diff --git a/.github/workflows/Lockfile.yml b/.github/workflows/Lockfile.yml
index ef6edb5c..1dcadbdf 100644
--- a/.github/workflows/Lockfile.yml
+++ b/.github/workflows/Lockfile.yml
@@ -26,7 +26,7 @@ jobs:
             sh.jbang.dev:443
 
       - name: run maven-lockfile
-        uses: chains-project/maven-lockfile@611060d93984a0a72c1c895eab39c13b09852d4c # v5.3.0
+        uses: chains-project/maven-lockfile@526cd67327ab19c7bd95be6d2d16530d80bf3c9e # v5.2.0
         with:
           github-token: ${{ secrets.JRELEASER_GITHUB_TOKEN }}
           include-maven-plugins: true
diff --git a/.github/workflows/LockfilePR.yml b/.github/workflows/LockfilePR.yml
index bd8f9b83..32ad7eda 100644
--- a/.github/workflows/LockfilePR.yml
+++ b/.github/workflows/LockfilePR.yml
@@ -25,14 +25,14 @@ jobs:
 
       - name: run maven-lockfile
         if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
-        uses: chains-project/maven-lockfile@611060d93984a0a72c1c895eab39c13b09852d4c # v5.3.0
+        uses: chains-project/maven-lockfile@526cd67327ab19c7bd95be6d2d16530d80bf3c9e # v5.2.0
         with:
           github-token: ${{ secrets.JRELEASER_GITHUB_TOKEN }}
           include-maven-plugins: true
     
       - name: run maven-lockfile (fork/external)
         if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
-        uses: chains-project/maven-lockfile@611060d93984a0a72c1c895eab39c13b09852d4c # v5.3.0
+        uses: chains-project/maven-lockfile@526cd67327ab19c7bd95be6d2d16530d80bf3c9e # v5.2.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           include-maven-plugins: true
diff --git a/.github/workflows/jreleaser.yml b/.github/workflows/jreleaser.yml
index 89ac85f9..a4c05d2a 100644
--- a/.github/workflows/jreleaser.yml
+++ b/.github/workflows/jreleaser.yml
@@ -38,6 +38,9 @@ jobs:
         uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
         with:
           maven-version: 3.9.6
+      - id: install-jbang
+        run: curl -Ls https://sh.jbang.dev | bash -s - app setup
+        shell: bash
       - name: Set git user
         run: |
           git config --global user.name "GitHub Actions Bot"
@@ -62,8 +65,8 @@ jobs:
         # semver next for a snapshot only releases the snapshot version, so we need to run it 2 times
         if: ${{ github.event.inputs.version == 'major'  || github.event.inputs.version == 'minor' }}
         run: echo "NEXT_VERSION=$(semver next ${{ github.event.inputs.version }} $CURRENT_VERSION)" >> $GITHUB_ENV
-      - name: run maven-lockfile
-        uses: chains-project/maven-lockfile@611060d93984a0a72c1c895eab39c13b09852d4c # v5.3.0
+      - name: run maven-lockfile (validate lockfile)
+        uses: chains-project/maven-lockfile@526cd67327ab19c7bd95be6d2d16530d80bf3c9e # v5.2.0
         with:
             github-token: ${{ secrets.GITHUB_TOKEN }}
             include-maven-plugins: true
@@ -74,6 +77,12 @@ jobs:
         run: mvn --no-transfer-progress --batch-mode versions:set -DnewVersion=$NEXT_VERSION -DprocessAllModules
       - name: Generate Readme
         run : mvn generate-resources resources:copy-resources
+      - name: run maven-lockfile (generate new lockfile for release version)
+        env:
+          POM_CHANGED: true # the version has changed, new lockfile is needed
+          COMMIT_UPDATED_LOCKFILE: true
+        run: ~/.jbang/bin/jbang --repos 'mavencentral' io.github.chains-project:maven-lockfile-github-action:5.2.0
+        bash: shell
       - name: commit changes
         run: |
           git checkout -b ${{ env.BRANCH_NAME }}
@@ -120,6 +129,12 @@ jobs:
 #1 Readme and action.yml
       - name: Generate Readme
         run : mvn generate-resources resources:copy-resources -q
+      - name: run maven-lockfile (generate new lockfile for -SNAPSHOT version)
+        env:
+          POM_CHANGED: true # the version has changed, new lockfile is needed
+          COMMIT_UPDATED_LOCKFILE: true
+        run: ~/.jbang/bin/jbang --repos 'mavencentral' io.github.chains-project:maven-lockfile-github-action:5.2.0
+        bash: shell
 # Commit and push changes
       - name: Commit & Push changes
         run: |
diff --git a/.github/workflows/regenerate-lockfile.yml b/.github/workflows/regenerate-lockfile.yml
index 2fafcf60..7b848ceb 100644
--- a/.github/workflows/regenerate-lockfile.yml
+++ b/.github/workflows/regenerate-lockfile.yml
@@ -24,6 +24,6 @@ jobs:
             sh.jbang.dev:443
 
       - name: run maven-lockfile
-        uses: chains-project/maven-lockfile@611060d93984a0a72c1c895eab39c13b09852d4c # v5.3.0
+        uses: chains-project/maven-lockfile@526cd67327ab19c7bd95be6d2d16530d80bf3c9e # v5.2.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/github_action/lockfile.json b/github_action/lockfile.json
index 6bb997fd..8e411716 100644
--- a/github_action/lockfile.json
+++ b/github_action/lockfile.json
@@ -7046,7 +7046,7 @@
     "environment": {
       "osName": "Linux",
       "mavenVersion": "3.8.2",
-      "javaVersion": "11.0.25"
+      "javaVersion": "17.0.13"
     },
     "config": {
       "includeMavenPlugins": true,
diff --git a/lockfile.json b/lockfile.json
index 4947caf0..e507dda8 100644
--- a/lockfile.json
+++ b/lockfile.json
@@ -108,7 +108,7 @@
     "environment": {
       "osName": "Linux",
       "mavenVersion": "3.8.2",
-      "javaVersion": "11.0.25"
+      "javaVersion": "17.0.13"
     },
     "config": {
       "includeMavenPlugins": true,
diff --git a/maven_plugin/lockfile.json b/maven_plugin/lockfile.json
index a3ab5a03..6686ab41 100644
--- a/maven_plugin/lockfile.json
+++ b/maven_plugin/lockfile.json
@@ -2429,7 +2429,7 @@
     "environment": {
       "osName": "Linux",
       "mavenVersion": "3.8.2",
-      "javaVersion": "11.0.25"
+      "javaVersion": "17.0.13"
     },
     "config": {
       "includeMavenPlugins": true,