diff --git a/README.md b/README.md
index f3aa853..bd38fdd 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ Add the following entry to your Github workflow YAML file:
 ```yaml
 uses: sigstore/cosign-installer@main
 with:
-  cosign-release: 'v1.4.0' # optional
+  cosign-release: 'v1.4.1' # optional
 ```
 
 Example using a pinned version:
@@ -40,7 +40,7 @@ jobs:
       - name: Install Cosign
         uses: sigstore/cosign-installer@main
         with:
-          cosign-release: 'v1.4.0'
+          cosign-release: 'v1.4.1'
       - name: Check install!
         run: cosign version
 ```
diff --git a/action.yml b/action.yml
index 8494d86..9df9cb9 100644
--- a/action.yml
+++ b/action.yml
@@ -9,7 +9,7 @@ inputs:
   cosign-release:
     description: 'Cosign release version to use in the actions.'
     required: false
-    default: 'v1.4.0'
+    default: 'v1.4.1'
 runs:
   using: "composite"
   steps:
@@ -20,8 +20,8 @@ runs:
         mkdir -p $HOME/.cosign
         pushd $HOME/.cosign
 
-        bootstrap_version='v1.4.0'
-        expected_bootstrap_version_digest='bac6a2dee9100f5708226179466e0dad45e76291ef0d70b929ca52fe59a1ae0d'
+        bootstrap_version='v1.4.1'
+        expected_bootstrap_version_digest='08ba779a4e6ff827079abed1a6d1f0a0d9e48aea21f520ddeb42ff912f59d268'
         curl -L https://storage.googleapis.com/cosign-releases/${bootstrap_version}/cosign-linux-amd64 -o cosign
         shaBootstrap=$(sha256sum cosign | cut -d' ' -f1);
         if [[ $shaBootstrap != ${expected_bootstrap_version_digest} ]]; then exit 1; fi