diff --git a/VERSION.txt b/VERSION.txt
index 573ce34a59ea3..53cc1a6f9292c 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-1.24.0-dev
+1.24.0
diff --git a/changelogs/1.20.7.yaml b/changelogs/1.20.7.yaml
new file mode 100644
index 0000000000000..6ac0de7a69743
--- /dev/null
+++ b/changelogs/1.20.7.yaml
@@ -0,0 +1,7 @@
+date: July 21, 2022
+
+bug_fixes:
+- area: docker
+  change: |
+    update Docker images (``distroless`` -> ``49d2923f35d6``) to resolve CVE issues in container packages.
+
diff --git a/changelogs/1.21.5.yaml b/changelogs/1.21.5.yaml
new file mode 100644
index 0000000000000..8fdd33ca99b1f
--- /dev/null
+++ b/changelogs/1.21.5.yaml
@@ -0,0 +1,7 @@
+date: July 25, 2022
+
+bug_fixes:
+- area: docker
+  change: |
+    update Docker images (``distroless`` -> ``49d2923f35d6``) to resolve CVE issues in container packages.
+
diff --git a/changelogs/1.22.3.yaml b/changelogs/1.22.3.yaml
new file mode 100644
index 0000000000000..ff1c2ec6ab676
--- /dev/null
+++ b/changelogs/1.22.3.yaml
@@ -0,0 +1,7 @@
+date: July 27, 2022
+
+bug_fixes:
+- area: docker
+  change: |
+    update Docker images (``distroless`` -> ``49d2923f35d6``) to resolve CVE issues in container packages.
+
diff --git a/changelogs/1.22.4.yaml b/changelogs/1.22.4.yaml
new file mode 100644
index 0000000000000..148d077d6a989
--- /dev/null
+++ b/changelogs/1.22.4.yaml
@@ -0,0 +1,7 @@
+date: July 27, 2022
+
+bug_fixes:
+- area: repo
+  change: |
+    fix version to resolve release issue.
+
diff --git a/changelogs/1.22.5.yaml b/changelogs/1.22.5.yaml
new file mode 100644
index 0000000000000..078f5e6925a44
--- /dev/null
+++ b/changelogs/1.22.5.yaml
@@ -0,0 +1,13 @@
+date: August 12, 2022
+
+bug_fixes:
+- area: listener
+  change: |
+    fixed a bug that doesn't handle of an update for a listener with IPv4-mapped address correctly, and that will lead to a memory leak.
+- area: repo
+  change: |
+    fix version to resolve release issue.
+- area: transport_socket
+  change: |
+    fixed a bug that prevented the tcp stats to be retrieved when running on kernels different than the kernel where Envoy was built.
+
diff --git a/changelogs/1.23.1.yaml b/changelogs/1.23.1.yaml
new file mode 100644
index 0000000000000..2ce1355c46942
--- /dev/null
+++ b/changelogs/1.23.1.yaml
@@ -0,0 +1,7 @@
+date: August 23, 2022
+
+bug_fixes:
+- area: listener
+  change: |
+    fixed a bug that doesn't handle of an update for a listener with IPv4-mapped address correctly and that will lead to a memory leak.
+
diff --git a/changelogs/1.23.2.yaml b/changelogs/1.23.2.yaml
new file mode 100644
index 0000000000000..f697487b15f30
--- /dev/null
+++ b/changelogs/1.23.2.yaml
@@ -0,0 +1,8 @@
+date: October 17, 2022
+
+bug_fixes:
+- area: lua
+  change: |
+    fixed a bug causing response headers set by a Lua script to not be sent in the response (https://github.com/envoyproxy/envoy/issues/22401).
+    This bug was introduced in Envoy v1.23.0.
+
diff --git a/changelogs/current.yaml b/changelogs/current.yaml
index 550e8825c48d7..86cfd82011eb6 100644
--- a/changelogs/current.yaml
+++ b/changelogs/current.yaml
@@ -1,7 +1,6 @@
-date: Pending
+date: October 19, 2022
 
 behavior_changes:
-# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
 - area: build
   change: |
     official released binary is now built on Ubuntu 20.04, requires glibc >= 2.30.
@@ -45,7 +44,6 @@ behavior_changes:
     ``envoy.reloadable_features.delta_xds_subscription_state_tracking_fix`` runtime flag to false.
 
