diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index 643dab20..8e5b5b07 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -5,6 +5,14 @@ container {
 	dependencies = true
 	alpine_secdb = true
 	secrets      = true
+	triage {
+		suppress {
+			vulnerabilites = [
+				"CVE-2024-58251",	# fix unavailable at time of writing
+				"CVE-2025-46394"	# fix unavailable at time of writing
+			]
+		}
+	}
 }
 
 binary {
@@ -13,4 +21,4 @@ binary {
 	osv          = true
 	oss_index    = false
 	nvd          = false
-}
\ No newline at end of file
+}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index fb9e8010..e80afe2d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
 ## envconsul CHANGELOG
 
+## v0.13.4 (Aug 21, 2025)
+
+SECURITY:
+* fix: critical Golang vulnerabilities (CVE-2025-22869, CVE-2025-22871) [[GH-380](https://github.com/hashicorp/envconsul/pull/380)]
+IMPROVEMENTS:
+* Update Golang from 1.22 to 1.25 [[GH-381](https://github.com/hashicorp/envconsul/pull/381)]
+
 ## v0.13.3 (Jan 17, 2025)
 
 SECURITY: