diff --git a/ChangeLog.md b/ChangeLog.md
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,5 +1,11 @@
 See also http://pvp.haskell.org/faq
 
+0.6.2.2
+-------
+
+* Fix broken compilation of test-suite with Cabal-syntax-3.8.1.0 on Hackage
+* Huge README updates
+
 0.6.2.1
 -------
 
diff --git a/hackage-security.cabal b/hackage-security.cabal
--- a/hackage-security.cabal
+++ b/hackage-security.cabal
@@ -1,12 +1,12 @@
 cabal-version:       1.12
 name:                hackage-security
-version:             0.6.2.1
+version:             0.6.2.2
 
 synopsis:            Hackage security library
 description:         The hackage security library provides both server and
                      client utilities for securing the Hackage package server
-                     (<http://hackage.haskell.org/>).  It is based on The Update
-                     Framework (<http://theupdateframework.com/>), a set of
+                     (<https://hackage.haskell.org/>).  It is based on The Update
+                     Framework (<https://theupdateframework.com/>), a set of
                      recommendations developed by security researchers at
                      various universities in the US as well as developers on the
                      Tor project (<https://www.torproject.org/>).
@@ -29,9 +29,11 @@
 homepage:            https://github.com/haskell/hackage-security
 bug-reports:         https://github.com/haskell/hackage-security/issues
 build-type:          Simple
-tested-with:         GHC==8.10.1, GHC==8.8.3, GHC==8.6.5, GHC==8.4.4, GHC==8.2.2, GHC==8.0.2,
-                     GHC==7.10.3, GHC==7.8.4, GHC==7.6.3, GHC==7.4.2
 
+tested-with:
+  GHC==9.2.1, GHC==9.0.2,
+  GHC==8.10.7, GHC==8.8.4, GHC==8.6.5, GHC==8.4.4, GHC==8.2.2, GHC==8.0.2,
+  GHC==7.10.3, GHC==7.8.4, GHC==7.6.3, GHC==7.4.2
 
 extra-source-files:
   ChangeLog.md
@@ -115,7 +117,7 @@
                        Hackage.Security.Util.TypedEmbedded
                        MyPrelude
   -- We support ghc 7.4 (bundled with Cabal 1.14) and up
-  build-depends:       base              >= 4.5     && < 4.16,
+  build-depends:       base              >= 4.5     && < 4.17,
                        base16-bytestring >= 0.1.1   && < 1.1,
                        base64-bytestring >= 1.0     && < 1.3,
                        bytestring        >= 0.9     && < 0.12,
@@ -130,7 +132,7 @@
                        tar               >= 0.5     && < 0.6,
                        template-haskell  >= 2.7     && < 2.19,
                        time              >= 1.2     && < 1.13,
-                       transformers      >= 0.3     && < 0.6,
+                       transformers      >= 0.3     && < 0.7,
                        zlib              >= 0.5     && < 0.7,
                        -- whatever versions are bundled with ghc:
                        ghc-prim
@@ -144,15 +146,15 @@
     build-depends:     mtl        >= 2.1     && < 2.2,
                        mtl-compat >= 0.2     && < 0.3
   else
-    build-depends:     mtl        >= 2.2     && < 2.3
+    build-depends:     mtl        >= 2.2     && < 2.4
 
   if flag(lukko)
     build-depends:     lukko      >= 0.1     && < 0.2
   else
     build-depends:     base       >= 4.10
 
-  if flag(Cabal-syntax)
-    build-depends: Cabal-syntax >= 3.7 && < 3.9
+  if flag(Cabal-syntax) && impl(ghc >= 8.2)
+    build-depends: Cabal-syntax >= 3.7 && < 3.10
   else
     build-depends: Cabal        >= 1.14    && < 1.26
                              || >= 2.0     && < 2.6
@@ -260,7 +262,6 @@
   -- inherited constraints from lib:hackage-security component
   build-depends:       hackage-security,
                        base,
-                       Cabal,
                        containers,
                        bytestring,
                        network-uri,
@@ -269,8 +270,14 @@
                        time,
                        zlib
 
-  if flag(Cabal-syntax)
-    build-depends: Cabal-syntax
+  if flag(Cabal-syntax) && impl(ghc >= 8.2)
+    build-depends: Cabal        >= 3.7 && < 3.10,
+                   Cabal-syntax >= 3.7 && < 3.10
+  else
+    build-depends: Cabal        >= 1.14    && < 1.26
+                             || >= 2.0     && < 2.6
+                             || >= 3.0     && < 3.7,
+                   Cabal-syntax <  3.7
 
