diff --git a/NEWS b/NEWS
index 973092cc3..a984ee386 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,55 @@
+What's new in Sudo 1.8.22
+
+ * Commands run in the background from a script run via sudo will
+   no longer receive SIGHUP when the parent exits and I/O logging
+   is enabled.  Bug #502
+
+ * A particularly offensive insult is now disabled by default.
+   Bug #804
+
+ * The description of "sudo -i" now correctly documents that
+   the "env_keep" and "env_check" sudoers options are applied to
+   the environment.  Bug #806
+
+ * Fixed a crash when the system's host name is not set.
+   Bug #807
+
+ * The sudoers2ldif script now handle #include and #includedir 
+   directives.
+
+ * Fixed a bug where sudo would silently exit when the command was
+   not allowed by sudoers and the "passwd_tries" sudoers option
+   was set to a value less than 1.
+
+ * Fixed a bug with the "listpw" and "verifypw" sudoers options and
+   multiple sudoers sources.  If the option is set to "all", a
+   password should be required unless none of a user's sudoers
+   entries from any source require authentication.
+
+ * Fixed a bug with the "listpw" and "verifypw" sudoers options in
+   the LDAP and SSSD back-ends.  If the option is set to "any", and
+   the entry contained multiple rules, only the first matching rule
+   was checked.  If an entry contained more than one matching rule
+   and the first rule required authentication but a subsequent rule
+   did not, sudo would prompt for a password when it should not have.
+
+ * When running a command as the invoking user (not root), sudo
+   would execute the command with the same group vector it was
+   started with.  Sudo now executes the command with a new group
+   vector based on the group database which is consistent with
+   how su(1) operates.
+
+ * Fixed a double free in the SSSD back-end that could occur when
+   ipa_hostname is present in sssd.conf and is set to an unqualified
+   host name.
+
+ * When I/O logging is enabled, sudo will now write to the terminal
+   even when it is a background process.  Previously, sudo would
+   only write to the tty when it was the foreground process when
+   I/O logging was enabled.  If the TOSTOP terminal flag is set,
+   sudo will suspend the command (and then itself) with the SIGTTOU
+   signal.
+
 What's new in Sudo 1.8.21p2
 
  * Fixed a bug introduced in version 1.8.21 which prevented sudo
@@ -34,7 +86,7 @@ What's new in Sudo 1.8.21p1
    playback would hang for I/O logs that contain terminal input.
 
  * Sudo 1.8.18 contained an incomplete fix for the matching of
-   entries in the LDAP and SSSD backends when a sudoRunAsGroup is
+   entries in the LDAP and SSSD back-ends when a sudoRunAsGroup is
    specified but no sudoRunAsUser is present in the sudoRole.
 
 What's new in Sudo 1.8.21
@@ -140,8 +192,8 @@ What's new in Sudo 1.8.20
    be terminated if the timeout expires.
 
  * The SELinux role and type are now displayed in the "sudo -l"
-   output for the LDAP and SSSD backends, just as they are in the
-   sudoers backend.
+   output for the LDAP and SSSD back-ends, just as they are in the
+   sudoers back-end.
 
  * A new command line option, -T, can be used to specify a command
    timeout as long as the user-specified timeout is not longer than
@@ -149,7 +201,7 @@ What's new in Sudo 1.8.20
    used when the "user_command_timeouts" flag is enabled in sudoers.
 
  * Added NOTBEFORE and NOTAFTER command options to the sudoers
-   backend similar to what is already available in the LDAP backend.
+   back-end similar to what is already available in the LDAP back-end.
 
  * Sudo can now optionally use the SHA2 functions in OpenSSL or GNU
    crypt instead of the SHA2 implementation bundled with sudo.
@@ -175,7 +227,7 @@ What's new in Sudo 1.8.20
    to env_file but its contents are subject to the same restrictions
    as variables in the invoking user's environment.
 
- * Fixed a use after free bug in the SSSD backend when the fqdn
+ * Fixed a use after free bug in the SSSD back-end when the fqdn
    sudoOption is enabled and no hostname value is present in
    /etc/sssd/sssd.conf.
 
@@ -338,7 +390,7 @@ What's new in Sudo 1.8.18
 
  * Fixed a bug where "sudo -l command" would indicate that a command
    was runnable even when denied by sudoers when using the LDAP or
-   SSSD backends.
+   SSSD back-ends.
 
  * The match_group_by_gid Defaults option has been added to allow
    sites where group name resolution is slow and where sudoers only
@@ -362,12 +414,12 @@ What's new in Sudo 1.8.18
    flag is enabled in sudoers.  Bug #757
 
  * Negated sudoHost attributes are now supported by the LDAP and
-   SSSD backends.
+   SSSD back-ends.
 
- * Fixed matching entries in the LDAP and SSSD backends when a
+ * Fixed matching entries in the LDAP and SSSD back-ends when a
    RunAsGroup is specified but no RunAsUser is present.
 
