From e2dbf2a8b918ffcaa4c9937c5736204182178c7b Mon Sep 17 00:00:00 2001 From: Jacopo Andrea Giola Date: Thu, 5 Feb 2026 14:51:10 +0100 Subject: [PATCH] docs: add clarification on cosign new bundle version --- release-notes/security.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/release-notes/security.md b/release-notes/security.md index 12ba4d6493..b226dc9835 100644 --- a/release-notes/security.md +++ b/release-notes/security.md @@ -10,6 +10,9 @@ You can verify the signing in every moment to be sure that there was no tamperin The public certificates that are required for the verification are available on this website and may depend on the artifact you need to verify. At this time of writing all the artifacts are signed using the same underling key. +Our images are using the latest bundle version so the verification can be done only on `cosign` v3+ or if you are +using an older version, be sure to append the `--new-bundle-format=true` commands flag. + ## Container Images Here you can find all the artifacts and the starting version when they are being signed and verifiable with `cosign`: