diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1ef97b890709643f6f926ce1953cb850dd36d2ec..a0755b13c4035892393ea948d103daf18c8e93a1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,19 +8,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## \[2.3.0] - Unreleased
 ### Added
 - SDK section in docs (<https://github.com/opencv/cvat/pull/4928>)
-- An env variable to enable or disable host certificate checking in CLI (<https://github.com/opencv/cvat/pull/4928>)
+- An option to enable or disable host certificate checking in CLI (<https://github.com/opencv/cvat/pull/4928>)
 - REST API tests with skeletons (<https://github.com/opencv/cvat/pull/4987>)
+- Host schema auto-detection in SDK (<https://github.com/opencv/cvat/pull/4910>)
+- Server compatibility checks in SDK (<https://github.com/opencv/cvat/pull/4935>)
 
 ### Changed
-- `api/docs`, `api/swagger`, `api/schema` endpoints now allow unauthorized access (<https://github.com/opencv/cvat/pull/4928>)
-- Datumaro version (<https://github.com/opencv/cvat/pull/4984>)
+- `api/docs`, `api/swagger`, `api/schema`, `server/about` endpoints now allow unauthorized access (<https://github.com/opencv/cvat/pull/4928>, <https://github.com/opencv/cvat/pull/4935>)
+- Datumaro version is upgraded to 0.3 (dev) (<https://github.com/opencv/cvat/pull/4984>)
+- Allowed trailing slashes in the SDK host address (<https://github.com/opencv/cvat/pull/5057>)
 - Enabled authentication via email (<https://github.com/opencv/cvat/pull/5037>)
 
 ### Deprecated
 - TDB
 
 ### Removed
-- TDB
+- The `--https` option of CLI (<https://github.com/opencv/cvat/pull/4910>)
 
 ### Fixed
 - Removed a possibly duplicated encodeURI() calls in `server-proxy.ts` to prevent doubly encoding
@@ -38,6 +41,7 @@ non-ascii paths while adding files from "Connected file share" (issue #4428)
 - Fixed task creation with non-local files via the SDK/CLI
   (<https://github.com/opencv/cvat/issues/4962>)
 - HRNET serverless function (<https://github.com/opencv/cvat/pull/4944>)
+- Invalid export of segmentation masks when the `background` label gets nonzero id (<https://github.com/opencv/cvat/pull/5056>)
 - A trailing slash in hostname does't allow SDK to send some requests
   (<https://github.com/opencv/cvat/pull/5057>)
 - Double modal export/backup a task/project (<https://github.com/opencv/cvat/pull/5075>)
diff --git a/cvat/requirements/base.txt b/cvat/requirements/base.txt
index 8cdabe0234e1d07d39e2e1a4e164c42e88193d4d..4f52cfb5807f2c40969cc94919c74071e1c2c324 100644
--- a/cvat/requirements/base.txt
+++ b/cvat/requirements/base.txt
@@ -45,7 +45,7 @@ diskcache==5.0.2
 boto3==1.17.61
 azure-storage-blob==12.13.0
 google-cloud-storage==1.42.0
-git+https://github.com/cvat-ai/datumaro.git@bac20235bd6c792b4d068a54fd3ad14be50bb26f
+git+https://github.com/cvat-ai/datumaro.git@d9f492003ac57ce9c511c3079f67861e177ff134
 urllib3>=1.26.5 # not directly required, pinned by Snyk to avoid a vulnerability
 natsort==8.0.0
 mistune>=2.0.1 # not directly required, pinned by Snyk to avoid a vulnerability