diff --git a/changes/v5.0.22.en.md b/changes/v5.0.22.en.md
new file mode 100644
index 000000000..853f781cc
--- /dev/null
+++ b/changes/v5.0.22.en.md
@@ -0,0 +1,131 @@
+# v5.0.22
+
+## Enhancements
+
+- [#10077](https://github.com/emqx/emqx/pull/10077) Add support for QUIC TLS password protected certificate file.
+
+
+- [#10128](https://github.com/emqx/emqx/pull/10128) Add support for OCSP stapling for SSL MQTT listeners.
+
+- [#10164](https://github.com/emqx/emqx/pull/10164) Add CRL check support for TLS MQTT listeners.
+
+- [#10206](https://github.com/emqx/emqx/pull/10206) Decouple the query mode from the underlying call mode for buffer
+  workers.
+
+  Prior to this change, setting the query mode of a resource
+  such as a bridge to `sync` would force the buffer to call the
+  underlying connector in a synchronous way, even if it supports async
+  calls.
+
+- [#10207](https://github.com/emqx/emqx/pull/10207) Use 'label' from i18n file as 'summary' in OpenAPI spec.
+
+- [#10210](https://github.com/emqx/emqx/pull/10210) Unregister Mnesia post commit hook when Mria is being stopped.
+  This fixes hook failures occasionally occurring on stopping/restarting Mria.
+
+  [Mria PR](https://github.com/emqx/mria/pull/133)
+
+- [#10224](https://github.com/emqx/emqx/pull/10224) Add the option to customize `clusterIP` in Helm chart, so that a user may set it to a fixed IP.
+
+- [#10263](https://github.com/emqx/emqx/pull/10263) Add command 'eval-ex' for Elixir expression evaluation.
+
+- [#10278](https://github.com/emqx/emqx/pull/10278) Refactor the directory structure of all gateways.
+
+- [#10306](https://github.com/emqx/emqx/pull/10306) Add support for `async` query mode for most bridges.
+
+  Before this change, some bridges (Cassandra, MongoDB, MySQL, Postgres, Redis, RocketMQ, TDengine) were only allowed to be created with a `sync` query mode.
+
+- [#10318](https://github.com/emqx/emqx/pull/10318) Now, the rule engine language's FROM clause supports both strings enclosed in double quotes (") and single quotes (').
+
+- [#10336](https://github.com/emqx/emqx/pull/10336) Add `/rule_engine` API endpoint to manage configuration of rule engine.
+
+
+
+## Bug Fixes
+
+- [#10145](https://github.com/emqx/emqx/pull/10145) Fix `bridges` API to report error conditions for a failing bridge as
+  `status_reason`. Also when creating an alarm for a failing resource we include
+  this error condition with the alarm's message.
+
+- [#10154](https://github.com/emqx/emqx/pull/10154) Change the default `resume_interval` for bridges and connectors to be
+  the minimum of `health_check_interval` and `request_timeout / 3`.
+  Also exposes it as a hidden configuration to allow fine tuning.
+
+  Before this change, the default values for `resume_interval` meant
+  that, if a buffer ever got blocked due to resource errors or high
+  message volumes, then, by the time the buffer would try to resume its
+  normal operations, almost all requests would have timed out.
+
+- [#10172](https://github.com/emqx/emqx/pull/10172) Fix the incorrect default ACL rule, which was:
+  ```
+  {allow, {username, "^dashboard?"}, subscribe, ["$SYS/#"]}.
+  ```
+
+  However, it should use `{re, "^dashboard$"}` to perform a regular expression match:
+  ```
+  {allow, {username, {re,"^dashboard$"}}, subscribe, ["$SYS/#"]}.
+  ```
+
+- [#10174](https://github.com/emqx/emqx/pull/10174) Upgrade library `esockd` from 5.9.4 to 5.9.6.
+  Fix an unnecessary error level logging when a connection is closed before proxy protocol header is sent by the proxy.
+
+- [#10195](https://github.com/emqx/emqx/pull/10195) Add labels to API schemas where description contains HTML and breaks formatting of generated documentation otherwise.
+
+- [#10196](https://github.com/emqx/emqx/pull/10196) Use lower-case for schema summaries and descritptions to be used in menu of generated online documentation.
+
+- [#10209](https://github.com/emqx/emqx/pull/10209) Fix bug where a last will testament (LWT) message could be published
+  when kicking out a banned client.
