diff --git a/.github/scripts/release-notes-update.sh b/.github/scripts/release-notes-update.sh
new file mode 100755
index 0000000000..47adb43b90
--- /dev/null
+++ b/.github/scripts/release-notes-update.sh
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+
+set -o pipefail
+
+ROOTDIR=$(git rev-parse --show-toplevel || echo ".")
+TMPDIR=/tmp
+DEBUG=${DEBUG:-"false"}
+
+DOCS_TO_UPDATE_FOLDER=${ROOTDIR}/docs/content
+
+ usage() {
+    echo "Usage: $0 <ic_version> <helm_chart_version> <k8s_versions> <release_date>"
+    exit 1
+ }
+
+ic_version=$1
+helm_chart_version=$2
+k8s_versions=$3
+release_date=$4
+
+if [ -z "${ic_version}" ]; then
+    usage
+fi
+
+if [ -z "${helm_chart_version}" ]; then
+    usage
+fi
+
+if [ -z "${k8s_versions}" ]; then
+    usage
+fi
+
+if [ -z "${release_date}" ]; then
+    usage
+fi
+
+# update releases docs
+file_path=${DOCS_TO_UPDATE_FOLDER}/releases.md
+if [ "${DEBUG}" != "false" ]; then
+    echo "Processing ${file_path}"
+fi
+file_name=$(basename "${file_path}")
+mv "${file_path}" "${TMPDIR}/${file_name}"
+sed -e "8r ${ROOTDIR}/hack/changelog-template.txt" "${TMPDIR}/${file_name}" | sed \
+    -e "s/%%TITLE%%/## $ic_version/g" \
+    -e "s/%%IC_VERSION%%/$ic_version/g" \
+    -e "s/%%HELM_CHART_VERSION%%/$helm_chart_version/g" \
+    -e "s/%%K8S_VERSIONS%%/$k8s_versions.\n/g" \
+    -e "s/%%RELEASE_DATE%%/$release_date/g" \
+    > ${file_path}
+if [ $? -ne 0 ]; then
+    echo "ERROR: failed processing ${file_path}"
+    mv "${TMPDIR}/${file_name}" "${file_path}"
+    exit 2
+fi
diff --git a/.github/scripts/release-version-update.sh b/.github/scripts/release-version-update.sh
index 177b11f0e4..ee2ab94e3c 100755
--- a/.github/scripts/release-version-update.sh
+++ b/.github/scripts/release-version-update.sh
@@ -49,14 +49,16 @@ if [ -z "${helm_chart_version}" ]; then
 fi
 
 current_ic_version=$(yq '.appVersion' <"${HELM_CHART_PATH}/Chart.yaml")
+escaped_current_ic_version=$(printf '%s' "$current_ic_version" | sed -e 's/\./\\./g');
 current_helm_chart_version=$(yq '.version' <"${HELM_CHART_PATH}/Chart.yaml")
+escaped_current_helm_chart_version=$(printf '%s' "$current_helm_chart_version" | sed -e 's/\./\\./g');
 
 echo "Updating versions: "
 echo "ic_version: ${current_ic_version} -> ${ic_version}"
 echo "helm_chart_version: ${current_helm_chart_version} -> ${helm_chart_version}"
 
-regex_ic="s#$current_ic_version#$ic_version#g"
-regex_helm="s#$current_helm_chart_version#$helm_chart_version#g"
+regex_ic="s#$escaped_current_ic_version#$ic_version#g"
+regex_helm="s#$escaped_current_helm_chart_version#$helm_chart_version#g"
 
 mv "${HELM_CHART_PATH}/values.schema.json" "${TMPDIR}/"
 jq --arg version "${ic_version}" \
@@ -115,17 +117,3 @@ for i in ${docs_files}; do
         exit 2
     fi
 done
-
-# update releases docs
-file_path=${DOCS_TO_UPDATE_FOLDER}/releases.md
-if [ "${DEBUG}" != "false" ]; then
-    echo "Processing ${file_path}"
-fi
-file_name=$(basename "${file_path}")
-mv "${file_path}" "${TMPDIR}/${file_name}"
-cat "${TMPDIR}/${file_name}" | sed -e "8r ${ROOTDIR}/hack/changelog-template.txt" | sed -e "s/%%TITLE%%/## $ic_version/g" -e "s/%%IC_VERSION%%/$ic_version/g" -e "s/%%HELM_CHART_VERSION%%/$helm_chart_version/g" > ${file_path}
-if [ $? -ne 0 ]; then
-    echo "ERROR: failed processing ${file_path}"
-    mv "${TMPDIR}/${file_name}" "${file_path}"
-    exit 2
-fi
diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml
index 6f52340813..60ba79dd82 100644
--- a/.github/workflows/release-pr.yml
+++ b/.github/workflows/release-pr.yml
@@ -11,6 +11,14 @@ on:
         description: "Helm version to release"
         required: true
         default: "0.0.0"
+      k8s_versions:
+        description: "Kubernetes versions this release has been tested on"
+        required: true
+        default: "x.xx-x.xx"
+      release_date:
+        description: "Date for this release"
+        required: true
+        default: "%d %b %Y"
 
