diff --git a/ChangeLog.md b/ChangeLog.md
new file mode 100644
index 0000000..3cbf757
--- /dev/null
+++ b/ChangeLog.md
@@ -0,0 +1,96 @@
+# wolfCOSE Release 1.0.0 (June 25, 2026)
+
+Release 1.0.0 is the first stable release of wolfCOSE, a complete,
+zero-allocation C implementation of CBOR (RFC 8949) and COSE (RFC 9052/9053)
+on top of wolfCrypt. It provides all six COSE message types in both
+single-actor and multi-actor forms, 40 algorithms across signing, encryption,
+MAC, and key distribution, and standardized post-quantum ML-DSA signatures
+(RFC 9964), all heap-allocation-free and within a tiny footprint.
+
+## Vulnerabilities
+
+* None. This is the initial release.
+
+## New Feature Additions
+
+* CBOR engine implementing RFC 8949 encode/decode with no external dependency,
+ enforcing deterministic/preferred-encoding rules and rejecting non-preferred
+ or trailing input on decode.
+* All six COSE message types (RFC 9052): `COSE_Sign1`, `COSE_Sign`,
+ `COSE_Encrypt0`, `COSE_Encrypt`, `COSE_Mac0`, and `COSE_Mac`, including the
+ multi-signer and multi-recipient variants.
+* 40 algorithms across signing, encryption, MAC, and key distribution
+ (RFC 9053): ES256/384/512, EdDSA (Ed25519/Ed448), PS256/384/512,
+ ML-DSA-44/65/87, AES-GCM (128/192/256), ChaCha20-Poly1305, AES-CCM variants,
+ HMAC-SHA256/384/512, AES-MAC, Direct, AES Key Wrap, and ECDH-ES+HKDF.
+* Standardized post-quantum signatures: ML-DSA (FIPS 204) at all three security
+ levels, conformant to RFC 9964 ("ML-DSA for JOSE and COSE"). COSE keys use the
+ RFC 9964 AKP key type (`kty` 7) with a required `alg`, the public key in `pub`
+ (-1), and the 32-byte seed private key in `priv` (-2).
+* `COSE_Key` / `COSE_KeySet` serialization for all supported key types,
+ including full RFC 8230 RSA private keys (n, e, d, p, q, dP, dQ, qInv).
+* Zero dynamic allocation: every operation uses caller-provided buffers, with no
+ heap, `.data`, or `.bss` usage.
+* Path to FIPS 140-3 through wolfCrypt FIPS Certificate #4718 (sole crypto
+ dependency).
+* `WOLFCOSE_LEAN` configuration layer with `WOLFCOSE_HAVE_*` feature gates,
+ `WOLFCOSE_LEAN_VERIFY` / ML-DSA lean profiles for verify-only targets, and a
+ `WOLFCOSE_MIN_BUFFERS` bounded-stack profile. Verify-only ECC builds link
+ against sign-disabled wolfCrypt (`NO_ECC_SIGN`, `NO_ASN`, no `mp_int`); the
+ ECC signing helpers are gated out so a verify-only image never pulls in sign
+ code, enforced in CI without `-ffunction-sections` garbage collection.
+* `LIBWOLFCOSE_VERSION_STRING` / `LIBWOLFCOSE_VERSION_HEX` in
+ `wolfcose/version.h` for compile-time version checks.
+
+## Fixes
+
+* RSA private `COSE_Key` encode/decode now emits the RFC 8230 MUST-present `dP`
+ (-6) and `dQ` (-7) CRT exponents and encodes `d` at full modulus width, so a
+ private RSA key round-trips reliably against strict RSA decoders.
+* `COSE_Mac` emits an empty protected header for direct-key recipients, matching
+ the COSE structure other implementations expect on the wire.
+* `COSE_Key` emits preferred (shortest) CBOR length for the RSA `n` and `d` byte
+ strings, keeping serialized keys deterministic.
+
+## Improvements/Optimizations
+
+* Minimal footprint: an ES256 `COSE_Sign1` build is ~5.1 KB verify-only and
+ ~6.8 KB sign + verify for the wolfCOSE COSE + CBOR engine; see the
+ [Footprint](https://github.com/wolfSSL/wolfCOSE/wiki/Footprint) page for
+ total-flash numbers including wolfCrypt.