+
+- [#10211](https://github.com/emqx/emqx/pull/10211) Hide `broker.broker_perf` config and API documents.
+  The two configs `route_lock_type` and `trie_compaction` are rarely used and requires a full cluster restart to take effect. They are not suitable for being exposed to users.
+  Detailed changes can be found here: https://gist.github.com/zmstone/01ad5754b9beaeaf3f5b86d14d49a0b7/revisions
+
+- [#10225](https://github.com/emqx/emqx/pull/10225) Allow installing a plugin if its name matches the beginning of another (already installed) plugin name.
+  For example: if plugin "emqx_plugin_template_a" is installed, it must not block installing plugin "emqx_plugin_template".
+
+- [#10226](https://github.com/emqx/emqx/pull/10226) Don't crash on validation error in `/bridges` API, return `400` instead.
+
+- [#10237](https://github.com/emqx/emqx/pull/10237) Ensure we return `404` status code for unknown node names in `/nodes/:node[/metrics|/stats]` API.
+
+- [#10242](https://github.com/emqx/emqx/pull/10242) Fixed a log data field name clash.
+  Piror to this fix, some debug logs may report a wrong Erlang PID which may affect troubleshooting session takeover issues.
+
+- [#10251](https://github.com/emqx/emqx/pull/10251) Consider bridges referenced in `FROM` rule clauses as dependencies.
+
+  Before this fix, when one tried to delete an ingress rule referenced in an action like `select * from "$bridges/mqtt:ingress"`, the UI would not trigger a warning about dependent rule actions.
+
+- [#10257](https://github.com/emqx/emqx/pull/10257) Fixed the issue where `auto_observe` was not working in LwM2M Gateway.
+
+  Before the fix, OBSERVE requests were sent without a token, causing failures
+  that LwM2M clients could not handle.
+
+  After the fix, LwM2M Gateway can correctly observe the resource list carried by
+  client, furthermore, unknown resources will be ignored and printing the following
+  warning log:
+  ```
+  2023-03-28T18:50:27.771123+08:00 [warning] msg: ignore_observer_resource, mfa: emqx_lwm2m_session:observe_object_list/3, line: 522, peername: 127.0.0.1:56830, clientid: testlwm2mclient, object_id: 31024, reason: no_xml_definition
+  ```
+
+- [#10286](https://github.com/emqx/emqx/pull/10286) Enhance logging behaviour during boot failure.
+  When EMQX fails to start due to corrupted configuration files, excessive logging is eliminated and no crash dump file is generated.
+
+- [#10297](https://github.com/emqx/emqx/pull/10297) Keeps `eval` command backward compatible with v4 by evaluating only Erlang expressions, even on Elixir node. For Elixir expressions, use `eval-ex` command.
+
+- [#10300](https://github.com/emqx/emqx/pull/10300) Fixed an issue where a build made with Elixir could not receive uploaded plugins until the `plugins` folder was created manually to receive the uploaded files.
+
+- [#10313](https://github.com/emqx/emqx/pull/10313) Ensure that when the core or replicant node starting, the `cluster-override.conf` file is only copied from the core node.
+  Previously, when sorting nodes by startup time, the core node may have copied this file from the replicant node.
+
+- [#10314](https://github.com/emqx/emqx/pull/10314) Fix /monitor_current API so that it only looks at the current node.
+  Fix /stats API to not crash when one or more nodes in the cluster are down.
+
+- [#10315](https://github.com/emqx/emqx/pull/10315) Fix crash checking `limit` and `page` parameters in `/mqtt/delayed/messages` API call.
+
+- [#10317](https://github.com/emqx/emqx/pull/10317) Do not expose listener level authentications before extensive verification.
+
+- [#10323](https://github.com/emqx/emqx/pull/10323) For security reasons, the value of the `password` field in the API examples is replaced with `******`.
+
+
+- [#10327](https://github.com/emqx/emqx/pull/10327) Don't increment 'actions.failed.unknown' rule metrics counter upon receiving unrecoverable bridge errors.
+  This counter is displayed on the dashboard's rule overview tab ('Action statistics' - 'Unknown').
+  The fix is only applicable for synchronous bridges, as all rule actions for asynchronous bridges
+  are counted as successful (they increment 'actions.success' which is displayed as 'Action statistics' - 'Success').