diff --git a/CHANGELOG.md b/CHANGELOG.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,15 @@
 and this project adheres to the
 [Haskell Package Versioning Policy](https://pvp.haskell.org/).
 
+## 0.1.0.1 - 2025-01-10
+
+### Fixed
+- Corrected documentation regarding RS256 deprecation status: RS256 (RSA-PKCS#1 v1.5) is deprecated for encryption per draft-ietf-jose-deprecate-none-rsa15, but remains valid for signatures. Previous documentation incorrectly stated RS256 was deprecated for signatures.
+
+### Documentation
+- Updated README.md, source code comments, and module documentation to clarify RS256 deprecation status
+- PS256 (RSA-PSS) remains the recommended default for RSA keys
+
 ## 0.1.0.0 - 2025-01-09
 
 ### Added
@@ -18,7 +27,7 @@
 - Multiple hash algorithms: SHA-256 (default), SHA-384, SHA-512
 - Multiple signing algorithms:
   - PS256 (RSA-PSS) - Default for RSA keys, recommended for security
-  - RS256 (RSA-PKCS#1 v1.5) - Deprecated but supported for backward compatibility
+  - RS256 (RSA-PKCS#1 v1.5) - Supported for signatures (deprecated for encryption per draft-ietf-jose-deprecate-none-rsa15)
   - ES256 (EC P-256) - Elliptic Curve signing
   - EdDSA (Ed25519) - Recommended for high-security applications
 - Persona-specific modules: `SDJWT.Issuer`, `SDJWT.Holder`, `SDJWT.Verifier`
@@ -31,7 +40,7 @@
 
 ### Security
 - PS256 (RSA-PSS) is the default algorithm for RSA keys (security best practice)
-- RS256 (RSA-PKCS#1 v1.5) is deprecated per draft-ietf-jose-deprecate-none-rsa15 due to padding oracle attack vulnerabilities
+- RS256 (RSA-PKCS#1 v1.5) is deprecated for encryption per draft-ietf-jose-deprecate-none-rsa15, but remains valid for signatures
 - EC signing timing attack warning documented (affects signing only, not verification)
 - RFC 8725bis compliance: algorithm validation, typ header support, "none" algorithm rejection
 
diff --git a/README.md b/README.md
--- a/README.md
+++ b/README.md
@@ -2,7 +2,6 @@
 
 [![CI](https://github.com/yaronf/sd-jwt/actions/workflows/ci.yml/badge.svg)](https://github.com/yaronf/sd-jwt/actions/workflows/ci.yml)
 [![Hackage](https://img.shields.io/hackage/v/sd-jwt)](https://hackage.haskell.org/package/sd-jwt)
-[![Hackage deps](https://img.shields.io/hackage-deps/v/sd-jwt)](https://hackage.haskell.org/package/sd-jwt)
 
 [![Haddocks](https://img.shields.io/badge/docs-haddock-blue)](https://hackage.haskell.org/package/sd-jwt/docs)
 [![License](https://img.shields.io/badge/license-BSD--3--Clause-blue)](LICENSE)
@@ -21,7 +20,7 @@
 - ✅ Key Binding support (SD-JWT+KB)
 - ✅ Nested and recursive disclosures
 - ✅ Multiple hash algorithms (SHA-256, SHA-384, SHA-512)
-- ✅ Multiple signing algorithms: PS256 (RSA-PSS, default), RS256 (deprecated), ES256 (EC P-256), EdDSA (Ed25519)
+- ✅ Multiple signing algorithms: PS256 (RSA-PSS, default), RS256 (RSA-PKCS#1 v1.5), ES256 (EC P-256), EdDSA (Ed25519)
 
 ## Status
 
@@ -62,7 +61,7 @@
 
 ⚠️ **Security Warning**: When using Elliptic Curve (EC) keys (ES256 algorithm), be aware that the underlying `jose` library's EC signing implementation may be vulnerable to timing attacks. This affects signing only, not verification. For applications where timing attacks are a concern, consider using RSA-PSS (PS256, default for RSA keys) or Ed25519 (EdDSA) keys instead.
 
