diff --git a/CHANGELOG.md b/CHANGELOG.md
index c9181057..5b56f77f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,28 @@ All versions prior to 0.9.0 are untracked.
 
 ## [Unreleased]
 
+## [4.1.0]
+
+### Added
+
+* cli: Support using other Sigstore instances with `--instance URL`.
+  New instances are trusted with new top level command `trust-instance ROOTFILE`.
+  [#1548](https://github.com/sigstore/sigstore-python/pull/1548)
+
+### Changed
+
+* Added cryptography 46 to list of compatible cryptography releases
+  ([#1544](https://github.com/sigstore/sigstore-python/pull/1544))
+* Improved error message when verifying bundles with unsupported log entry versions
+  ([#1569](https://github.com/sigstore/sigstore-python/pull/1569))
+
+### Fixed
+
+* cli: Always read/write UTF-8. This fixes an issue on Windows where the platform
+  default encoding was used: the issue has existed for a while, but became more visible
+  with signature bundles that contain rekor2 entries.
+  [#1553](https://github.com/sigstore/sigstore-python/pull/1553)
+
 ## [4.0.0]
 
 This is a major release with a host of API and functionality changes. The major new feature
@@ -76,6 +98,14 @@ is Rekor v2 support but many other changes are also included, see list below.
 * verify: Handle unset TSA timestamp validity end
   [#1368](https://github.com/sigstore/sigstore-python/pull/1368)
 
+## [3.6.6]
+
+### Changed
+
+* Improved error message when verifying bundles with rekor v2 entries
+  ([#1565](https://github.com/sigstore/sigstore-python/pull/1565))
+* Added cryptography 46 to list of compatible cryptography releases
+  ([#1566](https://github.com/sigstore/sigstore-python/pull/1566))
 
 ## [3.6.5]
 
diff --git a/sigstore/__init__.py b/sigstore/__init__.py
index 0fcde57b..e61444b1 100644
--- a/sigstore/__init__.py
+++ b/sigstore/__init__.py
@@ -25,4 +25,4 @@
 * `sigstore.sign`: creation of Sigstore signatures
 """
 
-__version__ = "4.0.0"
+__version__ = "4.1.0"
diff --git a/sigstore/models.py b/sigstore/models.py
index 09cfe50f..619c4591 100644
--- a/sigstore/models.py
+++ b/sigstore/models.py
@@ -325,6 +325,25 @@ def diagnostics(self) -> str:
         )
 
 
+class IncompatibleEntry(InvalidBundle):
+    """
+    Raised when the log entry within the `Bundle` has an incompatible KindVersion.
+    """
+
+    def diagnostics(self) -> str:
+        """Returns diagnostics for the error."""
+
+        return dedent(
+            f"""\
+        The provided bundle contains a transparency log entry that is incompatible with this version of sigstore-python. Please upgrade your verifying client.
+
+        Additional context:
+
+        {self}
+        """
+        )
+
+
 class Bundle:
     """
     Represents a Sigstore bundle.
@@ -426,6 +445,11 @@ def _verify(self) -> None:
             raise InvalidBundle("expected exactly one log entry in bundle")
         tlog_entry = tlog_entries[0]
 
+        if tlog_entry.kind_version.version not in ["0.0.1", "0.0.2"]:
+            raise IncompatibleEntry(
+                f"Expected log entry version 0.0.1 - 0.0.2, got {tlog_entry.kind_version.version}"
+            )
+
         # Handling of inclusion promises and proofs varies between bundle
         # format versions:
         #