+* MISRA C:2012 and C:2023 checked.
+* API hardening: `COSE_Encrypt` and `wc_CoseMac_Create` direct mode now require
+ an explicit `WOLFCOSE_ALG_DIRECT` and reject a zero-initialized algorithm id;
+ `wc_CoseMac_Verify` classifies the recipient algorithm and enforces the algId
+ policy; the CBOR `wc_CBOR_PeekType` peek is guarded against NULL and
+ end-of-buffer reads with a single-exit sentinel return; the
+ `wc_CoseSign1_Verify` and symmetric `COSE_Encrypt0` key parameters are
+ `const`-qualified; and ephemeral `COSE_Key` curve ids are range-checked before
+ any narrowing cast.
+* Coverity DEADCODE findings in the COSE MAC and CBOR decode paths resolved;
+ static analysis (cppcheck, Clang analyzer, GCC `-fanalyzer`, Coverity) is
+ clean.
+* CI matrix covering Ubuntu/macOS, GCC 10-14 and Clang 14-18, ~240 algorithm
+ combination tests, static analysis (cppcheck, Clang analyzer, GCC
+ `-fanalyzer`, Coverity), security scanning (CodeQL, Semgrep) and house-style
+ gates, sanitizers (ASan/UBSan), a wolfCOSE <-> t_cose wire-interop conformance
+ suite, and a wolfSSL version matrix with explicit ML-DSA/PQC rows.
+* Expanded negative and boundary coverage: 4 KB large-payload round-trips for
+ `COSE_Encrypt0`/`COSE_Mac0`, empty-payload round-trips across
+ AES-GCM/AES-CCM/ChaCha20-Poly1305, CBOR integer argument-width boundaries
+ through the 8-byte and `INT64_MIN` extremes with pinned encoded lengths,
+ HMAC-384/512 short-key rejection, and pinned MAC tag lengths (including an
+ AES-CBC-MAC block-boundary known-answer test) with IV-chaining tamper checks.
+
+---
+
+wolfCOSE 1.0.0 has been developed according to wolfSSL's development and QA
+process (see
+https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance)
+and successfully passed the quality criteria.
+
+For additional vulnerability information visit the vulnerability page at
+https://www.wolfssl.com/docs/security-vulnerabilities/
+
+Requires wolfSSL 5.8.0 or later as the crypto backend; ML-DSA support requires
+wolfSSL 5.9.2 or later. See README.md for build instructions.
diff --git a/README.md b/README.md
index cf196a5..a97709c 100644
--- a/README.md
+++ b/README.md
@@ -194,6 +194,12 @@ Full documentation is available in the [Wiki](https://github.com/wolfSSL/wolfCOS
- [MISRA Compliance](https://github.com/wolfSSL/wolfCOSE/wiki/MISRA-Compliance): MISRA C:2012 and C:2023 compliance status and deviation rationale
- [Project Structure](https://github.com/wolfSSL/wolfCOSE/wiki/Project-Structure): Source file layout
+## Release Notes
+
+The current release is **1.0.0**, the first stable release: the complete RFC 9052 COSE message set (all six message types, single- and multi-actor), 40 algorithms, and standardized post-quantum ML-DSA (RFC 9964), all with zero dynamic allocation. See [ChangeLog.md](ChangeLog.md) for the full release notes.
+
+wolfCOSE 1.0.0 has been developed according to wolfSSL's development and QA process (see https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance) and successfully passed the quality criteria.
