From 9c9822a28568a1082979507622dd4ab2b79e11e8 Mon Sep 17 00:00:00 2001
From: mikkeldamsgaard <krulimut@gmail.com>
Date: Sat, 14 Mar 2026 14:25:09 +0100
Subject: [PATCH] release: v2.0.1

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 CHANGELOG.md     |  2 ++
 Cargo.lock       |  2 +-
 Cargo.toml       |  2 +-
 docs/security.md | 14 +++++++-------
 4 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7d787a6..3c577fe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.0.1] - 2026-03-14
+
 ### Fixed
 
 - SBOM attestation in release workflow: use platform-specific SBOM path (`index .SBOM "linux/amd64"`) instead of `.SBOM.SPDX` which returns `null` for multi-platform images.
diff --git a/Cargo.lock b/Cargo.lock
index 8b27772..229383d 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -989,7 +989,7 @@ dependencies = [
 
 [[package]]
 name = "initium"
-version = "2.0.0"
+version = "2.0.1"
 dependencies = [
  "base64 0.22.1",
  "clap",
diff --git a/Cargo.toml b/Cargo.toml
index d8fb9e9..0de4f67 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "initium"
-version = "2.0.0"
+version = "2.0.1"
 authors = ["Kitstream <opensource@kitstream.io>"]
 categories = ["command-line-utilities", "development-tools"]
 documentation = "https://docs.rs/initium"
diff --git a/docs/security.md b/docs/security.md
index 1819d29..75a839f 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -86,11 +86,11 @@ Release images are signed with [cosign](https://github.com/sigstore/cosign) usin
 # Verify signature (requires cosign)
 cosign verify \
   --certificate-oidc-issuer https://token.actions.githubusercontent.com \
-  --certificate-identity 'https://github.com/KitStream/initium/.github/workflows/release.yml@refs/tags/v2.0.0' \
-  ghcr.io/kitstream/initium:2.0.0
+  --certificate-identity 'https://github.com/KitStream/initium/.github/workflows/release.yml@refs/tags/v2.0.1' \
+  ghcr.io/kitstream/initium:2.0.1
 
 # Or use the Makefile target (also supports IMAGE=ghcr.io/kitstream/initium-jyq)
-make verify-image VERSION=2.0.0
+make verify-image VERSION=2.0.1
 ```
 
 ### Verify SBOM attestation
@@ -99,8 +99,8 @@ make verify-image VERSION=2.0.0
 cosign verify-attestation \
   --type spdx \
   --certificate-oidc-issuer https://token.actions.githubusercontent.com \
-  --certificate-identity 'https://github.com/KitStream/initium/.github/workflows/release.yml@refs/tags/v2.0.0' \
-  ghcr.io/kitstream/initium:2.0.0
+  --certificate-identity 'https://github.com/KitStream/initium/.github/workflows/release.yml@refs/tags/v2.0.1' \
+  ghcr.io/kitstream/initium:2.0.1
 ```
 
 ### View provenance and SBOM
@@ -109,8 +109,8 @@ Provenance and SBOM attestations are generated by Docker BuildKit during the ima
 
 ```bash
 # View provenance
-docker buildx imagetools inspect ghcr.io/kitstream/initium:2.0.0 --format '{{json .Provenance}}'
+docker buildx imagetools inspect ghcr.io/kitstream/initium:2.0.1 --format '{{json .Provenance}}'
 
 # View SBOM
-docker buildx imagetools inspect ghcr.io/kitstream/initium:2.0.0 --format '{{json .SBOM}}'
+docker buildx imagetools inspect ghcr.io/kitstream/initium:2.0.1 --format '{{json .SBOM}}'
 ```