diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 8773990..e790e22 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -75,7 +75,7 @@ jobs:
           upload-release-assets: false
 
       - name: Install cosign
-        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # sigstore/cosign-installer v3
+        uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # sigstore/cosign-installer v4.1.2
 
       - name: Sign SBOMs (keyless, GitHub OIDC)
         run: |