+
## License
wolfCOSE is free software licensed under [GPLv3](https://www.gnu.org/licenses/gpl-3.0.html); see [LICENSE](LICENSE) for the full text.
diff --git a/docs/Home.md b/docs/Home.md
index f818132..e75a0a7 100644
--- a/docs/Home.md
+++ b/docs/Home.md
@@ -36,6 +36,7 @@ It uses [wolfSSL](https://www.wolfssl.com/) as the cryptographic backend and is
| [[Footprint]] | Size and speed numbers, desktop and on-device |
| [[Testing]] | Unit tests, coverage, and failure injection |
| [[Project Structure]] | Source code layout and file descriptions |
+| [[Release Notes]] | Per-version changelog and release highlights |
## Supported Message Types
diff --git a/docs/Release-Notes.md b/docs/Release-Notes.md
new file mode 100644
index 0000000..03cb5fa
--- /dev/null
+++ b/docs/Release-Notes.md
@@ -0,0 +1,96 @@
+# Release Notes
+
+## wolfCOSE 1.0.0 (June 25, 2026)
+
+Release 1.0.0 is the first stable release of wolfCOSE, a complete,
+zero-allocation C implementation of CBOR (RFC 8949) and COSE (RFC 9052/9053)
+on top of wolfCrypt. It provides all six COSE message types in both
+single-actor and multi-actor forms, 40 algorithms across signing, encryption,
+MAC, and key distribution, and standardized post-quantum ML-DSA signatures
+(RFC 9964), all heap-allocation-free and within a tiny footprint.
+
+### Vulnerabilities
+
+- None. This is the initial release.
+
+### New Feature Additions
+
+- CBOR engine implementing RFC 8949 encode/decode with no external dependency,
+ enforcing deterministic/preferred-encoding rules and rejecting non-preferred
+ or trailing input on decode.
+- All six COSE message types (RFC 9052): `COSE_Sign1`, `COSE_Sign`,
+ `COSE_Encrypt0`, `COSE_Encrypt`, `COSE_Mac0`, and `COSE_Mac`, including the
+ multi-signer and multi-recipient variants. See [[Message Types]].
+- 40 algorithms across signing, encryption, MAC, and key distribution
+ (RFC 9053): ES256/384/512, EdDSA (Ed25519/Ed448), PS256/384/512,
+ ML-DSA-44/65/87, AES-GCM (128/192/256), ChaCha20-Poly1305, AES-CCM variants,
+ HMAC-SHA256/384/512, AES-MAC, Direct, AES Key Wrap, and ECDH-ES+HKDF. See
+ [[Algorithms]].
+- Standardized post-quantum signatures: ML-DSA (FIPS 204) at all three security
+ levels, conformant to RFC 9964 ("ML-DSA for JOSE and COSE"). COSE keys use the
+ RFC 9964 AKP key type (`kty` 7) with a required `alg`, the public key in `pub`
+ (-1), and the 32-byte seed private key in `priv` (-2).
+- `COSE_Key` / `COSE_KeySet` serialization for all supported key types,
+ including full RFC 8230 RSA private keys (n, e, d, p, q, dP, dQ, qInv).
+- Zero dynamic allocation: every operation uses caller-provided buffers, with no
+ heap, `.data`, or `.bss` usage.
+- Path to FIPS 140-3 through wolfCrypt FIPS Certificate #4718 (sole crypto
+ dependency).
+- `WOLFCOSE_LEAN` configuration layer with `WOLFCOSE_HAVE_*` feature gates,
+ `WOLFCOSE_LEAN_VERIFY` / ML-DSA lean profiles for verify-only targets, and a
+ `WOLFCOSE_MIN_BUFFERS` bounded-stack profile. Verify-only ECC builds link
+ against sign-disabled wolfCrypt (`NO_ECC_SIGN`, `NO_ASN`, no `mp_int`); the
+ ECC signing helpers are gated out so a verify-only image never pulls in sign
+ code, enforced in CI without `-ffunction-sections` garbage collection. See
+ [[Macros]].
+- `LIBWOLFCOSE_VERSION_STRING` / `LIBWOLFCOSE_VERSION_HEX` in
+ `wolfcose/version.h` for compile-time version checks.
+
+### Fixes
+
+- RSA private `COSE_Key` encode/decode now emits the RFC 8230 MUST-present `dP`
+ (-6) and `dQ` (-7) CRT exponents and encodes `d` at full modulus width, so a
+ private RSA key round-trips reliably against strict RSA decoders.
+- `COSE_Mac` emits an empty protected header for direct-key recipients, matching
+ the COSE structure other implementations expect on the wire.
+- `COSE_Key` emits preferred (shortest) CBOR length for the RSA `n` and `d` byte
+ strings, keeping serialized keys deterministic.
