diff --git a/docs/_data/changelog.yml b/docs/_data/changelog.yml
index 13caba9..2e8031f 100644
--- a/docs/_data/changelog.yml
+++ b/docs/_data/changelog.yml
@@ -1,10 +1,55 @@
+- date: '2026-01-13'
+  updates:
+    application:
+      version: 1.203.0
+      improvements:
+        - text: |-
+            Deep signing with long file paths (> 260 characters) is now supported.
+          issues: [SIGN-8248]
+    self_hosted_installations:
+      version: 1.203.0
+      breaking_changes:
+        - text: |
+            SignService charts: moved Application Insights connection string from `appSecrets.signService.applicationInsights.connectionString` to `appSecrets.shared.applicationInsights.connectionString`.
+          issues: [SIGN-7578]
+- date: '2025-12-16'
+  updates:
+    application:
+      version: 1.202.0
+      breaking_changes:
+        - text: |
+            REST API: improved naming of "verify origin policy" on signing policy objects.
+            * Changed the property `verifyOrigin` to `verifyOriginPolicy` and `originVerification` to `originPolicyVerification` in the following API routes:
+              * `POST /v1/{organizationId}/Projects/{projectSlug}/SigningPolicies`
+              * `POST /v1/{organizationId}/Projects/{projectSlug}/SigningPolicies/{signingPolicySlug}`
+            * Changed the property `verifiesOrigin` to `verifiesOriginPolicy` in the following API routes:
+              * `GET /v1/{organizationId}/Projects/{slug}`
+              * `GET /v1/{organizationId}/Projects/{projectSlug}/SigningPolicies/{signingPolicySlug}`
+          issues: [SIGN-8033, SIGN-8259]
+      new_features:
+        - text: |-
+            Added support for file-based RPM Package Manager (`.rpm`) signing via [`<rpm-sign>`](/artifact-configuration/reference#rpm-sign).
+          issues: [SIGN-8134, SIGN-8162]
+      improvements:
+        - text: |
+            Artifact download permissions based on global roles: only some global roles are now eligible (used to be all explicit global roles). See [documentation](/users#permissions).
+          issues: [SIGN-8171]
+        - text: |
+            Improved the history view on the organization details page (missing fields added).
+          issues: [SIGN-8172]
+    self_hosted_installations:
+      version: 1.202.0
+      upgrade_information:
+        - text: |-
+            All Windows containers switched from Windows Server 2019 to Server 2022 base images. Before starting the upgrade, ensure that your Kubernetes cluster has Windows Server 2022 worker nodes available and ready.
+          issues: [SIGN-8113]
 - date: '2025-12-02'
   updates:
     application:
       version: 1.201.4
       new_features:
         - text: |-
-            Added support for the "DSSE (Dead Simple Signing Envelope)" signing format via [`<dsse-sign>`](/artifact-configuration/reference#dsse-sign).
+            Added support for [DSSE (Dead Simple Signing Envelope) signatures][`<dsse-sign>`](/artifact-configuration/reference#dsse-sign).
           issues: [SIGN-8132]
       bug_fixes:
         - text: |-
@@ -14,7 +59,7 @@
       version: 1.201.4
       improvements:
         - text: |-
-            Improved SignService reliability on temporary database outages.
+            Improved SignService reliability during temporary database outages.
           issues: [SIGN-8164]
 - date: '2025-11-27'
   updates:
diff --git a/docs/_data/editions.yml b/docs/_data/editions.yml
index ccfd059..cd72477 100644
--- a/docs/_data/editions.yml
+++ b/docs/_data/editions.yml
@@ -23,6 +23,7 @@
     nuget: true
     android: true
     java: false
+    rpm: false
     office_macros: false
     xml: false
     docker: false
@@ -92,6 +93,7 @@
     nuget: true
     android: true
     java: true
+    rpm: false
     office_macros: false
     xml: false
     docker: false
@@ -156,6 +158,7 @@
     nuget: true
     android: true
     java: true
+    rpm: true
     office_macros: true
     xml: true
     docker: true
@@ -277,6 +280,7 @@
     nuget: true
     android: true
     java: true
+    rpm: true
     office_macros: false
     xml: false
     docker: true
diff --git a/docs/_data/tables/artifact-configuration.yml b/docs/_data/tables/artifact-configuration.yml
index cb0a3f3..be82c7b 100644
--- a/docs/_data/tables/artifact-configuration.yml
+++ b/docs/_data/tables/artifact-configuration.yml
@@ -70,6 +70,11 @@ signing-file-elements:
       directive: "[`<jar-sign>`](#jar-sign)"
       extensions: ".jar, .war, .ear, .apk, .aab"
       description: "Java archives and Android apps. (Not available for Code Signing Starter.)"
+    - element: "`<rpm-file>`"
+      isComposite: "Yes"
+      directive: "[`<rpm-sign>`](#rpm-sign)"
+      extensions: ".rpm"
+      description: "RPM Package Manager files (available for Advanced Code Signing)"
     - element: "[`<zip-file>`](syntax#zip-file-element)"
       isComposite: "Yes"
       directive: "[`<jar-sign>`](#jar-sign)"
diff --git a/docs/artifact-configuration/reference.md b/docs/artifact-configuration/reference.md
index 0c59f2b..623ba7d 100644
--- a/docs/artifact-configuration/reference.md
+++ b/docs/artifact-configuration/reference.md
@@ -46,6 +46,7 @@ Since the file's format does not change, the unsigned files are not needed anymo
 * [`<office-macro-sign>`: Microsoft Office VBA macros](#office-macro-sign)
 * [`<opc-sign>`: Open Packaging Convention](#opc-sign)
 * [`<jar-sign>`: Java Archives](#jar-sign)
+* [`<rpm-sign>`: RPM Package Manager](#rpm-sign)
 * [`<xml-sign>`: XML Digital Signature](#xml-sign)
 
