diff --git a/CHANGELOG.md b/CHANGELOG.md
index fb8a97064..8f8e2c725 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,18 @@ All versions prior to 0.9.0 are untracked.
 
 ## [Unreleased]
 
+## [3.5.3]
+
+### Fixed
+
+* Corrective release for [3.5.2]
+
+## [3.5.2]
+
+### Fixed
+
+* Pinned `cryptography` dependency strictly to prevent future breakage
+
 ## [3.5.1]
 
 ### Fixed
@@ -539,7 +551,9 @@ This is a corrective release for [2.1.1].
 
 
 <!--Release URLs -->
-[Unreleased]: https://github.com/sigstore/sigstore-python/compare/v3.5.1...HEAD
+[Unreleased]: https://github.com/sigstore/sigstore-python/compare/v3.5.3...HEAD
+[3.5.3]: https://github.com/sigstore/sigstore-python/compare/v3.5.2...v3.5.3
+[3.5.2]: https://github.com/sigstore/sigstore-python/compare/v3.5.1...v3.5.2
 [3.5.1]: https://github.com/sigstore/sigstore-python/compare/v3.5.0...v3.5.1
 [3.5.0]: https://github.com/sigstore/sigstore-python/compare/v3.4.0...v3.5.0
 [3.4.0]: https://github.com/sigstore/sigstore-python/compare/v3.3.0...v3.4.0
diff --git a/pyproject.toml b/pyproject.toml
index a56da6337..bd824f9ef 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -26,7 +26,7 @@ classifiers = [
   "Topic :: Security :: Cryptography",
 ]
 dependencies = [
-  "cryptography >= 42",
+  "cryptography >= 42, < 44",
   "id >= 1.1.0",
   "importlib_resources ~= 5.7; python_version < '3.11'",
   "pyasn1 ~= 0.6",
diff --git a/sigstore/__init__.py b/sigstore/__init__.py
index ccbb18c2a..bb6923c83 100644
--- a/sigstore/__init__.py
+++ b/sigstore/__init__.py
@@ -25,4 +25,4 @@
 * `sigstore.sign`: creation of Sigstore signatures
 """
 
-__version__ = "3.5.1"
+__version__ = "3.5.3"