+
+### Improvements/Optimizations
+
+- Minimal footprint: an ES256 `COSE_Sign1` build is ~5.1 KB verify-only and
+ ~6.8 KB sign + verify for the wolfCOSE COSE + CBOR engine. See [[Footprint]].
+- MISRA C:2012 and C:2023 checked. See [[MISRA Compliance]].
+- API hardening: `COSE_Encrypt` and `wc_CoseMac_Create` direct mode now require
+ an explicit `WOLFCOSE_ALG_DIRECT` and reject a zero-initialized algorithm id;
+ `wc_CoseMac_Verify` classifies the recipient algorithm and enforces the algId
+ policy; the CBOR `wc_CBOR_PeekType` peek is guarded against NULL and
+ end-of-buffer reads with a single-exit sentinel return; the
+ `wc_CoseSign1_Verify` and symmetric `COSE_Encrypt0` key parameters are
+ `const`-qualified; and ephemeral `COSE_Key` curve ids are range-checked before
+ any narrowing cast.
+- Coverity DEADCODE findings in the COSE MAC and CBOR decode paths resolved;
+ static analysis (cppcheck, Clang analyzer, GCC `-fanalyzer`, Coverity) is
+ clean.
+- CI matrix covering Ubuntu/macOS, GCC 10-14 and Clang 14-18, ~240 algorithm
+ combination tests, static analysis (cppcheck, Clang analyzer, GCC
+ `-fanalyzer`, Coverity), security scanning (CodeQL, Semgrep) and house-style
+ gates, sanitizers (ASan/UBSan), a wolfCOSE <-> t_cose wire-interop conformance
+ suite, and a wolfSSL version matrix with explicit ML-DSA/PQC rows. See
+ [[Testing]].
+- Expanded negative and boundary coverage: 4 KB large-payload round-trips for
+ `COSE_Encrypt0`/`COSE_Mac0`, empty-payload round-trips across
+ AES-GCM/AES-CCM/ChaCha20-Poly1305, CBOR integer argument-width boundaries
+ through the 8-byte and `INT64_MIN` extremes with pinned encoded lengths,
+ HMAC-384/512 short-key rejection, and pinned MAC tag lengths (including an
+ AES-CBC-MAC block-boundary known-answer test) with IV-chaining tamper checks.
+
+---
+
+wolfCOSE 1.0.0 has been developed according to wolfSSL's development and QA
+process (see the [wolfSSL Software Development Process and Quality
+Assurance](https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance)
+page) and successfully passed the quality criteria.
+
+Requires wolfSSL 5.8.0 or later as the crypto backend; ML-DSA support requires
+wolfSSL 5.9.2 or later. See [[Getting Started]] for build instructions.
diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md
index 62aa5d1..2d4ee2e 100644
--- a/docs/_Sidebar.md
+++ b/docs/_Sidebar.md
@@ -10,3 +10,4 @@
- [[Testing]]
- [[MISRA Compliance]]
- [[Project Structure]]
+- [[Release Notes]]
diff --git a/include/wolfcose/version.h b/include/wolfcose/version.h
new file mode 100644
index 0000000..6dfd85f
--- /dev/null
+++ b/include/wolfcose/version.h
@@ -0,0 +1,35 @@
+/* version.h
+ *
+ * Copyright (C) 2026 wolfSSL Inc.
+ *
+ * This file is part of wolfCOSE.
+ *
+ * wolfCOSE is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfCOSE is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+
+#ifndef WOLFCOSE_VERSION_H
+#define WOLFCOSE_VERSION_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define LIBWOLFCOSE_VERSION_STRING "1.0.0"
+#define LIBWOLFCOSE_VERSION_HEX 0x01000000
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLFCOSE_VERSION_H */
diff --git a/include/wolfcose/wolfcose.h b/include/wolfcose/wolfcose.h
index 82200b7..b6855e5 100644
--- a/include/wolfcose/wolfcose.h
+++ b/include/wolfcose/wolfcose.h
@@ -22,6 +22,7 @@
#define WOLFCOSE_H
#include
+#include
#ifdef HAVE_CONFIG_H
#include