diff --git a/.gitignore b/.gitignore
index 7cc9e2f..f2144d9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-6e0d34e.tar.gz
-SOURCES/selinux-policy-contrib-ace9ad5.tar.gz
+SOURCES/selinux-policy-contrib-a0414e5.tar.gz
+SOURCES/selinux-policy-d554563.tar.gz
diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata
index abf1bd4..3e89a5c 100644
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@@ -1,3 +1,3 @@
-41318a338b3da94dc66956083f96432b5034460a SOURCES/container-selinux.tgz
-59412a36808077381bf02f336194b4717d1ad18b SOURCES/selinux-policy-6e0d34e.tar.gz
-0988e5766dcdc691221379775563a812e60b6247 SOURCES/selinux-policy-contrib-ace9ad5.tar.gz
+4bf5cab3e9a865485554fbc6f507629347c08eb4 SOURCES/container-selinux.tgz
+b11ad56120172ff5effe8a1022ae225056f8bb16 SOURCES/selinux-policy-contrib-a0414e5.tar.gz
+a2ed7d5c8dd587981789253f2e78faf3c617050a SOURCES/selinux-policy-d554563.tar.gz
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index e377f78..ef5dd19 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 6e0d34e9aaf5d69426eb5252ced3be24368cc186
+%global commit0 d55456395921719026dd65ab95647bdfecd56769
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 ace9ad57089bd19b42a7d9c8c6c67244b99be436
+%global commit1 a0414e5e14f6dba91dff8e4583869e7842070f13
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 81%{?dist}
+Release: 82%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -715,6 +715,30 @@ exit 0
 %endif
 
 %changelog
+* Wed Oct 20 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-82
+- Support sanlock VG automated recovery on storage access loss
+Resolves: rhbz#1985000
+- Allow proper function sosreport in sysadmin role
+Resolves: rhbz#1965251
+- Allow systemd execute user bin files
+Resolves: rhbz#1860443
+- Label /dev/crypto/nx-gzip with accelerator_device_t
+Resolves: rhbz#2011166
+- Allow ipsec_t and login_userdomain named file transition in tmpfs
+Resolves: rhbz#2001599
+- Support sanlock VG automated recovery on storage access loss
+Resolves: rhbz#1985000
+- Allow proper function sosreport via iotop
+Resolves: rhbz#1965251
+- Call pkcs_tmpfs_named_filetrans for certmonger
+Resolves: rhbz#2001599
+- Allow ibacm the net_raw and sys_rawio capabilities
+Resolves: rhbz#2010644
+- Support new PING_CHECK health checker in keepalived
+Resolves: rhbz#2010873
+- Update spamassasin policy to make working /usr/share/spamassassin/sa-update.cron script
+Resolves: rhbz#2011239
+
 * Mon Oct 04 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-81
 - Allow unconfined domains to bpf all other domains
 Resolves: rhbz#1991443