release: v2.0.1

mikkeldamsgaard · claude · mikkeldamsgaard · commit 9c9822a28568 · 2026-03-14T14:26:09.000+01:00
Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.0.1] - 2026-03-14
+
 ### Fixed
 
 - SBOM attestation in release workflow: use platform-specific SBOM path (`index .SBOM "linux/amd64"`) instead of `.SBOM.SPDX` which returns `null` for multi-platform images.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "initium"
-version = "2.0.0"
+version = "2.0.1"
 authors = ["Kitstream <opensource@kitstream.io>"]
 categories = ["command-line-utilities", "development-tools"]
 documentation = "https://docs.rs/initium"
diff --git a/docs/security.md b/docs/security.md
@@ -86,11 +86,11 @@ Release images are signed with [cosign](https://github.com/sigstore/cosign) usin
 # Verify signature (requires cosign)
 cosign verify \
   --certificate-oidc-issuer https://token.actions.githubusercontent.com \
-  --certificate-identity 'https://github.com/KitStream/initium/.github/workflows/release.yml@refs/tags/v2.0.0' \
-  ghcr.io/kitstream/initium:2.0.0
+  --certificate-identity 'https://github.com/KitStream/initium/.github/workflows/release.yml@refs/tags/v2.0.1' \
+  ghcr.io/kitstream/initium:2.0.1
 
 # Or use the Makefile target (also supports IMAGE=ghcr.io/kitstream/initium-jyq)
-make verify-image VERSION=2.0.0
+make verify-image VERSION=2.0.1
 ```
 
 ### Verify SBOM attestation
@@ -99,8 +99,8 @@ make verify-image VERSION=2.0.0
 cosign verify-attestation \
   --type spdx \
   --certificate-oidc-issuer https://token.actions.githubusercontent.com \
-  --certificate-identity 'https://github.com/KitStream/initium/.github/workflows/release.yml@refs/tags/v2.0.0' \
-  ghcr.io/kitstream/initium:2.0.0
+  --certificate-identity 'https://github.com/KitStream/initium/.github/workflows/release.yml@refs/tags/v2.0.1' \
+  ghcr.io/kitstream/initium:2.0.1
 ```
 
 ### View provenance and SBOM
@@ -109,8 +109,8 @@ Provenance and SBOM attestations are generated by Docker BuildKit during the ima
 
 ```bash
 # View provenance
-docker buildx imagetools inspect ghcr.io/kitstream/initium:2.0.0 --format '{{json .Provenance}}'
+docker buildx imagetools inspect ghcr.io/kitstream/initium:2.0.1 --format '{{json .Provenance}}'
 
 # View SBOM
-docker buildx imagetools inspect ghcr.io/kitstream/initium:2.0.0 --format '{{json .SBOM}}'
+docker buildx imagetools inspect ghcr.io/kitstream/initium:2.0.1 --format '{{json .SBOM}}'
 ```
