diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e8994983a..cac29ca81 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - main
+      - series/*
   pull_request:
   schedule:
     - cron: '0 12 * * *'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 3028fd55b..7d93a6f54 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -105,7 +105,7 @@ jobs:
       contents: write # To add assets to a release.
     # Currently this action needs to be referred by tag. More details at:
     # https://github.com/slsa-framework/slsa-github-generator#verification-of-provenance
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
     with:
       provenance-name: provenance-sigstore-${{ github.event.release.tag_name }}.intoto.jsonl
       base64-subjects: "${{ needs.build.outputs.hashes }}"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e20cafa43..b61ba735a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,37 @@ All versions prior to 0.9.0 are untracked.
 
 ## [Unreleased]
 
+## [2.1.5]
+
+## Fixed
+
+* Backported b32ad1bd (slsa-github-generator upgrade) to make release possible
+
+## [2.1.4]
+
+## Fixed
+
+* Pinned `securesystemslib` dependency strictly to prevent future breakage
+
+## [2.1.3]
+
+## Fixed
+
+* Loosened a version constraint on the `sigstore-protobuf-specs` dependency,
+  to ease use in testing environments
+  ([#943](https://github.com/sigstore/sigstore-python/pull/943))
+
+## [2.1.2]
+
+This is a corrective release for [2.1.1].
+
+## [2.1.1]
+
+### Fixed
+
+* Fixed an incorrect assumption about Rekor checkpoints that future releases
+  of Rekor will not uphold ([#891](https://github.com/sigstore/sigstore-python/pull/891))
+
 ## [2.1.0]
 
 ### Added
@@ -297,7 +328,12 @@ All versions prior to 0.9.0 are untracked.
   ([#351](https://github.com/sigstore/sigstore-python/pull/351))
 
 <!--Release URLs -->
-[Unreleased]: https://github.com/sigstore/sigstore-python/compare/v2.1.0...HEAD
+[Unreleased]: https://github.com/sigstore/sigstore-python/compare/v2.1.5...HEAD
+[2.1.5]: https://github.com/sigstore/sigstore-python/compare/v2.1.4...v2.1.5
+[2.1.4]: https://github.com/sigstore/sigstore-python/compare/v2.1.3...v2.1.4
+[2.1.3]: https://github.com/sigstore/sigstore-python/compare/v2.1.2...v2.1.3
+[2.1.2]: https://github.com/sigstore/sigstore-python/compare/v2.1.1...v2.1.2
+[2.1.1]: https://github.com/sigstore/sigstore-python/compare/v2.1.0...v2.1.1
 [2.1.0]: https://github.com/sigstore/sigstore-python/compare/v2.0.1...v2.1.0
 [2.0.1]: https://github.com/sigstore/sigstore-python/compare/v2.0.0...v2.0.1
 [2.0.0]: https://github.com/sigstore/sigstore-python/compare/v1.1.2...v2.0.0
diff --git a/pyproject.toml b/pyproject.toml
index da614bcf0..12bc1af42 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -34,8 +34,8 @@ dependencies = [
   "pyOpenSSL >= 23.0.0",
   "requests",
   "rich ~= 13.0",
-  "securesystemslib",
-  "sigstore-protobuf-specs ~= 0.2.2",
+  "securesystemslib < 0.32.0",
+  "sigstore-protobuf-specs >= 0.2.2, < 0.4",
   # NOTE(ww): Under active development, so strictly pinned.
   "sigstore-rekor-types == 0.0.11",
   "tuf >= 2.1,< 4.0",
diff --git a/sigstore/__init__.py b/sigstore/__init__.py
index c84c0679e..67697bef0 100644
--- a/sigstore/__init__.py
+++ b/sigstore/__init__.py
@@ -25,4 +25,4 @@
 * `sigstore.sign`: creation of Sigstore signatures
 """
 
-__version__ = "2.1.0"
+__version__ = "2.1.5"
diff --git a/sigstore/_internal/rekor/checkpoint.py b/sigstore/_internal/rekor/checkpoint.py
index 177b9e2cf..3c1300544 100644
--- a/sigstore/_internal/rekor/checkpoint.py
+++ b/sigstore/_internal/rekor/checkpoint.py
@@ -58,7 +58,7 @@ class LogCheckpoint(BaseModel):
     - an origin, e.g. "rekor.sigstage.dev - 8050909264565447525"
     - the size of the log,
     - the hash of the log,
-    - and any ancillary contants, e.g. "Timestamp: 1679349379012118479"
+    - and any optional ancillary contants, e.g. "Timestamp: 1679349379012118479"
 
     See: <https://github.com/transparency-dev/formats/blob/main/log/README.md>
     """
@@ -75,7 +75,7 @@ def from_text(cls, text: str) -> LogCheckpoint:
         """
 
         lines = text.strip().split("\n")
-        if len(lines) < 4:
+        if len(lines) < 3:
             raise CheckpointError("Malformed LogCheckpoint: too few items in header!")
 
         origin = lines[0]
@@ -99,12 +99,7 @@ def to_text(self) -> str:
         See class definition for a prose description of the format.
         """
         return "\n".join(
-            [
-                self.origin,
-                str(self.log_size),
-                self.log_hash,
-            ]
-            + self.other_content
+            [self.origin, str(self.log_size), self.log_hash, *self.other_content]
         )