diff --git a/libunbound-devel-mini.changes b/libunbound-devel-mini.changes
index 74ba141..e7c0966 100644
--- a/libunbound-devel-mini.changes
+++ b/libunbound-devel-mini.changes
@@ -1,3 +1,83 @@
+-------------------------------------------------------------------
+Wed Dec  5 11:12:42 UTC 2018 - Michael Ströder <michael@stroeder.com>
+
+- update to 1.8.2
+
+Features
+- Add fast-server-permil and fast-server-num options.
+- Deprecate low-rtt and low-rtt-permil options.
+- Change fast-server-num default to 3.
+- Fix #4154: make ECS_MAX_TREESIZE configurable, with
+  the max-ecs-tree-size-ipv4 and max-ecs-tree-size-ipv6 options.
+- Fix #4190: Please create a "ANY" deny option, adds the option
+  deny-any: yes in unbound.conf.  This responds with an empty message
+  to queries of type ANY.
+- Fix #4126: RTT_band too low on VSAT links with 600+ms latency,
+  adds the option unknown-server-time-limit to unbound.conf that
+  can be increased to avoid the problem.
+- Add min-client-subnet-ipv6 and min-client-subnet-ipv4 options.
+- Support SO_REUSEPORT_LB in FreeBSD 12 with the so-reuseport: yes
+  option in unbound.conf.
+- Add unbound-control view_local_datas command, like local_datas.
+
+Bug Fixes
+- dnscrypt.c removed sizeof to get array bounds.
+- Fix testlock code to set noreturn on error routine.
+- Remove unused variable from contrib fastrpz/rpz.c and
+  remove unused diagnostic pragmas that themselves generate warnings
+- clang analyze test is used only when assertions are enabled.
+- Squelch EADDRNOTAVAIL errors when the interface goes away,
+  this omits 'can't assign requested address' errors unless
+  verbosity is set to a high value.
+- Set default for so-reuseport to no for FreeBSD.  It is enabled
+  by default for Linux and DragonFlyBSD.  The setting can
+  be configured in unbound.conf to override the default.
+- iana port update.
+- Squelch log of failed to tcp initiate after TCP Fastopen failure.
+- Fix #4192: unbound-control-setup generates keys not readable by
+  group.
+- check that the dnstap socket file can be opened and exists, print
+  error if not.
+- Add markdel function to ECS slabhash.
+- Limit ECS scope returned to client to the scope used for caching.
+- Fix #4191: NXDOMAIN vs SERVFAIL during dns64 PTR query.
+- Fix #4141: More randomness to rrset-roundrobin.
+- Fix #4132: Openness/closeness of RANGE intervals in rpl files.
+- remade makefile dependencies.
+- Fix #4152: Logs shows wrong time when using log-time-ascii: yes.
+- Scrub NS records from NXDOMAIN responses to stop fragmentation
+  poisoning of the cache.
+- Scrub NS records from NODATA responses as well.
+- Add patch from Jan Vcelak for pythonmod,
+  add sockaddr_storage getters, add support for query callbacks,
+  allow raw address access via comm_reply and update API documentation.
+- Removed compile warnings in pythonmod sockaddr routines.
+- With ./configure --with-pyunbound --with-pythonmodule
+  PYTHON_VERSION=3.6 or with 2.7 unbound can compile and unit tests
+  succeed for the python module.
+- pythonmod logs the python error and traceback on failure.
+- ignore debug python module for test in doxygen output.
+- review fixes for python module.
+- Fix #4209: Crash in libunbound when called from getdns.
+- auth zone zonefiles can be in a chroot, the chroot directory
+  components are removed before use.
+- Fix that empty zonefile means the zonefile is not set and not used.
+- Fix to not set GLOB_NOSORT so the unbound.conf include: files are
+  sorted and in a predictable order.
+- Fix #4193: Fix that prefetch failure does not overwrite valid cache
+  entry with SERVFAIL.
+- Fix DNS64 to not store intermediate results in cache, this avoids
+  other threads from picking up the wrong data.  The module restores
+  the previous no_cache_store setting when the the module is finished.
+- Fix #4208: 'stub-no-cache' and 'forward-no-cache' not work.
+- New and better fix for Fix #4193: Fix that prefetch failure does
+  not overwrite valid cache entry with SERVFAIL.
+- auth-zone give SERVFAIL when expired, fallback activates when
+  expired, and this is documented in the man page.
+- stat count SERVFAIL downstream auth-zone queries for expired zones.
+- Update contrib fastrpz patch for latest release.
+- Fix chroot auth-zone fix to remove chroot prefix.
+
 -------------------------------------------------------------------
 Tue Oct 16 15:01:15 UTC 2018 - Karol Babioch <kbabioch@suse.com>
 
diff --git a/libunbound-devel-mini.spec b/libunbound-devel-mini.spec
index 5bdf011..092555c 100644
--- a/libunbound-devel-mini.spec
+++ b/libunbound-devel-mini.spec
@@ -24,7 +24,7 @@
 