- * Fixed "sudo -l" output in the LDAP and SSSD backends when a
+ * Fixed "sudo -l" output in the LDAP and SSSD back-ends when a
    RunAsGroup is specified but no RunAsUser is present.
 
 What's new in Sudo 1.8.17p1
@@ -424,9 +476,9 @@ What's new in Sudo 1.8.17
  * Fixed a bug on AIX where the stack size hard resource limit was
    being set to 2GB instead of 4GB on 64-bit systems.
 
- * The SSSD backend now properly supports "sudo -U otheruser -l".
+ * The SSSD back-end now properly supports "sudo -U otheruser -l".
 
- * The SSSD backend now uses the value of "ipa_hostname"
+ * The SSSD back-end now uses the value of "ipa_hostname"
    from sssd.conf, if specified, when matching the host name.
 
  * Fixed a hang on some systems when the command is being run in
@@ -448,12 +500,12 @@ What's new in Sudo 1.8.16
 
  * Fixed a bug that could cause warning mail to be sent in list
    mode (sudo -l) for users without sudo privileges when the
-   LDAP and sssd backends are used.
+   LDAP and sssd back-ends are used.
 
  * Fixed a bug that prevented the "mail_no_user" option from working
-   properly with the LDAP backend.
+   properly with the LDAP back-end.
 
- * In the LDAP and sssd backends, white space is now ignored between
+ * In the LDAP and sssd back-ends, white space is now ignored between
    an operator (!, +, +=, -=) when parsing a sudoOption.
 
  * It is now possible to disable Path settings in sudo.conf
@@ -481,7 +533,7 @@ What's new in Sudo 1.8.16
    problem when a user or group of the same name exists in multiple
    auth registries.  For example, local and LDAP.
 
- * Fixed a crash in the SSSD backend when the invoking user is not
+ * Fixed a crash in the SSSD back-end when the invoking user is not
    found.  Bug #732.
 
  * Added the --enable-asan configure flag to enable address sanitizer
@@ -500,7 +552,7 @@ What's new in Sudo 1.8.16
  * Fixed support for negating character classes in sudo's version
    of the fnmatch() function.
 
- * Fixed a bug in the LDAP and SSSD backends that could allow an
+ * Fixed a bug in the LDAP and SSSD back-ends that could allow an
    unauthorized user to list another user's privileges.  Bug #738.
 
  * The PAM conversation function now works around an ambiguity in the
@@ -613,7 +665,7 @@ What's new in Sudo 1.8.14p2
 What's new in Sudo 1.8.14p1
 
  * Fixed a bug introduced in sudo 1.8.14 that prevented the sssd
-   backend from working.  Bug #703.
+   back-end from working.  Bug #703.
 
 What's new in Sudo 1.8.14
 
@@ -1522,7 +1574,7 @@ What's new in Sudo 1.8.5?
    ldap_start_tls_s() function.
 
  * The TLS_CHECKPEER parameter in ldap.conf now works when the
-   Mozilla NSS crypto backend is used with OpenLDAP.
+   Mozilla NSS crypto back-end is used with OpenLDAP.
 
  * A new group provider plugin, system_group, is included which
    performs group look ups by name using the system groups database.
diff --git a/configure b/configure
index 4146c8813..b97bf34dc 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for sudo 1.8.21p2.
+# Generated by GNU Autoconf 2.69 for sudo 1.8.22.
 #
 # Report bugs to <https://bugzilla.sudo.ws/>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.8.21p2'
-PACKAGE_STRING='sudo 1.8.21p2'
+PACKAGE_VERSION='1.8.22'
+PACKAGE_STRING='sudo 1.8.22'
 PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
 PACKAGE_URL=''
 
@@ -1539,7 +1539,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures sudo 1.8.21p2 to adapt to many kinds of systems.
+\`configure' configures sudo 1.8.22 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1604,7 +1604,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of sudo 1.8.21p2:";;
+     short | recursive ) echo "Configuration of sudo 1.8.22:";;
    esac
   cat <<\_ACEOF
 
@@ -1863,7 +1863,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-sudo configure 1.8.21p2
+sudo configure 1.8.22
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2572,7 +2572,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.8.21p2, which was
+It was created by sudo $as_me 1.8.22, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -27021,7 +27021,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by sudo $as_me 1.8.21p2, which was
+This file was extended by sudo $as_me 1.8.22, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -27087,7 +27087,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-sudo config.status 1.8.21p2
+sudo config.status 1.8.22
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index 8924782e3..69f04733a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl
 dnl Copyright (c) 1994-1996,1998-2017 Todd C. Miller <Todd.Miller@courtesan.com>
 dnl
 AC_PREREQ([2.59])
-AC_INIT([sudo], [1.8.21p2], [https://bugzilla.sudo.ws/], [sudo])
+AC_INIT([sudo], [1.8.22], [https://bugzilla.sudo.ws/], [sudo])
 AC_CONFIG_HEADER([config.h pathnames.h])
 AC_CONFIG_SRCDIR([src/sudo.c])
 dnl