-**Note**: RS256 (RSA-PKCS#1 v1.5) is deprecated per [draft-ietf-jose-deprecate-none-rsa15](https://datatracker.ietf.org/doc/draft-ietf-jose-deprecate-none-rsa15/) due to padding oracle attack vulnerabilities. PS256 (RSA-PSS) is the recommended RSA algorithm and is used by default for RSA keys.
+**Note**: RS256 (RSA-PKCS#1 v1.5) is deprecated for encryption per [draft-ietf-jose-deprecate-none-rsa15](https://datatracker.ietf.org/doc/draft-ietf-jose-deprecate-none-rsa15/), but remains valid for signatures. PS256 (RSA-PSS) is the recommended RSA algorithm and is used by default for RSA keys.
 
 ```haskell
 import SDJWT.Issuer
@@ -222,7 +221,7 @@
 ### Signing Algorithms
 
 - **PS256 (RSA-PSS)** - Default for RSA keys, recommended for security
-- **RS256 (RSA-PKCS#1 v1.5)** - Deprecated per [draft-ietf-jose-deprecate-none-rsa15](https://datatracker.ietf.org/doc/draft-ietf-jose-deprecate-none-rsa15/), but still supported for backward compatibility
+- **RS256 (RSA-PKCS#1 v1.5)** - Supported for signatures (deprecated for encryption per [draft-ietf-jose-deprecate-none-rsa15](https://datatracker.ietf.org/doc/draft-ietf-jose-deprecate-none-rsa15/), but not for signatures)
 - **ES256 (EC P-256)** - Elliptic Curve, may be vulnerable to timing attacks during signing
 - **EdDSA (Ed25519)** - Recommended for high-security applications
 
diff --git a/sd-jwt.cabal b/sd-jwt.cabal
--- a/sd-jwt.cabal
+++ b/sd-jwt.cabal
@@ -5,10 +5,10 @@
 -- see: https://github.com/sol/hpack
 
 name:           sd-jwt
-version:        0.1.0.0
+version:        0.1.0.1
 synopsis:       Selective Disclosure for JSON Web Tokens (RFC 9901)
 description:    Implementation of RFC 9901: Selective Disclosure for JSON Web Tokens (SD-JWT)
-category:       Security
+category:       Web
 homepage:       https://github.com/yaronf/sd-jwt#readme
 bug-reports:    https://github.com/yaronf/sd-jwt/issues
 author:         Yaron Sheffer
@@ -81,20 +81,20 @@
   build-depends:
       aeson >=2.0 && <2.3
     , base >=4.14 && <5
-    , base64-bytestring >=1.2 && <1.3
-    , bytestring >=0.11 && <0.13
-    , containers >=0.6 && <0.7
-    , cryptonite >=0.30 && <0.31
+    , base64-bytestring ==1.2.*
+    , bytestring ==0.11.*
+    , containers ==0.6.*
+    , cryptonite ==0.30.*
     , directory ==1.3.*
     , jose >=0.10 && <0.13
     , lens >=4.16 && <5.4
-    , memory >=0.18 && <0.19
+    , memory ==0.18.*
     , mtl >=2.2 && <3
-    , scientific >=0.3 && <0.4
+    , scientific ==0.3.*
     , sd-jwt
-    , text >=2.0 && <2.1
+    , text ==2.0.*
     , time >=1.9 && <1.13
-    , vector >=0.13 && <0.14
+    , vector ==0.13.*
   default-language: Haskell2010
 
 executable sd-jwt-interop-test
@@ -105,7 +105,7 @@
       TestKeys
   hs-source-dirs:
       test/interop
-    , test
+      test
   ghc-options: -Wall -Wcompat -Widentities -Wincomplete-record-updates -Wincomplete-uni-patterns -Wmissing-export-lists -Wmissing-home-modules -Wpartial-fields -Wredundant-constraints -Wunused-packages -Wmissing-deriving-strategies -Wno-missing-import-lists -Wno-unused-imports -Wunused-type-patterns -Wunused-record-wildcards -Wredundant-record-wildcards -Wtype-defaults -Wunused-do-bind -Wunused-foralls -Wdeprecations -Wnoncanonical-monad-instances -Wall -threaded -rtsopts -with-rtsopts=-N
   build-depends:
       aeson >=2.0 && <2.3
@@ -167,10 +167,10 @@
       QuickCheck >=2.14
     , aeson >=2.0 && <2.3
     , base >=4.14 && <5
-    , base64-bytestring >=1.2 && <1.3
-    , bytestring >=0.11 && <0.13
-    , containers >=0.6 && <0.7
-    , cryptonite >=0.30 && <0.31
+    , base64-bytestring ==1.2.*
+    , bytestring ==0.11.*
+    , containers ==0.6.*
+    , cryptonite ==0.30.*
     , directory >=1.3
