diff --git a/changelog/unreleased/issue-2202 b/changelog/unreleased/issue-2202
new file mode 100644
index 000000000..6e7543e83
--- /dev/null
+++ b/changelog/unreleased/issue-2202
@@ -0,0 +1,17 @@
+Enhancement: Add upload checksum for azure, gs, s3 and swift backends
+
+Up to now only the B2 backend and partially the Swift backend verified the
+integrity of uploaded (encrypted) files. The verification works by informing
+the backend about the expected hash of the uploaded file. This allows the
+backend to verify the upload and thereby rules out any data corruption during
+upload.
+
+We have added upload checksums for the azure, gs, s3 and swift backends.
+
+Restic can now be used to store backups in S3 buckets which have Object Lock
+enabled.
+
+https://github.com/restic/restic/issues/2202
+https://github.com/restic/restic/issues/2700
+https://github.com/restic/restic/issues/3023
+https://github.com/restic/restic/pull/3246
diff --git a/changelog/unreleased/pull-3429 b/changelog/unreleased/pull-3429
new file mode 100644
index 000000000..6c2d4abaf
--- /dev/null
+++ b/changelog/unreleased/pull-3429
@@ -0,0 +1,12 @@
+Enhancement: Verify that new or modified keys were stored correctly
+
+When adding a new key or changing the password of a key, restic just created the
+new key (and removed the old one, when changing the password). There was no
+verification that the new key was stored correctly and that it work. As the
+repository cannot be decrypted without a valid key file, this could in rare
+cases cause the repository to become inaccessible.
+
+We have added a check that the new key actually works before continuing. This
+can protect against some (rare) cases of hardware or storage problems.
+
+https://github.com/restic/restic/pull/3429