diff --git a/.changelog/22001.txt b/.changelog/22001.txt
new file mode 100644
index 000000000000..04b211c9ed26
--- /dev/null
+++ b/.changelog/22001.txt
@@ -0,0 +1,3 @@
+```release-note:security
+Update `golang.org/x/crypto` to v0.31.0 to address [GO-2024-3321](https://pkg.go.dev/vuln/GO-2024-3321).
+```
\ No newline at end of file
diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index c807d606c00b..d18ea456070e 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -77,6 +77,7 @@ binary {
 	triage {
 		suppress {
 			vulnerabilities = [
+				"GO-2022-0635", // github.com/aws/aws-sdk-go@v1.55.5
 			]
 			paths = [
 				"internal/tools/proto-gen-rpc-glue/e2e/consul/*",