--- NEWS-2.0.1	2022-09-08 09:49:35.488731477 -0500
+++ NEWS-2.2.0	2022-09-08 09:48:59.445314727 -0500
@@ -1,5 +1,65 @@
 GNU SASL NEWS -- History of user-visible changes.               -*- outline -*-
 
+* Noteworthy changes in release 2.2.0 (2022-09-03) [stable]
+
+** Fix build error with too old GnuTLS.
+
+** Tests: New tests/gsasl-mailutils-tls.sh.
+It performs integration checks between GNU SASL and GNU MailUtils
+imapd with TLS enabled, thereby testing TLS support in the 'gsasl'
+command line tool.
+
+** Various minor bug fixes and improvements.
+Mainly to pacify improved CI/CD checking.
+
+* Noteworthy changes in release 2.1.1 (2022-08-16) [beta]
+
+** Tests: New tests/gsasl-mailutils-gs2krb5-gssapi.sh.
+It perform integration checks between GNU SASL and GNU MailUtils imapd
+(GSSAPI and GS2-KRB5).  They can be used externally from the GNU SASL
+build environment to perform system integration tests, see
+.gitlab-ci.yml for inspiration.
+
+** Various minor bug fixes and improvements.
+Fix two crashes in 'gsasl' introduced in 2.1.0.
+
+* Noteworthy changes in release 2.1.0 (2022-08-05) [beta]
+
+** Support new "tls-exporter" channel binding.
+The "tls-exporter" channel binding is specified in RFC 9266
+<https://datatracker.ietf.org/doc/html/rfc9266>.  Now we can support
+SCRAM-*-PLUS over TLS 1.3 channels, and address some of the security
+problems with "tls-unique".
+
+The library add new callback property GSASL_CB_TLS_EXPORTER and error
+code GSASL_NO_CB_TLS_EXPORTER.  These are documented in the manual.
+
+The 'gsasl' command-line tool set it if system GnuTLS has
+GNUTLS_CB_TLS_EXPORTER, which was introduced with GnuTLS 3.7.2
+released on 2021-05-29.
+
+** SCRAM: Support for "tls-exporter".
+The SCRAM client will now query the application for
+GSASL_CB_TLS_EXPORTER before it query for GSASL_CB_TLS_UNIQUE.  Supply
+it to support TLS 1.3.  The SCRAM server will query the application
+for the channel binding type requested by the client (tls-unique or
+tls-exporter), and it is up to the application to decide what to do.
+
+** SCRAM: Fix memory leaks on incremental application usage.
+See tests/scram-incremental.c for application behaviour that trigger
+the leaks.  We run valgrind --leak-check=full to catch future
+regressions.
+
+** Tests: New tests/gsasl-dovecot-gssapi.sh & tests/gsasl-mailutils-cram.sh.
+These perform integration checks between GNU SASL and Dovecot
+(GSS-API) and GNU MailUtils imapd (CRAM-MD5, DIGEST-MD5, SCRAM-SHA-*).
+They can be used externally from the GNU SASL build environment to
+perform system integration tests, see .gitlab-ci.yml for inspiration.
+
+** API and ABI modifications.
+GSASL_CB_TLS_EXPORTER: Added.
+GSASL_NO_CB_TLS_EXPORTER: Added.
+
 * Noteworthy changes in release 2.0.1 (2022-07-15) [stable]
 
 ** Support for the libgssglue GSS-API library were added.