 #
 Name:           libunbound-devel-mini
-Version:        1.8.1
+Version:        1.8.2
 Release:        0
 #
 #
diff --git a/unbound-1.8.1.tar.gz b/unbound-1.8.1.tar.gz
deleted file mode 100644
index 19b68ba..0000000
--- a/unbound-1.8.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c362b3b9c35d1b8c1918da02cdd5528d729206c14c767add89ae95acae363c5d
-size 5610191
diff --git a/unbound-1.8.2.tar.gz b/unbound-1.8.2.tar.gz
new file mode 100644
index 0000000..f10c1d5
--- /dev/null
+++ b/unbound-1.8.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:19f2235a8936d89e7dc919bbfcef355de759f220e36bb5e1e931ac000ed04993
+size 5628920
diff --git a/unbound.changes b/unbound.changes
index 9d31de2..6fdd505 100644
--- a/unbound.changes
+++ b/unbound.changes
@@ -1,3 +1,83 @@
+-------------------------------------------------------------------
+Wed Dec  5 11:12:42 UTC 2018 - Michael Ströder <michael@stroeder.com>
+
+- update to 1.8.2
+
+Features
+- Add fast-server-permil and fast-server-num options.
+- Deprecate low-rtt and low-rtt-permil options.
+- Change fast-server-num default to 3.
+- Fix #4154: make ECS_MAX_TREESIZE configurable, with
+  the max-ecs-tree-size-ipv4 and max-ecs-tree-size-ipv6 options.
+- Fix #4190: Please create a "ANY" deny option, adds the option
+  deny-any: yes in unbound.conf.  This responds with an empty message
+  to queries of type ANY.
+- Fix #4126: RTT_band too low on VSAT links with 600+ms latency,
+  adds the option unknown-server-time-limit to unbound.conf that
+  can be increased to avoid the problem.
+- Add min-client-subnet-ipv6 and min-client-subnet-ipv4 options.
+- Support SO_REUSEPORT_LB in FreeBSD 12 with the so-reuseport: yes
+  option in unbound.conf.
+- Add unbound-control view_local_datas command, like local_datas.
+
+Bug Fixes
+- dnscrypt.c removed sizeof to get array bounds.
+- Fix testlock code to set noreturn on error routine.
+- Remove unused variable from contrib fastrpz/rpz.c and
+  remove unused diagnostic pragmas that themselves generate warnings
+- clang analyze test is used only when assertions are enabled.
+- Squelch EADDRNOTAVAIL errors when the interface goes away,
+  this omits 'can't assign requested address' errors unless
+  verbosity is set to a high value.
+- Set default for so-reuseport to no for FreeBSD.  It is enabled
+  by default for Linux and DragonFlyBSD.  The setting can
+  be configured in unbound.conf to override the default.
+- iana port update.
+- Squelch log of failed to tcp initiate after TCP Fastopen failure.
+- Fix #4192: unbound-control-setup generates keys not readable by
+  group.
+- check that the dnstap socket file can be opened and exists, print
+  error if not.
+- Add markdel function to ECS slabhash.
+- Limit ECS scope returned to client to the scope used for caching.
+- Fix #4191: NXDOMAIN vs SERVFAIL during dns64 PTR query.
+- Fix #4141: More randomness to rrset-roundrobin.
+- Fix #4132: Openness/closeness of RANGE intervals in rpl files.
+- remade makefile dependencies.
+- Fix #4152: Logs shows wrong time when using log-time-ascii: yes.
+- Scrub NS records from NXDOMAIN responses to stop fragmentation
+  poisoning of the cache.
+- Scrub NS records from NODATA responses as well.
+- Add patch from Jan Vcelak for pythonmod,
+  add sockaddr_storage getters, add support for query callbacks,
+  allow raw address access via comm_reply and update API documentation.
+- Removed compile warnings in pythonmod sockaddr routines.
+- With ./configure --with-pyunbound --with-pythonmodule
+  PYTHON_VERSION=3.6 or with 2.7 unbound can compile and unit tests
+  succeed for the python module.
+- pythonmod logs the python error and traceback on failure.
+- ignore debug python module for test in doxygen output.
+- review fixes for python module.
+- Fix #4209: Crash in libunbound when called from getdns.
+- auth zone zonefiles can be in a chroot, the chroot directory
+  components are removed before use.
+- Fix that empty zonefile means the zonefile is not set and not used.
+- Fix to not set GLOB_NOSORT so the unbound.conf include: files are
+  sorted and in a predictable order.
+- Fix #4193: Fix that prefetch failure does not overwrite valid cache
+  entry with SERVFAIL.
+- Fix DNS64 to not store intermediate results in cache, this avoids
+  other threads from picking up the wrong data.  The module restores
+  the previous no_cache_store setting when the the module is finished.
+- Fix #4208: 'stub-no-cache' and 'forward-no-cache' not work.
+- New and better fix for Fix #4193: Fix that prefetch failure does
+  not overwrite valid cache entry with SERVFAIL.
+- auth-zone give SERVFAIL when expired, fallback activates when
+  expired, and this is documented in the man page.
+- stat count SERVFAIL downstream auth-zone queries for expired zones.
+- Update contrib fastrpz patch for latest release.
+- Fix chroot auth-zone fix to remove chroot prefix.
+
 -------------------------------------------------------------------
 Tue Oct 16 17:47:13 UTC 2018 - Dirk Stoecker <opensuse@dstoecker.de>
 
diff --git a/unbound.spec b/unbound.spec
index 22939dc..459a954 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -58,7 +58,7 @@
 %endif
 
 Name:           unbound
-Version:        1.8.1
+Version:        1.8.2
 Release:        0
 #
 #