diff --git a/README.md b/README.md
index c1c10eb2c15f426a9792469d6df65abb3370e413..3e4def6867920190b00980b3878fb93ecbcfa728 100644
--- a/README.md
+++ b/README.md
@@ -241,7 +241,10 @@ By default signatures are only activated on `$INTEG_REF`, `$PROD_REF` and `$RELE
 
 Cosign is used for signing images and attestations. As of now, we only support signing with a private key defined in `$DOCKER_COSIGN_PRIVATE_KEY`. Certificate and keyless signing may be added in the future.
 
-By default the latest version of cosign is used but you can use a specific version by setting the `$DOCKER_COSIGN_DIST_URL` variable.
+By default the latest version of `cosign` is used. You can use a specific version by setting the `$DOCKER_COSIGN_DIST_URL` variable.
+
+:warning: New bundle format enabled in version `3` of `cosign` is not supported yet. You should set a specific argument `--new-bundle-fomat=false` in `cosign-opts` and `cosign-attest-opts` to disable this feature.
+
 
 When the snapshot image it promoted to release, both the image signature and the signed attestation are promoted as well.
 
diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index eb12f18d2fdcd3d6b52e78f6819c49bc192f219e..1308ab41afedaad277d02803b8798183d653ee55 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -1444,14 +1444,21 @@ docker-publish:
         # ⚠ don't use upstream $docker_digest due to possible parallel matrix job producing several
         docker_digest=$(skopeo inspect ${TRACE+--debug} --authfile "$BUILDTOOL_HOME/skopeo/.docker/src-config.json" --format='{{ .Digest }}' --no-tags "docker://$DOCKER_SNAPSHOT_IMAGE")
         all_digests="$docker_digest"$'\n'"$(sed -nE 's|Copying image (sha256:[[:alnum:]]+).*|\1|p' skopeo-copy.log)"
-        echo "$all_digests" | tr ':' '-' | sed '/^[ \t]*$/d' | while read sha; do
+        success=0
+        while read sha; do
           log_info "Copying image signature to ${release_repository}:${sha}.sig..."
           skopeo copy ${TRACE+--debug} --src-authfile "$BUILDTOOL_HOME/skopeo/.docker/src-config.json" --dest-authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" ${DOCKER_PUBLISH_ARGS} "docker://${snapshot_repository}:${sha}.sig" "docker://${release_repository}:${sha}.sig" \
+            && success=1 \
             || log_warn "No signature found for ${sha}"
           log_info "Copying image attestation to ${release_repository}:${sha}.att..."
           skopeo copy ${TRACE+--debug} --src-authfile "$BUILDTOOL_HOME/skopeo/.docker/src-config.json" --dest-authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" ${DOCKER_PUBLISH_ARGS} "docker://${snapshot_repository}:${sha}.att" "docker://${release_repository}:${sha}.att" \
+            && success=1 \
             || log_warn "No attestation found for ${sha}"
-        done
+        done < <(echo "$all_digests" | tr ':' '-' | sed '/^[ \t]*$/d')
+        if [[ $success -eq 0 ]]
+        then
+          fail "No signature or attestation could be copied"
+        fi
       fi
     - |
       log_info "Well done your image is pushed and can be pulled with: docker pull $DOCKER_RELEASE_IMAGE"