
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v6
       with:
         name: test-reports-java17-java${{ matrix.java }}-${{ matrix.distribution }}-html
         path: "*/build/reports/**"
@@ -68,14 +68,14 @@ jobs:
 
     - name: Archive HTML test report
       if: ${{ always() }}
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v6
       with:
         name: test-reports-java${{ matrix.java }}-${{ matrix.distribution }}-html
         path: "*/build/reports/**"
 
     - name: Archive JUnit test report
       if: ${{ always() }}
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v6
       with:
         name: test-reports-java${{ matrix.java }}-${{ matrix.distribution }}-xml
         path: "*/build/test-results/**/*.xml"
@@ -90,7 +90,7 @@ jobs:
 
     - name: Archive artifact checksums
       if: ${{ matrix.java != 8 }}  # JDK 8 does not produce reproducible binaries
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v6
       with:
         name: artifact-checksums-java${{ matrix.java }}-${{ matrix.distribution }}
         path: java-webauthn-server-artifacts.sha256sum
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index f1110b8b4..713051829 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -31,7 +31,7 @@ jobs:
       run: ./gradlew pitestMerge
 
     - name: Archive test reports
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v6
       with:
         name: pitest-reports-${{ github.sha }}
         path: "*/build/reports/pitest/**"
diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml
index 205cfb12c..be23a4fd8 100644
--- a/.github/workflows/integration-test.yml
+++ b/.github/workflows/integration-test.yml
@@ -39,14 +39,14 @@ jobs:
 
     - name: Archive HTML test report
       if: ${{ always() }}
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v6
       with:
         name: test-reports-java${{ matrix.java }}-${{ matrix.distribution }}-html
         path: "*/build/reports/**"
 
     - name: Archive JUnit test report
       if: ${{ always() }}
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v6
       with:
         name: test-reports-java${{ matrix.java }}-${{ matrix.distribution }}-xml
         path: "*/build/test-results/**/*.xml"
diff --git a/.github/workflows/release-verify-signatures.yml b/.github/workflows/release-verify-signatures.yml
index 6e50d202f..78bd92cd4 100644
--- a/.github/workflows/release-verify-signatures.yml
+++ b/.github/workflows/release-verify-signatures.yml
@@ -24,7 +24,7 @@ jobs:
         until wget https://repo1.maven.org/maven2/com/yubico/webauthn-server-core/${{ github.ref_name }}/webauthn-server-core-${{ github.ref_name }}.jar.asc; do sleep 180; done
 
     - name: Store keyring and signatures as artifact
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v6
       with:
         name: keyring-and-signatures
         retention-days: 1