sigstore · jku · Apr 14, 2025 · Apr 10, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,10 +8,21 @@ All versions prior to 0.9.0 are untracked.
 
 ## [Unreleased]
 
+## [3.6.2]
+
+### Fixed
+
 * Fixed issue where a trust root with multiple rekor keys was not considered valid:
   Now any rekor key listed in the trust root is considered good to verify entries
   [#1350](https://github.com/sigstore/sigstore-python/pull/1350)
 
+### Changed
+
+* Upgraded python-tuf dependency to 6.0: Connections to TUF repository
+  now use system certificates (instead of certifi) and have automatic
+  retries
+* Updated the embedded TUF root to version 12
+
 ## [3.6.1]
 
 ### Fixed
@@ -597,8 +608,9 @@ This is a corrective release for [2.1.1].
 
 
 <!--Release URLs -->
-[Unreleased]: https://github.com/sigstore/sigstore-python/compare/v3.6.1...HEAD
-[3.6.0]: https://github.com/sigstore/sigstore-python/compare/v3.6.0...v3.6.1
+[Unreleased]: https://github.com/sigstore/sigstore-python/compare/v3.6.2...HEAD
+[3.6.2]: https://github.com/sigstore/sigstore-python/compare/v3.6.1...v3.6.2
+[3.6.1]: https://github.com/sigstore/sigstore-python/compare/v3.6.0...v3.6.1
 [3.6.0]: https://github.com/sigstore/sigstore-python/compare/v3.5.3...v3.6.0
 [3.5.3]: https://github.com/sigstore/sigstore-python/compare/v3.5.2...v3.5.3
 [3.5.2]: https://github.com/sigstore/sigstore-python/compare/v3.5.1...v3.5.2

diff --git a/sigstore/__init__.py b/sigstore/__init__.py
@@ -25,4 +25,4 @@
 * `sigstore.sign`: creation of Sigstore signatures
 """
 
-__version__ = "3.6.1"
+__version__ = "3.6.2"