diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl
index 4c4f2d77..48fa5e03 100644
--- a/bazel/repository_locations.bzl
+++ b/bazel/repository_locations.bzl
@@ -2,8 +2,8 @@ REPOSITORY_LOCATIONS = dict(
     # can't have more than one comment between envoy line and commit line in 
     # order to accommodate `check_extensions_build_config.sh`
     envoy = dict(
-        # envoy v1.31.2++ ci and checksums
-        commit = "418f3b1ab891d14c110132e10178282fdf4c5081",
+        # envoy v1.31.5 
+        commit = "688c4bbe47f4d05bb8ed268f5172bb026cf03242",
         remote = "https://github.com/envoyproxy/envoy",
     ),
     inja = dict(
diff --git a/changelog/v1.31.5-patch1/1315.yaml b/changelog/v1.31.5-patch1/1315.yaml
new file mode 100644
index 00000000..f951f509
--- /dev/null
+++ b/changelog/v1.31.5-patch1/1315.yaml
@@ -0,0 +1,11 @@
+changelog:
+  - type: DEPENDENCY_BUMP
+    issueLink: https://github.com/solo-io/envoy-gloo-ee/issues/868
+    dependencyOwner: envoyproxy
+    dependencyRepo: envoy
+    dependencyTag: v1.31.5
+    resolvesIssue: false
+    description: >-
+      CVE-2024-53269: Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting.
+      CVE-2024-53270: HTTP/1: sending overload crashes when the request is reset beforehand
+      CVE-2024-53271: HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset
\ No newline at end of file
diff --git a/changelog/v1.31.2-patch4/bump-upload-artifact.yaml b/changelog/v1.31.5-patch1/bump-upload-artifact.yaml
similarity index 100%
rename from changelog/v1.31.2-patch4/bump-upload-artifact.yaml
rename to changelog/v1.31.5-patch1/bump-upload-artifact.yaml