 defaults:
   run:
@@ -39,7 +47,9 @@ jobs:
           token: ${{ secrets.NGINX_PAT }}
 
       - name: Replace
-        run:  .github/scripts/release-version-update.sh ${{ github.event.inputs.version }} ${{ github.event.inputs.helm_version }}
+        run: |
+          .github/scripts/release-version-update.sh ${{ github.event.inputs.version }} ${{ github.event.inputs.helm_version }}
+          .github/scripts/release-notes-update.sh ${{ github.event.inputs.version }} ${{ github.event.inputs.helm_version }} "${{ github.event.inputs.k8s_versions }}" "${{ github.event.inputs.release_date }}"
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2
diff --git a/build/Dockerfile b/build/Dockerfile
index ccc65ba112..c5842d46f6 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -6,13 +6,13 @@ ARG DEBIAN_FRONTEND=noninteractive
 
 
 ############################################# Base images containing libs for Opentracing and FIPS #############################################
-FROM opentracing/nginx-opentracing:nginx-1.25.3@sha256:2e0268d3cd31fe047c2fe566f29731865b0c99cc99b579c6584b23cd3c7830ef as opentracing-lib
-FROM opentracing/nginx-opentracing:nginx-1.25.3-alpine@sha256:08ccc2c8bb28f01cb17b7619f139830b3af7950826b819b267393aefa32f23ab as alpine-opentracing-lib
+FROM opentracing/nginx-opentracing:nginx-1.25.3@sha256:2217e9fa36a2130d395a40bb051965cf64c9d10087281e301e9c0b60ce2a1a57 as opentracing-lib
+FROM opentracing/nginx-opentracing:nginx-1.25.3-alpine@sha256:37c7de3a46ca05428450b1c64bfb2a4d2f9c1835860cef427928fcf11c178f0e as alpine-opentracing-lib
 FROM ghcr.io/nginxinc/alpine-fips:0.1.1-alpine3.18@sha256:6f124002650fae697152290a14a7caa7f21884e8d78d8236c63fec2d018d721d as alpine-fips
 
 
 ############################################# Base image for Alpine #############################################
-FROM nginx:1.25.3-alpine@sha256:156d75f07c59b2fd59d3d1470631777943bb574135214f0a90c7bb82bde916da AS alpine
+FROM nginx:1.25.3-alpine@sha256:f2802c2a9d09c7aa3ace27445dfc5656ff24355da28e7b958074a0111e3fc076 AS alpine
 
 RUN --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \
 	apk add --no-cache libcap libstdc++ \
@@ -24,7 +24,7 @@ RUN --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \
 
 
 ############################################# Base image for Debian #############################################
-FROM nginx:1.25.3@sha256:8b4c32060a41e8c07e4b33c2e2695510c729314d84b2b71a1c5d7002aaf0b5ad AS debian
+FROM nginx:1.25.3@sha256:84c52dfd55c467e12ef85cad6a252c0990564f03c4850799bf41dd738738691f AS debian
 
 RUN --mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \
 	apt-get update \
@@ -208,7 +208,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
 
 
 ############################################# Base image for UBI with NGINX Plus and App Protect WAF/DoS #############################################
-FROM redhat/ubi8@sha256:23d8dfd08024fdfa34b168c297d8c74a1dc58675b02b3418925932df123b755c as ubi-plus-nap
+FROM redhat/ubi8@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac as ubi-plus-nap
 ARG NAP_MODULES
 
 RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
diff --git a/hack/changelog-template.txt b/hack/changelog-template.txt
index 604d1ae9b5..3d48f310cf 100644
--- a/hack/changelog-template.txt
+++ b/hack/changelog-template.txt
@@ -28,4 +28,4 @@ or build your own image using the %%IC_VERSION%% source code
 
 We will provide technical support for NGINX Ingress Controller on any Kubernetes platform that is currently supported by
 its provider and that passes the Kubernetes conformance tests. This release was fully tested on the following Kubernetes
-versions: x.xx-x.xx.
+versions: %%K8S_VERSIONS%%