 The general syntax for embedded signing methods is: `<`_format_`-sign />`
@@ -192,6 +193,38 @@ jarsigner -verify -strict <file>.zip
 
 Add the `-verbose` option to see the certificate.
 
+
+#### `<rpm-sign>`: RPM Package Manager {#rpm-sign}
+
+{% include editions.md feature="file_based_signing.rpm" %}
+
+{%- include_relative render-ac-directive-table.inc directive="rpm-sign" -%}
+
+RPM is the package manager format for many Linux distributions including Fedora, RedHat, and openSUSE. RPM is based on GPG signatures and requires [signing policies](/projects#signing-policies) with a [GPG key](/managing-certificates#certificate-types) certificate.
+
+##### Example
+
+~~~ xml
+<artifact-configuration xmlns="http://signpath.io/artifact-configuration/v1">
+  <rpm-file>
+    <rpm-sign />
+  </rpm-file>
+</artifact-configuration>
+~~~
+
+##### Verification {#rpm-sign-verification}
+
+Package verification is typically performed automatically by package management tools like yum and DNF.
+
+To manually verify `.rpm` files, use the following commands:
+
+~~~ bash
+rpm --import my_key.asc # Import, i.e. trust, the GPG public key
+
+rpm --verbose --checksig my_package.rpm
+~~~
+
+
 #### `<xml-sign>`: XML Digital Signature {#xml-sign}
 
 {% include editions.md feature="file_based_signing.xml" %}
diff --git a/docs/users.md b/docs/users.md
index 99b9410..18387cc 100644
--- a/docs/users.md
+++ b/docs/users.md
@@ -154,7 +154,7 @@ Read permissions:
 * All users can view configuration information and metadata
 * Access to artifacts is restricted to users with read permissions for the signing request
 * Users have read permissions for a Signing Request if they have
-  * an appropriate global role: *Administrator*, *Global Reader*
+  * an appropriate global role: *Global Administrator*, *Project Administrator*, *Global Reader*, *Support User*
   * a role for the Project: *Reader*, *Configurator*
   * a role for the Signing Policy: *Submitter*, *Approver*