ELTS report May 2022 ========================== 1. ELA-616-1. Issued a security update for vim fixing 10 CVE and triaged 2 CVE as not-affected. 2. ELA-617-1. Issued a security update for libxml2 fixing 1 CVE. 3. Triaged open vulnerabilities for libspring-java as end-of-life after the discussion on the mailing list. 4. Front desk duties from 09.05 to 15.05.2022. I triaged amd64-microcode, libgoogle-gson-java, freetype, ldb, libarchive, lrzip, imagemagick, mutt, mysql-connector-java, openldap, python2.7, ruby2.1, ruby-nokogiri, clamav, cifs-utils, curl and redis. 5. I investigated CVE-2022-21363 in mysql-connector-java and prepared a new upstream release. During this procedure I discovered that the latest version 8.0.29 requires Java 8 and a newer version of libprotobuf-java. It is currently questionable if customers really prefer this version since it may break existing installations. I have started a discussion on the mailing list because of that.