diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2b87b499..34467fcd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,17 @@
 
 All notable changes to this project are documented in this file.
 
+## 0.18.0
+
+**Release date:** 2021-11-12
+
+This prerelease changes the format of the artifact checksum from `SHA1` to `SHA256`
+to mitigate chosen-prefix and length extension attacks.
+
+Improvements:
+* storage: change Artifact checksum to SHA256
+  [#487](https://github.com/fluxcd/source-controller/pull/487)
+
 ## 0.17.2
 
 **Release date:** 2021-11-04
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
index fa57bd10..e4ec988e 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -6,4 +6,4 @@ resources:
 images:
 - name: fluxcd/source-controller
   newName: fluxcd/source-controller
-  newTag: v0.17.2
+  newTag: v0.18.0
diff --git a/go.mod b/go.mod
index 374e22c7..0ae10640 100644
--- a/go.mod
+++ b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/fluxcd/pkg/ssh v0.1.0
 	github.com/fluxcd/pkg/untar v0.1.0
 	github.com/fluxcd/pkg/version v0.1.0
-	github.com/fluxcd/source-controller/api v0.17.2
+	github.com/fluxcd/source-controller/api v0.18.0
 	github.com/go-git/go-billy/v5 v5.3.1
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/go-logr/logr v0.4.0