diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ebf8ecb..0dc0149 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -18,7 +18,7 @@ jobs:
       id-token: write
     with:
       # #region inputs
-      go-version: "1.25.x"
+      go-version: "1.25.5"
       goreleaser-version: "2.13.0"
       k6-versions: '["v1.2.3","v1.0.0"]'
       bats: ./.github/release.bats
diff --git a/Dockerfile b/Dockerfile
index 3a374c9..9aea26e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 ARG GO_VERSION=1.25.5-alpine3.22@sha256:3587db7cc96576822c606d119729370dbf581931c5f43ac6d3fa03ab4ed85a10
-ARG GOSEC_VERSION=2.22.10@sha256:c8852d609f9af551387555a81808a3bca8d172629b124fab0d83c937cabc2f3d
+ARG GOSEC_VERSION=2.22.11@sha256:4c42d880c93d9a38771dc130a705bae2480a45a1bb32240249806b12d7641d6d
 
 FROM securego/gosec:${GOSEC_VERSION} AS gosec
 
diff --git a/Dockerfile.goreleaser b/Dockerfile.goreleaser
index b4cd1ff..10bf012 100644
--- a/Dockerfile.goreleaser
+++ b/Dockerfile.goreleaser
@@ -1,5 +1,5 @@
 ARG GO_VERSION=1.25.5-alpine3.22@sha256:3587db7cc96576822c606d119729370dbf581931c5f43ac6d3fa03ab4ed85a10
-ARG GOSEC_VERSION=2.22.10@sha256:c8852d609f9af551387555a81808a3bca8d172629b124fab0d83c937cabc2f3d
+ARG GOSEC_VERSION=2.22.11@sha256:4c42d880c93d9a38771dc130a705bae2480a45a1bb32240249806b12d7641d6d
 
 FROM securego/gosec:${GOSEC_VERSION} AS gosec
 
diff --git a/releases/v1.3.2.md b/releases/v1.3.2.md
new file mode 100644
index 0000000..6a7d403
--- /dev/null
+++ b/releases/v1.3.2.md
@@ -0,0 +1,9 @@
+Grafana **xk6** `v1.3.2` is here! 🎉
+
+This is a patch release that addresses security vulnerabilities in dependencies.
+
+## Security
+
+- [#400](https://github.com/grafana/xk6/issues/400)
+  - Update Docker base image to gosec 2.22.11
+  - Set go version to v1.25.5 in release workflow