diff --git a/_service b/_service
index f137766..7797e12 100644
--- a/_service
+++ b/_service
@@ -3,7 +3,7 @@
     <param name="url">https://github.com/istio/istio</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">1.22.1</param>
+    <param name="revision">1.22.2</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">disable</param>
   </service>
@@ -16,6 +16,6 @@
     <param name="compression">gz</param>
   </service>
   <service name="go_modules" mode="manual">
-    <param name="archive">istio-1.22.1.obscpio</param>
+    <param name="archive">istio-1.22.2.obscpio</param>
   </service>
 </services>
diff --git a/istio-1.22.1.obscpio b/istio-1.22.1.obscpio
deleted file mode 100644
index 9bd5b7b..0000000
--- a/istio-1.22.1.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:84a1792aeca8c50861cfb6a9ed2c7817888718e481add6103abb86942a67a4d7
-size 34210317
diff --git a/istio-1.22.2.obscpio b/istio-1.22.2.obscpio
new file mode 100644
index 0000000..3cba03b
--- /dev/null
+++ b/istio-1.22.2.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e4ab8df04601a4078a2bb5727f9826eab39808cc1b59d9cd3424f2c85c32586b
+size 34270221
diff --git a/istio.obsinfo b/istio.obsinfo
index c954b46..a03ddf2 100644
--- a/istio.obsinfo
+++ b/istio.obsinfo
@@ -1,4 +1,4 @@
 name: istio
-version: 1.22.1
-mtime: 1717274947
-commit: a1a76b8e75f810eb6c808b04531343ae2c7b8082
+version: 1.22.2
+mtime: 1719426913
+commit: 204da5ba47f295a8dc56936333e692f6a8707649
diff --git a/istioctl.changes b/istioctl.changes
index c24a83d..6a91b3c 100644
--- a/istioctl.changes
+++ b/istioctl.changes
@@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Wed Jul  3 19:03:11 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- update to 1.22.2:
+  https://istio.io/latest/news/releases/1.22.x/announcing-1.22.2/
+  This release implements the security updates described in our
+  27th of June post, ISTIO-SECURITY-2024-005 along with bug fixes
+  to improve robustness.
+  https://istio.io/latest/news/security/istio-security-2024-005/
+  * Improved waypoint proxies to no longer run as root.
+  * Added gateways.securityContext to manifests to provide an
+    option to customize the gateway securityContext. (Issue #49549)
+  * Added a new option in ztunnel to completely disable IPv6, to
+    enable running on kernels with IPv6 disabled.
+  * Fixed an issue where istioctl analyze returned IST0162 false
+    positives. (Issue #51257)
+  * Fixed ENABLE_ENHANCED_RESOURCE_SCOPING not being part of helm
+    compatibility profiles for Istio 1.20/1.21. (Issue #51399)
+  * Fixed Kubernetes job pod IPs may not be fully unenrolled from
+    ambient despite being in a terminated state.
+  * Fixed false positives in IST0128 and IST0129 when
+    credentialName and workloadSelector were set. (Issue #51567)
+  * Fixed an issue where JWKS fetched from URIs were not updated
+    promptly when there are errors fetching other URIs. (Issue
+    #51636)
+  * Fixed an issue causing workloadSelector policies to apply to
+    the wrong namespace in ztunnel. (Issue #51556)
+  * Fixed a bug causing discoverySelectors to accidentally filter
+    out all GatewayClasses.
+  * Fixed certificate chains parsing avoid unnecessary parsing
+    errors by trimming unnecessary intermediate certificates.
+  * Fixed a bug in ambient mode causing requests at the start of a
+    Pod lifetime to be rejected with unknown source.
+  * Fixed an issue in ztunnel where some expected connection
+    terminations were reported as errors.
+  * Fixed an issue in ztunnel when connecting to a service with a
+    targetPort that exists only on a subset of pods.
+  * Fixed an issue when deleting a ServiceEntry when there are
+    duplicate hostnames across multiple ServiceEntries.
+  * Fixed an issue where ztunnel would send directly to pods when
+    connecting to a LoadBalancer IP, instead of going through the
+    LoadBalancer.
+  * Fixed an issue where ztunnel would send traffic to terminating
+    pods.
+
 -------------------------------------------------------------------
 Wed Jun  5 05:53:19 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
 
diff --git a/istioctl.spec b/istioctl.spec
index 1e6b5bc..cc388aa 100644
--- a/istioctl.spec
+++ b/istioctl.spec
@@ -19,7 +19,7 @@
 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true
 
 Name:           istioctl
-Version:        1.22.1
+Version:        1.22.2
 Release:        0
 Summary:        CLI for the istio servic mesh in Kubernetes
 License:        Apache-2.0
diff --git a/vendor.tar.gz b/vendor.tar.gz
index c6ff42f..4cd3448 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:d64781de065da9e5c16a0afb4af0ab52c642383d7ca49178f0a40e278ebf2ad8
-size 21102627
+oid sha256:dee0b08fc12bef0ed64ef5604e5b6e330286218c9615b2baa0c19f9b1adcb36f
+size 21102875