From bb5e1498a7a35e67bf27917e55135d19e7e787b8 Mon Sep 17 00:00:00 2001
From: Jake Sanders <jsand@google.com>
Date: Fri, 10 Dec 2021 08:37:43 -0800
Subject: [PATCH] add 1.4.1 relnotes

Signed-off-by: Jake Sanders <jsand@google.com>
---
 CHANGELOG.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 94ae192252e..b4a0cd7ba88 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,33 @@
 # Changelog
 
+## v1.4.1
+
+### Highlights
+
+A whole buncha bugfixes!
+
+### Enhancements
+
+* Files created with `--output-signature` and `--output-certificate` now created with 0600 permissions (https://github.com/sigstore/cosign/pull/1151)
+* Added `cosign verify-attestation --local-image` for verifying signed images with attestations from disk (https://github.com/sigstore/cosign/pull/1174)
+* Added the ability to fetch the TUF root over HTTP with `cosign initialize --mirror` (https://github.com/sigstore/cosign/pull/1185)
+
+### Bug Fixes
+
+* Fixed saving and loading a signed image index to disk (https://github.com/sigstore/cosign/pull/1147)
+* Fixed `sign-blob --output-certificate` writing an empty file (https://github.com/sigstore/cosign/pull/1149)
+* Fixed assorted issues related to the initialization and use of Sigstore's TUF root of trust (https://github.com/sigstore/cosign/pull/1157)
+
+### Contributors
+
+* Carlos Alexandro Becker (@caarlos0)
+* Carlos Panato (@cpanato)
+* Hayden Blauzvern (@haydentherapper)
+* Jake Sanders (@dekkagaijin)
+* Matt Moore (@mattmoor)
+* Priya Wadhwa (@priyawadhwa)
+* Radoslav Gerganov (@rgerganov)
+
 ## v1.4.0
 
 ### Highlights