diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 9f0805ef53..e713067093 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -127,24 +127,25 @@ jobs:
     runs-on: ubuntu-20.04
     if: github.event_name == 'push'
     steps:
-      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # V2.7.0
+      - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # V2.8.1
         with:
           egress-policy: block
           disable-telemetry: true
           allowed-endpoints: >
-            artifactcache.actions.githubusercontent.com:443
-            aw97acprodeus1file2.blob.core.windows.net:443
             coveralls.io:443
+            dl.google.com:443
             docs.gradle.org:443
             docs.oracle.com:443
-            downloads.gradle-dn.com:443
             github.com:443
             javadoc.io:443
+            jcenter.bintray.com:443
+            objects.githubusercontent.com:443
             plugins-artifacts.gradle.org:443
             plugins.gradle.org:443
             raw.githubusercontent.com:443
             repo.gradle.org:443
             repo.maven.apache.org:443
+            repository.sonatype.org:443
             services.gradle.org:443
       - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
       - uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0
@@ -163,7 +164,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # V2.7.0
+      - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # V2.8.1
         with:
           egress-policy: audit # servers have changed, must be adjusted after next release
       - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3