diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1a5586d1b..1f09e04e0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,91 @@
 
 All notable changes to this project are documented in this file.
 
+## 1.2.0
+
+**Release date:** 2023-12-05
+
+This minor release comes with API changes, bug fixes and several new features.
+
+### Bucket
+
+A new field, `.spec.prefix`, has been added to the Bucket API, which enables
+server-side filtering of files if the object's `.spec.provider` is set to
+`generic`/`aws`/`gcp`.
+
+### OCIRepository and HelmChart
+
+Two new fields, `.spec.verify.matchOIDCIdentity.issuer` and
+`.spec.verify.matchOIDCIdentity.subject` have been added to the HelmChart and
+OCIRepository APIs. If the image has been keylessly signed via Cosign, these
+fields can be used to verify the OIDC issuer of the Fulcio certificate and the
+OIDC identity's subject respectively.
+
+### HelmRepository
+
+A new boolean field, `.spec.insecure`, has been introduced to the HelmRepository
+API, which allows connecting to a non-TLS HTTP container registry. It is only
+considered if the object's `.spec.type` is set to `oci`.
+
+From this release onwards, HelmRepository objects of type OCI are treated as
+static objects, i.e. they have an empty status.
+Existing objects undergo a one-time automatic migration and new objects
+will be undergo a one-time reconciliation to remove any status fields.
+
+Additionally, the controller now performs a shallow clone if the
+`.spec.ref.name` of the GitRepository object points to a branch or a tag.
+
+Furthermore, a bug has been fixed, where the controller would try to
+authenticate against public OCI registries if the HelmRepository object has a
+reference to a Secret containing a CA certificate.
+
+Lastly, dependencies have been updated to their latest version, including an
+update of Kubernetes to v1.28.4.
+
+Fixes:
+- Address miscellaneous issues throughout code base
+  [#1257](https://github.com/fluxcd/source-controller/pull/1257)
+- helmrepo: only configure tls login option when required
+  [#1289](https://github.com/fluxcd/source-controller/pull/1289)
+- oci: rename `OCIChartRepository.insecure` to `insecureHTTP`
+  [#1299](https://github.com/fluxcd/source-controller/pull/1299)
+- Use bitnami Minio oci chart for e2e
+  [#1301](https://github.com/fluxcd/source-controller/pull/1301)
+
+Improvements:
+- build(deps): bump Go dependencies
+  [#1260](https://github.com/fluxcd/source-controller/pull/1260)
+  [#1261](https://github.com/fluxcd/source-controller/pull/1261)
+  [#1269](https://github.com/fluxcd/source-controller/pull/1269)
+  [#1291](https://github.com/fluxcd/source-controller/pull/1291)
+- build(deps): bump the ci group dependencies
+  [#1265](https://github.com/fluxcd/source-controller/pull/1265)
+  [#1266](https://github.com/fluxcd/source-controller/pull/1266)
+  [#1272](https://github.com/fluxcd/source-controller/pull/1272)
+  [#1277](https://github.com/fluxcd/source-controller/pull/1277)
+  [#1281](https://github.com/fluxcd/source-controller/pull/1281)
+  [#1285](https://github.com/fluxcd/source-controller/pull/1285)
+  [#1296](https://github.com/fluxcd/source-controller/pull/1296)
+  [#1303](https://github.com/fluxcd/source-controller/pull/1303)
+- bucket: Add prefix filtering capability
+  [#1228](https://github.com/fluxcd/source-controller/pull/1228)
+- Static HelmRepository OCI
+  [#1243](https://github.com/fluxcd/source-controller/pull/1243)
+- cosign: allow identity matching for keyless verification
+  [#1250](https://github.com/fluxcd/source-controller/pull/1250)
+- Upgrade `go-git` to v5.10.0
+  [#1271](https://github.com/fluxcd/source-controller/pull/1271)
+- storage: change default file permissions
+  [#1276](https://github.com/fluxcd/source-controller/pull/1276)
+- Update dependencies to Kubernetes v1.28
+  [#1286](https://github.com/fluxcd/source-controller/pull/1286)
+- Add `.spec.insecure` to `HelmRepository` for `type: oci`
+  [#1288](https://github.com/fluxcd/source-controller/pull/1288)
+- Update Git dependencies
+  [#1300](https://github.com/fluxcd/source-controller/pull/1300)
+- Update Go dependencies
+  [#1304](https://github.com/fluxcd/source-controller/pull/1304)
+
 ## 1.1.2
 
 **Release date:** 2023-10-11
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
index 5e068f13d..f8c76696c 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -6,4 +6,4 @@ resources:
 images:
 - name: fluxcd/source-controller
   newName: fluxcd/source-controller
-  newTag: v1.1.0
+  newTag: v1.2.0
diff --git a/go.mod b/go.mod
index 6c05a4911..f39bf6a3f 100644
--- a/go.mod
+++ b/go.mod
@@ -37,7 +37,7 @@ require (
 	github.com/fluxcd/pkg/tar v0.4.0
 	github.com/fluxcd/pkg/testserver v0.5.0
 	github.com/fluxcd/pkg/version v0.2.2
-	github.com/fluxcd/source-controller/api v1.1.2
+	github.com/fluxcd/source-controller/api v1.2.0
 	github.com/foxcpp/go-mockdns v1.0.0
 	github.com/go-git/go-billy/v5 v5.5.0
 	github.com/go-git/go-git/v5 v5.10.1