 minor_behavior_changes:
-# *Changes that may cause incompatibilities for some users, but should not for most*
 - area: logging
   change: |
     changed the ``UPSTREAM_REMOTE_ADDRESS``, ``UPSTREAM_REMOTE_ADDRESS_WITHOUT_PORT``, and ``UPSTREAM_REMOTE_PORT`` fields to log based on the actual upstream connection rather than the upstream host. This fixes a bug where the address components were not consistently correct for Happy Eyeballs connections and proxied connections, but also means in cases where the host was selected but a connection was not established, the fields will be absent. This change can be temporarily reverted by setting the runtime guard ``envoy.reloadable_features.correct_remote_address`` to false.
@@ -75,7 +73,7 @@ minor_behavior_changes:
     support custom health check address via :ref:`health_check_config <envoy_v3_api_msg_config.endpoint.v3.endpoint.healthcheckconfig>`.
 - area: http
   change: |
-     changed shadow requests to more closely behave like the requests they are shadowing. This includes matching the upstream logging for the original request, dynamic stats, suppressing Envoy headers, respecting expected request timeout, suppressing grpc request failure code stats and strict header checks. This behaviorial change can be temporarily reverted by setting runtime guard ``envoy.reloadable_features.closer_shadow_behavior`` to false.
+    changed shadow requests to more closely behave like the requests they are shadowing. This includes matching the upstream logging for the original request, dynamic stats, suppressing Envoy headers, respecting expected request timeout, suppressing grpc request failure code stats and strict header checks. This behaviorial change can be temporarily reverted by setting runtime guard ``envoy.reloadable_features.closer_shadow_behavior`` to false.
 - area: http
   change: |
     changed the filter callback interfaces to make sure that downstream-only functionality is explicit.
@@ -102,7 +100,6 @@ minor_behavior_changes:
     No longer waiting on DNS responses in the dynamic forward proxy filter if upstream proxying is turned on. This behaviorial change can be reverted by setting runtime guard ``envoy.reloadable_features.skip_dns_lookup_for_proxied_requests`` to false.
 
 bug_fixes:
-# *Changes expected to improve the state of the world and are unlikely to have negative effects*
 - area: http
   change: |
     fixed a bug with internal redirects not being performed for drained connections.
@@ -135,7 +132,6 @@ bug_fixes:
     fixed a bug where, when runtime guard ``envoy.reloadable_features.tls_async_cert_validation`` is set to false, the wrong TLS alerts would sometimes be sent in response to certificate validation failures.
 
 removed_config_or_runtime:
-# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
 - area: auto_config
   change: |
     removed ``envoy.reloadable_features.correctly_validate_alpn`` and legacy code paths.
@@ -314,3 +310,4 @@ deprecated:
     :ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>` or
     :ref:`WeightedCluster.ClusterWeight.typed_per_filter_config<envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.typed_per_filter_config>`
     to configure the CORS HTTP filter by the type :ref:`CorsPolicy in filter <envoy_v3_api_msg_extensions.filters.http.cors.v3.CorsPolicy>`.
+
diff --git a/docs/inventories/v1.20/objects.inv b/docs/inventories/v1.20/objects.inv
index 406d048b50d93..013a5f7b6e156 100644
Binary files a/docs/inventories/v1.20/objects.inv and b/docs/inventories/v1.20/objects.inv differ
diff --git a/docs/inventories/v1.21/objects.inv b/docs/inventories/v1.21/objects.inv
index 688d54e6af820..e9dac57f8e7a9 100644
Binary files a/docs/inventories/v1.21/objects.inv and b/docs/inventories/v1.21/objects.inv differ
diff --git a/docs/inventories/v1.22/objects.inv b/docs/inventories/v1.22/objects.inv
index 6b42a7db6dcfc..c20801a15e233 100644
Binary files a/docs/inventories/v1.22/objects.inv and b/docs/inventories/v1.22/objects.inv differ
diff --git a/docs/versions.yaml b/docs/versions.yaml
index 2335d2019d789..47aaed6075932 100644
--- a/docs/versions.yaml
+++ b/docs/versions.yaml
@@ -13,6 +13,6 @@
 "1.17": 1.17.4
 "1.18": 1.18.4
 "1.19": 1.19.5
-"1.20": 1.20.6
-"1.21": 1.21.4
-"1.22": 1.22.2
+"1.20": 1.20.7
+"1.21": 1.21.5
+"1.22": 1.22.5