diff --git a/CHANGELOG.md b/CHANGELOG.md
index 73284427..cab763f1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,15 @@ All versions prior to 1.0.0 are untracked
## [Unreleased]
+# [1.2.0] - 2024-12-4
+
+## Added
+- Add option to sigstore conformance cli to verify artifact digests in addition to file paths https://github.com/sigstore/sigstore-java/pull/859
+
+## Security
+- Ensure checkpoints for log inclusion proofs in sigstore bundles are correctly
+ verified. https://github.com/sigstore/sigstore-java/commit/23fb4885e6704a5df4977f7acf253a745349edf9
+
# [1.1.0] - 2024-11-22
## Added
diff --git a/build-logic/publishing/build.gradle.kts b/build-logic/publishing/build.gradle.kts
index 156ae6fb..9829ca79 100644
--- a/build-logic/publishing/build.gradle.kts
+++ b/build-logic/publishing/build.gradle.kts
@@ -10,6 +10,6 @@ dependencies {
implementation(project(":basics"))
implementation(project(":jvm"))
implementation("dev.sigstore.build-logic:gradle-plugin")
- implementation("dev.sigstore:sigstore-gradle-sign-plugin:1.1.0")
+ implementation("dev.sigstore:sigstore-gradle-sign-plugin:1.2.0")
implementation("com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin:1.3.0")
}
diff --git a/examples/hello-world/build.gradle.kts b/examples/hello-world/build.gradle.kts
index c24290b6..500c00bf 100644
--- a/examples/hello-world/build.gradle.kts
+++ b/examples/hello-world/build.gradle.kts
@@ -1,7 +1,7 @@
plugins {
`java-library`
`maven-publish`
- val sigstoreVersion = System.getProperty("sigstore.version") ?: "1.1.0"
+ val sigstoreVersion = System.getProperty("sigstore.version") ?: "1.2.0"
id("dev.sigstore.sign") version "$sigstoreVersion"
signing
}
diff --git a/examples/hello-world/pom.xml b/examples/hello-world/pom.xml
index 53c6b7e9..6bbe7c1c 100644
--- a/examples/hello-world/pom.xml
+++ b/examples/hello-world/pom.xml
@@ -16,7 +16,7 @@
UTF-8
UTF-8
11
- 1.1.0
+ 1.2.0
diff --git a/gradle.properties b/gradle.properties
index 757ef6df..c1291e56 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -5,4 +5,4 @@ systemProp.org.gradle.kotlin.dsl.precompiled.accessors.strict=true
group=dev.sigstore
# use the ./scripts/update_version.sh script to update all versions
-version=1.2.0
+version=1.3.0
diff --git a/sigstore-gradle/README.md b/sigstore-gradle/README.md
index 120ff134..cd88e7e4 100644
--- a/sigstore-gradle/README.md
+++ b/sigstore-gradle/README.md
@@ -15,7 +15,7 @@ Signature format uses [Sigstore bundle](https://github.com/sigstore/protobuf-spe
```kotlin
plugins {
- id("dev.sigstore.sign") version "1.1.0"
+ id("dev.sigstore.sign") version "1.2.0"
}
// Automatically sign all Maven publications, using GitHub Actions OIDC when available,
diff --git a/sigstore-gradle/sigstore-gradle-sign-base-plugin/src/main/kotlin/dev/sigstore/sign/SigstoreSignExtension.kt b/sigstore-gradle/sigstore-gradle-sign-base-plugin/src/main/kotlin/dev/sigstore/sign/SigstoreSignExtension.kt
index 2f7b4088..31604b01 100644
--- a/sigstore-gradle/sigstore-gradle-sign-base-plugin/src/main/kotlin/dev/sigstore/sign/SigstoreSignExtension.kt
+++ b/sigstore-gradle/sigstore-gradle-sign-base-plugin/src/main/kotlin/dev/sigstore/sign/SigstoreSignExtension.kt
@@ -44,7 +44,7 @@ abstract class SigstoreSignExtension(private val project: Project) {
abstract val sigstoreJavaVersion : Property
init {
- sigstoreJavaVersion.convention("1.2.0")
+ sigstoreJavaVersion.convention("1.3.0")
(this as ExtensionAware).extensions.create(
"oidcClient",
project.objects,
diff --git a/sigstore-maven-plugin/README.md b/sigstore-maven-plugin/README.md
index 5e11d20b..a459f52b 100644
--- a/sigstore-maven-plugin/README.md
+++ b/sigstore-maven-plugin/README.md
@@ -17,7 +17,7 @@ Signature format uses [Sigstore bundle](https://github.com/sigstore/protobuf-spe
dev.sigstore
sigstore-maven-plugin
- 1.1.0
+ 1.2.0
sign