diff --git a/CHANGELOG.md b/CHANGELOG.md
index 22a0a7d1..810b69b8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 1.4.4 (November 1, 2024)
+
+SECURITY:
+
+* Upgrade Go to use 1.22.7. This addresses CVE
+  [CVE-2024-34155](https://nvd.nist.gov/vuln/detail/CVE-2024-34155) [[GH-608](https://github.com/hashicorp/consul-dataplane/pull/608)]
+* Upgrade to support Envoy `1.28.7`. [[GH-659](https://github.com/hashicorp/consul-dataplane/pull/659)]
+
+IMPROVEMENTS:
+
+* Update `github.com/hashicorp/consul/proto-public` to v0.6.2. [[GH-585](https://github.com/hashicorp/consul-dataplane/pull/585)]
+
 ## 1.4.3 (July 15, 2024)
 
 SECURITY:
diff --git a/Dockerfile b/Dockerfile
index c34f2517..d05f36b4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,7 +11,7 @@
 # prebuilt binaries in any other form.
 #
 ARG GOLANG_VERSION
-FROM envoyproxy/envoy-distroless:v1.28.5 as envoy-binary
+FROM envoyproxy/envoy-distroless:v1.28.7 as envoy-binary
 
 # Modify the envoy binary to be able to bind to privileged ports (< 1024).
 FROM debian:bullseye-slim AS setcap-envoy-binary
@@ -27,7 +27,7 @@ RUN apt-get update && apt install -y libcap2-bin
 RUN setcap CAP_NET_BIND_SERVICE=+ep /usr/local/bin/envoy
 RUN setcap CAP_NET_BIND_SERVICE=+ep /usr/local/bin/$BIN_NAME
 
-FROM hashicorp/envoy-fips:1.28.5-fips1402 as envoy-fips-binary
+FROM hashicorp/envoy-fips:1.28.7-fips1402 as envoy-fips-binary
 
 # Modify the envoy-fips binary to be able to bind to privileged ports (< 1024).
 FROM debian:bullseye-slim AS setcap-envoy-fips-binary
diff --git a/Makefile b/Makefile
index ada7c187..1011e386 100644
--- a/Makefile
+++ b/Makefile
@@ -123,7 +123,7 @@ copy-bootstrap-config: ## copy bootstrap config
 .PHONY: changelog
 changelog: ## build change log
 ifdef DP_LAST_RELEASE_GIT_TAG
-	@changelog-build \
+	go run github.com/hashicorp/go-changelog/cmd/changelog-build@latest \
 		-last-release $(DP_LAST_RELEASE_GIT_TAG) \
 		-entries-dir .changelog/ \
 		-changelog-template .changelog/changelog.tmpl \
diff --git a/pkg/version/version.go b/pkg/version/version.go
index c60b0524..5e8f5064 100644
--- a/pkg/version/version.go
+++ b/pkg/version/version.go
@@ -17,7 +17,7 @@ var (
 	//
 	// Version must conform to the format expected by github.com/hashicorp/go-version
 	// for tests to work.
-	Version = "1.4.4"
+	Version = "1.4.5"
 
 	// A pre-release marker for the version. If this is "" (empty string)
 	// then it means that it is a final release. Otherwise, this is a pre-release