     , doctest >=0.22
     , filepath >=1.4
@@ -178,11 +178,12 @@
     , jose >=0.10 && <0.13
     , lens >=4.16 && <5.4
     , markdown-unlit >=0.5
+    , memory ==0.18.*
     , mtl >=2.2 && <3
     , process >=1.6
-    , scientific >=0.3 && <0.4
+    , scientific ==0.3.*
     , sd-jwt
-    , text >=2.0 && <2.1
+    , text ==2.0.*
     , time >=1.9
-    , vector >=0.13 && <0.14
+    , vector ==0.13.*
   default-language: Haskell2010
diff --git a/src/SDJWT/Internal/JWT.hs b/src/SDJWT/Internal/JWT.hs
--- a/src/SDJWT/Internal/JWT.hs
+++ b/src/SDJWT/Internal/JWT.hs
@@ -71,11 +71,11 @@
       if kty == "RSA"
         then do
           -- Check if JWK specifies algorithm (RFC 7517 allows optional "alg" field)
-          -- RS256 is deprecated per draft-ietf-jose-deprecate-none-rsa15 (padding oracle attacks)
-          -- Default to PS256 (RSA-PSS) for security; RS256 can be explicitly requested but is deprecated
+          -- RS256 is deprecated for encryption per draft-ietf-jose-deprecate-none-rsa15, but remains valid for signatures
+          -- Default to PS256 (RSA-PSS) as recommended; RS256 can be explicitly requested
           case KeyMap.lookup (Key.fromText "alg") obj of
-            Just (Aeson.String "RS256") -> Right "RS256"  -- Deprecated but still supported for compatibility
-            _ -> Right "PS256"  -- Default to PS256 (RSA-PSS) for security
+            Just (Aeson.String "RS256") -> Right "RS256"  -- Supported for signatures
+            _ -> Right "PS256"  -- Default to PS256 (RSA-PSS) as recommended
         else if kty == "EC"
           then do
             -- Check curve for EC keys (only P-256 is supported)
@@ -98,14 +98,15 @@
     _ -> Left $ InvalidSignature "Invalid JWK format: expected object"
 
 -- | Convert algorithm string to JWA.Alg
--- Supports RSA-PSS (PS256, default) and RSA-PKCS#1 v1.5 (RS256, deprecated per draft-ietf-jose-deprecate-none-rsa15).
--- RS256 is deprecated due to padding oracle attack vulnerabilities. PS256 (RSA-PSS) is recommended.
+-- Supports RSA-PSS (PS256, default) and RSA-PKCS#1 v1.5 (RS256).
+-- RS256 is deprecated for encryption per draft-ietf-jose-deprecate-none-rsa15, but remains valid for signatures.
+-- PS256 (RSA-PSS) is recommended and used as the default.
 toJwsAlg :: T.Text -> Either SDJWTError JWA.Alg
-toJwsAlg "RS256" = Right JWA.RS256  -- Deprecated: Use PS256 instead (draft-ietf-jose-deprecate-none-rsa15)
+toJwsAlg "RS256" = Right JWA.RS256  -- Supported for signatures
 toJwsAlg "PS256" = Right JWA.PS256
 toJwsAlg "EdDSA" = Right JWA.EdDSA
 toJwsAlg "ES256" = Right JWA.ES256
-toJwsAlg alg = Left $ InvalidSignature $ "Unsupported algorithm: " <> alg <> " (supported: PS256 default, RS256 deprecated, EdDSA, ES256)"
+toJwsAlg alg = Left $ InvalidSignature $ "Unsupported algorithm: " <> alg <> " (supported: PS256 default, RS256, EdDSA, ES256)"
 
 -- | Sign a JWT payload using a private key.
 --
diff --git a/src/SDJWT/Issuer.hs b/src/SDJWT/Issuer.hs
--- a/src/SDJWT/Issuer.hs
+++ b/src/SDJWT/Issuer.hs
@@ -14,9 +14,9 @@
 -- For applications where timing attacks are a concern, consider using RSA-PSS (PS256)
 -- or Ed25519 (EdDSA) keys instead, which do not have this limitation.
 --
--- Note: RS256 (RSA-PKCS#1 v1.5) is deprecated per draft-ietf-jose-deprecate-none-rsa15
--- due to padding oracle attack vulnerabilities. PS256 (RSA-PSS) is the recommended
--- RSA algorithm and is used by default for RSA keys.
+-- Note: RS256 (RSA-PKCS#1 v1.5) is deprecated for encryption per draft-ietf-jose-deprecate-none-rsa15,
+-- but remains valid for signatures. PS256 (RSA-PSS) is the recommended RSA algorithm
+-- and is used by default for RSA keys.
 --
 -- == Usage
 --
