This update for cosign fixes the following issues: Updated to version 1.12.0 : - CVE-2022-36056: Fixed verify-blob could successfully verify an artifact when verification should have failed .