diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4ce3ddf52..ba497d67a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1302,7 +1302,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install cosign
-        uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1
+        uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
 
       - name: Sign checksums (keyless)
         # Cosign keyless signing — OIDC identity comes from the GitHub Actions JWT