   -- dependencies exclusive to test-suite
   build-depends:       tasty            >= 1.2 && < 1.5,
diff --git a/src/Hackage/Security/Client.hs b/src/Hackage/Security/Client.hs
--- a/src/Hackage/Security/Client.hs
+++ b/src/Hackage/Security/Client.hs
@@ -89,7 +89,7 @@
 -- This implements the logic described in Section 5.1, "The client application",
 -- of the TUF spec. It checks which of the server metadata has changed, and
 -- downloads all changed metadata to the local cache. (Metadata here refers
--- both to the TUF security metadata as well as the Hackage packge index.)
+-- both to the TUF security metadata as well as the Hackage package index.)
 --
 -- You should pass @Nothing@ for the UTCTime _only_ under exceptional
 -- circumstances (such as when the main server is down for longer than the
diff --git a/src/Hackage/Security/Client/Formats.hs b/src/Hackage/Security/Client/Formats.hs
--- a/src/Hackage/Security/Client/Formats.hs
+++ b/src/Hackage/Security/Client/Formats.hs
@@ -51,7 +51,7 @@
 --
 -- Rather than having a general list here, we enumerate all possibilities.
 -- This means we are very precise about what we expect, and we avoid any runtime
--- errors about unexpect format definitions.
+-- errors about unexpected format definitions.
 --
 -- NOTE: If we add additional cases here (for dealing with additional formats)
 -- all calls to @error "inaccessible"@ need to be reevaluated.
diff --git a/src/Hackage/Security/Client/Repository.hs b/src/Hackage/Security/Client/Repository.hs
--- a/src/Hackage/Security/Client/Repository.hs
+++ b/src/Hackage/Security/Client/Repository.hs
@@ -181,7 +181,7 @@
     -- * Download the file from the repository and make it available at a
     --   temporary location
     -- * Use the provided file length to protect against endless data attacks.
-    --   (Repositories such as local repositories that are not suspectible to
+    --   (Repositories such as local repositories that are not susceptible to
     --   endless data attacks can safely ignore this argument.)
     -- * Move the file from its temporary location to its permanent location
     --   if verification succeeds.
diff --git a/src/Hackage/Security/Client/Repository/HttpLib.hs b/src/Hackage/Security/Client/Repository/HttpLib.hs
--- a/src/Hackage/Security/Client/Repository/HttpLib.hs
+++ b/src/Hackage/Security/Client/Repository/HttpLib.hs
@@ -45,7 +45,7 @@
     -- HTTP servers are normally expected to respond to a range request with
     -- a "206 Partial Content" response. However, servers can respond with a
     -- "200 OK" response, sending the entire file instead (for instance, this
-    -- may happen for servers that don't actually support range rqeuests, but
+    -- may happen for servers that don't actually support range requests, but
     -- for which we optimistically assumed they did). Implementations of
     -- 'HttpLib' may accept such a response and inform the @hackage-security@
     -- library that the whole file is being returned; the security library can
diff --git a/src/Hackage/Security/Key.hs b/src/Hackage/Security/Key.hs
--- a/src/Hackage/Security/Key.hs
+++ b/src/Hackage/Security/Key.hs
@@ -145,8 +145,8 @@
 -- | The key ID of a key, by definition, is the hexdigest of the SHA-256 hash of
 -- the canonical JSON form of the key where the private object key is excluded.
 --
--- NOTE: The FromJSON and ToJSON instances for KeyId are ntentially omitted. Use
--- writeKeyAsId instead.
+-- NOTE: The FromJSON and ToJSON instances for KeyId are intentionally omitted.
+-- Use writeKeyAsId instead.
 newtype KeyId = KeyId { keyIdString :: String }
   deriving (Show, Eq, Ord)
 
diff --git a/src/Hackage/Security/TUF/Header.hs b/src/Hackage/Security/TUF/Header.hs
--- a/src/Hackage/Security/TUF/Header.hs
+++ b/src/Hackage/Security/TUF/Header.hs
@@ -36,7 +36,7 @@
 -- every file update.
 --
 -- 'Show' and 'Read' instance are defined in terms of the underlying 'Int'
--- (this is use for example by hackage during the backup process).
+-- (this is used for example by Hackage during the backup process).
 newtype FileVersion = FileVersion Int54
   deriving (Eq, Ord, Typeable)
 
@@ -55,7 +55,7 @@
 newtype FileExpires = FileExpires (Maybe UTCTime)
   deriving (Eq, Ord, Show, Typeable)
 
--- | Occassionally it is useful to read only a header from a file.
+-- | Occasionally it is useful to read only a header from a file.
 --
 -- 'HeaderOnly' intentionally only has a 'FromJSON' instance (no 'ToJSON').
 data Header = Header {
diff --git a/src/Hackage/Security/TUF/Layout/Cache.hs b/src/Hackage/Security/TUF/Layout/Cache.hs
--- a/src/Hackage/Security/TUF/Layout/Cache.hs
+++ b/src/Hackage/Security/TUF/Layout/Cache.hs
@@ -15,7 +15,7 @@
 -- | Location of the various files we cache
 --
 -- Although the generic TUF algorithms do not care how we organize the cache,
--- we nonetheless specity this here because as long as there are tools which
+-- we nonetheless specify this here because as long as there are tools which
 -- access files in the cache directly we need to define the cache layout.
 -- See also comments for 'defaultCacheLayout'.
 data CacheLayout = CacheLayout {
diff --git a/src/Hackage/Security/TUF/Patterns.hs b/src/Hackage/Security/TUF/Patterns.hs
--- a/src/Hackage/Security/TUF/Patterns.hs
+++ b/src/Hackage/Security/TUF/Patterns.hs
@@ -1,7 +1,7 @@
 -- | Patterns and replacements
 --
 -- NOTE: This module was developed to prepare for proper delegation (#39).
--- It is currently unusued.
+-- It is currently unused.
 {-# LANGUAGE CPP #-}
 #if __GLASGOW_HASKELL__ >= 800
 {-# LANGUAGE DeriveLift #-}
